A critical vulnerability, named BatBadBut, was discovered in the Rust programming language, affecting not just Rust but also Erlang, Go, Python, Ruby, and potentially others. This vulnerability, with a severity score of 10/10, could allow attackers to execute arbitrary commands on Windows systems by exploiting how Rust handles batch files. The issue arises from Rust's standard library improperly escaping arguments when invoking batch files on Windows, leading to potential command injection. The vulnerability has been addressed with a fix in Rust version 1.77.2, which developers are urged to update to. Other programming languages and systems, including Node.js, PHP, and Java, are also affected and are working on patches.
As I've noticed it's #PortfolioDay and have seen some wonderful artwork posted by people, as a programmer, I'd like to share a project I made, a command line time tracker with the purely textual interface.
Since I spent a good deal of time designing the textual output and UX I figure it's akin to art.
The interface is natural language input of times and dates representing when you start and end tasks.
Completed setup of a #refurbed small Windows PC today and remoted into it from my MacBook to #debug some #nodejs code that was failing its windows tests on GitHub Actions
Is almost 20 years since Windows was my primary dev machine – it feels so alien nowadays when all my dev work is centered around git and cli-tools
Ever worked on #nodejs projects locally and wished for a more standardized, production-like experience for your team? Try @ddev! I walk you through setting your local up with #docker#containers in my latest article on @lullabot
A cybersecurity researcher finds that 20% of software packages recommended by GPT-4 are fake, so he builds one that 15,000 code bases already depend on, to prevent some hacker from writing a malware version.
Disaster averted in this case, but there aren't enough fingers to plug all the AI-generated holes 😬
Four months ago, I created a Bluesky account to play around this the API and managed to create a simple node script to post a status to it. I wasn’t able to figure out how to get it to work with IFTTT, though. This week, I spun up a Pipedream workflow to try to post an announcement when a new blog post goes up.
So I just saw a PR for a Node.js project, where the developer had used an npm command I'm unfamiliar with.. or at least, I didn't know of:
npm clean-install
Now, I'm familiar with npm ci, but I had absolutely no idea that the alias of npm clean-install existed. I didn't even realise that's what "ci" stood for "clean install”.
I always thought npm ci meant “the npm command you wanna run in CI environments”