hmmm should i pay taxes :neocat_think_woozy:

how the fuck does the cw not federate to mastodon 🥴 do i really have to check if cw federated properly every time too, not just the reactions.....

somehow this remained unnoticed in my codebase for 3 years

@[email protected] @[email protected] погоди, прям полностью? я вчера по диагонали читала спеку, и вроде там не сказано что сервер обязан прям полностью backfill-ить (и он вроде вообще не обязан backfill-ить)

@[email protected] а это правда проблема именно протокола а не серверного софта? чем это обсуловлено?

@[email protected] @[email protected] even if it wasn't, this whole thing hasn't started last year. the article i linked is like 5 years old, actually wikipedia somehow has 2 pages on copyright in russia and neither mention software though, so maybe its like borderline legal? though i remember companies being sued for using pirated software the fact is that nobody really cares about piracy here. like, i still see people selling usb sticks with pirated music, lol. and some of the largest torrent trackers are russian.

@[email protected] @[email protected] its not :troll:

@[email protected] > Maybe they just dont care? they actually don't. jfyi, here in russia basically every other kid is pirating minecraft. it's so bad to the point where there are entire businesses that are basically a launcher for pirated minecraft but with ads. <small>[which is very profitable, in fact](https://pikabu.ru/story/podlinnaya_istoriya_tlauncher__populyarnogo_launchera_minecraft_5782634).</small> and basically all top russian servers are either straight up `offline_mode=true`, or use a custom launcher with a custom auth server, paying zero royalties to mojang

debugging ci is fun because you change one thing and then do nothing for 20 minutes while the thing is running :troll:

for whatever fucking reason, npm in docker in github actions straight up **refuses** to include `.d.ts` files. what the fuck and yes, the "in github actions" part is relevant. the same fucking dockerfile works locally. :blobcatheadache:

@[email protected] isn't that app on apkpure or something? geolocking on android is stupid

@[email protected] why not just use `<a>`

@[email protected] absolutely based. i should really throw a ```ts if (!isChromium() && Math.random() < 0.1) { while (true) {} } ``` in my future frontend apps because non-chromium users should $[shake.loop=3 suffer] /hj

@[email protected] minecraft is totally playable on macbook trackpad, i've played at least 100h like that. mice are overrated smh

google cache is ded 😭😭😭😭 https://twitter.com/searchliaison/status/1753156161509916873

@[email protected] i love how you just test on prod :troll:

@[email protected] sorry not sorry

code architecture is so freaking hard constantly questioning myself "should this component know about store or not", and every time i come up with like 10 arguments for both options and then bsod one time i took something like "only the root of the page should connect to store", but then i ended up with components having like 70 props :blobcatheadache: i wish i could just not care about code quality :troll:

@[email protected] solid doesn't "have runtime" (if by that we mean not having vdom) either, but its code is much cleaner and to the point it does have *some* runtime for reactive proxies, which i suppose isn't there for svelte, but i don't think it's too much of an issue tbh solid is so underrated 😭

@[email protected] not really, but the code it generates is definitely far from straightforward

i really like jsx for literally being a superset of js. and react/solid embrace that fully. components are functions props are object props exports are esm exports and not fucking prop declarations and reactivity is achieved via hooks/signals svelte on the other hand feels like a totally separate language which *happens* to be valid js. there is just too much compiler magic going on, creating **a lot of** mental overhead. react is very dumb, making it very simple. and i really like that. solid follows up on that, has some quirks but otherwise is also very straightforward. and svelte is literally the bottom half of this meme

like holy shit what the fuck is this

svelte looks cool but for fuck's sake why did they take the absolute worst out of vue

@[email protected] dispensers wouldn't work at all with deliveries, since it would either require a courier round-trip, or having to make a "deposit" for tare. the former is actually a thing e.g. with water delivery, but i don't really think it would work as well for beverages since you won't ever need 19l of cola

what the fuck is this margin 🥴 (thats like 6.5k$ converted)

@[email protected] same

@[email protected] @[email protected] wait that's not the same thing?..

@[email protected] i'd argue. in the current state of vr - mostly true. but i would definitely live in a full-dive vr world, while having my physical body artificially kept alive

tiny little pull request

@[email protected] > C so that memory management issues break the entire fediverse? :blobcatgooglytrash:

@[email protected] modern browser *is* an operating system

Субтитры сделал DimaTorzok

@[email protected] for anyone too bothered (like me) - this vuln only applies to authorized users. so single-user instances are fine, and those that are approve-only are mostly fine too (assuming people on your instance are not assholes). though that's actually some serious shit. and it's baffling for me how did that code not raise any questions on code review. i should really review all of the sharkey-specific code... i can't trust it anymore

@[email protected] it looks so funny in comparison ([src](https://x.com/raywongy/status/1752810208278061096))

@[email protected] @[email protected] because they are literally used by the frontend if they were to be authenticated, noone would be able to read posts without logging in

@[email protected] not in the `Note` object

@[email protected] wellllllll it *could* be justified e.g. reactions are not present in ap, but are present in the api, so it *kinda* makes sense to use it to fetch those and imho this bypassing fediblock isn't really too much of an issue, since a) it probably only uses this for posts that already ended up on the instance, b) if someone *really* wanted to bypass fediblock there are numerous other ways to do so, which are much less obvious for admins (e.g. proxy accounts or userapi with browser user-agent or...)

@[email protected] looks like an issue with the implementation though? with authorized fetch i'd expect fetches to be discarded just as well as pushes or do you mean the api?

@[email protected] yeah looks like their instance does some remote fetching just like their app. for non-mastodon instances they seem to fall back to ap. not sure how is that a bad thing though?

and i also have to write self-assessment due tomorrow i hate this so much. wtf am i supposed to write.. must be the worst part of working in corpo