The webcomics is awful. It feels off, the characters look very fake, unsettling in the way they communicate. The prompt is shown bellow the image, but for me the result looks closer to a prompt "Create lifeless characters reciting marketing slop. They must fake an over exaggerated excitement but it should be clear they don't believe in what they're saying and have no souls".
Also, the prompt specifically ask "Panel 4 should show the cat and dog high-fiving" but the cat is high-fiving ... the cat. Personally I find this hallucinated plot twist good, it makes the ending a bit better. Although technically this is demonstrating a failure of the tool to follow the instructions from the prompt. Interesting choice of example for an official announcement.
It’s more than visual preferences — his image actually adheres to the specified requirements. it hasn’t been shown that Imagen can do that, which might be a showstopper for many people, regardless of aesthetics.
Because the strategy of changing brand after a scandal works so well, it's good to add some precision here, for those who may not know: Facebook changed its name to Meta after a huge public backlash, the Cambridge Analytica scandal [0]
What was once a scandal in 2018 became common place. In 2018, targeting citizens with tailored messages to influence them was considered wrong. We had a different conception of "How we should make up our minds to choose our leaders" (it's still the case in some parts of Western Europe, where there are more regulations regarding elections, such as a ceiling for how much candidates can spend in marketing campaigns). Nowadays, we have Elon Musk directly involved in politics, who incidentally happen to possess all the data he bought with Twitter, and now tons of sensitive data he rushed to harness from government agencies during his short time in DOGE. Since he didn't shy away from directly paying people to vote for his candidates, it's hard to believe he would have the ethical restraint to not use this data and his social network to organize extremely precise and effective targeted manipulation campaigns to further his personal agenda.
Unfortunately, the unchecked (unregulated) use of personal data for massive manipulation is considered "inevitable" (i has been for decades). So much that we now comment about the word "inevitability" itself, and whether LLMs are "inevitably good at coding", completely brushing aside the most important, the main social issues LLMs can cause, such as: their biases (reinforcing fake news, or stereotypes), who train the model, what ads they will show in the near future, how they will be used for influencing people, how they will be used in drones, which humans in the loop, what guardrails, for whose interest, how will it be used in troll farm, how is it compatible with democracy, how (or if) the economics gains of this technology will be redistributed, ...
> This is why I avoid using non-official actions where possible and always set a version for the action.
Those are good practices. I would add that pinning the version (tag) is not enough, as we learnt with the tj-actions/changed-files event. We should pin the commit sha.[0]. Github states this in their official documentation [1] as well:
> Pin actions to a full length commit SHA
> Pin actions to a tag only if you trust the creator
> which GitHub goes to extents to document GitHub Actions policies as applying to `uses:` clauses
If it were phrased like this then you would be right. The docs would give a false sense of security, would be misleading. So I went to check, but I didn't find such assertion in the linked docs (please let me know if I missed it) [0]
So I agree with the commenter above (and Github) that "editing the github action to add steps to download a script and running" is not a fundamental flaw of this system designed to do exactly that, to run commands as instructed by the user.
Overall we should always ask ourselves: what's the threat model here? If anyone can edit the Github Action, then we can make it do a lot of things, and this "Github Action Policy" filter toggle is the last of our worry. The only way to make the CI/CD pipeline secure (especially since the CD part usually have access to the outside world) is to prevent people from editing and running anything they want in it. It means preventing the access of users to the repository itself in the case off Github Actions.
I suppose there's room for interpretation here, but I think an intuitive scan of "Allowing select actions and reusable workflows to run" is that the contrapositive ("not allowed actions and reusable workflows will not run") also holds. The trick in the post violates that contrapositive.
I think people are really getting caught up on the code execution part of this, which is not really the point. The point is that a policy needs to be encompassing to have its intended effect, which in the case of GitHub Actions is presumably to allow large organizations/companies to inventory their CI/CD dependencies and make globally consistent, auditable decisions about them.
Or in other words: the point here is similar to the reason companies run their own private NPM, PyPI, etc. indices -- the point is not to stop the junior engineers from inserting shoddy dependencies, but to know when they do so that remediation becomes a matter of policy, not "find everywhere we depend on this component." Bypassing that policy means that the worst of both worlds happens: you have the shoddy dependency and the policy-view of the world doesn't believe you do.
That's what I understood as well. Also, the author mentions:
> The installation succeeded, but the system would panic during boot. *Bhyve is more of a niche thing and not among the hypervisors supported by NetBSD*, [...]
I am guessing what he meant was rather "the support of NetBSD (as a guest OS) by the hypervisor Bhyve", because Bhyve is an hypervisor running on FreeBSD. Given the other posts on the blog, it would not be surprising if the author was daily driving FreeBSD while doing this experiment, and Bhyve is well maintained and probably the best fit in the BSD world for this. I don't even know if OpenBSD's vmm can virtualize something else than OpenBSD.
> Q: What VM operating systems does bhyve support?
> A: bhyve supports any version of FreeBSD i386/amd64. OpenBSD, NetBSD, illumos and GNU/Linux are supported using the UEFI and the sysutils/grub2-bhyve port.
The author wrote another blog post "Geoblocking the UK with Debian & Nginx"[0]. It's a short tutorial to do exactly as the title says, so it looks like the author did apply this configuration and intentionally want to geoblock the UK for compliance reasons, or maybe as a statement. The blog post has a link to https://geoblockthe.uk
With aider and Gemini Pro 2.5 at least I constantly have to fight against it to keep it focused on a small task. It keeps editing other parts of the file, doing small "improvements" and "optimizations" and commenting here and there. To the point where I'm considering switching to a graphical IDE where the interface would make it easier to accept or dismiss parts of changes (per lines/blocks, as opposed to a per file and per commit approach with aider).
Would you mind sharing more about your workflow with aider? Have you tried the `--watch-files` option? [0] What makes the architect mode [1] way better in your experience?
I use o3 with architect mode for larger changes and refactors in a project. It seems very suited to the two-pass system where the (more expensive) "reasoning" LLM tells the secondary LLM all the changes.
For most of the day I use Gemini Pro 2.5 in non-architect mode (or Sonnet when Gemini is too slow) and never really run into the issue of it making the wrong changes.
I suspect the biggest trick I know is being completely on top of the context for the LLM. I am frequently using /reset after a change and re-adding only relevant files, or allowing it to suggest relevant files using the repo-map. After each successful change if I'm working on a different area of the app I then /reset. This also purges the current chat history so the LLM doesn't have all kinds of unrelated context.
As for C, the "suitable" subset really depends what we expect from a browser. In my experience, I was forced to use a Chrome based browser only for work, because mostly for google web apps (Google Cloud and Google Meet come to mind). For browsing the small web, I'm sure smaller browsers can work well. I tried some, but was usually put off because of the lack of adblockers, and I also quickly miss the element picker zapper feature of the ublock origin extension.
I've been using eza (and exa before it) for a long time, but only for the pretty and colored output. I didn't even know about the git support! I now added the --git flag to my alias and will try it out. Thank you!
I also think the taskbar showing only icons is confusing when we have the same app opened multiple time. I have a similar organization as you for work: a Firefox window on desktop 10 for Calendar, Mail, another on desktop 9 for company Chat, another (main) window on desktop 1, another on desktop 2 for a different project, ... By default on Gnome they would be all grouped into 1 Firefox icon. We can change the settings to not group apps, but a bunch of Firefox icons next to each others doesn't help either.
I recently discovered in the Fluxbox edition of MX Linux the taskbar Tint2. It was configured in a way that split the taskbar into dedicated and fixed workspace areas. It's an efficient way to see quickly what app is on which desktop, and clicking on one app will bring me to the desktop where the app is. I can also move apps to different desktop with the mouse by dragging them in the bar (for instance drag terminal of desktop 2 in desktop 3 next to the file browser opened there).
I currently use this taskbar with Openbox, but it should work with other DE/WMs. It has some bugs in some edge-cases so it's not perfect, but I like the concept.
I went on a quest to configure the same behavior on different DEs. I couldn't reproduce it with the default bars of Budgie, Cinamon, Gnome, Mate. KDE was the only one where I was close to achieve this. In the default KDE bar, it's possible to sort the apps by their workspaces. But it only sorts them, it doesn't split clearly by static desktops like you can do in Tint2. Still, KDE showed once again it was one of the most customizable :)
What I understand is that people that use multiple desktops they do because they might have 2 apps not fully maximized in desktop 1, another 3 in desktop 2, etc. But for me, I have maximized maximized apps 99.9% of the time, so I can not see and advantage on alt-tab to another app vs shift-alt-tab (or whatever the option) to switch desktops. Or am I missing somthing here?
For me, a desktop is a logical group of programs for something I'm working on, not necessarily a specific layout of non-maximized programs. This also allows for less pollution of programs when Alt+Tabbing, which you might benefit from.
In the desktop-centric organization, many people also have 1 app per workspace most of the time (I think). In a tiling WM, the app will take the full screen estate if it's alone there, so it's also maximized.
The difference with alt+tab is that switching to another workspace (which represents a window if the workspace has only one app) is deterministic, given the right keybindings setup and if we have some habits regarding the placing of windows.
So 99% of the time I have the same placement of windows in workspaces. At the very least my main Firefox on destkop 1, Code Editor on desktop 2, a terminal (related to my coding task) on desktop 3, and then things get more "dynamic", maybe some extra term or other stuff I may need for my task on desktop 4, 5, ... With the bindings Super+<number> (number row on top of the keyboard), I jump directly to my workspaces(windows). With my left hand I hit Super+1 and it will always show Firefox, Super+2 vim, etc...
I prefer it to cycling through alt+tab, hitting Tab multiple times until I find my window. Here's an example of a flow I was doing just earlier today:
win+2 (editor) : I edit code
win+3 (term1) : run command to build or run tests or deploy...
win+1 (firefox) : refresh the app I just built, click somewhere, test...
win+3 (term1) : see that the build actually failed
win+4 (term2) : check a quick solution in another term, use a CLI tool, do some tests in a repl...
win+2 (editor) : fix code
win+3 (term1) : build
win+1 (firefox) : refresh, prepare the page (input some text or something, ready to click a button)
win+3 (term1) : check if build finished
win+1 (firefox) : click the page button to test my change
The idea is that each time I switch to a different desktop/window, I just go there directly, without thinking, as I know where they are. The example I gave is the natural way I use my computer (with i3 or dwm, but can be configured with KDE, Cinamon...), so it's not a far fetched example at all (in my case). Switching back and forth is extremely fast that way. A long time ago, a colleague even told me I was a bit hard to follow when in pair programming sessions so now I try to slow down a bit. With Alt+Tab it's not as smooth, as we'd have to cycle through 4 windows. With the default implementation of most alt+tab out there, it's the opposite of deterministic, there's some logic (that I never fully understood) to go back to the windows in the order of last used/focused windows. But I know that in KDE at least it's possible to configure the behavior of alt+tab to make it loop in a "dumb" predictive way (1->2->3->4->1->2...), so in the end, it's again just a matter of personal preference.
If the bindings were less optimized (shift+alt+<number> or something) it would get uncomfortable to use. I use the Super modifier ("Windows logo" key) as the basis for all shortcuts related to my WM, so it doesn't conflict with the shortcuts reserved by the apps themselves (apps may interpret the modifiers Alt, Option, Shift, but not Super). It's a bit of finger-stretching to reach desktops higher than 5 on the number row, and at some point I need my right hand, but it works fine for me.
You're also correct that workspaces allow for more windows (very useful the 1% of the time I need it), and in that regard a workspaces organization is not comparable to a alt+tab based flow.
Also, the prompt specifically ask "Panel 4 should show the cat and dog high-fiving" but the cat is high-fiving ... the cat. Personally I find this hallucinated plot twist good, it makes the ending a bit better. Although technically this is demonstrating a failure of the tool to follow the instructions from the prompt. Interesting choice of example for an official announcement.