They know. They just don’t care.

2FA should probably be enforced for the process of publishing packages

The most successful recent attacks haven’t relied on stolen user credentials, so this point is kind of moot. API tokens are way easier to obtain and use. Typo squatting and phishing are more effective, and attackers generally don’t need to bypass 2FA.

Linux distros usually rip out build scripts and build systems in order to replace them with their own, but this also further limits the code you have to audit.

Linux users who routinely download and compile src packages is a minuscule attack vector. Most users download binaries, so this point isn’t true either.

And look, I agree that MFA should be mandatory everywhere, and sandboxing is great, but the truth is that the JS ecosystem is chock full of lazy and sloppy devs. That’s just how it has been for the longest time, and no amount of security measures targeting them specifically is going to fix the current state of affairs, because as soon as one is implemented, someone will find it too cumbersome and will find a way to override it. The whole ecosystem needs adult supervision.

But honestly, I believe that JS in the backend has been a massive mistake and we all should abandon it as soon as possible. There are plenty of better languages and ecosystems out there, no need to keep self inflicting this kind of pain.

I see that we are making things up now, aren’t we.

Besides, what does “focus on fractions over decimal calculations” even mean? Fractions and decimals are inextricably linked. Even more, there are calculations that can be expressed more precisely as fractions than with decimals, and there are those that can be expressed as decimals but not as fractions.

So? Calculators have been better at math than students for the longest time, do we delete basic math from the curriculum too?

RISC-V is more like 1-3 years away from CPUs existing that have competitive performance in datacenter workloads. Not decades

I’ve been hearing this for the past five years.

People seem to forget that if one arch moves forward, so do every single competitor out there.

I don’t know why it wouldn’t. This is the model Go uses, their package registry is just a glorified index of code repositories.

C is not that popular nowadays because most devs don’t want to deal with the tradeoffs, most importantly memory handling and management.

Because distro packages rely on a small group of trusted maintainers, while anyone can publish anything to the NPM registry.

Also, distro packages are usually full fledged applications or libraries, which require a certain number of developers upstream to maintain them. There are thousands of NPM packages out there that are essentially walking corpses waiting to be infected.

Are you suggesting that kids should stop learning basic arithmetic?

Yes. The one they had to promote Squid Game a couple years ago was especially loud.

I’ve seen these running in East Asia for several years now, admittedly not in 3D but still really annoying, as they can get extremely loud sometimes.

That’s not enough for production code.

Besides, this just reads like what a kid does with a Lego.

I’m sorry, does this mean that students were taking tests unsupervised until now?

Yet the need for skills remained.

What kind of skills are needed to ask a non deterministic machine to code things one cannot understand in the first place?

This assumes that the owning class will let you make use of that time, which is and always has been untrue.

Also, I find it incredible that “coding” and “accounting” are now “mundane things”. Get off that ivory tower of yours, you definitely need to breath some thicker air.

This is exactly the kind of cluelessness I was talking about. Again, training is way more expensive than running models, and very obviously a rig that costs several thousands of dollars is something not many people have access to.

That’s not at all what the previous message said. You cannot call it a “programming language” and then add all these caveats that programming languages don’t suffer from.

If you mean the likes of COBOL, I’d say that’s hardly natural language.

I’d rather have no code at all, if I’m being honest.

Still terrible code.

I’ve seen bad coders trying to merge hundreds of lines of code where maybe ten were needed. They rely on more experienced devs to tell them how to fix that, just for these to copy and paste the suggestions given in Claude.

I mean if that’s the value someone provides, no wonder they fear for their future.

If natural languages were just another level of abstraction, we would already have a successful English like programming language.