It is likely not worth your effort as whatever you come up with will likely result in discord deactivating your account for breaking their ToS, or them breaking their API forcing you to constantly play catch-up.

This is why open communication protocols are so important. Email is still as ubiquitous as it is because it's a protocol, not an API.

I personally think it would be less overall effort to get your friends to switch to an open protocol like matrix, or XMPP than it would playing cat and mouse with proprietary APIs. But you do you, I wish you the best of luck!

Best I can do is

"\ude41🙂".split("").reverse().join("")

returns "\ude42🙁"

Who controls the British pound? Who keeps the metric system down? We do! We do!

Yeah good point. I suppose the problem is this function that operates on numbers allows numeric strings to be passed in in the first place. The only place where I would really expect numeric strings to exist is captured directly from user input which is where the parsing into a numeric data type should happen, not randomly in a library function.

On my machine at least man openssl shows that -k is for specifying the password you want to derive the key from, so in that case I think you are literally using the string /etc/ssl/private/etcBackup.key as the password. I think the flag you want is -kfile.

You can verify this by running the command in strace and seeing that there is no openat call for the file passed to -k.

Edit: metiulekm@sh.itjust.works beat me to it while I was writing out my answer :)

It's kind of insane how bad this whole is-number thing is. It's designed to tell you if a string is numeric, but I would argue if you're ever using that you have a fundamental design problem. I hate dynamic typing as much as anyone else, but if forced to use it I would at least try to have some resemblance of sanity by just normalizing it to an actual number first.

Just fucking do this...

const toRegexRange = (minStr, maxStr, options) => {
  const min = parseInt(minStr, 10);
  const max = parseInt(maxStr, 10);
  if (isNaN(min) || isNaN(max)) throw Error("bad input or whatever");
  // ...

Because of the insanity of keeping them strings and only attempting to validate them (poorly) up front you open yourself up to a suite of bugs. For example, it took me all of 5 minutes to find this bug:

toRegexRange('+1', '+2')
// returns "(?:+1|+2)" which is not valid regexp

I can't find a keyboard with them, or a copy/pastable line where they've been typed

Maybe use combining diacritical marks?

I'm using 0x326 (Combining Comma Below), but you may need the CGJ in there to render correctly in all contexts

e.g.

Foo!̦ Bar?̦

Edit: Combining grapheme joiner, not zero width joiner

Wait, is he serious? I thought for sure this sign was satire...

I hate that Google is exerting even more control on the internet with their TLD, but I don't really think this attack is made all that much worse with .zip TLD. I can already bury a .com in a long URL and end it in .zip just fine like so:

https://github.com∕foo∕bar∕baz@example.com/foo/bar/baz.zip

Or even use a subdomain to remove the @:

https://github.com∕foo∕bar∕baz.example.com/foo/bar/baz.zip

The truth is most people don't look much at URLs outside of a domain to verify its authenticity, at which point the .zip TLD does not do much more harm than existing domains do.

For mitigation, Firefox already doesn't display the username portion of the URL on hover of a link and URL-encodes it if copy-pasted into the url bar. It also displays the punycode representation when hovering or navigating to the second example.

Edit: looks like lemmy now replaces 0x2215 which is a character that looks like forward slash with an actual forward slash, so my comment is a bit more confusing. For clarity, the slashes before example.com in the above urls were 0x2215 and not "/".

I would have more sympathy for Youtube if 1. it wasn't the de-facto standard where essentially all video media gets uploaded to (which Youtube itself has done everything in its power to make happen) and 2. the company that owned it didn't also own the most popular phone OS, most popular search engine, most popular email provider, most popular ad network, most popular maps, most popular online office suite, most popular airline booking, 2nd most popular cloud hosting... The list goes on

Until a federated solution like peertube gains more traction I have no problem paying content creators directly via patreon, and do everything in my power to not pay Google a dime. Trust me, they can afford it just fine.

The problem isn't the version control itself. Obviously git continues to function and I can commit things offline in a plane. What I can't do is create/review PRs or read/open issues. That's easy to brush off, but the most egregious thing is the fact that this used to be federated over email!

All we needed was more user-friendly tooling to make it easier for new college grads to start contributing to FLOSS, but instead of better email based tooling we got the centralized trash that github is today.

There's no way of knowing, which is the whole problem with their model and why a lot of us self host things in the first place. Even if they super duper promise not to use the data, they could be lying. And if they are actually true to their word today, that could change tomorrow.