While we've been agonizing over Age Verification (real or planned), Greece has apparently introduced a ban on anonymity on social media. I'm not liking where the world is headed, but I have no idea how to push back against it.

It all depends on how you define "social network". We had BBS and forums that operated much like "social networks" in the mid 90s. I don't think being "the first social network" is particularly interesting or noteworthy.

You might want to look up what Luddism was all about. Hint: it's not about being anti-technology, but about fairness.

Dissolvable tablets & powders are still useful for getting rid of mucus. Maybe inhaling is better, but anecdotally the tablets seem to work.

The dissolvable tablets completely fix a runny nose for me. Much better than any nose spray, which tend to irritate the nose and lead to chronic runny nose if taken for too long.

Have you tried a neti pot or similar?

When I go out drinking with my pharmacist buddy, we take NAC before going out. He swears it makes hangovers less likely. I can't say I've noticed that particular effect, but I do seem to sleep a bit better on those nights.

I love Hank, but he has such a weird EA-shaped blind spot when it comes to AI. idgi

It is true that "more diversity in code" probably means less turnkey spray-and-pray compromises, sure. Probably.

It also means that the models themselves become targets. If your models start building the same generated code with the same vulnerability, how're you gonna patch that?

> start building the same generated code with the same vulnerability

This situation is pretty funny to me. Some of my friends who arent technical tried vibe coding and showed me what they built and asked for feedback

I noticed they were using Supabase by default, pointed out that their database was completely open with no RLS

So I told them not to use Supabase in that way, and they asked the AI (various diff LLMs) to fix it. One example prompt I saw was: please remove Supabase because of the insecure data access and make a proper secure way.

Keep in mind, these ppl dont have a technical background and do not know what supabase or node or python is. They let the llm install docker, install node, etc and just hit approve on "Do you want to continue? bash(brew install ..)"

Whats interesting is that this happened multiple times with different AI models. Instead of fixing the problem the way a developer normally would like moving the database logic to the server or creating proper API endpoints it tried to recreate an emulation of Supabase, specifically PostgREST in a much worse and less secure way.

The result was an API endpoint that looked like: /api/query?q=SELECT * FROM table WHERE x

In one example GLM later bolted on a huge "security" regular expression that blocked , admin, updateadmin, ^delete* lol

As a general hobbyist-type, I can attest to the above post, it is 100% valid and accurate.

This entire process is something anyone can test and reproduce; I was definitely steered towards both vercel and supabase by gemini. It isn't model specific.

> The result was an API endpoint that looked like: /api/query?q=SELECT * FROM table WHERE x

Ahhhhhhhgh. If I ever make that cybersecurity house of horrors, that's going in it

A tale as old as time. And hard to defend against. Did the sellers know their plugins were going to be abused? Is there some kind of seller liability in cases like this?

I think a big proportion of them wouldn't 'know'. At least in my experience considering selling out the partners or buyers will try to keep a good image. But there are smells. Maybe the partner has their HQ in place that is a hotspot for intelligence/security industry or the deal is at such a price that it would only make sense if the asset as purchased for nefarious purposes.

In what way is gofmt remotely comparable to a JVM?

In reality the number of options is significantly smaller than the 1843 you mentioned. The list contains boatloads of duplicates because they exist for multiple architectures. E.g. BackgroundCompilation is present on 8 lines on the OpenJDK 25 page: aarch64, arm, ppc, riscv, s390, x86 and twice more without an architecture.

gofmt isn’t really comparable to the JVM, but it is a really strong expression of the opinionated tooling GoLang has.

While gofmt is “just” a formatting tool. The interesting part is that go code that doesn’t follow the go formatting standard is rejected by the go compiler. So not only does gofmt not have knobs, you can’t even fork it to add knobs, because the rest of the go ecosystem will outright reject code formatted in any other way.

It’s a rather extreme approach to opinionated tooling. But you can’t argue with the results, nobody writing go on any project ever worries about code formatting.

I don’t believe the Go compiler would reject unformatted code. The compiler has its own set of rules for what it views as syntactically correct code, but these rules have nothing to do with gofmt’s formatting rules.

For example, it’s the compiler and not gofmt that dictates that you must write a curly brace only on the same line of an “if” statement. If you put it on the next line, you don’t have unformatted code - you have a syntax error.

However, the compiler doesn’t care if you have too much whitespace between tokens or if you write your slice like []int{1, 2,3,4}, but gofmt does.

We could say the rules of the compiler and gofmt don’t even overlap.

They do worry, they just can't do anything about it. Like the fact that error handling code takes at least three lines no matter how trivial it is. I'm sure error handling would not be critisized nearly as much if it didn't consume so much vertical space and could fit in one line, which go compiler does allow.

That's all well and good, but entirely irrelevant to the number of options a JVM should reasonably have.

.

We also don't in other ecosystems, Go advocates pretend we do.

C has had indent since 1976, then it is only a matter of having a pre-commit hook, regardless of the programming language.

We don't need some monk telling us how to format code from the gospels, a company wide rulling suffices.

Can still remember the sound of the Funky Bomb firing in Scorched Earth. Thanks fot reminding me of that.

If you're interested in this sort of stuff, the book Nature Of Code is great for exploring this topic by creating simulations. There's a Javascript version and Java based version (using the Processing framework). It isn't actually all that difficult, and I found it very satisfying to work through.

I hadn't even considered massage as a potential hobby. I love getting massages, but they're not cheap. Taking a course might be a good hack to get cheap massages..

Good massage classes cost quite a bit of money. I still find it well worth it on a lot of levels, even if you're just interested in the receiving (for now)! I would compare it more to other hobbies, which often do cost substantial amounts of money (material, travel, equipment, club fees, etc -- none of which you need for this).

In multi-session trainings, it is often suggested or sometimes even required to meet with other participants to exercise between the official trainings. Even in cases where that's not officially part of the trainings, I want to encourage you to speak up and announce you're willing to provide your body to others for their training (who may be there for a professional career) -- in fact it's not like you're "asking for a free massage", you are offering a very valuable contribution, since you can give them feedback based on what you both learned in class, which is something other people they know will not be able to do. Also, it takes a bit of courage to ask friends, especially at the beginning, and hesitancy to touch friends in new ways; there's something about being in class together that makes it easier to accept touching the other; it's a 'professional' relationship.