Interesting!

• Retry-After can be a date
• You can use it to say that the service will be down for a while (e.g. for maintenance) and when to try again

It follows that…

You have to be careful with Retry-After header if you send the same timestamp to a lot of unique clients. Imagine it’s 15:30 and you send Retry-After: Thu, 10 Feb 2015 15:40:00 GMT to everyone around – just because you somehow estimated that service will be up at 15:40. The longer you keep sending the same timestamp, the bigger DDoS “attack” you can expect from clients respecting Retry-After. Basically everyone will schedule retry precisely at 15:40 (obviously clocks are not perfectly aligned and network latency varies, but still), flooding your system with requests. If your system is properly designed, you might survive it. However chances are you will mitigate this “attack” by sending another fixed Retry-After header, essentially re-scheduling attack later.

That being said avoid fixed, absolute timestamps sent to multiple unique clients. Even if you know precisely when your system will become available, spread Retry-After values along some time period. Actually you should gradually let in more and more clients, so experiment with different probability distributions.

Source: Retry-After HTTP header in practice (nurkiewicz.com)

Background: 40% of Austinites are out of power thanks to a brutal winter storm sending temperatures into single digits.

A great primer on what’s happening right now and who needs to improve for next year:

TLDR: This is not a new issue. Power plants need better incentives to weatherize against cold as 70-80 power plants (of every type) providing 45,000 MW are out of service due to the freeze. For comparison, all of Texas right now is using 43,000 MW, so this is a big problem.

Our interconnects with other grids aren’t providing us enough power since they are also having weather issues. Throw in fallen power lines, dangerous road conditions for work crews, astronomical residential demand, high natural gas prices (typically 1M BTU is $2.50, but now its $600), and you have a recipe for widespread outages.

Luckily, ERCOT (which manages the grid and the market but not power plants or local utilities) is doing all the right things to avoid a catastrophic grid failure, which did happen up north in 2003 and took out 8 states, parts of Canada, and 50,000,000 people.

Let your spending be as private as you want it to be!

• Visa Advertising Solutions (VAS) Opt Out
• Mastercard Data Analytics Opt-out

Wait, what??

Your debit/credit card transactions are not as private as you think. Since they are paying on your behalf, your issuing bank knows all about your morning lattes, Amazon shopping sprees, and last-minute beach getaways. They know how much you spend, where you spend it, where you were when you spent it, and when.

Companies and market researchers mine transaction data to better target advertising, position products, and understand consumer behavior. Visa and Mastercard are in an incredible position at the top of the food chain to provide this data and get paid handsomely for it.

One such company that resells this data is Second Measure. They can make pretty graphs answering just about any question, such as “Which restaurant delivery service is winning?”

Second Measure can also do fancy stuff like cross-correlating transactions:

.@stitchfix customers actually spend more at some fashion retailers after joining $SFIX. The big winners: @Nordstrom and @hudsonsbay brands. https://t.co/hLbzSw2TLw pic.twitter.com/qixa7X36gt

— Bloomberg Second Measure (@second_measure) March 6, 2018

I do not blame credit card companies for taking advantage of this gold mine of economic data. In fact, I think it’d be leaving a LOT on the table if they didn’t. And if it’s anonymous (and that’s a big IF, via aggregation or differential privacy) then it may actually contribute positively to society by providing companies better insights for decision making. Overall, conspiracy theories aside, market data like this seems like a net positive.

You sign up for this in your credit card agreements (so you did opt-in) and in exchange they provide you credit and rewards (a beneficial trade for many). I’m neither upset nor surprised, I’d just rather not have my data in it if I have the choice—especially if I don’t know all the ways they use my data.

And now you have that choice too 👍