Skip Navigation

InitialsDiceBearhttps://github.com/dicebear/dicebearhttps://creativecommons.org/publicdomain/zero/1.0/„Initials” (https://github.com/dicebear/dicebear) by „DiceBear”, licensed under „CC0 1.0” (https://creativecommons.org/publicdomain/zero/1.0/)T

Technus

@ Technus @lemmy.zip

Posts
7
Comments
826
Joined
3 yr. ago

  • Ever create an account just to leave a negative review?

    Jump

  • A little flag pops out that says "bang!"

  • ‘No Way To Prevent This,’ Says Only Package Manager Where This Regularly Happens

    Jump

  • When you cargo install a binary, it ignores lockfiles. If you clone a project and build it, it respects the Cargo.lock that was checked in.

  • ‘No Way To Prevent This,’ Says Only Package Manager Where This Regularly Happens

    Jump

  • It's not enforced though, and there's no way as a consumer to see how a crate was published.

    To be extremely fair, crates.io has a huge maintenance bottleneck because AFAIK it doesn't even have a single dedicated developer. But that's definitely a big part of the problem.

    The Rust Foundation is really just not pulling in enough revenue to support the project properly. They really ought to figure out more revenue streams than just sponsorships and donations.

  • ‘No Way To Prevent This,’ Says Only Package Manager Where This Regularly Happens

    Jump

  • You can't overwrite previously published versions.

    Application projects are recommended to check-in the Cargo.lock which pins dependency versions but you can always just run cargo update at any time which automatically upgrades all dependencies to the newest version allowed by the Cargo.toml.

    Some projects get around this by pinning the dependency in the Cargo.toml (using =) or by vendoring all their dependencies, which is a huge pain in the ass.

  • ‘No Way To Prevent This,’ Says Only Package Manager Where This Regularly Happens

    Jump

  • ‘No Way To Prevent This,’ Says Only Package Manager Where This Regularly Happens

    Jump

  • Interestingly, developers in ecosystems like Go, Rust, and those utilizing native Web APIs—where robust standard libraries drastically reduce reliance on third-party code and strict cryptographic verification is built into the core toolchain—reported zero instances of a college dropout’s weekend project wiping out global logistics infrastructure today.

    As someone who's built a career in Rust, it is 100% susceptible to an attack like this. The community is just generally paranoid enough to avoid depending on super niche packages.

    Even so, Cargo still doesn't have code signing and crates.io doesn't have 2FA. They just barely rolled out email alerts for new crates being published with your API key.

    And there's dozens of single-author crates that are depended upon by millions of lines of code, any one of which could easily be a vector in a supply chain attack. In fact there have been attempted supply chain attacks against crates.io, but to my knowledge they've all relied on typo-squatting.

    We're definitely overdue for a major attack.

  • Yes, I have a daughter. No shotgun or alibi though.

    Jump

  • "Why don't we just skip the middleman and I fuck you instead?"

  • Well damn I think they got us

    Jump

  • What happens when the baby turns to red mist? Is that just "part of God's plan"?

  • Steam refund

    Jump

  • This is something we lost when game developers stopped publishing free demos. I cannot imagine how "just buy it and refund it if you don't like it" is somehow better for the industry.

  • Guilty

    Jump

  • Freddie had power bottom energy tho

  • Guilty

    Jump

  • That song was actually written by guitarist Brian May.

    So this dude:

    Is the real ass-man of Queen.

  • Copy Fail (CVE-2026-31431) is a trivially exploitable logic bug in Linux, reachable on all major distros released in the last 9 years. A small, portable python script gets root on all platforms.

    Jump

  • "The exploit is coming from inside the house!"

  • Don't forget the long hair shed EVERYWHERE on EVERYTHING

    Jump

  • I started growing my hair out unintentionally, I just stopped getting it cut during the pandemic.

    I've found a hair wrapped around my balls more than once. Those fucking things love to go spelunking, man.

  • Old scary movies aren't scary

    Jump

  • The Internet gives us access to the kind of depths of human depravity on a daily basis that most people wouldn't have been exposed to in 1968, unless they had just gotten back from Vietnam.

  • Cracked Out Wall Kitten makes her long awaited & triumphant return to bless you with words of holy wisdom.

    Jump

  • Case in point: Fox News

  • Deleted

    Permanently Deleted

    Jump

  • Which it has not successfully done so since 1934.

  • Deleted

    Permanently Deleted

    Jump

  • Unfortunately, this is probably going to be an entirely symbolic gesture, because you know who is supposed to prosecute a contempt of Congress charge?

    The Department of Justice.

  • Online dating

    Jump

  • As a guy, I would happily use an app where I wasn't expected to message first, but I don't know of any that exist. Even Bumble moved away from the "women message first" model for whatever reason.

    Just can't seem to get away from those traditional gender roles, can we?

  • I helped break a 142-year-old bell, and that's okay - Tom Scott

    Jump

  • We so back.

    What a great start, too. Those two guys really seem to enjoy their jobs.

  • Metal @lemmy.world
    Technus @lemmy.zip

    Iron Maiden - For the Greater Good of God

  • Programmer Humor @programming.dev
    Technus @lemmy.zip

    Another meme inspired me to make this

  • 196 @lemmy.blahaj.zone
    Technus @lemmy.zip

    As rule as it gets

  • 196 @lemmy.blahaj.zone
    Technus @lemmy.zip

    (OC) sour cream rule

  • Science Memes @mander.xyz
    Technus @lemmy.zip

    "there is little incentive not to use it"

  • Ask Lemmy @lemmy.world
    Technus @lemmy.zip
    US

    Has anyone else gotten emails out of the blue from random members of Congress that sound like replies to something you sent in?

  • Memes @lemmy.ml
    Technus @lemmy.zip

    Meta AI supports spooky dookies