Meanwhile, .tech exists and is not country-specific but is far less popular for some reason.

Simple answer: length.

Two chars look a lot better than something with more chars, and all two chars TLD are ccTLDs.

But then it is the developers fault, never management

Only issue I see is that the 8 chars required is very short and easy to brute force. You would hope that people would go for the recommended instead, but doubt it.

Re: Downvote bots. I can’t say they’re necessarily bots, but my instance has scripts that flag accounts that exclusively give out downvotes and then bans them. That’s about the best I can do, at present, to counter those for my users.

It is usually not a good idea to specify what your exact metrics are for a ban. A bad actor could see that and then get around it by randomly upvoting something every now and then.

There is also the risk of homograph attacks. The link below is for domain name encoding via IDN, but the same applies to usernames. You could easily impersonate another user by having chars that look similar.

https://en.wikipedia.org/wiki/IDN_homograph_attack

What I meant was that if you are returning 404 for example when a user doesn’t exist. You can’t tell if the user doesn’t exist or someone changed the API to remove the endpoint.

But forcing HTTP codes without a moment to think it through seems to be the new fad.

The clown, but flipped with a success field. If it is true then command succeeded, if it false something was wrong and there should be an error field as well.

HTTP codes should be used for the actual transport, not shoe-horned to fit the data. I know not everyone will agree with this, but we don’t have to.

Rounded corners tho… <shudder>

Just a small gif (as png didn’t exist/widely supported) that had the rounded corner. Then if someone wanted to change the color or background you would have to redo all the images. Fun fun.

And ethernet port!

And if it succesful, or at least passenger doesn’t boycott them over it, it is just a question of time until other airlines adds it as well

Different workflows.

Or maybe it is a feeble attempt to annoy people that sign up with foo+service@somewhere.com and then sort it into different inboxes (of course you can filter on other things but + is built into gmail). You can also use it to see who sold your info when you get spam on that adress.

Sure, but not symetric

You can sell high karma accounts to spammers.