Bitcoin is more widely seen as a vehicle for speculation rather than a decentralized currency. Unlucky.
Bitcoin is more widely seen as a vehicle for speculation rather than a decentralized currency. Unlucky.
Docker is lighter and easier to manage than a VM. I run a collection of services as docker compose services inside a NixOS host VM. It’s easy to start, stop, monitor, update etc. even from a different computer (via ssh or docker contexts). It’s great.
deleted by creator
It’s just as easy to run in a Docker container and I would recommend this anyway.
What platforms would you like your app to run on? Then, which UI framework supporting those platforms would you like to use? Then, look at the framework’s documentation to find a sample starter project that you can run as an app, and modify it from there
What’s wrong with mssql besides licensing? It’s fast
I do not know what that means
If only we were still having the conversation.
That’s… not the point either. The point is that “reporting false positives isn’t a bad thing” is only true up to a point. The discussion is then “is this before or after that point.” Which, given the context of the bug, isn’t really a given. But I don’t want to have that discussion with you anymore because you’re annoying.
“What if the boy who cried wolf got lucky and didn’t get eaten in the end”? Seems to have missed the point of the parable a bit.
I didn’t say the CVE was valid. I explained why it was a mistake. I didn’t say “disclosing security bugs” is, in general, a bad thing, I said raising undue alarm about a specific class of bugs is bad. It’s not a matter of “less or more information,” because as I said, a CVE is not a bug report. It is not simply “acknowledgment of information.” If you think my argument has no merit and there is no reason why “more information” could be worse, you’re free to talk to someone who gives a shit.
C# tells you the call site/method name and line number right at the top. It’s only really annoying when you have aggregate exceptions, which sometimes occur because someone async’d wrong
Uh, no. But thanks for guessing. It’s frivolous because it violates several principles of responsible disclosure. Yes, the scope of impact is relevant; the availability of methods of remediation is relevant; and the development/patch lifecycle is relevant. The feature being off-by-default and labeled experimental are indirect references to the scope of impact and availability of remediation, and the latter is an indirect reference to the state of development lifecycle. Per the developer(s)’ words, this is a bug that had limited risk and was scheduled to be fixed as part of the normal development schedule. Escalating every such bug, of which the vast majority go without a CVE, would quickly drown out notices that people actually care about. A CVE is not a bug report.
It’s not worthy of a CVE and whether it applies to me is irrelevant. I didn’t say a CVE is a black mark. Frivolous reporting of CVEs damages trust in the usefulness of the system in identifying critical vulnerabilities. This is a known issue related to resumé padding by newcomers to the cybersecurity industry.
To a point. Ever heard of the boy who cried wolf?
Frivolous CVEs aren’t a good thing for security. This bug was a possible DOS (not e.g. a privilege escalation) in a disabled-by-default experimental feature. It wasn’t a security issue and should have been fixed with a patch instead of raising a false alarm and damaging trust.
Of course. If you’re working in a DSL that’s popular enough for someone to have written a good schema/parser for then tooling can help.
Not that YAML’s structure is too complicated, but its syntax is too flexible. All the shit about being whitespace sensitive yet with whitespace errors leading to a syntactically valid YAML document. TOML’s syntax is rigid which makes it unsuitable for expressing complex nested data structures, which is good because that’s not what you should use TOML for. Ultimately the dependence on a highly flexible baseline language like YAML to create complex DSLs is a failure on the developers’ part, and the entire configuration system should be reworked.
Still not enough, or at least pi is not known to have this property. You need the number to be “normal” (or a slightly weaker property) which turns out to be hard to prove about most numbers.