l

Related issue: https://github.com/dtolnay/thiserror/issues/98 But I like this proposal to fix anyhow instead.

Features are enabled when at least one dependency enables it, so they should not be used for "options". Otherwise pulling in a dependency which uses this "feature" will enable it...

Related issue in criterion.rs: https://github.com/bheisler/criterion.rs/issues/443

See top plot at https://github.com/deltachat/deltachat-core-rust/pull/2382#issuecomment-826385834 for an example of how misleading PDF plots can be. Red curve suggests some values fall below 300ms, but in fact there are no runs...

Interesting, I did not know that KOReader is based on crengine. A link for reference: https://github.com/koreader/crengine

I have compared this repo with https://github.com/koreader/crengine It seems there are changes specifically fixing this bug in koreader: https://github.com/koreader/crengine/commit/81b8707216412fc095070f823600af139e508da1

This can be easily tested by running `j4-dmenu-desktop` from the terminal and typing `ls -la /proc/self/fd` into dmenu.

[Jupyter notebook](https://jupyter.org/) is another localhost web application with similar security problems. They [solved it](https://jupyter-notebook.readthedocs.io/en/5.7.4/security.html) by using tokens for authentication. When you run `jupyter notebook`, it opens an URL similar to...

@argv-minus-one Haven't thought about it, even though now I think that is the reason Jupyter documentation specifically says browsers token is one-time. > That can work if you have a...

> A secure IPC mechanism like D-Bus would also be safe, but this, too, requires special browser support that doesn't seem to exist. I think Firefox supported D-Bus at some...