@thegcat nein, das war an mir vorbei gegangen. tja, konnte ja niemand ahnen, dass die URL in einem Browser sicherheitsrelevant ist 🤦‍♂️

@thegcat ganz genau. Auf der einen Seite eine gar nicht so schlechte Idee, auf der anderen Seite, das auf scheinbar jeden User-Input anzuwenden ist ein bisschen crazy.

Was machen die denn da?! 🤯

@bassistance ach ja, same here. alles nicht so einfach 🙄

@thegcat My primary point actually was about my realization how bad Google search had become (talking both about UX and the actual results).

But to your point: Well, the way I see it is that by now we reached the point where you have to kind of look for a pareto optimum. Needing a search provider is out of the question. If you also value privacy, don't want to get “AI” pushed down your throat… options to choose from are kind of limited.

A very unsatisfactory situation if you ask me :(

DuckDuckGo kind of never really worked well for me[*]. So I kept using Google search. For a couple of months now I'm exclusively using @kagihq. And only then I truly realized how bad Google search quality had become. Sure, you can read about it everywhere, but holy shit! Classic boiling frog situation.

[*] I caught myself often g! and it just didn't feel as snappy

@hukl yeah, databases are pretty awesome and typically fast. I had plenty of people staring at me in disbelieve when I told them that we're querying tables with HUNDREDS of million records. MySQL in this case, on bare-metal, but nothing fancy and aside from proper indexes no special DB tuning whatsoever.

@mitchellh that’s great to hear! 💕

@bitboxer @mitchellh I never got into tmux. It never clicked for me. The different modes, lots of additional key combos to learn kind of turned me off too.

Are you using tmux with ghostty?

@mitchellh's ghostty is pretty awesome and very interesting to see what a fresh approach and great level of detail can produce. I love to see such a project not being build on web tech and being natively integrated into its ecosystem.

I am giving it a real try for a while now (coming from iTerm2) and it works really great. Font rendering is just awesome, emoji support works flawlessly… but maybe I'm not a shell power user b/c I can't really work without buffer search 🙈 https://github.com/ghostty-org/ghostty/issues/189

@olleolleolle uh nice! zizmor looks like another tool/linter for my GH actions workflows 😅

@olleolleolle looks like I'm not alone with this opinion, see https://github.com/actions/checkout/issues/485

@olleolleolle interesting. I should adopt this. From the actions/checkout README:

> The auth token is persisted in the local git config. This enables your scripts to run authenticated git commands. The token is removed during post-job cleanup. Set persist-credentials: false to opt-out.

I'd argue that's a pretty bad default. Most workflows only do a checkout and then their done with interacting with git.

@oldforest I should maybe have said Chrome- or Firefox-based. But I do get your point.

Although if someone decides to trust Google for example (which I personally don’t), that's okay. I am just baffled about how quickly and thoughtlessly people are installing seemingly random extensions.

All your VPN, TLS, strong authentication methods, regular OS and browser updates cannot protect you from a single malicious browser extension that can access every website you visit and execute arbitrary code.

2/2 #browser #security

While I do think browser extensions should be possible and well supported, I also VERY much like the strict enforcement of declarative APIs for filters etc.

I know quite a few people who are very adamant about security, but also have like dozens of Chrome/Firefox extensions installed. Most of them do require full read and write access to pages.

1/ #browser #security

@rodlie nevermind, found it: https://developer.apple.com/documentation/apple-silicon/about-the-rosetta-translation-environment

thank you for the hint 🙇‍♂️

Dear unnamed online service providers out there:

What is the point of allowing sign in via passkeys AND THEN STILL SENDING A F***** CODE VIA EMAIL?!?!!! It can't be to verify the mail is still valid. Because they do it on every. single. login!

They also do this when I use email+password+TOTP…

This is so stupid! 🤯

@rodlie oh damn. where did you get this quote from?

It was announced that the next macOS will be the last to support x86 so I was wondering what will be the future of Rosetta 2 (which works extremely well for me, including in Linux VMs).

In that context https://github.com/apple/containerization is something that positively surprised me from this year’s WWDC. They explicitly mention amd64 support through Rosetta 2, which gives me a little hope that Rosetta might be around for quite a while 🤞

#apple #WWDC25 #macos #containers