A few years back my office threw away a PC running Windows XP with no service packs. It was left in a closet for many years just in case we had to fix a bug in some safety critical code.

A few years ago we tried to rebuild some safety critical code from sometime back and were unable to because the certificates had expired and so the machine that can build the source code refused to connect to our version control system.

This is why I really like Debians policy of being self-contained, that everything in Debian is built from sources that are in the Debian system.

It takes a lot more effort to package stuff, since you can't just download your dependencies from the internet. But you also create something that isn't as ephemeral.

Since you mention it, I recall that it's the same thing in OpenBSD: their policy is "base builds base."

> Today’s trendy development practices are shockingly ephemeral and fragile

My fellow human, you have just nailed what is wrong with today's software.

Or stated a tautology. The trendy is almost by definition ephemeral and fragile. Otherwise we'd call it timeless!

> And unless you put in the effort to archive those dependencies yourself

go makes this extremely easy to do

https://go.dev/ref/mod#go-mod-vendor

rust tool chain also includes a vendor dependency process

https://doc.rust-lang.org/cargo/commands/cargo-vendor.html

Do you use this and check in vendored code? I don't, maybe I should

Reading this thread makes me think about archiving my code too. I have backups of my project folders going back to the 90s when I started programming. But I often delete node_modules and other build artifacts before archiving because that stuff takes up so much space.

But maybe it’s worth going through and actively and explicitly downloading all those dependencies too. Who knows when npm will get hacked again, or old package versions will get yanked. Disk space is cheap. I’ve written a lot of code over the years. It would be nice to know it all still runs.

  > Very little of today’s projects would survive one decade left fallow, let alone four.

I hate to break it to you. 2040 is less than half as distant as you think it is.

I want off this ride.

It will be over sooner than you think it will be.

I think that's somewhat the curse of technology. It's so hard to make anything from scratch. How do you get metallurgy working without already having metals? How do you get electricity running without an outlet, or at least powerful, easily sourced magnets?

Thinking about the "dependency tree" for any modern convenience is truly staggering. I can't even start to think about how you can make a factory without first having a factory.

Checking dependencies into VCS should be more common as with yarn PnP and such.