"That application whitelist probably needs a permissions flow for a user to agree that Password Manager Brand X is indeed their password manager application of choice."
This scares me. Are you proposing it as something that is necessary, or something that is necessary as part of the parent poster's suggestion to use HTTPS + PUT? If the former, how does this scale across the multiple platforms I use? Ugh. Scary.
I'm saying it as a baseline of something necessary to use HTTPS PUT for automated password change solutions, to keep them even reasonably safe. I don't want every possible application on the internet with the ability to change my password, so of course I want a whitelist of applications that could ever possibly do that on my behalf. That seems like one clear, important requirement to me.
You are right, it doesn't scale well.
To me (and one of the posters above) it's just more proof that password infrastructure in general doesn't scale very well (because security attack surface scales proportionally), and that we really need a better solution. "Simple password change HTTP PUT REST API standard" is a security nightmare, and we should all be afraid of the mere idea of it. We should instead be looking to get rid of passwords altogether, for something that maybe does scale better. Such as the suggestion above that it would be better to try to sketch an API that asks our password/token managers to log us in, rather than the other way around, like an SSH Agent or an OAuth/OpenID provider or some better standard we could attempt to devise.
I'd like to offer a few decades of perspective on your claim.
I've been programming for 30+ years. When I sit down to code, most of the time I've thought through it before even typing and am ~99% confident I won't hit a roadblock. I've spent half my life mastering my programming skills.
BUT: I'm a high-level technical lead / product lead, so I only get to write code a few times a month and it is more for stress-release because I've mastered it (and because I am a mentor to / lead 30+ programmers and this gives me a chance to interact with them).
If I wrote code 100% of the time I'd being winging it 1% of the time. So in this regard you are correct.
However, because of how corporations work, once you've demonstrated proficiency at "junior level work" you move up to the next big challenge. Yes, that sounds pejorative, but coding is not hard compared to the next levels of competency: programming is junior level, software architecture is senior level, product roadmap is staff level, corporate direction is above that. Sorry if that hurts your butt, but knowing the latest JS framework or how to optimize your C++ is trench-work compared to convincing the CTO where your division should invest its R&D budget for the next 5 years.
Because there is no "school" for learning how to plan your company roadmap, you really do have to wing it and learn from experience. And since shit is changing so fast... well, sure there are basic principles studied is business (that sometimes are useless for strategy but are good for tactics)... but in tech, it very much is "wtf is going to happen next and is this the right choice." Sure there is an executive board, and vice presidents gunning for your role, but you REALLY are winging it at C-level unless you are in your 70's and have helmed multiple large companies.
So from a top's down view from higher-importance positions, winging it is simply part of the job.
> However, because of how corporations work, once you've demonstrated proficiency at "junior level work" you move up to the next big challenge. Yes, that sounds pejorative, but coding is not hard compared to the next levels of competency: programming is junior level, software architecture is senior level, product roadmap is staff level, corporate direction is above that.
This viewpoint, that those jobs are harder, is just self-justification (either to themselves or to everyone else) for people higher up that list of their higher pay than those below.
I don't believe those skills are actually harder (nor easier, just different), or that you have to be good, e.g., at programming to be good at corporate direction.
What is, IMO, true, is that those skills do have larger impact (or at least, significantly more obvious impact), which is at least a reasonable justification for higher pay.
But don't pretend that being good at software architecture, corporate direction, etc, means that you're actually smarter than that person who's "just" a programmer.
I don't think they are implying that people on more junior levels are not at smart. I believe they are attempting to explain that as you go up higher people tend to be less competent due to a lack of experience and proper training tools.
> I believe they are attempting to explain that as you go up higher people tend to be less competent due to a lack of experience and proper training tools.
He's not saying higher-ups are less competent, he's saying winging it is inevitable and necessary at the C-level _because_ it is impossible to already have experience and proper training tools for the decisions one has to make.
Sites like this one (and especially the initial spirit behind them) are the result of programmers and programmer-like minds (“hackers”, if you will) just “winging” it and seeing what will happen if they’ll build them. The reddit’s founders’ decision to initially write it in Lisp or even Paul Graham’s decision to write this website in Arc is almost quintessentially “winging it”, no sane person should have picked the wingy Lisp or Lisp-like Arc over a non-wingy and easily “architecturable” platform like Struts (we’re talking about the years 2005-2006). The same goes for Zuckerberg using PHP to write Facebook as PHP is the most winging-like programming language ever.
What I’m trying to say it’s that winging it is good, it’s good to get lost in a bazaar, we don’t all need cathedrals.
I believe the phenomenon you're talking about is called "Peter principle" [1], which states that "people in a hierarchy tend to rise to their level of incompetence. In other words, an employee is promoted based on their success in previous jobs until they reach a level at which they are no longer competent".
No, he's talking about something different. The Peter Principle makes the process sound totally dysfunctional because it assumes the employee will remain incompetent, while he suggests that a period of incompetence is necessary to learn how to do your job.
The CTO you're convincing is winging it as well, so how much convincing do you actually need to do? How many C-levels have been convinced to blindly adopt ML/AI/Blockchain/TrendyThings?
If these folks really are winging it, that's code for "hey, we're dumb, come exploit us". It's where pomp and circumstance close deals rather than actually delivering something technically good. It's where things start turning into a social club but the salaries continue to climb.
Great perspective. My takeaway is that people today are still overall undereducated. Business skills and corporate strategy should be taught earlier, at the highschool levels, instead of requiring a dedicated MBA.
> Business skills and corporate strategy should be taught earlier, at the highschool levels, instead of requiring a dedicated MBA.
How would you teach corporate strategy in a way that’s simultaneously honest (and useful to the individual) and palatable?
Maybe if you limited yourself to strategy within coops, where the individual’s incentives really are aligned with the incentives of everyone else in the organization, or mid-level management, where you only have a certain category of power - but that’s less useful because coops aren’t so common and mid-level management is ultimately subjected to what the upper levels decide.
In the end, individuals with positions where they have to worry about “business skills” or “corporate strategy” don’t usually have incentives which are aligned with the people at other rungs on the ladder. If you teach corporate strategy in an honest fashion, a not-insignificant portion of your material will be how to effectively redirect money from other areas in the organization to yourself. Most of your students will see that at stealing.
Or maybe you don’t teach how to leverage these strategies, but just how to spot them in action?
Either way, K-12 is traditionally focused on skills that are more foundational and generally useful. Admittedly, that’s changing as some schools introduce things like CS courses, but usually these are electives and not part of the core curriculum.
If I were exposed to corporate strategy without having any business experience whatsoever that usually accompanies an MBA, the subject would go in one ear and out the other without registering one bit.
What really ought to be taught is personal finance and basic investing - those subjects can be molded into information for any age group.
It seems to me those domains lack a well-defined paradigm that can be taught in a easily digestible way in a classroom environment.
I imagine some of the known valuable skills can be taught to a certain degree. Problem-solving, learning how to learn, assessing opportunities, looking for inefficiencies, communication, telling a compelling narrative, and so on. But I don't think it is easy to teach those things in a highly effective manner, at least not in a short amount of time.
Having used all of them, I'd say there was a huge drop in UI/UX from MSDOS to Win3, but then steady improvement which peaked around Win2000, cratered, and is crawling back.
The complexity ramped significantly: MSDOS6.22 was simple, solid (yes) and predictable, and Win3 destroyed that for a loooong time. WinNT was a solid rebuild, and merging it with Win3x led to Win2000, IMHO the peak. Now Win10 can't decide if it is a mobile OS or desktop OS, or an advertising platform, and it feels that way when I try to use it. Tiles and old-time Dialogs are in constant contention, the look in feel is at war with itself. I don't even know how to help people with problems anymore because I've lost track of the Win10 control panel after WinXP when I stopped developing.
Microsoft has seen what Google is experiencing, but I do not think MS is out of the woods yet. They appear to be trying to make it simpler...
Apple Mac
Classic MacOS up to v9 -> MacOSX -> all the mountains
I did zero Mac development until OSX, but I spent a lot of time using Adobe products and eVision/Max audio tools. The controls remained largely consistent: from one OS to the next for over 15 years the paradigms were the same. That's the longest stretch of stability. OSX has been exploding with features, specifically cloud based things that I don't want.
I think Apple is on the "oh shit this is a mess" peak. They too are trying to figure out the macos+iOS strategy and it smells like convergence, but I bet they have 5-10 more years in this feature-rich mess.
iOS
Do we all yearn for the simpler days of iOS when the control panel was more compact and there were fewer confusing gestures? Yes. iOS is exploding in complexity.
Android - I don't use it. /shrug/
Linux Desktops - I've been using MWM since 1992. The entire KDE / Gnome debate was a giant clusterfuck IMHO. I've tried using fancy Linux desktops that were supposed to be Windows-killers and its like wearing your shoes on the opposite feet. I can't say this has hit peak complexity because it hasn't really gotten attention from serious UI/UX talent.
Amiga, OS/2, NeXT ... I don't know enough about these, or they didn't last long enough to experience the complexity curve.
TL;DR
I think it is safe to say that Microsoft has the most experience trying to wrangle failed UI/UX experiments at scale. Mac & Google are just learning this. I think it will be at least a decade before the latter two are able to conceptually shrink the UX footprint of the O/S. My guess: everything converges to tile-based mobile-like UIs on desktop, laptop and mobile. Mobile OSes are just fine for desktops. IMO.
> Tiles and old-time Dialogs are in constant contention, the look in feel is at war with itself.
Many years ago MS made a book which pretty much said "Official UX guidelines" on the cover; later this was available in MSDN. It was actually quite good, though of course the OS never managed to adhere consistently. Useful advice for developers. Now there is only a short guideline with a mixture of different technologies and mostly focusing on tiny details, no big picture at all.
The change in these guidelines is reminiscent of the change experienced in the accompanying Windows releases.
(That being said, I'm baffled just how bad the default styling of Windows 10 looks. It reminds me of the flat styling available in 2000/XP [I don't mean the standard 3D 95 look]. And I was taken aback that someone somehow somewhere managed to actually make the Windows 10 start menu worse than the Windows 7 start menu, which was already laughably bad.)
That's pretty funny and I'm glad to hear something other than another barely believable "I did this god mode hack" story... The mechanical realm doesn't get enough love. Indexing shifters have become better, but progressively more miniaturized (and ironically flimsier IMO) over the past 30+ years. Good work!
This scares me. Are you proposing it as something that is necessary, or something that is necessary as part of the parent poster's suggestion to use HTTPS + PUT? If the former, how does this scale across the multiple platforms I use? Ugh. Scary.