By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: March 20, 2022

Sunday, 20 March 2022

Plain Text Sports ★

“Live sports scores, play-by-play and boxscores, in plain text. No ads, no tracking, no loading.”

I love this, and yet despite being out for about a year, only heard about it today for the first time. Any website that is slower than this is too slow.

Only some sports have live box scores (like the NBA); others (like NCAA basketball) link through to external sites for box scores. But the scores are all live, and the website is fast fast fast.

MacStadium ★

My thanks to MacStadium for sponsoring last week at DF. MacStadium is the premiere provider of cloud-hosted Macs. You’re probably already familiar with them — they’re a longtime sponsor here, for one thing — but they’ve got a lot of new stuff:

• M1 Macs — Move from Intel to Apple silicon with MacStadium. They have a full selection of M1s in the US and Europe.

• Orka — Virtualize MacOS on M1, Intel, or in a mixed cluster with Orka 2.0.

• Mac Remote Desktops — Provide remote workers access to MacOS on cloud-hosted Macs.

There are so many potential uses for MacStadium but a big one is app development — MacStadium lets your team build, test, and deploy from the cloud. Gain efficiency by cloning VMs instead of manually re-imaging individual Macs.

Learn more and keep up with what’s new at macstadium.com.

Update to Popular NPM Package Deletes Files to Protest Russia’s Invasion of Ukraine ★

Ax Sharma, writing for Bleeping Computer:

This month, the developer behind the popular npm package ‘node-ipc’ released sabotaged versions of the library in protest of the ongoing Russo-Ukrainian War. Newer versions of the ‘node-ipc’ package began deleting all data and overwriting all files on developer’s machines, in addition to creating new text files with “peace” messages. [...]

Popular JavaScript front end framework ‘Vue.js’ also uses ‘node-ipc’ as a dependency. But prior to this incident, ‘Vue.js’ did not pin the versions of ‘node-ipc’ dependency to a safe version and was set up to fetch the latest minor and patch versions instead [...]

The way the Node community works, just blindly slurping in other people’s package updates without knowing what’s in them, continues to boggle my mind.