Hacker Newsnew | past | comments | ask | show | jobs | submit | more rognjen's commentslogin

Ah the eternal debate between open source and Open Source.


https://archive.is/i3DHj


This is an entirely predictable next step - the only surprise is that it took so long to happen.

They progressively replaced all the default apps with the Google alternatives.

A Chrome-Chromium type split was only a matter of time.


Entirely anecdotally, I have daringfireball in my RSS reader and I read it a lot more a few years ago than now.

Might be that I changed, might be that the content changed.

I feel that my preferences are generally quite aligned with the bulk of HN readers...


That is a really very likely scenario.

The attacker was trying to compromise agentkit and found changed-files used in the repo so looked around. Found that it was using a bot with a PAT to release.

Totally possible the bot account had a weak password, and the maintainer said it didn't have 2FA.

They got the release bot PAT so they tried possibly quite an obvious vector that. They didn't need anything sophisticated or to exfil the credentials because agentkit is public.

It just so happened that it was detected before agentkit updated dependencies.

It's possible that with if thye had checked the dependabot config they could've timed it a bit better so that it's picked up in agentkit before being detected.

edit: Although, I don't think PATs are visible after they're generated?


Wow! space.com does pretty much everything you can think of to "extract max value" from each visitor.

It's got a lot of ads, traffic arbitrage, floating unrelated videos and even back jacking...


There doesn't seem to be a PR for the commit though.


> Update the tags in the parent repository to point to the SHA of the fork

I don't think that's possible.

Forks are a GitHub UI construct.

There would be two .git dirs so for all intents and purposes they're two repos that don't know about each other.

Locally you can't refer to a commit that's in a different dir...


You just set two remotes locally, create a tag and push just the tag to upstream. You can definitely do it locally, and I think GitHub doesn’t prevent such pushes either.


Yes, but:

a) you'd need write permissions for the original remote

b) even if you did, that'd push the commit to the original repo with the tags


My goto was basically: "I want to do <x>. What do you think?" (but a bit more diplomatically phrased)

Some examples:

- Change the way standups are done - Do something not directly related to the team - Do debt - Change / take over the way a project is being done

In general it worked well because either I had a good idea in which case I'd often get the agency to do it, or perhaps not directly but a path towards it or it wasn't and I learnt something.


It's interesting how your list contains points that are almost duplicates of each other:

- fear of original ideas = cognitive conservatism = preference towards bias

And kind of opposites:

- decision anxiety = results from, or brings about, too much measuring

So, I guess those can be digested to say that engineers are:

- Innovative - Make informed decisions


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: