Hacker News new | past | comments | ask | show | jobs | submit | jermo's comments login

Chess is only in chaos because Carlsen did not provide any details and remains quiet. Hence all the speculation.


He is not allowed to if he made offical complains. That was probably the point of his "i am in trouble if i talk" tweet


In his full stream he went into more details (summary https://www.reddit.com/r/chess/comments/x7yzee/comment/inj3c...)

"non-technical example of people using signals when players leave the board (in the bathroom, over a balcony etc) and in technical ways suggests that certain earpieces could pass checks or potentially other small devices"


Works in MiniHack on iOS (unofficial)


That is a link to Chinese satellite launch mission. Would the booster even be noticeable in the US at aircraft altitude?


Yes, re-entry can survive for the lower velocity orbits all the way to ground depending on debris material and orientation. Air density is 20% at 40k ft, so much more likely to make it that far.


A lot of projects publish to Central from cloud CIs. That means that private keys are stored in config/secrets. It is debatable whether that makes the artifacts more reliable since you have to trust the CI.


Would like to start using Wren though issues like this put me off: "Stack corruption" https://github.com/wren-lang/wren/issues/761

Using older and more established languages seems less risky.


Matthew Walker's "Why We Sleep" Is Riddled with Scientific and Factual Errors https://guzey.com/books/why-we-sleep/


Seems like the Maven registry is susceptible to artifact hijacking.

Say I wan't to install artifacts from two GitHub users. I would have to add these two Maven repositories:

    - https://maven.pkg.github.com/USER1 
    - https://maven.pkg.github.com/USER2
In that case USER1 can publish an artifact with the same groupId/artifactId as USER2 and my Maven will happily install it without suspecting anything.

Another case - someone deletes their GH account and another user takes it: https://blog.sonatype.com/hijacking-of-a-known-github-id-go-...

Docs: https://help.github.com/en/articles/configuring-maven-for-us...


I'm not familiar with maven, is there an equivalent of npm's scope feature?

As for account hijacking... I guess GH needs to track account deletions and append incrementing suffixes to usernames under the repository.


There is in Gradle 5.1+ but not in Maven, afaik. They are using Maven in their examples, however.


Disagree about being the death of Maven Central - they are different beasts.

- Central has a global namespace of artifacts. com.google.guava is the same for everyone. This will probably stay the default of open-source libraries.

- GitHub Package Registry has a per-user maven repository, so a local namespace (https://maven.pkg.github.com/OWNER). This is likely to be used by companies internally.

In order to use GH Registry instead of Central, I would have to add a dozen maven repositories to my settings.xml. I doubt many developers will be up for that.

Docs: https://help.github.com/en/articles/configuring-maven-for-us...


One of the easiest is jitpack.io which builds and publishes to its own Maven repository


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: