they are using multiple cloud providers, but judging by the cloudflare r2 outage affecting them earlier this year I guess all of them are on the critical path?
Quick suggestion: maybe contact the vendor company and offer to create a frontend for them instead as a contract thing?
---
I've gone through the exact scenarion in your question though, this is roughly the path I took (Estonia & EU, YMMV in other jurisdictions):
- start by going over your contract - is this overall even allowed? Some companies capture all IP you create 24/7, in this case you'll need to get the contract changed or get an exception
- even if your contract allows doing other work (creating separate IP) outside of company time, still ask for written permission from your manager and possibly a skip level or two. I got a written email from my VP of eng and CTO before proceeding.
- you will probably need to _completely_ separate your own work from the company work. This means using your personal laptop, never working on this during work hours, etc. Separating this sometimes can be hard, especially if you get something like a bug report from your employer - you can't work with it until you're off the clock.
- I also completely cut myself off from the purchasing decision - I let them know I was working on a project, gave them a landing page and let the purchasing team do a decision completely on their own
- if you hope to build a business out of this it's best to be upfront about it, e.g. by telling your manager that you might leave to focus on the business full-time if it takes off
All of this assumes you're on good terms with your employer overall.
I'm not an expert, but I think an enterprise NVMe will have some sort of power loss protection so it can afford to fsync to ram/caches as they will be written down in a power loss.
Consumer NVMe drives afaik lack this so fsync will force the file to be written.
I agree but I'm not sure it's just microsoft- meta's instagram, whatsapp and quest are all acquisitions of already sucessful products. Oracle are similar.
I think, up to a point, and especially in the US where antitrust is pretty lax, it's a very safe investment to just buy other already sucessful companies.
The most glaring example in recent memory would be the amazon monopoly and the evidence i submit is diapers.com
with enough money, you can fund your investments to strategically take down every mom and pop.
amazon can’t take on every consumer vertical simultaneously, but they used their funds to drive diapers.com into the red, because as a parent you’re scrwed either way and comparing food to diapers, will buy the cheaper diapers instead of the cheaper food.
amazon wanted diapers.com
diapers.com said, we’re good this isn’t a billion dollar enterprise, but it pays the bills.
amazon bought it after making sure they couldn’t actually use it to pay the bills.
> With GitHub, TypeScript and VS code I'm probably using more Microsoft products than before.
cool, how much money have you paid to Microsoft to use those?
Except for Github (which they bought, by the way) probably not much. And github has some serious competitors (Gitlab which is just great and to a lesser extent, bitbucket).
Not true, at least not according to MS themselves. MS have done several studies and adoption of these tools drive adoption of Azure. That's why MS invests in it.
They've been quite clear about this. The one platform/OS was Windows. The new platform/OS is Azure/Cloud. It's almost like saying Google doesn't make any revenues from search, only from selling ads.
VS Code is also low-key keeping Windows relevant as a developer OS. If something else came along which was truly very excellent but was only working well with Linux, and VS Code was not there to be the de-facto go-to solution for most new devs, it could eat away more of Windows marketshare.
So I see VS Code as a slight moat, also in its promulgation of dotnet-isms. So I think VS Code drives some revenue Microsofts way in a pretty diffuse but real way.
That's why I wrote slight. VS Code is more of a backstop to make sure developing on Windows doesn't suck. Don't let Windows fall behind kind of thing. Every cross platform thing is biggest on Windows by default because Windows is the biggest platform.
VSCode Server and other remote dev servers are a big deal. Before we had to sync or mount a remote partition to manage the gap between Windows and the *nix server. I remember just plain using vim over ssh to avoid the hassle.
That pain existed under macos and linux as well, but to such a lower extent as you could do so much more locally.
While Jetbrains does it too, VSCode being strong guarantees it stays a viable path in the future.
How is VS Code a moat when it's platform agnostic? Plus the developer market is just a fraction of the overall market.
MS Office is the real moat, as is Windows XP/7. Everyone use MS Office because Google Slides/Docs/Sheets is a silly contender to the MS Office suite. Windows XP/7 because that's what a huge percent of the human population using computers grew up on today, so they're most familiar with it. And let's be honest, that's not going away, even as MS enshittifies Windows 11, simply because no Linux build can apparently mirror the Windows XP/7 UI (for some reason, not even Mint) while Apple is hell-bent on doing its own thing on the sidelines.
The day MS breaks Office suite is the day Microsoft goes down, but that's unlikely because the current crop of devs at MS don't even know how to get started. Microsoft could literally not do anything and still make tons in revenue.
> And let's be honest, that's not going away, even as MS enshittifies Windows 11, simply because no Linux build can apparently mirror the Windows XP/7 UI
Windows 10/11 does a really bad job at emulating XP/7 UI. It is about as foreign to XP users as Debian or whatever.
I made a XP VM the other month to run some insane software I had to run at work.
I felt so much at home. It was so nice. Everything was awesome. The control panel was awesome. The distinct buttons were awesome. The start menu was awesome. The 'My computer' at desktop root was awesome.
All in muscle memory, still.
Then I am back out to 10 and can't figure out where my app shortcuts are without knowing their name or what of the 3 or 4 different control panels I am supposed to use.
I think in this case it's the customers of their customers, e.g. people sending emails to support@acme-corp.com. In that light requiring all emails coming into support@acme-corp.com to have SPF and DMARC is bad for business indeed, not only for Zendesk but probably also for the fictional ACME corp.
EDIT: they absolutley should not use an autoincrementing int as a "support-chain token" though, that's a workaround they could easily do.
> EDIT: they absolutley should not use an autoincrementing int as a "support-chain token" though, that's a workaround they could easily do.
I checked my email archives and some (but not all) of the emails I've received from Zendesk have arbitrary alphanumeric ids in the Reply-To header instead of integers. Seems to depend on the company, perhaps this is a configuration issue?
I’m not clear on that. If the support requestor doesn’t need to be from the company, then I don’t understand why the email sender has to be spoofed in the first place.
The attack requires getting yourself CC’d on a support ticket. In this case to show how bad that is, it was a support ticket that had an oauth ticket to log into slack as “support@company.com”.
From the description, sending an email to support@company.com creates a support ticket, to which you can later latch on by adding a Cc. My understandig is that, at least in order to get the full history of a ticket, including any other emails sent to support-$ticket-ID@company.com, the primary sender needs to be from the company as well. Otherwise, why would you need the Cc hack?
The email sender needs to be spoofed in order to add the CC.
1. Apple sends a legitimate email with a verification code from appleid@id.apple.com to support@company.com, creating a ticket in Zendesk.
2. The attacker then sends an email to support-$ticket-ID@company.com from appleid@id.apple.com (spoofed), attaching their own email address in the CC field.
3. Since the attacker is now CC'ed they can read the entire history of the ticket including the legitimate email Apple sent in (1) containing the verification code.
4. Now that the attacker has verified ownership of the Apple ID with the email address support@company.com they can use that Apple ID to login to any service that grants domain-based access via Sign in With Apple, such as Slack.
My understanding is that, the original sender (spoofed apple in this case) can send the reply to support-$ticket-$id@ with CC field to grant full access to the thread for CC'ed email.
calculator app on latest macos (sequoia) has a bug today - if you write FF_16 AND FF_16 in the programmer mode and press =, it'll display the correct result - FF_16, but the history view displays 0_16 AND FF_16 for some reason.
afaik Spotify does none of those ways. They take the total amount of money earned per time period and divide it to artists based on the total_artist_playcount / total_playcount in that time period, after taking their own percentage cut. It's closest to Way 1, with the difference that you can listen to whatever - if Taylor Swift is the most popular artist right now and gets, say, 1% of all plays then 1% of your subscription will go to Swift.
when I saw them live ~18 years ago they made heavy use of gradual fade ins (swells) with an ernie ball volume pedal, it does have a similar sound to a reverse delay effect.
Yeah, that was about the same time when I saw them. From memory they just looked like your standard 3 piece but had those lovely backwards sounding swells. I recall being really surprised because it sounds like the sort of thing you’d struggle to do live.
