HackerTrans
TopNewTrendsCommentsPastAskShowJobs

rarkins

no profile record

comments

rarkins
·6 mesi fa·discuss
1. Set a default label for issues (e.g. “autoclose”) 2. Make your auto closing and locking logic based on that label (eg the label-actions github action) 3. As a maintainer, remember to remove the label when creating an issue!
rarkins
·8 mesi fa·discuss
This seems to me to be the most likely explanation. Someone important and/or rich wants something memory-holed and the archive sites are amongst the last to contain the content, so someone else is creating a facade organization as an attempt to get it taken down in every way possible. And yes it's entirely possible that the archive sites have multiple "enemies".
rarkins
·10 mesi fa·discuss
I posted something similar to X yesterday: https://x.com/rarkins/status/1966785560556511489

What was even worse than there being dupe ChatGPT apps in the Mac app store was that Perplexity and Gemini both recommended installing chatgpt dot macupdate dot com as if it was the official app.
rarkins
·anno scorso·discuss
Hi, Renovate author/maintainer here.

The affected repo has now been taken down, so I am writing this partly from memory, but I believe the scenario is:

1. An attacker had write access to the tj-actions/changed-files repo

2. The attacker chose to spoof a Renovate commit, in fact they spoofed the most recent commit in the same repo, which came from Renovate

3. Important: this spoofing of commits wasn't done to "trick" a maintainer into accepting any PR, instead it was just to obfuscate it a little. It was an orphan commit and not on top of main or any other branch

4. As you'd expect, the commit showed up as Unverified, although if we're being realistic, most people don't look at that or enforce signed commits only (the real bot signs its commits)

5. Kind of unrelated, but the "real" Renovate Bot - just like Dependabot presumably - then started proposing PRs to update the action, like it does any other outdated dependency

6. Some people had automerging of such updates enabled, but this is not Renovate's default behavior. Even without automerging, an action like this might be able to achieve its aim only with a PR, if it's run as part of PR builds

7. This incident has reminded that many people mistakenly assume that git tags are immutable, especially if they are in semver format. Although it's rare for such tags to be changed, they are not immutable by design
rarkins
·2 anni fa·discuss
Instapaper user here, with same questions
rarkins
·2 anni fa·discuss
Renovate's TS tooling seems to work fine otherwise, and for ts-remove-unused as a new tool wanting to get adoption then you should be aiming to work the way your users already work, and not fail + tell them that they are the ones which need to change.

BTW the VSCode extension which someone else linked to discovered everything perfectly, which is another hint that your tool needs to improve, not your users.

Even if tsconfig.json was very important, and the users are all wrong and you're right, the only thing your readme says is: "The CLI will respect the tsconfig.json for loading source files." which is insufficient.
rarkins
·2 anni fa·discuss
I tried it on https://github.com/renovatebot/renovate

It deleted 100s of files, most of which were Jest test files, and potentially all of which were a mistake. I restored them all with `git restore $(git ls-files -d)`.

I then ran `tsc` on the remaining _modified_ files and `Found 3920 errors in 511 files.`

Obviously at that point I had no choice but to discard all changes and unfortunately I would not recommend this for others to even try.