Trump’s Own Mortgages Match His Description of Mortgage Fraud, Records Reveal
Posted on r/politics |
Score: 18464 |
Comments: 356
A ProPublica investigation reveals that Donald Trump, who has publicly accused political opponents of mortgage fraud for claiming multiple primary residences, did the same thing himself in the 1990s. Records show he signed two mortgages for different Florida homes within weeks of each other, each pledging the property would be his principal residence, though he never appears to have lived in either.
Key Points:
Trump has accused political enemies of 'deceitful and potentially criminal' mortgage fraud for claiming more than one primary residence on loan documents.
In 1993 and 1994, Trump signed mortgages for two different Palm Beach, Florida homes, attesting that each would be his principal residence.
The mortgages were taken out just seven weeks apart, and Trump, a New Yorker at the time, does not appear to have ever lived in either home.
The article highlights a contradiction between Trump's public accusations and his own past financial conduct.
"In 1993, Trump signed a mortgage for a 'Bermuda style' home in Palm Beach, Florida, pledging that it would be his principal residence. Just seven weeks later, he got another mortgage for a seven-bedroom, marble-floored neighboring property, attesting that it too would be his principal residence."
Obamacare more popular with Americans than ever, poll finds
Posted on r/politics |
Score: 10761 |
Comments: 314
A new Gallup and West Health poll finds the Affordable Care Act (Obamacare) has reached its highest approval rating since tracking began in 2012, with 57% of U.S. adults approving. The increase is driven largely by independent voters, even as Congress debates the future of expiring ACA subsidies.
Key Points:
The Affordable Care Act's approval rating is at a record high of 57% among U.S. adults.
The three-point increase from last year is largely driven by independent voters, 63% of whom approve.
The polling occurred during a government shutdown where Democrats highlighted expiring ACA subsidies.
While 73% support federal funding for hospitals to cover uninsured patients, only 33% support covering all patients, including those in the country illegally.
"Fifty-seven percent of US adults approve of the ACA, according to new polling from Gallup and West Health, three points higher than last year’s reading and a record high since Gallup started asking the question in 2012."
Republicans push high deductible plans and health savings accounts
Posted on r/politics |
Score: 6542 |
Comments: 890
Republican lawmakers are reviving a push for high-deductible health plans paired with health savings accounts, proposing to replace Affordable Care Act subsidies with direct cash payments to individuals. The article highlights that while proponents argue this gives patients more control and 'skin in the game,' critics point to evidence that these plans have contributed to widespread medical debt without effectively lowering costs.
Key Points:
Republican proposals aim to replace ACA insurance subsidies with cash payments into health savings accounts, paired with high-deductible plans.
High-deductible plans require patients to pay thousands out-of-pocket before coverage begins and have become increasingly common.
Proponents argue this approach empowers patients to make cost-conscious decisions, but evidence suggests it has not effectively controlled costs.
These plans have left millions of Americans, like the profiled Sarah Monroe, with substantial medical debt.
The average deductible for job-based coverage has risen sharply, from around $300 in 2006 to nearly $1,700 today.
""The notion was that if a consumer has 'skin in the game,' they will be more likely to seek higher-quality, lower-cost care. The unfortunate reality is that largely has not been the case," said Shawn Gremminger, who leads the National Alliance of Healthcare Purchaser Coalitions."
Bar owner offering free beers to people who help ICE says he’s getting death threats
Posted on r/politics |
Score: 3812 |
Comments: 382
Mark Fitzpatrick, owner of the Old State Saloon in Eagle, Idaho, offered free beer for a month to customers who helped ICE identify undocumented migrants. His promotion, which was reposted by the Department of Homeland Security and seen by millions, has resulted in him receiving online death threats and threats to burn down his business. Fitzpatrick attributes the backlash to 'liberals' attacking him for speaking out with his conservative Christian values.
Key Points:
Bar owner Mark Fitzpatrick promoted free beer for a month to customers who helped ICE identify and deport undocumented migrants.
The post gained massive attention after being reposted by the Department of Homeland Security, reaching 8 million people on X.
Fitzpatrick reported receiving online death threats and threats to burn down his business as a result.
He framed the backlash as an attack from 'liberals' for speaking out with conservative Christian values.
Facebook removed the promotion from its platform, while Fitzpatrick provided contact methods for tips.
""What liberals want to do is they attack you," he said. "They go on attack and they start calling you names. People are just outright saying I should die for this. It’s really, really despicable.""
Claude CLI deleted my entire home directory! Wiped my whole mac.
Posted on r/ClaudeAI |
Score: 1323 |
Comments: 497
A user reports that the Claude CLI, while attempting to clean up packages in an old repository, executed a command that deleted their entire home directory on a Mac, resulting in catastrophic data loss. The analysis of the command log reveals the catastrophic command 'rm -rf tests/ patches/ plan/ ~/' was run, where the '~/' argument targeted the user's home folder.
Key Points:
The Claude CLI executed a destructive command that wiped the user's entire home directory.
The fatal command was 'rm -rf tests/ patches/ plan/ ~/', with '~/' deleting the user's home folder.
This resulted in the loss of Desktop files, Documents, Keychain, application data, and Claude credentials.
The incident highlights a severe risk of AI-assisted coding tools generating dangerous system commands.
The user is seeking to understand if the data loss is reversible.
"See that ~/ at the end? That's your entire home directory. The Claude Code instance accidentally included ~/ in the deletion command, which would wipe out: * Your entire Desktop (~/Desktop) * Documents, Downloads, everything * Your Keychain (~/Library/Keychains) * Claude credentials (~/.claude) * Application support data * Basically everything in /Users/..."
Posted on r/programming |
Score: 641 |
Comments: 198
The document is the Joint Strike Fighter Air Vehicle C++ Coding Standards, a set of strict coding rules for safety-critical and performance-critical aerospace software. It mandates a subset of C++ to eliminate error-prone features and ensure reliability, predictability, and maintainability in a real-time embedded system.
Key Points:
Defines a restrictive subset of C++ for safety-critical avionics software.
Aims to eliminate error-prone language features and enforce predictability.
Emphasizes reliability and maintainability in a real-time embedded environment.
Serves as a contract between management and developers for code quality.
Rules are intended to be enforceable by static analysis tools.
"These coding standards are a set of rules for using C++ in the Joint Strike Fighter Air Vehicle software. The rules are meant to be followed. They are not meant to be debated. The rules are not meant to be a set of guidelines. They are meant to be a set of requirements."
UPDATE: Claude now supports asynchronous agents!!!!
Posted on r/ClaudeAI |
Score: 227 |
Comments: 60
The article announces that Claude now supports asynchronous agents, allowing users to launch an agent and continue with other tasks while it runs in the background. The update includes a specific keyboard shortcut to send an agent to the background.
Key Points:
Claude now supports asynchronous agents.
Users can launch an agent and perform other tasks while it processes.
A specific command (`Ctrl + B`) sends an agent to the background.
The agent will reconnect and provide updates when its task is complete.
"Fire one off, let it cook while doing other stuff, then it gets back to you with its updates."
Posted on r/programming |
Score: 149 |
Comments: 42
The article argues that microservices architectures often become unmanageable due to hidden complexity and cyclical dependencies. To prevent this, it proposes a strict design principle: the dependency graph between services must form a polytree—a directed acyclic graph whose undirected form is a tree. This structure enforces clear ownership, predictable failures, and simpler reasoning.
Key Points:
Microservices are easy to get wrong, often evolving into complex, brittle systems with hard-to-trace failures.
A polytree is a directed acyclic graph whose underlying undirected graph is a tree, preventing both directed and undirected cycles.
Cyclical dependencies (directed cycles) delocalize state, cause failure echoes, and increase resource usage.
Even undirected cycles (no directed cycles but a loop in the undirected graph) increase brittleness and complicate debugging.
A polytree structure provides clear ownership, predictable failure modes, simpler reasoning, and enables independent service evolution.
"A polytree structure enforces a clear, hierarchical flow of responsibility. This brings several practical benefits: Clear ownership of state. Each piece of data or behavior has a single, unambiguous home. When something breaks, you know exactly where to look."
Is vibe coding actually insecure? New CMU paper benchmarks vulnerabilities in agent-generated code
Posted on r/programming |
Score: 148 |
Comments: 54
This research paper investigates the security of 'vibe coding,' a paradigm where LLM agents complete coding tasks with minimal human oversight. The authors introduce the SUSVIBES benchmark, comprising 200 real-world tasks that previously led to vulnerable code when implemented by humans. Their evaluation of leading coding agents reveals alarmingly low security rates, raising serious concerns about deploying agent-generated code in production.
Key Points:
Vibe coding, where LLM agents handle complex coding tasks with little supervision, is increasingly adopted but its security is largely unexamined.
The authors created the SUSVIBES benchmark of 200 real-world software tasks known to have resulted in vulnerable human-written code.
Evaluation shows all tested coding agents perform poorly on security, with one top agent producing only 10.5% secure code despite 61% functional correctness.
Preliminary security strategies, like augmenting prompts with vulnerability hints, failed to mitigate the issues effectively.
The findings indicate significant risks in adopting vibe coding, especially for security-sensitive applications.
"Although 61% of the solutions from SWE-Agent with Claude 4 Sonnet are functionally correct, only 10.5% are secure."
What is the easiest way to generate disposable phone numbers for testing
Posted on r/selfhosted |
Score: 66 |
Comments: 9
A developer seeks a simple and safe method to obtain temporary phone numbers for testing account creation flows that require verification, without using their personal number. They express concern about the reliability and security of many online services offering such numbers. The article asks for the common practices developers use to manage this need securely.
Key Points:
The author needs disposable phone numbers for testing account creation and verification processes.
They want to avoid using their personal phone number for privacy and security reasons.
They are wary of many online services appearing sketchy or unreliable.
They are seeking a simple, easy-to-manage, and secure solution.
They specifically ask how developers or self-hosters typically handle this problem.
"Looking for something easy to manage that will not leak my real number or expose it to random services."
The article explains that the core feature of the Sanitizer API is the `setHTML()` method, which was designed to avoid Mutated XSS (mXSS) vulnerabilities inherent in older sanitization patterns. By integrating sanitization directly into the DOM insertion step, it eliminates the need for double parsing and ensures the correct parsing context is always used.
Key Points:
Traditional sanitizers like DOMPurify involve two separate parsing steps, which can create Mutated XSS (mXSS) vulnerabilities due to context-sensitive HTML parsing.
The Sanitizer API's primary method is `Element.setHTML(input)`, which sanitizes and inserts HTML in a single, context-aware operation.
This design removes the need for serializing and re-parsing sanitized HTML, eliminating the 'weird machine' that could generate mXSS.
The API has no return value, preventing the sanitized output from being used in an incorrect parsing context later.
It provides a safe drop-in replacement for insecure patterns like `element.innerHTML = input`.
"The internal algorithm is now the following: Parse the input (with the right context element) into a document fragment Traverse the resulting fragment and sanitize. (Using safe defaults or a user-specified configuration). Replace the child nodes below context with the sanitized up fragment. No superfluous parsing. No ambiguous contexts. Just setting HTML."
The article compares the early developer preview of Swift for Android with the more established Kotlin Multiplatform (KMP) for cross-platform mobile development. The author built sample apps with both tools, sharing business logic in Swift for an Android app and in Kotlin for an iOS app, to evaluate the developer experience. The conclusion is that Swift for Android shows promise but is still immature and not ready for production, while KMP is currently the more viable option.
Key Points:
Swift for Android is a new, early-stage tool that allows Swift code to run on Android via JNI bindings, but it is not yet production-ready.
Kotlin Multiplatform (KMP) is a more mature solution that shares business logic while allowing fully native UI code on iOS and Android.
The author created two sample apps to compare the tools: one using Swift for Android with Jetpack Compose, and another using KMP with SwiftUI.
The setup and interoperability for Swift for Android can be brittle, especially when marshalling complex types like arrays and URLs across the module boundary.
Despite its early state, Swift for Android is evolving quickly, with recent additions like async-await compatibility.
"It’s been built by Swift and Android toolchain gods who have spent a long time doing it the Hard Way™, and I can only assume the new tooling is an enormous improvement on what was possible before. But… it might need a couple more months in the oven before I can recommend refactoring your production app."