Klox

Requirement 3 was just nice to haves to make a better culture around ticketing to fight scalpers and related problems. The first two are mostly the meat of the ticketing ecosystem.

You ultimately need to trust the provider

That’s not the ultimate trust, and whether or not I trust them has no bearing on purchasing tickets. The point is, people can sell me a fake ticket and I won’t really know until I get to the venue. Providers committing fraud is pretty rare.

All the decentralised smart contracts in the world won’t help you if they’re scamming you.

You don’t know what you’re talking about then. You can absolutely prove the vender issued the NFT. And you can absolutely prove you own the NFT. And you can absolutely transfer ownership of the NFT in a provable way. I don’t know what other argument to make if you just believe incorrect facts.

So just trust them. With a database.

I really don’t understand the desire for you to want to pay 15 to 30% fees to go to a venue. Is it hard for you to imagine a world where that is not necessary?

If you really want, produce digitally signed tickets that can be verified against that database with an API.

That’s requirement 2. I should be free to hand my ticket to someone else, digitally. Now we both need to have some custom software talking to your database, and we are in integration hell trying to get ownership transferred in a secure way. Now we’re running a business equivalent to StubHub with thousands of staff trying to have clients upload their tickets to this database in a verifiable way, for no purpose other than you don’t want to admit blockchains solve some interesting problems.

why do I, as a event-goer, actually care about transparency?

Because you want to know you own the ticket. Can you imagine flying to a town, getting to a venue, and holding a fake ticket? Oof…

Or hell, just print physical tickets that can be physically transferred.

I don’t think we’re really having a debate anymore. You can print your physical tickets from Ticketmaster. It doesn’t remove their 30% fee. It doesn’t make ticketing more convenient. Why invent solutions to problems we aren’t talking about?

Throw in a Merkle tree if you really want transparency.

How does a retrievable Merkletree from a database meet any of the requirements I asked for? What does that even mean, to throw in a Merkle tree? Are you trying to convince me you can prevent double-writes to the database? What is this API you are imagining, where I can give ownership of a ticket to someone else? And now we’ve got thousands of venues with their own schemas. What are you even arguing here? It just sounds like you want to hate blockchains, heh.

And when courts disagree with the smart contract, or there’s a bug, or someone’s key is phished… It’s an interesting idea, but it isn’t practical.

The third requirement was to cover some of this. Vendor canceling tickets and other maintenance actions. Courts are involved all the time with existing businesses, so I am not sure why “courts” is a counterpoint to an NFT backed ticket ecosystem. If anything, it makes it stupidly clear to the courts who “owns” the ticket. People can be phished right now, so I am not sure how that’s a counter-point to any of the requirements I mentioned. If the customer can prove they were phished, it is extremely easy to revoke the NFT and issue a new one.

Anyways, I think we’ve run this course. Ive enjoyed chatting. My goal was just to raise some awareness since I only see poorly thought out critiques of NFTs. There are some good reasons to not want an NFT system, but there are also some unique benefits.

Cheers

Ok, here are your requirements:

1. A ticket exchange that provides permission less access and trust less verification of ticket authenticity and ownership (we should be free to use independent exchange services).

2. Tickets must be transferable between parties without intermediary controlling and approving exchanges (or you’re just the new middleman).

3. Rules around issuing tickets, resales, and revocation must be enforceable transparently.

Good luck friend. LMK what you come up with. I think what might be more productive to the conversation is if you state which of these requirements is not important (and why it is not important) because I can guarantee you can’t make a system that meets these without a blockchain-esque system.

FWIW, if you don’t understand why blockchain technology is unique, in that it can solve problems NOT POSSIBLE with other technology, then you haven’t studied it enough. There are tradeoffs of course when designing systems, including efficiency and cost, etc. which makes blockchain irrelevant for 99% of system designs. But that doesn’t mean the technology is not unique.

What is your background in IT? I briefly explained that a database is not “just” a database when it comes to building a marketplace/exchange, there is a ton of infrastructure and code. The problem is that it is all proprietary and not following any kind of open standard. In comparison, the database schema for “checking in” to an event is dead simple: (ticket id, checked in). You could literally print off paper and do it analog if you wanted, it’s that simple. If you tell me your background maybe I can make a more specific analogy, but the infrastructure + code + database schema for a marketplace is like the difference between a golf cart and an F1 car. Or a grocery checklist and a novel. These are many orders of magnitude different.

Why bother? Because it sucks paying fees. Literally billions of dollars extracted by middleware companies. Every stupid ass website is charging fees for everything because it’s all centralized crap. My wife wanted to go to a popular musical, and for 5 tickets I’m paying literally an extra ticket worth in “convenience fees”. I paid for a couple more tickets for my siblings to join, and they ended up not being able to make it day of. I posted them on StubHub and one sold for less than value (and more fees!), and the other didn’t.

The “general problem” of ticketing infrastructure - generating, marketplace, exchanging - has been solved with an NFT open standard at a fraction of the cost in comparison to what these parasitic companies are extracting. Why bother? Because I’m tired of our fees culture.

Ack. I’m not going to pretend like I’ve thought up the whole business plan, but it’s well known the centralized ticket agencies have huge markups. Ticketmaster’s ticketing business is something like $3B in revenue with $1B in profit.

I’m sure there’s still a need venue services, I didn’t mean to suggest the venue could or want to be entirely in-house. Maybe I’m minimizing that part of their business, but if tickets are NFTs it’s so much easier to avoid vendor lock-in for expensive scanners and day-of services.

A database indexing scanned tickets is cheap if you don’t want to burn/transfer the NFT at the door (depends on the network costs too). But again maybe I’m trivializing what Ticketmaster does (IMO I don’t think I am).

You aren’t seeing a difference between what I described and a SQL database? I work in IT and I’m not sure of your background. First, nobody opens a SQL database to the public. There’s a ton of code surrounding every database. How do you think a SQL database ensures only “one owner” of a ticket? It requires identity tracking and management as the tip of the iceberg. And how do you think a SQL database allows people to exchange ownership of the ticket? It requires creating uniquely identified tokens, and code to bridge across systems and exchange the UIDs around. On and on. Almost no venues are doing this in-house, I am not sure what you mean by that.

You’re not thinking of any complicated scenarios if you think ticket sales can be “just a SQL database”. Ticketmaster offers a ton of management around tickets specifically because they are not using any generalized exchange platform (e.g. an NFT standard). With NFTs the bar is lowered for venues to manage it themselves. Posting NFTs to a NFT exchange is dead simple. You don’t need an IT department, hosting costs, staff, call center, etc. to support it. You need a couple of point of sale devices for verification at the door (something they generally already need).

And I certainly wouldn’t trust each venue to securely implement it themselves.

I feel like you’re putting out mixed messages or I’m not understanding your point. You wouldn’t trust venues to use NFTs successfully because they need to do something specific? Or you are referring to in-house development not being done securely? My overall point is, NFT exchange becomes a standard around which venues can operate independently with significantly less overhead, is simpler for the consumer, and cuts out predatory centralized ticket services.

Anyways, cheers. I think there’s a lot of other interesting cases for NFTs but people tend to focus just on jpeg thumbnails.

It’s not that different from how it currently works, but the difference is the platform is distributed and not centralized. NFTs are nonfungible, and the contract process guarantees the NFT can’t be owned by multiple wallets. There can be only “one”.

A venue generates 5000 NFTs (could be individual seats, could be general ticket) and puts them on an NFT marketplace (e.g. OpenSea) for the ticket price (e.g. $100) + 1% (OpenSea will also charge a fee). I buy one of those tickets for $101. I go to the venue. The ticket scanner sends a challenge to my phone, and my phone generates a signature that proves I have the ticket, and I go in.

If I can’t go for whatever reason I can’t go, I can post the NFT to the same or a different marketplace. Note that NFTs don’t necessarily prevent ticket scalping, however because it’s part of a digital contract you can also code an upper limit for the resale of the NFT which would definitely hurt scalpers. But just eliminating the vendor lock-in of the ticket exchange would cut fees between 95 and 99%.

Logistically, what if I lose my phone, and can’t verify the challenge proving I have the NFT at the gate (or whatever similar scenario). The same system intended to prevent fraud also means the system is not flexible for human error. But maybe that’s worth it for everyone to not have to pay 15-30% fees by centralized ticket management systems.

“Digital ticket platform” is literally the poster boy of middle-man grift. Are you not familiar with Ticketmaster? Even smaller platforms are taking 15-30% fees for very little value-add. They “exist” to reduce the operating expenses of venues, but if there was wider infrastructure of NFTs these venues wouldn’t need to contract it out.

NFTs as a mechanism for exchanging and authenticating contracts is pretty revolutionary. But the only thing that reached public awareness were the dumb NFTs of a single image. The closest breakout was probably the effort for ticket sales and club memberships – your “ticket” is the NFT itself, and you can move it around (sell, exchange) as you want before the event. There are still human-errors/logistical problems but in the end whomever has the NFT gets the seat. For club memberships, you were a member as long as you held the NFT. If you wanted out, you could sell it to someone else that wanted to join the club.

I could imagine all kinds of interesting use cases. But everything is just dumb about it now. Oh well.

I’m redoing everything I have from scratch. This week I have FreeIPA set up from OpenTofu + Ansible configs, and enrolls most of my other servers against FreeIPA. I am still migrating TrueNAS to use FreeIPA’s Kerberos Realm for auth, and I need to chown a lot of files for the new UIDs and GIDs homed in FreeIPA. After that, I’m setting up FreeRadius for auth to switches, APs, and Wifi. And then after that, I’m back to overhauling my k8s stack. I have Talos VMs running but didn’t finish patching in Cilium. And after the real fun begins.

It can absolutely be overwhelming, and very easy to forget specifics over a long time. It’s partly why I don’t really go for CLI apps, and ~all of my apps are just Ansible manifests. Which apps are causing the biggest problems for your family?

What exactly is breaking each of these times? Guides that cover 95% sound pretty solid to me. It’s hard to write a guide covering 100% of scenarios. Admittedly I also worked in the field, but the field is extremely wide so maybe there’s some knowledge areas to deepen that are commonly giving you problems and/or move towards a less brittle setup.

Re-evaluating what’s important is important. If it’s not fun then you should reflect on having the right balance of what is helping you and your family vs causing excessive stress. IMO the “avoid all tech companies” is slightly overblown (blasphemous, I know). It’s a good guiding principle but it’s fine to “buy services” that make your life better. For example, I self host a lot, but I was totally fine buying a finances tracking app (the spreadsheet-based one) because it’s doing a lot of heavy lifting that I can’t reasonably do myself at the level of convenience I want.

they are typically for things like carnivals.

Well xAI is a circus, so it’s fairly accurate.

All fair criticisms that I also hold.

Search and YouTube’s ranking algorithm (and all the dimensions and weights/coefficients) are trade secrets and 99% of the company will never see for pretty good reasons. I never had access to them. I have discussed with multiple YouTube people that know the algorithm skewed towards bubbles for exactly the reasons you said: it is literally more engaging. My understandimg is it was the kind of unintentionally, institutional bias-type when you don’t properly control for human psychology. The top line metrics get adjusted to try and compensate for these things in ways I am not too familiar with (for example changing the metric from “watched minutes” to “positive engagement” because Google does not want angry viewers). IMO they were too slow to respond and are definitely culpable in misinformation and radicalization in our culture. I was never in YouTube so I can’t speak to it in any more specific terms.

Android I wholeheartedly agree, but to play the devil’s advocate, I provide a lot of support for non-tech folks. They are constantly losing their email credentials, getting spyware/adware/malware, etc. There’s a lot of cases of scams guiding people to allow third party apps and allowing permissions they should never be allowing. People are far too gullible and can’t see warnings right in front of their eyes. I don’t know that Android is improving it by locking down AOSP. I personally moved to GrapheneOS after leaving Google and I know it’s not for everyone, but it’s got some nice improvement. Google gets paid by phone companies to have play store and a bunch of services installed, and then Google pays back the companies to have their search as a default. The first part never really gets brought up, but phone companies could go without Google services. They just don’t want to make the competitive investment. It’s disappointing.

100%. Google could easily disallow specific uses of their systems. ANTIFA and anti-police state could be terms, but they don’t. And Google is so freaking profitable, theres zero reason to cater to those business segments AT ALL. It would be a boon to their company image to actively NOT participate. So disappointing.

I hear a lot of different far out theories: microphone spying on Android (as a feature, not some 0-day bug), manipulating search results nefariously, handing information over to the government, and dozens more. Google wants user profiles to sell ad segments, but beyond that they do not want your data:

1. Some data is product-scoped. Emails, pictures, YouTube videos, etc. Google can’t just delete these because people want them back heh. Most product-scoped data is not accessible for analytics at all. For example, there’s no scanning gmail to inform ad decisions. Data is encrypted in ways that would make that impossible, e.g. only an SRE or bug investigation might be able to review a specific email. Another example is Maps tracking data. Maps Timeline is now user-device local. Google no longer has the data. Thats pretty impressive, to have a timeline feature and not have the data!

2. All the other tracking and analytics data (that comes from every individual user) have time-locked controls. Data types expire at specific business intervals ranging from hours, weeks, months, and more rare is a about 1.5 years. Some very special types may get retained indefinitely, such as legal holds, or data that is business-produced (as opposed to user-produced). There are both row and column wipeout processes always running for hundreds of reasons.

3. Google has aggressive internal goals to cut costs. They don’t want to host infinite pictures and videos. They improved consolidating user data so that Google Wipeout is pretty much a guarantee that you are gone from their system. Very few people do that though, so they also push the data plans to recoup some of those costs.

4. All the user data they collect is downloadable: https://support.google.com/accounts/answer/3024190?hl=en. Everything there can be deleted.

Yeah, they are excellent at monetizing data, but IMO it’s not for sacrificing user privacy. From my engagement with privacy communities, that is not well understood at all.

I have for sure been avoiding programming since I left. Yes avoiding some tech as a result. I’m de-googling as they say. I’ve spent a lot of time with my family, pursued other hobbies, and volunteered more, which has all been fantastic.

I know I will get back into programming at some point. I really enjoy the selfhosting community and I think I will likely be focusing on the areas of decentralized private networks (similar to Tailscale), decentralized apps (not really web3, but open source apps that can leverage ipfs easily and make it dead simple for others), and tools for public good (promoting good information, skepticism and rational thinking, promoting democracy, fighting against fascism/GOP, etc.).

I hear you on that. It seems like there’s room for it, but it’s just covered in this gross amorphous hyper-capitalist structure.

I am inspired by DeepMind giving away the AlphaFold protein structure database for free. That was awesome!

Or developing and giving away anonymous, decentralized, Bluetooth-based proximity detection for COVID tracking. That’s freaking awesome!

YouTube too is awesome, and it’s profitable, but they slowly make insane, gross decisions to chase 30% YoY growth. 1.5 hour ads, double ads, cutting creator payments, etc. Just make it sustainable!

Repeat ad nauseum across the business units. It’s upsetting.

Good question. I wasn’t. I was not located in California, and the union never really came up in any of my conversations with colleagues. I vaguely thought dues were 5-8% of total compensation (I see now they are 1% which seems reasonable, either I am misremembering or they have since lowered, or maybe I looked at a different union) and they did not have any negotiating rights. Admittedly, if the union isn’t negotiating then I don’t know what it is for. But maybe it just needed to get to critical mass to have that negotiating leverage and I could have helped by joining. My total compensation was very good though, so it didn’t really seem like something a union had to protect. I had excellent work-life balance, good benefits, etc.

Edit: Internally, Googlers are fairly transparent. There were multiple anonymous surveys run by employees for collecting compensation statistics broken down by gender, role, region, office, etc. It had a pretty high number of participants. That was very informative and I always participated.

I took a voluntary layoff from Google last year. It’s probably self-rationalizing, but IMO I had an excellent role at the company for the last 5 years of my time. I helped design a system that locks down and redacts server logs across many of Google’s services. Only on-call engineers with an emergency backed by a post mortem review could get temporary access to original server logs. The system doesn’t delete all data but it can enforce codified contracts, country/state regulations, make certain privacy gurantees, and surface problems for auditing.

Google has made and continues to make poor business decisions, but from my experience they are one of the best big companies managing user privacy. I can’t speak for all of Google’s business units (well I can’t speak for the company at all, heh), but the privacy zeitgeist says the opposite which I’ve found misleading, but could never really speak to while being employed.

User data is taken extremely seriously at Google, and I worked with hundreds of people that would gladly get fired if asked to do anything unethical with user data. They audit and lock down access, build systems for guaranteeing anonymization (systems in place long before I worked there), report compliance, and most importantly they work independently from the employees that use the data. Every business unit had committees to consult and review privacy specifically. I was also an expert consultant for several privacy incidents and the number of people involved and the seriousness taken was personally impressive for even minor incidents.

IMO it’s still one of the best companies to work for, but there’s many legitimate reasons to cut them out. My opinion switched when Google had their first layoff in January 2023. The company had issues (I am sure there are plenty of legit lawsuits that I know nothing about that can be fixed with money and internal/external controls and improvements), but in that moment I realized it’s not the company I thought I knew. Rough ordering of reasons for my exit:

1. Government contracts supporting fascism (Israel, CBP, ICE, face tracking, etc.).
2. The layoffs.
3. Pichai going to inauguration and capitulating. GOP donations.
4. 180 on remote culture.
5. AI slop.

There’s probably more if I reflected longer. Maybe I should have resigned sooner, idk. I’m glad I made the choice that I could.

Google was good to me for the years I was there. I got up to L6 and saved enough for my family to exit on my own terms and find a better environment. I’m still looking heh.

Happy to answer some questions (culture, privacy, SWE/SRE, oncall, etc.) if there are any. The company is massive and I saw only a small slice.

For a Homelab, I cannot imagine going with anything other than older used SFF boxes for my router. I’ve been running PfSense and then OPNSense on them for over a decade.

[Mini PC] Very DIY, would feel afraid of misconfiguring the device and exposing myself to security issues

The risk is there for every router software, and the form factor won’t change that. The OPNSense software is pretty solid and the tutorials are less likely to lead you astray. You will learn a lot with a deep dive on OPNSense. So I’d say just go for the used hardware. The nice thing is your entire OPNSense config is a single file making it easy to back up and restore. If the hardware it craps out on you in 5 years, you take your OPNSense config (regularly back it up with one of the plugins) and a new mini PC and you are running again.

A general PC will crush most routing tasks. The only concern is encryption but anything newish should be fine. Multi gig connections and 10G inner network has been great on my Optiplex.

2. Does anybody have any suggestions for PoE capable switches and access points that play nicely with OPNSense - I’ve been considering MicroTik but I’m not entirely sure what to look for.

They should all be fine. OPNSense is your router and firewall, and IMO it doesn’t really influence my downstream hardware choices (switches, APs, etc.).

Not sure how the used market is in UK. Last year I decided to go 10G so bought a used Brocade ICX 7250 48x PoE+ RJ45 8x 1/10 GbE SFP+ Gigabit Switch for $78 on ebay. Its been so nice! 48x PoE ports and 6x 10G ports. It takes a detailed walkthrough and some head scratching to get it running well so I wouldn’t really recommend it specifically without a bit of experience. But it is easily the best bang for your buck. Throw in 10G SFP+ PCIE module into all your important machines and use passthrough DACs and you’ve got a flexible 10G setup for $200-$300.

I am not familiar with FritzBox so not sure how that changes the calculus.

The AI part is that the drug riddled CEO asked AI leading questions. The AI wholeheartedly agreed the company should speed run late stage capitalism. What more confirmation is needed that AI is the future?