I think the correct solution is to use a keyring. On Linux there's gnome keyring and last time I worked on a IOS app there was something similar.

This does mean entering your keyring password a lot.

https://en.wikipedia.org/wiki/GNOME_Keyring

> This does mean entering your keyring password a lot.

Not when you put that keyrings password into the user keyring. I think it is also cached by default.

Then what stops the malware accessing the keyring?

The security boundary on the OS is the user of the process. If you run the malware under the same user as the key, than yes of course it has access. But in production you don't run software under the same user, and on the developer machine you wouldn't put the production key in the user keychain.

On disk, it’s encrypted. The running service, at least on macOS, only hands the item out to specific apps, based on their code signing identity.

Who signs an "app" when I download it from Homebrew?

If all Homebrew "apps" are the same key then accepting a keyring notification on one app is a lost cause at it would allows things vulnerable to RCE to read/write everything?

It's a tragedy of the commons. Even if you don't use Cloudflare does it matter if no one can pay for your products.

Always use theses in testing don't ask me how I know.

No it's a neoliberal thing. Rather than the government doing the thing. They hand out massive subsides and hope it gets done.

Developer time is more valuable than user data. The market is being efficient.

I think you're assuming an ideal world where there's no information asymmetry, all the market participants receive and understand all the information and the risks, and clients could realistically move to an alternative platform that provably handles things better.

Externalized costs aren't weighed in that calculation

No.Just greedy.

Can we get "HTTP 402 Payment Required" working now?

I think it's software is made with the American market in mind. And local businesses use it as is and profit.

Yeah that was my assumption as well.

There's no custom of tipping that much at any of these places, but I feel cheap just clicking the lowest (no tip) of 4 options. Maybe all the time I've lived in the US plays a role here but it seems like it might just be the decoy effect [1] applied to tipping. It will be interesting to see if consumers see this as a dark pattern and push back.

[1]: https://en.wikipedia.org/wiki/Decoy_effect

In Sweden a lot of the software with tipping option is made by Swedish companies who only operate on the Nordic markets.

It's malware it does something malicious.

Parse this JSON correctly ```json { "data": "XXX", "sig": "BAD", "sig": "GOOD" } ```

In a security sensitive context, a parser should return an error on a duplicate key regardless what common parsers do and what the RFC fails to specify.

Implicitly, that means no security software dealing with json should be written in Go, Javascript, ruby, python, etc (where practically everyone uses json parsers that silently ignore duplicate keys)

Plenty of languages do have common json libraries w/ duplicate key errors, like haskell (aeson), rust (serde_json), java (gson, org.json, probably others), so there's plenty of good choices.

So yeah, correct parse result is '400 bad request'

For Java, I think you mean Jackson, not gson, unless something has changed recently. Goes to show that even the behemoths can get this wrong.

https://github.com/protocolbuffers/protobuf/blob/6aefdde9736...

I overwrite with the last one.

Strictly not a parser problem.

Csv is also available.

And binary protocols, with index based implicit keys are and byte length prepended to variable length fields. Those are the gold standard (see ip and tcp headers.)

That is a harsh characterisation of the work done by Tesla.

Battery swapping isn't some top-down authoritarian decision made by the CCP and forced into the Chinese society.

Nio is just a company that's providing a much needed solution to this problem.

They also have 2% ev marketshare in China, because its still an expensive and complex feature that has downsides that the previous comment mentioned. Like these high energy batteries are dangerous as the can burn quite spectacularly, so I personally would not want to take and remove one from my car every charge hen I can wait a few minutes at a regular charging station that is much more common than a replacing station.

I don't think a battery swap is more dangerous than the current fuel stations where you can just use your lighter and set everything on fire

I think swappable batteries may be a more practical solution for heavy trucks rather than cars. They have the advantage that they are already built to carry heavy things loaded by forklift, unlike cars.

There's an Australian company https://www.januselectric.com.au/ doing them. They do electric conversions on existing trucks.

I agree, but there are aggressive subsidies around electric vehicles and general graft. Similar things happen in most countries but in dictatorships things can go to absurd levels when it aligns with the current policy.

Those subsidies can be more easily justified by climate change. Also I don't think they approach the historic, multi-decade subsidies to fossil fuels

Working on it but there are still elections scheduled.

Russia, China, Iran and North Korea all have elections too. I don’t know if there’s a single contemporary dictatorship which doesn’t have elections.