At least JS code in a browser is sandboxed. A Notepad++ update is just rawdogging an executable on your bare metal, perhaps with admin privs even, and hoping for the best.
First, it wasn't even the developer who compromised people, here; second, scripts in most cases are orders of magnitude less dangerous than a windows executable.
And, in many cases you can get some protection from a developer going rogue (or not writing perfect code), it's not an all or nothing.
Valve actually don't forbid you to apply DLC distributed outside of their platform to apply to game you bought on steam though. There are tons of visual novel game distributed this way. Main game on valve and adult DLC on dlsite...etc only.
Besides that, almost all online game except for a few provide item though the in game store. I don't think they even need to pay for a cent to valve unless they want to use steam checkout service.
I wonder who ever used Steam would even buy this argument. It looks totally non-sense to me.
The guarantee of web page never edit file on your disk(only create new ones) does not hold on this api though. I know
it's what makes this api useful. But at the same time, there is big risk that user never expected this and results into giant security issue.
Firefox and safari are generally very conservative about new api that can enable new type of exploits.
At least firefox and safari does implement origin private file system. So, while you can't edit file on user disk directly. You can import the whole project into browser. Finish the edit and export it.
> When you're asked for an estimate, you've got to understand who's asking and why.
This is so real. Sometimes when you get a unreasonably big feature request. It always turns to be somebody don't know how to express their request correctly. And the management overexerted it.
Knowing something is wonky and knowing how to fix something wonky effectively without pissing anyone are completely different level of tasks though.
Knowing things is bad only requires knowledge of the product itself. But fixing it requires understanding of the whole infrastructure and members around the project.
An outsider can't do it. And the insider don't necessarily think the project is bad from his perspective. You would have to argue with him to convince him the project is bad. Which really don't bring any value to the outsider themselves. And it can even be harmful.
It seems depends on model and context usage though, the agent forgets a lot of things after half fill up. It even forgets the primary target you give at the start of chat.
Adding a new element still need dimension of the element and a bit JavaScript.(The whole page use < 100loc unobfuscated JavaScript) But resizing can be handled by css naturally.
I think the issue here is most people don't really have a good way to specify how masonry should work. And thus don't have a good implementation either.
Even the software itself does not signed with a validatable cert. How do the hijacker overcome the https cert though? It's 2025 now. It's extremely unlikely that anyone fetch binary with plain text http. Is wingup get compromised and have a cert leak? Or there is yet another root CA doing weird thing?
Well, you can actually write slow css if you make real deep nested flex container. And it's not even too rare. You can actually find such example in yhe wild.
The spec of flex layout requires it to layout its child elements several times to compute actual layout. Make it deep and nested without proper constrains will results in n*n*n*n… layout computations and bring down the browser on resize.
And there isn't really a way to confirm if it is configured in a secure way.
You either trust the developer or not.
reply