Software developer, security fancier and people grower. I wish my code was classified 'combat grade'. implements Huggable. he/him #foss#php#perl#python#java#tech amateur #reverse-engineer. Photo of a man with snow goggles with snow capped mountain slope in the background.
I was looking at this Sass (SCSS) compiler, written in #PHP, and I noticed something very odd.
Under “requires (dev)," it requires two packages, sass/sass-spec and thoughtbot/bourbon, both of which appear to be empty packages, containing only a composer.json file, which has no dependencies.
What’s the purpose of these packages? They otherwise appear suspicious, to me, but I can’t see that they're doing anything nefarious right now—they just appear pointless.
@ramsey@vonExplaino based on the code in his GitHub account (specifically https://github.com/sa3hin/confused ), I think he may be pro-actively registering placeholder package names in case someone else does for nefarious reasons. A developer may copy one of the dependencies in the sass package to their project without noticing it's a custom repo in the sass package and accidentally require something they didn't mean to (similar to the problem of typo squatting in pypi and npm)
@nyamsprod love it. Possibly typo in the documentation though. Should it be addWhere or andWhere? The list of 3 logical xxWhere methods contain andWhere but the example shows addWhere.
Pro tip for finding a non "SMART" TV these days. You're looking for a "public display" or "professional" TV (think the kind of TV you see in shops that display the latest specials or take away menus above the order counter).
I really would like an opportunity to get in on a Product Owner role at some point. Unfortunately all the requests for PO roles specify the ideal candidate has 5+ years of previous experience as a PO
@Skoop I suspect you've done a lot of the work required of a PO before even while in a management or development role. I would claim that as years of experience (just provide an outline of your roles and responsibilities as justification).
@wyri So I was bored today. Guess when new years hits. I had to merge all sensors per municipality and pick the median values and then iterated in 15 minute intervals #pm25#feinstaub
@asgrim@asgrim I would suggest reporting the account since the report goes to the instance admin. Add a comment explaining that you've migrated to mastodon.
I had shared this in FB but not here — mini-me had a seizure on Friday when I got back from my 2nd hospital visit to get pain meds for my bruised ribs (ironically she kicked me in the same ribs while I was getting her on her side). CT scan showed nothing but she’s at a different hospital emerg room right now as her family doctor is concerned about really high white blood cell counts and memory loss. Good thoughts for her please.
@GossiTheDog I'm reversing endpoint software at the moment and it looks fairly trivial to fake compliance (especially this latest MDM software that shifts the burden of compliance checking locally O.o). I was reporting my one Windows box as a Linux box for the purposes of the exercise.
has anyone seen a really good analysis of the problems with git's command line UI? Would love to read it. for example:
git checkout is dangerous and has too many different jobs (though git switch is trying to fix that!)
for a tool that's supposed to make changes easy to undo, you actually need to learn a LOT of ways to undo
(not looking for git tutorials, explanations of git’s underlying model, or explanations of why you think git's UI is actually good, just an analysis of the problems)
@b0rkhttps://ohshitgit.com/ is another that shows all the ways to fix things when you mess up. Great examples of the many different commands you're expected to master to use git "properly".