Skip Navigation

Kissaki

@ Kissaki @programming.dev

Posts
224
Comments
1464
Joined
3 yr. ago

  • Using GitHub as a landing page for small source‑available tools — does this model make sense?

    Jump

  • I assume it's not against GitHub terms, but I find it inappropriate and unfitting. Smells like marketing for discoverability with no content, just forwarding. Which is a thing of course, but if you're asking me as a developer and personally, I'd prefer the project not do that. A repo as a pure landing page uses nothing of what makes a repo a repo.

    If it's a developer creating their portfolio and linking their distributed projects to their developer profile, I think I can see some value in that. But in that case, all of them should be in one repo.

  • Let's talk CLI/TUI and Developer Workflows!

    Jump

  • It's an encompassing shell with great data handling and native parsing and encoding/decoding.

    I much prefer it over other shells or scripts and have used it for various things, in general, and related to data analysis, data transformation, and data generation.

  • Let's talk CLI/TUI and Developer Workflows!

    Jump

  • PWAs 2.0: Offline-First

    Jump

  • Why is this called 2.0? PWA without offline is assumed to be 1.0?

    I don't like them randomly defining and attributing version numbers to standards. These versions don't exist. And they don't even define them.

    PWA and offline capability has been around for a while. PWA typically raises the question of offline capability. That's not a new thing or a new standard.

  • Fresh 2.3: Zero JS by default, View Transitions, and Temporal support

    Jump

  • That's a fast downhill lemon

  • The Sticky Header that Sticks!

    Jump

  • Creating a sticky header is an easy task with position: sticky. But what about a sticky header that sticks for real?

    I don't get it. Sticky is sticky. What is "sticks for real"? The example looks no more sticky than normal sticky. Except is has a different shape.

  • Looking for an RSS Reader

    Jump

  • Please add cross-references when you post the same post to two communities at the same time. That way, people can find the other comments and discussion.

  • Cal.com goes closed source “because of security”

    Jump

  • Open core, closed extensions. Not really clear how that significantly improves the situation. I doubt they'll diverge the two code bases(?).

    The vault symbolism is pretty bad. A software product is much different to a vault, and a sister-vault-product you publish the blueprint for anyway.

    At the same time, we still care deeply about open source. That’s why we are releasing a version of our codebase to the community under the MIT license as Cal.diy.

    While our production codebase has significantly diverged, including major rewrites of core systems like authentication and data handling, we want to ensure there is still a truly open version available for developers, hobbyists, and anyone who wants to explore and experiment.

    Huh? I don't get it. So the open product is an older, worse/different version/codebase? And they can do that without impacting their product risk because it's different?

  • What do you want out of a coding monospace font?

    Jump

  • Cascadia Code is a Microsoft font (their most recent coding font). Because the name is protected, Nerd Fonts forks the name.

  • 108 more Chrome extensions found to be injecting ads and harvesting data

    Jump

  • 54 extensions steal Google account identity via OAuth2

    It's embarrassing the Chrome extension store/infrastructure does not catch these

  • 108 more Chrome extensions found to be injecting ads and harvesting data

    Jump

  • I wonder what upsides those "web client" extensions bring for platforms you could just open "clients" as websites for (telegram, tiktok listed). Not need to install an extension.

  • imaging question in python

    Jump

  • Things you didn't know about indexes

    Jump

  • I knew - bait title

  • FSF on OnlyOffice/EuroOffice: You cannot use the GNU (A)GPL to take software freedom away

    Jump

  • The (A)GPLv3 makes it clear that it permits all licensees to remove any additional terms that are "further restrictions" under the (A)GPLv3. It states, "[i]f the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term."

    Interesting, and quite clear.

    The whole response is very good, reasonable, and direct.

    I'm interested to see what OnlyOffice will do. Maybe they'll relicense their whole product, leading to a community fork under AGPL.

  • FSF on OnlyOffice/EuroOffice: You cannot use the GNU (A)GPL to take software freedom away

    Jump

  • Cooperation and sharing performs significantly better for collective gains. This applies to all kinds of concepts. Science, public infrastructure, common goods, common resources, governance, trade agreements, EU, medicine, software…

    Where it becomes problematic is when parties reap gains without participating. Using science to develop products and gain further knowledge without sharing them, using public infrastructure without paying taxes, using common infrastructure and frameworks without committing to them, nationalism, monopolies on medicine, proprietary software and platforms that are not cooperative…

    Much of our transformation and development speed and gains in the last century has been in a framework of cooperation. In the current global politics, we can see and imagine what rejecting cooperation could lead to and where it could lead us to.

    FOSS is great for the same reasons as other forms of cooperation: Collective gains.

    Unfortunately, we have not solved the issue of beneficiaries that don't actively participate and contribute yet.

    In patent law, you publish your findings and get a timespan of authoritative use and control but at the same time commit to it being publicly accessible and at some point usable. Some software licenses attempt to do the same.

    In music licensing, there's frameworks for collective licensing.

    Some frameworks use centralized/government regulation and prosecution to ensure play-fair systems. (To varying degrees and success, obviously.)

    I get where you're coming from, but I disagree [with disliking the software freedom]. The upsides and collective gains of software freedom are undeniable. Where we need to do and establish more, and some things are happening in some places, is to ensure a positive collaborative environment overall.

  • What do you want out of a coding monospace font?

    Jump

  • I use Cascadia Code / the NerdFonts extension Caskaydia Code.

    Primarily I look for readability, distinguishability. Ligatures are nice, I came to like them. Eligibility on different font sizes and weight/bold and italic, and colors - they must remain very readable and distinguishable.

    I'm using the same font (family) for coding and terminal/console.

  • What do you want out of a coding monospace font?

    Jump

  • Connected strokes in italic style, vivify your code.

    That's cool and interesting (you can see it in action and toggle-compare on the linked website)

    I wonder how distracting it would be in code, though. If it is, their configurability allows skipping that feature though, which is great.

  • I built a small library to assert EF Core SQL query counts in integration tests (catch N+1 in 3 lines)

    Jump

  • Is the MVC requirement a lib development dependency to cover MVC use cases, or can I only use it in MVC projects?

    Looks like WebApplicationFactory is in the MVC namespace, so I assume this is only for MVC [integration] testing?

  • Opensource @programming.dev
    Kissaki @programming.dev

    I accidentally started a green screen revolution... - Corridor Crew (YouTube, 19min) (Repo-Links in desc)

  • No one owes you supply-chain security

    Jump

  • Not updating with audit would work if every direct and transient dependency provided security updates for every version. But they don't. Often, security updates are for the most recent version or versions, and if you're far behind, you now have to audit a lot more.

    Transient dependencies are an audit problem, too. To audit something, you have to essentially audit recursively. Many libs use many other libs of varied authors.

    Our systems are too open, too vulnerable. A build or check being able to access all resources is a fundamental systematic vulnerability.

  • I just tried vibe coding with Claude

    Jump

  • .net runtime after 10 months of using and measuring where LLMs (including latest Claude models) shine reported a mindboggling success rate peaking at 75% (sic!) for changes of 1-50 LOC size - and it’s for an agentic model (so you give it a prompt, context, etc, and it can run the codebase, compile it, add tests, reason, repeat from any step, etc etc).

    I assume this is from https://devblogs.microsoft.com/dotnet/ten-months-with-cca-in-dotnet-runtime/?

  • Programming Languages @programming.dev
    Kissaki @programming.dev

    C3 Programming Language

    c3-lang.org
  • Programming Languages @programming.dev
    Kissaki @programming.dev

    EYG - A programming language for predictable, useful, and confident development

    eyg.run
  • Security @programming.dev
    Kissaki @programming.dev

    Trivy Under Attack Again: Widespread GitHub Actions Tag Compromise Exposes CI/CD Secrets

    socket.dev /blog/trivy-under-attack-again-github-actions-compromise
  • Security @programming.dev
    Kissaki @programming.dev

    Compromised telnyx on PyPI: WAV Steganography and Credential Theft

    safedep.io /malicious-telnyx-pypi-compromise/
  • cybersecurity @infosec.pub
    Kissaki @programming.dev

    Delve - Fake Compliance as a Service

    deepdelver.substack.com /p/delve-fake-compliance-as-a-service
  • Security @programming.dev
    Kissaki @programming.dev

    Delve - Fake Compliance as a Service

    deepdelver.substack.com /p/delve-fake-compliance-as-a-service
  • Web Development @programming.dev
    Kissaki @programming.dev

    Deno 2.7: Temporal API, Windows ARM, and npm overrides | Deno

    deno.com /blog/v2.7
  • Programming Languages @programming.dev
    Kissaki @programming.dev

    Uiua — an extremely terse programming langauge

    www.uiua.org
  • Game Development @programming.dev
    Kissaki @programming.dev

    inputlag.science: latency issues and how to tackle them

    inputlag.science
  • Game Development @programming.dev
    Kissaki @programming.dev

    I'm quitting my Indie Game after 5 years - Codeer (YouTube)

  • Programming Languages @programming.dev
    Kissaki @programming.dev

    KORE Programming Language

    github.com /ephemara/kore-lang
  • Web Development @programming.dev
    Kissaki @programming.dev

    Fully automatic updating Spotify status... without JavaScript?

    lina.sh /blog/spotify-status-without-js
  • Programming @programming.dev
    Kissaki @programming.dev

    The Scapegoat Mechanism - mmagueta

    marcosmagueta.com /blog/casus-belli-engineering/
  • Programming @programming.dev
    Kissaki @programming.dev

    The lost art of XML — mmagueta

    marcosmagueta.com /blog/the-lost-art-of-xml/
  • cybersecurity @infosec.pub
    Kissaki @programming.dev

    Breaking Bitlocker - Bypassing the Windows Disk Encryption

  • Jenkins @programming.dev
    Kissaki @programming.dev

    Google Summer of Code 2026: Volunteers Needed to Mentor Future Jenkins Contributors - The Jenkins Blog

    www.jenkins.io /blog/2026/01/05/google-summer-of-code-2026-volunteers-needed-to-mentor-future-jenkins-contributors/
  • .NET @programming.dev
    Kissaki @programming.dev

    How We Synchronize .NET's Virtual Monorepo - .NET Blog

    devblogs.microsoft.com /dotnet/how-we-synchronize-dotnets-virtual-monorepo/
  • Opensource @programming.dev
    Kissaki @programming.dev

    Why users cannot create Issues directly – ghostty

    github.com /ghostty-org/ghostty/issues/3558