One of the two associations is in power and actively dismantling society. The other develops a technical product and runs a Lemmy instance many people and other instances have blocked.

Handling or concluding them a bit differently seems quite fine to me.

That being said, I've seen plenty of Lemmy dev connection criticism on this platform. I can't say the same about FUTO.

What is the vulnerability, what is the attack vector, and how does it work? The technical context from the linked source Edera

This vulnerability is a desynchronization flaw that allows an attacker to "smuggle" additional archive entries into TAR extractions. It occurs when processing nested TAR files that exhibit a specific mismatch between their PAX extended headers and ustar headers.

The flaw stems from the parser's inconsistent logic when determining file data boundaries:

1. A file entry has both PAX and ustar headers.
2. The PAX header correctly specifies the actual file size (size=X, e.g., 1MB).
3. The ustar header incorrectly specifies zero size (size=0).
4. The vulnerable tokio-tar parser incorrectly advances the stream position based on the ustar size (0 bytes) instead of the PAX size (X bytes).

By advancing 0 bytes, the parser fails to skip over the actual file data (which is a nested TAR archive) and immediately encounters the next valid TAR header located at the start of the nested archive. It then incorrectly interprets the inner archive's headers as legitimate entries belonging to the outer archive.

This leads to:

• File overwriting attacks within extraction directories.
• Supply chain attacks via build system and package manager exploitation.
• Bill-of-materials (BOM) bypass for security scanning.

Great comment on there links two code comment threads I found significant and interesting.

While it was primarily about ethics, it should also be noted that the code was described as being "impressively wrong", as well as not actually compiling. I mean, it basically checked if a theme was dark by if it had the word "dark" in the name - which is not a good heuristic - when better ways of doing it exist.

What do you mean by "instead of watching"? OP links to a text article.

I still prefer your MDN link though. Concise, and a more readable layout. Dunno why OP felt the need to increase the font size that much into a wide layout.

How do you conclude from unrealistic demands to no interest in peace?

What do you think the prospects of short and long-term peace are? What would you be willing to sacrifice for temporary "peace"?

They probably know better than us. No?

The link is broken. Looks like code was accidentally pasted there.

https://lukasatkinson.de/2025/net-negative-cursor/%20%20%20%20let%20mut%20bytes%20=%20vec![0u8;%20len%20as%20usize];%20%20%20%20buf.read_exact(&mut%20bytes)?%3B++++++++%2F%2F+Sanitize+control+characters+++++let+sanitized_bytes%3A+Vec%3Cu8%3E+=+bytes.into_iter%28%29+++++++++.filter%28%7C&b%7C+b+%3E=+32+%7C%7C+b+%3D%3D+9+%7C%7C+b+%3D%3D+10+%7C%7C+b+%3D%3D+13%29+%2F%2F+Allow+space%2C+tab%2C+newline%2C+carriage+return++++.collect%28%29%3B

404 Page Not Found
The page you have requested does not exist. Would you like to visit the start page?

Cleaned up link: https://lukasatkinson.de/2025/net-negative-cursor/

Or "a novel published as authored by Lena McDonald contains AI prompt"

That 10 years ago.

Looks like they weren't able to borrow a 'was' for the sentence.

🤷 This didn't point out anything that's not a technical consequence and Microsoft planned for.

The overall ecosystem migration is not simple because of prevalence and variance in use, but it's still a huge net positive in my eyes.

I wouldn't call it messy. It's planned out, and the kind of process and concerns most senior devs are familiar with from any kind of tech migration. It's pretty clear with clear and well-defined concerns and solutions in my eyes.

I search with duckduckgo and the first results seem reasonable

Here's a signature and description https://www.khronos.org/opengl/wiki/Creating_an_OpenGL_Context_(WGL)#Create_Context_with_Attributes - khronos is publisher of OpenGL

here's the function I presume without attributes, so should be helpful to relate and compare https://learn.microsoft.com/en-us/windows/win32/api/wingdi/nf-wingdi-wglcreatecontext

Case insensitive handling protects end-users from doing "bad" things and confusion.

How do you self-review while writing? What do you mean by that?

I see it as different phases of development, mindset, and focus. You inherently can't be in multiple at the same time.

1. Problem space and solution exploration - an iterative and at times experimental process to find and weigh solutions
2. Cleanup and self-review - document your findings, decision-making, exclusions, and weighing, verify your solution/changeset makes sense and is complete (to intended scope)
3. Reviews

It makes no sense to be thorough during experimental and iterative exploration. That'd be wasted effort.

After finding a solution, and writing it out, a self-review will make you take a systematic, verifying review mindset.