If this is the hidden master server that only the mirrors talk to, then it's redundancy is largely irrelevant. Yes, if it's down, new packages can't be uploaded, but that doesn't affect downloads at all. We also know nothing about the backup setup they have.
A lot depends on the threat model they're operating under. If state-level actors and supply chain attacks are the primary threats, they may be better off having their system under the control of a few trusted contributors versus a large corporation that they have little to no influence over.
Even if it's just the build server, it's really hard to defend just having 1 physical server for a project that aspires to be a core part of the software distribution infrastructure for thousands of users.
The build server going down means that no one's app can be updated, even for critical security updates.
For something that important, they should aspire to 99.999% ("five nines of") reliability. With a single physical server, achieving five nines over a long period of time usually means that you were both lucky (no hardware failures other than redundant storage) and probably irresponsible (applied kernel updates infrequently - even if only on the hypervisor level).
Now... 2 servers in 2 different basements? That could achieve five nines ;)
Which tuition are you referring to? Nameplate tuition is like the sticker price on a new car; few to no people pay it. Net tuition is the number that actually matters, and it's been largely flat the last 8 years.
I don't know the figures for large universities, but at the small liberal arts college I graduated from and the one I've worked at for the last 15 years, the average figure for "full pay" students—which, as the name suggests, is the students who pay, or whose families pay, the full sticker price, either directly or through loans—has generally been between 46% and 53%.
Now, if you have figures showing that what you claim is true on the whole across all of US higher education, please, by all means, post the links. I'm genuinely interested to know just how different it is with the larger universities.
So you're saying academics use the same opaque market practices as, e.g. health insurance? Yeah all the more reasons to cut funding. If they have nothing to hide they have nothing to fear with transparency.
You seem to have no interest in transparance or understanding, but answer everything with "cut the universities" no matter what.
If differential pricing based on ability to pay is a reason to destroy something, then we had better destroy 90% of B2B. But it's not a reason, you're just parroting the same desired end result no matter what is actually said about universities.
It's going to get worse, ADA Title II updates require that by April 2026 all PDFs and documents be used by UCB be accessible to the WCAG 2.1 AA standard. I expect a lot of third-party content currently hosted on University of California websites will go away.
The "Vendors Can Lock You Out" part is what makes passkeys entirely a non-starter for me. Especially the additional risk when someone passes away and the heirs are trying to get access to the deceased's accounts. Vendors are well known for saying "we had an agreement with Samantha, and with her death, that agreement has terminated, and no one can be given access that was not pre-designated."
> "we had an agreement with Samantha, and with her death, that agreement has terminated, and no one can be given access that was not pre-designated."
It would be nice if you could use some legal apparatus to ratchet these agreements into a trust. Corps would hate it though, so it will probably be illegal to do.
It’s “illegal” in the sense that you could write whatever you want in your will but it wouldn’t be binding. You cannot force a party into a legal obligation they do not agree to.
The government can, though. I’m not sure if there’s any existing laws pertaining to transfer of or access to general accounts after death (as opposed to bank accounts which I’m pretty sure there are laws about).
My will says that my executor can access my accounts which alleviates Apple from legal risk if they do grant access but I’m pretty sure they are not obligated to do so.
This reminds me of some past political debates around same-sex marriage, where I encountered some folks claiming government-involvement wasn't really necessary because Free Contract could take care of everything. (This was some years back before the US Libertarian party imploded.)
It was rather frustrating to watch: "You're a huge fan of X but don't know how X works?"
For example, two people can't make a contract between them that gives one the right to visit the other in a hospital, nor the right to make medical-care/power-of-attorney decisions. You also can't contract-away the guardianship (or ownership) of children, etc.
I thought the Libertarian claim was that lawsuits would fix everything. Because after your house burns down and kills you due to no electrical codes being enforced, your family can sue the electrician (who might also be dead due to unrelated reasons) and convince a jury that they didn’t follow undefined best practices and be awarded millions of dollars that the electrician probably never had and certainly won’t pay and that’s better than having you alive anyway. Hooray for the free market.
Some password managers provide an offline root of trust which family members can use in this scenario. For example, 1Password tells users to print off an "Emergency Kit" which is a physical piece of paper with secret recovery codes printed on it, which they store in one or more safe places. [1]
If someone passes away, their family members can use the Emergency Kit to gain access to and use all their credentials - including their passkeys.
(The Emergency Kit also allows you to recover your data in the event that you forget your master passphrase or lose all your devices.)
There's nothing different about using a password vs. a passkey that makes it easier or harder for vendors to lock you out. I am not sure where this misconception comes from.
Whatever process a vendor requires someone to go through in order to gain access to someone's account when they pass away remains the same whether the user previously used a password or a passkey to login.
Are you aware of any vendor that actually does have differing policies based on the account's login credential type? I'm not aware of any.
The only one who can lock me out of my relationship with e.g. HN is HN.
With passkeys:
Now I can be locked out by HN or by the passkey provider.
Sure I could use a local passkey provider, but the protocol provides a way for the site to enforce a whitelist of passkey providers, so it's not clear that would be an option. Particularly for businesses like banks which tend to adopt an approach of "if a security restriction is possible, it should be applied". Or even just the typical tech PM perspective of "we want to include logos for the log in with X, and I think more than 5 logos is ugly so let's just whitelist Lastpass, 1password, Google, Microsoft and apple and be done with it"
If I want to move a password, I either already have it memorized or I find it in my manager and write it down.
If I want to move a passkey out of my Apple keychain, last I heard the answer is to just make a new passkey. The important part of the secret is 100% under their control. It makes me very squeamish
I hate passkeys because when I've encountered them it's always an interstitial between what I just signed in to and where I'm trying to go, it's always a "register a passkey now" with an obfuscated dark pattern bypass, and it's always on a corporate account that I don't need a fucking passkey for.
I don't want a passkey on my logins but there is no way to disable this prompt on the 3 websites that constantly annoy me for them.
Drives me batty. The company I work for is already paying you for the service I'm using. We use SSO for EVERYTHING, I've already 2FA Authenticated the login, and even if I set up a passkey I will still have to 2FA the login.
I don't use these sites in any personal capacity, and I would never use a site that harasses me in any way if I was not absolutely required to in order to earn a paycheck.
You're not going to get any money out of me, why are you torturing me?
And do you know who is responsible for the increase in tuition at Georgia Tech? The legislature and governor of the state of Georgia. State appropriations for higher ed and the tuition rates at Georgia Tech are set exclusively by the state government and its appointees on the Board of Regents for the State University System, not by university administrators in any way.
> In <pick random developing nation that isn't too poor> a man who wants to construct a septic for a house pays a man with backhoe who understands the nuances to make it happen. Concrete and diesel are bought, etc, etc, etc. Let's say $5k USD added to GDP.
The piece you're missing is that the man has to pick between 10 indistinguishable men with backhoes, of which some unknown percentage are charlatans who will dig a hole, put some pipes in it, then disappear with the money. The original man will now have a puddle of human waste next to his house, no septic system, and be $20k poorer ($10k+ in cleanup, then $10k to someone to build an actual system).
Regulation ensures that the charlatans can't operate and that everyone who pays $10k for a septic system actually gets one that works for decades. This also protects the original man's neighbors who also suffer when his property develops a cesspool. Regulation also protects against well-meaning but incompetent operators, who are also common when regulation is weak or non-existent.
Intrinsic, no. Common, yes. Many people who use desktop clients want a local copy of a substantial fraction of their email so that they can review or compose messages while off-line. Desktop clients also operate faster and can provide robust search services only if they have a cached copy of the messages on disk.
Yeah, I do this too. Folders works pretty well in both Gmail Web and IMAP, but I don't do sub-labels, I just jam them all into folders for Commerce, Friends ( one folder per City), Interests, Family (One folder for each closest relative, so stuff from my Mom's sister goes in the Mom folder.)
I use Thunderbird a lot, so Archive is an anti-pattern (I believe it removes all tags from an email, leaving it only in All Mail. I have All Mail turned off in IMAP because it makes a second copy of everything, which is bad in a 20+ year old mail archive.)
Pricing in most businesses has little relation to the cost of developing and making the product. Most businesses price relative to the value that their product delivers to the customer. If there is robust competition, then the price is often driven down towards the cost, but it's not driven by the cost. In Adobe's case, they see that there is an entire industry of creative people using their products as their primary tool(s). Those employees are often paid well, with salaries from 50k-100k per year as common. Is it not reasonable (from Adobe's perspective) that employers pay 1/50th of the employee's salary for their primary and most useful tool? No one complains when the plumber requires a work truck and thousands of dollars worth of tools.
The price ceiling has little relation to cost, sure. But COGS sets an effective price floor — you'll be revenue-negative unless you do the math to ensure you're charging customers (especially your largest customers) at least COGS. COGS is the most critical number your enterprise salespeople will ask you for in order to backstop their negotiations.
For some companies, COGS and customer LTV are numbers with such different orders of magnitude that they don't even have to think about the COGS side.
But "software you charge a one-time fee for" generally produces a very low customer LTV; and "renting compute on someone else's GPU IaaS" generally produces a very high (customer-lifetime-integrated) COGS; so if they were sticking to the "just charge for the software" model, "COGS rising faster than CLTV" would be a direct threat to their business model. Which is... why they don't want to do that.
If this is the hidden master server that only the mirrors talk to, then it's redundancy is largely irrelevant. Yes, if it's down, new packages can't be uploaded, but that doesn't affect downloads at all. We also know nothing about the backup setup they have.
A lot depends on the threat model they're operating under. If state-level actors and supply chain attacks are the primary threats, they may be better off having their system under the control of a few trusted contributors versus a large corporation that they have little to no influence over.
reply