yossarian

@[email protected]
1.6K Followers
141 Following
1.4K Posts

open source interloper; attracts bugs easily

אַ ביסל ייִדיש־פּאָסטינג

websitehttps://yossarian.net
bloghttps://blog.yossarian.net
githubhttps://github.com/woodruffw
blueskyhttps://bsky.app/profile/yossarian.net
OID1.3.6.1.4.1.55738
yossarian4h ago

TIL: Wrapping rustc for just the current workspace

https://yossarian.net/til/post/wrapping-rustc-for-just-the-current-workspace/

#rust #til

TIL: Wrapping rustc for just the current workspace

yossarian3d ago

I have been very critical about npm and JavaScript as a whole, so I also want to lavish praise where it is due: this is a great change, and demonstrates serious appetite for fixing things/making hard decisions in the interest of security:

https://github.blog/changelog/2026-06-09-upcoming-breaking-changes-for-npm-v12/

Upcoming breaking changes for npm v12 - GitHub Changelog

Our next npm major version, v12, introduces security-related default changes to npm install. All these changes are available behind warnings in npm today on 11.16.0 or newer, so you can…

The GitHub Blog
yossarian5d ago

I wrote a new post for the Astral blog about how we’re building more vulnerability and malware defenses directly into uv:

https://astral.sh/blog/uv-audit

Vulnerability and malware checks in uv

Find vulnerabilities in your Python dependencies with uv audit and prevent installation of known malware with uv's experimental malware detection.

yossarian6d ago
yossarianJun 5
slopping my hogs (prompting my agents)
yossarianJun 5
this MSRC saga seems destined to be canonized as an almost flawless example of how to implode community trust in a security setting through entirely unforced errors
yossarianJun 2
copilot was already pretty mid, impressive how they’ve managed to make me dislike it even more by exhausting my quota on nothing except inline suggestions in…24 hours
yossarianJun 1
on one hand, the competitive market is a compelling theory. on the other hand, billions of dollars have failed to produce an EDR that doesn’t suck shit
yossarianMay 25
Filippo ValsordaMay 25

I am live with Alex Gaynor to talk about the Geomys model of professional open source maintenance and how it helps projects face challenges, like the recent influx of LLM vulnerability findings!

Join us live on https://www.twitch.tv/filosottile right now or catch the recording soon!

FiloSottile - Twitch

Professionalizing open source maintenance

Twitch
yossarianMay 25
yossarianNov 29, 2024