Out of interest, what's to stop them publishing some 'version' of the modified code, but actually running a different version on their servers? Would that be easy to detect?

> Out of interest, what's to stop them publishing some 'version' of the modified code, but actually running a different version on their servers? Would that be easy to detect?

That depends on what you mean by "detect" -- there's an large body of Computer Science research dedicated to program attestation, i.e. enabling a user to verify that the program (or results of a program) derives directly from some source. But it's far from a solved problem in the general case.

Less formally, that's what the legal system is for: if the copyright holder suspects that the published source code is different from the source code that's being run by the service, then they're perfectly within their rights to take the service provider to court and attest, under the penalty of law, to their compliance.

>Out of interest, what's to stop them publishing some 'version' of the modified code, but actually running a different version on their servers?

The law

>Would that be easy to detect?

No

He says "Interestingly, Apple has removed the fingerprint reader and its associated dedicated chip", but both models have Touch ID in the keyboard. Top right.

The punchline is that it was written in 2016.

Oh! Ha! I did not notice that! I thought something seemed weird though. ;)

I find it incredible how this article has no mention of Snow Crash, Neal Stephenson, Second Life or Linden Labs.

ServiceWorkers also don't play nice with CORS in my experience. We often need to bypass them in Angular when making certain requests.

Author here! I'm also an editor on the service worker spec, so I'm interested to know where the pain points are.

Hi Jake! (I watch your videos ;)) Many times, the (Angular) ServiceWorker has given us CORS headaches on various requests to our APIs and AWS storage files. The only method we've found, after various AWS configs and ngsw-config.json attempts, was to add `ngsw-bypass=true` to all requests. I'll see if I can find the Github issue, where this has come up before.

Incidentally, while you're here, I'm planning on building something which will require use of SharedArrayBuffer. Will adding the (now) required Cross-Origin isolation COOP/COEP headers cause any issues to existing CORS setups?

:)

COOP+COEP won't change how CORS works, but it means you can't have no-cors resources on your page unless they have CORP headers

Very useful info. Thanks!

Here's the guy who wrote the original Windows Task Manager explaining this hack : https://www.youtube.com/watch?v=oKQ1X_4JCn0

Doesn't the HTML input `pattern` attribute help solve this with a RegEx?

I'd need to double check, but I was under the impression that it affects a validation check, but that it didn't actually prevent the input of these characters.

You can catch the 'invalidity' of the input with the `oninvalid` JS event, then use that to `e.preventDefault()` and show a message as to why it it failed.

Interesting... I'll investigate this. Thanks!

Here too. Just had the "We're having some trouble serving your request. Sorry!" error.

Indeed. People seem to forget that when Facebook goes down, it's not just your feed of depressing posts, photos and messages that go away, but also the entire Oculus VR platform, since they demanded a FB account to use Quest headsets.

Recently I've seen an increase in recommended videos which already have a red line across the bottom of the thumbnail, to denote that I've already watched it.

Here's an interesting article on where and why they get commonly used in legal documents and contracts.

https://www.termsfeed.com/blog/all-caps-legal-agreements/

There are also theories out there about why our names appear in all-caps on government documents, relating to the concept of treating an individual as a 'corporation'.