One of the two associations is in power and actively dismantling society. The other develops a technical product and runs a Lemmy instance many people and other instances have blocked.

Handling or concluding them a bit differently seems quite fine to me.

That being said, I've seen plenty of Lemmy dev connection criticism on this platform. I can't say the same about FUTO.

What is the vulnerability, what is the attack vector, and how does it work? The technical context from the linked source Edera

This vulnerability is a desynchronization flaw that allows an attacker to "smuggle" additional archive entries into TAR extractions. It occurs when processing nested TAR files that exhibit a specific mismatch between their PAX extended headers and ustar headers.

The flaw stems from the parser's inconsistent logic when determining file data boundaries:

1. A file entry has both PAX and ustar headers.
2. The PAX header correctly specifies the actual file size (size=X, e.g., 1MB).
3. The ustar header incorrectly specifies zero size (size=0).
4. The vulnerable tokio-tar parser incorrectly advances the stream position based on the ustar size (0 bytes) instead of the PAX size (X bytes).

By advancing 0 bytes, the parser fails to skip over the actual file data (which is a nested TAR archive) and immediately encounters the next valid TAR header located at the start of the nested archive. It then incorrectly interprets the inner archive's headers as legitimate entries belonging to the outer archive.

This leads to:

• File overwriting attacks within extraction directories.
• Supply chain attacks via build system and package manager exploitation.
• Bill-of-materials (BOM) bypass for security scanning.

What makes this URL an API?

Do they disclose it as free use anywhere?

The official Anthropic post/announcement

Very interesting read

The math guessing game (lol), the bullshitting of "thinking out loud", being able to identify hidden (trained) biases, looking ahead when producing text, following multi-step reasoning, analyzing jailbreak prompts, analysis of antihallucination training and hallucinations

At the same time, we recognize the limitations of our current approach. Even on short, simple prompts, our method only captures a fraction of the total computation performed by Claude, and the mechanisms we do see may have some artifacts based on our tools which don't reflect what is going on in the underlying model. It currently takes a few hours of human effort to understand the circuits we see, even on prompts with only tens of words.

Without having looked into it, I find it plausible that it could take several patchsets to come to an assessment of consequences and conclusion. Especially as they happen alongside assessments and discussion. The patchset number may also be largely irrelevant depending on what was changed.

Yes, absolutely.

I've been using it for a while. I'm not super/very command-line centered, but I use it as my default shell on Windows. I did not set it up as a default shell on [my] Linux servers.

There was a bit of a time investment in making the switch, but I enjoy it a lot, and have used a few data querying and transformation functionalities that would have been much harder in other shells, requiring additional apps; I would have probably created custom C# CLI apps for them. Nushell allowed me to do those in the shell, directly, with native operations.

I've also set up a few very useful aliases and commands; Like dl for yt-dlp, and dl opus for downloading highest quality opus audio. Or ff for a few ffmpeg conversions.

I've also contributed a bit upstream. Maybe I'll get more into Rust and be able to contribute more, and to the core.

I have my setup/configuration and scripts in a public nushell-config repo.

Examples, of how I used it productively:

Download my paged Steam reviews because Steam doesn't provide GDPR compliant exports, transforming the awful shitty HTML with query web into structured data, and transforming it into Markdown files for my website.

At work; For a list of device IDs, create JSON command files, transform them into BSON via CLI call, en-mass. (We have multiple hundreds such devices. Configuration and firmware updates require mass-updates via individually addressed command files.)

Parse and analyze DMARC reports for reported issues, and to identify report format differences from different reporters.

I'm sure I did more things, but that's what came to mind right now.

Because of how much I love Nushell, I've created a community a little while ago, !nushell@programming.dev, if you're interested.

Exactly. It's a matter of barrier and interest. Signup requirements are a barrier to drive-by improvements and reports, and them as entry points to further contributions.

Python’s major pro is its simple, straightforward syntax, which excels at data handling. This has made it popular with novices of all shades […]

For first-timer coders, Python is easier to learn, understand, and adapt than many low-level programming languages […]

Is python being easy to learn actually true? I can see it being easier than low-level programming. But there's other alternatives like C# and Java that certainly seem much better and easier to me. Especially when you consider the ecosystem around only writing code.

Plus, the Python language is a steadfast feature in the desktop Linux software landscape. It’s preinstalled on most Linux distributions, boasts extensive library support, and can be used to fashion very cool (as well as very basic) Qt, GTK, and other toolkit UIs.

It's certainly available, and more readily available on Linux. The whole v2 v3 mess was lackluster. But I guess preinstalled is convenient, and more accessible than installable Java or whatever.

I've never seen JavaScript or Python popularity as evidence or correlating with actual qualities. More with a self-promoting usage. Python was being used in science, then in AI, then AI became popular. To me, it seems like a natural propagation consequence more than simplicity or features over other frameworks and languages.

Can't or don't want to?

I got into a project starting out with translations. Then community support. Then wrote a web interface to the desktop/server application. Then got into the project itself.

Many projects have a contributing document or page with pointers. In general, being part of the community, providing information or support, improving documentation, or the bug tracker (reproduction, labeling, discussing/guiding), translating.

What can be done and what makes sense varies a lot depending on project size and popularity too.

Can you search for the search?

They were prevalent. Then they started with adware. Then they bundled adware without developer consent.

Eventually they were bought with a goal of deshittyfication. So theyre fine and have good offerings, but the UI and UX is much worse than other platforms (never improved).

https://en.wikipedia.org/wiki/SourceForge#Adware_controversy

I think the guideline should be: future software should be written on a whim