The standard window for a chargeback with both Visa and MasterCard is 120 days. Don't let the retailers bully you into thinking otherwise.

Usually just threatening to do a chargeback, without actually doing it, is sufficient to get them to comply. Every chargeback costs the company money (usually around $10 to $50 depending on the bank) and time (dealing with the bank, collecting evidence, etc) even if they win the dispute, so they try to resolve issues without the customer involving the bank.

A while back, I saw a story in the Home Assistant Facebook group about someone's child saying "Hey Google, turn on everything" and it messing things up. I was telling the story to my wife and forgot to replace "Hey Google" with something Google wouldn't pick up on. Oops. It heard my "turn on everything" and chaos ensued. I have some Zigbee alarms that all started sounding. It enabled several different scenes and ran several scripts. All TVs turned on. My Xbox and Nvidia Shield were fighting for control of the TV (there's some issue with HDMI-CEC that I haven't figured out where if both are on, they get stuck in a loop changing the TV input between HDMI2 and HDMI3 about once per second).

Don't do that. "Turn off everything" is bad too. I ~~have~~ used to have my server rack plugged into a smart plug to measure power usage, and "turn off everything" turns that off. I want to figure out how to disable these two voice commands.

It's weird that SSNs are treated as some sort of secret number given they don't have any security features. They were never supposed to be used the way they're used today, but there's no good alternative yet.

The US really needs a replacement, for example a national digital ID based on PKI (public key infrastructure) where you can generate new ID numbers based on a private key. Each bank, lender, employer, etc that needs it would get a unique ID that only works for them, and you could revoke access for just that one company if needed.

Kinda like how OAuth/OIDC login works, where you can log in to sites using your Google account, Apple account, self-hosted Authentik or Authelia, etc. but the site you're logging in to never sees your password. If a site/app misbehaves, you revoke their access to the account, and everything else that uses the account can keep working.

It's amusing. Meta's AI team is more open than "Open"AI ever was - they publish so many research papers for free, and the latest versions of Llama are very capable models that you can run on your own hardware (if it's powerful enough) for free as long as you don't use it in an app with more than 700 million monthly users.

Yeah this is strange. People need to stop vilifying sex work. If the person is doing it willingly, they're not hurting anyone, and they enjoy doing it, what's the problem?

Reposting my comment from Github:

A good reminder to be extremely careful loading scripts from a third-party CDN unless you trust the owner 100% (and even then, ownership can change over time, as shown here). You're essentially giving the maintainer of that CDN full control of your site. Ideally, never do it, as it's just begging for a supply chain attack. If you need polyfills for older browsers, host the JS yourself. :)

If you really must load scripts from a third-party, use subresource integrity so that the browser refuses to load it if the hash changes. A broken site is better than a hacked one.

And on the value of dynamic polyfills (which is what this service provides):

Often it's sufficient to just have two variants of your JS bundles, for example "very old browsers" (all the polyfills required by the oldest browser versions your product supports) and "somewhat new browsers" (just polyfills required for browsers released in the last year or so), which you can do with browserslist and caniuse-lite data.

Use TypeScript, and nonsensical things like adding arrays to objects will be compile-time errors.

If the USA didn't have such a complicated tax system, with companies like Intuit lobbying to keep it that way so they still make money, this wouldn't be an issue.

A lot of countries automatically fill out your entire income tax return for you, and send it to you to verify it. If it's all good, you just need to accept it. Less than five minutes work.

I always found these anti-right-click scripts funny since they usually don't block Ctrl+S to save the page, Ctrl+U to view source, or Ctrl+P to print (or these days, F12 to open the browser dev tools)

Anyone that builds a SPA and breaks opening in new tab or history caching and back/forward nav isn't a good frontend developer (or lacks experience, which is something that's fixable!). These have been solved problems for a long time.

A lot of Linux drivers are like this - just one or two people maintaining them. They usually eventually mainline the driver rather than having a separate Git repo though.

Hopefully that swap is on an SSD, otherwise that query may not ever finish lol
Once you're deep into swap, things can get so slow that there's no recovering from it.