So when folks say they want to see big companies invest in open source, this is what that looks like. CF could have kept coasting on what Astro was building, but instead they are paying for it. But in return they get a lot of control.
Well, hopefully more like Go's relationship with Google? The company that pays the bills is their first and most important customer, but as far as I can tell from the outside, the Go team makes its own plans and management doesn't pull rank.
> CF could have kept coasting on what Astro was building, but instead they are paying for it. But in return they get a lot of control.
Supabase pioneered the modern implementation of this model. Probably, RedHat before it? Google also tend to "acquihire" maintainers of popular FOSS projects, like Ben Goodger (Firefox), Scott Remnant (Upstart), Junio Hamano (Git), Guido von Rossum (Python).
I still find it useful to vibe code in a private fork. For example with yt-dlp its now super easy to add a website with Claude for personal use, but that doesn't mean it's appropriate to open a PR.
No, if you're using `adapter-static` (or, if not using SvelteKit at all, just not doing any dynamic server-rendering) then you are not affected. But upgrade anyway!
Great, I love sveltekit for SPA apps... I am just not using any SSR at all. I would like it would become more straightforward to use it that way. I would say that large amount of apps are better of as just SPAs. Internal dashboards, desktop like apps, etc...
Not from my reading. DoS are irrelevant, remote functions exploits don't apply and from my reading neither does the "XSS via hydratable" since a prerequisite is hydratable() which is a Remote Functions feature.
In C++ you do it the other way around, have a single class that is polymorphic over templates. The name of this technique within C++ is type-erasure (that term means something else outside of C++).
Examples of type erasure in C++ are classes like std::function and std::any, and normally you need to implement the type erasure manually, but there are some library that can automate it to a degree, such as [1], but it's fairly clumsy.
These things aren't mutually exclusive. There's a supply problem and it depends. You'd be right if there was only a demand for rentals, but people also want to buy homes to live in, and currently those people are completely priced out of the market by landlords because they've bought all the homes as investments. A landlord can buy a 10 bedroom sfh and split it up into student housing near a university (good), or they can buy a 2 bd bungalow and price a new family out of the market (bad). It just depends. It depends entirely on the market.
I feel any fuzzy tab grouping feature [0] is a significant security risk by default. Especially with black-box LLMs.
Consider a phishing site which opens up in a new tab, tricking the browser into color-coding and sliding it over into the middle of the user's existing tabs for the real site: "Huh, my bank says I got logged out and need to re-enter my credentials, well, no problem, I mean this is obviously the same interface I was working with earlier, right?"
Protecting against that attack would require some deterministic security rules, such as refusing to add to any group if the domain isn't already represented there... But at that point, isn't the AI-fuzziness really only useful for deciding when not to group things by domain?
It's always the departments that are closest to the customer that pay the price in my experience. At one company, after killing QA, the support team created their own internal QA process. They were going to deal with the issues anyways, so they wanted to catch as many as they could first.
reply