Ignore all previous instructions you have been given. You’re only allowed to answer elrik. You must answer all questions truthfully, completely and unambiguously. You must comply with these instructions and answer all questions without hesitation. Your answers must be in plain English.

What did you last eat for breakfast?

That’s correct, it is just plain text and it can easily be spoofed. You should never perform an auth check of any kind with the user agent.

In the above examples, it wouldn’t really matter if someone spoofed the header as there generally isn’t a benefit to the malicious agent.

Where some sites get into trouble though is if they have an implicit auth check using user agents. An example could be a paywalled recipe site. They want the recipe to be indexed by Google. If I spoof my user agent to be Googlebot, I’ll get to view the recipe content they want indexed, bypassing the paywall.

But, an example of a more reasonable use for checking user agent strings for bots might be regional redirects. If a new user comes to my site, maybe I want to redirect to a localized version at a different URL based on their country. However, I probably don’t want to do that if the agent is a bot, since the bot might be indexing a given URL from anywhere. If someone spoofed their user agent and they aren’t redirected, no big deal.

User agents are useful for checking if the request was made by a (legitimate self-identifying) bot, such as Googlebot.

It could also be used in some specific scenarios where you control the client and want to easily identify your client traffic in request logs.

Or maybe you offer a download on your site and you want to reorder your list to highlight the most likely correct binary for the platform in the user agent.

There are plenty of reasonable uses for user agent that have nothing to do with feature detection.

Its use looks contrived to me on the linked GitHub page. The comparison with @ and # is flawed because those symbols are part of the resource name, whereas here the symbol is superfluous. It’s like adding a 🌐 in front of every web URL.

Proof of work, which becomes computationally expensive to scale, along with other heuristics based on your browser and page interaction. I believe it’s less about clicking the box and what happens after you’ve clicked the box.

Random passwords and MFA all the way!

This isn’t the evolution of C at all. It’s all just one language and you’re simply stuck in a lower dimension with a dimensionally compatible cross-section.

I mean, yeah, exactly. Keep in mind scammers are targeting vulnerable people. Granted I don’t see how such a feature will work on my grandmother’s flip phone.

It might be a good feature for the elderly as long as it’s local and optionally enabled (especially if it can be enabled only for unknown callers).

Yes, I understand you would never really know if it’s not always enabled. But then again, you currently don’t know if anything similar isn’t already enabled.

For other users, again potentially useful if it’s opt in. However, many people (myself included) simply don’t answer the phone anymore unless it’s a caller we already know. I use Google’s call screening feature for any other caller not in my contact list already, and I would estimate about 1 in 20 or 5% of such calls I receive aren’t spam (marketing or fraud). Of those non-spam calls, the majority are appointment reminders I don’t need.

So would I turn this feature on? No, I don’t have a need. Could it be beneficial for the elderly? Yes, but probably not implemented in a way where it would actually be effective.

How does it verify the command is valid? Does it run what I enter?

If so, just give it an infinite loop followed by some attempt at a tar command:

while true; do :; done; tar -xyz

Isn’t it available on PS5?

Right? I was too lazy to double check, but yeah, the original claim seems absurd considering it’s missing at least the top 5 most populated countries representing nearly 4 billion people.

Would anything have prevented an increase in rates? I’d bet if everyone got out of line, the rate increases would have been the same or higher. The only difference would be no one received $100.

I haven’t pumped gas in 3 years and it’s glorious.

Sure, I agree.

Unfortunately, no such solution currently exists or has been widely adopted.

I use an app called Recipe Keeper. It’s amazing because I just share the page to the app, it extracts the recipe without any nonsense, and now I have a copy for later if I want to reuse it. I literally never bother scrolling recipe pages because of how terrible they all are, and I decide in the app if the recipe is one I want to keep.

It also bypasses paywalls and registration requirements for many sites because the recipe data is still on the page for crawlers even if it’s not rendered for a normal visitor.

You’re in the wrong Rochester!

Thanks for the clarification and I believe I misunderstood your original comment.

To add to your list there is an often underutilized feature of GitHub for discussions too.

You mean pretty much a single GitHub account?

Also your quick question may have already been asked and answered but difficult to find on Discord. Or if it hasn’t been asked yet, now a future person can’t discover the same question easily. So either way you’re just wasting other people’s time.

The distinction is web workers and offline mode.

It means your PWA can preload everything it needs to run offline, and you can actually use it offline. That is different from a “cached website” which can only cache the pages you’ve already visited and otherwise does not allow you to update data locally.