Everyone is building one these days. None of them really have any differentiating features other than the LLMs they use, but I guess it's a cheap way to try and block off some market share from your competitors.

What's your suggestion? Not everyone is willing to pay to notarise their little CLI tools.

Sadly not a whole lot you can do. You could try and gain some legitimacy by getting your recipe added to homebrew but otherwise no clue. I wasn't laughing at it at the author, more so just the irony of the situation.

We did a refactor of our big ACL file recently but it took a lot of work and people inevitably lost access to things. I don't feel that Tailscale's ACL tests are really sufficient for making changes fearlessly.

I've tried using policy tests but as far as I remember you can't test access to specific hostnames, only tags. I know Tailscale ACLs operate on tags but in tests I want to validate that users can access specific things, validating they can access tags isn't very useful. I also don't really think the tests should be in the ACL file itself, I would much prefer if it were external, or if the Tailscale CLI had a command to run ad-hoc reachability testing.

I’m less positive about GitOps. GitOps is a lie. I’ve never seen software that actually manages to adhere to the ‘repo is the state’ principle. Inevitably you push something, it doesn’t work, now you have to do something out of band or revert to get it working again. Sometimes you revert and it’s still not fixed…

Looking at you Argo CD.

This happens a ton when bootstrapping, but in my experience doesn’t really happen that much when modifying existing infrastructure which is typically when you care about it being purely GitOps a bit more. Argo has all sorts of flaws around bootstrapping things that isn’t necessarily Argo’s fault but they manifest themselves (har har) in weird ways. For instance I do a lot of crossplane these days and the fact that Argo doesn’t sync CRD’s and force them to exist before future sync waves is a huge pain point, especially when you start to get to more complex applications that have lots of resources. You find yourself having to manually sync CRD’s because the default ordering logic doesn’t wait for the CRD to exist before creating the downstream resource - even if you’ve specified sync waves!

A gitops repo can never be the reflection of the system's actual state. It's a desired state your humans want the system to reach eventually, sometimes defined very loosely. This is the idea since Weaveworks invented the term years ago. Unfortunately I admit it's not very intuitive, especially to engineers who are not super familiar with declarative systems.

You may have to use Kargo as well, also by the makers of Argo

Trump is acting exactly as an agent of Russia would. Pissing off allies, trying to break up the EU and NATO, creating a distraction war to cut aid to Ukraine.

And their ‘no remote holes’ is true for a base install with no packages, not necessarily a full system.

I think the OpenBSD approach of secure coding is outdated. The goal should have always been to take human error out of the equation as much as possible. Rust and other modern memory safe languages move things in that direction, you don’t need ultra strict coding standards and a bible of compiler flags.

> I think the OpenBSD approach of secure coding is outdated.

I don't think it's outdated it's a core part of the puzzle. The problem with their approach is they rely on it 100%, and have not enough in place (and yes, I'm aware of all the mitigations they do have) to protect against bugs they miss. This is a lot less true now than it was 15 - 20 years ago, but it's still not great IMO.

Cory's talk has got me excited. De-Americanisation of the internet sounds like a bright future. Europe needs to grow and break free of the chains.

I get the impression that a lot of the old guard are long gone from the Windows team or have no influence. Raymond Chen is still around but not sure how much he actually works on Windows day to day.

Microsoft was founded in 1975. 1981 was the first DOS release. 1985 was the first release of Windows. 40 years working on windows is a long time, I would be surprised if anyone for the original team is left at this point. Even someone joining out of college in 2000 is now 25 years in, is 57, and could feasibly be retiring....

I don’t think that math is quite right. Graduating from college in 2000 would be 47, not 57 unless they were 32 when they graduated college.

That's in Microsoft years. Working there makes you get older faster.

Yeah I made an arithmetic error, meant 1990.

True. I meant to say that it feels like the people who know what's going on have long departed and it's junior web developers left to pick up the pieces.

Cmon man, it's a comment not a research paper. Off by one isn't worth a follow up snark

Off by 10+1. Someone who graduated college in 2000 = 25 + 22 (4 years of college from 18) = 47, not 57, and not anywhere close to the retirement age. It might be pedantry, but the original comment should have said 1990, not 2000.

Their main point was it is off by 10; then they introduced an additional confusing question of “is it off by 10, 11, or 12?”

which brings the points about demographic, experience and wisdom.. the artefact we see and manipulate is the results of a certain group of people... when it changes, don't expect anything

The toxic culture from Gates will never go away

Without evidence this is just fiction, I don’t trust some random Reddit post.

Knowing the tech industry it sounds entirely plausible. I'm surprised people think this is news.

When I read the predictive tip based fee reduction I went, "yep thats what I would do if I was unscrupulous and worked there."

You're not thinking like a techbro: there's nothing unscrupulous about A/B testing or "revenue optimization".

Some of this seems plausible—even expected—but other parts feel implausible. It's hard to believe that "Priority Delivery" does literally nothing. Optimizing payouts down to the lowest amount drivers will accept, on the other hand, is entirely believable. Also, given Uber's well-known microservice architecture, it seems unlikely that a random backend engineer would have deep insight across multiple independent systems, including money flows. My guess is that this was written by a real employee who took some liberties with the truth.

> It's hard to believe that "Priority Delivery" does literally nothing.

That's not exactly what they said. They said normal orders get artificially delayed and priority deliver orders get sent right away. They were clear that the real issue is that priority only exists because they actively made normal orders worse (I'd guess they actually took a few months of slowly backing off normal order time to get customers accustomed to the extra wait).

Yea, idk why this is even surprising. It's all sort of the obvious conclusion that these sorts of companies get to.

Facebook, dating apps, etc all do similar things with affinities and desperation to boost engagement.

The pearl clutching is just cope from people who haven't yet internalized that our industry encourages and glorifies deploying scummy practices at a huge scale.

Not sure its justified to put it in any bucket right away for couple reasons

- Terminology is realistic

- Everything mentioned is feasible and more or less thats how a business works on the idea of extracting maximum profit

- Caveat is, whatever has been called out is most likely legal so the company is legally playing by the rules, its just some ones moral compass that does not wants to accept it

The biggest red flag to me is the confident claims about where the money is going. I really don't think it's plausible to any extent that a backend developer for a major app would have any idea whatsoever to what account any particular fee is being deposited (they might know the account number if they worked on that area, but knowing that the account represents a legal fund or whatever is extremely unlikely).

Not backing up the claims, but,

You don't need to know the account or account number, just need to know the transaction logic, which most backend developer will know of as long as they work in that area.

If the product managers keep boasting about their new strategy (which I have seen in almost all companies I have worked for), even the juniors will know what's going on.

Except this is complete bullshit. Money is anonymous. Why would they have some kind of pipeline account that goes directly from the fees to political spend? Why wouldn't the fees just go to a generic revenue account and the lobbying would come out of the same account?

This is like claiming someone set up a special account where all their paychecks on rainy days get spent directly on weed. It makes zero sense.

Erm… I don't understand what you are saying.

> Money is anonymous.

Unless you pay in cash (or some cryptocurrency that doesn't leave traces), money is not anonymous. Not sure what made you make that claim.

> Why would they have some kind of pipeline account that goes directly from the fees to political spend?

Is the pipeline account you mention here the delivery company's account?

> This is like claiming someone set up a special account where all their paychecks on rainy days get spent directly on weed. It makes zero sense.

Pretty sure that already happens, that's one of many ways to do tax evasion with offshore accounts.

Stick around any corporation (especially one that is heavily regulated and has a revolving door with the government) and you'll hear all kinds of stories.

I'd put this into that bucket of "someone I trust told me they heard the story from someone they trust". It means the story may not be true and they don't have any hard evidence, but they found it believable enough to repeat.

By that same token, couldn’t someone say, without evidence, your response is obfuscation and don’t trust someone telling you food deliver services are not taking advantage of people using an algorithm? Not that I think you are but neither response proves identity or motive.

Including evidence in a public post will out them to the company and make the upcoming lawsuit against them more serious by giving ammo to the company. The evidence should be given to the journalist OP will soon talk to.

I don’t wholly disagree but consider it more a datapoint than an outlier that should be omitted.

Everybody knows delivery apps are shitty, if it were just gossip it wouldn’t matter but making specific allegations should be backed up with proof.

You’re the sort of asshole that makes whistleblowers not even bother.

And you're the sort of overly credulous person who makes people post fiction on internet forums for points.

I mean... It goes both ways.

if the user was a whistleblower they wouldn't post it on Reddit