How did you improve your #foss today?
Daniel Siepmann likes this.
reshared this
AI generation when writing software is a false economy. You are replacing writing code with code review. Code review is harder and requires you to already have an understanding of the domain which often means that you would’ve even able to write it yourself to begin with. If you code gen something because you don’t know how to write it yourself, you by definition cannot review it without going though an effort equivalent to writing it yourself in the first place.
Unless of course you don’t care about code review and so doom yourself into treating software like magical incantations that break randomly for no perceivable reason; but no good mage would do that, surely.
Daniel Siepmann likes this.
reshared this
The secret to succeeding in technology is to build exciting things with boring technology.
Boring tech is well-understood and the edge cases well-known.
Your product should be what’s exciting, not your stack or your devops.
Daniel Siepmann likes this.
reshared this
[FEATURE] Introduce site sets with setting definitions
https://github.com/TYPO3/typo3/commit/b326de1db9e46adef55c166091a175e550807faf
reshared this
📣 Montag 19 Uhr dreht sich beim User Group Treffen alles um #TYPO3 v13: @luisasofie stellt uns die Roadmap vor und Oli Bartsch zeigt uns die neuen APIs für Developer und Integratoren.
Luisa und Oli werden live aus Fuerteventura vom TYPO3 #Surfcamp 🏄♀️ 🌴 zugeschaltet!
https://www.meetup.com/de-DE/munich-typo3-user-group/events/300230501/
Daniel Siepmann likes this.
reshared this
Best addition to any #Node package.json, #PHP composer.json or other dependency managers file would be a mandatory „why“ field for each single dependency which requires a minimum number of sensible words.
Could make devs think twice before adding and help (me) when upgrading projects after some time.
Daniel Siepmann likes this.
reshared this
How the xz backdoor highlights a major flaw in Nix | Shade's Blog
How the xz backdoor highlights a major flaw in Nix | Shade's Blog
Background On Friday, March 29th, 2024, a historical and sophisticated security vulnerability (CVE-2024-3094) was discovered in the XZ Utils package and liblzma api in version 5.6.0 and 5.6.1.shadeyg56.vercel.app
like this
Those packages themselves depend on xz. Pretty much all of them.
What you're suggesting would only make the xz
executable not be backdoored anymore but any other application using liblzma would still be as vulnerable as before. That's actually the only currently known attack vector; inject malicious code into SSHD via liblzma.
Today I could start #programming for a new project. I applied the learnings from @Matthias Noback workshop regarding #software architecture.
And well … It works good so far. And so many more things now make sense and work, e.g. TDD. I thought TDD doesn't make sense, except for some cases. But now with a different point of view to how to create and structure software … it now works. I could develop the current project fully #TDD.
I can highly recommend his workshops :)
like this
reshared this
[FEATURE] Optimized integration of Page Rendering via Fluid
https://github.com/TYPO3/typo3/commit/bd46974b6ae513107ee10094dbe7e3da38184ca4
reshared this
Here's a fun AI story: a security researcher noticed that large companies' AI-authored source-code repeatedly referenced a nonexistent library (an AI "hallucination"), so he created a (defanged) malicious library with that name and uploaded it, and thousands of developers automatically downloaded and incorporated it as they compiled the code:
https://www.theregister.com/2024/03/28/ai_bots_hallucinate_software_packages/
1/
AI hallucinates software packages and devs download them – even if potentially poisoned with malware
Simply look out for libraries imagined by ML and make them real, with actual malicious code. No wait, don't do thatThomas Claburn (The Register)
reshared this
Company policy mandated "first letter of first name + last name" as username.
For years, Nick O’Reply wondered why nobody ever replied to his emails.
Daniel Siepmann likes this.
Daniel Siepmann reshared this.
This is a great article from @Di4na https://www.softwaremaxims.com/blog/not-a-supplier, and I strongly agree with his point: open source / free software project developers, contributors, and maintainers are not "suppliers".
The "software supply chain" metaphor puts demands in the wrong place, and responsibility in the wrong direction.
Yet, it's a very powerful way to help companies understand their reliance on the labor of others.
What different metaphor or picture would be as strong, but with reverse polarity?
I am not a supplier
For the past few years, we have seen a lot of discussions around the concept of the Software Supply Chain. These discussions started around the time of LeftPad and escalated with multiple incidents in the past few years.Thomas Depierre
Daniel Siepmann likes this.
one of the ordinal points that the FSF were making back in the 1980s was that as a user of free software you had the freedom to change the software yourself _or pay anyone else you chose to do it for you_ - in contrast to proprietary software which left you at the mercy of the vendor. It didn't say you could shame, flame or guilt the original author into making your changes (whether for free or otherwise), just that you weren't tied to that author for meeting your needs.
Somehow we seem now to have conflated "supply" and "support" and we're poorer for it.
Really cool to see the final 0.7.0 of #TYPO3 content blocks available https://github.com/nhovratov/content-blocks/releases/tag/0.7.0
So many great things made it into the release.
I'm looking forward to see the integration into TYPO3 itself.
Release 0.7.0 · nhovratov/content-blocks
Last sprint release. No joke! Yes, this is the last minor version for now. Many last minute features got in, though. Now the focus will shift in preparing the Core patch. Development of additional ...GitHub
like this
reshared this
Daniel Siepmann likes this.
reshared this
Which means that, in “The Hitchhiker's Guide to the Galaxy”, when Deep Thought replied ‘42’ to "What is the answer to life, the universe, and everything?", it actually meant "Anything you want"
Daniel Siepmann likes this.
reshared this
A large contingent of webdevs seem to think that fast means “best-case fast.”
“Our web sites are fast on expensive hardware and from reliable fiber networks.”
Worst-case fast is a much more meaningful, impressive, and inclusive claim to make! Fast on low-end hardware. Fast on slow networks.
Fast on the World Wide Web—not just from a WeWork in Silicon Valley.
Daniel Siepmann likes this.
reshared this
My boyfriend is currently learning web development (HTML and CSS right now). That motivated me to play around with #programming languages.
@array :java: :void: :php: introduced me to https://exercism.org/ which allows me to practice languages on my local machine. Thanks for that.
I'm publishing my progress at https://git.daniel-siepmann.de/danielsiepmann/exercism.org where you can see why #Nix is awesome. I've created a derivation for the exercism binary and one shell.nix per language.
That way I can play around with other language on my own system declarative. I guess this is a nice showcase for nix.
like this
Mir ist das egal. Meine Follower wissen ja: das hier ist das einzig echte Original. Und ich bin mir sicher, deshalb teilen sie das Original heute besonders häufig. ✊
like this
reshared this
Been 3 months with my #Fairphone5 and the #iodeOS is still awesome, the phone still works great, the battery still lasts and I am still satisfied with my purchase.
If you're looking for a way to do something good and are looking for a new phone... Look no further.
Daniel Siepmann likes this.
reshared this
My boyfriend uses the vacation to learn programming.
He finished basic HTML and is currently working on CSS.
He want to do web development based on #python.
Any recommendations for totally new unexperienced people to get started with python web development?
Django and other frameworks look way too much compared to php. Is there an easy entry?
Excercism looks also promising for myself to play around with other languages. Thanks for sharing.
array :java: :void: :php: likes this.
Daniel Siepmann likes this.
reshared this
like this
We are proud to be home to #Redict, the #fork of the formerly free (but no longer) Redis project. We are using #Redis on our own infrastructure for caching, and we are looking forward to migrate to the new version, then fetched from Codeberg. A small world … 😉
Missed the story? Get up to date here: https://redict.io/posts/2024-03-22-redict-is-an-independent-fork/
Directly check out the code? Check the #Codeberg repo: https://codeberg.org/redict/redict
reshared this
I just love the fact that @drewdevault applied #REUSE from the start to make the different licensing transparent - it's a perfect use case, and it shows that the author cares about unambiguity and sustainability.
/Cc @fsfe
In the past 5 years that I have been working for @ingewikkeld I was able to spend almost every Friday on my open source work. Which sums up to about 20% of my time with @Skoop and @mvriel. A full year of development!
Curious what #foss can do for you or your company? Talk to @Skoop he is able to explain this very well!
Daniel Siepmann likes this.
reshared this
Me, an idiot: “So, kids, by setting the thermostat a little lower and eating less meat, we’re doing our part to make the world more sustainable”
VCs, very smart: “We just raised $100 billion dollars from the sovereign wealth funds of three petrostates to build the world’s largest AI supercomputer. It uses as much power and water as Guatemala and the primary use case is for management consultants to autogenerate powerpoints for justifying mass layoffs.”
Daniel Siepmann likes this.
reshared this
Hey, #WebCampVenlo, did you publish this today because of my previous toot? That's so #cool! (Or — if not — so #karma!) ❤️
Ladies and gentlemen: An example of what a thought-provoking full-length #FOSS talk with @horncologne and I can look like.
https://www.youtube.com/watch?v=0FamH5wsQOg
Defend FOSS: From innovation to world-wide positive change - jam - Mathias - Web Camp Venlo 2024
Abstract:Open Source technology, practices, and thinking have revolutionized how we innovate, collaborate, and do business. The impact goes beyond our daily ...YouTube
Daniel Siepmann likes this.
Daniel Siepmann reshared this.
If you had code on GitHub at any point it looks like it might be included in a large dataset called “The Stack” — If you want your code removed from this massive “ai” training data go here:
https://huggingface.co/spaces/bigcode/in-the-stack
I found two of my old Github repos in there. Both were deleted last year and both were private. This is a serious breach of trust by Github and @huggingface.
Remove all your code from Github.
CONSENT IS NOT OPT-OUT.
Edit — thanks for all the replies. More context here: https://hachyderm.io/@joeyh/112105744123363587
Also the repos i found of mine i’m sure were private, but even if they were public at some point, for a brief time, in the past that isn’t my consent to use them for purposes beyond their intent.
---
Edit 2 -- I see this made it to HN, which is a level of attention I do not want nor appreciate....
For all those wondering about the private repo issue -- No, I am not 100% sure that these ancient repos weren't at some point public for a split second before I changed it. I do know that they were never meant for this and that one of them didn't even contain any code.
If my accidentally making a repo public for a moment just so happened to overlap with this scraping, then I guess that's possible. But it in no way invalidates the issues, and the anger that i feel about it.
Am I in The Stack? - a Hugging Face Space by bigcode
Discover amazing ML apps made by the communityhuggingface.co
Daniel Siepmann likes this.
reshared this
So, I have a few days this and next week to spend on helping you! Can I help you? Perhaps you're stuck somewhere? Need some advice on architecture, or how to contribute to open source with your company? Help me help you, and I'll make a special price, just for you!
Contact me here on Mastodon, or shoot me an email: stefan@ingewikkeld.net
Daniel Siepmann likes this.
Daniel Siepmann reshared this.
Daniel Siepmann likes this.
Daniel Siepmann reshared this.
That is a good way of working 👍
I realized that I started to plan it more consistent and I'm now roughly on Friday mornings every other week. But before your toot I didn't define it before, so thanks for that.
As several people have asked him for a presentation on different channels, here's a demo from our #Translation Handling Initiative Team Member Jo Hasenau showing you the latest features of the #TYPO3 #TransFusion #Extension!
Enjoy and if you like it, please vote for our next level budget!
https://youtu.be/CFSsUy6pO5Q?si=EINUoCd4zyCDaG26
TYPO3 TransFusion - The new wizard to help you deal with connected, free and mixed mode translations
If you find this extension helpful and want to support the next level development, please vote for it in the member votings, that are currently held by the T...YouTube
reshared this
I have the same experience as membership owner. Feels very democratic and empowering to influence the future of TYPO3.
We already look forward to see the next votings and outcomes of previous budgets.
I really like the changes to the budgets.
like this
Daniel Siepmann likes this.
TIL: when using shivammathur/setup-php@v2 you need to define ini-file: "development" to get php to emit deprecation warnings.
otherwise your unit tests won't catch deprecation warnings and the CI will unexpectedly succeed.
see https://github.com/shivammathur/setup-php/issues/827
deprecation warnings not emitted · Issue #827 · shivammathur/setup-php
Describe the bug In CI no deprecation warnings are emitted per default Version I have checked releases, and the bug exists in the latest patch version of v1 or v2. v2 v1 Runners GitHub Hosted Self ...GitHub
Daniel Siepmann likes this.
reshared this
Daniel Siepmann likes this.
reshared this
Modern Git Commands and Features You Should Be Using
Modern Git Commands and Features You Should Be Using
martinheinz.devAll of us - software engineers - use
git
every day, however most people only ever touch the most basic of commands, such as...
like this
I just took a stab at git worktree
at work this week after rereading this article. It's amazing. We were in the process of upgrading our UI component library and I was able to checkout pre/post upgrade branches without having to continuously npm install
to swap between dependencies.
Plus I'm pretty sure I could have both "versions" of our repo locally running at the same time so I could do UI comparisons...but I didn't actually get that far.
If there are docs, noone will read them.
If there are no docs, everyone will complain.
reshared this
Releasing a project after 2 years is always fun. updating dependencies, bumping php version, finding out that the PHAR build no longer works...
But here is Fink 0.11.2:
https://github.com/dantleech/fink
It's a pretty decent PHP link checker, and was one of those fun projects that had a limited scope and as such could be considered "done".
GitHub - dantleech/fink: PHP Link Checker
PHP Link Checker. Contribute to dantleech/fink development by creating an account on GitHub.GitHub
Daniel Siepmann likes this.
Daniel Siepmann reshared this.
If I have an anchor # in my link, is it going to download the URL and check if there’s an HTML element with that ID in that document? That would definitely sell it to me!
Thanks.
Daniel Siepmann
in reply to Mary:icosahedron: • •