kenan y

Hard to imagine now, but there was a time when the tech world didn’t routinely encourage and celebrate IP theft. Genuinely depressing to see open hostility to creators becoming so prevalent in tech.

@doublet00th obligatory noyaml.com

I understand people's need to yamlize everything, but just make it a python script instead!

Not long ago, I used to have a more optimistic impression of Rust users. I would not have guessed that so many otherwise-judicious people would go for blatantly AI-"maintained" Rust libraries. The `serde_yml` crate is a fork of a high-quality but unmaintained library. In the fork, the AI has taken initiative to add a big heap of stuff that is variously complete nonsense (docs.rs/serde_yml/0.0.…, #14-49" target="_blank" rel="nofollow noopener">docs.rs/serde_yml/0.0.…) or unsound (#structfield.emitter" target="_blank" rel="nofollow noopener">docs.rs/serde_yml/0.0.…). On top of this, the crate's documentation has been broken in docs·rs for the last 5 months because AI hallucinated a nonexistent rustdoc flag into the crate's configuration. And yet 134 other published packages have chosen to adopt this? Including high-profile competently maintained projects like Jiff (for tests only), axodotdev, Wasmer, MiniJinja, and Holochain. This does not bode well. The bar for someone to do better at a YAML library is so low.

"The customer has nuclear weapons" #c4" target="_blank" rel="nofollow noopener">gcc.gnu.org/bugzilla/show_…

The xz fiasco has shown how a dependence on unpaid volunteers can cause major problems. Trillion dollar corporations expect free and urgent support from volunteers. @Microsoft @MicrosoftTeams posted on a bug tracker full of volunteers that their issue is "high priority"

@MysticalTheMonk Looks like wago.io/uTIAGooaj

What addon shows this?

@wesleytodd @code Went to File > Preferences > Settings and searched for "debug npm script".

@kyild @code Awesome!! How did you find this? I would love to see what other “IDE” features I can disable. This editor was great but is getting slower and slower for me...

@code How do I disable this script debug thing? I have accidentally clicked it a few times, and really just want the whole feature turned off. Can I do that?

ISO 8601 nerds: a crack has developed in the old way. The new year has wounded both the m/d/yy and the d/m/yy factions. The time is ripe for a new global order. TONIGHT (2020-01-01) WE RIDE

Oh no, not again. The claim that it’s unsolved is just wrong. A curve you can draw by hand is surely at least piecewise smooth, and Toeplitz’s conjecture was proved to hold for piecewise smooth curves in 1916.

Trying to learn a programming language from an API reference is like trying to learn French from a French dictionary. It is theoretically possible, but not really. Your language needs many kinds of learning materials.

Because it keeps coming up, how about a thread on Emoji in passwords. So we (and you) can link to it in the future. Should they be allowed? For all practical purposes they can't not be. So, yes. Should they be heavily warned against? Yes. But why? Well...

@A404ERROR 😁

@kyild New position open

normal people: it's my birthday infosec experts: THAT WAS HIGHLY SENSITIVE INFORMATION. DO YOU HAVE ANY IDEA HOW EXPOSED YOU ARE normal people: my dogs name is Jack infosec experts: YOU'RE GONE. DONE FOR. IT'S OVER

Wonder which products have issues with the "new zip bomb"? Well, its inventor looked into his webserver logs for referrers from bug trackers...

About the "security issue" on #VLC : VLC is not vulnerable. tl;dr: the issue is in a 3rd party library, called libebml, which was fixed more than 16 months ago. VLC since version 3.0.3 has the correct version shipped, and @MITREcorp did not even check their claim. Thread:

@feross twitter.com/seldo/status/1…

Does anyone know what percentage of npm package installs happen through Yarn?

Ruby: ruby -v Elixir: elixir -v Node: node -v Rust: rustc --version Java: java --version Go: go version Erlang: erl -eval '{ok, Version} = file:read_file(filename:join([code:root_dir(), "releases", erlang:system_info(otp_release), "OTP_VERSION"])), io:fwrite(Version), halt().'