This is why you pay a real provider for serious business needs, not an AWS reseller. Next.js is a fundamentally insecure framework, as server components are an anti-pattern full of magic leading to stuff like the below. Given their standards for framework security, it's not hard to believe their business' control plane is just as insecure (and probably built using the same insecure framework).
Next.js is the new PHP, but worse, since unlike PHP you don't really know what's server side and what's client side anymore. It's all just commingled and handled magically.
> Next.js is the new PHP, but worse, since unlike PHP you don't really know what's server side and what's client side anymore. It's all just commingled and handled magically.
Wasn't unheard of back in the day, that you leaked things via PHP templates, like serializing and adding the whole user object including private details in a Twig template or whatever, it just happened the other way around kind of. This was before "fat frontend, thin backend" was the prevalent architecture, many built their "frontends" from templates with just sprinkles of JavaScript back then.
People say "Next.js is the new PHP" because it's the most popular and prominent tooling out there, and so by sheer number of available targets it's the one that comes up the most when things go wrong like this.
But there are more people trying to secure this framework and the underlying tools than there would be on some obscure framework or something the average company built themselves.
Also "pay a real provider", what does that mean? Are you again implying that the average company should be responsible for _more_ of their own security in their hosting stack, not less?
Most companies have _zero_ security engineers.. Using a vertically-integrated hosting company like Vercel (or other similar companies, perhaps with different tech stacks - this opinion has nothing to do with Next or Node) is very likely their best and most secure option based on what they are able to invest in that area.
PHP was so simple and easy to understand that anyone with a text editor and some cheap shared hosting could pick it up, but also low level enough that almost nothing was magically done for you. The result was many inexperienced developers making really basic mistakes while implementing essential features that we now take for granted.
Frameworks like Next.js take the complete opposite approach, they are insanely complex but hide that complexity behind layers and layers of magic, actively discouraging developers from looking behind the curtain, and the result is that even experienced developers end up shooting themselves in the foot by using the magical incantations wrong.
Totally agree. Nextjs is a vehicle to sell their PaaS, every other feature is a coincidence.
What’s worse is vercel corrupted the react devs and convinced them that RSC was a good idea. It’s not like react was strictly in good hands at Facebook but at least the team there were good shepherds and trying to foster the ecosystem.
PHP had plenty of magic and footguns, magic_quotes, register_globals, mysql_real_escape_string, errors with stacktraces leaking into the HTML output by default, and these are just from the top of my head.
The scummy subscription dark patterns like "sign up to the $50pm plan but also it's a yearly agreement with termination fees teehee" show utter contempt for customers.
They're probably finished and will end up going the way of Evernote.
The vast majority of asylees are economic migrants, many of which use fraud to attempt to get status in their target countries (see BBC's investigation of asylum lawyers coaching asylees to claim they're gay and facing persecution back home).
According to international standard, asylees must stop and seek refuge in the first safe country. This first safe country is often next-door to where they came from, throwing cold water on their claims.
In the US, asylum seekers often cross through 10 safe countries before arriving in the US claiming they need asylum from a country thousands of miles and several countries in land border away.
The narrative of 'asylum' refuses to acknowledge these basic realities, to horrific effect.
The amount of money is an arbitrary choice, it's Trumps decision to settle with himself because he's head of government.
Also, you say it's an egregious privacy violation, but every other modern president released their tax returns willingly. Trump is bucking tradition here. As per usual.
There's a difference between releasing your tax returns, being compelled to release your tax returns, and someone leaking your tax returns.
The notion that it's a gentlemanly tradition means nothing. Codify it into law if releasing tax returns is such a big issue. In this case particular, I don't think the leaked tax returns have produced the effect that was desired, so it seems silly that this is what it has resolved to. I wonder if it ever mattered at all, given what we know about Trump nowadays.
Ultimately it's the rich people on the hill pulling all strings, the rest of us are just left to hold the bag.
Chrome exploits (obviously that can be used to compromise people) go for $1,000,000 on the black market so anything cheaper than that to generate is impressive.
RN is extremely far from modern Trumpism economically. RN is on the socialist end of the spectrum when it comes to economics, by American standards anyway. By French standards they're merely liberal.
I thank you for the information! However, I want to play devil's advocate with your sentiment.
Is his current content a scam? No. Did he rehabilitate? Maybe. Should former blackhats be banned from whitehat efforts? If that's the only instance of his ethical wrongs, I think I'll give him a pass. There was a lot of that crap software at the time. I never bought into any of it. A lot of people were scammed to a certain extent. I hope he learned his lesson. His sharing of knowledge is still valuable to him and posterity. Maybe we can get him to do a video on his softwareonline.com shenanigans!
AI polls are fake, real polls are fake, and Nate Silver's modeling is REALLY fake.
Nate Silver implied Florida was in play in 2024 for Democrats, then it went +13 R. This is after he spent 9 years clinging to polling which systematically undercounted Republican support due to either sampling bias or shy voters, or were simply outright fraud in other cases (Selzer's Iowa poll).
This point would be more believable if rates of poverty and numbers of ultra wealthy weren't inversely correlated, but they are.
It's almost impossible to be in poverty in the United States unless you're willfully trying to do so. It's certainly impossible to starve. There are free food programs in every city.
Comments like these are usually driven from ideological places or jealousy, rather than a factual linking of billionaires to poverty. Any given US billionaire is likely providing over 1,000,000 direct and indirect jobs for starters.
Look at evil Jeff Bezos, who created a platform in which basic necessities are sold for margins that are frequently 0%. Previously 'local business' middlemen would charge 50% margins to impoverished locals. Undoubtedly Amazon has lowered the prices of goods. That's merely one example.
this is a very low bar for determining a decent quality of life for a human being.
> ideological places or jealousy
but presumably you are a "temporarily embarrassed billionaire"?
> billionaire is likely providing over 1,000,000 direct and indirect jobs
No, they don't 'provide jobs', they suck up [human] resources that could otherwise have gone to schools and hospitals.
> Undoubtedly Amazon has lowered the prices of goods.
but at what cost to the social fabric (Walmart is probably the greater transgressor there though).
Developed societies tolerate the ultra-wealthy because a) they are an artifact of a free market for capital allocation (vs state control), and b) sometimes having large wealth concentrations has proved a useful 'short-circuit' to normal capital allocation for otherwise unfundable but ultimately beneficial projects.
The key word here is 'tolerate'. If society feels the ultra-wealthy are no longer worth the problems they cause (e.g. hoarding certain finite resources), then society should get rid of them.
I would add that beyond a certain point (a place to live, personal possessions, retirement fund, etc), there is no moral case - in the sense of the natural right of ownership - for their wealth, and we can simply confiscate it. For example in the UK we used 'death duties' to break the aristocracy.
Next.js is the new PHP, but worse, since unlike PHP you don't really know what's server side and what's client side anymore. It's all just commingled and handled magically.
https://aws.amazon.com/security/security-bulletins/rss/aws-2...
reply