> You should validate that the request is signed correctly
I agree with you here, but wondering what you see the benefit of per-app PKI is, versus signing all webhooks with the same cert. Is it to prevent having to do a key rotation that would impact every webhook consumer?
> Hasn't this pandemic pretty well proved that when people aren't at the office they want a little more space?
Yea, and they want a pool and a free pony too. Given that people can't all get the housing they want, how do we solve for the housing problems we've run headlong into?
Building more housing is absolutely a meaningful way to attack the problem, and zoning reform is a part of that.
> Do people actually want to live in highrises in megacities? Or do they just do it so they can land a decent job?
Of course jobs are the driver here, but that means that incidentally, yes they do want to live in high-rises in megacities. There's no real sign of large cities releasing their hold on productivity and good paying jobs, the current remote work in a pandemic thing not withstanding.
> The zoning reform people only ever look at one side of that equation.
As someone who has faced the SF Bay Area housing crisis over the last ten years, I'd be fine with people moving out. But it's not a realistic solution, given that the good jobs are still here. Not to mention, there's not much we can do to reverse the economic incentives that bring people to places like San Francisco, but there is something we can do about local zoning rules. So it's entirely rational that people focus on building housing in these cities rather than trying to convince people not to move here in the first place.
Hey man, as someone who also formerly worked in a different industry, thank you for raising this question. The longer I'm in software development (six years now) the more confident I am that all the varying rationalizations for this stuff are complete BS.
Please keep raising these questions so that those of us who don't believe in bizarre guru-based project management approaches can have a home in this industry.
The claim that "we get our money from our customers" is, on its face, wrong. Of course we're paid by the company, not the customer. The simple truth this article misses is that your wage is simply the price of your labor, and it is the firm that is paying it. The "value you add for customers" (however that might be measured) really doesn't come into the picture. The job market is competitive, and the amount your company pays you is primarily determined by how much they would have to pay someone else to do the same job.
I agree with you here, but wondering what you see the benefit of per-app PKI is, versus signing all webhooks with the same cert. Is it to prevent having to do a key rotation that would impact every webhook consumer?