This thing popped up on my Android Auto the other day in the middle of a drive and I cursed at it because I was trying to get directions and then it kept responding “I don’t respond to hostile language”. Fucking annoying.

“I ask you how is playing drums. You say it’s too much shit to carry.”

Leaving it up to the democratic president that follows to implement the dumbass plan despite it being obviously stupid, and face the fallout from the bad decisions allowing another maga president immediately afterwards. (Like Biden with the Afghanistan withdrawal.)

No, but much of it comes from software repositories, which is exactly the point.

Why so much fear about the shell script but no fear from the executable?

Huh? Fear from both.

I hate Windows partially because you have to download a bunch of random executables. Making that same security hole into a one liner in bash and making that the only install supported is not an improvement in any way.

As a sporadic foss contributor and foss advocate, I ain’t even installing your shit if the only install option is curl pipe to shell.

And I also do think it’s a red flag exactly like the original poster was looking for.

Exactly, it’s a shift in responsibilities from the developers of a thing to the users of that thing.

As a grunt at work and a mid-tier “money haver” at best, I’m tired of having everything shift its costs onto me and it’s a red flag that prevents me from installing and running a software package.

Everything around nowadays does this shift if they can get away with it.

I have to set limits on what I tolerate to achieve what gain or the world will leave me dead with a giant tire mark across my chest.

Eh, I’d be more sympathetic if there weren’t a dozen different alternatives to making this exclusively how people install your software.

It’s a virus delivery system waiting to happen. Especially now when you have AI that can help you stand up an imposter site quickly and easily.

This is the sort of thing you do to big companies with no morals, doing it to a small open source project is just wrong, they don’t have the manpower or money to redo the investigation you already did.

Given that the dude works for an AI-based security company, and Forgejo and services like it (e.g., codeberg.org) are how you abandon the mess of vibe-coded trash that is GitHub, in my opinion, he has a motivation to pick apart this specific service.

It’s almost like it really fucking sucks.

That fucking unicorn error page haunts my dreams.

Yeah I’ve never cared enough to check and don’t own any of her merch but you’re probably right in this specific case.

Band T-shirts are sometimes — or even often — the highest quality T-shirts available. Many bands bother to make sure that the stuff they sell is 100% cotton, fair trade, etc. I think I even have some that were made by union labor.

I’m shocked and appalled that my addition of “do NOT make any mistakes!” didn’t singlehandedly make the word guessing technology underneath perfect.

Other lawmakers are assholes that don’t care about you in the slightest.

Yeah, just like all movies are 3d now.

Their main development hub for this part of the platform is in my city and they list for new contract to hire or direct hire positions pretty regularly. I’ve been hesitant to apply ever because despite their obvious incompetence, I’m sure the interview process is a gatekeeping nightmare, and one manager I had was from there and thought he was God’s gift to software despite being the creepiest, technically dull reject I’ve ever been managed by.

I think he was running part of Sony home when it was breached and leaked everyone’s information.

And since javascript libraries tend to be so small and focused

Lol, LMAO even

But Windows is less secure. Two things can be true at once. They are in the original topic too.

The Java ecosystem is massive and decades old and I don’t hear one iota of the shit about maven central that I hear about npm.

I guarantee that npm is full up with vibe coded bullshit at this point as well.

I’m not sure what it even takes to upload a package to npm. Not even a pulse. I honestly never looked into it because the whole ecosystem is so rancid.

EDIT: Look at how many shits in this are optional (and note the overall quality of the article as well): https://dev.to/aneshodza/publishing-your-first-npm-library-51k2. The ecosystem sucks.