I’ll save you a click, they’re sulfur crystals. This is interesting because although they can naturally form in volcanic regions this area is non-volcanic. The other way they naturally form is via microbial actions which may offer a clue about Mars past.

Anyone with a brain saw that this was the goal all along.

Usually it’s even dumber than that. Shows use the logos to try to blackmail large companies into paying them for “advertising”, and if the companies don’t pay up they censor the logos.

The problem is that Republicans don’t vote for a candidate they vote for a party. The Republicans could run Hitler’s reanimated corpse as their candidate and as long as it had that R next to its name it would get their vote. Democrats on the other hand are much more likely to not vote for or not even show up to vote at all for a candidate they don’t particularly like. It’s why good Democrat candidates always beat Republican candidates of any kind, but bad candidates usually lose. Democrats massively outnumber Republicans, but the Democrat party nearly always runs the worst possible candidate. If Republicans win any election it’s not because they had a good candidate, it’s always because Democrats ran a bad one.

It’s an interesting point but I think it kind of confuses two different but related concepts. From the perspective of the library author a vulnerability is a vulnerability and needs to be fixed. From the perspective of the library consumer a vulnerability may or may not be an issue depending on a lot of factors. In some ways severity exists in the wrong place, as it’s really the consumer that needs to decide the severity not the library.

A CVE without a severity score I think is fine. Including the list of CWEs that a particular CVE is composed of I think is useful as well. But CVE should not include a severity score because there really isn’t a single severity but a range of severities depending on specific usage. At best the severity score of a CVE represents a worst case scenario not even an average case, nevermind the case for a specific project.

Yeah, our security team once flagged our app for having a SQL injection vulnerability in one of our dependencies. We told them we weren’t going to do anything about it. They got really mad and set up a meeting with one of the executives apparently planning to publicly chew us out.

We get there, they give the explanation about major security vulnerability that we’re ignoring, etc. After they said their bit we asked them how they had come to the conclusion we had a SQL injection. Explanation was about what you’d expect, they scanned our dependencies and one of the libraries had a security advisory. We then explained that there were two problems with their findings. First, we don’t use SQL anywhere in our app, so there’s no conceivable way we could have a SQL injection vulnerability. Second our app didn’t have a database or data storage of any kind, we only made RESTful web requests, so even if there was some kind of injection vulnerability (which there wasn’t) it would still be sanitized by the services we were calling. That was the last time they even bothered arguing with us when we told them we were ignoring one of their findings.

It’s a good idea to be aware of any security advisories of your projects dependencies, but it’s also equally important to be aware of your actual attack surface and audience. It for instance may not matter to your entirely offline and utterly unprivileged app that there’s an arbitrary code execution flaw in one of your dependencies because any theoretical attacker is the user themself and they would only be executing code they already had the capability to execute. On the other hand such a flaw in other circumstances could be absolutely critical. It’s really down to you as the author of the code to evaluate any security advisories through the lens of your codes expected use cases.

So I listened to that entire video and I still don’t know what corporatism actually is. There was a lot of talk about how various fascist regimes were corporatist and how it’s about all the classes working together, but no actual explanation of what that means in practice.

It’s encoded as a regex which you can find here: https://github.com/LemmyNet/lemmy/blob/78702b59fd56f767f3d5612bfd60e294979f91f8/crates/utils/src/utils/slurs.rs#L74

It’s honestly not a terrible list, but there’s at least one entry in there that falls victim to the scunthorpe problem, and it sucks that it’s not something administrators can easily customize.

Edit: looking through the PRs it seems like they made the filter customizable at some point, so this is a little outdated. The whole communist thing still applies though.

They run lemmygrad and are dedicated communists, as well as having a very opinionated “bad words” filter that’s hard coded into the lemmy server software and not configurable without building it yourself.

Edit: commented below, but it looks like at some point they added the ability to customize the bad words filter as part of the site config, so that part doesn’t currently apply. Early on there was a bit of drama about the original hard coded version though.