Edit 20 minutes later: After I posted this I remembered I have access to a https://www.walmart.com/ip/AT-T-Maestro-3-32GB-Ocean-Green-P.... And both LÖVE and my Carousel work great on it! Much less laggy than any other app on that phone. Including the browser.
I tried around 10 years ago, repeatedly would provide a password, get a notification, click on it, get asked to type my new password.. and get told the password was invalid.
Anyways, I moved on with my life. I was only reminded of it this year when I got referred for a job at Apple.. and guess what, I still can't make an Apple ID. So now I can't ever get a job at Apple :) Oh well, first world problems.
This Kafka nightmare is somewhat funny when it does not impact your life, but with increasing centralization, I worry for the future. What happens when an AppleID/Google account in good standing is required to open a bank account? Go grocery shopping? Hold your drivers license? Apply for a job anywhere?
Big tech has repeatedly shown that they are willing to ignore life destroying account workflows so long as they only impact a minority.
Sadly, you don't even need to engage directly with these companies to be affected. Case in point: e-mail.
I host my own e-mail. Valid SPF, not on any spam blacklists, good reputation score on my static IP.
At the beginning of November, I lost the ability to send e-mail to Gmail - it was all rejected as, quote, "possibly spammy". Double checked SPF and DMARC... Double checked documentation... Spent time setting up DKIM on my mail server, even though I sent nowhere near enough mail to merit it. Nothing got through for two weeks.
Google Postmaster Tools were totally unhelpful, telling me _that_ I was being blocked, but not _why_ I was being blocked. There is a community support forum where I posted - it hasn't seen a response since I posted in November. There was also a support portal where I could, in theory, contact a human. I sent something in there, and am still awaiting a reply.
Now remember, Gmail isn't just for @gmail.com addresses. Gmail hosts my accountant's domain. Gmail hosts the domain for a club that I'm part of. Gmail hosts friends who also have their own domains. Gmail hosts... well, probably a solid half of the Internet's e-mail.
My only way out of this nightmare was to reach out to a contact at Google, who - having an @google.com e-mail - was also unable to receive e-mail from me, and made the case to the right folks internally that I couldn't send important messages to him. A few days later, I could magically send e-mail to Google again.
Do I have any idea what I did? No. Do I have any idea what they resolved? Also no. Can I prevent it in the future? Who knows!
I'm increasingly of the opinion that the modern practice of not telling people why they've been blocked -- or even that they've been blocked -- was devised by sadists to satisfy their proclivity.
The core of the flaw is that actual fraudsters and spammers are repeat players and ordinary people aren't. The bad guys expect to be blocked, so they test for it. They check if their messages are getting through and then notice immediately when they stop. Whereas real people expect their messages to go through, because why wouldn't they when they've done nothing wrong? And then become isolated and depressed because it seems like everyone they know is suddenly ignoring them.
The bad guys create thousands of accounts and play multi-armed bandit, so when some of them get blocked they can identify why by comparing them to the ones that didn't, or create new ones and try new things until something works, and thereby learn what not to do. Whereas real people have no idea what sort of thing is going to arouse the Dalek either before or after their primary account is exterminated.
So it's a practice that creates a large increase in the false positive rate (normal people have no way to know how to avoid it) in exchange for a small decrease in the false negative rate (bad guys figure it out quickly). In a context where false positives cost a zillion times more than false negatives because the bad guys treat accounts as a fungible commodity they acquire in bulk whereas innocent people often have their whole lives tied to one account.
And all of that is only disguising the real problem, which is that people get blocked having done nothing wrong. If you were expected to point them to the spam they sent or the fraud they attempted then you wouldn't be able to do it when they'd done no such thing, and then "we can't tell anyone because it would help the bad guys" is used to paper over the fact that you couldn't tell them regardless. When the decision was made by an opaque AI and then reviewed by no one, there isn't actually a reason, there's just a machine that turns you off.
Towards the end of using self-hosted email at $dayjob, a couple of years ago now, Google started bouncing [some of] our email.
In the header for the bounce messages was included a description of the problem (as they perceived it), and a link for background reading.
I never followed up on it personally (that wasn't my job anymore because reasons), but the bounces seemed descriptive-enough for someone who was paid to care about it to make it work.
I also host my own email. In my case, Google always routes the first email I send to a new Gmail address as spam. After the recipient marks the email as good, future emails are received as expected. The only way around this is to advise the recipient via Gmail that I've set an email to them via a different route, so that they can check their spam and mark the email as good. This has been going on for at least two years.
Basically, Google are shadow-banning me till they get caught. I think this should be illegal.
This sort of thing is already becoming a reality. Not necessarily with Apple/Google IDs, but with email addresses. As the owner of a few dozen Internet domain names, I use some of them with catchalls so I can create new and unique email addresses for various entities I correspond with.
Sometimes this has failed, because the entity uses some third-party validation service that can find no record anywhere of the existence of the new email address. So it's sometimes impossible to register a new account somewhere unless you use an email address that is "known" to the validation system.
I'm not sure what "problem" they were trying to solve by doing it this way, but they've created a new problem by doing it.
Also, sometimes I've tried to use very short email addresses such as: x@xxx.com, and they're flagged as invalid even though they're not.
I've also had valid accounts disabled without notification because the email address I used had the name of the entity within. E.g. google@xxx.com
Some companies assume you're trying to impersonate them if you do this, and silently disable existing accounts. Usually the tech support staff aren't even aware of these restrictions, which makes it even more difficult to recover.
I realize this sounds out there, but I'm not entirely joking. I feel there is a significant subset of all people that are not particularly happy with the direction of society at large. And the great thing about places like the US is that you're free to develop your own little sub-societies. There's no reason a group of like-minded people could not work to develop a technologically embracing society, but one that aims to focus more on decentralization, and utilizing digitization as a convenience rather than a necessity.
Think about something like a 'Google Smart City' except from an entirely different ideological foundation, such that the entire project doesn't sound like something out of Black Mirror. The reason this would be beneficial as a social project, instead of the vastly more viable independent one, is that a lot of tech is generally seen as undesirable, certainly in certain contexts (like smartphones at school), yet it spreads virally making its adoption a defacto necessity. Get rid of the virality and you could create a better life, and a better situation, for many people.
Get a bunch of hackers and DIY small farm folks etc. to move to the same place with the goal of disentangling themselves from megacorps. To begin with it increases the local concentration of people who want that and then causes local businesses and agencies to start serving their needs better because they're a higher proportion of the local population. And it puts the people so inclined in closer proximity to each other which improves coordination.
If you got enough of them you could even affect local ordinances and then e.g. pass strong right to repair laws or laws against businesses requiring you to use one of the major phone platforms. How many localities would need a law against remote attestation before companies would have to stop using it against people?
The best answer I have is: for those of us who start life with some level of privilege, it's important to make good decisions and manage your risk exposure. Life is geopolitics.
But yeah, I'm not looking forward to the day I need to show a Google or Facebook account to receive government services. US Visa applications are already going in that direction.
This happened to me when the local credit union, TechCU, overhauled their web interface and app. I called their help line and stumped them for a while. I finally figured out their interface allowed me to use a period in my password and confirmation field and accepted them but somehow their login process did not. To their credit the characters they listed as allowable did not list period which I did not read carefully and just skimmed the first time I saw it.
This year I don't even get to the point of making a password. It's possible something about my attempt 10 years ago has polluted my phone number. So it goes.
Notice, too, that my story is about the utter lack of support like in OP.
> I still can't make an Apple ID. So now I can't ever get a job at Apple
Is this actually a requirement to work at Apple? What is the legality of employers demanding their employees agree with unrelated-to-their-job terms and conditions? I mean, one of these conditions is that you settle all disputes with them through arbitrators of their choosing, that would be crazy if true.
Years ago I built a website in Factor for testing HTML 5 video in browsers using the Theora codec. It allowed uploading videos, playing them in the browser, converting to Theora, transcoding YouTube videos, etc. It operated for a few years.
About the same time I wrote an 8080 emulator in Factor and emulated Space Invaders and a couple of other games using the Factor UI code.
For quite a while it was my go-to language for implementing things.
What change in visa policies have driven the change in rank? Have any countries switched on visa requirements for US passports? Or are other countries switching off visa requirements?
Edit: Thanks to the responses. My bad for missing that in the article.
> The loss of visa-free access to Brazil in April due to a lack of reciprocity, and the US being left out of China’s rapidly expanding visa-free list, marked the start of its downward slide. This was followed by adjustments from Papua New Guinea and Myanmar, which further eroded the US score while boosting other passports. Most recently, Somalia’s launch of a new eVisa system and Vietnam’s decision to exclude the US from its latest visa-free additions delivered the final blow, pushing it out of the Top 10.
>US being left out of China’s rapidly expanding visa-free list
Really? My visa is probably expired now but I remember my Chinese visa being sort of a headache to deal with 10 years back from the US. Certainly a couple different visas to there weren't "visa-free."
Most Western countries (except the US, as noted) now have legit visa free access to China. No e-visa, no ESTA, no advance notice, no nothing, just rock up and get stamped in.
And to be clear, this is not the previous restricted "X hours transit, don't leave the city" thing, but a full blown 30 day entry permit valid for the entire country (minus Tibet), any port of entry, any port of departure.
Yes, this is a massive departure from their previous policy, but yes, it's real. Having also gone through the regular China visa process multiple times in the past, I could hardly believe it myself when I used it earlier this year.
Ugh, Canada used to have this kind of visa free travel (at least for British people) and it was really jarring to me. I spent the whole flight worrying that I would be denied entry upon landing, but nope: no worries.
Until I tried to travel back a few years later and they didn't let me board the plane because they had changed to an e-visa scheme called eTA.
My own fault for not checking, but, in fairness, I didn't expect the agreements between Canada and the UK to have materially changed.
What part are you disagreeing with? It says the US is being left out of China's expanding visa-free program, not that 10 years ago the USA was on the visa-free list for China
The US was not on a visa-free list for China 10 years ago the last time I applied (at least for a business event). But maybe it isn't on some expanding visa-free list which is something I really haven't paid attention to.
I and a couple of friends of mine have been to China since they introduced visa-free access for my country (low on various "passport power" lists), and it's been an absolutely painless experience. No advance notice, no ETA (like e.g. South Korea does), just buy the tickets and go. The officers at the airport were very nice too.
If anything, dealing with WeChat and AliPay is much more of a headache.
Most countries eligible for the South Korean ETA are currently also exempt at least until the end of 2025; I think chances are good the exception will be extended. I travelled visa-free to both China and South Korea last year and the experience was quite similar.
> but I remember my Chinese visa being sort of a headache to deal with 10 years back from the US
I got one recently and it's not bad, except that it needs to be done in-person at an embassy based on the state you live in, so there's a 90% chance you'll have to trust a third party business next door to the embassy to walk your documents over and mail them back to you after. I would much rather be visa-free though, it was expensive and time consuming for no real reason.
This is mostly answered in the article but in short China refused to extend preferential status and the United States refused to reciprocate with several other countries who in the past were content with an asymmetrical relationship but are no longer.
In general, I think many of the countries that used to be visa-free or visa-on-arrival are implementing Electronic Travel authorizations or e-Visa systems, which decreases mobility in general.
Human beings are ephemeral. They're born, they die.
Everything human beings create is ephemeral. That restaurant you love will gradually drop standards and decay. That inspiring startup will take new sources of funding and chase new customers and leave you behind, on its own trajectory of eventual oblivion.
When I frame things this way, I conclude that it's not that "software quality" is collapsing, but the quality of specific programs and companies. Success breeds failure. Apple is almost 50 years old. Seems fair to stipulate that some entropy has entered it. Pressure is increasing for some creative destruction. Whose job is it to figure out what should replace your Apple Calculator or Spotify? I'll put it to you that it's your job, along with everyone else's. If a program doesn't work, go find a better program. Create one. Share what works better. Vote with your attention and your dollars and your actual votes for more accountability for big companies. And expect every team, org, company, country to decay in its own time.
[2] Vanity of vanities, says the Preacher,
vanity of vanities! All is vanity.
[3] What does man gain by all the toil
at which he toils under the sun?
[4] A generation goes, and a generation comes,
but the earth remains forever.
[5] The sun rises, and the sun goes down,
and hastens to the place where it rises.
[11] For I know full well the plans I have for you,
plans for your welfare and not for your misfortune,
plans that will offer you a future filled with hope.
[12] When you call out to me and come forth and pray to me,
I will listen to you.
Agreed, but If I can add one more angle: creative destruction is strangled when engineers are glued to the Internet about “how software should be built.”
I've published a blog post urging [0] top programmers to quit for‑profit social media and rebuild better norms away from that noise.
To add to this, many of the things we consider "high quality" are labors of love of 2 people. Many things we consider low quality are built by massive organizations and hundreds of developers each trying to ship one feature, get promoted, or find another job.
My hot take is that quality is inversely proportional to income. The more someone is paying for something, the more bloodsucking mercenaries are attracted to it that have less consideration for the quality of the output than for their own enrichment. (A corollary to this is that the more a job pays the more it will suck: the only way they can get people to come help and keep them there is to offer high compensation).
Look at trappist brewers. Long tradition of consistent quality. You just have to devote your life to the ascetic pursuit of monkhood. It attracts a completely different kind of person.
It's certainly a provocative thought. But I think it's too blunt. In our commercial world sometimes the cheaper thing works better and sometimes the more expensive thing works better. So the lesson I take away is that price is not a great signal in the absence of other context. Trappist brewers have some other cultural norms going for them, and the focus should be on those norms rather than price. The people attracted to it aren't thinking much about the money. If you value them, why would you?
As others have stated here, I think there’s this constant push for features and not enough investment in improving reliability, observability, scalability. Of course, there is a lot of context required to make actual conclusions.
At many large companies, there is an incentive to create systems that are as complicated as possible. A side effect of that is gaps in what’s actually observable. This manifests itself in shitty user experiences with partially loading pages and widgets or widgets that take multiple times longer to load than other parts of the page.
All this is a direct result of large company barriers in communication, crossing between stacks with no single vertical observability solution. At medium sized companies (<9000), it begins to fall apart. A single user request has dozens of internal hops to arrive at the final API and product managers wonder why a response takes several seconds.
Email is only part of my electronic memory. Over time it's become more important to me to maintain my own copies of my memory on devices I control. The forms and formats are many, and they all need a commitment to maintain control. So yes, use email over more mutable media. And avoid remotely mutable extensions to emails. And keep a local copy of your email. And maintain date-stamped archives of stuff you work on, and keep your codebases easy to run from any point in their history, and write good notes. Constant vigilance.
This works if your code snippets generate relatively static output. Lately I often need to create animations, often interactive ones. See https://akkartik.name/debugUIs.html, for example.
In my life I've often switched to more manual tools when I notice that the more automated tool causes me to live within certain limitations. Sometimes it has taken me a decade to notice these limitations. Automation matters when I do something tens of times a day. But I publish a blog post once in tens of days. It feels worth some additional work to get a little more control and break out of ruts.
The neat thing about org-mode for writing and publishing (I don't use it for "productivity") is that every time I have a new requirement, there is a solution that I can integrate into my existing writing workflow. And I get multimedia publishing "for free".
I also blog with org mode and anything that can be exported as a block of html can be easily included. Recently I dropped an interactive chart using React into the text, for example.
Ditto. I wanted to show JavaScript text art animation, and could "just" do this:
*** ~setInterval~ and ~setTimeout~ worked just right
These let us call functions that do exactly the thing we want,
viz. punch /[[#the-aesthetic-of-text-art-and-its-animation][characters]]/
into our "live spreadsheet" medium, exactly the way the artist
placed them in the original art source.
These methods can make a CPU sing, but hey, the awesome art
is worth every watt it, ah, draws.
#+html: <div class="box invert">
#+html: <em>Random twitch loop <code>setTimeout</code> and recursion.</em>
#+html: <div id="blink-demo"></div>
#+html: </div>
#+html: <script type="text/javascript">demoBlink();</script>
#+html: <div class="box invert">
#+html: <em>Flipbook-like frame-by-frame animation loop with <code>setInterval</code>.</em>
#+html: <div id="glider-demo"></div>
#+html: </div>
#+html: <script type="text/javascript">demoGlider();</script>
This works very nicely because I've structured my website as "every post is just a microsite". See:
Fennel looks quite great! And I love Lisp so there is definitely some allure there. I don't use it for mostly the reasons mentioned in OP:
* to minimize dependencies. Lua < Lua + Fennel. I'm more extreme than OP in that I don't even use LuaRocks. When I need a library I copy it in, and I pick a library that won't change often so that is a reasonable approach. I try to avoid native libraries.
* for even greater stability. Fennel is pretty stable, but I use Lua 5.1 for the most part which hasn't changed since 2008 or so. I'm more extreme than OP in even avoiding later versions of Lua.
Bottomline: the reasons I like Lua have nothing to do with syntax and are much more about these operational meta characteristics of the language. If I cared more about syntax I'd be on Fennel in a heartbeat.
I use Lua the same way, without LuaRocks. I use a Makefile to run my programs on Lua 5.1~5.4 and LuaJIT and compare the output files, to ensure portability across versions.
I forward everything including spam to Fastmail. Their spam filter is absolutely fine. This way I don't need to check for false positives in 2 places. You're probably losing one genuine message a year if you don't check your Gmail spam folder.
(And then if you could try out my https://akkartik.itch.io/carousel and report back, that would be even more helpful.)
Edit 20 minutes later: After I posted this I remembered I have access to a https://www.walmart.com/ip/AT-T-Maestro-3-32GB-Ocean-Green-P.... And both LÖVE and my Carousel work great on it! Much less laggy than any other app on that phone. Including the browser.