Mastodawn

PizzaTorque May 27

whenever I hear about people installing millions of lines of code from someone they've never heard of from npm or whatever, I imagine them finding a hot dog on the side of the road

and they're like "oh cool; free hot dog!" and I'm like "you're going to eat that?" and they're like "yeah of course; it's a free hot dog! have to be crazy to turn that down" and I'm like "huh"

Anders Conbere Nov 9, 2025

@technomancy It’s a tough balance even for us dependencies minimalists. Do I make my own graphics routines to draw my own gui in a frame buffer or use SDL? Do I write my own TIFF parser or borrow someone’s. It’s not always an easy line for me to draw when the goal is also to accomplish something useful.

technomancy Nov 9, 2025

@anders if I can pull something from apt then it's at least nominally vetted, and I know it would take a Jia-Tan-level of effort to backdoor it, compared to npm or melpa where any joker with two brain cells to rub together can pull off a malware attack

Anthony Sorace Nov 9, 2025

@technomancy Accurate.

Dr. Bruce Simpson May 26

@technomancy The terminology is SOUP. Software Of Unknown Provenance. It's normatively defined in the medical device development standard IEC 62304:
https://en.wikipedia.org/wiki/Software_of_unknown_pedigree

Software of unknown pedigree - Wikipedia

technomancy May 26

@bms48 TIL! handy terminology

Muro deGrizeco May 26

Works, "roadside hot dog".

Dude I worked with, told me some proud story about being out drinking, standing outside a bar with a boozy buddy, seeing a plastic platter of abandoned sushi.

How long had it been there?

But, yeah, it did not matter. Dumb fuckers still double-dog-dared each other into eating it up. Like little dogs that can't help but eat the rotten offal.

Awful, but a workable metaphor for gobbling up mystery offal software.

@technomancy 🤣 best thing I read all week

Garrett Mace May 26

@technomancy https://www.youtube.com/watch?v=CBC2OCXceV8

why would there be a deviled egg on the window sill if you weren't supposed to eat it

YouTube

ToddZ Ⓥ May 26

@technomancy
But it’s an open-bun hot dog. Anyone can inspect it, and no issues have been reported. 😋👍

punIssuer May 27

@toddz @technomancy fwiw, there's a few orders of magnitude less incentive to leave a poisoned hotdog on the pavement than there is to spike a software repo with malware

Gentleman Technologist 4d ago

@toddz @technomancy anyone *can* inspect it, yes.

But the average hot-dog eater doesn’t even glance at the actual meat. They read the label, shrug and say “that sounds vaguely like what I need” and chow down.

And there’s the bunch of folks that wouldn’t know *how* to inspect it because they have no idea how good hot dogs are actually made, having only ever eaten random hot dogs they found on the street.

@technomancy https://www.youtube.com/watch?v=GdfKfjcrNZI

The Angel and Devil on Zac's Shoulders

YouTube

@technomancy NPM sucks but Node sucks even harder. The creator of Node kinda “fixed” some of the worst security issues of Node in Deno, by making any acces to the file system or env var access, network access and so on opt-in, so by default scripts can’t do shit unless the person running it allows it.
You can then import any package, and if it suddenly wants to do something it shouldn’t because it was hacked, it will be blocked in your system.

@technomancy yesterday, my son found an old bottle of lemonade in the river while kayaking. I had to come up with strong arguments in order to stop him from drinking that free gift. 😂

He has Python on his laptop. Should I uninstall?

Ben Torkington 4d ago

@technomancy *free hot dog with a chain of dependent hot dogs, also free

Todd Knarr 4d ago

@technomancy Yes. I always check which dependencies I want to use, at least at the top level, to try and pick only widely-used reputable ones. And to make sure I'm picking the one I think I'm picking (similarity of names can deceive you).

0xC0DEC0DE07EA 4d ago

@technomancy I remember @cadey saying “free as in mattress”, but I think “free as in road-side hot dog” is even more evocative

@c0dec0dec0de @technomancy most recent example of free as in mattress: https://tangled.org/xeiaso.net/objgit#objgit

(right now I'm working on a bug that involves it caching things into ram too much which causes my tower to OOM at 64Gi ram)

@technomancy this is how Castlevania ruined a generation; it conditioned us all to believe that wall chickens, and for that matter, roadside hotdogs were the key to health and long life.

@technomancy “what is a man? a miserable pile of abandoned hotdogs”

Ronnie Soak 2d ago

@technomancy While this hastily build stand with that nice smiling businessman SELLING me a near identical looking version of that road-side hot-dog is totally to be trusted. Paying 15EUR for that hot-dog instantly makes it totally safe.

Ronnie Soak 2d ago

@technomancy Going even further on that metaphor: Why do people trust the stuff they get from underpaid and disgruntled kitchen and service workers far more than something they get for free from someone who brews/cocks/prepares it out of joy for the craft and leaving it next to an honesty box in front of their house?

This is a post about software as much as one about fast food.