Of course I don’t browse the web with the command line.

That's my point. Browsing the web with a command line tool is obnoxious - you use a GUI for tasks that you find easier/more pleasant to do with a GUI. The difference is where that line is. When I'm reviewing what work I've done and checking through my code for debugging statements and other cruft I don't want to push, I prefer to have a nice tree view of my change set where I can click on an item, see what I've changed, select lines and stage them, select other lines and revert them, etc. I could do all of that with command line tools (though not that many have mouse support) but I already know how to do exactly what I want with VSC so why would I use anything else?

You’re already programming! Just learn the tool!

If someone is incapable of learning the tool, that's an issue if they're a developer. But your statement implies that everyone should use the CLI for everything. My point is that it's a matter of preference. The CLI is not superior and GUIs aren't superior. They're both just tools and if you can get your job done quickly and efficiently, that's all that should matter.

Do you use the command line for everything? Do you edit with vim, view diffs with git diff, browse the web with links or lynx?

GUIs are useful tools. I’m happy with VSCode’s git integration. It’s just what I need for basic stuff like staging files and committing. I use the CLI whenever I want to do something like rebasing because I can type that command faster than I can figure out the GUI, but it would be stupid to artificially force myself to use the CLI for everything because of some kind of principal.

I assume you’re implying my confidence is due to having limited competence and thus overestimating my competence? The fact that I have imposter syndrome when I imaging trying to be a professional electrical engineer (despite having a degree) seems counter to your presumed argument.

I can see how systems engineering could fit into that role but the project/program managers I’ve talked to were much more focused on management than engineering

Part of it is an HTTP/RPC interface, but that's not the party I want to test.

I’ve been using GitLab for years. I have a GitHub account but at this point I only use it to contribute to other projects.

GitLab. You can use their SaaS offering (gitlab.com) or run the open source version on your own server(s).

I wouldn't say it was a shit university, part of it is that I knew how to write code before I got there. But the CS program wasn't great. My entire point is, if someone has a CS degree from University X and you don't know if that program at that university is any good, the degree is meaningless. If the university's CS program isn't any good, you can't count on the degree meaning anything.

I prefer the first method because it reduces the number of empty lines I have to scroll past and visually filter out

Degrees are meaningless, excepting places like CalTech. I’ve known too many ‘programmers’ who had a CS degree yet were damn near useless to think otherwise. Not to mention my own CS degree taught me almost nothing.

I’d have to be living under a particularly large rock to be unaware of that. “It’s memory safe” isn’t that big of a deal to me. Even building concurrent systems, memory safety has never been a significant issue for me with Go.

There are certainly situations where it would be valuable to be able to place limits on what can be imported, but I can't imagine trying to work with a language that was completely devoid of imports. Because that would mean 100% of your source would have to be in a single file, which sounds absolutely awful for anything but the most trivial applications.

Interesting, but I have no interest in retraining myself when I have tools that already work

monopoly: the exclusive possession or control of the supply of or trade in a commodity or service.

GitHub is not a monopoly: it has competition. If you're upset about it's market share, switch to GitLab, Bitbucket, or host your own instance. If you're upset about people not being aware of the other options, be an advocate and spread awareness of the alternatives.

User provided content (post using custom emojis) caused havoc when processing (doesn’t matter if on server or on client). This is lack of sanitization of user-provided-data.

100%. Always act as though user provided content is malicious.

JavaScript (TypeScript) has access to cookies (and thus JWT). This should be handled by web browser, not JS.

Uh... what? JavaScript is a client-side language (unless you're using NodeJS, which Lemmy is not). Which means JavaScript runs in the browser. And that JavaScript has access to cookies, that's just a basic part of how web browsers work. Lemmy can't do anything to prevent that.

How the attacker got those JWTs? JavaScript sent them to him? Web browser sent them to him when requesting resources form his server? This is lack of site isolation, one web page should not have access to other domains, requesting data form them or sending data to them.

Again, Lemmy can't do anything about that. Once there's a vulnerability that allows an attacker to inject arbitrary JS into the site, Lemmy can't do anything to prevent that JS from making requests.

Then, if they want to administer something, they should log-in using separate username + password into separate log-in form and display completely different web page

On the backend you'd still have a single system which kind of defeats the purpose. Unless you're proposing a completely independent backend? Because that would be a massive PITA to build and would drastically increase the system's complexity and reduce maintainability.