HackerTrans
TopNewTrendsCommentsPastAskShowJobs

RVuRnvbM2e

no profile record

comments

RVuRnvbM2e
·17 วันที่ผ่านมา·discuss
It's the worst delegated authorisation system except for all the others that have been tried from time to time.
RVuRnvbM2e
·23 วันที่ผ่านมา·discuss
Where's the regulation of addictive dark patterns that hook kids and adults alike? Most jurisdictions regulate gambling to reduce societal harm. Social media is little different; it just has an advertising middle man.
RVuRnvbM2e
·24 วันที่ผ่านมา·discuss
Agree. I've watched agents go around in circles or use ridiculous workarounds after being confused by rtk output.
RVuRnvbM2e
·24 วันที่ผ่านมา·discuss
I don't quite understand the advantage of this over regular oauth. I think I need an example comparison of the authz flows.
RVuRnvbM2e
·เดือนที่แล้ว·discuss
Yeah the article is wrong
RVuRnvbM2e
·เดือนที่แล้ว·discuss
The thing conventional commits are really helpful for is continuous delivery. Every merge to main can be automatically tagged with semver and shipped because the thought that goes into tagging and versioning has already been done by the developers when they wrote the commit message.

I fully recognise that it doesn't make sense for huge projects like the Linux kernel to do this. But for 99% of projects conventional commits combined with semver vastly improves the release process status quo and makes it easy to automate.
RVuRnvbM2e
·2 เดือนที่ผ่านมา·discuss
It is terribly sad when someone undeniably brilliant in a particular field fails to recognize their own incompetence in other areas - in this case mistaking advanced technology for magic.
RVuRnvbM2e
·4 เดือนที่ผ่านมา·discuss
Vigilant mode exists, and would have flagged the malicious commit as unverified in this case. Maybe it should be the default.

https://docs.github.com/en/authentication/managing-commit-si...
RVuRnvbM2e
·4 เดือนที่ผ่านมา·discuss
Someone has maintainer/admin access to the repository and has force-pushed to master overwriting the git history.

Notice that the original commit is verified: https://github.com/pedronauck/reworm/commit/df8c1803c519f599...

While the malicious one is not: https://github.com/pedronauck/reworm/commit/d50cd8c8966893c6...
RVuRnvbM2e
·5 เดือนที่ผ่านมา·discuss
This is just Waterfall for LLMs. What happens when you explore the problem space and need to change up the plan?
RVuRnvbM2e
·5 เดือนที่ผ่านมา·discuss
Another victim of the LLM-induced malaise many are calling "Deep Blue".
RVuRnvbM2e
·7 เดือนที่ผ่านมา·discuss
> There's also no way to shrink the memory underlying a slice.

Sorry, that is incorrect: https://pkg.go.dev/slices#Clip

> It's a common newbie mistake to think they do work like that, and write "append(s, ...)" instead of "s = append(s, ...)". It might even randomly work a lot of the time.

"append(s, ...)" without the assignment doesn't even compile. So your entire post seems like a strawman?

https://go.dev/play/p/icdOMl8A9ja

> So (generalizing) Go won't implement a feature that makes mistakes harder, if it makes the language more complicated

No, I think it is more that the compromise of complicating the language that is always made when adding features is carefully weighed in Go. Less so in other languages.
RVuRnvbM2e
·7 เดือนที่ผ่านมา·discuss
The reason for US economic domination starting in the 50s is the fact that society and infrastructure in the rest of the developed world had been utterly devastated by the second World War. The rate of college education is utterly irrelevant.
RVuRnvbM2e
·8 เดือนที่ผ่านมา·discuss
This is analogous to calling unix account separation "fragmentation". Why can't I just run all my services as root? It has worked for years!?

The answer is that it is a fragile, unmaintainable security nightmare.

Wayland has separation of concerns to fix that problem, with the tradeoffs described in the blog post.
RVuRnvbM2e
·8 เดือนที่ผ่านมา·discuss
I'm quite confused why this article tests foot v1.16.2, which is two years old at this point. The latest version is 1.25.0.

By contrast, the tested version of ghostty v1.2.3 is two weeks old.
RVuRnvbM2e
·10 เดือนที่ผ่านมา·discuss
Fucking this.

I have seen so many takes lamenting how this kind of supply chain attack is such a difficult problem to fix.

No it really isn't. It's an ecosystem and cultural problem that npm encourages huge dependency trees that make it impractical to review dependency updates so developers just don't.
RVuRnvbM2e
·11 เดือนที่ผ่านมา·discuss
I don't understand the point of this article. Container images are literally immutable packaged filesystems so old versions of affected packages are in old Docker images for every CVE ever patched in Debian.

How is this news?
RVuRnvbM2e
·11 เดือนที่ผ่านมา·discuss
This is hyperbolic.

Unpatched long-lived VMs are much more cumbersome to fix than an outdated Docker image. And good luck reproducing your long-lived VM with years of mutation-via-patch.
RVuRnvbM2e
·11 เดือนที่ผ่านมา·discuss
Why would you want to do this?