HackerTrans
トップ新着トレンドコメント過去質問紹介求人

handstitched

no profile record

コメント

handstitched
·29 日前·議論
It's a small difference, but if you had a choice between "more efficient AND less maintenance" and "less efficient and more maintenance" then it's easy to see why the permanent-magnet solution is preferred.
handstitched
·4 か月前·議論
It's been possible since Big Sur at least, the method for enabling it just changed woth Sonoma
handstitched
·4 か月前·議論
> You don't have to trust us. Git itself verifies every object by hash on the client side. If we flip a byte, git fsck rejects the entire pack.

If I were to run 'git clone https://gitdelivr.net/$repoUrl` then I would also be getting the Git repository metadata through GitDelivr. You could return any valid git repo, eg. just add one commit on top of the real main with a malicious buildscript. I dont see how this security model works at all?
handstitched
·5 か月前·議論
Look at the wikipedia page for any given country, and I guarantee you that it cites the CIA World Factbook at least once (and probably several times [1] ). Saying "we don't need the world factbook because we have Wikipedia" is completely ridiculous.

Wikipedia is an encyclopaedia, meaning it's not a primary source of facts but rather an aggregate of information published elsewhere.

[1] - some examples: https://en.wikipedia.org/wiki/Australia - cites the factbook 4 times; https://en.wikipedia.org/wiki/Uzbekistan - cites it twice
handstitched
·6 か月前·議論
This was a great read. I've used the naive approach shown in the first example before and its always felt a bit clunky, but I wasnt aware of most of these language features. I'm definitely going to try this out next time I have to write C bindings
handstitched
·7 か月前·議論
> secular culture is literally dying

Can you elaborate on this? It doesn't match my experience at all.
handstitched
·7 か月前·議論
> To me, any software engineer who tries an LLM, shrugs and says “huh, that’s interesting” and then “gets back to work” is completely failing at their actual job, which is using technology to solve problems.

I would argue that the "actual job" is simply to solve problems. The client / customer ultimately do not care what technology you use. Hell, they don't really care if there's technology at all.

And a lot of software engineers have found that using an LLM doesn't actually help solve problems, or the problems it does solve are offset by the new problems it creates.
handstitched
·10 か月前·議論
OP is the developer & maintainer of the affected packages, so the attacker was able to use their phished credentials to upload compromised versions to NPM.