This all old hat, unfortunately, and also a thing which will be gotten wrong by developers for years to come. Just shouting 'give me a regex for validating email addresses' will make an LLM like ChatGPT happily output bullshit suggesting some overlong regex which is flawed precisely as outlined by the linked article, even though no one is arguing for those long unmaintainable regexes once they've seen the light.
Ah well.
Where there is still room for improvement is in how email addresses are often made a little bit anonymous by a lot of websites. Did you ever see something like 'j*h@gmail.com'? Oh wow, that neatly leaves out John Smith's full name! Like showing only the last four numbers of an IBAN or credit card.
Except for us edge cases with a personal domain, where I then get 'm*l@myfullname.nl'. So stop that. Store it next to the bit of knowledge about validating email addresses — the bits of knowledge you use to correct junior developers and senior idiots.
I just tried this with Claude Opus 4.8 and I think it don't see any of those issues:
The first sentence is that there is no single regex that perfectly validates every technically valid email address. I think that is a good start.
It then recommends the regex used for <input type="email"> and explains that this would cover the majority of email addresses used by actual people. It also shows an improved regex that handles dot-atom local parts, quoted strings, domain names, and IPv4 domain literals, but doesn't cover things such as comments, full IPv6 literals, or internationalized addresses.
It ends with the only correct advice (in my optionion): Send a confirmation email.
Does it say 'don't bother with a regex beyond checking it contains an @ surrounded by arbitrary pieces of text?' This still sounds like it is leading developers to conclude that they should use a too complex regex and then send a confirmation email.
Claude Sonnet says:
> A practical email regex that covers the vast majority of real-world addresses:
>
> ^[a-zA-Z0-9._%+\-]+@[a-zA-Z0-9.\-]+\.[a-zA-Z]{2,}$
Which is still way more complex than needed (and takes effort to read), and buggy according to years of blog posts written about this topic.
Of course the problem is the developer asking for a regex at all, but the must-regex-email instinct seems heavily engrained in our collective psyche.
The classic 'those guys did something bad, so I am going to go with the guys who are absolute assholes doing several orders of magnitude more bad things now instead' response.
That usually means that whoever utters it was just looking for a sycophantic excuse to go with the bigger threat because it is more convenient to them (for now).
It's remarkable how often this happens, isn't it? One incident of someone not living up to standards is suddenly an opportunity to abandon standards and go with known bad actors. It's like people giving up on the MSM and immediately latching onto propaganda Youtubers instead.
People latch onto consistency and hypocrisy as their filters.
The problem is that anyone trying to actually be better is usually inconsistent and hypocritical at some level as in that "you criticize society, yet you participate in it" comic.
If you attempt to filter out all traces of hypocrisy from your trusted sources, you wind up listening to the absolute worst people.
The people trying to do better are usually the ones struggling with conflicts and inconsistencies.
As a user at least I have an option to use ublock origin extension in Firefox. So I'm somewhat grateful I can still browse the net peacefully and safely.
I'm getting spam and harassment from accounts promoting Israels eurovision contestant, on IRC, in 2026.
It's every year and probably on all newer socials too.
Some just link Israels submission urging channel members to vote for it. Some join and casually but randomly for the channel bring it up "are you guys watching Eurovision this year?" asking what people's favorites are and saying Israel is their favorite (always ends in name calling when someone says Israel sucks or isn't their favorite).
If this isn't automated id love to hear from the people behind it some time. Nice feeling relevant on irc in TYOOL 2026
It's an unfortunate Dutch way of doing things. The firm believe that the market will solve it if you have a contract that says thing will be solved. Write a tender, pick the cheapest party, trust in contracts, hope it won't break before you (the external contractor pushing for it) move on in a few months time.
The people who pointed out that none of the moving parts of DigiD should have been outsourced were ignored until the tide shifted this year.
I'm honestly surprised the government decided to intervene. The usual method is to keep on believing in the signed piece of paper until the shit hits the fan (like with the Fyra high speed trains) — never mind that the US (where the buyer is from) is not likely to give a toss about those pieces of paper if they need something from our data.
It's important to add the context that whenever our government tries to do something by themselves it ends up late and severely over budget.
So you have to weigh the risks of outsourcing to the risk of the whole thing becoming very late and very expensive. The risks around outsourcing are something further down the line, the risks of everything becoming expensive and late are something that will give the responsible politician a headache now.
I work (and always has) in the private sector and we can be even better at ending up over budget and be even later at delivery. I don’t believe for a moment that the government has a monopoly on underachieving!
The problem isn’t public or private, it’s incentives.
If the private company is granted a defacto monopoly, it doesn’t matter that they’re a “private” company, they will have the same incentive and accountability problem.
What we know for certain though: Government taking over something is definitionally a monopoly and 99.99% of government employees are not subject to the accountability mechanism of elections.
Historically, the largest boondoggles of waste have always come from government, given they can legally hold a gun to your head and take 50% of everyones money to fund their “projects.” Private companies can’t take your money by force, unless being given those contracts by government. So again, the the incentive issue fundamentally arises from an entity being entitled to gather assets using violence rather than voluntary exchange.
Expat/kennismigrant here - it's same "ends up late and over budget" for literally every country (and private businesses).
What Dutch government/politicians seems to be "ahead" compared to other countries - is combination of narrow or short sightedness and (over)correction trough rules, laws and regulations.
Like giving subsidies and tax breaks for electrical cars, rooftop solar panels and mandating household switch from gas (LPG and such) to electric heating and cooking. And ignoring industry professionals for decades saying the distribution network won't scale.
More of the same with stuff like 30% tax rule for expats, which was originally introduced as cost saving measures because actually doing bookkeeping for expatriate expenses was costing government more money. But then more recently expat tax breaks have been reduced and phased out "because cost saving". Meanwhile employers have trouble finding highly skilled workers. And we're limiting numbers of foreign students in universities (by forcing them to do it in Dutch instead of English).
Some Bulgarians cheated/defrauded Dutch tax returns or such - and "solution" was ML/AI reviewing things - but it turned out to be broken/biased and (ab)used for other things - leading to the whole toeslag scandal and government resigning.
Same for nitrogen vs lack of housing... And many more.
> ignoring industry professionals for decades saying the distribution network won't scale.
Who says that? The British National Grid says the opposite. Or is it specifically the Dutch network that would not handle the changing requirements? If so what makes it special?
Outsourced stuff is late and expensive too, just not directly the responsibility of the minister or secretary of state because of the magic piece of paper in between.
IT is hardly something we need to do occasionally, so build up a department that can do it (not just write up huge reports about what it should do and outsource, like Logius) and invest in the people that will work there (retaining them as much as possible). Give a big middle finger to consultants, and listen to the tech experts. Build boring stuff that works instead of a new app every month.
It's not impossible in theory, and cheaper in the long run. It's impossible because asshats who would actually benefit from left and centre politics keep voting right-wing parties in to power.
I agree that the government should do IT in house, ideally, because it's a core business for them. The reality is that it is very hard to attract and retain good IT staff on a government salary. The people who need to manage all that in a cost-effective way are especially hard to find.
So we end up with expensive consultants doing the work. Consultants have the wrong incentive. They don't want to stay in one place to long because it looks bad on their resume and overruns mean more money for them.
So really, I can see why a seasoned politician chooses the safest option for him. By the time an overrun occurs he will have moved on to the next job. I don't think left or right-wing politics has much to do with this dynamic. How will a left-wing politician magically get capable IT staff that higher paying industry can't even get enough of?
By attempting to? There is a huge and I would argue growing number of talented people who are dismayed by what the tech industry has become and would actively want to work on values aligned projects
Create a rule that moves messages with real email address to spam where they are deleted as soon as needed, then create tmp2026 alias to serve as your new default email address.
Sending those thousands of requests is something your mail client does for you. Deleting 5000 emails takes a few minutes, but how often do you do that? I can select a bunch of emails in Thunderbird and just do stuff with it just fine.
For server side filters I just set them up in Fastmail using the web UI. That's the type of action I do once or twice a year, so totally OK to hop on over to the web app for just that.
I have no idea what you mean by 'push notifications'. I have Thunderbird open on my desktop, and it shows me when there is email. I have K9 on my smartphone, and it shows me when there is email (I don't have it set up to display notifications, but that seems possible). That's basically all I need to do email.
I'm fine with the static ads in the digitised print edition and the paper edition I get on Sataruday (even though I find some objectionable), but I block any and all digital ads with uBlock Origin, whether I'm a subscriber or not. I pay for a good national newspaper; they either make do with that or lose me as a long-time subscriber.
Who are those people? Those perpetually amused folk who feel not a bit of rage when a dickover is slapped in their face, and for whom entering their e-mail address in the dickover is actually a thing they would seriously consider?
And a lot of the time pressing back will take you to some other article on the website instead of where you came from. Because the site used history.pushState in JavaScript to manipulate your history.
Ah well.
Where there is still room for improvement is in how email addresses are often made a little bit anonymous by a lot of websites. Did you ever see something like 'j*h@gmail.com'? Oh wow, that neatly leaves out John Smith's full name! Like showing only the last four numbers of an IBAN or credit card.
Except for us edge cases with a personal domain, where I then get 'm*l@myfullname.nl'. So stop that. Store it next to the bit of knowledge about validating email addresses — the bits of knowledge you use to correct junior developers and senior idiots.
reply