Indeed. It reminds me of Lewis’ That Hideous Strength in a way. If we take the severed head post-brain-death and pump it with blood and oxygen and feed it impulses so that the mouth moves to form the words we tell it, is the person living again? No, it’s just a head, speaking the words it’s been given.
This. Much of the most prevalent messaging on both the extreme left and the extreme right tends to be from other countries posing as Americans. It’s also difficult to even form opinions lately as the amount of lying by all outlets is nearly impossible to sift through. All we really know is that right, left, black, white, gay or straight, nobody is actually on our side anymore.
How is it we've made it this far and we still don't have any kind of independent auditing of basic publish security on NPM? You'd think this would be collectively a trivial and high priority task (to ensure that all publishes for packages over a certain download volume are going through a session that authenticated via MFA, for instance).
> You'd think this would be collectively a trivial and high priority task (to ensure that all publishes for packages over a certain download volume are going through a session that authenticated via MFA, for instance).
Because all mainstream packages are published via CI/CD pipeline not by an MFA'd individual uploading a GZIP to npm.com
Requiring a human-in-the-loop for final, non-prerelease publication doesn't seem like that onerous of a burden. Even if you're publishing multiple releases a day on the regular (in which case ... I have questions, but anyway) there are all sorts of automations that stay secure while reducing the burden of having to manually download an artifact from CI, enter MFA, and upload it by hand.
You can still have a step that requires a certain user/group to sign off, and you can still enforce that those users have MFA set up. Almost any serious shop that expects to pass audits already does this in some form or fashion before pushing code to prod.
Can we get a non-AI-generated article for this? I think the aikido one might be fine, but if there’s a more official source let’s use that in lieu of this AI nonsense.
It’s quite possible (likely, even) for there to be more bugs reported than Apple has capacity to investigate. I assume this is just a filter they use to get the queue down to a more reasonable size and remove bug reports that are especially old (trusting that if they’re still issued they’ll be re-reported). This kind of culling happens all the time with low pri stuff and even sometimes medium pri if there’s a clear workaround.
I 100% agree when it comes to security issues. They would have to host it themselves on their intranet through AppleConnect.
I'm a bit removed from what software Apple uses nowadays. Back when I worked there ~2021 it was still a mix of native apps (Radar, Phantom) and self-hosted enterprise versions of popular development tools. (eg. GitHub)
Which is why I commented — because there was a blind spot to their point.
I interpret “modern EV” as an EV in the 2010+ era (as opposed to the original EVs from the 1880s-1910s, which were not modern) which were made for streets / commuting (as opposed to golf carts / theme park cars, which have been around for many decades). And I don’t think I’m alone when using this framing.
They are both cartoonishly expensive. This kind of watch culture to me is even more unpalatable than country club culture. At least those people are getting quite a lot of service for what they’re paying.
I think if there's ever a day I prefer country club culture to the result of an industrial designer deciding to spend a decade coming up with all the engineering hacks to make something that cool work, I'm just going to walk out into the blizzard.
reply