Never, ever put a form into a popup. Ever.

Privacy and Bot defense are opposite ends of the same fulcrum. If you permit privacy, the site/service has to trust users to behave and follow the rules. If you track users, then the users have to trust the site/service owners not to abuse that trust. There isn't really an in between.

So if you want privacy, you have to accept poor and sometimes insecure services.

Right now the only codebase I care about them fixing vulnerabilities in are the 3800 repositories that got stolen from GitHub.

"Vulnerabilities in the software that makes the internet" is honestly lower priority than "The platform that the software that makes the internet uses to make releases" If buyers of those internal repos find ways to break into GitHub such that they can cut software releases, or poison github actions from a distance, then we're all in a very ugly mess.

Don't forget that in those 3800 repos is likely also npmjs.org itself.

Heh, you mean the railway that was part of the whole "my production db got deleted in 9 seconds" story?

That company sounds a lot like one that doesn't focus on the right things.

Yeah... the railway that has just had a multi-hour outage because they looked like a spam account to Google Cloud!

For me the big question with something like Zed is how/when does it get monetized?

How does Root/Ventures, V1.VC, Matchstick, Redpoint, and Sequoia get paid and what does that eventually look like for the people who have adopted Zed?

Does it enshittify? Does it just get bought by somebody else and languish?

yet. The hallmarks of enshittification are there. We've all been through the cycle of "this product is too good to be true, and provides considerably more value than it costs" "Customer Acquisition/Market Capture" phase. And we know what has to come next. They have to make the product profitable, because you cant just burn up VC money forever.

This makes me wonder when we'll start trading memory on the commodities markets.

https://signpath.org/ is about as close as you can get.

That's actually awesome. I'm working on a project right now that could use this!

Theres two different steps, there is signing and there is notarization. You sign with the developer certificate using productsign/codesign, and then there is notarization, which you use notarytool to submit your signed binaray to apple to notarize.

finally you then take their response and staple it to your binary. Its a lot of steps.

Yup I do the first two - https://github.com/zig-for/snfm/blob/main/.github/workflows/...

The documentation implies the last step is optional https://developer.apple.com/documentation/security/customizi... but it might be inaccurate

The meme investors can stay irrational long before gamestop gets a growth story. If they haven't given up on their get rich quick scheme that's lasted over five years now, I really don't think they're going to jump ship now.

The sad part is that gamestop is offering 55 billion, yet only has 9 billion in cash. The only way they come up with that much capital to buy ebay is to dilute the existing shareholders to a point that "to the moon" will just be moondust.

I was assuming it was going to be an LBO? Surely they don't plan to raise the money in cash.

I suspect Cohen has a novel financial instrument in mind. After all, at some point someone invented the first LBO.