Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday March 29 2020, @08:37PM   Printer-friendly [Skip to comment(s)]
from the questionable-dependencies dept.

Arthur T Knackerbracket has found the following story:

In November 2019, Denis Pushkarev, maintainer of the popular core-js library, lost an appeal to overturn an 18-month prison sentence imposed for driving his motorcycle into two pedestrians, killing one of them.

As a result, he's expected to be unavailable to update core-js, a situation that has project contributors and other developers concerned about the fate of his code library.

Pushkarev, known as zloirock on GitHub, mentioned the possibility he may end up incarcerated in a thread last May discussing the addition of post-install ads to generate revenue for a project that so many use and so few pay for. He anticipated he may need to pay for legal or medical expenses related to his motorcycle accident.

In that thread, developer Nathan Dobrowolski asked, "If you are in prison, who will maintain [core-js] then?"

Pushkarev offered no answer. Since his conviction last October, the need to resolve that question has become more than theoretical.

-- submitted from IRC

So dear soylentil developers, are there any libraries you are depending on that have a single point of failure?


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 2, Informative) by khallow on Sunday March 29 2020, @08:50PM (8 children)

    by khallow (3766) Subscriber Badge on Sunday March 29 2020, @08:50PM (#977022) Journal

    What Happens When the Maintainer of a JS Library Downloaded 26M Times a Week is Unavailable?

    What's hard to figure out about the problem? Either fork it or wait for the developer to get out of jail. It's not like the code will spoil.

    • (Score: 0) by Anonymous Coward on Sunday March 29 2020, @09:03PM

      by Anonymous Coward on Sunday March 29 2020, @09:03PM (#977026)

      Exactly although a JS lib is not exactly a real killer [murderpedia.org] piece of software.

    • (Score: 2) by Rosco P. Coltrane on Sunday March 29 2020, @09:14PM (6 children)

      by Rosco P. Coltrane (4757) on Sunday March 29 2020, @09:14PM (#977029)

      It's not like the code will spoil.

      In the craptastic world of Web two-oh, code has a very short shelf life: it needs updating every two hours, whenever a new exploit gets found out - not hard in the huge unnecessary stacks that underpin the internet we know today - and whenever it needs to support the new shiny du jour.

      • (Score: 5, Insightful) by acid andy on Sunday March 29 2020, @11:07PM (3 children)

        by acid andy (1683) on Sunday March 29 2020, @11:07PM (#977047) Homepage Journal

        and whenever it needs to support the new shiny du jour.

        What particularly irritates me is many of the things that will be done with these shinies could already be implemented using older web technologies. In my mind one of the few legitimate uses of recent website client libraries is to build something that will work across many different devices and browsers, but even then, if you just kept it simple (like this website!), there wouldn't be such problems to begin with!

        It's not just endlessly reinventing the wheel, it's often dropping the new wheels onto the piles of old wheels underneath. I've noticed similar things on Linux where looking for how to set something up in ALSA, I find many forum posts telling someone to just install PulseAudio (I'm yet to find anything that I need to do that PulseAudio can do and ALSA can't)! The answer to how to solve one simple problem should not be to install an additional layer of complexity over the top of whatever you were using.

        --
        Master of the science of the art of the science of art.
        • (Score: 4, Insightful) by NCommander on Monday March 30 2020, @09:55AM (2 children)

          by NCommander (2) Subscriber Badge <mcasadevall@soylentnews.org> on Monday March 30 2020, @09:55AM (#977157) Homepage Journal

          Pulse can dynamically reroute audio streams and stream over the network. It also acts as an intermediately layer for the 500+ sound APIs that have appeared over the years.

          I don't like Pulse, but ALSA is a fucking nightmare to work with, and a horrid case of NIH after OSS came out of the kernel.

          --
          Still always moving
          • (Score: 0) by Anonymous Coward on Monday March 30 2020, @06:51PM

            by Anonymous Coward on Monday March 30 2020, @06:51PM (#977305)

            Adding in such performance overhead to PulseAudio so that it is network transparent was as dumb of a mistake as was adding network transparency to X11's low level drawing commands.
            Optimizing for network transparency should be done at the application layer, not the audio layer.
            I'm afraid X11 continues to inspire open source programmers--with bad ideas.

          • (Score: 0) by Anonymous Coward on Tuesday March 31 2020, @01:02AM

            by Anonymous Coward on Tuesday March 31 2020, @01:02AM (#977450)

            Pulse also sucks up around 5% of my cpu when idle. It also puts out white noise after a while, when you least expect it.

      • (Score: 0) by Anonymous Coward on Monday March 30 2020, @12:51AM

        by Anonymous Coward on Monday March 30 2020, @12:51AM (#977071)

        it needs updating every two hours, whenever a new exploit gets found out

        Worse. If it isn't updated at least once an hour it will be labelled as "unmaintained" and shunned by developers.

      • (Score: 0) by Anonymous Coward on Monday March 30 2020, @03:00PM

        by Anonymous Coward on Monday March 30 2020, @03:00PM (#977219)

        It needs updating every two hours, whenever a new exploit change in pastel coloring or removal of visual hints gets found out

        There, fixed that for you.

  • (Score: 4, Funny) by Rosco P. Coltrane on Sunday March 29 2020, @09:09PM (1 child)

    by Rosco P. Coltrane (4757) on Sunday March 29 2020, @09:09PM (#977028)

    I have an Javascript implementation of ReiserFS and I'm struggling.

    • (Score: 2) by maxwell demon on Monday March 30 2020, @06:51PM

      by maxwell demon (1608) on Monday March 30 2020, @06:51PM (#977306) Journal

      Seems you've found the killer application for JS!

      --
      The Tao of math: The numbers you can count are not the real numbers.
  • (Score: 2, Insightful) by Anonymous Coward on Sunday March 29 2020, @09:37PM (3 children)

    by Anonymous Coward on Sunday March 29 2020, @09:37PM (#977032)

    Let's lock them all up and drain the web swamp.

    • (Score: 0) by Anonymous Coward on Monday March 30 2020, @01:31AM (2 children)

      by Anonymous Coward on Monday March 30 2020, @01:31AM (#977078)

      Continuing your analogy that can only mean you want to make things worse. Why? Isn't the web fucked up enough?

      • (Score: 0) by Anonymous Coward on Monday March 30 2020, @02:41AM

        by Anonymous Coward on Monday March 30 2020, @02:41AM (#977090)

        Can't get any worse. Of course, that is the dumbest comment proven almost universally timelessly wrong.

        Still, it's the darkest before it turns utter pitch black, you dig?

      • (Score: 0) by Anonymous Coward on Monday March 30 2020, @03:02PM

        by Anonymous Coward on Monday March 30 2020, @03:02PM (#977220)

        If we locked them all up, then nothing would change. I.e., no additional color shading would be shifted to reduce contrast. And no further visual highlight clues that something might be a control would be removed.

        Yes, that would leave much of the web a horrendous awful wasteland.

        But it would be stuck there, unchanging, so it will not get any worse, because it will remain the same level worse it was when they were all locked up.

  • (Score: 5, Insightful) by Anonymous Coward on Sunday March 29 2020, @09:53PM (14 children)

    by Anonymous Coward on Sunday March 29 2020, @09:53PM (#977035)

    The internet would be a better place.

    • (Score: 2, Insightful) by Anonymous Coward on Sunday March 29 2020, @11:16PM (1 child)

      by Anonymous Coward on Sunday March 29 2020, @11:16PM (#977049)

      I'm not sure why you'd say that. After all, we have woodchippers.

    • (Score: 0) by Anonymous Coward on Sunday March 29 2020, @11:32PM (10 children)

      by Anonymous Coward on Sunday March 29 2020, @11:32PM (#977055)

      How so? Before JS there was Flash and Applets, after JS whatever shit is happening to your browser/web experience will continue to happen using a different tool. Aggro on the tool all you want, it ain't he cause of the problem.

      • (Score: 5, Informative) by Arik on Monday March 30 2020, @02:16AM (9 children)

        by Arik (4543) on Monday March 30 2020, @02:16AM (#977084) Journal
        "Before JS there was Flash and Applets,"

        No. That may be technically true, but they weren't the pervasive threat the words convey today.

        Without jscript, how do you autolaunch your flash monstrosity? Hmm?

        You can't. You can only provide a link to download, and instructions on how to download the flash viewer.

        And so on for any app. Exactly as it should be. Computers should not be downloading and executing arbitrary code from transient sources without an affirmative effort from the user to do so. That's unsafe and insane and always has been.
        --
        If laughter is the best medicine, who are the best doctors?
        • (Score: 1) by shrewdsheep on Monday March 30 2020, @08:35AM (6 children)

          by shrewdsheep (5215) on Monday March 30 2020, @08:35AM (#977143)

          These are strawmen. One thing that has spilled over from mobile is fine grained permissions. These allow (or will allow) a much more fine grained control over what apps can do than was ever possible before.

          Also I disagree with your second point. In the end a program will do something. How it got there is irrelevant, whether it downloaded something or was capable to do said thing to begin with. The main point is whether the user has control. This is best achieved by permissions and not by the believe that a program would do a certain set of things and nothing more and would stay that way. Howe mistaken that believe usually is.

          • (Score: 5, Insightful) by Arik on Monday March 30 2020, @11:57AM (5 children)

            by Arik (4543) on Monday March 30 2020, @11:57AM (#977168) Journal
            "These allow (or will allow) a much more fine grained control over what apps can do than was ever possible before. "

            So what? Pointing my web browser to your server (likely via a link, perhaps even a disguised link) does not constitute consent to run your app. When you lose that, you really strike at the heart of what made the web worthwhile.

            "The main point is whether the user has control."

            Exactly. And that's precisely what the 'web app' strips away, by design. The user no longer has control. Because under the guise of distributing a document, he's now been tricked into running a program designed specifically to put chains on her. This has all been made so complicated, and hidden so well, that the average user is either completely unaware of it, or simply gives up. At this point we develop something we might call "herd vulnerability" as a result.

            A formal ability to say no is not always equivalent to a functional ability to say no. It is the latter, not the former, which is key here.
            --
            If laughter is the best medicine, who are the best doctors?
            • (Score: 0) by Anonymous Coward on Monday March 30 2020, @03:16PM (3 children)

              by Anonymous Coward on Monday March 30 2020, @03:16PM (#977226)

              "he's now been tricked into running a program designed specifically to put chains on her"

              Someone could only be tricked into it? As a transgender BDSM fetishist I take offense to that!

              • (Score: 0) by Anonymous Coward on Monday March 30 2020, @06:56PM (1 child)

                by Anonymous Coward on Monday March 30 2020, @06:56PM (#977310)

                Only Marxists make this type of grammar mistake; it is a sign of their mental confusion regarding sexes (not gender, which is a grammatical and not biological term).
                The correct pronoun to use in the general case where neither male nor female is specifically meant is: male.
                Barring that, just say, "the user."

                • (Score: 2) by Arik on Tuesday March 31 2020, @06:21AM

                  by Arik (4543) on Tuesday March 31 2020, @06:21AM (#977536) Journal
                  It's not a mistake.

                  You're correct insofar as I was alternating genders, which is no the same thing as sex. But there's no mistake and no confusion.

                  You're correct insofar as one possible, and in my view logical and unobjectionable approach is simply to default to the unmarked gender. Plenty of precedent, and as I said personally unobjectionable.

                  But it's not the one true and only correct way. Language is more flexible than that. English in particular is more flexible than that. Some people find it objectionable. It's not a huge deal.

                  Conspicuously alternating between the marked and unmarked form is almost precisely the same, except it gives an explicit cue as to which of two plausible ways it is to be read. In a sense, this is a better alternative, simply because it is less ambiguous.

                  "Barring that, just say, "the user.""

                  The proper English is "one." As in "when one finds oneself in a hole, one must first stop digging."
                  --
                  If laughter is the best medicine, who are the best doctors?
              • (Score: 2) by Arik on Tuesday March 31 2020, @06:10AM

                by Arik (4543) on Tuesday March 31 2020, @06:10AM (#977534) Journal
                A minority might well sign up willingly, I'm fine with them doing so.

                Not so fine with it becoming a general requirement.

                Not at all sure how serious to take your comment. Are you the other AC that replied to yourself?
                --
                If laughter is the best medicine, who are the best doctors?
            • (Score: 2) by hendrikboom on Wednesday April 01 2020, @02:20AM

              by hendrikboom (1125) Subscriber Badge on Wednesday April 01 2020, @02:20AM (#977893) Homepage Journal

              A formal ability to say no is not always equivalent to a functional ability to say no.

              A fact which is evident to any rape victim.

        • (Score: 0) by Anonymous Coward on Monday March 30 2020, @06:08PM (1 child)

          by Anonymous Coward on Monday March 30 2020, @06:08PM (#977296)

          Computers should not be downloading and executing arbitrary code from transient sources without an affirmative effort from the user to do so.

          Executing. It's such a funny word. Taking stuff from remote and putting it locally and then doing stuff with it?? Like layouts? Like HTML? What about like RegEx? Or CSS? What is so special about JS? It just has a handful of statements.

          That's unsafe and insane and always has been.

          That can be said about anything. Might as well lock ourselves in the basements and disable all networks because HTML parser errors.

          • (Score: 2) by Arik on Tuesday March 31 2020, @02:03AM

            by Arik (4543) on Tuesday March 31 2020, @02:03AM (#977471) Journal

            "Executing. It's such a funny word. Taking stuff from remote and putting it locally and then doing stuff with it??"

            No, they aren't equivalents, execution is a special subset of 'stuff.'

            "Like layouts? Like HTML?"

            Documents. Data. Not executables.

            "What is so special about JS? It just has a handful of statements."

            No, it's a programming language. [crockford.com]

            There is a clear distinction between executable code and data. Executable code is where the danger lies. Yes, it's possible to exploit flawed executables by feeding them bad data - obviously. But it's sheer sophistry to pretend they aren't fundamentally different things. To penetrate a system using data you have to have a known and accessible flaw in the specific software on the remote machine that's being used to parse the data, one which will allow you to effectively transmute your data into code in memory. That's a very restricted attack surface. If you're allowed to run code, *any* kind of code, on the remote machine, you've busted out to a much larger attack surface and the prospect of the defender being able to secure that surface has diminished by orders of magnitude.

            --
            If laughter is the best medicine, who are the best doctors?
    • (Score: 2) by darkfeline on Tuesday March 31 2020, @12:48AM

      by darkfeline (1030) on Tuesday March 31 2020, @12:48AM (#977443) Homepage

      Why is this vitriolic drivel modded +4 Insightful?

      I dislike JavaScript very much, but saying "All JavaScript developers should go to prison" is uncalled for and unproductive.

      --
      Join the SDF Public Access UNIX System today!
  • (Score: 2) by legont on Sunday March 29 2020, @10:14PM

    by legont (4179) on Sunday March 29 2020, @10:14PM (#977036)

    It means angry fate. Users should knew better.

    --
    "Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
  • (Score: 0) by Anonymous Coward on Sunday March 29 2020, @10:28PM (2 children)

    by Anonymous Coward on Sunday March 29 2020, @10:28PM (#977039)

    What happened to Michael David Crawford's code when he died?

    • (Score: 0) by Anonymous Coward on Sunday March 29 2020, @10:32PM (1 child)

      by Anonymous Coward on Sunday March 29 2020, @10:32PM (#977041)

      As per his will, it was donated to the Aga Khan Foundation.

      • (Score: 1, Interesting) by Anonymous Coward on Monday March 30 2020, @06:59PM

        by Anonymous Coward on Monday March 30 2020, @06:59PM (#977313)

        Kinda silly caring about it.
        We become wormfood and are soon forgotten. The same happens to our creations, barring something like Relativity or the pyramids.

  • (Score: 2, Interesting) by Anonymous Coward on Sunday March 29 2020, @11:02PM

    by Anonymous Coward on Sunday March 29 2020, @11:02PM (#977045)

    Then good riddance.

  • (Score: 2) by crafoo on Sunday March 29 2020, @11:26PM (3 children)

    by crafoo (6639) on Sunday March 29 2020, @11:26PM (#977051)

    "are there any libraries you are depending on that have a single point of failure"

    No, I don't Qt has a single point of failure. I'm not a developer professionally, but if Qt were to go away I would would go through all 5 stages of grief, hold a fund drive and/or funeral, then just give up and use std lib and some github trash immediate mode GUI.

    • (Score: 2) by krishnoid on Sunday March 29 2020, @11:28PM (2 children)

      by krishnoid (1156) on Sunday March 29 2020, @11:28PM (#977054)

      Like which ones, just curious?

      • (Score: 2, Informative) by Anonymous Coward on Sunday March 29 2020, @11:50PM

        by Anonymous Coward on Sunday March 29 2020, @11:50PM (#977062)

        I'm not crafoo, but presumably imgui? [github.com]

      • (Score: 3, Informative) by crafoo on Monday March 30 2020, @03:00PM

        by crafoo (6639) on Monday March 30 2020, @03:00PM (#977218)

        like the anon poster said, probably start with imgui. I've actually used it a couple times and it's OK. Nuklear looks pretty good too and it's easily skinnable if that's your thing. I haven't tried using it.

  • (Score: 2) by krishnoid on Sunday March 29 2020, @11:27PM

    by krishnoid (1156) on Sunday March 29 2020, @11:27PM (#977053)

    As long as people in high places are using his library, he may have little to fear [youtube.com]. It probably doesn't quite have *that* many skeletons in its closet, though.

  • (Score: 0) by Anonymous Coward on Monday March 30 2020, @03:36AM (4 children)

    by Anonymous Coward on Monday March 30 2020, @03:36AM (#977101)

    Anybody know enough Russian to read the court document and summarize the circumstances of his crime?

    • (Score: 5, Informative) by sorokin on Monday March 30 2020, @09:46AM (3 children)

      by sorokin (187) on Monday March 30 2020, @09:46AM (#977155)

      I'll try to translate as much as I can. Disclamer: I know very little of legal terminology (both in Russian and in English), therefore I will try translating only the parts that make sense to me.

      He was driving his motorcycle at speed 60 km/h (37.3mph; this is the maximum allowed speed while driving in city in Russia). He violated the traffic code by not giving way to pedestrians at a pedestrian crossing. The pedestrian crossing was marked by road signs and road markings. By not giving way he hit two women.

      Because of the accident both women were seriously injured (literal Russian: "grievous bodily harm"). The caused damage was life threatening. Due to injuries one woman died at the scene.

      During the court hearings Pushkaryov pleaded guilty.

      In the appeal Pushkaryov expresses disagreement with the court decision on the severity of punishment. He cites the circumstances of the accident: he could not see the pedestrians timely as they were below the light from the headlight of the motorcycle (dubious claim IMHO from his side, but the context is: the pedestians were drunk, one of them was laying on the ground and the other one was trying to lift the first one) and also he was blinded by the high beam of an oncoming vehicle. He quotes the witnesses claiming that the behavior of pedestrians violates the traffic code (the referenced article is about the fact that pedestrians crossing the street should leave the carriageway in timely manner; We don't know the exact claims of the witnesses as they are not quoted here). He noted that the victims were drunk and behaved inadequately.

      (Then there goes a long and stupid argument why he believes the punishment is too severe. I despise his ridiculous wordplay and don't even want to translate this.)

      Then there is appeal from the victims side.

      They claim that the punishment is too mild. They note that this is the minimal permitted punishment for the crime and it doesn't reflect the circumstances of the accident and the personality of the defendant. Also they believe that the court incorrectly recognized extenuating circumstances by using some article of the criminal code and incorrectly applied some other article of the criminal code. (Sorry, can not be more specific, it's not my area of expertise)

      (Then the goes some explanation what words exactly the court interpreted incorrectly, but there is one more interesting quote for you:)

      The victim notes that during the court process the defendant behaved defiantly and criticizing her of how she parents her daughter.

      • (Score: 0) by Anonymous Coward on Monday March 30 2020, @07:00PM (2 children)

        by Anonymous Coward on Monday March 30 2020, @07:00PM (#977315)

        so two stupid drunk bitches crossed the road when the light was green and this guy ran into them. i would only punish drivers when they were negligent and the pedestrians were following the goddamn rules. this "pedestrians are always right" BS is chicken shit.

        • (Score: 1) by sorokin on Monday March 30 2020, @07:37PM (1 child)

          by sorokin (187) on Monday March 30 2020, @07:37PM (#977327)

          > when the light was green

          Little remark: I don't remember where I saw this, but the road crossing didn't have traffic lights. It had road signs and road marking, but no traffic lights.

          > two stupid drunk bitches crossed the road

          That is a possible interpretation. Another possible interpretation is that he was driving too fast with too low visibility.

          In reality sadly it might be a mix of both: "two stupid drunk bitches were crossing the road and he was driving too fast with too low visibility".

          • (Score: 0) by Anonymous Coward on Monday March 30 2020, @07:46PM

            by Anonymous Coward on Monday March 30 2020, @07:46PM (#977333)

            yeah, i wondered about that. Also, i mean "stupid drunk bitches" in a somewhat callous, but casual way. Not the "youtube commenter" way.

(1)