Grund 409638045983 warum ich dieses ganze #nodejs Universum verachte:
Habe Code - nicht meiner, kann daran nichts ändern.
Code hat sich seit 7 Monaten nicht geändert.
Vor 7 Monaten ist die Pipeline gelaufen und hat ein Image erfolgreich gebaut.
Heute läuft die Pipeline nicht mehr, weil sich irgendeine Abhängigkeit anders verhält als vor 7 Montaten.
Und nu?
Ja, bleiben diese 9,8er CVEs halt drin in dem Image, weil neu Bauen geht nicht.
@schenklklopfer wo es in der Firma nicht anders geht, sichern wir uns mittlerweile den ganzen node_modules Ordner weg und archivieren den. Einfach vor Angst, dass mal ein Modul nicht mehr verfügbar sein könnte oder irgendein anderer Scheiß passiert. Hilft aber natürlich nicht bei CVEs.
I'm finally at the point where I have to start working on perhaps the main feature of my programming language Squarepants: the ability to compile to GPU Shaders.
The most attractive target would be #SpirV which is an intermediate representation that works almost everywhere... Except on browsers, and only because #Apple didn't want to give control of the standard to the group that develops SpirV.
Instead, Apple imposed #WGSL , which is a language instead than an intermediate representation, so it's a pain in the ass to target and will end up with the same problem as #javascript .
At some point there will be translators from SpirV to WGSL, but I can't rely on those now.
So, what am I going to target?
Right now Squarepants compiles to javascript, so can run easily in both browsers and #nodejs.
There is a project to run SpirV (via Vulkan) on node, but has been dead for years, which means that if I want to compile to a native application, I need Squarepants to compile to C or LLVM first.
OTOH if I go through the square-peg-in-round-hole and target WGSL, then I can target browsers.
@xarvh
And.... We take bug reports if something is broken. But check first if you're using a feature that is missing from WGSL...like texel buffers. crbug.com/tint
Did you know that you don't need to commit to an entire @agregore browser to make use of it's tech? If you already have #nodejs installed you can run agregore-compatible #JavaScript modules from your cli over any protocol supported by the browser. (e.g. #IPFS or #gemini )
npx agregore run hyper://blog.mauve.moe/example.js
With this you can share #p2p code between applications and command line utilities.
@melroy With the caveat that I’m already paid to work on npm by GitHub and don’t expect any donations, the best way is my GitHub sponsors page https://github.com/sponsors/lukekarrys?frequency=one-time And thank you for asking! It prompted me to finally finish setting up this page.
A critical vulnerability, named BatBadBut, was discovered in the Rust programming language, affecting not just Rust but also Erlang, Go, Python, Ruby, and potentially others. This vulnerability, with a severity score of 10/10, could allow attackers to execute arbitrary commands on Windows systems by exploiting how Rust handles batch files. The issue arises from Rust's standard library improperly escaping arguments when invoking batch files on Windows, leading to potential command injection. The vulnerability has been addressed with a fix in Rust version 1.77.2, which developers are urged to update to. Other programming languages and systems, including Node.js, PHP, and Java, are also affected and are working on patches.
As I've noticed it's #PortfolioDay and have seen some wonderful artwork posted by people, as a programmer, I'd like to share a project I made, a command line time tracker with the purely textual interface.
Since I spent a good deal of time designing the textual output and UX I figure it's akin to art.
The interface is natural language input of times and dates representing when you start and end tasks.
Completed setup of a #refurbed small Windows PC today and remoted into it from my MacBook to #debug some #nodejs code that was failing its windows tests on GitHub Actions
Is almost 20 years since Windows was my primary dev machine – it feels so alien nowadays when all my dev work is centered around git and cli-tools
@joelanman Ahh in that case yes. I had a situation on the past with Astro where they pushed out a breaking change on a minor and I had ^ so now I either go only patch or remove it all together. Using ncu to update
@joelanman I also hate package-lock.json in general too because it's only deterministic at the OS layer. With one of our systems we're forced to use React to use their design system and that lead to pipelines failing because of a rollup binary for amd64 and I'm on Apple Silicon.
We've had similar issues with Docker images for the GitHub Action runner where building them on intel worked but on the M2 did not (we've since made it an Action to build a new one)
Ever worked on #nodejs projects locally and wished for a more standardized, production-like experience for your team? Try @ddev! I walk you through setting your local up with #docker#containers in my latest article on @lullabot
@aral Bun is actually one of the worse VC funded companies, I remember their first job post and they seemed to expect insane working hours. Also the creator is a Thiel fellow 🤷♂️