• 0 Posts
  • 71 Comments
Joined 1 year ago
cake
Cake day: June 8th, 2023

help-circle




  • Car manufacturers should get out of the dashboard design business. Just have an API standard for devices to control the car, and a USB port for users to plug in whichever device works best for them. You want a bunch of physical buttons? Cool, go down to AutoZone and buy a button panel that matches your needs. You want a big screen with carplay and a bunch of widgets? Mount your old iPad there.

    The regulatory side would be the hard part. Devices would have to meet some safety standards and the car would have to refuse to drive unless an approved dashboard was connected, but it could be done.





  • This is one of the things I talk about when people ask what the difference is between junior and senior developers.

    A lot of security is just box-checking. A lot of it is hypothetical and relies on attackers exploiting a chain of multiple bugs that they probably won’t ever find…. But you still gotta fix it.

    There’s no point in being so proud of your code and dismissing security concerns because you’re arrogant enough to think it can’t happen to you. Just learn to fix it and move on with your life.






  • I use a “real name” domain. My last name ends in the letters “in”, so I bought a .in domain, such that the domain name is my last name with a dot in it.

    Can’t honestly recommend that approach. It’s a cute gimmick, but when non-technical people ask for your email address and it doesn’t end in a TLD they recognize, their heads explode. I usually give out my gmail address.





  • Is it the employer’s responsibility to determine that somebody is or is not a spy? Like the scam here was to do the actual job and send money back, not to steal company information etc. companies have legal obligations to make sure people are authorized to work in the US etc, but the government sets those standards. If you’ve got convincing enough paperwork, it’s the governments job to enforce this stuff, not the employer.

    That said, I’ve interviewed several remote people who were clearly using fake identities and also clearly didn’t have the skills for the job. Seems obvious their scam was to just collect a paycheck doing nothing, so if that’s the same group, then the employers bear some fault for hiring unqualified people… but on the other hand if the North Koreans were actually doing the jobs they were paid for, no reason the company should care.