Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)N

nous

@ nous @programming.dev

Posts
0
Comments
389
Joined
3 yr. ago

  • UK launches consultation asking for views on under-16s social media ban

    Jump

  • In an open letter to the prime minister, Labour MPs said "successive governments" had done "too little to protect young people from... unregulated, addictive social media platforms".

    They are focusing on the wrong thing. The problem is not young people access it, it the unregulated and addictive parts. Those affect everyone not just the young. Regulate the addictive behaviours of these platforms and protect everyone. Don't just force ages ineffective age verification that harms the privacy of everyone.

  • Is it a bad practice to replace compiler warnings with a bunch of TODO notes?

    Jump

  • I treat warning as todos. Fix them all before I release something. I would only ever disable one if I know for a fact the warning is a false positive.

    I would question why you are seeing so many warnings you are not sure about? If you keep on top of them you really shouldn't have that many. Marking them all as allowed with a Todo comment feels just like you are burying you head in the sand.

    I would leave them all there to keep nudging you to investigate and remove them. Hiding them behind a Todo will just mean you will ignore them. And warnings are important, they very likely point to a problem, even if that is just the code could be simpler. It is rare they are true false positives.

  • Why is nftables a dependency for docker?

    Jump

  • Looks like there is going to be a shift to using nftables in arch. The iptables package in core is currently for the legacy interface with an iptables-nft package for the new interface, but the core-testing iptables package is for nft interface and there is now a iptables-legacy package in core-testing.

    My guess is they are moving packages that can work with nftables to depend on that instead of iptables which looks like it is shortly going to be using the new nftables interface anyway. Probably as part of migrating to nftables by default. Looks like docker does have experimental support for nftables in version 1.29 and that is when the dependency was added to the PKGBUILD script.

    It does not look like nftables or iptables conflict with each other at a package level. And nftables can work with iptables rules.

    It is probably worth just migrating to nftables now if you rely on managing iptables yourself.

  • Don't create .gitkeep files, use .gitignore instead

    Jump

  • Why do this at all. Design your tools and systems to create directories in the repo that are needed if they don't exist.

  • US plans online portal to bypass content bans in Europe and elsewhere

    Jump

  • One source said officials had discussed including a virtual private network function to make a user's traffic appear to originate in the U.S. and added that user activity on the site will not be tracked.

    Somehow I don't believe that last part 🤔

  • Environmental protest group Extinction Rebellion says FBI is investigating it for terrorism

    Jump

  • Free speech for him, not for you.

  • You probably can't trust your password manager if it's compromised

    Jump

  • You really don't. And probably shouldn't. Remember this is the findings of a pen testing company that was working with these password managers. They found some issues. Issues that are very hard to pull off - you need the password manager servers to be completely compromised. Which is not something that happens often if at all. Vastly more common is just data exfiltration which bitwarden is secure against. Additionally the issues have already been addressed, in bitwardens article linked in that one:

    All issues have been addressed by Bitwarden. Seven of which have been resolved or are in active remediation by the Bitwarden team. The remaining three issues have been accepted as intentional design decisions necessary for product functionality.

    So you are already safer then before without having to do anything. Switching now all you are doing is switching to a provider that has not undergone this testing and may or may not have similar issues.

    Don't just jump at the first mention of things like this. You really need to look at the companies response - like Lastpasses who have given a token statement that basically says they are not going to fix these issues any time soon if at all. Stay away from companies like that. But companies like Bitwarden that actively fix issues that are found are worth sticking with.

  • You probably can't trust your password manager if it's compromised

    Jump

  • The companies responses are probably more important then the findings.

    Dashlane published a comprehensive response, thanking the researchers, and said the infoseccers' decision to test using a malicious server model represented "a useful exercise."

    The vendor also confirmed it had fixed the most serious issue

    Which is what you want to hear. The worst of the issues has been fixed and they look like they want to improve things further.

    Bitwarden, meanwhile, said in a post: "Bitwarden has never been breached and believes third-party security assessments like these are critical to continue providing state of the art security to individuals and organizations."

    Is less encouraging although not damning. Would be nicer to hear they are hardening things in case of a breach rather than just relying on not being breached. They could still be doing that though.

    A LastPass spokesperson told The Reg: "Our Security team is grateful for the opportunity to engage with ETH Zurich and benefit from their research. While our own assessment of these risks may not fully align with the severity ratings assigned by the ETH Zurich team, we take all reported security findings seriously. We have already implemented multiple near‑term hardening measures while also establishing plans to remediate or reinforce the relevant components of our service on a timeline commensurate with the assessed risk."

    Is just terrible. Basically they don't think they have a problem and have done nothing more then a token effort to fix the easiest of things. I believe they have been breached before as well which is also a bad sign. They just don't seem to care about security at all. I would continue to recommend no one use last pass and everyone one switch away from it.

  • AI agent writes blog post to shame a developer after he refused it's code contribution.

    Jump

  • I don't fully believe this is purely an AI agent. Not after the moltbot incident raised how many humans where responsible for the posts on it. It just seems to be an attempt to make LLMs seems more autonomous then they actually are. It may have been written by an LLM, but I bet it was directed by a human trying to stir up drama.

  • How to Save Multiple Drafts in Git: A Guide to Using Stash

    Jump

  • This sounds all well and good. But I find in practice it never works very well. Too easy to gain a conflict which then messes with the stash (things remain in the stash and need to be dropped if you remember to). I always found it a pain to manage.

    These days I just commit everything to master. When I start work on one feature to realise I need something else or to refactor something else first the I do that work, patch commit the changes, create a branch and checkout a new worktree, cherry pick the changes and push that branch to create a pull request. Then continue with the previous work while I wait to get the previous work merged.

    Have a script which basically lets me do all that with a single command. And I never need to manage the stash. The only time I use the stash is with a rebase or pull etc with the --auto-stash flag. Which pops things off when it's done anyway. The stash only really works for very temporary stuff like that.

  • Why E cores make Apple Silicon fast

    Jump

  • Basically they don't. It is the scheduling pinning background processes to a subset of the cores leaving others free for foreground tasks that is what helps.

    The E cores just give a convenient way to split them. They could have done the same thing on intel macs or any other computer that does not have e cores.

    The big benefit to e cores is they are more power efficient for tasks that don't need performance.

  • Systemd Timer units

    Jump

  • Typo on my part.

  • Anthropic Claude Max $200/mo: They claim 99% uptime, I calculated 84% Loss: $780

    Jump

  • — Lost work productivity (5 days × $150)

    The way I read this is they cannot do ANY work without AI. Maybe you should consider if locking yourself into a tool that is so unreliable (with nothing in their terms of service) if you cannot do any work without it is the right choice? Rather than just demanding compensation.

  • Systemd Timer units

    Jump

  • Note that you can use systemctl list-timers to see all active timers including when they will next run and when they last ran. This is very useful for seeing if you have set things up correctly.

    There are multiple ways to do this as well. You can do

     
        
OnCalendar=Sun 03:00
Persistent=true

    To run every Sunday at 3am. And will run immediately when activated if the last time was skipped due to the system being off. Think that is the closest to your cron job.

    You can also

     
        
OnCalendar=weekly
Persistent=true

    If you don't care when it will run. This is equivalent to Mon *-*-* 00:00:00.

  • Kilobyte is precisely 1000 bytes

    Jump

  • KiB was defined decades ago... Way back in 1999. Before that it was not well defined. kb could mean binary or decimal depending on what or who was doing the measurements.

  • Axe for Linton bus service that costs £98 per passenger to run

    Jump

  • It's both. If busses are cheap and reliable more people will use them. If more people use them they are cheaper to run. Which creates a positive feedback loop to a point.

    You can make busses cheaper for people by other means though - like council/government substitutes or running at a loss for a bit. You need to do something to get more people, you cannot just force people to take the bus before doing anything else.

  • Deleted

    I'm struggling with Python, as someone who started with C, Java, PHP and JS

    Jump

  • You have picked some weird hills to die on there.

    for x in list:

    This is fine. Many languages now do it. The extra brackets around a for or if dont really add any clarity or make things easier or harder to read. This is the type of thing you just get used to and prefer what you are used to. You get over it quickly.

    Why would you provide a way to type parameters but don’t enforce it at runtime?

    This is a bit stupid, but really is legacy reasons for it. Since it didnt use to have static type declarations and wants to remain somewhat backwards compatible it needs to ignore them at runtime. But as a JS and PHP developer you should be used to this. Both do the same thing as python here with types (well, TS for JS and the many other attempts at getting types into JS). So it is weird that you are singling out python for this behavior.

    Why so many different ways to declare an array-like structure? Tuples, Sets, Dicts, Lists?

    DIcts are not array like here. Tuples sets and lists are all common is many languages as well. PHP is a real weird case here given everything, even arrays are effectively a dict - that is a strange language design feature. But Java is way worst for different types of array types in the language.

    I’m mainly using it because of interoperability, easy to setup, i

    What? I hate setting up python projects. Each one wants to use a different dependency or version manager. Yeah you might have python on most systems but they are all different versions and python is famously terrible at backwards compatibility. It seems every few versions they throw something in the breaks some existing scripts so you really need a version manager for things. Which is more complex setup and management of things. There are far too many different tools to help you with this and fetching dependencies which means if you work on lots of different projects by different people you have a hodge podge of diffing tools you need. It is a complete mess.

    Personally I hate python as a language, but you have picked some minor points that IMO dont really matter or that the other languages you use also suffer from. There are far better things to pick from that are far more annoying in the language.

  • UK lawsuit against Valve given the go-ahead, Steam owner facing up to £656 million in damages

    Jump

  • I get this but, for what I know (I might be wrong tho), steam doesn’t get a cut from keys sold externally so they are technically selling them at better conditions elsewhere?

    It is a grey area. But I think the key point is that humble bundle at least don't distribute the games in the same way as epic does. They typically offer steam keys which they get from steam probably with a different license or agreement with steam. Valve seems to not care that much about how the game is sold as long as you can activate it on steam. It cares more about people buying games on a competing platform cheaper then they can get a steam key for.

    I know that but that’s not really steam’s fault?

    Whos fault it is is irrelevant. If you have effective monopolistic power you are effectively a monopoly. If you abuse that power then that is bad. Does not really matter if you got there because you mostly do things people like or bully your way there. If you abuse the power that is still bad. And they could arguably be abusing that power against game devs by setting a fixed 30% fee with the devs not having much if any power to argue for less.

  • UK lawsuit against Valve given the go-ahead, Steam owner facing up to £656 million in damages

    Jump

  • Not sure I'm understanding this but... how do you explain when we find in official retailers such as fanatical or humble same games at lower prices?

    At least for humble store, they essentially sell steam keys. Which at least complicates that argument. So it is not really a different distribution channel and the product is available on steam for that price. Just not on the Steam store.

    This I get, but couldn't valve simply say: "Go to epic store if you want lower fees"?

    Steam have an effective monopoly here. Even if they have that because all the other platforms are shit. So the argument for just going to another store doesn't really help as that just causes a massive loss in the market share of who you can sell your game to. Plus if you consider the other requirements of if you sell on steam you cannot make your game cheaper via a different distribution method means that you have to eat that feeling and cannot pass it on to customers. Which does not give game Devs much power to negotiate for a lower fee at all.