Worker solidarity is about lifting people up, not pushing everyone down.

But regardless, having had to deal with some legacy code written 10 years ago by someone who isn’t working at the company anymore, I would take an outdated spec over none at all. At least then I know what people intended back then, what they cared about, what they had and hadn’t considered. As long as the spec is written by a human, that information is surely valuable.

I see your point, and I think I would partially agree. I guess that, to me, specs need to be more of a live document than something someone writes and gets forgotten over time. I still think that thoroughly commenting code and having a strong E2E test suite is a better option overall.

Specs are great for short term discussions about requisites and implementation.

But there’s this old adage, “Confluence is where knowledge goes to die”. I don’t think I’ve ever worked at a company where this wasn’t true.

If you write a spec, there’s a non zero chance that nobody will update it in a year, because it has no effect to the bottom line, and engineers have to be willing to look them up every time they make changes to code, which is never the case.

The corollary to this is that code will generally become of lower quality, as more seniors burn out from taking on purely reviewer roles.

I find myself frequently giving up on writing specs or skills for LLMs because even the most expensive and advanced models cannot produce production quality code. They can sometimes produce correct code, when multiple passes are done and the most egregious mistakes are ironed out, but at that point I’ve already burned $200 worth of tokens.

To the author’s point, if I need to make my specs so fine grained that I could write the code instead, what’s the benefit in relying on a LLM?

I used to think Reddit users were too negative. Then I joined Lemmy.

2FA should probably be enforced for the process of publishing packages

The most successful recent attacks haven’t relied on stolen user credentials, so this point is kind of moot. API tokens are way easier to obtain and use. Typo squatting and phishing are more effective, and attackers generally don’t need to bypass 2FA.

Linux distros usually rip out build scripts and build systems in order to replace them with their own, but this also further limits the code you have to audit.

Linux users who routinely download and compile src packages is a minuscule attack vector. Most users download binaries, so this point isn’t true either.

And look, I agree that MFA should be mandatory everywhere, and sandboxing is great, but the truth is that the JS ecosystem is chock full of lazy and sloppy devs. That’s just how it has been for the longest time, and no amount of security measures targeting them specifically is going to fix the current state of affairs, because as soon as one is implemented, someone will find it too cumbersome and will find a way to override it. The whole ecosystem needs adult supervision.

But honestly, I believe that JS in the backend has been a massive mistake and we all should abandon it as soon as possible. There are plenty of better languages and ecosystems out there, no need to keep self inflicting this kind of pain.

I don’t know why it wouldn’t. This is the model Go uses, their package registry is just a glorified index of code repositories.

C is not that popular nowadays because most devs don’t want to deal with the tradeoffs, most importantly memory handling and management.

Because distro packages rely on a small group of trusted maintainers, while anyone can publish anything to the NPM registry.

Also, distro packages are usually full fledged applications or libraries, which require a certain number of developers upstream to maintain them. There are thousands of NPM packages out there that are essentially walking corpses waiting to be infected.

If it succeeds, then great, people will have a faster, safer Bun.

If it fails, then great, one less JS runtime.

It’s a win-win!

The problem I’ve got is that you all have a god of the gaps, the conversation I was having 3 years ago was different to 2 years ago was different to 1 year ago

And I guess the problem I have with you, is that you seem to think that you can get results with 16GB, competitive with models that run on a Blackwell 6000 with 96GB, while ignoring the fact that the vast majority of the people in the world are running GPUs with 4 to 8 GB of VRAM, if they even have access to GPUs, at all.

That’s the gap. Most people don’t have the kind of money you think they do, and even those who do have some money, they will never achieve the same results as with cloud models, because if there’s a state of the art optimization that makes models 10 times smaller, cloud models will become 10 times bigger with that advantage. It’s pretty simple.

2026’s average gaming PC is massive amounts of memory and compute apparently

Any model that can run on 16GB or less, is not going to be any close in real world tasks, to any other cloud based model. It just cannot be. There are people out there running Qwen on the Mac Studio with 96GB, and it falls short of cloud based models in both performance and speed.

lol there are plenty of open source models in the top 100 with multiple SOTA models released in the last few months alone

The top 100 of what, exactly? Many blended benchmark results are notoriously biased, and LLMs “cheat” on benchmarks on every single opportunity, so it is still hard to tell, outside of real world tasks and speed, which models are actually better than others.

But regardless, the main point of the gap is resources. Even if the average gaming computer was really enough to run meaningful models, the vast majority of the world wouldn’t have access to it, even more so in this day and age, where a single RAM stick couldn’t be bought with a whole monthly salary in most parts of the world.

For which you still need massive amounts of memory and compute to run reliably. That, and the fact that chatbots and agents nowadays rely on all sorts of proprietary customizations, outside of the realm of LLMs, to perform certain tasks.

The gap will take decades to close, if it ever does.

Not at all. I’m genuinely interested in the use cases for this type of library.

Is that a thing? I mean, running ClamAV in NodeJS? First time I’ve seen it. Is there any project out there that you know could use your library? Would love to see it.

What’s the goal of this project? What does it try to achieve? Genuinely curious.

If you only need it for development, and will still host the final product in Vercel, why wouldn’t you just test locally?

It looks like for every item, a 20% pre-order discount is applied. If so, that’s just way too much money. The tenting set is just two bits of aluminum and it’s $49 after discount, that’s insane.