0-days mostly got expensive from compiler optimizations and other security guarantees that carry over to webassembly, like ASLR and pointer authentication, as well as sandboxes and multi-process architectures. It's not all thrown away here.
Browsers are millions of lines of code, the amount of UAFs, overflows, etc so far is not the bottleneck.
> In my opinion, inappropriately leaked information should probably still be considered private.
I'd love to see the limitations of this opinion you definitely hold honestly and without favor.
You started by posting a change.org petition that links to a deleted post - in other words an "appeal to petition" that has no evidence. Now you are suggesting there is another leak that was published (presumably not mentioned in this petition?) that also has no evidence. Where is the evidence?
Everything from an actual search engine request for these posts (which to be clear, are deleted) suggests that these are anonymized and public, and contain no identifying information.
1. People want him banned for any and no reason, so this is a post-hoc justification. The same people (let's be real, likely including you) wanted Singal banned the second he made his account.
2. This change.org petition, despite proving how many uninformed people will blindly click agree on a petition, proves nothing about how Singal broke literally any rule anywhere, in law or on Bluesky.
It's a CEO's personal account. CEOs do this on Twitter all the time without it becoming a techcrunch article.
Let's just be honest about what happened - the CEO of Bluesky gave a (still not proportionally as) absurd response to an extremely absurd harassment campaign. That's what this and the article intentionally obscure.
Again, this is never how the web was supposed to work, and it (BARELY) holding on to that is the real story.
There aren't really any, the user you're replying to is just disappointed the campaign to ban users for no (on platform, or really any) reason was not successful.
I don't care about the specific situation either way; What I am observant of is how the core team has handled their userbase and lack of protocol robustness.
> Then the chronic wrist pain that led me to try split keyboards in the first place vanished.
The elephant in the room with the 'ergonomics' argument for split keyboards is that you get a marginal improvement using the keyboard this way and ten times the effect by just getting up and going for a five minute walk every hour or so.
The same goes for mousephobia, which overlaps with split layout users. I still use neovim every day, but the quickest cure for the CTS symptoms that 'ergonomic' keyboard purist vim users seem to get much more than their IDE coworkers is just moving your hand to do something other than type in the exact same position for hours on end - something like grabbing a mouse. I strongly suspect that CTS in software engineers will go down in the next coming years as coding agents become more common and SWEs pick their hands up more (or just physically type less).
The same goes for back pain, if you're otherwise ablebodied enough to start resistance training it's infinitely more beneficial than whatever chair you're looking at.
There’s no reason not to try things. I’ve experienced CTS symptoms when using a regular mouse, which got fully resolved for years now by switching to a vertical one. Regardless of whether I should also make lifestyle changes, there’s zero reason to go back to an inferior mouse, just because that’s the design someone came up with in the 1960s.
You can honestly do a lot of what people do with Terraform now just using Docker and Ansible. I'm surprised more people don't try to. Most clouds are supported, even private clouds and stuff like MAAS.
I have mixed feelings about it. On my first startup, I used ansible to automate all of the manual workflows and server setup that we had done. Everything was just completely manual and in people's heads before, and translating it to ansible was a pain in the ass to say the least. I don't think it would have been any easier to translate it to something else though. It ended up working fine and we had a solid system that I could reset up our environment from scratch on a set of VPS provided by some terraform scripts. We were originally on digitalocean, and had to migrate to Azure because of acquisition BS.
For my current startup I ended up not going a direction where I needed ansible. I've now got everything in helm charts and deployable to K8S clusters, and packaged with Dockerfiles. Not really missing ansible, but not exactly in love with K8S either. It works well enough I guess.
Terraform was just for interacting with the cloud provider and spinning up the servers. Ansible was responsible for deploying all dependencies and getting the servers actually ready for use. Remember, none of this architecture was dockerized.
I had originally used Ansible to interact with the cloud provider and do the provisioning too, but someone on the corporate infrastructure team wanted to use terraform for that instead, so they did the migration.
I also have experience with using Terraform and Ansible like this. Once I realized that most of the work actually performing the setup beyond blank VM creation was in Ansible, I was much more interested in just using Ansible for everything.
Browsers are millions of lines of code, the amount of UAFs, overflows, etc so far is not the bottleneck.
reply