This proposal is an early design sketch by Blink Layout Team in Google to describe the problem below and solicit feedback on the proposed solution. It has not been approved to ship in Chrome.

linked src

Great, I’m glad it helps. Good luck! :)

I wonder if we can do even simpler today (with a framework that handles the dynamic aspects of the application, not with barebones JS).

You want a stateful application or a template-model-rendering system?

If not, the webbrowsers support fetch API and you can create HTML from that, or set values on the DOM elements.

Personally, I’m not too familiar with JS frontends in particular. I could name some random names, but don’t have experience or particular opinions. What I’ve read, and intuitively agree with, is that many of the most popular frameworks introduce additional complexities and their own state system when the browser nowadays would cover those natively. Newer frameworks that make use of the current browser tech may be better. But I can’t name specific names.

I myself, in terms of web frontend frameworks, work with Blazor (dotnet). Upside being direct C#/dotnet integration and development and wide options, downside being the tech complexity of framework between browser and backend and a mixing of HTML and Razor concerns.

If it were me, I would probably create an .html file, add a <script> block, and use the fetch API to fetch the data from the backend and then render/display it via JS/HTML. It’s always possible to size up and add complexity later.

Six months ago, distributed crawling hit code.forgejo.org, and the mitigation measures put in place then held until a few weeks ago. The mitigation measures relied on JavaScript-based proof-of-work, but the crawling software learned to resolve the measures, allowing the attack to return.

Since November 24, a new blocking strategy has been implemented and successfully blocked around one million unique IPs daily. Only 5,000 unique IP addresses reach code.forgejo.org daily, and no reports of legitimate traffic being blocked have been received.

Crazy. A 1M to 5k ratio.

The linked to ‘new strategy’ information is interesting too. They’re blocking a specific user agent.

TL;DR: 26 November ~900,000 unique IPs sent requests to code.forgejo.org and blocking one user agent effectively blocks over 90% of them. At the moment ~50,000 unique IP hit code.forgejo.org per hour, ~5,000 of them are not using the suspicious user agent and are sent to Anubis, ~1,000 of them pass the challenge and reach code.forgejo.org.

&& Header(`user-agent`, `Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36`)

Typically, I could have a program I wrote doing stuff, I may add a little HTTP server feature to it as an entrypoint to its internal and then have a cute webapp to connect to it to visualize what is going on, idk.

Are you saying you could add HTTP endpoints to your services which can then be queried for data? So REST APIs for example?

Do you want live updates on the UI or is a fetch visualization enough?

For simple fetch visualization, creating a simple web app with browser native JavaScript and HTML seems like a fine, simple solution for barebone/hacky visualizations.

If you want live updates, there’s a few alternatives. Polling from REST API, long-running streamed responses (http server sent events), or Websocket (continuous connection and communication). Websocket will need the capability on the backend server.

If you’re imagining a reporting/monitoring like tool/UI, using OpenTelemetry and one of many existing collect and store and display solutions could be relatively simple setup, with a bit more investment into serving OpenTelemetry data.

There’s various technologies and frameworks. You could choose any one, or choose one closer to your tech stack, whatever you use.

The author provided no evidence of it

They’re contextualizing and sourcing it plenty. It’s their impression from their experience, from their years of being in that field. In the later adding of comments at the end they go into different takes as well, reiterating that it’s what they saw or see in [their] big corp[s] [and those he talks to].

You’re saying people are rotating too often - which was one of their points. Not sure if you meant support that point or point it out [assuming they didn’t].

Sharing, because I had to look up Abstract Wikipedia

Abstract Wikipedia is an in-development project of the Wikimedia Foundation. It aims to use Wikifunctions to create a language-independent version of Wikipedia using its structured data.

Microsoft actually cut off Israel’s access to Azure…

After months of pressure and trying to silence internal criticism.

I had to look it up to make sure “months of” is correct. Wikipedia has the infos https://en.wikipedia.org/wiki/Criticism_of_Microsoft#Israeli_military_support 2023-2025, various employees fired

“Microsoft actually cut off Israel’s access to Azure” doesn’t really cover or adequately represent their behavior regarding this topic.

That comment doesn’t say anything about what I’m asking about here.

IMO the intro “[shared] to the respective secret scanning partner” is a bit misleading because it can be read as third parties unrelated to the secret that do secret scanning. The text later on only mentions the issuer of secrets, though.

To protect the developer community, GitHub partners with hundreds of secret scanning partners to identify leaked secrets.

GitHub works directly with industry partners like AWS, OpenAI, and Stripe to build detectors for their specific secret formats […]
GitHub notifies the secret issuer when publicly leaked secrets are found, allowing the partner to take immediate action.

Probably in some AI training data sets. Not that those are particularly good backups.

maybe they also mean Israel/Gaza or the AI push

… Gitlab though; the only difference is you see more “a large premium customer is requesting this” comments!

I love those! /s 😄 It can certainly feel like a pattern, specifically for some tickets.

I expect some hot Java code on that website 😏

YouTube recently introduced UI changes. Google probably didn’t optimize for Firefox besides Chrome. Whatever they’re doing, it may be more performance on Chrome than on Firefox for technical reasons.

As a quality metric, “bad company”. If you can differentiate between hardware product and drivers, you can separate those metrics. But usually, and for most people, using the product also means using their drivers.

You can just take the L and say you didn’t see that the function definition that was “added” was just “removed” at the top.

That’s not what happened though.

Changing the indent of the def changes the definition. That’s my whole argument.

I don’t get why you say “of course”, agreeing with my point, but then “it was only the indentation that was changed”.

Do you have a comparison to other tools like Grammarly? Were you sometimes missing suggestions or linting rules?

as an open-source alternative to Grammarly

intentionally avoids including any kind of generative AI in any part of our processing pipeline

Isn’t that what Grammarly is all about, though? Be better than traditional spellchecking through LLM?

I assume Harper is entirely Rules based, then? Which inherently means limited to what rules where introduced manually and what the rules cover.

rnicrosoft.corn 🌽