I saw this one in the theatre, but I distinctly remember being too shocked to even think of walking out and I suffered through the entire film. Thankfully I can’t remember most of it, aside from that car hair glide scene.

Dual stack setups are not an issue unless your router doesn’t support it or your ISP sucks.

I didn’t know that Canada was basically Mordor…

The opinions of a christian youth pastor who loves claude code.

I’m pretty sure it’s both.

Type of shit that jerma985 would write down on a whiteboard while high.

Call me a coward but I can’t blame someone for not having the strength to keep that up. Especially if it causes friction with your coworkers who you have to interact with every day.

I’m convinced that the way we use AI and the way it is marketed by corporations will force us to recognize the fundamental divide between people who genuinely care for human progress and building a better tomorrow and those who either don’t care at all or have a very warped and egocentric view of progress. I’m glad that what is described in this blog post hasn’t reached my day job yet, but I’d be lying if I said I’m not worried that it’s only a matter of time. It’s difficult to not feel extremely disillusioned by the current state of the world.

There are some good points in it, though I wouldn’t really consider go dependencies all that decentralized in practice and I don’t understand how checksum db will protect against supply chain attacks with stolen credentials, but I admit I haven’t looked into the details.

But why hasn’t JavaScript established a defacto stdlib to replace ask the left pads and is even type packages?

I’m guessing things were working out pretty alright, even with the insane amount of dependencies per project. The awareness and the increasing frequency of supply chain attacks is relatively recent for npm. But who knows, maybe the tech giants in control of the web standards are happy to keep using their own vendored registries.

Adaptations can be niche, weird and interesting too, but original anime just tend to utilize the medium more fully and even push the boundaries occasionally. It really is a shame that almost no studios are willing to take the perceived risk of original concepts without an established following.

This completely depends on your age and what kind of peers you were surrounded by. You’re nuts if you think no one was ever bullied for liking stuff because it was mainstream at the time and place you grew up in. Kids can be vicious little creatures and would bully you for liking the wrong Pokémon when I was in school.

There’s probably something very wrong with you if you actually think that bullying is acceptable under any circumstances. Even if some kid is behaving weirdly or likes something deeply unpopular - so what? That’s not harmful behaviour and even if it somehow was, bullying is still the wrong way to deal with that. I barely trust most adults to have a working moral compass, let alone kids. I know there’s been a resurgence in this kind of thinking on social media where people push the idea that bullying is an acceptable form of social “correctional” behaviour, which isn’t just incredibly stupid but also deeply disgusting. If you look at any of the most serious bullying cases of teenagers being driven to suicide by their schoolmates, none of it was ever justified or even had an apparent reason other than: this person makes for an easy target.

Npm probably has the biggest attack surface and many of the libraries hosted there are in extremely widespread use. They’ve taken some steps to mitigate these supply chain attacks, but as we’ve seen with more recent examples, it’s unrealistic to think they can be prevented completely. Most of these attacks use stolen developer credentials, which invalidates almost all potential security measures on the registry side and the best you can hope for is catching a malicious package quickly. To be clear: I think the JS ecosystem is uniquely positioned to be the prime target of supply chain attacks and while that doesn’t excuse the slow implementation of security measures from the npm team, the people arguing that other package managers and registries aren’t vulnerable to this have to be huffing fumes.

Npm has gotten a few config options that prevent this behaviour. We can only hope that they will become the default eventually.

It does. Enforcing a minimum package age can be useful for some applications, but the average user isn’t one of them.

The good news is that there already is a gold standard for supply chain security: the Go programming language.

Lmfao

Network access can make sense if you want to be notified when your wash is done. Some cycles don’t have a preset running time. You can do some neat stuff with home automation. None of that should require internet access or use a cloud service controlled by the manufacturer.

I was actually wondering if this was supposed to be about a specific problem someone has with rust (not like I haven’t gotten stuck on some weird corner with rust before), but looking at the meme, that seemed unlikely to me. Thanks for the context.

I get that it’s supposed to be a meme, but aside from the first one these aren’t even rust stereotypes. Is this a meme specifically for people who haven’t used rust, know nothing about rust but have maybe heard that it’s a programming language?

I see. It uses AI generated code, I just checked.