Dismiss Notice
Join Physics Forums Today!
The friendliest, high quality science and math community on the planet! Everyone who loves science is here!

Cautionary Tale of "Unpublished" 17 Lines of Code

  1. Mar 25, 2016 #1

    jedishrfu

    Staff: Mentor

  2. jcsd
  3. Mar 25, 2016 #2

    Borg

    User Avatar
    Science Advisor
    Gold Member

    Nice. :oldtongue:
     
  4. Mar 25, 2016 #3

    QuantumQuest

    User Avatar
    Gold Member

    It is a sadly case of us developers being mere users and in many cases just bystanders, of what is taking place in our software, due to the logarithmically increased complexity of the systems/components we use and software demands - as a whole, that we have to face. Surely, no one can overlook the advantages of well implemented and tested libraries and components and there are good efforts and will, to overcome such issues. However, what reduces our development time and efforts, can suddenly get a real boomerang towards our heads and the worst thing is that it gradually becomes totally out of our control.
     
    Last edited: Mar 25, 2016
  5. Mar 25, 2016 #4

    jedishrfu

    Staff: Mentor

    I wouldn't say it's out of your control. Many shops archive third party lobs and their source for just such an event. However in the JavaScript world, it's not uncommon to simply reference the needed library from wherever it's hosted to get the latest and greatest version and in this case it can become a huge problem.
     
  6. Mar 25, 2016 #5

    QuantumQuest

    User Avatar
    Gold Member

    Yes, I mainly talk about such cases with web libraries/components and versions. JavaScript has become a real messy thing in its present form of frameworks and because it's usually the case to reference what you need than to include it, things are getting really out of control or messy and upsetting at best. If archiving is an option then surely it's utilized.
     
  7. Mar 25, 2016 #6

    jedishrfu

    Staff: Mentor

    Last edited by a moderator: May 7, 2017
  8. Mar 28, 2016 #7

    anorlunda

    User Avatar
    Science Advisor
    Gold Member

    The risks of dependencies are not limited to open source.

    At least part of the risk is dependency on anything that might change in the future. I have often wondered how much security we forgo by not making some systems read-only after deployment.

    For example, a Chromebook laptop with all the software and static data burned in ROM, and no mechanism for update or change, and no external links to software like javascript. Even buffer overflows could not overwrite code or static data. That would defeat a lot of future bugs and malware; not all but a lot.

    Another example, if Iran had their PLCs as ROM only, would that have defeated the Stuxnet worm?
     
  9. Mar 28, 2016 #8

    HallsofIvy

    User Avatar
    Staff Emeritus
    Science Advisor

    Last edited by a moderator: May 7, 2017
  10. Mar 28, 2016 #9

    jedishrfu

    Staff: Mentor

    Nah that was book two yet to be published.
     
  11. Mar 29, 2016 #10

    DrClaude

    User Avatar

    Staff: Mentor

    What I don't understand is that the package was published under WTFPL. This means that npm could've left it in their repository.
     
Know someone interested in this topic? Share this thread via Reddit, Google+, Twitter, or Facebook

Have something to add?
Draft saved Draft deleted



Similar Discussions: Cautionary Tale of "Unpublished" 17 Lines of Code
  1. HTML Codes (Replies: 5)

  2. SNES codes (Replies: 3)

  3. Excel code (Replies: 1)

Loading...