Egregoros

@feld @phnt @lain I'm saying people don't read the safety labels and end up chainsawing their arm off because they don't know better.

Think about all the accountants who made giant Excel macros that are totally unmaintainable. Think about all the customer service departments that made Access DBs off a shared drive that ran into scaling issues. Think of all the software devs who thought it was a good idea to store CVVs.

It's not that technological progress should be stopped, it's that people who don't know better won't stop and someone will pay the price.

@7666 @phnt @lain

> Think about all the accountants who made giant Excel macros that are totally unmaintainable. Think about all the customer service departments that made Access DBs off a shared drive that ran into scaling issues.

both of these are 100% fine. The business operated and was successful. Perfect is the enemy of good. Prematurely optimizing especially in tech is one way to guarantee your business fails. You should always use what is cheap and works for as long as possible and then address the issue when the time is right.

> Think of all the software devs who thought it was a good idea to store CVVs.

Let's roll back the clock to when this was really popular. The issue was recurring billing. The only way to charge the card was to keep the CVV. We had to wait for the credit card companies to solve this problem for us. At least as far as I'm aware, when the CVV was invented they didn't provide any mechanism to keep billing the same card without keeping the CVV on file.

@feld @phnt @lain >both of these are 100% fine.

Only if you're not the guy who has to clean it up when it should have been in a bloody SQL DB in the first place. Technical debt should be burned with a flamethrower at all times. The endless pursuit of scale without discipline is what gets people into these messes and it will be cheaper in labor cost every time to just think it through prior.

>The only way to charge the card was to keep the CVV.

Recurring "card not present" transactions never required the CVV as far as I'm aware, and at no time was it allowed, even to solve a business problem, because it defeated the purpose of what CVV was trying to do (stop stolen cards). In almost all cases it was better to find a payment provider and iframe their shit in unless you were a bespoke payment processor, or find a tokenizer service which yes, they did exist back then.

But again, this proves my point that the "do it at all costs" mentality is a *human* flaw. We can't help ourselves, when handed a hammer, to treat everything as a nail.

@7666 @phnt @feld @lain you're never supposed to store CVV or CVV2, many intermediate vendors though didn't have any recurring transaction apis so yes a lot of people would break the rules and store it which was a major no-no. there used to be a loophole in the spec that you could "store the cvv long enough to execute a transaction" which meant like, in memory or something until it finished, but online vendors interpreted as "store it in the database so I can charge them 3 months later" don't ask me how I know. but they closed the loophole. cvv literally means "the card is present" if it's not present, you're breaking the rules.

@feld @7666 @phnt @lain in around 2005-2006 I wrote an entire pci-compliant company-wide card store for a big nonprofit, i wrote a great system that completely isolated cards from the calling program but still let the calling program do repeat transactions etc. my boss called it "too elegant" and requested a bunch of simplifications. years later the guy in charge of infrastructure architecture for the company comes to me and bitches about the design we're stuck with and says "it should have done x, y and z". and I told him "open the Word design document and go into the history and roll it back to version 1 from three years ago, there, it's designed."

@gabriel @sun @phnt @feld @lain Yeah I said something some time ago about AI magnifying our worst tendencies (and later leading to something about the most concrete realization of the acceleratonist viewpoint but we can ignore that teehee), those just don't go away. that's been the core point of my argument.

There are absolutely people who will be 5x as capable as others because they see a tool and figure out how it works before applying it and it works well for them. Others will just punch it full throttle and complain when they wrap themselves around a tree.