Recent years saw a number of supply chain attacks that leverage the increasing use of open source during software development, which is facilitated by dependency managers that automatically resolve, download and install hundreds of open source packages throughout the software life cycle. This paper presents a dataset of 174 malicious software packages that were used in real-world attacks on open source software supply chains, and which were distributed via the popular package repositories npm, PyPI, and RubyGems. Those packages, dating from November 2015 to November 2019, were manually collected and analyzed.
It's really sad that in 2020, 10k+ engineers can't make a photo, video, post and message sharing website that is not a pain to use. We collectively failed as a profession. If one needs 2MB of CSS for such a website, there is clearly a problem.
There is no excuse for how slow software is today. None.
Many parts of Windows 95 were faster in wall clock time in 1995 on the hardware of 1995 than today's Windows 10 is on the hardware of today. Yes, today's software does more, but THAT MUCH more? Are you sure?
The hardware we have is very fast. Software developers have been relying on hardware upgrades for performance improvements for far too long, and now few software developers know how fast things can be, if they just try just a tiny little bit.
Also, OOP teaches developers how to think about software in ways that are exactly opposite to how computers actually do work efficiently. Object oriented programming is just inherently slower because it encourages developers to think of things one at a time. Computers like to do things in batches.
More people need to think about performance, because clock speeds aren't going up like they used to, and we still don't know how to write software that spreads across a lot of cores very well. The free ride that hardware upgrades provided us is quickly coming to an end.
tl:dr; everyone needs to learn about how processor caches work, especially the 24-year old JS devs who think they already know everything.
Just as an aside, to give you an interesting benchmark—on roughly the same system, roughly optimized the same way, a benchmark from 1979 at Xerox PARC runs only 50 times faster today. Moore’s law has given us somewhere between 40,000 and 60,000 times improvement in that time. So there’s approximately a factor of 1,000 in efficiency that has been lost by bad CPU architectures.
The myth that it doesn’t matter what your processor architecture is—that Moore’s law will take care of you—is totally false.