Yes, I don't think I have ever seen a premature optimisation actually ending up being beneficial when the time came to add new features to the project.

Premature optimization rarely helps, but well though out flexibility/decoupling in core system components has had a significant positive effect on velocity down the line, and lack of the latter has all been shown to be disastrous.

I do believe though that's really hard to discuss effectively as there seems to be no good, and common definition on what over engineering actually is, except in retrospect.

I've seen teams where they were so "good" at avoiding over engineering and "architecture astronauts" that thousand line functions with a Byzantine labyrinth of conditional was preferred to even the most basic of design.

With that said, what would you consider over engineering of the kind that never works, and in what kind of systems?

At the end of the day, every team still needs at least one senior team lead who can decide "we do it like this" and move on. Or else you get stuck forever in which db technology is the right choice for the project.

Exposure doesn't pay many bills.

I have heard several guided meditations having an instruction like "let your mind do whatever it wants to do". Surprisingly it works very well to let the mind do nothing.

I often try to remind myself that it is better to start somewhere, than nowhere. Just getting started is often halfway done. Even though it might turn out that you could have started somewhere else which in hindsight would have been a better approach, it is still better than nothing.

If we make a crude risk assessment, it is way more likely that her account will be randomly hacked by a botnet if she has "kitten4" as a password than someone actively stealing her purse to get her passwords. And if the notebook with passwords was stolen/lost, she would at least know it and be able to take preventive measures.

For most people, writing (good and unique) passwords down in a notepad is a way more secure system than having the same bad password for every account.

> FWIW "m" is almost a secure password on a root account with an SSH that allows password authentication

This is very counter-intuitive. Is the idea that guessing both the username and the password together is much harder than guessing the password when you already know the username?

In the kitten4 example, I would guess most botnets are working from a list of usernames/email addresses that they got from leaks.

Thanks, I missunderstood GP about how kitten4 was used.

> Is the idea that guessing both the username and the password together is much harder than guessing the password when you already know the username?

No, to be clearer no one in the last 6 years has ever tried "m" as a password on my root accounts.

I feel very strongly that there is too much stigma around passwords, kitten4 is a nice password if you use it only once.

While working from home can be nice and more productive if you have some well defined task that needs to be done, I still feel I need the daily social interaction with my coworkers. Slack and Skype is just not enough. I would get depressed if I worked alone from home every day.

Or maybe if people didn't have to spend all that time in the commute and being depressed because of it they would actually have time and energy for a life outside of work and get your social fix their

But then again, we still got Heartbleed.

Yeah and imagine the kind of exciting bugs that exist in new and immature libraries! :)

> In some cases, security through obscurity works well in practice.

This is not one of those cases. Absolutely not. I'm moderately competent at finding security bugs in things, but I doubt I could find any in OpenSSL. I am confident I could find some in your average hand-rolled code.

The thing is people make the same mistakes. There's a set of well-known mistakes that are very easy to make, especially if you're not versed with the entire history of implementing crypto - which is the case for the majority of people rolling their own. This makes it very, very easy to guess what mistakes they will make, and if you know what you're looking for it's easy to find it.

My "personal best" for finding a crypto bug in a project is 50 seconds.

I doubt anyone has found a bug in OpenSSL (or any established crypto project) anywhere near that fast.

You got to consider your most likely risk for attack. Targeted or at random by a botnet? For example, you are most likely more secure in practice by writing your own website than using Wordpress, simply because you are more likely to get hit by a botnet targeting every Wordpress site than someone going directly for you.

This is off-topic. We are talking about security vs obscurity in the context of cryptography libraries.

Replace WordPress with OpenSSL and website with crypto.

Both are vectors. On one hand, you have automated systems trying to hack low-hanging fruit (unpatched, well-known-to-be-insecure libraries), while simultaneously, you could become a specific target - where security by obscurity doesn't get you much. Saying "one of these is not worth considering, as it's less probable" is security through handwaving: one day, someone might discover a bug in your obscure library, and suddenly you're right back in range of automated attacks.

I can see some logic behind number 3 of having your password in the clipboard. It could lead to users pasting their password somewhere else where it was not intended. However, if you have malware on your machine that can read your clipboard, it can also simply read your keystrokes anyway.

I haven't done Windows development for a long time, but I think that this may be an overstatement, at least on that platform.

You need to have cursor focus to receive key events, right?

The clipboard, by contrast, can be continually monitored, while playing completely "by the rules", right?

> However lately Netflix' content simply seems to lack substance to me. It feels as if it's just the superficial result of throwing a promising combination of those very specific tags/categories the services is famous for onto the assembly line and ending up with a show or film that, while ticking all the boxes and not being bad at all, is still pretty far off the masterpieces of the medium.

That is very much the feeling I got from Stranger Things. It is solid in almost every way, but it also felt like it was written to maximize variables and checkboxes from a user survey. Add characters, references and stylistic choices to get the most 80's nostalgic feeling in the viewer as possible.

Interesting; I feel that Stranger Things is one of their stronger recent offerings. Much better than Flaked, Love, or Master of None.

I really liked Stranger Things and Master of None. Didn't like Daredevil or Luke Cage, which are two of their better reviewed shows.

This is one of the reasons why I appreciate Netflix. Instead of a bunch of shows that everyone considers average, it's taken some risks and created shows that some people consider great and others dislike. I'll take that over a bunch of lukewarm shows anytime.

:) I tried to watch stranger things twice and couldn't have finished it as it feels like very stupid show that tries to play on 80x nostalgia. Master of none I watched twice and think that it's the masterpiece.

Master of None didn't do it for me, but I loved Stranger Things.

This is a great example of how Netflix's model works well for "long tail" content. They can produce and keep shows around that have a different or smaller audience than traditional networks can.

The difference of opinion in this small sample is good. As long as a show has some people who love it, that's a good thing. Content made for the widest audience possible is usually bland and predictable... just look at pop music in the last few decades. Network TV is just as bad because if a show isn't a hit in 2 or 3 episodes they pull it. If they'd done that in era of "classic TV" (60s - 80s), half the most famous ever wouldn't have made it.

Can we at least agree that they are seeking to "maximize variables and checkboxes" much less now than in the past?

They started with Game of Cards and Orange is the New Black which are the strongest examples in history of creating content based on what data tells you people want, because those were their first few series and they couldn't afford to have them flop.

Nowadays, they make such a wide range of shows, they can afford to sometimes just take a risk on giving talented people money and hoping they make a great show that finds an audience.

Game of Cards would be an interesting watch.

One series I've enjoyed recently is The OA which is definitely not a box-ticking exercise of a series - the complete opposite. I'm happy it's been renewed for a second season, but I can't imagine it's driving any revenue directly.

Anecdotal but I can't stand the OA. Loved it until the dancing aspect. Total turn off from the show. :\

This sentiment seems fairly common in various comment threads I've seen. The dancing aspect seems to evoke in some people... discomfort or something hard to pin down, and I wonder why. At the end of the day, electricity is still electricity whether it's being delivered through power lines or pulsed through fiber optics or pulled and stored in someone as static electricity as they dance. Most science fiction dealing with time travel or teleportation seems to rely on a machine or a suit or a phone booth or some mysterious futuristic means of energy. Yet tribal dancing is one of the oldest human traditions of energy expenditure, done ritualistically. It doesn't seem entirely outlandish to me that a certain configuration of certain energy expenditures by humans could create some sort of ripple or warp or whatever in time space.

I think part of the problem is that it signified a shift in genre for a lot of people. You start out with a mad scientist who is doing experiments trying to understand death and the story of the girl who escaped his grasps. The dancing scene transitioned the show to be about someone who can heal people with hand gestures. I enjoyed the twists, but I can certainly imagine someone viewing it as going from (somewhat) hard sci-fi to being about magic and that change turning them off the show. The fact that the actual dancing look ridiculous also probably didn't help.

What? It was a story about an unreliable narrator and about belief the whole time to me - the story being told could've been anything.

I find a lot of shows are trying to check both the "belief in belief" box and the "sciency" box at the same time, and it does a disservice to both. The OA on Netflix and The Oasis on Amazon are just two examples.

I believe the dancing being ridiculous as well as the breathing sounds combined could have been the turning factors.

But the show doesn't give the viewer any solid evidence that the dancing did anything really. We have to trust the characters, and they could be unreliable narrators. The main characters in the show could be schizophrenic.

It's like a homeless man being in a cardboard box and duct tape suit screaming about his mech suit. You just feel bad for him.

It felt like a cheap attempt at being mysterious or deep. If you look at the people behind the show, it's seems like this is part for the course with their work.

The whole point of the show is that you can't know either way. You bring your own beliefs of what the show is about.

If someone told you the same story OA did, would you believe them?

I was also somewhat irritated by that. I still enjoyed the rest, though. The whole dancing thing just made me realize for the first time that the show won't keep all it's promises (for instance, the scene when OA bites the dog and it becomes "tame" had a lot of mystery surrounding it - but that's never resolved. And can never properly be explained by dancing ;-) ).

Oh my. I didn't make it past the first episode, but "dancing aspect" sounds so awful I almost want to go resume watching it.

If you want a spoiler, this is what it all culminates to: https://www.youtube.com/watch?v=b3cqhNJkmIs (final scene of the season)

The OA is amazing and beautiful. I loved the incorporation of primal & tribal dancing -- it's been a huge driver of healing from trauma since the dawn of man.

OA seems like a poor cousin of Stranger Things. Very slow paced and nothing much happens in S1.

The OA isn't for everyone. I loved it and thought the first season was thrilling. It reminds me of the leftovers, not because of any common tone or theme, but because it's a show people either love or really don't like.

If you want to see slow paced, Sense8 takes the biscuit. I count about 10 minutes of actual plot over the entire season, primarily concentrated in the first and last episodes. It's obviously meant to be a character-driven story, but each of the characters is a two-dimensional stereotype.

I loved the OA, so perhaps I'll like Stranger Things even more? If I loved OA is it worth checking out ST?

How much of a say does Netflix has on the production of the shows? I thought one of the advantage of Netflix was that they don't interfere with the production of the shows and they let the creative people make the decisions.

I loved Stranger Things, as a die-hard X-Files fan (and similar type shows and movies) it was perfect for me.

I felt that way too, until the ending. Every netflix show ends the same way. It was one checkmark too much. I really hope they start being a little more surprising.

Iron fist was a giant disappointment. Netflix could have done a much better job. I don't know how much marvel is to blame though.

I generally enjoyed Iron Fist, but I definitely felt it was slower paced than any of the other Netflix Marvel series. It really felt like they were staging things for the Defenders (whenever that ends up coming out, although I hope this year).

The showrunner for Iron Fist is also the fellow who gave us the last few season of Dexter.

There's nothing wrong with that. If "Stranger Things" were nothing more than an exercise in 80s nostalgia, then I would agree with you, but I found the story and characters compelling. The production values of the show really enhanced it, but they didn't make it. The story, characters, actors, etc., make it good show.

They almost certainly do optimise that way, and it's likely the easiest optimizations to do due to their somewhat superficial nature.

However, a data driven mindset should be applicable on deeper levels also, but that probably takes longer to become possible to analyse, and crucially, I belive that it is likely to need a baseline of stylistically optimized content before the value of more abstract concepts can be discerned from the data.

An unfortunate effect of data driven is also that unless you also chase some crazy (possible) trends in the data, you will regress to content with maximal earnings in the short to medium term.

Data doesn't carry visions, at least not by themselves!

I had the same feeling. I thought all the pieces of Stranger Things were pretty good, but overall it seemed soulless.