HackerTrans
TopNewTrendsCommentsPastAskShowJobs

handstitched

no profile record

comments

handstitched
·29 hari yang lalu·discuss
It's a small difference, but if you had a choice between "more efficient AND less maintenance" and "less efficient and more maintenance" then it's easy to see why the permanent-magnet solution is preferred.
handstitched
·4 bulan yang lalu·discuss
It's been possible since Big Sur at least, the method for enabling it just changed woth Sonoma
handstitched
·4 bulan yang lalu·discuss
> You don't have to trust us. Git itself verifies every object by hash on the client side. If we flip a byte, git fsck rejects the entire pack.

If I were to run 'git clone https://gitdelivr.net/$repoUrl` then I would also be getting the Git repository metadata through GitDelivr. You could return any valid git repo, eg. just add one commit on top of the real main with a malicious buildscript. I dont see how this security model works at all?
handstitched
·5 bulan yang lalu·discuss
Look at the wikipedia page for any given country, and I guarantee you that it cites the CIA World Factbook at least once (and probably several times [1] ). Saying "we don't need the world factbook because we have Wikipedia" is completely ridiculous.

Wikipedia is an encyclopaedia, meaning it's not a primary source of facts but rather an aggregate of information published elsewhere.

[1] - some examples: https://en.wikipedia.org/wiki/Australia - cites the factbook 4 times; https://en.wikipedia.org/wiki/Uzbekistan - cites it twice
handstitched
·6 bulan yang lalu·discuss
This was a great read. I've used the naive approach shown in the first example before and its always felt a bit clunky, but I wasnt aware of most of these language features. I'm definitely going to try this out next time I have to write C bindings
handstitched
·7 bulan yang lalu·discuss
> secular culture is literally dying

Can you elaborate on this? It doesn't match my experience at all.
handstitched
·7 bulan yang lalu·discuss
> To me, any software engineer who tries an LLM, shrugs and says “huh, that’s interesting” and then “gets back to work” is completely failing at their actual job, which is using technology to solve problems.

I would argue that the "actual job" is simply to solve problems. The client / customer ultimately do not care what technology you use. Hell, they don't really care if there's technology at all.

And a lot of software engineers have found that using an LLM doesn't actually help solve problems, or the problems it does solve are offset by the new problems it creates.
handstitched
·10 bulan yang lalu·discuss
OP is the developer & maintainer of the affected packages, so the attacker was able to use their phished credentials to upload compromised versions to NPM.