Worth calling out that CopyFail can be trivially patched. I did so on my personal devices + remote servers. The attack vector is apparently only typically utilized for exploits anyways, it supposedly has little practical/legitimate use.
It depends on the time of day, but #emacs, #nethack, #archlinux, #lobsters, #security, #openbsd usually have enough users for good convos. It depends on what you are into, really.
A little off-topic, I honestly don't think it's as much as the browser interface that needs to be reworked as it is the idea of operating systems in general.
I don't know what the right answer is, but having used Niri/Wayland vs. GNOME vs. Windows vs. Mac... I will never go back to a non-tiling desktop and a none-kb driven workflow for desktop window management.
If the Democrats run on legalization they have already lost. Quite no one literally gives a shit about this besides the marginalized people it's going to affect negatively the most.
Can we move on to more important and substantive topics? Something something files.
I think "legalize it" in the platform is more likely to help a democratic presidential candidate than hurt one. Specifically, I think it might attract more liberal voters to the polls in swing states with illegal weed such as GA, NC, and WI.
I agree that I would expect a serious candidate to come with much bolder ideas, but it can fit into a platform in the same way "no tax on tips" fit into the 2024 election. One of many good ideas that will motivate a certain niche of voters.
I think the problem is the way we are using these "secrets" services traditionally. The requesting process/machine should NEVER see the Oauth client secret. The short-lived session token should be the only piece of data the server/client are ever privy too.
The service that encrypts the data should be the ONLY service that holds the private key to decrypt, and therefore the only service that can process the decrypted data.
The service wouldn't have access to the refresh token? How does authentication with the client-secret-holding intermediary work?
It's easy to see how this would work with sufficiently sophisticated clients in some use-cases, say via a vault plugin, but posing this as a universal necessity feels like a big departure from typical oauth flows, and the added complexity could be harmful depending on what home-grown solutions are used to implement it.
Ah, Theo with his vast insights and connections into everything. That man gets around, and his content is worth it's cost.
Theo's content boils down to the same boring formula.
1. Whatever buzzword headline is trending at the time
2. Immediate sponsored ad that is supposed to make you sympathize with Theo cause he "vets" his sponsors.
3. The man makes you listen to a "that totally happened" story that he somehow always involved himself personally.
4. Man serves you up an ad for his t3.chat and how it's the greatest thing in the world and how he should be paid more for his infinite wisdom.
5. A rag on Claude or OpenAI (whichever is leading at the time)
6. 5-10 minutes of paraphrasing an article without critical thought or analysis on the video topic.
I used to enjoy his content when he was still in his Ping era, but it's clear hes drunken the YT marketer kool-aid. I've moved on, his content gets recommend now and again, but I can't entertain his non-sense anymore.
I just wanted to chime in and say I think he is knowledgeable; he's not a con. I know you didn't say that, but people might have the impression he doesn't know what he's talking about. He does know, and I've learned quite a lot from him in the past.
However, since the LLM Cambria explosion, he has become very clickbaity, and his content has become shallow. I don't watch his videos anymore.
Not that I ever had confidence in his technical knowledge, but it went to zero when he confidently asserted that there was no possible way a single server could handle the massive traffic some NextJS app he had made was serving. He then posted the bill - which was about $5K IIRC - and I was able to determine from the billed runtime and memory that a modestly-spec’d RPi could in fact handle it.
He's about as knowledgeable as the junior you hired last week, except that he speaks from a position of authority and gets retweeted by the entire JS slop sphere. He's LinkedIn slop for Gen Z.
I don't watch his content, but I felt comfortable posting his link as I believe he's generally considered a reputable guy? His tweets sometimes come up in my for you tab and he seems reasonable and knowledgable generally? Maybe I'm wrong and shouldn't have linked to him as a source.
He's kind of like an LLM in that his content has the surface texture of something substantial, and sometimes it's backed by substance, yet it's often half-true or totally off the mark too. You'll notice if you're previously acquainted with what he's talking about, otherwise he seems to be as you described.
I don't think he's a bad guy or that he's trying to be misleading. I suspect he wants his content to actually carry value, but he produces too much for that to be possible. Primarily he's a performer, not a technologist.
There's a difference between releasing your tax returns, being compelled to release your tax returns, and someone leaking your tax returns.
The notion that it's a gentlemanly tradition means nothing. Codify it into law if releasing tax returns is such a big issue. In this case particular, I don't think the leaked tax returns have produced the effect that was desired, so it seems silly that this is what it has resolved to. I wonder if it ever mattered at all, given what we know about Trump nowadays.
Ultimately it's the rich people on the hill pulling all strings, the rest of us are just left to hold the bag.
This article has instructions on how to self-patch: https://www.bleepingcomputer.com/news/security/new-linux-cop...
reply