Wha?! How is this even possible? Almost 1 GiB per day? I don't even watch the videos or anything.

Just received an SMS from an unknown number. Moments after, Google changed that to show me the first and last name of the person. How is this legal?

What are people using to track their reading these days? Goodreads, Storygraph? #reading

Will Github ever take spam detection seriously? Aka at all? They don't have even at the most basic blatant spam detection that any self-respecting email provider had 15 years ago, and now that we have AI you'd think it would be useful at least for this. Why do I have to keep doing this manually?

My assessment is that they're forcing people into Github Actions while not solving any of the recent problems? github.blog/security/sup...

How come verdaccio does not have a way to quarantine packages for a number of hours? Anyone tried building a plugin for that?

either npm with staged package publishes that you can only promote manually using 2FA, or GHA workflows being able to pause and enter info or visit a URL, yep

I guess it's time to start keeping some food stuffs in the car...

I spent some time reading posts on Reddit yesterday, tons of partial and misguided information. Everybody here seems to think that OICD is the golden ticket, but that’s also not the case.

come on can we have at least one nice thing

In a cryptographically verified communication system you mistrust anyone that has changed their encryption key until you have verified it out of bounds. In a multi-maintainer scenario like now, npm should require confirmation from at least one other maintainer if an account changes eg 2FA

Soooooooo... When are we starting attempts to claw back npm from Microsoft?

They said "before the end of summer" and they delivered 🥹 help.kobo.com/hc/en-us/art...

Automated threat detection be all like "A threat actor might use this command! Are you sure it's ok to use this command? Maybe don't use this command?" 🤬

Hold on, so nx did not have 2fa?

We did this great push to make sure JS related queries result in MDN being first on Google. Simultaneously, Google trained their users to ignore the first result (which is usually spam). And so I just observed a candidate going straight to W3Schools to look up the syntax for whatever they needed..

Where in the SBOM do you include the SLOP?

Truthiness. It's bloody truthiness all the way down. 20 years of truthiness in a couple of months! And look how it has grown up 🥹 pure, undistilled, industrial grade, weaponized truthiness. Probably deserves a celebration (aka getting drunk and crying a lot).

And still no 2fa workflow? This is *not* more secure than a human who uses 2fa. Cant put 2fa in front of a GHA run yet, and without a 3rd party you cannot do a 2fa for npm for publish. Instead of promoting security theater, please put pressure on @github.com to actually address the real problem.

copilot complained that the repo doesn't have copilot instructions on a comment **in the PR in which copilot is generating copilot instructions**, in case you wondered how the robot uprising is going

Thinking of getting IKEA kitchen furniture for my home office 🤔 At least I can get the stuff in the sizes and colors close to what I'd like to have them.

Opened up an old file today. It had a .clearfix class in there. Those were the days.

Have y'all gone on holidays or back to Twitter?

Heads up that v3.3.1 of npmjs.com/is has malware in it, due to another maintainer’s account being hijacked. They’re removed for now, v3.3.0 is set at latest, v3.3.1 is deprecated, and a v3.3.2 will be published once I’m not on my phone (thx @github.com codespaces)

Using LLM as a fancy autocomplete can be nice. They have improved and they get more things right. One thing they have not improved on is stopping. If I accepted your suggestion, and then stopped typing - maybe, just maybe, I now have enough of code. But nope, infinite paperclips need to be made.

I was traveling during the week, so had to wait until today to put this on to honor the author of this t-shirt. A lot of the success that was enabled in my life can be traced back to this.

The API is the UI for developers, it needs UX just as much as the graphical interface does. It's just lazy to suggest that the users are developers so they should be able to deal with the pain of navigating it. You should be making it easy for users, not yourselves.

Why do Bluesky sessions in the Android app expire so often? No other social network does that.

I JUST MET YOU THIS IS CRAZY HERE WE ARE NOW CALL ME MAYBE

Spent half a day trying to get ChatGPT to convert a PDF floor plan into a HomeAssistant config for toggling lights. Gave up in the end and just did it myself. In the Gartner Hype Cycle for AI, it feels like I'm going straight to Trough of Disillusionment. Probably not getting out of it either.

Imagine you'd need to give away this much of your privacy when buying milk 🤬 but clearly even with this number of competitors, the user experience is still not a priority. Oh how I'd love just tap my payment cart when I need a charge...

I'm using the same PromQL queries in Grafana dashboards, in Helm charts to drive scaling with KEDA and in Javascript to generate reports (where Grafana/Thanos/Prometheus simply can't handle the workload).

We have a cronjob to spot unwanted utf8 letters in #curl PRs as we have noticed that GitHub will gladly show the for example (identical) Cyrillic version of a letter next to the Latin version in a diff and it is yes, entirely impossible for a human to spot […] [Original post on mastodon.social]

Short thread about how I tripped and fell on a $1500 Cursor auth bypass (mostly because burp suite is rad)

Is there a small device that would try to connect to any network it can find and phone home for instructions? Thinking of building something fancier than the typical tags as an anti-theft measure. Does not need to be battery powered, although feeding off 220v would probably be bulky?

For the love of humanity, I don't understand if they meant this or if this is sarcasm. www.economist.com/finance-and-...

Worked on an experiment with the 4th grader for a science thing. Learnt a very valuable lesson on how quickly the brain comes up with an explanation after the eyes take the wrong measurement.

Frankly, you don't often get to read a security incident report written up (and addressed!) this professionally. Thanks, Node.js security team.

We made it folks! 3 months! We did it! Only 45 more to go!

I see accounts on twitter whose sole purpose seems to be to go around and insult people. I figure these are bots (although I do believe there are humans like that too). But I don't really understand the purpose of that.

Fine, you have it, I'd really like to get AI to code me up the idea I've had for a while. The gotcha is that there's no way I can try that using AI, cause it involves verifying signatures (private/public key)...

Is this where the normal people have gone? I'm hoping so.

Is the node.js certification exam going away?

So what you're saying, MCP is a method to force backend developers to write decent documentation?

This was so necessary in my life right now. torpublishinggroup.com/when-the-moo...

"WHY ARE YOU LITHUANIANS SO RUSSOPHOBIC?" I wish you’d ask my grandmother how most of my family died. She’d say: The Russians killed one. Burned another. Tortured one so badly we still don’t know where his remains are. That’s your communist fairytale.

Please stop using the word observability when you mean "generate telemetry" Telemetry data is important, but observability is about the understanding, not the data.

You're not a real engineer unless you've implied someone else isn't a real engineer.

npm does have the `before` flag which should do what you want docs.npmjs.com/cli/v11/usin...

"Make this as user hostile as possible" -- ancient otel proverb