Oops, yeah. My bad, you're right. It makes sense that any flight server that is capable of interpreting server functions would be vulnerable whether the codebase used them or not. It's an issue in the transport mechanism and not the actual RPC implementation.
It's an RPC. They're half a century old. Java had RMI within a year of existence. [0]
> In remote procedure call systems, client-side stub code must be generated and linked into a client before a remote procedure call can be done. This code may be either statically linked into the client or linked in at run-time via dynamic linking with libraries available locally or over a network file system. In either the case of static or dynamic linking, the specific code to
handle an RPC must be available to the client machine in compiled form... Dynamic stub loading is used only when code for a
needed stub is not already available. The argument and return types specified in the remote interfaces are made available using the same mechanism. Loading arbitrary classes into clients or servers presents a potential security problem;
I’d like your opinion on something. What do you make of these allegations?
1) Romania: On September 28, 2015, Vice President Biden welcomed Romanian President Klaus Iohannis to the White House. Within five weeks of this meeting, a Romanian businessman involved with a high-profile corruption prosecution in Romania, Gabriel Popoviciu, began depositing a Biden associate’s bank account, which ultimately made their way into Biden family accounts. Popoviciu made sixteen of the seventeen payments, totaling over $3 million, to the Biden associate account while Joe Biden was Vice President. Biden family accounts ultimately received approximately $1.038 million. The total amount from Romania to the Biden family and their associates is over $3 million.
2) China- CEFC: On March 1, 2017—less than two months after Vice President Joe Biden left public office—State Energy HK Limited, a Chinese company, wired $3 million to a Biden associate’s account. This is the same bank account used in the above “Romania” section. After the Chinese company wired the Biden associate account the $3 million, the Biden family received approximately $1,065,692 over a three-month period in different bank accounts. Additionally, the CEFC Chairman gives Hunter Biden a diamond worth $80,000. Lastly, CEFC creates a joint venture with the Bidens in the summer of 2017. The timeline lays out the “WhatsApp” messages and subsequent wires from the Chinese to the Bidens of $100,000 and $5 million. The total amount from China, specifically with CEFC and their related entities, to the Biden family and their associates is over $8 million.
3) Kazakhstan: On April 22, 2014, Kenes Rakishev, a Kazakhstani oligarch used his Singaporean entity, Novatus Holdings, to wire one of Hunter Biden’s Rosemont Seneca entities $142,300. The very next day—April 23, 2014—the Rosemont Seneca entity transferred the exact same amount of money to a car dealership for a car for Hunter Biden. Hunter Biden and Devon Archer would represent Burisma in Kazakhstan in May/June of 2014 as the company attempted to broker a three-way deal among Burisma, the Kazakhstan government, and a Chinese state-owned energy company.
4) Ukraine: Devon Archer joined the Burisma board of directors in spring of 2014 and was joined by Hunter Biden shortly thereafter. Hunter Biden joined the company as counsel, but after a meeting with Burisma owner Mykola Zlochevsky in Lake Como, Italy, was elevated to the board of directors in the spring of 2014. Both Biden and Archer were each paid $1 million per year ( note: I am quoting a source here. I’ve always seen this number at 500k, not 1M ) for their positions on the board of directors. In December 2015, after a Burisma board of directors meeting, Zlochevsky and Hunter Biden “called D.C.” in the wake of mounting pressures the company was facing. Zlochevsky was later charged with bribing Ukrainian officials with $6 million in an attempt to delay or drop the investigation into his company. The total amount from Ukraine to the Biden family and their associates is $6.5 million.
Are people that ignore these ‘feckless traitors’? Why or why not?
Why do you think that I'm going to defend Biden? Politics are not sports, and I don't have a "favorite team". Your silly gotcha questions won't work on me because I don't reflexively defend people just because they are supported by corrupt political organizations.
Two wrongs don't make a right, and one person's crimes do not excuse another's. Arrest them all.
We need fundamental changes in our political system, and we're not going to be able to achieve anything if you keep pretending like these whataboutisms are worth anyone's time. Wake up.
Is this really that much easier than matching paths and query strings yourself? I'm glad that there is an official API now, but this article didn't really show me anything to get excited about as someone who has built several client-side routers from scratch.
URLPattern can be plenty fast if you use them in a fast data structure, like a prefix tree as pointed out in that first link. And there's no reason why URLPattern can't do that.
So I went and made an implementation of URLPatternList that uses a prefix tree and is 20-30x faster than a linear scan for large lists of URLPatterns: https://github.com/justinfagnani/url-pattern-list
Whose implementation, specifically? I don't think as specified URLPattern has any inherent performance drawbacks compared to the alternatives, but it seems like V8/NodeJS/Deno definitely didn't thought closely and/or clearly about performance when they did theirs.
All three of those use the same implementation. I would hope that this will be improved over time, but it's not a guarantee by any stretch of the imagination.
Thanks, I wasn't sure, as I thought Deno used V8 but then the issue linked earlier shared "The implementation of URLPattern in Deno is super non-performant" so it seemed to me like Deno maybe had their own implementation instead of using the V8 one.
The thing is, performance in that particular context hardly matters, unless you're forcing users to switch pages faster than 1 page per second. Even if each resolving takes 0.1 seconds (which be bad, don't get me wrong), 99% of users wouldn't notice a thing, and if you're a small agency/shop/company/team, focusing on more general things tends to be time spent better.
Imagine doing a call to a remote authentication service to check who has access to what :) Regardless, performance is usually not the biggest problem in those types of routers.
I'm sorry, but this is just incorrect. Have you ever heard of ljharb[0]? The NPM ecosystem is rife with polyfills[1]. I don't know how you can make a distinction on which libraries would be used for "local scripting" as I don't think many library authors make that distinction.
[0] - TC39 member who is self-described as "obsessed with backwards compatibility": https://github.com/ljharb
Yes. I'm on TC39 as well, and I've talked to Jordan about this topic.
It's true that there are a few people who publish packages on npm including polyfills, Jordan among them. But these are a very small fraction of all packages on npm, and none of the compromised packages were polyfills. Also, he cares about backwards compatibility _with old versions of node_; the fact that JavaScript was originally a web language, as the grandparent comment says, is completely irrelevant to the inclusion of those specific polyfills.
Polyfills are just completely irrelevant to this discussion.
Unfortunately we've had endless waves of botnets attempting to subscribe thousands of fake email addresses to us over the years, and while our IP reputation system helps keep this at bay, it's also catching quite a lot of legitimate users now thanks to the prevalance of VPNs. So we'll need to come up with a new approach. (And no, even Cloudflare Turnstile isn't enough to keep them away, sadly, as there are plenty of human-backed adversarial networks too trying to make scam Gmail addresses look legit by subscribing them to newsletters.)
However, we do subscribe many people manually, and we also have RSS - http://javascriptweekly.com/rss - so you don't have to deal with email at all if you don't want to. There are also numerous other options out there, which I've linked in a sibling comment.
reply