I’m pretty sure it’s both.

Type of shit that jerma985 would write down on a whiteboard while high.

There are some good points in it, though I wouldn’t really consider go dependencies all that decentralized in practice and I don’t understand how checksum db will protect against supply chain attacks with stolen credentials, but I admit I haven’t looked into the details.

But why hasn’t JavaScript established a defacto stdlib to replace ask the left pads and is even type packages?

I’m guessing things were working out pretty alright, even with the insane amount of dependencies per project. The awareness and the increasing frequency of supply chain attacks is relatively recent for npm. But who knows, maybe the tech giants in control of the web standards are happy to keep using their own vendored registries.

Npm probably has the biggest attack surface and many of the libraries hosted there are in extremely widespread use. They’ve taken some steps to mitigate these supply chain attacks, but as we’ve seen with more recent examples, it’s unrealistic to think they can be prevented completely. Most of these attacks use stolen developer credentials, which invalidates almost all potential security measures on the registry side and the best you can hope for is catching a malicious package quickly. To be clear: I think the JS ecosystem is uniquely positioned to be the prime target of supply chain attacks and while that doesn’t excuse the slow implementation of security measures from the npm team, the people arguing that other package managers and registries aren’t vulnerable to this have to be huffing fumes.

Npm has gotten a few config options that prevent this behaviour. We can only hope that they will become the default eventually.

It does. Enforcing a minimum package age can be useful for some applications, but the average user isn’t one of them.

The good news is that there already is a gold standard for supply chain security: the Go programming language.

Lmfao

Network access can make sense if you want to be notified when your wash is done. Some cycles don’t have a preset running time. You can do some neat stuff with home automation. None of that should require internet access or use a cloud service controlled by the manufacturer.

I really hate the sentiment that you must be under the influence of something to reach a certain level of creativity. Some artists have found success with this and that’s fine, but it is not a requirement. Not even for the most surreal and otherworldly art.

I was actually wondering if this was supposed to be about a specific problem someone has with rust (not like I haven’t gotten stuck on some weird corner with rust before), but looking at the meme, that seemed unlikely to me. Thanks for the context.

I get that it’s supposed to be a meme, but aside from the first one these aren’t even rust stereotypes. Is this a meme specifically for people who haven’t used rust, know nothing about rust but have maybe heard that it’s a programming language?

I see. It uses AI generated code, I just checked.

Is there a version of n8n without AI generated code?

No, though parts of systemd have a scope creep issue, that’s not what I’m describing. I’m talking about Poettering deciding to create a service layer for Linux after stealing some ideas from MacOS. Reducing that to “scope creep” is misleading at best and feeds into the “systemd is a monolithic application” concern trolling at worst.

Don’t like systemd-resolve? Fine. I get that plenty of implementation details are incomplete, suck or have caused friction with other software. On the other hand it’s a really useful tool for dynamic split dns handling, which is why I like using it. You can disable it, I’ve done so on some workstations and servers, because of poor choices in internal domain names leading to mDNS issues, knock yourself out.

Don’t think it should be part of an init system? It really isn’t. I wouldn’t call systemd just an init system to begin with, though that was the initial project goal. Most of its parts are reasonably well separated or at least highly configurable for a service layer. I genuinely think it’s completely insane to have DNS resolution in libc, but people have gotten used to that. Systemd-resolved is completely inoffensive in comparison imho.

Don’t like systemd as a whole? Use a distro without it. It really is that simple. Everything has been discussed - at length. Wars have been fought. At this point, change will only come if the complainers actually sit down, shut up and do some work towards their goals.

Sorry this turned into such a rant, most of this isn’t even directed at you, this situation just annoys me. Especially this poor guy getting death threats on GitHub because someone riled up all the asshats in the community who have no idea how any of this works. Maybe they should focus their energy on the political forces pushing the California legislation that started this whole mess? I’ve been tired of this stupid debate for years now. I feel like it’s mostly carried by people who have no idea what they are talking about these days.

Could be surrealist humor if we ignore the alternative american version

Watch people unironically celebrate FOSS developers running into financial issues from bot traffic, because they don’t like Gnome shell.

Wait a second. Is this just Lunduke gaslighting people again, like the last time all the idiots were saying that Gnome was going to go bankrupt within a year?

The “political stuff” about the birthdate field is completely overblown, as per usual with systemd. Binary logs aren’t that big a deal either. Like Torvalds said, those are details you can disagree with but it doesn’t mean you should dismiss the entire project because of it. Your comment is probably the first one I’ve read in this community that doesn’t boil down to: “I read somewhere that systemd doesn’t follow unix philosophy, yuck!”. That was kind of my entire point.

I wouldn’t even complain about it, if people here just stuck to shitposting instead of this thinly wrapped “I like/dislike X, please fight about it in the comments :)” bait.

There are legitimate reasons to criticise systemd and I’m completely certain that they will never be posted in this community. I swear if I have to read some stupid comment about the unix philosphy from someone who has no idea what systemd is, which parts are optional or what init looked like before this stupid twenty year long debate…