LurkingLuddite

I wouldn’t say pulling in higher versions is unsafe unless an attack like this succeeds. Otherwise it’s only an annoyance.

That sounds more like bad practices from the community. It definitely has ways to use exact versions. Not the least of which the lock file. Or the shrinkwrap file which public packages should be using.

Genuine question. How is NPM more vulnerable than other repos? Haven’t similar supply chain attacks succeeded at least as well as this one through GitHub itself and even Linux package repos?

Why? The pros know how to breach systems. The real question is what are you going to do with the breach?

Today is the lazy man’s game. This kid just played with fire and got burned. Nothing more.

Never said it was as bad as Reddit. I’ve only said the oposite.

Well getting your account that you groomed up for who knows how long nuked is pretty damn close. Especially if you’re a main contributor to a comm or two and all that work disappears.

Oh shit … OH SHIT!

… I’ve lost my surprise picachu pic…

The admins literally administer the instances. Many of them directly running the instances on hardware they pay for. Even if the API didn’t allow it, they could just directly delete your user record from the DB.

You can still get your account nuked by butthurt admins.

Though again, still far better than Reddit.

Depends on what instance and what opinion you are towing, still. Though it is still a far cry better than Reddit.

Ignorance will never save you.

Would be the least surprising thing, out of all the advanced civilizations actually existing options.

Not any advanced enough civilization.

Though a civilization based on capitalism where the greediest fucks get to hoard wealth and resources and get away with doing what ever they want? Yes.

lol You quite literally do not know what you’re talking about and it’s hilarious. Hilariously pathetic.

Everyone is focused on the exit, when clearly there is still a vulnerability to the entrance side. If someone is identified as a bad actor, you do not want your own personal address showing up all over in the logs of who they’ve been conversing with… Regardless of what can be proven as to the nature of conversations, you will now have eyes on you.

So yes, a VPN is useful, just not for all the reasons the comments so far are addressing.

Nice! Sound like you’re on the right track, though might want to keep a live cd image on hand in case Windows decides to take over your boot options until you can finally squash it. xP

Try out some live boot disks then. Several flavors of linux will just boot up, and give you the option to install from within the booted OS. I forget which ones lwt you change things and basically treat them like normal, but some will even carry over any made changes right through the install (if you tell it to, anyways).

Then, you’ll just have to identify any critical applications you need and see if they run on linux, or have any viable alternatives that do, or worst case try to run the windows flavor through Wine or proton or so.

If you need stability above all, I’d recommend avoiding the bleeding edge distros or the young ones that are changing a lot. It sounds odd, but I’ve been digging MX Linux a lot, and I’ve tried a good few flavors over the years. It’s based on Debian Stable, so it’s repos won’t be the bleeding edge, but it has that classic Debian “Just Works” going for it. The only bugs I’ve had have been issues from Wayland that also affect other distros.

Nahh, this seems exactly like something that would happen from advanced text predictors, which is exactly what ALL of these LLM “AI” are. The instructions are in English, no doubt. Of course there is a strong association with English words despite, “in Mexican” surely being somewhere in the “instructions”.

This is just more ELIZA effect in action… Fucking braindead execs/etc failing to understand that it is literally just advanced text prediction that’s fed through a TTS “AI” driven system, that’s surely given just as tenuouse of a connection to Spanish as the text predictor…

(I know your comment seems aware of that fact given the AGI slamming, I just had to vent in a way that describes why it’s such bullshit)

It doesn’t comprehend anything. That’s the damn point.

Though it WILL “understand” what you did by the algorithms that break down code turning the variable into another token. So all you’re really doing is costing yourself more time and money in the slop machine.

ELIZA effect in full swing… Humans really are gullible.