10
What are some examples of xkcd 2347?
(xkcd.com)
Log4j was a fun one to watch unfold everywhere when things went haywire
The neat thing about the log4j thing was even a cursory explanation of the vulnerability made anyone with a passing familiarity with security say, "Why the fuck would that even be a feature?!"
Wait until you learn that PDFs support embedded Javascript.
????????? What the what now?
Sci-Hub anyone?
Alexandra Elbakyan manages this truly awesome source of scientific papers completely on her own. She got sued twice and lost, had to change the URL multiple times due to takedowns and only gets along by donations.
It is a crime to humanity to lock knowledge behind a huge paywall. She does God's work.
And it's not like the actual scientists/academics support knowledge being locked away either, or profit from it.
shit, scihub is easier to use than the library, so we're all grateful to her too.
She's the best thing that's happened to the s scientific publishing field. I'm no longer a student but I still enjoy reading scientific papers and I'll be damned if I have to pay $20 per article (which doesn't go to the authors) since I no longer have access to a library that maintains relationships with these big publishers.
The core-js library is used by 1000s of top websites and is maintained by one guy
https://github.com/zloirock/core-js
cURL was one of these for a while (according to my limited understanding)
It was made in the 90s and it didn't get commercial support until a few years ago.
Would you like to hear an OpenSSL joke?
It's 64k letters long and you can repeat it back to me when I'm done.
It's "A".
I don't get it. What's funny about "A complete film set up for the day less than a week and a half hours or so to get a new Hampshire the same thing we have to do yay for it to be done with the repellant the same thing we have to do you have to be a car or a goat does it make you feel better than I expected it to my mother-in-law and I will be there in a few minutes to be there for you to get back to me is getting a little bit of a man on the way to work through the ditches the other day and I will be there in the morning and I will be there in the morning...
Did you just keep tapping the center predicted text suggestion?
A developer maintained a NodeJS package called left-pad that would add leading whitespace to strings. He unpublished the package and broke basically the entire Node ecosystem until the repo owner forcibly republished it against the author's wishes.
Werner Koch, the guy who created, and who has maintained for 25 years now, pretty much all by himself, GnuPG, the modern email encryption replacement for PGP.
Just the other day, I realized I actually live just a few kms away from the guy, here in Germany ... very tempted to reach out to him someday and actually buy him an actual coffee.
Had GPT summarize what happened.
The "left pad" incident refers to a controversy that arose in 2016 when a developer named Azer Koçulu removed his JavaScript package called "left-pad" from the NPM (Node Package Manager) registry. This caused a ripple effect, breaking numerous projects that relied on this package and highlighting the potential risks of relying on external dependencies. The incident sparked a debate about the stability and trustworthiness of the open-source ecosystem and led to discussions about best practices for managing dependencies in software development.
This famously broke builds at Facebook.
This is the one I came to post about. The fact there's a library for this is so stupid to me.
I feel like it demonstrates how npm and modules have probably to some degree gotten out of hand.
Who maintains ffmpeg?
Node frameworks are famous for this purely because of a lack of standard library. I feel like most languages have a standard library that balance being generic but still providing utilities of common used stuff. So a company that doesn’t want to rely on a random guy’s library can build their own with only the features they want. But with Node, any complicated feature is using a tree of hundreds of random packages that you have no idea who created them.
Someone ought to write a Node.js fork that includes native implementations of popular modules that are unlikely to need maintenance like isodd. Then come with a custom version of NPM that refuse to install the packages.
Deno basically did this by including a standard library that removes the need for the most popular modules. It's the best js/ts experience I've ever had.
I believe the nodejs fiasco is what prompted this comic?https://www.google.com/amp/s/www.theregister.com/AMP/2016/03/23/npm_left_pad_chaos/
Another example is a large number of libraries using an external dependency to check if a number is odd.
TzData is basically maintained by 2 guys. Pretty much every computer, phone and language relies on this database for timezone information.
Basically every Windows sysadmin is indebted to Mark Russinovich and SysInternals. Fortunetly, PowerToys has come a long way because I'm pretty sure sysinternals haven't been updated since Windows XP.
Mark Russinovich now works for Microsoft and they own Sysinternals. Also the tools get updated quite regularly.
"Mark works for MS" is a massive understatement. He's CTO of Azure now.
And speaking of Sysinternals, arguably the most exciting update was when ProcessExplorer got a dark mode late last year :)
Wait? ProcessExplorer has dark mode???!
I didn't even know about core-js until the dev complained about all the sites which use it. https://github.com/zloirock/core-js/blob/master/docs/2023-02-14-so-whats-next.md
Look up a machine called Therac-25. great example of this. Terrifying.
That's terrifying!
I'll save the next guy a search https://en.wikipedia.org/wiki/Therac-25
Tl;dr:
The Therac-25, a radiation therapy machine produced by Atomic Energy of Canada Limited (AECL), was implicated in six accidents between 1985 and 1987 where patients received massive radiation overdoses due to software errors.
view more: next ›
this post was submitted on 22 Jun 2023
10 points (100.0% liked)
Programming
17026 readers
87 users here now
Welcome to the main community in programming.dev! Feel free to post anything relating to programming here!
Cross posting is strongly encouraged in the instance. If you feel your post or another person's post makes sense in another community cross post into it.
Hope you enjoy the instance!
Rules
Rules
- Follow the programming.dev instance rules
- Keep content related to programming in some way
- If you're posting long videos try to add in some form of tldr for those who don't want to watch videos
Wormhole
Follow the wormhole through a path of communities !webdev@programming.dev
founded 1 year ago
MODERATORS