This draft spec was eventually published as RFC 9562. Compared to the previous spec it adds versions 6, 7, and 8, plus best practices guidance.

Basically, there are a bunch of UUID alternatives that arose to fix the problem that UUIDs are bad for use as database keys in large tables (here’s the perspective of MySQL experts Percona). A bunch of these alternatives are actually linked from the RFC, which I haven’t seen done before. Version 7, in particular, is meant to address this use case.

There also needs to be some way to indicate that a JSON construct is a Set, Map, plain object, or array. You’d want a date/time type as well.

Without breaking existing JSON parsers, the way to do that is to add metadata like a _type field to an object, or to add a “sidecar” object like superjson does. Which works but is ugly IMO.

Then there’s BSON, YAML, JSON Schema, and the one we don’t mention ₓₘₗ. To my knowledge all of those could be extended in a way to support new types, but require the producer and consumer to both understand and follow whatever convention you use. They lack the universal interchangeability of JSON.

Set and Map would be more useful if they were compatible with JSON. I see a lot of people using an object as a dictionary or an array as a set because of that.

Sometimes it’s the only option or the preferred option.

I haven’t. Maybe someday I’ll be willing to, but not today. It’s a hassle and extremely intrusive to provide my bank statement and photo ID to a company whose security I don’t trust.

That’s usually how I pay if someone requests money. Venmo is owned by PayPal but my account there works just fine.

I thought about that, but they ask for enough info that they’d be able to identify me. And then they’d probably ban me. At least right now I have the option of restoring my account, even though I have no intention of doing so.

True, it’s a private (not local) IP. It could easily have connected to a remote system, as their proof-of-concept did.

This code execs cmd.exe and pipes output to and from a hardcoded IP. That’s pretty weird. What’s running on that IP? How does the extension know something is there?

It looks like VS Code has no review — human or automated — or enforced entitlement system that would have stopped this or at least had someone verify it was legit.

Their findings included an extension that opens an obvious reverse shell.

Thanks. That’s good to know.

Use this shortcut from Ricky Mondello, the lead for Apple’s password development team.

I get the feeling they wanted to do a Passwords app for some time but needed to get, probably executive-level, buy-in to get it done.

Apple will get bad PR about this: they are “Sherlocking” password managers. 1Password will write a blog post about how this is actually good for them because now password management is mainstream; 3rd party password managers will decide to focus more on the enterprise market; Microsoft will come out with a competing password manager that re-uses the name of a previous product and is bundled with Edge, etc. How it always goes.

Any USB-C headphones work.

This report is from 2016. It’s mainly of historical interest.

This is an old article. It references the Batygin and Brown paper from 2016. As of 2024, it is still considered possible, but no direct evidence has been observed, and alternative explanations have been proposed, according to Wikipedia.

Another senior dev here, one of those weirdos who likes light mode. Sometimes. VS Code’s light mode is blinding to me, and I never use it. But Nova’s is beautiful and I prefer it. It depends how well the app renders fonts and colors. The oversaturated colors used in most apps are a big problem.

It’s nice that this is compatible with Redis clients, and even Redis cluster operations. But I wish they would take this opportunity to make scaling more ergonomic. The Redis cluster mode is a pain to use because certain commands don’t work on a cluster (and developers don’t seem to realize this, leading to implementation issues).

This doesn’t sound like a serious problem for a company like Google. They can afford to solve it by brute force — just put a Wi-Fi hotspot in every single room.

It’s better now. No more bottles and kegs. This time it’s barrels, vintages and terroirs.

This makes a lot of sense if you’re delivering static content. Cloudflare even has the Super Slurper which serves your S3 content and migrates it seamlessly to Cloudflare’s competitor R2 service, after which your egress is free.

Is it a blunder? Tell that to Apple, Jetbrains, or Microsoft, each of whom have proprietary code editors that net billions of dollars of revenue.

It’s true, VS Code is open source, but it is developed almost entirely by Microsoft, by a large team of paid full-time programmers, designers, and PMs. It may be the most-used text editor in the world, but it isn’t developed by a team of volunteers who materialized around it because it was open source.

Instead, consider that making something open source is often just a marketing strategy — or a soft way to sunset a project.