I'm still really sad that the Turing Machine one got enough votes, but was rejected by the LEGO judges.
My understanding is that for most package managers the signing keys are held by a smallish number of maintainers responsible for entire sections, who presumably keep those accounts pretty tightly secured. Not impossible to take over, but it's a smaller attack surface.
While for NPM as far as I know every uploader keeps their own account and there's not even signing keys to lose control of.
I'm beginning to think this "NPM" thing isn't a great idea.
I don't listen to music much, but I feel like this graph would be nearly inverted for me. Didn't care much for the music I was forced to hear on the school bus, but inherited my mom's enjoyment of both oldies and classical, and enjoy some modern music (which is just much more diverse than when I grew up, so there's something for everyone)
Rapid unscheduled disassembly.
I have a non-gossipy interest, but prefer reading about things to watching, so articles like this are nice, I otherwise wouldn't have known about it.
The article actually covers that kind of defensive work a bit (although it's all kernel internals):
"...if Rust disappeared tomorrow, we have cleaned up the C code in the kernel so much and taken in the ideas. We thank you, you've made Linux better with it just by existing."
He described new C "guards" and scoped locks inspired by Rust ...
And
Beyond language features, Kroah-Hartman tied Rust directly to a broader push around untrusted data and the idea that "all input is evil."
... He described ongoing work on an "untrusted" type wrapper and a validate method in Rust that forces explicit validation at the point where data crosses from untrusted to trusted.
Pretty sure before hiring they can check for criminal records.
Your link is missing the https:// part, and apparently at least some apps won't default to it if you make the text an explicit link like that instead of letting Lemmy do it.
Ever since abandoning ship I've maintained a negative (1 star) review every time there is an update for the app. My review contained no swearing or anything else that I think would break a rule.
This morning I went to update and found my review gone, and trying to submit a new one fails with a "Server error". I was able to review other apps.
The app in the screenshot is URLCheck, it is my "default browser" and allows me to see where a link is going and edit it or choose what to open it in.
It's showing that the ! link I tapped on the bottom of the screen got an "https:/" (one slash) put in front of it instead of being treated as a proper link to a community.
The same thing happens with @ links:
Epic win! Lol!
All your base are belong to us.
Ceiling cat is watching
Etc, etc.
NewPipe at least already doesn't use the API, it scrapes the website.
... Which it just occurred to me might be one of the reasons Google is pushing that web integrity thing. Dang.
This thing has saved me multiple times. Not always the easiest to work with, but has all the utilities I needed to deal with hard drive upgrades, etc. Including for windows machines.