19:00 <ELLIOTTCABLE> sigh.

20:15 <jfhbrook> tell me about it

20:41 <ljharb> why for sigh, specifically

20:43 <ELLIOTTCABLE> generalized anxiety, feelings of worthlessness, and stress

20:44 <ELLIOTTCABLE> but today’s was because money-related security is _always_ paradoxically the most poorly executed

20:45 <ELLIOTTCABLE> i had to do a bunch of financial stuff today and in the process for whatever reason i was mired in *four* different financial systems, and each had uniquely terrible security for differing reasons

20:46 <ELLIOTTCABLE> let’s see, a few of the more interesting ones, besides the almost-a-given-nowadays ‘dumb requirements’ and ‘short password-length limits’,

20:46 <ELLIOTTCABLE> - one account e-mailed me my username and password, not in plaintext, but in something even worse (which is not a phrase I’d ever thought I’d be typing) …

20:47 <ELLIOTTCABLE> in a fucking Microsoft Word .doc file.

21:09 <ljharb> hahaha

21:09 <ljharb> one of my domain names, i pay for my emailing a word doc with my credit card in it once a year

21:12 <ELLIOTTCABLE> fuck the second didn’t send

21:12 <ELLIOTTCABLE> goddamn coverage in my hospital is so bad

21:13 <ELLIOTTCABLE> ugh don’t want to type it up again. just, enter this static password we e-nailed you in plaintext years ago oh btw you can’t change it … and then we’ll show you the “message from your advisor”

21:14 <ELLIOTTCABLE> like. all over http. and the “message from my advisor” is literally a status http page i can retrieve without any cookies, so the whole song-and-dance of indirecting the e-mail thru a website is totally pointless …

21:23 <jfhbrook> the one that drives me nuts is that Fidelity normalizes passwords to be the digits 0-9 plus a *

21:23 <jfhbrook> so that you can punch it in over the phone

21:23 <jfhbrook> and they don't actually message that very well, like I think that's a kinda beefy security issue

21:24 <jfhbrook> in other news I'm getting just enough pushback on one of my more important proposals that I'm Freaking Exhausted

21:24 <jfhbrook> I'm trying to get someone else to take and run with it and am also trying to duck a meeting on it so I don't have to get frustrated about defending my ideas against people hostile towards them

21:27 <ELLIOTTCABLE> what is ur idea

21:27 <ELLIOTTCABLE> are you telling them to add a goose to the homepage that honks when you click it

21:27 <ELLIOTTCABLE> i support your idea how do i help

21:27 <ELLIOTTCABLE> i will call and do all your yelling for you <3

21:58 <jfhbrook> no

21:58 <jfhbrook> I'm telling them to refactor reporting so that we can ship report updates decoupled from ingestion updates

21:59 <jfhbrook> some of the issues are totally reasonable things to go over - should this be in a new repo, if so how to manage dependencies in the existing repo, yadda yadda

22:01 <jfhbrook> so the core issue, the reason for all of this stuff

22:01 <jfhbrook> like, ignoring the slightly improved security, ignoring the decreased likelihood of pushing a bad report, etc etc etc

22:01 <jfhbrook> is that it takes two engineers three hard days to deploy our current system

22:02 <jfhbrook> which means we do one deploy a month

22:02 <jfhbrook> meaning our lead time is a month

22:02 <jfhbrook> and people will be like, oh but if you're dealing with a release that *only* touches reports than you can skip a bunch of these steps!

22:02 <jfhbrook> and I'm like, yeah ok if that's true then why can't you guys ship? :) :)

22:03 <jfhbrook> but like having to actively argue this to people uninterested in listening is

22:03 <jfhbrook> fucking exhausting

22:03 <jfhbrook> to the point where I'm thinking about what I'm gonna do if I release the big "why we can't ship" doc and nobody that matters finds it convincing

22:03 <jfhbrook> like, save a copy for my portfolio and split? maybe

22:03 <jfhbrook> I love this domain though and some of my coworkers are fantastic

22:04 <jfhbrook> also thinking about taking a random day off to headphone up and work on that doc