Daily reminder that sites “protected” by cloudflare are effectively MITM attacks. HTTPS is now even more worthless. Cloudflare can see everything. this is a known fact and not a theory....
Honestly, even if you don’t terminate SSL right until your very own app server, it’s still based on the assumption that whoever holds the root cert for your certificate is trustworthy.
The thing that has actually scared me with CF is the way their rules work. I am not even sure what’s the verification step to get to this, but if there is a configured page rule in a different CF account for your domain that points at cloudflare (I.e. the orange cloud), you essentially can’t control your domain as long as it’s pointing at CF (I think this sentence is a bit confusing so an alternative explanation: your domain is pointing DNS at your own CF account, in your CF account you have enabled proxying for your domain, some other CF account has a page rule for your domain, that rule is now in control). The rule in some other account will control it.
It has happened to us at work and I had to escalate with their support to get them to remove the rule from the other cloudflare account so we can get back control of our domain while using CF. Their standard response is for you to find and ask the other CF account to remove the rule for your domain.
I wonder if this will also have a reverse tail end effect.
Company uses AI (with devs) to produce a large amount of code -> code is in prod for a few years with incremental changes -> dev roles rotate or get further reduced over time -> company now needs to modernize and change very large legacy codebase that nobody really understands well enough to even feed it Into the AI -> now hiring more devs than before to figure out how to manage a legacy codebase 5-10x the size of what the team could realistically handle.
Writing greenfield code is relatively easy, maintaining it over years and keeping it up to date and well understood while twisting it for all new requirements - now that’s hard.
There were a series of accusations about our company last August from a former employee. Immediately following these accusations, LMG hired Roper Greyell - a large Vancouver-based law firm specializing in labor and employment law, to conduct a third-party investigation. Their website describes them as “one of the largest...
After having dealt with some audits (although not this exact topic), in general they followed the same format. “Assert that we do the thing we claim to be doing”. So if the thing they claim to be doing is a low bar, the audit means nothing. If they dont release any evidence, or a report of what they were ascertaining it means very little IMO.
I can’t remember if the employee released any evidence with her claims either though, but in general I’d prefer my odds with assuming her story is closer to the truth against a company which has had other mishaps recently, underpinned by evidence. All of which they tried to brush under the carpet.
Maybe a better way to phrase it is that a report from the investigator could qualify what they considered/found when they said the claims were false, baseless etc, and any evidence they found/data they had access to. (E.g. if they could look at all internal communication but their data retention policy is 6 months and this happened 7 months ago, its not the same as not finding anything)
For example, “allegations of sexual harassment were ignored or not addressed” is a wide range. It could be there were no allegations recorded from the employee (as in, they weren’t reported), or they were addressed by a slap on the wrist or a “just don’t do that again” to introducing workplace behaviour training, forcing the perpetrator to go through it, suspending them without pay and so on.
You are right it’s not proof of no wrongdoing, but it would serve as proof that they handled things in a generally suitable manner, rather than that they managed to twist things around to check a box for the investigator.
Short version of this interview is that nothing is changing, other than they’re going to be asking a flat fee “$5-20” for the app, rather than relying on donations. All donation platforms have been closed. However, if you choose not to, as Louis says “that’s between you and your God”....
I have never seen contributors get anything for open source contributions.
In larger, more established projects, they explicitly make you sign an agreement that your contributions are theirs for free (in the form of a github bot that tells you this when you open a PR). Sometimes you get as much as being mentioned in a readme or changelog, but that’s pretty much it.
I’m sure there may be some examples of the opposite, I just… Wouldn’t hold my breath for it in general.
So I usually browse the internet at random and sometimes stumble upon some interesting games. Today as I was going to sleep however, I remember I saw a game that I cannot for the life of me find the name again. Not even in my search history (as I regularly wipe those). Can anyone help me find it again? Here is what I know:...
It works in docker compose because compose handles relative paths for the volumes, the docker CLI doesn’t.
You can achieve this by doing something like
<span style="color:#323232;">docker run -v $(pwd):/data ...
</span>
pwd is a command that returns the current path as an absolute path, you can just run it by itself to see this. $() syntax is to execute the inner command separately before the shell runs the rest of it. (Same as backticks, just better practice)
I imagine that wouldn’t work on windows, but it would on either osx, Linux or wsl.
Generally speaking, if you need the file system access and your CLI requires some setup, I’d recommend either writing it in a statically compiled language (e.g. golang, rust) or researching how to compile a python script into an executable.
If you’re just mounting your script in the container - you’re better off adding it directly at build time.
I think I misunderstood your problem, I assumed the issue was the volume mounts and after testing it I was indeed wrong - the docker cli now accepts relative paths so your original command does the same as what I suggested. After re-reading your issue I have a different idea of what’s wrong, but would have to see your dockerfile (or for you to confirm) to be sure.
Do you add 10f.py to the docker image when you build it and do you specify the command/entrypoint in the Dockerfile? There are possibly to issues I can think of with how you do that (although considering the docker compose works it’s probably the 2nd):
You do add it and you add it to /data in the image - when you mount a volume over it would make the script no longer exist in the container.
You do add it and it’s not in /data - in this case the issue with running docker run -v ./:/data -w /workdir tenfigers_10f:v1 10f.py is the last bit - you override the command which makes it try to look for it at /data/10f.py, if you omit it the last part (10f.py) it should run whatever the original command was and assuming you set the cmd/entrypoint correctly in the Dockerfile it should see /data as ./ in python.
(Also when you run it with the CLI you might want to add -it --rm as well to the docker command otherwise it won’t really behave similarly to a regular command)
I almost never watch “shorts” but my suggestions for it seem to have an…uhhh…adult theme. I don’t watch any such thing with YouTube. Does everyone see garbage like this?
Mine isn’t like that but there can be a few reasons I’d guess at:
YouTube recommends you things other people in your household watch (which can extend to random people if your isp uses cnat and doesn’t give you an individual ip).
This one is more of a guess, but I’d assume a lot of people would click on that content, so if you never watch shorts maybe their algorithm just gives you the default recommendations.
If you watch adult content without protecting your privacy it’s most likely associated with your account in their recommendations.
Yeah the YouTube algorithm is one of the worst recommendations engines I have seen tbh. It actively removes types of videos I repeatedly search for from my recommendations, and fills it with garbage I never watch.
But in the case of op it looks like a 100% horny content ratio which seems excessive, even for yt.
For me, there are 2 specific things that annoy me to no end with it. 1 is my guilty pleasure, I love watching hour long videos from Asian channels where they just film restaurants or bakeries making food in large batches. Honestly, youtube seems to actively remove them from my feed. I have to search for them every 2 weeks despite watching this content at least weekly. The second is the opposite. At Christmas I searched for a video of a fireplace with music to put on as ambient background for dinner. My feed is chock full of 8+ hour music playlists now despite never having looked at another one. It’s been 4 months.
I don’t know what it is but i swear they have content they like showing you and content they dont like. If you want the former your experience will be OK. If you want the latter then they just decide you’re wrong and still get the former.
That could be part of the reason, but the NHS has rapidly deteriorated over the course of the last 5ish years. It used to be pretty decent not so long ago, and our taxes didn’t exactly drop. So while most public healthcare systems get strained over time due to the aging population problem, it shouldn’t be this drastic.
The pandemic has surely strained it, but it doesn’t feel like it’s on the path to recovery, more like circling the drain.
The 2 more obvious things (to me) as far as the reasons go: an absolutely malicious government - who would sell us all for meat if they could - with little competition and brexit (courtesy of said government)
I wonder if real zebras would look at meatless robot zebra exoskeleton walk away from being eaten and just be like “wtf we can do that? Why did I bother running away all this time?”
Agree that it’s misleading, but to add there is another significant concern given how glassdoor is already “pay to win” from the companies perspective: they could just offer identifying the users as a paid service.
It would be digging their own grave if that starts happening, but that doesn’t seem to be stopping many companies…
I’m in my first month of Usenet. I own several popular BluRay Movies but thought I’d save time ripping them manually and instead see what I could get off Usenet (NZBGeek + Eweka) now that my niece is visiting and needs entertainment....
Haven’t had any experience with eweka, but this is the reason why people tend to have multiple providers from different backbones and multiple indexers - to increase your chance for completion. Weirdly, eweka does not follow DMCA, but NTD which I’ve seen regarded as slower to take down content, so in theory the experience should be better, especially on fresh content.
Your mileage will vary greatly depending on what indexers/providers you pick and unfortunately it’s very difficult to say whether it will reach your expectations until you try different options.
If you’re willing to spend some more on it, you could try just looking for a small and cheap block account from a different backbone to see if it helps with the missing articles, but there are no guarantees.
Solar pumps are spreading rapidly among rural communities in many water-starved regions across India, Africa, and elsewhere. These devices can tap underground water all day long at no charge, without government scrutiny....
Maybe it’s me but the tone of the article reads to me like “the issue is solar pumps, they’re depleting groundwater reserves” whereas the point seems to be more that pumping groundwater is ungoverned and access to it is now easier than ever, thanks to solar powered pumps.
Unfortunately, doesn’t change that the issue exists.
Some are very easy depending on how the game works (at least on android). E.g. when pokemon go came out you could just go to developer settings (in android settings) and change your location to wherever you wanted.
Another super easy one is changing the time to get around timegated games.
The Cloudflare Poison
Daily reminder that sites “protected” by cloudflare are effectively MITM attacks. HTTPS is now even more worthless. Cloudflare can see everything. this is a known fact and not a theory....
Study Finds That 52 Percent of ChatGPT Answers to Programming Questions Are Wrong (futurism.com)
Linus Tech Tips (LTT) release investigation results on former accusations (x.com)
There were a series of accusations about our company last August from a former employee. Immediately following these accusations, LMG hired Roper Greyell - a large Vancouver-based law firm specializing in labor and employment law, to conduct a third-party investigation. Their website describes them as “one of the largest...
France vs. 'Shrinkflation': Starting July 1, All 'Shrinked' Products Must Be Labelled For Consumers (www.ibtimes.co.uk)
“CSAM generated by AI is still CSAM,” DOJ says after rare arrest (arstechnica.com)
U.S. governors urge Turks and Caicos to release Americans as Florida woman becomes 5th tourist arrested for ammo in luggage (www.cbsnews.com)
OpenAI strikes Reddit deal to train its AI on your posts (www.theverge.com)
Immich x FUTO Q&A (www.youtube.com)
Short version of this interview is that nothing is changing, other than they’re going to be asking a flat fee “$5-20” for the app, rather than relying on donations. All donation platforms have been closed. However, if you choose not to, as Louis says “that’s between you and your God”....
(Help) Name of (sandbox?) game set on space? (Found: Starsector)
So I usually browse the internet at random and sometimes stumble upon some interesting games. Today as I was going to sleep however, I remember I saw a game that I cannot for the life of me find the name again. Not even in my search history (as I regularly wipe those). Can anyone help me find it again? Here is what I know:...
Running docker image in specific folder (again, now with run)
Hello all !...
World faces ‘deathly silence’ of nature as wildlife disappears, warn experts (www.theguardian.com)
Loss of intensity and diversity of noises in ecosystems reflects an alarming decline in healthy biodiversity, say sound ecologists...
Am I the only one whose "shorts" feed is all basically softcore porn? (lemmy.world)
I almost never watch “shorts” but my suggestions for it seem to have an…uhhh…adult theme. I don’t watch any such thing with YouTube. Does everyone see garbage like this?
How to store digital files for posterity? (hundreds of years)
How to store digital files for posterity? (hundreds of years)...
Public satisfaction with NHS falls to lowest level on record (inews.co.uk)
Artificial prey animals (i.redd.it)
Reddit thread I got this from: old.reddit.com/r/…/artificial_prey_animals/
Users ditch Glassdoor, stunned by site adding real names without consent (arstechnica.com)
DMCA takedown requests - how responsive?
I’m in my first month of Usenet. I own several popular BluRay Movies but thought I’d save time ripping them manually and instead see what I could get off Usenet (NZBGeek + Eweka) now that my niece is visiting and needs entertainment....
Solar-Powered Farming Is Quickly Depleting the World's Groundwater Supply (www.wired.com)
Solar pumps are spreading rapidly among rural communities in many water-starved regions across India, Africa, and elsewhere. These devices can tap underground water all day long at no charge, without government scrutiny....
My RuneScape inspired indie fitness MMORPG WalkScape is looking for more beta testers (lemmy.zip)
Hello!...