I feel like there should be a prize for this

Perhaps involving a french antique with a place to rest one’s head

Well then Mr Bychawski, perhaps you and your journalist friends should stop fucking using it then

A genre of eating video that originated in Korea

100% ozempic

There’s zero point anyone pretending otherwise

Rest of the world: are they?

Ikr

I’ve not even seen what fucko 1 said yet, and I’m not surprised fucko 2 is supporting it

Funnily enough you can have up to 65536 files in a directory in FAT, so you could technically end up with PR~65536.BAS

Oh it’s even better, windows explorer can’t really do case sensitive

But NTFS is a case sensitive file system

This occasionally manifests in mind boggling problems

Forgive the basic response, but they’ve yet to earn a better name:

Poobisoft

Nice

!fucksubscriptions@lemmy.world

Legitimately the Japanese convenience stores are peerless compared to anything outside their country.

Family mart over 7-11 though IMO

Sometimes there’s a benefit in getting open source code into proprietary software. Think libraries implementing interoperability APIs, communication protocols, file formats, etc

That’s what permissive licenses are for.

If some company wants to keep their code closed and they have a choice between something interoperable or something proprietary that they will subsequently promote, and the licence is the only thing stopping them from going for the open source approach, that’s worse.

Completely agree that a good breadth of everything else is suited to copyleft licensing though

From that link

Existing studies and comprehensive reviews often find only limited support and only under certain conditions; they generally contradict the theory’s central premises.

That’s

L Y I N apostrophe

Who let you out of hell?

The main Airbnb value proposition was trading some of the conveniences you get at a hotel for a significantly cheaper room.

When they are roughly the same price as staying in a hotel, why would you choose it?

Every company I’ve worked at for at least the last decade or so has an internal social media thing of varying quality.

Facebook even wraps up its own product for internal use.

Admittedly engineering always generally ignores it and we just use slack

No need to get aggravated, I completely grasp it, you’ve possibly misunderstood or not entirely read my comment if that’s your takeaway.

I’m not talking about server code specifically, I’m going through the stages between the source code repo(s) and what your browser ends up receiving when you request a site.

NodeJS is relevant here because it’s what runs nearly all major JS bundlers (webpack, vite, etc), which are what produces the code that ultimately runs in the browser for most websites you use. Essentially in a mathematical sense, the full set of dependencies for that process are a part of the input to the function that outputs the JS bundle(s).

I’m not really sure what you mean with that last part, really, anyone hosting something on the internet has to care about that stuff, not just businesses. GDPR can target individuals just as easily as for-profit companies, it’s about the safety of the data, not who has it—I’m assuming you would not want to go personally bankrupt due to a deliberate neglect of security? Similarly, if you have a website that doesn’t hit the performance NFRs that search engines set, no one will ever find it in search results because it’ll be down on page 100. You will not be visiting websites which don’t care about this stuff.

Either way, all of that is wider reasoning for the main point which we’re getting away from a bit, so I’ll try to summarise as best I can:

Basically unless you intend your idea to only work on entirely open source websites (which comprise a tiny percentage of the web), you’re going to have to contend with these JS bundles, which as I’ve gone into, is basically an insurmountable task due to not having the complete set of inputs.

If you do only intend it to work with those completely open source websites, then crack on, I guess. There’s still what looks to me like a crazy amount of things to figure out in order to create a filter that won’t be able to work with nearly all web traffic, but if that’s still worth it to you, then don’t let me convince you otherwise.

Edit: typo

My view on this is that Ofcom fucked it on this long ago really and the horse has already bolted

We should have gone with an openreach style model for the infrastructure rather than doling out exclusive rights to chunks of spectrum in an entirely uneven manner.

This model can’t really sustain more than a few companies because, using this as an example: three has a fantastic 3G network and the best 5G network, however they have no 2G network and got shafted on 4G spectrum. Vodafone has almost a polar opposite of the best 2G coverage (still useful for very remote customers) and 4G coverage comparable to EE.

The only way for these two companies to cover the patches in their service and complete with the market leader effectively is a merger, which is how EE came to exist in the first place.

I’m not sure I buy the pricing-people-out angle either tbh, we have a pretty rich market of MVNOs who act as an anchor on the MNO pricing, and it would look like anti-competitive market collision if suddenly the operating costs for these companies went up after a merger.

First I don’t even grasp what a “service owner” is.

The people who build & run the software & servers that serve the website, who amongst other things have an interest in keeping the service available, secure, performant, etc.

Particularly with laws like GDPR, these services owners are motivated to be as secure as practically possible otherwise they could receive a bankrupting fine should they end up leaking someone’s data. You’ll never be able to convince anyone to lower the security of their threat model for that reason alone, before anything else.

there are already a bunch of app (web, android) that are open-source and secured.

The code published and the code running on a server cannot be treated as equivalent for several reasons, but here’s two big ones:

Firstly, there’s the similar issue as with compiled binaries in other languages: it’s tough (or impossible) to verify that the code published is the same code that’s running. Secondly the bundled and minified versions of websites are rarely published anyway, at most you get the constituent code and a dependency list for something completely open source. This is the bit I referred to before as trying to untoast bread, the browser gets a bundle that can’t practically be reversed back into that list of parts and dependencies in a general purpose way. You’d need the whole picture to be able to do any kind of filtering here.

who is the attacker here?

The only possible attacker is not the website itself (though it’s a lot more limited if the site implements CSP & SRI, as mentioned in my other comment). XSS is a whole category of attacks which leverage an otherwise trusted site to do something malicious, this is one of the main reasons you would run something like noscript.

There have also been several instances in recent years of people contributing to (or outright taking over) previously trusted open source projects and sneaking in something malicious. This then gets executed and/or bundled during development in anything that uses it and updates to the compromised version before people find the vulnerability.

Finally there are network level attacks which thankfully are a lot less common these days due to HTTPS adoption (and to be a broken record, CSP & SRI), but if you happen to use public WiFi, there’s a whole heap of ways a malicious actor can mess with what your browser ultimately loads.