I agree to a point, but I don't maintain my own Linux distro even though I depend on certain packages for my software to run on it.

Eh, I don't care about that so much. If it's the idiom in your language to let someone else write every little function like that, and that's just how it is in that ecosystem, then so be it. I wouldn't want to work that way, but everyone has their preferences.

But if you're going to foster an ecosystem where everyone's going to use the same "leftpad", then you damn well better make sure that:

• Once I've added "leftpad-4.5.6" to my dependencies, it's not going away unless there's a critical security flaw,
• That today's "leftpad-4.5.6" is the same one I downloaded yesterday, and
• That "leftpad-4.5.7" comes from the same author who released 4.5.6 and not Boris in St. Petersburg.

If you can't guarantee all three of those conditions, I want nothing to do with it. And again, pretty much everyone else offers these guarantees. This isn't just some greybeard rant about an ideal world no one has ever lived in before.

So make attackers wait a whole day before uploading their compromised replacements for widely-used packages. Got it!

Seriously, NPM is a shithole. "As a general rule, the npm Registry is and ought to be immutable", you think? It's not a "general rule". It's "all the time, every" you freaking amateurs.

most of the npm support team's work is devoted to handling user requests for package deletion, which is more common than you might expect. Many people publish test packages then ask to have them deprecated or deleted. There also is a steady flow of requests to remove packages that contain contain private code that users have published inadvertently or inappropriately.

This right here is how you brought it upon yourself, and why I have zero sympathy for your self-imposed situation. If I contribute a package to Debian, you think they'll spend "most of their week" removing it just because I asked? That's not gonna happen. Here's how you fix this:

"Effective immediately, we no longer remove packages unless they cause a clear and imminent threat to their users. If you accidentally included your GitHub password, change it. That's your problem, not ours. Next time try not to do that, OK? Also, we no longer reuse package names, ever, for any reason. If you wanted it, you should have registered it. And finally, under no circumstances, period, may you ever reuse a version number. Ten years from now, package foo-1.2.3 will be bytewise identical to the one we issued last week. We guarantee it."

Anything short of that is a joke to the rest of the industry. I'm not being idealistic or unrealistic, either: these are completely reasonable, common policies that pretty much literally every other package repo implements.

Yes, it's part of the contract, but that doesn't mean it's fair or just. It's an obsolete legacy that we're stuck with, not something to hold up as good.

I don't feel that way at all, and have in fact spent lots of time in low-population states. I have nothing against them. But suppose for the sake of argument that a county in west Texas split off to be their own state. Why should that small land area county with 25 people have the same number of Senate votes as the giant (land a people-wise) remainder of Texas?

That's a great question. Probably not, but the Senate was originally a nod to slightly smaller states who didn't want to be ignored. However, the state population range at the time was much smaller: Virginia was about 12 times more populous than Delaware (which by land is 1/9th the size of Virginia, so their densities are very similar).

Today, California is 68 times more populous than Wyoming (but only 1.7 times bigger, which works out to about CA being about 41 times more densely populated). There's absolutely no way that a Senate being crafted today would give Wyoming 68 times the proportional representation of California.

Why should that not be the case? Remember, land doesn't vote: people do. I lived in Nebraska where about 60% of the population lived in Omaha. Any arrangement where the rest of the state were allowed to outvote that small, heavily populated corner is inherently disenfranchising the Omahans.

Similarly, it's insane that people in Wyoming have four times the electoral voting power as New Yorkers. "But Wyoming is so big on the map!" Sure, but it has the about the population of Staten Island.

There is no justifiable reason why those one or two cities shouldn't have all the power if that's where all the people live.

No you're not. No one actually believes you.

It's too high as the definition of "minimum required for normal Internet use". It's definitely not too high as a definition of "fast Internet".

If you own the cluster, do you actually need to apply the patch? It seems like your security exposure would be far small than, say, Amazon's multi-tenant hardware.

You can safely turn off the style stuff. That said, it's there for a few reasons:

• It's nice when everyone formats their stuff similarly. You can open a file from Joe Stranger and expect it to look a lot like something you've personally written. This reduces the cognitive overhead of coming up to speed with new code.
• Although it's generally not possible for Python formatting bugs to invisibly change the code's meaning, it's easy enough to be consistent.

In Python, static checkers like pylint and flake8 are astoundingly useful for finding the low hanging fruit you've described. I have both wired into Emacs so that potential errors are syntax highlighted. If you're writing Python and not doing the same, you're doing yourself a disservice.

I have a hard time describing the cop as unfortunate when he was the one who pulled the trigger on an innocent person who was acting like an innocent person. He clearly thought he was doing the right thing, but the only unfortunate part of him was his phenomenally bad judgement.

I always laughed at Birkenstocks until a foot doctor convinced me to try them. Now at the end of the day I can't wait to take off my work shoes and slip into my sandals. Even better is that I've realized that wearing socks with sandals is both comfortable and sharp looking, which my kids absolutely hate and embarrasses them to no end.

Thanks for reporting in, Bruce, and congratulations!