HackerTrans
TopNewTrendsCommentsPastAskShowJobs

dininski

no profile record

comments

dininski
·3 years ago·discuss
It's good to see an assumption I had, be validated. The assumption was that Linux would struggle to make a dent in the desktop market until it managed to make a tempting proposition for gamers. Projects like WINE tried, but there's just not enough you can do only with open-source contributors, with such a massive undertaking. I'm happy that a big company is finally backing this effort and with nvidia open-sourcing their gpu kernel modules, I'd say exciting times are up ahead :)
dininski
·4 years ago·discuss
Unfortunately this is a quite common scenario in big enterprises, such as Amazon, Google and the lot. Main reason is the promotion process.

Usually you need to gather evidence that you've contributed significantly to a project. And the easiest way to do that is to work on new projects. Maintaining an existing codebase is usually a thankless job, which is also hard to get you promoted.

And once the new project is released it eventually gets abandoned and people move to the next one, which would help them get promoted. Think of all the Google projects that have been discontinued, which were also a product of similar processes.
dininski
·4 years ago·discuss
Funnily enough Amazon has its own internal repo, including NPM. And it can be a pain in the ass to add anything to it, especially npm packages. So sometimes you would have to spend 5 minutes, or sometimes an hour, to import a single existing public NPM package into the internal repo.
dininski
·4 years ago·discuss
Some people meet this with a healthy level of scepticism, which is great. However I used to work at Amazon, working on the performance evaluation and HR tools used within the company. It was a couple of years back, but I am fairly certain that the same tools are still used, given that all of them were developed from scratch. At the time it was in line with the company's PR of removing its toxic work culture.

It's worth mentioning that it wasn't uncommon for people to move around teams, and to be honest HR is not the most exciting field for software development anyways. So, as expected, the HR dev teams had people move around quite a bit. Nothing toxic so far.

One of the projects I worked on was what used to be called the dev list or personal improvement plan (pip) now renamed to Pivot. Most likely the exact same same tool. Management wanted to update the processes in order to automate as much as possible and reduce the risk of managers putting someone in pip, just because they didn't like them. However the process was set up in such a way that a manager can progress an employee through a pip for waaaay too long, until a failsafe, or a second pair of eyes even takes a look at it. I, personally, voiced my concerns about it, but it was shrugged off as "it shouldn't happen", "managers wouldn't do that" and "it's fine" by the project stakeholders.

The project starts, development is going a usual and a couple of years go by. I moved to another project within the HR space. Most of the team developing the tool has also moved on to greener pastures. Apart from that one guy, who has been there since its inception. He went from being a backend engineer, learning React and painstakingly working on a messy frontend codebase, eventually leaving him the only person competent enough to make changes to it. Eventually he was fed up and wanted to move to a different team. Lo and behold - his manager, the manager of the team building the pip tool, put him in pip to prevent him from moving. Haven't seen someone decide and actually leave a company as quickly as he did. So if the manager of the pip company can use it to blackmail people not to leave, I can't even imagine what it's like for the rest of the company.
dininski
·5 years ago·discuss
For both there are shortcuts already available for a "command" input. For example in IntelliJ it's called "Actions" - you can use it to look up basically any command/functionality from there.

I've been using Idea essentially without a mouse for a few years now. It takes a little bit of time to get used to all the shortcuts, but it definitely pays of in the long run.
dininski
·5 years ago·discuss
I'll try to answer this from a JS-specific perspective. As someone previously mentioned - you do get hash checks if you're using `npm ci` in your CI/CD setup. You get the resolution path as well. Which is all you need to reproducibly resolve dependencies, *if* you have set up npm correctly in your pipeline. It would be unlikely to be exposed to this particular attack, at least not automatically in your deployment pipelines.

However this is still very, very dangerous, because of day-to-day engineering, really. Any engineer doing a simple `npm install` can inadvertently bring in and execute malicious code from their machine. From there on out it would be somewhat trivial to gain further access to the same network the code war run from.
dininski
·6 years ago·discuss
Also don't forget projects like Cloud9. It is literally a cloud-based IDE similar to what the author was talking about. I do agree with someone else's comment that this is lazy writing - even a little bit of research/google-fu would immediately point you to similar projects.