🇺🇸 Evan Plaice 🇺🇸

Hard times make programming standards. Programming standards make it easy to build convenience libraries. Convenience libraries make it easy to propagate supply chain attacks. Supply chain attacks make hard times.

@jpschroeder April fools! 🤣

The move from JS to WASM is going to become more and more common. Here’s why: 1. JavaScript is so popular because it runs anywhere, most notably in the browser. But WASM runs in the browser now too, with highly predictable performance and an excellent security model. 2. Refactoring just got easy. If you have good tests and a clearly defined project, you can migrate from TS to Rust fairly easily with coding agents. 3. WASM provides security. Each WASM instance is like a little sandbox with only explicitly shared memory. Fort Knox-level safety compared to the hellscape that is JavaScript security. 4. Total bytes just matter less than they did. One knock on WASM has been its size. If you need a string, for example, it needs to be bundled into every WASM binary; there is no standard library. That, along with serialization costs, meant equivalent JS/WASM features were often smaller and sometimes even faster using JavaScript despite the low-level nature of WASM. It’s still much faster at larger computations. That used to matter a lot for all of us engineers who care about performance. Times have changed, though. It’s not like performance doesn’t matter, but broadband is ubiquitous and the focus has shifted back to making a great product first, and WASM is often, though not always, the right tool for the job. P.S. Server-side WASM will be huge, eventually replacing large swaths of what was once powered by Docker. Mark my words.

@robpalmer2 Here's some more @vanillaes/esmtk" target="_blank" rel="nofollow noopener">npmjs.com/package/@vanil…

ECMAScript excitement irl 😉

@boshen_c @Meligy Have fun implementing the postInstall script that copies over the architecture-specific binary. Might as well add the plain-crypto-js dependency for good measure 😂🤣

Port React Compiler to Rust! With oxc and swc integration. github.com/facebook/react…

@yegor256 Time to cut the dead weight: - Non-Technical Product Managers - Non-Technical Project Managers - SCRUM 'Masters' - Business Analysts Too many non-contributing bums collecting a tech salary while standing in the way of progress.

After 20+ years in software engineering, I came to a simple conclusion: Great developers don’t fail projects. Bad management does. Yet, we keep investing in better tools,
frameworks, and programming languages. While ignoring the real bottleneck. Maybe it’s time to rethink
how we manage engineers altogether.

@matteocollina @nodejs Good luck 🍀

Current best use of Claude so far: having it bisect a @nodejs Windows regression on its own on a VM. So much time saved…. hopefully I’ll get a definitive answer in about 3 hours.

@staysaasy Stink follows the 💩

It’s fun that the people advising people to go into blue collar jobs now were the same people advising people to learn to code five years ago.

@powerhdeleon I'm building the toolkit for just that github.com/vanillaes/esmtk

El Frontend nunca debió abusar de dependencias, un gran porcentaje de sistemas podrían funcionar con Vanilla JavaScript.

Nevermind. It fixed itself 🙃

Great... I can still publish packages to NPM but it's not loading README.md files.

@brainlid Obscurity is is not security

Is it just me? Or does it feel like the safest way to protect yourself from JavaScript and Python supply chain attacks is to just not use them? #ElixirLang

@kanavtwt I have a life. You should try to get one, it's fun.

genuinely how do you make new friends while working in a remote job

I took a 5 year hiatus from Open Source development Came back and picked up right where I left off. No significant rewrites, no unresolvable dependency chains. While most Devs are cranking away on weekends bumping deps and patching API breaks. I'm snowboarding 🏂 and boating 🚤

@tomfgoodwin if signal > noise: block everything

Am I right in thinking that AI completely destroyed email marketing? I don't think anyone actually reads any emails anymore. Other than from existing known people on existing work.

@DanShappir Axios existed because fetch didn't Standards eventually caught up but the Dev community has always leaned in favor of popularity over practicality. Now, it'll cost them.

FWIW for the past couple of years axios has been one of those packages that I try to get rid of when I encounter it in projects that I work on.

@kylegawley Either way, everything you build will be wholly dependent on somebody else's product/platform.

building apps without code is nothing new people have been doing this for decades no-code tools exist app builders exist much easier and faster than vibe-coding too

@KennyEu30960 @MAGACult2 Relying entirely on another nation for Defense was incredibly stupid and negligent. Being smug assholes about all the money you're spending on social services while neglecting to spend on Defense added insult to injury. Good luck fighting a land war with your smug superiority

Nice knowing you, but we kinda like to be on the right side of history. Don't come crawling back when the dedollarization is done, when the petrodollar is dead, when you hegemoni is lost, and you are left with no other friends than other dictatorships who are just waiting to rob u

If you are human and not from the U.S.A. what would you like to say to us right now?

@lagadoist I wonder what it would take to become an 'Expert Witness' for such cases 🤔

@evanplaice An interesting test for this is unfolding right now with Anthropic accidentally leaking the source of Claude Code and slapping DCMA notices on anybody looking at it. If Claude code was vibe coded they would have no right to do this.

I raised an issue here about the licensability of Cloudflare's vibe-coded clone of Next.js here: github.com/cloudflare/vin…

@chadrwalters @cmuratori Doesn't matter. All works in US gain implicit copyright by the creator on creation. That doesn't apply to AI derivatives. Share it in public and you have zero right to ownership. Trade secrets are just that, secrets. Protection requires copyright/patent.

@cmuratori Copyright is the wrong frame. This is trade secret. Doesn't require theft — an accidental leak doesn't make it public. You knew it was closed source. Derive from it, rewrite it, bot-translate it — doesn't matter. The AI copyright question is real. This ain't that case.

Does any of it violate copyright? According to Anthropic itself, their devs do not write any code by hand. As far as I know, AI-generated code is not copyrightable under US law. So correct me if I'm wrong, but you should not be able to use the DMCA to take down this code, right?

@cmuratori Funny caveat. AI Slopware is ineligible for copyright OR license. That neat little license that covers your ass if your code is used maliciously is not legally valid for AI-generated code. 1. Find somebody defrauded by AI slop 2. Sue the creator of said slop 3. Profit 💰