@danielsiepmann @MarcusSchwemer
fun fact, release/artifact attestation already is a thing, just not enforced.
P
pixel@desu.social
@pixel@desu.social
Posts
-
I wonder if we get a response from NPM on all the package compromises at some point + what their idea is to mitigate those. -
Live now on Twitch, playing some Minecraft together with https://x.com/JaxOffTV (Stream mostly in German)Live now on Twitch, playing some Minecraft together with https://x.com/JaxOffTV (Stream mostly in German)
-
Google started showing a permanent exclamation mark because i didn't give them my phone number -
GUESS WHAT CAT IS GONNA SIGN THEIR FIRST WORK CONTRACT TOMORROW@lio YOOOO, congrats!
-
Has Apple fixed the legibility issues with Liquid Glass now that it's released for real?@volpeon mostly...not everywhere though
-
I wonder if we get a response from NPM on all the package compromises at some point + what their idea is to mitigate those.@MarcusSchwemer the thing is: if it happens this often, the service provider should step in with mitigations as well.
Just "it's the maintainers fault" doesn't work if millions of users (and systems) are at stake.
Adding a third factor, like signatures etc. is probably what's next.
-
I wonder if we get a response from NPM on all the package compromises at some point + what their idea is to mitigate those.I wonder if we get a response from NPM on all the package compromises at some point + what their idea is to mitigate those.
-
Reset the counter, NPM packages have once again been compromised!Reset the counter, NPM packages have once again been compromised!
https://thehackernews.com/2025/09/40-npm-packages-compromised-in-supply.html
-
I've been off social media for the most part (discord included) the past few weeks and ngl it's a surreal experience, but kinda good?@Tabby was a bit scary to see you just disappear like that, but we already talked about that.
Good to hear you are doing better though :3
-
Ordered a new keyboard after mine turned into a spicy pillow container at the beginning of the week :(Ordered a new keyboard after mine turned into a spicy pillow container at the beginning of the week
-
the alarms certainly worked!the alarms certainly worked!
-
it has been 0 days since a major spearfishing attack has been announced in the Node.js ecosystem!it has been 0 days since a major spearfishing attack has been announced in the Node.js ecosystem!
https://www.heise.de/news/Grosser-Angriff-auf-node-js-10637088.html
-
Rare DB moment: We're arriving too early so we need to wait to let another train pass.my unlucky streak continues: my wireless keyboard that I took with me to the code sprint turned into a spicy pillow
-
Rare DB moment: We're arriving too early so we need to wait to let another train pass.This has been topped by: Arriving at destination hotel without a booking being reserved for me, which is honestly a bigger shock moment than train issues.
(situation has been sorted for now)
-
Rare DB moment: We're arriving too early so we need to wait to let another train pass.Rare DB moment: We're arriving too early so we need to wait to let another train pass.
-
GitHub: "a new enhancement, the profile menu is now a dropdown"GitHub: "a new enhancement, the profile menu is now a dropdown"
ah, so as it was a few years ago, before you turned it into a collapsible overlapping sidebar?
-
I have started interviewing people to learn more about how they shut down scientific research projects and/or software projects (both open source and commercial).@Weirdaholic @gvwilson I talked with Greg yesterday
-
huh, Steam is not running silky smooth today, is it?huh, Steam is not running silky smooth today, is it? :^)
-
I don't have one, I'm just wondering who wants one...@catsalad CatBait!
-
Now that Retrospring is over, I'm going to use GitHub less (unless for FOSS commitments and work stuff)Now that Retrospring is over, I'm going to use GitHub less (unless for FOSS commitments and work stuff)
So, I'm slowly migrating my projects to Codeberg
