"Request methods are considered 'safe' if their defined semantics are essentially read-only; i.e., the client does not request, and does not expect, any state change on the origin server as a result of applying a safe method to a target resource."
-RFC 9110 section 9.2.1
In practice many GET requests don't adhere to this spec. For example, when you load a page, your "view" generally changes lots of things on the backend. Those changes come back to you in ways too: for example, consider view counts on Youtube videos or X posts.
These are just conventions, one can pretty much do whatever they want in their applications. At the same time convention has its own advantages (most of the times, think about code maintenance). Its still along the excepted line as long as the mutations are side effects of the GET request. Somewhere down the line the intent is to provide a separation to easily understand the systems.
The GET request is issued to the web server for content of the HTML page and then all the scripts. Then the scripts issue POST/PUT requests to the analytics server updating the count.
I'm still surprised by the number of web developers who do not understand that, once you include someone else's Javascript on your site, they have full access to everything on your site, including all submitted customer data.
"We are also excited to make our 2026 sponsorship packages available in May for organizations interested in enhancing their visibility with event attendees."
California is not anywhere near 83% renewable for total electricity generation. [1] Are you just adding up nameplace capacities without capacity factors?
One thing about power generation stats like these is they are incredibly sensitive to examination dates given the rapid growth of (especially) solar.
That EIA site cuts off in August. The same EIA report shows solar grew 17% from 2024-2025. You can plug in your own assumptions to the solar growth curve since then, as well as your assumptions about the natural gas curve given the ride natgas has been on since August.
EIA also produces live status on the daily generation mix[1]. 69% today was wind, solar, geothermal, and hydro. 12% nuclear, so some of this is whether you consider nuclear renewable or not.
CA's power generation may cost more, but the pricing (for raw power at least) should be a lot more predictable than those of us dependent on fossil fuels. Natural gas, for example, has undergone a ~100% price round-trip in the last 12 months.
Cox Communications used to do it in California to inject JS into sites. I remember seeing little Cox popup/toast messages in the corner of other sites.
I've said it before, but Zero Trust is such a misnomer. It implies less trust in firewalls, VPNs, and other network controls, but much more trust in the ability of end-user devices to securely store and use private keys. Also, the server side has has to trust all incoming connections from the Internet enough to verify the certificates, and run a complicated TLS implementation, which can be a huge attack surface. We're sticking with WireGuard for all our internal users.
Unless you're storing your wireguard keys in your TPM somehow, what stops malware from just copying the keys out and connecting? Are you IP whitelisting every employee's house or what?
"Request methods are considered 'safe' if their defined semantics are essentially read-only; i.e., the client does not request, and does not expect, any state change on the origin server as a result of applying a safe method to a target resource." -RFC 9110 section 9.2.1
https://www.rfc-editor.org/rfc/rfc9110.html#name-safe-method...
reply