Until you go get malware

Supply chain attacks happen at every layer where there is package management or a vector onto the machine or into the code.

What NPM should do if they really give a shit is start requiring 2FA to publish. Require a scan prior to publish. Sign the package with hard keys and signature. Verify all packages installed match signatures. Semver matching isn’t enough. CRC checks aren’t enough. This has to be baked into packages and package management.

In 10 years where do the senior dev's come from? Real question. Seems like with lower entry level jobs now, in 10 years there won't be seniors to hire.

I'm coming to the unfortunate realizattion that supply chain attacks like this are simply baked into the modern JavaScript ecosystem. Vendoring can mitigate your immediate exposure, but does not solve this problem.

These attacks may just be the final push I needed to take server rendering (without js) more seriously. The HTMX folks convinced me that I can get REALLY far without any JavaScript, and my apps will probably be faster and less janky anyway.

Could you summarize the contents of this video so we don't have to watch it?

Heh...it is so much worse than that.

Trump has no idea what he is doing, it has been very clear in interviews.

In the first admin, it was the adults in the room, the thing is, it's not yes men this time...it's the villians in the room. Trump is being handed EOs that he doesn't have a clue about.

For all the talk about P2025 and denial of any relation to it, they have done roughly 50% of the actions in the project already with more on the way. ~2/3rds of all his EOs have been in the plan. Virtually everyone related to the project is now in the admin - the head of the FCC literally wrote the 'FCC' section and boy is it an attack on everything the EFF holds dear.

I think what is notable is that it seems to have gotten more bold - the plan called for reducing USAID, not killing it for example.

And Yes, page 246, killing funding for PBS.

The US is so weird right now.

You have a President who is ordering the defunding of tons of groups (universities, media, aid, institutes) while not clearly having that authority and often doing so for what he views as ideological crimes.

Also arresting and trying to deport people for things that are not clearly crimes (newspaper op-eds, etc) and without due process.

Very strange times.

Right now I have some faith the courts in the US will stand up to this and get the US back on track but I worry that dam may not hold forever.

Saving grace is that his is not widely popular, although that is more for his tariff moves than for the others.

Microsoft made one called Garnet, I wouldn't say its a fork though, its basically compatible with Redis and implemented mostly in C#. It supports the RESP wire protocol from Redis for ease of compatibility.

https://github.com/microsoft/garnet

I think we're at an awkward place where governments worldwide have been slow to understand the importance of the global infrastructure that has sprouted, largely due to open source software...

Given that browsers are essential to access information, I think they shouldn't be developed behind a business model, but rather as part of a global digital infrastructure fund.

There should be some independence guarantees in order to make that organization not have to bow to pressure from governments to sacrifice privacy due to funding threats.