I have a 2009 Citroen and the battery is secured with a bolt that is under the battery compartment and to access it you need to go under the car with a very long wrench, who engineered it is a psycho
Since Dante wrote _The Inferno_, there has been a circle in Hell added where car designers are endlessly changing the spark plugs on AMC Javelins, bleeding brakes on Ford Escorts, and similar maintenance tasks which the design made more difficult than is reasonable.
I had a 2004 Citroen, which needed the front sidelight bulb replacing, after investigating for 20 minutes, decided to ask the garage how much it would cost next time it was in.
I left my Citroen to my mom, and my stepfather has calculated that a light bulb costs 3€, having the light bulb mounted by the mechanic costs 5€ ( including the bulb ), so to save up 2€ he decided ( with good cause ) that he will never replace the bulb himself cause it's extremely infuriating.
I did manage to replace those bulbs myself, and it's ridiculous, it has some sort of spring to hold it in place that is extremely hard to open with your fingers, and even harder to close. And on top of that you can't even see it, you have to take first pictures with your phone, understand how it works and then go entirely by tactic feedback
In this case, I couldn't see how to get at the bulb without either losing lots of skin or dismantling half the front end of the car - so I was happy to pay the half hour rate they charged. I believe they went in from below the car with something to reach it and mirrors.
From how is unfolding the most probable outcome is that one of the maintainer is compromised ( Ponya ), all of the packages he contributed to have been marked
Amateur hour all around in that thread.
I can't believe that people are actually, unironically recommending that you use a mutable git tag reference in package.json when they should be using a tamper-proof git SHA instead.
Since the Github issue is turning into an unusable mess and I am currently experiencing emotions I don't have to unleash here...
There is an interesting comment by one of the older maintainers of stylus, Panya [1]. Taking this at face value, they claim to have published some malicious packages for research purposes about dependency confusion [2] (their link). This also fits with the comments of a few people claiming to be security researchers, [3] and [4], which at least say the same and point to three malicious packages published by Panya.
Based off of that, my own personal interpretation and simplest thesis is that Panya released some packages with questionable code. This triggered some security mechanism in npm and that system yanked packages they were a contributor of [5], because the account looked compromised or otherwise malicious. And then pipelines went red.
If this was an actual malicious act, or curiosity about security and security responses getting a fairly nuclear security response, I don't know. You need to apply your own security reasoning to this -- if you even want to trust this comment :)
I just wanted to collect the interesting comments in a place, because that ticket is getting impossible to navigate.
Could be! Other comments (~~can't find them now as the issue got full of useless comments~~ e.g. https://github.com/stylus/stylus/issues/2938#issuecomment-31...) also noted that the GHSA bot have nuked a lot of other npm packages since days or weeks in the same fashion, so it could also be an AI scanner going full full nuclear.
Agree it would be nice if people would stop posting "help! how can I fix this?" and "I fixed it by doing X", they were valid comments at the beginning, but now more than half of the comments are just these two
It's so hard to triage this when no justification has been provided for the advisory. Was the GHSA released in response to npm pulling the package, or vice versa?
Many suggestions for workarounds, but if the GHSA is indeed accurate (all versions affected) then that seems unwise.
Also if all the versions are affected this malware is in stylus since 2010. Honestly, it sounds improbable to me that a malware exists unnoticed in open source software for 15 years. However, even if improbable it's better to play safe and just override the installation of stylus ( especially if you are not using it ) with an empty package until more information is released
I agree that it seems very improbable. The only possible malicious scenario I can imagine is that the Github repo is clean, but npm creds have been compromised.
The current AI generation has an additional pain point compared to the bad coworker, it's unable to learn, you can give it a rule file but it doesn't always respect it properly and it doesn't update it itself.
TLDR: the bad colleague will stop making the same mistake in the PRs the AI no
Hopefully this will change in future generations of AI
I have noticed that putting bananas in the fridge has a weird effect, the peel turns black like if it's outside, but the inside of the banana stays yellow and hard. It is very weird to peel a full black banana and find the inside normal without any browning
I see this all the time with bananas that go from green to brown without turning yellow, I always heard people blame the bananas getting too cold during shipping.
I lost it when I moved but we used to have a chart on the fridge that said which fruits you should or should not store together because they make each other ripen faster.
Anyone who has stuffed a banana into a pack or bag knows that bananas also speed up banana ripening. If you're going on an all-day hike, take the almost-ripe banana.
Bananas emit a gas that causes them to ripen faster. The same gas can also cause other fruits in the same space to ripen. It's weird but kinda useful. There are products out there claiming to absorb this gas, to keep everything fresh for longer.
Wild assed guess: the cold slows down the chemical reactions in the flesh of the banana but cannot save the skin. Putting bananas in a bag makes them ripen faster, and a fridge is just a larger enclosed space.
You can visualize it easily if you think about your own vision.
If you put an hand in from of your face ( without covering your eyes ) you will be able to see behind it even if both eyes see only a part of what is behind your hand.
Now regarding the video imagine that each pixel is an eye, and they are spreaded evenly along a circle.
There are a lot of differences between this example and what he actually did, but it should be very easy to visualize ( main difference I can think of is how much amplification he needed to do so each eye is almost blind )
This is my second live coding, it is something I started doing two days ago as a way to show my skills and create a portfolio.
I didn't share the first one because was honestly too terrible, but I think this one didn't go as bad as the first one, there's for sure a lot of room for improvement and I will be happy to hear feedback from this community, both positive and negative
