Olivia
Online
Paul Rumkin
@rumkin
⚡️ I develop transparent technologies for open Web and fight with tech complexity to help people.
Creator of @observer0x.
I speak 🇷🇺🇬🇧
Earth
Joined July 2008
0 Following
220 Followers
802 Posts
@jasnell TBH I don't understand what value can solve log4j (and similar) issues. It's all about dev culture, e.g. Fastify, Koa and Express web servers don't include security modules by default, they provide them as an option. At least Fastify seems to be well funded.
@jasnell Actually the author is wrong. Money can't solve security issues. And log4j shows exactly that. Well funded developers from big biz do not review their infrastructure and they won't in the future. Maintainers should learn how to make OSS sustainable themselves.
It's not a maintainability nor exploitation. This is low programming culture and weak security understanding issue, which should be solved by technologies. Money wouldn't make bigbiz engineers to review their dependencies.
Log4j doesn't just blow a hole in your servers, it's reopening that can of worms: Is Big Biz exploiting open source?
https://t.co/bSTonL6KxT
@codechips @sitnikcode I used to increase box-shadow. It creates pop-up effect without changing button's position. And it seems to be friendly to people with color blindness. Except it doesn't play well with dark themes.
https://t.co/vfiUPLumfw
@andrey_sitnik Если у автора угонят акк от NPM и опубликуют что-то от его имени, то а) заметить это невозможно, б) оперативно уведомить пользователей такого пакета почти невозможно, в) проблема не в разработчиках – среда должна быть безопасной из коробки.
@sitnikcode @lukeed05 Take a look at TestUp, it supports everything other test runners do, but also it allows developers to create modular tests by using express-alike middlewares. And it unties test scripts from the test runner module itself.
https://t.co/KZtZS3BIAk
@MylesBorins I've opened the link with the last version of the code and saw you handled this cases. But decided to file an issue: https://t.co/c4E5Wvi5Aj. Maybe it would be helpful.
@MylesBorins IMO there is no elegant solution without libs/utils yet. There are still signals and errors. And without proper handling program will be successful on errors.
So the minimal code should look like this:
@kossnocorp Could you elaborate more, what types do you expect to receive and for what purpose?
@kossnocorp Chromium already has started developing this feature https://t.co/BRwiJW9iki
@kossnocorp Contexts, global variables and reusability issues are solved in testup. It's a test running suite I've made two years ago 🤓
It also seamlessly works in a browser.
https://t.co/BdbzsRcqgM
But now it's proposed to solve with ShadowRealm API, https://t.co/3RgmNM3rEj
@naman34 @StyleX Hi, Naman. I have library for this org which is in development. I hope you've already found a better name.
@jasnell Before merging it, I'd suggest to review issues related to current Web Streams API. It may be crucial for some APIs to migrate. I'd propose Node.js' community to discuss them and participate to fix the standard while it's possible.
https://t.co/0ihQbIXyJo
https://t.co/vroNN3vsK9
@santisiri @ljin18 @gitcoin I see a lot of tightly connected transactions on the blockchain, what may be evidence of fraud. Also some videos look like they were edited to insert ethereum addresses. I think the technology in it's current view is pretty raw and could be used for "human mining".
@santisiri @ljin18 @gitcoin 1. I don't see active gitcoing security bounties.
2. This is the link to specification: https://t.co/HgD3ytJlrL
3. It's easy to mock with the technology with makeup. Video in 360p is making it easier.
4. Validation phrase is the worst part and it should be fixed ASAP.
@jasnell Node v17? Does it mean we don’t get web streams in the next LTS?
@santisiri @ljin18 It's not how things work. If you act in a good faith, then 1) publish technical specification of the technology (not a generous blog posts), 2) start bounty program to let independent security researches to challenge, 3) publish feedback.
@aria_rzer @DmitryMakhnev IMO because display is a behavior and it couldn't be just switched on or off, it should be properly restored. It's like replacing a door with another kind of door to exit a house, instead of just open it.
Last Seen Users on Sotwe
Most Popular Users
Elon Musk 
@elonmusk
240.4M followers
Barack Obama
@barackobama
119.3M followers
Donald J. Trump
@realdonaldtrump
111.7M followers
Cristiano Ronaldo
@cristiano
110.1M followers
Narendra Modi
@narendramodi
107M followers
Rihanna
@rihanna
97.5M followers
NASA
@nasa
92.1M followers
Justin Bieber
@justinbieber
90.8M followers
KATY PERRY
@katyperry
87.4M followers
Taylor Swift
@taylorswift13
81.2M followers
Lady Gaga
@ladygaga
72.8M followers
Kim Kardashian
@kimkardashian
69.7M followers
Virat Kohli
@imvkohli
69.5M followers
YouTube
@youtube
68.7M followers
Bill Gates
@billgates
63.7M followers
The Ellen Show
@theellenshow
62.5M followers
Neymar Jr
@neymarjr
62.2M followers
CNN
@cnn
61.9M followers
X
@x
60.8M followers
Selena Gomez
@selenagomez
60.5M followers