Because of Grover Norquist and his organization (ironically named Americans for Tax Reform). Their "Taxpayer Protection Pledge" taken by most Republican lawmakers (95% before 2012), locks them into supporting his policies. The problem is that he views any attempt to simplify tax filing just like a tax increase (presumably since people will be less upset about paying their taxes), and uses his influence to lobby against reforms like this.
It's true that the Democratic caucuses, both federal and state level, are much harder to hold together. Every year there's a bill in my state to reign in pay day lenders. Basically banning usury level interest rates on loans. Overwhelming popular support (~80%) and editorial support.
And every year there's a "blue dog" Democrat living in a purple district which bends to the pro pay day loan lobbyists.
Vetocracy is a tough problem. Our civic legacy is to fear the mob, tyranny of the majority. (Thanks Plato.) So it's rare that mere popular support ( >60%) is sufficient to attain progress.
So, to your point, mere 50% + 1 vote ain't ever enough.
Making payday lending illegal will push poor people who desperately need the cash to seek it from organized crime instead.
There’s a reason those bills get stopped and killed. They sound good on their face, but when you dig into the details they harm the people they’re supposed to help.
>Democrats had filibuster proof majority when Obama was president.
For 2 years. And spent basically the entire time barely getting ACA through. Not a lot of "political capital" leftover for battling to have free tax filing.
Google hired these researchers to give them some basic facade of having concerns about AI ethics. They were supposed to write some nonsense papers and just act as shields when questions about AI ethics were raised.
When these people bit Google on the hand, Google got rid of them. Simple story.
Google is a monopoly and needs to be broken up under anti trust rules.
As sad as I think this reasoning is, I think it's true. Google wanted someone to shield them from scrutiny with some hand wavy papers, making them feel good about what they are doing (disrupting the market!11!1!), just as pharma pays studies to prove what they want. Those researched probably just didn't get the implicit agreement or requirement, that Google already did everything right and well. And obviously Google isn't racist or biased, and if they are, they are doing everything they can to combat that /s.
Speaking as a senior software engineer, where I develop software to bring food to my table, Amazon is a monopoly and should be broken up under anti trust rules.
Amazon as a business is about rent seeking and taxing internet commerce and engages in predatory monopoly behavior. They are actively suppressing tech competition and free market activity in e-commerce space.
The Amazon workers union should expand to cover he entire country.
Anyone that thinks this is about free market and Amazon is just a private company doesn’t have a clue. Amazon is quasi government actor now, where they are the only game in some small company towns. Jeff Bezos owns Washington Post and exerts undue influence on many politicians. Amazon has contracts with CIA and military.
As a software engineer, do you want a future where Amazon is the only employer and can undercut the salary to their liking?
Basically, the legacy establishment media is complaining about the new establishment social media.
Same thing as the the obsolete horse and buggy industry complaining about the automobiles taking up all the street space and causing traffic.
The establishment media got big, fat and lazy with their monopoly and selling limited ad space.
When the ads space became infinite in the web, they didn’t innovate and pivot to web technologies.
Google and Facebook innovated web technologies and leveraged their tools to filter and target valuable audience attention space.
The establishment media is obsolete and no amount of complaining is going to change the dynamic of the web. All they can do is talk about their high school glory days of scoring 5 touchdowns in high school championship game.
It’s easy to be armchair sql injection expert and point fingers.
I can guarantee that any system that you’ve worked on has numerous OWASP security bugs. You’ve probably looked at the bugs countless times and never noticed it.
Every software engineer of all levels has overlooked obvious sql injection bugs in their code base. Most likely you’ve added to the bug list.
Software bugs are simple part of any development effort. All major companies, Microsoft, Google, Facebook, etc. has very simple bugs like this in their systems.
That’s why they pay out bug bounties, it’s cheaper for them to add the bug and have some random security researcher find the bugs for them.
Look up gell-mann amnesia effect. The article doesn’t know much about OWASP practices.
SQL injection bugs are not rookie mistakes, it’s prevalent in many current and future applications. Look into Vtech sql injection hack, a large company with lots of resources had similar bug.
Look at previous hacks, solar winds hack, Sony hack, were all preventable common hacks.
I'd amend to this "... or composed of local string literals". Programmatically-generated SQL can be advantageous in terms of maintenance, readability and even performance, depending on the situation.
> The reason it’s so prevalent is because it’s not a rookie issue and very difficult to fix properly, without impacting significant changes.
Neither of these claims is true. Placeholders have been the recommended way to do this since the 1990s (I remember having this same talk with Perl & PHP 3 newbies) and one of the points of using a framework like Rails is that these are much easier to avoid if you use an ORM. The problem in this case is that they found a problem they (probably incorrectly) believed couldn’t be expressed in the ORM _and_ ignored the placeholder support _and_ didn’t validate their inputs. None of those require advanced experience to fix and at least the latter two are trivial to implement.
You would be amazed at the number of "developers" that have no idea what an SQL injection is when I ask them as part of my Full Stack developer interview.
SQL injection bugs of this fairly trivial type are. This is literally what web tutorials were pleading with PHP developers not to do 20 years ago, and they weren't new then.
It's a failure of tooling. The library, or the compiler, should stop you from interpolating stuff into SQL strings. We've already seen things like this keep happening over and over until it's made impossible.
The whole situation is similar to having a construction scaffolding without safety railings, and calling someone falling off it a rookie mistake.
> a large company with lots of resources had similar bug.
Large companies are even more likely to run into this sort of issue.
It's still a rookie mistake. Any given well established company will contain a large number of 'rookies'. It's up to the company and everyone involved to make sure these are caught before going into production.
Typescript is more popular now because projects are migrating more and more business logic layer to front end. Thus the need for type safety and static analysis.
I’m agnostic about Typescript. Bare JavaScript is very efficient and optimized language, well suited for smaller projects.
However, when project scope balloons up, then Typescript becomes more useful. It’s way of enforcing descriptive comments a code, than trying to be a type safe language.
Everything is politicized by everyone to further their narratives. It’s not a meaningful statement.
Science is not just euphemism. Science is the reason we have gotten as far as we have. Science is the reason why infant mortality is almost in much of the world, and food is plentiful.
Some people may use it inappropriately, and try to corrupt it, but it doesn’t change the fact that making conclusions based on data and repeating experiments to verify and adjusting the model as the data indicates is the best way we have to model our world.
Which people are using it inappropriately and corrupting it?
Why are they doing it? Why are they using silly phrases like, trust the science? Which is basically the same thing religious people do, when they say have faith.
Also, science, the classical definition, has no meaning on its own. It’s simply way to describe reality. It’s usually up to engineers and people to put into practice.
The science may describe gravity, although they still can’t answer why the gravitational constant is a constant.
But, engineers and people can test effects of gravity everyday, and act accordingly.
>Which people are using it inappropriately and corrupting it?
Journalists who misrepresent the results of a study to get clicks. Companies that purposely design erroneous experiments to get the results they want (a la the tobacco example elsewhere in this thread). Individual scientists who corrupt their own studies or falsify data to advance their own careers.
>Also, science, the classical definition, has no meaning on its own. It’s simply way to describe reality. It’s usually up to engineers and people to put into practice.
This makes no sense. Science is the process of refining the model of the world by testing hypotheses by performing experiments and then revising the model as new data is collected. This is in contrast to something like religion, where the model is not to be altered regardless of the data.
Science is about describing reality. You may be describing scientism, or some other psuedo scientific charade, which conflates actual science with hand waving mumbo jumbo, like people try to conflate astro physics with astrology.
Gold has always existed, as far as we know. People have known about gold and it’s properties, long before classic science described gold. There’s no model or testing hypothesis for gold needed. Gold exists because people use them regularly.
Science just described gold and other elements, because they exist in reality.
Engineers and people didnt need science to describe gold to use gold. Science is convenient way to describe reality for what it is.
It’s mostly normal people freely associating with other normal people, without fascist establishment elite government control, like Twitter, Facebook, elite media, and most other social media.
Did you ever wonder why you are calling others far right or far left? Why are you referring to other American citizens with those terms? Who is pushing those terms that divide the vast majority of normal Americans? Who stands to gain?
The fascist establishment elite are getting richer by the second, while the lower classes are calling each other insulting names and fighting amongst themselves.
There’s an old movie called They Live. When you watch it now, you can call it time shifted documentary.
Wait, you object to describing "american citizens" with political labels and then in the very next paragraph use a political label on a specific group of american citizens.
Why are you just blaming Republicans?