It's also an answer to caching with /nix/store. I wish more cloud services supported "give me your nixosConfiguration or something similar" instead of providing api to build containers/vms imperatively. Dockerfile and everything that mimics it is my least favorite way to do this.
In fact, it is a common practice to use the latter to install NixOS on new machines. You start off by booting into a live USB with SSH enabled, then use nixos-anywhere to install NixOS and partition disks via disko. Here is an example I used recently to provision a new gaming desktop:
Less about IaaS providers, more about PaaS providers that often abstract away image you're running and tell you "just run pip/apt/gem install whatever".
Same with the CI platforms, instead of `setup-*` steps in GHA it could have just take flake in. Yes, I know I can build OCI image with nix, again, not the issue.
My private CI runs on top of nix, all workers on the same host share /nix/store. My pipelines focused on running actual things rather than getting a worker ready to run things. If I didn't want output to be parsed by CI, I could have just reduced my pipeline to `nix flake check`.
I share the exact same pipeline and worker image across multiple projects in multiple languages, all because everything is hidden behind devenv's tasks. When I switched project different rust and node versions, I didn't have to touch my CI at all. When I added a bunch of native deps that usually needed to be installed separately on GHA - again, didn't have to touch anything beyond my nix env once.
Incomes are up, but the expenses are up as well, especially with the upcoming changes in healthcare for people on the ACA.
Also any comparison of wage growth vs corporate profit growth over the last 30 years shows that wages have not kept pace with the increase in productivity.
So incomes are only just barely keeping up, when they should be booming.
Household income is more than just wages. Household income can go up while wages remain stagnant or shrinking because other pieces of the pie are increasing (e.g. work benefits, investments, money from the government). https://fredblog.stlouisfed.org/2016/09/sources-of-household...
The price of housing can rise even faster than incomes.
Housing is only a part of the basket used to measure inflation. Housing's price rose faster than the weighted basket average, some other goods and services rose slower or even fell.
Many people don’t see housing inflation - if you bought a house in 2020 and house prices were up 80% since then it doesn’t affect your housing costs, especially in the US where mortgage rates are fixed for length of term even if interest rates sky rocket.
As long as accommodation isn't 100% of your basket of goods and services you use to measure inflation, accommodation can rise in price faster (or slower) than the basket. This ain't exactly rocket science.
If the mandatory basket item expense raises, it should also become a larger portion of basket, as the basket is supposed to measure the cost of living. So either CPI is not properly measuring the cost of living, or there isn't an affordability crisis.
You cannot have rising inflation adjusted wages and worse spending power, unless the inflation is not being measured meaningfully.
Yet more and more people are struggling to afford even basic necessities and one can only dream of the luxury of the 50's when a single working class person was able to pay and cover for housing, car, family and even have enough for leisure. Where has all the economic surplus gone? Right...to the bourgeois, the capital owning class that exceedingly extract more and more of the wealth generated by the society.
Agree, for modern React with hooks. A React component looks like a normal function, only you can't call it. Only React can call it, in order to set up its hooks state.
Missing from the article: how to communicate progress and failure to the user?
This is much more complicated with task queues. Doable still! But often skipped, because it's tempting to imagine that the backend will just handle the failure by retrying. But there are lots of kinds of failure that can happen.
The recipient's server doesn't accept the email. The recipient's domain name expired. Actually, we don't have an email address for that recipient at all.
The user has seen "got it, will do, don't worry about it" but if that email is time sensitive, they might want to know that it hasn't been sent yet, and maybe they should place a phone call instead.
A click handler can be doing a lot of things that aren't much like a button, like letting you close a modal if you click outside of it, capturing mouse events for a game, or passively recording events for analytics. All that a click handler tells you is that there's some code that sometimes cares about some clicks somewhere inside that element.
Lets you create your own API for what code is allowed to create arbitrary, potentially unsafe HTML at runtime, so you can allow secure templating systems but disallow code that just concats strings together naively.
It is also painful when your app gets hacked, accounts get taken over and abused, user data is compromised, and so on. For serious sites it's worth the pain to turn on security enforcement features.
Ok, but be sure to make it optional. Putting 10 locks on your door is great for security, but it's not for everyone.
And instead of this security feature some might want to take a more fundamental look at security which might lead them to a completely different design. Again, make it optional.
So, they have a custom decode function that extracts info from unprinted characters which they then pass to `eval`. This article is trying to make this seem way fancier than it is. Maybe GitHub or `git diff` don't give a sense of how many bits of info are in the unicode string, but the far scarier bit of code is the `eval(atob(decodedString))` at the bottom. If your security practices don't flag that, either at code review, lint, or runtime then you're in trouble.
Not to say that you can't make innocuous looking code into a moral equivalent of eval, but giving this a fancy name like Glassworm doesn't seem warranted on that basis.
Yeah, doing eval(extract_and_decode(file)) is marginally sneakier than eval(fetch_from_internet()) , but it's not so far as being some sort of, er... "mirror life" biology.
