Asbjørn

I still see this mistake in most .NET APIs. The endpoint accepts a query parameter, runs an async DB call, and returns the result. Looks fine. But there is no CancellationToken anywhere. The user closes the tab. The mobile client times out. The load balancer drops the connection. The server does not care. It keeps running the query, holding the connection, allocating memory, racing toward a result nobody is waiting for. .NET can handle this, actually. Every endpoint can accept a CancellationToken parameter, and the framework wires in HttpContext.RequestAborted automatically. Pass it down to EF Core, HttpClient, file IO, channels, any async call. The moment the request is aborted, those operations stop. The DB query is cancelled mid-flight. The HTTP call is dropped. The connection goes back to the pool. Two scenarios where this is the difference between healthy and on fire: A burst of users hammering a slow search endpoint. Half rage-click and abandon. Without the token, the server runs every query to completion. With it, the abandoned ones drop in milliseconds and the pool stays open for the users who are still waiting. A long-running export that fails halfway. The client retries with new parameters. Without the token, the old export keeps grinding for two more minutes while the new one queues behind it. With it, the connection abort frees the worker immediately. The change is two parameters: one on the endpoint, one on the data access method. That is it. The counter I hear: "what about background work that should not be cancelled?" Fair. Pass CancellationToken.None explicitly for those, and the intent is documented right in the signature. Every async IO call in your codebase should accept and propagate a CancellationToken. Are you already using this on your codebases?

A dad took a photo of a rash on his sick toddler so the doctor could see it over video. It saved to Google Photos by itself. Two days later Google had wiped his email and phone number and reported him to the police for child abuse. The police looked into it and cleared him completely. Google still would not give his account back. That same year another dad in a different state went through the exact same thing, and the New York Times wrote about both of them in 2022. The manga artist in this post fell into the same machine. Anything you save to Google Drive or Google Photos gets scanned and turned into a kind of digital fingerprint, a short code that stands in for your file. Google compares that code against a huge list of files it has already banned, like pirated movies or known abuse photos. The newer software does not even wait for a match. It looks at a picture it has never seen and makes its own guess about whether you broke a rule. When the software flags you, the damage does not stop at one file. Your Google login is also your YouTube, your photos, sometimes your phone service, and the button you click to log into dozens of other websites. One flagged upload can lock you out of all of it at once, which is how the artist lost things that had nothing to do with Drive. This post asks how long Google has been doing this, and the numbers answer it. In a single six-month stretch, Google reported more than a million files to the national center that tracks child-abuse material and shut down about 270,000 accounts. Some of those people did nothing wrong, like the two dads. Getting back in is nearly impossible. A law from 1996 gives tech companies broad legal cover for decisions like this, and the fine print you agreed to lets Google shut your account whenever it likes. The dad the police cleared never got his back, even after officers confirmed he had done nothing wrong. Anything you upload to Google can be scanned by software with the power to shut down your whole online life on its own, before a single person ever reviews the decision. The manga artist is just the latest to find that out.