This is something I preach often, even at FAANG. Often engineers feel comfortable and in-the-zone when solving for a process. One saying I often delivery is: Engineers often think their job is to build things. That's not the whole story, they build things for _people_.
Nobody cares what your code looks like. Nobody cares what your architecture looks like. As engineers we should worry about creating forgettable experiences (at least in enterprise). They care that it does the job well, with low load times and an easy to use UX. That's it. If you did your job right they'll forget that software helped them do their job or complete their task faster / better because the experience was so seamless they spent the entire time focused on their own goal, and not how to navigate your software to get there. How you get there is irrelevant. Now it's your job as an experienced and intelligent engineer to make quick, thoughtful decisions on how to get your product to where it needs to be so that your _customers_ can create more impact on their own business / lives faster.
Nobody cares what your code looks like. Nobody cares what your architecture
looks like.
… until it breaks. Nobody cared how the FAA NOTAM database was implemented either, until it went down. Part of being a professional engineer is thinking about these things, so your users won't have to.
Nobody cares if your warehouse is neat and clean. Your customers never go in there. They just receive orders that are shipped out of it.
But if your warehouse is a mess, if the aisles of your warehouse are blocked by crates strewn everywhere (that you've been meaning to put away for ages), then it does matter if your warehouse is neat and clean because it takes forever to maneuver your forklift in to retrieve products to ship them out. If your warehouse is disorganized, and you can't find anything when you need it, then it matters.
The real trouble, I think, is when people have reasons to choose not to keep the warehouse organized and functioning smoothly (like workers who see it as drudgery or managers who want workers working on something else) and they try to excuse it by saying, "Our customers never visit."
(I don't think the person above is doing that, incidentally. I think they're just agreeing with the keep your eyes on the prize message.)
The difference between software and most other forms of engineering is that the internals of software are invisible to everyone but the developers. A manager walks in to the warehouse you describe above and goes “what in the literal hell? No one goes home until we clean this $&@$ up!”. A machine that has been poorly designed looks like a piece crap.
Software, if the UI looks nice the massive tangled mess inside is completely invisible to customer and manager alike. Gross inefficiencies, evil hacks, everything entangled with everything? No one can see it. “Why does it take 3 months for a tiny feature?” “Technical debt”, “ok, you can have 5% of your time budget to sort that out”…
If people could really see the software, viscerally, they would approve budgets to fix it.
I suspect the information overload for any substantially large code base would be such that, non-engineers would look right past the complexity after the enthusiasm wears off.
I work with a product that sees a massive difference in use between the low end customers and the very highest end of customers. For the low end customers it doesn't matter what your architecture is at all. Could be a single small machine in a closet and it would suffice.
For our large customers it matters 100%. They are doing throughput 4 to 5 orders of magnitude higher than our most basic customers per day. They will push NAS and database performance to the limit. Every time we think "eh, no one is going to do that much" our customers come back and prove us wrong. Databases expand to billions and billions of rows. Query performance falls apart. Design decisions lead to lack of ability of horizontal scaling.
And when the systems get to this size the costs of operating the system add up quickly, and if your competitors choices lead to much lower operational costs, then expect to lose customers to them, especially as your product equalizes in capability, or at least meets their set of needs.
The risk of focusing on code and architecture too much is that it will never break. Not because it's very reliable: because you have no users.
Part of being a professional engineer is recognizing that your knowledge is always limited. No matter how much you think about these things, they will always break. Being too careful is as bad as being reckless.
Instead of trying to prevent failure, accept that it's inevitable and make sure you are fast at detecting and fixing.
Forgive me if I'm wrong about this, but it would seem to me that the FAA NOTAM system had orders of magnitude more uptime than literally any product produced by so called "professional" "engineers" at big software companies.
More than google.com? Maybe, but it's close. Also, I'd be surprised if those behind NOTAM were all "professional engineers" since software PEs are pretty rare, relatively speaking. Especially in the US.
While not wrong, everything breaks at scale. Everything. Anyone that says otherwise is just not interested in talking about where what they built will break.
And note that this is more than just scale of use. It is also scale of development. Keep adding changes to something, and it will break. Stability of application requiring stability of development is just not something we care to admit, that often.
That is, don't hide when/why something will break. But also don't get blinded looking for how to avoid all breakage. If you can, find ways to isolate failures and block off entire sections.
This is good advice. You should be aware of who you are building for. Designing your system to run on 100 containers orchestrated by Kubernetes is overkill for your average SaaS MVP, while counting on shell scripts is a recipe for disaster at FAANG scale. Scale matters.
Don't just look at the execution you are building for, but also the team that will be maintaining it. That is, there are several values for "who" that you are building for. Each will have cause for you to reach to more complicated seeming solutions, as you go.
My point on this isn't that you should write ugly, unmaintainable code because who cares. It's that, if you're an experienced and intelligent engineer, you're going to do just fine. There's no need to complicate it, get lost in analysis paralysis and so forth. I have seen top engineering teams make software that's hard to maintain with questionable performance as a _result_ of some of the things this article brings up. Often times too much engineering is just as bad as not enough.
Here is how I personally define good software engineering:
- Does it do the job?
- Is there low cognitive load in regards to following the code? (Can you jump back in the code in 6 months and get your feet quickly... AKA: Don't over-abstract).
- Is it performant?
- Can you easily make changes?
If those 4 things are true, the rest doesn't matter from my experience.
For each case like NOTAM database going down, there are tens of thousands of applications running on the web and outside the web without people obsessing about its architecture.
> Nobody cares what your code looks like. Nobody cares what your architecture looks like. As engineers we should worry about creating forgettable experiences (at least in enterprise). They care that it does the job well, with low load times and an easy to use UX. That's it.
Isn't this sneakily hiding the assumption that what your code and architecture looks like has no effect on how good/fast your product is? That's a pretty common implicit sentiment these days, especially as part of the (valid) sentiment that chasing fad languages/frameworks/tools is not a good idea. But it's pretty clearly not true in general.
I believe the author's point is that you should care about the relation between your technical decisions and actual benefits for the user. It is true that many technical people develop an appreciation for tech choices that is driven by aesthetics more than by actual impact.
That being said, caring too much about customer success also has its pitfall, businesses can be driven by the present more than by the future, and by low-impact guaranteed results more than high-impact hypothetical risks.
The article is entire about the ways that your code and architecture affects the final product. Really, there is no other thing there than the complete opposite of your complaint.
> Nobody cares what your code looks like. Nobody cares what your architecture looks like.
Do I not count as somebody? ;)
> Now it's your job as an experienced and intelligent engineer to make quick, thoughtful decisions on how to get your product to where it needs to be so that your _customers_ can create more impact on their own business / lives faster.
Quick and thoughtful are often in tension. Sometimes you really do need to take a step back and take the 10000 foot view and think about your systemic challenges. It may be worth investing in a new architecture that will allow you to iterate faster and make quicker, better decisions in the future. The first instinct should of course always be to try do the smallest thing within the limitations of the current system to deliver customer value, but there are times when you are spending so much time fighting the system, that it is a wise strategic investment to rearchitect. It takes significant maturity as a developer to recognize the difference between this type of investment and hype-driven churn.
There are always going to be the kind of developers (often quite smart and idealistic but relatively inexperienced) who are easily susceptible to hype, discover a shiny new toy and want to rewrite everything in its image. This type of developer can waste a huge amount of time, both their own and of their colleagues, engaging in fruitless technical debate.
Also, it is not just the customer who matters. You as the developer also matter. If you hate the system you are working with so much that you desperately want to rearchitect it, you either should find a way to do that or leave the project/company regardless of whether you are able to provide value for customer.
This makes perfect sense for founders/c-level people, and owners in general.
But here is the employee paradox: He may sooner or later shift his main focus from customers to his own career. So he reinvents the wheel building the next level hot js framework, start measuring his goals in Github stars and conference bookings...
This is one of the best comments ever in HN. Every engineer should understand this. Users don't care about what's behind. They care about whether it works and its easy. All the rest is irrelevant to them. We engineers tend to think 'but if this particular thing X happens in the code/stack and causes this particular problem Y, it will cause a Z% percentage problem and this will affect the user experience'. But in the end, for the overwhelming majority of the cases what ends up happening on the user side ends up being something unnoticeable to the user. Causing a lot of time to be spent for something that the users dont care about.
It feels more like we engineers use such logic of 'better code/application' to justify ourselves doing what we would like to do and build with the code than anything else that is related to the user.
This isn't an absolute. Yes, people using your thing don't care about the architecture. But developers sure do. If your system is built in COBOL, you will have a smaller pool of developers who will have an interest in working on it.
This isn’t wrong, but I also think it’s not wrong for engineers to overcorrect a bit. It’s a balance.
Pretty much every other incentive in an organization is for product. Its really easy to build things as fast and cheap as possible until you literally can’t anymore because no one understands the code.
I built telecommunications systems / software for some time. The unfortunate truth here is that telecom carriers absolutely already have everything they need to largely put a stop to it but they knowingly ignore it. It's the biggest problem in the US because because of pricing. It's expensive to run outbound campaigns in almost any other country, and very cheap in the US (fractions of a penny per minute compared to 5-10c per minute in some EU locations). Scammers need volume to make money.
The reason carriers -- from the local exchange carriers and up -- ignore it is because just a single scam operation can mean 10s of thousands of dollars in volume a month, and sometimes more. Since they have to self-report for the most part they're not very incentivized to stop it. There are a few easy to implement regulatory / technical mechanisms that could nearly axe all of it, but carriers push back hard on those regulations and they never stick.
I know from experience dealing with this that it's absolutely not ignorance that's at play on the regulatory and commercial side. It's disgusting, and as fueled with greed and red tape as you'd fear.
You've missed the legal / regulatory side of things.
Apparently this has just recently changed, but telcos are highly regulated in the US and they are legally required to execute calls placed by their customers. This means that they have to be very very sure the call should be blocked before doing so, otherwise they face legal liability. This regulatory structure means that call spamming in the US is all but legally protected.
Compare this to less-regulated email, where Gmail and other providers are free to block spam based on any reason: source ip, domain, content of the email, etc.
Are you referring to STIR/SHAKEN that is a requirement and has been/is being rolled out?
I'm not sure how much was commercial benefit vs lazyness/no incentive to solve the issue directly - the telcos aren't making a lot of money on inbound calling. It's just a problem that didn't impact them directly - only their customers.
Have to touch on this as it's a common theme to my response. There absolutely are regulations. However, regulations being in place, and the enforcement of these regulations are different. STIR/SHAKEN is a requirement, however it's an easy requirement for scammers to meet. (Numbers are super cheap to buy in bulk, pennies per month typically). Sooner or later they'll run out.
The second side of the regulation miss is that carriers have to self-report much of the time. These centers pay into the 6 figures monthly to their carriers. The carriers know exactly what kind of traffic is being sent through and many times aide these scammers in shaping the traffic to look more legit. Auto-warranty scams in the past? Huge amounts of that traffic were routed through the likes of Y-Tel and a couple others. Regulators knew this but enforcement took years to happen. It's the same right now.
Lastly is the issue of what happens once enforcement occurs? The answer is not great: The scammers change numbers and keep going. They aren't local and it's not cut and dry when it comes to continuous enforcement against foreign entities. Their carriers still support them and the fines are typically less than a month's revenue from the larger outfits (think Uber).
Better meta-data helps aide robo / scam / spam blockers. IMO, we should just shut down these carriers who knowingly aide these scammers. We know who they are, they aren't hard to find.
Isn't that basically what they did? I think the FCC authorized the disconnection of a handful of service providers, and has been aggressively sending notices to others.
The telco's complacency have trained their customers to not answer the phone thereby destroying one of their primary businesses. Gen Z and Y consider it rude to call people.
I think that was true long before robo calling was a big thing.
Since texting and even back from the AIM/IRC generation - when I was in college 20 years ago, with T9, people were already primarily were texting not calling.
This is a classic example of an unintended consequence of deregulation.
Normally we could petition our elected officials and get something done about it. But lobbyists have come to so completely dominate our legislative process that whole industries have effectively coopted the government through regulatory capture.
On top of that, they've hoodwinked half the population into thinking that regulation bad.
At this point, we can all remain hypervigilant and snoop on our grandparents and get sucked into various private industry scams like identity insurance. We can play games with switching carriers within the duopolies in our areas when they let scammers steal from us. We can project loudly on social media when someone across the world steals right from out of our bank accounts, and haggle with our credit card companies to charge it back and rip off some merchant so that we don't have to pay. This is how scams metastasize into protection rackets and authoritarianism.
Or we could like, make this all illegal and charge carriers directly when it happens. But that would cost rich people money. So rich people run propaganda campaigns to convince us that fines just get passed on to consumers. Which doesn't make any sense in a free market, where we could switch to a cheaper carrier that didn't get fined.
Once we see this from that meta level (that political controversy is rooted in misdirection and lies) it just gets so tiring to watch the same debates over and over. Maybe we need some rich people to step up and call out this nonsense (dragons give up their loot so easily). Maybe we need to organize and start some consumer unions that dictate to vendors how much we'll pay for their services until they shape up. Maybe we should get back to our geek roots and start a free peer to peer wireless network.
Huh, writing out this rant, I just had a thought. Where's the keystone in this? Political progress can't be hacked, so none of our instincts around quick fixes work. In other words, the half of the population that has the working solution has to somehow convince the other half to go along with it. That can be a long and painful process spanning decades.
So what does the other half want? What concession to them would result in getting legislation passed to solve this?
Telcos are one of the most regulated industries in existence.
And as I point out in my sibling comment, bad regulation is the reason this problem exists: because telcos are not legally able to block most spam calls. If not for this regulation, telcos would have solved spam callers long ago by blocking suspected sources of spam. (Instead, they do work-arounds like labeling them "scam likely.")
I gave you an upvote even though I'm going to disagree with you. In general, I'm very open-market and low-regulation - however in this particular case you're touching on the idea of a "common carrier," which is an important idea.
When you have one (or a small number of) providers, in a high-barrier-to-entry industry, that provides a critical service - this gives these providers enormous power over us if they were to refuse to do business with us or charge us higher rates. Think water, electric, shipping/postal, internet access, telco, etc.
What if the postal service decided to stop doing business with you, perhaps because of the offensive content of the letters you want to send? Or nobody will ship your merchandise because they don't approve of it? Or your internet provider cancels you? And what if there are a small number of them that collude on these bans, so now you can't even switch providers?
By designating certain industries as "common carriers" it prohibits them from denying service to anyone for any reason, except for particularly obvious, egregious and illegal reasons.
If you want to send out Nazi propaganda newsletters to people who have requested them - the US Postal Service will (and should, I believe) deliver them for you.
We should not allow telcos to decide who's calls to put through. This is a job for legislators and law enforcement, however imperfect those solutions are.
That sounds plausible, I can understand that carriers shouldn't filter traffic, because that goes against net neutrality. So it sounds like carriers can't block traffic at their level, but can attach metadata that the end user can block. I did a quick search on how that would work and found this info from Robokiller (no affiliation):
We’re fighting behind the scenes to get government support for better fighting robocalls. The FCC’s TRACED Act is just one piece of legislation we’re behind that will increase penalties for robocallers–but there’s far more work that needs to be done.
I realized a TL;DR of my rant after writing it:
Organized crime is stealing from members of the community and the police rarely succeed in returning stolen property. The mayor claims to be trying to help, but mostly works at reelection. Half the community wants to pass a law to fine a middleman who sees crime occurring but does little to stop it. The other half claims that the law itself facilitates the crime and wants to cancel more laws. Some people hire a watchdog to prevent the crime, and that seems to work. Others feel that if the crime affects the whole community, then a solution should be part of the commons, because vulnerable and/or impoverished members of the community would be left defenseless otherwise.
I'm in that second camp. I feel that a conservative argument here is: if I have to be bothered by every little thing because the government can't do its job to defend the community and the security of its property, then that's not a republic, it's anarchy.
Anyone claiming “deregulation” for the names sake is speaking rhetoric without knowledge. Both conservative and liberal economists agree with regulation. The most conservative of economists understand the concept of externalities. Call centers bear a clear externality. The business transaction between the telecom
Company and the caller bears a negative externality on the callee who is not a member of that transaction. Conservative economists would also agree with regulation to at least impose a cost on the transaction to reflect that externality. The problem is with policy and lobbying as you stated - write your member of congress.
To comment on a now deleted post to this comment: I’m not arguing that bad regulation doesn’t exist which can perpetuate and help continue market failures. I’m arguing that good regulation is the fix to known market failures and economists on both sides recognize that.
> The most conservative of economists understand the concept of externalities.
Even conservative economists (and for that matter, also other experts) usually aren't dumb, but I've never seen one of them act on their knowledge appropriately. They all prioritize their ideology and their donors, some of them even refuse to listen to science and facts when people die by the masses.
You are confusing economists with politicians. I can point you to many conservative economists who recommend good policy - whether or not that is implemented is a different story. Economists are advisors, not decision makers, in this context.
It may also be that they see this as a slippery slope of being responsible for moderating the content of phone calls, which is not a road I imagine carriers want to go down.
Absolutely everything: car dependency, affordable housing and healthcare, hard drugs, the environment, corporate tax evasion, energy, money laundering, immigration, good pay for nursing and teaching staff, etc.
"We can't fix X because then sector Y would suffer trillions in losses and jobs so it's best to keep the status quo and kick the can down the road."
Congress already passed the TRACED Act. The FCC is moving relatively quickly in issuing government orders (as fast as a federal agency can move). It will take years for phone companies to upgrade to signing calls with level A attestation. Right now 20% of calls are signed and that includes level B attestation (we know the number is not spoofed but not who is using it) and level C (we only know the upstream phone company). If signing is implemented it will take more time to finally cut off non-signed calls. Tracing abuse takes time. Then robocallers can not pay fines and open another LLC. Hopefully this will reach an equilibrium like email where 99% of raw email traffic is spam but spam filters make it reasonable for individuals.
So, I realize this is a big ask - but can you please write this up as a story and sent it to a major news outlet? My cynicism is already high, but I would not have suspected this of all things, that telcos would allow the elderly to be victimized to the tune of $10B to make a few pennies.
Most of the losses (in $ terms) from these scams do not involve gift cards. They involve the scammers convincing you to install some remote desktop software and emptying your bank account.
It's already illegal to send people to open bank accounts with fake IDs, but the scammers have no problem cashing out the bulk of their profits like that.
Sometimes they transfer to a cryptocurrency exchange, sometimes they go to a branch to withdraw everything. Banks don't really like either of those, so issuing checks and cashing them somewhere else is a common scheme.
Some may bounce the money through a few accounts and eventually into a business account that'll send it overseas, it depends.
The people on the ground are random replaceable idiots.
My grandmother got talked into mailing cash between the pages of a magazine. I don't really know what to say other than the format of the money doesn't matter too much, someone is going to try to scam people out of it, and the scams are going to work.
And when scammers go back to using Western Union are you going to ban that as well? When they ask a person to send them cash are you going to ban cash as well? Hell let's just ban all money to prevent this.
I want gift cards banned not because of scammers. Like pay-day loan services, gift cards are based on the fraud of profound information asymmetry. Gift cards make liquid cash worse in almost every dimension. It's tied to one supplier. It can be lost. I forgot the stats, but I'm positive billions spent on gift cards are never redeemed.
Gift cards are just slightly less evil than payday loan services. They take advantage of a (positive) human need to give, and a (negative) human need to not work hard, picking out a gift, and a (negative) need to appear to have purchased a gift when one, in fact, has not. What makes it even more evil is that because it's a gift the loss is not seen as important for the giver (they gave it away after all) or the receiver (they weren't expecting to have this thing). The burden on the receiver, to carry around this extra piece of plastic, having to remember to use it, possibly even altering your behavior to use it, makes it even more nefarious.
I don't think my position is particularly common. Certainly gift card industry fraud is low on the list of societies pressing problems. But it is a problem and one that I wish was better understood .
Yeah, how about this: when I get a gift card, I a) discount the gift about 50% based on EV and b) consider the giver kind of stupid for wasting money like this. It's like the opposite of being impressed with someone for getting a good deal. "You spent $5 and this is worth $100 to me, awesome!" versus, "You spent $25 on this and it's worth $10 to me. Yay." Everyone just fucking loses. (Like you, I am surprised at my vehemence - perhaps pg is right that writing and thinking are one and the same, and I'm just late to the epiphany that I absolutely loath gift cards. So much so I wouldn't even mind being known as "that guy who hates gift cards so much".)
Can't edit comments that old, but I feel like my first sentence was perfectly appropriate given the parents appeal to authority ("I built telecommunications systems / software for some time").
I wouldn't call that an appeal to authority? but even if it were, your comments need to follow the site guidelines regardless of what other commenters are doing. You broke them badly above.
You don't see how that's an appeal to authority, I don't see how my comment violated the site guidelines. I wasn't name-calling or swiping at anyone, I was merely refuting the parents appeal to authority.
If you tell me you don't see how "You've completely missed the mark" breaks the site guidelines, I guess I can see how that's borderline. But "you have no clue whatsoever"? That's a straightforward attack/swipe of exactly the sort you're asked not to post here!
I think you missed the point the previous poster was making: These non-US-based scams generate a ton of revenue for telcos, which is why they are not incented to stop them.
I don't know anything about it, just trying to clarify what (I think) previous poster meant.
PaybackTony literally said "It's the biggest problem in the US because because of pricing." and went on to explain how calling in EU is much more expensive. I think it's safe to assume that he just didn't think this through.
By absolute numbers, I do believe OP is correct. In Germany, we do have a problem with phone based scams as well, but since we have modern ways of transferring money (SEPA wire transfers / direct debit) and actually useful identity cards that make opening fake bank accounts for mules very difficult, almost all scams rely on personal contact instead - the most common scheme is fake policemen, where the callcenter will call elderly people and pressure them to go to their bank to draw cash, then a "policeman" shows up at the door and takes the cash.
It costs like 100 euros to buy a fake ID that'll work at any bank in Germany. This is a bizarre trope oft-repeated on HN by techies who think that banks actually verify chipped ID cards, they do not. And even if they did, they have to accept a plenty of EU IDs which do not have chips.
Google and look at how a Greek ID card looks like, it's literally a piece of paper.
> opening fake bank accounts for mules very difficult
Are you being sarcastic? https://crimemarket.is/ ctrl-f for BD, there are literally hundreds of people offering german bank accounts.
On the same forum you will find people selling Kleinanzeigen accounts, and DHL insiders creating fake tracking IDs for Kleinanzeigen scams.
> almost all scams rely on personal contact instead - the most common scheme is fake policemen, where the callcenter will call elderly people and pressure them to go to their bank to draw cash, then a "policeman" shows up at the door and takes the cash.
This isn't true at all. Those scams happen, but they're the minority. You can search for "OB Cashing" on crimemarket, that's the term of art they use for calling up grandmothers and convincing them to empty their bank accounts.
> It costs like 100 euros to buy a fake ID that'll work at any bank in Germany. This is a bizarre trope oft-repeated on HN by techies who think that banks actually verify chipped ID cards, they do not. And even if they did, they have to accept a plenty of EU IDs which do not have chips.
I'm not talking about the eID chip, that isn't verified indeed - but at least in my experience, when opening a bank account in person, they do diligent checks, for non-German cards they even have a database how different nations' ID cards should look like and what the security markings are.
Video-Ident aka holding your ID card into your webcam is indeed vulnerable, and banks like N26 got in really hot water, which forced them to ramp up their anti-fraud measures to a degree even legitimate customers got massively impacted [1].
> On the same forum you will find people selling Kleinanzeigen accounts, and DHL insiders creating fake tracking IDs for Kleinanzeigen scams.
Yes, dark markets exist. But their scale, still, is vastly lower than the US, where you have shit like virtually all Americans' information being sold online that is necessary to open lines of credit and do other kinds of fraud. Stuff like tax refund scams or SSN's being abused by illegal immigrants simply does not exist here (again: at least not at a relevant scale), because we have modern systems in place.
> This isn't true at all. Those scams happen, but they're the minority. You can search for "OB Cashing" on crimemarket, that's the term of art they use for calling up grandmothers and convincing them to empty their bank accounts.
The classic scams are the majority, and yet even these they yield the scammers only something like 13 million euros a year [2], that's laughable compared to the amount Americans lose, even if one assumes that only a tenth of the cases gets reported at all.
And again: entire classes of scams like "I got arrested and need bail money" or "I was involved in a traffic accident and need to pay the hospital cash advance for treatment" don't work here because we don't have cash bail or bills from hospitals and people know that. If you would try this scam on any European, they'd laugh you off because they know that this doesn't exist.
>but at least in my experience, when opening a bank account in person, they do diligent checks
Most banks don't even have UV lights, not that fake IDs don't usually have decent UV markings anyway. Hardly very diligent.
>for non-German cards they even have a database how different nations' ID cards should look like and what the security markings are.
As do essentially all banks in the world, doesn't save you though. Many European IDs (Romanian, Greek for example) do not have any meaningful security features, Romanian IDs can look completely different depending on which day and which city they're printed in and there's no reference guide for this.
>Video-Ident aka holding your ID card into your webcam is indeed vulnerable, and banks like N26 got in really hot water, which forced them to ramp up their anti-fraud measures to a degree even legitimate customers got massively impacted [1].
Pretty much any fake ID that'll pass Video-Ident will generally work at the bank too.
>The classic scams are the majority, and yet even these they yield the scammers only something like 13 million euros a year [2], that's laughable compared to the amount Americans lose, even if one assumes that only a tenth of the cases gets reported at all.
This is totally wrong, there are individual people running car-selling scams on mobile.de netting more than that.
>And again: entire classes of scams like "I got arrested and need bail money" or "I was involved in a traffic accident and need to pay the hospital cash advance for treatment" don't work here because we don't have cash bail or bills from hospitals and people know that. If you would try this scam on any European, they'd laugh you off because they know that this doesn't exist.
Those scams are common in the US and UK, but they only make up a small part of the $ losses. The bulk of the losses comes in the form of people losing all of their savings as their bank account is emptied.
At one point I worked on the very systems they used (dialers, PBX, internal CRMs), with the carriers that enabled it. This wasn't an opinion of mine, I was merely passing along real-world information from someone who worked in the industry (me). Many in this thread completely underestimate the volume these centers call at. We aren't talking hundreds of thousands of minutes per month per center. We're talking millions of minutes. Cost per minute is a massive cost
even at 1/6 increments. The call center we ran, that was direct marketing / support typically had telecom bills well into the 6 figures every month at the height.
Their scams are purposefully asinine. It's not profitable to spend time and effort into tricking the wise into an unwise act. It's far more profitable searching for the unwise to act in kind. So when you throw your hands up asking "Who would fall for that!?" The answer is typically: Someone who'd be willing to buy a gift card or share bank account info. This contradicts your last point that a given locale is more or less likely to be scammed given the native language.
Language barriers are a part of the issue, yes, but these centers are capable of calling and speaking a number of languages. Cost and regulation are the big factors here. Just like any other business model. I got out of the business (telecom / direct marketing saas) right when EU started raising fees and coming down on some of the bad actors. Unfortunately for the US, that meant those bad actors focused even more in the US.
Also, the scams really aren't as profitable as you'd think most of the time. They generally can't afford more than a $50 CPA at best. Again, they have to turn heavy volume to get to their target market. They also rotate "offers". You hear about the big "wins" a lot (Grandma scammed for 50k+) but those are outliers. Typically it's $20 here, $100 there. Again, volume.
>Their scams are purposefully asinine. It's not profitable to spend time and effort into tricking the wise into an unwise act. It's far more profitable searching for the unwise to act in kind. So when you throw your hands up asking "Who would fall for that!?" The answer is typically: Someone who'd be willing to buy a gift card or share bank account info. This contradicts your last point that a given locale is more or less likely to be scammed given the native language.
You're severely underestimating the success rate of these calls.
> Typically it's $20 here, $100 there. Again, volume
This is perplexing, even the gift card scams don't target such low amounts. The only logical conclusion is that we're talking about completely different kinds of scams.
The kinds of scams targeting amounts you speak of tend to be slightly less obvious ones, selling bullshit services and actually running credit cards. These operations often aren't even necessarily criminal, beyond perhaps the spammy part.
> You hear about the big "wins" a lot (Grandma scammed for 50k+) but those are outliers.
Nah, those are the bulk of this $10B figure. Tricking a grandma to install teamviewer and emptying her account isn't much of a challenge.
> You might have telco experience, but you have no clue whatsoever about the economics of these scams.
Please watch your tone and choice of words. That sentence is more focused on defaming the OP than addressing the merit of what they said.
Furthermore, saying "it makes no difference to the scammers if they're paying 10c per minute or calling for free" shows an equally clear failure to understand the economics of these scams. The vast majority of calls made by a scammer will yield nothing. They have to make numerous calls to find the one sucker who can be convinced to turn over their financial information or mail cash or do whatever needs to be done. I don't know the exact per-minute cost at which most scams become cost prohibitive, but I'm pretty sure you'd be shocked at how little it is. If it takes 2,000 calls to find one victim, and you're paying 10 cents per call, you'll spend $200 per victim. Will you make that much back, and will it be enough to offset all of the other costs involved in trolling? It depends. But it definitely makes it less appetizing than when the calls are free.
You're correct that some of the scams yield hundreds of thousands of dollars. Like I said, I knew someone to whom that happened. However, most scammers look for smaller payouts in quantity. Think of ransomware that make it look like your computer is full of viruses just so they can "sell" the uninstaller for a few hundred bucks. There are hundreds (if not thousands) of these incidents for every one incident involving a large $100K+ payout.
It makes sense, given that people are willing to act a lot more independently (without consulting others) when only a small amount is on the line, they often won't admit to these missteps out of embarrassment, AND, perhaps most importantly, it won't raise the ire of federal law enforcement enough to be concerned about things like extradition and prosecution.
> You're correct that some of the scams yield hundreds of thousands of dollars. Like I said, I knew someone to whom that happened. However, most scammers look for smaller payouts in quantity. Think of ransomware that make it look like your computer is full of viruses just so they can "sell" the uninstaller for a few hundred bucks.
Those are the exact scammers who will get you to install teamviewer/anydesk and use it to empty your bank account, with the $100 charge just working as a distraction. You can find videos showing how these scams work on youtube.
Of course lots of people won't have $100k or even $10k in their bank account, the scammers will just send those people out to buy gift cards or similar instead of wasting their drop accounts.
Even if only one in 1000 calls returns $100k, they're still averaging $100 per call.
yes, that's the one. i remember the first time reading about it and thought Klingon or Elvish would have been a better choice, but alas, i'm not a linguist
That’s kind of sad that they won’t just fix it if they can. I over hear my elderly parents give each other tips like “don’t open that email, it’s fake” and things like that.
Completely disagree here. See my comment in the main thread of this post. A startup could net anywhere from 200k/yr for a state park contract to 15m+/yr depending on the state. However, realistic cap on revenue with a healthy market share for just the park management / reservation management side is 55-75m annually.
We are actually competing but it's important to understand that companies like Booz Allen have fought (successfully much of the time) to have a number of qualifiers put in these RFP's that would prevent any start-up from being accepted. Things like "You need X years in this specific market for your proposal to be accepted". Obviously the only ones who can possibly have that are the existing vendors which virtually eliminates the possibility of fresh competition. We've successfully got a few states to change their requirements however, which is the first time that's been done in a quite some time.
The company I work for does exactly small and mid sized govt contracts, the vast majority won on bids with no shady input from us. There's tons of companies like us.
I attended the NASPD conference this last year (National Association of State Parks Directors). After a couple of us ex Vacasa / Nike / Amazon engineers heard from our local state that the industry is up for disruption we started working on product in our free time. After attending that conference they couldn't be more right.
Those running the parks hate their options, I don't see them as a crook here. The industry for park management software that fits the needs of a public land is stale. Fees for fees is normal. The process to become a vendor for a state is long and drawn out, and is riddled with red tape that was created in large part by the very same stale old vendors who've been in it the last 30 years.
After speaking with multiple states and now being in the proposal process for a number of them, hopefully we can be a step further in the right direction (think things like opening up 3rd party integrations, better bot prevention, etc).
Another thing I'd like to pass on from talking to a number of states including the national parks people: They are really trying to move in a more equitable direction when it comes to park access. They are very aware that many park experiences aren't as accessible (hard to get a reservation) to certain demographics and from my perspective they are making an effort to figure some of those things out.
Do you think part of that accessibility plan is more paved parkways too? My wife has a disability that makes walking on gravel substantially harder than paved road.
Selfishly I'd enjoy parks more if the had paved access roads, parking and parkways. One of the things I like about where I'm living right now is the Recreation district in the city made it a mission to pave parkways and everyone's better off for it.
I'm sorry about your wife, but I'm going to say that I (and quite a number of other people) are against paving public lands reserved for nature parks. I'm perfectly happy to support her using off road (powered even) bikes, wheelchairs and any other personal mobility technology that is invented or used.
But, parks are suppose to be nature, its widely accepted that what the national parks did in the early 1900's was a huge mistake, paving and placing lodges next to old faithful, the paved path in carsbad caverns (along with the cafeteria), the roads through glacier and nearly all of the other parks. The town in the middle of Yosimite valley. This was done to encourage people to "see the sights" and the results have been a disaster, not only to nature, but to the traffic and general destruction of the "sights to be seen". And IMHO paved paths are just another name for a vehicular road.
So the modern take on nature parks (vs recreational parks like you find in town, which have trails, baseball fields and swimming pools), is that the correct way to build them is to keep the cars on the borders, and build trails to the sights. Ideally single track, and most definitely permeable surface. Although, armoring, and other more natural construction methods tend to be fine as well. Most of the parks constructed since the 1970's (the few that exist) tend to follow this model. Visitors center near the road, along with the RV camping, improved camping sites, etc and the nature is accessed via natural surface trails on foot, bike or horse.
The worst (best) part is that it was only caught when they did because the attacker got greedy and tried to double dip. Would be interesting to find out how they turned a phishing attack into that.
This is a very complicated topic that seems to see a lot of conflation, as it does in this article. It's really hard for a social network to maintain a balance, especially with how many try flooding them with very hard to verify, false information from misleading sources.
On our network, our plan moving forward is to allow our users to verify their identity privately with the platform to earn an "ID Verified" badge while still maintaining an anonymous public pseudonym if they choose. The idea being that others can trust the user is a real person and not some troll (paid or otherwise) while also allowing those that wish to have it to maintain anonymity publicly.
Just to give some insight into how this anonymity becomes a problem. On our platform, I watch in real-time people / actors from outside the U.S. posing as seemingly real people in the United States and posting propaganda. Not the obviously false stuff either. Carefully crafted political BS that is meant to simply move the needle ever so slightly on the desired targets -- arguably a case where anonymity is negatively affecting democracy. There is so much to this I could probably write an entire blog on it, it's ever irritating as someone running a platform but also quite interesting.
on the flipside, like with my Facebook account, i hold and use it purely so that i can control what other people say about me and so i can stop them tagging me in photos, and i can track what information the network has on me. but I'm never going to engage on the site, and I'm sure as hell never going to speak or share my true opinions on there or ever link them to my true name. here on hacker news i try to politely limit myself to certain topics and positions.
in my country (Australia), there's some irony that i think our biggest problem with "foreign influence" isn't Russian or Chinese troll accounts, but genuine American accounts, media and American social media companies talking absolute crap and spreading the general phenomenon and quality of American politics worldwide. anonymity and Russian trolls aren't the problem when your mainstream spread so much FUD worldwide and largely serves the same purpose as those trolls but in a "legitimate" form. American media has far more reach, both in absolute power, influence and damage, than any subtle espionage agent or internet troll, and its personalities and commenters are happy to use their real names because their medium of influence is "legitimate" and they're commercially/socially rewarded for doing so. It seems, given the state of things, that the obsession with "Russian trolls and foreign actors" is prima facie absurd, and the limited influence they actually have compared to the elimination of sane discussion or valid analysis and criticism that will similarly be removed if forced to link back to real identification is something that should be considered in any cost benefit, as well as their relative effect compared to the bullshit consumerism/ partisanship/culture-war/ racist/religious/lobbyists/violent material that's seen as somehow "legitimate".
Background: I've been building a growing commercial social network. There are things about what I want to do that made that the better option for what my target market is.
With that said, I really like what Mastodon has done and as far as federated and open social networks go (ActivityPub!). It's in a class of its own IMO.
Absolutely not. I didn't want to use a comment to talk about our project and hijack the comments section, just to provide where my perspective is coming from and that even with that I like the idea and Mastodon's approach.
To be clear: No, I'm not the one who made Truth, have no part of it, and don't know anyone working on it.
I'm not familiar with Truth Social except for what I've read in the comments here. What makes you say that building this will cost a soul? How does this differ from other social networks? (Or do you believe working on Twitter/FB also cost one one's soul?). What effects do you think the builders would have?
Found that odd too. Jumping to conclusions, and moralizing based on that. Not sure what the purpose was. It lead to other users digging into the other commenter, which is somewhat creepy.
Assuming that a soul is something that lasts an infinite length of time, and you value its experience during that time, and its experience cannot benefit from money (or anything exchangeable for money) after some finite period of time, I think that no amount of money is sufficient compensation for losing ownership of your soul.
Even if you are unconcerned about your soul, morals, or ethics, tech workers at TMTG are surely ending their careers. Who would employ them after that?
Friendly reminder: if you feel passionate and excited about someone else being denied employment, or otherwise punished based on their views, you are likely being manipulated. By caring about those things you care less about demanding a better deal for yourself, and that's exactly what the media wants. USSR was built on that kind of manipulation and now it's coming here.
No, McCarthyism was an anti-communist panic in the USA. They're referring to USSR propaganda. I assure you, resentment over a better quality of life was not driving McCarthyism. Quality of life was far lower in the USSR, in addition to the fact that the Union and SSRs had more mass killings and abuses of citizens than United States by orders of magnitude:
"I have seen the future, and it works!" is nothing more than demonstrably false propaganda. See here the anarcho-communist Emma Goldman say it themselves:
Perhaps buried in these comments is this but after reading a lot of the "takeaways" many people had from this I have to say the reality is much simpler.
People (Customers, VCs, Entrepreneurs) can empathize or sympathize with stories. They can't with ideas. It's really that simple. It wasn't the outburst or the emotion. It's the story.
If your idea doesn't have a genuine story, it's not likely to end up a genuine business.
I find it odd how much people tend to move the responsibility for obtaining funding on the founders. No doubt the quality (for lack of a better word) of the founders is important. But what about VCs that are actually capable of seeing beyond a mere elevator pitch? Are there such VCs anymore? Or did it all end up as a game of selling your project/product/idea to some clueless person or fund that has the money?
>> But what about VCs that are actually capable of seeing beyond a mere elevator pitch?
I think in any communication, the "burden" of clarity is on the person with more information.
You think you see a real problem. You think you have an idea for how to solve it. You think you are the right person to execute on it. All of that state exists in your mind as a founder, and it's the reason you're standing before the VC.
The VC is experienced in getting these answers out of people because that's what they do all day. As a founder, on the "best" case scenario, you make it easy for the VC to see it. At worst case, you make it so hard that they can't "pull" it out of you despite their best effort.
If they can't get this answer out of you, why would they invest? Why would they think you "have it" when you are not showing it?
I don’t disagree on the importance of communication.
But I have to say, your message seems quite biased towards the VC. Surely not all VCs are created equal. Just as not all founders are equally capable in communicating ideas, I’m sure not all VCs are equally capable in understanding ideas.
Sure, VCs should look for good ideas that are poorly communicated. But it's no surprise that VCs would prioritize funding a good idea that is well-communicated. A founder needs to be able to communicate the value prop to other funders, customers, journalists, awards committees, etc. Being able to communicate via an elevator pitch or conversation is critically important to the success of a startup.
I had used M5 some years ago to host an online rent payment / property management app. Have nothing but positive things to say about that experience. We once had an outage that was our own fault on our single server and they had someone go in, in the middle of the night, to reboot it for us and we weren't even on an SLA.
Thank you for sharing your positive experience! We can power cycle power outlets remotely and can connect a console (ip kvm)... and we are staffed 24x7.... in case you need another server. Thanks again!
