we should just write the code how it should be

Notably, that's not what he says. He didn't say in general. He said "for once, [after this already long discussion], let's push back here". (Literally "this time we push back")

who need a secure OS (all of them) will opt to not use Linux if it doesn’t plug these holes

I'm not so sure about that. He's making a fair assessment. These are very intricate attack vectors. Security assessment is risk assessment either way. Whether you're weighing a significant performance loss against low risk potentially high impact attack vectors or assess the risk directly doesn't make that much of a difference.

These are so intricate and unlikely to occur, with other firmware patches in line, or alternative hardware, that there's alternative options and acceptable risk.

Code before:

async function createUser(user) {
    if (!validateUserInput(user)) {
        throw new Error('u105');
    }

    const rules = [/[a-z]{1,}/, /[A-Z]{1,}/, /[0-9]{1,}/, /\W{1,}/];
    if (user.password.length >= 8 && rules.every((rule) => rule.test(user.password))) {
        if (await userService.getUserByEmail(user.email)) {
            throw new Error('u212');
        }
    } else {
        throw new Error('u201');
    }

    user.password = await hashPassword(user.password);
    return userService.create(user);
}

Here's how I would refac it for my personal readability. I would certainly introduce class types for some concern structuring and not dangling functions, but that'd be the next step and I'm also not too familiar with TypeScript differences to JavaScript.

const passwordRules = [/[a-z]{1,}/, /[A-Z]{1,}/, /[0-9]{1,}/, /\W{1,}/]
function validatePassword(plainPassword) => plainPassword.length >= 8 && passwordRules.every((rule) => rule.test(plainPassword))
async function userExists(email) => await userService.getUserByEmail(user.email)

async function createUser(user) {
    // What is validateUserInput? Why does it not validate the password?
    if (!validateUserInput(user)) throw new Error('u105')
    // Why do we check for password before email? I would expect the other way around.
    if (!validatePassword(user.password)) throw new Error('u201')
    if (!userExists(user.email)) throw new Error('u212')

    const hashedPassword = await hashPassword(user.password)
    return userService.create({ email: user.email, hashedPassword: hashedPassword });
}

Noteworthy:

• Contrary to most JS code, [for independent/new code] I use the non-semicolon-ending style following JavaScript Standard Style - see their no semicolons rule with reasoning; I don't actually know whether that's even valid TypeScript, I just fell back into JS
• I use oneliners for simple check-error-early-returns
• I commented what was confusing to me
• I do things like this to fully understand code even if in the end I revert it and whether I implement a fix or not. Committing refacs is also a big part of what I do, but it's not always feasible.
• I made the different interface to userService.create (a different kind of user object) explicit
• I named the parameter in validatePassword plainPasswort to make the expectation clear, and in the createUser function more clearly and obviously differentiate between "the passwords"/what password is. (In C# I would use a param label on call validatePassword(plainPassword: user.password) which would make the interface expectation and label transformation from interface to logic clear.

Structurally, it's not that different from the post suggestion. But it doesn't truth-able value interpretation, and it goes a bit further.

By any chance, do you use a niche language that has only two programmers?

They have the blog post date in the title but I don't see it on the page. Header head nor bottom.

"We value your privacy"

yeah, no, very obviously you don't

You're saying wrong solution but point to the right solution in the same standard?

• Description: Zapier uses two custom HTTP header fields named X- API-Deprecation-Date and X-API-Deprecation-Info

Is your issue with the field name only? Why do you say wrong solution then?

What conclusion did you come to?

How does it display emotes in the terminal? Does it include FFZ, 7tv, BTTV emotes?

Yeah. But OP specifically mentioned them disliking Fish because it's not POSIX.

I'm familiar and usually working with .NET, and am a strong advocate for it.

• The language is similar to Java, so not that difficult of a switch language-wise. Visual Studio makes good suggestions introducing you to newer and more concise syntax too. If you install the VS SonarLint extension it'll guide you to good practices.
• Excluding the GUI for now; you can target cross-platform.
• GUI is somewhat of a mess like anywhere else, but you have decent options and you certainly have more viable alternatives compared to other languages. If your target is cross platform, check out MAUI for the recommended/officially suggested approach. I find the XML GUI coding irritating and inconvenient, but it is well-established and popular. Although I haven't implemented a noteworthy project with it, I prefer coding UI in web tech, so I like that you can embed a WebView2 and connect and bind between the C# code and the HTML rendering. Using WebView2 for program GUI requires a container app window. Targeting Web/Browser-rendering directly is viable too with Blazor and more broadly ASP.NET with multiple alternatives and openness to web frontend UI frameworks and libs.
• With one project structure the project can be worked with with dotnet CLI (leaving users open to use their own IDE or text editor choice), Visual Studio, or Visual Studio Code. NuGet packages as dependencies are automatically handled within the default build toolchain.
• .NET is well-established and popular.
• Official documentation is great. It is exhaustive, with guidance, references, examples, and tutorials. It is open to feedback and change requests/suggestions.

As for what you tried, how I would personally react to a project:

I don't like python. For anything that is not a script, I would likely skip considering contributing. It is an overall popular language though. Prevalent as a language, and at least reasonably popular / niche-popular for apps with UI.

C++ is a mess to set up and manage. Qt is huge. It's popular and powerful. But in the aspect of low-barrier, it is the opposite.

What is a SPAC?

https://en.m.wikipedia.org/wiki/Special-purpose_acquisition_company