What I want to know is why on earth there are 371,410,000 weekly downloads of ansi-styles????
-
What I want to know is why on earth there are 371,410,000 weekly downloads of ansi-styles????
https://www.bleepingcomputer.com/news/security/hackers-hijack-npm-packages-with-2-billion-weekly-downloads-in-supply-chain-attack/ -
What I want to know is why on earth there are 371,410,000 weekly downloads of ansi-styles????
https://www.bleepingcomputer.com/news/security/hackers-hijack-npm-packages-with-2-billion-weekly-downloads-in-supply-chain-attack/@jerry Because "destroy the entire container and rebuild it from scratch every time you change a line of code anywhere in the stack" is the new normal.
[Edit: to be clear, I'm saying that with relative neutrality; there are trade-offs!]
-
@jerry Because "destroy the entire container and rebuild it from scratch every time you change a line of code anywhere in the stack" is the new normal.
[Edit: to be clear, I'm saying that with relative neutrality; there are trade-offs!]
@tychotithonus @jerry Gosh I hate this practice so much. What a waste of compute, storage, bandwidth, and time.
-
@tychotithonus @jerry Gosh I hate this practice so much. What a waste of compute, storage, bandwidth, and time.
@hrbrmstr @tychotithonus @jerry I'll admit that my experience with container tech isn't super deep, but don't most container systems heavily cache for exactly this reason? Granted, there are plenty of situations where the cache gets invalidated, like changes up near the top of Docker files IIRC.
-
@hrbrmstr @tychotithonus @jerry I'll admit that my experience with container tech isn't super deep, but don't most container systems heavily cache for exactly this reason? Granted, there are plenty of situations where the cache gets invalidated, like changes up near the top of Docker files IIRC.
@DaveMWilburn @hrbrmstr @tychotithonus @jerry Both things are true! Yes, image builds will cache what they can. However, especially in the case of node apps, it is not uncommon for the
npm installcomponent to be toward the end of the build pipeline, post other changes that might be made. Or even as an entrypoint for the container! -
@DaveMWilburn @hrbrmstr @tychotithonus @jerry Both things are true! Yes, image builds will cache what they can. However, especially in the case of node apps, it is not uncommon for the
npm installcomponent to be toward the end of the build pipeline, post other changes that might be made. Or even as an entrypoint for the container!@mttaggart @DaveMWilburn @hrbrmstr @tychotithonus @jerry yeah, compute/bandwidth is cheap vs the time of a developer at least short term so that's what we get
Even if there was some caching opportunity, proper caching is hard so easier not to do it.
When computers were more expensive, the optimisation went in the other direction, better throw man-hours on it to save a bit of compute or bandwidth.
It's kind of obvious but I did not really realise it before watching the new Python documentary.
https://infosec.exchange/@gnyman/115133703587699083
But still I wonder if the people who grew up with unlimited bandwidth and computer think about it, or is it just the ones who grew up with "scarcity" who are irked by it.
Sorry for hijacking the thread for ranting
-
@mttaggart @DaveMWilburn @hrbrmstr @tychotithonus @jerry yeah, compute/bandwidth is cheap vs the time of a developer at least short term so that's what we get
Even if there was some caching opportunity, proper caching is hard so easier not to do it.
When computers were more expensive, the optimisation went in the other direction, better throw man-hours on it to save a bit of compute or bandwidth.
It's kind of obvious but I did not really realise it before watching the new Python documentary.
https://infosec.exchange/@gnyman/115133703587699083
But still I wonder if the people who grew up with unlimited bandwidth and computer think about it, or is it just the ones who grew up with "scarcity" who are irked by it.
Sorry for hijacking the thread for ranting
@gnyman @mttaggart @hrbrmstr @tychotithonus @jerry
While you're right, these labor saving practices are externalizing a lot of costs the others get burdened with. I'm surprised the companies hosting these software repos continue to bear the hosting costs for free, and I worry about the potential for enshittification if those companies end up in hard times and can't justify hosting stuff for free anymore. What happens if Microsoft's big bets on GenAI fail, their projected revenue tanks, and they start looking at GitHub and NPM as unjustifiable costs (exacerbated by lazy software build practices) that they either need to tap for revenue or shed?
-
R AodeRelay shared this topic
