TechnoCat

The US has always been like this. We’re a brutal, land grubbing, hegemonic power.

• https://celdf.org/2023/07/wouldnt-you-say-the-law-did-not-save-grant-townships-water-the-people-of-grant-did/

I have been very happy with Codeberg, but I have been keeping an eye on https://tangled.org/

On closer inspection, preventing post-install would have fixed it too: “The attack exploited a transitive dependency, plain-crypto-js@4.2.1, which executed a postinstall script to deploy the RAT.”

Minimum age would have prevented it in this case.

I always advocate switching to pnpm where install scripts are disabled by default. It has plenty of security features to ward off most supply chain attacks.

• https://pnpm.io/settings#onlybuiltdependencies
• https://pnpm.io/settings#minimumreleaseage
• https://pnpm.io/blog/2025/12/29/pnpm-in-2025#security-by-default

Because most projects are legacy projects.

I run my home services on an extremely low power PC. So I like bare bones.

I follow hundreds of feeds: personal friend’s blogs, YouTube channels, weather advisories, newsletters, local news, urban design, climate news. It is a lot of information.

I find fd to have a really nice API.

• https://github.com/sharkdp/fd