that’s the name of the game these days. on the plus side i’m getting plenty of work done but on the minus side the depression is as great as ever. not actually because of the pandemic/covid-19 but mostly because the nature of the world is relentlessly foolish.
regardless. here we are.
on the plus side, i’ve started blogging again but, on the minus side, it’s blogging.
insert more noneventful comments here.
i write this after the fact. it is now tomorrow but the file was made yesterday and so it stays.
what is permanence. what is memory. but i digress.
i’ve gotten tired of being told what i can and can’t do with computers and, to a greater extent, life.
the promise of computing was that it would set you free from the tyranny of pointless labor. it has, instead, increased our labor a thousand fold but i’ll be elaborating on that in another post.
one’s life isn’t simply a sum of experiences but also a sum of what how those experiences were directed and, anymore, those experiences are directed in the manner that directly manipulates people to be nothing more than one dimensional brands.
This article is already old news for me and largely irrelevant as i don’t use much in the way of rando js modules, random packages, etc. However the subject is interesting due to the conversations that has spawned:
As always, the hell is in the comments from these posts but mostly this boils down to a couple of things for me:
In the mad rush to develop details get drowned in the mad flow of dependencies, libraries, etc. etc. etc. that get imported in willy-nilly to provide functionality without remaking the wheel.
The superficial incentives to write and release millions of tiny modules and libraries result in heavy obfuscation of core beliefs in what software should be.
And this is where I get slightly Stallman-esque.
The code, in this case, was in the minified version and therefore, for practical purposes, unreadable for most. And while minified code serves a purpose when used on the web (i.e. small files, quick speeds, etc.) it is something that can’t be read or studied easily. This goes double for the user of a website where they are greeted by and have already used the software in question before they have the chance to read it.
But blah blah blah–that’s a whole separate topic.
Sticking mostly to the hell-world that’s node and NPM I ran quick test where I installed express to see what would happen. the result cranked out the following:
added 48 packages from 36 contributors and audited 121 packages in 2.97s
found 0 vulnerabilities
Mind you, I am not disparaging express it was simply the first example that came to mind.
However, within the modules folder there are now 48 folders each with their own code, etc. - dependencies with dependencies with dependencies and each with their own points of failure and possibilities for corruption.
Add to this the devil may care attitude of open source developers who release their projects into the hands of whomever they want. This creates the (obviously very real) possibility of the new maintainers then putting malicious code into the package on the next version update and there’s a huge potential for problems. And this is why the “open source developers don’t owe you anything” argument falls flat. They might not owe users anything in terms of direction and development of their program, but they do owe them the ability to trust in the last release of their signed product.
This, of course, is another issue entirely. The glut of projects on GitHub, etc. that are desperate for new maintainers is astounding and is a topic for important future action.
Barring actual responsibility from developers, the first solution, I imagine, would then be proper due diligence on those who are importing libraries like gangbusters. They have the duty to make sure their code is as harmless as possible and therefore must accept the risks and responsibilities of managing third party libraries.
That is a bit extreme though. One cannot simply inspect all the libraries and excess code that is contained therein so what then?
Perhaps a rethinking of the entire NPM styled system. To be frank, it’s nonsense and very close to a vanity measuring contest with its bragging of how many packages are available and such. The result of which is the glorification of package production and the increased chances of abuse by those who know that the flawed model has become a place of misplaced trust by developers. (see here for an well reasoned article on the issue along with a call for the creation of a Standard Library)
There must be the ability to read the code and understand it and code that’s dependent on more code needs to find a way of incorporating that code in a manner that allows it some control over it so that bad things can’t be slipped into it.
Freedom is necessary, free software is necessary and both should do no harm.
a fortune cookie that i opened on my birthday dinner said to tie up loose ends. if that’s not an omen, i’m not sure what is. regardless, i’ve been doing just that.
in the meantime, my car decided to die so there’s the unwelcome repair bill and the lack of vehicle for the past couple days, which, in reality, is a welcome change. my average use of the car is to go to work or to a supermarket (which i’ve documented here on behance)
the result of which is that i don’t see a purpose to me having a car. especially since most my life is spent on the computer. sigh, but we must have our societal trappings and this is an automobile forward culture.
i’ve also been eyeballing the amount of splenda that i put in my tea lately. since i pour it out of a huge bag this results in copious amounts of the stuff in my cup. i have yet to decide whether this is good or bad.
letters in bottles but beyond that it’s anybody’s guess.
no part of my life has been allowed to rest easy for more than a few moments at a time. whether interrupted by actual tragedy or the learned behavior of waiting for the other shoe to drop anxiety is ready to come in at any time to destroy those times and ruin them forever.
since childhood i’ve been closely watched by it and kept under its thumb. from terrible sickness, death, loneliness, etc. i am forced to believe that there is no other kind of life for me but one of constant unease and motion.
and i believe this is reflected in my work more than any other theme. i can’t settle, i don’t hold to any theories or beliefs, there is nothing in man worth saving. we readily destroy all things that are good like angry toddlers wanting more candy and being denied.
i’m a vagrant, a wanderer, constantly searching for something that’s definition has been lost a long time ago.
It’s the torment of finishing a movie where you know the characters are going to continue having an interesting life and you wake up to your surroundings and realize that they’re gone.