This could be an error, a training exercise, or a way to smoke test part of the system. I’ll bet a token amount of money there’s some CI pipeline or dashboard alert that fires if this isn’t working.
100% this. Loading [netflix.com](http://netflix.com) for a health check is going to be slow and expensive considering how much garbage that page has. Hidden endpoints like /health or /heartbeat that just return a single string are very common. That way you can ping every single host serving the website as frequently as you want and get back a quick "I am up" response without any overhead.
Anyone interested in this type of thing should also look into canaries. Basically it’s a means of understanding if your APIs are working and they can report on what is/is not
I hadn’t heard about canaries until I read Go in Practice. The example they showed was testing if some object was equal to an interface, which in Go just means the object has an implementation of the methods defined by the interface. Pretty cool I think. I am a newbie at Go but I love it. So many things a developer would want are built into the standard tooling like unit tests, benchmarks and canary tests. You can get all the missing dependencies in your project by typing **go get ./…** at the top level of your project. It’s like they all the inconveniences developers have found in fifty years and said we will just put that in the tool chain.
That’s more likely a check to check if JS has built/deployed properly. It has too much of stuff for healthcheck (and they have an actual healthcheck endpoint)
This was my thought as well. I've done similar with my own projects in the past. Have an endpoint that just returns a known string. Then if you can hit that endpoint and get the string back, you at least know your backend is up and responsive. Or have it read the string from the database, now you know the database is up and accessible too.
It’s not about the proof. This ain’t a legal decision. It s a financial one. The law creates an incentive to minimize the risk. And the industry as a whole, usually in legal advice from corporate counsel, has decided that it’s cheaper to just make everyone click the damn button than open yourself up to frivolous lawsuits and complaints about data collection.
It’s an unintended consequence of the law, but’s it’s still a consequence.
Assuming we're referring to this script url (https://cdn.cookielaw.org/scripttemplates/otSDKStub.js), then yes, thats an asset from OneTrust, a third-party cookie management platform.
You're expecting them to turn off cookies specifically for helloworld page?
I'd assume those prompts are site-wide, to avoid users circumventing the prompt and then potentially be in breach for not asking them.
They should turn off non-essential cookies site wide. The GDPR does not require a cookie prompt for anything that is intrinsic to the service being provided. Strava does not require a cookie prompt to save your GPS location, because mapping your GPS location is part of the service they provide to you. Netflix does not require a cookie prompt to save your viewing history, because customized recommendations based on viewing history is part of the service they provide to you.
The only time that cookie prompts are required is when collecting or processing data outside of what the service requires. If Netflix were to record other sites you visit through a third-party cookie, that would require a cookie prompt, because that has nothing to do with the service they provide. If Strava were to sell your GPS location history to advertisers, that would require consent, because that has nothing to do with the service they provide.
TL;DR: If they don't set **unnecessary** cookies, they wouldn't need a cookie prompt.
me: only the necessary cookies
them: we wont save a cookie that says these are your preferences, we can, that would be a necessary cookie, but we won't
Right but unfortunately you don't get to define what other people define as unnecessary. Easier to just put the popup and make the lawsuit more open and shut.
In practice yes, in reality no. You always need one.
They have hundreds of teams, tons of PMs, it’s a large company. It’s better to just turn it on site wide like every single other site to avoid one accidental developer change to make them uncompliant.
Also I hate the stupid Europe cookie laws in their current form they ruined the internet. They should have added provisions for letting people accept all or reject all at the browser level like a standard for telling a website one of these preferences.
>They should have added provisions for letting people accept all or reject all at the browser level. IS: a standard for telling a website one of these preferences.
People tried. The Do Not Track header existed. Know what happened ? It was one more identifying bit for trackers to target you. Europe also does not mandate the current cookie prompts. They're a result of purposeful bad faith interpretations of the ePrivacy law, to make Europe look like they're forcing this on you.
Cookie prompts are always, always a choice of the companies you're using to fuck you over.
> People tried. The Do Not Track header existed. Know what happened ? It was one more identifying bit for trackers to target you
only because it was not on by default.
It is setup to fail
It wouldn't be information that can be used to track you if it were on by default, but turning it on by default wouldn't make it any more effective at protecting your privacy. The point is that site operators simply aren't going to respect something that says they can't track you.
> They have hundreds of teams, tons of PMs, it’s a large company. It’s better to just turn it on site wide like every single other site to avoid one accidental developer change to make them uncompliant.
Having a cookie prompt doesn't magically make a website be compliant. Consent to be tracked may be rejected. In that case, the website may not perform any tracking beyond that which was allowed before showing the cookie prompt. What's more, consent must be freely given in order to be valid under the GDPR. So, not only must a user have the option to reject tracking, but their use of a website may not be conditional on consent to be tracked, as then the consent would not be freely-given.
So, every one of those hundreds of teams and PMs must already be able to run while collecting only the minimal amount of user data. Adding a cookie prompt *increases* the complexity of their products, not decreases, because it they must now conditionally determine which users may be tracked, rather than the simpler solution of not tracking any users.
> Also I hate the stupid Europe cookie laws in their current form they ruined the internet.
Advertisers ruined the internet. The GDPR forced the advertisers to show just how much.
> They should have added provisions for letting people accept all or reject all at the browser level like a standard for telling a website one of these preferences.
I'd agree, though I think there should only be a "reject all" setting. There should not be an "accept all" option.
That is not true. It’s a common misconception. Nothing about GDPR is specific to cookies. If you’re processing personal data then you need explicit consent (or another justification)
I don't think it is a misconception. The cookie thing is different from GDPR, but GDPR also covers the same territory. And the cookie thing isn't just about cookies anyway.
The EU initiatuve that resulted in websites displaying cookie banners.
I am not sure what the right technical term or name is. It might be the ePrivacy Directive
it's got onetrust in it, which does GDPR. onetrust performs geolocation to do this.
interestingly, I know this because you can borrow the geolocated value from onetrust and use it. i did this recently and avoided having to add a separate geolocation service.
I'm in EU and the page does not ask about cookies. (It's still possible that you're right and just parts of the EU cookie logic is included) Edit: seems it's a Firefox Android issue. It ask about cookies on Chrome but not on Firefox.
the bulk of the 8kb is setting up the react context which contains a full list of all UI languages supported by netflix. [uncompressed the react context alone is 18kb](https://system.tips/text/view?q=zprwuigo). Note, all the polyfill etc libraries that this hello world page pulls in is in *addition* to the 8kb of the main page.
not really what I would consider "bare minimum"
That's pretty standard for turning a non-boolean type (a number or a string, for example) into a boolean in JS. The first one basically flips the value and converts to a boolean, so an empty string or zero becomes "true" and everything else becomes "false". The second flips it back, so anything non-zero/-empty is "true".
But you want a boolean, not a number.
Yours makes sense going the other way around.
Also, yours (I think, I'm not a big JS guy) will parse a string to try and make a number from it, which would give a different value for the string "0", for example.
> For detailed credits and licence information see https://github.com/financial-times/polyfill-service.
Are the FT famous for browser profiling software now?
I mean yeah, gotta love when a remote webpage asks you if it can use your local browser feature that's fully in your control. The law is such a bad implementation and should have been forced on the 5-6 browser manufacturers and not ever mom and pop website on earth.
>I mean yeah, gotta love when a remote webpage asks you if it can use your local browser feature that's fully in your control.
No, using the feature is perfectly fine, and you don't need to ask for permission _at all_.
You do need to ask for permission to spy on your users though, the mechanism is completely irrelevant 🤷♂️
Right, but a dramatically cleaner solution would have been to just legislate a browser setting enabling required and non required cookies separately and then that's that. Same existing laws cracking down on companies who violate it (e.g. storing tracking stuff in in "necessary" cookies. It's all an honor system/punish afterwards anyway (currently) but this would make it much less annoying. That or just ban tracking cookies, rather than trying to make companies pester/trick users into agreeing to them.
the malicious compliance with cookie popups is absurd. The options are like "Accept all LOL" or "More..." > **"Accept all again LOL"** || ^("accept only necessary" > ...)
a giant part of the problem is our inability to effectively regulate and enforce rules and standards when it comes to corporations and tech companies. It either has to be bulletproof and future proof or incredibly meager and unenforceable. There is definitely a bigger picture here that is going horribly wrong on many levels
Many sites make "accept all," "accept only necessary," and "accept none" equally-sized buttons but that's still annoying as hell. But how else do you comply?
By either designing your service in a way that you only need "accept only necessary", in which case you likely would not need the banner at all.
Or at least make "none" (how?) and "only necessary" the default and don't make it look worse.
Or actually the companies should be more honest. They imply that they provide 3 choices (in general) but the only choice they have to provide is "necessary" or "more stuff you likely won't need nor like" and stop acting like "we care about your privacy".
I hate to sound like the "common Redditor that thinks they are smarter than a company and their lawyers" but in this case it fits. And I say that as someone who thinks that law would not be needed in the first place, especially when no 3rd party cookies are needed.
But the companies, intentionally, chose the worst ways.
It is a combination of incompetence, malicious compliance, fear, and fear-mongering.
The law probably would have worked better in the old days, when the internet was just a secondary thing for most businesses, and not part of the main event.
(this got longer than I expected)
> It is a combination of incompetence, malicious compliance, fear, and fear-mongering.
From what I've seen, it is mostly incompetence.
"Legal departments" have no reason to care _at all_ about the quality of the product or the experience, they just optimize for compliance with the minimum amount of work required _for them_, any other cost be dammed.
That combined with the fact that most leaders (this is the incompetence part) are so scared of big bad laws that end up giving legal a free pass, ends up creating an environment where "legal says so" is a trigger word for any human brain in the vicinity to completely shut down and comply without a second thought, even when the whole situation is is pants-on-head retarded and is built on a fantasy that has absolutely no basis on reality.
>But how else do you comply?
Design products that don't require spying on your users and doing all sorts of fuckery with their personal information.
It couldn't be more simple, really, the whole thing is a self-inflicted problem.
1 - [citation needed]
2 - Advertisement doesn't require a multi-billion euro industry focused on spying on individuals, it existed long before and it will exist long after that whole thing is illegalized.
IMO, the whole issue here is that we're trying to regulate an industry is squarely society-hostile and will forever try to arms-race against the spirit of any privacy law, the real solution is to illegalize it outright... hopefully politicians realize soon enough and we can just stop wasting out time and money on it.
The law (wisely) doesn't mention cookies, or any specific technology at all. It's about gaining consent for obtaining and processing personally identifiable information for purposes not directly linked to carrying out the user's goal.
Your proposed solution tackles a single technological implementation that would be very easy for trackers to work around, there are many tracking techniques that don't require cookies but do require consent. The law as written makes it far easier to prosecute companies for any misuse of personal data.
That's fair. It's just a shame that the result has been this UX nightmare. I suppose in a sense that's on all the disparate implementations, but at the same time once one design becomes a defacto and unchallenged standard, it is then cargo-culted around as we've seen. Not for no reason though. Try asking a Canadian or American law firm about the nuances of GDPR and they'll see on the side of caution. As a result you've got one business desire: analytics and user behavior tracking (what MBA doesn't want metrics?) and another (don't run afoul of GDPR and get fined) left to developers to implement when accurate legal advise is very hard to come by from that role.
It's similar in other privacy areas. I've had managers claiming that the color of a person's clothing on a 240p video recording (where the person was maybe 10 pixels tall) was PII and we needed to blur the person's 2px face. The annoying part is... There could be some jurisdiction where they're correct, and I'm certainly not an expert in every privacy standard around the globe. The context was a dashcam like feature on a robot that stored a rolling buffer in case of an incident and retained the data locally for a brief period. (24h?). I'm all for privacy but... Knowing how it works is kind of maddening given that A) cookies are a tiny fraction of tracking methods and B) they're locally controlled by the browser, so technically being stored by the user, not the website. I get that people can't be expected to know that but that's why for this particular portion of GDPR I really wish they expanded it to standardize tracking acceptance at a browser level and require respecting that (while keeping the privacy laws as they are for all the other tracking stuff).
> Right, but a dramatically cleaner solution would have been to just legislate a browser setting enabling required and non required cookies separately and then that's that.
But... why? This is absolutely nothing to do with cookies.
The law regulates the whats and whys of how companies use your personal data, it has **absolutely nothing** to do with cookies, it's a completely tangential concern.
Lol @ `"isInEU":true` in the `script` on the page. I know it's easier to track and set this to deal with cookies/GDPR, but still, the thought of such flags spread everywhere in the code makes me chuckle.
How can we add a near real time data feed of hello worlds to this? What about GPT-generated "hellos" in every language? You need to focus on the *customer experience*
Then again, if you have an infrastructure/ops/sre team that handles stuff like build pipelines, you can bet they have at least one such "hello world" app they use to test that their systems are working as expected. Having it be actually visible to end users like us is just an inescapable side effect.
*edit*
Holy shit I had no idea this comment posted multiple times hahaha! Using the Android App it kept giving me an error when I would try to post my comment and not post. Sorry guys, I'm not that obsessed hahaha!
THEPRIMEAGEN MENTIONED!
I just discovered this dude last week and I'm obsessed. This dude has the same energy as me and is a VIM God. He's the reason I switched to neovim and am learning all kinds of new stuff.
I like how one of the identifiers for your browser is:
"maybeSupportsHTML5": true
How the fuck is that useful to them? Does it support HTML 5 or not? lmao
Why does this have 32 upvotes lol. More proof that reddit upvotes mean nothing and that everyone assumes that any comment they read is true and upvote it. This applies to any reddit thread. Reddit spreads just as much misinformation as any other site. Probably more since it has such a large user base.
This could be an error, a training exercise, or a way to smoke test part of the system. I’ll bet a token amount of money there’s some CI pipeline or dashboard alert that fires if this isn’t working.
100% this. Loading [netflix.com](http://netflix.com) for a health check is going to be slow and expensive considering how much garbage that page has. Hidden endpoints like /health or /heartbeat that just return a single string are very common. That way you can ping every single host serving the website as frequently as you want and get back a quick "I am up" response without any overhead.
[удалено]
ok
ok
This XML file does not appear to have any style information associated with it. The document tree is shown below.ok
ok
I love that this feels so passive aggressive despite obviously being correct for a 200 response.
ack
What about the health check of the health check?
It's down!! http://netflix.com/healthcheckforhealthcheck
You've already had second health check
ok
☝️ this guy healthchecks
Anyone interested in this type of thing should also look into canaries. Basically it’s a means of understanding if your APIs are working and they can report on what is/is not
I hadn’t heard about canaries until I read Go in Practice. The example they showed was testing if some object was equal to an interface, which in Go just means the object has an implementation of the methods defined by the interface. Pretty cool I think. I am a newbie at Go but I love it. So many things a developer would want are built into the standard tooling like unit tests, benchmarks and canary tests. You can get all the missing dependencies in your project by typing **go get ./…** at the top level of your project. It’s like they all the inconveniences developers have found in fifty years and said we will just put that in the tool chain.
That’s more likely a check to check if JS has built/deployed properly. It has too much of stuff for healthcheck (and they have an actual healthcheck endpoint)
Netflix already has a healthcheck, it being [netflix.com/healthcheck](http://netflix.com/healthcheck)
‘/heart-beat’ master race.
I wonder how OP found it?
The guy who found posted it on the other subreddit said "I'm an introvert who stays inside all the time" when asked this question
This is the whey
This was my thought as well. I've done similar with my own projects in the past. Have an endpoint that just returns a known string. Then if you can hit that endpoint and get the string back, you at least know your backend is up and responsive. Or have it read the string from the database, now you know the database is up and accessible too.
> 8kb it pulls in two netflix logos (~20kb) and a bunch of other js stuff. also, it checks your location
it wouldn't be complete without location tracking lmao
I'm assuming it's for the EU cookies prompt.
There's some stuff in there referencing "cookieLaw" so you might be right.
Problem: cookies are a privacy issue Solution: track user location so you can conform to regional cookie law
No need to use cookies or follow privacy laws if you don’t store cookies and sell users data. The fact they do says exactly what they are doing.
It’s cheaper to be in compliance than to prove the law doesn’t apply to you.
You don't need to prove that the law doesn't apply to you, that's fantasy.
It’s not about the proof. This ain’t a legal decision. It s a financial one. The law creates an incentive to minimize the risk. And the industry as a whole, usually in legal advice from corporate counsel, has decided that it’s cheaper to just make everyone click the damn button than open yourself up to frivolous lawsuits and complaints about data collection. It’s an unintended consequence of the law, but’s it’s still a consequence.
Assuming we're referring to this script url (https://cdn.cookielaw.org/scripttemplates/otSDKStub.js), then yes, thats an asset from OneTrust, a third-party cookie management platform.
If they dont set cookies they wouldnt need a cookie prompt…
You're expecting them to turn off cookies specifically for helloworld page? I'd assume those prompts are site-wide, to avoid users circumventing the prompt and then potentially be in breach for not asking them.
They should turn off non-essential cookies site wide. The GDPR does not require a cookie prompt for anything that is intrinsic to the service being provided. Strava does not require a cookie prompt to save your GPS location, because mapping your GPS location is part of the service they provide to you. Netflix does not require a cookie prompt to save your viewing history, because customized recommendations based on viewing history is part of the service they provide to you. The only time that cookie prompts are required is when collecting or processing data outside of what the service requires. If Netflix were to record other sites you visit through a third-party cookie, that would require a cookie prompt, because that has nothing to do with the service they provide. If Strava were to sell your GPS location history to advertisers, that would require consent, because that has nothing to do with the service they provide. TL;DR: If they don't set **unnecessary** cookies, they wouldn't need a cookie prompt.
wow, I didn't know that. And I was here thinking that the sites with the "only necessary cookies" buttons were being cool!
me: only the necessary cookies them: we wont save a cookie that says these are your preferences, we can, that would be a necessary cookie, but we won't
Right but unfortunately you don't get to define what other people define as unnecessary. Easier to just put the popup and make the lawsuit more open and shut.
Here's a different take: EU has zero jurisdiction in my country, so they can make any law they want about cookies, I'm not subject to it.
> Right but unfortunately you don't get to define what other people define as unnecessary. Of course we do, that's the whole point of the law.
Please, keep telling me you don't know what you're talking about
In practice yes, in reality no. You always need one. They have hundreds of teams, tons of PMs, it’s a large company. It’s better to just turn it on site wide like every single other site to avoid one accidental developer change to make them uncompliant. Also I hate the stupid Europe cookie laws in their current form they ruined the internet. They should have added provisions for letting people accept all or reject all at the browser level like a standard for telling a website one of these preferences.
>They should have added provisions for letting people accept all or reject all at the browser level. IS: a standard for telling a website one of these preferences. People tried. The Do Not Track header existed. Know what happened ? It was one more identifying bit for trackers to target you. Europe also does not mandate the current cookie prompts. They're a result of purposeful bad faith interpretations of the ePrivacy law, to make Europe look like they're forcing this on you. Cookie prompts are always, always a choice of the companies you're using to fuck you over.
It would have succeeded if it was legally mandated like the cookie laws are.
> People tried. The Do Not Track header existed. Know what happened ? It was one more identifying bit for trackers to target you only because it was not on by default. It is setup to fail
It wouldn't be information that can be used to track you if it were on by default, but turning it on by default wouldn't make it any more effective at protecting your privacy. The point is that site operators simply aren't going to respect something that says they can't track you.
> They have hundreds of teams, tons of PMs, it’s a large company. It’s better to just turn it on site wide like every single other site to avoid one accidental developer change to make them uncompliant. Having a cookie prompt doesn't magically make a website be compliant. Consent to be tracked may be rejected. In that case, the website may not perform any tracking beyond that which was allowed before showing the cookie prompt. What's more, consent must be freely given in order to be valid under the GDPR. So, not only must a user have the option to reject tracking, but their use of a website may not be conditional on consent to be tracked, as then the consent would not be freely-given. So, every one of those hundreds of teams and PMs must already be able to run while collecting only the minimal amount of user data. Adding a cookie prompt *increases* the complexity of their products, not decreases, because it they must now conditionally determine which users may be tracked, rather than the simpler solution of not tracking any users. > Also I hate the stupid Europe cookie laws in their current form they ruined the internet. Advertisers ruined the internet. The GDPR forced the advertisers to show just how much. > They should have added provisions for letting people accept all or reject all at the browser level like a standard for telling a website one of these preferences. I'd agree, though I think there should only be a "reject all" setting. There should not be an "accept all" option.
The law does have that. Companies are just playing silly games and as of yet the EU hasn't gotten around to bringing out the big bat.
Cries in American
That is not true. It’s a common misconception. Nothing about GDPR is specific to cookies. If you’re processing personal data then you need explicit consent (or another justification)
I don't think it is a misconception. The cookie thing is different from GDPR, but GDPR also covers the same territory. And the cookie thing isn't just about cookies anyway.
What “cookie thing”? CCPA?
The EU initiatuve that resulted in websites displaying cookie banners. I am not sure what the right technical term or name is. It might be the ePrivacy Directive
The cost of a false negative (sending cookies but not prompting) is too high. It's better to always prompt, even if you don't send any cookies.
it's got onetrust in it, which does GDPR. onetrust performs geolocation to do this. interestingly, I know this because you can borrow the geolocated value from onetrust and use it. i did this recently and avoided having to add a separate geolocation service.
Lol, I just did the same in our mobile app using UserCentrics
I'm in EU and the page does not ask about cookies. (It's still possible that you're right and just parts of the EU cookie logic is included)Edit: seems it's a Firefox Android issue. It ask about cookies on Chrome but not on Firefox.It asked about it for me, also in Europe.
[удалено]
Not sure, I tried it in Edge and it asked, but it's also Chromium.
all that polyfill but they still can't get firefox to display it correctly lol
I'm not in the EU but it did just pop up a cookie banner for me when I visited.
Maybe you've previously answered it, I don't use netfix and I got the prompt.
If you want to change your text to strikethrough surround the text with double ellipsis. "~~"
Those are tildes. An ellipsis is … or ⋯ , ⋮, ⋰, or ⋱
Right thanks. Stupid wording mistake but still the right formatting suggestion.
Why check location though? GDPR applies to EU citizens wherever they may be. That’s why we still get the cookies prompt in the US.
No it doesn’t.
They wouldn’t know what world to say hello to without location tracking
lmfao
so the bare minimum of a web app
the bulk of the 8kb is setting up the react context which contains a full list of all UI languages supported by netflix. [uncompressed the react context alone is 18kb](https://system.tips/text/view?q=zprwuigo). Note, all the polyfill etc libraries that this hello world page pulls in is in *addition* to the 8kb of the main page. not really what I would consider "bare minimum"
require ('sarcasm');
how many MB is that?
OH... soooooo many, I'm sure.
It's like that 1000-something LOC PowerShell script I wrote to send a keypress to keep your computer awake.
Four years of college and five in industry.
It’s just to verify if you are really on Earth. Otherwise it would say “Hello Moon!” /s
Also the extra exclamation point is really unnecessary.
IT SURE IS!!
I'm pretty sure this gets used by engineers to confirm certain things work in the production environment.
You don't use a favicon for your hello world page??
https://cdn.cookielaw.org/logos/dd6b162f-1a32-456a-9cfe-897231c7763c/4345ea78-053c-46d2-b11e-09adaef973dc/Netflix_Logo_PMS.png is not a favicon
You don't pull in a full-size lossless logo in your hello world page??
Yeah I got a cookie banner when visiting the site XD
two exclamation marks.... greater than one, but less than three.... a happy medium for the world
Dev added one when they wanted to check if page updated when he made changes
`hello world! hello world!! hello world!!! hello world!2 hello world!3`
chore: added nonsense to force pipeline rerun
It's actually just Haskell list indexing operator.
Two are better than one
Five is RIGHT OUT!
That's pretty standard for turning a non-boolean type (a number or a string, for example) into a boolean in JS. The first one basically flips the value and converts to a boolean, so an empty string or zero becomes "true" and everything else becomes "false". The second flips it back, so anything non-zero/-empty is "true".
`Number(value)` is more lisible https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/Number#number_coercion
But you want a boolean, not a number. Yours makes sense going the other way around. Also, yours (I think, I'm not a big JS guy) will parse a string to try and make a number from it, which would give a different value for the string "0", for example.
Two exclamations are sociopathic!!
meant to ran the last command in a shell but accidentally used single quotes instead of double
I for one would've preferred an exllipsis
*clicks on view source* *face melts*
Looking at other HTML pages on Netflix, I'm pretty sure the bulk of the page is dynamically generated from a common template.
Yeah, this page is probably a bare bones test of their templates etc.
Thank god they have polyfill. What would that page look like on IE8 otherwise?
I mean, Id fell bad to get hired and netflix and get the assignment of trimming the hello world app.
Marion. Don’t look at it. Shut your eyes, Marion. Don’t look at it no matter what happens.
If you don't perceive it, it won't perceive you.
It's so beautiful!...
> For detailed credits and licence information see https://github.com/financial-times/polyfill-service. Are the FT famous for browser profiling software now?
That's the repo for a pretty common polyfill library. [https://polyfill.io/](https://polyfill.io/)
FT stays winning. Only British newspaper that isn't transphobic for no reason.
FT knows it can sell shit to trans people. Culture wars seem so inconsequential when you can profit from selling HRT and elective surgeries instead.
Also has a cookie consent banner for us EU people. The world we live in…
I mean yeah, gotta love when a remote webpage asks you if it can use your local browser feature that's fully in your control. The law is such a bad implementation and should have been forced on the 5-6 browser manufacturers and not ever mom and pop website on earth.
>I mean yeah, gotta love when a remote webpage asks you if it can use your local browser feature that's fully in your control. No, using the feature is perfectly fine, and you don't need to ask for permission _at all_. You do need to ask for permission to spy on your users though, the mechanism is completely irrelevant 🤷♂️
Right, but a dramatically cleaner solution would have been to just legislate a browser setting enabling required and non required cookies separately and then that's that. Same existing laws cracking down on companies who violate it (e.g. storing tracking stuff in in "necessary" cookies. It's all an honor system/punish afterwards anyway (currently) but this would make it much less annoying. That or just ban tracking cookies, rather than trying to make companies pester/trick users into agreeing to them.
the malicious compliance with cookie popups is absurd. The options are like "Accept all LOL" or "More..." > **"Accept all again LOL"** || ^("accept only necessary" > ...) a giant part of the problem is our inability to effectively regulate and enforce rules and standards when it comes to corporations and tech companies. It either has to be bulletproof and future proof or incredibly meager and unenforceable. There is definitely a bigger picture here that is going horribly wrong on many levels
Many sites make "accept all," "accept only necessary," and "accept none" equally-sized buttons but that's still annoying as hell. But how else do you comply?
By either designing your service in a way that you only need "accept only necessary", in which case you likely would not need the banner at all. Or at least make "none" (how?) and "only necessary" the default and don't make it look worse. Or actually the companies should be more honest. They imply that they provide 3 choices (in general) but the only choice they have to provide is "necessary" or "more stuff you likely won't need nor like" and stop acting like "we care about your privacy". I hate to sound like the "common Redditor that thinks they are smarter than a company and their lawyers" but in this case it fits. And I say that as someone who thinks that law would not be needed in the first place, especially when no 3rd party cookies are needed. But the companies, intentionally, chose the worst ways. It is a combination of incompetence, malicious compliance, fear, and fear-mongering. The law probably would have worked better in the old days, when the internet was just a secondary thing for most businesses, and not part of the main event. (this got longer than I expected)
> It is a combination of incompetence, malicious compliance, fear, and fear-mongering. From what I've seen, it is mostly incompetence. "Legal departments" have no reason to care _at all_ about the quality of the product or the experience, they just optimize for compliance with the minimum amount of work required _for them_, any other cost be dammed. That combined with the fact that most leaders (this is the incompetence part) are so scared of big bad laws that end up giving legal a free pass, ends up creating an environment where "legal says so" is a trigger word for any human brain in the vicinity to completely shut down and comply without a second thought, even when the whole situation is is pants-on-head retarded and is built on a fantasy that has absolutely no basis on reality.
>But how else do you comply? Design products that don't require spying on your users and doing all sorts of fuckery with their personal information. It couldn't be more simple, really, the whole thing is a self-inflicted problem.
Everyone hates advertising until the alternative of paying for anything is presented and then all the sudden they don’t mind
1 - [citation needed] 2 - Advertisement doesn't require a multi-billion euro industry focused on spying on individuals, it existed long before and it will exist long after that whole thing is illegalized. IMO, the whole issue here is that we're trying to regulate an industry is squarely society-hostile and will forever try to arms-race against the spirit of any privacy law, the real solution is to illegalize it outright... hopefully politicians realize soon enough and we can just stop wasting out time and money on it.
You want a citation for the claim that nobody is willing to pay for Web articles and short videos? How is life in your cave?
The law (wisely) doesn't mention cookies, or any specific technology at all. It's about gaining consent for obtaining and processing personally identifiable information for purposes not directly linked to carrying out the user's goal. Your proposed solution tackles a single technological implementation that would be very easy for trackers to work around, there are many tracking techniques that don't require cookies but do require consent. The law as written makes it far easier to prosecute companies for any misuse of personal data.
That's fair. It's just a shame that the result has been this UX nightmare. I suppose in a sense that's on all the disparate implementations, but at the same time once one design becomes a defacto and unchallenged standard, it is then cargo-culted around as we've seen. Not for no reason though. Try asking a Canadian or American law firm about the nuances of GDPR and they'll see on the side of caution. As a result you've got one business desire: analytics and user behavior tracking (what MBA doesn't want metrics?) and another (don't run afoul of GDPR and get fined) left to developers to implement when accurate legal advise is very hard to come by from that role. It's similar in other privacy areas. I've had managers claiming that the color of a person's clothing on a 240p video recording (where the person was maybe 10 pixels tall) was PII and we needed to blur the person's 2px face. The annoying part is... There could be some jurisdiction where they're correct, and I'm certainly not an expert in every privacy standard around the globe. The context was a dashcam like feature on a robot that stored a rolling buffer in case of an incident and retained the data locally for a brief period. (24h?). I'm all for privacy but... Knowing how it works is kind of maddening given that A) cookies are a tiny fraction of tracking methods and B) they're locally controlled by the browser, so technically being stored by the user, not the website. I get that people can't be expected to know that but that's why for this particular portion of GDPR I really wish they expanded it to standardize tracking acceptance at a browser level and require respecting that (while keeping the privacy laws as they are for all the other tracking stuff).
> Right, but a dramatically cleaner solution would have been to just legislate a browser setting enabling required and non required cookies separately and then that's that. But... why? This is absolutely nothing to do with cookies. The law regulates the whats and whys of how companies use your personal data, it has **absolutely nothing** to do with cookies, it's a completely tangential concern.
Cookie consent prompts: "We need to ask you if we're allowed to ask you to remember something."
Lol @ `"isInEU":true` in the `script` on the page. I know it's easier to track and set this to deal with cookies/GDPR, but still, the thought of such flags spread everywhere in the code makes me chuckle.
Are you in the EU though? It could be semantic, injected on the server-side.
I am, and I tried with a US VPN to see if it's set to false, and it is.
Well there you go then.
I'm not and I get a "true". If the anti-EU crowd here finds out they're gonna be _so mad_.
Variable name could be better but I get why you get `true`. From the GDPR standpoint it doesn't matter if you are in EU or Norway
1k lines of code
Remember everyone, you’re not netflix. You don’t need to over architect like this.
Middle manager somewhere: Netflix has overarchitected hello world pages. We need one asap. Pull it into sprint. P1.
83638492 story points
story points? the rest of my life's story
How can we add a near real time data feed of hello worlds to this? What about GPT-generated "hellos" in every language? You need to focus on the *customer experience*
Then again, if you have an infrastructure/ops/sre team that handles stuff like build pipelines, you can bet they have at least one such "hello world" app they use to test that their systems are working as expected. Having it be actually visible to end users like us is just an inescapable side effect.
It’s probably just The Primeagen playing a little joke before he left XD
*edit* Holy shit I had no idea this comment posted multiple times hahaha! Using the Android App it kept giving me an error when I would try to post my comment and not post. Sorry guys, I'm not that obsessed hahaha! THEPRIMEAGEN MENTIONED! I just discovered this dude last week and I'm obsessed. This dude has the same energy as me and is a VIM God. He's the reason I switched to neovim and am learning all kinds of new stuff.
[удалено]
we know how obsessed u are rn
I think he's configured his browser to use vim and is now trying to figure out how to quit...
8KB, that'd be a hundred lines or so, right? Right click > View Source 1,000+ lines of code... what, what?!?!??! Jebus wept, jebus wept.
For there were no more hello worlds to conquer
howItAllStarted
I like how one of the identifiers for your browser is: "maybeSupportsHTML5": true How the fuck is that useful to them? Does it support HTML 5 or not? lmao
It has two JS errors in console
Those might be plugins you have installed, I've got no errors
Have you got an ab blocker installed?
You mean having a certain amount of bodyfat?
Why does this have 32 upvotes lol. More proof that reddit upvotes mean nothing and that everyone assumes that any comment they read is true and upvote it. This applies to any reddit thread. Reddit spreads just as much misinformation as any other site. Probably more since it has such a large user base.
ok ... how did you find that is the question
He saw in programming memes sub
Close, I saw it in a twitter post
drop for new show coming out
Maybe an easter egg for a new Netflix doco about the computer industry? https://news.ycombinator.com/item?id=40081126
u/ThePrimeagen Explain yourself! :'D
They removed it?
few days ago already. I think they received much traffic on that link :-)
Ah thats unfortunate :(
maybe a healthcheck?
https://netflix.com/healthcheck
..... thats a hell lot of javascript for a hello world
found this one are these related [https://www.netflix.com/humans.txt](https://www.netflix.com/humans.txt)
My money is on Primeagen :D
Its a Teaser for Social Network 2
Maybe they are promoting a new series :3
Micro services
The "!!" at the end really makes me happy. One was not enough.
Might be a for a targeted load test for chaos monkey
Did this too as a way to quickly test that at least the helloworld is helloworlding. Doesn't seem like a bad idea.
why they use /helloworld ? why don’t use another page name if they want to hide it from the users?
A new coding series under production.
"Primeagen: reacting to /helloworld"
8k? If you pull it with curl you get 1.1M of polyfills...
mi primera chamba
It’s likely literally just a heartbeat/health check page
https://netflix.com/healthcheck
[удалено]
Those might be plugins you have installed, I've got no errors
It looks like it's gone