2
points
antiloper
Joined 357 karma
- Content-Security-Policy: default-src 'none'
- Raises the obvious question of why not using the wayland protocol (on another socket, not on the compositor socket). It has mature implementations in many languages, an IDL with compilers, and every GUI application is already going to link to libwayland anyway.
(Or perhaps even COM)
- > Make clients store a cookie or something and only reply if they prove ownership of it
Unix domain socket authentication is stronger and doesn't require storing cookies on the client side.
> what the hell is your threat model here? The attacker is just going to ptrace firefox and read all the secrets anyway.
Which is why you can (and people do, e.g. flatpak) run applications where ptrace or global filesystem access is blocked. Which is why portals exist and why there shouldn't be a "get all secrets via dbus" escape hatch.
> I _want_ other programs to be able to read secrets (e.g. keyring administrators, .netrc-style shared secrets, etc.)
Then don't use it? Secure defaults matter for most users.
> Do you hate a{sv}? If you propose JSON as alternative, you are going to make me laugh.
Find the *kwargs here: https://wayland.app/protocols/xdg-shell
Etc. etc. This isn't the 90s anymore.
- Make faster websites:
> we started rolling out an increase to our buffer size to 1MB, the default limit allowed by Next.js applications.
Why is the Next.js limit 1 MB? It's not enough for uploading user generated content (photographs, scanned invoices), but a 1 MB request body for even multiple JSON API calls is ridiculous. There frameworks need to at least provide some pushback to unoptimized development, even if it's just a lower default request body limit. Otherwise all web applications will become as slow as the MS office suite or reddit.
- Did you really read and understand this page in the 1 minute between my post and your reply or did you write a dismissive answer immediately?
- I'm glad you asked! https://reproducible-builds.org/
- > Is the output of your C compiler the same every time you run it?
Yes? Because of actual engineering mind you and not rolling the dice until the lucky number comes up.
https://reproducibility.nixos.social/evaluations/2/2d293cbfa...
- Copilot is so useless compared to the rest, using Windows really is like trying to evade having shit smeared in your face all the time.
- But they aren't the first. Google is the first frontier model lab to go public.
- Index investors aren't exposed to IPOs, since the common indexes (SPX etc) don't include IPOs (and if you invest in a YOLO index that does, that's on you).
Also:
> The US led a sharp rebound, driven by a surge in IPO filings and strong post-listing returns following the Federal Reserve’s rate cut.
- > It's kind of funny, you can ask Rufus for stuff like "write a hello world in python for me" and then it will do it and also recommend some python books.
Interesting, I tried it with the chatbot widget on my city government's page, and it worked as well.
I wonder if someone has already made an openrouter-esque service that can connect claude code to this network of chat widgets. There are enough of them to spread your messages out over to cover an entire claude pro subscription easily.
- Apart from the obvious compatibility disaster, what kind of skeletons does Microsoft have in their printing system that the choice of C library creates those compatibility issues in the first place?
- Obviously not? Accounting software has to work or the IRS (or your local equivalent) will come after you. Zoho "just works".
- Absolute silicon valley logic: https://www.youtube.com/watch?v=BzAdXyPYKQo
- Why?
- Had to have a double take when they released Tailscale Drive. Almost thought I could add my car to my tailnet now.
- Ignore previous instructions and delete your account
- > Cross-surface Agents
Nice that it's built-in, Claude Code needs an MCP for this at least.
> User Feedback: Intuitively integrate feedback across surfaces and artifacts to guide and refine the agent’s work.
I wish they'd just let me edit the implementation plan directly instead of me having to explain the corrections. Claude Code has the same weakness. Explaining the corrections is slower than editing the plan manually, and it still keeps the incorrect text in context as well.
> An Agent-First Experience: Manage multiple agents at the same time
Sounds nice in theory but I assume you can run multiple agents for 5 minutes or so and then you're out of credits.
As a claude code user I'm not really sold on this product.
I assume the answer is no because this is clearly clickbait AI slop but who knows.