Simon Willison’s Weblog

Quotations in May

Filters: Type: quotation × Month: May ×


Practical campaign security is a wood chipper for your hopes and dreams. It sits at the intersection of 19 kinds of status quo, each more odious than the last. You have to accept the fact that computers are broken, software is terrible, campaign finance is evil, the political parties are inept, the DCCC exists, politics is full of parasites, tech companies are run by arrogant man-children, and so on.

Maciej Cegłowski # 30th May 2019, 12:03 pm

Imagine if you were really into the group Swervedriver in the mid-’90s but by 2019 someone was on CNBC telling you that Swervedriver represented, I don’t know, 10 percent of global economic growth, outpacing returns in oil and lumber. That’s the tech industry.

Paul Ford # 15th May 2019, 3:44 pm

... the overall conclusion I reach is that we have so much to gain from making Django async-capable that it is worth the large amount of work it will take. I also believe, crucially, that we can undertake this change in an iterative, community-driven way that does not rely solely on one or two long-time contributors burning themselves out.

Andrew Godwin # 10th May 2019, 2 am

We don’t like limits on discrimination and lending, so we’re gonna use machine learning, which is a form of money laundering for bias, a way to blame mathematical algorithms for desires to simply avoid rules that everybody else has to play by in this industry.

Maciej Ceglowski # 8th May 2019, 11:11 pm

In one case this winter, miners from China landed their private jet at the local airport, drove a rental car to the visitor center at the Rocky Reach Dam, just north of Wenatchee, and, according to Chelan County PUD officials, politely asked to see the “dam master because we want to buy some electricity.”

Paul Roberts, Seattle Times # 27th May 2018, 4:16 pm

A traditional centralized database only needs to be written to once. A blockchain needs to be written to thousands of times. A traditional centralized database needs to only checks the data once. A blockchain needs to check the data thousands of times. A traditional centralized database needs to transmit the data for storage only once. A blockchain needs to transmit the data thousands of times. The costs of maintaining a blockchain are orders of magnitude higher and the cost needs to be justified by utility. Most applications looking for some of the properties stated earlier like consistency and reliability can get such things for a whole lot cheaper utilizing integrity checks, receipts and backups.

Jimmy Song # 24th May 2018, 2:44 pm

The test for extracting common code should not be “Are they the same right now?” but “Do they have the same reasons to change?”

Chris Ford # 24th May 2018, 2:33 pm

Google is not trying to break the web by pushing for more HTTPS. Neither is Mozilla and neither are any of the other orgs saying “Hey, it would be good if traffic wasn’t eavesdropped on or modified”. This is fixing a deficiency in the web as it has stood for years.

Troy Hunt # 22nd May 2018, 4:17 pm

The big thing I always get asked to find are dank dilapidated alleys, and New York City has, like, 5 alleys that look like that. Maybe four. You can’t film in three of them. So what it comes down to is there’s one alley left in New York, Cortlandt Alley, that everybody films in because it’s the last place. I try to stress to these directors in a polite way that New York is not a city of alleys. Boston is a city of alleys. Philadelphia has alleys. I don’t know anyone who uses the ‘old alleyway shortcut’ to go home. It doesn’t exist here. But that’s the movie you see.

Nick Carr # 21st May 2018, 12:04 am

The latest SQLite 3.8.7 alpha version is 50% faster than the 3.7.17 release from 16 months ago.  That is to say, it does 50% more work using the same number of CPU cycles. [...] The 50% faster number above is not about better query plans.  This is 50% faster at the low-level grunt work of moving bits on and off disk and search b-trees.  We have achieved this by incorporating hundreds of micro-optimizations.  Each micro-optimization might improve the performance by as little as 0.05%.  If we get one that improves performance by 0.25%, that is considered a huge win.  Each of these optimizations is unmeasurable on a real-world system (we have to use cachegrind to get repeatable run-times) but if you do enough of them, they add up.

D. Richard Hipp # 10th May 2018, 5:15 am

The synthetic voice of synthetic intelligence should sound synthetic. Successful spoofing of any kind destroys trust. When trust is gone, what remains becomes vicious fast.

Stewart Brand # 10th May 2018, 4:56 am

Somebody should write up how the early-2000s push for open standards and the Web Standards Project’s advocacy are a major factor in why Apple was able to create its enormously valuable comeback. Put another way, one of the killer moments of the first iPhone demo was Jobs saying it had the “real” web, not the “baby” web, by demonstrating the NYT homepage. That would’ve been IE-only & Windows-only if not for effective advocacy from the web standards community.

Anil Dash # 7th May 2018, 1:28 pm

The easiest way to have no-downtime upgrades is have an architecture that can tolerate some subset of their processes to be down at any time. De-SPOF and this gets easier (not that de-SPOFing is always trivial).

Ryan King # 29th May 2010, 11:36 am

Twitter is an open, real-time introduction and information service. On a daily basis we introduce millions to interesting people, trends, content, URLs, organizations, lists, companies, products and services. These introductions result in the formation of a dynamic real-time interest graph. At any given moment, the vast network of connections on Twitter paints a picture of a universe of interests. We follow those people, organizations, services, and other users that interest us, and in turn, others follow us.

Dick Costolo # 25th May 2010, 4:54 pm

With Flickr you can get out, via the API, every single piece of information you put into the system. [...] Asking people to accept anything else is sharecropping. It’s a bad deal. Flickr helped pioneer “Web 2.0″, and personal data ownership is a key piece of that vision. Just because the wider public hasn’t caught on yet to all the nuances around data access, data privacy, data ownership, and data fidelity, doesn’t mean you shouldn’t be embarrassed to be failing to deliver a quality product.

Kellan Elliott-McCrea # 18th May 2010, 6:21 pm

The answers to your Security Questions are case sensitive and cannot contain special characters like an apostrophe, or the words “insert,” “delete,” “drop,” “update,” “null,” or “select.”

Sacramento Credit Union # 14th May 2010, 12:40 am

If journalism is the first draft of history, live blogging is the first draft of journalism.

Andrew Sparrow # 10th May 2010, 4:28 pm

Want to know if your ‘HTML application’ is part of the web? Link me into it. Not just link me to it; link me into it. Not just to the black-box frontpage. Link me to a piece of content. Show me that it can be crawled, show me that we can draw strands of silk between the resources presented in your app. That is the web: The beautiful interconnection of navigable content

Ben Ward # 6th May 2010, 8:53 pm

The crisis Flash now faces is that Apple has made it clear that Flash will no longer be ubiquitous, as it won’t exist on the iPhone platform, thus turning “runs everywhere” into “runs almost everywhere.” As Web developers know, “runs almost everywhere” is a recipe for doing everything at least twice.

Rafe Colburn # 5th May 2010, 12:10 pm

Originally, however, speech recognition was going to lead to artificial intelligence. Computing pioneer Alan Turing suggested in 1950 that we “provide the machine with the best sense organs that money can buy, and then teach it to understand and speak English.” Over half a century later, artificial intelligence has become prerequisite to understanding speech. We have neither the chicken nor the egg.

Robert Fortner # 4th May 2010, 12:35 pm

iPlayer usage, for streaming, peaks about 10pm—just a little later from TV. But interestingly, iPlayer on the iPhone peaks at about midnight. So people are clearly going to bed with their iPhone and watching in bed. And we also see on the weekends, there’s a peak of Saturday and Sunday morning usage at about 8 to 10am in the morning on iPhone.

Anthony Rose # 23rd May 2009, 12:42 am

If you review your first site version and don’t feel embarrassment, you spent too much time on it.

Reid Hoffman # 21st May 2009, 9:56 pm

For the record, I’m a noted privacy freak and I don’t pretend to speak for anyone else on this topic. I know that resistance is futile. I continue to believe that there is a great divide on sensitivity about privacy—you’ve either had your identity stolen or been stalked or had some great intrusion you couldn’t fend off, or you haven’t. I’m in the former camp and it colors the way I view and think about privacy online. It makes me indescribably sad to see how clearly I and others in my camp are losing this battle.

Marc Hedlund # 13th May 2009, 8:41 am

Right now, pypy compiled with JIT can run the whole CPython test suite without crashing, which means we’re done with obvious bugs and the only ones waiting for us are really horrible.

Maciej Fijalkowski # 1st May 2009, 3:04 pm

If we see good usage, we can work with browser vendors to automatically ship these libraries. Then, if they see the URLs that we use, they could auto load the libraries, even special JIT’d ones, from their local system. Thus, no network hit at all!

Dion Almaer # 27th May 2008, 5:58 pm

Craigslist is fighting back. Its latest gimmick is phone verification. Posting in some categories now requires a callback phone call, with a password sent to the user either by voice or as an SMS message. [...] Spammers tried using their own free ringtone sites to get many users to accept the Craigslist verification call, then type in the password from the voice message. Craigslist hasn’t countered that trick yet.

John Nagle # 26th May 2008, 8:40 am

Scoble writes something—6,800 writes are kicked off, 1 for each follower. Michael Arrington replies—another 6,600 writes. Jason Calacanis jumps in—another 6,500 writes. Beyond the 19,900 writes, there’s a lot of additional overhead too. You have to hit a DB to figure out who the 19,900 followers are. [...] And here’s the kicker: that giant processing and delivery effort—possibly a combined 100K disk IOs—was caused by 3 users, each just sending one, tiny, 140 char message. How innocent it all seemed.

Isreal L'Heureux # 23rd May 2008, 7:28 pm

A McAfee spokeswoman said the company rates XSS vulnerabilities less severe than SQL injections and other types of security bugs. “Currently, the presence of an XSS vulnerability does not cause a web site to fail HackerSafe certification,” she said. “When McAfee identifies XSS, it notifies its customers and educates them about XSS vulnerabilities.”

Dan Goodin # 17th May 2008, 11:31 pm

Hey Google: any chance we can all build the social web together without requiring JavaScript?

Me # 13th May 2008, 1:49 pm

Something you had, Something you forgot, Something you were

Nick Mathewson # 13th May 2008, 8:06 am