HackerLangs
TopNewTrendsCommentsPastAskShowJobs

silverwind

809 karmajoined il y a 13 ans

Submissions

Gitea 1.26.0

blog.gitea.com
7 points·by silverwind·il y a 3 mois·0 comments

Gitea 1.19

blog.gitea.io
167 points·by silverwind·il y a 3 ans·84 comments

comments

silverwind
·avant-hier·discuss
Yes, tsconfig is a mess to scope. It needs a re-design to allow glob-based matching for all options and in typescript instead of jsonc.
silverwind
·il y a 3 jours·discuss
Seems they not running these agents with the same permissions of the user prompting them, what a disaster.
silverwind
·il y a 9 jours·discuss
I think tsdown is much better suited for CLI and library builds. Vite has many web-isms that don't matter for these.
silverwind
·le mois dernier·discuss
Yeah, a missed opportunity. But I'm sure such a compiler will eventually arise.
silverwind
·il y a 2 mois·discuss
True, sometimes a Claude answer is so on the spot, it'd a waste to not post it alongside your short summary.
silverwind
·il y a 2 mois·discuss
PR spam is a major problems for repo that run bounties. Maybe GitHub should temporarily block accounts from raising PRs if like 95%+ of them are getting rejected.
silverwind
·il y a 2 mois·discuss
Knowing them, I expect a release probably next week, have fun in production with it.
silverwind
·il y a 2 mois·discuss
It'll always be a cat-and-mouse game. If npm adds protections, it'll only yield false-positives and workarounds will be trivial.
silverwind
·il y a 2 mois·discuss
Almost all these recent compromises seem to involve either cache poisoning or prompt injection via untrusted variables.
silverwind
·il y a 2 mois·discuss
Python had these too, no ecosystem is safe.
silverwind
·il y a 2 mois·discuss
I think it's just a case of brain drain, followed by reckless AI adoption which both drove the quality down.
silverwind
·il y a 2 mois·discuss
All those forks turned out to be inferior projects with substantially less contributions than the originals.
silverwind
·il y a 2 mois·discuss
It's definitely helpful to know whether a PR was AI-assisted or not and the git attribution line is a simple and effective way of communicating that.

I also recommend specifying model name and version so the maintainer knows upfront the level of slop they are dealing with.
silverwind
·il y a 2 mois·discuss
I'm going even simpler, just bare docker with a idempotent bash wrapper.
silverwind
·il y a 2 mois·discuss
I hope Node eventually gets a WebSocket server like Bun has.
silverwind
·il y a 2 mois·discuss
Problem with Go is the type system is rudimentary, so you can't "restrict" AIs as well as you could in Typescript.
silverwind
·il y a 2 mois·discuss
https://www.typescriptlang.org/tsconfig/#erasableSyntaxOnly covers them all, I strongly recommend running with that option enabled to be future-proof.
silverwind
·il y a 2 mois·discuss
Modern Typescript does not need runtime features.
silverwind
·il y a 2 mois·discuss
Maybe now people can stop blaming npm and realize none of these unreviewed package ecosystem are safe.
silverwind
·il y a 2 mois·discuss
Could that be the explanation for the recently increased token use?