This note does not have a description yet.
-
Long COVID
Published
-
Half of COVID-19 Survivors Had Lingering Symptoms After 1 Year
A study in China of COVID-19 survivors (median age 59) who were hospitalized found that half had a persisting symptom one year later—Long COVID. That includes shortness of breath, fatigue, and mental health issues such as anxiety depression. It also found a higher prevalence of problems with mobility and pain and discomfort than the control group.
See also:
- The increased transmissibility of the Delta variant could greatly increase the number of people with Long COVID.
- Herd immunity from the Delta variant is now out of reach so Long COVID is a certainty for many people to come.
Published
-
Cost Rica Enacted a Law to Attract Digital Nomads
The new law turns enables a tourist visa for up to one year with proof of stable income and medical insurance. This is meant to attract digital nomads to spend more time in Costa Rica and thus spend more money there.
See also:
- Remote work does not mean being a digital nomad (working from a permanent home is more likely).
- If Topeka Kansas is any indication, Costa Rica will likely have a great return on this new visa.
- Employers of remote workers are unsure they are remitting taxes correctly
Published
-
Refresh Token Rotation Detects Token Theft
When using refresh tokens to enable clients to get new access tokens one danger is that the longer-lived refresh token can be stolen and used to grant access to your application by an attacker. This is especially tricky in the browser where CSRF and XSS are commonplace.
An added layer of security is refresh token rotation where a refresh token can only be used once. If a refresh token is used more than once—a sign the refresh token was stolen—all refresh tokens in the chain are revoked automatically and the user must log in again.
Read A Critical Analysis of Refresh Token Rotation in Single-page Applications.
Published
-
Cross Site Scripting (XSS)
This note does not have a description yet.
Published
-
Cross Site Request Forgery (CSRF)
This note does not have a description yet.
Published
-
Block Old Browsers if You Use SameSite Cookies to Prevent CSRF
One way to mitigate CSRF attacks is to only allow cookies to be forwarded along with a request if they are from the same site,
SameSite=Lax
orSameSite=Strict
. However, not all browsers support this setting yet.If you are relying on this browser behavior then you need to block requests from old browsers—roughly 10% of the market. Otherwise, someone could perform a CSRF attack using an old browser.
See also:
- One way to secure web-based refresh tokens is set it in a
SameSite
cookie
Published - One way to secure web-based refresh tokens is set it in a
-
Dyatlov Pass Incident Was Caused by an Avalanche
When nine hikers were found dead under unknown circumstances on the slopes of Kholat Syakhl, many conspiracy theories sprouted up. Some involved the KGB, a secret weapons test, and even a Yeti.
In 2019 the case was reopened and a new investigation concluded that the experienced hikers died due to an avalanche. Their camp was made on a snow shelf that caused snow to crash down on them. Those that survived were unable to reach any equipment or get evacuated so they died of hypothermia.
This best explains what happened, but it’s fun to think about the other theories.
Read Mechanisms of slab avalanche release and impact in the Dyatlov Pass incident in 1959.
See also:
Published
-
The Internet Is a Disjointed Memex
The memex device imagined a lattice of information that grows and can be built on top of incrementally. The internet and hypertext are that—nearly all the world’s information is now captured in the format of the web. However, it’s disjointed which makes it largely inaccessible.
We’re not so much “surfing the web” as we are “rock climbing the web”.
A web browser is how we view the internet, but we can only access certain parts. Some information is behind logins, paywalls, or even firewalls.
The only way to query the vast internet is by a service that can ingest it in it’s entirety and index it as a service—Google. Because this is the primary way people access information, content gets created for (and subsequently mediated by) Google.
See also:
Published
-
A List of Tasks Describes Multi-Party Processes Poorly
A list of tasks to complete does not contain sufficient information to describe a multi-party process. For example, if you were to describe ‘pick up the milk’ to an extraterrestrial you might say 1) go to the store 2) buy milk 3) check out 4) go home. However, this hides the complexity of interactions.
Sticking with the example, what actually happens is that you get into the car and turn the ignition. The car turns on or not. If it doesn’t turn on then you are blocked (a terminal state). If the car turns on you drive to the store (ignoring the interactions between cars, traffic lights, etc. for brevity). Once at the store you find the milk and go to the cashier. You hand the item to them. They place it in a bag. They tell you how much to pay. You pay them. They accept the payment, they give you a receipt. You take the bag. You go to your car (repeating the process earlier) and go home.
If you were new to buying milk from the store, the checklist from the first paragraph would not help you because it hides complexity by making it seem like a single-party sequence rather than a complex set of interactions between multiple parties. It lacks context and therefore would not be repeatable.
See also:
- This is relevant when trying to outsource work and finding that the tasks are more complicated than you realize
- Reading is the transformation of a linked list of ideas into a tree
Published
-
36% of Remote Workers Are Waiting to Hear From Employers if They Must Return to the Office
In a survey conducted by LinkedIn in July 2021, they found that 36% of people currently working remotely are still waiting to hear from their employers about whether or not they will be required to return to the office.
Read More than one-third of remote workers are still waiting for their employer’s return-to-office plan.
See also:
Published
-
The Hu Line Demarcates 94% of China's Population
94% of China’s population lives to the east of the Hu Line. West of the line is mountainous and less fertile land. To the east is fertile, flat land which gets 15 inches of rainfall per year (the Hu Line follows the 15-inch isohyet).
Read What China wants.
Published
-
Protecting the North China Plain Explains Policies in China
Protecting the North China Plain is the highest priority in China’s policies both domestic and foreign. The North China Plain is where most of the population lives (the Hu Line) and is the ancestral home for the Han ethnic group. There is also a thousand years of history that includes failing to protect the heartland (e.g. Mongol invasion).
One can explain many seemingly disparate decisions by China when looking at it through this lens. Adding borders and buffers to prevent land invasions—building the Great Wall, invading Vietnam, and occupying Tibet. Preventing invasions from the sea and protecting supply lines—cracking down on Taiwan (and likely annexing it entirely) and the Belt and Road initiative (which leads to persecution of Uighurs).
Read What China Wants.
See also:
- Recent aggression towards Hong Kong and Taiwan China officials called the Sword of Damocles is explained by this protectionist framework.
Published
-
Three Successive Chairmen of Long Island's Suffok County GOP Were Klansmen
Long Island had the largest population of Ku Klux Klan members in New York State during the 1920s. Three successive chairmen of the Suffolk County GOP were Klansmen. The flagpole in front of Islip Town Hall was donated by the Islip branch of the Ladies of the Klan.
From The Power Broker.
Published
-
There Is No Differences in Metabolic Rates of Men and Women
When controlling for other factors (like age, weight, etc.) a paper found that there is no real difference between the metabolic rates of men and women.
The study also found that metabolism in women does not decrease with the onset of menopause as was previously thought.
Read What We Think We Know About Metabolism May Be Wrong from the NY Times.
See also:
Published
-
Metabolism Changes by Age
Metabolism differs primarily in four distinct stages of life. From infancy to age 1 metabolism accelerates to 50% above the rate of an adult. From age 1 to 20, metabolism slows by 3% per year. From age 20 to 60 it holds steady (although people gain an average of 1.5 lbs per year in adulthood). At age 60 there is a 20% decline in metabolic rate by age 95.
Read What We Think We Know About Metabolism May Be Wrong from the NY Times and the study Daily Energy Expenditure through the Human Life Course.
See also:
Published
-
GitHub Codespaces Is Too Cumbersome and Expensive to Replace Local Development
After trying out GitHub Codespaces for work, it’s clear that—while impressive—it is not a suitable replacement to developing locally. It’s slow to set up. It’s also very expensive.
When using Codespaces with a monorepo that uses
docker-compose
to run services (e.g. a database, frontend app, and API server) you want to have everything running so you can develop as soon as it boots. However, every Codespaces container builds the entiredocker-compose
each time which takes time for any non-trivial setup.If you try to set your
.devcontainer
to your project’sdocker-compose.yml
, Codespaces doesn’t expose the running docker services in an accessible way and you are attached to a single container with no way to switch. You can’t see logs (e.g.docker compose logs {service}
) or execute code in another container (e.g.docker compose exec {service} {command}
). You can’t change which container the Codespace is attached to so running setup or maintenance scripts is difficult.You could use the default
.devcontainer
and calldocker
from within the Codespace terminal, but then you push the build latency to after the Codespace boots and the user has to remember to call it for the set of services they need.GitHub is also working on a feature to pre-build devcontainer images, but who knows how much that will cost in storage.
Adding up the costs of using Codespaces full time shows that it’s more expensive than buying MacBook Air M1s. At the default 4 core VM at $0.36 you’re looking at roughly $1,000 per engineer per year. Not to mention and you still need to buy and maintain a work laptop.
There is an argument to be made that you save money on time spent dealing with local configuration issues. This makes sense at larger organizations, but for a small startup, probably not.
See also:
Published
-
§ What Is the Market Value of Working Remote?
We can come up with a valuation of remote work by looking at a few signals: what you would forgo, what do you gain, what others gain, and what others lose.
What you would forgo:
- American workers are willing to take a pay cut to work remote
- Google employees could face pay cuts due to working remote
- low psychosocial safety is associated with a threefold increase in risk of major depression
What you would gain:
- Not having to commute for five hours is equivalent to a 10 percent raise
- Places that will pay you to move and work remotely
What others gain:
What others lose:
- Organizational support of remote work correlates with reported productivity
- Remote work resulted in a 30% increase in hours worked and 20% decrease in productivity
- inequality of remote work
In aggregate:
- 45% of jobs can be done remotely
- 20% of US workers are expected to work from home permanently
- 84% of moves during the pandemic were within the same metro area
- remote work is not necessarily better for the environment
- Two-thirds of remote workers want to continue to work remotely
- Half of Millennials and Gen Z would consider quitting if employers don’t allow remote work
Published
-
Legitimized Client-Side Scanning
The reaction to the recent announcement that Apple would begin scanning iCloud photos for CSAM was not just because of privacy concerns, but because it legitimizes other service providers to do the same.
Read Internet of Snitches.
See also:
- In a similar way a data dividend law would undermine privacy and encourage acceptance of exploitative behavior.
- More client side scanning would contribute to more social cooling.
- If privacy is the right to be imperfect, then an internet of snitches produces more extreme value signaling.
Published
-
Google Employees Could Face Pay Cuts Due to Working Remote
In a recent article in Business Insider, a leaked pay calculator and interviews found that some employees face pay cuts if they continue to work remotely. In one example, an employee based in Stamford, CT would face a 15% pay cut unless they worked from the NYC office (1 hour commute). Former San Francisco employees could face as much as a 25% pay cut.
See also:
- American workers are willing to take a pay cut to work remote
- Not having to commute for five hours is equivalent to a 10 percent raise
- Meanwhile, some cities are paying to relocate remote workers to them
- what is the market value of working remote?
Published
-
TypeScript Records With Enum Keys Are Exhaustively Checked
In TypeScript, a
Record
type used with an enum for keys is exhaustively checked. That means if you forget an enum variant in theRecord
it’s a compile-time error.enum Status { Todo, InProgress, Done, } const StatusIcon: Record<Status, string> = { [Status.Todo]: "todo.svg", [Status.InProgress]: "in-progress.svg", [Status.Done]: "done.svg", }
See also:
- Static types make it easier to work on projects sporadically
- Exhaustiveness checking helps TypeScript pass the airplane test
Published
-
Low Psychosocial Safety Is Associated With a Threefold Increase in Risk of Major Depression
A study performed on Australian workers that looked at contributing factors to developing major depression symptoms found that low pyschosocial safety climate was associated with a threefold increase in risk of development major depression symptoms.
The study also found that long working hours (41-48 hours and greater than 55 hours worked per week) was not factor overall when removing mild cases.
Finally, that high work engagement was correlated with longer working hours (which is a factor in developing major depression symptoms).
See also:
- Remote work resulted in a 30% increase in hours so remote work could contribute to increased risk of depression.
- Working hard is required to do great work so high-effort workers are at higher risk.
- Organizational support of remote work correlates with reported productivity
Published
-
38 Percent of Remote Workers Work From Their Beds
A survey found that 38% of remote workers regularly work from their beds. 45% regularly work from the couch.
This highlights one of the challenges of remote work—having space to work. Some have roommates in a living arrangement that did not consider permanent work-from-home. Others can’t afford to move.
See also:
- This is an example of the inequality of remote work and why a work from home stipend is not enough for some workers.
- Yet two-thirds of remote workers say they want to continue to work remotely.
Published
-
We Are Close to a Collapse of the Atlantic Meridional Overturning Circulation
The Atlantic Meridional Overturning Circulation (AMOC) is a major ocean current that could be close to collapse resulting in severe climate impact (extreme weather, ocean levels rising).
The AMOC has two modes. A strong mode and a weak mode. Scientists believe they can observe early warning signs of the transition from strong to weak (the weak mode is the thing to worry about). All eight indices like sea-surface temperature and salinity data, showed that over the course of the last century, we are at a point close to a critical transition.
Read Observation-based early-warning signals for a collapse of the Atlantic Meridional Overturning Circulation published in Nature.
Published