Why is vendoring frowned upon, really? I mean, the tooling could still know how to fetch newer version and prepare a changeset to review and commit automatically, so updating doesn't have to be any harder. In the end, your code and the libraries get combined together and executed by a computer. So why have two separate version control systems?

Vendoring doesn't entirely solve the problem with hidden malicious code as described in the article, but it gives your static analyzers (and agents) full context out of the box. Also better audit trail when diagnosing the issue.

The repository suddenly contains thousands of files that I need to worry about. With regular locked-dependencies (but non-vendored) like Cargo.lock does, I have them contained in archives with well-known hashes that other people have also looked at.

If I have to manually match the content of the vendor/ folder with the contents of the Cargo.lock referenced source code anyway, I could just use Cargo.lock directly without having to concern myself with the thousands of files in your vendor/ folder.

I agree. Also, very different world from Rust, but shadcn has popularized this for UI components and AI skills are done this way frequently.

I'm excited to see more patterns like this for other types of code.

Why would it decimate the Windows market? From my experience, there's a strong correlation between iPhone and Mac usage.

Looking at the stats, the Win:Mac ratio is 4:1 but Android:iPhone only 2:1 so it might hurt Windows. But if iPhone users are more likely to use Mac or don't use computers much already, then expanding iPhone capabilities would cannibalize Apple business.

Because then most people with an iPhone wouldn't need to buy a separate laptop/desktop. I'm sure Android as well would follow in short order (not the half hearted attempts they've made so far). Sales would plummet. Windows decimated.

No, the iPhone has over 50% market share in the US, macOS is nowhere near that.

Taxis/Ubers/... can and do stop in the middle of a street. Why would that be different for a bus picking up a single person?

What if it's 5 people? 10? What if instead of many huge buses like today it's 5x as many smaller buses?

You can't just have buses stopping randomly everywhere, it doesn't scale.

The assumption is that a "waymo bus" would be hailed by an app and the service would plan routes on demand. In such case, bus stops would be needed only in busy areas or in places where it would be dangerous to stop.

This is based on the observation that people, including police, tolerate taxi drivers stopping at places where it's technically illegal.

yes, and it keeps blocking my bus. Fortunately it is now legal in Chicago for drivers to get fined for stopping in bus stops/bus lanes automatically via cameras on the buses. Not sure if it is actually happening though..

Hetzner charges a fee for setting up your bare-metal machine. Often zero for their smaller machines and for those in auction. Probably they don't want someone to order a large fleet large of machines for one month and then cancel. They might not get another customer for those machines soon.

Here's what they say themselves: https://www.hetzner.com/pressroom/statement-setup-fees-adjus...

Good context. They're commenting only on why are they increasing some setup fees though, not justifying their existence. The Hetzner setup fees were in place already before the RAM price hike.

...but servers come with virtualization on by default for like... at least a decade if not more

So they literally want money to fix what they fucked up the first time

> This is a common prepper trope, but it doesn't make any sense.

In case the supply chain breaks, preppers don't want to be the ones that starve. They don't claim they can prevent mass starvation.

(Very off topic from the article)

Preppers are maybe the worst of the nonsense cosplay subcultures in modern memory. The moment things go south the people who come out ahead are always the people able to convince and control their fellow humans. The weirdo in the woods with the bunker gets his food stolen on like day 12. The post apocalypse warlord makes it through just fine. Better, maybe!

The key to survival has always been tribal dynamics. This wouldn't change in the apocalypse.

There are multiple companies doing that. I was using one a few years ago, also don't remember the name, haha.

I guess it's an obvious thing to sell, if you go through the process of PCI-DSS compliance. We were definitely considering splitting the company to a part that can handle these data and the rest of the business. The first part could then offer the service to other business, too.

> Could you split up the traffic across dozens or hundreds of IPv6 source addresses?

Yes

> I can see how this significantly increases complexity for tracking

Not really. You just track at some prefix level. In general, the ISP will hand out a /64 per consumer so that's what you can track. From there, you can build more complex and more precise grouping rules for tracking.

I'd mix in some IPv4 of course, maybe pipe some of the connection via VPN interface so the physical route is not same for all packets.

In fact, sometimes I open bash even from zsh. When pasting from a script and debugging why something doesn't work as expected, I don't want bash-like. For ad-hoc loops, bash-like works well for me thanks to the familiarity of syntax.

In Czech, which uses the long scale, yes. The equivalent of "milliardaire".

They have some headers for authentication. The payment part is for the price negotiation. The headers tell you that Cloudflare wants to charge you for this particular content and you tell CF that you're OK with being charhed up to $AMOUNT.