Open Source Software Community - it's about ethics in Code of Conducts

[some guy with an opinion]

As much as I despise Node (who the hell used JavaScript on the client side, took a look at the infinitely wide range of decent to great options for writing server-side code, and went, "you know, instead of using any of those, I want to use whack-ass JavaScript on the server too"), I'll defend even the use of installing a package to pad strings if you need to pad strings. It will install instantly, it will work, it probably already has reasonable solutions for weird input or edge cases (can the string to use as padding be more than one character? What if you pass a negative number as the minimum length?), its usage will be consistent so the next time you encounter it in another project (whether someone else's or your own), you will already know in what order it expects you to pass its parameters to the method and what the return value will look like, and using it gets you back faster to writing the code that actually needs to be written to get your job done.

Anyway, if I just write my own string padding method, the next time I need to use one I can either rewrite a fresh one or copy-paste the code I wrote previously. If the code is any good, then doing the former is silly, and doing the latter means I just wrote my own very informal library, doesn't it?

In my opinion, you've missed the point entirely.

When considering libraries, most people will always talk about the "cost" of using the library vs doing it yourself, but it's always purely considered in terms of the actual functionality of the code - who's will be the most efficient, the most rigorously tested, the most "feature complete", which handles edge cases the best, which requires the least effort, etc.

But I think the issue is a lot more fundamental and comes down to philosophy. The main point being

Any code that you use from an external library is not code that you control.

This may not sound like a large problem, but in my opinion it's the critical Achilles heel when it comes to using libraries.

You have absolutely no idea what the future of the library will be.
- Maybe someone will pull the library because they are getting sued by Kik
- Maybe an API-breaking change will be pushed in a new version, or a feature you rely on will be deprecated
- Maybe the library will have a critical vulnerability exposed, but the creator will have moved on and won't bother to fix it

Then there are more fundamental issues to do with the structure of the library and the priorities of the developer
- Does the library expect data to conform to a specific format to make things easier for the library maintainer, but meaning more conversions for you
- Does the library respect the rules of my project - if I want to pass consts around everywhere and ensure consistency of data because it's important, how do I know the library won't randomly change things?

Even if you do your due diligence and thoroughly research a library before choosing it, you don't know how it's going to change in the future.

Even if you use purely offline, static versions of libraries, maintain your own collection of .o files for them (or whatever), and generally only use them in an environment where you control how and when they update or change, you still have no guarantees about whether or not they will do what you need them to unless you read through the source code thorougly and understand exactly what the library is actually doing. Once you've expended the energy to fundamentally understand the entire library, you might as well have written it yourself - at least if you write it yourself you'll know that you have something tailor-made to fit your needs. This is especially if the library has licensing terms that now mean you owe royalties or are hamstrung in some other way.

People will say things like "Why write my own string library when I can just download and use left-pad to have a quicker and more efficient string library that's known to work because of all the field testing that it's already gotten?", and they don't actually consider that you are ALWAYS beholden to the library creator, no matter how much better you might think the library is.

Now consider that it's essentially standard practice across the industry for a typical piece of business software to use thousands of third-party libraries, and suddenly you'll realise you have absolutely no control over your own codebase. All you're doing is passing requests between things other people control. Your code is essentially an employee working on behalf of the libraries.

This is why I will *always* prefer to write my own string library. Even if it's less efficient and field tested.

Every library you add to your project is a liability and should be treated as such. Even if you use an offline version and aren't at risk of it being pulled or changed in detrimental ways, you are still constrained by the requirements of the library, and it's still fundamentally a black box that you're essentially being expected to operate within, which adds uncertainty. Each library you decide to use should be carefully considered and should be absolutely avoided at all costs unless it's absolutely necessary to include. "Getting better code by getting someone else to do it" is a false economy, exactly how companies outsourcing work to "make it cheaper" is a false economy. They both share the same fundamental problems and if you don't support one you shouldn't support the other.

I understand there are situations in which using libraries makes sense and is necessary. For something where security is absolutely critical and requires a specific skillset it's better to let someone who knows what they are doing handle it rather than trying to roll your own. For extremely complex, domain-specific use cases like rendering, it makes sense to use OpenGL or Vulkan or DirectX rather than writing the entire rendering stack by yourself. Using a library makes sense when the workload is otherwise astronomical or extremely prone to error without specific expertise and a lot of oversight. In these cases, however, the right approach is always to treat the library as a hostile entity that's trying to infect and take over your codebase, which essentially means isolating it to one specific part of the code. If you need to interact with it it, use a a generic interface that you create, and ensure you can remove that library and replace it with something else at a moments notice which can be made to conform to the interface. Do not use the data objects provided by the library, instead you should always convert to your own ones and then use those throughout the codebase, rather than casually peppering dependencies around your code files like landmines. The number of companies I have worked for that are "stuck" using some dead library from some dead software vendor that's only giving them trouble but "our whole system depends on it" is countless. And it always sucks for everyone. These issues could have been avoided if these companies isolated their libraries.

For the case of left-pad specifically, it seems insane and asinine to me why any programmer would take on the significant risks and lack of control that adding a library adds, simply so they could save 10 minutes of work. Seriously. It takes less than 10 minutes of work to write a left-pad function. The entire library is literally only 11 lines! And there are countless examples online of people writing better versions - these people are not experts on string manipulation, nor have they written string libraries, they are simply competent programmers trying to do the best work possible. Why would anyone trade 11 lines of code for a permanent dependency that can blow up in their face at any moment, as it famously did for so many projects. If you seriously use left-pad, or you seriously advocate for the use of left-pad, you are a bad programmer and are doing both yourself and the industry at large a disservice by using it and recommending it. Stop it!

This isn't even taking into account the fact that the typical "someone else will do the job better so I should use their library!" argument is inherently an anti-intellectual position. If you're not good at something, take the time to learn it. Relying on libraries to do everything for you makes you stupid and a bad programmer. Would you trust a car mechanic that "finds working on cars too complex" and does everything through a third party?

Seriously, stop using libraries. They essentially force you to code on someone else's terms, take control of your own codebase away from you and give it to someone else, and make you into a crappy programmer. There's a reason why the quality of so much software nowadays can be determined literally by the number of libraries it's using. Often people blame "bloated libraries", but it's not just because libraries are bloated, it's so often because the developers themselves are not competent programmers and aren't expected to be competent programmers - anything they can't handle they simply outsource (if not to pajeets, then to some library most likely written by pajeets), and they refuse to learn the skills needed to actually understand and maintain their own codebase. As a result, when library issues arise, they are not equipped to fix it, and it's very easy for subtle impossible-to-fix bugs to crop up in projects over time that use a large number of libraries. If they don't fundamentally understand the code, how can they expected to fix it when it goes wrong?

 

[triforce9001]

I use few libraries (SDL2 and/or GLFW/GLaD) to get a decent abstraction over operating system and GPU APIs, mainly because I really am not interested in spending time learning about the quirks of operating systems and their window managers. Oh and I do have my own "standard library", as in the usual C++ data structures and algorithms (+ non-null terminated string wrapper), written in C99. Obviously keep 3rd party dependencies as minimal as possible, but I don't see the point in worrying "what the future of SDL2 might be" when I'm making something and it's allowing me to be extremely productive by abstracting the interfaces my projects have nothing to do with except for using said interfaces.

 

[Iodine]

and it's still fundamentally a black box

Are you using closed-source libraries?

Maybe the library will have a critical vulnerability exposed, but the creator will have moved on and won't bother to fix it

Are you the only person using the library?

This isn't even taking into account the fact that the typical "someone else will do the job better!" reasoning is inherently an anti-intellectual position. If you're not good at something, take the time to learn it. Relying on libraries to do everything for you makes you stupid and a bad programmer.

Do you have infinite time and energy to learn every single aspect of computer engineering and do it well?

Once you've expended the energy to fundamentally understand the entire library, you might as well have written it yourself.

No, understanding what someone else did and doing it from scratch yourself really isn't the same level of effort. Not even close.

Seriously, stop using libraries. They essentially force you to code on someone else's terms, take control of your own codebase from you and give it to someone else, and make you into a crappy programmer.

Stop using Kiwi Farms. It essentially forces you to post on someone else's terms, take control of your own user data/content and give it to a cheese-loving feeder fetishist, and make you into a crappy forum administrator.

"Do everything yourself, you don't need nobody else" is an individualist fallacy.

There are valid concerns of excessive dependence on shit you have no control over, but writing as many of the dependencies as you can on your own only makes sense when it's scaled to the practical impact of the project. Do you require very high security, airtight legal compliance and perfect reliability, at the level of "global banking" and "CIA systems"? Do you also have thousands of employees? Then sure, do everything in-house. Are you one random guy with a day job? Is your project some vanity shit like a retro game emulator? Use the libraries. A project with external dependencies that works is better than a built-from-scratch that will never be completed.

 

[Unintelligence Score]

Talking about libraries should be tied to talking about the programming languages and domain.

• C has a good history of library publishing. They do their thing, update slowly (And That's a Good Thing) and have an extremely zealous approach to backwards compatibility, many C libraries are just "done", end-user applications don't typically end up having very deep dependency chains.
  • Important exception: GNOME breaks shit all the time because they decided they must constantly reinvent themselves (for the worse) and make sure that any existing GNOME application must needlessly and constantly burden its maintainers just so they can keep working in modern desktops.
• Java, as much as I fucking hate it, has a very stable and nearly-all-encompassing standard library. Other problems of the language aside, its worst problem is the license model that every adopter who thought they were buying into "Open Source" were fooled into now face constant uncertainty and need to either pay up or move out.
• JavaScript is the most fucked-up ecosystem I know of (so far). Nearly every package out there has very deep dependency chains, many dependencies are deprecated by modern HTML / JavaScript features, most frameworks have the lifespan of flies and those that don't are constantly reinventing themselves and burdening maintainers of projects that use those frameworks to keep up.

 

[skunt]

i've been bingeing the primeagen/primetime on youtube and my opinion on him has done a 180. from what i've seen today he's praised DHH repeatedly, uses hyprland and hasn't brought up troon shit once.
it's refreshing and i'm kinda annoyed at myself for prematurely binning his content. i can't remember why i didn't like him but then again, my options aren't great:

1. a drama chasing self-important jew (lunduke)
2. a fat faggot (brodie)
3. a thin faggot with an annoying voice and face (theo)
4. fireship was okay for a while but i stopped watching when 50% of his videos became ads

the prior methhead wins easily. also kevin fang is another great channel people should check out.

 

[Frightened Rabbit]

...i can't remember why i didn't like him but then again...

I assume most people's first point of contact with Primagen was with him backing Jason up in the first days of the SKG Hate Campaign, and also him being a part of Jasons old Hackathon team, ever since then he grew a better head and kept it down in the D&D shit that tumbled everything down.

 

[prollyanotherlurker]

i've been bingeing the primeagen/primetime on youtube and my opinion on him has done a 180. from what i've seen today he's praised DHH repeatedly, uses hyprland and hasn't brought up troon shit once.

Honestly I've never understood why people here seem to hate him so much. He's fine as far as I'm concerned. He's just a mostly politically neutral (in his videos at least), programmer that talks about vim, and programming topics.

Even going to watch his commentary about stop killing games. It really wasn't the kind of video thor himself did on it. He was critical about it, but for the most part he did make points in it that were worth thinking about. Meanwhile Thor was a self righteous dick about the whole thing, and only doubled down over and over. I seriously hate Theo, but his opinion about a European video game law has nothing to do with it, I just think he's an insufferable faggot, a lot like Thor.

 

[THE DREADED CONE]

4. fireship was okay for a while but i stopped watching when 50% of his videos became ads

Honestly, I unironically think he trained an AI on his voice a long time ago and has not written, narrated or even edited his own videos for over a year. AI script, AI voice, cheap Indian editor. "Get that bag" as the youngins say, I guess.

 

[Frightened Rabbit]

Honestly, I unironically think he trained an AI on his voice a long time ago and has not written, narrated or even edited his own videos for over a year. AI script...

He already was a meat based inferior intelligence before, all I remember from him was that he really talked about the web dev scene and stretched the readme.md of any project over 10 minutes with some light Wikipedia reading thrown in there.

 

[Open Face]

Honestly, I unironically think he trained an AI on his voice a long time ago and has not written, narrated or even edited his own videos for over a year. AI script, AI voice, cheap Indian editor. "Get that bag" as the youngins say, I guess.

He got bought out a while ago. https://www.electrify.video/our-brands

 

[Hieronymus Lex]

He got bought out a while ago. https://www.electrify.video/our-brands

View attachment 8819767

Ah fuck, that's why all the "infotainment" channels all feel the same. I scrolled the page and saw those channels that I know definitely feels propaganda-y, that's because they literally are made from the same factory. (sorry for being mentally )

 

[Ferryman]

Ah fuck, that's why all the "infotainment" channels all feel the same. I scrolled the page and saw those channels that I know definitely feels propaganda-y, that's because they literally are made from the same factory. (sorry for being mentally )

Yeah, I was gonna say, Fireship has kind of floundered as of late. There's still a few good channels I like, namely:

- DistroHub, despite his taste for black thugs
- BreadOnPenguins
- Tsoding
- dacctal
- tonybtw
- Ionic1k
- bigboxSWE
- The Hated One
- onionboots

Come to think of it, a good handful of these are pretty new. You just gotta keep an ear out for signs of buyouts and sudden AI grifting, otherwise you can still find gemmy content even on shitholes like Y*uTube.

 

[Hakase Shinonome]

All this is to say: JS had (still has?) a horribly weak standard library and so JS soydevs relied on third-party implementations. The functionality of left-pad and axios were replaced by String.prototype.padStart() and the Fetch API in the standard library, but we'll still see a lot of supply chain attacks due to how fundamentally flawed the npm model is.

I found it so weird to see Axios being a thing when I saw that it was compromised. Because I code in JS (rightful reason to hate me) and I've always used Fetch(), for years now, it's such a standard thing in JS that I wouldn't even think of using Axios. The only time I've ever even heard of Axios being used was when I followed some Jeet making some shitty software tutorial or in some NPM package guide. This shouldn't have been an issue at all if retards would just use pre-packed libraries instead of some third party Jeetware. I can't fathom why someone would choose third party garbage above just something that you don't even need to install extra.

 

[Unintelligence Score]

why someone would choose third party garbage above just something that you don't even need to install extra.

You have described the entirety of the web development world.

 

[WhiteNight]

Why does everything have to be infested with this shit?

I saw some discussion about the Gleam language, which is another in the Erlang/Elixir family (running on Beam), so I checked out their home page:

https://gleam.run/

A smiling star for a programming language. "Friendly." A bit irregular, but okay.

Scrolling down on their home page, you then see this:

To answer the why question, I looked into the authorship. First, note that the following is in the HTML of the above paragraph:

<!-- Hello! If you make a PR changing this I will ban you. -->

The repo for the website is here:

https://github.com/gleam-lang/website/

The addition was made by Louis Pilford, the creator of the language, whose pronouns are they/them or he/him:

His website: https://lpil.uk/
Bluesky (of course): https://bsky.app/profile/lpil.uk

Pooner? Probably not. More likely some Drew Devault type faggot.

ETA: Why the Lunacy negrates??

 

[Hakase Shinonome]

Why does everything have to be infested with this shit?

I saw some discussion about the Gleam language, which is another in the Erlang/Elixir family (running on Beam), so I checked out their home page:

View attachment 8820336

https://gleam.run/

A smiling star for a programming language. "Friendly." A bit irregular, but okay.

Scrolling down on their home page, you then see this:
View attachment 8820344

To answer the why question, I looked into the authorship. First, note that the following is in the HTML of the above paragraph:

<!-- Hello! If you make a PR changing this I will ban you. -->

The repo for the website is here:

https://github.com/gleam-lang/website/

The addition was made by Louis Pilford, the creator of the language, whose pronouns are they/them or he/him:
View attachment 8820403
His website: https://lpil.uk/
Bluesky (of course): https://bsky.app/profile/lpil.uk

Pooner? Probably not. More likely some Drew Devault type faggot.

I love support via fucking public Discord chats.

 

[Battlefield42]

Tsoding

he has good autism. also isnt a weak spined faggot

 

[BIG BILL HELL'S]

He got bought out a while ago. https://www.electrify.video/our-brandsView attachment 8819767

It makes me sad to see Mentour Pilot on that list.

 

[Ferryman]

If fast charge is not working, your TB chip firmware might be toast. The libreboot wiki has instructions on how to flash fresh TB firmware.

snip

I was right, it was a hardware issue. Apparently while trying to force my dogshit clip down onto the TB chip I'd ended up damaging one of its connection pins. Got it replaced, fast charging's back, but the dock and eDP are still broken due to lacking drivers. Inshallah we will have a functional dock one day.

 

[The Big Bad D]

I was right, it was a hardware issue. Apparently while trying to force my dogshit clip down onto the TB chip I'd ended up damaging one of its connection pins. Got it replaced, fast charging's back, but the dock and eDP are still broken due to lacking drivers. Inshallah we will have a functional dock one day.

congrats on getting your chinkpad unfucked

but I will compile fresh coreboot and send it to your mailbox if you don't do it yourself alhamdulillah