![](/static/790fef6/assets/icons/icon-96x96.png)
![](https://lemm.ee/api/v3/image_proxy?url=https%3A%2F%2Flemmy.world%2Fpictrs%2Fimage%2Fdb7182d9-181a-45e1-b0aa-6768f144911a.jpeg)
Anyone with a brain saw that this was the goal all along.
Anyone with a brain saw that this was the goal all along.
Usually it’s even dumber than that. Shows use the logos to try to blackmail large companies into paying them for “advertising”, and if the companies don’t pay up they censor the logos.
The problem is that Republicans don’t vote for a candidate they vote for a party. The Republicans could run Hitler’s reanimated corpse as their candidate and as long as it had that R next to its name it would get their vote. Democrats on the other hand are much more likely to not vote for or not even show up to vote at all for a candidate they don’t particularly like. It’s why good Democrat candidates always beat Republican candidates of any kind, but bad candidates usually lose. Democrats massively outnumber Republicans, but the Democrat party nearly always runs the worst possible candidate. If Republicans win any election it’s not because they had a good candidate, it’s always because Democrats ran a bad one.
It’s an interesting point but I think it kind of confuses two different but related concepts. From the perspective of the library author a vulnerability is a vulnerability and needs to be fixed. From the perspective of the library consumer a vulnerability may or may not be an issue depending on a lot of factors. In some ways severity exists in the wrong place, as it’s really the consumer that needs to decide the severity not the library.
A CVE without a severity score I think is fine. Including the list of CWEs that a particular CVE is composed of I think is useful as well. But CVE should not include a severity score because there really isn’t a single severity but a range of severities depending on specific usage. At best the severity score of a CVE represents a worst case scenario not even an average case, nevermind the case for a specific project.
Yeah, our security team once flagged our app for having a SQL injection vulnerability in one of our dependencies. We told them we weren’t going to do anything about it. They got really mad and set up a meeting with one of the executives apparently planning to publicly chew us out.
We get there, they give the explanation about major security vulnerability that we’re ignoring, etc. After they said their bit we asked them how they had come to the conclusion we had a SQL injection. Explanation was about what you’d expect, they scanned our dependencies and one of the libraries had a security advisory. We then explained that there were two problems with their findings. First, we don’t use SQL anywhere in our app, so there’s no conceivable way we could have a SQL injection vulnerability. Second our app didn’t have a database or data storage of any kind, we only made RESTful web requests, so even if there was some kind of injection vulnerability (which there wasn’t) it would still be sanitized by the services we were calling. That was the last time they even bothered arguing with us when we told them we were ignoring one of their findings.
It’s a good idea to be aware of any security advisories of your projects dependencies, but it’s also equally important to be aware of your actual attack surface and audience. It for instance may not matter to your entirely offline and utterly unprivileged app that there’s an arbitrary code execution flaw in one of your dependencies because any theoretical attacker is the user themself and they would only be executing code they already had the capability to execute. On the other hand such a flaw in other circumstances could be absolutely critical. It’s really down to you as the author of the code to evaluate any security advisories through the lens of your codes expected use cases.
So I listened to that entire video and I still don’t know what corporatism actually is. There was a lot of talk about how various fascist regimes were corporatist and how it’s about all the classes working together, but no actual explanation of what that means in practice.
It’s encoded as a regex which you can find here: https://github.com/LemmyNet/lemmy/blob/78702b59fd56f767f3d5612bfd60e294979f91f8/crates/utils/src/utils/slurs.rs#L74
It’s honestly not a terrible list, but there’s at least one entry in there that falls victim to the scunthorpe problem, and it sucks that it’s not something administrators can easily customize.
Edit: looking through the PRs it seems like they made the filter customizable at some point, so this is a little outdated. The whole communist thing still applies though.
They run lemmygrad and are dedicated communists, as well as having a very opinionated “bad words” filter that’s hard coded into the lemmy server software and not configurable without building it yourself.
Edit: commented below, but it looks like at some point they added the ability to customize the bad words filter as part of the site config, so that part doesn’t currently apply. Early on there was a bit of drama about the original hard coded version though.
Most of the tools that make an IDE an IDE. Refactoring abilities are very limited and basic. Quickly navigating complex code bases becomes tricky. The code completion and type annotations are often missing or just plain wrong. When compared to something like essentially any IDE offered by JetBrains it just doesn’t stack up. Prior to RustRover being released I briefly tried to use VS Code for Rust using its LSP plugin, but it was just really bad in general, it utterly failed to analyze the code and provided almost no contextual help.
Absolute best case scenario, Biden dies of natural causes and Trump rots in jail. Only concerning thing in that scenario is that I’m not convinced Trump being in jail is enough to stop the morons from voting for him.
In before they nominate fucking Hillary… again. It would be one thing to claim name recognition if people actually liked Biden, but nobody fucking likes Biden. People stomach Biden because the alternative is so much worse. This is why we so desperately need some kind of proportional voting system, literally any kind. The public needs a way of telling the parties “here’s how we feel about these issues” without it being a binary choice between bad and even worse.
Or how about how the bible was used as an excuse to try to keep Americans dumb and ignorant. An excellent example of exactly where the Bible fits into American history.
Not sure how to say this without sounding like a bit of an asshole, but why should we care? What does Theia do better than VS Code? For some relevant context I don’t consider VS Code to be a good IDE, but it’s not a bad editor. I use it when I need to crack open some random file (typically markdown or JSON) with maybe a bit of syntax highlighting, but I would never use it for programming.
Article was a bit light on who the intended audience is for Theia. VS Code’s big selling points are that it’s super fast to open and has a robust extension ecosystem, is Theia going to provide the same, and how are they planning to convince current VS Code users to switch?
It’s Japan, I’m sure somebody is planning to.
That’s one of the things, but it’s also adding a dedicated sidebar for AI. That’s the sort of thing that should just be an extension, there’s absolutely no reason at all why that needs to be something built into the browser.
Developers should be providing alt text themselves, but in cases where they aren’t having a local image recognition model running to provide a description isn’t terrible as long as it’s either 100% local or completely opt-in.
The dedicated sidebar on the other hand feels very much like a cheap attempt to cash in on the AI fad.
You shouldn’t underestimate people’s tendency to just do what they’re told and not rock the boat. Network head likes Trump interviews because it generates views, which attracts advertisers. Trump is a petulant child and will refuse to do interviews with any network that points out he has the mental capacity of a child. So the network head mandates that nobody is allowed to question Trumps mental state for fear of him refusing future interviews. Since their boss said so, the network talking heads just go along with it.
As for the politicians, they can’t recalibrate to the reality that is Trump. They’re used to playing political chess with their equals and along comes the pigeon known as Trump to walk all over the board knocking pieces over and shitting everywhere. They literally have no playbook to deal with him. Normally this would be where the “referee” steps in which depending on context would be a debate moderator, the Supreme Court, or Congress, but the debate moderators won’t touch him because of the previously mentioned reasons, the Supreme Court has been stuffed with puppets that have a vested interest in protecting him, and Congress is so deadlocked and dysfunctional they can’t even pass legislation with bipartisan support nevermind impeaching him.
Trump is the perfect storm of everything the US political system was never designed to counter. Every single check that was supposed to prevent this sort of thing has either been subverted or just plain failed because the supposition it was built on was faulty. He has highlighted that far too much of the US political apparatus has functioned purely by convention and concepts of fair play and as soon as someone came along that didn’t give a shit about any of that it all crumbled.
That’s a shame. If you can convince them to use TypeScript that would be for the best, otherwise good luck, you’re going to need it. I can’t say you couldn’t pay me to write JavaScript, but I can say what I would demand to do it is way more than anyone would be willing to pay.
Been running Windows 10 on my gaming desktop for a while now and refusing to “upgrade” to 11 because of how much worse it was. Going to be doing a hardware refresh in a couple months and when I do I’m installing Linux. Thanks to Valve and a few major open source projects Linux gaming has finally reached a point where I can tell MS to fuck off with their enshitification.
I’ll save you a click, they’re sulfur crystals. This is interesting because although they can naturally form in volcanic regions this area is non-volcanic. The other way they naturally form is via microbial actions which may offer a clue about Mars past.