That was my first thought, but is that much different for say Tesla. They get tax breaks and pay as low as they can. Don’t get me wrong I not protecting China’s way, I’m rather against both. But it would be interesting to see numbers from both sides

AFAIK major contributor into low Chinese EV prices are subsidies and tax breaks for manufacturers. I know they have significant tax breaks in US. It would be interesting to see how they compare. Because if they are mostly on par this is pure corporate greed stopping them. Especially in case of Tesla. They are not overpaying workers and don’t use luxury materials

Though in reality, management will push back any unorthodox approaches/solutions/approaches as risk and additional losses on R&D.

‘’’ Note: When I say “top-level” I am talking about the URL that you see in the address bar. So if you load fun-games.example in your URL bar and it makes a request to your-bank.example then fun-games.example is the top-level site. ‘’’ Meaning explicit creds won’t be sent. Even if fun-games knows how to send explicit creds, it can’t because fun-games does not have access to creds which stored for your-bank. Say suppose your-bank creds stored in local store. Since current URL is fun-games it can only access local storage of fun-games, not your-bank.

Thank you! I was always wondering why the heck this (mostly) useless and broken mechanism exists. I had hesitations about disabling it but had doubts about my understanding. Now I know I’m right

“Stateless” is not what “I” want, it is part of definition of REST.

Can do != what spec says you should do. You can also send clown version from the post but don’t be surprised people will find it… funny

Again, I’m not telling you are doing wrong. I’m telling you are mixing REST and RESTful web services

REST calls are same as in 2001. There is no REST 2.0 or REST 2024. Because REST is architecture guideline. It’s just more data sent over it today. HTTP code IS code. Why your system issued it is implementation detail and have nothing to do with resource representation. Examples you provided are not 403. “Too many users active” does not exist in REST because REST is stateless, closest you can get is “too many requests” - 429. Insufficient permissions is 401. I don’t even know what is “blocked by security” but sounds like 401 too. Regardless, you should not provide any details on 401 or 403 to client as it is security concern. No serious app will tell you “password is wrong” or “user does not exist”. Maximum what client should hope for is input validation errors in 400.

For those with “internal tool, I don’t care” argument - you either do not know what security in depth is or you don’t have 403 or 401 scenario in the system in the first place.

Now hear me out, you all can do whatever you want or need with your API. Have state, respond with images instead of error codes, whatever, but calling it REST is wrong by definition

At least they are not a tee pot

Why sit there 5 mins? This looks like normal city bus stop. Bus arrives at scheduled time, picks up passengers and takes off. I believe great ‘merica supper power nation can manage what Eastern Europe nations made happen years ago. Yes you may have few mins delays but it’s not a disaster.

If for whatever reason it must sit there for long time bust stop should be in a bay

I believe car drivers are capable of waiting 15 seconds while vehicle which most likely transports multiple times more passengers dropping/picking those passengers. Car drivers wait hours in traffic jams for themselves, can wait a bit for bunch of people in a bus

Crossings should be safe for humans and bikes. Meaning, they should be short and bikes should not be ridden across intersections if no bike lane

Better explain why pedestrian crossings are stretched so much instead of being on shortest trajectory to other side

Do you have to unlock? You can open wallet from blocked screen without unlocking phone

deleted by creator

Folks really trying to argue about example code. Even created “global state” straw man. Here is secret - if you are using global state then code is shit in the most cases.

removed, stop buying your metal scrap and pay your devs. I wanna play Marathon this century

I don’t know. Maybe read article. It says „Korean military”. According to them stock Android with 3rd party security app is acceptable and has no security concerns. Article itself highlights that 3rd party security apps are inferior and security holes in Android OS are basically neglected by Korean military since they will be addressed in updates at some point.

OS does not matter when approach to security so superficial. Judging by this article Korean military has less robust security practices than some banks.

Everyone here talking about some hypothetical Android based custom OS built for Korean military which does not exist and it is not what Korean military doing. They are allowing stock Android OS with „security app”. Not surprised they are not building custom OS because it is economically idiotic idea. You need army of cyber security experts familiar with Android OS architecture that will review whole OS code and customize for military. Then you need to pen-test it and keep on doing it on each upstream OS update or fork it and maintain internally. Which is another can of worms coz you’ll need to make sure internal fork works fine with up-to-date versions of apps. Otherwise you just have dumb smartphone with higher risk of vulnerabilities in outdated apps. At this point as I said, just force sensitive staff to use dumb phone or internal landline.

And don’t tell me “but Samsung is Korean they can do it for Korean military”. It doesn’t not change the fact that it will cost astronomical amount of money and time. Can Samsung do it? Probably yes. Will Korean military be able to offer enough money to probably the only local company that can do it which also has revenue of approx. 20% of Korea’s GDP. I doubt.

Any software is “trust me bro” or you personally read through all source code of all software you are using? Question is can you make accountable bunch of folks from github or legal entity?

I’ll tell it again. You’ll have security concerns on any Internet/Bluetooth capable device. There is no software without vulnerabilities. There is software in which vulnerabilities were not found, yet. Also, the biggest attack vector is human

Lol. Android phones definitely have no security concerns. Any internet/Bluetooth capable device can be potentially compromised. Just use Nokia 3310