I'm with you: the experiences people have with these tools are just dramatically different from mine. They are quite good. By no means even close to perfect, but they're just so much faster than me at pulling up some random information that would be hard to find with an Internet search myself and very good at going from nothing to something that works with code. I don't particularly enjoy using them because I find the whole industry abhorrent, but their usefulness isn't in question to me.

It's interesting what people expect of Proton Mail. I've used it for a long time but for only one reason really: their revenue stream is my subscription and not ads. I've never even given a second thought to all their encryption claims. Even with Proton Mail if I ever wanted to send a "secret" email I'd wrap the content in my own personal keys.

With respect to IP addresses of email logins, I'm surprised they ever claimed they don't have logs. You've always been able to review the IP of a login through the web UI as far as I remember. Was the idea that that was also supposed to be encrypted?

Personally I'm OK with them complying with court orders, but I understand that "the definition of criminal is state defined" and that poses serious issues. It kinda seems like if you want to do something that could be considered criminal at some point in your life by your country you should consider something other than a 3rd party email provider for those messages. Signal would be a step up in that regard if you still wanted to use a third party.

Security is constantly used as a guise for removing consumer rights and as someone who has been in the security industry for about 9 years I'm so sick of it.

First and foremost, everyone please understand: the user should be allowed to opt into your concept of insecurity: you do not know their threat model and you do not know their risk tolerance.

Using exploits in low level drivers in the wild is approaching APT level, and even if there were a simple one to use it'd likely be useless without some sort or local access to the device (bar some horror show bug in a Bluetooth or WiFi firmware). The risk is incredibly low for the average person. I'd put it pretty close to 0.

Wire transfers aren't instant and for large sums (your inheritance) the banks will likely require more than just a request from your app. If the bank cares about that then they can also use the attestation APIs which would be more than sufficient, as much as I hate them.

This boogey man of the APT going after my technologically illiterate with nation state level exploits needs to die. Long ago we entered a new era of security where it just isn't worth it to waste exploits. Especially when you can just text people and ask for their money and that works plenty well.

Security is not a valid reason to soft brick consumer devices at some arbitrary end of life date.

The coordinated strike had an immediate impact. Millions of people in Dubai and Abu Dhabi woke up on Monday unable to pay for a taxi, order a food delivery or check their bank balance on their mobile apps.

I honestly can't tell if this paragraph is supposed to be satirical.

Congress please dear god grow a spine.

I've had someone screenshot my code, circle a buggy line in red, and blog about it instead of submitting a PR.

Look at this person over here using branches, show off

https://github.com/Chocobozzz/PeerTube/releases/tag/v2.3.0

ChatGPT is correct? The irony of people confidently asserting that ChatGPT is wrong, while being wrong, seems to be lost on the crowd here. Kinda makes you understand why ChatGPT is often so confident even when wrong.

JavaScript alone is not a simple beast. It needs to be optimized to deal with modern JavaScript web apps so it needs JIT, it also needs sandboxing, and all of the standard web APIs it has to implement. All of this also needs to be robust. Browsers ingest the majority of what people see on the Internet and they have to handle every single edge case gracefully. Robust software is actually incredibly difficult and good error handling often adds a lot more code complexity. Security in a browser is also not easy, you're parsing a bunch of different untrusted HTML, CSS, and JavaScript. You're also executing untrusted code.

Then there is the monster that is CSS and layout. I can't imagine being the people that have to write code dealing with that it'd drive me crazy.

Then there are all of the image formats, HTML5 canvases, videos, PDFs, etc. These all have to be parsed safely and displayed correctly as well.

There is also the entire HTTP spec that I didn't even think to bring up. Yikes is that a monster too, you have to support all versions. Then there is all of that networking state and TLS + PKI.

There is likely so much that I'm still leaving out, like how all of this will also be cross platform and sometimes even cross architecture.

I'm so sick of this; that wasn't her platform. People constantly saying that was her platform stopped people from actually looking at her platform. I'm so sick of Dems that think they can just not vote because they don't fall in love with their candidate. Politics is practical and the USA just shit the bed and it will have a real impact on the world. All of the Dems or left leaning people who didn't vote are complicit.

No intention of validating that behavior, it's uncalled for and childish, but I think there is another bit of "nontechnical nonsense" on the opposite side of this silly religious war: the RIIR crowd. Longstanding C projects (sometimes even projects written in dynamic languages...?) get people that know very little about the project, or at least have never contributed, asking for it to be rewritten or refactored in Rust, and that's likely just as tiring as the defensive C people when you want to include Rust in the kernel.

People need to chill out on both sides of this weird religious war. A programming language is just a tool: its merits in a given situation should be discussed logically.

Async features in almost all popular languages are a single thread running an event loop (Go being an exception there I believe). Multi threading is still quite difficult to get right if the task isn't trivially parallelizable.