Why does our industry keep looking at things, claiming it's doing them, and doing the exact opposite of what the original idea was? A few examples:

Alan Kay (who coined the term) defined the key idea of object orientation as late bounding, so we ended up with a load of things that use rigid nominal type systems to tightly couple components, marketed as 'object oriented'.

The Agile Manifesto's core idea was 'people over process'. I've lost count of the number of times I've seen places claim they're using 'the agile methodology' because they have sprints, standups, and other processes taken from Agile.

The Zero Trust paper said, at its core, 'assume endpoints are compromised, design your systems so that an endpoint compromise doesn't automatically give control over everything', yet almost everything I've seen branding itself as Zero Trust has been of the form 'run some over-privileged thing on the endpoints to increase their attack surface, then if that thing reports that the endpoint isn't compromised allow it to do a load of things it shouldn't be allowed to do'.

When I was a PhD student, one of the lecturers would often join us for coffee. On this day, one of us greeted him saying ‘May the Fourth be with you!’. Then had to explain. He nodded along, looking at us a bit like we were crazy people.

A month later, he came to coffee and greeted us with ‘June the Fourth be with you!’

I saw that there’s now a mobile version of Roller Coaster Tycoon (Roller Coaster Tycoon Touch) and I thought it might be fun (one of the Netflix bundled mobile games). A couple of hours of casual play in, it was clear that the game was carefully designed to make it progressively harder and harder to make progress without in-app purchases.

@EUCommission , if you want to actually make things safer online, how about making that kind of predatory practice illegal? Children are particularly vulnerable, but so are a lot of adults. No need for age verification, just an outright ban.

So sad to see a such a respected game series used for this kind of whale farming.

Signal’s incremental backups are interesting. I had assumed that they would back up in fixed-sized chunks (with padding if necessary) connected by a hash chain so that you couldn’t tamper with the older ones, and you could replay them in reverse order to restore. It appears as if media are saved in individual files, individually encrypted, which looks as if it leaks the size of media (often, due to image compression, sufficient to uniquely identify a file) and the date at which it was added. That’s quite a big side channel for a secure messenger.

Did I misunderstand how it works? If not, people who care about privacy would need to be careful. If, say, law enforcement in an oppressive regime wants to ask ‘did you receive this file that was sent to a group chat for dissidents on this date?’ this would be trivial to answer for someone with access to the encrypted backups.