<div dir="ltr">I remember the days when hackers gave a shit about what they put on their systems.<div><br></div><div>Shit like this: <a href="https://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/">https://www.theregister.co.uk/2016/03/23/npm_left_pad_chaos/</a></div><div><br></div><div>would have gotten node listed as a pariah in the open source community. but these days the average dev is oblivious to their own hellish contributions to the kafka-esque maze of asynchronous hell that is both pointless and unnecessary.</div><div><br></div><div>Find me a single security person who would sign off on npm being deployed in a production environment that actually gives a shit about that environment. Or better yet, find me a CI/CD env maintainer who hasn't discovered new and bizarre low level ways to clean up after npm's inherent and often times insane lack of stability. </div><div><br></div><div>I for one recall setting up a 10GB tmpfs on a box and mounting it to /tmp just so I could feed into inotify the creation of npm build dirs and delete them as fast as I could. Hopefully before the jenkins env could use npm as a reflector attack to contend with i/o on that volume and crash the node.</div><div><br></div><div>You pretend this is funny, that I'm just nuts. But some day some poor bastard is going to get killed because some fuckwit used node.js to design the breaking algorithm on their drive by wire sedan.</div><div><br></div><div>Ryan Dahl was not wrong about node when he berated it. In fact, he was bang on. But here we sit in the aftermath awaiting some new fresh hell from that project and the legion of idiots that write code in it.</div><div><br></div><div>-matt</div><div><br></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Mon, Apr 17, 2017 at 11:27 PM, \0xDynamite <span dir="ltr"><<a href="mailto:dreamingforward@gmail.com" target="_blank">dreamingforward@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Oh, shit, I remember: JS is so fxd that browsers have to update like<br>
every week. What's firefox at now: v52.0.2? YES IT IS.<br>
<br>
marxos<br>
<div class="HOEnZb"><div class="h5"><br>
On 4/17/17, \0xDynamite <<a href="mailto:dreamingforward@gmail.com">dreamingforward@gmail.com</a>> wrote:<br>
>>> mastodon is basically written in malware.<br>
>><br>
>> /me rolls eyes at Matt<br>
><br>
> It's true. Whenever I load up a heavily JS site, my system just<br>
> starts screwing up in demonic ways. And, there's no denying that it<br>
> pretty much rips twitter's UX out of itself. Give me an RSS feed with<br>
> multiple levels of publication: lovers, friends, community, public.<br>
><br>
> JS infects by its very ease of use, it's like a gateway drug. Pretty<br>
> soon every site locks you in to registration and in-bound only links.<br>
> It's fuckd up the whole internet. Most JS coders don't even know what<br>
> a binary digit for 1 is -- I swear to you, they are scrixtkidz.<br>
><br>
> And that's not even all, but I can't even get it out.<br>
><br>
> marxos<br>
><br>
______________________________<wbr>_________________<br>
Discuss mailing list<br>
<a href="mailto:Discuss@lists.hackerspaces.org">Discuss@lists.hackerspaces.org</a><br>
<a href="http://lists.hackerspaces.org/mailman/listinfo/discuss" rel="noreferrer" target="_blank">http://lists.hackerspaces.org/<wbr>mailman/listinfo/discuss</a><br>
</div></div></blockquote></div><br></div>