Per their response to this issue, seems like this is a bug: While they do have some non-FOSS code in their `sdk` package, the client should still be buildable without the SDK:

> Hi @brjsp, > Thanks for sharing your concerns here. We have been progressing use of our SDK in more use cases for our clients. However, our goal is to make sure that the SDK is used in a way that maintains GPL compatibility. > > > the SDK and the client are two separate programs > code for each program is in separate repositories > the fact that the two programs communicate using standard protocols does not mean they are one program for purposes of GPLv3 > Being able to build the app as you are trying to do here is an issue we plan to resolve and is merely a bug.

The problem with that statement is what exactly does "in a way that maintains GPL compatibility" means, especially since they plan on moving more functionalities into the proprietary code, so the two "separate" components will be increasingly coupled together.

I'm not a lawyer, but I'm quite skeptical of the outcome. Is it really going to produce a valid GPLv3 licensed client? To me, it seems like the whole thing is just going to be a combined proprietary + GPLv3 license, which will contradict itself.

But again, I'm not a lawyer, so my understanding of this might be way off.

Seems like they relicensed their whole SDK to GPL so that's a move in the right direction!

https://news.ycombinator.com/item?id=41940580

Paid: https://automattic.com/benefits/sabbatical/

The md5 part of the sqli is added by the pentester, likely because they needed a call that would end in a parenthesis within the injection parameter

There is already a call to MD5 in the original query; see the first image in the article, which they apparently obtained by submitting ' as the username: https://images.spr.so/cdn-cgi/imagedelivery/j42No7y-dcokJuNg...

Yup, and there we can see the password is just splatted in with no salt. 99%+ the password is an injection attack too, but one only needs one set of the keys to the kingdom to make the point, so the article never discusses getting in via password instead and the author may well never have checked, because it couldn't make things any worse.

The screenshot in the article shows MD5() is returned as part of the error message from the web server, so it is probably also a part of the original server-side query.

This brings back memory: This was the case for a gold-buying website for the Runescape game in the 2000s. You could edit your cookies or other front-end facing information to change the price of items in your cart, so you could buy gold or items for much cheaper than the market rate. At some point, while the vulnerability remained, they started cancelling orders abusing this and manually checking the orders.

I think you could still find some old youtube videos or threads on obscure forums with enough digging about that topic, that's how I learned of it initially.

So this was a real thing!

+1 to echarts: While it can be more complex to start than the others, it remains fairly simple for the default graphs while providing enough flexibility to do pretty much anything.

Echarts isn’t hard to set up anymore now that GPT-4 takes care of the complexity.

Charts that used to take me days to set up and data-wrangle now only take minutes.

I suppose this applies to other libraries but I like echarts.

Can you share some of your prompts that you have used?

‘Using echarts and provided DATA, demonstrate how to convert a table of rows such that the “value” is aggregated and shown on a bar chart as the sum of all “values” for each “timestamp”

DATA: {json array}’

Dumping your data into the context window tends to help specify the task and focus the AI on the data structures to use.

Same here: I've been hosting two dozen services on Dokku for a side-project in the past few years and it's been working flawlessly! Dokku and a Hetzner server makes hosting very easy

AWS did not launch their own spinoff alone, but instead joined the Valkey project by the Linux Foundation[0], alongside many other major contributors:

> Industry participants, including Amazon Web Services (AWS), Google Cloud, Oracle, Ericsson, and Snap Inc. are supporting Valkey. They are focused on making contributions that support the long-term health and viability of the project so that everyone can benefit from it.

Seems like a good alternative to a single company's spinoff: Many major providers working on this same project should result in everyone benefiting from it.

https://www.linuxfoundation.org/press/linux-foundation-launc...

I don't have any inside knowledge, but I can't believe that they don't have an internal fork of Redis for Elasticache.

Hide a spoofer on the train itself, this way you can target any train anywhere

Yeah, trains tend to have large cabinets inside, and not like those cabinets are opened and inspected every day.

The Twitter link in the footer points to an unrelated account with the "rowsncolumns" handle

Oops. Fixed, thats the handle i wanted, but it was taken :)

Is this related to the react-spreadsheet[1] project? Where does the "React Spreadsheet 2" from the title come from? It's not clear if this is an update to the project, a fork of an existing project, or something brand new.

[1] - https://www.npmjs.com/package/react-spreadsheet

Hi, Its not related to that project. Its an update to an already existing project under RownsColumns, hence the name.

So did you just steal the name of another component?

No. The component is named "Spreadsheet 2". It's based on React framework. Hence the title of this article "React Spreadsheet 2".