• 0 Posts
  • 26 Comments
Joined 1 year ago
cake
Cake day: June 10th, 2023

help-circle





  • Yeah, that seems bonkers, but it’s how npm works. I don’t always code in JS, but if I do: a) its code that’s going to run in a browser and b) I never ever use any JS dependencies aside from browser builtins. It’s about the only way to opt out of the dependency nightmare that is “modern web dev”.

    Ok, I lied a little bit. In my job, I sometimes do JS work on projects with Grunt, Bower, Backbone, jQuery and a gorillion other dependencies. But when I have full autonomy over a codebase like with my side projects, my style is as above.

    To qualify that even more, even in my side projects, I often use minifiers, but not ones written in JS or pulled in via NPM.

    Of course, that probably doesn’t help much when you have need of functionality that would be much less trivial to make yourself. Again at my job, we use JsBarcode to generate images of barcodes. That would be a royal pain to implement from scratch. If I needed that functionality in a side project, I’d probably just bite the bullet and pull it in from Bower with 30 other bulky dependencies. (Or more likely just refrain from taking on that particular side project. Or possibly generate barcodes server-side.)






  • “Given enough eyeballs, all bugs are shallow.” - Linus Torvalds

    Open Source software is (caveat, qualifier) safer than proprietary software. (And I’ll get to the caveats and qualifiers later.)

    Software exploits are possible only because of mistakes, oversights, negligence, or mistaken assumptions on the part of the developer of user of the code. More eyes on the code help suss out those mistakes, oversights, negligence, and mistaken assumptions, creating a more secure (and bug-free) piece of software.

    Besides that, companies that make proprietary software have incentives to put evil things into said proprietary software that endanger you to enrich them. (For instance, phone apps collecting personal data about you only to sell to advertising companies.) Companies that contribute to open source software also have incentives to put evil things into open source software, but when everyone has access to view the source code, it’s a lot harder to get away with that. (Not to say it’s never happened that purposeful vulnerabilities have gotten into open source software, but it’s a lot easier to catch such vulnerabilities in open source software than proprietary software.)

    As others have said, the way algorithms related to security are designed, the security doesn’t depend on keeping the algorithm secret. (But rather, keeping a “key” – a bit of data generated by the algorithm – secret.)

    Now, caveats.

    I do believe there is some extent to which open source software is trusted to be safe even when the “chain of custody” is questionable. There are ways to ensure integrity, but there are repositories such as NPM that carry large amounts of open source software that is used by huge numbers of people on a regular basis that don’t utilize sufficient integrity checking techniques. As a result, there have been a few cases where malicious code has sneaked into NPM and then into codebases.

    There are also cases where governments have gotten malicious code into open source projects. (Though, I’d expect that’s more of a problem with proprietary software, not less.)






  • First off, you’re awesome and so is your daughter!

    It does seem like there are at least two potential aims here: to make a game and to become a better coder.

    If the primary aim is to make a game, there’s RPGMaker. I’m not very familiar with it, but from what I understand it’s a lot more drag-and-drop game assembly than programming, though it does have some scripting capabilities.

    If the aim is more about becoming a better coder and expanding her capabilities, PyGame is a very popular Python library for making games. And Python is widely touted as “a great beginner language.”

    Python is (qualifier, qualifier) “slow,” and so it’s possible she’ll run into some limitations there as well, but I’d imagine it should be a ton less restrictive than Scratch, and well up to the task of “a trimmed down ‘legend of Zelda: link to the past.’”

    Java is a language that people make “real” games in (like the original Minecraft, for instance.) But… and this’ll be a controversial statement, but… my experience is that it makes people worse coders. As in, it causes brain damage that is either overcame later or negatively affects their coding abilities for the rest of their careers. Python is very much the opposite; it’s the kind of language that makes you a better coder for having worked with it.

    I’ve been working with Golang and Ebiten lately, and I’m enjoying it, but it’s definitely a very “really real” programming language that may require a certain amount of background knowledge to appreciate the simplicity of. It’s an option, though. And I do believe it would be the kind of option you’d use if you were making a “real game” (like the kind that would be sold on Steam.) At her age, I probably would have been excited by the fact that that option also gives you a bona fide .exe file.

    Of all of those options, I’d probably be most inclined to nudge her toward PyGame/Python but lay out all the options above (along with any other options you come across.)

    Good luck to both of you! It’s always awesome to see 10-year-olds getting into game development. When I was 10, I wrote games and other programs in QBasic. That’s a dinosaur these days, but your daughter’s interest in software development may well turn into a lifelong interest and fulfilling career like it did for me.


  • Lately, when I’m looking for answers and my googling gives me a Reddit link, I pull up the actual reddit page in The Wayback Machine. Admittedly my sample size is small but it hasn’t failed me yet.

    Some day, though, if Reddit goes down completely or otherwise becomes unavailable to search engines, it will be much harder to find Reddit content by Googling for it.

    The other thing I think is a hidden gem of useful info on Reddit is the wikis. It seemed that even sites like Libreddit (when it worked) didn’t provide access to those.

    There is The Archive Team. They still seem to be actively archiving Reddit (probably via web scraping, not any particular API.) I’m not sure if/how the results of Archive Team scrapes are made available to others, though.