Adam and Jerod talk with Dominic Tarr, creator of event-stream, the IO library that made recent news as the latest malicious package in the npm registry. event-stream was turned malware, designed to target a very specific development environment and harvest account details and private keys from Bitcoin accounts. They talk through Dominic’s backstory as a prolific contributor to open source, his stance on this package, his work in open source, the sequence of events around the hack, how we can and should handle maintainer-ship of open source infrastructure over the full life-cycle of the code’s usefulness, and what some best practices are for moving forward from this kind of attack.

Should I read this 22 minute read on the state of web browsers? Sure. Count me in! Microsoft has confirmed the rumor to be true. We now have one less browser engine, and a last man standing (Firefox) in deep trouble (reasons below). … The web now runs on a single engine. There is not a single browser with a non-Chromium engine on mobile of any significance other than Safari. Which runs webkit, kind of the same engine as Chromium, which is based on webkit.

Mac users don’t care about mac apps like they used to. Today and the future is a web platform world with JavaScript at the center morphing into this gigantic blackhole (mainly a gravity metaphor) with everything else being pulled into its orbit. The more Mac users there are, the more Mac apps we should see. The problem is, the users who really care about good native apps — users who know HIG violations when they see them, who care about performance, who care about Mac apps being right — were mostly already on the Mac. A lot of newer Mac users either don’t know or don’t care about what makes for a good Mac app. John Gruber also quoted SwiftOnSecurity regarding Microsoft’s switch to Chromium as Windows’s built-in rendering engine, saying: This is the end of desktop applications. There’s nowhere but JavaScript.

In this special episode of JS Party, KBall and Nick are on location at Node + JS Interactive in Vancouver. They talks with Laurie Voss, co-founder and COO of npm Inc. They chat about his talk, “npm and the Future of JavaScript”, JavaScript frameworks, and how the definition of “the fundamentals of the web” is constantly changing.

unified –for the uninitiated– is an interface for processing text with syntax trees and transforming between them. Maybe you’ve never heard of it, but you’ve probably relied on it as part of your software infrastructure: [unified] has been OSS for years, but has recently gotten more traction. It’s used in fancy technology such as MDX, Gatsby, and Prettier, and used to build things like Node’s docs, freeCodeCamp, and GitHub’s open source guide. Project’s like unified are crucial to the JavaScript ecosystem, but they’re difficult to fund and support toward sustainability. Hence, the unified collective. Today, we are pleased to announce the creation of the unified collective. It’s an effort to bring together like-minded organisations to collaboratively work on the innovation of content through seamless, interchangeable, and extendible tooling. We build parsers, transformers, and utilities so that others don’t have to worry about syntax. We make it easier for developers to develop. Let’s show these maintainers some 💚 and share this around to those who should be supporting it.

Jeremy Fuksa has had a rough few years. After deciding to go out on his own, his third year in business was filled with anxiety. Going back to working a full-time job may sound like a failure to some, but Jeremy doesn’t look at it that way. He talks to me about his unique skill set, dealing with anxiety and depression, and how his recent experience has taught him some great lessons.

If you’ve been watching the news, you know that the latest data breach involved Marriott exposing 500 million guest reservations from its Starwood database. The kicker is that the unauthorized access to the Starwood guest database stretches back to 2014. That’s FOUR YEARS of unfettered access to this database! It’s breaches like these that helped motivate the team at the Cryptography Research Group at Microsoft to be “extremely excited” to announce the release of Microsoft SEAL (Simple Encrypted Arithmetic Library) as open source under the MIT License.

Drop-in Pusher replacement, SSL support, Laravel Echo support and a debug dashboard are just some of its features. This looks really well done. The Laravel community is en fuego as of late. 🔥

When you’re looking for a programming job, there are dysfunctional companies you’ll want to avoid. This article will help you recognize one warning sign: a particularly problematic phrase.

This is a short 15 minute talk from Henry Zhu at All Things Open, who just announced their photos and videos from their 2018 conference. In this talk Henry asks: When we think about open source, we think about code. Is it more than that? What do you think? What is open source to you?

Another beautifully designed tech product with Pentagram steering the visual design (see my post from last week) – this time aimed at introducing kids to the world of Cryptocurrency. For some reason this feels Black Mirror-esque, but what doesn’t these days? A collaboration with fintech start-up company Pigzbe, the new work wants to help “children and their families learn the principles of 21st century finance through cryptocurrency savings and hands-on play.” Sure beats settling down to all 704 pages of Thomas Piketty’s economic tome Capital. The project is currently on Kickstarter. If you have kids, maybe consider backing it? (Just don’t put all of their college savings into it and expect that to pan out.)

Contribute your insights to the 2018 npm survey and help to evolve and improve tools, services, and the ecosystem.

Vim is the editor that’s always there for you… Literally! It’s probably on your machine right now, and it’s one of the most popular in the world. Learn more about it with 24 high quality articles dispersed throughout the month of December.

Big rumor coming out of Redmond this week: Microsoft is throwing in the towel with EdgeHTML and is instead building a new web browser powered by Chromium, which uses a similar rendering engine first popularized by Google’s Chrome browser known as Blink. I’ve long been a proponent for browsers differentiating at the feature/integration layers and teaming up at the rendering layer, so I view this as good news. What do you think?

Link in the title goes to the source code that implements the the applications for each chapter of the book. Check out the book’s homepage here and read the first few pages for free right here.

PhysX is NVIDIA’s hardware-accelerated physics simulation engine that’s now released as open source to move it beyond its most common use case in the gaming world, to give access to the embedded and scientific fields — think AI, robotics, computer vision, and self-driving cars. PhysX SDK has gone open source, starting today with version 3.4! It is available under the simple 3-Clause BSD license. With access to the source code, developers can debug, customize and extend the PhysX SDK as they see fit.

This “Data Color Picker” looks like a spectacular tool for any developer out there (like myself) who appreciates the value of a good color palette, but lacks the ability to put one together. You’re not alone! (This tool is for generating equidistant palettes for data visualizations, but it can most certainly be used generically.) Creating visually equidistant palettes is basically impossible to do by hand, yet hugely important for data visualizations. Why? When colors are not visually equidistant, it’s harder to (a) tell them apart in the chart, and (b) compare the chart to the key. I’m sure we’ve all looked at charts where you can hardly use the key since the data colors are so similar. You pick the “endpoint” colors and it generates all of the colors in-between. Very cool.

Being on call isn’t that bad if you find ways to learn from it and make it worth your time and effort. Henrik covers to “why’s”, alarms and alerting systems, and even compensation and scheduling. Henrik writes: For most of the past ten years, I have been on organized on call rotations for the systems I have been developing. I think being on call is a logical way of taking responsibility for your work. You also learn a lot from it. However, it is stressful and an inconvenience, so you should get paid for it.

Collection of component libraries for UI toolkits for React, VueJS, Angular, ember. and mithril. Including implementation of Material Design, Fabric, Ant design, etc for each front-end framework.

Joe Doliner (JD) joined the show to talk about productionizing ML/AI with Pachyderm, an open source data science platform built on Kubernetes (k8s). We talked through the origins of Pachyderm, challenges associated with creating infrastructure for machine learning, and data and model versioning/provenance. He also walked us through a process for going from a Jupyter notebook to a production data pipeline.

HaskellRank is a YouTube series where we solve a couple of simple programming problems but in Haskell. It’s an on-going experiment where I’m trying to teach Haskell through constalty showing different examples instead of giving a well structured material.