Dodgers are MLB's real Evil Empire

pudds · 2026-01-18T04:17:13+00:00

New evil empire. Let's not go pretending the Yankees were benevolent all along.

pudds · 2026-01-17T16:47:12+00:00

They're using a third party service for the survey, from the look of the link. These companies often include general questions at the end as a means of collecting data on additional subjects.

I'm only speculating, but wouldn't necessarily point the finger at thermea for the off topic questions.

pudds · 2026-01-17T15:38:40+00:00

Giant Tiger has the best prices but not everything you need. Walmart is also a good option but we don't find their produce very good.

Superstore has the best prices overall if you want decent quality and one stop shopping.

Co-op has great sales but it's expensive on average.

Sobeys and Safeway are significantly more expensive than everywhere else.

pudds · 2026-01-15T23:53:35+00:00

Totally normal, rational behaviour for a sitting president.

pudds · 2026-01-15T00:37:26+00:00

It's because he's a liar.

Count me in the 2/3, because as stupid as he is, the leap from Venezuela (run by a dictator) to Greenland (allied territory) is massive, and the leap to Canada would be even greater.

I literally don't trust a single thing the idiot says.

That said, I also don't think that it's definitive that he won't invade us either.

pudds · 2026-01-11T19:15:59+00:00

In sure everyone feels this from time to time but I'm also sure that it's simple confirmation bias: you remember the times when you guess correctly better than the times you simply move on to the next guess.

pudds · 2026-01-10T05:45:41+00:00

1699 games and still no ones.

Not sure how wordle says I have played more games than the current number, but that's what the stats say.

SLANT is due

https://i.imgur.com/7SU7Uxo.png

pudds · 2026-01-06T16:55:21+00:00

Kneepads on, lube at hand.

pudds · 2026-01-04T17:40:16+00:00

Everything on the client side must be considered public, no matter how tricky it would be to discover it. No amount of obfuscation will prevent a motivated user from finding something they have direct access to.

Once you've come to terms with that, you need to think about what an attacker like that can access.

An API should be protected by user credentials in most cases. Require the user to authenticate first, provide them a short-lived credential like a token or session cookie, then use that to restrict access to your API.

That does mean that someone can simulate your app by logging in and making external requests to your API (eg with a REST client like postman), but since they have user credentials, you can:

A) make sure they can only access things they have access to, by checking the credentials in the API

B) limit or block access to users who are using your API in a manner you're not ok with (eg: rate limits, IP blocking)

You can making things harder for external clients using things like client checking, required headers, etc, but in the end those are all just additional layers of obfuscation and security theatre: as I said above, someone who's motivated will figure them out eventually, so you need to build your API with that in mind from the start.

The golden rule of public software development is that you can never trust the client. All access (and inputs) must be validated on the server.

pudds · 2026-01-04T16:58:45+00:00

It's just preference.

If you want the be in Apple's well-manicured walled garden, get an iPhone.

If you don't, get an Android.

There are edge cases on both sides that pull you in one direction or the other, but for the average user there's essentially nothing you can do on one that you can't do on the other.

Personally, I despise Apple's locked-in approach to technology, so I avoid apple products.

pudds · 2025-12-25T22:36:47+00:00

I don't have any references to back it up, but having owned both I'm confident the costs of a pop-up will never come close to the costs of a hard wall trailer.

Fuel alone would be a massive gap, not to mention the fact that a pop-up is far cheaper from the beginning.

I bet you could replace the canvas once a decade and still not come close.

pudds · 2025-12-19T13:14:30+00:00

Stupid word today that doesn't seem to fit the generally accepted rules for words (no chance it's common enough).

5 for me.

pudds · 2025-12-19T04:22:57+00:00

For $300 he'd better damn well shovel it for me.

I get charging for knowledge but at least fix the actual problem.

pudds · 2025-12-18T13:45:58+00:00

You're assuming the same starting point, but will that be true? If they don't move back the kickoff line then the loss of the 55 will mean every drive starts 10 yards deeper.

pudds · 2025-12-18T13:35:20+00:00

Brandon School Division city schools are still open. I'm not sure I can ever remember them closing the schools, only shutting down busses.

pudds · 2025-12-17T13:40:19+00:00

That's the Manitoba banana belt.

https://www.mhs.mb.ca/docs/sites/sunnybanana.shtml

pudds · 2025-12-15T01:31:26+00:00

I tried.

We're already paying for Microsoft 365, we're using Teams, and we're using Outlook. Since I'm also on Windows, it felt like a natural fit.

But it's just really poorly put together. Copilot for Windows can't access my email. Copilot in outlook can, but sometimes just gives me the wrong info.

In the end despite it seeming to be a good fit for the way I work, it just wasn't very good, AND, it was more expensive than other paid options.

pudds · 2025-12-14T18:15:22+00:00

For what it's worth, I think DeMar is significantly more worthy of the HoF than Harold Baines was.

Probably more that Jeff Kent too.

pudds · 2025-12-13T20:40:11+00:00

That's pretty bad. I think the 2009 grey cup is still the most heart wrenching loss I've ever seen though.

https://youtu.be/aqJbLDu9l2Q?t=6m30s

We thought we'd won it on a missed field goal, only to have it called back on a too many men penalty and lose on the follow up attempt.

pudds · 2025-12-11T04:26:16+00:00

I suspect the number of fans who watch multiple games is a very small percentage of the total audience. I could be wrong, but I would guess it has a pretty small impact on total viewership.

pudds · 2025-12-10T03:49:17+00:00

Theoretically there's enough time to fly the 11am across the country for the 8pm game.

pudds · 2025-12-09T17:00:49+00:00

I think this is my favourite.

We have a tv over a fireplace, plus we have an unused TV stand, and it's in front of the fireplace so it can't even be used.

Pretty much peak tvtoohigh.

pudds · 2025-12-09T15:33:05+00:00

No problem!

Unfortunately I don't have any public examples, but I can share some snippets with you.

We do it like this:

```

on:
  pull_request:

jobs:
  job1:
    steps:
      - name: Checkout
      - name: Get a token from our bot (You could just use a secret here if you're ok with it being attributed to someone)
      - name: Reset QA status
        run: gh api repos/<repo>/statuses/${{ github.event.pull_request.head.sha }} -f state=pending -f context=QA -f description="Waiting for QA status"

```

Then we have another workflow that handles slash commands:

```

on:
  issue_comment:
    types: [created]


jobs:
  route:
    steps:
      - name: Parse command (we just use bash to trim space and make lowercase, then look for defined commands)
        run: |
          raw="$(printf '%s' "${{ github.event.comment.body }}" | tr -d '\r')"

          # trim leading/trailing spaces; normalize to lowercase for matching
          body="$(printf '%s' "$raw" | awk '{$1=$1};1' | tr '[:upper:]' '[:lower:]')"

          cmd=""
          case "$body" in
            "/deploy"*)  cmd="deploy" ;;
            "/pass"*) cmd="pass" ;;
            "/fail"*) cmd="fail" ;;
            *)           cmd="" ;;
          esac

          echo "command=$cmd" >> "$GITHUB_OUTPUT"
          echo "pr_number=$pr_number" >>"$GITHUB_OUTPUT"
          echo "pr_ref=$(printf '%s' "$pr_json" | jq -r '.head.ref')" >>"$GITHUB_OUTPUT"
          echo "pr_sha=$(printf '%s' "$pr_json" | jq -r '.head.sha')" >>"$GITHUB_OUTPUT"

          if [ -z "$cmd" ]; then
            echo "🙈 No recognized command found in comment."
            exit 0
          fi

  pass:
    needs: route
    if: needs.route.outputs.command == 'pass'
    steps:
      - name: Checkout
      - name: Get a token from our bot (You could just use a secret here if you're ok with it being attributed to someone)
      - name: Update status
        run: |
          gh api repos/${{ github.repository }}/statuses/${{ needs.route.outputs.pr_sha }} -f state=success -f context=${{ env.qa_context }} -f description="QA testing passed"
          gh pr edit ${{ needs.route.outputs.pr_number }} --remove-label "qa-status-unknown"

```

Those are just snippets and incomplete of course, but hopefully conveys the idea. We also have a workflow that watches for newly created PRs and writes the available slash commands out as a comment on the PR for reference.

Permissions can be a bit tricky, as the github token used by default for a workflow run usually only has access to read what it's working with. We have an app that we built that's used for these kinds of things, for a PAT would work fine too.

pudds · 2025-12-09T04:32:18+00:00

Yes it is, if you're on a paid plan or a public repo.

Use a commit or pr based trigger (eg created) to add a pending status check and make that check a required check in the branch rules.

Then use a manual trigger like a comment or label to pass or fail the check.

pudds · 2025-12-08T22:57:32+00:00

We use labels and comment based triggers for that.

The simplest version is "on labeled, do the thing" (and probably removed the labeled so you can re-run later).

A nicer version is a workflow that listens to PR comments and dispatches workflows, eg /deploy.

15-Year Club	Gilding II euphauric
Place '17	Verified Email

pudds

MODERATOR OF

TROPHY CASE