Readit News logoReadit News
aabbccsmith commented on NPM debug and chalk packages compromised   aikido.dev/blog/npm-debug... · Posted by u/universesquid
simpaticoder · 4 days ago
I've come to the conclusion that avoiding the npm registry is a great benefit. The alternative is to import packages directly from the (git) repository. Apart from being a major vector for supply-chain attacks like this one, it is also true that there is little or no coupling between the source of a project and its published code. The 'npm publish' step takes pushes local contents into the registry, meaning that a malefactor can easily make changes to code before publishing.
aabbccsmith · 4 days ago
npm's recent provenance feature fixes this, and it's pretty easy to setup. It will seriously help prevent things like this from ever happening again, and I'm really glad that big packages are starting to use it.
aabbccsmith commented on DirFuck – An esolang that uses folders, not files   github.com/boon-cpu/DirFu... · Posted by u/aabbccsmith
aabbccsmith · 2 years ago
My favourite part of the README is:

# Is there a use case? no

Posted by u/aabbccsmith 2 years ago
DirFuck – An esolang that uses folders, not filesgithub.com/boon-cpu/DirFu...
aabbccsmith commented on Building a dangerous driving leaderboard (and getting offered a job)   jack.link/blog/life360... · Posted by u/lafond
aabbccsmith · 3 years ago
had so much fun working on it :)
aabbccsmith commented on Avoiding homework with code and getting caught   alistair.blog/mochip... · Posted by u/aabbccsmith
jviotti · 3 years ago
Congrats Alistair and Scott! This is an amazing story that made me remember my high-school days. As the authors, I was into programming from an early age, and high school definitely took the second place :) My grades ended up REALLY suffering when I got my first full-time role at a startup while I was 17 years old (parents approved) and on my last school year. Fast-forward many years and I don't regret a thing. I attended University of Oxford (despite my bad grades!) and I'm doing very well doing what I love.

Wish you both a very, very bright future!

aabbccsmith · 3 years ago
thank you for the kind words :) things are going well for us so far, so fingers crossed it stays like this! You've put a big smile on my face :)
aabbccsmith commented on Nightdrive   incoherency.co.uk/blog/st... · Posted by u/GeorgeHahn
aabbccsmith · 3 years ago
This is the sort of thing I'd leave on an unused monitor all the time or have on display somewhere. Really cool aesthetic
aabbccsmith commented on Avoiding homework with code and getting caught   alistair.blog/mochip... · Posted by u/aabbccsmith
tomcam · 3 years ago
Half serious here. If they’re so smart why didn’t they know about screenshots? I mean part of their proof was a photograph of a screen, which seems odd to me.
aabbccsmith · 3 years ago
We never really thought about documenting progress, so the photo of the email was taken from a phone camera of a teacher's computer (they had sent the email). We managed to find it while I was writing the article earlier on in the year, in a "deleted pictures" folder. I thought it would be cool to add it on. It's purely because the project spanned such a long time and nothing was really written down or saved.
aabbccsmith commented on Avoiding homework with code and getting caught   alistair.blog/mochip... · Posted by u/aabbccsmith
kazinator · 3 years ago
Why would you need to fake whether you watched a video? Just let it play while you do something else. If it still bothers you how long it takes, put it on 2x speed.
aabbccsmith · 3 years ago
It was part of the homework, we had to watch a video and write down notes in a physical notebook. The notebook was never checked because they assumed that a video watched >=1x meant that we understood the task. The videos took a while to watch so we'd rather skip.
aabbccsmith commented on Avoiding homework with code and getting caught   alistair.blog/mochip... · Posted by u/aabbccsmith
club_tropical · 3 years ago
The threat of suing very much loomed in the background if they did not cooperate. Hegarty is just more slick, buttering them up with (well deserved) praises and attention from grownups to get voluntary cooperation.
aabbccsmith · 3 years ago
I didn't really get that vibe, especially when we called Colin. He was super friendly. But then again, we didn't want to test it and we complied immediately =)
aabbccsmith commented on Avoiding homework with code and getting caught   alistair.blog/mochip... · Posted by u/aabbccsmith
trinovantes · 3 years ago
These online learning platforms should also consider drawing on canvas e.g. flutter to make it harder to scrape screen contents

I think they could also just check the isTrusted field in the Event since that can't be overwritten without a custom compiled browser

aabbccsmith · 3 years ago
It's always a game of cat and mouse... if a human can use a website then it's theoretically possible that a robot can too. I used to do a lot of sneaker botting a few years prior, so I kind of lot about web automation then. Developers will always find a way, even if it means spending more time writing the software than it would have just doing the homework
a

u/aabbccsmith

KarmaCake day486November 23, 2020
About
https://alistair.sh
View Original