A car traveling East on the 520 trail by 130th Ave NE in November 2023
Here's a photo I took in November 2023 on the 520 trail, by 130th Ave NE, just 1 mile from where the original video was taken.
Node.js is moving to one major release per year starting with Node 27! ๐
โ
Simpler: Every release becomes LTS.
โ
Predictable: Version numbers now align with the year.
โ
New: A 6-month Alpha channel for early testing.
https://bit.ly/4rnosLg
Can you beat drinkable mayonnaise?
I had this in Tokyo last year. I love mayonnaise, but this was too much ๐คข
www.foodrepublic.com/1789786/drin...
The 7 minute Irish animation that is nominated for an Oscar. Worth a watch. #SpeirGorm
Too much Ram, not enough Dodge
I know this country is addicted to cars but it genuinely is so much better when youโre not in a car.
People were not made to isolate themselves in private mobile living rooms. When thereโs not a literal wall separating you, it turns out a lot of people are friendly.
@howsmydrivingsea.bsky.social BWV8951
Routle - King County Metro
02/27/2026
๐ฅ ๐ฅ ๐ฅ ๐ฅ ๐ฅ
www.routle.city/king_county_...
Hot take: package provenance (npm, pypi, etc.) should be a one-way street.
You should have to bump a major version to publish without it.
Routle - King County Metro
02/26/2026
๐ฉ โฌ โฌ โฌ โฌ
www.routle.city/king_county_...
Routle - King County Metro
02/25/2026
๐ฅ ๐ฉ โฌ โฌ โฌ
www.routle.city/king_county_...
I reserve that for when I boop my orca card
info.myorca.com/news/meet-bo...
Even better: 1ES has been explicitly asked to WFH the whole week before because they're moving us from B18 to B17
A dependabot PR updating idunno.Bluesky from 1.5.0 to 1.6.0
Skill issue
Come, Sir Andrew, thereโs no remedy
Squidward watching SpongeBob and Patrick running meme
Me Eagerly awaiting Judkins Park Station opening
It's a pain, but I've had good success with Elgato's mounts
www.elgato.com/us/en/s/mult...
A false positive, technically. But a provenance gap got caught, the maintainer fixed their workflow, and downstream users get properly attested packages. I'll take it!
GitHub issue tighten/ziggy#871 @JamieMagee: v2.6.0 is the first release in a while without provenance attestation on npm: npmjs.com/package/ziggy-js?activeTab=versions Looks like the Publish workflow run for v2.6.0 failed, so I'm guessing the package was published manually without --provenance. All prior versions (2.5.3, 2.5.2, etc.) have it. Not a security issue, just a heads-up. Tools like Dependabot have started flagging when attestation disappears between versions, so downstream users may see warnings on this release. Worth re-publishing 2.6.0 with npm publish --provenance from CI, or just making sure 2.6.1+ goes through the workflow again. @bakerkretzmar: Thanks a lot for flagging this! Can't remember why the release workflow failed but yeah I published 2.6.0 manually so that's why it's missing. Can't re-publish but will make sure 2.6.1 works, I'll leave this open until then. @bakerkretzmar: Fixed, after several attempts ๐ @JamieMagee: Thank you!
Looked into it and it wasn't malicious. Their CI publish workflow had failed, so the maintainer published v2.6.0 manually and forgot --provenance. Opened an issue, they said thanks for the heads up, and shipped v2.6.1 through CI with provenance restored.
npm version history of ziggy-js. Version 2.6.1 and 2.5.3 have a green checkmark, version 2.6.0 doesn't.
Shipped it on Thursday. By Friday it had already flagged something: ziggy-js v2.6.0 published without provenance. Every version back to v1.8.2 had one. Here we go, I thought.
The eslint-config-prettier compromise last year had a tell: the malicious versions were published to npm without provenance attestation, while the legit ones all had it. So I added a check to Dependabot that warns when a package loses its provenance between updates.
Built a Home Assistant integration for Specialized Turbo e-bikes. Battery health, motor power, speed, cadence, odometer, etc. All over Bluetooth, all local. Works with 2017+ models with TCU. Install via HACS.
#HomeAssistant #ebike #BLE #SmartHome
github.com/JamieMagee/ha-specialized-turbo
I cycle over the I90 bridge daily for my commute, and there is no better advertisement for the 2 Line than seeing the train sail past bumper to bumper traffic.
$ go install golang.org/dl/go1.26.0@latest $ go1.26.0 download Downloaded 0.0% ( 0 / 63102509 bytes) ... Downloaded 50.0% (31551254 / 63102509 bytes) ... Downloaded 100.0% (63102509 / 63102509 bytes) Unpacking go1.26.0.openbsd-arm64.tar.gz ... Success. You may now run 'go1.26.0' $ go1.26.0 version go version go1.26.0 openbsd/arm64
๐ Go 1.26.0 is released!
๐๏ธ Release notes: https://go.dev/doc/go1.26
โฌ๏ธ Download: https://go.dev/dl/#go1.26.0
#golang
TypeScript 6.0 beta is now published!
This release brings
- inference improvements for functions
- updates to package.json 'imports'
- the Temporal APIs
- alignments for the upcoming TypeScript 7.0
- & more!
Try it today!
devblogs.microsoft.com/typescript/a...
๐
Dependabot now supports OIDC authentication
https://github.blog/changelog/2026-02-03-dependabot-now-supports-oidc-authentication
The Dependabot Proxy is now open source with an MIT license
https://github.blog/changelog/2026-02-03-the-dependabot-proxy-is-now-open-source-with-an-mit-license
๐ PASSWORDS? WHERE WE'RE GOING WE DON'T NEED PASSWORDS ๐
STRAP IN SECURITY FANS: Dependabot just learned how to authenticate WITHOUT storing secrets, and your security team is about to ugly-cry with joy! ๐ญ๐
OIDC SUPPORT HAS LANDED!
github.blog/changelog/20...
