any nodejs based framework ( react, vue, angular, … ) (npm)
python …
All of the above are chuckful of dependecies upon dependencies, and webdev stacks are the worst of them. They make it VERY hard to make software that requires any security related certification because of the dependency hell…
I swear to god, all those frameworks are designed so badly when looking at dependency hell …
Who can we blame though? If we need something simple as sed, yes, go ahead and have a great security scan report. Web development has a complexity to make a dog puke so naturally you can’t practically write every line of code by yourself. The choices are either trust those package maintainers will maintain their software regularly, or build no web application.
I mean, to some degree i believe you are right. I myself manage a .net library to parse barcodes. However, webdev has layers upon layers upon layers of dependencies. The advantage is that even my cat could make a website. The downside is it will be horribly inefficient because of those layers of dependencies. 90% of what they bring is stuff you dont need and are in the way. Or you use, but because youre going through all those layers, its fucking slow.
This applies to desktop dev too, but less hard than webdev. Most of the webdev development i just question why something was created and most of the time i can only conclude its because of some hack job and something missing. So they take a huge library and use only part of it for something. Its just… Eug
I am i developer/lead that likes to make things as small and efficient as possible and that just makes me die a little inside every time :p
I mean. dude is obvi standing with a bunch of other queens outside a gay bar. Nobody was in danger, and everyone acting like this was so crazy, is probably just reacting to the fact that he was asking a big black dude. What, y’all saying black guys are inherently more violent or something? get tf outta here with that racist BS
that’s what im questioning. if he was a more flamboyant queer person would people have laughed it off? based on the comments i suspect they would have. it’s the fact he was “aggressive”; which i agree he may have been a bit forward and i wouldn’t recommend opening like that but he was also mostly respectful when rejected. I don’t think he’s trying to hurt anyone nor was anyone in any danger, he just probably knows the type of people he likes and they probably know him.
From my perspective, looked like he was goin for a kiss on the cheek. I dunno. the whole thing seems a lot more innocuous than is being portrayed here in the comments and most definitely in the title. “Dude almost lost his life?” Dude talked to a gay guy and almost got kissed on the cheek
Edit: If you can’t switch to Firefox and you’re looking for a good alternative that’s privacy-focused and functionally similar, take a look at Vivaldi. Solid chrome-based browser.
I personally use nothing expect librewolf(hardened Firefox fork). but brave is a sane choice for those who are spoiled by chrome.
the only praise I hear about Vivaldi is their tabs(?).
Most of the article talks about the CEO and the company, the only criticisms of the actual product (the browser) is that it’s bloated, which is very subjective because one mans bloat is another mans feature and the affiliate link injection scandal from 4 years ago, which definitely shouldn’t have been done but at least it wasn’t malicious and now is gone.
To be honest I think people on here dislike brave primarily due to ideological reasons, completely ignoring the fact that 99.9% of people aren’t hackermans™ and don’t want to install gnu icecat or librewolf with 7 different extensions. For those people it’s either chrome/edge or brave, the latter, even if not perfect is a way better option both for them and the internet.
Ahem. I was referring to “Adblock” as a class of software, not referring to one specific program (the same way that websites refer to blocking ads as “Adblock”).
Not anymore though. They spun kfc, taco bell, and pizza hut years ago and they are under the yum brand now. They still have exclusive contracts regarding fountain. Not sure what other connections are left.
A Chinese conglomerate publicly traded on the NYSE who reports in USD and files with the SEC? A Chinese conglomerate with their headquarters in Kentucky whose majority investors are institutional? A Chinese conglomerate with most shares owned by people or companies in America and whose executives are all American?
Yum! Brands, Inc. (sometimes called simply Yum!), formerly Tricon Global Restaurants, Inc., is an American multinational fast food corporation listed on the Fortune 1000. Yum! operates the brands KFC, Pizza Hut, Taco Bell, and The Habit Burger Grill, except in China, where the brands are operated by a separate company, Yum China. Yum! previously also owned Long John Silver’s and A&W Restaurants. The company was created as a spin-off of PepsiCo in 1997.
I went and looked up the Wikipedia page out of curiosity when someone disagreed that they’re a Chinese conglomerate and thought I’d share for anyone else reading the thread.
You order online for delivery to avoid COVID only to catch a computer virus from an ad. I used to watch my relatives browse to a news page and IMMEDIATELY get hit with a “MICROSOFT ERROR CALL xxx-xxx-xxxx TO FIX IT”. Then I put ublock origin on their PC aaaaaaand good game ads!
Secret? My god, the sense of entitlement of capital.
Just to be clear, is the implication here that people should use ad blockers in secret and that the “right” thing to do is to consume whatever media (and expose open tabs, history, etc) corporate wants you to see?
They’re kinda telling on themselves, ‘no secrets’ what does watching an add have to do with secrets, unless they want you to have no secrets from them, and give you all a your data. Then that sentence makes sense. That sentence has some real twist / projection / gaslighty vibes. Why do corporations feel like my abusive ex.
When I download it I can play it in VLC, and according to MediaInfo HEVC encoding.
Is HEVC support not included by default? Chrome should support it, and Firefox shouldn’t support it at all according to the compatibility charts.
Maybe there’s some site bullshittery going on and the site is giving out different versions of the file to different people based on region or something. The file it gives me is 2,661,216 bytes. Is that what you get?
Edit: Works in Edge, although feel like I now have to go wash my hands after firing that up.
Ok I take it back. It plays in Firefox on Android, but not on Windows. Also on Android, it didn’t play at first, I had to refresh. I don’t know what’s going on lol.
I kinda doubt catbox.moe is doing any kind of smart distribution. It’s a pretty simple file hosting site.
Found it. My Chrome has “Hardware-accelerated video decode” disabled. Apparently there’s no software fall back there, so it just claims no knowledge of them.
Kind of sucks that Firefox can’t play them, something to do with licensing.
Fuck that. It’s awesome! I want to have lazy initialized globals. It’s that package. I want code to shorten my builder pattern I import that. I need a typed concurrent work steel queue. No problem.
I look at a c project. Everywhere custom macros to do the most basic shit. I want to parse an xml in c? Better use a sax Parser and put all the data into globals. Cryptography? Better implement that ourselves… Using a library would be too much of a hassle.
NPM is already on the “isn’t” side of it. Specially with all the malware going around. Who has time to read the code of the dependencies of the dependencies of their dependencies? For every single version. It’s just not possible…
I guess the main concern with this is security. You’re literally running code you don’t even know about on your machine, probably next to personal files or your company’s code base.
A simple http call to publish all your private code wouldn’t be hard to sneak in a 6th level dependency.
There’s a password manager I use, but the CLI tooling sucks. Thankfully, there’s a third party CLI tool in a language I know fairly well, and because I’m a little paranoid, I reviewed the code. Then I reviewed the code of the libraries it imported. And then the code of the libraries of the libraries it imported. Thankfully, that was as far as it went, and I was mainly looking for any code that made network calls… it was manageable, just barely.
And I made some improvements and submitted PRs, only some of which were accepted, but I used them so I maintained a fork. Which was lucky, because a few months later upstream changed their parseargs library to a framework, and the dependencies exploded. 6 layers deep, and dozens of new dependencies - utterly unauditable without massive effort. I caught it only because of the rebase from upstream. I abandoned the rebase and now maintain a hard fork, of which I’m the only user AFAIK.
The moral of the story is that introducing dependencies under the guise of “reuse” is a poisoned fruit, a Trojan Horse. It sounds good, but isn’t worth it in the long run. The Go team got it right with their proverb: a little copying is better than a little dependancy.
Honestly, I don’t like the Go way. If they are going to have that philosophy, at least they should have provided a strong core with high level functions and generics. From the start. Not 5 years later.
It’s probably not advertising that they are afraid that you will block but the trackers. They want to know what user is clicking where, how long you are on each page and what you ordered / not ordered.
Yes they want AS MUCH of your money as fast as possible… but we do want to give them money as fast as possible too.
Disconnect obviously comes at the amount and the margin. They want you to max your credit card on their soda, we want the most satisfying assorted selection with an auto-applied 100% off coupon.
There’s somewhere in the middle there. They can telemetrize their site into it taking just a few taps for you to buy their higher margin combo meals. Their deals, they can hide as best they can without them being impossible to find for those inclined (price-sensitive buyers who open the app with discounts on their mind).
After add-to-cart, it’s in their interests to optimize checkout as best they can… well, with a side of last-minute upsells of course.
Here’s a question: would opt-out first party telemetry be a decent status quo? If you’re not privacy conscious (certainly not enough to pay cash in person), you don’t go to settings to reject trackers… but you still get to benefit from the average user being spied on just a little by internal teams & consultants to improve site/app flows. Don’t think I’m 100% anti-tracker in any case. (I’m definitely medium privacy-conscious as well as price-conscious, so I look for those opt-outs and coupons :) )
Yeah, this warning is pretty clear about that ironically. You aren’t allowed to have secrets, only they are. It’s pretty on the nose, but I guess it could be misunderstood. That’s probably how it got there. The person told to create this wanted to give a warning, but they couldn’t straight up say it.
files.catbox.moe
Active