SIM farm is a different scenario and arguably not even illegal. This story is about scammers operating a DIY stingray that broadcasts phishing messages via SMS to nearby devices.

Yeah, it’s funny how all the comments so far are only talking about the over-engineering and scope creep, when the bulk of the blog was dedicated to a totally separate rant (but a good one!) on structural diffing.

What company and American company?

Solvinity, and Kyndryl, respectively.

That story is mentioned in the TFA.

I thought the names in the opening were the people being charged. Then I realized they were the prosecutors.

> There's not enough redundancy

So build resiliency into your application layer.

You don't always choose the application layer.

When you're an OpenStack cloud provider, your customers choose.

When you're a customer using Open Source software, your vendors choose.

Using a mixture of directly attached NVMe and network-attached volumes with backup is the sweet spot for me.

I don't need to maintain my own network filesystem (Ceph), and I can put applications that mirrors its database natively on NVMe and everything I don't have much control over on network-attached volumes.

I feel like there's something better not yet made.

> despite no longer being in vogue with consumer devs

Is it in vogue with enterprise devs?

3x growth in ten years is the “most generous” estimate?

Yes because outside Starlink and govt contracts, there isn’t that massive of a demand growth in the sector. There a limit to how many satellites can be in orbit at a time and land based telecom infrastructure makes it so that satellite based infra isn’t necessary unless you’re in remote areas.

They are decades ahead of their nearest competition, in multiple verticals, and their barrier to entry is a literal gravity well.

All the money they are burning is for grok. And it is not decades ahead.

BO has entered the chat New Glenn and are arguably equal to Super Heavy given they've also recovered and reused their heavy booster.

I think you're going to be surprised at the level of competition BO provides SpaceX in the Artemis program.

I’m not clear on it either. Was the Context.ai OAuth application compromised? So the threat actor essentially had the same visibility into every Context.ai customer’s workspace that Context.ai has? And why is a single employee being blamed? Did this Vercel employee authorize Context.ai to read the whole Vercel workspace?

Next.js renders configuration that’s shared by client and server into a JSON blob in the HTML page. These config variables often come from environment variables. It’s a very common mistake for people to not realize this, and accidentally put what should be a server-only secret into this config. I’ve seen API secrets in HTML source code because of this. The client app doesn’t even use it, but it’s part of the next config so it renders into the page.

IIRC, react had this issue so they required env vars seen in react to be prefixed by REACT_ The hope being that SECRET is not prefixed and so is not available. Of course it requires you to know why they are prefixed and not make REACT_SECRET

That's essentially what NEXT_PUBLIC_ is for... but serializing process.env is a new one for me.

They don’t serialize process.env, but devs will take config values from environment variables. Obviously you’re not supposed to do this but it’s a footgun.