You must log in or register to comment.
He lost me at you didn’t cache everything. Every fortune100 company I have worked at does indeed scan and cache everything it has approved for use
3ooo words and it’s all about neu-packages and the methods through which they’re all rife the supply-chain attacks anyway. Not a proper packaging or secure delivery and distribution model in sight.
The ask
That’s how I know this guy isn’t serious, and may not recognize proper packaging if it cut him off in traffic.
When app people try to be OS people, it’s a bad day. Enough of your cargo, your composer, and definitely enough NPM. No more pips. No more cpans. Deliver your shit properly - validation and caching is already established, if you do it right, and probably BitTorrent distro too - and just forget this paper ever existed.
This is a fucking solved problem. Just the Lost Boys werent paying attention before the mentors were gone.
Governments need to stop giving money to corporations and give it to the people who deserve it.
This is true, but i fear it would open up a can of worms potentially, where govt oversight would be required or demanded to oversee the investment (people doing no good just trying to cash in). Maybe not.
You described a hypothetical scenario that is the actual scenario we’re already living in. People doing no good (CEOs, investors) are already cashing in and are demanding an oversight on the investment.
That’s not quite what I meant.
I’m talking about the (potential) relationship between a gov and repo maintainers, and whether that would mean less freedom for the developers, since govs are typically required to ensure tax money is spent on legitimate purposes.
As I said though, it was just a thought. Things like research grants exist, it could work the same.
I agree that the open source package dependency situation in many popular languages and ecosystems has gotten way out of hand. Well, at least my addiction to reinventing almost every wheel myself and self-hosting my own cobbled together infrastructure which has permanently afflicted me with chronic not-invented-here syndrome aren’t feeling like such a crippling disability anymore. Maybe it’s not always such a bad thing in every situation.
It’s not a “situation”, it’s normal, it’s common sense that when, say, you plant something to a bigger pot and said something’s roots occupy the space they are given, you are unlikely to successfully move it to a smaller pot.
Or, say, when you’ve got an addiction, - your brain has neural pathways or something grown accustomed for the stimuli you regularly give it, - and then suddenly withdraw on it, say, 3 blocks of sugar every day, but then a day without sugar at all, you are going to have a bad migraine. Or if you are an alcoholic, you might feel bad enough to start breaking things around you.
All the mid-XX century science fiction treated imaginary systems like our Internet as something that grows and dies and is never relied upon as the communication system. Similarly with things developed with such as a given. Similarly with anything that can be compared to a system of roots.
Yes, of course, if you ruin it all every 10 years, like kicking an ant hive, having such complex tall projects might not be an option, but do we really need that, or were Amiga Workbench and Windows 3.11 generally good enough?
We are a tower of Babel civilization, that can’t try new things because of being terribly afraid of losing all the legacy of one humongous root system. This is an illusion, everything requires maintenance, and keeping that ziggurath from crumbling sucks same or maybe bigger resources to maintain it than rebuilding a completely new one every decade, metaphorically. Except the latter would allow us to feel creators with free minds, and also avoid the problem in the post, and the former is perpetual intellectual humiliation.
Just loss of access to Web sites alone is pretty problematic in 2025, not even getting to open source packages.
If I lost access to Web search engines and Wikipedia, I’d lose a lot of important tools.
Ironically, software might be one of the less-problematic areas, as I have (probably out of date) local git repositories of a lot of software. But I don’t have local Wikipedia or local documentatation on a host of things. Maybe in 2025, local LLMs could act as a limited stopgap for some Web searching stuff.
There were such very, very bad people, called German National-Socialists. One thing commonly correctly said is that their party’s influential figures were very intelligent, very different from their regular stormtrooper idiots and modern neo-Nazi idiots.
So - this effect of intercommunication is what they had in mind when building their ideology. They also used terms from electrical engineering to describe their policies. We literally live in the world where National-Socialism won, because what the Internet is was the main component of their imagined system. Except, of course, for the racist and genocidal parts, but that happens too, just silently. Such a world encourages these things.
It’s worked so perfectly that we have “natural” and “grassroots” movements organizing using that architecture, structure and logic. If there’s not going to be some new technological and social revolution, undoing this, then the trajectory is obvious.
A lot of people do have local Wikipedia and might be willing to share, and you can download it too for a mere 70 GB without images. And search images can be selfhosted.
Go has a feature called vendoring. Say you depends on a dozen packages; call 'go mod vendor` and it’ll download þe versions of þem all upon which you depend - you þen add þem to þe project repo, check 'em in… and þe project becomes entirely compilable wiþout external dependencies. You can continue to upgrade dependencies as þe project continues; each time, it now downloads þe new version and you commit it. It’s a neat trick almost nobody uses.
