https://www.watching-grass-gro...

We have very good reasons to distrust the virology community: Peter Daszak and the fact that he enjoys the support of that community.

-- He organized and signed the Lancet statement against the lab-leak theory, without disclosing his conflict of interest as a collaborator with the WIV.

-- He kept his EcoHealth Alliance 2018 proposal to insert furin cleavage sites into bat coronaviruses at the WIV secret, until it was leaked in 2021. A normal person would think it was obviously their moral duty to release any information potentially relevant to the origin of COVID. This alone made it clear Daszak cannot be trusted.

-- He has claimed that since the proposal was not funded, the work must not have been done. Every scientist knows that if you don't get funding from one source, you often pursue the work regardless.

-- A recent Senate hearing asked him whether he ever asked his collaborator Shi Zengli whether the work went ahead. He said he has never asked her. That's unbelievable unless he deliberately didn't want to know, in which case it's totally irresponsible.

The virology community and the NIH have closed ranks around this guy, so I don't trust them either.

(I'm going to write this comment from memory rather than look up all the references I'd need to double-check. This means that it's my memory of technical stuff that happened over the past 20 years. My memory of technical details from 20 years ago isn't perfect, so I'll probably get a few things wrong. I'm also writing it using "we" to refer to groups I was part of at the time -- which in some cases are and in some cases are not groups that I'm part of today.)

The behavior that's being removed here isn't really a "bug". Back in CSS1 and/or CSS2, the spec for floating ::first-letter (or, in CSS1, :first-letter), was much more vague. I think it roughly allowed implementations to do standard inline layout, but said that they had the option of trying to do layout better. Gecko (the engine used in Firefox) was the only browser implementation that took that option.

In particular, Gecko's behavior was to actually use the bounds of the glyph (rather than the font metrics for the whole font) to do layout for a floating first-letter, so that there wouldn't be extra space around it and it would align better. This was a better default behavior, but it was also somewhat less controllable since some of the standard inline layout properties (like line-height) didn't apply.

It also turned out that this better behavior wasn't good enough to really do good typographic first-letter effects. Maybe about a decade after Gecko implemented the glyph-wrapping behavior for floating first-letter, some folks (primarily Dave Cramer) who were interested in doing better initial letters came to the CSS WG and developed (over a period of years, with quite a bit of interaction and discussion in the working group) a new set of CSS properties with a substantial spec (at https://w3c.github.io/csswg-drafts/css-inline/#initial-letter-styling ) to address first-letter typography.

At some point during the progres of that work, one question that came up was whether the spec should continue to have this vague allowance that implementations could try to do something better (as Gecko, and no other browsers, were doing). Given that we knew at this point that the Gecko behavior, while better, wasn't sufficient to do good typography, this seemed like the right thing to do. As one of the Gecko representatives on the CSS WG, I absolutely could have objected on the basis that we *were* doing something better and would like to continue to do so, and such an objection probably would have led to the WG not removing that allowance from the spec. But removing the allowance, and moving towards better interoperability, was the right thing to do, so I supported removing it. (That's also when I commented on and reopened the bug being discussed here.)

That said, it also didn't seem like removing the better behavior from Gecko was the right thing to do until we had implemented the *even better* new spec with the initial-letter-* properties, which would allow Gecko users to see better-quality typographic first-letters in the new way. (Though there's an obvious trade-off there between quality and interoperability. The opinions of standards bodies and implementers for the Web platform have changed a good bit over the past 20 years on how to make such tradeoffs -- generally towards stricter interoperability at the expense of allowing implementations to do "better" things.) So, back when I was working on Gecko, I thought that we should keep it until we'd implemented the new initial-letter-* properties. It seems like the folks currently working on Gecko made the opposite call. But I think both decisions are reasonable -- there's a real tradeoff there (though the inputs into that tradeoff are likely changing over time as well).

So, really, just saying "hey, they fixed a really old bug" isn't that useful a point to make. There's much more history there. (Also, see https://dbaron.org/log/20080515-age-of-bugs which I wrote 14.5 years ago in response to general criticism about the age of bug reports.)

Since he bought Twitter, Tesla is down ~30%. The other automakers are about even. He's spending all his time on Twitter, while Tesla is on a backburner (with increasing numbers of recalls, WAY up compared to a couple of years ago). And no one I know would now want to work there. He'd be lucky if his $44B investment was now worth even half that if he tried to sell it (maybe far less than that).

(Former Mozilla Distinguished Engineer here FWIW.)

Parsing WebAssembly modules does represent a small increase in attack surface, and there is additional attack surface if the browser has a dedicated WASM interpreter or JIT compiler. But in Firefox, for example, the WASM optimizing compiler uses the same Ionmonkey infrastructure as the JS engine so there isn't much new attack surface in that JIT compiler. That is very different from say Flash which had its own entirely different compiler.

WASM applications use the same browser APIs as JS does, so there is no new attack surface there. That's a big deal and one of the benefits of WASM's design over say (P)NaCl.

Overall, yeah, WASM adds some attack surface, but not much compared to the rest of the browser. And it's all contained in the sandboxed renderer process(es).

But it's ok, they won't be selling you out to advertisers, they'll show you the ads and be the middleman collecting money in both directions.

Not that it matters much, VR is pretty fucking pointless once the novelty wears off.

Stallman is 68 years old. He's had plenty of time to learn social graces with or without assistance.

If he is unable to interact appropriately with other people and unable to learn how, then we can have compassion on him, but he is poorly qualified to be on the board of a public-facing organisation.

He's not referring to the transaction rate there.

Oops, a basic mistake just destroyed your credibility!

Facebook has been doing this since forever.

You're absolutely right. This just a hyperbolic attack based on a misunderstanding of what PWAs are.

Yes, and it's still there on mobile! The removal of SSB is only for the desktop.

Why would he buy something near the peak of its bubble?

Besides, it is only going up like it is because people expect the US dollar to crash as America begins its second civil war. They wouldn't be digital goldbugs if they didn't entertain fantasies of collapse.

What these numbnuts are too dumb to understand is that they can't actually use their bitcoin without a functioning Internet, and not only does the president, legitimate or orangewise, have the "kill switch" at their disposal, and plenty of "national security" rationalization to use it, the infrastructure itself will be damaged by the partisan fighters seeking to deny any communication advantage to their enemies. Their stupid fantasy is unavoidably self-defeating.

It's a troll post. He doesn't even mention breakthroughs in distributed version control, CI, Rust, machine learning, the cloud, etc, that have changed everything.

Please explain to your parents how they should trust that their vote is secure with PKI. I'll wait...

Voting requires trust and anonymity. Having anonymous electronic bits that can be silently manipulated by dedicated actors makes it a solution that is impossible to trust. You cannot convince a large enough group of the population that it's trustworthy. Hell, we have people that are claiming that the paper ballots are being manipulated even with no evidence of it. All you need to do is put some doubt in people's minds and it will unravel quickly.

Everyone loves to use banks as examples of industries that can make a secure system. Except they're hacked regularly and people are constantly defrauded. Banks are able to keep trust by /not/ having anonymity. They're able to go in and fix transactions. If you slip up and give your credit card number to a phishing website they can revert all the transactions because they know who you are and what you did. Voting requires anonymity so it's not possible to fix situations where people are tricked or coerced into voting a certain way.

https is about much more than just protecting "financial" or "security" information. For example people browsing over http can be redirected to arbitrary destinations as a DDoS attack. See https://en.wikipedia.org/wiki/...