got-your-back uses Gmail's API instead of IMAP with an insecure app password, which is a discouraged way of accessing Gmail and will eventually be phased out in favor of OAuth access tokens over IMAP (in fact, I thought it already had been).
As for other services beyond Gmail, there's not a great ecosystem for exporting.
For one-off exports, Google Takeout is decent enough, although there's a lacking ecosystem to import the big .mbox files back to an email provider.
> insecure app password [...] and will eventually be phased out in favor of OAuth access tokens over IMAP
What's so "insecure" about "per-app passwords"?
I ask, because I've lost the past 5 years of my life to building and running an internet-facing OAuth2+OIDC IAM system and I'm (still) an active contributor back to the open-source OIDC framework it's built-on. I grok the grants and flows and I've got the blood-pressure to show for it (and developed a healthy opposition to SAML); but despite all of that, I appreciate simple solutions to problems where there's a very real risk of over-engineering - and especially when a simpler system (like per-app passwords) can make a system overall more secure because there will be less mistakes being made, even if some clinicaly-dry technical assessment mathematically proves the complex solution is more "secure" by some measure.
///
> although there's a lacking ecosystem to import the big .mbox files back to an email provider.
Everyone I know (okay, just a handful of ("normal") people) who has done this ended-up converting the .mbox to a PST for Outlook and copied it over to any other machines they have; it's an archive mailbox after-all, so just put it in read-only mode and don't worry about data-synchronization issues.
Kinda ironic that Gmail's credibility was/is built on ex-Outlook users looking for something better, only for Outlook to be the refuge (and last resting place?) for hundred-gigabyte-sized e-mail archives.
I need to supply a correction: apparently Outlook does not support opening PST files[1] that are protected as read-only by the filesystem (which is both disappointing and alarming...).
> a simpler system (like per-app passwords) can make a system overall more secure because there will be less mistakes being made
But a mistake WILL be made, because humans are fallible, and mistakes with a long lived bearer token can be extremely damaging, and can remain latent for a long period of time (e.g., password accidentally saved on disk and "deleted").
With proper OAuth, a lot of mistakes can be practically harmless (e.g., access token accidentally saved somewhere).
I didn’t know about that. However, I explicitly wanted to avoid having users to create an OAuth project because it’s a hassle. Also these tokens can expire if they’re not refreshed after a while.
I have a colleague based in the UK who got infected with COVID in the early days of the pandemic, before any measures were taken. He still has important health issues - and he's young (under 30).
Similarly, I have a friend who got infected over the 2020 summer (even though he was taking precautions), and again, he's still seeing doctors, taking medical trials, etc. because of his long COVID symptoms.
I know it's n=2, but I would not dare being so fast to say "it's about 6 months on the longer term, and very rare". I didn't take this very seriously as I'm young, but these two cases shifted my perception on the issue and made me adjust my routines just to err on the side of caution.
there has been an analysis of the second biggest public health insurer in Germany (Barmer) that had a statistic that said that 6-7% of all of those infected were ill (and not working) for more than 12 weeks (and the numbers for young people weren't far of, like 4-5%)[1]. Also, there has been a study in UK that 400k people suffer from long covid [2]. Caution really is the only way as long as one doesn't have the double vaccination.
> "it is nonsensical to compare covid to other major pandemics […] Covid will never even come close to those numbers. And yet many countries have shut down their entire economies"
> "That makes covid a mere blip in terms of its effect on mortality."
This sounds wrong to me for several reasons. First of all, it's silly assuming that other countries are shutting down their economies without a very good reason for doing so. As I understood it, the "good reason" for doing so was that the infection & death rate was growing so fast, that it was putting hospitals & morgues way beyond their capacity. At the same time, the situation was keeping non-COVID, hospital-worthy visits out of the healthcare system, thus creating a massive public health problem.
(Let's not forget the improvised hospitals, improvised morgues, etc. These were very real.)
It'd be interesting knowing why somehow the COVID cases 'vanished' from this doctor's hospital. But instead of looking into why this happened, this doctor is just saying "turns out that the problem went away, so in the end it was good that we didn't bother too much about it".
And the thing is - we're not through it yet. Thankfully the death rate seems not being as bad as we thought it could be, but this could very well be down to current measures such as isolating elder people, testing at-risk populations, higher awareness levels, and the fact that the average infection age is now much lower than it was in March. So, now, healthcare systems are not collapsing.
There's a myriad of variables that likely affect the virus spread and outcome. For example, the age and characteristics of the populations where the virus is spreading, how population is distributed around the territory (and its density), how frequently this population "comes together" (social behavior - ever seen a swede profusely hugging and kissing?, public transportation, remote working…), and so on.
And when it comes to the healthcare system capacity debate: Sweden frequently put elder, infected people straight in palliative care (http://archive.is/VC5vb), bypassing hospitals. Other countries did admit elder people into hospitals, thus putting more strain into the healthcare system, which later on prompted a lockdown to prevent said system from collapsing.
> First of all, it's silly assuming that other countries are shutting down their economies without a very good reason for doing so.
I certainly wouldn't want to assume that governments only ever do the correct thing, or the thing that is in my best interests, so I think it's reasonable to ask questions.
> As I understood it, the "good reason" for doing so was that the infection & death rate was growing so fast, that it was putting hospitals & morgues way beyond their capacity. At the same time, the situation was keeping non-COVID, hospital-worthy visits out of the healthcare system, thus creating a massive public health problem.
The UK enlisted the army to build enormous field hospitals and staffed them with doctors and nurses from other hospitals. Most of them closed after seeing only a few patients, since all other hospitals were operating far below capacity. Emergency rooms were ghost towns. Meanwhile, all elective surgery was cancelled, reducing the quality of life for thousands of people while doctors stood around waiting for the promised influx that never happened.
It seems to me that the response in the West has been largely reactionary, driven by fear and public opinion, and disconnected from any real analysis of what genuinely works and what the long-term plan is -- with the possible exception of Sweden, who despite all the "they don't care" rhetoric you see in other comments, not only put a lot of analytical care into their approach, but discussed that analysis openly.
Maybe it was based on seeing what happened in other countries, ie. Spain and Italy? I can say for sure that the impact in the health care system here in Spain was very significant.
It's hard to disentangle cause and effect though. Countries that were very hard hit also had the most extreme government reactions to it. This can compromise the efficiency of the healthcare system, for example, I've read that in Spain at the peak of the epidemic many nurses and doctors were self-isolating because they'd tested positive, so there was a huge loss of healthcare capacity. Then later on it was discovered that a lot of positive tests are asymptomatic and asymptomatic people don't transmit the disease, so this just hurt healthcare capacity for no reason.
Many countries had problems with care home workers abandoning their jobs, for example to return to their home countries before borders closed. There are some quite horrific stories of the terrible conditions created in care homes in some of the places with excess death spikes.
The imagery of ice-rink morgues etc had a similar effect. There was no real demand surge for morgue space, but undertakers were refusing to work until they were supplied with ample PPE because they thought they would be infected by the bodies with a killer virus. Same story in Bergamo. So then a sudden shortfall in PPE was converted into a shortfall in funeral capacity, even though at that point there was no sudden tsunami of bodies. This then led to more panic especially amongst health system workers.
It's very hard to disentangle what really went on here.
> "Then later on it was discovered that a lot of positive tests are asymptomatic and asymptomatic people don't transmit the disease, so this just hurt healthcare capacity for no reason"
I think it makes sense to isolate anyone who tests PCR positive for coronavirus, right?
Also, is it 100% sure that asymptomatic people will not transmit the disease? What if they are just pre-symptomatic? Where do you establish the cut-off?
No. Why would it? Given how mild almost all infections are, and that doctors/nurses can routinely save lives from much more serious conditions, it's a strange cost/benefit analysis that assumes it's better to lose huge chunks of healthcare capacity than for some people to get COVID.
Asymptomatic is being used as a different classification than pre-symptomatic in the literature. Asymptomatic means you never develop symptoms. Pre-symptomatic means you haven't yet but will. Pre-symptomatic phase is not long though. Typically just 1-3 days, I think, from the latest literature.
Given the tiny window of time that exists when people are infectious and might not know it, and given the very low likelyhood of a PCR test being done in exactly that time, and given that PCR testing has a lot of problems (e.g. triggers even if your body has destroyed the virus), and given that nurses and doctors are pretty important, I can't see it being useful to actively test in hospitals. It's everywhere by now anyway.
I started out with PHP at a very very young age and eventually moved on to other platforms (mainly Python). Not looking to question your experience - but actually recalling my own. Making a chat app was one of the first things I did. It was a super basic CRUD app mixing HTML and some code, refreshing the page every few secs, thanks to some meta tags.
Of course, it used frames, so that the "send message" part didn't clear every time it refreshed… those were the days! Eventually, my fancy chat app delivered a much better user experience, thanks to an amazing (back then!) JS library — jQuery. I built my first "API" that way! (It didn't use XML or JSON - it just returned chunks of HTML that were appended to a div).
Pure PHP gets annoying when you're dealing with complex data models, or when you're building a combination of frontend plus backend batch processing. Frameworks such as Laravel make this much much nicer to deal with IMHO. Of course, PHP is far from perfect, and its quirks can cause OCD and frustration to some people… :-)
But thanks to PHP (and also thanks to how lenient and chaotic it was), I was able to create very early on without needing to worry about software patterns (I had no clue what MVC was back then!), strict code formatting, learning how to deploy an app (just upload the code and off you go), and so on. PHP got me into programming — and it's also propelled some big-name sites and apps, so I guess it deserves some credit there as well.
Http polling came across my mind, but I always thought "No I won't do that". But in my noob mind it was full of http overhead and it must be ws like interaction. Apparently it was a thing, Facebook and a lot others use it.
And laravel, it was everything I knew. I really liked it, the orm was superb, the template engine was superb. It has it downside though, the big amount of code need to be parsed.
The post clearly states that users can install extensions through the developer's website. The main difference here is that extensions cannot be silently installed — users have to explicitly install them.
Sounds good to me. No more annoying adware extensions.
I agree regarding adware, I think its just a poorly written post in terms of clarity. It could have been better summarised as
We are removing sideloading (The ability to silently install extensions from your local machine as an xpi file)
- This will not affect the ability to manually install extensions, they will need to be installed from a source code directory (Link to chrome post on same)
- This makes users safer (Malicious extensions will need to be approved and installed by a user)
- This makes it more obvious when an extension is installed (Confirmation dialog)
National politics (Catalonia, etc). But there's also an endemic issue with spending on unnecessary infrastructure while underfunding heavily used infrastructure (such as public transportation in large cities); our budgets never seem to be able to reduce debt, and our pension system is doomed to explode, because eventually there will be more retired than working people.
Agree on this. It was… weird to see someone making a correlation between "not enjoying porn on display during a security conference" and the gender of the person. It's good that they're filtering it, it's bad that they need to, it's sad that they consider it a gender issue.
It does intuitively seem like one gender would be far more likely to raise issue with it, and I'm pretty sure most would agree with this perception outside of trying to intentionally frame issues in gender neutral ways, which isn't necessary to conclude the content may not be appropriate regardless.
It's both a professionalism issue and a gender issue.
The reason it's a gender issue is because our culture often treats women as purely sex objects rather than having their own merits as people, so the introduction of porn into a professional context isn't just a professionalism issue; it also invokes that template in a detrimental way.
Well, when you've been hearing stories about Googlers for 10 years, you don't imagine that you need "discipline" being a Googler to buy a house.
I may be a little bit naive, but when my friend talked me about it I thought he was going to announce something like 200K or more, because these are the stories we always hear around here.
In the end he decided to not go because he already made the same amount of money and didn't want to move his family to Paris just for two hundred bucks a month. But I don't know anything about bonuses and 10% raises everywhere, or at least he did not tell me.
$200k and up, for a Senior Software Engineer, is something that's only "frequent" in the U.S. (and varying a lot based on specific locations). With rentals costing many thousands of $ a month, significant healthcare costs, a need to have a car for each person, and no safety net.
If your friend is earning around €100k in France and not even living in Paris, then they're in a VERY privileged position. I'd say that €110k in Paris, factoring in exchange rates, CoL & taxes, can be the equivalent to a $200k salary in SV. So it's hardly a downgrade.
The sad part is that a couple decades ago, anyone in the middle class could buy a house, one income households included. Now, property values are out of whack, especially in or near any global metropolis.
We choose SendGrid long time ago to unify all our mail infrastructure under one provider and it was a significant mistake. Now, we're heavily relying on SendGrid but some systems still depend on Mandrill and we're slowly migrating those as we make changes to them.
Please elaborate on why SendGrid was a significant mistake for you. We are looking at moving to them from Mandrill, since their stability has been terrible for us.
Was it the migration strategy that was a misstep or having a single point of failure for transactional email? If you're looking to support multiple transaction mail providers, any best practices you've come across to ensure that your app has a common interface to different providers?
One potential pitfall is keeping your blocked-email list synced between ESPs. You definitely don't want to repeatedly send to an address that has bounced or reported your email as spam, as that's a good way to get yourself into an ISP's spam filter for all its recipients.
When using multiple ESPs, the best approach is maintaining and enforcing your own block list. But if you're relying on your ESPs' own block list functionality to prevent additional sends to invalid/complaining addresses, you'll either need to sync their block lists, or somehow partition things so that the same recipient email always goes through the same ESP.
Nearly all transactional ESPs offer webhook notifications on bounces and complaints, but not all have an API where you can add an email to their internal block list.
Not the OP, but my personal experience has been that it was a mistake to rely on SendGrid. This is based on a 2016 incident [1] where SendGrid made unannounced changes to IP pools, resulting in sent emails being delayed for several hours or more while the new IPs warmed up. For many kinds of transactional email, several hours' delayed delivery quickly turns into multiple end users opening support cases. ("Where's my password reset?")
If this had been a simple mistake, fine (all ESPs have occasional issues), but to my knowledge SendGrid has never acknowledged this as an operational error. In fact, at the time SendGrid representatives repeatedly insisted the change was made intentionally for its (paying) customers' benefit.
(That said, SendGrid had some really nice tracking and segmentation dashboards, which I do miss at my new ESP.)
As for other services beyond Gmail, there's not a great ecosystem for exporting.
For one-off exports, Google Takeout is decent enough, although there's a lacking ecosystem to import the big .mbox files back to an email provider.