Exactly.

This is like the Pareto principle (80% of the benefit for 20% of the work), except the end state isn’t “general intelligence,” it’s a chat bot. There’s no general intelligence at the end of this road, we’ll need a lot more innovation to get there.

adds to its security and ease of handling

PHP… security?

Any security you get from running as a separate process/thread is undermined by sloppy language semantics and standard library. The built-in “mysql_” library was atrocious and stayed in the standard library for years (removed in 7.0, ~10 years after the previous release). Errors at least used to be really inconsistently communicated (sometimes need to call another function to check error status, sometimes returns 0 or - 1, sometimes raises exceptions). Types are pretty loose and subtly change type (e.g. when an int overflows, it becomes a float?). Variables spring into existence when you use them, so no warning about typos, shadowing, etc.

The language wasn’t really designed, it evolved from a simple templating engine to a full fledged language, and it cleaned up a little along the way. But a lot of the old cruft still remains.

super fast and easy to setup and get going

Yeah, that was always the goal. All you need is a webserver and a directory of scripts and you’re golden.

But lowering the barrier to entry comes with costs. It encourages people to just copy and paste crap until it works, I know because that’s exactly what I did when I first used PHP (JS w/ jQuery is the same way). This encourages a “just get it working” mindset instead of actually understanding what’s going on.

You can certainly write good PHP code, my point is that it actively encourages cludgy code, which means security holes, and the best example is the language and standard library themselves.

Web sockets work just fine

Do they? I assume they hog a whole process/thread for themselves instead of being efficiently managed in something with proper async tooling, so it sounds like it would scale horribly. What happens if you have a million open websockets?

They did an audit and found issues? Great, I applaud people searching and finding issues. Shall we do the same for Rust, go, or chuckle JavaScript?

Yes. I would be very surprised if Go or Rust yield even a fraction of the vulnerabilities as PHP. Even if we expand the scope a bit to a full-fledged web server framework. And that’s with all the server bits, while PHP only worries about its standard library.

I’ve used each of those languages. I’ve built sites in PHP, Go, and Rust, as well as Python and JavaScript (nodejs). PHP is by far the jankiest, and that’s including all the footguns w/ Go’s concurrency model.

Never point your DNS at two different IP addresses like this. It will only cause you pain and unexpected behaviour.

Why?

I have a similar setup, but to add to the problem, I’m also behind CGNAT. Here’s my setup:

• LAN - 192.168… addresses
• WAN - 10… address from ISP
• VPS - public address

To access my LAN from outside, I have a WireGuard tunnel to my VPS.

The address my DNS resolves to is absolutely unrelated to any addresses my router understands. So to prevent traffic to my locally hosted resources from leaving my LAN, I need my DNS to resolve to local addresses. So I configured static DNS entries on my router to point to local addresses, and I have DHCP provide my router as the primary DNS source and something else as a backup.

This works really well, and TLS works as expected both on my LAN and from outside my LAN. The issue OP is seeing is probably with a non-configured device somewhere that’s not querying the local DNS server.

Sure, and now it’s cheaper.

If it’s sustainable.

Really?

I’m honestly surprised anyone puts any more weight into it than a conversion starter. Most of my team scores largely the same, yet each of us is very different in terms of work style. In fact, one of our introverts really likes direct collaboration, and one of our extroverts really doesn’t. It’s really not an indication of anything.

Maybe. It could also be a big nothingburger.

Wow, really? We only do it like a couple weeks after hiring, and you can respectfully refuse. We just do it as a “get to know you” meeting so we can get the team familiar with the new hire.

uBlock Origin on Firefox-based browsers.

Warren Buffet comes to mind

But Warren Buffet does know what he’s doing. He doesn’t buy based on charts though, he buys based on fundamentals, and many of his bets take years to prove themselves.

I think this is more applicable to the vast swarms of YT influencers who push trading software. Get enough viewers and rent enough Lambos and people will think you know something. Or maybe even people like Jim Cramer, who has a mediocre success rate in his own trading firm, yet still has his picks get parroted because he has a TV show.

Don’t blindly buy stuff because someone else tells you to, or even because someone else does. Buy stuff because you know what you’re doing. If you don’t know what you’re doing (the vast majority of people), just buy diversified index funds. In the US, this means something like VTI and VXUS, or the various equivalents in various brokerages/retirement plans. That’s what I do, and I’ve had a pretty good experience so far, no experience reading tea leaves required.

And apparently my team at work. It’s more of a curiosity (oh, you’re somewhat extroverted? Interesting!), and it gives us a chance to ask questions to get to know a new hire.

If you’re making actual decisions based on the MBTI test, then that’s on you. But it’s kinda fun to compare.

Of the 14 members of the office, a dozen, including Director Jennifer Hay, have requested the Trump administration’s deferred resignation option and plan to leave by May 1. Two other staffers are also leaving in that time frame.

“Although DDS was excited to support DoD’s efforts to improve efficiencies and champion software modernization initiatives, the Administration was not leveraging DDS and hiring freezes, rescinding remote work, and travel restrictions were making us non-mission capable,” the current office member told The Hill. “As a result, most of the team elected to resign.”

…

Still, DDS efforts are expected to continue elsewhere. The member who spoke with The Hill said the office has “found permanent homes for most of our ongoing projects.”

So:

• it’s not a huge office
• seems more of a protest than being forced out (though maybe that was inevitable, we don’t know)
• projects are continuing, just under different management - so expect delays, but projects aren’t cancelled

I would really like a rolling breakdown of the impacts Trump and DOGE have had on government functions, with potential and actual impacts spelled out, and ideally as impartial/unbiased as possible. Anyone have a source for something like this?

Yup. It’s back to roughly October levels, like the rest of the S&P 500.

Sounds like you need an ad blocker. I didn’t see any ads on the article except text links that were relevant to the story, which arguably aren’t ads.

Exactly. We need to get money and promises out of lobbying. You should merely be allowed to explain the problems or benefits of a bill/law, realistic consequences, and proposed solutions.

Above average.

SSH tunneling is absolutely amazing, glad you figured it out.

We had a similar issue at work. Basically, we had a corporate laptop (Windows) that we couldn’t install anything to, and we needed to set up local development against a service running on the laptop. But since we couldn’t actually install anything w/o going through the IT dept (nobody wants to do that), I remembered that they had gotten git installed, and that comes w/ a shell which has SSH available. So I used that to SSH tunnel to the dev laptop (running macOS) and they were able to continue working.

SSH tunnels are a fantastic tool to have in your toolbox. :)

Updated to add at 1700 UTC, April 16

In an 11th-hour reprieve, the US government last night agreed to continue funding the CVE program.

Not sure how much more whiplash I can take…

More-or-less:

Common Vulnerabilities and Exposures

Basically cyber security exploit reporting.