The Iberian outage had nothing to do with inertia.
The root cause was insufficient dispatch of reactive power due to non compliance of some power providers, and ultimately traceable to outdated procedures for the dispatch of reactive power.
Don't waste your time and money on funding bug bounties or "getting audits done". Your staff will add another big security flaw just the next day, back to square one.
Something is seriously wrong when we say "hey, respect!" to a company who develops an unauthenticated RCE feature that should glaringly shine [0] during any internal security analysis, on software that they are licensing in exchange for money [1], and then fumble and drop the ball on security reports when someone does their due diligence for them.
If this company wants to earn any respect, they need at least to publish their post-mortem about how their software development practices allowed such a serious issue to reach shipping.
This should come as a given, especially seeing that this company already works on software related to security (OpenAuth [2]).
It’s like an unwritten rule to only praise each other because to give honest criticism invites people to do the same to you and too much criticism will halt the gravy train.
I've struggled a bit on this: LinkedIn's positivity echo chamber vs. the negativity-rewarding dunk culture here. No greater power exists on HN than critical thinking using techno-logic in a negative direction, revenue and growth be damned.
Opencode don't have to maintain Zen for so cheaply. I don't have to say anything positive nor encouraging, just like I don't have to sh!t on youtuber 'maintainers' to promise incredible open source efforts which do more to prove they should stick to videos rather than dev. Idk. Not exactly encouraging me to comment at effing all if any positivity or encouragement is responded with the usual "hm idk coach better check yoself"
ya honestly I think i know exactly what to do
It's called "the world wide web" and it works on the principle that a webpage served by computer A can contain links that point to other pages served by computer B.
Whether that principle should have been sustained in the special case of "B = localhost" is a valid question. I think the consensus from the past 40 years has been "yes", probably based on the amount of unknown failure possibilities if the default was reversed to "no".
owasp A01 addresses this: Violation of the principle of least privilege, commonly known as deny by default, where access should only be granted for particular capabilities, roles, or users, but is available to anyone.
Indeed, deny by default policy results in unknown failure possibilities, it's inherent to safety.
I completely agree with this, programs are too open most of the time.
But, this also brings up a conundrum...
Programs that are wide open and insecure typically are very forgiving of user misconfigurations and misunderstandings, so they are the ones that end up widely adopted. Whereas a secure by default application takes much more knowledge to use in most cases, even though they protect the end user better, see less distribution unless forced by some other mechanism such as compliance.
I believe the parent is referring to how GNOME 3.0 had some really bad resizing grabs. Single-pixel widths at the edges, and almost impossible to hit corners.
I was about to suggest Xfce as an example where window resizing is effortless due to the <super>+<right click> behavior. You can just grab the rough sector of a window to resize it.
For decades, the unofficial Microshit motto has been:
Intel inside, Idiot outside.
Because Microsoft treated users as if they were idiots.
So basically tons of Windows related websites teach this infallible little trick as solution when a user gets a Windows BSOD (Blue Screen of Death):
Reboot!
Invariably, the reboot causes the Windows OS to start working again, till the recurrence of whatever circumstances (typically, hardware and/or software conflicts) caused the BSOD in the first place. It is left to the user to figure out what went wrong and how to prevent the issue from recurring again, as the BSOD messages are typically cryptic for the average user to decipher (maybe not so difficult in the modern era of AI assistants invocable from a handheld smartphone).
In fact, I would say the whole IT industry grew tremendously over the last few decades, because Microsoft's products were powerful, user friendly (to an extent, and until they worked), but quite complex to maintain (the dreaded Windows updates nightmares) and troubleshoot in case of issues. That's because every company using M$ products needed dedicated IT Support teams solely for such maintenance, help and fixes for M$ products. Even other vendors like Oracle grew as competition to Microsoft's corporate dominance.
The wonderful (and sometimes terrifying) world of antimalware software may not even have existed were it not for Microsoft products.
And if I am not searching for Salesforce or alternatives, and an ad for Salesforce or an alternative gets pushed into my face, the ad is wrong and the advertiser is wrong.
Just a few minutes ago, while copying 63 GB worth of pics and videos from my phone to my laptop, KDE forwarded me the error "File <hard to retain name.jpg> could not be opened. Retry, Ignore, Ignore all, Cancel".
This was around file 7000 out of 15000. The file transfer stopped until I made a choice.
As a user, what am I supposed to do with such a popup?
It seems like a very good example of "Eror Handling Without Purpose" as the article describes, but at user level.
Except that here, the audience is "a plain user who just dragged a folder to make a copy" and none of the four options (or even the act of stopping the file transfer until an answer is chosen) is actually meaningful for the user.
The "Putting It Together" for this scenario should look like: a non-modal section populates with "file <hard to retain name.jpg> failed due to reason; at the end of the file transfer you'll get a list with all the files that failed, and you'll have an option to retry them, navigate to their source position to double-check, and/or ignore".
> As a user, what am I supposed to do with such a popup?
Change the floppy disk. In the MSDOS days those messages were useful, as read errors might be caused by having the wrong floppy in the drive. The OS had no way to know when the floppy was changed and "Retry" allowed you to swap the disks back and try again. In modern days it is less useful, the behavior just got carried over.
Windows addresses this issue somewhat by scanning the directory tree before the actual copying starts, this can catch some errors before they happen and gives you better progress reporting on top.
But a single dialog that keeps track of the whole copy/move operations, not a modal dialog attached to individual read/write calls would be the way to go here. This is a case of the GUI sticking to close to what the OS is doing instead of what the user intended to do.
> Windows addresses this issue somewhat by scanning the directory tree before the actual copying starts
Which really sucks because no you need to wait for minutes before it actually starts moving or deleting. I generally just abort, start the midnight commander or just invoke mv/del directly.
> But a single dialog that keeps track of the whole copy/move operations
Which is what is the case here? The question and buttons appear in that dialog.
The error/retry dialog is for the failure of moving an individual file, not for a failure of the move operation as a whole. Those individual error dialogs provide no means to deal with cascading errors. All you can do is "Skip All", but that means you get no further information on errors anymore.
The error reporting should be part of the Moving dialog itself and provide a list of everything that failed in the move, along with potential ways to resolve it. More detailed reporting than "Could not read" would also be welcome (io, permission, ...).
This design still doesn't work: what if the user walks away and the computer is powered off in the meantime?
I.e. you need to write the report of this to a file itself. In fact you should allocate a decently large file upfront to make sure you can write the report and the error message (out of disk space for example).
A file transfer should remain active even if both devices (source, destination) are physically disconnected, or in network partitions, or when devices are full, need media change, etc.
The only valid states for a file transfer are: ongoing, fully completed with 100% success, or explicitly cancelled by the user with a full usable report of what got copied, fully or partially, and what did not get copied.
The file transfer dialogs and tooling of today's mainstream computing are stuck in the nineties.
> kidnapped by the US Army.... You just can't defend against everything
Of course not.
The litmus test IMO should be "what would a normal intelligent human do in this situation?"
A human would copy every file it could, maintaining a list of issues. When you were available to address concerns, it'd present the options to you. The human would give up if the US Army showed up, but a human would restart a TCP connection automatically without asking for permission again (or more analogously, redial a phone call). A human would save their work automatically, and when you showed back up, would find that work for you.
(In 2026, things like "retry" should be automatic outside some very specific limitations too, because of course a human would try again if they failed).
> what would a normal intelligent human do in this situation?
Problem is that this requires testing what actual "normal intelligent human" would do, because very often programmer has other ideas and UI/UX people have other ideas.
> A human would copy every file it could, maintaining a list of issues.
How do you know? From your idea what should be done instead of current version? I would not do it like you said.
Also, there are many reasons for transfer not succeeding and depending on a reason why transfer didn't succeed, you should make different decisions. sometimes reasons are not predictable by a program (a new file transfer method over pidgeons was transparently added to the system and "carrier attacked by predator" was not included in "how to handle this reason").
No, but imagine doing all the work to collect up a list of files that failed only to say, pop a modal at the end of the process that coincides with the user hitting Enter because they were multitasking and it auto-accepts the dialog. Information gone, context lost, in fact your entire design has failed to change the experience at all! All because of one UI overlap that's actually very common.
We have shared workstations for example where this would be a typical use case for non-tecchnical users across multiple user logins: ensuring you can check that the big data transfer was complete a few hours later would be very useful, but if you only do a fraction of the work for completeness then again, it's of no benefit.
Yes. The entire reason DEs expect people to dismiss those dialogs is because they are modal. And there's no reason at all for them to be modal.
KDE even got an entire notifications application, and discovered that it's bad to make them modal. But didn't move away from the idea of dismissing them on any interaction, it still acts like it's a modal.
The root cause was insufficient dispatch of reactive power due to non compliance of some power providers, and ultimately traceable to outdated procedures for the dispatch of reactive power.
reply