Completely agree. OAuth, Auth0, Okta, OIDC.

I feel like this solution hallucinated the concept of Workflow Lock File (.lock.yml), which is not available in Github Actions. This is a missing feature that would solve the security risk of changing git tag references when calling to actions like utility@v1

I think in this context they mean “lock” as in “these are the generated contents corresponding to your source markdown,” not as in “this is a lockfile.” But I think that’s a pretty confusing overlap for them to have introduced, given that a lack of strong dependency pinning is a significant ongoing pain point in GHA.

You can already hardcode the sha of a given workflow in the ref, and arguably should do that anyways.

It doesn't work for transitive dependencies, so you're reliant on third party composite actions doing their own SHA locking.

You can also configure a policy for it [0] and there are many oss tools for auto converting your workflow into a pinned hash ones. I guess OP is upset it’s not in gh CLI? Maybe a valid feature to have there even if it’s just a nicety

[0] https://github.blog/changelog/2025-08-15-github-actions-poli...

Banner text reads:

The Radical Left Democrats shut down the government. This government website will be updated periodically during the funding lapse for mission critical functions. President Trump has made it clear he wants to keep the government open and support those who feed, fuel, and clothe the American people.

For information on recreation site status on National Forest System lands, please visit https://www.fs.usda.gov/visit.

By removing ellipsis in submission title, the sentiment feels more like "not another meditation" instead of the intent "oh no!: a meditation"

98.css has this with the details html element

I see Conway's Law at work here. The marketing department must have its own IT department separate from the IT that maintains the core website and business functions. It's impossible for them to get on the same web domain (much less build something in the phone apps). Instead, they built their own disparate site and experience.

It gets worse. These German "Sparkassen" are small to at most medium sized credit unions. They are organised in a larger umbrella organisation that takes care of some of the services like IT, but the individual banks can pick and choose what and how much they want to handle themselves.

Some of them are larger and pretty well organised, but there are also a lot of small ones that just don't have the people and expertise for things like proper IT security practices. But customers trust them, because they position themselves as these local neighbourhood banks, even though most of them are pretty incompetent and will rip you off with high fees on accounts and shitty, underperforming investment products.

I had a similar thought, but I suspect that this campaign is run by the umbrella organization

It could be factored in, but many restaurants near me add a fee for credit card use, usually 2% but I've seen as high as 3.5%.

The credit card rewards usually still make sense, but sometimes I pay cash even if I might lose 0.5% on it.

Maybe more helpful would be base 256 so it renders in ascii.

Doesn't look as cool.

Only the second to last paragraph was necessary.

Derivatives approach is great and works if you're matching on some pattern like \w+, but could it work with "or" characters like (abc|def) or patterns like [a-z]+\d+