With the data it has Facebook could help prevent suicides. Instead it sells vulnerable moments to advertisers. https://arstechnica.com/business/2017/05/facebook-helped-advertisers-target-teens-who-feel-worthless/
Wow, I did a plot google search to find the title of "As Good As it Gets", and I found this piece of long form bigotry denouncing movies with gay characters as "clearly not made for revenue". Looked at the book's title. "Porn Generation: How Social Liberalism Is Corrupting Our Future". There are surely voters that read this cover to cover...
You can't make this up. Nomx is now claiming that their un-authenticated CSRF leading to admin privileges on a public URL poses "non-existing threat" because "the user must visit a hacked website".
That's it. CSRF is solved folks! You wanted to rework the OWASP Top 10 anyway, no?
Good news, rclone is not backdoored! Why reproducible builds matter, and how easy they are in Go
I might not be happy to see it, but I appreciate the homage of the fail masto.
Figured it out! 🙌 And got it to reproduce 💥
The default GOROOT matters to the build ID because it's written to zversion.go, which is intentionally hashed in to detect toolchain changes.
Not, as I thought, because of the filepaths in the stdlib build IDs. The tree is recomputed with the current GOROOT instead. So every time you change GOROOT, the stdlib *is* rebuilt. (My previous tweet was wrong!)
All bets are off, it's Filippo is stupid.
But! Go binaries also get the *default* GOROOT copied in. The one that the compiler will use if no GOROOT is set, which was set at (compiler) compile time. Binaries need to know it to behave exactly like the compiler that built them.
So this is a fixed diff. But I don't see how it would affect the build ID.
Interesting read: https://github.com/golang/go/issues/17943
Three hours in. I know much more about embedded GOROOT paths.
Interestingly, the compiler will patch the paths of the symbols in the stdlib to match the GOROOT. That's smart, avoids recompiling the stdlib at every GOROOT change, but allows debuggers to find the stdlib files.
Also, should make reproducible builds just work.
So it's not this.
Why you never need to nuke your $GOPATH/pkg. I love the Go toolchain.
The whole pkg.go file is a good read.
"In Praise of Drop-In Libraries"
Just today I was mentioning how SQLite (drop-in library) and youtube-dl (drop-in Python "script") are case studies in how simplicity of adoption can make the success of something (even complex).
TIL "Despite being Clang-based, Apple's compiler version numbers have no apparent relationship to Clang version numbers."
Sigh. Ninjalicious would probably not be happy with where the world is almost 15 years later.
From "Access All Areas", 2004
Hoping SO hard that "interviews don't work" becomes the next cargo cult among startups.
Just wasted over 2 hours (partially) dockerizing what seems to be a standard Gulp-based static site generator. It only works if node_modules is generated at the repo root, with that precise sequence of commands, that changed three times in the last year. Every mistake is fatal and the only solution is to start over.
Good tooling is judged by how it adapts, how narrow its scope is, and how does it works when you step off the happy path.