TehPers

We’re postponing the announced billing change for self-hosted GitHub Actions to take time to re-evaluate our approach.

How would age verification even work here? Would it work?

Depends on the exact wording of the law, but an attempt can be made. It would be a horrible waste of everyone’s time as well as require significant time investment from instance admins though.

The whole concept is idiotic, especially since even the most complex age verification schemes can be bypassed by using an adult to verify on behalf of a child (and most can even be bypassed with video game screenshots). You end up with the same system, functionally a checkbox asking if you’re old enough, but with all the added invasiveness and potential risk.

We had a Tacoma growing up and it was honestly a great car. Wasn’t too big to park, could fit a good amount in the bed, and had enough seats for five, though the second row was for the shorter passengers. It’s also still being driven today. We had a small car for commuting as well, and the Tacoma mostly functioned as a second vehicle (for when two people need one, helped when I got a license) plus for whenever we went to Costco.

This. People either want a giant diesel-guzzling truck, or they want a small efficient truck as their second vehicle for moving things around. Nobody’s looking for a giant EV truck, especially at that price.

All they had to do was make an EV Tacoma (size-wise). Instead, they made an EV F-150.

open to any feedback, always willing to learn

A common pattern with executable Python scripts is to:

• Add a shebang at the top (#!/usr/bin/env python3) to make it easier to execute
• Check if __name__ == "__main__" before running any of the script so the functions can be imported into another script without running all the code at the bottom

and then the company suffered a collapse and everyone got laid off.

This feels like the ending to most stories these days. My friend’s company shoved AI down his throat, and then the company suffered a collapse and everyone got laid off.

Do humans also go insane when you ask them if there is a seahorse emoji? If so, I have a fun idea for one of those prank videos.

Because Apple has no 1st amendment responsibilities. The government does.

The number of times I’ve been attacked over tone growing up tells me that I either had abusive parents, or and that how you say stuff matters a lot. Intonation can also turn a statement into a question or even make it sarcastic. Words come with baggage beyond their meaning, and using a word with negative connotations can turn a compliment into an insult.

I’ll ignore your last section since that’s a separate discussion and a poor explanation of the situation.

Many people believe Mangione is guilty based on all the evidence. Heck, from what I’ve seen, it seems incredibly likely. However, belief in that isn’t enough to condemn someone to either a life sentence or death penalty. While I might believe he’s guilty, I won’t be the one to state that he is, without a doubt, the one responsible for the murder because I have no evidence of that. This is what due process is for.

Many people don’t want him to be guilty because while he likely broke the law, the morality of his actions is a separate and more complicated matter. Depending on one’s morals, they may feel as though the murder was just. Whether you do or not is up to you. However, a lot of the commentary you’ll see online is going to be based on the commenter’s own personal views on the subject. This doesn’t mean the commenter believes he is innocent of a crime, but they may believe that his actions were just regardless of it being a crime (since law and morals are separate things entirely).

Your definition of concrete must differ from mine. I expect concrete, irrefutable evidence before accepting that somebody is guilty of a crime that carries a potential death penalty. I can only take your definition to be that an unsubstantiated belief must be concrete for some reason.

If you’re just using this to rant about being banned from an instance or something, your metaphor failed when you compared it to a criminal trial. Lemmy instance moderators can ban someone for any reason without it being illegal (usually). There does not need to be evidence of wrongdoing or even an accusation of any.

Some of the repliers even allude to this by using the justification that one discussion specifically involves murder, as if to imply (if that’s even the actual reason) that the allegations have to reach an oddly specific level to be treated with a certain level of rationale.

I have no idea what you’re trying to say, but allegations of murder must be substantiated with evidence, otherwise they can be libel.

I don’t think anybody on any Lemmy instance has evidence to prove things one way or another.

You can believe he is guilty, but please make it clear that is your belief. It would be a pretty widely shared belief as well. But to claim something so insignificant as concrete evidence of guilt during an active trial is idiotic.

Any website using CSR only can’t have a RCE because the code runs on the client. Any code capable of RSC that runs server and client side may be vulnerable.

From what I’ve seen, the exploit is a special request from a client that functionally lets you exec anything you want (via Function’s constructor). If your server is unpatched and recognizes the request, it may be (likely is) vulnerable.

I’m sure we’ll get more details over time and tools to manually check if a site is compromised.

Were those same people who were chased out being charged at both the state and federal level with murder?

I’m not the one recommending it lol.

If I had to guess, it’s to improve page performance by prerendering as much as possible, but I find it overkill and prefer to just prerender as much of the page as I can at build time and do CSR for the rest, though this doesn’t work if you have dynamic routes or some kind of server-side logic (good for blogs and such though).

I think their point was that CSR-only sites would be unaffected, which should be true. Exploiting it on a static site, for example, couldn’t be RCE because the untrusted code is only being executed on the client side (and therefore is not remote).

Now, most people use, or at least are recommended to use, SSR/RSC these days. Many frameworks make SSR enabled by default. But using raw React with no Next.js, react-router, etc. to create a client-side only site does likely protect you from this vulnerability.

I think it also doesn’t help that only 4XX (client error) and 5XX (server error) are defined as error status codes, and 4XX errors don’t even necessarily indicate that anything happened that shouldn’t happen (need to reauth, need to wait a bit, post no longer exists, etc).

Trying to think of what 6XX would stand for, and we already have “Service Unavailable” and “Bad Gateway”/“Gateway Timeout”, so I guess 6XX would be “incompetence errors”. 600 is “Bad Implementation”, 601 is “Service Hosted On Azure”, 602 is “Inference Failure” (for AI stuff), and I guess 666 is “Cloudflare Outage”.

It’s a republic, not a democracy.

(Or whatever people say these days to justify how the legislative and electoral systems are complete trash)

This is the actual answer with respect to Cloudflare. Their config system was fucked in November. It’s still fucked in December. React’s massive CVE just forced them to use it again.

More generally, the issue is a matter of companies forcefully accelerating feature development at the cost of stability, likely due to AI. This is how the company I’m at is like anyway.

That’s why your what wasn’t working?