This is a service the banking system should clearly provide natively though - there's no good reason Apple is the only one capable of this, nor any good reason why they're best placed for this (there's plenty of non-Apple subscriptions where this would be useful).

Your card provider is well aware of what recurring payments are currently authorized, and should be perfectly capable of providing tools to cancel those authorizations (and inform the merchant of this when doing so).

That that doesn't work is a failure on the part of financial firms (who could provide it) and regulators (who imo should oblige card providers to offer this, and oblige companies to treat cancellation notification like this as equivalent to written notice). Recurring payments are an increasingly fundamental part of consumer banking, but banks provide effectively zero tools for consumers to manage them.

The argument against is that some of these payments might have ongoing obligations you can't just cancel without consequence, and you'd be effectively just be refusing to pay your bills - but you could equally well have no balance available or something so the payment fails in existing cases anyway, so this seems like an entirely solveable issue (if a business that you _must_ pay receives a notification that you've cancelled the card billing authorization, they're going to need to get in touch with you about it just as if your monthly charge failed).

Imagine if you could manage subs through your bank, but also transfer the sub to a different bank as needed.

Could even have protocols for payees to verify payer sub status. Maybe there could be two "ends" to a sub; payer and payee end. Like a money wormhole.

I've said it before, and I'll say it again: https://httptoolkit.com/blog/public-cdn-risks/

You can reduce issues like this using subresource intergrity (SRI) but there are still tradeoffs (around privacy & reliability - see article above) and there is a better solution: self-host your dependencies behind a CDN service you control (just bunny/cloudflare/akamai/whatever is fine and cheap).

In a tiny prototyping project, a public CDN is convenient to get started fast, sure, but if you're deploying major websites I would really strong recommend not using public CDNs, never ever ever ever (the World Economic Forum website is affected here, for example! Absolutely ridiculous).

If you are the developer of an open source JavaScript library, please take the time to offer a downloadable version of it that works without needing to run an "npm install" and then fish the right pieces out of the node_modules folder.

jQuery still offer a single minified file that I can download and use. I wish other interesting libraries would do the same!

(I actually want to use ES Modules these days which makes things harder due to the way they load dependencies. I'm still trying to figure out the best way to use import maps to solve this.)

Ime this has always been standard practice for production code at all the companies I've worked at and with as a SWE or PM - store dependencies within your own internal Artifactory, have it checked by a vuln scanner, and then called and deployed.

That said, I came out of the Enterprise SaaS and Infra space so maybe workflows are different in B2C, but I didn't a difference in the customer calls I've been on.

I guess my question is why your employer or any other org would not follow the model above?

Frankly, it's because many real-world products are pieced together by some ragtag group of bright people who have been made responsible for things they don't really know all that much about.

The same thing that makes software engineering inviting to autodidacts and outsiders (no guild or license, pragmatic 'can you deliver' hiring) means that quite a lot of it isn't "engineered" at all. There are embarrassing gaps in practice everywhere you might look.

This works surprisingly well. It certainly makes it easier to get started in software. Well, so long as you don’t mind that most modern software performs terribly compared to what the computer is capable of. And suffers from reliability and security issues.

I was unlikely to meet any bad coders at work, due to how likely it is they were filtered by the hiring process, and thus I never met anyone writing truly cringe-worthy code in a professional setting.

That was until I decided to go to university for a bit[1]. This is where, for the first time, I met people writing bad code professionally: professors[2]. "Bad" as in best-practices, the code usually worked. I've also seen research projects that managed to turn less than 1k LOC of python into a barely-maintainable mess[3].

I'll put my faith in an autodidact who had to prove themselves with skills and accomplishments alone over someone who got through the door with a university degree.

An autodidact who doesn't care about their craft is not going to make the cut, or shouldn't. If your hiring process doesn't filter those people, why are you wasting your time at a company that probably doesn't know your value?

[1] Free in my country, so not a big deal to attend some lectures besides work. Well, actually I'm paying for it with my taxes, so I might as well use it.

[2] To be fair, the professors teaching in actual CS subjects were alright. Most fields include a few lectures on basic coding though, which were usually beyond disappointing. The non-CS subject that had the most competent coders was mathematics. Worst was economics. Yes, I meandered through a few subjects.

[3] If you do well on some test you'd usually get job offers from professors, asking you to join their research projects. I showed up to interviews out of interest in the subject matter and professors are usually happy to tell you all about it, but wages for students are fixed at the legal minimum wage, so it couldn't ever be a serious consideration for someone already working on the free market.

Or, a malicious site template or generator purposefully sprinkling potential backdoors for later?

Like if I'm importing a site template, ideally I'd be verifying either it's source or it's source code as well.

(Not being facetious btw - genuinely curious)

When you look at Artifactory pricing you ask yourself 'why should I pay them a metric truckload of money again?'

And then dockerhub goes down. Or npm. Or pypi. Or github... or, worst case, this thread happens.

Or, in the case of javascript, you could just vendor your dependencies or do a nice "git add node_modules".

Edit: was thinking - would be a pain in the butt to manage. That tracks, but every org ik has some corporate versioning system that also has an upsell for source scanning.

(Not being facetious btw - genuinely curious)

This is kinda sad. For introducing new dependencies, a vuln scanner makes sense (don't download viruses just because they came from a source checkout!), but we could have kept CDNs if we'd used signatures.

EDIT: Never mind, been out of the game for a bit! I see there is SRI now...

https://developer.mozilla.org/en-US/docs/Web/Security/Subres...

The dependency in question seems to be (or claim to be) a lazy loader that determines browser support for various capabilities and selectively pulls in just the necessary polyfills; in theory this should make the frontend assets leaner.

But the CDN used for the polyfills was injecting malicious code.

I would expect latency (network round trip time) to make this entire exercise worthless. Most polyfills are 1kb or less. Splitting polyfill code amongst a bunch of small subresources that are loaded from a 3rd party domain sounds like it would be a net loss to performance. Especially since your page won’t be interactive until those resources have downloaded.

Your page will almost certainly load faster if you just put those polyfills in your main js bundle. It’ll be simpler and more reliable too.

You are not loading a "bunch" of polyfill script files, you selected what you needed in the URL via a query parameter, and the service took that plus user agent of the request to determine which were needed and returned a minified file of just the necessary polyfills.

As this request was to a separate domain it did not run into the head of line / max connections per domain issue of Http 1.1 which was still the more common protocol at the time this service came out.

Js dependencies should be pretty small compared to images or other resources. Http pipelining should make it fast to load them from your server with the rest

The only advantage to using one of those cdn-hosted versions is that it might help with browser caching

That's true, but it should be emphasized that it's only fast if you bundle your dependencies, too.

Browsers and web developers haven't been able to find a way to eliminate a ~1ms/request penalty for each JS file, even if the files are coming out of the local cache.

If you're making five requests, that's fine, but if you're making even 100 requests for 10 dependencies and their dependencies, there's a 100ms incentive to do at least a bundle that concatenates your JS.

And once you've added a bundle step, you're a few minutes away from adding a bundler that minifies, which often saves 30% or more, which is usually way more than you probably saved from just concatenating.

> The only advantage to using one of those cdn-hosted versions is that it might help with browser caching

And that is not true. Browsers have separate caches for separate sites for privacy reasons. (Before that, sites could track you from site to site by seeing how long it took to load certain files from your cache, even if you'd disabled cookies and other tracking.)

Large CDNs with endpoints in multiple locations internationally also give the advantage of reducing latency: if your static content comes from the PoP closest to me (likely London, <20ms away where I'm currently sat, ~13 on FTTC at home⁰, ~10 at work) that could be quite a saving if your server is otherwise hundreds of ms away (~300ms for Tokyo, 150 for LA, 80 for New York). Unless you have caching set to be very aggressive dynamic content still needs to come from your server, but even then a high-tech CDN can² reduce the latency of the TCP connection handshake and¹ TLS handshake by reusing an already open connection between the CDN and the backing server(s) to pipeline new requests.

This may not be at all important for many well-designed sites, or sites where latency otherwise matters little enough that a few hundred ms a couple of times here or there isn't really going to particularly bother the user, but could be a significant benefit to many bad setups and even a few well-designed ones.

--------

[0] York. The real one. The best one. The one with history and culture. None of that “New” York rebranded New Amsterdam nonsense!

[1] if using HTTPS and you trust the CDN to re-encrypt, or HTTP and have the CDN add HTTPS, neither of which I wouldn't recommend as it is exactly an MitM situation, but both are often done

[2] assuming the CDN also manages your DNS for the whole site, or just a subdomain for the static resources, so the end user sees the benefit of the CDNs anycast DNS arrangement.

What kind of build pipeline do you prefer, or are you saying that you don't want any build pipeline at all?

On the Node.js side, it's not uncommon to have npm modules that are really written in another language. For example, the esbuild npm downloads executables written in Go. (And then there's WebAssembly.)

In this way, popular single-language ecosystems evolve towards becoming more like multi-language ecosystems. Another example was Python getting 'wheels' straightened out.

So the equivalent for bringing JavaScript into the Python ecosystem might be having Python modules that adapt particular npm packages. Such a module would automatically generate JavaScript based on a particular npm, handling the toolchain issue for you.

A place to start might be a Python API for the npm command itself, which takes care of downloading the appropriate executable and running it. (Or maybe the equivalent for Bun or Deno?)

This is adding still more dependencies to your supply chain, although unlike a CDN, at least it's not a live dependency.

Sooner or later, we'll all depend on left-pad. :-)

Wouldn't this just be called hosting?

I personally never want to go back to the pre-package-manager days for any language.

I have some side projects that are mainly HTMX-based with some usage of libraries like D3.js and a small amount of hand-written Javascript. I don't feel that bad about using unpkg because I include signatures for my dependencies.

The Rails community are leaning into this heavily now: https://github.com/rails/importmap-rails

I guess if your problem with npm and bundlers is you don’t want to run those programs, fine? I just don’t really understand what you gain from avoiding running bundlers on your local computer.

You shouldn't need to fish stuff out of node_moduoes though, just actually get it linked and bundled into one is so that it automatically grabs exactly what you need and it's deps.

If this process sketches you out as it does me, one way to address that, as I do, is have the bundle emitted with minification disabled so its easy to review

https://polyfill.io/v3/polyfill.min.js

OTOH doing it that way means you can't use subresource integrity, so you really have to trust whoever is running the CDN even more than usual. As mentioned in the OP, Cloudflare and Fastly both host their own mirrors of this service if you still need to care about old browsers.

Static files are cheap to serve. Unless your site is getting hundreds of millions of page views, just plop the js file on your webserver. With HTTP/2 it will probably be almost the same speed if not faster than a cdn in practise.

Presumably your backend at this point is not ultra optimized. If you send a link header and using http/2 the browser will download the js file while your backend is doing its thing. I'm doubtful that moving js to the edge would help that much in such a situation unless the client is on the literal other side of the world.

There of course comes a point where it does matter, i just think the cross over point is way later than people expect.

Absolutely:

https://wondernetwork.com/pings/

Stockholm <-> Tokyo is at least 400ms here, anytime you have multi-national sites having a CDN is important. For your local city, not so much (and of course you won't even see it locally).

Images: 1MB

Javascript: 35MB

Fonts: 200KB

Someone who is good at the internet please help me budget this. My bounce rate is dying.

Was it really cache hit rate of the client or cache hit rate against the backend?

There was never really a compelling reason to use shared CDNs for most of the people I worked with, even among those obsessed with page load speeds.

I think the original use case, was when every site on the internet was using jquery, and on a js based site this blocked display (this was also pre fancy things like HTTP/2 and TLS 0-RTT). Before cache partitioning you could reuse jquery js requested from a totally different site currently in cache as long as the js file had same url, which almost all clients already had since jquery was so popular.

So it made sense at one point but that was long ago and the world is different now.

1. The initial page load happens, which requires a DNS request, TLS handshake and finally HTML is downloaded. The TCP connection is kept alive for subsequent requests.

2. The HTML references javascript files - some of these are local URLs (locally hosted / bundled JS) and some are from 3rd party domains, like polyfill.

3a. Local JS is requested by having the browser send subsequent HTTP requests over the existing HTTP connection

3b. Content loaded from 3rd party domains (like this polyfill code) needs a new TCP connection handshake, a TLS handshake, and then finally the polyfills can be loaded. This requires several new round-trips to a different IP address.

4. The page is finally interactive - but only after all JS has been downloaded.

Your browser can do steps 3a and 3b in parallel. But I think it'll almost always be faster to just bundle the polyfill code in your existing JS bundle. Internet connections have very high bandwidth these days, but latency hasn't gotten better. The additional time to download (lets say) 10kb of JS is trivial. The extra time to do a DNS lookup, a TCP then TLS handshake and then send an HTTP request and get the response can be significant.

And you won't even notice when developing locally, because so much of this stuff will be cached on your local machine while you're working. You have to look at the performance profile to understand where the page load time is spent. Most web devs seem much more interested in chasing some new, shiny tech than learning how performance profiling works and how to make good websites with "old" (well loved, battle tested) techniques.

(Unless you set a Cross-Origin Resource Policy header, but that is fairly obscure)

It's harder, but creates a clear boundary for updating dependencies. It also makes builds faster and makes old builds more reproducible since building an old version of your code becomes as simple as using the builder image from that point in time.

Here's a nice example [1] using Java.

1. https://phauer.com/2019/no-fat-jar-in-docker-image/

Everything around your container wants to automatically update itself as well, and some of the changelogs are half emoji.

I can kind of understand why people went away from this, but this is how we did it for years/decades and it just worked. Yes, doing this does require more work for you, but that's just part of the job.

In my experience from inside companies, we went from self-hosting with largely ssh access to complex deployment automation and CI/CD that made it hard to include any new resource in the build process. I get the temptation: resources linked from external domains / cdns gave the frontend teams quick access to the libraries, fonts, tools, etc. they needed.

Thankfully things have changed for the better and it's much easier to include these things directly inside your project.

It turned out the browser domain sandboxing wasn’t as good as we thought, so this opened up side channel attacks, which led to browsers getting rid of cross-domain cache sharing; and of course it turns out that there’s really no such thing as a ‘trustworthy provider’ so the web dev community memory-holed that little side adventure and pivoted to npm.

Which is going GREAT by the way.

The advice is still out there, of course. W3schools says:

> One big advantage of using the hosted jQuery from Google:

> Many users already have downloaded jQuery from Google when visiting another site. As a result, it will be loaded from cache when they visit your site

https://www.w3schools.com/jquery/jquery_get_started.asp

Which hasn’t been true for years, but hey.

It used to be the opposite. Browsers limit the amount of concurrent requests to a domain. A way to circumvent that was to load your resources from a.example.com, b.example.com, c.example.com etc. Paying some time for extra dns resolves I guess, but could then load many more resources at the same time.

Not as relevant anymore, with http2 that allows sharing connections, and more common to bundle files.

The psychology of debugging is more important than most allow. Known unknowns introduce the possibility that an Other is responsible for our current predicament instead of one of the three people who touched the code since the problem happened (though I've also seen this when the number of people is exactly 1)

The judge and jury in your head will refuse to look at painful truths as long as there is reasonable doubt, and so being able to scapegoat a third party is a depressingly common gambit. People will attempt to put off paying the piper even if doing so means pissing off the piper in the process. That bill can come due multiple times.

Just to add... that is unlike the CDN thing, that will send developers into Stack Overflow looking how to set-up CORS.

This is not always possible, and some dependencies will even disallow it (think: third-party suppliers). Anyways, then that CDN service's BGP routes are hijacked. Then what? See "BGP Routes" on https://joshua.hu/how-I-backdoored-your-supply-chain

But in general, I agree: websites pointing to random js files on the internet with questionable domain independence and security is a minefield that is already exploding in some places.

It's especially annoying because the projects I've seen it on were using NPM anyway so they could have easily pulled the dependency in through there. Hell, even without NPM it's not hard to serve these JS libraries internally since they tend to get packed into one file (+ maybe a CSS file).

Dammit Jim, we’re economists, not dream weavers!

"High security against CDN, WAF, CC, DDoS protection and SSL protects website owners and their visitors from all types of online threats"

... says the involved CDN's page (FUNNULL CDN).-

(Sure. Except the one's they themselves generate. Or the CCP.)

https://maldita.es/malditateexplica/20221026/datos-okupacion... has the actual data (in Spanish):

* 10-17k cases of occupation annually (rising until 2021, but down in 2022 and further down in 2023: https://www.cronista.com/espana/actualidad-es/adios-okupas-c...)

* Of those ~15k, 5% are actually occupation of somebody's residence (allanamiento de morada) and 95% of cases are occupation of an empty and unused house/shop/office (usurpación de vivienda). That includes unused commercial properties, and homes that are neither rented nor used by the owner.

* Note that a personally used holiday homes are also considered as a person's residence, so any occupation there would also come into that first 5%: https://www.ocu.org/fincas-y-casas/gestion/gestion-patrimoni....

That is to say: it is a problem (the 500 - 1000 cases per year nationwide of occupation of people's homes is clearly problematic) but it's not a really widespread problem for most middle-class people (the vast majority of people even in the middle classes do not own totally unused property).

It is a significant concern if you're a commercial landlord with any shops & offices between rental contracts, or if you're directly investing in property as pure speculation, without using it at all (which imo should be discouraged regardless - although I'd rather punitively tax it).

In the really problematic 5% case of people's homes, my understanding is that the law has tightened significantly, and if you can show that you're registered as actually living there, in theory they will evict okupas within 24 hours (I don't know how well that works in practice though).

Can't find any numbers on how many people are not paying and indefinitely staying in flats. While I'm sure it's a slow process, personally I'd be surprised if there's that many people in that situation long-term, since there's clearly laws and a working process to remove tenants in this case (30k evictions for non-payment in a year means forcing an eviction is clearly possible).

Idealista has some details on the process and how long it takes here: https://www.idealista.com/news/inmobiliario/vivienda/2022/10... and suggests that 7-8 months is typical (really interesting how effectively Idealista dominates as the source for info on all these topics, superb example of content marketing).

So I wouldn't be at all surprised if a lot of those empty homes being squatted in are felt as personal attacks and violations by the absentee owner, which would make it feel like a much bigger problem for individuals if you move in circles where people own empty properties.

I have family in California that had to deal with squatters on a rental property. It cost them ~400k, which included their kids college funds and retirement.

Costs were 3 years of lost rent while they paid the mortgage 250k damages done by the squatters, plus legal fees.

You are probably right in the majority of cases,but I do think it is a mistake to automatically discount financial harm as less.

If I invest 20 years of my income in a property that someone has stolen, that is a significant loss to me in human terms as well as financially.

I would be open to treating the destruction of such property equivalent to the taking of an equivalent amount of one's life.

You've also paid for your primary residence. But on top of that, you need it to live in. So it's a worse situation, generally speaking.

It take a huge amount of materials and labor to build, and returns value slowly over time. Depending on the inputs and returns, this can either create positive or negative value.

Is an empty room in your house immoral? Or massively oversized rooms even if you live in them? In the end you're still blocking a lot of "empty space" that someone else could use if only there were smaller but more living units. Same applies when you live in a detached house and "blocking" any potential living space that could have existed on higher floors of a tall apartment building. Zoning laws can also be an issue but the question stands.

To put in in practical terms, one person having two 50sqm/550sqft apartments is immoral. One person having one 150sqm/1500sqft apartment is fine? Where is the line and how arbitrary do you want it to be?

So "buying a house and purposefully leaving it empty is immoral" is bound to change the moment they purchase a second, empty house.

Years ago I hosted some African refugees in my home for a short time while more appropriate accommodation was in the works. I cannot describe the feeling I had seeing one of the children understand how a modern toilet works: we do our business in a bunch of clean water, and then dump a bunch more clean water to take it away. Given their circumstances this was probably the most immoral thing we could have done in the modern world.

This seems to be an unsupported speculation. And indeed it cuts both ways. Maybe you only think the second house is ok because that covers your needs and wants (either present or future anticipated). If you leave out the psychologizing, there's nothing to your argument beyond the slippery slope. Even if the exact location where individual people draw the line is psychologically explicable based on self-interest and their particular life circumstances, it still doesn't follow that a moral distinction cannot possibly be made.

More generally, it's fairly obvious that people who believe in strong property rights will tend to be people who have lots of property and people who don't will tend to be people who don't. That doesn't invalidate the arguments of either side; these have to be evaluated on their merits. You can say "I bet you'll believe in strong property rights once you own a house!", while a homeless person might equally say "I bet you'll have more sympathy for squatters once you've lived on the streets for a year!" Those sorts of examples tell us that people aren't perfectly disinterested when forming their moral outlook, but it doesn't tell us much about where moral distinctions can or can't be drawn.

What you do with it (or, don't do with it) is not morally neutral. I believe that hoarding it, preventing others from living in or purchasing it, is immoral.

Buying a house in order to leave it vacant is morally neutral. To wit,

Mike Murderer buys up real estate along the river and leaves it empty so that the dead bodies he stores inside are not discovered. Mike has acted immorally!

Mayor Susan convinces the city council to buy up real estate along the river and leave it empty to facilitate moving the residents there to higher ground to avoid expensive and dangerous seasonal flooding. Susan has acted morally.

But they both took the same positive action: purchasing real estate. This action was morally neutral.

As other people in this thread have correctly noted, it’s the justification not the action that has moral implications.

The quality and quantity of said shelter was beyond abysmal. Several families sharing a single apartment, a family per room, was the norm.

If anyone attempted to squatter anywhere, they would very quickly find themselves free sheltered in Gulag. If they were to argue for their rights against oppression and exploitation, like you do, they would be very quickly free sheltered in a mad house and injected with generous doses of haloperidol.

Jimmy & Rosalynn Carter

https://www.habitat.org/carter-work-project

> what about their freedom?

I think they made good use of it.

We in the USA are the wealthiest nation in the history of the world. We could solve homelessness and hunger tomorrow.

I'm not saying that people should lose their property to squatters, that's not the solution. I'm saying that we could build ~300,000 new homes and give them to people for free and it would barely register on the national budget.

I think it is remarkable that people argue for theft from others instead of donating their time, effort, or money to building those houses.

The underlying hypocrisy is that most people argue that others should pay, but won't act individually on their own beliefs

Hell, I would do it for 10% of that. No job and drinking and camping for a year sounds like an epic vacation.

Before you doubt me, I was certifiably homeless in San Francisco for 3 months it was a blast. Slept on couches everyday, worked cash jobs, and partied every night.

Just trying to understand how this right to shelter works.

This is why in a society free from theft, one must build or make something for exchange to get things you want.

I don't see why buying two plots and building two houses entitles someone else to one of them.

There's no free land, but there is cheap land, especially in deserts. Simply owning land might not be as nice as you imagine

And if your answer is to take all the existing houses and give them, one to each family that needs a place to stay, that's great in the short term. In the long term, though, who's going to build a new one when it will just be taken from them? And if nobody builds new ones, where are new ones going to come from, as the population continues to grow?

Article 47 of Spanish Constitution:

All Spaniards are entitled to enjoy decent and adequate housing. The public authorities shall promote the necessary conditions and shall establish appropriate standards in order to make this right effective, regulating land use in accordance with the general interest in order to prevent speculation.

It does not mean you have the right to live in a flat en La Castellana for whatever you want pay. It means the State has to implement policies to help people access housing.

Also, article 33 give citizens the right to private property. You cannot come squat in my house because article 33 should prevent it, even when article 47 exists.

Let's avoid considering outliers to maintain a balanced discussion.

While I don't believe anyone has the right to live in Castellana or the Royal Palace, it also wouldn't be fair to require someone to move to the desert to find a home.

If they actually had that right then a Spaniard would have the right to live in the king's and politicians' houses which is obviously not a right.

Once you understand the difference, you'd understand that you can continue living your life like normal :)

For example, if it's evident the owner is intending to return, there is personal belongings, utility contracts in the owners name and such, courts would (probably) consider it your primary residence even if you take an extended leave from it.

On the other hand, if you're away for several months, there is no clear intent to return and you've removed all furniture/personal belongings, courts can think it looks like it isn't your primary residence anymore, especially if you own other properties that it seems you might be living in instead.

Like most issues in society, there isn't any clear dividing line and no guarantees. That's why we have the legal system we have after all, so nuances can be taking into consideration.

>Worth looking up the difference between trespassing on property someone actively lives in, and "okupas" occupying otherwise empty buildings. Once you understand the difference, you'd understand that you can continue living your life like normal :)

I dont see how the duration between my visits means there is not impact on my life if someone steals my 2nd house. Im still out my savings, or retirement funds, or years of work it took to build the house.

Is your car sitting in your driveway right now? Someone else could be driving it, it's immoral that you don't leave the keys sitting on the roof.

Is your bed or couch empty right now? Someone else could be sleeping there right now.

Do you have money in your checking account? Someone else could be buying the things they need with that money, you should put the cash outside for them to take.

A house sitting empty while the owners renovate, look for tenants, try to sell, etc is a normal and necessary part of a functioning society.

The solution to housing shortages is to build more housing. That's it, that's the whole solution.

Yes there are power costs with 100% usage vs idle time but there are also cost of upkeep on a house.

So much space in towns dedicated to storing cars while they're not being used, taking space away from where housing can be built. As a non-american, I believe that parking lots are immoral as well :)

Media reports have been instrumental in shaping the narrative around squatting, with stories of 'okupas' sometimes being sensationalised to highlight conflicts and drama.

This is the approach of the class privileged enough to own the media (literally or figuratively): shape, to their favor, the public's opinion & perspective of an issue that affects most people relatively little, if at all, via sensational media.

See also: security theater, the TSA.

I'm curious how would you expect housing to stock to grow or even stay stable if nobody had to pay rent?

Would all housing be used owned by the state and assigned to individuals based on certain criteria (with huge amounts of inefficiency and corruption that such a system creates)?

I think that private property should not get nationalized.

I am currently buying a house, every month I pay money to the bank, this is very similar to having to pay rent. From my understanding of your logic, this would be a problem.

Further from that, I am building a house. I have to make payments to the builder(s) in order to have a place to live. Is this a problem?

Paying money to the bank implies you financed your purchase of a home. This is not necessarily a morally-neutral activity, it's in fact nuanced but we've done a good job of handwaving away the nuance in the last 4-5 generations of Americans.

A small vignette to explain: financing allows people to leverage their credit history and income to make larger purchases than they could otherwise afford. This increases the sticker price of purchasing a home, which prices out people with low credit or income. Anything that increases the price of housing effectively increases the price of rent, which limits peoples' abilities to save to actually purchase a home – it's a nasty cycle. One could argue that by participating in that system of financing, you're perpetuating it, but most people immediately dismiss this idea, ymmv.

Building a house, and paying people to build the house, is not a problem. You're exchanging value for labor and assets. You're de facto increasing the supply of housing.

I also think that if that was only the option, housing prices would rise rather than fall.

Cash up front, I assume in an escrow so that buyer can't cheat builder and builder can't run away with the money.

This means that a someone who wants to build/buy a home is going to need around 150k saved up.

Assuming that 50k yearly salary and rent is immoral, they have to live at home until saved up. 1/3 put aside is 16.66k per year, 9 years before they can get a house.

In actuality, the cost is probably going to be more expensive as you would no longer have developments going up.

It used to be (i.e. prior to the postwar expansion of credit to the American consumer) pretty common to build a "starter home" that was intended to be expanded. You start with the basics (basement, kitchen, bathroom, bedroom) and expand modularly from there as your prosperity and needs allow.

In the midwest, they would start by building the foundation, basement, and a very modest first floor. As the family prospered, had children, and developed roots in the neighborhood, they'd expand the above-ground portion of the home in the summer months. You can find homes frozen at each stage of development from the pre-depression 1900s still around today, although they're of greater archaeological value today than housing stock value. A lot of present-day "colonial" housing stock in the Northeastern U.S. have evidence of this gradual accrual over the decades.

This idea of "build a whole mansion at once" was historically reserved for the truly wealthy, and has only been "practical" for a greater segment of society for the last 50 years (again, with the expansion of consumer credit, not because we can actually afford these things).

You could still choose to build things this older style. Our culture of "obtain everything all at once, immediately up to the limit of your purchasing power" is the main impediment. That, and building codes might frown on some earlier-phase iterations, though YMMV.

Current code is more stringent.

I know that people used to add on, that is however going to be more costly in the long term. Think about heating and A/C system, rather than buy the system once and keep it for 15 years as you expand you need to keep redoing duct work and adding capacity.

You will end up with insulation and vapor barriers between two interior walls.

Plumbing and electrical will become interesting as well.

I grew up in the kinds of homes you are describing, I like them but the building style does have challenges.

I also like the idea of people putting down roots, however this in turn limits people's opportunities.

This also limits the type of housing, what would be required in order to build a duplex or townhouse? A condo/apartment building?

Part of the current green movement talks about getting rid of suburbia and condensing into more urban areas. This would be a direct opposition to that as you would need to buy a lot size that guarantees that you can grow.

I personally don't have an issue with you finding people who help you with building the house that agree to do that for some payment.

There are homeless shelters where people can have shelter without paying rent.

Be careful: Meme Magic works in both directions, and it is often difficult to detect its presence.

Which helps who exactly? Even squatting means that those houses will no longer be maintained and fall apart sooner or later which is how you end up having even more expensive housing long-term because of lower supply.

Higher taxation for uninhabited housing seems like an infinitely more sensible option...

I don’t understand the point of trying to downplay or diminish this problem.

Is dividing the victims along arbitrary class lines and arguing that most victims are not “middle class” supposed to make it better? It’s a problem regardless of who owns the property.

That was in reply to the parent comment, arguing this is a serious problem primarily for the "not-so-rich middle class" that is being ignored because we falsely imagine it's mainly a problem for banks and rich people.

In fact, the data suggests this really is primarily a problem for commercial landlords and property speculators, and the risks for typical homeowners is very low.

This is in sharp contrast to most media coverage, and the parent comment, which paint a picture of substantial risks that your personal home will be taken over by squatters. That is not true. The real level of risk to the average Spaniard is very roughly 2x the risk that they'll be murdered this year - not absolutely zero, but not very far from something you'd worry about day-to-day in Spain.

The legal process is definitely lengthy for actual occupation (usurpación) where the average eviction time is now but for people breaking & entering into your personal residence (allanamiento) it's not at all. If you can demonstrate this (easy enough: show you're the owner & empadronado, ask the neighbours to vouch for you, or show the utility bills all have your name on them) then it's clear allanamiento and that means there's no judicial order or further investigation required and the police can (and do) forcibly remove & arrest people _immediately_. It's a very nice clear-cut crime.

Basically the strong legal protections for personal dwellings cut both ways: they protect okupas who make somebody's empty property their legal residence, but they'll also strongly protect you & your own home if it's your legal residence.

There's more detailed background from an actual law firm on that here: https://vecindia.es/desalojo-okupas/cuanto-tardan-en-desaloj...

Given all that, I'd be quite surprised if allanamiento is underreported at all.

> Neither huge amount of somewhat legit cases of 'unused', nor media coverage doesn't make it right.

I'm not saying it's right, or that the problem doesn't exist. There are a small number of real cases of individual's homes being invaded. Even in other cases, property ownership does need to function reliably for commercial properties, and although owning empty properties may be problematic this is not a very good solution to that at all. I would be very happy to see usurpación cases resolved much quicker, and to increase property taxes on empty properties to reduce speculation instead.

That said, I do think that:

* The media hype about it is overblown, and for most people who worry about it (and some people worry about this a lot!) it's really not a serious risk.

* Political discussion & action related to it is frequently overblown for political advantage, and that's why some people think losing your home and being unable to recover it is far more common than it is.

* The victims here are generally large business and property speculators. The law should definitely protect those groups too, yes, but the strictness & speed of legal & police procedures should be proportional to the damage to the victims, and an empty shop being used by okupas is clearly less problematic than having somebody take over your actual home.

* The victims here are everyone who okupas can reach, the limit is not some imaginary moral boundary of the trespasser, but a sheer cost/reward balance. And it's not obvious where you should draw the line. Is a small shop worth it less than a relatively well off private citizen? How small a shop should be to be protected?

Arguably in the countries where the banks are protected the private citizens look even more protected, but I'm not going into that.

The class lines aren't arbitrary: a squatter in someone's unused third vacation property or whatever is causing much less harm than a squatter claiming someone's only residence while they're out of town.

So yes, the dynamics of who it happens to can make it better or worse. The only reason that wouldn't be the case is if what you consider bad about it is a violation of abstract property owner rights, rather than the potential material harms.

From what I observe, the amount of cases could have dropped down because many people choose to not buy or somehow shield their property (sometimes just filling windows with bricks, for example, which looks weird). So I'm not sure it's because the okupas/govt/police somehow changed the direction, it's just like the people get better at protecting themselves.

Btw, bying an apartment in Barcelona costs you 10% tax already, that probably discourages most speculation (and the prices have been stagnant for a couple of years).

If you look at cost-relative (PPP) & per-capita numbers, the EU economy has been growing at a very similar or faster rate than the US for decades.

https://statisticstimes.com/economy/united-states-vs-eu-econ... has a good introduction to the top-line numbers. https://www.bruegel.org/analysis/european-unions-remarkable-... has a more detailed analysis.

The raw GDP differences come in very large part from exchange rate fluctuations and increasing costs & population in the US, not a meaningful increase in what the average American can buy with their earnings. PPP adjusts for these.

In terms of "how much <basket of normal purchases> can people buy" numbers, the EU is closer to the US today than it has ever been.

(That said, I fully agree with the post's conclusion regardless: a simple unified way to create an EU business & a universal language base would be a huge boost)

In each case it'd look much nicer with a proper masonry layout but it's still very usable otherwise (and of course you could feature detect to provide a better fallback if you're not happy with that anyway).

As an aside - this isn't generally very effective or worthwhile nowadays.

Anybody doing reverse engineering at a level where they're installing their own system certificates & intercepting traffic can easily run many off the shelf scripts (Frida scripts, Objection, apk-mitm, etc) which will disable certificate pinning like this automatically. This takes _seconds_ to disable and is standard practice.

Even doing so manually is not especially difficult - the pin is fairly predictable value, and a reverse engineer can access all content of the mobile app, so can easily search for and just replace it before installation.

From a reverse engineering perspective, there's little-to-no value in purely client-side protections like this. You're not increasing the reverse engineering difficulty significantly and you do create many practical problems with e.g. certificate rotation in future.

OTOH there is an interesting case to be made for certificate pinning as a protection for users being unknowingly MitM'd. That's a different scenario that may well be worth defending against, but due to the many downsides of cert pinning, using certificate transparency to mitigate this is strongly preferable nowadays.

In contrast, with a non-pinned app, you can monitor traffic of that app as it is installed right now.