HackerLangs
TopNewTrendsCommentsPastAskShowJobs

silverwind

809 karmajoined 13 tahun yang lalu

Submissions

Gitea 1.26.0

blog.gitea.com
7 points·by silverwind·3 bulan yang lalu·0 comments

Gitea 1.19

blog.gitea.io
167 points·by silverwind·3 tahun yang lalu·84 comments

comments

silverwind
·kemarin dulu·discuss
Yes, tsconfig is a mess to scope. It needs a re-design to allow glob-based matching for all options and in typescript instead of jsonc.
silverwind
·3 hari yang lalu·discuss
Seems they not running these agents with the same permissions of the user prompting them, what a disaster.
silverwind
·9 hari yang lalu·discuss
I think tsdown is much better suited for CLI and library builds. Vite has many web-isms that don't matter for these.
silverwind
·bulan lalu·discuss
Yeah, a missed opportunity. But I'm sure such a compiler will eventually arise.
silverwind
·2 bulan yang lalu·discuss
True, sometimes a Claude answer is so on the spot, it'd a waste to not post it alongside your short summary.
silverwind
·2 bulan yang lalu·discuss
PR spam is a major problems for repo that run bounties. Maybe GitHub should temporarily block accounts from raising PRs if like 95%+ of them are getting rejected.
silverwind
·2 bulan yang lalu·discuss
Knowing them, I expect a release probably next week, have fun in production with it.
silverwind
·2 bulan yang lalu·discuss
It'll always be a cat-and-mouse game. If npm adds protections, it'll only yield false-positives and workarounds will be trivial.
silverwind
·2 bulan yang lalu·discuss
Almost all these recent compromises seem to involve either cache poisoning or prompt injection via untrusted variables.
silverwind
·2 bulan yang lalu·discuss
Python had these too, no ecosystem is safe.
silverwind
·2 bulan yang lalu·discuss
I think it's just a case of brain drain, followed by reckless AI adoption which both drove the quality down.
silverwind
·2 bulan yang lalu·discuss
All those forks turned out to be inferior projects with substantially less contributions than the originals.
silverwind
·2 bulan yang lalu·discuss
It's definitely helpful to know whether a PR was AI-assisted or not and the git attribution line is a simple and effective way of communicating that.

I also recommend specifying model name and version so the maintainer knows upfront the level of slop they are dealing with.
silverwind
·2 bulan yang lalu·discuss
I'm going even simpler, just bare docker with a idempotent bash wrapper.
silverwind
·2 bulan yang lalu·discuss
I hope Node eventually gets a WebSocket server like Bun has.
silverwind
·2 bulan yang lalu·discuss
Problem with Go is the type system is rudimentary, so you can't "restrict" AIs as well as you could in Typescript.
silverwind
·2 bulan yang lalu·discuss
https://www.typescriptlang.org/tsconfig/#erasableSyntaxOnly covers them all, I strongly recommend running with that option enabled to be future-proof.
silverwind
·2 bulan yang lalu·discuss
Modern Typescript does not need runtime features.
silverwind
·2 bulan yang lalu·discuss
Maybe now people can stop blaming npm and realize none of these unreviewed package ecosystem are safe.
silverwind
·2 bulan yang lalu·discuss
Could that be the explanation for the recently increased token use?