Hacker Newsnew | past | comments | ask | show | jobs | submit | lol768's commentslogin

If you have a decent IDE, it'll offer you the ability to swap between the "old" and newer way of doing things when you encounter code written in one of the styles.

I can't say I've had any issues getting code using the new syntax through code review though. C# 14 has been out long enough that the team is familiar with much of it, and the IDE is helpful at reminding you to consider adopting new syntax. That aside though, the collection expression syntax is pretty familiar for anyone who's ever written e.g. JavaScript.


> Because Google has more resources to secure their browser

They've kneecapped ad-blockers, when ad networks are perhaps one of the biggest causes of malware installs/page hijacking/other unwanted behaviour. I'm not sure how you can consider Chrome remotely secure in this light.


My org (or rather, the org they pay to run their IT) blocked browser plugins with a security justification.

I find this incredibly amusing, and at a different point in my life I'd already be gone.

When you outsource IT, there are many, many misaligned incentives.


> I find this incredibly amusing, and at a different point in my life I'd already be gone.

How so? Bad actors buying existing extensions with large user bases then publishing a new version which does bad stuff is a pretty common pattern. It certainy seems like a reasonable concern for a corp IT department.


99% of security experts I know use ad blockers.

When there are unpatched browser vulnerabilities, attackers will use ad networks to inject attack code into reputable-but-ad-laden websites. And even when there aren't unpatched vulnerabilities out there, many ad networks will happily accept scam ads, ads that trick people into downloading malware, fake download buttons and suchlike.


> 99% of security experts I know use ad blockers.

But if they all use Chrome, wouldn't those be really weak ad blockers?


This is a common myth. I've used uBlock Origin Lite for months (a year?) and still see zero ads.

I'm extremely intolerant to ads, so I would leave Chrome if ad blocking stopped working.


Adblocking is an arms race. Google is handicapping adblocking progressively the fact that it doesn't take one day to achieve absolutely doesn't make it a myth. Adblocking is technically worse and the more locked down our environments are the easier it will be to kill or drastically reduce it.

If everyone had the same attitude this would probably already be the case.


> 99% of security experts I know use ad blockers.

100% of security experts I know find ads annoying and know ad blockers reduce how many they see.


Not GP, but I think the point was that no extensions => no ad blockers => major malware vehicle unlockable, short of disabling JS


Bingo.

I figure they had a switch they could toggle and they thought no further about the tradeoffs. Because their primary concern is their own liability, not what's best for the org their contract is with.


> My org (or rather, the org they pay to run their IT) blocked browser plugins with a security justification.

Same here, but only on Chrome. Firefox works fine.


Have they blocked vscode? I think any organisation that lets people use vscode, might just as well people do whatever they want.


Nope :)


Brave has ad-blocking built in and policies can be used to disable any unwanted features. With Chrome going user-hostile, it's a pretty great option.


Extensions are a much greater security risk than ads.


They didn’t take a decade plus to implement per-domain process isolation, for starters…


You can downvote the truth, but can’t reply to it.

Typical modern Mozilla fans, really.


Typical Hacker News posters.

Same, my Dad ordered it for me at the time; sits on my desk :-)


Yes; many (Alpine/Debian) containers in K8s on GKE for production rail ticketing infra in the UK.

There's not tons of noise being made because for the most part it all, Just Works and that's fairly boring. Perf, memory usage etc gets better every release. As an ecosystem, I'm pretty happy with it. I reach for other languages for smaller microservices.


> rail ticketing infra in the UK

You mean Raileasy? Or RDG too? (Just curious about the stack of the wider rail tech infra)


What's preventing you from using C# for smaller microservices? And what do you reach for?


Maybe startup time was a problem before AOT?


> The alternative would be that each school develop their own platform for this

I worked at a university which did exactly this, in the UK.

It was a bespoke platform which integrated incredibly well with the rest of the systems the university used because it was designed from the ground-up to meet the institution's needs, there were regular user groups involving academics to understand what features needed to be built/worked on etc. At one point it was all OSS on GitHub too, in case other universities could've found it useful. It handled plagiarism detection (integrating with Turnitin), marking, exam grids, coursework submissions and feedback, seminar allocations, personalised timetables & mitigating circumstances.

The in-house dev team was vastly cheaper than anything SaaS would've cost, as well. It also maintained software for on-campus parcel deliveries, online exams, opinion surveys, a mobile app for students/staff, the SSO system, the course catalogue, car parking permits, a content management system and more.


That sounds like a dream.

My (also UK-based) university has been working on a new student records management project for years that's been incredibly ill-fated. It's destined to replace all their current systems and the first module module was meant to launch last year, except it thoroughly failed testing and nobody has heard anything about it since.

No idea how long it'll take to pull through. I don't believe it's an in-house effort.


In-house bespoke software sounds reasonable, and multi-customer SaaS sounds reasonable, but outsourced bespoke software sounds like a complete dumpster fire:

End users who report problems:

* are ok with IT level 1 telling them IT level 3 is working on it with velocity appropriate to keep their jobs,

* are ok with IT level 1 telling them ${vendor_of_well-known_solution} is working on it with velocity appropriate for many customers, but

* are not ok with IT level 1 telling them ${vendor_of_bespoke_solutions} is working on it with velocity appropriate for one customer (if they even still exist).


This sounds like a great opportunity for students to gain hands on experience with real software engineering work as well.


They already prevent advertising the sorts of foods that contribute to obesity to children, and encourage you to drink less sugary drinks by applying tax to them (though unfortunately manufacturers have responded to this by reducing choice and adding artificial sweeteners instead of selling something at a higher price that can be enjoyed once every few weeks.

I don't think any of this is unreasonable in a country that picks up the tab through both subsidised dental care and completely free-at-point-of-use healthcare.


Would a calorie cap be reasonable?


> Would a calorie cap be reasonable?

A legislation that isn't possible to enforce is not reasonable, no.

Banning cigarettes = easy to enforce.

Banning sugar in soft drinks = easy to enforce.

Limiting how many calories you can consume = how do you propose we do that? Do we even have the technology to track what someone eats? And do we carve out exceptions for athletes?

If there was a way to cap calories without surgically inserting trackers into everybody I'm sure you'd see a lot less opposition to your idea.


Whether something is possible to enforce seems like a sliding scale. We can totally imagine a world where a calorie cap is possible to enforce. In such a world, would it be reasonable?


Make a lolly bag $100 and not $1 and your problem is solved


a better solution is banning processed foods which fall below a threshold for calories/micronutrient content (and no artificial enrichment allowed)


> They're great for big business at scale

> They are wonderful for big business

I (sadly) completely disagree with this. There are still so many basic things they don't expose, and it feels like you're fighting an abstraction designed for a start-up that doesn't want to think about the complexities of payments at all. For example, you have to fight a battle to get the card IIN exposed to you. There's no way to see the electronicCommerceIndicator (ECI) for Wallet payments (it clearly has it, since it's shown in the dashboard if you dig deep enough, but it's kept from you). For their Direct Debit integration, they apply limits on the payment amounts you can initiate, but there's no way to actually see the current value of what these limits are. The same Direct Debit integration also doesn't let you customise the payment references used (GoCardless lets you do this to identify e.g. individual invoices on customer bank statements).

Some of the APIs clearly haven't been thought through - e.g. for disputes you can't programmatically retrieve the evidence submitted by the card issuer. Which means you can't build any sort of sensible custom integration for handling disputes. And besides, they don't even support pre-arbitration (which the card issuers know about and take advantage of frequently because they know their decisions outwith the card scheme chargeback guidelines cannot be challenged effectively).

Their Google Wallet integration is worse that Braintree's and doesn't support the web-based flow.

There's not nearly enough visibility when things go wrong, particularly with their 3DS integration (which was failing for Samsung Internet browser users for us, and we had to fight to get looked at - nothing ever got published on the status page despite the fact this significantly affected your chances of securing liability shift) and you have to escalate via an account manager to get any sort of useful support case response.


One of the first things I did when I was involved in the set-up of online support ticket system for a GB rail retailer was https://xkcd.com/806/ compliance. If the support request body contains the phrase "Shibboleet" the ticket will be assigned to an engineer.

Equally it's not hard to teach front-line when to escalate, and ensure L2 and beyond are approachable. Even better if L2/L3 can keep half an eye on tickets that come in for anything that looks particularly interesting.


Hah, I've seen your posts on RailForums!

> One of the first things I did when I was involved in the set-up of online support ticket system for a GB rail retailer was https://xkcd.com/806/ compliance. If the support request body contains the phrase "Shibboleet" the ticket will be assigned to an engineer.

I get the feeling you wouldn't joke about this. I can't believe how amazing this is LOL. I /think/ I know which retailer...good to know!

> Equally it's not hard to teach front-line when to escalate, and ensure L2 and beyond are approachable. Even better if L2/L3 can keep half an eye on tickets that come in for anything that looks particularly interesting.

Right!? I did L2/L3 support many moons ago and it was very much my job to keep an eye on PFYs to ensure they weren't dismissing interesting tickets.


I'm confused, many of these examples state that they don't work in my browser (Firefox) - but the live demo works fine? Are the demos poly-filled?


Their labeling of feature availability is messed up. It says sibling-index() is widely available when it's not even available in Firefox yet.


No, it says: "Limited availability".

These green percentage points at the bottom left show how many of the Web audience (IDK by what measurements) runs a browser supporting this feature. A ton of them are even below 50%.

So I suppose it's not "modern CSS", but more like "latest Chrome CSS". Best viewed in Internet Explorer 5.


Absolutely. So no thank you, I won't stop writing CSS like it's 2015 if those features aren't at least supported by all latest browsers.


I've found it to happen much more frequently than that, unfortunately. Usually it's because the modal is two DOM elements - a backdrop, that fades out the rest of the content and sits on top of it/prevents interaction; and the actual consent modal. Websites then use various mechanisms to prevent scrolling. uBlock is often only removing the actual dialog, so you end up with a page you can't scroll up or down and can't interact with.

If you're going to turn the filters on, it's worth being aware of this because it's far from flawless.


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: