Except not, the Iranian revolutionary system is very much designed around the desire to be able to rapidly replace people. The list of targets for a decapitation strike might just be way too long to be feasible.
It's the biggest military buildup since 2003. Kinda looks like they plan on overthrowing the regime. Which would be amazing for world peace considering Iran is building drones for Russia and supporting Hezbollah and Hamas. But we'll see...
Yeah -- it only took a world war, massive global alliances, and tens of millions of deaths. Also, I’m not sure how political and military competence from about a century ago has any relevance to today.
Wouldn't this just make the number of packages that can be targeted smaller? E.g. I publish a testrunner that needs to install Headless Chrome if not present via postinstall. People trust me and put the package on their allowlist. My account gets compromised and a malicious update is published. People execute malicious code they have never vetted.
I do understand this is still better than npm right now, but it's still broken.
Security is usually full of incremental improvements like that, however. Reducing the scope from all of NPM to the handful of things like test runners would be an enormous benefit for auditors and would encourage consolidation (e.g. most testing frameworks could consolidate on a single headless chrome package), and in the future this could be further improved by things like restricting the scope of those scripts using the operating system sandbox features.
Security is layered, no layer will conclusively keep you safe, but each one make it harder to pierce to the core. For example, the impact of the recent SHA1-Hulud attack would be much less, as compromised packages (that previously did not have any scripts executing at install time), would not suddenly start executing, as they are not allowlisted.
You spell out a lot of examples, but all of them are purely technical. What is it that you can deliver to the user using Node that you cannot deliver using Django? This is a genuine question.
Congrats on building this. But, please do not auto translate your website content, English is fine. For my language the part about trust is really cringe, which is not really building trust, you know.
Only tangentially related, but maybe helpful still: If you struggle with OCD, the books by Sally Winston and Martin Seif are pure gold. There's nothing that helped me finding a way to deal with OCD like they did.
Freelance software engineer with experience across a wide range of areas in web and software development. Skilled in delivering projects that require autonomy and focus.
Expertise includes JavaScript, Go, Python, and PHP, along with frameworks such as Node.js, Django, Flask, and Laravel. Proficient in cloud and infrastructure tools, including AWS, Kubernetes, Terraform, and Serverless.
Capable of handling static websites, web applications, and custom cloud solutions with a focus on simplicity and thoughtful design.
This is a well known concept called the "Hedonic Treadmill", which exists since the 70ies, not "doomer psychology". It also does not say treating depression is not possible. Depression is a disease.
Freelance software engineer with experience across a wide range of areas in web and software development.
Skilled in delivering well-defined, scoped projects that require autonomy and focus.
Expertise includes JavaScript, Go, Python, and PHP, along with frameworks such as Node.js, Django, Flask, and Laravel.
Proficient in cloud and infrastructure tools, including AWS, Kubernetes, Terraform, and Serverless.
Capable of handling static websites, web applications, and custom cloud solutions with a focus on simplicity and thoughtful design.
