the american economy is huge not because it’s special… the american economy is huge because it has a default position, and it has that because it was friendly for collaboration: america is what it is because the rest of the world has settled on it being what it is
what’s the bet the netflix deal will be blocked by the SEC and then this one goes through for way less money because it’s clear anything else will be blocked
the vuln afaik is for remote code execution via basically a mechanism that’s kinda like a transparent RPC to the server (think like you just write frontend code with like a “getUsers” and it just automatically retrieves and deserializes the results so you can render the UI without worrying about how that data exists in the browser)
i’m not a front end engineer, and haven’t used react server components, but i am a principal software engineer, i do react for personal projects, and have written react professionally
i can’t think of a way it’d be exploitable via purely client-side means
i THINK what they mean is that you can use some of the RSC stuff without the RPC-style interfaces, and in that case they say the server component is still vulnerable, but you still need react things running on your server
a huge majority of react code is client-side only, with server-side code written in other languages/frameworks and interfaces with something like REST or GraphQL (or even RPC of course)
this is not something i’ve ever encountered, nor something that i’d ever expect from an LLM specifically… some kind of test-writing-specific AI? sure because its metric is just getting the thing to go green… but LLMs don’t really care about the test going green: they simply care about filling in the blanks, so its “goal” would never include simply making the test pass, and its training data has significantly more complete tests than placeholders
most things scale if you throw enough resources at them. we generally say that things don’t scale if the majority case doesn’t scale… it costs far fewer resources to scale with multiple repos that it does to scale a monorepo, thus monorepo doesn’t scale: i’d argue even the google case proves that… they’ve already sunk so much into dev tooling to make it work… it might be beneficial to the culture (in that they like engineers to work across the entire google codebase), but it’s not a decision made because it scales: scale is an impediment
it’s tankie to deny legitimate criticism of regimes whilst also leveling similar critique at simply “enemys of”, or doing a what-about-ism in order to redirect discussion away from said criticism
that’s not relevant though… in a situation where you only need 1, you only need 1
and the statement had nothing to do with individual officers, so you can’t apply it to individual officers: the group that is US police officers frequently escalate situations… individual interactions are irrelevant to that statement
you can’t apply group behaviour to single events… it takes time to change human behaviour in a group - especially when it’s politicised behaviour … if every restaurant were serving raw patties and raw was incorrectly politicised as “healthier” and then 50% started being cooked you’d say that’s progress… it’d remain horrible, but it is indeed progress and clearly those doing better should be congratulated for somehow managing to get their shit together even a little bit
generalisations shouldn’t be applied to individuals but often hold true for groups… a non-trivial number of US police officers escalate situations if they aren’t given “respect” and compliance. that is a fact… when applied to a decent period of time, over a city full of US police officers, escalation is all but inevitable: not for any individual, but the group
i’d say it’s less that it’s inadequate, and more that it’s complex
for a small team, build a monolith and don’t worry
for a medium team, you’ll want to split your code into discreet parts (libraries shared across different parts of your codebase, services with discreet test boundaries, etc)… but you still need coordination of changes across all those things, and team members will probably be touching every part of the codebase at some point
for large teams, you want to take those discreet parts and make them fairly independent, and able to be managed separately: different languages, different deployment patterns, different test frameworks, heck even different infrastructure
a monorepo is a shit version of real, robust tooling in many categories… it’s quick to setup, and allows you a path to easily change to better tooling when it’s needed
You should really not need to do a PR across multiple repos.
different ways of treating PRs… it’s a perfectly valid strategy to say “a PR implements a specific feature”, in which case you might work in a backend, a front end, and library… of course, those PRs aren’t intrinsically linked (though they do have dependencies between them… heck i wouldn’t even say it’d be uncommon or wrong for the library to have schemas that do require changes in both the fronted and backend)
if you implement something in eg the backend, and then get retasked with something else, or the feature gets dropped then sure it’s “working” still, but to leave unused code like that would be pretty bad… backend and front end PRs tend to be fairly closely tied to each other
a monorepo does far more than i think you think it does… it’s a relatively low-infrastructure way of adding internal libraries shared across different parts of your codebase, external libraries without duplication (and ensuring versions are consistent, where required), and coordinating changes, and plenty more
can these things be achieved with build systems and deployment tooling? absolutely… but if you’re just a small team, a monorepo could be the right call
of course, once the team grows in size it’s no longer the correct option… real tooling is probably going to be faster and better in every way… but a monorepo allows you to choose when to replace different parts of the process… it emulates an environment with everything very separated
this law covers the fediverse. aussie.zone now has a verification process
i agree with the above commenter: something should be done, but this is the wrong way to do it… it creates problems and effectively solves none
real vibes of
Malcom (cunt) Turnbull - a conservative ex-PM