People who choose such a noxious name for their project that it actually dissuades people who might otherwise be users think that says something about those prudish users, but it really says something about them.
Did this for a couple years on a 45 minute CTA commute in Chicago while I was learning to code outside my day job, it honestly made that commute not even feel burdensome. Key was that I was 1.) on the brown line, which was still running the 3200-series cars with plentiful seats, and 2.) at an early enough stop to reliably get one. And can confirm an old Thinkpad (x220 at the time) is the king of commute coding.
> I think in the future I'll anonymously contact companies with way more strict deadlines if their customers (or others) are in serious risk. I'll lose the ability to brag with my real name, but I can live with it.
What you're describing is likely a crime. The sad reality is most businesses don't view protection of customers' data as a sacred duty, but simply another of the innumerable risks to be managed in the course of doing business. If they can say "we were working on fixing it!" their asses are likely covered even if someone does leverage the exploit first—and worst-case, they'll just pay a fine and move on.
Precisely - they view security as just one part of many of their business, instead of viewing it as one of the most important parts. They've insured themselves against a breach, so it's not a big deal for them. But it should be.
The more casualties, the more media attention -> the more likely they, and others in their field, will take security more seriously in the future.
If we let them do nothing for a month, they'll eventually fix it, but in the mean time malicious hackers may gain access to the PII. They might not make it public, but sell that PII via black markets. The company may not get the negative publicity it deserves and likely won't learn to fix their systems in time and to adopt adequate security measures. The sale of the PII and the breach itself might become public knowledge months after the fact, while the company has had a chance to grow in the meantime, and make more security mistakes that may be exploited later on.
And yes, I know it may be a crime - that's why I said I'd report it anonymously from now on. But if the company sits on their asses for a month, shouldn't that count as a crime, as well? The current definition of responsible disclosure gives companies too much leeway, in my opinion.
If I knew I operated a service that was trivial to exploit and was hosting people's PII, I'd shut it down until I fixed it. People won't die if I make everything in my power to provide the test results (in my example of medical labs) to doctors and patients via other means, such as via paper or phone. And if people do die, it would be devastating, of course, but it would mean society has put too much trust into a single system without making sure it's not vulnerable to the most basic of attacks. So it would happen sooner or later, anyway. Although I can't imagine someone dying because their doctor had to make a phone call to the lab instead of typing in a URL.
The same argument about people dying due to the disruption of the medical communications system could be made about too-big-to-fail companies that are entrenched into society because a lot of pension funds have invested in them. If the company goes under, the innocent people dependent on the pension fund's finances would suffer. While they would suffer, which would be awful, of course, would the alternative be to not let such companies go bankrupt? Or would it be better for such funds to not rely so much on one specific company in the first place? That is to say, in both cases (security or stocks in general) the reality is that currently people are too dependent on a few singular entities, while they shouldn't be. That has to change, and the change has to begin somewhere.
Worked at Sonos for several years. Was an IC4. My boss empowered me to say no to meetings whenever I wanted, and she was a new manager!
Sometimes all it takes is someone with a tiny bit of courage.
Literally nobody but people who want to waste their time and not do work or PMs who don’t know how to communicate want to have all these meetings.
I zealously avoid meetings and now that I’m a team lead at my new job, I’ll be encouraging my team to do the same and covering their asses when needed.
"That sticker, identifying the line, kept the wire from getting a good connection in a circuit breaker – which in turn ultimately caused the first blackout. "
I don't think giving someone "medical advice" in the US requires a license per se; legal entities use "this is not medical advice" type disclaimers just to avoid liability.
What’s illegal is practicing medicine. Giving medical advice can be “practicing medicine” depending on how specific it is and whether a reasonable person receiving the advice thinks you have medical training.
Disclaimers like “I am not a doctor and this is not medical advice” aren’t just for avoiding civil liability, they’re to make it clear that you aren’t representing yourself as a doctor.
Tried containers when it was released but found it very inconvenient to manage. If I understand this solution doesn't even let you have two profiles open at once? That's even less useful imho.
edit: I use Simple Tab Groups which is far more featureful - "Send tab to [group/container/etc]" for example is table stakes.
Of course you can have them open at once, that's what's useful. I have four! And I can open subsequent windows in the right profile, no problem. But it required non-trivial scripting.
I have 3 different profiles, one for each of my current customers and one personal.
Within the customer profiles, I have containers for things like different AWS accounts (although AWS now has that as part of the console), I can have logins to test systems and production systems etc.
The automation of containers is good too, tied to URLs.
reply