English
Deutsch
'Coon Cave
Ah, NPM has been hit again by another dev putting rogue code in one of his modules. This time to protest the war in Ukraine by deleting files on machines with a Russian IP address.
Of course, this kind of thing could hit all programming languages with a package management system, but it seems to primarily happen with NPM. Why? Simple, JavaScript was never intended to be used for anything but DOM manipulation. It’s a toy programming language without a type system and the lack of that makes it a popular choice for beginners and career jumpers. As a result, there are plenty of programmers out there, who can barely stitch together software by copy&pasting solutions from Stackoverflow (but still insist on being employable, after finishing a coding bootcamp).
When that’s your culture, it follows that your package repository gets littered with tons of trivial modules by obscure developers, looking for a fast and easy way to build a portfolio. Of course, they don’t get the desired exposure, when their module becomes a second or third level dependency in someone else’s project, but they do get leverage by being able to break things on a scale.
Those who don’t take privacy serious because they have nothing to hide are usually the first to lament, when their elderly relatives fall for the latest grandparent scam.
Isn’t it lovely, how social media always markets itself as the spearhead of free speech, while at the same time giving users voting tools to bury anything that’s not echoing the popular opinion of the platform in question?
Top 10 best Android safety tips 2022
Kidding, there's actually just one and the title is clickbait. Welcome to the internet, have a nice stay.
Preventing developer burnout: it is OK for your open source project not to have a public bug tracker
A bit of perspective about silos, choosing beggars and psychological manipulation by platform owners. There's also a sneaky sixty four thousand dollar question at the end to flash your mind.
Implementing a single class Java parser for semantic versioning with correct precedence ordering
I have this love/hate relationship with semantic versioning. It’s great for libraries, but not so great for apps as it tends to confuse users. The really annoying thing, though, is the rattail of pre release and meta tags that may be appended and the insanely complex rules that must be followed when you do. I mean, just take the following three examples: 0.9.1+Yellow 0.9.1-alpha.1.one 0.9.1-alpha.1.1+Blue All of them are valid semantic version identifiers.[…]Ok, why are coding bootcamps even a topic here? Well, Google more or less popularized this shit with the Associate Android Developer program back in 2016. The certificate was then sold as an extra qualification to people desperately looking for things to plump up their resume with, was quite obviously an attempt to build a low cost labor pool of Android developers with micro degrees and in reality only attested that you could “program” by copy&paste.
So, show of hands please, who else thinks that the Android ecosystem consists dominantly of questionable apps that look like they were cobbled together cheaply?
The shadiest type of coding bootcamps are, of course, those without the camp part: held completely online, using otherwise freely available materials, with the only redeeming factor being the possibility of voice chatting with an instructor.
Total waste of money, if you ask me.
The compiler is your instructor, information gathering and problem solving is part of your skillset as a programmer. If you can’t do either without someone holding your hand and walking you through, then maybe that’s a sign that you are embarking on the wrong career.
So, I have been looking at some coding bootcamp websites now as a basis for a blog article. Most are happy to teach HTML + CSS + JavaScript.
JavaScript is an interpreted language that may be sandwiched in between a markup language. That makes it already slow to begin with. Things don’t improve, performance wise, by adding frameworks to do the heavy lifting and rendering the page on the client (over and over again). Shit really hits the fan, when would be programmers then start plugging their application together from ready made NPM modules because they don’t understand algorithms themselves, hope that someone else does (flip a coin) and end up creating a dependency hell, where no one knows any longer what code the computer is actually running.
That ladies and gentleman is, in a nutshell, the cost of cheaply trained labor: industry standard, slow and bloated, potentially insecure websites with a huge CO2 footprint, because people think that taking shortcuts and focusing on just programming languages is sufficient to become a programmer.
The three main issues I have with career jumpers in tech are:
- They are motivated by the prospect of a high paying job as a programmer, but somehow fail to understand that the high income results (in part) from the expenses of the 4 year degree course, they are so desperately trying to skip.
- They are taking shortcuts by signing up for coding bootcamps. When engineers take shortcuts, bridges collapse, cars crash and software gets hacked.
- They sound like they are ginding experience points to invest in their skilltree. Learning how to program is not the same as playing an MMORPG!
I mean, “Hello, I went to a coding bootcamp for 4 months to become a fullstack developer” is about as ridiculous as a proposal as “Hello, I went to a construction bootcamp for 4 months to become an architect, a mason and a plumber”