I've been noticing that too. "Hey, the normal documentation for our software of a crude API list describing what each command is and each of its parameters isn't good enough for the AI. We need to provide the AI with instructions on how to use the software to solve common problems"
Uh, you needed to do that for humans too. You just didn't. There's a reason everybody scrolls to the bottom of man pages ASAP.
Why? From afar my vague impression of LBC is that it's talk radio opinion slop, even if it puts in some effort to avoid the cartoonishly-far-right conservatism endemic to that genre.
Not wrong, that format requires a regular parade of guests with some kind of subject matter expertise, and if it's a military or national security topic, most of those subject matter experts are inevitably from a military or at least military policy background.
lol I'm more speaking to reliability than the quality of the interface. git and ffmpeg are not exactly known for the most intuitive API surface, but I don't think I've ever encountered a bug with them in my 17 years. That's a pretty extraordinary thing when you think about it.
Fair point. My problem with git is actually mostly the flaw in the object model itself, more than the dismal API. The fundamental mismatch between "to get a clean history you have to edit/destroy history with squashes and rebases and whatnot" and "editing history destroys the ability to do comparisons of two branches, which basically ruins half of git's functionality from top to bottom when you encounter that problem".
Like even the basic question of "hey did I already merge this branch?" becoming unknowable if you autosquash-on-merge is just nasty.
I've got a million ideas on what the "correct" fix for that problem might be, but imho it's a flaw deep in the heart of git that creates a massive amount of pain.
But I'll give it credit for being rock solid and blazing fast, as you say.
I don't get the use of the spatial layout here. A line may be cruder but if you're going full swordfish hackerman mode why are you caring about grid geography at all? Bind each to a hotkey. The only time you're swiping is when you're lost.
Like what competitive player uses scroll wheel weapon switching in Quakelike games? Nobody
Visual memory is really powerful and maps far more easily onto human brain’s experience of navigating the world. So it’s easier for many people to imagine and organise around a grid.
The combined features that make npm particularly vulnerable:
1) Update by default. Manually updating your package references is annoying and does lead to other security issues as you don't automatically get latest, but it makes this risk much lower.
2) Code executed on install. Statically-typed languages don't run the code until you use them, and that might not happen on the developer machine at all for first run after upgrade, it might be a lower-priv test-server.
3) Culture of many tiny modules (this is good! It's the natural way to fight NIH! Yay modularity!) means many more points-of-failure for security for this kind of attack.
MS Nuget is also lock-by-default. Latest-by-default should be considered harmful unless the package manager is directly vouching for the veracity and reputability of the packages.
NuGet is lock-by-default for the parent package, but with the move from packages.config to <PackageReference> it's no longer lock-by-default for dependencies.
It never made sense the other way. If I reference a package, logically I'm also referencing its dependencies at the version that the package uses. Forcing the user to also reference dependencies of dependencies of dependencies means the package reference lists aren't DRY.
But just the dependency list isn't sufficient to pick a specific version, thanks to dependency ranges. If Package A depends on Package B >= 1.0, and Package B has v1.0 and v1.1 available, it will use v1.0. But if Package B suddenly unlists v1.0, then future restores will change to v1.1.
Ah, I see the worry. A supply-chain attacker can use de-listing to force an upgrade to the malicious version if clients have dependency ranges that reach into the future.
I didn't know about that one.
In general, any dependency system that allows "you can silently upgrade to versions of the package that did not exist at the time the packagereference list was created" seems to be a vulnerability.
It's frustrating since this vuln seems trivially simple to fix, at a glance... although it would require an API change in PackageReference. Mandatory lockfiles by default, or getting rid of the floating versions misfeature. BindingRedirects let you override declared dependency versions anyways, they're not a blood pact.
It seems trivially simple until you have two dependencies with conflicting exact version requirements... So I don't think you can get rid of floating versions entirely. They did add NPM-style lockfiles for PackageReference, but currently not mandatory.
The version numbers for BindingRedirects are orthogonal to the package versions. You can have multiple package versions use the same AssemblyVersion so that applications don't need to create BindingRedirects. (e.g. Newtonsoft.Json - 13.0.0, and 13.0.1 in NuGet are both 13.0.0.0 for binding redirect purposes) And .NET Core/5+ don't need BindingRedirects at all!
Peter Zeihan was saying the same about the Russian invasion of Ukraine when that started, since Russia and Ukraine export fertilizer precursors... If there were famines they didn't make the news (but they might not regardless).
There's been massive food inflation since the Ukraine war. The petrol protests are starting in Africa and Asia. Like, this isn't headline news but it exists.
I write a horrifying amount of PowersHell and I've always been craving something like that - rather than pwsh reinventing every wheel, just "bash but also with objects".
I like "...lead is responsible for the loss of 824,097,690 IQ points as of 2015" which is something I never hear from the people who are so interested in IQ and who can't stand it that the rest of us aren't.
Uh, you needed to do that for humans too. You just didn't. There's a reason everybody scrolls to the bottom of man pages ASAP.
reply