HackerTrans
TopNewTrendsCommentsPastAskShowJobs

mjw1007

no profile record

comments

mjw1007
·há 2 meses·discuss
GitHub also centralises abuse detection. I'm not thinking about sophisticated attacks here so much as dealing with plain old spam. That's fairly easy to deal with on a tiny scale, and possible on a huge scale, but it's a great pain at a medium scale.
mjw1007
·há 4 meses·discuss
It's common that if you extract a function or a module with a well defined interface, that function or module can't tell whether a "bad" input indicates an expected or an unexpected error.

For example division by zero often indicates an "unexpected" error, but it wouldn't if you were implementing a spreadsheet.

So to me the approach of using different forms of error reporting for the two kinds of error doesn't seem promising: if you imagine you had to implement division yourself, which kind of error should it report? Should you have two variants of every fallible function so the caller can choose?
mjw1007
·há 5 meses·discuss
Not any more, according to this article you're commenting on, no.
mjw1007
·há 7 meses·discuss
> If a package hosted by Fedora or Debian or PyPI or crates.io, etc claims to correspond to an upstream git commit or release, then the hosting system should build the package, from the commit or release in question plus whatever package-specific config and patches are needed, and publish that.

For Debian, that's what tag2upload is doing.
mjw1007
·há 7 meses·discuss
They weren't in any way attempting to rely on security by obscurity.

They didn't assume nobody would guess the URL.

They did take active steps to ensure the data was only available at the correct time.

But they didn't check that their access control was working, and it wasn't.
mjw1007
·há 8 meses·discuss
Is this a real judge, or is an "Immigration Judge" one of those not-actually-a-judge decisionmakers employed by the executive?
mjw1007
·há 8 meses·discuss
I think what you've written is pretty much what the "almost all programs have paths that crash" was intended to convey.

I think "perhaps the density of crashes will be tolerable" means something like "we can reasonably hope that the crashes from Fil-C's memory checks will only be of the same sort, that aren't reached when the program is used as it should be".
mjw1007
·há 9 meses·discuss
It makes tab completion work.
mjw1007
·há 10 meses·discuss
One of the things that this group of "stewards" could do to get their costs down is get together and implement a high quality free software caching proxy that understands all their back-ends.

But that would compete with the commercial offerings of at least one of the organisations sponsoring that message. So I expect they won't do that.
mjw1007
·ano passado·discuss
My mistake.

The support for writing CGI programs in Python is in wsgiref.handlers.CGIHandler .
mjw1007
·ano passado·discuss
The Python maintainers are removing the module _named_ cgi, but they're not removing the support for implementing CGI scripts, which is CGIHTTPRequestHandler in the http.server module.

All that was in the cgi module was a few functions for parsing HTML form data.
mjw1007
·há 5 anos·discuss
I think Wayland has come too close to the following pattern, which I've seen in other cases of free software which have become controversial:

- decide it's time to make a New Thing which will supersede the Old Thing rather than living beside it

- decide that some features of Old Thing will not be directly supported by New Thing; instead New Thing will be flexible enough that people could implement those features on top of it

- declare that the work done to support those features will have to be done by the people who want to use them

- declare that the time has come for New Thing to supersede Old Thing, before said work has been done

[Edit: this wasn't intended to be a list of things that are individually bad ideas. It's only the last, in combination with the others, that I think is ill-advised.]
mjw1007
·há 9 anos·discuss
4.13 (released this September) added the dm-zoned device-mapper target, which presents an SMR drive as if it was a normal block device.

I suppose what it does is similar to what drive-managed SMR drives do internally.