When notpushkin said "the spec is still at XSLT 1.0", I think "the spec" is referring to the WHATWG HTML Living Standard spec, which only refers to XSLT 1.0. (It wouldn't make sense to say "the XSLT spec is at XSLT 1.0".)
Exactly. Thanks!
Readit Newsnotpushkin commented on Show HN: JavaScript-free (X)HTML Includes github.com/Evidlo/xsl-web... · Posted by u/Evidlo
notpushkin commented on macOS dotfiles should not go in –/Library/Application Support becca.ooo/blog/macos-dotf... · Posted by u/zdw
Can't you just std::env::var it? Why need a library? It's not even set on my MacBook though.
Yeah, the variable is usually unset, so you’ll want to have a default value in your code. Basically something like
config_dir="${XDG_CONFIG_HOME:-$HOME/.config}/my-app"
notpushkin commented on macOS dotfiles should not go in –/Library/Application Support becca.ooo/blog/macos-dotf... · Posted by u/zdw
Why should it not.
The easier case for me to defend is XDG_CACHE_HOME - if it defaults to ~/.Library/Caches then it makes life simpler on macOS as it means that you don't have to add other directories to be removed from your backups.
Regardless of the default value, I think we can all agree that supporting XDG_* would be a good start!
notpushkin commented on How RubyGems.org protects OSS infrastructure blog.rubygems.org/2025/08... · Posted by u/hahahacorn
That's interesting, thanks for drawing my attention to it. I would need to go spelunking around to see how they reference an .apk from the Play Store, which I got the impression used crazypants gRPC shenanigans for building download URLs
---
I went sniffing around and while I didn't go through all tens of pages, it sure does seem like that's only used for non-Play Store style verification, and thus my assertion seems to stand https://gitlab.com/search?group_id=28397&project_id=36528&se...
Oh, I got it – apparently Play App Signing is mandatory now: https://developer.android.com/studio/publish/preparing#publi...
This makes it a bit trickier, yeah, though if the developer can get an APK signed with their Play App Signing key, and the app in question is a reproducible build, they can then publish it in F-Droid: https://fdroid.gitlab.io/jekyll-fdroid/docs/Reproducible_Bui...
(and probably they can upload it to their GitHub releases or something so that F-Droid picks it up from there)
notpushkin commented on How RubyGems.org protects OSS infrastructure blog.rubygems.org/2025/08... · Posted by u/hahahacorn
AIUI, the threat model isn't "self signed versus not," I would suspect the modern threat model is "current release signed by the same cert as prior release". The Android ecosystem is backed by this threat model, and (zip parsing nonsense aside) seems to be doing well with it. Even F-Droid, which runs their own signing stack, participates although it is not compatible with the Play Store distribution mechanism due to "who owns the signing key"
It’s compatible if reproducible builds are used: https://fdroid.gitlab.io/jekyll-fdroid/docs/Reproducible_Bui...
notpushkin commented on Show HN: JavaScript-free (X)HTML Includes github.com/Evidlo/xsl-web... · Posted by u/Evidlo
I believe the spec is at XSLT 3.0 but no browser actually implemented past XSLT 1.0 (not 100% sure - almost nobody cared about this feature last month so hard to find good docs on support). HTML5 and C++ are cut from the same cloth - massive and no reference implementation so full of features that have been “standard” for 10 years but never implemented by anyone.
Yeah, sorry, the XSLT spec is at 3.0 right now of course, but the browsers don’t implement it, and the WHATWG HTML Living Standard only mentions XSLT 1.0.
notpushkin commented on Google did not unilaterally decide to kill XSLT meyerweb.com/eric/thought... · Posted by u/bkardell
It was a quick way to share files. FTP as an internet application made a lot of sense. The only counter reason was it did not have password protections like SFTP did, and did not support encryption. But that is like arguing against HTTP in favor of HTTPS.
I don't think they put SFTP in browsers yet.
There was FTPS (FTP+TLS). Not sure if browsers ever supported that but I imagine it’s not too hard to implement iv you have HTTPS already.
Second hand as in used from this generation? Or second generation? I can't wait for windows on arm to finally fully get there.
Used ones, yeah. Companies used to sell off entire fleets when they upgrade, sometimes pretty cheap. I’ve bought a perfectly usable T420 for something like $50 about 10 years ago. (Naturally, it was 4 years old at that point, but still.)
Also curious about Windows on Arm, but my plan is to run Linux mainly (which hopefully gets better support at that point!)
I’m waiting for the second hand Arm ThinkPads to drop. Fingers crossed.
notpushkin commented on Show HN: JavaScript-free (X)HTML Includes github.com/Evidlo/xsl-web... · Posted by u/Evidlo
I find it bizarre that Google can just ask for a feature to be removed from standard and nobody bats an eye.
If I understand correctly, Mozilla and Apple don’t really want to support it either. And the reason for that is, the spec is still at XSLT 1.0, which is super old, and current implementations are effectively abandonware. Catch-22?