I don’t know how you ever get the opposite, in been working for 12 years now at 6 different jobs everyone has been fine at the job apart from a cheeky hack here or there.
Every entertainment market is saturated. Even if every creative endeavour stopped now, there would still be more freely available content to last more then any individual human life span.
Unless you’re the type of person that actively considers them a fan of something and goes out of their way to consume a specific niche, there isn’t much reason to pay much, or anything for entertainment.
>Unless you’re the type of person that actively considers them a fan of something
to be fair, that's a billion dollar business of an audience. Bandcamp is still a thing because people like that exist. So I wouldn't readily dismiss that.
But yes. We're in an age where people treat TV shows as "second screen entertainment", the silver screen is dying out, and where Spotify is flooding its library with white noise and AI slop. And people at best shrug. There's never been less respect for the arts, and it reflects in wider consumer patterns. Any future artists will need to appeal to a shrinkingly few fanbase of those who care about quality.
Feels like the more important question is how are you going to do all these things when Slack cuts you off, or there is some new Slack policy that prevents it, or they increase their pricing by 1000%
Haven’t you basically built your entire business on this singular proprietary platform they you have almost no control over?
> Feels like the more important question is how are you going to do all these things when Slack cuts you off
I pay Slack $50k/year. They have no reason to shut me off.
> or there is some new Slack policy that prevents it
Prevents what exactly? The new API pricing they introduced doesn't apply to internal apps. I suppose they could apply it to internal apps. We'd have to figure out a path around it
> or they increase their pricing by 1000%
1000% increase in pricing seems incredibly unlikely. That would not only disrupt thousands of companies but would likely kill Slack entirely
---
> Haven’t you basically built your entire business on this singular proprietary platform they you have almost no control over?
Not really. We service clients through Slack. Could we switch? Sure. Would it be a pain? Yeah. Would it be costly? Yeah.
But there's also no reason to switch. And if a new platform comes out (like the one this thread is about), I would expect them to have the features to compete with Slack if they are posiitioning themselves as a Slack competitor
Every third party you contract with can pull the rug from under you this way, even this new startup with its 'forever free tier'.
You plan for it as a potential risk just like anything else and, if the time comes, you can work on migrating out. Companies will off board third parties all the time if the financials don't add up.
$50k a year? Those are rookie numbers. You're actually fine, as a small fish going belly up isn't the end of the world. You can start a new business. For some big tech companies this is potentially near existential. I would know.
Ok, but what stops same from happening with any other solution? There are two things that would "fix" it:
* Fully open and interoperable protocol: We had it (XMPP), it was flawed, but at one beautiful moment in time it worked and using same protocol I could contact both google and facebook contacts. Then the companies decided "no, we would prefer to keep a walled gardens rather than make it easy to move to competition.
* Fully open source (no open core nonsense, latest Mattermost rugpull from OSS part users being one example why) chat platform with corporate backing and SaaS option - there is Matrix but afaik it is lacking feature-wise, tho I havent used it much. With plugin app store so it is possible to make and even sell integrations with other systems.
Second option seems more viable but it takes a lot of effort to make something as good as Slack or Discord
Obesity rates have never been higher and the top fast food franchises have double digit billions in revenue. I don’t think there is any redemption arc in there for public health since the 90s.
those statistics really gloss over / erase the vast cultural changes that have occurred. america / the west / society's relationship to fast food and obesity is dramatically different than it was thirty years ago.
I'm genuinely curious about the changes you are talking about?
Keep in mind, thirty years ago, I was a kid. I thought that fast food was awesome.
My parents would allow me a fast food meal at best once a month, and my "privileged" friends had a fast food meal a week.
Now, I'd rather starve than eat something coming from a fast food.
But around me, normies at eating at least once a day from a fast food.
We have at least ten big franchises in the country, and at every corner there's a kebab/tacos/weird place selling trash.
So, from my POV, I'd thought that, in general, people are eating much more fast food than thirty years ago.
In the interim America got obsessed with fitness and being out of shape much less obese became dramatically less popular in the middle / upper class.
Like now it's possible to go days in some cities without seeing a single obese person. It's still a big problem. Outside of the cities and in lower class areas, but... I think the changes are trickling down / propagating? That's been my impression at least.
Surprised by your take on fast food, by the way. When I complain about fast food like was ubiquitous in the 90s I think of McDonald's and other highly processed things. The type that are covered in salt and cheap oil and artifical smells and where the meat is like reconstituted garbage, where lunch is 1500 calories, where everyone gets a giant soda, where kids are enticed with cheap plastic crap.
But a corner kebab or taco place seems like an unequivocal positive for society, I have no complaints about their existence at all. I feel like most people eating at corner shops for half of their meals is pretty much ideal--if it's affordable to do so then it is a very sensible and economically positive division of labor. On the condition that the food be of decent quality, of course. Which sometimes it is. Perhaps not as much as it should be though, but people do have standards and will pick the better places.
Since you talked about "the west", I applied your comment to my situation also (France).
But it seems that some things were and are still different.
Related to fitness, sure, there's millions of people who "go to the gym" at least one a week and buy food supplements and protein powders...
But they'll happily eat fast foot several times a week.
And if we talk about ultra-processed food, it's even worse.
> But a corner kebab or taco place seems like an unequivocal positive for society, I have no complaints about their existence at all.
That's probably a big difference, because nobody here will dare say that those place serves actual food.
Not because of the cultural aspect, but just because it's the case.
They use the lowest quality in every ingredients, use lots of bad oils to cook, put tons of salt and other additives...
And don't get me started on the hygiene side.
People are perfectly aware of that and they'll even joke about it while eating their 50% fat kebab.
At least McDonald's have the hygiene on their side!
We don't have the same obesity epidemic, partly due to portion sizing and mobility, but almost half the population is overweight and figures are still going up.
The middle and upper class, city people, are just a fraction of the population. If there's been progress, it's not bearing out in the data. Though there appears to be a slight inflection point around the 2010, it seems the trend is still up. Though this data isn't recent enough to include the effects of semaglutide.
I personally don't think ultimatums are a tool that you should ever employ in an employment situation outside of collective action.
You can just leave off the ultimatum and attempt to improve your situation by communicating it in a way that is directly actionable (I'd like to work on X instead of Y, can you arrange that?). You'll have your own internal deadlines of course, but you shouldn't communicate them.
Ever is too strong, but remember the less often you give an ultimatum the more powerful it is when you do. When you have a long standing reputation (must come first) as a 'team player' a sudden ultimatum will get a lot of attention, but it will be years before you can give another.
if like many you switch jobs every few years you can never develop that reputation needed for an ulimatum in the first place. (Staying for years is never 100% in your power but some jobs have better chances of it)
Just be careful - some will see it as having their arm twisted. You may get what you want in the short run, but in the long run, when you negotiate with leverage, people dislike that.
It is the nuclear option, and you will lose the trust of your leadership chain.
> If you start saying no to tasks assigned by your manager, you are not going to get promoted. You’re going to end up on PIP track for insubordination.
I've had a lot of success in asking "are you asking me to do this or telling me", when I've been tasked with something I think is extremely dumb.
If the response is "I'm asking", then I will usually respond with some variation of "can you assign it to someone else, or better yet, throw the task in the garbage".
If the response is "I'm telling you", then I'll go on a spiel about how I think it's incredibly stupid and the people involved in this decision are bad at their jobs, then get on and do it.
But if you're reading this, there is a good chance you are American, so take this advice with a massive grain of salt as I'm not. The culture here in NZ sounds extremely different to almost everything I've read on this forum.
Maybe by law domestic robots should be physically much weaker than humans. I want a butler bot that can tidy up and make me tea, but I should be easily able to defeat that bot in fight if it comes down to it.
Tough to achieve that in all circumstances. Someone brought up a robot holding a knife, while its target is asleep. Pretty hard to win that fight unless it has bad aim.
How much of a moron do you have to be to buy direct-to-bezos listening devices that are always on and submit your conversations to the cloud? Only because you don't want to print a recipe?
I mean, at least the direct to bezos bugs were damn cheap for what they were (smart devices) and in absolute numbers (I remember them literally being gifted to you when ordering specific stuff or signing up for prime for the first time).
These humanoid robots are cheap for what they are (admittedly very capable and high end robots), but their absolute pricetag remains far from being cheap.
Yeah and people (and bystanders) have experienced some terrible outcomes already from diving deep with AI therapists.
It's going to be the wild west for a while now with AI and robotics before laws catch up. Maybe there'll soon be a market for pocket EMP devices out there...
Going to preface this post by saying I use and love Obsidian, my entire life is effectively in an Obsidian vault, I pay for sync and as a user I'm extremely happy with it.
But as a developer this post is nonsense and extremely predictable [1]. We can expect countless others like it that explains how their use of these broken tools is different and just don't worry about it!
By their own linked Credits page there are 20 dependencies. Let's take one of those, electron, which itself has 3 dependencies according to npm. Picking one of those electron/get has 7 dependencies. One of those dependencies got, has 11 dependencies, one of those cacheable-request has 7 dependencies etc etc.
Now go back and pick another direct dependency of Obsidian and work your way down the dependency tree again. Does the Obsidian team review all these and who owns them? Do they trust each layer of the chain to pick up issues before it gets to them? Any one of these dependencies can be compromised. This is what it means to be. supply chain attack, you only have to quietly slip something into any one of these dependencies to have access to countless critical user data.
Coincidentally I did that yesterday. Mermaid pulls in 137 dependencies. I love Obsidian and the Obsidian folks seem like good people but I did end up sandboxing it.
To be fair, the electron project likely invests some resources in reviewing it's own dependencies, because of its scale. But yeah this is a good exercise, I think we need more systems like Yocto which prioritize complete understanding of the entire product from source.
I feel like when I'm presented with most modern criticism of Apple devices/software I tend to agree, but despite all the mostly valid criticisms I see batted about, who is doing consumer tech better?
I've recently (finally) managed to purge the last instance of Windows from my life when I replaced Windows on my gaming desktop with Linux. So I've got Linux on the (gaming) desktop, a Steam Deck and Debian stable on a server, which is great.
But I mean, that covers my home office? I still need a phone (iPhone), a smart watch (Apple Watch) and while not critical, certainly adds a lot of value for me. The things that connects to the TV (AppleTV) is the best of all I've tried when compared to any other type of solution (Firestick, Chrome Cast, Home Media Server, Built-in TV Smarts). I've also got an M4 MacBook for dev, which is frankly fantastic when compared to whatever other hardware I could get here in NZ and would involve going back to Windows anyway?
So I mean, what are the actual valid options really? Apple still offer great devices and the integrations between them are the best on the market imo.
Perhaps in a perfect world Pine64 devices would be rock solid and I could run Linux everywhere, but failing that, what else ya gunna do?
Nobody. Apple's still doing the best by far. Apple Silicon chips. Safari having the strongest anti-tracking of any platform's browser (AAPL, GOOG, MSFT). Privacy on the Apple TV. Using 100% renewable electricity for their AI data centers (Private Cloud Compute) and not using its data for model training, unlike everyone else. They're even starting to compete on price with the $600 Walmart MacBook Air. But then there's all the bad stuff we're all familiar with.
The worst part to me is that I don't think any systemic solution (like antitrust) can ensure it remains that way, or make the others fix their shit. Apple is this way because of the decisions, personalities and whims of a handful of individuals that lead Apple. The other companies are fuckups for the same reason. Maybe the only safeguard is ideology (i.e., up-and-coming Apple employees who dogmatically believe in their marketing on privacy, energy efficiency, speed, etc). From the outside all we can do is impose a PR cost on them and their competitors when they fall short, and on the margin, that helps strengthen that internal faction of dogmatically principled employees against their colleagues who don't care.
Nobody. It's possible to be the best without being good.
I'm surprised a consumer-focused RedHat hasn't come along to build an offering of just-works-but-still-open devices. There are companies out there that do parts of it but nobody does the full personal device stack thing like Apple. I'm still disappointed they went the cloud route instead of everything lives on your AirPort. If I ever win the lottery ten times this is the startup I'll build.
And, to GP’s point, there is no one to replace them.
As someone who lived Apple stuff were between a rock and a hard place. What we loved is dissolving away into mediocrity or worse. And we don’t like the competition better. If we did we’d already be over there.
Add in that lots of companies like to follow Apple’s design leads, for better or worse, and we’re left with nowhere to go.
So we really want the thing we liked to be good again. Or at least to stop getting worse for no good reason.
This is exactly how I feel as someone who enjoyed the Mac during the Jobs era of Mac OS X and has been quite disappointed with the state of personal computing since then. The Apple experience is not the same today as it was during the Snow Leopard days. It seems to me that the old guard at Apple is gone and that the people making the key decisions at Apple in the past decade or so are taking Apple in a different direction than what I would like, as someone who is a big fan of both the classic Macintosh and Jobs-era Mac OS X.
What I'd give for a modern OS with an interface designed with the principles of people like Don Norman and Bruce Tognazzini in mind, combined with rock-solid underpinnings taking advantage of the best that OS research had to offer in the past 30 years. In other words, I want an updated Smalltalk/Lisp machine with a classic Mac interface brought up to 2020s standards regarding networking, security, and other concerns.
Modern macOS to me is a disappointment compared to Mac OS X Snow Leopard, and don't get me started on the lack of user-upgradeable RAM in modern Macs. However, Windows 10/11 is even more disappointing to me compared to Windows 7, which was a nice OS and is my second favorite version of Windows, my favorite being Windows 2000. Desktop Linux seems to be in an eternal Sisyphean cycle of churn.
So, today I begrudgingly use Windows on my personal machines and macOS on my work-issued MacBook Pro, longing for a compelling alternative to appear one day that pushes personal computing forward.
It really feels like Apple is very slowly going the way of enshittification. What's a consumer to do, switch to another platform? Don't make me laugh. Windows and Linux drive me insane. Apple's operating systems are the only ones that seem to 'get' me, which really makes it suck that they're in such danger.
Tahoe is the first macOS that I don't "get", and its fucking scary. I can stay on Sequoia for another year or so, and then what?
When Tahoe came out, I tried it for a day, liked some of it, hated most of it. I gave it a week. Still hated most of it.
The end of that week I bought a used ThinkPad and installed Arch on it. My future is no longer on the Mac. I have a few years to try and transition, but I am otherwise done with them. Butt ugly uber-rounded bouba squircles for fucking windows that cut off the content in my PDFs? That can't even help but cut off the buttom of the scroll bars? This piss ugly grey on light grey on grey with the most pathetic, cowardly whisper of texture they call "glass"? It's fucking over. At least until Alan Dye crawls back into whatever print ad shithole he crawled out of.
> The end of that week I bought a used ThinkPad and installed Arch on it. My future is no longer on the Mac.
same, i think the slow decline of macos' user interface means kde is actually the same level or even better (kde slowly improving mac slowly declining) so i might as well jump sooner than later... i'll miss the quality of some native apps, but that to me is more a business opportunity than a pure negative per se
If it’s not a secret that is used to sign something, then the secret has to get from the vault to the application at some point.
What mechanism are you suggesting where access to the production system doesn’t let you also access that secret?
Like I get in this specific case where you are running some untrusted code, that environment should have been isolated and these keys not passed in, but running untrusted code isn’t usually a common feature of most applications.
If you actually have a business case for defense in depth (hint: nobody does - data breaches aren't actually an issue besides temporarily pissing off some nerds, as Equifax' and various companies stock prices demonstrate), what you'd do is have a proxy service who is entrusted with those keys and can do the operations on behalf of downstream services. It can be as simple as an HTTP proxy that just slaps the "Authorization" header on the requests (and ideally whitelists the URL so someone can't point it to https://httpbin.org/get and get the secret token echoed back).
This would make it so that even a compromised downstream service wouldn't actually be able to exfiltrate the authentication token, and all its misdeeds would be logged by the proxy service, making post-incident remediation easier (and being able to definitely prove whether anything bad has actually happened).
In this specific case running linters doesn't even need that much I think, it's never going to need to reach out to GitHub on its own, let alone Anthropic etc. The linter process likely doesn't even need network access, just stdout so you can gather the result and fire that back to GitHub or whenever it needs to go. Just executing it with an empty environment would have helped things (though obviously an RCE would still be bad)
Unless "national security" is going to either pay people proactively to pass gov-mandated pentests, or enforce actual, business-threatening penalties for breaches, it doesn't really matter from a company owner perspective. They're not secure, but neither are their competitors, so it's all good.
A pretty straightforward solution is to have an isolated service that keeps the private key and hands back the temporary per-repo tokens for other libraries to use. Only this isolated service has access to the root key, and it should have fairly strict rate limiting for how often it gives other services temporary keys.
reply