cwolf215

@mitchellh If you fork, how do you get the security updates?

Fork your dependencies, trim them to only your use case, never update unless it breaks for your users. I’ve been vocal about this for 10+ years. I’ve always said that updating is way riskier than latent bugs (which can be tracked and CVEs monitored). If you are updating a dependency, it’s on you to analyze every single commit in the full transitive set of dependencies. If you dont see anything compelling, dont update! I remember at HashiCorp once in awhile an engineer would try to update a dep or replace a DIY lib with an external one and id always ask “show me the commit we need.” Dont update for the sake of it. Feeling pretty swell about this mentality with all the supply chain attacks happening.

@levelsio @robj3d3 Nazi salute

@robj3d3 Why would you hate him at all?

Story time: Elon deserves less hate than he gets. Last month I flew Cyprus to Bangkok on Emirates with a layover in Dubai. About halfway through the first flight (5 hours) I realised I could connect to wifi for free. Logged in and saw it was because the plane was on Starlink. First time I'd seen this on a plane, I was excited. Checked the speed: 200+ Mbps download. Holy. I spent the rest of the flight working at insane speeds at 35,000 feet. Landed in Dubai, switched to my connection (another Emirates, 6 hours to Bangkok). First thing I did was check the wifi because I wanted to keep working. It was there, but charging $20 through OnAir (SITA). Not Starlink nice, but fine. So I connected and again checked the speed: 8 Mbps. Over 30x slower than Starlink. Still, the package said multi-device, so I figured I'd just use my phone hotspotted to my laptop. Then I accidentally signed in with my boarding pass instead of my email. Looked for a log out. There was none. I tried clearing cache and cookies. Flushed DNS on the MacBook. Nothing worked. I was stuck on the wrong account on my laptop with no way to switch. Spent the next hour debugging while messaging Grok and Claude on my phone, waiting minutes between replies because the connection was that bad. Eventually flagged down a flight attendant. She went to the lead, came back and said they couldn't escalate to OnAir mid-flight and the only path was emailing for a refund after landing. Fine. Not life or death, but the service didn't work as advertised on the device I actually wanted to work on. Half refund felt fair. 6-8 emails back and forth with OnAir and they refused. Their reasoning: because I'd consumed data on my phone (which I only did to debug the laptop issue) my usage was above the threshold, so no refund. The debugging itself was the disqualifier. The money wasn't the point. I wanted them to know the service was broken, and I wanted to be treated fairly when it was. Neither happened. So to recap: wifi 30x slower than Starlink, charges $20 for it, then when it breaks they refuse the refund because you tried to fix it. Closing line of their final email: "The internet service on board an aircraft flying at 900 km/hour relies on complex solutions, and the same experience as at the airport can therefore not always be provided." You can decide, reading this today, whether you want to be @elonmusk or make excuses. Rant over.

@pieter5583 @nix_eth Then don't offer it to clients and definitely don't claim your application is secure.

@nix_eth If you've built something that you [think] is production ready, feels safe but you're not an expert, both Claude and Codex can't find issues for either your or user security and privacy, etc... How do you decide who needs to review it before offering it to clients?

This is what happens when you vibe-code a product that handles sensitive user data: I saw this extension announcement going viral and thought it looked cool, so I checked it out. My first concern was whether my emails would be sent to someone I don't know. I was relieved to see you could bring your own Anthropic API key. The website states your API key and email text go straight to Anthropic and "never touch our servers." Then, when you try it, you hit a paywall where you can input your key. Same claim: your key is stored locally and calls go directly to Anthropic. I got curious and decided to check the Chrome extension source code. Damn. Not only does it send your email text to their servers, it also sends your API key! So both claims, that it calls Anthropic directly and that your API key is stored only locally, are completely false. I'm giving the creator the benefit of the doubt and assuming this was negligence, not malice. He used his real name on Stripe and in the Chrome Web Store. But the lesson is bigger than one project: building with AI is fun, but if you're handling people's data, making security claims, and charging money, you need real review before shipping.

@manwiththeclan @markmelonlee @CatWomaniya That’s because you’re stupid

@markmelonlee @CatWomaniya Doesn't appear to me

On mere suspicion of his wife having an affiair, he slit throats of his twin daughters. But left his son alive. How misogyny kills women.

@obioneyouknowme All of those steps can be automated so no, you don’t need a human.

When u ask for drivers removing & trains automating Let's discuss , The headlights u see flashing r to warm other trains That driver will have requested the 3rd rail to be isolated ( switched off ) & would have stopped all other trains with a REC call. U need humans on trains

@BerndFelsche @BigWum @blaiklockBP Doesn’t matter for UUID4?

@BigWum @blaiklockBP One of the golden rules of data management is that internal ID's must *never* be visible to users or used outside of the system. NEVER. EVER! Just don't do it.

Booking . com booked over 1 billion nights in 2024 but manages to have a simple 8-digit number for each booking. What idiot of a lazy civil servant designed the booking numbers for the NHS? How is someone old or on the phone or with an accent ever supposed to tell anyone else this mess of a number?

@ErikaMorris79 This should not be a line graph, it makes no sense.

Looking a little more granular in the win rate by opponent, we see our win rate is higher against the seemingly 'weaker teams, then levels against the mid teams and takes a nose dive against India and Aus #Ashes25

So in this snippet McCullum talks about how much England have achieved under him.. So why not take a short (what I could analyse in my lunch hour) look at Englands record under him #Ashes2025

@MappilaMan @legionsdev @rauchg @nextjs Nothing wrong with jQuery and Bootstrap

The US President builds with @nextjs — what are you waiting for? 🇺🇸 🦅

@signulll Yeah so well buttoned like when Pete Hegseth leaks military plans

absolutely ridiculous. the timing of this is so precise it borders on pure absurdity. like someone storyboarded the entire moment for maximum psychological impact. it’s kind of a huge sign of how well buttoned the second trump administration is relative to the first one.

@minarchis1 @jzux This is not an issue for men who are not incels

@jzux Modern dating is already an epidemic of the male having the entire relationship broadcast to the woman's friends so you could probably skip the guy hanging out with the women and just to say the girl has to prove she is be able to hang with the boys.

the real test would be reverse bachelor and bachelorette parties - bride has to hang out with groom's friends for a weekend, groom has to hang out with bride's friends for a weekend. if the vibes are bad the wedding's off

@bbctms Looks like the Bazball delusion extends to the women’s team too

Despite England's T20 and one-day international series defeats by India, head coach Charlotte Edwards is confident her team can beat anybody at the upcoming World Cup. #BBCCricket

@mid_day Old man yells at cloud

India’s batting legend Sunil Gavaskar has questioned the naming order of the recently introduced Anderson-Tendulkar Trophy, which India and England are contesting in the ongoing Test series. Gavaskar believes it should be called the Tendulkar-Anderson Trophy, not the other way around, as Tendulkar is the senior of the two and holds the record for the most runs in world cricket. He dismissed the argument that the order follows the alphabet (A before T) as “a lame one” and instead highlighted Tendulkar’s towering achievements in the game. #TeamIndia #sunilgavaskar #sachintendulkar #england #IndiavsEnglandTestseries #IndiavsEngland #sportsnews #cricketnews mid-day.com/sports/cricket…

@alchemyzach @TheEconomist Why can it not be both?

@grinich What’s your net profit?

@jxnlco Oof, it certainly wasn’t Cursor that fucked up here

holy shit

@Austen If he’s more intelligent than you then what makes you think he’s oblivious? Maybe you’re the one who’s wrong?

To be clear this is not a knock on Torvalds. I'm clearly not trying to say he's not smart. He's both higher IQ and a better programmer than me with certainty.

What is it about really really smart people that make them completely oblivious to how incredible AI is?

@jlippincott A degree from IIT is more impressive than anything you’ve ever done or will ever do in your life btw

When Zoomers say they don't like Indians, what they mean is that they don't want to import Ranjesh and his "Master's" in Computer Science from IIT to take white collar jobs at low wages They aren't insulting Certified Subcontinental Cutie and American Patriot Usha Vance.

Liberal, privileged, pretentious, virtue-signalling dumbasses like this is why the far right are on the rise in the West.

@WazzCrypto @molly0xFFF Try thinking for yourself once in your life. NPC ass…

@molly0xFFF come on Molly now you're just being disingenuous, shitcoins aside,the blockchain data structure itself has a lot of useful applications for governments and organizations

What could contribute more to government efficiency than securing lucrative contracts for your crypto donors to implement inefficient technology that is uniquely suited to solving problems you don’t have? bloomberg.com/news/articles/…

@bersoriano @KevinNaughtonJr This is wrong

@KevinNaughtonJr Backend it’s more similiar to a recipe where as frontend is more similar to a paint. A recipe is more straightforward to implement, a paint has more variables and it’s more complex since there is no exact definition of right vs wrong.

frontend engineers make things look nice backend engineers make things work there's a reason one is more important than the other