The Iberian outage had nothing to do with inertia.
The root cause was insufficient dispatch of reactive power due to non compliance of some power providers, and ultimately traceable to outdated procedures for the dispatch of reactive power.
Don't waste your time and money on funding bug bounties or "getting audits done". Your staff will add another big security flaw just the next day, back to square one.
Something is seriously wrong when we say "hey, respect!" to a company who develops an unauthenticated RCE feature that should glaringly shine [0] during any internal security analysis, on software that they are licensing in exchange for money [1], and then fumble and drop the ball on security reports when someone does their due diligence for them.
If this company wants to earn any respect, they need at least to publish their post-mortem about how their software development practices allowed such a serious issue to reach shipping.
This should come as a given, especially seeing that this company already works on software related to security (OpenAuth [2]).
It’s like an unwritten rule to only praise each other because to give honest criticism invites people to do the same to you and too much criticism will halt the gravy train.
I've struggled a bit on this: LinkedIn's positivity echo chamber vs. the negativity-rewarding dunk culture here. No greater power exists on HN than critical thinking using techno-logic in a negative direction, revenue and growth be damned.
Opencode don't have to maintain Zen for so cheaply. I don't have to say anything positive nor encouraging, just like I don't have to sh!t on youtuber 'maintainers' to promise incredible open source efforts which do more to prove they should stick to videos rather than dev. Idk. Not exactly encouraging me to comment at effing all if any positivity or encouragement is responded with the usual "hm idk coach better check yoself"
ya honestly I think i know exactly what to do
It's called "the world wide web" and it works on the principle that a webpage served by computer A can contain links that point to other pages served by computer B.
Whether that principle should have been sustained in the special case of "B = localhost" is a valid question. I think the consensus from the past 40 years has been "yes", probably based on the amount of unknown failure possibilities if the default was reversed to "no".
owasp A01 addresses this: Violation of the principle of least privilege, commonly known as deny by default, where access should only be granted for particular capabilities, roles, or users, but is available to anyone.
Indeed, deny by default policy results in unknown failure possibilities, it's inherent to safety.
I completely agree with this, programs are too open most of the time.
But, this also brings up a conundrum...
Programs that are wide open and insecure typically are very forgiving of user misconfigurations and misunderstandings, so they are the ones that end up widely adopted. Whereas a secure by default application takes much more knowledge to use in most cases, even though they protect the end user better, see less distribution unless forced by some other mechanism such as compliance.
I believe the parent is referring to how GNOME 3.0 had some really bad resizing grabs. Single-pixel widths at the edges, and almost impossible to hit corners.
I was about to suggest Xfce as an example where window resizing is effortless due to the <super>+<right click> behavior. You can just grab the rough sector of a window to resize it.
For decades, the unofficial Microshit motto has been:
Intel inside, Idiot outside.
Because Microsoft treated users as if they were idiots.
So basically tons of Windows related websites teach this infallible little trick as solution when a user gets a Windows BSOD (Blue Screen of Death):
Reboot!
Invariably, the reboot causes the Windows OS to start working again, till the recurrence of whatever circumstances (typically, hardware and/or software conflicts) caused the BSOD in the first place. It is left to the user to figure out what went wrong and how to prevent the issue from recurring again, as the BSOD messages are typically cryptic for the average user to decipher (maybe not so difficult in the modern era of AI assistants invocable from a handheld smartphone).
In fact, I would say the whole IT industry grew tremendously over the last few decades, because Microsoft's products were powerful, user friendly (to an extent, and until they worked), but quite complex to maintain (the dreaded Windows updates nightmares) and troubleshoot in case of issues. That's because every company using M$ products needed dedicated IT Support teams solely for such maintenance, help and fixes for M$ products. Even other vendors like Oracle grew as competition to Microsoft's corporate dominance.
The wonderful (and sometimes terrifying) world of antimalware software may not even have existed were it not for Microsoft products.
And if I am not searching for Salesforce or alternatives, and an ad for Salesforce or an alternative gets pushed into my face, the ad is wrong and the advertiser is wrong.
reply