typically attacks happen when the URL for the source code or binary gets changed significantly... or like in this attack someone adds something to the post_install section which does something like add an npm install command. a lot of updates for binaries are just version bumps and SHA hashes changing which are easy to vet if you trust the source to not be compromised.

you might be interested in https://github.com/boyter/cs

pretty fast and neat project to search code interactively with a lot of optimizations on finding the right thing

The bottleneck, in my case, was indeed the poorly designed GUI of JetBrains and VSCode versus CLI. By migrating to CLI, I have abandoned intelligent queries as well. This project seems like a bridge: it preserves CLI, but restores the queries.

This is a promising road that I would probably not take. I have learned to live with simple per-line regular expressions. I have never felt that they slow me down.

In fact, the opposite is true: they let me craft fuzzy queries clearly, i.e., to balance the fuzziness across the query. I’ve never learned to do that with the black-box intelligent queries, which severely limited my scope in the past.

Came here to post than and you already did. Thank you!

security researchers not the ones shipping the faulty code.

We’re not talking about security researchers here:

> there is lots to gain from being the first to write about the new malware on some registry, so *companies* are actively downloading and inspecting literally every package.

(Emphasis mine)

yeah security researchers at security companies are the ones we are talking about.

>We’re not talking about security researchers here:

we are.

"companies" in this context is "security companies" (hence why they are "downloading and inspecting every package", which would not make sense if referring to the people authoring and shipping a single package)

the thing for me is I started using the init system and while it was fine it always felt brittle for some reason. systemd feels solid and robust like it was well thought out. maybe i'm off base and didn't know how to use init effectively but it was my feeling.

that and cron always felt fragile too with a lot of quirks and limitations you had to work around instead of being a robust thing from the start.

you can organize them however you want on your system and then use symlinks to make them available.

there's also `systemctl --all list-timers` to view them.

it's a probabilistic model so, while you can put that in there, it has some probability of just ignoring you and doing it anyway.

It's useful for me to have a "production" website remote that i just run on my computer for myself locally. rsync could also work but tagging with rollbacks make it easier if something goes wrong. it's not a common thing but it's nice to have that as an option. just because you can't see the utility of it doesn't make it useless

True, but TFA did not actually present any use cases.

considering nvidia has garbage gpu drivers in linux land and amd has pretty good ones i suspect you’re correct.

what's funny is the website looks AI generated though that's just the style of the time i guess.

No I actually do think this is AI generated. I came here to say the same.

Brokovich might not know it. But her web people certainly used AI to build this site. From the Emojis, cards, to the single colored left border.

the more I look at it the more I think this is AI yeah. sigh. I'm tired boss.

I came here to say this. I'm highly confident the site was built with Claude. I asked Claude how it was built and Claude was confident it was built with Claude. Kind of ironic, honestly.

navidrome is pretty good.