There are a lot of us keeping RSS alive. I've been working on a very minimalist RSS reader in Phoenix LiveView for like a year now if anyone is interested in trying out another reader: https://catnip.vip
I absolutely love smooth scrolling in the VTE terminals on Linux, but I can't find anything other than maybe the default terminal app (which I don't like) and iterm2 (which I don't like) that does it on Mac. As the author said, just about every terminal has a GH issue open asking for it with nothing but 'this would require rewriting a lot'
Cause that's not what it's for? It's like the opposite of headless components. It's all head and no component. That's what you're buying. I think that's pretty clear cause that is what Tailwind is. It's CSS, not a component library. That's what this thing is.
> If you'd rather write any necessary JS yourself or want to integrate with a framework other than React or Vue, we also provide every Tailwind UI component example as vanilla HTML that you can adapt yourself.
The js they use is mainly just showing how to hook headlessui up. Tailwind ui was never about buying fully fleshed ready to go react/etc components. They were building blocks you adapt. Guess a lot of people missed that and assume it’s copy paste. Catalyst will become that hopefully.
Yeah they're not even deprecated really, that's the wrong word. That implies there not actively encouraged to be used. They just moved them to their own repo outside of eslint itself.
> If you can inject javascript, it's game over anyway.
Yeah, but as you pointed out the one thing you can't do is get the cookie. Having the auth token yourself as the attacker is a way different story then just having XSS vulnerabilities. You can still "do" a lot, but you still have to get another user with the token you want to interact with the page with your XSS to "do" what you want.
> You can still "do" a lot, but you still have to get another user with the token you want to interact with the page with your XSS to "do" what you want.
Then again, why bother with the tokens if you have XSS access as an attacker? I'd simply show the user a login prompt and take their password when they type it in.
Self advertisement but I'd appreciate anyone trying out my RSS aggregator which is kinda like HN in terms of design (be warned it's really rough right now though) https://catnip.vip
I don't really think so. In the middle ages, punishments for all sorts of crimes were pretty severe--but partly because the vast majority of crime would go unsolved. If you're a peasant in the middle ages and some valuables go missing, who's going to track that down for you? It's not happening unless you know for sure it was your neighbor or something.
So yeah, when they would catch a thief they would receive some pretty harsh punishment. But it didn't stop much. Theft in the middle ages was rampant.
Humans are pretty bad at making calculations involving a really bad outcome at a 5% chance of happening, or those sorts of things. Theft persists today as it did then, just because it's really hard to investigate and so generally goes unpunished.
That seems to kind of go against the spirit of doing the work to find a vulnerability. It's basically social engineering. Do you get bug bounties for that?
The spirit of HackerOne is to encourage hackers to disclose rather than exploit for the reward of money. It makes a lot of sense that they's pay generously as a public statement to any hackers that find vulnerabilities on their systems.
I'd argue it's with the spirit, it's just that the vulnerability resides within your employees rather than your systems. Both are worth a call out and correcting. It's arguable how much either is worth, that being said.
