At first I though the Apple one had a half-dozen departments actually coordinating on something, but then I took a closer look and realized it's just more micromanagement.
There’s an interview with someone talking about Steve having an extreme melt down rage about the header not being technically centered in one spot on the Apple page.
I want to see his reaction trying to type a message on the iPhone keyboard from anytime in the past 7 years.
Or navigate the random nonsensical grouping of stuff in settings that got so out of control they added a search bar or watch a pip video or really use anything. Every feature has some sloppy problem.
It used to be excusable as nobody else was trying and they’d be working to fix it. Now they just add a feature that’s sub par to things already out there, no innovation, and then it feels sloppy. Most things just don’t feel good to use down to the size and weight of phones now. Rather than fix the problem Apple just keeps copying the homework and claiming they can’t fix perfect.
Steve would be punching holes in the wall. Probably would stomp a hole through the floor to strangle the keyboard team
And that's just the iPhone keyboard. The physical keyboards on MacBookPros are still terrible. I've had two of them where some of the keys shorted out or stopped working. Eventually, thinness has diminishing returns. I'd rather have a thicker/heavier keyboard where the keys don't die.
My thought on this was always that micromanaging in this structure is rational and maybe even the best. It's not really a Jobs thing—though he's (right or wrong) probably the picture most people have in their head when they think of visionary CEO—it's just that if the leader has a vision then it is great if they're capable of having everything run through them. It's when there's no vision at the top and no leaders sitting across the silos pulling things together that it helps the company to have people below with increasing autonomy. Whether the autonomous people should be higher or lower depends on which other org structure you've chosen. Silos are fine when leaders have a vision. That said, I haven't seen many groups that placed power in the place where their chosen org structure is meant to place power.
This is 2011 though, a lot has changed since then. I doubt Facebook/Meta, for instance, is still as flat as it was then having read some ex-employee accounts
In fairness, there was a time when I was unable to have a computer sort search results so the default hit was the plugin with 1000x more downloads than all the others combined.
Not trolling here but these things are by design cesspools ready for compromise. Any fully open ecosystem where contributions are not strictly reviewed is open to this problem. If you don't like it, don't use editor extensions and use a well audited editor.
If you want to use extensions or node packages or pypi packages without doing a detailed review you're accumulating technical debt. You're assuming a risk in order to ship rapidly. You can either pay that down at some point under control, or bear the interest when it comes due.
I mean I don't think some sort of "access control" within the editor is going to really address this. People edit sensitive text in their code editor and no matter what that is going to be available to most useful extensions. Even if you don't lose a credential or get some arbitrary script running to mine crypto on your machine you could have an extension function as a key logger and exfil code you really think is valuable.
It would have restrained the access here. The extension would have only had access to the repos opened by this individual rather than an api key that gave access to 3,800 repos.
They probably should have some permission system where the default extension is only able to operate within the repos open at the time and has no internet access. Then you can grant internet access for the ones which genuinely need it.
The majority of VS code plugins are just syntax highlighers and linters which don't need any dangerous permissions.
Most of these problems could be solved with something like wasm/wasi where you can limit access to web, disk, etc... WASI is made to run code you don't trust, you could even limit compute third party is using so they can't mine crypto (I think it's called fuel limit). Ideally we would have whole IDE run in this kind of environment where we can explicitly say what it can and can't do.
It's easy to wave a magic wand and have one developer do better than a corporation of tens of thousands. There is a reason I don't use Microsoft products: I can't do it myself and do won't do it for me.
Just five years ago this opinion was heresy on HN. Those of us who still remembered their behavior in the 80s/90s were belittled.
"They have changed, gramps. This really smart Satya Nadella is CEO. They are the good guys now. Don't be so bitter over old stuff like systematic use of illegal tactics to attempt to kill all of its competitors including Linux."
Also: Note that the headline undersells the news dramatically. The article begins with:
"GitHub has confirmed that roughly 3,800 internal repositories were breached after one of its employees installed a malicious VS Code extension."
Well the vacuum cleaner joke is very old, was true then, is true now, has continued to be true despite some people having the wool pulled over their eyes and thinking that Microsoft was no longer the enemy at some point. They have always been the enemy. Stay on your toes, don’t let them in.
https://bonkersworld.net/organizational-charts