There's a lot of performative "security" in such companies. You need to employ the right people (you need a "CISO", ideally someone who's never actually used a terminal in their life), you need to pay money for the right vendors, adopt the right buzzwords and so on. The amounts of money being spent on performative security are insane, all done by people who can't even "hack" a base64-"encrypted" password.
All while there's no budget for those that actually develop and operate the software (so you get insecure software), those that nevertheless do their best are slowed down by all the security theater, and customer service is outsourced to third-world boiler rooms so exploiting vulnerabilities doesn't even matter when a $100 bribe will get you in.
It's "the emperor has no clothes" all the way down: because any root-cause analysis of a breach (including by regulators) will also be done by those without clothes, it "works" as far as the market and share price is concerned.
Source: been inside those "companies of public significance" or interacted with them as part of my work.
Equifax? Capital One? 23andMe? My basis for this is that you can leak everyone’s bank data and barely have it show up in your stock price chart, especially long term.
Stock price is an extremely narrow view of the total consequences of lax cybersecurity but that aside, the notion that security doesn’t matter because those companies got hacked is ridiculous. The reason there isn’t an Equifax every minute is because an enormous amount of effort and talent goes into ensuring that’s the case. If your attitude is we should vibe code our way past the need for security, you aren’t responsible enough to hold a single user’s data.
I feel as if security is a much bigger concern than it ever was.
The main issue seems to be, that our artifacts are now so insanely complex, that there’s too many holes, and modern hackers are quite different from the old skiddies.
In some ways, it’s possible that AI could be a huge boon for security, but I’m worried, because its training data is brogrammer crap.
Security has become a big talking point, and industry vultures have zeroed in on that and will happily sell dubious solutions that claim to improve security. There is unbelievable money sloshing around in those circles, even now during the supposed tech downturn ("security" seems to be immune to this).
Actual security on the other hand has decreased. I think one of the worst things to happen to the industry is "zero trust", meaning now any exposed token or lapse in security is exploitable by the whole world instead of having to go through a first layer of VPN (no matter how weak it is, it's better than not having it).
> quite different from the old skiddies
Disagreed - if you look at the worst breaches ("Lapsus$", Equifax, etc), it was always down to something stupid - social engineering the vendor that conned them into handing them the keys to the kingdom, a known vulnerable version in a Java web framework, yet another NPM package being compromised and that they immediately updated to since the expensive, enterprise-grade Dependabot knockoff told them to, and so on.
I'm sure APTs and actual hacking exists in the right circles, but it's not the majority of breaches. You don't need APT to breach most companies.
I can't say I know many engineers who object outright to deadlines. They just get frustrated when an estimate turns into a deadline as those are different questions.
The far more common pattern is being asked to provide such an estimate off hand and those are all about what you mentioned, giving the PM whatever number you think they will accept.
The problem with accessibility is the need to think about it at all. It doesn't matter how easy it is to implement as the problem first and foremost is the mental and organizational bandwidth consumes.
Perfect accessibility on the web as it stands requires every dev to be working on it. Especially in a world of AI, efforts on this would be better spent on AI agents that replace screenreaders.
The problem is , there are very few Europeans or EUans. There are French and Germans and Spanish etc; they all want their country first and sure open markets but their country first. That is how they vote (certainly these days). Most people do not feel EU unfortunately. Language is one thing: it is getting better but having language not unified (English, Spanish, Mandarin; pick one) is a massive and real issue keeping people's minds and efforts local instead of, at least EU wide. It is slowly getting better but the EU should made easier accessible and far higher funds for pan EU projects. Currently it is a serious pain to get access to EU funds and many just get eaten by the few massive consultancy corps who have dedicated teams going for any funding and tender in any locality and language.
As a EU citizen that moved to a different EU country: Yes please!
I constantly need a VPN as some services from my old country are geo-blocked. And when I forget to disable the VPN to my old country I can't visit certain sites from my current country. I need two phone numbers as some services require a phone number from the country they operate out of. I'm talking banking, classifieds, insurance, municipal. I can't use certain apps from my current country because I have to switch my account country but that disables apps from my old country.
And the best part, I can't vote for the national elections in my current country. Only for those in my old country. And it will be like that for the rest of my life. An example: I had to enable VPN to see the election results of my old country, the one I am eligible to vote in.
Please unify the EU so I don't have to deal with all of this.
Why should countries allow foreign influence - the voting in the most important elections in the country, by foreign citizens who didn't integrate enough to even get their citizenship?
Participating in local elections is often allowed.
In the case of these two countries dual citizenship is not allowed. So for the rest of my life I will not be able to vote here. This isn’t about “not integrating enough”.
If someone has been living and working in a country for a long time that should be enough to let them vote in national elections, regardless of what citizenship they have.
Not willing to change your citizenship is a sign of not integrating fully, in not being completely loyal to the country and to its citizens.
Imagine that both countries start a war between each other - who are you going to support? Whoever you choose does not matter, the fact remains that you would have to choose, legally speaking. Why should your current living country give the strongest possible leverage to an untegrated potential agent/supporter of the foreign country?
Highest privileges should be given to people who decided to be fully in, in both good and bad. You can't be allowed to only cherrypick the good stuff: "I want to vote, but I don't want to be drafted to be killed in a war".
Having people vote who don't live in the country has always struck me as weird. If you are some place else for say a year or even 10 years it seems a reasonable topic for debate but longer?? Never pay taxes either???
Often the rule is that one gets the vote in local elections after living for some time, but only citizens can vote in national elections (Parlament, President). This makes sense. If you want to fully participate in a society, you should integrate and become a citizen.
> Well written. I hope one day the united states of Europe is a real political entity, burying the stupidity that is fragmented national interests.
And I personally hope it won't. Seeing how things are going, I have no interest for my country to become a small province of the EU to be managed by some bureaucrats in Brussels who have never set foot in it.
Sharing intel and and resources why not? Becoming a vassal state of an EU federation no thanks.
The world is going back to zones of influence, and little fish will be eaten by big fishes. I'd rather that the big fish be the EU than Russia, even if it means giving up some national rights.
> The world is going back to zones of influence, and little fish will be eaten by big fishes
That has always been the case. I don't see how that would justify giving up our independence to become a province of a super state.
Secondly, using Russia a bogeyman to justify giving up our national rights is not a really convincing argument.
Russia hasn't been able to conquer a third of Ukraine in the last 3 years and it's economy is in shambles, yet we are supposed to believe that only a European super state can save us from it? That makes no sense.
But each to their own, those who want to give up their national rights, identities and shared cultural heritage should go ahead and integrate this super state and those who do not should be able to stay out of it.
I guess fundamentally we have a different view of what Europe should be.
It's more a risk management issue. A country that wants to do everything by itself (from food, to shovels, to cars, to computers) will not be the most efficient and will loose a lot. Before '90s communist countries were "proud" that everything was produced locally - except many things were breaking or bad quality or unavailable (not all, but many).
I would claim that today is a much better moment to switch than it was 20 years ago - much more open source options, so less overall costs.
I knew plenty of office workers managing just fine using OpenOffice 10-15 years ago.
Today people are much more reliant on real-time collaboration, polished cloud and mobile experiences. Fractionalized open source software has a harder time competing with this than file based boxed software workflows of the past.
Agree, Personally I consider these newer systems a curse as far as productivity goes, using a simple email/open-office combination never caused any issues with clients or suppliers in the last 20 years.
Coming from ex-USSR, I can assure you that shortages and shitty quality was not because of closed garden. But because of politics (and corruption) first. And lack of meritocratic natural selection.
Many factories were building crap or wrong stuff just because somebody high up in the Party found it convenient for some reason.
Yugoslavia didn't have centralized planning for products, one could even argue it had a meritocratic natural selection (sort of) and there still were shortages.
Maybe the EU as a whole could pull off being 'fully independent' but it would require way more collaboration between countries than what we currently have.
And, compared to USSR, Yugos production was much higher quality and shortages were much smaller.
EU could become fully independent by simply taxing imports. Designated collaboration between countries would just lead to inefficient central planning style stuff. Which is how many trans-Europe projects died
The idea that drugs shouldn't be taken forever just doesn't make any sense. There are plenty of forever diseases, naturally those should require forever drugs.
There is no need to be honest to a Trump voter. Honesty is work and they will believe nonsense anyway.
reply