Contact info: Don't.
- Sure, or we come up with a proper solution via lockfiles so we don't have keep forking and maintaining, and make full dependency locks the default so everyone benefits.
This is a long solved problem in every other ecosystem. This particular implementation isn't great but it has the right idea.
- If that action itself has unpinned dependencies that doesn't accomplish much.
- It's hilarious he had to build a new language just so he could create a sokoban game with graphics of flash era.
I'm sure it builds fast and whatever, but you could make this in python in few weeks.
- Bitnami is in broadcom hell, nobody should use that.
Chainguard still has better CVE response time and can better guarantee you zero active exploits found by your prod scanners.
(No affiliation with either, but we use chainguard at work, and used to use bitnami too before I ripped it all out)
- Not sure where the AI generated python is coming from?
AI generated anything is a hellscape.
- pyright is very good, but there is also https://docs.basedpyright.com/latest/ which improves on it further.
That said I'm very happy user of uv, so once Ty becomes ready enough will be happy to migrate.
- So they are finally doing this. Our github account rep mentioned this back in February, but then they kept postponing and heard nothing so I was hoping they realized how stupid this idea was and abandoned it.
My org sadly has a lot of github actions workflows, even after this it's not expensive enough to justify migrating away, but with all their downtime and bugs they are really pushing us closer and closer.
- Very offtopic but this caught my eye:
> Total repos cloned: 669
How big is this company? All the numbers I can find online suggest well below 100 people, and yet they have over 600 repos? Is that normal?
- Obviously blocking install scripts is a good thing, but this is just a false sense of security. If you install a package you will likely execute some code from it too, so the malware can just run then. And that is what the next attack will do as everyone starts using pnpm (or if npm blocks it too).
- I wouldn't say that's better. Now your .config directory contains a github token that can do more than just repo pull/push, and it is trivially exfiltrated. Though similar thing could be said for browser cookies.
- Mouser et al also do it right for mixed unit lists, eg. component dimensions are shown in their specified units but sorted as: 11mm, 12mm, 0.5in, 13mm, ...
- That's interesting but it's questionaire based so I would not trust it much. There are many levels of bias here.
- So what, just the trademark issue for "hdmi 2.1"?
Call it a imdh driver then, nobody cares as long as it works.
- Can't we just leak the spec?
Anyone can then implement opensource driver based on that and distribute it freely, since NDA won't apply to them.
- Tailscale cannot passively observe traffic.
They could inject malicious keys into your config but would be hard to mask the evidence of that.
- NSAaaS and people even pay for it.
- https://archive.is/09tyU
Without the email-wall
- Also one which doesn't add new image decoder with built-in VM that is rawdogged in C, like Safari.
Chrome and Firefox are making a very reasonable decision to wait for a memory safe decoder.
- You are entitled to your opinion, and I disagree.
Open source has a meaning. Companies and marketing people are doing their best to muddle it, but I'm dying on this hill and will never accept it.
If it's for non-technical audience they are abusing the fact some people know "open source = good" and try to benefit from that unfairly. They can use a different term.
As ARIN block owner this situation is kinda scary but reading this actually makes me think it's less likely to happen again .