@spuxx.bsky.social
Software engineer at DB, the german public railway company. Used to be a biologist and radio guy. Into making music, video games, software dev and other nerd stuff.
Oh god when did we hit 2026
07.01.2026 15:42 β π 0 π 0 π¬ 0 π 0This would be so hilarious if it weren't 2025.
07.01.2026 15:41 β π 0 π 0 π¬ 1 π 0I use both. I always do conventional commits, it's just muscle memory by now.
I use release-please to automate releasing and versioning on small or even one-person projects.
Beyond that, I agree that cc-based changelogs are utter trash (and this is wher changesets shines).
I'm guessing the launcher (BattleNet) is the annoying part here not the game binary itself, right?
21.12.2025 15:11 β π 0 π 0 π¬ 1 π 0Quick Google search indicates it should run on Proton just fine: news.ycombinator.com/item?id=4178...
21.12.2025 08:36 β π 1 π 0 π¬ 1 π 0I love how @venustheory.bsky.social has a bluesky account with 1k followers but doesn't give a shit about it lol
19.12.2025 09:53 β π 1 π 0 π¬ 1 π 0Ah I got those confused then. I neither knew about vlt nor heard about anthropic buying bun. Thanks!
02.12.2025 22:52 β π 1 π 0 π¬ 0 π 0Damn that's harsh lol. But back to my original question, why do we need vlt when we already don't have a lack of competing JS runtimes?
02.12.2025 22:49 β π 1 π 0 π¬ 1 π 0I did but it didn't really get me fired up tbh. What makes deno stand out is not being a faster runtime but moving a lot of the paradigms forward that we've come to accept in the ecosystem. It gets rid of a lot of technical debt.
02.12.2025 22:33 β π 0 π 0 π¬ 1 π 0Completely missed the memo on this one. What does it offer over, say, deno?
02.12.2025 22:26 β π 0 π 0 π¬ 1 π 0What I said could be misread, so I better clarify: While trusted publishing itself does not prohibit manual publishing, since Shai-Hulud npm really nudges you towards enabling it and disabling manual publishing alltogether. They now also limit token lifetime to 3 months, increasing friction.
01.12.2025 08:30 β π 0 π 0 π¬ 0 π 0Yeah, might be. :) If e.g. your CI/CD pipeline includes a human element in the form of "you gotta press this button to create a release", which proper setups will usually have, this shift indeed introduces the requirement for human interaction. But it all depends on how the repo is set up.
01.12.2025 08:06 β π 1 π 0 π¬ 0 π 0Also, love the work you guys do. Always one of my week's highlights. β€οΈ
01.12.2025 07:59 β π 0 π 0 π¬ 0 π 0If the repository's CI/CD and permissions is set up properly it'll be much harder to publish malicious payload now. Of course that's a big "if" right there but making it harder for authors to yolo a release of a widely adopted package is a good thing in a lot of ways.
01.12.2025 07:57 β π 1 π 0 π¬ 2 π 0Since supply chain attacks like that rely on fetching tokens locally from the dev machines, removing that attack vector is pretty smart IMO. Nowadays there's little reason for package authors to have the ability to manually publish anyways, especially if they maintain popular packages. 3/x
01.12.2025 07:54 β π 1 π 0 π¬ 1 π 0They now push authors to use what they call "trusted publishing" which essentially removes the ability to manually publish a package entirely and moves the authority to publish exclusively to CI/CD pipelines. If you consider what Shai Hulud did, you'll notice this is actually a good idea. 2/x
01.12.2025 07:52 β π 1 π 0 π¬ 2 π 0@patrick.risky.biz Hey Pat, listening to the recent episode of Risky Biz right now and wanted to offer a minor correction regarding npm/shai hulud.
Adam mentioned that npmjs.com was introducing a human factor to the publishing process, but the opposite is actually the case. 1/x
What do you mean by chore? π I linked my github action to npm once and now I never have to worry about rotating tokens again. π₯°
28.11.2025 18:18 β π 1 π 0 π¬ 0 π 0This is gonna be gud.
15.11.2025 16:47 β π 1 π 0 π¬ 0 π 0There's OData: www.odata.org
SAP did make heavy use of it at one time and I think Microsoft too, not sure if they still do
Of all UI frameworks I've worked with, @emberjs.com and @solidjs.com (although quite different in paradigm) just get the the most things right (caution: personal opinion). So happy to see both thriving.
29.10.2025 10:20 β π 3 π 0 π¬ 0 π 0Yeah, they're doing great. The recent addition of a debugger was a game changer for me.
20.10.2025 15:49 β π 1 π 0 π¬ 0 π 0At least as long as you don't plan on publishing manually that is.
12.10.2025 18:40 β π 0 π 0 π¬ 0 π 0
I have yet to set it up myself, but the way I understand it, tokens in trusted publishing are short lived and not handled by us. The traditional long-lived tokens aren't required: docs.npmjs.com/trusted-publ...
12.10.2025 18:38 β π 0 π 0 π¬ 1 π 0Aren't you supposed to use trusted publishing instead?
12.10.2025 12:13 β π 0 π 0 π¬ 1 π 0I can't wrap my head around having to allow port 443 udp someday lol
12.10.2025 09:50 β π 1 π 0 π¬ 0 π 0It's so weird if you wanna do stuff like "chore(deps): Bump version of @foo/bar" because GitHub tries to convert it to a user tag lol
12.10.2025 06:54 β π 6 π 0 π¬ 0 π 0That's huge. π
30.09.2025 17:20 β π 1 π 0 π¬ 0 π 0Someone must have been bored.
17.09.2025 20:53 β π 2 π 0 π¬ 0 π 0Besides OData and json:api, what REST specifications do people use (if they do use one at all)? Doing some research on this topic.
17.09.2025 09:03 β π 0 π 0 π¬ 0 π 0
