Profile picture
André Staltz @andrestaltz
, 9 tweets, 2 min read Read on Twitter
My comment on this incident, since Dominic is getting a lot of blame and I work closely with him.

1/ Yes he did a mistake (with huge proportions), but you have to understand Dominic has 700+ packages and this one is just one more. Each package has several issues and comments.
2/ This means Dominic simply cannot afford *time* or *attention* to each tiny issue. Think about all the other tiny issues he has handled well so far, which have gone through unnoticed and (important!) unpaid. And he'll still get issues daily for years to come.
3/ He got an email that seemed trustworthy enough, then gave ownership. He didn't have time to do careful judgement, he had probably hundreds of other things to answer or build. The fact that he gave ownership meant that he *cared* at least to do a tiny action that seemed ok.
4/ Not caring would be doing absolutely nothing at all, and that's the case quite often, and OSS maintainers get criticized also for *that*. It's a really shitty job and no one pays you for it.
5/ Giving away ownership is a *common* action that Node.js authors like Dominic and Substack have done. E.g. see how the Leveldb project is run as an OPEN open source project. Also recently Dominic gave me ownership to `noderify`.
6/ All of this is to say that you must understand how the life of a modular-OSS maintainer's life looks like before placing the blame on them. The mistake looks horrible if you think that Dominic maintained *only* that package and nothing else. But that's not true.
7/ There are many other things to blame here. I wouldn't blame only one thing, but several agents *share* the blame:
- Attacker
- Original package author
- Devs who use unpinned versions
- npm and commitment to semver only
- Users/companies who don't donate but still demand
8/ But in particular one thing that's usually ignored is the culture of publishing non-scoped package names and expecting maintenance. I started publishing mostly scoped names, e.g. @ staltz/use-profunctor-state instead of use-profunctor-state github.com/staltz/use-pro…
9/ Either way, it's not simple before a hack like this happens, but it looks very simple after it happens, particularly if you have an outsider perspective.
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to André Staltz
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

More from @andrestaltz see all

Profile picture
What you can do to prepare for climate change:
Reduce economic activity.

In your lifetime, the planet will most likely *collapse* under the weight of economic growth. It's not a mere possibility, it already began. Brace for impact. ⚠

THREAD:
If you're still debating whether climate change is real, you're too late. It's quite simple: a finite planet cannot take an ever-increasing demand for natural resources. In the OECD, everything we do, from travelling to commuting to electricity and consuming, costs the planet. 🌍
In the lifetime of your children, realistic estimates say we're going to see more than 2.6°C of warming. What does that number mean? At 1°C warming (in 2018), we've seen hurricanes, heat waves, long summers in Europe, wildfires. 2.6°C will bring more, and extreme weather. 🔥
Read 16 tweets
Profile picture
It surprises me when people think #Scuttlebutt is for privacy, freedom of speech, and anonymity. That's very far from what characterizes the technology and the community.

Scuttlebutt is about putting "social" back into social networking.

(Thread:)
We're not motivated by privacy, individual freedom, and anonymity. Don't get me wrong, though, these things are good to have, in contrast to a system like Facebook with privacy invasion and real world identities. Privacy is like water, I need it daily, but it's not my motivator.
Scuttlebutt has decent privacy, most content is public, some is encrypted (very private). We have individual freedom due to your data living 100% on your device. And you can be somewhat anonymous if you wish. But that's not the point of it.
Read 18 tweets
Profile picture
At #DWebSummit, @nicopace notes that "people in remote communities want to connect with each other, not necessarily to the internet".
@nicopace There is a unique value in keeping these communities "disconnected", to preserve their cultures against the monoculture on the internet.

This is the opposite strategy of what Zuckerberg wants to build in the Global South.
"There is no decentralized web without owning your infrastructure." @nicopace
Read 5 tweets

Related threads

Profile picture
Dark Matter Hunters Pivot After Years of Failed Searches - WIRED

“Pivot” is an interesting choice of words. Sorta implies that one is pivoting from one thing (WIMPS) to something else. In which case the “something else” needs to be specified. apple.news/AfFMHcOI9QlK8e…
The whole dark matter search community reminds me of Daffy Duck in the episode quoted from IMDb here. [shockingly, I do not instantly find a gif of Daffy falling off said cliff.]
Reading this article does not inspire confidence. Sounds more like they’re poised to make the same mistakes all over again. Having spent decades in a fruitless search for WIMPs motivated by the WIMP miracle - an irrelevant numerical coincidence - might they decide to learn more?
Read 22 tweets
Profile picture
Getting a lot of DM's asking me to provide help. I am always willing to help struggling Traders identify some common Problems and hopefully become consistent with their Trading. But I don't have a magic wand to teach you how to Trade or help out or comment on a Position
If you've worked hard on your Trading, have a log of some recent Trades and have done some analysis of what you think you are doing wrong, I am willing to help you either over the phone or thru a Personal short meeting. Unfortunately I cannot mentor you on a long term basis
If you feel you fulfil these criteria and can benefit from my advice, DM with short note. I will send you an email asking for further information that I may need and then if I think I can help, will respond either by return mail, thru a scheduled call or a Personal Meeting.
Read 4 tweets
Profile picture
Getting a lot of questions on Seminars and Training. It is a waste of your money and other participants time and money if you attend these if you are at a novice level. You will not learn anything and will probably go back more confused
If you want to learn Options, there are a wealth of Resources on YouTube. Go thru Tastytrade and Options Alpha and learn all the Strategies there. Then open an account and do some small Trades to get a feel for this. Also try to read the classic book by Sheldon Natenberg
Most of it won't make sense to you at first but as you Trade more and more it will begin to. It is only at this stage that attending a Seminar will make sense. So for new Traders I suggest you start by watching the YouTube videos.
Read 4 tweets
Profile picture
Getting a lot of questions regarding Rosenstein. I'm just going to lay it all out here. Using Q, I'm not sure how folks can continue to consider him a black hat. He's not even a flipped black hat, and neither is Mueller.
In post 151, Q asks how you capture very dangerous animals? Why you confront them head on of course. Start by giving them someone they THINK is one of them and let him loose.
in 342, 461, and 477 we learn Rosenstein has some concerned. The questions related to exactly what and who were being investigated & never answered. [P_Pers], Matlock? How about U1 & the Russia connection? POTUS has all "papers" ? RR, Matlock & Cambell know EXACTLY what happened.
Read 23 tweets
Profile picture
Getting a lot of this kind of tweet this morning, so let's talk about it a bit.
First: My original tweets on the subject were on morality and ethics, not the law. What you legally CAN do and what you SHOULD do are often very different—in both directions. (You CAN do stuff you shouldn't, and you SHOULD do stuff you're not allowed to.)
With that out of the way, let's look at a few examples of stuff that might happen in public that it might be proper for a journalist or other observer to treat as private.
Read 18 tweets
Profile picture
Getting a lot of questions on how it's possible to pull this move with the budget. Let me show you how the sausage is getting made.

I've attached a screenshot of the legislative history of SB 99. The bill itself is just a short, two-pager dealing with auto insurance. #ncpol
What you can tell from this image is that SB 99 passed the senate last year, then passed the house in a slightly different form.

When that happens, a conference committee is appointed to work out the differences between the two bills and then issue a conference report.
That's what started to happen last year. You can see that the house and senate appointed members to a conference committee to work out the differences.

But then nothing happened. The conference committee took no action.
Read 5 tweets

Trending hashtags

#worldbuilding #YJweek18 #BetterGetAFreeSchool #QuelleSurprise #BestPerformingTypeOfStateSchool #Bhagavata #school #hopepunk #KnowledgeRichCurriculum #FinanceIsFun #PaulMcCartney #Puranas #consciousness #EgyptStation #Yes #ElvisCostello #Austerity #WasNeverVeryGoodWithNamesAnyway #day1 #yourewelcome #AlQaeda #BelgariadRead #MathsSchools #RecordStoreDay #Ozark

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!