It's amusing. Meta's AI team is more open than "Open"AI ever was - they publish so many research papers for free, and the latest versions of Llama are very capable models that you can run on your own hardware (if it's powerful enough) for free as long as you don't use it in an app with more than 700 million monthly users.

Yeah this is strange. People need to stop vilifying sex work. If the person is doing it willingly, they're not hurting anyone, and they enjoy doing it, what's the problem?

Except for the fact that a lot of less tech savvy people will fall for it.

Reposting my comment from Github:

A good reminder to be extremely careful loading scripts from a third-party CDN unless you trust the owner 100% (and even then, ownership can change over time, as shown here). You're essentially giving the maintainer of that CDN full control of your site. Ideally, never do it, as it's just begging for a supply chain attack. If you need polyfills for older browsers, host the JS yourself. :)

If you really must load scripts from a third-party, use subresource integrity so that the browser refuses to load it if the hash changes. A broken site is better than a hacked one.

And on the value of dynamic polyfills (which is what this service provides):

Often it's sufficient to just have two variants of your JS bundles, for example "very old browsers" (all the polyfills required by the oldest browser versions your product supports) and "somewhat new browsers" (just polyfills required for browsers released in the last year or so), which you can do with browserslist and caniuse-lite data.

One of my favourite naming schemes is MikroTik's. CRS312-4C+8XG-RM looks like a mess initially, but it's very logical. The features of the product are literally in its name:

• CRS Cloud Router Switch (product name)
• 3rd generation
• 12 ports total
• 4C+ = 4x combo (RJ45 and SFP+) 10Gbps ports
• 8XG = 8x 10Gbps RJ45 ports (XG = multi gigabit)
• RM = rack mountable

If the USA didn't have such a complicated tax system, with companies like Intuit lobbying to keep it that way so they still make money, this wouldn't be an issue.

A lot of countries automatically fill out your entire income tax return for you, and send it to you to verify it. If it's all good, you just need to accept it. Less than five minutes work.

From what I've been reading, it sounds like they were malicious from the very beginning. The work to integrate the malware goes back to 2021. https://boehs.org/node/everything-i-know-about-the-xz-backdoor

It's an extremely sophisticated attack that was hidden very well, and was only accidentally discovered by someone who noticed that rejected SSH connections (eg invalid key or password) were using more CPU power and taking 0.5s longer than they should have. https://mastodon.social/@AndresFreundTec/112180406142695845

I always found these anti-right-click scripts funny since they usually don't block Ctrl+S to save the page, Ctrl+U to view source, or Ctrl+P to print (or these days, F12 to open the browser dev tools)

Anyone that builds a SPA and breaks opening in new tab or history caching and back/forward nav isn't a good frontend developer (or lacks experience, which is something that's fixable!). These have been solved problems for a long time.

A lot of Linux drivers are like this - just one or two people maintaining them. They usually eventually mainline the driver rather than having a separate Git repo though.

This type of printer exists. It's called a Brother laser printer.

Hopefully that swap is on an SSD, otherwise that query may not ever finish lol
Once you're deep into swap, things can get so slow that there's no recovering from it.