Is the MVC requirement a lib development dependency to cover MVC use cases, or can I only use it in MVC projects?

Looks like WebApplicationFactory is in the MVC namespace, so I assume this is only for MVC [integration] testing?

Not updating with audit would work if every direct and transient dependency provided security updates for every version. But they don’t. Often, security updates are for the most recent version or versions, and if you’re far behind, you now have to audit a lot more.

Transient dependencies are an audit problem, too. To audit something, you have to essentially audit recursively. Many libs use many other libs of varied authors.

Our systems are too open, too vulnerable. A build or check being able to access all resources is a fundamental systematic vulnerability.

.net runtime after 10 months of using and measuring where LLMs (including latest Claude models) shine reported a mindboggling success rate peaking at 75% (sic!) for changes of 1-50 LOC size - and it’s for an agentic model (so you give it a prompt, context, etc, and it can run the codebase, compile it, add tests, reason, repeat from any step, etc etc).

I assume this is from https://devblogs.microsoft.com/dotnet/ten-months-with-cca-in-dotnet-runtime/?

Half the cs world does…

What’s the basis for this claim? I’m doubtful, but don’t have wide data for this.

They’re bash/shell- and bin-dependent commands rather than Git commands. I use Nushell.
Transformed to Nushell commands:

• The 20 most-changed files in the last year:
  git log --format=format: --name-only --since="1 year ago" | lines | str trim | where (is-not-empty) | uniq --count | sort-by count --reverse | take 20
• Who Built This:
  git shortlog -sn --no-merges
git shortlog -sn --no-merges --since="6 months ago"
• Where Do Bugs Cluster:
  git log -i -E --grep="fix|bug|broken" --name-only --format='' | lines | str trim | where (is-not-empty) | uniq --count | sort-by count --reverse | take 20
• Is This Project Accelerating or Dying:
  git log --format='%ad' --date=format:'%Y-%m' | lines | str trim | where (is-not-empty) | uniq --count
• How Often Is the Team Firefighting:
  git log --oneline --since="1 year ago" | find --ignore-case --regex 'revert|hotfix|emergency|rollback'

/edit: Looks like the lines have whitespace or sth. Replaced lines --skip-empty with lines | str trim | where (is-not-empty).

def "gits most-changed-files" [] { git log --format=format: --name-only --since="1 year ago" | lines | str trim | where (is-not-empty) | uniq --count | sort-by count --reverse | take 20 }
def "gits who" [] { git shortlog -sn --no-merges }
def "gits who6m" [] { git shortlog -sn --no-merges --since="6 months ago" }
def "gits fixes" [] { git log -i -E --grep="fix|bug|broken" --name-only --format='' | lines | str trim | where (is-not-empty) | uniq --count | sort-by count --reverse | take 20 }
def "gits aliveness" [] { git log --format='%ad' --date=format:'%Y-%m' | lines | str trim | where (is-not-empty) | uniq --count }
def "gits firefighting" [] { git log --oneline --since="1 year ago" | find --ignore-case --regex 'revert|hotfix|emergency|rollback' }

Given the nature of Steam and previous executed data extraction, I’m scared installing and running niche/indie games now. Windows lacks

A unified GUI framework hasn’t happened yet, not between OSes, nor really within each OS ecosystem. I’m not hopeful about leaps in native interoperability in that regard.

Web tech interoperability is so established and widely used, packaging and running those natively seems much more viable than any hope for supposed native long term efforts.

Not everything will be covered by web tech. But for many things, it’s already viable, and exploring native integration of these web technologies is interesting.

Will they ever fix the text contrast on that website/blog? :( Bad accessibility, bad readability.

I don’t find it super easy to read. Even white on white is somewhat readable, but the black tree part on the left is particularly hard to read. Certainly not scan-readable / fast, like I would be able to read normal text.

Seems you don’t know how anything on Linux

What makes you think that is what they think? They referenced other people. They didn’t make any claims themselves or made any indications that they agree with those “flipping out” (who misunderstand).

I read it as the opposite. They know and criticize those who don’t and flip out because of that.

Git push to Forgejo -> automated build, package, and deploy pipeline -> use secured credentials to upload via scp or ssh or sftp

Alternatives to copy-upload or upload-package and then extract via command is stuff like rsync (reduce redundant, unchanged file uploads) or a simple receiver service (for example REST endpoint that receives a package with an identifier key and secret key, that it extracts to a configured target folder).

What solutions are simplest or easiest depend on the target environment, and how much of it you control. If you host the website on Forgejo itself it’s as simple as pushing the static files into the corresponding pages branch.

It falls back exactly the way I think.

This article talks about flashes, and proceeds to say fallbacks should be defined. It explains how fallbacks work, but fails to describe what actually leads to the flashes, how fallbacks get replaced, and fails to say anything about solving that flashing issue they talk about.

Defining a more similar fallback font may reduce the issue visually, which is not mentioned either, and either way is not a solution for the flashing.

Dunno why one would expect lower precedence CSS rules be integrated into more specific CSS rules without explicit “inherit”. That’s not how CSS works. Dunno if that’s a common enough misunderstanding to warrant a “not the way you think it is” title.

deleted by creator

There’s a tool for that too - I don’t have the link or name at hand though

Possibly AI company crawlers. When they came up there was a lot of bad publicity and reports of actively malicious and toxic crawling behavior, including ban evasion.

You can think about locking some url paths behind valid login sessions, or use a proof of work proxy guard.

Anubis is the popular tool for that. I’ve seen maybe three alternatives, one of which from Cloudflare.

See also related Codeberg ticket (Forgejo instance) https://codeberg.org/forgejo/discussions/issues/319

If you search, you can find various blog posts about these issues. Not just when Forgejo.

Meh.

I have been using vertical tabs for a long time, through Tree Style Tab (Firefox Extension), which has the additional benefit of tree hierarchy.

I don’t see a “everyone should use them”, though. People have different usage patterns, number of tabs, amount of parallel or queued work and concerns, or ability to clear out tabs on session end. Many people prefer classic horizontal tabs - whether as a deliberate decision or not.

I certainly prefer horizontal tabs, and by a lot. But I don’t think it’s the best layout for everyone and every usage pattern. It’s good that we have the choice of alternatives.

Firefox (probably?) also has process isolation - so it’s no different to Chrome in that aspect. Which is probably good for a security feature like this.

https://mozilla.github.io/firefox-browser-architecture/text/0012-process-isolation-in-firefox.html

That’s from 2024. Did anything come from it? Did the court confirm the allegations, or not?

Interesting, clever technical workaround for (potentially) real user benefit. But still, they should never do that. Working around safeguards and system component borders for user convenience is a very bad idea and practice.

One month ago, I posted a comment with screenshots and my opinion. It also links ot the official Stack Overflow resources regarding it.

“Classic”	“New” (state one month ago)

So, assuming good faith, they used two Telegram bots for some service functionality

these two bots are used to resolve username from user id, eg tg://user?id=25

Obviously, that should never happen silently. But these findings don’t necessarily mean data has been compromised [beyond the scope of the app itself].

I get they may be very frustrated and annoyed at the negative blowback after their FOSS efforts, but dismissing concerns isn’t a good way to respond.