Egregoros

@lain

> age of the personal software is here.

it was already here if you had enough motivation. If my memory is correct about the person involved:

There's a private variant of FreeBSD which I've seen referred to as BruceBSD*. Bruce Simpson is a long time developer and has made massive changes to the kernel that were never upstreamed. :)


* perhaps only on IRC? my email searches are coming up empty

edit: not Bruce Simpson, another Bruce. Too many Bruces. I can't remember which one and my email searches are coming up empty.

@phnt @feld @lain Nah it's about footguns, hallucinations, "do at all costs" thinking, etc. When you write some giant stack of slop to help you do X and it ends up doing something unexpected, the possibilities are endless.

"Write me software to share these pictures with Grandma"

"Okay, just open these ports on your router!"

Not everyone is smart enough to understand the implications of what they are trying to do, and AI will generally not stop you because argumentative agents don't sell well. It's a fast track to fucking up.

@feld @phnt @lain I'm saying people don't read the safety labels and end up chainsawing their arm off because they don't know better.

Think about all the accountants who made giant Excel macros that are totally unmaintainable. Think about all the customer service departments that made Access DBs off a shared drive that ran into scaling issues. Think of all the software devs who thought it was a good idea to store CVVs.

It's not that technological progress should be stopped, it's that people who don't know better won't stop and someone will pay the price.

@7666 @phnt @lain

> Think about all the accountants who made giant Excel macros that are totally unmaintainable. Think about all the customer service departments that made Access DBs off a shared drive that ran into scaling issues.

both of these are 100% fine. The business operated and was successful. Perfect is the enemy of good. Prematurely optimizing especially in tech is one way to guarantee your business fails. You should always use what is cheap and works for as long as possible and then address the issue when the time is right.

> Think of all the software devs who thought it was a good idea to store CVVs.

Let's roll back the clock to when this was really popular. The issue was recurring billing. The only way to charge the card was to keep the CVV. We had to wait for the credit card companies to solve this problem for us. At least as far as I'm aware, when the CVV was invented they didn't provide any mechanism to keep billing the same card without keeping the CVV on file.

@feld @phnt @lain >both of these are 100% fine.

Only if you're not the guy who has to clean it up when it should have been in a bloody SQL DB in the first place. Technical debt should be burned with a flamethrower at all times. The endless pursuit of scale without discipline is what gets people into these messes and it will be cheaper in labor cost every time to just think it through prior.

>The only way to charge the card was to keep the CVV.

Recurring "card not present" transactions never required the CVV as far as I'm aware, and at no time was it allowed, even to solve a business problem, because it defeated the purpose of what CVV was trying to do (stop stolen cards). In almost all cases it was better to find a payment provider and iframe their shit in unless you were a bespoke payment processor, or find a tokenizer service which yes, they did exist back then.

But again, this proves my point that the "do it at all costs" mentality is a *human* flaw. We can't help ourselves, when handed a hammer, to treat everything as a nail.

@7666 @phnt @feld @lain you're never supposed to store CVV or CVV2, many intermediate vendors though didn't have any recurring transaction apis so yes a lot of people would break the rules and store it which was a major no-no. there used to be a loophole in the spec that you could "store the cvv long enough to execute a transaction" which meant like, in memory or something until it finished, but online vendors interpreted as "store it in the database so I can charge them 3 months later" don't ask me how I know. but they closed the loophole. cvv literally means "the card is present" if it's not present, you're breaking the rules.