“30% of viewing” I think clearly means either time played or items played. I’ve never worked with a data team that would possibly write that and mean users.

If it was a stat about users they’d say “of users”, “of members”, “of active watchers”, or similar. If they wanted to be ambiguous they’d say “has reached 30% adoption” or something.

Agreed, but this is the internet, the ultimate domain of pedantry, and they didn't say it explicitly, so I'm not going to put words in their mouth just to have a circular discussion about why I'm claiming they said something they didn't technically say, which is why I asked "Where did it say that" at the very top.

Also, either way, my point was and still stands: it doesn't say 30% of devices have hardware encoding.

I am not in data science so I can not validate your comment, but 30% of viewing I would assume mean users or unique/discreet viewing sessions and not watched minutes. I would appreciate it if Netflix would clarify.

The endpoint is not whatever the client asks for. It's marked specifically as exposed to the user with "use server". Of course the people who designed this recognize that this is designing an RPC system.

A similar bug could be introduced in the implementation of other RPC systems too. It's not entirely specific to this design.

(I contribute to React but not really on RSC.)

”use server” is not required for this vulnerability to be exploitable.

wait I'm only using React for SPA (no server rendering)

am I also vulnerable??????

Only if you are running a vulnerable version of Next.js server.

No, unless you run the React Server Component runtime on your server, which you wouldn't do with a SPA, you would just serve a static bundle.

so any package could declare some modules as “use server” and they’d be callable, whether the RSC server owner wanted them to or not? That seems less than ideal.

The vulnerability exists in the transport mechanism in affected versions. Default installs without custom code are also vulnerable even if they do not use any server components / server functions.

ZDR is a risk thing for them. They want to make sure you're a legitimate company and have monitoring in place on your side to reduce the chance you're using them for illegal things.

“360 degree peer review” isn’t a thing, the whole idea is that a 360 includes feedback from both your manager and your peers, that’s what distinguishes it from a 180!

:)

Tell that to the HR people!

I was once 'asked' to rate all my colleagues in a excel sheet so HR had 'something to base their evaluation on' smh

You need to enable the new code interpreter mode: https://simonwillison.net/2025/Sep/9/claude-code-interpreter...

Interesting, enable those setting and the claude on claude.ai become claude code, and it try to run everything on claude container like it owns the machine. I don't want that.

Website says "Up to 27 hours video playback", which is apparently 7–8 hours more than the iPhones 13–15 and 4–5 more than the 13–15 Pro. Also normally their battery estimates are conservative.

These days the question is more about continuous use of Gmaps.

TIL, thanks! I know Postgres and MySQL don’t include an equivalent.

These startups (and a handful of others) are what I meant!

What others do you know of?

Feldera, RisingWave, DeltaStream, Epsio, Decodable, Confluent all seem to have some offerings in this space. Probably others too!

Feldera

Half factor authentication, then, since either one will work.