New PR: revert GitHub software and infrastructure to version of June 1st, 2018.
New PR: disable new user signups for 6 months
HR initiative: all future KPIs automatically require three-nines availability; all bonuses are forfeited, regardless of accomplishments, if annual availability falls below target
> Wake me up when the daily npm security breach headlines are typosquatting stories, not RCE-on-build or RCE-on-upgrade.
RCE-on-build/upgrade can be done in Maven if you manage to compromise one of the major Maven plugins, they run at build time. The thing keeping maven safe for now is that most people pin the plugin and dependency versions, with the obvious side effect that it's truly annoying to get all your dependencies updated.
> The thing keeping maven safe for now is that most people pin [...] versions
Yes, and also the signing of JARs that are uploaded to the repository, and the fact that most release processes are not fully automated, and the batteries-included standard library which reduces the total number of dependencies, and the fact that a run-of-the-mill third-party library can't execute code at build time, and the very small number of people with credentials to publish new versions of major Maven plugins, etc.
There are npm supply chain exploits in the news every other day. I'm honestly surprised that something as decentralized as Go Modules is more reliable, but here we are. The fact that we're not seeing these stories about e.g. Maven is not at all surprising, given the limited need for third party libraries and the culture of careful upgrades in the Java ecosystem. If npm proponents want the ecosystem to survive, they need to demand / create better and stop making excuses.
The future may be distributed quite unevenly here, as they say, with a divergence between a small amount of "responsible" code in systems which leverage AI defensively, and a larger amount of vibe-coded / prompt-engineered code in systems which don't go through the extra trouble, and in fact create additional risk by cutting corners on human review. I personally know a lot of people using AI to create software faster, but none of them have created special security harnesses a la Mozilla (https://arstechnica.com/information-technology/2026/05/mozil...).
He's saying that they have ideological concerns beyond the ideological concerns you would tend to associate with the EFF (digital privacy, open source, patent trolling, etc). I for one am sad to see that this is the case. There are fewer and fewer organizations protecting civil rights without being dragged into left/right tribalism.
This is an important point and it feels odd that the entire discussion seems to not be able to engage with it, but on another level it might be the same problem. As a long term financial support of the eff I'm starting to get the same awkward feelings that made me question my financial support for Mozilla and Wikipedia. Any time someone views the world through a single lens, it highlights some things and ignores others and it seems like a net loss to the world that everything is being forced into a being judged along a single (increasingly polarised) axis
A free and open society is a prerequisite for the rights EFF fight for. We cannot enjoy the freedoms of digital privacy in a an authoritarian regime. The rights to fight for EFFs concerns are currently being threated by the fascist turn of the USA. Thus, the EFF and other likeminded organizations are very much justified in leaving X.
> There are fewer and fewer organizations protecting civil rights without being dragged into left/right tribalism.
I would rather challenge this image that civilization is declining, independently of the political forces in power. This is a common motif in facism; I'm reading from your comment something along the lines of: "once we had noble organizations that were pure and didn't bother with ideology -- now things are worse, and in fact those guys are dirty for engaging in politics". What's really happening is that power in the US has been seized by fanatics and you fucks (respectfully) are letting them get away with it.
Disagree with so much here. But if, in your mind, the US is turning authoritarian, this is a "cut off your nose to spite your face" move. They should be taking the fight where it most needs fighting. They should not be making donors like myself question whether we still share objectives.
You are completely correct in your analysis. Reading some of the responses here - people who think the EFF should only fight for some rights for some people and only on corporate platforms instead of across society at large - would be shocking if I hadn’t already seen how willing rich tech bros are to overlook everyone and everything else for their own personal gain.
What are you talking about? I feel like I’m taking crazy pills reading these comments.
Do you not see that civil rights are being infringed _right now_, by the republican administration in our government? Protecting those civil rights will require criticizing and acting against republicans because the fascists on the right are trying to turn our country into an autocracy.
Sorry if that hurts your feelings, but you can’t be that fragile if you want to live in a free nation. The EFF taking a stand here is fighting EXACTLY the fight they need to be right now.
Where do you see that? All I see is a claim that it no longer makes sense from a financial standpoint (but no comparative numbers provided for the other platforms they are keeping, which is sus, especially given their presence on very niche platforms like Bluesky), and vague justifications based on identity politics and "community care" loci, which is either nonsense or deep argot unsuitable for the intended audience.
Assuming that Twitter's user count has remained relatively steady (within 100% either way), the only thing that could explain a huge drop in views would be a change to their opaque algorithm.
> To put it bluntly, an X post today receives less than 3% of the views a single tweet delivered seven years ago.
> Practicality beats enthusiasm for 95% of car use.
About two years ago I rented an electric car for a few days. I felt like I wasted a ton of time finding a charging station, jumping through phone app hoops to get the charging process started, and then waiting for the car to charge. I've stayed away from electric rentals since, even though they're often cheaper.
Comparing renting a new type of car when you have to figure everything out for 2 days then return it, to owning a car, where you also have to figure everything out, but only for the first days, not the 600 days afterwards, is not really comparable.
Also, when you own a car you charge it at home and work, so you don't really wait for the car to charge very often.
And the next time you rent a car, it will be a bit simpler as you have done it once before. And even quicker/simpler the time after that etc.
It is 100% compatible when your basis is just finding a local gas station to fill up. 600 days later, you may know where a charging station is, but not any more convenient... yet.
You don't need a charging station for 99 per cent of your rides. You can charge daily at home and forget about recharging except when making a long trip.
If you usually make trips that are over the battery life, that's a different thing though. But most people don't have that problem.
That makes it even more realistic. I have the charger in my garage, I happened to need a charger to get home on my last trip (120 mile round trip, the car claimed 220 miles of charge but that didn't account for the cold winter), but I had to open an app and such just to use it. (at least I had the app and an account - but my credit card was expired so I had to type numbers to get it activated). I had to search for that charger - there was exactly one charger within 30 miles (only 7kw, but it gave me enough range to get home while I ate lunch).
Meanwhile I passed half a dozen gas stations. No app/account needed at any of them, just tap/swipe my credit card and fill.
Most people don't have the charging problem often, but when you make a mistake you sometimes will need it. The system doesn't work. There needs to be chargers all over, and they need to be quick/easy. I don't want to download an app for a charger I will likely never visit again in my life.
Under Biden we had laws requiring chargers to meet reliability requirements, use an open standard, take credit card payments without requiring an app, and build more in rural areas to close the coverage gap. Most of that has been scrapped by the current administration, going as far as removing chargers that were already installed.
This is the equivalent of setting up a developer environment for charging a car. Once you have a car that's working, and you know how to connect to the app and charge it, almost all these problems go away. If you're in a place that has a lot of public chargers near your destination that you're already going to, then it's even easier, and it just becomes trivial.
That being said, I don't think I would want to rent a car that didn't have a place to charge it or a very easy-to-use fast charger nearby.
Until NACS and plug and go are uniquitous, going on a trip not in a Tesla is a gamble of having the right app on your phone, and that you will be able to reach working chargers.
I think we are still a couple of years away from other manufacturers catching up to Tesla and making road trips for most people useful.
The very idea you effectively need a mobile phone to charge your car is mind boggling. The mess of proprietary charging networks and registrations is needless complexity that puts people off hiring (and ownership) of EVs.
The credit card tapping option should be required by law. This registering apps and fobs flow is the worst ux imaginable. And while we are at it the car should hold the payment info. Plugging it in should be enough. I know it’s all coming.
Madrid, Spain. It's theoretically very EV-friendly. These days I tend to rent hybrids. I don't even care if the battery actually works. They check the "green" legal checkbox which allows you to go downtown without getting a ticket, and you can rely on the ICE engine to get you where you need to go.
New PR: disable new user signups for 6 months
HR initiative: all future KPIs automatically require three-nines availability; all bonuses are forfeited, regardless of accomplishments, if annual availability falls below target
HR initiative: fire CEO and CTO
reply