wildbus8979
@wildbus8979@sh.itjust.works
- Comment on NPM Package With 56K Downloads Caught Stealing WhatsApp Messages 1 day ago:
Have you ever looked at the available packages in a Linux distribution like Debian or a BSD? There are thousands and thousands of library packaged to support software releases. Like I said, that had been the distribution model for the better of twenty+ years until this new, shittier, model.
- Comment on NPM Package With 56K Downloads Caught Stealing WhatsApp Messages 3 days ago:
That’s essentially how most distributions of Linux and Unix work. You package an app with a list of depencies like “libcaca >= 1.2.3” and that’s that. If that dependency isn’t available in the distro you need to have that packaged (and thus have a maintIner for said package) forst. The distro’s package maintainers are responsible for keeping an eye on the upstream sources and provide reviews. Then this sort of crap like NPM came along and it became popular for devs to package their own dependencies.
- Comment on NPM Package With 56K Downloads Caught Stealing WhatsApp Messages 3 days ago:
I’m not super familiar with Maven so I could be wrong, but doesn’t Maven still pull depencies from upstream? That doesn’t fix the problem. Having depencies packaged in the OS means there is in theory some level of overview and review by the package maintainer(s).
- Comment on NPM Package With 56K Downloads Caught Stealing WhatsApp Messages 3 days ago:
Debian does as well for anything that is packaged. For python, golang, rust, etc as well.
- Comment on NPM Package With 56K Downloads Caught Stealing WhatsApp Messages 3 days ago:
The first issue is NPM specific sure, but the second is true of all the languages I mentioned. Even golang which originally had a goal of having a built in library so vast you didn’t need much depencies has devolved into a large and fractured community.
- Comment on NPM Package With 56K Downloads Caught Stealing WhatsApp Messages 3 days ago:
This truly has grown past a JS problem. NPM was kind of the first time dependencies were installed by the project rather than through the OS. But nowadays this has become the norm, golang, rust, and to an extent python also work by installing dependies directly from git for the most part. This isn’t going to get any better unless with revert to OS based dependencies which noone wants to do because developers want the latest and greatest model.
- Comment on 1 week ago:
The principality of Sealand keeps annexing new land mass formations popping out of the Atlantic!
- Comment on What DDNS providers you guys recommend? 1 week ago:
Anything that supports bind’s built-in nsupdate.
- Comment on Umami is compromised - upgrade immediately 2 weeks ago:
- Comment on Decreasing Certificate Lifetimes to 45 Days 3 weeks ago:
And that somehow Lemmy didn’t federate my deletion!
- Comment on Decreasing Certificate Lifetimes to 45 Days 3 weeks ago:
How did you reply to a deleted comment?
- Comment on People are completely used to autotune in music now, and the same will happen with ai usage 3 weeks ago:
autotune does not make a bad singer good
This is precisely what autotune DOES. You’re confusing the creative usage of autotune to create a specific sound, like what T-Pain (an actually great signer) popularized. But autotune wasn’t created for that, it was specifically created for correcting signers who can’t keep a key.
- Comment on Decreasing Certificate Lifetimes to 45 Days 3 weeks ago:
That’s what Carla are for.
- Comment on 3 weeks ago:
Bandcamp? Listenbrainz?
- Comment on 4 weeks ago:
Hope you’re getting plenty then. You want to ejaculate around twenty times a month for a healthy prostate.
- Comment on G GG 5 weeks ago:
Swap the keyboard for the old school ThinkPad key card from the x220. That thing is goat (you’ll want to either replace the palm rest or file the knobbins on the keyboard a bit)
- Comment on ?oes anyone know where I could pick up those Pride sunglasses with that same Pride hat 5 weeks ago:
Yellow is watersports right?
- Comment on Breaking: Google is easing up on Android's new sideloading restrictions! 1 month ago:
I can absolutely make phone calls with both my One Plus 6T and my PinePhone.
- Comment on ✨A Practical Guide to IP Addresses: From Basics to Real-World Applications✨ 1 month ago:
That’s not really true though. If you’re say on a IP that is in the Bell Alliant range, I know you’re in the Maritime Provinces of Canada. That’s a lot narrower already than Canada. There’s a lot of ISPs that are pretty local and just knowing the IP will get you a lot closer.
- Comment on Happy NNN 1 month ago:
And both of them are fascist dog whistles.
- Comment on It can be harder to surveil private conversations if everyone just used sign language. 1 month ago:
It also isn’t a single language. ASL is different than LSF, LSQ, or even LSFB, etc.
- Comment on 3D design software for 3d printing? 1 month ago:
FreeCAD
- Comment on Share your poops! 2 months ago:
Came here for this clip. That series was absolutely incredible, and that’s one of the best ones for sure.
- Comment on Firefox is adding profiles to separate your browsing sessions 2 months ago:
Just add -P to Firefox launch flags. This also has been true for rlike 20 years.
- Comment on Self-hosted alarm system? 2 months ago:
Seconded, Alarmo rules. I even have HA send me video clips over Signal!
- Comment on If the USA ever rewrites their constitution it will likely have embedded ads. 2 months ago:
This section about lawful intercept is sponsored by Preparation H
- Comment on Making the world go round 2 months ago:
Thank you for your service (unironically) 🫡
- Comment on Cool Project? 2 months ago:
Because clearly blaming corporation for the ongoing climate apocalypse is going super well!
- Comment on [deleted] 2 months ago:
Winwhat?
- Comment on [deleted] 2 months ago: