Home | Tabby This is actually pretty cool and useful. Just tried this on my Mac locally of course and it seems to have quite good utility. What would be interesting for me would be to train it on my code and many projects 😅

GitHub and OpenAI fail to wriggle out of Copilot lawsuit • The Register

Lawsuits alleging GitHub Copilot breached licenses can move forward. Will be interesting to see how these cases are decided.

This is a fucked up detail:

The judge meanwhile rejected the defense argument that the plaintiffs should not be allowed to continue their claim pseudonymously based on death threats sent to the plaintiffs’ counsel.

Who is sending death threats to the lawyers of people trying to sue GitHub/Microsoft/OpenAI, and why? Something’s fishy there.

Asleep at the Keyboard? Assessing the
Security of GitHub Copilot’s Code Contributions

40% of code produced by GitHub Copilot has at least one well-known security vulnerability, in the test reported in this paper.

Erlang Solutions: How ChatGPT improved my Elixir code. Some hacks are included.
I have been working as an Elixir developer for quite some time and recently came across the ChatGPT model. I want to share some of my experience interacting with it.

During my leisure hours, I am developing an open-source Elixir initiative, Crawly, that facilitates the extraction of structured data from the internet.

Here I want to demonstrate how … ⌘ Read more

I played with nlpodyssey/verbaflow: Neural Language Model for Go today a little bit today…. First I had to download a ~2GB file (the model), then convert that to a format the program verbaflow understands which came out to roughly ~5GB. Then I tried some of the samples in the README. My god, this this is so goddamn awfully slow its like watching paint dry 😱 All just to predict the next few tokens?! 😳 I had a look at the resource utilisation as well as it was trying to do this “work”, using 100% of 1.5 Cores and ~10GB of Memory 😳 Who da fuq actually thinks any of this large language model (LLM) and neural network crap is actually any good or useful? 🤔 Its just garbage 🤣

There is a “right” way to make something like GitHub CoPilot, but Microsoft did not choose that way. They chose one of the most exploitative options available to them. For that reason, I hope they face significant consequences, though I doubt they will in the current climate. I also hope that CoPilot is shut down, though I’m pretty certain it will not be.

Other than access to the data behind it, Microsoft has nothing special that allows it to create something like CoPilot. The technology behind it has been around for at least a decade. There could be a “public” version of this same tool made by a cooperating group of people volunteering, “leasing”, or selling their source code into it. There could likewise be an ethically-created corporate version. Such a thing would give individual developers or organizations the choice to include their code in the tool, possibly for a fee if that’s something they want or require. The creators of the tool would have to acknowledge that they have suppliers–the people who create the code that makes their tool possible–instead of simply stealing what they need and pretending that’s fine.

This era we’re living through, with large companies stomping over all laws and regulations, blatantly stealing other people’s work for their own profit, cannot come to an end soon enough. It is destroying innovation, and we all suffer for that. Having one nifty tool like CoPilot that gives a bit of convenience is nowhere near worth the tremendous loss that Microsoft’s actions in this instace are creating for everyone.

@carsten@yarn.zn80.net That’s a dissembling answer from him. Github is owned by Microsoft, and CoPilot is a for-pay product. It would have no value, and no one would pay for it, were it not filled with code snippets that no one consented to giving to Microsoft for this purpose. Microsoft will pay $0 to the people who wrote the code that makes CoPilot valuable to them.

In short, it’s a gigantic resource-grab. They’re greedy assholes taking advantage of the hard work of millions of people without giving a single cent back to any of them. I hope they’re sued so often that this product is destroyed.

I was listening to an O’Reilly hosted event where they had the CEO of GitHub, Thomas Dohmke, talking about CoPilot. I asked about biased systems and copyright problems. He, Thomas Dohmke, said, that in the next iteration they will show name, repo and licence information next to the code snippets you see in CoPilot. This should give a bit more transparency. The developer still has to decide to adhere to the licence. On the other hand, I have to say he is right about the fact, that probably every one of us has used a code snippet from stack overflow (where 99% no licence or copyright is mentioned) or GitHub repos or some tutorial website without mentioning where the code came from. Of course, CoPilot has trained with a lot of code from public repos. It is a more or less a much faster and better search engine that the existing tools have been because how much code has been used from public GitHub repos without adding the source to code you pasted it into?

@prologic@twtxt.net I always liked bit.
I am disappointed that a GUI app would not at least have screenshots.

julien040/gut: An easy-to-use git client for Windows, macOS, and Linux

@abucci@anthony.buc.ci So.. The issue is that its showing the password by default? Would making an alias to always include the -c help? We can probably engage Jason with a PR to enable a more hardened approach when desired. I’ve spoken to him before and is generally a pretty open to ideas.

I found this app that was created by the gopass author that does copy by default and has a tui or GUI mode https://github.com/cortex/ripasso

@prologic@twtxt.net see where its used maybe that can help.
https://github.com/sour-is/ev/blob/main/app/peerfinder/http.go#L153

This is an upsert. So I pass a streamID which is like a globally unique id for the object. And then see how the type of the parameter in the function is used to infer the generic type. In the function it will create a new *Info and populate it from the datastore to pass to the function. The func will do its modifications and if it returns a nil error it will commit the changes.

The PA type contract ensures that the type fulfills the Aggregate interface and is a pointer to type at compile time.

one that i think is pretty interesting is building up dependent constraints. see here.. it accepts a type but requires the use of a pointer to type.

https://github.com/sour-is/ev/blob/main/pkg/es/es.go#L315-L325

I started reading the proposal to introduce operator overloading in Go version 2 that I like to see: https://github.com/golang/go/issues/27605 Now a few hours later I ended up at this gem. Write a program that makes 2+2=5: https://codegolf.stackexchange.com/questions/28786/write-a-program-that-makes-2-2-5 There are some awesone solutions. :-)

Circling back to the IsPreferred method. A hasher can define its own IsPreferred method that will be called to check if the current hash meets the complexity requirements. This is good for updating the password hashes to be more secure over time.

func (p *Passwd) IsPreferred(hash string) bool {
	_, algo := p.getAlgo(hash)
	if algo != nil && algo == p.d {

		// if the algorithm defines its own check for preference.
		if ck, ok := algo.(interface{ IsPreferred(string) bool }); ok {
			return ck.IsPreferred(hash)
		}

		return true
	}
	return false
}

https://github.com/sour-is/go-passwd/blob/main/passwd.go#L62-L74

example: https://github.com/sour-is/go-passwd/blob/main/pkg/argon2/argon2.go#L104-L133

Hold up now, that example hash doesn’t have a $ prefix!

Well for this there is the option for a hash type to set itself as a fall through if a matching hash doesn’t exist. This is good for legacy password types that don’t follow the convention.

func (p *plainPasswd) ApplyPasswd(passwd *passwd.Passwd) {
	passwd.Register("plain", p)
	passwd.SetFallthrough(p)
}

https://github.com/sour-is/go-passwd/blob/main/passwd_test.go#L28-L31

Here is an example of usage:

func Example() {
	pass := "my_pass"
	hash := "my_pass"

	pwd := passwd.New(
		&unix.MD5{}, // first is preferred type.
		&plainPasswd{},
	)

	_, err := pwd.Passwd(pass, hash)
	if err != nil {
		fmt.Println("fail: ", err)
	}

	// Check if we want to update.
	if !pwd.IsPreferred(hash) {
		newHash, err := pwd.Passwd(pass, "")
		if err != nil {
			fmt.Println("fail: ", err)
		}

		fmt.Println("new hash:", newHash)
	}

	// Output:
	//  new hash: $1$81ed91e1131a3a5a50d8a68e8ef85fa0
}

This shows how one would set a preferred hashing type and if the current version of ones password is not the preferred type updates it to enhance the security of the hashed password when someone logs in.

https://github.com/sour-is/go-passwd/blob/main/passwd_test.go#L33-L59

I made a thing. Its a multi password type checker. Using the PHC string format we can identify a password hashing format from the prefix $name$ and then dispatch the hashing or checking to its specific format.

git-bug

Distributed, offline-first bug tracker embedded in git, with bridges

Interesting!

it uses the queries you define for add/del/set/keys. which corrispond to something like INSERT INTO <table> (key, value) VALUES ($key, $value), DELETE ..., or UPDATE ...

the commands are issued by using the maddycli but not the running maddy daemon.

see https://maddy.email/reference/table/sql_query/

the best way to locate in source is anything that implements the MutableTable interface… https://github.com/foxcpp/maddy/blob/master/framework/module/table.go#L38

Progress! so i have moved into working on aggregates. Which are a grouping of events that replayed on an object set the current state of the object. I came up with this little bit of generic wonder.

type PA[T any] interface {
	event.Aggregate
	*T
}

// Create uses fn to create a new aggregate and store in db.
func Create[A any, T PA[A]](ctx context.Context, es *EventStore, streamID string, fn func(context.Context, T) error) (agg T, err error) {
	ctx, span := logz.Span(ctx)
	defer span.End()

	agg = new(A)
	agg.SetStreamID(streamID)

	if err = es.Load(ctx, agg); err != nil {
		return
	}

	if err = event.NotExists(agg); err != nil {
		return
	}

	if err = fn(ctx, agg); err != nil {
		return
	}

	var i uint64
	if i, err = es.Save(ctx, agg); err != nil {
		return
	}

	span.AddEvent(fmt.Sprint("wrote events = ", i))

	return
}

fig. 1

This lets me do something like this:

a, err := es.Create(ctx, r.es, streamID, func(ctx context.Context, agg *domain.SaltyUser) error {
		return agg.OnUserRegister(nick, key)
})

fig. 2

I can tell the function the type being modified and returned using the function argument that is passed in. pretty cray cray.

Hi, I am playing with making an event sourcing database. Its super alpha but I thought I would share since others are talking about databases and such.

It’s super basic. Using tidwall/wal as the disk backing. The first use case I am playing with is an implementation of msgbus. I can post events to it and read them back in reverse order.

Image

I plan to expand it to handle other event sourcing type things like aggregates and projections.

Find it here: sour-is/ev

@prologic@twtxt.net @movq@www.uninformativ.de @lyse@lyse.isobeef.org

https://github.com/tsale/translated_conti_leaked_comms

Will have to take a look at Gogs. Ideally wanting it to be easy to have the same ease-of-use to setup a web page as Github and Gitea.

One year ago to the date I made the lastest update for #phpub2twtxt to github and now 365 days later I have published #pixelblog as its successor - lets see where things are going for trip around the sun

Image

For the Wordle players around here (@lyse@lyse.isobeef.org, @xuu@txt.sour.is, @movq@www.uninformativ.de), and for those moments in which you rather cheat, than lose: https://github.com/KevinXuxuxu/wordle_machine. 😂

Hey. I my own local forward tool. https://github.com/JonLundy/sshfwd it uses ssh port forwards.

No on gitlab. If its self hosted gitea is best in class.

I can see hosting a mirror on github if only for the redundancy/visibility. Some projects will host but then direct contributions on their self host. Like Go does.

I would suggest using a vanity domain that can redirect tools like go get to hosting of choice. And not require rewriting all the packages any time it gets moved.

🤔 👋 Reconsidering moving Yarn.social’s development back to Github: Speaking of which (I do not forget); @fastidious@arrakis.netbros.com and I were discussing over a video call two nights ago, as well as @lyse@lyse.isobeef.org who joined a bit later, about the the whole moved of all of my projects and their source code off of Github. Whilst some folks do understand and appreciate my utter disgust over what Microsoft and Copilot did by blatantly scraping open source software’s codebases without even so much as any attempt at attribution or respecting the licenes of many (if not all?) open source projects.

That being said however, @fastidious@arrakis.netbros.com makes a very good and valid argument for putting Yarn.social’s codebases, repositories and issues back on Github for reasons that make me “torn” over my own sense of morality and ethics.

But I can live with this as long as I continue to run and operate my new (yet to be off the ground) company “Self Hosted Pty Ltd” and where it operates it’s own code hosting, servicesa, tools, etc.

Plese comment here on your thoughts. Let us decide togetehr 🤗

#yarnsocial #github #opsnsource #copilot #microsoft

Everybody is building one because, you know, why not? Why I built my own static site generator.

using this as the service: https://github.com/JonLundy/sshfwd

@niplav@niplav.github.io bigwor~1

@mckinley@twtxt.net @prologic@twtxt.net I have updated the ticket with my findings.. its not what you expect! /clickbait https://github.com/jointwt/twtxt/issues/424

@prologic@twtxt.net I would to build a Chinese version, have you considered supporting different languages? I translated a README file.

this is beautiful https://github.com/shinh/sedlisp

mm yeah newlines without unicode is much better https://github.com/jointwt/twtxt/issues/215

seems like the \u2028 approach breaks some clients, maybe i will try another way https://github.com/jointwt/twtxt/pull/166

@prologic@twtxt.net You may be interested in https://github.com/u-root/u-root (I work with a contributor).

Hey @xuu@txt.sour.is another mention that didn’t render ☝️

@thewismit@twtxt.psynergy.io Hey! It’s easy. Just install the twt CLI with something like:

go get github.com/jointwt/twtxt/cmd/twt/...

Then use it in some hooks/scripts to post some content to your Pod.

@prologic@twtxt.net @jlj@twt.nfld.uk @thewismit@twtxt.psynergy.io https://gist.github.com/JonLundy/fb2a23c003be46c3a66e4b14e5971f13

@jlj@twt.nfld.uk @thewismit@twtxt.psynergy.io Custom Pod Logos are now available with PR 358 🎉 if you’d like to checkout this PR on your pods and recompile and let me know how it goes that would be swell 👌

@prologic@twtxt.net deedum for android.

Kristall for OS X

Elaho for iOS

more here

though I can only vouch for the first two.

Woohoo, #phpub2twtxt - my php interface for publishing to my selfhosted twtxt.txt is now online at GitHub

@vain@www.uninformativ.dedd @lyse@lyse.isobeef.orgdd @prologic@twtxt.netdd Nope.. i have updated my gist to include the feeds listing. feeds.txt

@prologic@twtxt.netd It is pretty basic, and depends on some local changes i am still working out on my branch.. https://gist.github.com/JonLundy/dc19028ec81eb4ad6af74c50255e7cee

@prologic@twtxt.net https://github.com/JonLundy/twtxt/tree/xuu/integrate-lextwt I made a stats command for the new parser that extracts a bunch of info about a twtxt file. run like: go run ./cmd/stats https://twtxt.net/user/prologic/twtxt.txt

@prologic@twtxt.net as promised! https://github.com/JonLundy/twtxt/blob/xuu/integrate-lextwt/types/lextwt/lextwt_test.go#

the lexer is nearing completion.. the tough part left is rooting out all the formatting code.

@xuu@txt.sour.is @adi@twtxt.net Private Messaging is finally done in the messages_poc_2 branch. If you have time to have a look and play with it locally and test it out that would be great. The plan is to release this as the first version which only supports “on-pod messaging” right now (cross-pod to come later).

@prologic@twtxt.net one.. kinda sorta option would be to tailor a workflow for each of the archs.. see https://github.com/JonLundy/twtxt/runs/1568071072?check_suite_focus=true

@prologic@twtxt.net have you tried using the macos github build environment? looks like they have a windows one too.