You said
This proposal is a new iteration of the language and standard library. It would provide safe language features for preventing such problems existing in the first place.
Either it’s a draft or it’s a new iteration of the language. Can’t be both.
Right now, we have to compile the compiler for this ourselves. Pardon my skepticism; I’m not sure this is mature enough.
Edit: I’m talking about the project not the idea. Sean Baxter has shown up everywhere for awhile talking about this. I think his idea has a ton of maturity. I don’t know that the project itself has enough maturity to mainline yet.
Where does the document number come from? I can’t find anything about the SG or linked orgs that defines a sequence.
I have heard the same rhetoric about IDEs, autocomplete (Intellisense, Jedi, etc.), DevOps, and frameworks. The kernel of truth across all of them is the separation between a dev and good dev. It is getting easier and easier to have something built for you using AI in your IDE in a framework that abstracts all the things away dumped into a prebuilt pipeline that deploys your artifacts for you. A dev can do that. A good dev understands the tools and knows when to dig into things.
I have yet to see a decrease in the number of good devs I meet even though IDEs slowly replaced text editors (and editors became strong enough to become IDEs). Frameworks have enabled more good devs to focus on business logic. DevOps provides solid guard rails for everything.
I don’t know if there’s an increase in the number of superficial devs. I haven’t interviewed junior dev candidates in awhile. I do know the market is flooded right now so I’d argue there might be other factors.
Also overall I do agree with the idea that letting copilot do everything for you means you don’t understand anything. Shit was the same way when cookbooks were common.
Here is the original fabric because that apparently doesn’t get linked in an article about solving who is on said fabric
$2/mo is pretty close to what Reddit premium was back before they turned the Reddit silver meme into a real thing! That’s a great amount to donate. Don’t sell yourself short.
You’ve turned this into a catch 22. If there were no female characters, you could argue that’s sexist. If the idiotic boss was female, you could argue all of the dumb characters are female so that’s sexist. If Jarod were the only female, that would be sexist.
How does this sketch get rewritten in such a way that it is not casually sexist?
A single character, per your definition, is not blatant malicious code. Stop moving the goalposts.
It’s clear you don’t understand the space and you don’t seem to have any interest in acting in good faith based on your other comments so good luck.
I mean anything is a good fit for future, science fiction AI if we imagine hard enough.
What you describe as “blatant malicious code” is probably only things like very specific C&C domains or instruction sets. We already have very efficient string matching tools for those, though, and they don’t burn power at an atrocious rate.
You’ve given us an example so PoC||GTFO. Major code AI tools like Copilot struggle to explain test files with a variety of styles, skips, and comments, so I think you have your work cut out for you.
That’s true! It also seems like you might not have experience dealing with attacks at scale? Defense in depth involves using everything. If I can reduce incoming junk traffic by 80% by masking returns, I have achieved quite a lot for very little. Don’t forget the A in the CIA triad.
There are competing interests here: normal consumers and script kiddies. If I build an API that follows good design, RFCs, pretty specs, all of that, my normal users have a very good time. Since script kiddies brute force off examples from those areas, so do they. If I return 200s for everything without a response body unless authenticated and doing something legit, I can defeat a huge majority of script kiddies (really leaving denial of service). When I worked in video games and healthcare, this was a very good idea to do because an educated API consumer and a sufficiently advanced attacker both have no trouble while the very small amount of gate keeping locks out a ton of annoying traffic. Outside of these high traffic domains, normal design is usually fine unless you catch someone’s attention.
The reason to use mono over dotnet is political. This is stirring up some really old shit; I expect a continuation of that shit now. Mono is currently MIT as is dotnet core. Who knows what direction each project will go now? MS has a history of fucking with licenses and Wine uses copyleft setups.
Microsoft has had dotnet-core for awhile. If you are running production dotnet loads (eg a C# app), you’ve probably been using those Linux containers for awhile. This doesn’t surprise me; they usually aren’t interested in maintaining an open version of software they have more restrictive licenses for. Enterprises will continue to use dotnet-core and Microsoft will probably do something to shoot mono in the foot in a few years.
Let’s assume you’re arguing in good faith here so we can understand why land deeds and URLs are completely different.
Deeds are managed by a central authority. There is an agreed-upon way(s) to view and search those deeds. There is a single authority to update or remove deeds. The items the deed refers to also are controlled by a single authority and changing them has a single process.
URLs are registered (loosely) with a central authority but the similarities end there. I can impersonate a URL on a network (even up to large chunks of the internet if I’m able to confuse DNS in a large enough attack). So just because you’ve bought the domain referenced in the blockchain and set up some name servers doesn’t mean any consumer of the blockchain or even the internet is guaranteed to hit your instance of the domain. All a URL is is a reference to something so let’s assume for a minute we can have a global reference. What’s behind it? Again, completely uncontrolled. For now it could be your NFT; what happens if I am your hosting provider and destroy your instance? Move your hardware? What’s to prevent you, the owner of the assumed global reference, to change what that uniform resource locator is actually locating?
Land deeds and URLs are not analogous. Land and the content served at a URL are not analogous. Let’s look at NFTs quickly to see if we can actually do something about this!
Since we have a single-write, read-only database, why not store the full thing in the DB? Well, first you have to agree on a representation. It has to be unchanging so we can’t use a URL. It can’t ever duplicate so realistically hashing is out (unless our hash provides a bijection which is just a fancy way of saying use the fucking object itself). Assuming we’re only talking about digital artifacts (attempting to digitize a physical asset is a form of hashing meaning we get collisions so you can’t prove ownership), we’re now in an arms race for you to register all of your assets and their serialization methods before I brute force everything. Oh and this needs to live everywhere so it can be public so you need peta-many petabyte drives. But wait! Now we’re burning the sun in power just to show you have ownership of 10 and I have ownership of 01. Fuck me that’s dumb.
That’s not how that works.
There is literally no way to opt out of Google’s data collection if you are going to use their products. Using another frontend shifts the data profile but it still exists and provides value to them. It’s reasonable to say it’s a bad thing. It’s unreasonable to say there are no other ways. I grew up in a public library and I can still get most of the information I need from a public library without Google products (things I can’t get usually come through inter-library loan or direct connections with subject matter experts at, say, a maker space). This seems to be less of “I’m against invasive corporations” and more of a “I don’t like the solutions available to avoid invasive corporations.”
If you care about that you don’t use YouTube at all or support creators that do. Even using 3rd party apps or services feeds into that. This feels like a serious non sequitur on any thread about any Google product.
I pay for YouTube Family. I consume a lot of YouTube and I want to support the creators I watch. At its current price point, YouTube Family is reasonable. Several households in my family get ad-free YouTube for what is a reasonably low price point for each household.
If the price goes up much (eg if I were paying the single price of $11 per household), the creators I really enjoy continue to get pushed out or change content because of shitty ad rules, or they pull the whole “must be in the same household” bullshit I would drop it in a heartbeat just like I’ve dropped most streaming providers. Streaming has become cable and YouTube has been shooting itself in the foot by forcibly changing content for advertisers. I come to the platform for content, not advertisers.
Other answers have only called out rotating the secret which is how you fix this specific failure. After you’ve rotated, delete the key from the repo because secrets don’t belong in repos. Next look at something like git-secrets or gitleaks to use as a local pre-commit hook to help prevent future failures. You’re human and you’re going to make mistakes; plan for them.
Another good habit to be in is to only access secrets from environment variables. I personally use direnv whose configuration file is globally ignored via the core.excludesfile.
You can add other strategies for good defense-in-depth such as a pre-receive hook checking for secrets to ensure no one can push them (eg they didn’t install hooks).
Annnnnnnnnnnnd we’re done. Good luck! I highly recommend you take some time to understand how draft can mean more in the technical space. It might help you in the future when you are discussing things like drafts, specifications, and proposals.