security

confused deputy vulnerability lets anyone send emails from popular domains - apparently this was “working as intended.”

simple fault injection to bypass pin entry - sometimes hacking is as simple as connecting two pins on a circuit board.

a software bill of materials does not help with much more than regulatory compliance - the vulnerable code in a dependency may be unused - there is to much noise. sboms are useful when the same info for each dependency is always actionable - e.g. avoiding copyleft licenses.

software engineering

john carmack on functional programming - maintaining functional patterns is valuable even when a language does not encourage their use - easy testing, prevent race conditions, easier refactoring. If you have a choice between passing a field by reference or value, between updating a data structure in place or making a copy, default to the functional choice.

list of more python quirks - this is longer than mine and has explanations for each one.

investment and business strategy

reflections of an investment columnist - there is nothing new under the sun - the job is to say the same thing week after week.

disney parks and cruises can be like taylor swift concerts - a way to turn a brand that is accessible to everyone into a scarce and valuable product

how rivian differentiates from tesla - will self driving shake up the playing field? my take: manufacturers who do not invest in self driving tech will come out just fine - they will be able to buy it

games

play catan in figma - the pandemic brought too much creativity. i guess that's better than excel?

digital trading card ownership - digital economies are weird because what you own can change. In games, this is called “balancing.” It only takes a small error to screw users out of their investments or to make a game unfun.

misc

recreating a song by monitoring the listener's brain - great data for advertisers! also being able to search every song i've ever heard would be nice

fda databases are so complex that journal articles are used to explain how to navigate them - how to look up trial results and efficacy data for a drug

people who say hello to more neighbors more regularly are generally happier - just correlation, not exactly surprising