Hacker News new | past | comments | ask | show | jobs | submit | rkta's comments login

> Text fragments are currently supported in all the browsers.

All meaning all the browsers listed in the linked table. These may be the major browsers, but not all of them.


Brave has this feature disable due to (rather minor, imho) privacy concerns.

https://github.com/WICG/scroll-to-text-fragment/issues/76

https://github.com/brave/brave-browser/issues/17994


That is an interesting issue (detect differing resource loading based on the document jump) that affects regular fragments as well, but the idea is that particularly sensitive pages would know not to have fragment targets in the page but couldn't prevent text fragments. The solution given (deterministic loading independent of jump target) seems like a good idea to work towards but meanwhile I agree it is a minor concern and pages should not avoid reasonable navigation due to this issue. Particularly since there are often other ways of getting the same information with the same type of network analysis.


By market share, that table contains all the major browsers and more.


Why don't you read your local man pages? w3m comes with w3mman to do so.

With local man pages I know at least that the man page matches my installed version.


> An attacker can use this vulnerability to obtain root on OpenBSD 7.4 and 7.5.

Ouch! And this all due to unsanitized user input. I really would have expected better from OpenBSD in 2023. I mean I would expect better from everyone but especially from OpenBSD.


It's still there and it works quite well for HN because it can display the spacer gif, so you get indentation for the threads.


After reading the website and also trying the mentioned `ssh pr.pico.sh help` I still don't know what exactly to do to use this.

> 4. External contributor submits a PR to SSH server But how? That numbered list let me think of that old cartman profit meme.

I like the idea, but I'm not convinced yet, that this is really easier than just sending an email by `git request-pull`.


Thank you for that feedback, I removed a couple important pieces from the repo readme that I think would answer your questions around usage. I'll add them into the main site.


> Sure, who cares, nobody targets w3m in 2024.

I care. There's still w3m users out there - and I am one of them.

I don't care if the website looks like shit, but at least keep it usable for us.


Parsing ls is an anti-pattern, but the author says it works for years - we all do mistakes and as long as it works you don't notice.

And it's an easy fix:

    - for project in $(ls go-cicd); do
    + cd go-cicd || exit 1; for project in \*; do


I would suggest not to mess with the current working directory and instead do something like this:

  for project in go-cicd/*; do
    project="${project#*/}"


Indeed, thank you for mentioning that - I was going to suggest similar.

That said, if you do (ie: scratch files, things outside of control, whatever), consider the directory stack:

https://www.gnu.org/software/bash/manual/html_node/Directory...

Using 'pushd' and 'popd' can save your fingers/brain from getting lost in context.


I like using subshells for this:

  (
      cd dir
      for f in ./*; [..]
  )
There's a few scenarios where this won't work (mainly if you want to set a variable from the "outer scope"), but 99% of the time it works nicely.


Ah, that's a nice/neat thought - thank you for sharing! Makes total sense, temporary/disposable shell for such things


The attacker had access to the GH mirror of the repo. The original repo remained at https://git.tukaani.org/


What's malicious about that patch? From reading the thread it looks like an attempt to fix a FP from some tooling.


One of the patches that the University of Minnesota was banned for from contributing to the Linux kernel. They were trying to introduce a use-after-free (Fig. 9 in their paper).

https://news.ycombinator.com/item?id=26887670


I just had to think about how ironic it would be if "Jia Tan" turned out to be a Post-Doc from the University of Minnesota continuing that research on hypocrite commits.


The official channel for the project.


Consider applying for YC's W25 batch! Applications are open till Nov 12.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: