- lstamour parentI might be wrong on this, but I vaguely recall that on macOS back when you could commonly option-click to reveal advanced options, if you held option when clicking a sort it would change how it sorted from alphabetical to lexical or vice versa. I’m not a thousand percent sure of it, though, I think when I needed it I was able to set a directory preference via terminal to change how a specific directory was sorted and it was an option there. MacOS had (or has) a lot of buried options which I presume date back to its origins as a Unix as well as a convenience to its developers. A lot of the command line utilities were hacked calls to graphical settings code though, so it wasn’t very stable version to version as the UI calls changed and nobody prioritized non-UI bug fixes or breaking changes. These days CLI is nearly forgotten or assumed to be an exploit vector - see Screen Time data for example.
- Unfiltered web browsers might be harder to come by these days than when I was growing up, but they still exist. I remember finding out by accident that certain restricted apps would pull up help pages, and from there I could click a link that would take me to an unrestricted web browser due to a bug in the code. I also remember computers where you could show up with pocket apps on a floppy or USB key and bring your own unrestricted web browser. On top of that, just because the web is restricted often doesn’t mean YouTube is restricted. For example, schools need YouTube to show educational content, so it often is unrestricted even when the rest of the web is restricted e.g. by dns.
- I agree with most of this post, except the part where you could actually do it. I’ll be the first to admit that I was not in server rooms back then but I’ve heard from those who were. The biggest advantage Amazon had, for many years, over their competitors, is that they would take your order and tell you it was completed and wait to charge your card until it shipped because it was cheaper to write your order down than to spend expensive session compute waiting for the payment to go through. That kind of optimization was necessary because all the networks were slower or flaky then, including payment processing, and often relied on batch processing overnight that has become less visible today.
Meanwhile on the client side, web technologies had a lot of implicit defaults assuming pages on sites rather than apps and experiences. For example, we didn’t originally have a way for JS to preserve back/forward buttons functionality when navigating in a SPA without using hash tags in the URL. Without CSS features for it, support for RTL and LTR on the same website was basically nonexistent. I won’t even get started on charset, poorer support for dates that persists to this day, limited offline modes in a time when being offline was more common, and how browsers varied tremendously across platforms and versions back then with their own unique set of JS APIs and unique ideas of how to render webpages.
It took the original acid test and a bunch more tests that followed before we had anything close to cross browser standards for newer web features. I still remember the snowman hack to get IE to submit forms with UTF-8 encoding, and that wasn’t as bad as quirks mode or IE 5.
Actually maybe I disagree with most of this post. Don’t get me wrong, I can see how it could have been done, but it’s reductive to the extreme to say the only reason web services were jank is because UX polish didn’t exist. If anything, the web is the reason UX is so good today - apps and desktop platforms continuously copied the web for the past 28 years, from Windows ME with single-click everywhere to Spotify and other electron apps invading the OS. I’m not going to devalue the HIG or equivalent, but desktop apps tended to evolve slowly, with each new OS release, while web apps evolved quickly, with each new website needing to write its own cross platform conventions and thus needing its own design language.
- Edit: I just noticed the list of supported countries (in my link below) includes Canada but excludes the French-speaking province of Quebec. It seems a bit spiteful to go so far as to ensure a service can be legally delivered in such a long list of countries and then exclude Quebec. Hm, I was about to use Puerto Rico as an example, but it’s not in the list as well, but perhaps it’s considered part of the United States here.
Now back to the comment I’d written at first:
It does seem to be, in typical large corporation fashion, a bit too complicated to set up. For example, there are three ways to add parental supervision, including a mode where you can transition from YouTube Kids to the full YouTube experience while still preserving those controls until a child is 13: https://support.google.com/youtubekids/answer/10495678?sjid=...
That said, all it would take is an open web browser and a not signed in YouTube account for kids to bypass these controls. But I suppose that’s not actually the point - the point of channel filtering is to reduce the harm recommendation engines and spammy content might have. The gotcha is that recommendation engines are everywhere now, spammy content is pervasive, and even AI responses in Google are arguably now a source of noise to be filtered.
I will say, however, it’s great to have an ad-free family plan for YouTube. I wish you could add more accounts to it, but for now I’m getting by with YouTube brand (sub-)accounts to create separate lists of subscriptions, histories and recommendations while still staying ad-free in apps.
And tools adults might find useful, I expect kids and teens would find useful too - for example, browser extensions to customize your YouTube experience.
As long as we have an open web for e.g. YouTube, we do have independent options, if geeky enough to pursue them. :)
- Good points. And it probably isn’t formaldehyde. The only thing I’ll add is that formaldehyde can inhibit or kill bacteria. And I also recently learned the hard way that limonene or other terpenes (from fruits or cleaning products or air fresheners for example) can react with ozone and produce formaldehyde even in the absence of combustion. And I’ve a strong opinion now that science and society ignores the dangers of formaldehyde and VOCs about as much as we used to ignore germs and other things we can’t usually see. Until heat pumps with fresh air exchanges are considered standard or specified by housing code, we will probably always have to deal with VOCs as we don’t have an accurate way to measure them and identity their sources except in industrial contexts. Saying this because while an open window is the cheapest way to get fresh air, it often isn’t the temperature or humidity we expect.
- Electronics and tightly sealed houses, both of which the Amish might avoid, together allow for a lot more formaldehyde build up indoors. My pet theory (with no proven evidence except my own two eyes, as someone possibly affected by formaldehyde, which means the details are just guesswork right now) is that formaldehyde indoors is responsible for the increase in reported allergies, poor vision (glasses), asthma, ADHD, and possibly increases in divorce rates or staying single - by which I mean that it can cause irritability.
I figure it is the primary cause of road rage, that it can possibly bind to and release microparticulate of metals like iron and aluminum, that it can store itself not just as a solid at room temperature but also in the rubber parts of a scooter while it charges or silicone or foam parts of a CPAP as you breathe in and out (you naturally produce formaldehyde, but increased presence in your exhaled breath has been associated with cancer, for example).
It also causes insomnia and can cause very low humidity in an enclosed space, which might both increase static shocks but also possibly break electronics when combined with its effect on certain metals mentioned earlier.
I’ve an even crazier pet theory that in the presence of other VOCs and sunlight, formaldehyde can multiply, but I don’t have anything to back that up. Formaldehyde with CO2 and UVA can react to become ozone, but ozone with UVA and other VOCs can become formaldehyde. As a result, on a particularly sunny day, I think even outdoor formaldehyde levels can rise and cause the day to feel even warmer than it otherwise should, and that it’s the formaldehyde that can then cause more inattentive accidents.
I’ve another theory that if you take something on to a train with micro metal particulate offgassing and formaldehyde, that it will bind itself to the heat of the wheels over the tracks and be released along with microparticulate from the metal rails every time the train runs by.
I could give more evidence of why this might be so, such as increased rates of emergency repairs of train tracks in my area, Toronto, and a study from 2017 that says Torontos subways have the most metal particulate in NA, but since it’s just speculation right now, take everything I said with a grain of salt, please.
I should add that burning natural gas indoors without appropriate airflow is a wonderful way to introduce a lot of formaldehyde to your living quarters over the years. If I could ban all forms of combustion indoors, I would, I really would.
- Isn’t it possible though, that if a role is gender stereotyped or if senior managers are a particular gender, that those of the other gender might need to prove themselves more to get the same job? That managers tend to hire people who appear to fit in, which usually means they are more like themselves, or those who already have the job? Also, it seems weird to suggest that only women have the failings you’ve noted, as men can also have the same shortcomings. In a way, this entire discussion is really highlighting that while some get hired, some do not, and somehow blames those who do not get hired as failures who should not get hired rather than as disadvantaged individuals due to circumstances partly or fully beyond their control.
An interesting point about choosing to leave the workforce to care for children is that re-entry into the workforce or even the ability to work and care for children is something a social net could be established to support. If we have networks that allow army recruits to enter the workforce after their service, we could do the same for parents, but instead social nets seem to devalue the act of raising children, maybe because they are driven too much by short term profit. Taxpayers accept that too, preferring tax breaks for families with children over support networks and job opportunities to re-enter the workforce full-time. One imagines it again is about hiring those like you - managers hiring individuals who worked from home are unlikely to have worked from home - they needed the time in industry to become experienced managers.
Edit: upon rereading my last comment, it is possible that work from home norms established under covid might be the best thing to happen to stay at home parents and their continued full time employment. This could then boost the number of relatively younger parents who could continue in the workforce after mat leave while also providing child care. But it’s not a replacement for better social nets and better social norms.
- Or perhaps formaldehyde release from hair spray and other chemicals partly due to the heat of the hair dryer, but also released because of the agitation and wind.
Technically I think perfume, sweat and trace amounts of smoking residue, including formaldehyde, from personal belongings could probably also raise VOCs as hotels often have very, very poor airflow by design - open windows and balconies have historically encouraged smokers so they were removed, but now you can rarely find any hotels with fresh air in the rooms, and those you find often smell of cigarette smoke for obvious reasons. (Smokers will often stay at hotels with airflow or balconies and take advantage of these features when they can. Also, airing out a room will kill a scent temporarily but only cleaning the room or replacing natural textiles will permanently remove the scent when the window is closed.)
- Can’t speak to this exact circumstance, but more generally: The ONT translates the SFP+ networking to fibre optic, but the modem is still somewhat necessary for logins if you use PPPoE as a wrapper for example. In telecom fibre optic, it often also assigns a particular vlan to internet packets and separate vlans for TV and phone. But I’m not an expert here, just explaining why I needed a modem function in my router as well as a media converter to house the ONT.
As far as I know, nobody uses separate boxes for the modem and router, that kind of thinking died when wifi became more widespread and included by default with ISP plans.
- I vaguely remember that being the start of the browser prompts to set your current browser as the default. It was so hard to just configure that they had to build a way to set it within the browser.
You saw that again in more modern times when Microsoft removed support for the APIs they provided to set browser defaults, forcing browser makers to write step by step instructions on what to click to set the default browser.
I believe they walked that back, but it left such a bad taste that I switched my installation of Windows from default mode to EU mode in order to avoid it. And come to think of it, I haven’t used my windows machine for much outside of AI in about 6 months.
But Microsoft is not alone in these sort of defaults games - every OS or browser maker, Apple, Google, Firefox, wants to create moats so they can more easily monetize your usage of a product. I never thought I’d prefer the business model of free to play games, where they just outright ask you for money and have to keep finding new ways to entertain instead of relying on hard to change defaults and selling your data.
- While there might be incompatibilities with GPL and the App Store due to Apple’s insistence that developers must accept Apple’s terms to run Xcode and apps on developer devices, LGPL and other open source licenses are generally compatible with the App Store and Apple’s licenses. You can ship programs that use open source or are themselves open source within closed ecosystems by providing source code to end users via a website linked to within credits within the app. This distinction is because LGPL in particular permits more usage than GPL, allowing you to use the library in non-open source apps or those licensed under different terms, so ffmpeg has been somewhat adopted by a variety of open and closed source apps when a shared codebase is desired or particular codecs or functionality is required. That said, Apple themselves would prefer that you use their audio/video frameworks, due to device performance optimization, binary sizes, licensing and ecosystem lock-in. As far as I know, ffmpeg has adopted some of these Apple optimizations when appropriate frameworks are detected and configured at compile time.
- Yeah. I've seen some split between low vs high doses, where the first two doses cost less than the rest - a cynical take is that they want to make it cheaper to get started knowing they will get you hooked possibly for life, or at least the duration of their patent.
But yes, non-linear by design - a 15mg dose provides 6x the medication but cannot be sold for 6x the price or people will stay on lower doses (or discontinue) rather than going to a higher dose.
Meanwhile it provides 6x the medication. One multi-use 4-week pen has enough to provide 12 weeks of doses at 4-week titration if used off-label. Obviously this is only helpful on low doses.
Important note: I am not a doctor, I don't recommend doing this - in fact, I have not done it myself and will probably not do it in future. I have seen YouTube videos of medical professionals explaining how to dose split weight loss drugs though.
I would highly recommend dose splitting the brand name drug over picking some compounding pharmacy's version of the drug, or worse, buying it off the street. It's crazy though, there are even counterfeit medications in the supply chain sometimes, for example: https://www.fda.gov/drugs/drug-safety-and-availability/fda-w...
- It wouldn't surprise me if they picked who would be included based on which drugs should be relatively price flexible yet cost a lot. I've noticed that ozempic/wegovy prices have dropped in many markets recently, even price controlled ones, especially compared to Mounjaro, as the latter is seen as more effective and in short supply and has fewer generics available still.
In fact, by introducing new multi-dose versions to different regions, I'm starting to see Mounjaro prices reportedly double for some. The real kicker is that for some brands/doses the price doesn't vary whether you get more or less of the drug - so people end up asking to for a prescription to the highest dose off-label and then split the dose themselves.
For example, you can click the auto-injector pen a fewer number of clicks to measure out a smaller dose than what is normally injected by the pen, then relatively safely save it in the fridge for longer than recommended even without preservatives (some pens have and some don't).
It's frustrating when pricing decisions are made assuming insurance benefits and yet insurance isn't always available, e.g. unemployment. This thinking even applies in places that do regulate drug prices. But hey, you can always sign up for the manufacturer's discount program to get it cheaper, so, win-win right?
- Well, there is this: https://clienttest.ssllabs.com:8443/ssltest/viewMyClient.htm... But you’d have to test your own clients.
One imagines though that with enough clients connecting to your site you’ll end up seeing every type of incompatible client eventually.
The point I was trying to make is that removing SSL doesn’t make your site compatible and the number of incompatible clients is small compared to the number of compatible ones. Compatibility alone is not a reason to not use SSL on its own, arguably. The list of incompatibility doesn’t stop at SSL, there’a still DNS, IPv6 and so on.
SSL is usually compatible for most people - enough that it has basically become the defacto default for the web at large. Though there are still issues. CMOS batteries dying and having bad client time is one that comes to mind first, certificate chain issues too. SSL is complex, no doubt. Especially for server-side implementation to remain compatible client-side. That’s why tools like Qualys’ exist in the first place!
- Except it's not actually true. https://www.ssllabs.com/ssltest/clients.html highlights that many clients support standard SSL features without having to update to fix bugs. How much SSL you choose to allow and what configurations is between you and your... I dunno, PCI-DSS auditor or something.
I'm not saying SSL isn't complicated, it absolutely is. And building on top of it for newer HTTP standards has its pros and cons. Arguably though, a "simple" checkbox is all you would need to support multiple types of SSL with a CDN. Picking how much security you need is then left to an exercise to the reader.
... that said, is weak SSL better than "no SSL"? The lock icon appearing on older clients that aren't up to date is misleading, but then many older clients didn't mark non-SSL pages as insecure either, so there are tradeoffs either way. But enabling SSL by default doesn't have to exclude clients necessarily. As long as they can set the time correctly on the client, of course.
I've intentionally not mentioned expiring root CAs, as that's definitely an inherent problem to the design of SSL and requires system or browser patching to fix. Likewise https://github.com/cabforum/servercert/pull/553 highlights that some browsers are very much encouraging frequent expiry and renewal of SSL certificates, but that's a system administration problem, not technically a client or server version problem.
As an end user who tries to stay up to date, I've just downloaded recent copies of Firefox on older devices to get an updated list of SSL certificates.
My problem with older devices tends to be poor compatibility with IPv6 (an addon in XP SP2/SP3 not enabled by default), and that web developers tend to use very modern CSS and web graphics that aren't supported on legacy clients. On top of that, you've HTML5 form elements, what displays when responsive layouts aren't available (how big is the font?), etc.
Don't get me wrong, I love the idea of backwards compatibility but it's a lot more work for website authors to test pages in older or obscure browsers and fix the issues they see. Likewise, with SSL you can test on a legacy system to see how it works or run Qualys SSL checker, for example. Browsers maintain forwards-compatibilty but only to a point (see ActiveX, Flash in some contexts, Java in many places, the <blink> tag, framesets, etc.)
So ultimately compatibility is a choice authors make based on how much time they put into testing for it. It is not a given, even if you use a subset of features. Try using Unicode on an early browser, for example. I still remember the rails snowman trick to get IE to behave correctly.
- Define the objective metric that you would use to assess a candidate's work ethic or reputation credit score. Would LinkedIn issue it, as if it were a popularity contest?
And come to think of it, actually, credit scores can be gamed. It's well known that when companies and territories get credit scores they are largely a con game, as in based on the conifdence the raters have on your future performance, and not objective reality.
Likewise, credit scores can be juiced and tools exist to help you improve them and track them. But a bad credit score doesn't always mean fiscal mismanagement. It could be loans from a predatory lender or due to a medical expense or something completely outside the context the credit check is to be used for. Credit scores tell you if someone has lots of money first, and if they are smart with their money second. People with financial means often have good credit scores but can be as likely to default if their circumstances change. Perhaps more likely if the amounts of money at play are greater. People got those subprime mortgages with great credit scores, somehow.
So... Yeah, credit scores for loans are a form of outsourcing of responsibilities. But the point is somewhat well taken. The equivalent in hiring to a credit score isn't to ask banks but to do reference checks and ask a network or former manager about a hire.
Credit scores can easily be discriminatory as much as criminal charges (without due process, at least) and other unfair systems. We just normalize it because it works for most people. We poke fun at it when other countries try to come up with e.g. a social credit score, though.
- Haven't looked into this too deeply but there is a difference between delaying a response (requests get stuck in the tarpit) vs providing a useless but valid response. This approach always provides a response, so it uses more resources than ignoring the request, but less resources than keeping the connection open. Once the response is sent the connection can be closed, which isn't quite how a tarpit behaves. The Linux kernel only needs to track open requests in memory so if connections are closed, they can be removed from the kernel and thus use no more resources than a standard service listening on a port.
There is a small risk in that the service replies to requests on the port, though, as replies get more complicated to mimic services, you run the risk of an attacked exploiting the system making the replies. Another way of putting it, this attempts to run a server that responds to incoming requests on every port, in a way that mimics what might run on each port. If so, it technically opens up an attack surface on every port because an attacker can feed it requests but the trade-off is that it runs in user mode and could be granted nil permissions or put on a honeypot machine that is disconnected from anything useful and heavily tripwired for unusual activity. And the approach of hardcoding a response to each port to make it appear open is itself a very simple activity, so the attack surface introduced is minimal while the utility of port scanning is greatly reduced. The more you fake out the scanning by behaving realistically to inputs, the greater the attack surface to exploit, though.
And port scanning can trigger false postives in network security scans which can then lead to having to explain why the servers are configured this way and that some ports that should always be closed due to vulnerability are open but not processing requests, so they can be ignored, etc.
- In this day and age that seems increasingly like a solved problem to most end users, often a client-side issue or using a very old method of generating a PDF?
Modern PDF supports font embedding of various kinds (legality is left as an exercise to the PDF author) and supports 14 standard font faces which can be specified for compatibility, though more often document authors probably assume a system font is available or embed one.
There are still problems with the format as it foremost focuses on document display rather than document structure or intent, and accessibility support in documents is often rare to non-existent outside of government use cases or maybe Word and the like.
A lot of usability improvements come from clients that make an attempt to parse the PDF to make the format appear smarter. macOS Preview can figure out where columns begin and end for natural text selection, Acrobat routinely generates an accessible version of a document after opening it, including some table detection. Honestly creative interpretation of PDF documents is possibly one of the best use cases of AI that I’ve ever heard of.
While a lot about PDF has changed over the years the basic standard was created to optimize for printing. It’s as if we started with GIF and added support to build interactive websites from GIFs. At its core, a PDF is just a representation of shapes on a page, and we added metadata that would hopefully identify glyphs, accessible alternative content, and smarter text/line selection, but it can fall apart if the PDF author is careless, malicious or didn’t expect certain content. It probably inherits all the weirdness of Unicode and then some, for example.
- It can vary by implementation need. Can you send a time-limited secret as a login link to someone's email as a replacement to entering or managing passwords? Can you use PassKeys? Or a simple username and password? (Password storage and management is left as an exercise to the reader.)
Part of the question is - why present a login? Do you need an identity? Do you need to authorize an action? How long should it last?
Generally, today, PassKeys are the "simple" authentication mechanism, if you don't need a source of third-party identity or can validate an email address yourself. (Though once you implement email validation, it is arguable that email validation is a perfectly simple and valid form of authentication, it just takes a bit more effort on the part of the user to login, particularly if they can't easily access email on the device they are trying to login on, though even then you can offer a short code they could enter instead.)
Frankly, the conclusion to "how to login" that I draw today is that you will inevitably end up having to support multiple forms of login, including in apps, browsers and by email. It seems inevitable then that you will end up needing more than one approach as a convenience to the end user depending on the device they are trying to sign in to, and their context (how necessary is it that they must be signed in manually vs using a magic link or secret or QR code or just click a link in their email).
I should also note that I haven't discussed much about security standards here in detail. Probably because I'm trying to highlight that login is primarily a UX concern, and security is intertwined but can also be considered an implementation detail. The most secure system is probably hard to access, so UX can sometimes be a tradeoff between security and ease-of-access to a system. It's up to your implementation how secure you might need to be.
To some, you can use a web-based VPN or an authenticating proxy in front of your app, and just trust the header that comes along. Or you could put your app behind Tailscale or another VPN that requires authentication and never login a user. It's all up to what requirements the app has, and the context of the user/device accessing it.
- PassKeys are definitely the future, they aren't just device-specific, they can be synced also. https://www.corbado.com/blog/nist-passkeys talks about this, though I'll admit I haven't read anything on the subject yet. But I can say that most implementations of PassKeys seem to cloud sync, including 1Password, Apple, Google, Edge, etc.
I should also add that PassKeys that are tied to devices are like FIDO2 security keys, you should be able to add more than one to your account so that you can login with a backup if your primary FIDO2 token is unavailable.
Likewise, SSO should ideally be implemented such that you can link more than one social network - and a standard email address or backup method - in addition to the primary method you might use to login with. It has always bugged me that Auth0 makes it much harder than it should be to link multiple methods of login to an account, by default.
- For browserless, I was referring to a 2019 article that I could have sworn was newer than that, on the need for OAuth 2.1 that also covers how they added OAuth for Native Apps (Code Flow) and basically a QR code version for TVs: https://aaronparecki.com/2019/12/12/21/its-time-for-oauth-2-...
As for SFAuthenticationSession, again my info might be outdated, but the basic idea is that there are often native APIs that can load OAuth requests in a way that doesn’t require you to relogin. Honestly most of those use cases have been deprecated by PassKeys at an operating system level. There’s (almost) no need for a special browser with cookies to your favourite authenticated services if you have PassKeys to make logging in more painless.
- Signal can be a bit weaker on the watch up here in Canada but is otherwise adequate. The problem with Apple Watch cellular when not using an iPhone to forward data is (1) battery life on LTE is terrible compared to data over Bluetooth, using wifi, or turning on airplane mode and (2) call forwarding from iPhone to Watch, on some Canadian carriers, is charged per minute due to a carrier bug (Telus) which you can call to get refunded but is still frustrating. Normally calls go to your iPhone and the voice is forwarded to the watch over Bluetooth, I believe. Basically the Apple Watch more often acts like an AirPod than a cell phone.
I end up carrying my iPhome with my Android phone to avoid this. I mount the iPhone to my bike/scooter when available using Quad Lock waterproof cases.
- It's fair to say that with OAuth the resource owner can choose to display a consent screen or not. For example, when consent is granted already, it can be skipped if the resource owner does not need it. Likewise, Google Workspace and other enterprise services that use OAuth can configure in advance which apps are trusted and thus skip permission grants.
Not to say the concern about redirects isn't legitimate, but there are other ways of handling this. Even redirects aren't necessary if OAuth is implemented in a browser-less or embedded browser fashion, e.g. SFAuthenticationSession for one non-standard example. I haven't looked this up in awhile but I believe the OAuth protocol was being extended more and more to other contexts beyond the browser - e.g. code flow or new app-based flows and even QR auth flows for TV or sharing prompts.
(Note I am not commenting on OpenAUTH, just OAuth in general. It's complex, yes, but not as bad as it might seem at first glance. It's just not implemented in a standard way across every provider. Something like PassKeys might one day replace it.)
- That's not where I thought this was going. I tried using DDG and Kagi and went back to Google. Google had more relevant, fresher results than DDG, and Kagi didn't have the same integration with Google Maps and often a smaller set of results for very niche queries. Google is still basically the internet - the entire internet - though in many ways they do still fall short. But breadth of content indexing and information about local places, Google is still king.
- > (Neither I nor anyone in my immediate family are overweight, by the way, so don't ignore my rant by assuming I'm being bitter about personal experience.)
If you haven't been living with extra weight for a decade, you wouldn't have the first-hand experience of why being overweight is definitely a symptom of and contributor to health issues as well as quality of life degredation.
> I have read numerous reports... > Besides, it's hard to know what the health effects really are of being overweight...
I can agree that being overweight is often what a doctor sees, but honestly any doctor that makes assumptions like that is not interested in root causes. They're trying to see as many patients as possible, e.g. as a GP, and offer fixes for what they can fix, and referrals to specialists for that which they can't fix with the usual prescription or advice.
All this to say that I really disagree with the first paragraph, and this entire post feels like just opinion despite conjecture on what numerous reports you've read.