App stores for desktop computers have pretty consistently failed except for Steam. I don't think I've installed anything from the App store on my Mini, instead I have just dropped all kinds of images into my Applications folder. The Windows store is about as marginal as it can get. My corporate desktop at work is locked down with the Windows store disabled, they made it so I can elevate and do almost anything I need to do with developers but I can't touch Policy Editor stuff and can't unlock it. I miss WSL2 but that's the only thing I miss. I install all sorts of things for work and just install them the way we did before there was Windows 8. In the Windows 8 era my home computer always got the metadata database corrupted fror the store pretty quickly even though I didn't use it very much. The only thing I really wanted from it was the application to use my scanner back when I had an HP printer. It was obvious that it was possible to rebuild that database because it got fixed temporarily whenever it did one of the 6 month updates but people I talked to in Microsoft Support said I should nuke my account and spend hours reconfiguring all the applications that I actually use just so I can use this one crapplet. Switched to Epson and they have their own installer/updater that works like a normal Windows application. [1] I don't think the machine I built that started on Win 10 has any problems with the store but all I really know or care about is that WSL2 works and it does. Microsoft dreams that you might buy games from the Windows store but it has an air of unreality to it. If Microsoft tried pulling Activision games out of Steam you know it would just force them to write off the Activision acquisition earlier rather than later.
In my experience, it comes down to project management and organizational structure problems. Companies hire a "security team" and put them behind the security@ email, then decide they'll figure out how to handle issues later. When an issue comes in, the security team tries to forward the security issue to the team that owns the project so it can be fixed. This is where complicated org charts and difficult incentive structures can get in the way. Determining which team actually owns the code containing the bug can be very hard, depending on the company. Many security team people I've worked with were smart, but not software developers by trade. So they start trying to navigate the org chart to figure out who can even fix the issue. This can take weeks of dead-ends and "I'm busy until Tuesday next week at 3:30PM, let's schedule a meeting then" delays. Even when you find the right team, it can be difficult to get them to schedule the fix. In companies where roadmaps are planned 3 quarters in advance, everyone is focused on their KPIs and other acronyms, and bonuses are paid out according to your ticket velocity and on-time delivery stats (despite PMs telling you they're not), getting a team to pick up the bug and work on it is hard. Again, it can become a wall of "Our next 3 sprints are already full with urgent work from VP so-and-so, but we'll see if we can fit it in after that" Then legal wants to be involved, too. So before you even respond to reports you have to flag the corporate counsel, who is already busy and doesn't want to hear it right now. So half or more of the job of the security team becomes navigating corporate bureaucracy and slicing through all of the incentive structures to inject this urgent priority somewhere. Smart companies recognize this problem and will empower security teams to prioritize urgent things. This can cause another problem where less-than-great security teams start wielding their power to force everyone to work on not-urgent issues that get spammed to the security@ email all day long demanding bug bounties, which burns everyone out. Good security teams will use good judgment, though.
This chart breaks it down by spending, it does nothing about determining the effectiveness of said spending. How much actual care per $ spent? I've been on a mock jury for a personal injury lawsuit--and it was obvious to a couple of us that the smoking gun presented by the defense clearly showed she was running up the bill on something minor. We were pointing out the problem--did that sway the majority? No. The general opinion seemed to be she was owed something for what had happened--and they had failed on the voir dire, they asked about my background, didn't ask anything about family. Oops--I knew it would end up all going to the lawyer and doctors, nothing to her (the proposed amount was less than the bills she had run up.) I played it fair and didn't speak up about what would happen. And all the national systems have a fox guarding the henhouse problem. Provide proper treatment for the expensive stuff or lower the standards? So long as you make a sufficient portion of the electorate think you're doing a good job the reality is the standards get lowered. And cook the books in pretending it's fair. (Two examples that come to mind: Including "fairness" in the measure of health system quality--automatic selection for UHC, and comparing infant mortality (they admitted the comparison was not valid, did it anyway.) The reality is the biggest "cause" of infant mortality in the developed world is how the medical world falls on the stillbirth/infant mortality line. Even elsewhere--Cuba gets it's good infant mortality numbers by setting a minimum birth weight. The ones that were born too early and never had a chance get classed as stillbirths.)
↙ time adjusted for second-chance
How to Synthesize a House Loop (loopmaster.xyz)
>Sortition means it's at least possible you get someone who isn't looking for the brown bag. I mean sure, but sortition has tons of it's own problems, and it's actually pretty easy to reduce the requirement to take a bag before you can run a campaign, because this is something every other democratic country manages. The US is the only country that allows you to run campaign adverts years ahead of time. That's expensive. The US has no limits to campaign contributions in the first place, and no ceiling on campaign spending. The US has loudly declared that it is right and just that the mega rich oil Baron can pay for literally every single campaign if they want, and unilaterally control who has access to his funds for getting elected. The US Supreme court has declared that it is a good thing that the oil baron can always outspend average people to get their needs heard. Maybe fix the part of our country where we allowed the supreme court to insist that more money should give you more access and control over government. Maybe fix the part where half the country insists that we should elect "Businessmen" who will run a country like a "Business" because that's somehow a good thing, and that having someone who has direct business interests that are contrary to the interest of the general public run said government is a good way to do things. It's like thinking that Pharma adverts are bad and so we should destroy the pharma industry. Like, no, chill, just ban pharma adverts like the rest of the world.
 Top