For the last few years I have been poorly maintaining the Safe add-on for Firefox. A quick summary: it’s changes the border of a page and tab colour of secure websites - green for sites with EV certificates, blue for regular SSL, and red for broken SSL. For me, it gave a better visual cue to whether I was on a secure page rather than looking for the lock icon. It’s an addon that you don’t know you have until you feel something’s missing.

With the soon-to-be-released let’s encrypt coming, it gave me pause as to whether pervasive SSL is coming and what that means for the future of the add-on. Some people wish their projects will always stay relevant, but not me - or at least not this. A future where information is private from my machine to a server, whether it be in a trusted place like my home or in a shop’s open wifi, is a future that I would gladly put that add-on to rest.

(OTOH, maybe it would be put to rest without me. Hear about Firefox revamping their add-on ecosystem? :) )

One of the most challenging programming programs I ever attempted was a Pokemon Battle Simulator (PBS from now on).

My first, and most successful, attempt was on the mIRC scripting language. Though it was very buggy and not very easy to debug, it was possible for two people to actually have a battle.

My next few attempts revolved around moving it to C++ and using an OO language, but I was a pretty inexperienced programmer who had little time and those attempts were even less successful. Also C++ was the absolutely wrong choice.

Part of the complexity of creating a PBS are:

• There are straight-foward rules
• There are many exceptions to those straight-forward rules

This caused a lot of if-conditions needing to be sprinkled everywhere.

There were also bugs in the Pokemon game itself that needed to be replicated in the PBS. Things like toxic-leech seed that are likely bugs but it is an actual strategy (and a poor strategy at that).

So nothing ever got complete, and I eventually lost interest in Pokemon.

That was… over a decade ago?

Once in a while I think back and wonder what happened to the community. There were different PBS in existance, even when I left. Today, there seems to be an open source version available called Pokemon Showdown written in Node, though I could swear the last time I checked this out it was written in Java.

One of the messaging apps that we are experimenting at work with is Slack. I’ve recently downloaded the Slack desktop app, and, out of curiosity as to what it was written in (because it’s 300MB after a few minutes of use), viewed it’s licence file.

The source code for Slack’s desktop app isn’t publically available, so I cannot link to it. But basically it has the licence for every open source library it uses. Almost all open source require the copyright notice to be included. And Slack had them all - all 420ish packages in a 10,000 line licence file.

Now to make this clear, I am all for using packages and libraries. It is not only a good idea, it is required for success of any project. Writing things from scratch is error prone, and you are basically throwing out money by not using OSS.

But 420 packages? I casually went through the list and picked one at random to see how complicated some of these packages are. I (and no mean to pick on the author of these packages here) found user-home - a package that tells you the path of the user’s directory. It is 2 lines of code. All the work is done in another project called os-homedir. Which in itself is under 25 lines of code, but I suppose there is some logic you want to re-use.

To the os-homedir/user-home author’s credit, they state that the library is to “Ponyfill” (like polyfill, but not replace the native implementation if it exists) older versions of Node.js.

None of this seems to make sense as Slack looks to package the runtime with their installer so they can choose to use the newer version.

So what are the downsides of using more packages? From a development standpoint, there are a few downsides:

• The time it takes to make a build. (1 time cost for developers, expensive when doing CI/regular builds)
• Keeping packages up-to-date. This is important for some but not all packages. This is something I don’t think many people do well even for a few package dependencies, but for 400+ I bet most are not up-to-date.
• Code size and complexity. No such thing as a free lunch, packages often come with features that go unused.

So what do you think? Such a thing as using too many package dependencies?