JRaccoon

Most browser compatibility issues come from JavaScript, not HTML/CSS. Unless you want to support ancient/dead browsers (like Internet Explorer or non-HTML5 browsers), it’s very likely there won’t be any issues.

MDN has a compatibility table for every HTML tag and CSS property. For a simple static site I would just manually check there.

SimCity 4. That was before the franchise went to shit.
I dunno why exactly, but I just don’t get the same enjoyment out of Skylines or other city builders.

The Shining

That’s reassuring to know. What I don’t understand is why you have the /api/v3/post/like/list route. You say you don’t want votes to be snooped on, but then you add an endpoint that makes it very easy for instance admins to do exactly that if they choose to? Also worth pointing out that the tool linked here wouldn’t work in its current form if this route didn’t exist.

Compare your actions to releasing a 0-day exploit for a security vulnerability instead of responsibly disclosing. It doesn’t help, it just causes chaos until the people who do the actual work can figure out a solution.

This comparison is not fair at all. It’s not like the devs are unaware of this. They could start by removing the API endpoint that lists a post’s votes, but they haven’t, which means they seem to think it’s okay for the instance admins to snoop on votes if they so wish.

They can include runnable JavaScript too, which can cause vulnerabilities in certain contexts. One example from work some years back: We had a web app where users could upload files, and certain users could view files uploaded by others. They had the option to download the file or, if it was a file type that the browser could display (like an image or a PDF), the site would display it directly on the page.

To prevent any XSS (scripts from user-provided files), we served all files with the CSP sandbox header, which prevents any scripts from running. However, at the time, that header broke some features of the video player on certain browsers (I think in Safari, at least), so we had to serve some file types without the header. Mistakenly, we also included image files in the exclusion, as everyone through image files couldn’t contain scripts. But the MIME type for SVG files is image/svg+xml… It was very embarrassing to have such a simple XSS vuln flagged in a security audit.

Yeah, kinda sounds this was designed by someone who has never actually attended a LAN party

I do it if I’ll be away more than just couple of days. Some of my hardware is pretty old at this point and I’m just a little paranoid about the possible fire hazard. I’m sure it would be fine to leave everything running but no real harm in shutting it down either.

Well, just by looking at responses in this thread, the controversy most definitely still exists. Some seem to like it and others hate it fiercely.

Cool, thanks for the explanation.

a single application that gets bundled with all necessary dependencies including versioning

Does that mean that if I were to install Application A and Application B that both have dependency to package C version 1.2.3 I then would have package C (and all of its possible sub dependencies) twice on my disk? I don’t know how much external dependencies applications on Linux usually have but doesn’t that have the potential to waste huge amounts of disk space?

Sorry to ask, I’m not really familiar with Linux desktop nowadays: I’ve seen Flatpak and Flathub talked about a lot lately and it seems to be kinda a controversial topic. Anyone wanna fill me in what’s all the noice about? It’s some kind of cross-distro “app store” thingy?

Google Tasks. Does not have all the features of other apps but does everything I need and was preinstalled

So nice to be able to play more Portal after all these years