| 00:03:31 | | etnguyen03 (etnguyen03) joins |
| 01:21:33 | | etnguyen03 quits [Client Quit] |
| 01:29:08 | | etnguyen03 (etnguyen03) joins |
| 02:03:58 | | Umbire (Umbire) joins |
| 02:51:56 | | etnguyen03 quits [Remote host closed the connection] |
| 03:03:15 | | jspiros (jspiros) joins |
| 03:03:20 | | jspiros_ quits [Read error: Connection reset by peer] |
| 03:55:36 | | HackMii quits [Remote host closed the connection] |
| 03:55:53 | | HackMii (hacktheplanet) joins |
| 04:31:22 | <eggdrop> | [remind] kiska: downsample influxdb |
| 04:35:57 | | hyperreal quits [Quit: Ping timeout (120 seconds)] |
| 04:36:13 | | hyperreal (hyperreal) joins |
| 05:10:52 | | hyperreal quits [Client Quit] |
| 05:11:07 | | hyperreal (hyperreal) joins |
| 05:34:52 | <that_lurker> | steering: npm ls <package name> |
| 05:35:18 | <that_lurker> | npm explain did something too |
| 05:37:14 | | DogsRNice quits [Read error: Connection reset by peer] |
| 05:38:45 | | SootBector quits [Remote host closed the connection] |
| 05:39:57 | | SootBector (SootBector) joins |
| 05:41:13 | | HackMii quits [Remote host closed the connection] |
| 05:41:56 | | HackMii (hacktheplanet) joins |
| 06:05:46 | <steering> | that_lurker: i doubt that actually solves the problem |
| 06:06:04 | <steering> | (the contents are more important than the names, generally) |
| 06:06:11 | <steering> | (other than perhaps package.json) |
| 06:06:38 | <that_lurker> | that is true. Best is to just not use it :-P |
| 06:06:48 | <steering> | moreover you shouldnt need to run some code for it... it should be on the website... and judging from the linux-utils thing the "Code (beta)" isn't even accurate AFAICT... |
| 06:06:51 | <steering> | mmhmm |
| 06:07:28 | <steering> | the stackoverflow posts etc are just like "oh go check github" except that tells you nothing... ¯\_(ツ)_/¯ |
| 06:16:25 | <that_lurker> | should just say "Trust me bro" |
| 06:20:44 | | systwo (systwi) joins |
| 06:23:57 | | systwi quits [Ping timeout: 268 seconds] |
| 06:38:18 | | SootBector quits [Remote host closed the connection] |
| 06:39:24 | | SootBector (SootBector) joins |
| 07:10:52 | | Umbire quits [Ping timeout: 268 seconds] |
| 07:13:32 | | Umbire joins |
| 07:20:28 | | Umbire is now known as RJHacker29970 |
| 07:20:28 | | RJHacker29970 quits [Killed (vindobona.hackint.org (Nickname regained by services))] |
| 07:20:30 | | Umbire (Umbire) joins |
| 07:34:55 | | Jake quits [Ping timeout: 268 seconds] |
| 08:11:51 | | Umbire quits [Client Quit] |
| 08:12:06 | | Umbire joins |
| 10:08:12 | | Umbire quits [Killed (palermo.hackint.org (Nickname regained by services))] |
| 10:08:15 | | Umbire (Umbire) joins |
| 10:09:13 | | Umbire quits [Remote host closed the connection] |
| 10:09:36 | | Umbire joins |
| 10:25:45 | | @imer quits [Quit: Oh no] |
| 10:34:26 | | imer (imer) joins |
| 10:34:26 | | @ChanServ sets mode: +o imer |
| 11:00:12 | | Bleo18260072271962345522201107 quits [Quit: The Lounge - https://thelounge.chat] |
| 11:01:30 | | beardicus5 (beardicus) joins |
| 11:03:02 | | Bleo18260072271962345522201107 joins |
| 11:03:18 | | beardicus quits [Ping timeout: 268 seconds] |
| 11:03:18 | | beardicus5 is now known as beardicus |
| 11:09:04 | | pie_ quits [] |
| 11:09:11 | | pie_ (pie_) joins |
| 13:35:00 | | mete quits [Ping timeout: 268 seconds] |
| 13:35:07 | | twiswist (twiswist) joins |
| 13:46:45 | | arch quits [Remote host closed the connection] |
| 13:46:59 | | arch (arch) joins |
| 13:47:01 | | mete joins |
| 13:48:32 | | arch quits [Remote host closed the connection] |
| 13:48:52 | | arch (arch) joins |
| 13:54:41 | | arch quits [Remote host closed the connection] |
| 13:54:54 | | arch (arch) joins |
| 14:19:28 | | SootBector quits [Remote host closed the connection] |
| 14:21:16 | | SootBector (SootBector) joins |
| 14:32:34 | | hyperreal quits [Quit: Ping timeout (120 seconds)] |
| 14:32:50 | | hyperreal (hyperreal) joins |
| 15:00:39 | | yano quits [Quit: WeeChat, https://weechat.org/] |
| 15:05:00 | | yano (yano) joins |
| 15:08:35 | <szczot3k> | nulldata: https://http.cat/ |
| 15:08:55 | <szczot3k> | https://http.cat/status/303 |
| 15:20:35 | | fangfufu quits [Quit: ZNC 1.9.1+deb2+b3 - https://znc.in] |
| 15:27:28 | | Jake (Jake) joins |
| 15:28:33 | | fangfufu joins |
| 15:28:43 | <@JAA> | steering: Not that I disagree with the sentiment, but isn't that the case for most package managers? They usually have some mechanism to invoke code during or after installation because it's often needed for certain tasks. Debian packages have the postinst hook script, for example, and installations can also trigger external things like a mandb update, conditional on other packages being installed. |
| 15:58:44 | <steering> | JAA: not even remotely. `debian source` exists, as does say https://packages.debian.org/trixie/amd64/nginx/download |
| 15:58:54 | <steering> | erm |
| 15:58:57 | <steering> | `apt source` i mean |
| 15:59:29 | <steering> | you can even dpkg -i it |
| 15:59:55 | <steering> | (not to mention the fact that debian still doesn't let anyone sign up and start pushing packages) |
| 16:02:04 | <@JAA> | steering: Sure, you can look at the package, but depending on how the postinst and other stuff is written, it's still not trivial or automatable to determine what would actually get written on installation. |
| 16:02:54 | <@JAA> | But yeah, there is a gate. So a better comparison would be other open package repositories like PyPI. |
| 16:02:55 | <steering> | and how do i similarly look at an npm package? |
| 16:03:25 | <@JAA> | Python packages are slowly shifting towards the declarative pyproject.toml, but setup.py has been dominant for many years, is still used, and can also run arbitrary code at install time. |
| 16:05:01 | <steering> | they can still ship a malicious wrapper for `ls` or something anyway :P |
| 16:05:50 | <@JAA> | Yup |
| 16:08:40 | | legoktm quits [Quit: http://quassel-irc.org - Chat comfortably. Anywhere.] |
| 16:09:24 | | legoktm joins |
| 16:10:29 | <@JAA> | In the same vein (and previously posted here): https://nesbitt.io/2026/05/15/language-registries-are-unstable-by-default.html |
| 16:13:52 | <justauser> | https://nesbitt.io/2026/04/15/the-tuesday-test.html is specifically about code execution on install. |
| 16:14:47 | | fangfufu quits [Client Quit] |
| 16:17:36 | | HP_Archivist quits [Read error: Connection reset by peer] |
| 16:17:36 | | AlsoHP_Archivist (HP_Archivist) joins |
| 16:18:14 | | fangfufu joins |
| 16:38:50 | <steering> | mmhmm |
| 17:09:36 | | [42] quits [Ping timeout: 268 seconds] |
| 17:17:45 | <justauser> | "You can opt out of google analytics by installing a browser add-on." |
| 17:17:56 | <justauser> | https://listen.hatnote.com/ |
| 17:25:07 | | [42] (N4Y) joins |
| 17:33:51 | <justauser> | https://xcancel.com/github/status/2056884788179726685 - the replies are much better than the announcement itself, so probably not #blueteam . |
| 17:50:37 | | Paw-chivist joins |
| 17:51:02 | <steering> | > holy shit, how did the attackers find a large enough uptime window to get in? |
| 17:51:05 | <steering> | rofl |
| 17:52:46 | | unknownsrc quits [Ping timeout: 268 seconds] |
| 17:58:14 | | unknownsrc (unknownsrc) joins |
| 18:18:24 | | Paw-chivist quits [Read error: Connection reset by peer] |
| 18:40:01 | <steering> | youtube autoplay is interesting today. went from the white stripes to ... hilary duff. |
| 19:07:27 | <steering> | https://listenbrainz.org/explore/lb-radio/ ooooh nice! |
| 19:09:14 | | Umbire quits [Ping timeout: 268 seconds] |
| 19:50:41 | | Umbire joins |
| 19:54:35 | | hyperreal quits [Quit: Ping timeout (120 seconds)] |
| 19:54:51 | | hyperreal (hyperreal) joins |
| 20:15:13 | | Umbire quits [Ping timeout: 268 seconds] |
| 20:16:27 | | systwo quits [Ping timeout: 268 seconds] |
| 20:31:39 | | Paw-chivist joins |
| 20:37:30 | | NatTheCat quits [Quit: nya~] |
| 20:38:19 | | NatTheCat (NatTheCat) joins |
| 20:42:41 | | Webuser358585 joins |
| 20:44:06 | | hyperreal quits [Client Quit] |
| 20:44:24 | | hyperreal (hyperreal) joins |
| 20:51:57 | | FiTheArchiver joins |
| 20:56:49 | | FiTheArchiver quits [Client Quit] |
| 21:07:01 | | RJHacker58209 quits [Ping timeout: 268 seconds] |
| 21:08:27 | | Matthww quits [Quit: The Lounge - https://thelounge.chat] |
| 21:11:49 | | Matthww joins |
| 21:26:47 | | DogsRNice joins |
| 21:35:23 | | lunik1 quits [Quit: :x] |
| 21:35:50 | | lunik1 joins |
| 21:36:31 | | Paw-chivist quits [Client Quit] |
| 21:40:06 | | Matthww quits [Read error: Connection reset by peer] |
| 21:42:54 | | Matthww joins |
| 21:51:09 | | etnguyen03 (etnguyen03) joins |
| 21:58:12 | | etnguyen03 quits [Remote host closed the connection] |
| 22:03:34 | | etnguyen03 (etnguyen03) joins |
| 22:05:05 | | klea wonders if AT has a public maitenance time list. |
| 22:05:06 | <klea> | https://www.5snb.club/#:~:text=IF%20YOU%20DON%27T%20SCHEDULE%20TIME%20FOR%20MAINTENANCE%2C%20YOUR%20EQUIPMENT%20WILL%20DO%20IT%20FOR%20YOU |
| 22:05:13 | | Matthww quits [Client Quit] |
| 22:19:50 | | wickedplayer494 quits [Ping timeout: 268 seconds] |
| 22:20:04 | | wickedplayer494 (wickedplayer494) joins |
| 22:24:55 | | Matthww joins |
| 22:41:59 | | nine quits [Ping timeout: 268 seconds] |
| 22:43:44 | | nine joins |
| 22:55:50 | | Webuser358585 quits [Client Quit] |
| 23:09:44 | | klea quits [Ping timeout: 268 seconds] |
| 23:09:44 | | klea[convos] quits [Ping timeout: 268 seconds] |
| 23:09:47 | | steering7254 quits [Ping timeout: 268 seconds] |
| 23:10:21 | | alexlehm quits [Ping timeout: 268 seconds] |
| 23:25:24 | | steering7254 joins |
| 23:25:24 | | alexlehm (alexlehm) joins |
| 23:25:26 | | klea[convos] joins |
| 23:25:28 | | klea (jmjl) joins |
| 23:30:05 | | Matthww quits [Ping timeout: 268 seconds] |
| 23:41:02 | | etnguyen03 quits [Client Quit] |
| 23:57:03 | | Webuser571320 joins |