Thanks for this, I, in proud slashdot tradition, did not read the article, but it was my layperson's understanding that it'd have been a bit more dramatic if it had reversed... like a pole flip or something.
Also, the amount of energy required to reverse it... it's hard to see where that could possibly have come from.
Labeling your item with a generic "BOMB" is such a rookie mistake. Always - always! - use more descriptive bluetooth name so you know exactly which device you are controlling. E.g., "cmdrtaco's BOMB".
The name of the product is "Bomb", and "Bomb" is the default Bluetooth name.
I don't know whether that makes you advice invalid, or all the more salient.
Oops. Did I just make Slashdot do a U-turn?
ROTFL
Any account with permission to upload packages to NPM should be required to have strong 2FA (TOTP or a hardware key of some sort or something equally secure), have session tokens that are linked to the browser/IP/device (to prevent session token theft) and maybe also require a 2FA auth before a file upload.
Although I am sure there are some who will say "that's not acceptable, we need to be able to automate things and 2FA gets in the way". Sorry but security against hackers is more important than being able to click "go" on some CI setup and have it automatically upload the new version with no human actions.
Social engineering redux... except now you only have to convince a sycophantic and overly helpful AI.
Many people incorrectly think of proxies and VPNs (especially VPNs) as a security and privacy enhancement, but unless you're operating the proxy/VPN server yourself they're just as likely to be a massive security and privacy risk. The problem is that they concentrate all of the traffic you'd most like to keep secret in one server, and depending on exactly how the system works, may require installing software on your local machine with ~root permissions. If the operator is malicious, this is a really dangerous combination.
These are useful tools for location shifting and -- in fairly rare cases, and with VPNs only -- from hiding traffic from malicious. But third-party proxy/VPN services should always be viewed with suspicion. Obviously this is even more true when the provider is Russian... though it's pretty likely that wasn't made clear to the people who used the service.
Just how insane he is.
Not insane at all, just uninterested in the well-being of anyone other than himself.
That's what insane is. Basic principles of morality "Do no harm" and "Take action to prevent harm" mean nothing to someone who is insane.
Sanity and morality are orthogonal.
How so?
A person can be sane and immoral, sane and moral, insane and immoral or insane and moral. "Orthogonal" is perhaps a little too strong, since it implies the absence of any relationship, but certainly all the combinations are possible.
The P in PC means Personal which means affordable for the average man.
Not exactly. Personal originally meant "not shared with another person". Originally, it meant a computer only you have access to, only you install and run software, and only you store and retrieve data.
Please, no. Often when writing code I need the API reference and only the API reference. I know what I want to do and how to do it, I just need a quick check of the exact order of arguments or exact symbol names. I don't need to try to sift that out of commentary. Likewise when I'm learning how to use the library I'm more interested in the overall view. I don't need to know the exact names of the options for a call, only what the options are for. I expect the code in the user's guide to be accurate, but I don't want the same things out of it that I want out of the API reference.
And even then many companies today protects their 'intellectual property' so much that writing down documentation might be seen as harmful.
Except for the bit where it does that caching for a loop where each lookup only occurs once. Because everybody caches lookups, so that must be the right thing to do (it's the most likely thing to happen) in a case where the cache is never used. Riiiiight...
Something critical to note: intent is the most important thing to document when it comes to software. You can see what it does by reading the code, that's straightforward. What I need to know most, both when writing software and maintaining it later, is why it's doing that. What's it supposed to be doing? Why is it doing it in that way? What were the alternatives and why weren't they chosen? How is it supposed to be used by code that calls it? An LLM can't generate any of that just from the code.
This is why traditionally software libraries have had two separate pieces of documentation: an API reference that details every call and it's arguments and results, and a user's guide that lays out how and why to use the library.
It took a long time from submission to it being posted.
I thought it went into the slush pile.
Just how insane he is.
Not insane at all, just uninterested in the well-being of anyone other than himself.
That's what insane is. Basic principles of morality "Do no harm" and "Take action to prevent harm" mean nothing to someone who is insane.
Sanity and morality are orthogonal.
"Today's robots are very primitive, capable of understanding only a few simple instructions such as 'go left', 'go right', and 'build car'." --John Sladek
