“secure” is relative. They may not be e2e encrypted, but they are still encrypted via TLS, like any HTTPS traffic. It’s the same encryption used for online banking. If you care about your instance admin being able to read your messages, you should use Signal or a Matrix client though.

But remember that only a few years ago, almost nobody used e2e encryption, and it wasn’t much of an issue.

Unfortunately, this quote is often taken out of context to argue that optimization is not important. Here’s the full quote:

Programmers waste enormous amounts of time thinking about, or worrying about, the speed of noncritical parts of their programs, and these attempts at efficiency actually have a strong negative impact when debugging and maintenance are considered. We should forget about small efficiencies, say about 97% of the time: premature optimization is the root of all evil. Yet we should not pass up our opportunities in that critical 3%.

In other words, you should optimize your code after you have profiled your program to find out which sections are most performance-sensitive, and you should use benchmarks to verify that the optimizations you have applied are beneficial.

I guess it cannot be done if their IT infrastructure was not designed with that use case in mind. Although I’m not familiar with human resource management software, I don’t find this hard to believe at all.

Also, you’ll understand what Biron Tchaikovsky meant with “Please believe me” when you look at their email address. They already tried to do it, and probably complained many times before giving up.

It is so frustrating when a conspiracy narrative is mixed with valid criticism, which ultimately only taints the criticism by association with the “conspiracy.”

obligatory XKCD

The name “pull request” is actually more accurate, because you ask the upstream repository to git pull the changes from the downstream repo.

Iframes cannot access the main frame’s DOM if the iframe is from a different origin than the main frame, and they never share the same JavaScript execution context, so an iframe can’t access the main frame’s variables etc.

It’s not required that iframes run in a different process, but I think they do at least in Chrome and Firefox if they’re from a different origin. Also, iframes with the sandbox attribute have a number of additional restrictions, which can be individually disabled when needed.

They still have their place; for example to embed Google Maps or a YouTube video. Generally, whenever you want to embed something from a different website you have no control over, that shouldn’t inherit your style sheets, and should be sandboxed to prevent cross site scripting attacks.

I do not use AI to solve programming problems.

First, LLMs like ChatGPT often produce incorrect answers to particularly difficult questions, but still seem completely confident in their answer. I don’t trust software that would rather make something up than admit that it doesn’t know the answer. People can make mistakes, too, but StackOverflow usually pushes the correct answer to the top through community upvotes.

Second, I rarely ask questions on StackOverflow. Most of the time, if I search for a few related keywords, Google will find an SO thread with the answer. This is much faster than writing a SO question and waiting for people to answer it; and it is also faster than explaining the question to ChatGPT.

Third, I’m familiar enough with the languages I use that I don’t need help with simple questions anymore, like “how to iterate over a hashmap” or “how to randomly shuffle an array”. The situations where I could use help are often so complicated that an LLM would probably be useless. Especially for large code bases, where the relevant code is spread across many files or even multiple repositories (e.g. a backend and a frontend), debugging the problem myself is more efficient than asking for help, be it an online community or a language model.

Oh, didn’t the domain somesoftwarecorp.com give it away?