Probably the eras when it was feasible to regularly communicate with small groups of people outside of a few highly-centralized platforms.
At this point, there's a credible argument to be made that the Facebook empire is a sort of natural monopoly, like our public utilities. They need to be heavily regulated, split up into regional operators, and/or legislated out of existence.
You can communicate with small groups outside of a few central platforms. Stormfront remains alive. The incels have their own site as well.
You want the ability to communicate with everyone (tweeting is a message to the world) or if you aren't allowed to do that, for nobody to have that ability.
I'm talking about how you cannot effectively stay in touch with your neighbors and local community without using Facebook's platforms. People who you see every day, but who may not share all of your views; keeping up with those people is important if we want to heal our society's deep divides.
I've tried, but very few shared interest/volunteer/neighborhood groups will go out of their way to contact the one or two people who don't join their Facebook groups about scheduling or events.
It has nothing to do with racist or misogynist strawmen, but since you mention them, Facebook has done a lot to inflate those groups' ranks.
But when a PR is submitted that modifies an Actions workflow, shouldn't GitHub run the old unmodified workflow until that PR is accepted?
IIRC, they already treat the .github folder as a special case; you can't push modifications to workflow files with a personal access token. So why not ensure that an action or workflow will only run if it is checked into the base branch?
That wouldn't stop PRs from modifying scripts that the action runs, but the current behavior seems a bit counter-intuitive.
If that action is "./run_tests.sh", which is a top use case, the attacker just changes "./run_tests.sh", so while I agree that's useful, it doesn't secure the typical case, and makes for a hard cost/value stance.
The threat models are probably more like 1. "make sure only the right people run actions" and separately, 2. "make sure authorized events/actions only use the expected capabilities." Both largely fail today.
Well the idea is that a person submits a PR, and the action runs to verify that the tests pass BEFORE the PR is accepted. You don’t want to wait until after the code is merged in order to see if tests still pass.
The issue is that even if you don’t allow changes to the actual action workflow, running tests gives an attacker the ability to run arbitrary code. They just need to add the code they want to run to the tests (e.g. have the tests mine crypto)
Surprised this isn't more common. I had assumed these classes were already part of most curriculums, because it was taught when kids were in their early-mid teens when I was in primary school ~15 years ago.
They called it something like "library technology" at the time, but the topics focused on how to find and vet information online.
This was also when Wikipedia was still new. One of my 8th grade teachers was so annoyed by the platform that they planted false information in the page of a historical figure that we were writing an essay about.
On the one hand, I'm surprised at how creulous the average person seems to be today. But I also felt that way 15 years ago, and how long have people been saying "there's a sucker born every minute"?
> This was also when Wikipedia was still new. One of my 8th grade teachers was so annoyed by the platform that they planted false information in the page of a historical figure that we were writing an essay about.
Someone should have reported the edits and sent the logs to a tech publication. I'm sure they would have loved it.
In all seriousness, I laughed when I saw a "life hack" that basically said: "How to Get Better Grades: Never Quote Wikipedia, Quote the Sources of Wikipedia".
But it's quite flammable, so you might not want to use it as a building material.