zlacker

[return to "The browser catches homograph attacks, the terminal doesn't"]
1. nullif+Uha[view] [source] 2026-02-06 07:20:19
>>MrBudd+(OP)
I would rather check urls with the following method:

  echo -e -n "https://іnstall.example-clі.dev" | python -c 'exec("""import sys, unicodedata\nfor ch in sys.stdin.read():\n  try:\n    print (ch, " ", unicodedata.name(ch))\n  except ValueError:\n    print ("codepoint ", ord(ch))\n""")'
instead of putting my trust in the hundreds of crates in this tool's Cargo.lock not having a supply chain attack.
◧◩
2. whatis+FKa[view] [source] 2026-02-06 12:06:15
>>nullif+Uha
How on Earth did something like this become the norm? I don't work with software like most here, but just opening the Cargo.lock file sets off an alarm in my brain.

After seeing how much stuff was pulled when I once installed a couple programs with cargo, I added it to the "don't touch a project if it's made with this language" pile, alongside NIM and Python (though Python I can't quite avoid).

◧◩◪
3. mayhem+rbb[view] [source] 2026-02-06 14:49:35
>>whatis+FKa
Go write a floating point package, by yourself (no AI assistance), from scratch. Then you will understand.
◧◩◪◨
4. whatis+mdb[view] [source] 2026-02-06 14:59:24
>>mayhem+rbb
Sure, the decision to "offload" some components is understandable, and sometimes preferred (crypto libs, etc). We're not all masters of every field. But if you do it 200+ times I'll question what you're even trying to do.
[go to top]