I think just putting it on the companies is enough. If the fines are serious and can put your company out of business, and are enforced, then the companies themselves will probably work out processes for not doing stupid stuff.
Whether that be creating some sort of certifications that would be prized by the companies, knowing to hire a specialized team for a security review, or anything else.
If everyone knows that messing up security gets you in real trouble and the company loses real money, and it happens all the time, and it's not just "Facebook fined $x million for doing shady stuff", then I think the industry will adapt.
Like when GDPR got released and no matter if I thought we are or are not handling PII, I had to read up and double-check my assumptions just because it was being talked about all over the place and it would be embarrassing to be caught with your pants down when you didn't actually intend to do a shady thing.
> I think just putting it on the companies is enough. If the fines are serious and can put your company out of business
They don't care. It's either never enough to make them care, or the company can just bankrupt and you go do something else.
If you or your manager has the threat of jail in the back of their mind, it's no longer just someone else's money being lost, it's personal.
> If everyone knows that messing up security gets you in real trouble and the company loses real money
There's already huge fines on paper for this, but never ever are the fines enough. It's always factored in the "cost of doing business". Also it's still someone else's money, why would an engineer care?
Please show me a GDPR fine that hit hard enough to scare companies into not fucking up? Evidently here it was not enough for Fiverr.
Edit: Just to provide an example, Takata airbags have been recalled massively (if you don't know why, look it up) but the company is now bankrupted and who is footing the bill? Their customers.
You cannot impose a fine on them, as it's bankrupt (now, but it was always the plan). They deliberately sold dangerous airbags and now what can you do so it doesn't happen again? Fine them some more? or maybe throw a few execs in jail because they knew of the problem and continued as usual.
I'll just note that I'm using revolut and some of my virtual cards on there appear to randomly be created as Visa or Mastercard.
Well, couldn't pay for Claude with my Visa (no matter if virtual or physical card), but found a comment on Reddit suggesting to use Mastercard, and that worked without a hitch.
So they certainly have a problem with their flow with Visa. I wonder if the payment flow was vibecoded from scratch, never experienced that with any other site.
Since everything is essentially opening WebApps via QR codes on your WeChat/AliPay app, it's actually great for tourists.
The apps have a built-in option to do machine translation of the screen to English, which I used when I took a trip to China. In the case where it doesn't translate some part of the UI, I could still use screenshot translation on my phone, so overall it's very easy to get around speaking/reading zero Chinese.
I'm using the nextcloud app on my android, and for my Linux systems I mount WebDAV using rclone, with VFS cache mode set to FULL.
This way I can:
1. Have the file structure etc synced to local without downloading the files
2. Have it fetch files automatically when I try to read them. Also supports range requests, so if I want to play a video, it sort of streams it, no need to wait for download.
3. If a file has been accessed locally, it's going to be cached for a while, so even if I'm offline, I can still access the cached version without having to verify that it's the latest. If I'm online, then it will verify if it's the latest version.
Overall, this has worked great for me, but it did take me a while before I set it up correctly. Now I have a cache of files I use, and the rest of the stuff that I just keep there for backup or hogging purposes doesn't take disk space and stays in the cloud until I sync it.
Sine you are mounting and not syncing the files, what happens when you edit a file offline? And what if on another offline device the file is also edited?
Fair question. Conflicts happen, which I'm fine with.
Realistically speaking, most files I have in my cloud are read-only.
The most common file that I read-write on multiple devices is my keepass file, which supports conflict resolution (by merging changes) in clients.
Also used to happen when I tried editing some markdown notes using obsidian on PC, and then using text editor (or maybe obsidian again?) on android, but I eventually sort of gave up on that use-case. Editing my notes from my phone is sort of inconvenient anyway, so I mostly just create new short notes that I can later edit into some larger note, but honestly can't remember the last time this happened.
But yes, if not careful, you could run into your laptop overwriting the file when it comes online. In my case, it doesn't really happen, and when it does, Nextcloud will have the "overwritten version" saved, so I can always check what was overwritten and manually merge the changes.
P.S. If anyone wants to set this up, here's my nixos config for the service, feel free to comment on it:
# don't forget to run `rclone config` beforehand
# to create the "nextcloud:" remote
# some day I may do this declaratively, but not today
systemd.services.rclone-nextcloud-mount = {
# Ensure the service starts after the network is up
wantedBy = [ "multi-user.target" ];
after = [ "network-online.target" ];
requires = [ "network-online.target" ];
# Service configuration
serviceConfig = let
ncDir = "/home/username/nextcloud";
mountOptions = "--vfs-cache-mode full --dir-cache-time 1w --vfs-cache-max-age 1w";
in {
Type = "simple";
ExecStartPre = "/run/current-system/sw/bin/mkdir -p ${ncDir}"; # Creates folder if didn't exist
ExecStart = "${pkgs.rclone}/bin/rclone mount ${mountOptions} nextcloud: ${ncDir}"; # Mounts
ExecStop = "/run/current-system/sw/bin/fusermount -u ${ncDir}"; # Dismounts
Restart = "on-failure";
RestartSec = "10s";
User = "username";
Group = "users";
Environment = [ "PATH=/run/wrappers/bin/:$PATH" ];
};
};
Right, but then you need to learn the right motions well, motions that will make sense at the final speed. I suppose it's one of those things that are made easier by having a teacher.
For me, searching for "whistle" on play store, I get the app as the third result (ignoring sponsored crap). Searching for "blazingbanana" gets me the app as the first result".
App info shows 218MB size, which I suppose is about what I'd expect for a model+app code :shrug:
Good to know, it's hard to know what real users would see in the play store and not Google just showing you what you want. Thank you for checking it out
This is actually the first plugin I install on every new installation of a Jetbrains IDE...
Used to include it in my "mentoring about advantages of IDEs" rants, just before configuring debugger.
So after building my latest rig and crazily getting a lot of driver issues related to network I've finally ditched Windows for Linux. While trying to figure out how to keep track of all the system changes I make in case I change my distro and need to set up my system yet again, I came across Nixos, which has been working out pretty well for me.
The issue I'm currently battling with is how do I connect my cloud drive (self hosted nextcloud) to the system in a way that it worked on Windows, and so far no luck. Once I figure it out (if at all), it's going to be perfect.
Surprisingly, even gaming works just fine via steam. I've been able to play whatever I have in my library by "forcing compatibility tool" ( which is proton). Colour me impressed.
Now I just need to confirm that I can run my country's official program for tax-related stuff via wine and I'll have no regrets.
If everyone knows that messing up security gets you in real trouble and the company loses real money, and it happens all the time, and it's not just "Facebook fined $x million for doing shady stuff", then I think the industry will adapt.
Like when GDPR got released and no matter if I thought we are or are not handling PII, I had to read up and double-check my assumptions just because it was being talked about all over the place and it would be embarrassing to be caught with your pants down when you didn't actually intend to do a shady thing.
reply