We had 10 years+ plus of having products like Facebook, Twitter, YouTube, hell even LinkedIn with a basic content model of "you build your own graph of people who you pull content from" and their job was to show it to you and puts ads in there to fund the whole enterprise. If I decided to follow harmful content? That was a pact between me and the content creator, and YouTube was nothing more than a pipe the content flowed through. They were able to build multi-billion dollar businesses off of this. That's really important, this was enormously profitable. But then the problem happened that people's graphs weren't interesting enough, and sometimes they'd go on the thing and there were no new posts from people they followed, and this was leaving money on the table. So they took care of that problem by handing over control of the feed to the reward function.

More accurately, especially for Meta products: they completely took control away from you. You didn't even have the option to retain the old, chronological social graph feed anymore. And it was ludicrously profitable. So now the laws of capitalism dictate that everyone else has to follow suit. I now have extensions on my browser for Instagram and YouTube to disable content from anything I don't follow - because I still find these apps useful for that one original purpose they had when they blew up and became mainstream. Why are these browser extensions? Why can't I choose to not see this stuff in their apps? That's the major regulation hole that led to this lawsuit, imo.

It's the same thing you see with people blaming smartphones for brainrot. We've had 15 to 20 years of smartphones with more or less the same capabilities as they have today and for the vast majority of that time my phone didn't make books less interesting or make me struggle to do chores or manage my time. For a full decade or more I saw my phone as a net positive in my life, was proud to work for Twitter and generally saw technology like the Louis CK bit about the miracle of using a smartphone connected to WiFI on an airplane. But in the last five years or so, things have noticeably and increasingly gone to shit. Brainrot is a thing. All my real life friends who are the opposite of terminally online or technical are talking about it. I don't use TikTok but it seems like that is absolutely annihilating attention spans. The topic of conversation over drinks is how we've collectively self-diagnosed with ADHD and struggle with all kinds of executive function.. but also are old enough to remember a time when none of this existed. Complete normies are reading Dopamine Nation and listening to Andrew Huberman trying to free themselves.

I don't know what the exact solution is, but there's at least a simpler time we can point to when we all had smartphones and we were all connected via platforms and we all posted and consumed stupid pictures of each other and it wasn't.... _this_.

I'd add one additional layer: it's not just that the algorithm picks what you see, it's that the entire UX is built around keeping you in the loop. On YouTube Kids, even with autoplay off, the end-of-episode screen shows a grid of recommended videos. My toddler doesn't care about "the algorithm" in any abstract sense. He just sees more fire truck videos and wants the next one. The transition out of the app is designed to fail.

Your point about smartphones not being the problem is key. I was at Google during the era you're describing, when the phone was a net positive. The hardware didn't change. The business model did.

We're looking for engineers to come work on Twitter's Cloud Platform team in downtown San Francisco. All of Twitter's stateless services run on our platform, and this means we need to support hundreds of thousands of tasks running across tens of thousands of machines (and growing every day!).

Our platform is almost entirely open sourced via Apache Mesos and Apache Aurora, and we're looking to push on and improve the efficiency, usability and reliability of our platform at our unique scale.

We have the following technologies on our team:

* Mesos - C++ - Isolation and resource management (https://github.com/apache/mesos)

* Aurora - Java - Service scheduler. (https://github.com/apache/aurora)

* Workflows - Scala/ReactJS - our internal Continuous Delivery platform

* Analytics Pipeline - Scala/Python - our data pipeline to feed back to users to help them make smarter decisions about how they use our platform.

* Operations - Python/Go/Puppet/etc. - The tooling we use to do all of this with a pretty painless oncall and only two SREs.

As you can imagine, it's a great team for an experienced generalist who enjoys all parts of building a product, but we also have problems that a specialist in any of these areas would have a field day with.

We're mostly looking for candidates who have at least a couple years experience designing (and implementing) complex systems in a team environment, as well as candidates excited about this space.

If this interests you at all or you'd like more information on the work we're doing, our roadmap or any other questions, please get in touch at dm@twitter.com

I guess they are not $200k Mercedes, however.

We're looking for engineers to come work on Twitter's Cloud Platform team. The majority of this work revolves around developing Apache Mesos[1] and Aurora[2].

Aside from the constant challenge of making sure our platform can scale with the company (we have the largest Mesos clusters in the world), Twitter is in an exciting stage where efficiency (and thus hard performance problems) are becoming more and more important.

Because most of our platform is open sourced, contributions you make on this team will also be felt across a huge number of companies in the community. Mesos is used at companies like Apple and Netflix and Aurora adopters include Paypal, Uber and Electronic Arts. Twitter's commitment to OSS as well as our unique position in terms of platform size gives us a huge opportunity to lead development of key features.

One of my favorite things about working on this team for the last few years has been that I get to touch literally every part of the stack. It's a constant learning process. Mesos is written in C++ and is very heavy on systems, Aurora is on the JVM, much of our developer tooling and automation is in Python, and then we also have a product layer and other tooling that are written in a modern JS stack (React/redux/etc.). So no matter your interests, you can make a huge impact here.

From a product point of view - trying to keep thousands of developers happy and productive in the face of constant comparisons to public offerings like Heroku and AWS, as well as other platforms like Kubernetes, Docker Swarm, etc. is also a huge (but fun) challenge. So if you're a product-focused engineer, this is also a great opportunity.

We have a great team that's based in SF and within six months will be completely onsite. So we're not looking for remote workers right now.

If this interests you at all or you'd like more information, please get in touch at dm@twitter.com for my work e-mail or david@dmclaughlin.com for my personal e-mail.

[1] - http://mesos.apache.org/ [2] - http://aurora.apache.org/

My team is working on monitoring and alerting for all of the different services at Twitter. Zipkin (https://github.com/twitter/zipkin/) is an example of the kinds of tools our team is building right now. The two central components are a dashboard/charting monitoring service as well as our own alerting system.

Most of our infrastructure challenges stem from the sheer number of writes we need to deal with as well as the temporal nature of what we're doing - all of our writes need to happen within certain time periods and reads have to be consistent within certain time-frames to avoid engineers being woken up at 4am due to incorrect data from a dirty read. Given that we're the service which observes all the other critical components - our reliability requirements are also a huge challenge.

The product challenge on this team is making sense of a whole lot of data. So there is a lot of cutting-edge data visualisation work. You have certain services running on thousands of nodes and teams want to use our product to quickly find outliers and scan their dashboards with key metrics. This means you have potentially thousands of timeseries with thousands of data points on the screen at the same time. This is a JavaScript gig where you get to think about algorithms and performance on a daily basis. We're also an internal tool, so we have the option of targeting cutting edge, modern browser features. In reality it means 90% of your time is working on cool stuff and not on getting IE to work.

I think the biggest benefit of working on our product team is that you a level of autonomy which is hard to find on a user-facing product. So if you're the creative type who doesn't want to be micro-managed or told where to push those pixels, I think this is a really good gig.

Right now we're looking for experienced engineers for both infrastructure and product. Our infrastructure is JVM-based and written in Scala, with some Python. Our product is written in JavaScript and we have some Ruby to deal with. Knowledge of these platforms is beneficial, but solid experience and passion for this problem domain is even better.

A systems position: https://twitter.com/jobs/positions?jvi=ospeWfwL,Job A dataviz position: https://twitter.com/jobs/positions?jvi=og12VfwY,Job

The dataviz position doesn't accurately reflect the open rec we have for my team, so don't worry if you don't match the skills exactly.

I work on both infrastructure and product for the positions I described, so if you're interested you can send your resume to me directly at david @ dmclaughlin.com to speed up the process.

Also - we're hiring across the board at Twitter so also take a look at all open positions here: https://twitter.com/jobs

The number of operations and suffering he had to endure still lives with me to this day and I could see why any doctor would choose not to go through this if they had to see such futile attempts at extending life end the same way. They flew in special equipment from the USA that was deemed highly experimental and would cut him open and try it out, only to have to cut him back open a few weeks later to remove what they put in. They tried surgery after surgery in the hopes something would be successful. They did not save his life but I like to think they at least learnt something about a cancer they simply don't see that often, that gave the next person a better shot. When they finally told him there was nothing more they could do, he asked them to stop all further treatment and to let him die on his terms.

The outlook for patients with breast, stomach, lung, testicular, skin or any other form of "common" cancer used to be as bad as pancreatic or bile duct cancer, but these days it's not a death sentence and a lot of people had to lose hard fought battles to get to this point.

Wow. For six years I've been doing "UP + CTRL^A + sudo + SPACE" instead. This is much better.

I use Ctrl-P Ctrl-A sudo <space> which is exactly the same number of keystrokes as "sudo !!" and a much more general solution in my opinion.

At work we had a researcher from Yahoo Mail come in and give a presentation on the machine learning techniques they use to try and stop spammers abusing their mail servers. It was eye-opening to learn just what kind of hourly battle they face to keep spam out of their systems and the ways they are trying to combat it. It was even more enlightening when the presenter told stories about the problems that machine learning can't solve - like people within the company being bribed to whitelist spam companies based in Vegas.

On the surface it's such a simple problem, and I'm sure anyone who's tried to prevent their web application's outgoing mail being marked as spam by the evil corporations of Yahoo and Google will have had the desire to go write a blog post saying what a crock of shit the whole thing is and how they would never take part in that. But here's the thing - those systems are in place because if they weren't, email would be a completely useless form of communication at this point.

The people sending spam make _millions_ of dollars abusing a system which is popular because its open and based on trust. That kind of money combined with greed gives people all different levels of drive and incentive to get their emails about bigger penises and viagra through to your inbox. Every time they prevent one form of attack, these guys will create a new one.

To do this they do things like install mail servers on unsuspecting user's machines, specifically targeting Yahoo/Hotmail/Google users because their IP will obviously need to be trusted by those companies. They will also hack into other people's private mail servers. They will spoof email headers and pretend they're someone else. They will hire people, experts, who will find new ways of breaking in to servers they detect as having mail servers running on them. All this just to get past the spam filters and prevention that make email a useful form of communication to begin with.

And let's forget the people who couldn't set up their own mail server for just a second. I like to think I know what I'm doing. After installing Postfix and jumping through all the hoops to get my emails whitelisted by Gmail and making sure I didn't have an open relay on my mail server, you know what happened? Someone managed to hack in by brute force anyway. I only noticed because of the _millions_ of automated replies that were coming in every day from dead email accounts or people that were out of office.

Now, I could have worked hard to fight this. I could have did something other than changing my passwords and hoping they didn't get crack them again. But the point is - I only ran a mailserver to get email delivered to me on my personal domain. I didn't want to have to fight and battle and dedicate myself to solving this problem. I wanted to take this thing for granted. I just wanted to send and receive email. Instead bad people could not only sit there and read all my incoming mail - but they could use my server to spam people and get me blacklisted and blocked from so many other services I worked so hard to be trusted by. And they did all this without even specifically targeting me. I was a statistic to them, someone who simply didn't know what they know. In the end, I moved my personal mail account to Google Apps, free of charge. Problem solved.

By using Gmail or Yahoo Mail or Hotmail - you are almost definitely more secure than setting up your own mailserver. You have people paid hundreds of thousands of dollars a year working full time to make sure your data is secure. I mean if privacy is your reason not to use Gmail, then I hope for your sake your mail server is secure. Maybe you think it is. I know I did too.

And all these people complaining about advertisements based on the content of their emails. Yahoo Mail had a team of like 30 people just doing _research_ on how to stop spammers. Then all these other people working on support. How does that service get provided to us _free of charge_ without advertisements or some sort of monetisation? I know in some people's heads they think it's literally just a Bayesian classifier and some hand-coded rules, but it's so beyond that.

And of course, let's not forget the fact that a lot of people would not be able to set up their own mail server anyway. Maybe you don't need them, but Hotmail, Gmail and Yahoo Mail enable hundreds of millions of people to communicate _for free_ with other people around the world that otherwise wouldn't be technically competent enough to buy a domain name and set up a local mail server. It lets you communicate with them too, because they don't get frustrated wading through hundreds of spam emails just to read the good stuff.

And that system only works because we have good guys that are fighting the bad guys who want to ruin it for the rest of us. And this is just the one example of email. Which has all this decentralised and open properties that you desire. I am reminded of Diaspora when they released a first beta of their code and it got absolutely torn to shreds for security reasons, and we haven't heard much since.

The real world sucks.

That's why I think it might be a good idea for you to go work for Google.

Yes, spam fighting is hard. Yes, it's probably easier with huge centralized installations (he actually observed that at this point the centralization offers advantages over the decentralized model.) But his main point was not about spam nor even about e-mail in general. His point was that it is worth putting the additional effort into making decentralized systems work. This is definitely not what Google are doing.

It's no surprise that they concentrate on marketing their business software to businesses though. That's who's going to pay for it. A CS department is going to use whatever the school uses and a non-profit is better served by Google Apps (which is discounted heavily for non-profits).

Also, 80beans is using it and they only have a team of 6.

The centralized solution you've proposed carried to it's fullest extent is basically eliminating email altogether, where a small cabal of whitelisted services are only able to pass messages to each other. If spam detection software must remain secretive and proprietary at these big companies, this is basically a capitulation to the spammers.

The anti-spam systems work because they are based on content of emails and properties across the providers entire user-base. Every time you click "Mark as spam" you are contributing data for all users in the service. In a decentralised service, even if people agreed to submit all their emails and information for the greater good (which they probably wouldn't), the data still needs to be centralised somewhere and secured by experts. The blacklist/whitelist of notorious spammers and servers needs to be maintained somewhere. You end up having a committee to do that, an elected/trusted group of people and they need to deal with appeals, etc.

Two:

If the logic for blocking spam were public, don't you think that would make it much easier for spammers to circumvent?

Edit - I can't reply to the user below. Must be some HN feature. But the logic for accepting an email is essentially a decision tree, it is based on data and evolves over time. It is a very different problem from something like encryption.

That said, a great many anti-spam solutions work by well-known and publicly available methods. DKIM (header signing) actually utilizes PKI. DNSBLs are publicly queryable (in some cases the zonefiles may be downloaded), Bayesian and rules-based filters are also generally available.

The real challenges are:

1. Spam is cheap. Spam mail outnumbers ham (non-spam mail) by 100:1 or better. There's a lot of it.

2. Distinguishing spam from ham is contextual, and people's contexts differ.

3. False positives are expensive. Wrongly classifying ham as spam carries far worse consequences than wrongly classifying spam as ham (false negatives). Filters must skew to permissive.

4. There's little central agreement on methods, there are many old systems in existence. We've seen a few small advances (DKIM, SPF) in the past decade, but brute-force content filtering is still required.

5. Even well-established strong verification tools are too technically advanced for the vast majority of the userbase, and/or are unappealing to others. PGP MIME-encoded email signatures (strong cryptographic identity verification) dates to 1991, fer crissakes! Getting even corporate-supported users to employ this properly is at best difficult (though it's becoming ever so slightly more common largely due to compliance requirements). For others, repudiability is important.

6. It's an arms race. Spammers change methods (many based on automated tools assuring rapid widespread adoption of new methods) based on new anti-spam methods.

7. Client and server (MUA/MTA) support for tools which would facilitate whitelisting of users and mail peers is difficult. Centralizing mail gateways can complicate the issue if those core gateways emit proportionately high levels of spam (I see or have seen middlin' amounts of spam from Hotmail, Yahoo, GMail, AOL, and other large email service providers, though generally they're pretty good).

That said: whitelisting, reputation systems (sender, server, DKIM, SPF), authentication (DKIM, PGP), contextual (Bayesian), and rules-based (e.g.: SpamAssassin) properly used do make the situation tenable. But this requires extensive support largely for the administrator of an email gateway. End-users may be forgiven for thinking spam is a "solved problem", though at their level it largely is.

What ultimately will solve the email spam problem will be for email to be superseded by another communications channel (SMS, weblogs, social sites, etc.) to the extent that spammers focus their energies there. It's an economic problem, and if the economics fail to support spamming, the (smart) spammers will move elsewhere.

Arguably, that's exactly what Facebook is. Users whitelist each other and use that channel to communicate, skipping email.

If people are bribing insiders at Yahoo to whitelist email servers in Las Vegas, why aren't the insiders and the spammers all in prison?

I also think you're placing a mistaken emphasis on data. It's address books, not your data, that provide lock-in on these services. As far as I know, any of them will let you wrest your e-mail from their claws via IMAP or POP. The hard part is telling your contacts to mail you at <address>@gmail.com instead of <address>@hotmail.com

Full disclosure: I recently accepted a job from Google. My opinions on this matter are mine alone and are not based on any confidential information. I forward e-mail from my own domain to gmail. I also run a mixmaster anonymous remailer.

This is not a description of your email server being cracked. It's a description of someone Joe-jobbing pretending to send mail from your domain. Duckgo for mitigation techniques..

http://en.wikipedia.org/wiki/Backscatter_(e-mail)

The truth is, the OP's domain was probably considered to be in a bad "neighborhood" because his mail server had been compromised for spamming purposes at one point or another. It's dreadfully easy to either misconfigure a mail server or to end up with your mail server compromised.

Regardless, it's easy to hate on Google, especially in a primarily entrepreneurial forum where those posting are often trying to solve tough problems with far fewer resources. But Google is solving tough problems, even when you feel you've been wronged by an algorithm. Gmail has had an unbelievably successful spam filter for years, forcing the competition to rise to the occasion and match it, to the point where people forget how serious a problem spam is. It's not trivial, and it doesn't mean there's a democratic crisis when your e-mails end up in a spam bin. Especially when it's quite likely because your mail server was compromised.

I didn't feel the 'hate'. I read that he didn't particularly care for Google's approach. He certainly says nothing about Google not solving tough problems.

I thought it was a pretty fair piece actually, giving Google credit where it's due, and without trying to demonize them; just stating that he doesn't agree with where they're going.

I hope I didn't come across as "hating on Google."

A family member's office is one I know (along with a few others) that are firmly in "MS Exchange" mode, and they've blocked mail from gmail and other google mail servers, because "google's not secure". Of course, they let hotmail mail through just fine :)

Google dreams of being able to handle all that information on one server.

Besides that, it's not incredibly common (albeit not impossible) for people to steal information by actually hacking directly into their servers, especially with someone like Google. More likely ways to get at someone's email is through XSS or phishing attacks.

It is similar to something like Blueprint (http://www.blueprintcss.org/), which I have used for my prototypes with a lot of success, but just taken much further.

Admin themes --- which, again, cost tens of dollars --- are uncannily similar to Twitter Bootstrap: they include full page layouts with dummy navs and a series of demo pages with styled markup for... well, more than is in Twitter Bootstrap! (They get to cheat and use jQuery). They are basically what you'd get if you gave a designer the brief "build the layout for my app, Lorem Ipsum 3.2 Pro".

You really ought to take a look at them. I know it's hard to take things from Themeforest too seriously. It was hard for me too. Now I feel dumb about that.

To elaborate on what Thomas is saying: they revolutionized rapid application development at both our companies, for like $15 each.

In consulting projects I often have call to create little one-off internal tools in Rails, either as a prototype for a tool the client will create or to support their marketing team. These generally have development budgets measured in days, and I have the HTML/CSS skills of roadkilled turtles, so they came out totally unstyled. I'm now embarrassed by them: now when I start a Rails project I drop in one of my prepared admin theme layouts and blammo it magically looks professional.

Given that my clients end up paying thousands for those mini-projects, the level of polish is clearly worth it. It's like a Tiffany box versus delivering the ring in a small paper bag: if you think it doesn't matter, your mental model of human cognition is broken.

I just found out about install_theme (https://github.com/drnic/install_theme) which looks usefull.

Personally I've been using active_admin for simple apps, which has a pretty good theme, but there's not really much variation, if any.

It sounds to me like substantial chunks of these projects could be automated, and that there might be a market for an internal-rails-tool-in-a-can type product.

Here the I think the pain "removed from cross-browser CSS" is removed here, at least in part, because this doesn't work across browsers (check the IE8 screenshot @paulirish posted)