Kafka is fairly different from the rest of these — it’s persistent and designed for high read throughput to multiple simultaneous clients at the same time, as some other commenters have pointed out.
We wanted replayability and multiple clients on the same topic, so we evaluated Kafka, but we determined it was too operationally complex for our needs. Persistence was also unnecessary as the data stream already had a separate archiving system and existing clients only needed about 24hr max of context. AWS Kinesis ended up being simpler for our needs and I have nothing but good things to say about it for the most part. Streaming client support in Elixir was not as good as Kafka but writing our own adapter wasn’t too hard.
The point is this might work for a surgeon but does not for an attorney. There are enough jurors who would be strongly biased against anyone arguing before them with purple hair and tattoos that it's exceedingly unlikely anyone with such an appearance ever could rise to the top of his field.
This would also be true in e.g. M&A. Even if Cravath's fieriest new partner looked like that I'd hesitate to hire him. Patent law might be an exception, but if I needed to actually go to court, WilmerHale's top guy would still be a liability. Even in a bench trial the judge could see it as disrespectful or look down on my representation because of it. You see my meaning here?
On the table, the surgeon's appearance has little or nothing to do with his ability; in court, a lawyer's appearance can be crucial.
The best lawyer is one that will convince the jury of your innocence. Courts recognize that having defendants appear in prison jumpsuits is prejudicial and can bias a jury [1]. Good lawyers understand and shape optics to help their legal arguments. I know that we all have unconscious biases that affect our judgement. While I think we should build systems that are better at removing those biases and allowing different types of people be successful, I am not going to risk going to jail to make some sort of point. I am going to use every tool at my disposal to make my case. If cutting my hair or shaving my beard or wearing a certain color tie is likely to help, I’m going to do all that. I’m also going to have a lawyer that does that as well, including no crazy purple hair or face tattoos.
Your surgeon paradox says that if someone is successful despite not looking the part, they must be all the better. But are there lawyers with face tattoos or crazy hair that are considered successful in high stakes criminal law in front of juries? For corporate or patent or tax law, that is so much about a deep intimate understanding of hundreds of thousands of pages of ultra specific “loopholes” and optimization strategies, I would not be surprised if there were lawyers who look very alternative. But criminal law lives and dies on persuading people who are not legal experts.
Sure but that’s a bit silly. Switzerland’s GDP is something like 50x that of Afghanistan. UK GDP in 2025 is much higher than in 2003, too. Of course not 5000%
Yes, and and increases in the price of essentials (food, housing, utilities) have a greater effect on livings standards of the worse off and are not captured in the numbers.
Algebraic subtyping and structured typing are not the same thing. Algebraic subtyping is a specific approach to type inference and checking of subtyping, which may or may not be used with structural types.
Well as software engineers there’s not as much we can do for people who don’t have computing devices, but it’s still important that information be accessible without them.
Well, people can have laptops, or "unsupported" phones (i.e. non-iPhone/Android).
Locking all sorts of basic stuff to two for-profit closed platforms sounds rather non-ideal to me. It's also quite a shift from stuff being web-based, where in principle you or I could sit down and write a compatible browser and/or port an existing browser (some work, but very doable).
It's not all that different from locking everything to Windows and/or Internet Explorer like it was 20 years ago, except worse because it's so much more pervasive now. The old "mandatory Microsoft tax" got replaced with a "mandatory Google/Apple tax". Any startup has basically zero chance of entering the market.
Having a vuln that many other terminal emulators have had is pretty different from the string of unique and extremely bad vulns that iTerm has had over the years. It’s possible that we’ll see similar from Ghostty, but it’s a much newer and I believe smaller codebase, so I’m willing to give it a second chance.
I've been using iTerm daily for something like a decade at this point and I'm struggling to think of any examples of this string of extremely bad vulns. There's this one, which is specific to SSH integration. There was CVE-2024-38396, which is the window title escape sequences I was talking about above.
A vuln every 7-8 years is "a string of unique and extremely bad vulns"?
I use iTerm2, mostly because that's what I'm used to: I installed it on my first Mac years ago when Terminal.app was really bad. I'm willing to switch to another terminal, but I don't see yet how iTerm2 is so much worse than the competition security-wise.
(I also don't understand the general animosity towards an opensource project with one developer doing all the work for 15 years.)
Point being: it’s not hard to see what I’m talking about if you look up previous vulnerabilities in iTerm2, particularly around its sophisticated integration features. (I suppose I talk about this enough that it might be worth compiling all the history I’m aware of somewhere, I don’t want to sound like I’m just making this up)
> I also don't understand the general animosity towards an opensource project with one developer doing all the work for 15 years
I have nothing against George Nachman and iTerm2 is certainly an achievement, one that I probably couldn’t replicate myself. Nonetheless I feel the need to hold my terminal emulator to higher standards because it processes sensitive data and untrusted input with (inherently) poor isolation between the two. Until Ghostty I used Terminal.app for many years, having previously switched away from iTerm2 after the vulnerability discovered in 2017. That’s still what I recommend to people because it has a much smaller feature set and thus attack surface compared to iTerm.
I hope I didn´t sound like I did not believe you, I honestly had no idea. I don´t get an update for iTerm2 every week so I figured it was mostly stable / had no sec issue.
Following this discussion I decided to give Ghostty and kitty a try. I kept Ghostty, mainly because the shortcuts I use the most in iTerm2 are there and I like the default theme (yes, I'm a simple person.) It has less features / integrations I don´t use anyway so I guess the attack surface is smaller.
Probably true, but it still stings that this dubious piece of software (speaking as a former iTerm2 user still holding a grudge) had been spraying my passwords and random terminal activity all over the internet in the form of unencrypted DNS requests for who knows how long, deliberately, due to mindless opt-out featuritis on the part of the developer. In my mind this is one of the clearest violations of privacy and information security I've been directly subjected to, because the developer had some gee-whiz-neato idea of highlighting URLs in a terminal and making them clickable.
It pains me to think people are still exposing themselves to this class of risk because of whatever iTerm2's latest and greatest idea is.
I think it's very reasonable to point at the development model and go, "I think this is bad and specifically the cause for security vulnerabilities". If you want to make that your position (I am sure it is already, and I don't think it is particularly controversial) that is completely fine. But there's a difference between holding that and your actual comment. Like, this was 100% unintentional, and people literally introduce malicious or undesirable features in their software all the time. Maybe we should save the tarring and feathering for that, and come up with a more measured take for stuff like this?
I can only find three CVEs prior to this. It's only one of those that I would qualify as "extremely bad" (the DNS query leak you mention below). The others are the window title bug GP mentions and the undocumented maintenance of a plain text search history file.
This reads: for it to not be true that every hat in the collection of hats is green, there must exist at least one hat in the collection of hats that is not green.
Sure you can? You can just pass e.g. a Task around in C# without awaiting it, it's when you need a result from a task that you must await it.