The Changelog The Changelog #326  – Pinned

The insider perspective on the event-stream compromise

Adam and Jerod talk with Dominic Tarr, creator of event-stream, the IO library that made recent news as the latest malicious package in the npm registry. event-stream was turned malware, designed to target a very specific development environment and harvest account details and private keys from Bitcoin accounts. They talk through Dominic’s backstory as a prolific contributor to open source, his stance on this package, his work in open source, the sequence of events around the hack, how we can and should handle maintainer-ship of open source infrastructure over the full life-cycle of the code’s usefulness, and what some best practices are for moving forward from this kind of attack.

read more...

Ferdy Christant ferdychristant.com

The state of web browsers

Should I read this 22 minute read on the state of web browsers? Sure. Count me in! Microsoft has confirmed the rumor to be true. We now have one less browser engine, and a last man standing (Firefox) in deep trouble (reasons below). … The web now runs on a single engine. There is not a single browser with a non-Chromium engine on mobile of any significance other than Safari. Which runs webkit, kind of the same engine as Chromium, which is based on webkit.

read more...

John Gruber daringfireball.net

Electron and the decline of native apps

Mac users don’t care about mac apps like they used to. Today and the future is a web platform world with JavaScript at the center morphing into this gigantic blackhole (mainly a gravity metaphor) with everything else being pulled into its orbit. The more Mac users there are, the more Mac apps we should see. The problem is, the users who really care about good native apps — users who know HIG violations when they see them, who care about performance, who care about Mac apps being right — were mostly already on the Mac. A lot of newer Mac users either don’t know or don’t care about what makes for a good Mac app. John Gruber also quoted SwiftOnSecurity regarding Microsoft’s switch to Chromium as Windows’s built-in rendering engine, saying: This is the end of desktop applications. There’s nowhere but JavaScript.

read more...

Rollbar Icon Rollbar – Sponsored

Errors from the world's top 100 websites (and how to avoid them)

Jennifer Marsh writes on the Rollbar blog: When you think of the top 100 sites in the world, you think of high-traffic domains and pages coded to perfection. In fact, even the most popular sites in the world have errors hidden behind the scenes that are still visible in your browser’s developer tools … We found that most of the top 100 sites had several errors which could be easily monitored and prevented. In this post Jennifer shows you the most common errors faced by the top websites in the world and how you can avoid them.

read more...
logged by @logbot permalink

Medium Icon Medium

Crowdsourcing the evolution of text parsing with unified

unified –for the uninitiated– is an interface for processing text with syntax trees and transforming between them. Maybe you’ve never heard of it, but you’ve probably relied on it as part of your software infrastructure: [unified] has been OSS for years, but has recently gotten more traction. It’s used in fancy technology such as MDX, Gatsby, and Prettier, and used to build things like Node’s docs, freeCodeCamp, and GitHub’s open source guide. Project’s like unified are crucial to the JavaScript ecosystem, but they’re difficult to fund and support toward sustainability. Hence, the unified collective. Today, we are pleased to announce the creation of the unified collective. It’s an effort to bring together like-minded organisations to collaboratively work on the innovation of content through seamless, interchangeable, and extendible tooling. We build parsers, transformers, and utilities so that others don’t have to worry about syntax. We make it easier for developers to develop. Let’s show these maintainers some 💚 and share this around to those who should be supporting it.

read more...

Away from Keyboard Away from Keyboard #9

Jeremy Fuksa is a unicorn

Jeremy Fuksa has had a rough few years. After deciding to go out on his own, his third year in business was filled with anxiety. Going back to working a full-time job may sound like a failure to some, but Jeremy doesn’t look at it that way. He talks to me about his unique skill set, dealing with anxiety and depression, and how his recent experience has taught him some great lessons.

read more...

Adam Stacoviak changelog.com

The Cryptography Research Group at Microsoft released Microsoft SEAL to encrypt and secure sensitive data in the cloud

If you’ve been watching the news, you know that the latest data breach involved Marriott exposing 500 million guest reservations from its Starwood database. The kicker is that the unauthorized access to the Starwood guest database stretches back to 2014. That’s FOUR YEARS of unfettered access to this database! It’s breaches like these that helped motivate the team at the Cryptography Research Group at Microsoft to be “extremely excited” to announce the release of Microsoft SEAL (Simple Encrypted Arithmetic Library) as open source under the MIT License.

read more...

Cryptocurrency itsnicethat.com

Jon Marshall wants to get kids into cryptocurrency

Another beautifully designed tech product with Pentagram steering the visual design (see my post from last week) – this time aimed at introducing kids to the world of Cryptocurrency. For some reason this feels Black Mirror-esque, but what doesn’t these days? A collaboration with fintech start-up company Pigzbe, the new work wants to help “children and their families learn the principles of 21st century finance through cryptocurrency savings and hands-on play.” Sure beats settling down to all 704 pages of Thomas Piketty’s economic tome Capital. The project is currently on Kickstarter. If you have kids, maybe consider backing it? (Just don’t put all of their college savings into it and expect that to pan out.)

read more...

Microsoft windowscentral.com

Microsoft to replace Edge with a Chromium-powered browser on Windows 10

Big rumor coming out of Redmond this week: Microsoft is throwing in the towel with EdgeHTML and is instead building a new web browser powered by Chromium, which uses a similar rendering engine first popularized by Google’s Chrome browser known as Blink. I’ve long been a proponent for browsers differentiating at the feature/integration layers and teaming up at the rendering layer, so I view this as good news. What do you think?

read more...

NVIDIA Developer Blog Icon NVIDIA Developer Blog

NVIDIA's PhysX project goes open source and beyond gaming

PhysX is NVIDIA’s hardware-accelerated physics simulation engine that’s now released as open source to move it beyond its most common use case in the gaming world, to give access to the embedded and scientific fields — think AI, robotics, computer vision, and self-driving cars. PhysX SDK has gone open source, starting today with version 3.4! It is available under the simple 3-Clause BSD license. With access to the source code, developers can debug, customize and extend the PhysX SDK as they see fit.

read more...

Data visualization learnui.design

A color palette generator for the design 'impaired'

This “Data Color Picker” looks like a spectacular tool for any developer out there (like myself) who appreciates the value of a good color palette, but lacks the ability to put one together. You’re not alone! (This tool is for generating equidistant palettes for data visualizations, but it can most certainly be used generically.) Creating visually equidistant palettes is basically impossible to do by hand, yet hugely important for data visualizations. Why? When colors are not visually equidistant, it’s harder to (a) tell them apart in the chart, and (b) compare the chart to the key. I’m sure we’ve all looked at charts where you can hardly use the key since the data colors are so similar. You pick the “endpoint” colors and it generates all of the colors in-between. Very cool.

read more...

Henrik Warne henrikwarne.com

Lessons learned while being a developer on call (for 10 years)

Being on call isn’t that bad if you find ways to learn from it and make it worth your time and effort. Henrik covers to “why’s”, alarms and alerting systems, and even compensation and scheduling. Henrik writes: For most of the past ten years, I have been on organized on call rotations for the systems I have been developing. I think being on call is a logical way of taking responsibility for your work. You also learn a lot from it. However, it is stressful and an inconvenience, so you should get paid for it.

read more...

Practical AI Practical AI #23

Pachyderm's Kubernetes-based infrastructure for AI

Joe Doliner (JD) joined the show to talk about productionizing ML/AI with Pachyderm, an open source data science platform built on Kubernetes (k8s). We talked through the origins of Pachyderm, challenges associated with creating infrastructure for machine learning, and data and model versioning/provenance. He also walked us through a process for going from a Jupyter notebook to a production data pipeline.

read more...

Our podcasts

No matter who you are or where you are on your path of being a developer, we have a podcast for you. This community cares about the past, present, and future generation of developers. We're about lifting people up, not putting people down.

0:00 / 0:00