That linear-time operation is then additionally repeated `len` times
In practice, memory allocators tend to double the size of an allocation like this, which is still quadratic.
In practice, JS runtimes also tend to use data structures like Ropes for strings to handle this sort of issue. That brings it down to linear time in practice (I think?)
The package has to have a public API, meet millions of different people's use cases, and any change to the API will cause millions of man-hours of useless work... and yet if it's a poorly designed API, it might cause millions of sub-optimal programs.
Every project has a StringUtils file. But every project's StringUtils file is different.
Published packages in an ecosystem ought to be well-designed, with good performance, good APIs, good security. Packages that don't meet that bar ought to be kept out. npm is jarring because it let any old shit get published, despite there being long-standing package ecosystems in other languages with much better standards, that they could have copied from (CPAN, PyPi, RubyGems, Maven Central, NuGet Gallery, etc.)
As a business, each additional human or company you add to your supply chain represents additional risk that you're taking on. You can go some ways towards mitigating those risks—one of the most common is to sign a contract with them rather than doing business ad hoc—but the risk doesn't go away entirely. Given that additional risk for each additional downstream supplier, it's generally safer to use code written by someone who's already on your payroll than it is to use code written by someone you've never met and have no way of vetting.
How many prompts can already be solved with a simple web query?
C&P but with extra steps
NPM has not really learned much in the time since this event either.
Technology is a fickle muse. We nerds obsess over her and degrade ourselves in her service, but she always calls us back into the light.
As someone who was around for the Morris worm and spent weeks negating its impact, I feel that there is a fundamental issue impacting our ability to make world-changing technology with the current tools. The less we strive to understand the organizational (ethical) failings of technology, the less technology can be used to effect productive change in the realms it is being applied.
That said, I'm about a month (and a few hundred failed compiles) away from taking my own sabbatical, and I can't help but try to reason what things would be like for me, upon my return after some years, in the technological space I've carved out for my own needs, at much different scales and contexts.
Perhaps it should become somewhat standard for us technologists to take sabbaticals, more often, and more seriously, in order to give us the context we need to understand the ethical dilemma that impinges upon our technological prowess.
Koçulu, thank you for your thoughts. I may never be effected by the javascript world, but the lessons it provides from within the temple nevertheless reverberate among the outer chambers ..
> Most of my open source work followed Unix philosophy, so the packages did one thing at a time.
Nobody has suggested that libc -- to take the most obvious example -- is against the Unix philosophy. Debates occur around whether whether commands / daemons do too much (recent poster child being systemd) or aren't composable.
I don't need left-pad.
But maybe I need react-starter-kit.
Now, imagine that react-starter-kit has a dependency to markdown-js-blobber, which has a dependency to make-text-nice, which has a dependency to left-pad.
In this scenario I am now "pulling in a package to pad a string". If I am "smart enough to use a package manager", I should be "more than capable to write..." an alternative to react-starter-kit..?
Combine this to mainstream education teaching that you should always reuse code when possible instead of "reinventing the wheel", and web shops agreeing to it because "using libraries saves time", and it's easy to understand the "popularity" of left-pad.
To a certain extent, and to the best of my knowledge, those things haven't really changed.
Duplicate code across the ecosystem is fine. Not every function must be unique for an entire programming language.
And the behavior could also be worse, there is no guarantee of perfection.
The last argument is too generic to offer any guidance. Why is it better for this function be duplicated?? Should it not be part of std to avoid uniqueness?
> > > > (assuming the standard library doesn't include one already)
I don’t think such small packages are sensible, in particular when versioned separately, but I also don’t see how the left-pad debacle has shown that.
You could say that Eclipse does "one thing" - being an IDE platform - but I don't think anyone thinks that's what the Unix devs meant. Similarly I don't think they meant for people to write libraries that contain one 11-line function.
The actual advice should be something like "programs/libraries shouldn't try to do too much or too little". How do you know how much is too much or too little? Like so many programming guidelines the answer is you need taste and experience.
(i) Make each program do one thing well. To do a new job, build afresh rather than complicate old programs by adding new "features".
(ii) Expect the output of every program to become the input to another, as yet unknown, program. Don't clutter output with extraneous information. Avoid stringently columnar or binary input formats. Don't insist on interactive input.
(iii) Design and build software, even operating systems, to be tried early, ideally within weeks. Don't hesitate to throw away the clumsy parts and rebuild them.
(iv) Use tools in preference to unskilled help to lighten a programming task, even if you have to detour to build the tools and expect to throw some of them out after you've finished using them
---
[1] https://archive.org/details/bstj57-6-1899/page/n3/mode/2up
That's what a philosophy is, gives you some general guideline and you have to use your thinking to figure out how to apply it in specific circumstances. It does not substitute that thinking neither does it prevent stupid choices, it helps guide you in a higher/strategic level. It is not responsible for people making stupid decisions.
Stating it in a way that makes the ambiguity obvious - "don't make your program do too much" - reveals how little value it contains.
Libc implementations have a very clear scope, clear enough that you can point to the specification. That is their 'one thing' do what that spec says.
Eclipse however, doesn't have that singular goal. You would be hard pressed to say how many of Eclipse's tentacles is a clear push towards being an ide. What should a completely finished version of Eclipse that met all it's goals look like?
Similarly the one thing could be "be a c preprocessor" or be a full "c compiler" these are both "one thing"s even while one is a subset of the other.
The intention of "do one thing, and do it well" is not to limit the scope but to show the boundary of the scope and to commit to doing everything within that boundary
By making your one thing "a full c compiler" you should be committing to doing everything that someone making a c preprocessor is doing, and to the same standard. The Unix philosophy should be considered a warning not to neglect components because you are working on a larger system.
You can't do everything, but you don't have to. If others are following the same principles then many of the parts of what you need will be done to a high standard by others.
No you can't get out of it my just saying the "one thing" is to do what the spec says. Who decided what's in the spec?
Would Eclipse be fine if someone just wrote a spec for it?
Eclipse would be fine if it had a spec, committing to implementing that might be a task to arduous for some. A full spec would also lay bare what its goal is. Which in turn might lead to people deciding the tool they need is not this one. But yes, if was clear what it should be doing and it did that well then everyone benefits.
Plenty of people have suggested that. I'll suggest it for you now if you like. The modern form of libc is very much against the unix philosophy; traditional Unix had a much simpler libc where many functions were just syscalls; some parts of today's libc were hived off into separate libraries like libm, and other parts like NSS and convoluted DNS resolution frameworks just didn't exist at all.
I don't see how anyone could read the Lions book or APUE, on one hand, and the pthreads manual or the ANSI C specification of setlocale(), on the other, and come to the conclusion that they represent the same philosophy. It's like thinking Ayn Rand is an exponent of the same philosophy as Epicurus; it betrays a staggering lack of sincere engagement with either one.
Also, Kik turn out to be negligent and pretty scummy. There was some controversy with them involving crypto, but the main thing I remember about them is that Kik is rife in terms of trading pornography, including child pornography, as discussed on this Darknet Diaries episode: https://darknetdiaries.com/episode/93/.
So, from that point of view, I quite enjoy that Azer Koçulu told them to fuck off.
turns out?
they threatened a pre-existing naming collision with legal action and bullied the platform first into forcing the name to be theirs, and then afterwards by crying to npm until their software tests passed again.
they began scummy.
So my friend sensibly caved in and changed the name of the package, got on with his life, and now it's all long forgotten history.
Going back to Kik, before I knew about all the other stuff (which I only found out about when I listened to that Darknet Diaries episode last year - bit late to the party there) I simply thought they'd gone about defending their trademark in a hamfisted and douchey way that had got Azer's back up. Lawyer's gonna lawyer, and the way they did it I thought they were douchebags, but beyond that I didn't give it much consideration. There was certainly no way any of this even hinted to me that they were negligently facilitating the distribution of child porn[0].
[0] Yes, this is obviously against Kik's ToS, but ToS are only worth anything if they're enforced whereas - certainly at times prior to the Darknet Diaries episode being released in 2021 - there was at best inconsistent and ineffective enforcement of these terms. I have no insight into the current situation with Kik.
jade, iirc. still best html/xml/etc templating package out there, jsx/tsx can't compare
I just looked jade up on npm and it's still there, so the company that wanted Forbes to change the name didn't even want to publish a package by the looks of it.
Somewhere along the way NPM stopped being cooperative with the community. It cemented itself with the Microsoft acquisition, but was obvious quite a bit before that.
There were so many cracks with how npm functioned, they weren't cooperating well with the community / mainline Node team, their push to commercial viability was really off-putting and forced, and many of the team members had a somewhat rough reputation.
Indeed I visited the offices in Oakland (if I recall correctly), and had an... interesting set of interactions there, not particularly positive, that I'll keep to myself.
The unpublish hole was well known at the time. Everyone blamed left-pad for breaking the internet, as it were, but nobody seemed to come down on npm for the sheer mismanagement of it all.
If memory serves they forcefully reinstated the package against the maintainer's wishes, which is a divorcement from the people they claimed to serve at best, and legally dubious at worst. Shortly after this they stopped caring much at all about abuse on their platform at all (core.js advertisement spam, anyone?) and haven't really worked with the community on standards, compatibility, etc. after that.
The npm@5 release was a disaster. The introduction of package lock files couldn't have gone worse, and as I remember it it was a push to get it out alongside the next Node.js major release (I got the feeling the Node team didn't wait for npm to be ready, which I think is a good thing given npm is a for-profit, or at least acts like one).
The community outreach during that time of what seemed like endless major, catastrophic bugs and the shaming of the community for putting pressure on them, the pious attitude, was only further proof that npm was no longer an agent of FOSS. I can't remember if left-pad came before or after that but in my head it was all one long drawn out declination of the ecosystem.
The packages on npm are a meme now; small packages that do trivial tasks, and everyone likes to make fun of it. Maybe it wasn't the best thing, in hindsight. But context is crucial; npm was the first incredibly accessible package manager for an emergent popular technology, almost entirely community managed, with a good system for querying and tight integration with Github's "social coding" spirit.
It existed very early in the Node lifetime, back before even ES5 was available (we still used `var` and `prototype`!), before JavaScript best practices really existed. Before Node.js was given to the community by Joyent. Before even the Io.js fork and the exit from the long stagnation that was Node 0.10/0.12.
Nobody knew the best way to do things.
I can completely understand the author. From a security perspective I'm really thankful left-pad happened, even if it wasn't the reasoning of the author; it made people acutely aware of what relying on corporate interests divested from the communities they claim to serve, bring to the table in terms of risk. It started many conversations about supply chain security, redundancy, etc. That's a hard thing to do, and it's made the industry a bit better in the long run.
Good followup, neat to read this after so long.
Npm (and JS in general) is a victim of fashion, primarily.
Jon Schlinkert on the other hand is going out of his way to produce these micro libraries and then include them in his widely used legitimate projects (handlebars-helpers) with zero willingness to simply integrate them into the projects that actually use them. Here is the deal: Do you want to be trolled? Then use handlebars-helpers, if not, then stop using the damn library.
Jon Schlinkert is a typical marketing A-hole. He should be banned from NPM and Github IMHO.
Since then the name is basically squatted?
Whether you use left-pad or not is up to you... but this Kik story is just a bad look for Microsoft all around.
you phrasing implies that you would say what I said if you knew that acquisition happened later. Weird but OK.
Anyway then let's just say it is a bad look for NPM and any future buyers who decided this is a worthy company
Lodash has had pad/padStart/padEnd since 2016, 3 months before left-pad incident. https://lodash.info/doc/pad
Why does Maven exist, without the commercial compromises of NPM? Probably because Java has the well-funded, well-supported, but non-profit and community-oriented Apache foundation, which is something extremely rare and precious (and probably at least partly a lucky result of Java's complicated legal history).
(JS has plenty of great utility libraries. The problem is that its package management is excessively centralised and not managed terribly well)
Additionally, it is standard practice in the Java world, which is more "corporate" or "enterprise-y", for better and for worse, to have organisations operate their own internal package registries / mirrors. Even if you unpublished a major package from Maven Central, many organisations would be completely unaffected because they retain archived copies of all of their dependencies.
Wow, I couldn't think of a worse rebirth.
It's not that I don't value those things, it's that I think they're actively harmful (at least some of them), and that being passionate about them shows very toxic personality traits.
I understand if your values contain something like "money for me is good", but do your values also contain something like "money for this random guy is good"?
Like all alignment mechanisms (democracy, bureaucracy, etc.), these things only works to a first approximation — but they do work to a first approximation.
Making stuff (FOSS or otherwise) without caring about your audience leads to things like TempleOS, or the novel I've yet to finish writing (I'm never happy with what I've done despite having started it a decade ago already).
I don’t see how the size of the package matters here.
But I think the GP's point is that the cultural in other ecosystems didn't lean as heavily into "there's a package for that®" as JS does
For me it was surprising that so many projects used this naive implementation. Nonnaive implementation is faster and much smaller.
People are after the "number of downloads" metric on npm for various reasons. Left-pad has 1.4 million weekly downloads https://www.npmjs.com/package/left-pad Is-even has 160k weekly downloads https://www.npmjs.com/package/is-even
Sometimes people will include it as a dependency as a joke in their useful library. Other times the people who write these put it in useful libraries that they contribute to so that use of the useful boosts their numbers. I'm forgetting where it is now, but it was one of the big foundational libraries in React that used one of those and there was resistance to replacing (I believe) an include and use of is-even because they were a very strict adherent to the "never write code you can include" which meant that everything using it included it.
One such story: Why has there been nearly 3 million installs of is-odd - npm in the last 7 days? - https://www.reddit.com/r/programming/comments/886zji/why_has...
I vendor dependencies on the projects I work.
Predictable, offline builds. Storage is cheap.
I remember the incident and what stuck me most is how, for me, this was a clear example of a community (Javascript) that depended too much on dependencies (pun somewhat intended)
I don't know why so many people put so much blame on you. You unpublished a package with 11 lines of code [0]. I don't think you fully understood the frustration it would cause. And you mentioned that in the post.
> NPM didn't show usage stats, and there was almost no activity on Github. As a user, it was impossible to know the impact of unpublishing packages
The root cause imo isn't akoculu unpublishing the package. In my opinion that lies more in the over-reliance on dependencies, the npm policies and maybe also build systems not caching/vendoring code.
[0] https://en.wikipedia.org/wiki/Npm_left-pad_incident#Backgrou...
left-pad will happen again. Maybe not on NPM, but on crates.io/pypi/Google's go proxy. All it takes is for a developer to join the ICC and piss of Trump and suddenly the code is impossible to find on any of the standard repositories. Even Go will have issues because despite the Github references, all the standard go traffic still goes through Google. Or even worse, someone fights back against a recent invasion and uploads a virus that wipes the drive of whatever locale they're targeting.
He fulfilled his responsibilities as a author.
skrebbel•1d ago
That said, this seems like a weird argument to me:
> but I still don't understand why NPM didn't take the time to find out if any of my modules were widely used and consider ways to handle the unpublishing without breaking anything
Sure, NPM's unpublish mechanism was a misdesign, but is he saying that he expected people at the company to manually go through this every time someone did an unpublish? That doesn't seem too reasonable IMO, NPM the company isn't curating NPM the registry. They host it as a public service.
I can't fault the author all too much here though, if he hadn't triggered "the left-pad incident" then someone else would've not too long after. NPM fixed the problem, by means of a better unpublish policy [0] and that's that.
[0] https://docs.npmjs.com/policies/unpublish#packages-published...
nicou•1d ago
HPsquared•1d ago
rootlocus•1d ago
The man page for a unix binary is at least two orders of magnitude larger. At some point, the "Unix philosophy" doesn't make sense anymore. I mean, it couldn't even rightpad.
baobabKoodaa•1d ago
oh look at me, 589 published packages on npm! with 5 700 quadripillion weekly installs!
another-dave•1d ago
ThinkBeat•1d ago
xnorswap•1d ago
I think the left-pad incident helped shatter that myth. He we had huge packages depending on a package which padded a string in an inefficient manner.
It turns out that the many eyeballs of the bazaar had averted their gaze from what was actually happening, which is a system of impossible to audit dependency chains.
I think it also shows the impact of using a language with a poor standard library.
Padding is absolutely something that should be available as an extension over String.
If JavaScript were controlled in the same manner that Go, Rust, Java, .NET, python etc, then it would have been added years ago.
Apparently it has now finally arrived in ES2026: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Refe...
eviks•1d ago
In what way? Have the dependency trees gotten significantly smaller since then?
beej71•1d ago
I installed `pass` (the lightweight password manager) on a fresh headless system the other day and it brought in like 60 packages including a bunch of X stuff.
BenjiWiebe•1d ago
Installing 'pass' pulled in: desktop-file-utils emacs-filesystem git-core libpng qrencode qrencode-libs
Plus weak (optional) dependencies: libwayland-client mailcap wl-clipboard xdg-utils
12 packages, 5 MB download, 24 MB installed. Could be worse, could be better.
I was honestly expecting Fedora to have less than that.
beej71•29m ago
One of the big trigger is the dependency pass->xclip. That sets off a big cascade of X.
dagw•1d ago
bakkoting•19h ago
ES2017 [1]. The MDN docs always link the latest version of the spec; the year in the link doesn't correspond to the version where it was added. The proposal was already mostly done at the time of the incident [2]
[1] https://tc39.es/ecma262/2017/#sec-string.prototype.padstart [2] https://github.com/tc39/proposal-string-pad-start-end
xnorswap•7h ago
efilife•18h ago
randunel•1d ago
The author simply ran the script that NPM themselves told him to, and later NPM blamed the author for their own failings.
skrebbel•1d ago
coffeebeqn•1d ago
bsenftner•1d ago
ben_w•1d ago
skrebbel•1d ago
But I do agree now that the author isn't really to blame.
nindalf•1d ago
It's because you haven't read al-Ghazali yet.
(definitely the most pompous and self-important part of this post)
bartread•1d ago
I don't know that I fully buy this either, at least not the anger part.
I can look back on all this with wry amusement nowadays but I remember it being pretty frustrating at the time.
It sort of felt like, well, either you knew what the impact of unpublishing all your packages would be and you did it anyway, which makes you kind of antisocial, or you didn't know what the impact would be but did it anyway, which makes you kind of a hothead. And in this latest piece Azer has admitted that he didn't understand what the impact would be so... y'know... I do wonder if anger was at least a small factor.
Regardless, it's pretty clear that npm bear a lot of the responsibility for what happened. It's also something that happened a very long time ago and, as I've already implied, is just a funny story nowadays, not something I can manage any ire towards Azer over.
IggleSniggle•1d ago
He wants to remove his stuff, but isn't sure what the right way to do it is, so he asks npm. npm provides him with a set of scripts to run to remove his stuff, and he, presuming that it's "ok" if npm told him to go ahead and run them, runs them. The impact isn't especially important to him, But since npm just gave him a set of scripts with an implicit "oh okay you want to remove your stuff, here I wrote you a script you can run to get it done," makes it more of an npm choice to handle it in this manner. npm asked him to handle it this way, so he did.
k__•1d ago
If NPM would have prevented the depublishing, he would have made a scene and in the worst case, they would have looked bad.
How they actually handled it, the library author got full freedom but also full responsibility
msla•1d ago
Lesson: Vendor your dependencies, I guess. Although a lot of the ire around left-pad was programmers using a library for something so trivial, but that's a different conversation.
bartread•1d ago
Very true.
Although, from 2012 onwards, up to around the time of the leftpad incident, the trend - and the pressure - was to minimise the amount of work your code was doing and to publish tiny packages that only did one thing or solved one problem, deferring to other tiny packages for anything non-core. I remember colleagues more embedded in the JS world than I was passionately arguing for this in 2012/13.
And it did make some sense: bandwidth matters, particularly on mobile devices (which became a key source of traffic during that period) so why pull in some gigantic do everything library when you only need a handful of functions[0]? Sure, minifying and pruning help but, due to JS's nature, pruning can only get you so far.
But, yes, I think leftpad was something of a teaching moment on the downsides of this approach.
[0] Of course, if you then stick 6 different tracking scripts in all your pages, it's super-easy to undo all the good you've done by minimising your bundle size, but that's a different conversation.
lmm•1d ago
I mean he says he asked them to remove all his packages, expecting them to do so gradually, following whatever mitigation strategy they felt appropriate (e.g. some kind of warning and fadeout process), and instead they gave him a script to do it immediately so he did that.
eviks•1d ago
As opposed to looking much worse? Easy decision.
thomassmith65•1d ago
grant me the serenity to accept the things I cannot change; courage to change the things I can; and wisdom to know the difference
pointlessone•1d ago
thomassmith65•1d ago
nkrisc•1d ago
This whole problem was trivially avoidable, and people get mad at him because they were too lazy to avoid it.
bartread•1d ago
nkrisc•1d ago
Lots of people made a big mistake, they found out the hard way. Lesson learned.
bayindirh•1d ago
Being neutral and seeing a good way forward is not something practiced, taught or celebrated in western, esp. American culture much. One always needs to have a thrust source (mostly an emotion driven by logic, taught during being grown up (e.g.: You should be angry about it)) to make decisions.
In fact, sometimes, you just don't have a thrust source, you just feel like doing it. It feels the right thing to do, and you do it with no emotions attached.
This is a boon, in fact it's called "clarity" brought by being with yourself. Either spending time outdoors, doing some reflection work, or by meditating. I use the same methods when I face with a non-urgent but important decision. Let the way reveal itself. Putting logic and emotions aside and finding the right way is not easy, or the process is not smooth sailing, but I never arrived to a wrong place by following that path.
toledocavani•1d ago
tkiolp4•1d ago
So, im gonna try and read something by al-Ghazali.
akoculu•1d ago
When this happened, people started making assumptions. A few of them:
1. I’m irrational 2. I’m angry 3. I’m greedy
They came to one of these conclusions, based on how they see themselves in the same position.
I can be of course one of these three in some other situations, but in the left pad incident, I done all purely with my heart, to stick to my values and principles which was behind my motivation to do open source for such a long time.
Ghazali is the best source I’m aware of about how to put heart in the driver seat of life, and without fighting but using logic, greed, anger etc as tools.
If my reference made curious about him, I couldn’t be more happy. Here’s a great lecture about his book, The Alchemy of Happiness: https://youtube.com/watch?v=zBwWc0DflRQ
hermannj314•1d ago
akoculu•1d ago
aa-jv•7h ago
One thing I have learned about al-Ghazali today, thanks to your efforts, is that philosophers aren't always right, faith and logic can work together, and doubting everything can lead to truth.
But, most importantly, live ones faith honestly - and this is especially true for those of us who detest imperialist/corporate interference in spiritual activities, such as publishing packages to the npm ecosystem intended to make ones fellow human beings lives' more rewarding, in spite of the lack of personal rewards to be gained in doing so.. that the value in seeing this is lost on a lot of HN responses in this thread so far, is no big surprise - but it is surely disappointing.
I hope you will consider adding Aquinus and Augustine of Hippo to your references, also. Sometimes it helps to see how the universality of true philosophy crosses cultural divides.
akoculu•1d ago
I’m quite familiar with both western and eastern traditions, don’t know any better source than Ghazali’s “the alchemy of happiness” about how people make decisions.
It’s kind of ironic to see people being triggered by just the mention of it though — just reflects what your heart tends to reject impulsively. I wish you curiosity.
P.S Here’s the full quote, it entertainingly describes the ignorance here:
“first, they didn't look at the dates of the emails. They don't understand the timeline.
second, they can't relate to standing your ground in a high pressure situation involving threats.
and third, they haven't read Al-Ghazali yet, don't quite understand how (free) people make decisions”
nindalf•1d ago
akoculu•1d ago
overbytecode•1d ago
nindalf•1d ago
bayindirh•1d ago
Let's put the same sentence:
"I'd love to explain to you, but if you haven't read $SOURCE_MATERIAL, you wouldn't understand it anyway".
Does it sound pompous and insufferable?
nindalf•1d ago
bayindirh•1d ago
Of course we can agree to disagree. I'm not trying to win anything, but just express my perspective.
Have a nice day!
Politely pushes forward a freshly brewed mug of tea across the counter.
bayindirh•1d ago
If getting wisdom from others is not your thing, I can respect that, but low-key insulting them for leaving you pointers for a more enlightened place is rude.
You can instead say "I don't understand why Al-Ghazali relates to this", and that would be completely OK.
nindalf•1d ago
Lastly, it's fine to quote someone but you need to explain how it's relevant to the conversation. The author could have summarised al-Ghazali's idea about free will or whatever and it would have been fine. But he didn't even bother, as if the ideas so basic and well known that it's not even worth doing.
I'm pretty comfortable with the way I've poked fun at the author's pompousness. If you need further explanation it's because you haven't read Chanakya yet.
bayindirh•1d ago
I don't think that you're pompous because you cited somebody I don't know that existed. I'm not a god. People show me things I don't know, I take note of them.
Maybe I won't agree with the direction you show me, but at least I have a new direction to discover.
This is the difference.
skrebbel•1d ago
GuinansEyebrows•23h ago
olalonde•1d ago
> And third, they haven't read Al-Ghazali, don't quite understand how I make decisions.
Not everyone makes decision guided by the heart. Many people lean more on reason and logic.
akoculu•1d ago
Yes, when theres's no impulse strong enough to outweigh reasoning. You don't need Ghazali for this, Kant also explains it. Before suggesting that I rephrase things, I think you should explore the domain first.
olalonde•23h ago
akoculu•23h ago
BS -- What's your familiarity with what you're talking about?
olalonde•23h ago
akoculu•23h ago
> Do you not agree that some people would not have made the same decision as you did back then?
:facepalm:
oftenwrong•20h ago
aa-jv•8h ago
What compels you to say this? Would you be more satisfied if he'd suggested the reader acquaint themselves with Thomas Aquinas or Augustine of Hippo? Are you familiar with al-Ghazali, the scholar, or is he new to you?
You have, rather literally, proven the philosophers point - while remaining, it seems, ignorant of it.
Or perhaps, you mean to imply that /u/akoculu was doing a good deed not because he cared, but to show off?
The irony is, al-Ghazali asked his readers to question their pomp and self-importance, and to do good deeds because they truly cared, not because it would result in social acknowledgement by the mass collective, whose motives should always be questioned, effectively.
Perhaps, then, your position is more of a reflection of your own condition? One would hope your disdain is borne on an actual understanding of al-Ghazali's position, vis a vis self-doubt ... or rather, one would hope your current position is based on an ignorance of his works, actually.
One should never feel so compelled to deny the enlightenment of others, especially if by doing so, you resort to personally-motivated obscurantism in response.
DanielHB•1d ago
They do in fact curate the registry, mainly for reporting vulnerabilities to consumers and to remove malicious packages.
diggan•1d ago
JJMcJ•1d ago
After left-pad, I understood why.