In terms of waiting times to see a doctor or specialist (the only cases where stats for the US seem to be available), the US looks a touch better than average in waiting times for healthcare within comparable countries: https://www.oecd.org/en/publications/health-at-a-glance-2025....
Ahead of Canada, sure (they come worst here in both scenarios) but behind countries like the UK, Germany & the Netherlands that do have universal health care.
It's definitely annoying if you work in enterprise, but on the flip side: the fact that these enterprise requirements exist is the main reason that TLS certificate configurability is possible at all, without which it would be dramatically harder (or impossible) to reverse engineer or do security & privacy research on mobile apps, IoT, etc etc etc.
Enterprise control over company devices and user control over personal devices are not so different.
A few apps do use certificate pinning nowadays, which creates similar problems, but saying "you can never add your own MitM TLS cert" is not far from certificate pinning everything everywhere all the time. Good luck creating a new home assistant integration for your smart airfryer when you can't read any of the traffic from its app.
Imo: let's make it easier! Standardize TLS configuration for all tools, make easy cert configuration of devices a legal requirement (any smart device sold with hardcoded CA certificates is a device with a fixed end date, where the CA certs expire and it becomes a brick), guarantee user control over their own TLS trust, and provide good tools to check exactly who you're trusting (and expose that clearly to users). Not really practical of course (and opens all sorts of risky games with nation state interception as well) but there are upsides here as well.
> Standardize TLS configuration for all tools, make easy cert configuration of devices a legal requirement
I think this is the right idea (it’s configuring dozens of things which causes problems) but the other idea I’d consider is standardizing a key escrow mechanism where the session keys could be exported to a monitoring server. That avoids needing active interception with all of the problems that causes, and would pair well with a standardized OS-level warning that all communications are monitored by «name from the monitor cert» which the corporate types are required to display anyway.
Totally agree. Chiming in as another React dev: I really regret the last few years of choices React has made. I don't want a React-integrated BFF layer, even on greenfield projects, hooks are awful and the whole thing just gets more awkward to solve tangentially related problems.
I really do want a good frontend framework that lets me expressively build and render dynamic frontend components, but it feels like 99% of React's development in the last few years has been just been creating churn and making that core frontend experience worse and worse. Hooks solve challenges around sharing component meta-functionality but then end up far worse for all other non-trivial cases, and it seems like RSC & concurrency just break things and add constraints instead of improving any part of my existing experience.
I guess this is cool if you're building mega-projects, but it makes React actively painful to use for anything smaller. I still use it every day, but as soon as I find a good off-ramp for my product (something similar, but simpler) I will take it. Moving towards Preact & signals currently seems like the best option for existing projects so far as I can tell.
> These non-free software components are not required - you can compile and run Pebble watch software without them. This will always be the case.
This seems like a reasonable balance. They're shipping default distributions with these blobs included, but you can remove them and run the literally completely purely open source version directly instead if you prefer (although it sounds like you'd notably lose heart rate tracking, along with speech recognition & similar).
In the end, wasn't EncroChat a larger problem for the criminals than the governments?
Once it became a big enough target it got taken down, and then quietly run by the police who collected everybody's messages for months before triggering a huge round of arrests, including quite a bit of major organized crime across Europe. The dangers of centralization. They'd love another EncroChat!
Doesn't apply so much to GrapheneOS of course since they're not in the messaging platform market, but it's definitely a cautionary tale.
How does this compare to Ghostfolio? Seems like it's exactly the same space & Ghostfolio has an existing substantial user base. Why should I choose one or the other?
I found GitHub's old "how many visits to this status page have there been recently" graph on their status page to be an absurdly neat solution to this.
Requires zero insight into other infrastructure, absolutely minimal automation, but immediately gives you an idea whether it's down for just you or everybody. Sadly now deceased.
I like that https://discordstatus.com/ shows the API response times as well. There's times where Discord will seem to have issues, and those correlate very well with increased API response times usually.
Reddit Status used to show API response times way back in the day as well when I used to use the site, but they've really watered it down since then. Everything that goes there needs to be manually put in now AFAIK. Not to mention that one of the few sections is for "ads.reddit.com", classic.
Personally, my one annoyance here is that it requires you to install a GitHub App that gives it direct write permissions to all code in your repos (in addition to issues, PRs, etc).
I'd much rather give it read permissions, have it work in its own clone, and then manually pull changes back through (either with a web review UI somehow, or just pulling the changes locally). Partly for security, partly just to provide a good review gate.
Would also allow using this with other people's repos, where I _can't_ give write permissions, which would be super helpful for exploring dependency repos, or doing more general research. I've found this super helpful with Claude Code locally but seems impossible on the web right now.
Ahead of Canada, sure (they come worst here in both scenarios) but behind countries like the UK, Germany & the Netherlands that do have universal health care.
reply