> Both versions were published using the compromised npm credentials of a lead axios maintainer, bypassing the project's normal GitHub Actions CI/CD pipeline.
Doesn’t npm mandate 2FA as of some time last year? How was that bypassed?
Reading this I hear The Roots playing The Seed 2.0[1] in my mind.
It’s a wild thought to think that of all the things that will remain on this earth after you’re gone, it’ll be your GPL contributions reconstituting themselves as an LLM’s hallucinations.
If we're being clear, it's going to be a lot more than that.
Our comments here on HN are almost certainly going to live in fame/infamy forever. The twitter firehose is a pathway to 140-character immortality essentially.
You can already summon an agent to ingest essentially an entire commenter's history, correlate it across different sites based on writing style or similar nicknames, and then chat with you as that persona, even more so with a finetune or lora. I can do that with my gmail and text message history and it becomes eerily similar to me.
History is going to be much more direct and personal in the future. We can also do this with historical figures with voluminous personal correspondence, that's possible now.
It's very interesting because I think the era before mass LLM usage but also after digitalization is going to be the most intensely studied. We've lived through a thing that is going to be on the cusp of history, for better or worse.
My fav metric for codebase improvement (not feature improvement) is negative LOC. Nothing beats a patch that only deletes things without breaking anything or simply removing tests. Just dead code deletion.
> Depending on where you live it may not really be relatable to you, but living in NYC -- there are people that will intentionally jay walk on a green light and even _stare you down_ knowing that you will stop and let them pass.
This is the speed walking equivalent of picking up pennies in front of a steam roller. Saves a min here and then until you pay for it big time.
Somebody tell Apple to fix the login screen for MacOS as well. If your password is longer than the incredibly narrow box, you do not get any additional feedback that your characters are being entered.
Combine that with a flaky keyboard (say from a single grain of dust where it shouldn’t be) and you get a very annoying login experience. Over and over…
If you have Capslock set to change your keyboard language, and your computer locks with Capslock enabled, you literally can't type lowercase letters of your password. Capslock doesn't work, shift doesn't make it go lowercase - you literally just have to reboot to get back in.
That must be something you have changed, because if I have capslock enabled, it shows the capslock icon in the input field and the key is pressable to disable it for me.
If yes, perhaps there are relatively easy ways to address this.
I.e. configure the custom binding to also work on lock screen. Karabiner supports this I think.
Alternatively, rebind caps lock with a custom binding and not os settings (i.e. don’t rebind keys in both a custom tool and the OS). Then, if custom bindings don’t work on lock screen, you get the default, working keyboard on lock screen.
I use Open Core Legacy Patcher (OCLP) to run modern macOS on old Intel macs. The first time the computer boots after an upgrade (e.g. Sequoia 15.7.3 to 15.7.4), it is slow as a dog. Because the macOS upgrade clobbers all the OCLP driver patches.
By "slow", I mean each keystroke on the login screen takes about 20-30 seconds for the corresponding bullet to appear in the password box.
The login screen displays 13 bullets. My password is 18 characters long. (Scammers, don't get excited, it's a unique password that's not used anywhere else on the Internet...) So after 13 characters, I had no idea if the computer was actually working.
It seemed like there is a 6-8 character keyboard buffer limit. Or maybe I typed in my 18-character password wrong multiple times. I don't know. I would type 2 characters, then walk away, come back, then type 2-3 more characters. It took me about 4-5 attempts over 30 minutes to log in. Then I applied the OCLP patches and everything worked perfectly after that.
That's exactly the situation I wanted to avoid with our aging macbook. I knew it would be a hacky mess trying to keep beating that dead horse to get it to run the latest OS. We couldn't update some software that required us to be on the latest version of MacOS (Signal desktop), so the laptop became prematurely obsolete. We bought a Windows PC instead.
I'd be even happier if everyone adopted the old school Lotus 1-2-3 password behavior.
I was much too young to use it myself, but I saw other people log in and it was amazing.
The glyphs denoting hidden password characters changed on every keystroke to indicate you were typing. And IIRC, they were cool characters like Egyptian hieroglyphs too. (Presumably this wasn't some hash of your actual password - that would actually be dumb. I do think it indicated password length, which could give away info, but it's also useful for the user.)
You're thinking of Lotus Notes, a completely different product.
IIRC, originally it echoed one glyph per character typed, but later it definitely echoed 1 to 3 glyphs at random so it wouldn't leak your password length.
The password thing was pretty cool, but it's literally the only good thing about Lotus Notes, which was the most archaic and primitive piece of commercial GUI software I've ever used in 45 years of software experience. I last used it in 2003, and even then its UI was so archaic, it didn't adhere to behaviors (like keybindings, and other basic UI elements) that had been standard since the 80s.
> To keep putting the chopsticks into the same side dishes. It is proper etiquette to first eat rice, move on to eat from a side dish, eat rice again, and then eat from a different side dish.
So keto itself is a faux pas?
> 返し箸 Kaeshibashi (also known as 逆さ箸 sakasabashi)
> To turn the chopsticks around when serving food so that the tips of the chopsticks that have touched one’s mouth do not touch the food.
>> To turn the chopsticks around when serving food so that the tips of the chopsticks that have touched one’s mouth do not touch the food.
> Ewww. I’d rather be rude than share germs.
I think this means you should use something other than your chopsticks to share food, and not just assume that "the back of my chopsticks are germ-free, I'll use that"
Keto diet doesn’t exist in Japanese cuisine. If you’re going to a keto friendly place, it’s something trendy and contemporary so this traditional advice obviously doesn’t apply. It is not a faux-pas to eat non traditional / non Japanese cuisine.
You will quickly learn the first one because if you keep eating the delicious side dishes you will be only left with large amounts of bland rice to eat last.
I've always thought I'd like to visit Japan someday, but have always been worried about the cultural significance and omnipresence of white rice. Like, I can see how not eating rice would seem boorish (like you only want to eat the more expensive proteins, don't understand the purpose of a palate cleanser, etc), but living with type 1 diabetes I have not eaten white rice in literal years. Every single time I do, I regret it -- it's a complete nightmare to control your blood sugar after, sometimes for the entire rest of the day. I've even wondered if I could find a way to avoid being impolite by deliberately under eating the whole time if I were to visit, to make it clear I'm not just taking the good stuff and leaving the rice out of greed.
Or worse yet, the performance load of anti-malware software that has to look inside ZIP files.
Look, most of us realized around 2004 or so that if you had a choice between Norton and the virus you would pick the virus. In the Windows world we standardized around Defender because there is some bound on how much Defender degrades the performance of your machine which was not the case with competitive antivirus software.
I've done a few projects which involved getting container file formats like ZIP and PDF (e.g. you know it's a graph of resources in which some of those resources are containers that contain more resources, right?) and now that I think of it you ought to be able to virus scan ZIP files quickly and intelligently but the whole problem with the antivirus industry is that nobody ever considers the cost.
Doesn’t npm mandate 2FA as of some time last year? How was that bypassed?
reply