C J SilverioHorrible elitist opinion: most programmers aren't very good, and we’ve just cranked their blast radii up ten times or so.
Mx. Aria Stewart@ceejbot Not wrong.
@ceejbot But also: _this is why we design processes and contexts to minimize harms_.
Unfortunately that means now _re_designing a bunch of them.
Glyph@aredridel @ceejbot fundamentally this _is_ the difference between a good programmer and a bad programmer.
a good programmer will think "I am not a good programmer. because of this, I will design for safety, because I will make mistakes."
a bad programmer thinks that they can try a little harder and be safe that way
dreid@glyph @aredridel @ceejbot I think a lot of people are working on the assumption that mistakes aren't as costly anymore.
You won't have to live with the consequences very long and you can just rewrite everything if the technical decisions you make end up being wrong.
This doesn't hold for genuine safety issues, like things affecting the privacy and security of your users, but industry was already caring about those things pretty reluctantly.
@dreid @aredridel @ceejbot I have the *subjective* impression that things were improving for a long time and in the last few years there has been a catastrophic regression to a previous decade's lack of concern, but it's hard to put any real numbers to that
@glyph @aredridel @ceejbot given the choice of being out competed by someone using AI and losing all your customers data because you used AI the choice if obvious.
There are provably no consequences for the latter.
You can calculate exactly how much a year of free credit monitoring for all your users will cost.
ShadSterling@ShadSterling @dreid @glyph @[email protected] they do. It’s worth one "trying to keep us from getting sued”. That's who it has value for.
@aredridel @dreid @glyph trying to, sure, but does it have enough value for the recipients to have that effect? I’ve started unsubscribing from some of them because I really don’t need a dozen alerts every time I make a student loan payment and my debt balance changes; the only value they have to me is the negative value of letting them pretend the breaches don’t matter, and that makes me more interested in suing, not less
@ShadSterling Yeah, dunno. It sure seems to. It changes it from "you didn't do anything" to "you didn’t do enough” which is a different ~~class action lawsuit~~ flood of arbitrations
@aredridel I don’t doubt they would claim that, but with respect to addressing either the cause or the potential harm they have done nothing. Credit monitoring can protect against a few kinds of harm, but with every bank already providing that, another one doesn’t increase the protection. And it can’t even potentially protect against use of stolen data for any kind of targeting, whether price profiling, voter disenfranchisement, harassment, or the less common violent attack
@ShadSterling Ayup. But it can reduce getting sued over it!