The 7 minute Irish animation that is nominated for an Oscar. Worth a watch. #SpeirGorm
10.03.2026 00:11
👍 1368
🔁 337
💬 64
📌 38
The 7 minute Irish animation that is nominated for an Oscar. Worth a watch. #SpeirGorm
Too much Ram, not enough Dodge
I know this country is addicted to cars but it genuinely is so much better when you’re not in a car.
People were not made to isolate themselves in private mobile living rooms. When there’s not a literal wall separating you, it turns out a lot of people are friendly.
@howsmydrivingsea.bsky.social BWV8951
Routle - King County Metro
02/27/2026
🟥 🟥 🟥 🟥 🟥
www.routle.city/king_county_...
Hot take: package provenance (npm, pypi, etc.) should be a one-way street.
You should have to bump a major version to publish without it.
Routle - King County Metro
02/26/2026
🟩 ⬛ ⬛ ⬛ ⬛
www.routle.city/king_county_...
Routle - King County Metro
02/25/2026
🟥 🟩 ⬛ ⬛ ⬛
www.routle.city/king_county_...
I reserve that for when I boop my orca card
info.myorca.com/news/meet-bo...
Even better: 1ES has been explicitly asked to WFH the whole week before because they're moving us from B18 to B17
A dependabot PR updating idunno.Bluesky from 1.5.0 to 1.6.0
Skill issue
Come, Sir Andrew, there’s no remedy
Squidward watching SpongeBob and Patrick running meme
Me Eagerly awaiting Judkins Park Station opening
It's a pain, but I've had good success with Elgato's mounts
www.elgato.com/us/en/s/mult...
A false positive, technically. But a provenance gap got caught, the maintainer fixed their workflow, and downstream users get properly attested packages. I'll take it!
GitHub issue tighten/ziggy#871 @JamieMagee: v2.6.0 is the first release in a while without provenance attestation on npm: npmjs.com/package/ziggy-js?activeTab=versions Looks like the Publish workflow run for v2.6.0 failed, so I'm guessing the package was published manually without --provenance. All prior versions (2.5.3, 2.5.2, etc.) have it. Not a security issue, just a heads-up. Tools like Dependabot have started flagging when attestation disappears between versions, so downstream users may see warnings on this release. Worth re-publishing 2.6.0 with npm publish --provenance from CI, or just making sure 2.6.1+ goes through the workflow again. @bakerkretzmar: Thanks a lot for flagging this! Can't remember why the release workflow failed but yeah I published 2.6.0 manually so that's why it's missing. Can't re-publish but will make sure 2.6.1 works, I'll leave this open until then. @bakerkretzmar: Fixed, after several attempts 😅 @JamieMagee: Thank you!
Looked into it and it wasn't malicious. Their CI publish workflow had failed, so the maintainer published v2.6.0 manually and forgot --provenance. Opened an issue, they said thanks for the heads up, and shipped v2.6.1 through CI with provenance restored.
npm version history of ziggy-js. Version 2.6.1 and 2.5.3 have a green checkmark, version 2.6.0 doesn't.
Shipped it on Thursday. By Friday it had already flagged something: ziggy-js v2.6.0 published without provenance. Every version back to v1.8.2 had one. Here we go, I thought.
The eslint-config-prettier compromise last year had a tell: the malicious versions were published to npm without provenance attestation, while the legit ones all had it. So I added a check to Dependabot that warns when a package loses its provenance between updates.
Built a Home Assistant integration for Specialized Turbo e-bikes. Battery health, motor power, speed, cadence, odometer, etc. All over Bluetooth, all local. Works with 2017+ models with TCU. Install via HACS.
#HomeAssistant #ebike #BLE #SmartHome
github.com/JamieMagee/ha-specialized-turbo
I cycle over the I90 bridge daily for my commute, and there is no better advertisement for the 2 Line than seeing the train sail past bumper to bumper traffic.
$ go install golang.org/dl/go1.26.0@latest $ go1.26.0 download Downloaded 0.0% ( 0 / 63102509 bytes) ... Downloaded 50.0% (31551254 / 63102509 bytes) ... Downloaded 100.0% (63102509 / 63102509 bytes) Unpacking go1.26.0.openbsd-arm64.tar.gz ... Success. You may now run 'go1.26.0' $ go1.26.0 version go version go1.26.0 openbsd/arm64
🎆 Go 1.26.0 is released!
🗒️ Release notes: https://go.dev/doc/go1.26
⬇️ Download: https://go.dev/dl/#go1.26.0
#golang
TypeScript 6.0 beta is now published!
This release brings
- inference improvements for functions
- updates to package.json 'imports'
- the Temporal APIs
- alignments for the upcoming TypeScript 7.0
- & more!
Try it today!
devblogs.microsoft.com/typescript/a...
👀
Dependabot now supports OIDC authentication
https://github.blog/changelog/2026-02-03-dependabot-now-supports-oidc-authentication
The Dependabot Proxy is now open source with an MIT license
https://github.blog/changelog/2026-02-03-the-dependabot-proxy-is-now-open-source-with-an-mit-license
🔐 PASSWORDS? WHERE WE'RE GOING WE DON'T NEED PASSWORDS 🔐
STRAP IN SECURITY FANS: Dependabot just learned how to authenticate WITHOUT storing secrets, and your security team is about to ugly-cry with joy! 😭🎉
OIDC SUPPORT HAS LANDED!
github.blog/changelog/20...
🚨CODE RED (BUT LIKE A GOOD RED): WE JUST OPEN SOURCED THE DEPENDABOT PROXY🚨
Attention Dependabot fans and security nerds: The Dependabot Proxy just escaped from its private repo and is now LOOSE ON THE INTERNET under the MIT license!
github.com/dependabot/p...
close up of Rapid Ride logo on a G Line bus in Seattle
🚌 Today is the first time Seattle transit riders can pay the fare with a credit card or smartphone
The new feature launches on Rapid Ride G, and will be rolled out across the bus system in the coming weeks
📲 I wish I was in Seattle this week to try it out!
🙋♂️ Give it a try & tell me about it here
There is no better advert for the 2 Line than seeing it fly past bumper to bumper traffic on the I-90 bridge.
