KE programmer

“In God we trust, all others bring data” - William Edwards Deming

@CharFadirepo Regulation should follow innovation, not precede it. Lots of useful ideas will be surpressed by excessive regulation.

As a former U.S. federal regulator, I am sooo encouraged by the new #Bitcoin /VASP frameworks emerging in Kenya, Nigeria, and Ghana. These regulations are rigorous, demanding, and yes costly. Many companies will not survive under them. That is a feature and not a bug. Strong compliance standards are not meant to be easy. They are designed to raise the bar, protect consumers, purge bad actors, and modernize the market. When only serious, well‑governed participants remain, the entire ecosystem becomes stronger. ✅Strict rules build trust. ✅Trust creates stability. ✅Stability attracts investment. ✅Investment fuels sustainable economic growth. This is how #Africa can win. #bitcoin #vasp #digitalassets #regulations

@GergelyOrosz Sandboxing with something like bubblewrap can help

Supply chain attacks are becoming more frequent, and far more serious. What are sensible practices to protect against these when using Node or Python packages? I assume pinning versions is the bare minimum; for those with security teams / tools: why else do you do / can you do?

@iximiuz @GergelyOrosz I learnt about the program called bubblewrap in Linux that can be used to sandbox package managers. It can help to an extent

Pinning versions doesn't help much with protecting from the supply chain attacks because there is little control over the versions of transitive dependencies - many of your direct dependencies will have a loose pinning strategy. Plus, the recent Trivy incident showed that historical versions can be compromised, too. A proactive protection is needed. For the ongoing upgrade of existing dependencies, a sandboxed environment (with Claude Code or the like inside) can be used that constantly runs "npm update" and vets the pulled dependencies. Once vetting is done, a version lock file (package-lock.json) is created, and the rest of the team and all pipelines rely only on it until the next upgrade cycle. For the development process, a simple "npm install" today can fully compromise your system, so one 1) shouldn't develop on the main system 2) use a dev env per project (or a related group of projects) 3) never have production credentials shared with such a dev env.

@Physixdude13 @ShitpostGate 🔥🔥

@ShitpostGate Not to mention the level up when they Stevie Wonder joined in: youtube.com/watch?v=A4vaEi…

@damoosmann @MacroPupster @ZssBecker @LearnClashAI For games or entertainment, agent coding is probably gift, since there's a higher tolerance for bugs as long as it remains fun and entertaining

@MacroPupster @ZssBecker @LearnClashAI

I vibe code every day. I have a team of 30+ engineers. We spend F tons of credits. And I will tell you this about AI from my experience. It’s being wildly over hyped. Everyone is drunk. Fucking drunk. All the CEOs and Gen Z’s saying coding is dead are idiots. IDIOTS.

It seems like everyone is obsessed with productivity and efficiency yet rarely get anything meaningful done. I'm convinced your best work is done when you're not working. When you have space for creative ideas to emerge that drastically change the trajectory of your life/work.

@__mharrison__ Or just don't use any package managers and vendor all your dependencies.

For my friends who are still using UV and might be a little weary about recent compromises to PyPi packages, stick this in your pyproject.toml. You can let all of those pip users find and report the compromises...

Google Docs… without Google. dDocs: • End-to-end encrypted • No account required • No tracking • No data collection And it still gives you: • Real-time collaboration • Offline editing • Markdown + LaTeX support • Cross-device access But here’s the difference: • Data stays local (IndexedDB) • Optional sync via IPFS • No centralized servers Even AI: • Runs locally on your device • No data sent to cloud • No training on your docs This isn’t just a docs app. It’s self-sovereign documents.

CachyOS Censors "Radicals" Opposed to Age Verification In response to concerns about Age Verification features in SystemD, the CachyOS team says, "If you don’t want to use SystemD find another distribution," tells users to "STOP being radical".

I've been thinking about this, what could be happening in FOSS is a decoupling of two groups that once had shared goals. Roughly, the activist faction could be decoupling from the cyberpunk faction. The cyberpunks are maximalists on privacy, anti-censorship, free thought/speech and value independence, while the activists moved from being anti-corporate to prioritizing collective orthodoxy.

@mluggy Now do 2020 to 2010.

😅

110-year-old Turkish grandma shares her secret to a long life: "i never once used Microsoft Teams"

15 years ago I wouldn't have imagined a scenario where the EU would be spiraling into a police super-state

Big news: AkashML is officially listed as a provider on @OpenRouter. We're already outpacing Cloudflare in daily token usage, processing 1.7B tokens/day and climbing. → The future of AI infra is open: openrouter.ai/provider/akash…

Given the PyPI supply chain attack, I recommend keeping a canary in the coalmine: I have a bitcoin private key containing $100 of BTC in my .bashrc. It's clearly labelled. If my system is ever compromised by some bad package, the BTC will get stolen, and I'll see the move on-chain. And that'll tell me that I need to rotate every single other secret. There are even services that will send you an alert (text, email, whatsapp...) if a given bitcoin address moves funds. It's good to have a burglar alarm, especially when time is of the essence.

How naively was this thought out? It's not everyone who uses X for political discussions. Many topics like science and technology are global. You could geo-fence politics if it helps achieve your goals.

Suddenly we’re the old generation.

functional programmers will spew shit like this and wonder why nobody takes them seriously

@thdxr Anthropic seem to be too high on their own supply

opencode 1.3.0 will no longer autoload the claude max plugin we did our best to convince anthropic to support developer choice but they sent lawyers it's your right to access services however you wish but it is also their right to block whoever they want we can't maintain an official plugin so it's been removed from github and marked deprecated on npm appreciate our partners at openai, github and gitlab who are going the other direction and supporting developer freedom