The software had a limit on the size of the feature file that was below its doubled size. That caused the software to fail.
this is not a rust problem… nor was the original problem of code writing entries to a file multiple times, and nor is the thing that made it worse: propagation of the poisoned file
the cloudflare issues were configuration… they have nothing even remotely relayed to any of this
because this is researched, ready, has worked its way some of the way through courts, has strategy, etc
something new starts from scratch
pivoting all over the place is the point of the tactic: doing so many bad things that there’s nowhere for the opposition to focus
github copilot is fantastic for exactly this reason… completes a few lines, auto corrects, automatic find and replace, automatically fills a 3 line function body that would otherwise be an extra dependency
and these browsers are specifically not that… these browsers are intended to do things like categorise tabs, complete forms, etc automatically without your interaction
of course they’ll ask before they do things they consider destructive, but what they consider destructive and what a malicious actor can use are very different things
some of that is certainly benign, but the point with prompt injection is that it can take benign things and make them plausibly malicious
imo anything firefox-based until servo or ladybird matures
i use waterfox, i know a lot of people use librewolf
remember that switching to anything chromium (like vivaldi, brave) still gives google power. on web standards at least, mozilla still fights for us (and is arguably the only one protecting us from shit like putting tracking stabdards directly into the web spec)
how dare you not recommend espresso martini’s
anyone who designs a computer system without escape hatches when it’s wrong isn’t an engineer; they’re a fucking fraud
the single most important thing to understand about software is that no matter what, it will fail… if there are no ways for the people-system to force it right, it’s an enormous liability
sometimes stores have sales that includes gift cards so you can get $500 of apple credit for 20% off
huh i swear the republicans were all about… what was it… states… lefts? privileges?… hmmm… can’t be states rights: that would be hypocritical as fuck
this law covers the fediverse. aussie.zone now has a verification process
i agree with the above commenter: something should be done, but this is the wrong way to do it… it creates problems and effectively solves none
real vibes of
The laws of mathematics are very commendable, but the only law that applies in Australia is the law of Australia.
- Malcom (cunt) Turnbull - a conservative ex-PM
well then if it’s hurting the right people
i think their reasoning for the change also was that it’s easier to read for certain people with disabilities
… so that’s where they get the DEI part from
… but… wasteful? what the actual fuck
don’t you know the tariffs aren’t working because of the ACTIVIST JUDGES?!
don’t you know that CRIMINAL IMMIGRANTS are cheating the system?
don’t you know that RADICAL DEMOCRATS are needlessly non-compliant with ICE and THATS why it’s not all sunshine and rainbows?
don’t you know that CANADA is to blame for the lack of tourism?
i completely agree, i just don’t think that particular line of reasoning (not taking into account anonymous sites) proves that
if they wanted to do it properly, they’d have a system that integrates with mygovid that sites can integrate with via some oauth-like flow (login with facebook, login with google, etc: but verify with mygov), and the only thing the site gets back is a “yes over 16”
the government has this data; there’s no reason anyone else should see it
of course that’s also assuming the whole concept is a good idea, which is absolutely not… it’s wallpapering over a massive problem whilst solving absolutely nothing and causing issues
i agree that it’s not about protecting kids - is it ever? - but i also think that IF this were something conducted in good faith (it’s not), then the process would be pretty similar: gated access is the easy fix, so you work that out first (like a minimum viable product), and then work on the harder parts later
the american economy is huge not because it’s special… the american economy is huge because it has a default position, and it has that because it was friendly for collaboration: america is what it is because the rest of the world has settled on it being what it is
what’s the bet the netflix deal will be blocked by the SEC and then this one goes through for way less money because it’s clear anything else will be blocked
the vuln afaik is for remote code execution via basically a mechanism that’s kinda like a transparent RPC to the server (think like you just write frontend code with like a “getUsers” and it just automatically retrieves and deserializes the results so you can render the UI without worrying about how that data exists in the browser)
i’m not a front end engineer, and haven’t used react server components, but i am a principal software engineer, i do react for personal projects, and have written react professionally
i can’t think of a way it’d be exploitable via purely client-side means
i THINK what they mean is that you can use some of the RSC stuff without the RPC-style interfaces, and in that case they say the server component is still vulnerable, but you still need react things running on your server
a huge majority of react code is client-side only, with server-side code written in other languages/frameworks and interfaces with something like REST or GraphQL (or even RPC of course)
“complicit” is the word