zlacker

[return to "The browser catches homograph attacks, the terminal doesn't"]
1. nullif+Uha[view] [source] 2026-02-06 07:20:19
>>MrBudd+(OP)
I would rather check urls with the following method:

  echo -e -n "https://іnstall.example-clі.dev" | python -c 'exec("""import sys, unicodedata\nfor ch in sys.stdin.read():\n  try:\n    print (ch, " ", unicodedata.name(ch))\n  except ValueError:\n    print ("codepoint ", ord(ch))\n""")'
instead of putting my trust in the hundreds of crates in this tool's Cargo.lock not having a supply chain attack.
◧◩
2. whatis+FKa[view] [source] 2026-02-06 12:06:15
>>nullif+Uha
How on Earth did something like this become the norm? I don't work with software like most here, but just opening the Cargo.lock file sets off an alarm in my brain.

After seeing how much stuff was pulled when I once installed a couple programs with cargo, I added it to the "don't touch a project if it's made with this language" pile, alongside NIM and Python (though Python I can't quite avoid).

[go to top]