Woah woah woah let’s not give megachurches extra points for things they didn’t lead in. Tax breaks yes, more dishonestly, no.
If you don’t think every business that makes it, and even more so for those that make it big, don’t have shady dealings to thank for getting them there, you should join one of these megachurches.
Also, Amazon isn’t a church with tax exempt status but I remember headlines a few years back something along the lines of they paid a whopping 0 dollars in federal tax or something just as unbelievable yet actually true.
If anything, churches are looked at harder because they have the tax exempt status, so people are looking for abuses of that, yet we have corporate entities that can sway the global economy skirting taxes in the open and even legally, somehow.
But I get taxed when I make my money, and then again when I spend that money, which was already taxed.
There’s no difference between a FANG and a megachurch. They are both for profit machines that bleed people dry. When the church pamphlet has bar charts on the back with quarterly projections, and the pastor/whomever lets everyone know that they are a few million behind their target, before discussing the scripture, their priorities are very clear.
The screens, coffee bars, childcare, and well produced music and video, are all there to make you feel special, part of something, relaxed, and wanting to come back, next week, after you get paid again.
The same way in Mad Man the account execs would take clients out to dinner and then to strip clubs to make them feel special and relaxed, so they’d later associate good feelings when asked to hand over their wallets, megachurches have what I listed above. If bowls of cocaine could be legally laid out, you’d be handed one while walking in.
Gotta spend money to make money, but they know the high rollers and if you pay attention, they don’t pay any attention to anyone not forking over cash.
Edit: if you want more signal that megachurches are not about God, look at how many of the 7 deadly sins they proudly embody. Greed. Gluttony. Pride. Those are obvious. Sloth probably also obvious. That’s gotta mean something right? These complexes are tiny cities that sit vacant most of the week.
"If you don’t think every business that makes it, and even more so for those that make it big, don’t have shady dealings to thank for getting them there, you should join one of these megachurches."
I was a contractor for one, so I had an insider look at the donation page optimization, dating apps, marriage counselling (90% of which involved a pastor in some way, including the stereotypical), seeing how people were pressured into donations, what interns were picked for, grandma being pressured into living her last $10 so that the IT team mostly there through connections could have $50-100/person lunches, etc.
And no - there is still a difference of outright misleading the most vulnerable, and I say this regardless of your views on religion.
Greyhats and especially bug bounty programs, pen testers, etc, have explicit authorization from the owners of the systems to access their systems, and perform ethical hacking with a mutually beneficial goal, hackers get paid, and the company gets a little bit less of an attack surface.
That’s not illegal
What’s illegal is accessing a computer system without the authorization of the owners of the computer system. Technically speaking, port scanning the internet is illegal hacking, as you are not authorized to scan each port number on any of those machines. Ever find a random ip and give port 22 a few random tries over ssh to see if the root password is “guest”, you just committed a federal offense, because you were not authorized to access and attempt to login to that system. Is anyone going to report port scans to the fbi? Failed ssh loggin attempts? (Use a vpn/tailscale and don’t expose ssh to the internet anyway).
I often wonder where “knowing” someone’s password and “hacking” their social accounts falls in this discussion. You see or hear about it all the time. “So and so hacked my page” If you have someone’s FB login info and they have no idea that you do, you may have permission to access FB, as everyone does if you accept their TOS, but you don’t have the account owner’s permission to access their account, and if FB knew it wasn’t the account owner, they would not allow that either. So if they don’t allow that, you’re likely violating their TOS, and no longer allowed to access their systems, so maybe it could technically be able to be prosecuted as illegal hacking, idk.
Ah yeah I guess it’s true they don’t have permission. At the end of the day I think it comes down to the owner choosing to press charges or not, or even detecting it and subsequently reporting it. I would guess that if the systems have ways to be hacked, the owners likely won’t see the hacks until the white/grey hat reports it to them.
Somewhat related, the hackers submitting a vulnerability disclosure to the companies are in a very “extortion-y” dynamic. I wonder how often companies get something like “pay us X amount or we let the world know today instead of waiting for you to fix it”.
Not really, because it depends on who the target is. If the greyhat for example maliciously targets a Mexican cartel or Iranian nuclear centrifuge, are they really the bad guy?
~You can have a root user with SIP enabled. SIP protects core OS files from being modified while it’s enabled. This prevents processes, even root processes, from swapping out core libs with modified ones, installing root kits, back doors, etc.~
I misspoke
> System Integrity Protection (SIP) in macOS protects the entire system by preventing the execution of unauthorized code. The system automatically authorizes apps that the user downloads from the App Store. The system also authorizes apps that a developer notarizes and distributes directly to users. The system prevents the launching of all other apps by default.
You aren’t being downvoted for telling people to have full control over the OS. You can do that with SIP enabled, or boot to recovery, disable, modify, enable, and have full control over your OS. How often are you needing to modify low level OS config that you’d rather make your entire machine vulnerable to root exploits than dance around SIP a couple times a year if that? That’s why you’re being downvoted, for advocating folks make their machine way less secure to save 3 minutes worth of reboot time a year, if that. Bump the hard limit once and you never need to touch it again.
3 minutes worth of reboot time a year for this, 2 minutes worth of reboot time for that, 1 for something else and 2 extra for no apparent reason. My previous company switched everyone to Mac and the second biggest reason I quit that job was that Mac was a horrible OS to work on. Constant reboots, crashes, no configuration for basic things like scrolling or window placement. Apple builds great hardware but the OS is only good to make presentations and edit video, not for software development.
A large number of extremely talented engineers might beg to differ. Everything you listed as an issue has a solution. Like any operating system, you have to spend the time to learn the intricacies of how it works and to customize it to your liking. For me, must haves are Alfred to replace spotlight, my dotfiles which change a ton of defaults in various apps like finder, the dock, etc, setup key repeat, iterm2 colors and profile, etc. divvy and magnet for window management. Caffeine to prevent sleep. Stats open source menu monitors to replace istatmenus
I’m sure there are newer equivalents to what I’ve listed. I’ve been using those programs for years.
I did find solutions for my problems on Mac, but the solutions were hard to find, poorly documented, subscription based or a combination.
Meanwhile on Linux it is generally fairly easy to find what you need in the documentation or in the forums. It can be a bit more involved when using some very niche tools but it's not worse than the average Mac app I had to deal with.
I am not a very talented engineer. I'm a normal engineer who enjoys his craft, tries to do quality work and tries to be efficient. My opinion is based on my experience using Mac and Linux alternatively for the last 5 years doing development professionally.
I have seen very talented devs using Mac, but also others that were just as talented and complained when they were forced to switch from Linux to Mac. Hell, the smartest most talented developer I have ever met (by a mile) developed drivers on Windows and he told me that for the type of development he did Windows was all right.
I have to doubt that there is any correlation between how talented a developer is and the quality of a OS because most developers I know use what the company allows them, and it's somewhat rare to be allowed to choose.
I will agree that recently, esp the last 2 major versions, the OS has gotten worse from a stability perspective. I have errors in my logs at a steady pace even on new machines and fresh, untouched OS install from the factory. They just never go away. The cloud services are always on and phoning home, even when you have everything that uses an Apple ID signed out. It’s becoming more intrusive and less configurable, but nothing beats the shortcuts or the mac keyboard layout, and the UI intuitiveness. I can’t go back to ctrl-s and everytime I’m on my Linux machine I struggle to do the ole carpal tunnel-s to save haha
Regarding your carpal tunnel comment. I started having carpal problems very young (in university). Then I looked into and went all in with an ergonomic keyboard, ergonomic mouse and ergonomic chair. It went away in a couple weeks and I haven't had a problem in 10 years, and I use the computer more than it could possibly be healthy. I've had younger coworkers complain and I always recommend getting a good setup because it pays off in health easily.
I’ve rolled my own mvc framework before, In php even! This was years ago when CakePHP was the new hotness and Laravel didn’t exist. Take it from someone who had your mentality and set off to make a tiny and no bs mvc that just gets the job done, the amount of work these frameworks are doing for you (backend frameworks) that you don’t consider, is why you should run a framework.
You don’t want to deal with processing a raw http request from the web server. You don’t want to split headers. You don’t want to sanitize input params, deal with character encoding, content types, gzipping, cache control, etags, basic authentication, flushing headers, chunking bodies, file streaming, tcp sockets, slow client avoidance, and probably 1000 other things I can’t recall.
No matter how unnecessarily complex you think a http framework might be, I assure you, it’s saving you from a mountain of already solved by people smarter than you or I complexity.
> You don’t want to deal with processing a raw http request from the web server. You don’t want to split headers. You don’t want to sanitize input params, deal with character encoding, content types, gzipping, cache control, etags, basic authentication, flushing headers, chunking bodies, file streaming, tcp sockets, slow client avoidance, and probably 1000 other things I can’t recall.
The Golang stdlib does all this for you, no framework needed :)
I honestly think Golang SSR with html templates + a sprinkling of Javascript to enhance is an extremely pragmatic way to go.
You build your entire service into a single binary (assets included with go:embed).
You shed the complexity of the framework AND the web server AND deployment in addition to React etc.
Golang is in a special class on its own. Write some handler functions and pass around a context struct and call it a day. I wish every stdlib took care of all that stuff :)
Well, I do all that and it works just fine for me.
All my projects are 100% my own code down to the core. No frameworks, nothing. There might be some traces of jquery in there from when browsers were more unreliable. I don't even use that these days.
To get to know those frameworks, I built some projects with Symfony, Laravel, Django and some others. But it didn't stick. They are too aggressive in their "do it my way, don't worry what happens behind the scenes, let me do the magic" approach. I had the best impression of Django. That is the only one I might give another try.
How’s your vulnerability reporting process and how much experience do you have interpreting complicated pen tester bug reports about some buffer overflow zero day in your homebrew query string parser?
Huge difference between working fine, and working right. The security implications of rolling your own, is why I say “you don’t want to…”
Also, none of that code has anything to do with the product you’re actually trying to build. Imo it’s additional maintaining, tech debt, attack surface, and it’s a solved problem by a large community and has more knowledge from the security community baked in, and more eyes finding and plugging holes.
In the aughts, when everyone was rolling their own framework, security and maintenance were a nightmare. It's undeniable. We traded one problem for another, however, and we've gone too far. I think the question at hand is which is more secure/maintainable: 10kb of custom utilities or 100mb of mystery-meat modules that, let's face it, will never be reviewed. It's not a simple answer.
Smaller file sizes or less LOC is not inherently safer than larger sizes or more LOC. if you’re building web apps, you’re more than likely reaching for a handful of packages, and so are millions of other people, and so are multi billion dollar companies, companies with staff who’s job it is to do supply chain security, PCI compliance auditing, security assessments, who hire pen testing firms, and some even write browsers and can sway the direction of our entire industry and the internet as a whole. Countless static code analysis is ran on the millions of CI jobs a day on builds that pull in the package, etc. If you’re using popular and maintained open source packages, people are looking at them. Shy away from no name packages with no usage unless you personally look at the code. That’s my take on it. I tend to trust the open source community to all be working towards the shared goal of well crafted and secure code for the world to use and benefit from
I’ve yet to find a framework that I really like. Ironically, most Python frameworks feel like they force way more coupling on your code than necessary, which is awful considering they are a dynamically typed language. So it feels like the worst of all worlds: Python performance, high coupling to something you don’t control, and dynamic typing.
I understand why these are designed that way, but also don’t enjoy using them. Frameworks can feel very narcissistic in that sense, all the code is about them, despite their promise that you’ll focus on your domain more.
I need to play with some of the Kotlin web libraries more, such as ktor or Javalin. There has to be something better out there.
Django is a super heavy framework that includes most anything you'd ever want. There's a ton to learn. Have you tried lighter-weight ones like Flask? I much prefer a lightweight web framework with an easy-to-use ORM/ODM.
Also, even though you don't use frameworks, I assume you use various libraries to handle web requests and such, right?
As for libraries: PHP has great http and html support build in already. Python is a bit tricky in this regard. That's why I would give Django another try for new web projects. But I also had success just rolling my own http/html code in Python.
Because it is, by far, much larger project? Django has 551k LoC in 31933 commits, Flask has 27k LoC in 5156 commits. Django philosophy is "be opinioated, and bundle everything necessary for developers". Flask philosophy is "do just one thing and just be a good HTTP server, let users pick a solution to all the other problems". Django is a full-blown framework, whereas flask is almost a library. Both approaches are OK, but from your previous message (GP) you prefer lightweight and magic-less frameworks (and Django relies on some conventions to do its magic).
>One thing that keeps me from investigating Flask further is that Django seems to be way more popular:
Both Django and Flask are way more popular that what you're doing (writing everyting yourself. By the way does it mean you write your own HTTP server too?), so I don't know why that stops you. Flask is not going anywhere.
>Me and other devs maintain this repo which shows how to get from a fresh Debian install to a running web app via different frameworks:
Interesting project, thanks for sharing! But that's a bit random - what was your intention when linking it? Also I can't help but notice that the flask example there has three third-party dependencies other than flask (flask-sqlalchemy, flask-login and wtforms). Since you like rolling your own solutions, maybe you would prefer Flask without such libraries? (I personally don't use flask-login and wtforms, and only sometimes use flask-sqlalchemy - I usually use standard sqlalchemy, my custom ORM, or just write SQL directly for simpler projects).
I don't mind so much about the LOC of a framework. If there is stuff in there that I don't use and that does not get in the way of me doing things, thats not that much of a problem.
As for Flask not going anywhere - well, all projects go down the drain at some point. Just 10 years ago, the Zend framework was more popular than Django and Flask combined:
Sounds like it’s by design. Payouts for clicks is way higher than impressions. Sneaky sneaky. Or, malicious payloads await on the other side.
My favorite is when a full react site loads up, doesn’t have error boundaries, hits some unimportant js exception, and the entire page that was fully rendered and ready to go just pops out of existence and you are looking at a white page. That doesn’t seem like forward progress at all.
Mozilla’s famous docs do this on my iPad pro rendering it utterly useless and honestly reflects badly on them, how can you claim to be an authority on documenting html/js when your site doesn’t even render?
People like to talk badly about w3schools but at least it manages the bear minimum of actually being able to render and display the information I’m looking for.
Ever heard of Guantanamo bay? Ask those people (those alive) if our country’s government has the ability to illegally arrest and detain people, torture them, kill them. They straight up said all this shit is illegal so we can’t do it in the US, we have to break our laws in some place we can’t be held accountable to them. That’s our government. Want more examples of illegally detaining, beating, and letting people die? Ask the folks locked up in cages when they come here seeking asylum, some of them kids, who die of starvation while being held against their will for showing up at the door and knocking. I’ll stop there but we should knock off the “them bad, us good” bullshit because all of the governments are shit that do horrible things, and america is world famous for drone striking entire families just to get one dude we labeled terrorist (our free pass to do whatever the fuck we want to someone), and dropping nuclear bombs on cities filled with innocent civilians, twice, when intel suggested a surrender was imminent without having yet dropped one.
When you point your finger at someone, you have 4 pointing back at yourself.
The US government doesn’t have legal permission to kidnap and murder you, not within the US. So it seemed to me like the comment was about china, sparking my reply. The comment could honestly apply to either imo, and maybe that’s the point. Do cops arrest people and kill them? Way too often. Those cops should be charged with crimes. But cops not being charged with crimes is not the same as it being legal, even if the end results are both the same. Or are we talking about the ability to imprison a criminal and put them to death for their crimes?
This is the problem with the original comment, it’s way to vague, or I’ve failed to make sense of it.
I am speaking of america or whichever your own local government or country is. Your government practically speaking has the legal monopoly to murder, torture and kidnap you. Chinese (if you aren't Chinese and not on their territory) does not have any legal power over you.
Not defending TikTok but there’s a wealth of public real time data from not just the US, but the entire world, some public api calls or scraping scripts away. Tiktok isn’t any more invasive than any other social media post, many of which are public and anyone in any country who wants to use the data can do so easily.
What trove of intelligence is being gathered by self obsessed videos of people mouthing a clip of some song or inspirational talk while begging for attention in the form of likes and follows?
I haven’t seen any sign of intelligence on TikTok that they even could gather lol, and if anything the app’s purpose isn’t to spy on us, it’s to make us dumb, inattentive, mindless consumers who all fight over everything and can’t compromise or work together.
My dad literally comes home from his job and scrolls TikToks of increasingly radical political rants and half naked chicks before inevitably passing out in his chair, phone in hand, mouth open, and whatever TikTok was on screen when he fell asleep playing on loop until he jerks awake or the phone dies. He’s not unique. So much of people’s lives are wasted on social media and it does them no positive
Google is “friendlier”, because they run some automated scans on the apk and you’re good. Apple has humans run your app to confirm it does what you claim, as well as a battery of automated scans and since they are using the app I’d imagine they look at network traffic as much as possible. I know iOS isn’t shielded from malicious apps, but there’s malware and viruses all over the play store. That’s because it’s free and “friendlier”.
> At Apple things have gotten way worse. Trying to automate release building is practically impossible and will require hours or CI pipeline debugging with error messages that don't mean what they say.
This isn’t Apple’s fault… every build system sucks up a decent amount of time during initial setup. You can cut down massive amounts of time between iterations by adding some common optimizations:
1. Cache artifacts when that step or job succeeds, so if a subsequent step/job fails, you can adjust it and start up where you left off, using the caches artifact to restore the workspace state. This complicates debugging efforts and I personally don’t do any optimization until the pipeline is reliably green each time. I just deal with slow builds and switch to other stuff or work ahead while they run.
2. Fail fast. The CI run should bail out if any critical steps don’t pass, so anything further down doesn’t run for no reason, burning compute time and delaying queued jobs waiting for a runner. While developing the pipeline, watch the logs and when you see something you don’t like, slap the cancel button, or collect a couple things you need to change and iterate with passes with 2-3 changes.
3. Use adequately spec’s hardware. Xcode is resource heavy and compiles need plenty of memory and cpu cores. Play around with what is a good compromise between power and cost. See if your project builds faster with more cpu cores, or faster cpu cores, etc.
4. Cache build dependencies. Mac builds have cocoapods or something close to that, and whatever that package system pulls down can be reused between builds, just remember that cache issues are a pita to spot, reproduce, and regression test, so I’d again not add this in until you’re green.
5. Write your pipeline steps in a regular bash script. Then make your CI jobs and steps just execute the shell scripts. This allows you to develop them all locally, executing the script/step you need and then CI becomes just a wrapper to glue it all together and do some caching and optimization. The more of the process you can work on locally the less you have to run on CI and wait for. Once the scripts are all working locally, wire them into CI and see what breaks. ProTip: whatever breaks on CI due to missing software, deps, configurations, is going to break for any new hire engineer trying to get up and running, so document those things and make sure your getting started readme has them, and you’ll make new hires onboarding suck less :)
As for useful error messages, or lacktherof, I’d like to introduce you to programming, we’ve been waiting for you ;) but for real, useful error messages are the rare exception, and many apis are this way. That’s not to say it’s ok, but you kinda gotta learn to work around it. I’m sure there is enough context to point you in the right direction. Also, the errors might be from random pieces in your build pipeline and not necessarily from the actual Xcode build, so make sure you know what is erroring in addition to what the error is trying to say.
> At least Googles process is quite simple and can be dockerized.
One man’s simple is another man’s “practically impossible”. Simple comes from familiarity/exposure which builds knowledge and confidence. Anyway, you can totally run your builds in docker if you want to, and many do, but I’d personally not introduce more complexity until you have your pipelines running the slow way with the least amount of mental modeling to do. Once you know it all works, then have a go at running the build you know is good, inside a docker container (which in this case is just packing up kvm/qemu/libvirt to facilitate the running of a vm back on the host, but it means you can run mac containers on Linux runners, which will be much cheaper than Mac runners since those are usually Mac hardware)
> Also why do I have to pay Apple $125 a year when it costs $100 in the US? The exchange rate from CHF to USD should be in my favor.
Couple theories. 1. They have additional processing or tax expenses when dealing with your currency which they aren’t going to eat the cost of. 2. The higher price could be to deter abuse if for some reason there is an abnormal amount originating from accounts who pay with that currency.
> As for useful error messages, or lacktherof, I’d like to introduce you to programming, we’ve been waiting for you ;) but for real, useful error messages are the rare exception, and many apis are this way.
This has been my experience with vitest lately - not sure if it’s the project, the build, or who knows what, but when a unit test fails I get an error that would be enough to work on with the given offending line of code displayed, except it is never any relevant LoC It sometimes highlights a line in a different test function all together, but usually just N lines down or up from where it should be.
As for other useful error messages… “what the fuck does PC load letter even mean??”
> Brain death is defined as the irreversible loss of all functions of the brain, including the brainstem. The three essential findings in brain death are coma, absence of brainstem reflexes, and apnoea.
If you don’t think every business that makes it, and even more so for those that make it big, don’t have shady dealings to thank for getting them there, you should join one of these megachurches.
Also, Amazon isn’t a church with tax exempt status but I remember headlines a few years back something along the lines of they paid a whopping 0 dollars in federal tax or something just as unbelievable yet actually true.
If anything, churches are looked at harder because they have the tax exempt status, so people are looking for abuses of that, yet we have corporate entities that can sway the global economy skirting taxes in the open and even legally, somehow.
But I get taxed when I make my money, and then again when I spend that money, which was already taxed.
There’s no difference between a FANG and a megachurch. They are both for profit machines that bleed people dry. When the church pamphlet has bar charts on the back with quarterly projections, and the pastor/whomever lets everyone know that they are a few million behind their target, before discussing the scripture, their priorities are very clear.
The screens, coffee bars, childcare, and well produced music and video, are all there to make you feel special, part of something, relaxed, and wanting to come back, next week, after you get paid again.
The same way in Mad Man the account execs would take clients out to dinner and then to strip clubs to make them feel special and relaxed, so they’d later associate good feelings when asked to hand over their wallets, megachurches have what I listed above. If bowls of cocaine could be legally laid out, you’d be handed one while walking in.
Gotta spend money to make money, but they know the high rollers and if you pay attention, they don’t pay any attention to anyone not forking over cash.
Edit: if you want more signal that megachurches are not about God, look at how many of the 7 deadly sins they proudly embody. Greed. Gluttony. Pride. Those are obvious. Sloth probably also obvious. That’s gotta mean something right? These complexes are tiny cities that sit vacant most of the week.