Originally posted on 2021-09-12 at Medium

#articles

If you’re like me, you probably sometimes step back and ask “Why is that Alex dude writing a newsletter? He has 0 qualifications besides being a white tech guy with a lot of white tech guy confidence. He doesn’t even have an editor! Could I do the same?

Well, for a brief, beautiful moment dear reader, you could: https://twitter.com/danhett/status/1402213743946256389

Far from the tree

Have you had a good summer? Well, Apple hasn’t. Since we last spoke, Apple tried to hire then fired one of the most unlikeable people in tech (and yes that’s a high bar). That’d be a certain Antonio Garcia Martinez, and I had a quote from him initially included here but honestly it’s so sexist that I had to take it out. Feel free to read the article above for more info.

Was that the only thing Apple tried to push through? Hell no, they also tried to scan every picture you took with your iPhone for “child pornography”, everyone’s favorite go-to when they want to attack online privacy. You’d think if these measures actually worked, Reddit wouldn’t be getting hit with a new lawsuit for child abuse material every quarter, right? Anyway, critics promptly produced examples of algorithmic false collisions on the supposingly foolproof algorithm, forcing Apple to move the goalposts and explain about the human moderation layer that clearly was part of the plan all along. Critics promptly produced past statements by Apple saying it would never do “the thing” and countless examples of implementation of “the thing” being abused, mainly by governments. After a continuous stream of backlash (at least on my twitter feed), Apple decided to postpone its plans.

Or does it?

But that’s not quite enough to call a bad summer is it? Alright, let’s add the legal battle of Apple vs Epic that just finished (not in the Supreme Court though, so it can still be appealed) that forced Apple to accept that developers can add non-Apple payment methods to their apps. Wait, hold it, please stop the press for a direct quote from the trial:

Attorney: If we could just put on the screen a picture of Peely — is there anything inappropriate about Peely without clothes?

Weissinger: It’s just a banana, ma’am.

Ok, back on topic, previously every single transaction in the Apple App Store (and inside apps) had to use Apple’s payment system, which took a 30% (!) cut. South Korea already forced Apple a few weeks ago to allow non-Apple payments for apps and now the road is open to have this done worldwide.

https://twitter.com/ashleygjovik/status/1436513841072926721

Oh and there’s also the labor investigations! Ashley Gjøvik, a senior manager reported discrimination, harassment and retaliation in Apple, and was… harassed and then fired while the labor board investigation is still ongoing. Cher Scarlett, a senior engineer with the company has also reported similar experiences and kicked off another investigation, after she had tried to increase pay transparency by letting employees report and share their salaries internally. Despite this action being completely legal and blocking this action being completely illegal, her 2 previous surveys have been taken down with the third (and largest) being currently ongoing.

Meme with face looking away, captioned “Blizzard watching Apple get investigated for toxic culture”

Of course the flurry of ongoing litigation and incidents haven’t prevented Apple from posting a highly profitable financial third quarter of 2021, with a 36% revenue growth year-over-year. Business as usual.

Hacks!

Alright, enough about those damn fruits, let’s talk about fossils, shall we? Remember what I told you a few months ago?

Half funny and half serious — having seen some of the infrastructure holding together public services, that stuff’s not built for security. If someone wanted the average town poisoned, it’s quite doable and that’s concerning

Yeah so, an oil pipeline named Colonial Pipeline, running on US soil, got hit with ransomware (it’s the one that encrypts your files and you need to pay the hackers Bitcoin to get it back). This is a pretty simple attack strategy used on a variety of targets across the globe. Here’s a few words about the impact, from Wikipedia. Note that this is after Colonial Pipelines payed the 5M $ ransom and regained access to their systems. It seems they kept the thing down because they couldn’t get their billing system back up and running. Welcome to the future, I guess?

Fuel shortages began to occur at filling stations amid panic buying as the pipeline shutdown entered its fourth day.[23]](https://en.wikipedia.org/wiki/Colonial_Pipeline_ransomware_attack#cite_note-bloomberg2-23)[24] Alabama, Florida, Georgia, North Carolina, and South Carolina all reported shortages.[23] Areas from northern South Carolina to southern Virginia were hardest hit, with 71% of filling stations running out of fuel in Charlotte on May 11[25] and 87 percent of stations out in Washington, D.C. on May 14.[26] Average fuel prices rose to their highest since 2014, reaching more than $3 a gallon.[27(https://en.wikipedia.org/wiki/Colonial_Pipeline_ransomware_attack#cite_note-27)

President Joe Biden declared a state of emergency on May 9, …

Photo by Quinten de Graaf on Unsplash

EA games was aslo hacked recently with a fairly creative method of entry: The hacker purchased a cookie with login details of an employee to the company Slack in a dark web market. The attacker then used it to request a password reset for the affected user via Slack to the company’s IT. A few hundred GBs of game and engine source code were stolen.

That attack drew my attention, especially because I’ve noticed that one of the oldest spam campaigns I get (somehow related to my living in France) has recently been changing its email titles to match recent Google searches I’ve done, so they may have gotten access to one of my cookies, or just purchased targeted advertising data. I wonder if that’s going to be a new norm, or I’m just an unlucky target.

The future is now

The original Blade Runner took place in 2019. We should have probably celebrated more that we don’t have android hunters prowling around neon cities to kill replicants. We only have totally normal things happening:

A vigilante crime app called “Citizen” (originally “Vigilante”) put a 30K $ bounty on the head of a person suspected for arson in Los Angeles. They launched a city-wide manhunt for that person, posting images, videos and the person’s name in full public view. Of course, this man was innocent and it’s a miracle that he survived that night.

Photo by Alonso Reyes on Unsplash

https://twitter.com/levie/status/1411817734636138496

https://twitter.com/jack/status/1424854924194729984

Useful knowledge

Photo by Pawel Czerwinski on Unsplash

During one of my recent Google searches for Kubernetes docs, I was pleasantly surprised to find that they’ve created an educational comic with ancient Greek mythology characters to explain the whole thing!

Google has also launched 2 interesting new things in the meanwhile (probably more but hey, these are the ones I care about):

  • deps.dev: a fast and beautiful tool for understanding and visualizing software package dependency chains.
  • Project Starline: a video call experience which aims to make remote human communication feel as natural as being in the same room. Definitely interesting until Google kills it in a few years.

And since we’re on the education train, here’s a far less evil company (everybody loves Figma afaik) explaining the origins of a fascinating bug traced back to 1977!

https://twitter.com/figma/status/1395445717783613443

Workers in the bank of the free

A few months ago, the Dutch scaleup Bunq (subtitled “bank of the free”) went public and got valued at ~1.9B $. These were news interesting to the employees at Zivver, my current organization (we’re hiring) who is also a Dutch scaleup and they were discussed in the #off-topic internal channel. One of the things that raised a few eyebrows was how no employees seemed to be significantly benefitted by this move besides the founder, who has near complete control of equity. This was a stark contrast to the Stack Overflow acquisition shortly before, which minted 61 new “paper millionaires” due to employee equity. For context, it’s however important to note that its founder, Ali Niknam, has invested more than 100M $ into Bunq, while startup founders typically invest lower or no amount and use venture capital (VC) funding for the rest. I have 3 perspectives to share below.

The first one is from a colleague claiming to be a former Bunq employee (I have verified this so the person could of course insincere). Here’s our Slack chat. I’ve removed their name for privacy reasons.

The second perspective is from another current working colleague who has a network of acquaintances working at Bunq. This is again unverified hearsay, I have not looked at contracts or otherwise checked that these people genuinely worked there. This colleague also shared that plenty of their developer friends, especially from an immigrant background, were employeed there under sometimes challenging conditions. These employees found it difficult to leave or seek alternatives as their visas were tied to the employeement.

The third perspective is… Glassdoor I guess? As you’ll note in the chat logs above, I already knew a few things about Bunq because I was approached by one of their recruiters, so I did some digging around Glassdoor and other review sites to learn more about the working culture. Needless to say, I was fairly shocked. Once you know what to look for due to the reviews, the references to the “fabulous in-house chefs cooking delicious lunches and dinners” become a bit iffy. I’ve bolded the “dinners” part btw, because as a possible recruitee looking into a job posting that’s the part that should scare you, the rest of that sentence is good news.

I don’t have any beef with Bunq specifically and as with everything else, there’s probably some folks within it having a great time there, and some others having a tough time. I did however want to highlight these experiences as I think they can be important education for anyone looking to interview whether with them or somewhere else. When approaching a role, start with Glassdoor or similar review sites and googling the company, to get a basic idea of what employees like and don’t like in the organization. If you have anything that looks “suspicious” to you, but may not be a huge dealbreaker, you should try asking your interviewers and recruiters about it. Simple questions like “Can you describe your working day?”, “At about what time do you get off work?”, or “How involved is management in technical decisions?” can quickly point you towards some possible red flags.

Better late than never?

I’ll leave you with a song, which few people expected to be actually released after 11 years. “Black Sheep” is a classic song from the movie Scott Pilgrim vs the World (though the best song title award in that album probably goes to “If we can put a man on the moon then surely I can win your heart”). This new release includes the authentic vocals by actress Brie Larson, who plays the character singing in the film, while the previous releases used a different singer.

https://www.youtube.com/watch?v=1xcSDYy3Dl4

#articles