Yes and no. The truth of the matter is supply-chain attacks in any repository are almost impossible to fully mitigate. The attack you linked sounds like a big and successful attack, but there are more minor attack attempts all the time. It’s the blessing and curse of every package manager that anyone can upload almost anything.

The upshot is that the most active repos have the most eyes. Not to say an attack won’t fly under the radar, but if the React or Angular packages (or their dependencies) start acting weird, it’s more likely that someone will notice, as there are people dedicated to auditing such things.

Furthermore, a lot of the smaller packages do “one thing” (see the infamous is-even package), so they are small and easy to self-audit if you are paranoid enough.

It’s not perfect, and there will always be more headlines about the next big attack, but it’s still a boon overall IMO.

I am almost done with Legend of Zelda: Echoes of Wisdom. It’s weird, but I’m enjoying it.

I’m a big fan of tig for visualizing the graph and looking over history (then I don’t need to leave the terminal, and it’s snappier, in my experience, than most full-GUI programs like Sourcetree), but for actual Git commands, I like the CLI

I’m glad it is now. I remember a decade or so ago, I wrote an APNG decoder, so I was deep in the world of APNG.

And I remember reading various things that made me think MNG was the ‘more official’ flavour of “animated PNG”, and it was absurd to me, because APNG seemed like a much more approachable spec. I’m glad the winds have turned…

If you aren’t married to Hugo as your solution, I will recommend giving Eleventy.js a look.

It’s a static-site generator, but a good amount of flexibility is afforded by virtue of using pure JS to generate view data (which means that you can do any conversions needed, manually or with NPM packages if needed for more proprietary data formats), and it supports a bunch of templating engines too.

I get it…I’ve never been the maintainer of a codebase that’s deployed on trillions of devices, and backwards compatibility is something to be taken seriously and responsibly when you’re that prolific. I do not begrudge SQLite or any large projects when they make decisions in service to that.

However

It always makes me feel oddly icky when known bugs (particularly of the footgun variety) become the new standard that the project intentionally upholds.

My last week has been filled with Marvels Midnight Suns. XCom meets deck builder meets dating simulator-lite. I’m having a blast, considering none of those genres are my forte

That’s a fair point. I’ve always assumed it was a form of rate-limiting, but you’re right, that’ll be part of their analytics at least

I don’t hate YAML, but it has the same issues languages like PHP and JS introduce…there are unexpected corner cases that only exist because the designer wanted the language to be “friendly”

https://www.bram.us/2022/01/11/yaml-the-norway-problem/

Yes, testing infrastructure is being put in place and some low-hanging fruit bugs have already been squashed. This bodes well, but it’s still early days, and I imagine not a lot of GIL-less production deployments are out there yet - where the real showstoppers will potentially live.

I’m tenatively optimistic, but threading bugs are sometimes hard to catch

I’m curious to see how this whole thing shakes out. Like, will removing the GIL be an uphill battle that everyone regrets even suggesting?Will it be so easy, we wonder why we didn’t do it years ago? Or, most likely, somewhere in the middle?

SO FAR AWAY

I kinda feel your pain. A project that I helped launch is written in Typescript technically, but the actual on-the-ground developers were averse to using type safety, so any is used everywhere. So, it becomes worst of both worlds, and the code is a mess (I don’t have authority in the project anymore, and wouldn’t touch it even if I could).

I’m also annoyed at some level because some of the devs are pretty junior, and I fear they are going to go forward thinking Typescript or type safety in general is bad, which hurts my type-safety-loving-soul