Posts by sinbad@mastodon.gamedev.place
(DIR) Post #AdPiZUoe4dbkvvQQnQ by sinbad@mastodon.gamedev.place
2024-01-01T20:11:47Z
0 likes, 1 repeats
@tychotithonus @robertatcara Yep. Those of us who were there did a whole bunch of work precisely so that nothing happened, and we knew at the time that it would mean a lot of people would assume there wasn’t a problem in the first place. Such is the lot of the people who maintain critical infrastructure well, rather than letting it fail and “heroically” fixing it - no-one notices when you’re doing a good job.
(DIR) Post #AjXquDv8zp4fXofatc by sinbad@mastodon.gamedev.place
2024-07-02T11:56:01Z
0 likes, 0 repeats
Every week there’s an article about the high vulnerability of package managers to supply chain attacks and I’m just amazed it’s taken this long for people to figure out that routinely auto-pulling 500 disparate third party libraries unseen into your project is a terrible idea
(DIR) Post #AjXquEwxAa7EjiWYM4 by sinbad@mastodon.gamedev.place
2024-07-02T18:44:03Z
0 likes, 0 repeats
I remember back in my MacOS dev days being told that I should be using CocoaPods and when I told them that was a stupid idea (I had like 3 dependencies and regularly poked around in the source for all of them) I was the old fashioned old man. “But it automates all the updates!”. So what? There’s 3. a) I don’t need it, it’s super easy to pull changes from source and b) when I do it manually I actually *look* at the updates like a sane person would https://arstechnica.com/?p=2034866
(DIR) Post #AjXquG451ZPWC6rl6O by sinbad@mastodon.gamedev.place
2024-07-02T19:07:04Z
0 likes, 0 repeats
Of course there’s no reason you can’t use automated package managers *and* do the kind of due diligence a responsible developer would do when pulling code from third parties into their project, but I don’t think I’ve ever seen anyone do this. Instead it seems normal to implicitly trust anything that comes out of a package management system no matter who controls it and that’s always been wild to me.
(DIR) Post #AjXquH9Qz9HtZ0NY5Q by sinbad@mastodon.gamedev.place
2024-07-02T19:09:35Z
0 likes, 0 repeats
And the thing is, the number of external dependencies (and their update volume) that you can realistically, properly vet for inclusion in your project, is inherently small enough that you don’t need a package manager. And if you need a package manager to handle it all, you can’t be checking what you’re pulling in and so you’re definitely vulnerable.
(DIR) Post #AjXquI5ZUznATJZyhk by sinbad@mastodon.gamedev.place
2024-07-02T19:18:02Z
0 likes, 0 repeats
“Vetting” can mean delegating due diligence to the publisher (or repackager) rather than personally reading the source, but that means vetting the publisher instead. And there is a finite number of those that you can maintain vetted trust in at any one time. You can’t just assume that the “community” somehow automatically protects you against bad actors. It might, but it’s been shown many times that it might not; sometimes everyone thinks someone else would have spotted a problem and no-one does
(DIR) Post #AjXquIuyPsuP2jd1pA by sinbad@mastodon.gamedev.place
2024-07-02T19:23:46Z
0 likes, 1 repeats
It makes me laugh when I see programmers harping on about their memory safe languages and how they’re not subject to buffer overruns like the old man languages, while auto-pulling 500 dependencies from randos on the Internet into their projects without even looking at them
(DIR) Post #AoLRXcPibTWn9iApVY by sinbad@mastodon.gamedev.place
2024-11-23T15:46:39Z
0 likes, 1 repeats
I’m doing housework, meanwhile the boys are just chilling, which of us is the more intelligent species I wonder #caturday
(DIR) Post #AoLRXew3EEZyyZJgBM by sinbad@mastodon.gamedev.place
2024-11-23T16:22:27Z
0 likes, 0 repeats
Pippin the bodyguard for boy band lead singer Merry is all “No paparazzi!” #caturday
(DIR) Post #AojpmqsTUA9arEDLcW by sinbad@mastodon.gamedev.place
2024-12-04T10:27:59Z
0 likes, 0 repeats
I wonder how many people in gaming and tech wouldn’t have to deal with layoffs if the people in charge knew what they were doing, and didn’t just chase the latest fad (eg GenAI aka PISS, live service games), emptying sackfuls of money directly into the toilet just because all of their equally clueless C-suite friends think it’s a great idea
(DIR) Post #Ar4h4NritinK4dOM88 by sinbad@mastodon.gamedev.place
2025-02-13T10:50:19Z
0 likes, 0 repeats
I think a lot of tech these days is in “complexity runaway mode”: there are loads of abstraction layers because things are unnecessarily complex, built by people who either want to protect their jobs, or just like complex things to make them feel smart, or have learned how to do something 3rd hand so don’t really know *why* they’re doing any of it. Then the abstraction layers create a new base tier of complexity, suggesting a need for yet another layer. Feels insane
(DIR) Post #AvSK6vfyntdxNf4nYm by sinbad@mastodon.gamedev.place
2025-06-24T11:07:56Z
0 likes, 1 repeats
I know I'm a grumpy old man but I get so annoyed at how the tech bros have turned everything good about the Internet on its head. 1. Endless free source of information -> mostly disinformation, automated en masse.2. A place to connect with others -> a place to get enraged by or abused by othersAll because the bad versions line their already stuffed pockets more. Any of them could choose to do better and never run out of money. But they don't, because they're awful people
(DIR) Post #AvzSk129W472uBd5hA by sinbad@mastodon.gamedev.place
2025-07-09T19:34:17Z
0 likes, 0 repeats
It makes me laugh/cry that we spent decades trying to get the software industry to internalise that it takes far more effort to support & maintain systems than it does to write them in the first place, and yet seemingly every trendy development in the last 5-10 years has been about making that initial stage faster & sloppier at the expense of everything else
(DIR) Post #AvzSk8sAN4sVDX1EEy by sinbad@mastodon.gamedev.place
2025-07-09T19:39:35Z
0 likes, 0 repeats
I’m glad I’m not doing “serious” systems anymore, can you imagine trying to maintain code that does important things like paying people’s pensions in this environment
(DIR) Post #AvzSk8yty2GXYQAbjs by sinbad@mastodon.gamedev.place
2025-07-09T19:45:07Z
0 likes, 0 repeats
Caveat: not entirely true, the safer language crowd is carrying the torch I guess
(DIR) Post #AxAnW5CjxguPIgmLlg by sinbad@mastodon.gamedev.place
2025-08-14T19:41:56Z
1 likes, 0 repeats
@djlink Charlie explains move semantics
(DIR) Post #AyhW35NVwjPJsp4ytk by sinbad@mastodon.gamedev.place
2025-09-29T14:02:17Z
0 likes, 1 repeats
You thought bureaucracy was bad? Enter "vibe working" in Office 365! Try getting any sense at all out of the corporate world now everyone's had their brains cooked by delegating 90% of cognitive functions to a statistically biased bingo machine
(DIR) Post #B2xptM7egOW0C0ecHA by sinbad@mastodon.gamedev.place
2025-06-28T09:23:25Z
0 likes, 0 repeats
The state of programming in 2025 that makes vibe coding so attractive is IMO the result of terrible decisions in tech over the last couple of decades. Non-existent stdlibs that normalise the use of a thousand micro dependencies, blindly pulled. Constantly mutating frameworks as performance art. Untyped languages that need huge test suites to prevent basic errors. It all generates mountains of boilerplate that *of course* people want to offload any way they can, even if it’s wrong half the time
(DIR) Post #B2xptNGYQnEBjtpEmm by sinbad@mastodon.gamedev.place
2025-06-28T09:26:48Z
0 likes, 0 repeats
Programming is supposed to be creative. If everyone needs to build a giant scaffold out of 2000 separate pieces of assorted junk before they can even get to that part, something has gone badly wrong. I’d argue we’ve somewhat accepted that the junk pile is the platform now, and that’s the root of so many problems
(DIR) Post #B2xptVMsJB2MroqOkS by sinbad@mastodon.gamedev.place
2025-06-28T09:39:48Z
0 likes, 0 repeats
Basically I blame web browsers. I don’t think anyone can claim the platform for almost every application made today was in any way “designed”, it just kind of metastasised from its original quite narrow premise