jadero

I'd be very interested in learning more about how Canada manages "software engineer." Because whatever is being done certainly doesn't seem to include mandating where regulated professionals must be employed or punishing failures.

Saskatchewan's electronic health records system (eHealth) has had a couple of egregious failures that it shouldn't have taken a "software engineer" to prevent.

Several 911 services became unavailable during an outage that happened to also disrupt point of sale payment systems nationwide.

Both of the relevant companies are telecommunications companies (Telus and Rogers, respectively), where one would expect "software engineering" to be conducted by "software engineers" regardless of regulation.

A quick search for breaches in critical personal information will show that Canada is performing about as well as the US. Which is to say, abysmally.

Ok, that makes much more sense! I've done a tiny bit of genealogy, so I knew about the exponential numbers, but I misunderstood the sharing. Yes, I know the feature was described as "with relatives" but I was thinking of "with person". Yes, choosing to share with all relatives in one click would produce huge numbers.

As for where to place the blame, it's tough. The vast majority of people have no concept of how this stuff works. In effect, everything from mere typing into a document to logging in to and using network resources is treated quite literally as magic, even if nobody would actually use that word.

That puts a high burden on services to protect people from this magical thinking. Maybe it's an unreasonably high burden, but they have to at least make the attempt.

2FA (the real thing, not the SMS mess) is easy to set up on the server side. It's easy enough to set up on the client side that if that's too much for some fraction of your customer base, then you should probably treat that as a useful "filter" on your potential customers.

There are any number of "breached password" lists published by reputable companies and organizations. At least one of those companies (have I been pwned) makes their list available in machine readable formats. At this point, no reputable company who makes any claims to protection of privacy and security should be allowing passwords that show up on those lists. Account setup procedures have enough to do already that a client-side password check would be barely noticeable.

We know enough about human nature and human cognition to know that humans are horrifically bad at creating passwords on the fly. Some services, maybe most services, should prohibit users from ever setting their own passwords, using client-side scripting to generate random strings of characters. Those with password managers can simply log the assigned password. Those without can either write it in their address book or let their browser manage it. This has the added benefit of not needing to check a password against a published list of breached passwords.

My data will always be at risk of some kind of weak link that I have no control over. That makes it the responsibility of each online service to ensure that the weak links are as strong as possible. Rate limiting, enforcement of known good login policies and procedures, anomaly detection and blocking, etc should be standard practice.

Let's pretend that I had an account and that you used the internal social share to share your stuff with me.

I, being an idiot, used monkey123 as my password. As a result, the bad guys got into my account. Once in my account, they had access to everything in my account, including the stuff you shared with me.

Now to get from 14,000 to 7,000,000 would mean an average of 500 shares per account. That seems unreasonable, so there must have been something like your sharing with me gives me access not just to what you shared, but to everything that others shared with you in some kind of sharing chain. That, at a minimum, is exclusively on 23andMe. There is no way any sane and competent person would have deliberately constructed things like that.

Edit: I think I goofed. It seems to be sharing with relatives as a collection, not individuals. As was pointed out, you don't have to go very far back to find common ancestors with thousands of people, so that's a more likely explanation than mine.

I've got just 2 now. Codium and Blackbox.ai. Not because they're the best, but because I'm a cheapskate hobbyist and they're free :)

I'm only just starting to play with AI tooling, so I don't have an opinion on which is better, but something about the way Blackbox worked within VSCode means I went through the hassle of getting it installed to vscodium when I switched.

I suspect that Codium might be better at oddball stuff, though, like OpenSCAD. Blackbox seems to just make bad guesses while trying to regurgitate code I've already written. Codium seems to have at least a primitive idea of what's going on with OpenSCAD. But Blackbox does a great job of cleaning up my comments and even generating decent comments for uncommented code.

FWIW, Codium actually labels OpenSCAD as "experimental", but I don't know if that's just boilerplate for something it's never been trained on or whether there is some training data in its system.

Blackbox is a pain to work with in other ways, though. It was like pulling teeth to get an account and I still can't find anything on their pricing--or any documentation, for that matter--despite language suggesting that there are different tiers and a chat UI that offers different settings (like web browsing mode and fun mode). And the Blackbox name isn't doing it any favours, given that "black box" is a generic term in the AI community and others. It's own chat doesn't seem to know that a question about the service might be about the service instead of the generic term.

There is an esolangs community on this instance: [email protected]

It doesn't have nearly the traffic that the comparable subreddit had, though. The last post was months ago.

They claim that Rust and WASM is the answer. Their blog entry on the difficulty of passing Mozilla's review for the Firefox extension suggests that they are taking things seriously, at least as far as reproduceable builds.

It wouldn't hurt my feelings if they had someone actually on security detail. Maybe they do and just haven't said so. Given all the problems with Flash, I would like to see them do more bragging and discussion on how they are dealing with security issues.

He brought me much joy in tinkering, first with Pascal, then with Oberon.

In looking up and then reading that article, I discovered that not only has Oberon been actively maintained, but that there is a successor, A2. Now that I'm back to being a hobbyist, I look forward to more joyful tinkering courtesy of his great mind.

Edit: in the course of further investigation, I found many dead links. But I also found this A2 repository that shows activity from as recently as 2 months ago.

I'm pretty sure non-programmers share much of the blame. Here's what I imagine goes through the minds of most people, especially management types.

"Oh, a nerd. Great we need another nerd in here because things are not moving fast enough."

I've had job offers for everything from equipment maintenance and repair (because there was a PLC hooked up) to network administrator. It's all computers, right?

When trying to use some of the truly atrocious stuff that gets rolled out with a web interface, I get the distinct impression that random "nerds" are dropped into random slots. There is no consideration that maybe saying "nerd" is like saying "doctor". If that's all you look for, you might get an economist instead of a surgeon.