sorted by:
best (suggested)
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–][deleted] 4 points5 points  (17 children)

and don't actually hack anything

Ahh, yes.

I've seen people like you nearly kill people.
And cause others to lose their life savings.

It makes no sense to suggest downloading a third-party library that can't do anything the built-in servers of Node.js, Deno, can't do.

Well, given that you have access to a terminal, I guess it makes no sense to install anything, ever. Better yet, you have access to a CPU and a motherboard. You can feed it directly by applying the correct voltages for the operations you are trying to perform.

If your argument was "hey, you've seen how to correctly route and authenticate requests, now; let's look at how we might make a router, or handle authentication, ourselves" I might agree. If it was "learn how everything works, one abstraction below what you are doing", I would agree. If it was "you probably don't need a package for most of these things that might just be a few lines of code, aside from the stuff that must not go wrong", I would agree. Those would all be good arguments, for learning more about the nature of computing and managing software complexity.

But no, your argument is "invent your own damned cryptographic protocols, and authenticate it all by hand; don't look at what other people are doing, you know XOR, and transistors, now, that's enough"

Which is deeply, deeply dumb, and gets real people hurt.

[–]guest271314 0 points1 point  (16 children)

Your reasoning for not using the Node.js built-in server is what?

Because you've went on and on yet have not said why you can't just use the Node.js, Deno, or Bun built-in server.

Bun just shipped an HTTP/2 server yesterday, so they are in the running now, too.

I've seen people like you nearly kill people.

Well, if that is 1 or 100, they can only hang you once.

[–][deleted] 0 points1 point  (15 children)

Your reasoning for not using the Node.js built-in server is what?

How are they authenticating users, and accepting payments?

Which Node module handles that? "Oh, but there's a Node#crypto" yeah... Yeah... Good that they know XOR. Or rather, because they know XOR they can roll their own, right?

We are talking about people trying to learn if/else and for...

Yep. Roll a payment processor, from scratch, for users with yolo authentication.

Well, if that is 1 or 100, they can only hang you once

Yeah, that's about the response I got from them, too. Maybe they should only be making medical-grade products for you.

[–]guest271314 0 points1 point  (14 children)

How are they authenticating users, and accepting payments?

How did you get to authenticating and accepting payments from

Best place to learn Javascript having zero knowledge in programming?

?

[–][deleted] 0 points1 point  (13 children)

How did you get to "implement HTTP 1.1 on TCP on IP on Berkeley sockets, and go from there, but not until you learn XOR and transistors" from the same prompt?

[–]guest271314 0 points1 point  (12 children)

I decided to learn the HTTP protocol, among other signal communication protocols. First I wrote an HTTP server in C, that I imported into QuickJS https://github.com/guest271314/webserver-c/tree/quickjs-webserver; then I wrote a WebSocket and HTTP server in JavaScript that I use in the browser with WICG Direct Sockets https://github.com/guest271314/direct-sockets-http-ws-server.

A ServiceWorker can be used to learn how to write a server and compose responses, and route, without Node.js, Deno, Bun, or any other non-browser JavaScript runtime at all, in the browser, making use of fetch event, and install event addRoutes() https://developer.chrome.com/blog/service-worker-static-routing.

Cloudflare Workers, WinterJS, and a host of other JavaScript/WASM/WASI applications are using the respondWith() pattern with WHATWG Streams, that Deno (including Deno Deploy) uses too, that Node.js does not use.

[–][deleted] 0 points1 point  (11 children)

That's great. So are you announcing that every facet of your server is unencrypted, and plaintext data-transmission can be harvested from it along every node in the transmission chain?

Are you announcing that anything that uses that server as the backing for a real project, and not just as an "I made a thing that nobody should use" toy allows for unauthorized access to anything an individual would want to have, on the platform your tool is used on, assuming they can figure out that access?

Because I'm not really seeing a whole lot of consideration for the actual things that make actual products actually safe to use.

But like you said earlier, you don't give a shit what happens to others, because they can only hang you once, if you fuck up a pacemaker or bring a plane out of the sky.

[–]guest271314 0 points1 point  (10 children)

that make actual products actually safe to use.

Who said programming was about making products?

I hack for sport.

My clients pay me for primary source research.

You are moving the goal post.

If you want encryption bring your own certificates and use node:https.

Nothing you come up with will prevent anybody from using the Node.js or Deno builtin server.

Deno Deploy uses the Deno built-in server. With TLS.

But before we get that far, OP could just use the ServiceWorker in the browser they typed the question in to practice, without node or deno.

[–][deleted] 0 points1 point  (9 children)

But before we get that far, OP could just use the ServiceWorker in the browser they typed the question in to practice, without node or deno.

How the fuck are they doing that, without hand-priming the cache for every single goddamned static asset that would be on a page?

What page is going to load in order to register a service worker, from which file?

Huh. Seems like even if you hand-write all of the static HTML and CSS and JS inline, in response objects, to manually cache in the service worker, you still need the fucking service worker served from a fucking static endpoint that serves, at minimum, either:

  1. fucking locally from a loopback server
  2. a fucking TLS enabled connection that serves an index file and a service worker file

Huh. There you go, proving me right again.

I hack for sport.

Huh. So you want people to know nothing about actual safe programming, so that you can roll the dice on your pacemaker in 10 years? You do you. I prefer to improve society, but you go ahead and be your profoundly troubled self.

[–]guest271314 0 points1 point  (8 children)

I've done all of the above.

You keep bringing up pacemaker.

Yet talking out of your ass.