Kissaki

@ Kissaki @programming.dev

Posts

226
Comments

1467
Joined

3 yr. ago

@GitHub, website

Moderating

Nushell programming.dev

3mo ago

Deleted

Permanently Deleted
Jump
Kissaki @programming.dev 3mo ago
… which arguably makes them not "normal people" (referring to the earlier comment).
Surely, most people use different, more integrated tooling.

3mo ago

Why I am moving away from Scala

The only way out of this is regulation, which requires political activism.

The EU did some good process on that through GDPR and the newer digital laws regarding safety, disclosure, maintenance, and due diligence requirements. Prosecution with fines is there, but slow, and arguably too sporadic.

Political activism in this direction is unthankful work and a lot of effort. I am reminded of someone who has pushed for public institutions to move away from US big tech for many years. Now Trump is the reason for change, and their effort can surely feel pointless.

I do occasionally report GDPR violations, etc. That can feel pointless as well. But it's necessary, and the only way to (support/influence) agencies to take action.

3mo ago

Performance improvements to MEF-based editor productivity extensions

Jump

Kissaki @programming.dev 3mo ago

Clarification on when this is available/applies:

Preloading extensions on background thread began in version 18.0, and is now enabled for 50% of developers. Starting 18.4 we will bring it to 100%. Also, this experience is limited to reopening a solution, e.g. from the “Get started” window or “File > Recent Projects and Solutions”. Thank you for your feedback on how much details you expect to see in the blog posts!

3mo ago

Notepad++ users take note: It's time to check if you're hacked

Jump

Kissaki @programming.dev 3mo ago

Direct link to the indicators of compromise that you can check on

The update system hoster determined the compromise was only used against specific targets, so it's relatively unlikely "normal people" would have been compromised. But if you want to check, you can check on those indicators. These only cover what was discovered on identified compromise, though.

3mo ago

Trust signals are broken

Jump

Kissaki @programming.dev 3mo ago

Did trust signals change? Part of my reviews has always been checking assumptions and broader (project) context. I don't think polish implied understanding.

3mo ago

Forget technical debt

Jump

Kissaki @programming.dev 3mo ago

they asked me if I could develop some useful metrics for technical debt which could be surveyed relatively easily, ideally automatically

This is where I would have said “no, that's not possible” or had a discussion about risks where things you simply can't cover with automated metrics would lead to misdirection and possibly negative instead of positive consequences.

They then explore what technical debt is and notice that even many things outside of technical debt have significant impact you can't ignore. I'm quite disappointed they don't come back to their metrics task at all. How did they finish their task? Did they communicate and discuss all these broader concepts instead of implementing metrics?

There's some metrics you can implement on code. Test coverage, complexity by various metrics, function body length, etc. But they only ever cover small aspects of technical debt. Consequently, they can't be a foundation for (continuously) steering debt payment efforts for most positive effects.

I know my projects and can make a list of things and efforts and impacts and we can prioritize those. But I find the idea of (automated) metrics entirely inappropriate for observing or steering technical debt.

3mo ago

Forget technical debt

Jump

Kissaki @programming.dev 3mo ago

As a lead dev I have plenty of cases where I weigh effort vs impact and risk and conclude to "this is good enough for now". Such cases are not poor management - which I assume you mean something like "we have to ship more faster, so do the shortest". Sometimes cutting corners is the correct and good decision, sometimes the only feasible one, as long as you're aware and weigh risks and consequences.

We, and specifically I, do plenty of improvements where possible and reasonable. Whatever I visit, depending on how much effort it is. But sometimes effort is too much to be resolvable or investable.

For context, I'm working on a project that has been running for 20 years.

3mo ago

Why I am moving away from Scala

Jump

Kissaki @programming.dev 3mo ago

Next post: “Why I am moving away from Medium” (hopefully)

3mo ago

Notepad++ Hijacked by State-Sponsored Hackers

Jump

Kissaki @programming.dev 3mo ago

Yes, that's what it means.

And apparently, it happened selectively, not generally, but for specific people/request sources.

It would only be if you use the Notepad++'s own update mechanism. If you used other package managers or went and downloaded the installer to update you'd be fine.

3mo ago

GregKH awarded the Prize for Excellence in Open Source 2026

Jump

Kissaki @programming.dev 3mo ago

Our recognition of Greg honors his leading work on the Linux kernel and in the Linux community, particularly through his work on the stable branch of Linux. Greg serves as the stable kernel maintainer for Linux, a role of extraordinary importance to the entire computing world.

3mo ago

Permanently Deleted

Jump

Kissaki @programming.dev 3mo ago

I would say doneness is about completeness within context, not immutability.

The environment may change, but within context, it can still be considered done.

It's fine to say and consider software never done, because there are known and unknown unknowns and extrapolations and expectations. But I think calling something done has value too.

It is a label of intention, of consideration, within the current context. If the environment changes and you want or need to use it, by all means update it. That doesn't mean the done label assigned previously was wrong [in its context].

We also say "I'm done" to mean our own leave, even when there is no completeness on the product, but only on our own tolerance.

In the same way, if you shift focus, done may very well be done and not done at the same time. Done for someone in one environment, and not done for someone in another.

More often than 'done' I see 'feature complete' or 'in maintenance mode' in project READMEs, which I think are better labels.

3mo ago

Vibe-Coded 'Sicarii' Ransomware Can't Be Decrypted

Jump

Kissaki @programming.dev 3mo ago

Paying is never a guarantee, and if you pay a ransom, you're always at the discretion and risk of the attacker.

The only thing this changes is that if you know the specific software that encrypted and if it's known publicly that it can not decrypt and if you know about that is that you know paying won't allow for decryption.

It's the same for paying so they don't disclose and share exfiltrated data. They're already doing illegal immoral activities, and you're hoping they will follow your agreement when you pay. But there's no guarantee.

This is why the general public guidance is to never pay ransoms. It supports those industries, gives you no guarantees on fulfillment, and whether fulfillment occurs or not, whether your money was not only wasted but will be used for further damage elsewhere, can be considered entirely random.

The attacker's goal is always betting on despair of the victim, on their grasping on even minuscule hope and at great expense.

3mo ago

Problems with dark-theme toggle

Jump

Kissaki @programming.dev 3mo ago

aside: A simple head meta tag with color-scheme light dark will make the web-browser respect user settings and show light or dark. No need for a toggle the user has to activately activate. One meta tag is enough.

<meta name="color-scheme" content="light dark" />

MDN meta color-scheme

If you override the default colors, the light-dark() CSS function is very useful, if the "newly available" compatibility is enough.

css

    
html { background-color: light-dark(#fff, #222); }

or with variables for reuse and centralized definitions :root { --bg-0: light-dark(#fff, #222); } html { background-color: var(--bg-0); }

Well, I only wanted to suggest the meta alternative and went on a longer tangent. I want to see more websites with dark scheme, especially given how easy it is to enable, and how straight-forward it is if you know how to get started even with custom coloring.

3mo ago

Assessing the Latest AI Coding Hotness

Jump

Kissaki @programming.dev 3mo ago

and figure out whether the new framework with a weird name actually addresses

Couldn't name what this is about in the title, nor in the teaser, I guess?

"Latest hotness" and "the new framework with a new name" isn't very discerning.

3mo ago

How AI assistance impacts the formation of coding skills - Anthropic study

Jump

Kissaki @programming.dev 3mo ago

From the paper abstract:

[…] Novice workers who rely heavily on AI to complete unfamiliar tasks may compromise their own skill acquisition in the process. We conduct randomized experiments to study how developers gained mastery of a new asynchronous programming library with and without the assistance of AI.
We find that AI use impairs conceptual understanding, code reading, and debugging abilities, without delivering significant efficiency gains on average. Participants who fully delegated coding tasks showed some productivity improvements, but at the cost of learning the library.
We identify six distinct AI interaction patterns, three of which involve cognitive engagement and preserve learning outcomes even when participants receive AI assistance. Our findings suggest that AI-enhanced productivity is not a shortcut to competence and AI assistance should be carefully adopted into workflows to preserve skill formation – particularly in safety-critical domains.

3mo ago

FOSDEM 2026, one of the world's largest software meeting will start in 2 days in Brussels 🇧🇪. This edition features 1176 speakers and 1063 events

Jump

Kissaki @programming.dev 3mo ago

And there are cookies 🍪

Do they share my cookies with third parties? /s

3mo ago

Visual Studio January Update — Enhanced Editor Experience

Jump

Kissaki @programming.dev 3mo ago

I have the January feature update installed but I don't see a/the compress empty lines setting.

I've been using the Extension Shrink Empty Lines for quite a while. Great to see it's supposedly supported natively now.

3mo ago

git-pkgs: explore your dependency history

Jump

Kissaki @programming.dev 3mo ago

That's really cool.

Repo already archived, only 26 days after the linked post?

Oh, they rewrote the ruby tool into Go. Even better.

https://github.com/git-pkgs/git-pkgs

Looks like it probably lost some dependency manager systems support through that.

3mo ago

Archiving git branches as tags

Jump

Kissaki @programming.dev 3mo ago

You add more tags?

In my main work projects I regularly archive tags into refs/archive/tags/* - which is hidden from normal tooling, but still accessible in Git and (some?) Git tooling and UIs.

Branches get "path" prefixes like draft/* or other longterm category indications. I don't archive them, but if I would, I would put them into non /refs/heads like /refs/archive/heads/*.

3mo ago

It's time to mirror you project on Codeberg

Jump

Kissaki @programming.dev 3mo ago

What's Codeberg's stance on this? Do they advocate for this, accept it, or dislike it?

Their FAQ talks about having disabled mirroring because of resource use of abandoned mirrored repos. Their blog post about the drop of mirroring says that manual mirroring is still possible.