Ab dem 16.12. fängt der Konzern an, die #Meta AI mithören zu lassen, um auf Basis der Daten Werbung, Feeds und Reels gezielter auszuliefern.
Ab dem 07. Oktober bekommen die ersten Nutzer von #Facebook, #Instagram und #WhatsApp in ihrer App eine Mitteilung über die neue Nutzung der #MetaAI angezeigt. Die neue Funktion soll Mitte Dezember diesen Jahres zunächst im Ausland aktiviert werden. Die Länder innerhalb der #EU kommen erst später dazu. Grund dafür ist der strengere #Datenschutz innerhalb der Europäischen Union. Bisher ist nicht bekannt, ab wann die #Kommunikation mit dem #KI-Bot auch in Deutschland konsequent ausgewertet werden soll.
Exhibit N in why I will never ever go on a cruise. (Lots of other reasons too, including TOO MANY PEOPLE and the gross environmental footprint, but being trapped on a boat with noro is nightmare fodder). RE: bsky.app/profile/did:plc:f5j66…
Earlier today I got an email from that wonderful delivery company Evri, saying they would be delivering a parcel between 8 and 9pm tonight. Now the parcel isn't due until next week, so that was a surprise, especially considering we have a weather warning. Now its a minute past 9pm, so I can be outraged that Evri have not shown up? I mean, its not as it 97mph gusts have happened near here and trees are probably down in a lot of places. Piss poor service, 0 out of 5 stars.
( I am not mad in the least, its bloody awful weather and I would rather the driver was safe at home - it would be nice if they would update the tracking though)
I want the endpoints at /actions , and only those endpoints, to reject/not-receive requests that are not same-origin. Other endpoints (regular html pages; oauth callback) SHOULD be possible to link/redirect to.
The 2 ways I can imagine doing this are: - Check for Origin: header and reject request if wrong (will privacy plugins sometimes suppress this?) - Send `Access-Control-Allow-Origin: https://me`, also use Post to force preflight
Cross-Origin Resource Sharing (CORS) is an HTTP-header based mechanism that allows a server to indicate any origins (domain, scheme, or port) other than its own from which a browser should permit loading resources.
cors header is the usual option, but of course non-browsers aren't likely to respect it. The origin checking is a bit more robust against non-browsers - unlikely to cause issues for browsers, I've never countered issues with it. Of course non browser's can still fake their origin header.
@SudoCat as long as browsers are universal about it. i'm only concerned about malicious redirects on real browsers because only the real browsers will have good cookies.
I don't think that POST guarantees preflight by itself; you have to use a non-safelisted header or something? god the specs on this are obnoxious. But if you have a custom X- header that you check for, that should force the browser to always do it. (Alternately, you can just do regular CSRF prevention.)
@glyph If you can do a cross-site POST request with a <form> that you programmatically .submit(), then you can do the same request with XHR without a preflight. The annoying spec rules basically try to formalize that idea.
the pattern I've seen to protect against CSRF is some extra token that needs to be present in order to accept the request. cheatsheetseries.owasp.org/che… explains it (and also has some other options).
Literary Fiction Novels That Blend Beauty and Emotion
Literary Fiction Novels That Blend Beauty and Emotion Perfectly balancing gorgeous writing with emotional resonance, these books remind us why literary fiction is so powerful. These upcoming literary fiction books are already generating buzz among critics and readers. Water Memory (The… newinbooks.com/literary-fictio…
Swift isn't just for client apps: when @elytra moved from Node to Swift for their server code, they benefited from better performance and a unified codebase. More here: elytra.app/blog/2025/10/01/swi…
À l'issue d'une série de mesures exhaustive, je suis en mesure de l'affirmer : il existe exactement deux longueurs de jarretière optique, la trop courte et la trop longue.
Landwirte bleiben auf Kosten sitzen: Bundesregierung streicht Förderung, die bis 2030 vorgesehen war apollo-news.net/landwirte-blei… In der Landwirtschaft rumort es gewaltig. Einen „Schlag ins Gesicht der landwirtschaftlichen Betriebe“ nennt es die Arbeitsgemeinschaft Bäuerliche Landwirtschaft, der ... The post Landwirte bleiben auf Kosten sitzen: Bundesregierung streicht Förderung, die bis 2030
A person stands facing the camera, partially obscured by a dark jacket. The jacket is open, revealing skin underneath. The person has long, straight brown hair and is wearing glasses with dark frames. Behind the person is a wooden chair and a metal rack. A cardboard box is partially visible to the right, with the word "limat" visible on it.
Provided by @altbot, generated privately and locally using Gemma3:27b
Where's the best place to get 2-5 genuine HD63C09EP 40 pin DIP 3Mhz versions ? I've looked at eBay but they are all in China and I really want genuine chips not rebadged 2Mhz versions or worse totally fake.
My go-to here in Canada is Digikey, but when I search HD63C09EP on your side of the pond it really is slim choice. There's donberg.co.uk/descript/h/hd_63… with which I personally have no experience - at least it has a physical address to scowl towards if they are trouble to deal with.
According to Defense Secretary Pete Hegseth’s social media post, the strike killed four men, but it offered no other details on who they were or what organization they belonged to.
Responding to a police plea referencing the Manchester Synagogue terrorist attack, Defend Our Juries say they’ll still hold a fourth national protest. Terrorism wins if peaceful protest is suppressed.
Billy Watt
in reply to Fi • • •Fi
in reply to Billy Watt • • •