Yes, but as the country of manufacture of the incident aircraft, NTSB is absolutely consulting on that report.

> The thing is, your Keycloak instance is not going to matter to any hacker, particularly if it's inside a VPN and not reachable from the Internet.

This doesn't make it particularly usable as SSO...

>Good network design costs a lot of money to set up, particularly to limit the scope of an attack (e.g. because the VPN software had a vulnerability), but it's orders of magnitude better in the long run than to outsource core IT to some incompetent fools with subcontractors.

This is exactly my point. Most businesses not not have the resources to maintain this level of infrastructure.

Additionally, I'm personally of the opinion that walled gardens with VPN entry points are a particularly good choice for modern businesses these days. Even the White House OMB is pushing the beyondcorp model in their recent recommendations for ZT.

One can only hope.

I'm not sure Keycloak is a viable alternative for most businesses. Security software as a whole tends to be _extremely_ difficult to run securely and at scale.

Honestly, most of these companies would be better off using Google, Azure or AWS' SSO-as-a-Service product (if that's what you're hoping to get out of Keycloak).

That's not to say that I don't appreciate that there's an open-source alternative out there, however.

Softlayer is the name you're thinking of. They were pretty decent 10 or so years ago, but never touched them after the IBM acquisition.

Pretty sure there was a call out late in the countdown regarding arming the FTS.

I think this may have changed, very recently. Now when I paste any of the example strings in the post, I get an alert that I've pasted markdown, with options to apply formatting, or not ask again[1]. After that, it recommends using a new shortcut, (Cmd/Ctrl)+Shift+F[2].

Not the best improvement, not the worst.

1. https://i.imgur.com/QXHWMpF.png

2. https://i.imgur.com/Ksrjvf1.png

I'd totally contribute to that. Let's do it.

No it won't. The FCC doesn't work for the the citizenry anymore, just for lobbyists.

> There's nothing Node could or should have done about the lack of string padding. Node's "standard library" is first and foremost concerned with enabling network and filesystem IO. JS on the other hand even lacks a built-in way to handle dates properly (the Date class is largely an afterthought based on Java).

That's absolutely incorrect. Now, I might be using a slightly contrived example here, but take RPython and compare it with Python. Both use mostly the same syntax (i.e. ECMAScript vs Node.js), but one is extensively much more feature-filled than the other because it targets general-purpose programming(Python) vs a very specific purpose language, used as a lower level "Framework" if you will (RPython). RPython has no need to implement something like `left-pad` (although because it's a subset of Python, it's sort of already implemented)

With RPython, it's intended you build things on top of it (which is how I view ECMAScript), whereas with Python (more like Node.js) you'd expect that to...exist.

The fact of the matter is, the language teams in these examples had completely different goals and I personally believe that Node.js should have gone more the Python route and had an extremely strong standard library that would handle mundane tasks like `left-pad` does. It disappoints me that the Node.js team (outside of the ECMA technical committee, which designs the language itself) does not thing it should be responsible for this kind of simple tooling and instead rather passes it off to developers.

> Left-pad had a fairly trivial implementation but that implementation is easy to get wrong, so it's something you want to make sure you have covered by tests

...What? That makes no sense. `left-pad` is trivial to implement and test. There may be edge cases but for most people, writing tests to cover the edge cases they care about rather than pulling in a dependency just to handle something as simple as padding a string.

Not to mention, Node's near-complete lack of a standard library is at fault here, not developers, nor the ECMA technical committee.

What seems to be missing in the comments here is the `--user` option to pip. Lets you install modules on a per-user basis, doesn't mess with system python. All you need to do is add the bin folder this creates to your path.

I'm not sure what's worse about this:

1. The fact that it exists

2. The fact that they're using "something" bleed as the name (creativity, please)

3. That whoever created this page recommends the user alter the miner to point to some other, user-controlled HTTP server, effectively MITMing anyone who sees this page.

Shame.