> but did they ever actually fix the WTFs from PHP 4
Depends what you class as a WTF. The older parts of the standard library are still wildly inconsistent in function naming and argument order, but that’s never going to change because it’s simply not worth the BC break.
But they’ve done a good job cleaning up the actually problematic bits of the language. Previous horribly insecure defaults like register_globals and magic quotes are long gone. And in recent years they’ve worked on tightening things up: many obviously incorrect behaviours have been promoted from notices or warnings to outright errors.
I am so, so tired of what technology has become, and it’s far from over yet.
At least on the software side I can focus on the small web and applications from independent folks with no intent to abuse.
Hardware is much harder. I’m glad I can still disconnect my TV from the network and watch everything through an Apple TV, but I don’t expect that to last forever. A TV that refuses to work without an internet connection or Apple slipping further into “services” and crapping ads everywhere like Amazon and Google are both futures that seem perfectly plausible. I hate it so much.
Anecdotally even palm rejection seems to have gone to absolute shit in Notes with iOS 18. When I go to write now there’s like a 50% chance the scroll position flies up the document.
I also tried their “handwriting improvement” feature that claims to clean up lines a bit while still looking like your own writing. All it did was turn legible writing into total gibberish.
The “play the podcast my wife sent me the other day” example is interesting to me. That shouldn’t be difficult to do without AI. Yeah asking a thing is always gonna be quicker (provided it works), but a well designed app should make that possible within like ten seconds.
I can’t help but wonder if the reason “agentic” systems seem so appealing to people is because as an industry we’ve spent the past fifteen years making software harder to use.
I had a similar example the other day. I was visiting Arizona for the first time and was driving in a rental car from Phoenix south to Tucson.
I have the latest Google Pixel, and was using Google Maps to navigate.
I pressed the "voice search" button from within Google Maps and said "What is the name of the mountain on the left that I'm about to drive past?"
Instead of a context-aware answer, my phone simply did a Google search for that exact phrase and showed the results to me. The top hit was a Reddit thread about some mountain near Seattle. :)
I'm wondering if you actually thought that there was a chance that Google Maps was going to answer you correctly?
I guess we're entering an age where people might have a reasonable expectation that any app is a context-aware LLM, but personally I don't have that assumption yet.
I’m not sure. If the word “podcast” wasn’t used then it might be tricky, but an LLM might figure it out from context.
It also depends on the context of the action. If you’re sitting in front of your computer, yeah, no big deal. Type “podcast” in the search field of the messages app and click the thing it finds. But if you’re busy cooking dinner or cleaning out the cat box, it’s a pain to get your phone out and poke around. The main draw of voice assistants (at least to me) is that they let you do things quickly when you don’t already have a device in your hands.
The problem is that this only works if your spouse used an apple application to tell you this information. If she used messenger/IG chat/whatsapp or gmail or her work email there’s no way for Siri to know about it.
I feel like there must be some sort of disassociation that kicks in when you spend long enough in the upper echelons of these gargantuan corporations. It's almost like spending long enough dealing with abstractions like MAUs, DAUs, and engagement metrics make you forget that actually, at the bottom of it all are real humans using your product.
Modern entrepreneurship is basically gradient descent. You try to predict what action will yield you more profits, you do that action, rinse, repeat. It's a completely abstract process.
Same for me. I enjoy what I do, but if I didn’t need the money, I sure as wouldn’t be doing it for someone else. I’d just be working on whatever projects I found interesting.
Career goals? Keep things as they are.
Work is only something I have to do to have a decent life the rest of the time.
Unfortunately it feels very difficult to say that in earshot of one’s employer without being branded some sort of burnout slacker, even though I do work hard and to a high standard.
Heh, my employer is rolling out Zscaler this year. The limited trial a few months ago was hell for folks using WSL primarily, with Docker images adding an additional layer of pain.
The people in the trial got very little done until it was decided to pause it, and I do not have high hopes for when it’s tried again. It strikes me as basically running malware in the name of security.
I worked at a government agency that used Zscaler to perform TLS MITM inspection. You have to create a tunnel to a Zcaler datacenter and send all your traffic to them encrypted with a certificate they provide so they can decrypt it. Then they encrypt it again and send it on its way. It can detect things that otherwise could not but you are putting a LOT of trust into Zscaler security because anyone who hacks them can see EVERYTHING you are doing. And it is a HUGE waste of processing power and joules. You can create exceptions for URLs and source IPs.
I much prefer filtering on the endpoint before TLS encryption.
You'd think last year's Clownstrike incident would put the lie to the efficacy of the fucking-for-virginity approach to endpoint security favored by organizations but no.
At the enterprise level, security isn't really about security, it's about having an audit trail so bad actors can be caught after the fact.
You would be surprised how much of corporate cybersecurity is done like this. It has not in anyway improved sine crowdstrike, on the contrary EDR shenanigans has probably grow 100% since last year.
These security companies must have really good salesmen. Or maybe IT departments are always ran by clueless fools, who knows?
The security team cares about minimizing risks to the company and to their own careers.
Deviating from what everybody else is doing makes it so that the burden of proving that your policies are sane is on you and if anything bad happens your head is the first to roll.
You use CrowdStrike and the company lost millions of dollars due to the outage? That's not your problem, you applied industry standard practices.
You don't use CrowdStrike and the company got hacked? You will have to explain to the executives and the board why you didn't apply industry standard practices and you will be fired.
> Or maybe IT departments are always ran by clueless fools, who knows?
I think IT has its fair share of clueless fools, but what I've noticed is that when the "security department" is separate, people there tend to have no idea what they're talking about and rely on checklists. Plus, "everybody uses X, that means we're missing out".
There's no reason to do anything else. Nobody has gone to jail as of yet for not securing their company, and even "security" companies that get utterly popped still have plentiful business a year later.
There is no legal incentive to do good security. There is no market incentive to do good security. Why is it so surprising to people that we have abysmal security?
In my case, it's surprising because companies waste a ton of money buying snake oil and aggravating their users for next to no benefit. You'd expect companies that "only care about their bottom line" to optimize this away, yet they don't.
It is like hiring bodyguards. Bodyguards could kill the person they are protecting at any time BUT they have an economic and legal incentive to not do so and so you bet that the odds of being killed by bodyguards is far lower than by some random stalker.
Like wise giving Crowdstrike root access to everything is a bet that you will on the whole be more secure than if you didn't and for most companies I believe this is true. But if you are Google or AWS you are going to be able to do better than Crowdstrike.
Compelling users to have software indistinguishable in its operation from malware running on their machines for security purposes is, as the expression goes, like fucking for virginity.
They even do per-service stuff- their big AI feature is that it will detect people pasting social security numbers or other PII into ChatGPT and block it.
"encrypt it again" in this case means establishing a new TLS connection to the original host and forwarding the decrypted contents in this new connection. This is obviously required if the original host only had a https endpoint, and (more importantly) so the traffic isn't exposed on the wider internet.
I already had a GBA Everdrive but I picked a GB/C one up because for about a year after release, the FPGA cores didn't support the display emulation features of the Pocket, which is a good chunk of the reason I bought mine. I believe they are now all fully supported though. The Pocket's sleep doesn't really work with flash carts either, so arguably the core + SD card route is now the better option, though I still own my AGS-101 model SP and GB micro, and it's cool to play on those still sometimes.
The PS2 had DVD playback, huge popular franchise support, and the very positive reception of the PS1 going for it.
I don't know how it compares to the Dreamcast in raw horsepower, but compared to the GameCube and Xbox it was firmly at the bottom of the pack in that regard. It ended up not mattering in light of the games and its ability to play DVDs.
I wouldn’t say that, but it certainly was a big one.
The other big thing is that Sega had just burned so many bridges during their surprise gotcha Saturn launch in the US that a lot of retailers didn’t want to deal with them again.
If they had been coming from a stronger position I wonder if they would’ve done better.
But it was a Sony, MS, Sega and Nintendo race. That’s just too many, someone wasn’t going to make it. And as the weakest of the bunch they were the most likely.
As an unknown Microsoft could’ve been, but they got a huge hit with Halo and had the money to push through either way.
Probably true for the US. In Europe, it was very country-dependent. Here PS2 sold simply because it was the new PlayStation, to a public that for the vast majority wasn't even aware there was competition.
This. Thrifty parents with no interest in gaming saw the PS2 and thought "Sony DVD player". The GameCube was merely an expensive Nintendo time sink. To this end my brother and I took out a loan to buy out GameCube but could have gotten the PS2 for free for Christmas - we wanted to play Super Smash Brothers et al that much and knew that we couldn't avail ourselves of the PS2's better-selling titles anyhow due to their M ratings.
As I write this it does feel like both Sony and Microsoft really started to push the whole living room entertainment convergence thing around this time while Nintendo happily stayed in their lane. The same dynamic continues to this day.
Depends what you class as a WTF. The older parts of the standard library are still wildly inconsistent in function naming and argument order, but that’s never going to change because it’s simply not worth the BC break.
But they’ve done a good job cleaning up the actually problematic bits of the language. Previous horribly insecure defaults like register_globals and magic quotes are long gone. And in recent years they’ve worked on tightening things up: many obviously incorrect behaviours have been promoted from notices or warnings to outright errors.
reply