Readit News logoReadit News
Null-Set commented on macOS dotfiles should not go in –/Library/Application Support   becca.ooo/blog/macos-dotf... · Posted by u/zdw
joshka · 4 months ago
From my previous recollection, there's an issue for this in just about every rust crate that handles these dirs. The right way to fix this is fix the spec, then make the libs adhere to the spec.
Null-Set · 4 months ago
How would you fix the spec? Add a line explicitly stating the /Library/Application Support dir is only for applications with a bundle ID, instead of just implying it?
Null-Set commented on Happy BuyNothing Day   justbuynothing.com/... · Posted by u/_p2zi
Null-Set · 4 months ago
Does it track my behavior to sell it to advertisers of less whimsical storefronts?
Null-Set commented on Mastercard deflects blame for NSFW games being taken down   pcgamer.com/games/masterc... · Posted by u/croes
master-lincoln · 5 months ago
What would that change? The assumption here is that payment processors need to comply with MasterCards rules. So would Valve if they would become a payment processor, no?
Null-Set · 5 months ago
It would allow them to negotiate directly with Mastercard, making the deflection in TFA impossible.
Null-Set commented on Big agriculture mislead the public about the benefits of biofuels   lithub.com/how-big-agricu... · Posted by u/littlexsparkee
mapt · 5 months ago
This is such an off-base critique that it seems like deliberate trolling. The biofuel renewable carbon cycle takes carbon from the air, and burns the carbon once it's in the form of ethanol. It stops taking carbon from the ground and putting it into the sky.

The problem in corn's case, the reason none of this works, is you need to burn lots of fuel to produce corn. LOTS of fuel. Enough that you could barely (in some studies) or not even (in others) produce more fuel than you burned.

If you electrify your farming you don't have this problem. A far-future use-case is that we have eliminated 95% of fossil fuel use, and use solar-battery-powered tractors, trucks, and combines to harvest biofuels in order to fuel long-haul aviation and certain other legacy hardware that proved difficult to electrify.

Null-Set · 5 months ago
So fuel would basically become a corn based battery. (Ideally something more efficient than corn would be grown though)
Null-Set commented on Why can't HTML alone do includes?   frontendmasters.com/blog/... · Posted by u/susam
Null-Set · 8 months ago
The name of this feature is transclusion.

https://en.wikipedia.org/wiki/Transclusion

It was part of Project Xanadu, and originally considered to be an important feature of hypertext.

Notably, mediawiki uses transclusion extensively. It sometimes feels like the wiki is the truest form of hypertext.

Null-Set commented on Writing "/etc/hosts" breaks the Substack editor   scalewithlee.substack.com... · Posted by u/scalewithlee
Null-Set · 8 months ago
This looks like it was caused by this update https://developers.cloudflare.com/waf/change-log/2025-04-22/ rule 100741.

It references this CVE https://github.com/tuo4n8/CVE-2023-22047 which allows the reading of system files. The example given shows them reading /etc/passwd

Null-Set commented on Writing "/etc/hosts" breaks the Substack editor   scalewithlee.substack.com... · Posted by u/scalewithlee
0xbadcafebee · 8 months ago
Worth noting that people here are assuming that the author's assumption is correct, that his writing /etc/hosts is causing the 403, and that this is either a consequence of security filtering, or that this combination of characters at all that's causing the failure. The only evidence he has, is he gets back a 403 forbidden to an API request when he writes certain content. There's a thousand different things that could be triggering that 403.

It's not likely to be a WAF or content scanner, because the HTTP request is using PUT (which browser forms don't use) and it's uploading the content as a JSON content-type in a JSON document. The WAF would have to specifically look for PUTs, open up the JSON document, parse it, find the sub-string in a valid string, and reject it. OR it would have to filter raw characters regardless of the HTTP operation.

Neither of those seem likely. WAFs are designed to filter on specific kinds of requests, content, and methods. A valid string in a valid JSON document uploaded by JavaScript using a JSON content-type is not an attack vector. And this problem is definitely not path traversal protection, because that is only triggered when the string is in the URL, not some random part of the content body.

Null-Set · 8 months ago
See https://developers.cloudflare.com/waf/change-log/2025-04-22/ rule 100741.

It references this CVE https://github.com/tuo4n8/CVE-2023-22047 which allows the reading of system files. The example given shows them reading /etc/passwd

Null-Set commented on My failed attempt to shrink all NPM packages by 5%   evanhahn.com/my-failed-at... · Posted by u/todsacerdoti
michaelmior · a year ago
Probably not worth the added complexity, but in theory, the package could be published immediately with the existing compression and then in the background, replaced with the Zopfli-compressed version.
Null-Set · a year ago
No, it can't because the checksums won't match.
Null-Set commented on "Twelfth Night Till Candlemas" – A 40-year book-quest   davidallengreen.com/2024/... · Posted by u/ColinWright
jjulius · a year ago
Reminds me of an old radio broadcast or some kind of audio recording that I've been trying to find for ~25 years. My mom had listened to it when she was younger, and had somehow managed to get it onto cassette tape for us to listen to when we were kids. It was some kind of Christmas story we'd listen to while decorating cookies, a kind of crazy tale that you never heard anywhere else, involving the towns of "Twinkle Twankle" and "Twonkle Twonkle" and other crazy wordplay like that. Unfortunately, that's the only unique bit that I remember, save for recalling a melody or two here and there and the timbre of the narrator's voice, neither of which help in tracking it down.

I'd love the satisfaction of tracking it down some day just like this person did.

Null-Set · a year ago
I don't believe it mentioned Twinkle Twankle but your description reminded me of the old radio play The Cinnamon Bear where some kids eventually go to the North Pole looking for their Silver Star.

https://youtu.be/0XIijKoRJ6A?si=zsXuaYNT60jtPt4f

Null-Set commented on If not React, then what?   infrequently.org/2024/11/... · Posted by u/pier25
harrall · a year ago
I've been building sites since the 2000s and I'll let you know why React or jQuery "won."

It's because when you write code using these libraries, your code looks nice.

I cannot say that for a LOT of libraries, especially MOST frameworks. Sorry for calling AngularJS out but look at a code sample from early Angular: https://stackoverflow.com/questions/42823436/angularjs-error... (It looks terrible.)

React will be unseated like jQuery got unseated when someone makes something that looks nicer. Every time you write a library (or even API at work), make sure to look at your code samples and you better be 100% be able to say "this is pretty."

Null-Set · a year ago
A more generous way to say this is that the code is more readable, which is in fact important in a growing codebase.
N

u/Null-Set

KarmaCake day396April 1, 2016View Original