I think the opposite side of this coin is that the company should clearly define the minimum lifetime of the product and it support, including what services they will provide upon its sunset (such as a partial refund and disposal if the product folds before that date). I want to make an informed decision, and like you I would shop for another product beyond this crap we subscribe to.
The Elkjop electrical goods store in Norway supplies an environmental impact statement which often includes the manufacturer's estimate of the lifetime. For instance the Ankarsrum Assistent (successor to the classic Electrolux Assistent) kitchen machine it's 30 years with spare parts available for 12 years.
Off-topic, but I've got an Ankarsrum Assistent (in the US). It's a ridiculously good machine. Much better design IMO than the KitchenAid stand mixer. The rotating bowl means adding ingredients doesn't require stopping the mixer & lifting the head, you can just pour things in.
>including what services they will provide upon its sunset (such as a partial refund and disposal if the product folds before that date)
This might be OK for a huge company like Google, but for many others, what good is it? If the product folds, it's probably because the whole company folded, and when that happens, you're not getting a refund, regardless of what any contract says.
Why people like me buy iphones? Not because they've got the best hardware or have the best camera or the best apps (though they're pretty damn good at those), not because they are open for hackers (they're basically the worst), but because the manufacturer provides de facto support for at least 5 years after release. My kids all have iPhone 8s and they still get security iOS updates.
Did they promise that anywhere? No. Did they kept on their unwritten and unspoken promise? Yes, for years now. Do you have to be Apple to do this? I don't know, would love it if the answer was no, but looks like everyone else treats this as cost and Apple treats it as value added?
This is the same problem as packaging. I think we should have a designated escrow service for the disposal costs of packaging that is taken off the front end, similar to the pension benefit guarantee corporation.
Imagine if there were a product support guarantee corporation which took, say, 4% of the cost of retail electronics sales, in order to guarantee their long term support.
At my work, I often see these 2 things throughout the codebase:
- an identifier for an environment variable that gives us the azure key vault scope (another identifier)
- an identifier for the token to pull from that scope
Then the scope name and token name are used to pull the token secret value using the secrets api.
I am not experienced in how this is "supposed to be". Would it make sense to make both of these environment variables so neither identifier appears directly in code? (scope name and token name)
The question you want is, "will anything bad happen if this source code is widely shared / leaks on the web" - and the answer in your case seem to be "no", the identifiers/token names are pretty useless without accompanying machine auth. You are fine.
Tangentially, I really dislike walking into the DMV and seeing ads from private companies. I heavily dislike that ID checking and document verification is done by ID.me and others for what is a public service I pay for through my taxes.
Maybe for a while I can avoid submitting my documents and information to partners-of-the-DMV, but just like airport security it's a convenience tax. They do not value your time, and they will demonstrate it by putting you through extra hoops to coerce you into giving them everything.
Honest-to-god, I do not have a permanent email address (I use burners, when necessary). It has been years since I received any SPAM (cause there's nowhere to receive).
Just over a year ago, I had a civil court action where the court REQUIRED I list my email address; when I wrote "none," the clerk was upset; eventually a judge required me to sign an attestation that I do not use email.
Just seemed ridiculous that Tennessee's court systems even ask for this, let alone assume everybody has/uses email. Plus, it's all public information...
LinkedIn was never perfect. It worked for some who had extensive people networks to bring to the platform, but the platform itself was always hot garbage. I still tell younger folk about the days when they would spam your entire address book. I'm still seen as the loony in my peer circle for having no LinkedIn presence. It's an industry standard of hot garbage.
I think the problem is they're trying to introduce nuance and a narrow path to allow this. They want an acceptable level of risk to using untrusted model output for the efficiency/productivity gains it will bring, notwithstanding hallucinations.
Generative AI would not have flown in the security theater of Yesteryear, but CTOs see productivity multipliers.
Right, but that's not a new problem either. We want to allow people to send emails with some acceptably-low level of risk that spam will get through. We want an acceptably-low risk that our image upload feature won't be hosting CSAM. And we want it while still getting the benefits of allowing our real customers to pay us for the services we offer. Businesses have been figuring out the balance of risk:reward for as long as infosec has been a concept.
I've struggled with ending my shift and mentally checking out of work. However, I wouldn't impose going back to the office on others who can do this effectively. I think the comment is about maintaining a work-from-some-office-space capability.
What is with the defeatism? It all starts somewhere. I moved on from desktop computers 10+ years ago. I've only owned laptops, and I've stayed on laptops because I cannot do "everything" to a reasonable practicality on smartphones. This is one of those pieces I need.
It's not fast today, but it's possible and portable.
reply