This is not a supply chain attack, it is sudden extreme enshitification. according to the article, the attacker also bought the GitHub repo

I don't see how buying the GitHub repo as well makes it not a supply chain attack but enshitification.

They bought into the supply chain. It's a supply chain attack.

Where would/should the mapping happen? Probably not the Set constructor. JSON.parseSet()?

JSON.parseSet = json => new Set(JSON.parse(json));
JSON.parseSet('["A", "B", "C", "A", "B"]'); // Set(3) [ "A", "B", "C" ]

/edit: JSON.parseMap()

JSON.parseMap = json => new Map(Object.entries(JSON.parse(json)));
JSON.parseMap('{"a":1,"b": 2}'); // Map { a → 1, b → 2 }

In my Firefox I get a NS_BINDING_ABORTED error on the Google Fonts font request.

And they didn't specify a font fallback, only their external web font. It would have worked if they had added monospace as a fallback.

Ignoring secondary email addresses, what was my primary [onlineaccount] E-Mail address has changed four times.

No readily-compilable project is still a worthwhile barrier. So I don't think it's a bad argument.

If it's about open-source licenses, it typically allows that kind of repackaging. Which is not the case for closed-source/proprietary.

Nested CSS obscures complexity

An interesting point. Something I will take with me for observation and consideration.

Maybe sometimes it's worth despite it and other times not.

extending the list

• You don't need JavaScript to build web pages
• You don't need JavaScript to publish web pages

Seems like a valid formalization.

I think a or a few counter-examples would go a long way though.

The "rectangle" probably isn't supposed to be this messy?

generate 32-char-pw -> "Must not be longer than 20" 🤨

generate 32-char-pw -> "you must include a specific special character" 🤨

below 10 characters is truly atrocious - and thankfully rare

Are you saying "don't use a synthetic key, you ain't gonna need it"?

People regularly change email addresses. Listing that as an example is a particularly bad example in my opinion.

many2one: so in this relationship you will have more than one record in one table which matches to only one record in another table. something like A <-- B. where (<–) is foreign key relationship. so B will have a column which will be mapped to more than one record of A.

no, the other way around

When B has a foreign key to A, many B records may relate to one A record. That's the many2one part.

The fact that different B records can point to different A records is irrelevant to that.

one2many: same as many2one but instead now the foreign key constrain will look something like A --> B.

It's the same, mirrored. Or mirrored interpretation / representation to be more specific. (No logical change.)

If you had B --> A for many2one, then the foreign key relationship is still B --> A. But if you want to represent it from A perspective, you can say one2many - even though A does not hold the foreign keys.

In relational database schemata, using foreign keys on a column means the definition order is always one to one, and only through querying for the shared id will you identify the many.

many2many: this one is interesting because this relationship doesn’t make use of foreign key directly. to have this relationship between A and B you have to make a third database something like AB_rel. AB_rel will hold values of primary key of A and also primary key of B. so that way we can map those two using AB_rel table.

Notably, we still make use of foreign keys. But because one record does not necessarily have only one FK value we don't store it in a column but have to save it in a separate table.

This association table AB_rel will then hold the foreign keys to both sides.

What makes it "anonymous"? You're uploading a file to a server, right? That's hardly anonymous.

If this is about the onion link in the repo metadata, then I think the description not making that obvious is at least misleading. There's a fundamental difference in what the repo/tool provides and what a specific hosted website provides.

When something hits you in the face you turn blue. This essentially hits you in the face, and matches that color.

I don't have multi-user library maintenance experience in particular, but

I think a library with multiple users has to have a particular consideration for them.

1. Make changes in a well-documented and obvious way
   1. Each release has a list of categorized changes (and if the lib has multiple concerns or sections, preferably sectioned by them too)
   2. Each release follows semantic versioning - break existing APIs (specifically obsoletion) only on major
   3. Preferably mark obsoletion one feature or major release before a removal release
   4. Consider timing of feature / major version releases so there's plannable time frames for users
2. For internal company use, I would consider users close and small-number enough to think about direct feedback channels of needs and concerns and upgrade support (and maybe even pushing for them [at times])

I think "keeping all users in sync" is a hard ask that will likely cause conflict and frustration (on both sides). I don't know your company or project landscape though. Just as a general, most common expectation.

So between your two alternatives, I guess it's more of point 1? I don't think it should be "rapidly develop" though. I'm more thinking doing mindful "isolated" lib development with feedback channels, somewhat predictable planning, and documented release/upgrade changes.

If you're not doing mindful thorough release management, the "saved" effort will likely land elsewhere, and may very well be much higher.

Ask your profs or other applicable personnel for offered final year projects, suggestions, and previous years projects. You can also check software dev companies which may offer such projects as job openings. That'll give you more of an overview of current common projects, and some ideas of what you could do.

Ubuntu LTS.

It has the option for PPAs when the distro doesn't offer packages or recent package updates but the upstream project does.

It's a well-established and stable distro.

costumer

of holding the hammer?