Adam Jacob (co-founder and creator of Chef) tldr’d his ideas to create sustainable free and open source communities by saying, “we should stop focusing on how to protect the revenue models of open source companies, and instead focus on how to create sustainable communities.” He says this will lead to better software, and that it’s also better for business. In addition to this post, Adam also wrote a short book. When I say “Sustainable Open Source Community”, I mean the following: A unified body of individuals, scattered throughout a larger society, who work in support of the creation, evolution, use, and extension of free and open source software; while ensuring its longevity through meeting the needs of the present without compromising the ability of the community of the future to meet its own needs.

DevHub helps you take back control of your GitHub workflow and stay on top of everything important going on. Available on the web, iOS, and Android (thanks to React Native).

John Demian lays out Lambda’s runtime environment limitations for your consideration. I gave Lambda a chance to impress me after Pam Selle gave us the hard sell, but I hit up against the 5-minute function execution timeout. Needless to say I was not impressed. It’s nice to see they’ve increased that to 15 minutes, but there are other constraints to consider as well.

See what happens when a rogue evil dependency explores ways to attack the developer, server, the end user, plus other examples. Jake Archibald recently experienced a small hack (break-in) on an old website. As a thought exercise, he explored various scenarios with the kind of “powers an evil dependency could have, and what, if anything, could be done to prevent it.” Jake went on to say, … It’s been terrifying to think this through, and this is just for a static site. … For sites with a server component and database, it feels negligent to use packages you haven’t audited. With Copay, we’ve seen that attacks like this aren’t theoretical, yet the auditing task feels insurmountable.

If you already know what save-exact, npm ci, npm audit fix, npx, updtr, and NVM_SYMLINK_CURRENT do, maybe skip this post. If not, check it out!

This project aims to be a drop-in solution for sites to prefetch links based on what is in the user’s viewport. It also aims to be small (< 1KB minified/gzipped). Relies on IntersectionObserver. Since prefetching is a form of progressive enhancement, unsupported browsers are no big whoop.

In an attempt to confirm Kubernetes’ move beyond hype to widespread enterprise adoption, Francesc Campoy and Victor Coisne used source{d} Engine to analyze all the Kubernetes git repositories through SQL queries. Here’s a snapshot of what they learned. At its outset in 2014, the Kubernetes project had 15 programming languages, a number that quickly increased to 35 by the beginning of 2017. Given that Kubernetes came from Google, it’s not surprising to see that Go is by far the dominant language followed by Python, YAML and Markdown. The analysis shows that other languages such as Gradle and Lua have been dropped while some others like Assembly, SQL and Java made a comeback. The full results of the analysis are available upon request via a link shared at the end of the blog post.

DHH announced on the Ruby on Rails blog the details behind Action Mailbox, the second brand new framework coming to Rails 6 (the first was Action Text). Action Mailbox routes incoming emails to controller-like mailboxes for processing in Rails. The framework was, like Action Text and Active Storage, extracted from Basecamp 3. We’ve been using a related approach to route everything from forwarded emails to email replies to messages and discussions. After extracting the ideas into Action Mailbox, we reintegrated the framework into Basecamp, and we’ve been running the code we’re sharing today for over a month in production.

KBall, Chris, Nick, and Safia discuss how they keep a healthy relationship with dependencies in their codebase. Listen to learn how they decide when to use third-party dependencies, how they verify and validate dependencies, and how to support the ecosystem of open source libraries.

Jerod is joined by Andrew Nesbitt and Ben Nickolls to talk Octobox, their open source web app that helps you manage your GitHub notifications. They discuss how Octobox came to be, why open source maintainers love it, the experiments they’re doing with pricing and business models, and how Octobox can continue to thrive despite GitHub’s renewed interest in improving notifications.

As a reminder, LiveView is an in-development feature of the Phoenix web framework that helps you create rich, interactive experiences while writing very little (ostensibly, zero) JavaScript. In Chris’ words: Phoenix LiveView is an exciting new library which enables rich, real-time user experiences with server-rendered HTML. LiveView powered applications are stateful on the server with bidrectional communication via WebSockets, offering a vastly simplified programming model compared to JavaScript alternatives. In the linked post, Chris shows a lot of examples of LiveView in action, demonstrating what it’s capable of. Here’s a feature-complete snake game, in 330 LOC, which requires zero user-land JavaScript. Impressive!

Loki is a horizontally-scalable, highly-available, multi-tenant log aggregation system inspired by Prometheus. It is designed to be very cost effective and easy to operate, as it does not index the contents of the logs, but rather a set of labels for each log stream.

Ire Aderinokun: The main reason the visibility: hidden rule isn’t just about visual visibility is because it affects the elements visibility to assistive technology as well. Love deep dives like this. Especially how it affects accessibility. Definitely something we front-end developers need to pay more attention to.

Dave Rupert feels that Microsoft Edge switching to Chromium makes other browser rendering engines “edge cases”: If there’s one thing I know about developers, it’s that we love to ignore edge cases because edge cases make our jobs more difficult. Google itself regularly ships Chrome-only products and I’ve been told by Googlers that they’re directed to only care about Chrome. Like Dave, I feel torn between different arguments. But just as Blink is a fork of WebKit, who knows if we’ll also see a fork of Chromium led by Microsoft in the future.

Jeremy Keith starts off his 24 Ways article by reminding us of Murphy’s Law. What does this have to do with the web you may ask? A service worker is a Murphy-battling technology that you can inject into a visitor’s device from your website. Once it’s installed, it can intercept any requests made to your domain. If anything goes wrong with a request—as is inevitable—you can provide instructions for the browser. That’s your opportunity to turn those server outage frowns upside down. Take those network connection lemons and make network connection lemonade. Just as we design 404 pages, designing a pleasant offline experience is important.

Crossplane provides a universal cloud computing API. Control your workloads across clouds and on-prem environments from one unified place. Nobody wants to be locked in to their current cloud provider. With Crossplane (and a new breed of ‘multi-cloud’ tools like it), you can spread your application across multiple cloud providers at a single time, migrate managed services across multiple clouds, and more. We might be looking at the future of cloud computing, right here. I’m sure this will be a hot subject at this week’s KubeCon in Seattle. (Adam is onsite covering the event. Find him and say hi if you’re attending.)

JSONPlaceholder is a free online REST API that you can use whenever you need some fake data. It’s great for tutorials, testing new libraries, sharing code examples, … It comes with a set of 6 common resources. You know, the usual suspects like /posts and /comments. Prefer to use your own data? The whole thing is powered by json-server, which will get you up and running in 30 seconds-ish.

Eran Hammer makes the case for hapi as your Node web framework of choice. We’ve been talking about dependencies a lot lately due to recent events. In light of that, think about this: hapi was the first (and still the only) framework without any external code dependencies… I personally (and manually) review every single line of code that goes into hapi (excluding node itself). I review every pull request on every dependency regardless if I am the lead maintainer. That’s quite the selling point! He has a lot of great reasons why hapi is worthy of your consideration. Click through for the hard pitch.

Here’s an interesting twist on open source funding: require all users to back the project on Open Collective, but only enforce that rule via social pressure. In other words, use an honesty policy: It is an honesty system with no code or legal enforcement. When raising an issue or a pull request, the user may be checked to ensure they are a patron, and that issue/PR may be closed without further examination. If a individual or organization has no interest in the long term sustainability of Fody, then they are legally free to ignore the honesty system. The software is MIT-licensed, so all of those liberal rules apply, but don’t expect to get your PR merged or your issue taken seriously unless you’re a patron. You must be a Patron to be a user of Fody. Contributing Pull Requests does not cancel this out. It may seem unfair to expect people both contribute PRs and also financially back this project. However it is important to remember the effort in reviewing and merging a PR is often similar to that of creating the PR. Also the project maintainers are committing to support that added code (feature or bug fix) for the life of the project. The project currently has 4 organizations and 10 individuals supporting it. What do you think those numbers will look like in 6 months or a year?

I put Terminus’ tagline in scare quotes because while it’s intriguing, I do not know for sure whether it delivers on that promise. In more of its own words, Terminus is: …heavily inspired by Hyper. It is, however, designed for people who need to get things done. Them sound like fighting words. But what does “designed for people who need to get things done” mean, exactly? From the feature list in the README, I think maybe it means that it takes Windows more seriously than Hyper and handles printing output more quickly. But that’s just a guess… I’d love to see a roundup and comparison of this new breed of Electron-based terminals. Anybody game?