Unless you want private repos and free CI, which are a pretty huge benefit of Github. I haven’t personally seen any issues with Github despite all the moaning about uptime, and I use it a fair bit. I think it’s going to take a lot more for them to become another SourceForge. Like, if they introduce banner ads for example.

which defined the product category so completely that it’s called “office software–”

Err, no it’s called office software because it’s software you use in an office. Microsoft didn’t invent the word “office”.

A cheap smart ring sounds like a terrible idea. Have fun when the battery burns your finger…

That is basically what this does, but more reliably.

…is terrible.

It’s for closed source software obviously.

Probably NPM packages. I once saw a guy who was super proud that they “maintained” something insane like 500 NPM packages. They had custom tooling to make it possible.

Of course it was all less than worthless.

Yeah I do wonder if we need an easier way to declare these things because programmers are lazy and even in Rust I wouldn’t always bother.

You can kind of do it in Typescript with strings:

function create_user(role: "admin" | "normal")

But of course the downside is they are strings at runtime. I’m sure it’s possible though.

Rust doesn’t need this as much because it has enums so you can just do create_user(user, Role::Admin, Notify::None).

Or just “slopping” maybe? “Stop slopping up code.”

Yeah Ruby sucks but that was an interesting read, and the way they used Serde to decode Ruby values is a very clever trick!

Oh so… there actually aren’t “so many other good tools out there that don’t pull this kind of shit [have bugs]”…

Do you know of an alternative to VSCode that has no bugs? That would be amazing!

Tbh while DST (or just “testing” as hardware people would call it) is very obviously a great idea, I’m not sure it would have helped here - in order to detect these TOCTOU bugs you would need stimulus that triggers it and some kind of checker/model that has the correct behaviour.

That’s totally possible but it’s pretty hardcore testing for a software project and it’s difficult to imagine doing that without realising that you have a TOCTOU issue just by inspection.

Sooo evil, making a great editor available completely for free that you don’t have to use at all. How dare they? Practically Hitler!

The entitlement is off the scale…

the researchers guided mythos to the vulnerabilities, not the other way around

I don’t think that’s true, based on what I read.

I haven’t used Java for decades and never used .net so I’ll take your word for those. Absolutely not for C++ though.

Go’s standard library has:

• JSON, XML, etc.
• A web client and server
• Bigints
• Logging
• JPEG, PNG and GIF
• SQL client
• SSH client
• All the crypto algorithms
• Gzip, zlib, deflate, etc.

C++ has none of that. Hell C++ only got a function to check if a string starts with a prefix a few years ago.

I think the only mainstream language with a standard library that is both good and comprehensive is Go. All of the others either have smaller standard libraries (e.g. Rust) or poorly designed ones (Python).