Reposted by Dominykas Blyžė
Not that anyone here needs to hear this, but for the record, in a democracy "people voted differently from the way I expected or hoped" does not constitute evidence of fraud, no matter how many pretty charts and graphs of "voting patterns" you make.
November 7, 2025 at 6:19 PM
Not that anyone here needs to hear this, but for the record, in a democracy "people voted differently from the way I expected or hoped" does not constitute evidence of fraud, no matter how many pretty charts and graphs of "voting patterns" you make.
Reposted by Dominykas Blyžė
October 20, 2025 at 9:56 AM
I was going to say that staying in your neighborhood on a Saturday is not a protest, but a picnic. However that video 😲
October 19, 2025 at 9:25 AM
I was going to say that staying in your neighborhood on a Saturday is not a protest, but a picnic. However that video 😲
Reposted by Dominykas Blyžė
To give some credit (I don’t mean to be so harsh) it is a series of *really deep* paper cuts. But the real ailment is internal bleeding, and neither bandaids (the right paper cut treatment) not the cast fix the problem.
We need forced 2FA supported from CI.
We need forced 2FA supported from CI.
October 14, 2025 at 11:44 AM
To give some credit (I don’t mean to be so harsh) it is a series of *really deep* paper cuts. But the real ailment is internal bleeding, and neither bandaids (the right paper cut treatment) not the cast fix the problem.
We need forced 2FA supported from CI.
We need forced 2FA supported from CI.
Reposted by Dominykas Blyžė
Someone should make one of these giant frog style costumes that looks like an Irish Mammy. Then you can protest as Aunt Aoife.
October 13, 2025 at 6:16 AM
Someone should make one of these giant frog style costumes that looks like an Irish Mammy. Then you can protest as Aunt Aoife.
Reposted by Dominykas Blyžė
Get a permanent access to publishing with a single factor as long as you publish from github but no 2fa totp for your setup that can't be stolen at scale.
October 10, 2025 at 11:21 PM
Get a permanent access to publishing with a single factor as long as you publish from github but no 2fa totp for your setup that can't be stolen at scale.
Reposted by Dominykas Blyžė
Why are @github.com tokens allowed to have no expiry but @npmjs.bsky.social are about to make every IT team's lives a living hell? This is just more security theatre. Think harder @microsoft.com.
October 10, 2025 at 8:29 PM
Why are @github.com tokens allowed to have no expiry but @npmjs.bsky.social are about to make every IT team's lives a living hell? This is just more security theatre. Think harder @microsoft.com.
Reposted by Dominykas Blyžė
copilot is smarter than ever (we no longer have accurate counts of pull requests on the pull requests tab)
October 9, 2025 at 3:02 PM
copilot is smarter than ever (we no longer have accurate counts of pull requests on the pull requests tab)
Reposted by Dominykas Blyžė
🚀 BIG NEWS: We just shipped @platformatic/python - run Python ASGI apps INSIDE your Node.js process!
This changes everything for AI/ML + Node.js apps 🧵
youtu.be/8eAAP9IF4xA
This changes everything for AI/ML + Node.js apps 🧵
youtu.be/8eAAP9IF4xA
Launching @platformatic/python: Bring Python ASGI to Your Node.js Applications
Today we are excited to ship @platformatic/python, a new capability for Watt, the Application Server for Node.js, that lets you run Python ASGI applications alongside your existing Node.js workloads.…
youtu.be
October 7, 2025 at 3:24 PM
🚀 BIG NEWS: We just shipped @platformatic/python - run Python ASGI apps INSIDE your Node.js process!
This changes everything for AI/ML + Node.js apps 🧵
youtu.be/8eAAP9IF4xA
This changes everything for AI/ML + Node.js apps 🧵
youtu.be/8eAAP9IF4xA
Wha?! How is this even possible? Almost 1 GiB per day? I don't even watch the videos or anything.
October 3, 2025 at 5:52 PM
Wha?! How is this even possible? Almost 1 GiB per day? I don't even watch the videos or anything.
Just received an SMS from an unknown number.
Moments after, Google changed that to show me the first and last name of the person.
How is this legal?
Moments after, Google changed that to show me the first and last name of the person.
How is this legal?
September 26, 2025 at 2:46 PM
Just received an SMS from an unknown number.
Moments after, Google changed that to show me the first and last name of the person.
How is this legal?
Moments after, Google changed that to show me the first and last name of the person.
How is this legal?
Reposted by Dominykas Blyžė
Will Github ever take spam detection seriously? Aka at all?
They don't have even at the most basic blatant spam detection that any self-respecting email provider had 15 years ago, and now that we have AI you'd think it would be useful at least for this.
Why do I have to keep doing this manually?
They don't have even at the most basic blatant spam detection that any self-respecting email provider had 15 years ago, and now that we have AI you'd think it would be useful at least for this.
Why do I have to keep doing this manually?
August 19, 2025 at 9:25 PM
Will Github ever take spam detection seriously? Aka at all?
They don't have even at the most basic blatant spam detection that any self-respecting email provider had 15 years ago, and now that we have AI you'd think it would be useful at least for this.
Why do I have to keep doing this manually?
They don't have even at the most basic blatant spam detection that any self-respecting email provider had 15 years ago, and now that we have AI you'd think it would be useful at least for this.
Why do I have to keep doing this manually?
My assessment is that they're forcing people into Github Actions while not solving any of the recent problems?
github.blog/security/sup...
github.blog/security/sup...
Our plan for a more secure npm supply chain
GitHub is strengthening npm's security with stricter authentication, granular tokens, and enhanced trusted publishing.
github.blog
September 23, 2025 at 5:18 PM
My assessment is that they're forcing people into Github Actions while not solving any of the recent problems?
github.blog/security/sup...
github.blog/security/sup...
How come verdaccio does not have a way to quarantine packages for a number of hours? Anyone tried building a plugin for that?
September 15, 2025 at 9:32 AM
How come verdaccio does not have a way to quarantine packages for a number of hours? Anyone tried building a plugin for that?
Reposted by Dominykas Blyžė
either npm with staged package publishes that you can only promote manually using 2FA, or GHA workflows being able to pause and enter info or visit a URL, yep
September 10, 2025 at 7:32 AM
either npm with staged package publishes that you can only promote manually using 2FA, or GHA workflows being able to pause and enter info or visit a URL, yep
I guess it's time to start keeping some food stuffs in the car...
September 10, 2025 at 7:23 AM
I guess it's time to start keeping some food stuffs in the car...
Reposted by Dominykas Blyžė
I spent some time reading posts on Reddit yesterday, tons of partial and misguided information. Everybody here seems to think that OICD is the golden ticket, but that’s also not the case.
September 9, 2025 at 10:53 PM
I spent some time reading posts on Reddit yesterday, tons of partial and misguided information. Everybody here seems to think that OICD is the golden ticket, but that’s also not the case.
Reposted by Dominykas Blyžė
come on can we have at least one nice thing
Nova Launcher is shutting down, and Android fans are heartbroken
Nova Launcher, one of Android's most loved customization tools, is now going away for good and Android fans are not taking it well.
www.androidauthority.com
September 9, 2025 at 2:30 AM
come on can we have at least one nice thing
Reposted by Dominykas Blyžė
In a cryptographically verified communication system you mistrust anyone that has changed their encryption key until you have verified it out of bounds.
In a multi-maintainer scenario like now, npm should require confirmation from at least one other maintainer if an account changes eg 2FA
In a multi-maintainer scenario like now, npm should require confirmation from at least one other maintainer if an account changes eg 2FA
🚨 Breaking: npm author Qix compromised. Malicious package versions published in projects that typically see hundreds of millions of downloads each week.
Details: socket.dev/blog/npm-aut...
Details: socket.dev/blog/npm-aut...
npm Author Qix Compromised in Major Supply Chain Attack - So...
npm author Qix’s account was compromised, with malicious versions of popular packages like chalk-template, color-convert, and strip-ansi published.
socket.dev
September 8, 2025 at 6:34 PM
In a cryptographically verified communication system you mistrust anyone that has changed their encryption key until you have verified it out of bounds.
In a multi-maintainer scenario like now, npm should require confirmation from at least one other maintainer if an account changes eg 2FA
In a multi-maintainer scenario like now, npm should require confirmation from at least one other maintainer if an account changes eg 2FA
Soooooooo... When are we starting attempts to claw back npm from Microsoft?
September 8, 2025 at 7:02 AM
Soooooooo... When are we starting attempts to claw back npm from Microsoft?
Automated threat detection be all like "A threat actor might use this command! Are you sure it's ok to use this command? Maybe don't use this command?" 🤬
August 29, 2025 at 12:26 PM
Automated threat detection be all like "A threat actor might use this command! Are you sure it's ok to use this command? Maybe don't use this command?" 🤬
Hold on, so nx did not have 2fa?
August 27, 2025 at 7:03 PM
Hold on, so nx did not have 2fa?