I mean, come on... This one screams class action. I just got an email link to a list of current class action suits I could click on to see if I qualified, and none of them were over as clear cut a complaint as a company purposely crippling software initially promised to keep working.

Please, no. Often when writing code I need the API reference and only the API reference. I know what I want to do and how to do it, I just need a quick check of the exact order of arguments or exact symbol names. I don't need to try to sift that out of commentary. Likewise when I'm learning how to use the library I'm more interested in the overall view. I don't need to know the exact names of the options for a call, only what the options are for. I expect the code in the user's guide to be accurate, but I don't want the same things out of it that I want out of the API reference.

Except for the bit where it does that caching for a loop where each lookup only occurs once. Because everybody caches lookups, so that must be the right thing to do (it's the most likely thing to happen) in a case where the cache is never used. Riiiiight...

Something critical to note: intent is the most important thing to document when it comes to software. You can see what it does by reading the code, that's straightforward. What I need to know most, both when writing software and maintaining it later, is why it's doing that. What's it supposed to be doing? Why is it doing it in that way? What were the alternatives and why weren't they chosen? How is it supposed to be used by code that calls it? An LLM can't generate any of that just from the code.

This is why traditionally software libraries have had two separate pieces of documentation: an API reference that details every call and it's arguments and results, and a user's guide that lays out how and why to use the library.

This has been typical behavior for large companies when dealing with vulnerability reports for decades. Report one, they treat you as the problem. They'll try to ignore it, consider it "not exploitable", delay and deflect as long as they can get away with it, anything but address the vulnerability. And they'll never tell anyone the vulnerability exists. This only changes when they have no choice but to admit to the problem and fix it, usually when the vulnerability is being publicly exploited. They push "responsible disclosure" because it includes the reporter not making the vulnerability public until the company has a fix, which allows them to stall disclosure as long as they want.

It used to be enough to just include a reasonable deadline when reporting it, after which the reporter would make it public if the company hadn't taken some action on it. Then companies started threatening and then taking legal action against the reporter as soon as they reported the problem, playing the deadline up as "blackmail".

So, what do you do when faced with this? The only reasonable response is to skip the company entirely and make the details public immediately. You're going to be facing retaliation from the company either way, this way the public isn't vulnerable for an extended time. And yes you include details on how to exploit the vulnerability, ideally via working code, so researchers other than the company can confirm it's a real vulnerability that's actually exploitable without having to take your word for it. No, that doesn't give the bad guys anything because remember the working assumption for vulnerabilities: if a good guy has found it, the bad guys already know about it and are using it. Remember that when the company whines.

This was back in the 2012-2015 time frame ... so "buy them bigger drives" wasn't always a reasonable solution. A lot of them were using Macbook Airs that were great for their needs EXCEPT for the SSDs not being as big as one might prefer.

I'm sure I'm just an outlier here. But I bought a cheap big screen LCD smart TV at Best Buy 3-4 years ago. It was a Westinghouse branded set running Roku TV.

At some point, they updated the firmware to consolidate the TV guide in it so it displayed all the streaming content and your over the air TV stations in the same guide. (Used to be, you had to pick a Live TV icon/button to look at your OTA content in its own place.)

Ever since that happened, the TV forgets all my OTA stations regularly so I have to go into setup and re-scan for all of them, to get them to reappear in the guide. REALLY annoying.

It would be awesome if a total UI makeover for it results in fixing this problem.

I used to work for a company that used the "Dropbox for Business" product. (I think they renamed it along the way, so that may be its former or current product name?) Anyway, my memory of it is that it generally did what you paid for it to do -- but was horribly costly when existing contracts ran out and went up for renewal.

They seemed to use the business model that once you invested in using the platform and they had your data captive in it, they could crank up the prices because it was cheaper to keep it than to go through the painful process of switching.

I also recall a really frustrating detail; We kept wanting DropBox to enforce a disk quota on client PCs. Instead, it would happily keep syncing more content until it ran someone's disk space down to around 0 bytes free, causing OS crashes and a big hassle cleaning it back up again. Their only answer was, "We added the ability to only sync the actual files and folders on-demand, the first time a user clicks to view/open/edit one of them." Great, but that's not the same thing as a disk quota. We had people working with huge video files and it only took one to wipe out remaining disk space on some machines.

This one's interesting on several levels. I mean, for starters? We already know most competitive sports involve people taking various drugs and supplements in an attempt to get an edge. So it's a lie and a farce when the Olympic committee or the Major League Baseball association or anyone else doing pro sports claims we're watching athletes who achieved everything they do 100% naturally.

Viewed that way, I can see how holding a "performance enhanced Olympics" challenges that and calls it out. Essentially, it's saying, "Hey... we don't just randomly catch and disqualify a few athletes, to keep up a facade that the rest of them aren't doing any of it. We let you see what people can do, period, in a world where these drugs and supplements exist and people take them."

Where it gets questionable for me is ethically, when you start asking if it's right to dangle large sums of money in front of people to encourage them to take dangerous amounts of drugs and push themselves into potential health crisis? I think most of us know that normally, athletes would limit drug usage to what they believe is relatively safe. (They're surrounded by others who have been doing the same and can make a judgement call based on what's actually worked and happened to that group.) Start changing things to huge cash prizes to win ONE event, and now people will get reckless. "I only need that $30 million this one year and I can quit the whole thing."

Historically, knowledge-workers had little interest in unionizing because they knew they possessed the ability to learn and adapt. Sure, they had useful skills and knowledge. But much of I.T. is about possessing the ability to learn new things quickly. Everything's in constant change or evolution. The software package you use today will get a new update in a matter of weeks and then it has new functions or features have been moved around to new locations in it. The programming language you use may even get deprecated, demanding you learn whatever replaces it. The hardware you troubleshoot and support changes on a regular schedule.

Unions primarily benefit people who want to retain fair compensation for doing the same specific tasks repeatedly. They want reassurance they won't be forced to do anything new that's outside the scope of what they were hired for. Such a thing requires a new job title/role and a contract specifying exactly what they agree to as part of it.

I.T. workers usually felt if they were getting a bad deal someplace, the best move was to quit and find a new job where pay/benefits and/or working conditions were better. There wasn't so much fear or concern if a place used different software or tools than what they used before. That didn't matter much as long as they could learn the differences between it and what they had previously.

I think that might be changing in recent years, though? Now, you probably have an edge if your resume shows you already worked at companies people are familiar with and impressed by. But otherwise, they mostly want newer/younger people who they can pay lower wages to and get the most out of. Most places are starting to treat anyone in I.T. as more of a necessary expense than an asset to the business, and fewer and fewer pay well for your decades of experience.

I know that's just me being a bit sarcastic or mean. I don't wish unemployment or a tough time on any of my "people" working in I.T. or with an interest in computers and technology. That's been my thing since I was a kid.

But ... I spent the majority of my career working for small businesses and even working for myself (on-site consulting and computer service). When I finally got hired on with "big tech", I lasted only a year before resigning, because I couldn't bear the constant changing demands, stress, foolishness and teams getting pushed around by middle managers in competition with each other.

I noticed a huge rift in "big tech" employment between the "chosen ones" and everyone else employed there. If you got into management in some capacity, or you were important enough in software development - you were compensated really well and made to feel like your job was fairly secure. The others doing such roles as deskside support or audio-visual support were in another world. They were just herded around by project managers who in turn would change direction on initiatives on a dime, when managers over them declared they had some new direction to go. For them, employment was a revolving door of hiring and firing (after tossing people on "performance improvement programs" to pretend they cared).

So when the big tech shakeup starts involving the middle managers and those all comfortable with lots of stock options and a high salary because they help code the site's web portals? It's hard to be THAT sympathetic. Time to learn how the rest of us in the career feel.

This isn't unusual for a cloud environment where services are distributed across multiple servers for performance and resilience. For read/write data the propagation window necessarily has to be short, but for read-only or read-mostly data like authentication tokens the architecture usually favors speed of authentication and resistance to infrastructure failures over fast propagation of changes. Eg., using a pull-based "changes since the last time I checked" process instead of setting up everything for a real-time event-driven process.

The main thing everyone needs to remember about cloud systems is that they are operating in a distributed environment and changes do not propagate instantly to the entire system. The question is whether the propagation delay is acceptably small or not.

Also, do not depend on "we can revoke the credentials" as your primary defense against compromise. That won't help you against use of the credentials in the span between when they're compromised and when you revoke them, if that's acceptable for you then extending that span by a bit isn't an existential crisis. Design your authentication so credentials can't be compromised in the first place, and are as difficult as possible to use from any system other than the one they were issued to if they are compromised. Hardware tokens (Yubikey etc.) have been a thing for a decade now, it boggles me that they aren't the minimum standard yet.

Umm, I never said I was offering a solution here. I'm just identifying a problem. And the problem is a lot bigger than "Trump". He's just the latest one in the line-up.

It's pretty clear we've had a long string of shady deals and the public being kept in the dark on what our government is really doing.

Only reason you can try to pretend the whole problem is the Republican Party is the fact they've been in a power a lot. I'm old enough, though, to remember how awful things were under the Carter administration with the "stagflation" and his turning our relations w/Iran from a close alliance to a geopolitical crisis. I also remember how, despite his ability to relate to the people and make people feel good, Ronald Reagan also pulled some corrupt B.S. Perhaps most insultingly? He did all of it while quoting very Libertarian key points and principles. Clearly a case of "do as I say, not as I do" when you look at the Iran Contra scandal or his non-working "trickle down economics" he's known for taking from his advisors and running with, despite it just being a failed experiment. President Clinton was fingered for shady campaign funding/financing methods, from the start, followed by firing all 7 members of the White House travel office and replacing them with friends and associates. Plenty of reasons to question Joe Biden's ability as President when he got a shot at it -- including millions of dollars from foreign countries funneled into his family's own bank accounts, and admission that he improperly removed a number of classified documents and tried to keep them at home. (No charges ever filed for "mishandling" those though, which probably tipped off Trump that he could get away with the same!)

I didn't even bother to mention Bush, Sr. or Jr. here but clearly, they had personal agendas too.

It's all a steaming pile in Washington DC ... and it just keeps getting worse, the more the leaders figure out they can get away with.

I don't totally agree with that Starlink assessment though. They're far from "maxed out" on potential customers. Where I work, alone, we have 50+ remote docks and warehouses in random parts of the country. All of them need Internet access desperately but most are only serviced by an LTE cellular connection because they're in too rural an area for other options.

Starlink would be ideal for them, and we've used it in a couple of locations already. The main objection seems to be the complexity of the setup. (EG. We can program up a hotspot and SIM card easily enough and ship it someplace. Tell some dock worker to plug the thing into power and attach a network cable between it and a patch panel on a wall, and done. Can't expect them to properly install a Starlink antenna and the whole bit.)

Starlink just needs a free installation offer as part of buying it, with some kind of minimum contract required, and a lot more people would bite.

The crazy part? US taxpayers are propping up ALL the things! NASA didn't just stop receiving any government funds because Space-X exists. You get to foot the bill for both now!