Pup Biru

what’s the bet the netflix deal will be blocked by the SEC and then this one goes through for way less money because it’s clear anything else will be blocked

the vuln afaik is for remote code execution via basically a mechanism that’s kinda like a transparent RPC to the server (think like you just write frontend code with like a “getUsers” and it just automatically retrieves and deserializes the results so you can render the UI without worrying about how that data exists in the browser)

i’m not a front end engineer, and haven’t used react server components, but i am a principal software engineer, i do react for personal projects, and have written react professionally

i can’t think of a way it’d be exploitable via purely client-side means

i THINK what they mean is that you can use some of the RSC stuff without the RPC-style interfaces, and in that case they say the server component is still vulnerable, but you still need react things running on your server

a huge majority of react code is client-side only, with server-side code written in other languages/frameworks and interfaces with something like REST or GraphQL (or even RPC of course)

it looks like this only applies react server components, and it doesn’t look like element uses react server components

but i only had a quick skim; could be wrong, but personally i wouldn’t shut it down - not that im running a server myself

this is not something i’ve ever encountered, nor something that i’d ever expect from an LLM specifically… some kind of test-writing-specific AI? sure because its metric is just getting the thing to go green… but LLMs don’t really care about the test going green: they simply care about filling in the blanks, so its “goal” would never include simply making the test pass, and its training data has significantly more complete tests than placeholders

in the same way that engineering disciplines often provide priority to women because it’s hard af for them in the discipline not for any good reason but just because the industry is misogynistic af

being a women and a gamer is far more toxic than being a man and a gamer, and that drives away a lot of women who may have been the best, and men don’t have that same hindrance just by virtue of their gender

id argue too that anyone claiming to be trans probably has similar levels of toxicity, and therefor it shouldn’t be an issue: if the division is about encouraging diversity to combat toxicity, who cares if that toxicity comes from transphobia or misogyny

most things scale if you throw enough resources at them. we generally say that things don’t scale if the majority case doesn’t scale… it costs far fewer resources to scale with multiple repos that it does to scale a monorepo, thus monorepo doesn’t scale: i’d argue even the google case proves that… they’ve already sunk so much into dev tooling to make it work… it might be beneficial to the culture (in that they like engineers to work across the entire google codebase), but it’s not a decision made because it scales: scale is an impediment

it’s not tankie to have critiques of america

it’s tankie to deny legitimate criticism of regimes whilst also leveling similar critique at simply “enemys of”, or doing a what-about-ism in order to redirect discussion away from said criticism

that’s not relevant though… in a situation where you only need 1, you only need 1

and the statement had nothing to do with individual officers, so you can’t apply it to individual officers: the group that is US police officers frequently escalate situations… individual interactions are irrelevant to that statement

no real consideration? what do you meeeeeean american exceptionalism

you can’t apply group behaviour to single events… it takes time to change human behaviour in a group - especially when it’s politicised behaviour … if every restaurant were serving raw patties and raw was incorrectly politicised as “healthier” and then 50% started being cooked you’d say that’s progress… it’d remain horrible, but it is indeed progress and clearly those doing better should be congratulated for somehow managing to get their shit together even a little bit

generalisations shouldn’t be applied to individuals but often hold true for groups… a non-trivial number of US police officers escalate situations if they aren’t given “respect” and compliance. that is a fact… when applied to a decent period of time, over a city full of US police officers, escalation is all but inevitable: not for any individual, but the group

or fixing windows by only using WSL and reading the arch wiki

that’s a good and bad thing though…

it’s easy to reference code, so it leads to tight coupling

it’s easy to reference code, so let’s pull this out into a separately testable, well-documented, reusable library

my main reason for ever using a monorepo is to separate out a bunch of shared libraries into real libraries, and still be able to have eg HMR

google does a lot of things that just aren’t realistic for the large majority of cases

before kubernetes, you couldn’t just reference borg and say “well google does it” and call it a day

i’d say it’s less that it’s inadequate, and more that it’s complex

for a small team, build a monolith and don’t worry

for a medium team, you’ll want to split your code into discreet parts (libraries shared across different parts of your codebase, services with discreet test boundaries, etc)… but you still need coordination of changes across all those things, and team members will probably be touching every part of the codebase at some point

for large teams, you want to take those discreet parts and make them fairly independent, and able to be managed separately: different languages, different deployment patterns, different test frameworks, heck even different infrastructure

a monorepo is a shit version of real, robust tooling in many categories… it’s quick to setup, and allows you a path to easily change to better tooling when it’s needed

You should really not need to do a PR across multiple repos.

different ways of treating PRs… it’s a perfectly valid strategy to say “a PR implements a specific feature”, in which case you might work in a backend, a front end, and library… of course, those PRs aren’t intrinsically linked (though they do have dependencies between them… heck i wouldn’t even say it’d be uncommon or wrong for the library to have schemas that do require changes in both the fronted and backend)

if you implement something in eg the backend, and then get retasked with something else, or the feature gets dropped then sure it’s “working” still, but to leave unused code like that would be pretty bad… backend and front end PRs tend to be fairly closely tied to each other

a monorepo does far more than i think you think it does… it’s a relatively low-infrastructure way of adding internal libraries shared across different parts of your codebase, external libraries without duplication (and ensuring versions are consistent, where required), and coordinating changes, and plenty more

can these things be achieved with build systems and deployment tooling? absolutely… but if you’re just a small team, a monorepo could be the right call

of course, once the team grows in size it’s no longer the correct option… real tooling is probably going to be faster and better in every way… but a monorepo allows you to choose when to replace different parts of the process… it emulates an environment with everything very separated

i’d say they’re pretty equivalent

a monorepo is far easier to develop a single-language, fairly monolithic (ie you need the whole application to develop any part) codebase in

(though as soon as you start adding multiple languages or it gets big enough that you need to work on parts without starting other parts of the application it starts to break down rather significantly)

but as soon as your app becomes less of a cohesive thing and more separated it becomes problematic… especially when it comes to deployments: a push to a repo doesn’t mean “deploy changes to everything” or “build everything” any more

i think the best solution (as with most things) is somewhere in the middle: perhaps several different repos, and a “monorepo” that’s mostly a bunch of subtrees or submodules… you can coordinate changes by committing to the monorepo (and changes are automatically duplicated), or just work on individual parts (tricky with pnpm since the workspace file would be in the monorepo)… but i’ve never really tried this: just had the thought for a while

i find it far less stressful these days

people know i nether give nor would i like to receive presents - i buy little gifts for people to solve problems for them all the time and give them when i’ve bought them

i don’t consume much that has ads so i just don’t see much of the commercial aspect unless i’m physically in a place

not giving gifts means im not often physically in places to see the ultra commercial crap

if someone makes christmas socially stressful for me, they get less time next year… i wont tell them: they’re usually too “busy” (in their own world) to notice, and eventually i just don’t see them at christmas… or i see them a tolerable amount

i also do “orphans christmas” with friends, even though im from the city i live in and my family are all still here… my chosen family are just as (more: let’s go with more) important to me as my biological family

christmas is an excuse to catch up with people you don’t see very often… it’s up to you to choose to make it only that. don’t let other people’s expectations stress you out

you should still stop treating corporations like people: the death penalty shouldn’t exist for people

i’d also add: disk recovery programs exist

but if you don’t know what - specifically - you’re doing stay away

disk recovery catches desperate people willing to download and run random crap from the internet

unless you know how to search for a tool that does a specific job, you will almost certainly make everything worse by getting yourself malware too

(and in the best case you do find one of the legit tools, they aren’t magic: some recovery operations on drives can be destructive when used wrong… you’re twiddling with data that isn’t meant to be twiddled with in normal operation after all)