Dual stack setups are not an issue unless your router doesn’t support it or your ISP sucks.

I didn’t know that Canada was basically Mordor…

I’m pretty sure it’s both.

Type of shit that jerma985 would write down on a whiteboard while high.

There are some good points in it, though I wouldn’t really consider go dependencies all that decentralized in practice and I don’t understand how checksum db will protect against supply chain attacks with stolen credentials, but I admit I haven’t looked into the details.

But why hasn’t JavaScript established a defacto stdlib to replace ask the left pads and is even type packages?

I’m guessing things were working out pretty alright, even with the insane amount of dependencies per project. The awareness and the increasing frequency of supply chain attacks is relatively recent for npm. But who knows, maybe the tech giants in control of the web standards are happy to keep using their own vendored registries.

Npm probably has the biggest attack surface and many of the libraries hosted there are in extremely widespread use. They’ve taken some steps to mitigate these supply chain attacks, but as we’ve seen with more recent examples, it’s unrealistic to think they can be prevented completely. Most of these attacks use stolen developer credentials, which invalidates almost all potential security measures on the registry side and the best you can hope for is catching a malicious package quickly. To be clear: I think the JS ecosystem is uniquely positioned to be the prime target of supply chain attacks and while that doesn’t excuse the slow implementation of security measures from the npm team, the people arguing that other package managers and registries aren’t vulnerable to this have to be huffing fumes.

Npm has gotten a few config options that prevent this behaviour. We can only hope that they will become the default eventually.

It does. Enforcing a minimum package age can be useful for some applications, but the average user isn’t one of them.

The good news is that there already is a gold standard for supply chain security: the Go programming language.

Lmfao

Network access can make sense if you want to be notified when your wash is done. Some cycles don’t have a preset running time. You can do some neat stuff with home automation. None of that should require internet access or use a cloud service controlled by the manufacturer.

I see. It uses AI generated code, I just checked.

Is there a version of n8n without AI generated code?

There’s no need to turn everything into a genration war. Computer literacy and a sense for maintaining privacy comes and goes with different groups of people depending on their upbringing. The ones who cared about their privacy to the point that they would refuse cookies on every site are definitely not the ones who roll over and let the AI agents access all of their data. A lack of good education and deliberate influence of the advertisement and tech industry has led us to this point and snarky flamebait on twitter isn’t getting us anywhere.

You’re already doing great if you just don’t disable IPv6. Bonus points if your ISP and your router supports proper dual stack IPv4 + v6, then you can actually connect to the internet using v6! Also, fun fact: the original Nintendo Switch does not support IPv6 at all. Pretty much all other non-ancient consumer stuff should be fine. Check your clients IP address assignments, maybe you’re already using IPv6.

Yes, the issue is the wording. The american version shrinks a bottle of certain volume, the metric version shrinks the unit of measurement.

No, though parts of systemd have a scope creep issue, that’s not what I’m describing. I’m talking about Poettering deciding to create a service layer for Linux after stealing some ideas from MacOS. Reducing that to “scope creep” is misleading at best and feeds into the “systemd is a monolithic application” concern trolling at worst.

Don’t like systemd-resolve? Fine. I get that plenty of implementation details are incomplete, suck or have caused friction with other software. On the other hand it’s a really useful tool for dynamic split dns handling, which is why I like using it. You can disable it, I’ve done so on some workstations and servers, because of poor choices in internal domain names leading to mDNS issues, knock yourself out.

Don’t think it should be part of an init system? It really isn’t. I wouldn’t call systemd just an init system to begin with, though that was the initial project goal. Most of its parts are reasonably well separated or at least highly configurable for a service layer. I genuinely think it’s completely insane to have DNS resolution in libc, but people have gotten used to that. Systemd-resolved is completely inoffensive in comparison imho.

Don’t like systemd as a whole? Use a distro without it. It really is that simple. Everything has been discussed - at length. Wars have been fought. At this point, change will only come if the complainers actually sit down, shut up and do some work towards their goals.

Sorry this turned into such a rant, most of this isn’t even directed at you, this situation just annoys me. Especially this poor guy getting death threats on GitHub because someone riled up all the asshats in the community who have no idea how any of this works. Maybe they should focus their energy on the political forces pushing the California legislation that started this whole mess? I’ve been tired of this stupid debate for years now. I feel like it’s mostly carried by people who have no idea what they are talking about these days.

Could be surrealist humor if we ignore the alternative american version

Yes.