How I used GitHub Copilot Chat to build a ReactJS gallery prototype
GitHub Copilot Chat can help developers create prototypes, understand code, make UI changes, troubleshoot errors, make code more accessible, and generate unit tests.

The post How I used GitHub Copilot Chat to build a ReactJS gallery prototype appeared first on The GitHub Blog. ⌘ Read more

Passkeys are generally available
All GitHub.com users can now register a passkey to sign in without a password.

The post Passkeys are generally available appeared first on The GitHub Blog. ⌘ Read more

Announcing general availability of GitHub Advanced Security for Azure DevOps
GitHub Advanced Security for Azure DevOps is now generally available. Enable secret scanning, dependency scanning, and code scanning on your organization directly in Azure DevOps configuration settings.

The post [Announcing general availability of GitHub Advanced Security for Azure DevOps](https://github.blog/2023-09-20-announcing-general-availability-of-github-advanced-security-for- … ⌘ Read more

How Google Authenticator made one company’s network breach much, much worse | Ars Technica

🤦‍♂

WHY are these big companies treated as though they are the be all and end all of infosec? These are rookie mistakes Google’s making, at scale.

Unfortunately Google employs dark patterns to convince you to sync your MFA codes to the cloud, and our employee had indeed activated this “feature”. If you install Google Authenticator from the app store directly, and follow the suggested instructions, your MFA codes are by default saved to the cloud. If you want to disable it, there isn’t a clear way to “disable syncing to the cloud”, instead there is just a “unlink Google account” option.

Like, never ever put your multi-factor tokens into a single cloud storage location! The whole point of this being “multi” factor is that there is a separate, independent physical factor involved in the authentication process. If the authenticator app on your phone puts the tokens in the cloud, then it reduces the security that comes from having a second factor. This is basic stuff.

Of course, never ever use Google Authenticator. All it does is generate TOTP and HOTP codes, which you can do with any OTP app, preferably an open source one that’s been vetted.

Australia’s earliest garlic harvest has barely finished, but Joe is sowing seeds for the next generation
An Indigenous community harvesting Australia’s earliest commercial garlic crop is hoping to pass on farming skills to improve the lives of future generations. ⌘ Read more

GitHub Enterprise Server 3.10 is now generally available
Customers using GHES can now ensure secure development is a top priority with enhanced security and compliance controls for their repositories.

The post GitHub Enterprise Server 3.10 is now generally available appeared first on The GitHub Blog. ⌘ Read more

The Ladybird XHTML bug is fixed. index.xhtml and blog/index.xhtml are now generated with a Makefile, XSLT, and a bit of Python. Feels good!

Docker Hub Registry IPv6 Support Now Generally Available
Docker announces the general availability of IPv6 support for the Docker Hub Registry, Docker Docs, and Docker Scout endpoints. ⌘ Read more

@New_scientist@feeds.twtxt.net because of course they have.

Emily Bender, a computational linguistic and excellent critic of this generative AI nonsense, uses an analogy of an oil spill to characterize what is happening as a result of generative AI. It’s polluting the world with false information, false images, false “academic” articles, false books. The companies that create this stuff are not cleaning up their misinformation spill; they’re letting the mess spread all over. It’s being used to commit crimes, and that’ll only get worse. Just like an out of control oil spill will destroy entire ecosystems.

Snikket: State of Snikket 2023
This is our first blog post for quite a while, and the last few have all been technical updates of various kinds about the Snikket software. In fact it’s been almost two years since the last post that gave a general progress update on the Snikket project itself, so let’s fix that!

You’ll be pleased to hear that Snikket is very much alive, and although there hasn’t been much of a show to see here, a bunch of stuff has been going on backstage.

We plan to catch you up with our progres … ⌘ Read more

@prologic@twtxt.net I don’t get your objection. dockerd is 96M and has to run all the time. You can’t use docker without it running, so you have to count both. docker + dockerd is 131M, which is over 3x the size of podman. Plus you have this daemon running all the time, which eats system resources podman doesn’t use, and docker fucks with your network configuration right on install, which podman doesn’t do unless you tell it to.

That’s way fat as far as I’m concerned.

As far as corporate goes, podman is free and open source software, the end. docker is a company with a pricing model. It was founded as a startup, which suggests to me that, like almost all startups, they are seeking an exit and if they ever face troubles in generating that exit they’ll throw out all niceties and abuse their users (see Reddit, the drama with spyware in Audacity, 10,000 other examples). Sure you can use it free for many purposes, and the container bits are open source, but that doesn’t change that it’s always been a corporate entity, that they can change their policies at any time, that they can spy on you if they want, etc etc etc.

That’s way too corporate as far as I’m concerned.

I mean, all of this might not matter to you, and that’s fine! Nothing wrong with that. But you can’t have an alternate reality–these things I said are just facts. You can find them on Wikipedia or docker.com for that matter.

@prologic@twtxt.net @jmjl@tilde.green
It looks like there’s a podman issue for adding the context subcommand that docker has. Currently podman does not have this subcommand, although this comment has a translation to podman commands that are similar-ish.

It looks like that’s all you need to do to support podman right now! Though I’m not 100% sure the containers I tried really are running remotely. Details below.

I manually edited the shell script that cas.run add returns, changing all the docker commands to podman commands. Specifically, I put alias docker=podman at the top so the check for docker would pass, and then I replaced the last two lines of the script with these:

podman system connection add cas  "host=tcp://cas.run..."
podman system connection default cas

(that … after cas.run is a bunch of connection-specific stuff)

I ran the script and it exited with no output. It did create a connection named “cas”, and made that the default. I’m not super steeped in how podman works but I believe that’s what you need to do to get podman to run containers remotely.

I ran some containers using podman and I think they are running remotely but I don’t know the right juju to verify. It looks right though!

This means you could probably make minor modifications to the generated shell script to support podman. Maybe when the check for docker fails, check for podman, and then later in the script use the podman equivalents to the docker context commands.

@prologic@twtxt.net aha, thank you, that got me unjammed.

Turns out I thought I had an SSH key set up in github, but github didn’t agree with me. So, I re-added the key.

I also had to modify the command slightly to:

ssh -p 2222 -i PRIVATE_GITHUB_KEY GITHUB_USERNAME@cas.run help

since I generate app-specific keypairs and need to specify that for ssh and I haven’t configured it to magically choose the key so I have to specify it in the command line.

Anyhow, that did it. Thanks!

@New_scientist@feeds.twtxt.net hello @prologic@twtxt.net here’s another feed that’s spewing multiple copies of the same post. This one above is repeated 8 times. @awesome-scala-weekly@feeds.twtxt.net now has 13 copies of each post every week. This definitely looks like a bug in whatever code is generating these feeds, because the source feeds don’t have multiple copies of the original posts:

• Has 8 copies of the above post: https://feeds.twtxt.net/New_scientist/twtxt.txt
  
• Has only 1 copy of the above post: https://www.newscientist.com/feed/home/
  

I forget whether I filed an issue on this before, but can you tell me where I should do that?

Erlang Solutions: Ship RabbitMQ logs to Elasticsearch
RabbitMQ is a popular message broker that facilitates the exchange of data between applications. However, as with any system, it’s important to have visibility into the logs generated by RabbitMQ to identify issues and ensure smooth operation. In this blog post, we’ll walk you through the process of shipping RabbitMQ logs to Elasticsearch, a distributed search and analytics engine. By centralising and analysing RabbitMQ logs with Elasticsea … ⌘ Read more

Largest winery solar panel system in Australia switches on in the Barossa Valley
Almost 6,000 solar panels have been installed by Treasury Wine Estates, with the ability to generate more than 5,000 megawatt-hours of energy per year — the equivalent of powering around 900 homes. ⌘ Read more

How to responsibly adopt GitHub Copilot with the GitHub Copilot Trust Center
We’re launching the GitHub Copilot Trust Center to provide transparency about how GitHub Copilot works and help organizations innovate responsibly with generative AI. ⌘ Read more

GitHub Repository Rules are now generally available
Repository rules provide an easy, flexible way to define branch protections and ensure consistency in code across repositories. ⌘ Read more

Global Atmospheric Circulation
⌘ Read more

A developer’s guide to prompt engineering and LLMs
Prompt engineering is the art of communicating with a generative AI model. In this article, we’ll cover how we approach prompt engineering at GitHub, and how you can use it to build your own LLM-based application. ⌘ Read more

GitHub merge queue is generally available
Supercharge pull request merges on your busiest branches by enabling your team to queue. ⌘ Read more

GitHub CLI project command is now generally available!
Level up your use of GitHub Projects on the command line and in GitHub Actions with the new project CLI command. ⌘ Read more

GitHub Enterprise Server 3.9 is now generally available
GitHub Enterprise Server 3.9 is now generally available. Organizations can now take advantage of more features that enable deeper collaboration, greater observability and faster workflows. ⌘ Read more

The economic impact of the AI-powered developer lifecycle and lessons from GitHub Copilot
Today at Collision Conference we unveiled breaking new research on the economic and productivity impact of generative AI–powered developer tools. The research found that the increase in developer productivity due to AI could boost global GDP by over $1.5 trillion. ⌘ Read more

Robots, high-density planting just some of Young Farmer of the Year’s fresh ideas
Fifth generation apple, pear and stone fruit grower Mitchell McNab says robotics will play a major role in the future to keep production costs down. ⌘ Read more

Also, what a douchebag using the title “Dr.” in his twitter handle. As a general rule, a white dude who isn’t a medical doctor putting “Dr.” in their social media title is a gigantic flashing red flag.

Rebuilding a Solar Powered Website

Image

A screenshot of the markdown file for this page.

During the last months we have been working on switching the solar powered website from one static site generator (Pelican) to another (Hugo). Many readers will not notice the changes right away, as we have not made any major adj … ⌘ Read more

Russia blowing up the Nova Kakhovka dam is an incomprehensible war crime. Among other things, it drains water from the Zaporizhzhia nuclear power plant, water that is needed for cooling. They are trying to generate a widespread disaster.

They must be stopped, immediately, without hesitation. This is unacceptable behavior, crossing every red line we have no matter our politics, without any doubt.

Seems to me you could write a script that:

• Parses a StackOverflow question
  
• Runs it through an AI text generator
  
• Posts the output as a post on StackOverflow
  

and basically pollute the entire information ecosystem there in a matter of a few months? How long before some malicious actor does this? Maybe it’s being done already 🤷

What an asinine, short-sighted decision. An astonishing number of companies are actively reducing headcount because their executives believe they can use this newfangled AI stuff to replace people. But, like the dot com boom and subsequent bust, many of the companies going this direction are going to face serious problems when the hypefest dies down and the reality of what this tech can and can’t do sinks in.

We really, really need to stop trusting important stuff to corporations. They are not tooled to last.

Dear Stack Overflow, Inc.

Stack Overflow is being inundated with AI-generated garbage. A group of 480+ human moderators is going on strike, because:

Specifically, moderators are no longer allowed to remove AI-generated answers on the basis of being AI-generated, outside of exceedingly narrow circumstances. This results in effectively permitting nearly all AI-generated answers to be freely posted, regardless of established community consensus on such content.

In turn, this allows incorrect information (colloquially referred to as “hallucinations”) and plagiarism to proliferate unchecked on the platform. This destroys trust in the platform, as Stack Overflow, Inc. has previously noted.

It looks like StackOverflow Inc. is saying one thing to the public, and a very different thing to its moderators.

I don’t really like the term “gatekeeping”, especially when it’s used to describe the general concept of a barrier to entry. The term “gatekeeping” implies to me a “gatekeeper”–a person A who is trying to control if person B can interact with person C. It implies active discrimination, perhaps even bigotry, when in reality the barrier might be a passive issue such as scarcity or inherent complexity. “Gatekeeping” seems an intentionally- and needlessly-charged term.

When first grown in Australia, this exotic tropical fruit was little-known. Now farmers can’t keep up with demand
In the depths of South America’s Amazon Basin, the achachairú, a highly prized tropical fruit, has been cultivated for generations. But it’s on the side of the world, in North Queensland, that the fruit is grown on the greatest scale. ⌘ Read more

<darch> testing out generating twt-hash using php

Google Bard or BingGPT are actually quite useful to answer simple questions without having to scroll through many pages of clickbait and AI-generated babble blogposts. I’m currently preparing for the AWS exam (I finally signed up!) and Google Bard explained the differences between Cognito User Pools and Cognito Identity Pools in a simple and understandable way. Even with a tabular overview and examples how to use both services. Now my knowledge is refreshed again. 😄 ⌘ Read more

Why an iPhone makes a terrible general purpose computer
(when Android makes a pretty good one) ⌘ Read more

Custard apple growers marketing to next generation
Once common in backyards and suburban streets, the super-sweet fruit has almost disappeared from the landscape — but growers are hoping to change that. ⌘ Read more

Siphon
⌘ Read more

Fiji is a tropical fruit paradise for tourists while locals lack nutrition — but protected cropping could help
Many people think of Fiji as a wonderland of tropical fruit and vegetable — but in reality, premium produce on offer at resorts comes from Australia and New Zealand, while many locals suffer from a lack of wholesome food. ⌘ Read more

von Neumann: I came up with this new system that generalizes probability theory to consider convex sets instead of point estimates. I think that I could use this to prove regret bounds…

How companies are boosting productivity with generative AI
Explore how generative AI coding tools are changing the way developers and companies build software. ⌘ Read more

Push protection is generally available, and free for all public repositories
Announcing the general availability of push protection–a feature that proactively prevents secret leaks in your public and private repositories. ⌘ Read more

GitHub code search is generally available
The world’s code is now at your fingertips. ⌘ Read more

I’ve tried twtxt2atom (https://lien.sus.fr/rUluz) but it doesn’t seem to be generating the body for the post

I get that there are groups of people who don’t have many good options besides Bluesky, so moistly this is griping about how bad social media is generally, and how the lousy people in charge continue to be in charge.

Riverland families selling off land and diversifying after generations of growing winegrapes
Vineyard owners in South Australia’s Riverland are hitting the market as the wine industry feels the crush of a difficult vintage and China’s tariffs on red wine. ⌘ Read more

@prologic@twtxt.net @carsten@yarn.zn80.net

There is (I assure you there will be, don’t know what it is yet…) a price to be paid for this convenience.

Exactly prologic, and that’s why I’m negative about these sorts of things. I’m almost 50, I’ve been around this tech hype cycle a bunch of times. Look at what happened with Facebook. When it first appeared, people loved it and signed up and shared incredibly detailed information about themselves on it. Facebook made it very easy and convenient for almost anyone, even people who had limited understanding of the internet or computers, to get connected with their friends and family. And now here we are today, where 80% of people in surveys say they don’t trust Facebook with their private data, where they think Facebook commits crimes and should be broken up or at least taken to task in a big way, etc etc etc. Facebook has been fined many billions of dollars and faces endless federal lawsuits in the US alone for its horrible practices. Yet Facebook is still exploitative. It’s a societal cancer.

All signs suggest this generative AI stuff is going to go exactly the same way. That is the inevitable course of these things in the present climate, because the tech sector is largely run by sociopathic billionaires, because the tech sector is not regulated in any meaningful way, and because the tech press / tech media has no scruples. Some new tech thing generates hype, people get excited and sign up to use it, then when the people who own the tech think they have a critical mass of users, they clamp everything down and start doing whatever it is they wanted to do from the start. They’ll break laws, steal your shit, cause mass suffering, who knows what. They won’t stop until they are stopped by mass protest from us, and the government action that follows.

That’s a huge price to pay for a little bit of convenience, a price we pay and continue to pay for decades. We all know better by now. Why do we keep doing this to ourselves? It doesn’t make sense. It’s insane.

@carsten@yarn.zn80.net

I have to write so many emails to so many idiots who have no idea what they are doing

So it sounds to me like the pressure is to reduce how much time you waste on idiots, which to my mind is a very good reason to use a text generator! I guess in that case you don’t mind too much whether the company making the AI owns your prompt text?

I’d really like to see tools like this that you can run on your desktop or phone, so they don’t send your hard work off to someone else and give a company a chance to take it from you.

@prologic@twtxt.net @carsten@yarn.zn80.net

(1) You go to the store and buy a microwave pizza. You go home, put it in the microwave, heat it up. Maybe it’s not quite the way you like it, so you put some red pepper on it, maybe some oregano.

Are you a pizza chef? No. Do we know what your cooking is like? Also no.

(2) You create a prompt for StableDiffusion to make a picture of an elephant. What pops out isn’t quite to your liking. You adjust the prompt, tweak it a bunch, till the elephant looks pretty cool.

Are you an artist? No. Do we know what your art is like? Also no.

The elephant is “fake art” in a similar sense to how a microwave pizza is “fake pizza”. That’s what I meant by that word. The microwave pizza is a sort of “simulation of pizza”, in this sense. The generated elephant picture is a simulation of art, in a similar sense, though it’s even worse than that and is probably more of a simulacrum of art since you can’t “consume” an AI-generated image the way you “consume” art.

@carsten@yarn.zn80.net @lyse@lyse.isobeef.org I also think it is best called fake. Art is created by human beings, for human beings. It mediates a relationship between two people, and is a means of expression.

A computer has no inner life, no feelings, no experience of the world. It is not sentient. It has no life. There’s nothing “in” there for it to express. It’s just generating pixels in patterns we’ve learned to recognize. These AI technologies are carefully crafted to fool people into experiencing the things they experience when they look at human-made art, but it is an empty experience.

Isode: Red/Black 2.0 – New Capabilities
This major release adds significant new functionality and improvements to Red/Black, a management tool that allows you to monitor and control devices and servers across a network, with a particular focus on HF Radio Systems.  A general summary is given in the white paper Red/Black Overview

Support added for Switch type devices, that can connect multiple devices and allow … ⌘ Read more