HackerTrans
TopNewTrendsCommentsPastAskShowJobs

RVuRnvbM2e

no profile record

comments

RVuRnvbM2e
·vor 18 Tagen·discuss
It's the worst delegated authorisation system except for all the others that have been tried from time to time.
RVuRnvbM2e
·vor 23 Tagen·discuss
Where's the regulation of addictive dark patterns that hook kids and adults alike? Most jurisdictions regulate gambling to reduce societal harm. Social media is little different; it just has an advertising middle man.
RVuRnvbM2e
·vor 24 Tagen·discuss
Agree. I've watched agents go around in circles or use ridiculous workarounds after being confused by rtk output.
RVuRnvbM2e
·vor 24 Tagen·discuss
I don't quite understand the advantage of this over regular oauth. I think I need an example comparison of the authz flows.
RVuRnvbM2e
·letzten Monat·discuss
Yeah the article is wrong
RVuRnvbM2e
·letzten Monat·discuss
The thing conventional commits are really helpful for is continuous delivery. Every merge to main can be automatically tagged with semver and shipped because the thought that goes into tagging and versioning has already been done by the developers when they wrote the commit message.

I fully recognise that it doesn't make sense for huge projects like the Linux kernel to do this. But for 99% of projects conventional commits combined with semver vastly improves the release process status quo and makes it easy to automate.
RVuRnvbM2e
·vor 2 Monaten·discuss
It is terribly sad when someone undeniably brilliant in a particular field fails to recognize their own incompetence in other areas - in this case mistaking advanced technology for magic.
RVuRnvbM2e
·vor 4 Monaten·discuss
Vigilant mode exists, and would have flagged the malicious commit as unverified in this case. Maybe it should be the default.

https://docs.github.com/en/authentication/managing-commit-si...
RVuRnvbM2e
·vor 4 Monaten·discuss
Someone has maintainer/admin access to the repository and has force-pushed to master overwriting the git history.

Notice that the original commit is verified: https://github.com/pedronauck/reworm/commit/df8c1803c519f599...

While the malicious one is not: https://github.com/pedronauck/reworm/commit/d50cd8c8966893c6...
RVuRnvbM2e
·vor 5 Monaten·discuss
This is just Waterfall for LLMs. What happens when you explore the problem space and need to change up the plan?
RVuRnvbM2e
·vor 5 Monaten·discuss
Another victim of the LLM-induced malaise many are calling "Deep Blue".
RVuRnvbM2e
·vor 7 Monaten·discuss
> There's also no way to shrink the memory underlying a slice.

Sorry, that is incorrect: https://pkg.go.dev/slices#Clip

> It's a common newbie mistake to think they do work like that, and write "append(s, ...)" instead of "s = append(s, ...)". It might even randomly work a lot of the time.

"append(s, ...)" without the assignment doesn't even compile. So your entire post seems like a strawman?

https://go.dev/play/p/icdOMl8A9ja

> So (generalizing) Go won't implement a feature that makes mistakes harder, if it makes the language more complicated

No, I think it is more that the compromise of complicating the language that is always made when adding features is carefully weighed in Go. Less so in other languages.
RVuRnvbM2e
·vor 7 Monaten·discuss
The reason for US economic domination starting in the 50s is the fact that society and infrastructure in the rest of the developed world had been utterly devastated by the second World War. The rate of college education is utterly irrelevant.
RVuRnvbM2e
·vor 8 Monaten·discuss
This is analogous to calling unix account separation "fragmentation". Why can't I just run all my services as root? It has worked for years!?

The answer is that it is a fragile, unmaintainable security nightmare.

Wayland has separation of concerns to fix that problem, with the tradeoffs described in the blog post.
RVuRnvbM2e
·vor 8 Monaten·discuss
I'm quite confused why this article tests foot v1.16.2, which is two years old at this point. The latest version is 1.25.0.

By contrast, the tested version of ghostty v1.2.3 is two weeks old.
RVuRnvbM2e
·vor 10 Monaten·discuss
Fucking this.

I have seen so many takes lamenting how this kind of supply chain attack is such a difficult problem to fix.

No it really isn't. It's an ecosystem and cultural problem that npm encourages huge dependency trees that make it impractical to review dependency updates so developers just don't.
RVuRnvbM2e
·vor 11 Monaten·discuss
I don't understand the point of this article. Container images are literally immutable packaged filesystems so old versions of affected packages are in old Docker images for every CVE ever patched in Debian.

How is this news?
RVuRnvbM2e
·vor 11 Monaten·discuss
This is hyperbolic.

Unpatched long-lived VMs are much more cumbersome to fix than an outdated Docker image. And good luck reproducing your long-lived VM with years of mutation-via-patch.
RVuRnvbM2e
·vor 11 Monaten·discuss
Why would you want to do this?