Posted on 01/14/2022 7:53:49 AM PST by ShadowAce
The man who sabatoged his own code, should and will be blacklisted from any IT job in the long term.
Agreed. I think he just shot himself in the foot.
My current project has (some) Javascript on the server-side. We had a bug where -- mysteriously -- some email addresses failed to validate. The issue turned out to be that the JS code was validating them against the regular expression "[Object]" ... I'm not kidding. Email addresses that contained one of the letters in "Object" validated; others didn't.
Trust open source libraries only from reputable and established sources like Apache SF, Google, VMware etc. Use anything written by individuals or independent third parties at your own risk.
This is what happens when people who are programming as a second (or third) choice are responsible for essential code. They do not have the mindset to think the way code executes.
And, of course, nobody tests anymore....
“A black eye” is hyperbole?
Failure to test is one of the biggest contributors to the ongoing backsliding in IT. We have programs roll out to today that clearly show that no one wanted to spend the time nor money on simple tests.
I regularly witness failures for routine things that were resolved two decades ago that anyone with basic skills could prevent.
There is so much high quality ‘open source’ code out there that yes, this is hyperbole. It’s like blaming the whole auto industry because one guy welds a coke bottle inside a door panel.
they send me daily e mails looking for my project for them
Node’s main advantage is its simplicity. It’s basically a JavaScript wrapper around core functions written in C++ (chrome v8 engine) so it can be very fast. So even though your backend seems to be written in a front end language like JavaScript, all the heavylifting is actually being done by C++ which is very, very fast. Couple that with how easy it is to learn JavaScript and find JavaScript developers you can see why small companies and startups favor Node. And some big ones too.
I am delighted to have people use the code I have open sourced and would never think to damage it. If I wanted to be paid for it I wouldn’t have open sourced it. Don’t think anybody would have used it if I tried to sell it anyway, so just decided to be nice and make my own small contribution to open source, since like everybody else I have benefited by others doing the same. And open sourcing may help improve reputation and make it easier to get a good development job...but not if you are the kind of jerk that breaks their stuff to screw others...
Except there’s the whole scope issue. This sabotage effects thousands of programs, possibly millions of users. And of course there’s the problem that open source critics have been pointing to basically this exact “what if” pretty much from day 1. It is a black eye for the industry.
Since software began the actual programmers have been given Hind Teat. The Managers have wanted to take the bulk of the profits from people who can do what the Managers could never do.
It just goes to show you how truly powerless everyone is. Even the programmers in their personal lives depend on other programmers.
Just look at the last week’s revelation that some guy could control Tesla’s all over the world. And you want to give Amazon the ability to open your garage door? Please...
This complete reliance on Smart This, Smart That and the Cloud is Mass Suicide.
I guess but I’m not exactly rooting for the woke MegaCorps he’s sticking it to.
Node = inject a couple thousand sketchy dependencies in your code.
The author writes: While open-source developers should be fairly compensated for their work, wrecking your code isn’t the way to persuade others to pay you.
Well, that’s the rub. Shareware devs rarely make any money and regularly put in thousands of hours. While surrounded by FANG devs pulling down million dollar compensation packages. Author makes no attempt to solve that pesky problem. Some devs are going to resent 23 million uses and zero dollars coming in.
And yes, blindly updating to the latest dependencies without testing is foolish— a that can be defeated by only activating after a future date.
Good article.
Depending on the damage done he may be open to legal action.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.