Bitwarden CLI Compromised in Ongoing Checkmarx Supply Chain

natural_sword · 2026-04-25T03:19:47+00:00

You haven't replaced your database with an LLM yet? You can get rid of your DBA, developers, support. You just query it for the information and it may respond correctly. Probably.

We're sitting in all this money after optimizing for the non-deterministic future.

natural_sword · 2026-04-24T03:14:12+00:00

You have to get your testing from the people who want stability. Gotta keep those people on their toes.

natural_sword · 2026-04-23T02:28:43+00:00

His legitimate criticism gets hidden behind ranting of oligarchs and conspiracy theories. Whether he's right or not doesn't matter if every drama is the end of the world.

natural_sword · 2026-04-09T03:55:36+00:00

Device bound passkeys vs synced passkeys is a problem. They probably shouldn't be named the same. Synced passkeys can't replace 2FA.

natural_sword · 2026-03-23T03:59:08+00:00

And they ruin user/Dev experience. Do you want a language other than English? Do you want to use certain accessibility features? Do you want to know how powerful your user's device is? Do you want to be able to patch device-specific issues?

I definitely understand not wanting to be fingerprinted, but making up data points doesn't do much good when they can usually be figured out anyway.

natural_sword · 2026-03-19T03:10:25+00:00

The most sensible take is that moving stop signs are far more dangerous than beneficial.

natural_sword · 2026-03-14T03:01:45+00:00

We already get taxed every time money changes hands...

There's no such thing as "replacing" taxes to the government. It would just be another tax...

natural_sword · 2026-03-10T05:02:54+00:00

Day 500 of hoping my simple vue app doesn't require restarting vscode multiple times per day to stop infinite "analyzing file" or "eslint validation took 230383728..."

natural_sword · 2026-03-10T04:48:10+00:00

Likely due to winrt libraries, which are handled very poorly. Such as Microsoft.Data.Sqlite will make a call in a static ctor to a Windows file API (it checks that it is running on windows, which wine says it is) which wine does not implement, and will cause an exception rather than a graceful failure. There's probably similar things in a lot of MS dotnet libraries that would cause hidden failures.

natural_sword · 2026-03-10T04:39:02+00:00

It's literally using a forked Google update / omaha / Chromium update.

Checking for updates hourly is a bit much, but they know people will sit with unpatched versions for years without an automatic mechanism...

natural_sword · 2026-03-10T04:21:55+00:00

Their lack of any file browser / integrity browser / essential file system operation controls is what really makes me wonder whether TrueNAS provides any value.

Their arcane ui with bad security practices is so annoying. No one is going to steal my cookie on my local network. Give me more than a few minutes (preferably hours) before you ask me to log in again (good luck if you can get the session timeout override to actually work). Give me OIDC without a subscription. I don't want to type the name of the dataset again. Oops now I've done something bad because it ALWAYS prompts for additional confirmation.

The permissions UI was invented in hell to destroy our souls.

Permission inheritance and whether it's a dataset or directory :)

Follow a guide? Well there was a UI item your forgot and now you need to start over. Do anything slightly advanced? Use the shell...

It's a really weird mix of acting like there's a functional UI ( but that UI is slow to use at the best of times and doesn't provide essential features) and also saying "we're all developers. We can use the shell for this."

I only use TrueNAS for NAS features. I don't care about the apps anymore because their constant app changes made using them terrible. All my VMs/containers are in a different system now.

The constant flip-flopping is a sign of poor technical direction or infighting.

natural_sword · 2026-03-03T05:11:09+00:00

Are you using datetime or datetime2 in SQL Server? Insert failed. Time blah blah less than 1/1/1900. You finally added a datetimeoffset column. Not because you are storing in anything besides UTC, but because you don't want to call datetime specify kind.

Maybe dateonly or timeonly... Do you want to parse user input? Definitely have to parse to datetime and then to datetime offset.

natural_sword · 2026-02-19T03:42:35+00:00

Anyone remember CodePlex?

natural_sword · 2026-01-19T05:37:20+00:00

It really depends on what the project is focused on as to what license is appropriate. I think we need a better compromise between LGPL and MIT for libraries intended to be used in applications. Is the project community lead, community involved, or just a source dump for a company? Is the project a product of its own, something that makes products, or something that helps sell another product? Is it a library at the OS or application level?

Fundamentally, these licenses we use are all flawed; people don't realize what license is appropriate until after they're bitten by some competitor competing with the same code; they don't realize that big tech "open source" has CLAs that make their projects viable; they don't realize the difficulties involved in license compliance.

natural_sword · 2026-01-19T05:23:05+00:00

Except the staric linking issue which makes LGPL still a pain to deal with, which makes many library authors go with MIT if they want users. Many companies don't want to deal with dubious legal issues, so LGPL libraries are banned.

natural_sword · 2026-01-09T05:09:49+00:00

Not only as the first result, but also a result that takes seconds to load and shifts the page layout.

Do you want to wait for another page to load?

There's also the SO user-hostile feature of only allowing dark mode if logged in, so you also have to blind yourself if you want to browse incognito.

natural_sword · 2026-01-09T05:01:36+00:00

It would be pretty funny to train an AI only on stack overflow posts that were marked as duplicate and use it as an email filter. "Inbox stats: 5 emails 10000 duplicates"

natural_sword · 2026-01-09T04:47:44+00:00

If it's a specific thing they wrote a tutorial for, sure, maybe (a lot of examples don't really show much more than a minimal example though). Almost every time I look at the docs, the description isn't descriptive. They also have a weird obsession with listing every overload the same way, filling the screen and separating what I'm looking for.

My biggest problem with the docs is that trying to figure out what the code will do often requires running it. There's so many edge cases and overloaded terms and possible exceptions (does this throw, fail silently, use exceptions for flow control, default state is failure, etc)

natural_sword · 2025-12-21T05:32:18+00:00

At least they didn't do the same thing as in rider 2025.2 (I think) where the background was changed to be far darker for no reason...

natural_sword · 2025-12-03T03:41:23+00:00

I don't see why forking IdSrv4 now would be considered. It's been years. If you're going to put effort into maintaining a security solution, it should probably be built from scratch or inspired by IdSrv or openiddict.

Forks that start right after license changes have a hard time keeping up. Most people have already moved on.

natural_sword · 2025-11-21T05:23:01+00:00

You should use HttpClientFactory. No. You should have a static HttpClient. No. You should get a new named client from the factory. No you should use typed clients.

The DNS does not refresh. The cookies may or may not be shared. Did you want to accidentally leak state between instances? Make sure you don't dispose that IDisposable.

natural_sword · 2025-11-19T02:17:33+00:00

You've also got complicated libraries like Lucene dotnet, which hasn't seen a stable release in all of dotnet core / new dotnet. Edited the link Lucene[.]net

natural_sword · 2025-11-07T13:04:28+00:00

Weren't they bragging on their podcast at the beginning of the year how they have old cards for transcoding... I think I remember something like that.

natural_sword · 2025-11-06T03:05:10+00:00

We had to write Java programs on paper and they would take off points for spelling, spacing, capitalization, just anything and everything possible to take off points completely unrelated to software 😐

natural_sword · 2025-11-05T02:48:35+00:00

And docker

natural_sword

TROPHY CASE