The debit card behavior is probably bank specific. I had fraudulent transactions on my debit card. The bank caught it after a few transactions, alerted me, and shutdown the card when I told them it wasn't me. I didn't get charged for any of the fraudulent transactions. I also had a restaurant charge my debit card for my bill and another customer's bill (honest mistake, not fraud). The restaurant wouldn't refund the transaction, so I disputed it with my bank, who reversed the transaction. The bank was fully set up to dispute debit card transactions from their website.
> can anyone explain why in the US if I click unlock on the remote, it just unlocks the front door? This keeps happening on rental cars. You have to click twice on unlock to get all the doors to open.
This is likely configurable. Instructions should be in the owner's manual. It is configurable for both my and my wife's vehicles, one via the touchscreen and the other by pressing and holding unlock for 5 seconds.
This is vehicle specific. Not all 2023 vehicles behave this way. I have a current generation vehicle (same generation and tech as 2023).
- Doors stay unlocked. Eventually the engine won't start without pressing unlock on the key fob again, but the doors remain physically unlocked forever.
- Trunk is manually operated.
- It doesn't ding when starting the engine if my seatbelt it on. And I have a programmer that lets me disable the dings when my seatbelt it off. There are no dings when turning the engine off.
- Blind spot warning is configurable: Off, lights, lights + chime. The chime warning doesn't seem annoying.
- No lane keeping assistant.
- Tire pressure monitors work well. They are accurate (same pressure as multiple physical gauges I've tried). Tire pressure increases slightly when driving due to heat. They have never triggered a warning.
- I don't recall ever having to accept terms of service. It certainly hasn't happened multiple times.
I have physical knobs for volume, fan speed, and tuner. Physical buttons for everything else. No controls use resistive touch buttons. No controls are via touch screen (touchscreen has information and setting like blind spot, but not actual controls that don't have physical buttons).
I also have a 1990s vehicle, with an aftermarket touchscreen installed to support Android Auto and Apple CarPlay. The current generation vehicle is no more annoying than the 1990s one.
My wife has a 2023 model year vehicle. Many of the complaints in the post are enabled by default (auto re-lock, blind spot chime that gets confused by multiple lanes). But many of the annoying things are also configurable, including auto re-lock and blind spot.
So it is possible to pick a vehicle that isn't annoying. And I suspect most of the annoying things can be disabled.
If you are on GCP I think the choice is simple, use Cloud Pub/Sub. Extremely simple, extremely reliable, extremely performant, fairly inexpensive, multi-region (global). No maintenance, no scaling, almost no tunables, it just works.
Google provides a Pub/Sub emulator for local development.
I don't really buy the vendor lock-in thing for Pub/Sub-like systems. The Cloud Pub/Sub usage pattern is basically the same as Kafka, you can have a library that abstracts away the differences. There are open source libraries that do that[1]. If you ever need to switch cloud providers, or want a messaging system to span cloud providers, you can switch without changing lots of code.
Thanks, that was a very clear explanation. I know AssumeRole is needed for SSO, and I understand the benefits of SSO. The way the article phrased it it sounded like AssumeRole has some very specific benefit by itself.
And if the answer is "short lived credential", then I'd like to understand how short lived credentials that require a long lived credentials to get them are better than long lived credentials, if both can be just as easily revoked.
I'd like more detail on the advantages of AWS AssumeRole, and what attacks it is designed to protect against. It must be more than CloudTrail logs, because normal API usage gets logged to CloudTrail.
One thing I'd like to highlight is that SOC2 is about having controls (of your choosing), and documenting and proving you are following those controls. I think it is important to pick controls you actually want to follow, and that those controls aren't so specific that you get fenced in to a bad process.
I've worked at a few companies that have gone through SOC2, one of them (Dropbox) did it very well. I think the average engineer didn't need to know about SOC2, or what all the controls were, because the controls were well thought out, and automation took care of the proof. At another company every engineer was constantly saying "you have to do that because of SOC2", because the controls intruded on the way engineers worked.
"SOC2 requires that two people approve every PR". Hmm, no the accountants that created SOC2 don't know what PRs are. "Only members of the team called 'QA' are allowed to transition Jira tickets from state A to state B, SOC2 requires it". No, I'm pretty user SOC2 doesn't specify issue tracker workflows. "You need to name your git branched XYZ-abc-foo-bar, because of SOC2". You're telling me that accountants are specifying source control conventions?
Why? I'm genuinely curious. I've never used their product, but their Wikipedia page says they are a San Francisco based company with end-to-end encrypted messaging and video conference calls[1]. And their home page[2] says "Fully encrypted. Enterprise-ready. Private."
At first glance it seems like a reasonable choice. US based and end-to-end encrypted seems to be what the military wants in this case.
I want to put on end to the "you can't contact Google" comments that comes up every time Google Cloud makes the front page.
You can contact Google Cloud. They are very responsive. I'm currently at a small startup using GCP, and I've been at similarly sized startups with equivalent AWS spends. I have found it easier to have serious discussions with GCP, compared to AWS.
We have dedicated GCP contacts. We actually have a Slack channel we share with our dedicated GCP contacts, so we can easily ask questions. Two of my coworkers just got out of a meeting with Google PMs less than an hour ago. Another one will be meeting at a Google office tomorrow. I had a meeting with about a dozen Google engineers and PMs from their database team(s).
Yes, you have to pay for support. They have a couple different support options, depending on your needs. But you have to pay for support with AWS too.
The one bad thing about Google Cloud support is their Level 1 support. It is very easy to submit a support ticket, and they will respond quickly. But if you are highly technical, and know what you are doing, and can research yourself, Level 1 support it nearly useless. They do make it easy to to escalate, with a prominent Escalate button in the ticket. And you can always escalate through your direct contacts (Account Manager, Technical Account Manager, Customer Engineer). But it would be nice if Level 1 could be bypassed, or were more technical. I think they are trying to iterate on the process. They recently started offering to have a video call a lot of the time, which isn't my cup of tea, but I think it is a sign that they are trying to improve the Level 1 support.
If you are using Google Cloud as part of a business, you will be able to contact them. You will probably have an account manager that you can probably meet in person with. If you pay for support you will be able to submit support tickets, real humans will respond, and respond quickly.
> International websites have to respect local laws.
No way.
If I, a US citizen, publish a website hosted in the US that is critical of the Turkish president, should a Turkish court be able to compel me to take it down or block access from Turkey?
What if I'm Israeli and I publish open source software, source and binary hosted in Israel, that is against US hacking laws. Should a US court be able to order an Israeli to stop doing something that is legal in Israel?
(Both of these are hypothetical, I don't know if there are such laws.)
If I have no business in a country (or pseudo country like EU) they should have no jurisdiction over me. I shouldn't have to comply with every crazy authoritarian, free speech suppressing, restricted use country in the world.
If countries want to prosecute their own citizens for visiting my site, consuming my content, or using my software, that is their business.
Now if I do business in that country... that is different, then they might have some legal jurisdiction over me.
> MINOR: increased every christmas, may be API incompatible
That's right, the semantic meaning behind minor versions is that they are released on Christmas Day. They may or may not be API compatible, who knows.
https://www.ruby-lang.org/en/news/2013/12/21/ruby-version-po...