Every problem at every company I’ve ever worked at eventually boils down to “please dear god can we just hire people who know how to write HTML and CSS.”

This UX is awful? That UI looks old? Accessibility busted? Performance bad? Design team can’t ship stuff? Customers annoyed by tons of bugs? Everything takes too long to build? No time for small usability improvements?

Hire. HTML. And. CSS. People.

The axioms of programming

• small teams
• difference between theory and practice
• metrics
• greenfield projects
• employee turnover
• "If anyone is remote, everyone is remote."
• "Given long enough, all tech discussions turn into discussions about K8s."
• two hard problems: People are the hardest problem in Computer Science; Convincing people that people are the hardest problem in Computer Science.

Wow les réalisations sont inspirantes. Simples et claires.

Elle est toutes les bibliothèques que j'ai connues, ce que j'y ai trouvé de mieux et ce que j'aurais aimé y construire. Bref, La bib' est la bibliothèque de mes rêves, quand je rêve du coin de la rue.

Traduire cet article en fr

Shift is_active to something more generic: a status field, so we can expand it down the line for other parts of the state space.

Honestly, 80% of the time in these meetings I just tell people to either use an enum instead of a boolean or to make it more clear which data is events and which is state. I'm always right, it's always useful, and there's never that much fuss about it.

In addition to the content of web pages, it's important to record how this digitized content is constructed and served. The HTTP Archive provides this record. It is a permanent repository of web performance information such as size of pages, failed requests, and technologies utilized. This performance information allows us to see trends in how the Web is built and provides a common data set from which to conduct web performance research.

• Generative AI has polluted the data
• Information that used to be free became expensive

If someone is collecting all the text from your books, articles, Web site, or public posts, it's very likely because they are creating a plagiarism machine that will claim your words as its own.

Des toilettes sèches pour consommer moins d'eau et revaloriser l'urine riche en azote (illustration).

Brands go to Sans Serif fonts and uniform logos.

Reasons?

• "modern utility": Cleaner and more legible, they are better suited to a variety of media and work particularly well online. The purity of these fonts allows the brands to be an empty vessel, ready to accommodate rapidly shifting trends.
• simplification: to being a trusted, dependable part of people’s everyday lives.
• Brands are also defined by their products now: they become words and does not need a big logo.
• readability: even if it is becoming less of an issue

Shoot for simplicity and legibility, but keep your distinguishing features. Don’t throw away what the brand has been working on for decades.

Une critique de la vidéo de McFly et Carlito avec Jean-Marc Jancovici. Certains sujets pertinent ont été abordé.

En revanche, les inégalités sociales face à l'écologie ont été absent de la discussion, de même que la gestion des transports (en réduisant le débat à la voiture) et des autres considérations que le carbone.

si ces actions individuelles ne sont accompagnées d’aucun changement politique, ces petits gestes resteront vains.

avoir recours au covoiturage est une bonne pratique pour réduire nos émissions liées au transport, mais cela n’enlève rien au fait que de nombreux territoires français sont dépendants de la voiture, elle-même dépendante de l’essence ou du diesel.

La sensibilisation aux plus grand nombre est cependant primordiale !

Another link checker tool that supports recursion

An idea to put URL query parameters in the body pf the request.

It is useful to avoid the limitations of the URL length. Another use case is a custom DSL inside the request body.

At the end, it's a less readable than GET but more powerful.

How to Choose

• If the closure only reads from the environment: Use Fn.
• If the closure needs to mutate the environment: Use FnMut.
• If the closure needs to consume ownership of values from the environment: Use FnOnce.

A PoC for a driver in Rust seems promising.

Lito, a self-taught Japanese artist who began creating intricate, hand-carved art on fallen leaves as a way to manage his ADHD. He carefully selects each leaf & carves whimsical patterns that often depict animals, objects & landscapes - transforming delicate leaves into complex scenes.
Art that captures the fleeting beauty of nature.

Perfect for static websites

A set of 90 emojis featuring a ghost, including pride variants.

If you are going to use these in a commercial space you are urged to leave a tip please. I offer these for everyone and do not release paid sets most of the time.

Examples on https://nederland.gay/objects/00c6d0b4-be9d-46f9-ad6c-d48a3eb7a295

La nouvelle API Temporal, successeur de Date pour la manipulation de date.

The highest resolution image.

This is the largest and most detailed photo ever taken of a work of art. It is 717 gigapixels, or 717,000,000,000 pixels, in size.

The distance between two pixels is 5 micrometres (0.005 millimetre), which means that one pixel is smaller than a human red blood cell.

The team used a 100-megapixel Hasselblad H6D 400 MS-camera to make 8439 individual photos measuring 5.5cm x 4.1cm. Artificial intelligence was used to stitch these smaller photographs together to form the final large image, with a total file size of 5.6 terabytes.

2 km/h dans 2h --> 4km de parcourus
2 km/h dans -2h (il y a 2 heures) --> -4km de parcourus
-2km/h dans 2h --> -4km de parcourus (en arrière)
-2km dans -2h --> 4km de parcourus

The attacks occurred on an old version of the long-retired application Ricochet that lacked new features The Tor Project has released since to mitigate against the kind of 'timing' analysis described in the articles.

Matt Brichler on the 99% of people lie:

"People have a terrible habit of assuming “everyone” does something, when that’s simply not the case."

Everyone thinks that their perception of the world is correct. It’s only when you begin to realise that the way you look at things is nothing more than your perspective that it becomes infinitely more valuable.

The best thinkers can see things from other angles and come to open conclusions with the confidence to both defend their position and be open to new ideas.

[about the tech stack with k8s] the payoff feels abstract and are hard to quantify.

It's the same for OSS dependencies.

what if platforms like AWS or GitHub started splitting the check? By adding a line-item to the invoices of their customers to support Open Source finding.

For example, 3% ?

OSS projects have no governance and most of them are not ready to receive money though. How to distribute this tax too?

Another model is to pay depending of how many developer there are in the company.

The second step after recognizing the OSS funding issue is having a baseline funding amount.

La Commission pourra faire appel de cette décision.

LinkedIn content is now used to train AI.

There’s some good news for users in the EU, the UK, Iceland, Norway, Liechtenstein (both of them!) and Switzerland as their data isn’t being used to train LinkedIn's AI at all and won't for the foreseeable future.

Mediapart, Le Canard Enchaîné, La Lettre, Glitz Paris, Miss Tweed, L'Informé, Puck (US).

"Ignore all previous instructions"
"[citation needed]"

The project is on github: https://github.com/lycheeverse/lychee

Platform of username trading

mozilla's main problem right now appears to be they just do not recognise that they have pissed users' trust up a wall and now we are suspicious of everything they do.

you cannot, in a position like that, just do things which look dodgy as fuck and expect users to suck it up quietly, whether or not they are as they look.

Different definition of a UI component, from the minimalistic css one to the SSR full page.

Let the trademark be free

Another CSS reset explained

La semaine dernière, plusieurs entreprises ont annoncé à tour de rôle avoir été victime d’une cyberattaque ayant entraîné le vol de de données personnelles : Boulanger, Cultura, DiviaMobilités, Truffaut, Cybertek et Grosbill ainsi que Assurance Retraite.

Dans un email envoyé ce week-end à certains clients (dont nous avons eu une copie), le loueur de voiture explique avoir « découvert le 5 août 2024 (heure de l’Est) qu’un tiers non autorisé avait accédé à l’une de nos applications professionnelles […] Sur la base de notre enquête, nous avons déterminé que l’accès non autorisé a eu lieu entre le 3 août 2024 et le 6 août 2024 (heure de l’Est) »

How to cache? It depends of the context: push vs pull and owned vs user.

Push means that the asset is pushed to a central server and then distributed.
Pull means the asset is referenced and the central server has to “pull” the content.
Owned means it’s owned by the central server.
User means it’s user-submitted content.

Push + owned

Make everything push + owned content if possible. "It turns out, however, that you can make a shit ton of other stuff push + owned if you try a little harder. "

How does the client check if they're expired?
Use “stale while re-validate”. Ur welc’

In summary:

• store asset
• use stale-while-re-validate access patterns
• should work offline

Push + User & Pull + Owned

Handle these with hash URLs. Hash the URL and treat it immutably.
Push + User: Forum comment -> hash URL
Pull + Owned: "in-content" assets. That’s where it’s user generated content, but not owned by the server.

Summary:

• Load asset
• Use infinite TTL + hashed URLs
• Should not re-fetch across page/app reloads

Pull + User

That’s where it’s user generated content, but not owned by the server. Posting gifs into the chat is a prime example; linking a blog post and generating a media upload for that is another.

Guess what: this pattern fits for highly dynamic user-generated content, which means it’s the content users link to each other in-platform.

Stable URL, short TTL. YES, SHORT TTL. [...] Debounce + throttle? Sure. Micro-TTL? Yes. Cache? Never.

Générer dynamiquement des champs de formulaire totalement débile qu’on cache ensuite avec toutes les astuces de la terre pour ne pas les afficher aux utilisateurs. Mais pas aux bots.
Le champ est rempli à la soumission du formulaire ? Ah ben dégage le bot hein ☺️

100 milliards dépensés dans l'IA au lieu d'autres secteurs comme l'éducation.

Comment cette technologie va-t-elle être rentable avec la consommation en ressource nécéssaire?

ICMP packets with "LOVE" in ASCII.
TCP packets with different window sizes.

This strange traffic mimics legitimate data streams, and while it's not known if it's malicious, its true purpose remains a mystery.

quick recap

• arc boosts can contain arbitrary javascript
• arc boosts are stored in firestore
• the arc browser gets which boosts to use via the creatorID field
• we can arbitrarily chage the creatorID field to any user id

thus, if we were to find a way to easily get someone elses user id, we would have a full attack chain

when someone referrs you to arc, or you referr someone to arc, you automatically get their user id in the user_referrals table, which means you could just ask someone for their arc invite code and they'd likely give it

About the explosion of pagers in Lebanon.

On Tuesday things changed. Whoever got admitted at the hospital with a specific kind of injury will end up in some list. Social networks will be traced and new targets will be identified.

The lessons that software developers can learn: Supply chain attacks in the real world happen every day!

I want to insist because it seems that it's not clear for everyone yet. There is no other way to mitigate software supply chain attacks for an ecosystem / programming language than to build an extensive standard library.

If Rust want to be seriously considered to build the foundations of computing, the number one and only priority of the Rust foundation should be to work on building an "extended standard library", let's call it stdx

À voir comment cette loi sera appliquée; et comment les entreprises montrerons la rémunération.

CLI tools can make great things

Recursive link checker (compared to the rust lychee)

Estimez vos aides pour rénover votre logement

Une rénovation énergétique pour des factures moins élevées dans un logement plus confortable et plus écologique.

Contexte: https://www.service-public.fr/particuliers/actualites/A17676?xtor=RSS-111

Crev is a scalable, social, distributed Code Review and recommendation system that we desperately need for establishing trust in Open Source code.

Getting started: https://web.crev.dev/rust-reviews/your_personal_reviews/

The project is not maintained anymore though.

How the author evolved about getting news and updates.
First from social media, then from a curated list on Reddit.
To multiple RSS readers (Feeder, Miniflux) to Yarr.

They share their feeds in the post too :)

As we further discuss backup strategies, please remember, that having a remote volume mounted as a primary or a secondary disk in your system means you have filesystem access to a distributed data store that you use by simply doing file operations (e.g. cat, tail, cp, touch, mkdir, etc.).

I would simply mention that features that exist in ZFS, Btrfs or XFS (not a CoW fs but has some CoW features). [...] both ZFS and Btrfs offer transparent filesystem compression, meaning even the stored, deduplicated pages can be further reduced in size.

"Thing" backup strategies:

• backup data pages in the file verbatim
• pack data pages as you copy them (byte by byte copy with database cleanup beforehand)
• dump the data as SQL commands

"How" backup strategies:

• litestream: copy the db changes depending on the WAL
• SQLite .backup command creates an exact page by page replica of the database file at the point of invoking the command.
• SQLite VACUUM INTO
• SQLite .dump
• good old cp with --reflink=always in a transaction