Yes, backups are great but a 'dumb robot' or a 'mistaken junior' shouldn't have access to prod.
And a sleep-deprived senior? Even then. They shouldn't have access to destructive effects on prod.
Maybe the senior can get broader access in a time-limited scope if senior management temporarily escalates the developers access to address a pressing production issue, but at that point the person addressing the issue shouldn't be fighting to stay awake nor lulled into a false sense of security as during day to day operations.
Otherwise it's only the release pipeline that should have permissions to take destructive actions on production and those actions should be released as part of a peer reviewed set of changes through the pipeline.
But smart robots like Claude should and will have access to production. There has to be something figured out on how to make sure operation remains smooth. The argument of don't do that will not be a viable position to hold long term. Keeping a human in the loop is not necessary.
>We've literally done it without robots, smart or dumb, for years.
And we've written extremely buggy and insecure C code for decades too. That doesn't mean that we should keep doing that. AI can much faster troubleshoot and resolve production issues than humans. Putting humans in the loop will cause for longer downtime and more revenue loss.
> AI can much faster troubleshoot and resolve production issues than humans
Can, yes, with proper guardrails. The problem is that it seems like every team is learning this the hard way. It'd be great to have a magical robot that could magically solve all our problems without the risk of it wrecking everything. But most teams aren't there yet and to suggest that it's THE way to go without the nuances of "btw it could delete your prod db" is irresponsible at best.
When people talk about backups they typically mean located somewhere else. If one terraform command can take out the db and the backups then those backups aren't really separate. It's like using RAID as a backup. Sure it may help, but there are cases where you can lose everything.
Nobody, not even a "smart robot" should have unfettered read-write production access without guardrails. Read-only? Sure - that's a totally different story.
Read-write production access without even the equivalent of "sudo" is just insane and asking for trouble.
> Top management has insane levels of compensation as a strategy by ownership to alight management's interests with their own, by turning them into owners. If there is going to be a management layer at all, for example the proposed "A-suite", then their compensation will balloon for exactly the same reasons.
That is not correct.
Owner's don't align top management's interests with the owner's interests by giving them 'insane levels of compensation', they do it by giving the managements compensation in the form of shares of the company. It's not the volume of the compensation that aligns their interests, it's the type. Otherwise the 'top management' could just invest in the competitor and torpedo their own company making multiples of the original cash compensation as clients leave for the competitor.
If anything, a high base pay would be a dis-incentive to perform well, because increased wealth (a) reduces the marginal utility of additional compensation, and (b) makes the CEO less vulnerable to going down with the ship. The same goes for "golden parachutes".
IMO, if incentivizing good performance was really the goal, then companies would hire CEOs who are not already wealthy, pay them only enough base salary that they accept the job and can focus on it without worrying about paying bills, and compensate them mainly using illiquid, very long-dated stock options, which become worth a fortune if and only if the company is still around and profitable far into the future. It turns out that this is basically how founders are compensated, and it's a wonder that shareholders allow public-traded companies to be run in any other way.
Sure, if you want to spell it out. It is equity compensation, because they want the management to be owners of the same assets that they hold. Once that's settled though, the question is: how much equity? Well, it needs to be a large number. Owning $500 worth of stock doesn't make them a capitalist -- it just makes them a person with $500 worth of stock.
> I can bet you a hefty sum that Alameda will never go without electrical contractors.
You *really* don't understand the issue then because no one is saying that there will be 0 electrical contractors.
Electrical contractors will continue to exist because demand will continue to exist, but the wait time to get the work done will increase due to not enough electrical contractors.
Or the work will be left undone because the owner doesn't have enough money to pay the few electrical contractors that remain.
Or the work will occur but will avoid all regulations because the cost of complying relative to the odds of being caught don't justify paying it.
I understand why businesses would want to maximize work done in an area - I hope you're self-aware enough to realize this.
The tension you may be blind to, is that society wants to maximize safety in an area - and any work done should be in service to that goal, and not an end unto itself. We shouldn't blindly maximize for work done in an area, we have to make sure the result is safe: this introduces rules and regulations, and the time and monetary costs tag along.
No two people will agree where the balance is, but generally there's regional culture. Hell, Texas allows home-owners to do their own electrical work - does that "drive business away" since some people won't pay for small DIY fixes in TX? I can't say I've ever heard that argued, but I hear it deployed a lot in response to regulations.
Many states are littered with work environments criss-crossed by extension cords because if it plugs in it doesn't need a permit, forklifts moving IBC totes because that's cheaper than the permitting it would take to install real process equipment and be regulated differently. Rain and snow covered parking and work areas that should have structures over them but can't due to the realities of environmental calculations and permitting.
Every time someone trips on a cord and smashes their face, gets mashed by a forklift, slips and falls on ice and can't work for 6mo, you personally, along with everyone else who's fetish for bureaucracy has driven up the cost of "better solutions" that would've prevented that has a little bit of that blood on their hands.
I'm not saying to just let anyone do a 3ph 480v panel swap and connect that shit to the utility. But at this point that might be better than letting you people continue to run things your way.
It's like saying that a ball-and-chain thing is not going to entirely prevent you from walking, so you're not denied the ability to walk. While technically correct, this conclusion misses a few important related consequences.
> But companies prefer to put in that effort and annoy their users so they can have that tracking.
This is making the assumption that the company has already paid the significant legal fees to see if they need the banner or not. Or ignoring the companies that think it is easier to add the banner than pay a law firm to review it's data usage.
It's like 'Hey, I make T-shirts. I want to sell them to anyone who visits my website. Do I need a cookie banner? I don't know. I do collect personal information to facilitate the transaction. I do retain the information for refund purposes. I do log IP addresses. Is this covered without a banner? Am I 'safer' to just make a banner saying we are saving their data and using it? I can't afford a lawyer to review everything we do, but I can afford a developer to make a banner like they did on other sites. Even if they implement it incorrectly, I think it's worth the cost to have the banner because I probably won't be liable if I attempted to follow the law. And maybe I'm wrong there because again, I have no idea what the letter of the law requires. I just make t-shirts and want to sell them.'
Tossing up a banner doesn't really help. You're required to allow users to opt out of anything that's not essential to the service being requested by the user. So regardless of whether you're going to have a banner or not, you have to identify what's essential. And once you've done that, you could stop there and not have anything non-essential.
> I also recognize that websites don't need the banner if they aren't trying to track me
And I recognize that there is a non-trivial cost to knowing if you need the banner or not, and people are likely to ask their web designer/dev "Hey, where's the cookie banner?" and then pay for the subsequent cost of implementing that because it's cheaper than expensive lawyers.
The was my first thought as well. Yes, using the Safe Browsing list feels wrong, but I don't know enough to speak definitively in that regards. However wouldn't a relatively simple solution be that if a registrar is choosing to use some third party's list of banned DNS entries that the registrar then also implement sufficient unblocked components that will allow people to be unbanned from that third party?
> Add a DNS TXT or a CNAME record.
I haven't had a use-case for a TXT record come up yet, but isn't it low risk enough to allow domain owners to continue to configure TXT records even if the registrar wants to ban configuring other record types? Then the person in the article could prove ownership and could then get off of the third party ban list that the registrar was utilizing.
DNS can be thought of as a distributed KV store with built in caching suitable for low write high read use cases, so TXT makes sense for that. e.g. basic feature flagging can be accomplished that way with basically no work to set it up assuming you were already using DNS.
The registry cannot ban individual record types. That is not how DNS works.
The registry only maintains a list of NameServers associated with the domain (and records for DNSSEC zone signing). Registries have nothing to do with regular records. They only record who defines those records.
There is _some amount_ of justification to ban TXT. There have been a few cases of C2 servers using DNS to send instructions to malware, so letting TXT slip through the cracks would still allow for that.
Now whether this downside justifies the massive problem it causes on false positives...
TXT can't be banned. There are several RFCs that require TXT records, such as DKIM configuration, DMARC configuration, and it is extensively used for verification by things like AWS SES, Microsoft Office, and all kinds of things. It's built into many standards and used by all kinds of other entities for all kinds of perfectly legitimate things.
Did you read my reply without reading the parent I was replying to? I’m talking about not allowing a blocked domain from being able to add new TXT entries as the parent was suggesting. Of course TXT shouldn’t be banned entirely…
My only concern here is that it's using ex post facto information to try to dispute earlier assessments.
If I 'moved' some AI 'patents' to another country 5 years ago and stated they were worth $x using some formula and now some years later the government steps in and says 'No no no, you earned $x + $y and lied on the original value which should have represented the discounted future income!' that's not disputing the formula used in the original point. It's just that 5 years ago people underestimated how far and how valuable AI would be.
Sure but if that’s the case there should be some tax on the mark to market difference. If not it’s just straight up tax fraud (which I suspect is often actually the case).
As a tech-literate person, I'm not 100% against the concept of ID if only because I think people will be more reasonable if they weren't anonymous.
This conflicts with my concerns about government crackdowns and the importance of anonymity when discussing topics that cover people who have a monopoly on violence and a tendency to use it.
So it's not entirely a black/white discussion to me.
Both Google and Facebook have enforced real identity and its not improved the state of peoples comments at all. I don't think anonymity particular changes what many people are willing to say or how they say it, people are just the creature you see and anonymity simple protects them it doesn't change their behaviour all that much.
I think opt-in ID is great. Services like Discord can require ID because they are private services*. Furthermore, I think that in the future, a majority of people will stay on services with some form of verification, because the anonymous internet is noisy and scary.
The underlying internet should remain anonymous. People should remain able to communicate anonymously with consenting parties, send private DMs and create private group chats, and create their own service with their own form of identity verification.
* All big services are unlikely to require ID without laws, because any that does not will get refugees, or if all big services collaborate, a new service will get all refugees.
The problem is this is only true for values of "reasonable" that are "unlikely to be viewed in a negative light by my government, job, or family; either now or at any time in the future". The chilling effect is insane. There was a time in living memory when saying "women should be able to vote" was not a popular thing.
I mean, this is _literally the only thing needed_ for the Trump admin to tie real names to people criticizing $whatever. Does anyone want that? Replace "Trump" with "Biden", "AOC", "Newsom", etc. if they're the ones you disagree with.
Obama carried on where Bush left off. I think Biden was at least marginally better, at the very least I admire him for ripping off the Afghanistan bandaid, but the amount of effort he put onto rolling back executive overreach was minimum if anything.
You're saying that Biden, AOC, and Newsom are "ideologically aligned with right-wing hatred"? This is not something I've ever heard a human being say. Almost afraid to ask, but where's that coming from?
> it’s prudent to assume that they’ll shift to a “merit based”
There is already a "Merit based" system that supports the arts. It's called the private market.
My initial gut reaction was akin to many responses here but a post that detailed the implementation mitigates many concerns I'd have if I were an Irish citizen. As long as the system has some required 'buy-in' from applicants to prove they are working towards being an artist, and the distribution is random so it's not a guaranteed payout, and possibly the odds of being selected are driven by the number of applicants and so no one could do a cost-benefit analysis of submitting the 'buy-in' purely with hope of receiving a payout, then this seems to be a more fair way of supporting up and coming 'arts' than the government paying some already established artist for a mural or to design a park or to create a sculpture.
> What part of your idea was supposed to stop that happening
The part where people see their money burning away paying maintenance and tax on deteriorating assets.
Why are people holding assets unused?
Because they don't believe that the city will allow sufficient development to allow them to purchase like-assets in the future if they chose to reinvest and the carrying cost is minimal because council taxes are trivial relative to the value of the asset. If my research is correct, Kensington council taxes are under 10k USD per year.
And a sleep-deprived senior? Even then. They shouldn't have access to destructive effects on prod.
Maybe the senior can get broader access in a time-limited scope if senior management temporarily escalates the developers access to address a pressing production issue, but at that point the person addressing the issue shouldn't be fighting to stay awake nor lulled into a false sense of security as during day to day operations.
Otherwise it's only the release pipeline that should have permissions to take destructive actions on production and those actions should be released as part of a peer reviewed set of changes through the pipeline.
reply