undefined | Better HN

0 pointswang_li8y ago0 comments

The last time that a package I installed proceeded to install code that the vendor didn't know about was never.

The last time a web page caused my browser to download and run js that the page owner didn't know about was five minutes ago.

0 comments

seangrogg8y ago

So every package author understands each of their dependencies and all of their respective sub-dependencies, recursively on down?

This is probably the best bit of programming humor I've read all morning.

wang_liOP8y ago

>So every package author understands each of their dependencies and all of their respective sub-dependencies, recursively on down?

Have they personally audited every dependency? Probably not. Is the list of dependencies known? Yes. Is the list fixed? Yes.

On the webpage side:

Does the content provider know what will be served by their ad network? No. Does the ad network provided content change? Yes, constantly. Does the content provider even know who ultimately will be putting crap on their web page via the ads? No.

tomxor8y ago

> Does the ad network provided content change? Yes, constantly. Does the content provider even know who ultimately will be putting crap on their web page via the ads? No.

Whoa! hold on a sec.. code inside a browser != Ad network, when people insert ads into programs outside of web browsers you will have the same issue, only potentially worse because you wont know if they properly sand-boxed them.

tomxor8y ago

:D ... obligatory xkcd https://xkcd.com/797/

j / k navigate · click thread line to collapse

0 comments

seangrogg8y ago

So every package author understands each of their dependencies and all of their respective sub-dependencies, recursively on down?

This is probably the best bit of programming humor I've read all morning.

wang_liOP8y ago

>So every package author understands each of their dependencies and all of their respective sub-dependencies, recursively on down?

Have they personally audited every dependency? Probably not. Is the list of dependencies known? Yes. Is the list fixed? Yes.

On the webpage side:

tomxor8y ago

> Does the ad network provided content change? Yes, constantly. Does the content provider even know who ultimately will be putting crap on their web page via the ads? No.

tomxor8y ago

:D ... obligatory xkcd https://xkcd.com/797/

j / k navigate · click thread line to collapse