[meme where the hero pulls the mask off the tied-up Firefox’s head, revealing Safari]

Dynamic typing is insane. You have to keep track of the type of absolutely everything, in your head. It’s like the assembly of type systems, except it makes your program slower instead of faster.

You could have said the same for factories in the 18th century.

Everyone who died as a result of their introduction probably would say the same, yes. If corpses could speak, anyway.

Because web development sucks, web developers are always trying to reinvent web development such that it doesn’t suck, and they keep failing.

They keep failing because it’s impossible, and it’s impossible because the requirements are directly contradictory.

• Web application code must be simple and understandable (which requires the application to use a minimum of libraries and frameworks), but web applications must look and feel modern and fancy (which requires big, complicated frameworks).
• Web development must be easy (which requires the project to be written in JavaScript or something similarly simple), but web applications must have sophisticated functionality and not crash (which requires the project to be written in TypeScript, Rust, or something similarly non-simple).
• Web development must be easy (which requires the entire project to be written in a single language), but web applications must work to at least a basic degree with scripting disabled (which requires the project to contain non-trivial amounts of HTML and CSS in addition to JavaScript/TypeScript/Rust/etc).
• Web applications must be fast and not crash (which requires a compilation step with type checking), but it must be possible to iterate very quickly (which requires there to not be a compilation step).
• And so on.

And they keep failing because, quite frankly, they don’t know how to succeed. Most web developers are not grizzled 50-year-olds with decades of experience and a solid understanding of things like type systems and build automation, and most grizzled 50-year-olds with decades of experience and a solid understanding of things like type systems and build automation want nothing to do with web development. Microsoft somehow managed to scrape together enough exceptional individuals to create TypeScript, but they seem to have exhausted the supply of such individuals.

Most web developers don’t even seem to fully appreciate what TypeScript does and why it’s important, let alone have the skill to write similarly sophisticated tools themselves. Consider, for example, Vite not running TypeScript type checking with every build. Vite’s developers cite compilation speed as their motivation for cutting this corner. These people clearly do not understand the importance of correctness checking.

Another example: as far as I can tell, no web application build tools track dependencies between source files for incremental compilation, nor am I aware of any standard format for compilers (TypeScript, Sass, Babel, etc) to communicate that information to the build tools invoking them (Webpack, Vite, Grunt, etc).

Every once in a while there’s a ray of hope, like TypeScript, but that’s all it is: hope. The web developer experience has never been anywhere close to the caliber of developer experience you’ll get with a language like Rust, and sadly I don’t foresee that changing any time soon.

And no, htmx is not the answer to our prayers. It seeks to fix HTML, and HTML is not what’s fundamentally broken.

How will I notice when the spare fails, if it’s only a spare and I don’t regularly use it? Then I’m down to only one key, and as any grumpy backup admin will tell you, if you have only one copy of something, you have zero copies.

I would have a key plugged into the computer pretty much all the time when I’m working, so anyone who compromises the computer can impersonate me as long as I’m at work. This would be mildly inconvenient to the attacker, but wouldn’t actually stop the attacker. And if the computer isn’t compromised, how is anyone going to get into my GitHub account even without 2FA? They certainly aren’t going to do it by guessing my 16-character generated password or Ed25519 SSH key.

Something-I-know is worthless for authentication in the age of GPU password cracking. Most humans, including myself, do not have photographic memories with which to memorize cryptographically secure passwords. We’re all using password managers for a reason, and a password database is something you have, not something you know.

Allowing a smartphone access to anything sensitive is even worse advice. Smartphones are notoriously insecure.

Hardware tokens are specifically designed to resist copying. Any means of copying it would be considered a security vulnerability.

Bits rot. A hardware token kept in a bank vault may or may not still work when I need it 10 years later, and there is no reasonable process for regularly verifying the integrity of its contents. Backup drives’ checksums are verified with every backup cycle, and so are the checksums on the file system being backed up (I’m using btrfs for that reason).

Hardware tokens are expensive. Mechanical lock keys are not.

I personally am afraid of this. What if something gets botched? I’ll be permanently locked out of my account!

I dislike MFA because it creates a risk of losing access to my account. I can back up my passwords; I can’t back up a hardware device.

That was pretty much IBM’s excuse, if I recall correctly. Then it turned out IBM execs were well aware of who was buying their equipment and for what purpose…

I’m reminded of IBM’s dealings with the Nazis.

This is artificial pseudointelligence, not a person. It doesn’t learn about or transform anything.

I installed all three.

OpenBoard has no swiping support at all.

AnySoftKeyboard is glitchy, moving the cursor around unexpectedly and inserting spurious characters.

FlorisBoard’s swiping is very inaccurate, to the point that it’s barely faster than typing characters one-by-one.

I hope this situation improves soon…

Try not to have an overly rosy retrospection about this. There were plenty of crappy, cash-grabby games in decades past. We just don’t remember them because they were crappy, cash-grabby, and not worth remembering. They hadn’t invented microtransactions yet, but that’s just one more flavor of crappiness.