Oh yeah lets make a web request per service invocation to figure out what to serve for the invocation!

Guys this is exactly the kind of banal crap that makes a simple app into a monsterous beast that won't work unless it's connected to the internet.

There's no web request per service invocation.

Feature flags are set once at startup (or specific events like hard refresh, or new login) and then simply included in the request headers.

It's not rocket science, but I'm sure people are free to overcomplicate it.

That's not a feature flagging service then (config as a service! not a thing really...)

I've done both client and server side implementations of the launch darkly sdk and that's how it's done to know client context.

If you're initialising the entire SDK only to load 1 set of configuration items, I'd argue you can host the config as a json file on a CDN and be done with it - feature flagging is overkill.

Then I'm lost at what the difference would be and why do you need a dedicated service.

Pardon my ignorance.

All good - it is something that has been over-complicated for marketing/product reasons.

If you know what A/B testing is, feature flagging can really allow you to nail down how you should deliver an experience to an end user.

We track end-to-end engagements on our websites based on how the content is displayed on a page with more performant layouts/content winning the test to drive users through the funnel.

I don't love it though because it's a lot of waste that gets left over and not cleaned up leaving billing to grow exponentially as flags are continually called for no reason.

Hmmm 12K seems like a bit much, even if it's fintech.

They also didn't mention the company.

The title feels clickbaity as it's not specific to AWS API gateway and instead, the implementation of it.

And who hosts on blogspot...

Yes, it and the other three posts sound positively AI written. The first post on the blog is how OP uploaded a backdoored dataset to HuggingFace and left it there for 6 months – whether made up or not, it doesn't sound great.

Why not?

This is arguing for style over substance. The goal is to explain how a bug impacts the company. Anything that achieves the goal is de facto good. Remember, the alternative is for the company not to be notified at all.

Style, and the effort an author put into their writing are both legitimate targets of rhetoric, analysis, and criticism.

They got $12k for their work. Their writeup was fine.

I clicked on the post and immediately bounced off because it was intense slop. Like a high schooler padding out their essay to hit a word count.

I don't care if they got paid for it. It's an interesting misconfiguration that you can describe in one sentence. I don't need to read the corresponding 500 word blog post.

Considering it let them do an unauthorized wire transfer from a system account, 12k seems pretty reasonable.

got any more criticisms, font choice, perhaps there's some duplication in their css?

I think 12k could be fine given how much it might have cost them if nobody had noticed.

Or if someone with malicious intent noticed.

It's not really fair to criticise hosting choice, but this lead me down a rabbit hole.

Noticed that non-responsive blog layouts are rare these days. Most are from blogspot. So I took a look and realized that blogger nowadays actually supports responsive layouts, but apparently... they are not popular?

https://blogger.googleblog.com/2017/03/share-your-unique-sty...

Google barely maintains Blogger, and people have old blogs with old templates they never felt the need to change.

Exactly. What do these researchers think? Getting rich finding security flaws? They should get $5 at best, buy themselves chocolate bar and an orange juice and be grateful for the opportunity bestowed upon them by the rich.

OJ here is over $5. Chocolate bars are not far behind. Of course I'm not complaining. Our kleptocrat overlords are doing great works!

a lot of AI is just wasteful like this.

there are a lot of parallels with crypto 'mining' a transaction and AI slopping a functional output.

so you take but you don't want to give?

perhaps try a different perspective of, "it's good i live in a place where we contribute for a common good"

Taxes are a financial loss.

I preferred living in Hong Kong and Singapore and do not enjoy living here honestly, but if you treat it as payment for my+partner’s backup citizenship, it seems more justifiable.

> Taxes are a financial loss.

What a miserable, selfish view of the world you have

they are greedy and don't want to pay their fair share.

people that count their tax dollars are usually very selfish to begin with.

i generally think the gov can do better with how money is spent though.

Do you run regularly?

Overweight by chance?

I've put on a bit of weight sunce having kids and my breathing at night is much worse than before.

You have no idea what you're talking about and it shows by what you choose to type.

It's not exclusively caused by fitness or lack thereof. A cursory Google search would show you this. It's not "breathing at night", it's literally suffocating in your sleep.

This place used to be full of intellectuals. It's a real shame.

Wow you sound very defensive.

If it's not obvious I meant breathing while sleeping at night in a sleep apnea discussion, I think you need to analyse your own internal bias and possible self-hate.

I'm very sure i have sleep apnea now as i wake up literally in panic where i'm not breathing + have a full bladder and need to go a few times a night (which i've read as a kidney response with sleep apnea).

As i said this all came about with extra weight gain in the past few months.

Gross.

Wow what a trash discussion this was.

Turns out it was you who are polluting this community with low IQ takes.

Google foeling more like Hooli these days.

"need to install a complete desktop app to get access to our new CLI"

They nuked anti-gravity and installed their codex knockoff in place. The vs code fork IDE and all your settings with it have been removed. Reinstalling the anti-gravity IDE, as it's been renamed does not bring back any of your settings or extensions.

This is a cluster across the entire product line

Pay toll and don't get your ship bombed.

They likely didn't pay to move their goods through the strait.

It's only illegal if you recognize the law. Why is charging for passage in Ormuz illegal and not in the Panama or Suez canals? Iran can (legitimately) say they require compensation for reconstruction and keeping the security of the strait after the attacks from the terrorist states of Israel and US.

Lets not let the truth get in the way of defence companies selling weapons for another middle east conflict!

'Cyclists sue bolt cutter manufacturer over recent surge in bicycle theft'