With the arrival of Cyber Resilience Act it can be helpful to generate a Software Bill of Materials (SBOM), and to process other to look for known vulnerabilities.

Two open source tools under Apache 2.0 license:

• Syft, for SBOM generation: https://github.com/anchore/syft
• Grype, to process then the SBOM: https://github.com/anchore/grype

A 16 minute read, but great nonetheless

I would prefer activitypub on stuff like this, but its still cool.

Developer experience, concrete examples, contextualized, including flaws/edge of capabilities.

Ideation, Maintenance, Coding, Testing, Debugging, …

Chapters:

• Speaker Introductions
• 00:03:03 - Personal experiences with AI in coding
• 00:14:41 - Updating regular expression engine
• 00:31:39 - AI Assisting in Code Writing and Fixing Mistakes
• 00:34:01 - AI-Driven Regex Capabilities for Uri Templates
• 00:37:59 - Enhancements in Memory Extensions
• 00:44:10 - Discussion about AI handling tasks and upcoming merge
• 00:46:00 - AI creates and handles test cases automatically
• 00:46:57 - AI tackles project tasks, improves efficiency, and handles edge cases

A good look into how it is and can currently be used.

cross-posted from: https://programming.dev/post/31210046

Firefox 139.0 released yesterday, with support for the Temporal JavaScript API.

I explored the API, writing down the most relevant interfaces into a reference or cheat sheet.

It's certainly and finally a thorough API for handling temporal information. Working with zoned datetime across time offsets and time zones can get very confusing, though.

I love how you can work with them though, especially with durations.

console.log(Temporal.PlainDateTime.from('2025-02-05T08:00:00'))

console.log(Temporal.Now.plainDateTimeISO("Europe/Berlin"))

console.log(Temporal.Now.plainDateTimeISO().add('PT2M0.2S').subtract('PT0.5S').since(Temporal.Now.plainDateTimeISO()))

console.log(Temporal.ZonedDateTime.from('2025-02-05T13:57:35.777888[Europe/Berlin]').withTimeZone('Europe/London'))

I learned about Appwrite from the entry in the selfh.st newsletter. It looks like an open source (BSD-3 Clause license) alternative to Google's Firebase and other BaaS platforms:

https://appwrite.io/blog/post/open-source-firebase-alternative

I haven't tried it, but it looks neat

Is anyone aware of any FOSS browser replacement projects? Being a "full stack dev" (feels like a false skill set most of the time) I'm at this point where there are easily enough of us who have struggled with implementing web apps in the various frameworks and tools that essentially all boil down to JavaScript, HTML and CSS.

There's nothing wrong with them individually, but with modern languages and hardware we should be able to make something better. At least in a way to encourage adoption of something better, and I want to contribute to it.

Marketers promote AI-assisted developer tools as workhorses that are essential for today’s software engineer. Developer platform GitLab, for instance, claims its Duo chatbot can “instantly generate a to-do list” that eliminates the burden of “wading through weeks of commits.” What these companies don’t say is that these tools are, by temperament if not default, easily tricked by malicious actors into performing hostile actions against their users.

Researchers from security firm Legit on Thursday demonstrated an attack that induced Duo into inserting malicious code into a script it had been instructed to write. The attack could also leak private code and confidential issue data, such as zero-day vulnerability details. All that’s required is for the user to instruct the chatbot to interact with a merge request or similar content from an outside source.

Title really, but some comments ...

I'm likely to move to Codeberg, and I like the idea of a CI system that I can run locally, without tie-in to a particular code hosting vendor. But why this over e.g. Jenkins, or whatever other systems there are these days? I'm new to Woodpecker.

The comment does well in providing context and arguments.

Lets go back to the closest thing we have for requirements for this editor..Default CLI Editor - Feature Exploration!. This discussion was based on the current state of windows and was not concerned with UNIX.

Being a simple text editor, it should not hallucinate, it should not add text one did not type, it should not change the text that was typed. If the user typed a tab character, it was because the user wanted a tab character. If you want four spaces then type four spaces.

edit should by default work like the original namesake and not hallucinate or add characters that were not typed or make assumptions.

Where do you draw the line on "smart" features? Tab should not add indent spaces? Encoding or newline mechanisms? Determining EOF newline?

I'm trying to figure out what has changed between the previous version of the user agreement and the current one, and the big missing thing is lack of the fallback version definitions and rules. Does this mean Jetbrains no longer offers them?

I came across Nepenthes today in the comments under a post about AI mazes. It has an option to purposefully generate not just an endless pit of links and pages, but also to deterministically generate random, human-like text for those pages to poison the LLM scrapers as they sink into the tarpit.

After reading that, I thought, could you do something similar to poison image scrapers too?

Like if you have an art hosting site, as long as you can get an AI to fall into the tarpit, you could replace all the art it thinks should be there with distorted images from a dataset.

Or just send it to a kind of “parallel” version of the site that replaces (or heavily distorts) all the images but leaves the text descriptions and tags the same.

I realize there’s probably some sort of filter for any automated image scraper that attempts to sort out low quality images, but if one used similar images to the expected content, that might be enough to get through the filter.

I guess if someone really wanted to poison a model, generating AI replacement images would probably be the most effective way to speed up model decay, but that has much higher energy and processing power overhead.

Anyway, I’m definitely not skilled/knowledgeable enough to make this a thing myself even just as an experiment. But I thought you all might know if someone’s already done it, or you might find the idea fascinating.

What do you think? Any better ideas / suggestions for poisoning art scraping AI?

Game Development Tutorials

Intro to Game Development

1. Lukky - Making a Game from Start to Finish (Tutorial)
2. Brackeys - How to make a Video Game - Godot Beginner Tutorial
3. Brackeys - How to program in Godot - GDScript Tutorial

Basic Game Development

4. LegionGame - Juiced Up First Person Character Controller Tutorial - Godot 3D FPS
5. Lukky - Godot 4.0 Third Person Controller Tutorial (2023)
6. Quilled - Import Animations in Godot 4 with Animation Retargeting
7. LegionGame - Design 3D Game Levels From Scratch - Godot 4 Tutorial

Advanced Game Development

8. Chap C. Creates - The First Skill GODOT Beginners Should Learn - State Machine Game Showcase
9. The Shaggy Dev - Starter state machines in Godot 4
10. The Shaggy Dev - Advanced state machine techniques in Godot 4

Basic Game Development (continued)

11. LegionGames - 3D Enemies With Pathfinding and Animations - Godot 4 FPS Tutorial
12. LegionGames - Complete 3D Shooting Mechanics - Godot 4 FPS Tutorial
13. LegionGames - Hitscan Guns, Weapon Switching and Crosshairs - 3D Godot 4 FPS Tutorial
14. LegionGames - Fully Destructible 3D Environments - Godot 4 FPS Tutorial
15. Coco Code - Godot UI QUICKSTART (Ex-Unity friendly guide)
16. DevWom - How to Create a INVENTORY in Godot 4 (step by step)

Game Feel

17. Game Maker's Toolkits - What Makes a Good Combat System?
18. Extra Credits - Open World Design - How to Build Open World Games
19. Razbuten - How Small Open-World Games Feel Big
20. Game Maker's Toolkit - What Makes Good AI?
21. Game Maker's Toolkit - How to Keep Players Engaged (Without Being Evil)
22. Game Maker's Toolkit - Secrets of Game Feel and Juice
23. Game Maker's Toolkit - The mistake every new game developer makes (Developing 2)

cross-posted from: https://lemmy.world/post/30154944