Slashdot Mirror
How One Dev Broke Node and Thousands of Projects In 11 Lines of JavaScript (theregister.co.uk)
An anonymous reader quotes an article written by Chris Williams for The Register: Programmers were left staring at broken builds and failed installations on Tuesday after someone toppled the Jenga tower of JavaScript. A couple of hours ago, Azer Koculu unpublished more than 250 of his modules from NPM, which is a popular package manager used by JavaScript projects to install dependencies. Koculu yanked his source code because, we're told, one of the modules was called Kik and that apparently attracted the attention of lawyers representing the instant-messaging app of the same name. According to Koculu, Kik's briefs told him to take down the module, he refused, so the lawyers went to NPM's admins claiming brand infringement. When NPM took Kik away from the developer, he was furious and unpublished all of his NPM-managed modules. 'This situation made me realize that NPM is someone's private land where corporate is more powerful than the people, and I do open source because Power To The People,' Koculu blogged. Unfortunately, one of those dependencies was left-pad. It pads out the lefthand-side of strings with zeroes or spaces. And thousands of projects including Node and Babel relied on it. With left-pad removed from NPM, these applications and widely used bits of open-source infrastructure were unable to obtain the dependency, and thus fell over.
They're a messaging application and have been around 5-6 years. Recall that trademark owners are required to protect their trademark.
And the trademark for "KiK" an instant messenger "App" on phones or tablets, does not cover a "library" or even a "program" written for software development.
At least not in my country, and likely not in yours either.
Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
I don't think this proves libraries per-se are bad, but blindly depending on out-of-house software repositories for every build or (worse) every startup/deploy is crazy.
We're a Java house (go ahead, get your ki[c]ks in...), and we use around 100 open source libraries. They're all mirrored locally in an Ivy repository we maintain. No new versions get checked in unless they've passed a reasonable level of scrutiny, and nothing gets deleted unless we delete it.
Which only concatenates the string once.
Yes, it's the Hipster False Switcheroo Fallacy. Also known as satire.
"Mr. Swift, cease this frippery at once! I fail to see what infant cannibalism has to do with wealth inequality and class relations in Ireland!"
And how dare you, sir or madam or other. I'll have you know I've put countless man-or-woman-or-other-hours into my artisanal gluten-free bread.
Also, how dare you, Slashdot! Putting a squiggly red underline under "artisanal" in 2016. This is disappointingly regressive!
For trivial operations, such as left padding, it's almost never worth the risk to use a library unless it's part of the language's standard library. Sure, don't write your own FFT or ORM, but if you can code a function in a few minutes for a well defined problem, there's no reason to add an external dependency.
Generally I've found that anything taking less than two days (one day for writing, one day for testing) is worth rewriting yourself instead of adding a dependency (arguably, anything taking less than a week is worth rewriting, depending on the quality and stability of the dependency).
"First they came for the slanderers and i said nothing."
Do you work in the water industry? This is actually spot on!
It's so bad we don't even know where half the damn pipes are. We know where the ends are, but if there is a leak in the middle we are fucked. Even in the best countries 25% of the water leaks out, and in some places it's over 50%. Even better, the last 20% just isn't even worth fixing... If a leak is costing the company 5 bucks a month, they ain't gonna send someone to dig up the road and fix it.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC