In my world "just works" means "we blew away all of the security controls and best practice to get this thing hobbling across the finish line."
I see COTS products using ldap memberof queries without LDAP_MATCHING_RULE_IN_CHAIN and stating definitively in their documentation that nested groups are bad (despite decades of best practice).
I see product documentation recommending authenticating against LDAP instead of kerberos, despite the underlying libraries having full kerberos support.
I see sslverify: no, and flags to ignore SSH TOFU warnings, and recommendations to avoid SSH gssapi-keyex (WHY?????), and security approached by buying ever more products creating ever more complexity.
Yes, things "just work" in a horrible, 'youre stuck with your vendors forever' sort of way that results in lengthy outages every 6 months due to mounting, intractable technical debt. But things don't have to be this way, you just need people who are willing to ask "why" or "is that necessary" or "can it be better".
....And then feel OK resorting to ChatGPT for the explanation.
Seriously that threw me, and maybe it makes sense in this context but it seems strange for someone with such an apparent depth of technical knowledge leaning on an LLM for anything.
There's a reason that students are taught on day 1 of Statistics 101 that observational studies can only establish correlation, NOT causation. Otherwise we might as well just admit that cancer causes smoking.
It's one of the most pervasive and blatant errors seen in the news and social media.
Aspartame has been a boogeyman for literally decades, and yet no solid experimental study has shown evidence of carcinogenic activity nor of any negative health effects at realistic quantities.
Any risk posed by aspartame is completely overshadowed by the risks posed by the sugary alterative.
Sugar in general is one of those topics where otherwise intelligent people will suddenly lose the capacity for critical thought-- espousing the use of fructose-based sweeteners (agave) in lieu of HFCS over some concern over fructose, or opting for "natural sucrose" over a non-caloric, zero GI option like erithrytol.
Asking questions about who is funding the research is valid but anytime someone starts coming for the non-sugar option it should raise red flags about the motive for doing so; I would argue that the sugar lobby is far more concerning than the sweetener lobby. Diabetes, not aspartame overdose, is the real killer today.
Funnily enough 'sweeteners' as a class are so diverse that any claim that 'recent studies' universally show a common effect can be thrown straight into the rubbish bin.
Erithritol, Stevia, and Aspartame are all so wildly different that it is implausible they share a common mode of action.
The most 'amusing' fact here is what a country with 1.3M army doesn't even have any hostile nation at it's borders, so it's forced to literally go to other side of the planet to fight with anyone.
The idea that the CIA is naive to what Russia does is pretty amusing.
Yes, if only they frequented social media, they might have some clue what Chinese, Russian, and Iranian security services were up to. Alas for their naivete...
Nope, I think the politicians at the top are hopelessly naive or simply too maliciously self involved to care. And are more concerned with appearances than any of the values they claim to espouse.
I see COTS products using ldap memberof queries without LDAP_MATCHING_RULE_IN_CHAIN and stating definitively in their documentation that nested groups are bad (despite decades of best practice).
I see product documentation recommending authenticating against LDAP instead of kerberos, despite the underlying libraries having full kerberos support.
I see sslverify: no, and flags to ignore SSH TOFU warnings, and recommendations to avoid SSH gssapi-keyex (WHY?????), and security approached by buying ever more products creating ever more complexity.
Yes, things "just work" in a horrible, 'youre stuck with your vendors forever' sort of way that results in lengthy outages every 6 months due to mounting, intractable technical debt. But things don't have to be this way, you just need people who are willing to ask "why" or "is that necessary" or "can it be better".