* technically still does, but they tried to switch before they backpedaled

Meanwhile on the client side, web technologies had a lot of implicit defaults assuming pages on sites rather than apps and experiences. For example, we didn’t originally have a way for JS to preserve back/forward buttons functionality when navigating in a SPA without using hash tags in the URL. Without CSS features for it, support for RTL and LTR on the same website was basically nonexistent. I won’t even get started on charset, poorer support for dates that persists to this day, limited offline modes in a time when being offline was more common, and how browsers varied tremendously across platforms and versions back then with their own unique set of JS APIs and unique ideas of how to render webpages.

It took the original acid test and a bunch more tests that followed before we had anything close to cross browser standards for newer web features. I still remember the snowman hack to get IE to submit forms with UTF-8 encoding, and that wasn’t as bad as quirks mode or IE 5.

Actually maybe I disagree with most of this post. Don’t get me wrong, I can see how it could have been done, but it’s reductive to the extreme to say the only reason web services were jank is because UX polish didn’t exist. If anything, the web is the reason UX is so good today - apps and desktop platforms continuously copied the web for the past 28 years, from Windows ME with single-click everywhere to Spotify and other electron apps invading the OS. I’m not going to devalue the HIG or equivalent, but desktop apps tended to evolve slowly, with each new OS release, while web apps evolved quickly, with each new website needing to write its own cross platform conventions and thus needing its own design language.

Now back to the comment I’d written at first:

It does seem to be, in typical large corporation fashion, a bit too complicated to set up. For example, there are three ways to add parental supervision, including a mode where you can transition from YouTube Kids to the full YouTube experience while still preserving those controls until a child is 13: https://support.google.com/youtubekids/answer/10495678?sjid=...

That said, all it would take is an open web browser and a not signed in YouTube account for kids to bypass these controls. But I suppose that’s not actually the point - the point of channel filtering is to reduce the harm recommendation engines and spammy content might have. The gotcha is that recommendation engines are everywhere now, spammy content is pervasive, and even AI responses in Google are arguably now a source of noise to be filtered.

I will say, however, it’s great to have an ad-free family plan for YouTube. I wish you could add more accounts to it, but for now I’m getting by with YouTube brand (sub-)accounts to create separate lists of subscriptions, histories and recommendations while still staying ad-free in apps.

And tools adults might find useful, I expect kids and teens would find useful too - for example, browser extensions to customize your YouTube experience.

As long as we have an open web for e.g. YouTube, we do have independent options, if geeky enough to pursue them. :)

I figure it is the primary cause of road rage, that it can possibly bind to and release microparticulate of metals like iron and aluminum, that it can store itself not just as a solid at room temperature but also in the rubber parts of a scooter while it charges or silicone or foam parts of a CPAP as you breathe in and out (you naturally produce formaldehyde, but increased presence in your exhaled breath has been associated with cancer, for example).

It also causes insomnia and can cause very low humidity in an enclosed space, which might both increase static shocks but also possibly break electronics when combined with its effect on certain metals mentioned earlier.

I’ve an even crazier pet theory that in the presence of other VOCs and sunlight, formaldehyde can multiply, but I don’t have anything to back that up. Formaldehyde with CO2 and UVA can react to become ozone, but ozone with UVA and other VOCs can become formaldehyde. As a result, on a particularly sunny day, I think even outdoor formaldehyde levels can rise and cause the day to feel even warmer than it otherwise should, and that it’s the formaldehyde that can then cause more inattentive accidents.

I’ve another theory that if you take something on to a train with micro metal particulate offgassing and formaldehyde, that it will bind itself to the heat of the wheels over the tracks and be released along with microparticulate from the metal rails every time the train runs by.

I could give more evidence of why this might be so, such as increased rates of emergency repairs of train tracks in my area, Toronto, and a study from 2017 that says Torontos subways have the most metal particulate in NA, but since it’s just speculation right now, take everything I said with a grain of salt, please.

I should add that burning natural gas indoors without appropriate airflow is a wonderful way to introduce a lot of formaldehyde to your living quarters over the years. If I could ban all forms of combustion indoors, I would, I really would.

An interesting point about choosing to leave the workforce to care for children is that re-entry into the workforce or even the ability to work and care for children is something a social net could be established to support. If we have networks that allow army recruits to enter the workforce after their service, we could do the same for parents, but instead social nets seem to devalue the act of raising children, maybe because they are driven too much by short term profit. Taxpayers accept that too, preferring tax breaks for families with children over support networks and job opportunities to re-enter the workforce full-time. One imagines it again is about hiring those like you - managers hiring individuals who worked from home are unlikely to have worked from home - they needed the time in industry to become experienced managers.

Edit: upon rereading my last comment, it is possible that work from home norms established under covid might be the best thing to happen to stay at home parents and their continued full time employment. This could then boost the number of relatively younger parents who could continue in the workforce after mat leave while also providing child care. But it’s not a replacement for better social nets and better social norms.

Technically I think perfume, sweat and trace amounts of smoking residue, including formaldehyde, from personal belongings could probably also raise VOCs as hotels often have very, very poor airflow by design - open windows and balconies have historically encouraged smokers so they were removed, but now you can rarely find any hotels with fresh air in the rooms, and those you find often smell of cigarette smoke for obvious reasons. (Smokers will often stay at hotels with airflow or balconies and take advantage of these features when they can. Also, airing out a room will kill a scent temporarily but only cleaning the room or replacing natural textiles will permanently remove the scent when the window is closed.)

As far as I know, nobody uses separate boxes for the modem and router, that kind of thinking died when wifi became more widespread and included by default with ISP plans.

You saw that again in more modern times when Microsoft removed support for the APIs they provided to set browser defaults, forcing browser makers to write step by step instructions on what to click to set the default browser.

I believe they walked that back, but it left such a bad taste that I switched my installation of Windows from default mode to EU mode in order to avoid it. And come to think of it, I haven’t used my windows machine for much outside of AI in about 6 months.

But Microsoft is not alone in these sort of defaults games - every OS or browser maker, Apple, Google, Firefox, wants to create moats so they can more easily monetize your usage of a product. I never thought I’d prefer the business model of free to play games, where they just outright ask you for money and have to keep finding new ways to entertain instead of relying on hard to change defaults and selling your data.

But yes, non-linear by design - a 15mg dose provides 6x the medication but cannot be sold for 6x the price or people will stay on lower doses (or discontinue) rather than going to a higher dose.

Meanwhile it provides 6x the medication. One multi-use 4-week pen has enough to provide 12 weeks of doses at 4-week titration if used off-label. Obviously this is only helpful on low doses.

Important note: I am not a doctor, I don't recommend doing this - in fact, I have not done it myself and will probably not do it in future. I have seen YouTube videos of medical professionals explaining how to dose split weight loss drugs though.

I would highly recommend dose splitting the brand name drug over picking some compounding pharmacy's version of the drug, or worse, buying it off the street. It's crazy though, there are even counterfeit medications in the supply chain sometimes, for example: https://www.fda.gov/drugs/drug-safety-and-availability/fda-w...

In fact, by introducing new multi-dose versions to different regions, I'm starting to see Mounjaro prices reportedly double for some. The real kicker is that for some brands/doses the price doesn't vary whether you get more or less of the drug - so people end up asking to for a prescription to the highest dose off-label and then split the dose themselves.

For example, you can click the auto-injector pen a fewer number of clicks to measure out a smaller dose than what is normally injected by the pen, then relatively safely save it in the fridge for longer than recommended even without preservatives (some pens have and some don't).

It's frustrating when pricing decisions are made assuming insurance benefits and yet insurance isn't always available, e.g. unemployment. This thinking even applies in places that do regulate drug prices. But hey, you can always sign up for the manufacturer's discount program to get it cheaper, so, win-win right?

One imagines though that with enough clients connecting to your site you’ll end up seeing every type of incompatible client eventually.

The point I was trying to make is that removing SSL doesn’t make your site compatible and the number of incompatible clients is small compared to the number of compatible ones. Compatibility alone is not a reason to not use SSL on its own, arguably. The list of incompatibility doesn’t stop at SSL, there’a still DNS, IPv6 and so on.

SSL is usually compatible for most people - enough that it has basically become the defacto default for the web at large. Though there are still issues. CMOS batteries dying and having bad client time is one that comes to mind first, certificate chain issues too. SSL is complex, no doubt. Especially for server-side implementation to remain compatible client-side. That’s why tools like Qualys’ exist in the first place!

I'm not saying SSL isn't complicated, it absolutely is. And building on top of it for newer HTTP standards has its pros and cons. Arguably though, a "simple" checkbox is all you would need to support multiple types of SSL with a CDN. Picking how much security you need is then left to an exercise to the reader.

... that said, is weak SSL better than "no SSL"? The lock icon appearing on older clients that aren't up to date is misleading, but then many older clients didn't mark non-SSL pages as insecure either, so there are tradeoffs either way. But enabling SSL by default doesn't have to exclude clients necessarily. As long as they can set the time correctly on the client, of course.

I've intentionally not mentioned expiring root CAs, as that's definitely an inherent problem to the design of SSL and requires system or browser patching to fix. Likewise https://github.com/cabforum/servercert/pull/553 highlights that some browsers are very much encouraging frequent expiry and renewal of SSL certificates, but that's a system administration problem, not technically a client or server version problem.

As an end user who tries to stay up to date, I've just downloaded recent copies of Firefox on older devices to get an updated list of SSL certificates.

My problem with older devices tends to be poor compatibility with IPv6 (an addon in XP SP2/SP3 not enabled by default), and that web developers tend to use very modern CSS and web graphics that aren't supported on legacy clients. On top of that, you've HTML5 form elements, what displays when responsive layouts aren't available (how big is the font?), etc.

Don't get me wrong, I love the idea of backwards compatibility but it's a lot more work for website authors to test pages in older or obscure browsers and fix the issues they see. Likewise, with SSL you can test on a legacy system to see how it works or run Qualys SSL checker, for example. Browsers maintain forwards-compatibilty but only to a point (see ActiveX, Flash in some contexts, Java in many places, the tag, framesets, etc.)

So ultimately compatibility is a choice authors make based on how much time they put into testing for it. It is not a given, even if you use a subset of features. Try using Unicode on an early browser, for example. I still remember the rails snowman trick to get IE to behave correctly.

And come to think of it, actually, credit scores can be gamed. It's well known that when companies and territories get credit scores they are largely a con game, as in based on the conifdence the raters have on your future performance, and not objective reality.

Likewise, credit scores can be juiced and tools exist to help you improve them and track them. But a bad credit score doesn't always mean fiscal mismanagement. It could be loans from a predatory lender or due to a medical expense or something completely outside the context the credit check is to be used for. Credit scores tell you if someone has lots of money first, and if they are smart with their money second. People with financial means often have good credit scores but can be as likely to default if their circumstances change. Perhaps more likely if the amounts of money at play are greater. People got those subprime mortgages with great credit scores, somehow.

So... Yeah, credit scores for loans are a form of outsourcing of responsibilities. But the point is somewhat well taken. The equivalent in hiring to a credit score isn't to ask banks but to do reference checks and ask a network or former manager about a hire.

Credit scores can easily be discriminatory as much as criminal charges (without due process, at least) and other unfair systems. We just normalize it because it works for most people. We poke fun at it when other countries try to come up with e.g. a social credit score, though.

There is a small risk in that the service replies to requests on the port, though, as replies get more complicated to mimic services, you run the risk of an attacked exploiting the system making the replies. Another way of putting it, this attempts to run a server that responds to incoming requests on every port, in a way that mimics what might run on each port. If so, it technically opens up an attack surface on every port because an attacker can feed it requests but the trade-off is that it runs in user mode and could be granted nil permissions or put on a honeypot machine that is disconnected from anything useful and heavily tripwired for unusual activity. And the approach of hardcoding a response to each port to make it appear open is itself a very simple activity, so the attack surface introduced is minimal while the utility of port scanning is greatly reduced. The more you fake out the scanning by behaving realistically to inputs, the greater the attack surface to exploit, though.

And port scanning can trigger false postives in network security scans which can then lead to having to explain why the servers are configured this way and that some ports that should always be closed due to vulnerability are open but not processing requests, so they can be ignored, etc.