On the other hand, if they're pouring money into a project that doesn't make them enough money to make it worthwhile, that does seem unsustainable. Maybe NATS should get less popular but become an option in EKS/AKS/GKE that Synadia runs.
The sustainability of open source doesn't seem to come down to whether the product is open source or not.
As an example, Elastic was a $10B company in 2021 — the year they went dual license — with revenue of around $500-600m. They showed that you can build a huge business on something that's given away for free. I don't know anything about Synadia's financials. It's possible they're successful, but simply want more. It's possible they've not been able to build a sustainable business on NATS. Their commercial offering is basically support plus a closed-source control plane, which isn't exactly a big carrot when the alternative is $0.
I also wonder if there's any VC pressure happening here that could explain the sudden shift. Synadia raised $25m in 2024, and it may be that, one year later, the investors just aren't seeing the progress they were expecting.
Maybe - I wasn't making a point about open source particularly. But you can also have a few unusual examples in times of zero interest rates and they don't necessarily make useful reference points. Only the people in charge will know the whole story and how it relates to their company.
> This case highlights an interesting tension in web security: the balance between protection and usability.
This isn't a tension. This rule should not be applied at the WAF level. It doesn't know that this field is safe from $whatever injection attacks. But the substack backend does. Remove the rule from the WAF (and add it to the backend, where it belongs) and you are just as secure and much more usable. No tension.
I would say it’s a decent security practice to apply WAF as a blanket rule to all endpoints and then remove it selectively when issues like this occur. It’s much, much, harder to evaluate every single public facing endpoint especially when hosting third party software like Wordpress with plugins.
Of course, Wordpress is basically undefendable, so I'd never ever host it on a machine that has anything else of value (including e.g. db credentials that give access to much more than the public content on the WP installation).
People will manage to circumvent the firewall if they want to attack your site. But you will still pay, and get both the DoS vulnerabilities created by the firewall and the new attack vectors in the firewall itself.
You can do that in any car today. Nor is there a lack of devices available for physically attaching a regular tablet to your dashboard.
The question is whether a car maker should be encouraging or enabling a generic touch screen tablet to be installed on the dashboard versus an infotainment device with constrained functionality like AA/CP designed to minimize driver distraction.
I would be happy with a built-in screen that did nothing but AA/CP while the car was driving, and then reverted to a normal tablet interface when the car is parked.
Climate control, etc should be physical knobs and buttons. Anything critical to driving should be on or near the steering wheel.
Not only that, but people have discovered that comments shown to you on YouTube videos are also subject to "algorithmic scoring", based on your preferences, just like video recommendations.
About a year ago a video went viral where someone in a romantic relationship demonstrated that the opinions expressed in comments on videos shown to her differ radically from the opinions expressed in comments on the exact same video when viewed by her significant other using his account.
My wife and I then immediately verified that this was true for us as well.
The current trend is, relevant-looking top-upvoted comment followed by a thread where an innocent-looking account will ask an innocent question/request for recommendations, and get a helpful reply from multiple concerned kind "people" recommending the same resource... All AI bots from top to bottom
Oh yes I used to have this problem. Then I encountered the wonderful Mary Georgina on the internet and her website helped me lots, and I get such great returns! Have you heard of her?
> you are just the person they paid to make the yearly birthday present
Equally, if you presenting yourself well and negotiating well gets you a better wage to make that birthday present, then you should do those things. It's a two-way street.
But that isn’t loyalty, that is just transactional, which is exactly what people are advocating for when dealing with a corporate employer.
> loyalty for a company is concept to make you work harder without asking anything in return. And the moment the company shifts focus and you are out of it, then suddenly you understand that this loyalty wasn't kind of a credits account which you've been saving all this time. It's simply nothing.
This is what you were responding to, which is not transactional. You are loyal to your spouse (to a point) because you trust her to have your best interests in mind and be aligned in the common goal of improving life for you both. A corporation’s spouse is the shareholder and has their best interests in mind, not the employee.
Unless you're in a country that embraced the teachings of Marx, you're more likely to die from too much food than not enough, or a class-based murder spree.
In the context of this discussion, the result has to be of value to someone else, that's all. Then you can haggle over how valuable it is. When it is for yourself, the currency is time and energy; you ponder how much to invest on one task versus another.
I like to use a fuzzy definition (though, all definitions are fuzzy—what's a chair? Good luck...) based on whether it's common for someone with the means to do so, to pay others to do it for them, by choice and not due to disability or something like that.
Taking a shit? Not work. Cleaning the toilet? Work.
Eating dinner? Not work. Cooking dinner? Work.
Playing badminton on your lawn? Not work. Mowing the lawn? Work.
Napping on your Ikea couch? Not work. Assembling that couch? Work.
All profit made by an employee is value invested by a business' owners and creditors extracted from it.
So what? You just seem to have found a perjorative way to describe work. If I pay someone to fix my tap the comfort I have now my taps work comes from me "extracting" value from the plumber?
And it's worse than that. Profit isn't just employee work. If I buy a robot to replace an employee, I might have more profit. And it's not just that work. It's also contracts with other suppliers, and risks, and debt to pay back, and decisions made, and agreements and relationships, and automation.
Windows Phone was not killed by Google offering a free OS. Microsoft chose to charge a licence for it[0]. And every Android handset requires (or required) the manufacturer to pay Microsoft licence fees of about the same amount, so the cost to the OEM wouldn't have been that different.
> The ZTE exec Santiago Sierra said they are giving Microsoft between 15 to 20 pound sterling for each handset, which is why Windows Phones are going to be more expensive for the company to make than their Android handsets
> Google, in its turn, tries to keep Android free and open, and hopes to make money from search and advertising on the platform, which is its core business.
I mean it goes clearly in the direction I’m saying.
When searching for how much Google play service cost per device, I not only found it was free when it mattered (when there was competition) but also this :
> Google is changing the way it licenses its suite of Android apps in Europe, leading the company to charge a licensing fee for the Play Store and other Google apps for the first time.
> The changes come in response to a July ruling by the European Commission, which fined the company $5 billion for antitrust violations
reply