Pup Biru

going straight from nothing to 30g/day (RDI) absolutely causes diarrhoea because it irritates your gut lining

if you follow directions like metamucil has to increase by a g or 2 per week then you’ll be right

you also need insoluble fibre, and psyllium only has soluble fibre

adjacent YSKs:

• there’s soluble and insoluble fibre. you need both, and psyllium only has soluble fibre so it’s part of a larger fibre intake (carrots are pretty okay sources of insoluble fibre - snacking carrots, perhaps with hummus is great!)
• peanut butter also has surprisingly decent fibre in it: honestly insoluble fibre is everywhere
• if you plan on adding psyllium (or any fibre) to your diet, build up slowly! it can cause literally constant diarrhoea for weeks or more if you just whack 30g/day (RDI) straight into your diet all at once
• add some to pancake batter! you’ll want to add about 10-20% more liquid because it gels up, but it’s real easy to add and is basically unnoticeable

the vuln afaik is for remote code execution via basically a mechanism that’s kinda like a transparent RPC to the server (think like you just write frontend code with like a “getUsers” and it just automatically retrieves and deserializes the results so you can render the UI without worrying about how that data exists in the browser)

i’m not a front end engineer, and haven’t used react server components, but i am a principal software engineer, i do react for personal projects, and have written react professionally

i can’t think of a way it’d be exploitable via purely client-side means

i THINK what they mean is that you can use some of the RSC stuff without the RPC-style interfaces, and in that case they say the server component is still vulnerable, but you still need react things running on your server

a huge majority of react code is client-side only, with server-side code written in other languages/frameworks and interfaces with something like REST or GraphQL (or even RPC of course)

it looks like this only applies react server components, and it doesn’t look like element uses react server components

but i only had a quick skim; could be wrong, but personally i wouldn’t shut it down - not that im running a server myself

this is not something i’ve ever encountered, nor something that i’d ever expect from an LLM specifically… some kind of test-writing-specific AI? sure because its metric is just getting the thing to go green… but LLMs don’t really care about the test going green: they simply care about filling in the blanks, so its “goal” would never include simply making the test pass, and its training data has significantly more complete tests than placeholders

most things scale if you throw enough resources at them. we generally say that things don’t scale if the majority case doesn’t scale… it costs far fewer resources to scale with multiple repos that it does to scale a monorepo, thus monorepo doesn’t scale: i’d argue even the google case proves that… they’ve already sunk so much into dev tooling to make it work… it might be beneficial to the culture (in that they like engineers to work across the entire google codebase), but it’s not a decision made because it scales: scale is an impediment

that’s a good and bad thing though…

it’s easy to reference code, so it leads to tight coupling

it’s easy to reference code, so let’s pull this out into a separately testable, well-documented, reusable library

my main reason for ever using a monorepo is to separate out a bunch of shared libraries into real libraries, and still be able to have eg HMR

google does a lot of things that just aren’t realistic for the large majority of cases

before kubernetes, you couldn’t just reference borg and say “well google does it” and call it a day

i’d say it’s less that it’s inadequate, and more that it’s complex

for a small team, build a monolith and don’t worry

for a medium team, you’ll want to split your code into discreet parts (libraries shared across different parts of your codebase, services with discreet test boundaries, etc)… but you still need coordination of changes across all those things, and team members will probably be touching every part of the codebase at some point

for large teams, you want to take those discreet parts and make them fairly independent, and able to be managed separately: different languages, different deployment patterns, different test frameworks, heck even different infrastructure

a monorepo is a shit version of real, robust tooling in many categories… it’s quick to setup, and allows you a path to easily change to better tooling when it’s needed

You should really not need to do a PR across multiple repos.

different ways of treating PRs… it’s a perfectly valid strategy to say “a PR implements a specific feature”, in which case you might work in a backend, a front end, and library… of course, those PRs aren’t intrinsically linked (though they do have dependencies between them… heck i wouldn’t even say it’d be uncommon or wrong for the library to have schemas that do require changes in both the fronted and backend)

if you implement something in eg the backend, and then get retasked with something else, or the feature gets dropped then sure it’s “working” still, but to leave unused code like that would be pretty bad… backend and front end PRs tend to be fairly closely tied to each other

a monorepo does far more than i think you think it does… it’s a relatively low-infrastructure way of adding internal libraries shared across different parts of your codebase, external libraries without duplication (and ensuring versions are consistent, where required), and coordinating changes, and plenty more

can these things be achieved with build systems and deployment tooling? absolutely… but if you’re just a small team, a monorepo could be the right call

of course, once the team grows in size it’s no longer the correct option… real tooling is probably going to be faster and better in every way… but a monorepo allows you to choose when to replace different parts of the process… it emulates an environment with everything very separated

i’d say they’re pretty equivalent

a monorepo is far easier to develop a single-language, fairly monolithic (ie you need the whole application to develop any part) codebase in

(though as soon as you start adding multiple languages or it gets big enough that you need to work on parts without starting other parts of the application it starts to break down rather significantly)

but as soon as your app becomes less of a cohesive thing and more separated it becomes problematic… especially when it comes to deployments: a push to a repo doesn’t mean “deploy changes to everything” or “build everything” any more

i think the best solution (as with most things) is somewhere in the middle: perhaps several different repos, and a “monorepo” that’s mostly a bunch of subtrees or submodules… you can coordinate changes by committing to the monorepo (and changes are automatically duplicated), or just work on individual parts (tricky with pnpm since the workspace file would be in the monorepo)… but i’ve never really tried this: just had the thought for a while

you should still stop treating corporations like people: the death penalty shouldn’t exist for people

the zip file itself might also be generated (you can just tack random garbage into places in the zip format and it’ll be ignored - which is extremely quick to do), in which case the hash would change… the file itself is important in case it’s an exploit in the unzip program itself, but also the contents of the file is important

not entirely true. if the file downloaded, windows does a bunch of “helpful” things with files… these are almost certainly benign (eg rendering thumbnails, getting metadata about certain file types) but almost anything is potentially exploitable (eg overflow in thumbnail generation code could lead to code execution just from browsing a website and then opening your downloads folder in explorer)

drive-by attacks don’t just effect the browser

with that said, it’d be a huge deal if this was the reality of the situation… it’s highly unlikely, but zero days exist, and the possibility is always real

i say this because this has been exploited in the past with exactly the same scenario: preview generation

new fabs is iffy… samsung chose not to scale up production because they’re betting that the AI bubble is just a bubble, and in that case any change in the short term will be bad in the long term… building a factory for DRAM takes years: let’s hope the bubble of AI enshittification doesn’t last that long

similar with energy retailers in aus

the government even plays into it by having a web tool to compare energy plans, and roughly once per year my state pays people $100 just to compare deals (and then i usually spend 5min to switch providers and save ~$500/y)

so what they’re saying is you should cancel your subscription and keep deal-hopping around different providers i guess!

generally people think men are evil by default, and women are good by default

i think this is a misunderstanding of the dynamic

we see this play out pretty regularly with the “not all men” arguments and the like: men getting annoyed by women being careful, and taking “you could hurt me” behaviour as some kind of insult. the statement is true: not all men are evil to women, but any man could be evil to women and thus need to be treated as though it’s possible in order to protect themselves

also the emdash thing kinda proves that the majority of training data comes properly published works rather than user comments, and that the training methods merge “knowledge” from user stuff like reddit together with books and papers etc

deleted by creator