2025 was the year when we saw extreme impact of supply chain attack. npm did something last month to counter this by retiring old auth tokens in favor of a new authentication method they call trusted publishing, it uses OIDC to authenticate automated publishing via CI. but it seems like a rushed decision. poor coordination and incomplete docs. result: many package publishers are stuck and not able to release the updates to their package. It's not been two weeks and we already see almost 2k issues on github, the number will rise exponentially.
This is a novel idea. Somewhere between the extremes of being useful vs being an overkill. More towards overkill because of its dependency on a new app/browser that needs to be installed. But I'm looking forward to more development on this idea, making it a production-ready automation.
Noted. I can see it on the link you shared.
Earlier, I did check until the last page (90+ items) and did not find it. I then checked couple of more times thinking I made mistake. I see that you're using /shownew, I used /show link.
A simple word2vec embedding with continuous bag of words (CBOW) training is enough and beats all other complex solutions at rhe performance as well as cost
If you'll look at the Guidelines for HN linked at the bottom of the page, you'll note that whether a submission is productive is not a criterion.
You could perhaps make an argument that among the flood of AI-related submissions, this one doesn't particularly move the needle on intellectual curiosity. Although satire is generally a good way to allow for some reflection on a serious topic, and I don't recall seeing AI-related satire here in a while.
reply