That's not necessarily true, though. For instance, real estate investors have a lot to lose from vacant office space and therefore would benefit from RTO.
I personally find that I enjoy in person collaboration but that should not mean we should universally force every team to come back to the office.
I never understood this argument. Most companies do not own their office buildings, but rather lease space from corporate landlords. It is in the best interest of these companies to dramatically reduce their lease burden via WFH. Why would a company totally unrelated to real estate investment act against its own self-interest just to prop up real estate investors?
The argument (which may or may not be valid, just explaining it) is that companies do not lease space (or take any action), people do. And the same individuals who are able to make leasing decisions for office space are co-invested in commercial real estate; even if the company doesn’t benefit from maintaining an expensive office, the C suite might; and if so, then of course that’s the decision that will be made.
>[T]he same individuals who are able to make leasing decisions for office space are co-invested in commercial real estate
But those individuals are much bigger shareholders in the company they work for. Downsizing the office footprint of a single company has a tiny marginal effect on the overall real estate market, but can incur enormous savings for the company, and enormous personal rewards to the people making the decision to downsize and save money.
Individuals are notoriously bad at considering collective externalities. If a CFO realizes that they could save tens of millions of dollars per year on real estate by switching to remote-only, they’re not going to then think “but if everyone did this, it would hurt the commercial real estate holdings I have in my portfolio.” No, the CFO is thinking “announcing that we’re saving 8 figures per annum on real estate is going to pop the share price of my company (and thus my equity holdings), and likely net me a really fat cash bonus.” By similar logic, CTOs, who likely have considerable technology investments, would want to needlessly maximize tech spend. Instead, they get lauded for cutting IT costs.
This is a weird conspiracy theory. You'd have to believe that real estate investors were pulling the strings in companies to get them to spend more money with no upside. Like they're just milking these companies for rent and the companies are doing it because they want to give money to the real estate investors?
Even in the rare case where real estate investors are also investors in the startup, my experience is that the startup gets reduced-rate rent as a bonus.
That's not what I believe. Other posters have explained it well, but to respond myself:
1. Some large tech companies are also large real estate funds. Google had >100B$ in real estate positions (although mixed between datacenters and office parks) [0]. So its not that they are milked for rent, but more that they would be loosing some money here, although not much.
2. People making decisions are also probably invested in the real estate market, and therefore have money to loose from a collapse of real estate value.
I also gave more thought to it, and I don't see it as impossible that WFH reduces employee's productivity (from the perspective of the employer). However, that is also true of other worker's rights like vacation time or sick leave. RTO mandates are an act of control of workers, from the managing class, and pushing it as "because of productivity" does not change that.
And again: I personally like working more from an office. I don't want to force others to follow my preferences.
I don't doubt what you're saying, but I don't these situations where real estate investors and company investors overlap and also want to micromanage the company's operations are common.
The way this is brought up as a general explanation for RTO across the industry is getting a little silly
Office Real Estate used to be looked at as a very reliable investment. Good return for fixed income and reasonably safe when diversified across geographic locations. So lots of investment houses used REITs for some of their investments, pension funds, investment banks, even those companies that also invest in risky software startups. So you have this idea that there is a person called a "real estate investor", but really the majority of the people who invest money have some stake in office real estate. And those investments got crushed post-COVID. And they are salty about it and blame (probably correctly) remote work. Doesn't matter though, they took the risk and this time it didn't pan out for them so they don't have a real platform to complain. So they do this nonsense and trick a journalist into writing a hit piece.
The linked article is precisely about how in 2024 they started rewriting their proxy layer from nginx (a C app). While "They haven't had an incident that bad since they switched from C to Rust." might be true, it has also been almost 9 years since cloudbleed, of which 8 were in C world.
Not good, thanks for sharing. Also different, however. One is a routine part of criminal investigations in which over 4 million people are swept up, while around 2000 were swept up in the linked article at the border. I’m not okay with even the 2000, but it’s a different thing.
The goal of this kind of system is not to replace the application server. This is intended to work on the data plane where you do simple operations but do them many time per second. Think things like load balancers, cache server, routers, security appliances, etc. In this space Kernel Bypass is still very much the norm if you want to get an efficient system.
> In this space Kernel Bypass is still very much the norm if you want to get an efficient system.
Unless you can get an ASIC to do it, then the ASIC is massively preferrable; just the power savings generally¹ end the discussion. (= remove most routers from the list; also some security appliances and load balancers.)
¹ exceptions confirm the rule, i.e. small/boutique setups
You don't develop an ASIC to run a router with, you buy one off the shelf. And the function of a router doesn't exactly change day by day (or even year by year).
Change keeps coming, even when the wire format of a protocol has ossified. I've spent years in security and router performance at Cisco, wrote a respectable fraction of the flagship's L3 and L2-L3 (tun) firewall. I merged a patch on this tried-and-true firewall just this year; it's now deployed.
As vendors are eager to remind us, custom silicon to accelerate everything between L1 to L7 exists. That said, it is still the case in 2025 that the "fast path" data-plane will end up passing either nothing or everything in a flow to the "slow path" control-plane, where the most significant silicon is less 'ASIC' and more 'aarch64'.
This is all to say that the GP's comments are broadly correct.
My colleagues are always writing new features for our edge and core router ASICs released more than 10 years ago. They ship new software versions multiple times a year. It is highly specialised work and the customer requesting the feature has to be big enough to make it worth-while, but our silicon is flexible enough to avoid off-loading to slow CPUs in many cases. You get what you pay for.
We do storage systems and use DPDK in the application, when the network IS the bottleneck it is worth it. Saturating two or three 400gbps NICs is possible with DPDK and the right architecture that makes the network be the bottleneck.
There are more ACME-compatible CAs than just Let's Encrypt, should they ever become the bad guys, or if you don't want to trust them for any reason, see [0].
I understand that people get annoyed at shorter cert lifetime, for instance if you are managing appliances or use SSL certs for other reasons than the common use case. But if you just want to serve a website, there are not so many reasons not to use HTTPS today, either on Let's Encrypt or on something else.
Android delegated some security features to a different kernel called Trusty that is separated from the main Linux kernel using virtualisation. That kernel runs high value security services.
Yes, but that's not the main load-bearing security part of the system. Trusty doesn't isolate apps from each other. It doesn't isolate work profiles from user profiles. Regular SELinux-augmented thoughtfully-used uid- and process-isolation does that.
Romansh is a national language, not an official one. (At the federal level) Which means that Switzerland considers it a part of it’s culture but that for instance laws and executive orders are not translated in Romansh.
I personally find that I enjoy in person collaboration but that should not mean we should universally force every team to come back to the office.