For performance reasons, you might not want to wait for promises to resolve in your load function, though. My app got way faster once I switched to streaming promises.
I'm admittedly a JS/TS and Svelte novice, but I think you can still do the transformations within your load function, just making sure they're part of a promise you return.
So, I verified the bug, but this happened to a friend of mine (she lost gigabytes of data). And Apple Support tried to help, and couldn't, and as a consolation prize she got a Thunderbolt external drive. Which was particularly insulting. "We suck so much at handling your data, you should probably do it yourself!"
“the servers” could be read many ways. Doesn't necessarily mean direct access to all their data. Doesn't mean unilateral access as alleged. The slides we have don't give enough detail to allege direct and unilateral access. Especially in light of companies, NSA, NYT sources all denying this.
"Directly from" means direct access, "the servers of" means the servers controlled by. That's the only plausible reading. The thing is it doesn't necessarily mean "all of the servers of" however indirect or mediated access would be contrary to the slide's plain language, and if these were mediating servers controlled by the other company that would be quite misleading to the NSA employee audience.
If they can snoop SSL'd content, that would be a bombshell. Many of the implicated companies use SSL for most of their properties. FB is all over SSL, for example.
For stuff in FB, FB could be pushing that target-specific data to collection points in real-ish time. Instead of doing daily dumps, you just provide a targeted stream of data.
To the contrary, there is an infinite number of uses. And this isn't a hole. This is HOW. JAVASCRIPT. WORKS. Period.
There seems to be a misperception that the URL you see on hover is 100% where you'll go if you click it. No. It's just representing the current state of the href. JS owns the DOM and its interactions. If it wants to intercept a click and rewrite an href or do an e.preventDefault() or redirect with window.location, that is its prerogative. That is the power that it is intended to have. It is this power which makes the modern web work.
If we can't teach people to look at the location bar and check domain names and SSL-related colors and icons, we can't help them avoid phishing. Restricting what basic JS can do so that the possibly fictitious group of people who check the status bar on hover but don't check their location bar can be protected is a terrible, terrible idea.
Seems entirely expected. When you open in a new tab, you're just taking the (existing) href and opening it in a new tab. No JS executes because you've opened a new tab, completely unrelated to the previous context.
We don't currently have any interest in moving to a database abstraction layer. We do, however, allow you to drop in a db.php file that can replace the core database portion. That's not abstraction (you'll have to rewrite any MySQL-isms to be compatible with your DB of choice), but it is an option for people who absolutely cannot run MySQL. Microsoft wrote a WordPress plugin to do something like that: http://wordpress.org/extend/plugins/wordpress-database-abstr...
