A day late and a dollar short - that’s what this post is.
A day late and a dollar short - that’s what this post is.
I tried to get a nice ascii art sad face made but it kept screwing up so i wiped it out and started this instead.
Happy New Year!
i write this after the fact. it is now tomorrow but the file was made yesterday and so it stays.
what is permanence. what is memory. but i digress.
every now and then - when i want to get really depressed - i calculate how long it’ll take me before i pay off my student loans from the school of the art institute of chicago.
currently we’re looking at me being about 55.
anyways, everything’s for sale. make an offer!
cloisters of affluence disturb me. it’s a combination of their certainty, the lack of precarity and absence of any sign of “grit” that really does it but also there’s a dose of jealous anger because so much of the world doesn’t have anything even close to it.
i’ve gotten tired of being told what i can and can’t do with computers and, to a greater extent, life.
the promise of computing was that it would set you free from the tyranny of pointless labor. it has, instead, increased our labor a thousand fold but i’ll be elaborating on that in another post.
one’s life isn’t simply a sum of experiences but also a sum of what how those experiences were directed and, anymore, those experiences are directed in the manner that directly manipulates people to be nothing more than one dimensional brands.
there are spots that are conducive for work and there are spots that are impossible for one to hold even the simplest of thoughts for a second.
i work in the latter.
to manage anything takes the either an ignorance or a willpower that is beyond comprehension.
This article is already old news for me and largely irrelevant as i don’t use much in the way of rando js modules, random packages, etc. However the subject is interesting due to the conversations that has spawned:
As always, the hell is in the comments from these posts but mostly this boils down to a couple of things for me:
In the mad rush to develop details get drowned in the mad flow of dependencies, libraries, etc. etc. etc. that get imported in willy-nilly to provide functionality without remaking the wheel.
The superficial incentives to write and release millions of tiny modules and libraries result in heavy obfuscation of core beliefs in what software should be.
And this is where I get slightly Stallman-esque.
The code, in this case, was in the minified version and therefore, for practical purposes, unreadable for most. And while minified code serves a purpose when used on the web (i.e. small files, quick speeds, etc.) it is something that can’t be read or studied easily. This goes double for the user of a website where they are greeted by and have already used the software in question before they have the chance to read it.
But blah blah blah–that’s a whole separate topic.
Sticking mostly to the hell-world that’s node and NPM I ran quick test where I installed express to see what would happen. the result cranked out the following:
+ firstname.lastname@example.org added 48 packages from 36 contributors and audited 121 packages in 2.97s found 0 vulnerabilities
Mind you, I am not disparaging express it was simply the first example that came to mind.
However, within the modules folder there are now 48 folders each with their own code, etc. - dependencies with dependencies with dependencies and each with their own points of failure and possibilities for corruption.
Add to this the devil may care attitude of open source developers who release their projects into the hands of whomever they want. This creates the (obviously very real) possibility of the new maintainers then putting malicious code into the package on the next version update and there’s a huge potential for problems. And this is why the “open source developers don’t owe you anything” argument falls flat. They might not owe users anything in terms of direction and development of their program, but they do owe them the ability to trust in the last release of their signed product.
This, of course, is another issue entirely. The glut of projects on GitHub, etc. that are desperate for new maintainers is astounding and is a topic for important future action.
Barring actual responsibility from developers, the first solution, I imagine, would then be proper due diligence on those who are importing libraries like gangbusters. They have the duty to make sure their code is as harmless as possible and therefore must accept the risks and responsibilities of managing third party libraries.
That is a bit extreme though. One cannot simply inspect all the libraries and excess code that is contained therein so what then?
Perhaps a rethinking of the entire NPM styled system. To be frank, it’s nonsense and very close to a vanity measuring contest with its bragging of how many packages are available and such. The result of which is the glorification of package production and the increased chances of abuse by those who know that the flawed model has become a place of misplaced trust by developers. (see here for an well reasoned article on the issue along with a call for the creation of a Standard Library)
There must be the ability to read the code and understand it and code that’s dependent on more code needs to find a way of incorporating that code in a manner that allows it some control over it so that bad things can’t be slipped into it.
Freedom is necessary, free software is necessary and both should do no harm.
it can be found on my github here
while the original code is this:
10 PRINT CHR$(205.5+RND(1)); : GOTO 1
regardless, i made a thing. huzzah.
a fortune cookie that i opened on my birthday dinner said to tie up loose ends. if that’s not an omen, i’m not sure what is. regardless, i’ve been doing just that.
in the meantime, my car decided to die so there’s the unwelcome repair bill and the lack of vehicle for the past couple days, which, in reality, is a welcome change. my average use of the car is to go to work or to a supermarket (which i’ve documented here on behance)
the result of which is that i don’t see a purpose to me having a car. especially since most my life is spent on the computer. sigh, but we must have our societal trappings and this is an automobile forward culture.
i’ve also been eyeballing the amount of splenda that i put in my tea lately. since i pour it out of a huge bag this results in copious amounts of the stuff in my cup. i have yet to decide whether this is good or bad.