It costs tokens, so it helps the business model, so it’s not a bug but a feature.
It’s also a weird argument. You can only spend your money once, and the affected employees also chose to work for a bell-end like Altman (or Zuck, or Musk)
Fixing easy cases makes the list shorter, so enables more focus on harder cases. And it also signals that you actually do want to improve, just a little bit of boy scout rule goes a long way.
> for some reason the industry stubbornly refuses to solve the "cron job as a service" problem for end-users, whether on the web or in the OS. Such a service will always be destroyed by the bell-ends who want to run…
> cd -: The classic channel-flipper. Perfect for toggling back and forth. And not only cd. Gotta love 'git checkout -'
There will always be early adopters. And maybe more importantly: security tools and researchers.
Or even an autoincrement int primary key internally. Depending on your scale and env etc, but still fits enough use cases.
Most regex usage actually doesnt require near infinite backtracking, so limited unless opted in wouldn’t be that weird.
“Intuitive!”
NO. Please don’t spread wrong solutions. Your attempt has similarities to the idea behind Checking Sec-Fetch-Site. Implementing that header is the same amount of work. But this header is exactly meant for this purpose,…
No. The Regex DoS class of bugs is about infinite backtracking or looping inside the regex engine. Completely isolated component, just hogging CPU inside the regex engine. It may also have ‘DoS’ in its name, but there’s…
Backup/restore tends too look less important until it isn’t. ;)
Interferes with the business model. ;)
> Well, I don't think most folks could name a CEO of another car company. Yup, and I don’t care. I liked the brand better without the drama queen.
Spreading the message inside FB helps the mission. The people who already stopped don’t need to be convinced anymore. ;) But sure, ironic and counterintuitive.
Nobody said you shouldn’t do any due diligence. But 1 sprint vs 2 months of review really smells like ‘processes over people’. ;)
All true, but lets be honest: For the technical users searching a library, nothing beats having The Keyword being part of the name.
Yes. Just like the Log4j issue root cause. Too powerful and abstract features to wield securely. Or maybe if we keep intent out of it; features were added in a time when we all worried less about security and internet…
This comment and all siblings fight over PHP vs Pyhton etc, but that just isn’t the bottleneck in most apps. By far, for most apps, the biggest bottleneck is the database.
To be specific about static analysis: Lots of tools catch this. Sure, making some checks native would be nice, but for instance PHPStan always catches this, and more. Regardless of the ‘improve the language angle’: Is…
You’re technically right but that doesn’t matter. That you’re correctly using html forms won’t quickly lead to browser improvements.. so the result is that users will hate your forms. Users/your customer might possibly…
> I think it's the autocomplete in particular that leaks a lot of private data. That’s the beauty. The whole unified input can be presented as a UX simplicity gain, while this quote points at the actual business value.…
And 2 problems jn the fix: - It’s a specific symptom fix: The same problem could occur with $_COOKIE or $_REQUEST always being available - The cleanup is not done in a finally{}, so random missing vars when an exception…
Thanks for the clear words. :) But that still means both can go hand in hand! If user targeted ads and tracking is forbidden and a thing from the past, there’ll be less problems with having some proper statistical…
All posts like these, and all comments here up till now just don’t mention the Real Solution: Allow ads, forbid user targeted ads. If a site can not exist based on that instead of the current ads ‘needing 1337…
It costs tokens, so it helps the business model, so it’s not a bug but a feature.
It’s also a weird argument. You can only spend your money once, and the affected employees also chose to work for a bell-end like Altman (or Zuck, or Musk)
Fixing easy cases makes the list shorter, so enables more focus on harder cases. And it also signals that you actually do want to improve, just a little bit of boy scout rule goes a long way.
> for some reason the industry stubbornly refuses to solve the "cron job as a service" problem for end-users, whether on the web or in the OS. Such a service will always be destroyed by the bell-ends who want to run…
> cd -: The classic channel-flipper. Perfect for toggling back and forth. And not only cd. Gotta love 'git checkout -'
There will always be early adopters. And maybe more importantly: security tools and researchers.
Or even an autoincrement int primary key internally. Depending on your scale and env etc, but still fits enough use cases.
Most regex usage actually doesnt require near infinite backtracking, so limited unless opted in wouldn’t be that weird.
“Intuitive!”
NO. Please don’t spread wrong solutions. Your attempt has similarities to the idea behind Checking Sec-Fetch-Site. Implementing that header is the same amount of work. But this header is exactly meant for this purpose,…
No. The Regex DoS class of bugs is about infinite backtracking or looping inside the regex engine. Completely isolated component, just hogging CPU inside the regex engine. It may also have ‘DoS’ in its name, but there’s…
Backup/restore tends too look less important until it isn’t. ;)
Interferes with the business model. ;)
> Well, I don't think most folks could name a CEO of another car company. Yup, and I don’t care. I liked the brand better without the drama queen.
Spreading the message inside FB helps the mission. The people who already stopped don’t need to be convinced anymore. ;) But sure, ironic and counterintuitive.
Nobody said you shouldn’t do any due diligence. But 1 sprint vs 2 months of review really smells like ‘processes over people’. ;)
All true, but lets be honest: For the technical users searching a library, nothing beats having The Keyword being part of the name.
Yes. Just like the Log4j issue root cause. Too powerful and abstract features to wield securely. Or maybe if we keep intent out of it; features were added in a time when we all worried less about security and internet…
This comment and all siblings fight over PHP vs Pyhton etc, but that just isn’t the bottleneck in most apps. By far, for most apps, the biggest bottleneck is the database.
To be specific about static analysis: Lots of tools catch this. Sure, making some checks native would be nice, but for instance PHPStan always catches this, and more. Regardless of the ‘improve the language angle’: Is…
You’re technically right but that doesn’t matter. That you’re correctly using html forms won’t quickly lead to browser improvements.. so the result is that users will hate your forms. Users/your customer might possibly…
> I think it's the autocomplete in particular that leaks a lot of private data. That’s the beauty. The whole unified input can be presented as a UX simplicity gain, while this quote points at the actual business value.…
And 2 problems jn the fix: - It’s a specific symptom fix: The same problem could occur with $_COOKIE or $_REQUEST always being available - The cleanup is not done in a finally{}, so random missing vars when an exception…
Thanks for the clear words. :) But that still means both can go hand in hand! If user targeted ads and tracking is forbidden and a thing from the past, there’ll be less problems with having some proper statistical…
All posts like these, and all comments here up till now just don’t mention the Real Solution: Allow ads, forbid user targeted ads. If a site can not exist based on that instead of the current ads ‘needing 1337…