The other day I was driving on the Autobahn at 3:30am and there were literally no cars around me. These Germans always go on and on about how the Autobahn is so fucking great, but then they are not using it? You have to be really stupid to not see how that illustrates why the entire country is going to shit

Do it anyway. Having anything behind a TLD that is tied to the political control of a tiny geographic area is insanely careless

Drunk people might accidentally get pregnant and help with the population. Really an obvious move

I'm calling bullshit on any user count they release. The site was filled with bots even when I still used it. People kept complaining about "karma farmers" as if there were users who repost popular content. It has always been largely Reddit's own bots too keep new users entertained and recycle popular content so that it reaches as many users as possible. They turned this up to 11 before going public.

Now that they no longer provide an API, they are free to make up any fake metric they want to try to pump up their worthless stock.

There are many ways your real IP can leak, even if you are currently using Tor somehow. If I control the DNS infrastructure of a domain, I can create an arbitrary name in that domain. Like artemis.phishinsite.org, nobody in the world will know that this name exists, the DNS service has never seen a query asking for the IP of that name. Now I send you any link including that domain. You click the link and your OS will query that name through it's network stack. If your network stack is not configured to handle DNS anonymously, this query will leak your real IP, or that of your DNS resolver, which might be your ISP.

Going further, don't deliver an A record on that name. Only deliver a AAAA to force the client down an IPv6 path, revealing a potentially local address.

Just some thoughts. Not sure any of this was applicable to the case.

There are many ways to set up something that could lead to information leakage and people are rarely prepared for it.

I feel like most people base their decision on license purely on anecdotes of a handful of cases where the outcome was not how they would have wanted it. Yet, most people will never be in that spot, because they don't have anything that anyone would want to consume.

If I had produced something of value I want to protect, I wouldn't make it open in the first place. Every piece of your code will be used to feed LLMs, regardless of your license.

It is perfectly fine to slap MIT on your JavaScript widget and let some junior in some shop use it to get their project done. Makes people's life easier, and you don't want to sue anyone anyway in case of license violations.

If you're building a kernel module for a TCP reimplementation which dramatically outperforms the current implementation, yeah, probably a different story

As others have already pointed out, you must rotate the key. I don't even put any restrictions on that. Once you have shared a secret in any way, it is no longer a secret. Don't try to avoid work, just because it is an inconvenience. Convenience is the enemy of security.

Rotating your key is not enough though. Verify that it wasn't used. API providers also often provide audit logs to show when credentials were used and from which location. If someone had your key only for a second, they could have used it to generate a new key you don't even know about. Audit!

Chrome is the backdoor and you already installed it

Laws

Says the guy who funnels his entire wealth through a foundation to avoid paying any taxes. Just like he told Epstein to do. Love you Bill

Smoking is redundant today. Kids are getting enough cancer from the environment already.

SO is a shithole, just like Reddit. All the work is done by volunteers. When it was time to cash out with the platform, they also did several things to fuck with their community. I've contributed quite a bit to the trilogy sites, and served as a moderator. I regret every second of it. But at least a few people got rich in the process.