The license doesn't actually permit OSS development. Only compilation of near-unmodified third party OSS libraries.
You may not compile OSS software developed by your own organisation.
The OSS software must be unmodified, "except, and only to the extent, minor modifications are necessary so that the Open Source Dependencies can be compiled and built with the software."
Using VS build tools for open source development is covered by the Community licence [0], separate from this Build Tools licence change. That license is more open than you might expect, working as an individual it even permits proprietary development for commercial purposes.
Under that usage, the Community license counts as a valid Visual Studio license for Build Tools purposes, hence the second paragraph:
> This change expands user rights to the Build Tools and does not limit the existing Visual Studio Community license provisions around Open-Source development. If you already are a developer contributing to OSS projects, you can continue to use Visual Studio and Visual Studio Build Tools together for free, just like before.
I trained 12,000 steps at 4 layers, and the output is kind of name-like, but it didn't reproduce any actual name from it's training data after 20 or so generations.
Despite DHS repeatedly framing Mobile Fortify as a tool for identifying people through facial recognition, however, the app does not actually “verify” the identities of people stopped by federal immigration agents—a well-known limitation of the technology and a function of how Mobile Fortify is designed and used.
That quote from the source wired article, does not allege that the DHS makes any claim that the app can itself verify anyone's identity.
Where has the DHS made any statement that the app does something that it does not do?
The closest thing I can find is from the 2025 DHS AI use case inventory, where the entry for Mobile fortify states it's benefits are:
"Utilizing facial comparison or fingerprint matching services, agents/officers in the field are able to quickly verify identity utilizing trusted source photos."
The claim is not that the app verifies someone's identity, but that it can potentially find trusted source photos that look similar to the person in question.
The officer could then evaluate the match, and make a determination to their own satisfaction that their subject is one and the same as the person in the database.
ICE told a ranking member of the House homeland security committee:
[...] an apparent biometric match by Mobile Fortify is a ‘definitive’ determination of a person’s status and that an ICE officer may ignore evidence of American citizenship [...]
Oh yes, its only one commitment per call... this is a UI handling issue, will resolve it... the backend by design only takes one commitment per player, till it is resolved/revealed... Thanks
Oh ok... so then thats definitely a bug then... actually drand issues randomness every 3 seconds... so may be multiple on the same drand round has a bug... will correct that... Thanks
I just checked the code and it was a small demo/front-end issue of assigning the player_id (in javascript)... have corrected it now : )
The logic of back end api (written in go, commitment stored in firestore), is intact, the 409 will come only if the same user tries to commit again before the reveal, this is by design.
The problem is technical: too many low-quality PRs hitting an endpoint. Vouch's solution is social: maintain trust graphs of humans.
But the PRs are increasingly from autonomous agents. Agents don't have reputations. They don't care about denounce lists. They make new accounts.
We solved unwanted automated input for email with technical tools (spam filters, DKIM, rate limiting), not by maintaining curated lists of Trusted Emailers. That's the correct solution category. Vouch is a social answer to a traffic-filtering problem.
This may solve a real problem today, but it's being built as permanent infrastructure, and permanent social gatekeeping outlasts the conditions that justified it.
I agree with all the points made about GH actions.
I haven't used as many CI systems as the author, but I've used, GH actions, Gitlab CI, CodeBuild, and spent a lot of time with Jenkins.
I've only touched Buildkite briefly 6 years ago, at the time it seemed a little underwhelming.
The CI system I enjoyed the most was TeamCity, sadly I've only used it at one job for about a year, but it felt like something built by a competent team.
I'm curious what people who have used it over a longer time period think of it.
tc is probably the best console runner there is and I agree, it made CI not suck. It is also possible to make it very fast, with a bit of engineering and by hosting it on your own hardware. Unfortunately it’s as legacy as Jenkins today. And in contrast to Jenkins it’s not open source or free, many parts of it, like the scheduler/orchestrator, is not pluggable.
But I don’t know about competent people, reading their release notes always got me thinking ”how can anyone write code where these bugs are even possible?”. But I guess that’s why many companies just write nonsense release notes today, to hide their incompetence ;)
>To make TeamCity more approachable for everyone, we’ve launched the pipelines initiative, and are investing heavily in reimagining the familiar UX. Complementing these efforts, we are excited to introduce the TeamCity AI Assistant.
I used TeamCity for a while and it was decent - I'm sure defining pipelines in code must be possible but the company I worked at seemed to have made this impossible with some in-house integration with their version control and release management software.
If you achieve arbitrary code execution in the sandbox, I think you could pretty easily exfiltrate the openai key by using the openai code interpreter, and asking it to send the key to a url of your choice.
> ...the Department of the Interior settled on a single justification for blocking turbine installation: a classified national security risk.
To speculate on what this risk is, the two obvious risk I can think of would be:
- Susceptibility to seabed warfare[0]. A rival nation can sabotage the infrastructure and maintain deniability, like we have seen with the Nord Stream sabotage[1].
- Potential interference with passive sonar systems, the turbines are likely to generate a fair bit of noise, which could potentially make it harder for SOSUS[2] to detect rival submarines.
What happened was beyond reprehensible. If the winter of 2022 was not unusually warm and the gas stockpiles had emptied, not only would the entire Eurozone (350 million people) have plunged into a massive economic crisis, but people would literally die.
Convenience, and cheap gas, was definitely a good strategy. Up until the point where our ally, the USA, would try to get Ukraine to NATO, provoke Russia to invade, and then help the Ukrainians blow up the pipeline.
The world is moving away from the US and I really cannot wait. They have done much more damage globally than good.
You may not compile OSS software developed by your own organisation.
The OSS software must be unmodified, "except, and only to the extent, minor modifications are necessary so that the Open Source Dependencies can be compiled and built with the software."
https://visualstudio.microsoft.com/license-terms/vs2026-ga-d...
reply