News and podcasts for developers

This week we’re talking with Bruce Schneier — cryptographer, computer security professional, privacy specialist, and writer (of many books). He calls himself a “public-interest technologist”, a term he coined himself, and works at the intersection of security, technology, and people.

Bruce has been writing about security issues on his blog since 2004, his monthly newsletter has been going since 1998, he’s a fellow and lecturer at Harvard’s Kennedy School, a board member of the EFF, and the Chief of Security Architecture at Inrupt. Long story short, Bruce has credentials to back up his opinions and on today’s show we dig into the state of cyber-security, security and privacy best practices, his thoughts on Bitcoin (and other crypto-currencies), Tim Berners-Lee’s Solid project, and of course we asked Bruce to share his advice for today’s developers building the software systems of tomorrow.

Billy Wilcosky:

Flat file web software is about having a set up which doesn’t use a “traditional” database. Instead it uses plain text files, other files, and/or maybe something like a json feed to store the data.

In this post, he explains why he thinks flat file web software is on the come up (again):

Flat file software can be powerful. Depending on what you need. And I think with the right developers and brain power behind the movement it can be more scalable and secure. The sky’s the limit. When I hear a developer saying, no, flat file isn’t good because… really all I’m hearing is they don’t want to change the way web software works. Because what I’ve found is most anything is possible.

Here’s a couple of flat file platforms which are incredible. One is a CMS/blog, the other a forum. Yes, a flat file forum.

A somewhat-related categorical question: Does SQLite count?

Google researchers are giving DALL-E a run for its money:

Our key discovery is that generic large language models (e.g. T5), pretrained on text-only corpora, are surprisingly effective at encoding text for image synthesis: increasing the size of the language model in Imagen boosts both sample fidelity and image-text alignment much more than increasing the size of the image diffusion model.

TIL that Pong was built using hardware circuitry. Fascinating! Here’s the original schematics from Atari 👇

This package wraps the graphql-go/graphql implementation to provide a “fluent” pattern for constructing GraphQL queries in Go. This can be valuable in situations where dynamic queries are desired: when the fields of a GraphQL query (or mutation) are not known until runtime. For most other use cases, plain query strings or a helper library such as this should be sufficient.

I wonder if this would change Mislav’s unpopular GraphQL/Go opinion…

Testing microservice architecture locally is difficult. At Nylas, we’ve created a local development environment using Minikube and Tilt. In this article, I walk you through how we do it.

Ignoring progressive enhancement could be seriously hurting your conversions. This article will show you how to build resiliency into your apps.

Chris Kiehl hits his hammer right on the head of this common sentiment in software circles:

Developers from certain languages [Java] have learned to wield this design principle with more power than many others. It’s how we end up with so much stuff in code bases that’s just… there. Existing. Superficially it appears unused, but silently and stoically, we know it protects us from the turbulent future change which lurks ever ahead.

The antithesis of one of my favorite design principles: YAGNI

If you’ve ever wondered how the Linux kernel does its thing:

The goal is simple - to share my modest knowledge about the insides of the linux kernel and help people who are interested in linux kernel insides, and other low-level subject matter. Feel free to go through the book Start here

Today we are at KubeCon CloudNativeCon EU 2022, talking to Adolfo García Veytia about securing Kubernetes releases. Adolfo is a Staff Software Engineer at Chainguard, and one of the technical leads for SIG release, meaning that he helps ship Kubernetes. You most likely know him as Puerco, and have seen first-hand his passion for securing software via SBOMs, cosign and SLSA. Puerco’s love for bikes and Chainguard are a great match 🚴‍♂️

In 2020, Shawn (swyx) Wang wrote:

Every 10 years there is a changing of the guard in JavaScript. I think we have just started a period of accelerated change that could in thge future be regarded as the Third Age of JavaScript.

We’re now in year three of this third age and Swyx joins us to look back at what he missed, look around at what’s happening today, and look forward at what might be coming next.

AutoAnimate is a zero-config, drop-in animation utility that adds smooth transitions to your web app. You can use it with Vue, React, or any other JavaScript application.

How can you tell it’s Friday? I’m posting something ridiculous (but cool) to the news feed. These are some high quality cat pics! 302, 403, and 405 are all great… but 414 is the best.

Matt Holt & Mohammed S. Al Sahaf sit down with Natalie & Jon to discuss every gopher’s favorite open source web server with automatic HTTPS!

In addition to laying out what Caddy is and why it’s interesting, we dive deep into how you can (and why you might want to) extend Caddy as a result of its modular architecture.

In this article we take look at how you can use Python’s Kubernetes Client library to automate all the boring Kubernetes tasks and operations, such as creating/patching resources, watching events, accessing containers and more.

David Crawshaw gave an excellent talk (at Go Northwest in 2018) on using SQLite (so hot right now) together with Go and how enjoyable/productive the combo is. Quite worthy of its ~30 minutes runtime.

Ryan Dahl describes the JavaScript sandbox as a higher level container for server software:

This container isn’t meant to address the same breadth of problems that Linux containers target. Its emergence is a result of its simplicity. It minimizes the boilerplate for web service business logic. It shares concepts with the browser and reduces the concepts that the programmer needs to know.

People like Ryan and his colleagues at Deno are exploring this future, but it’s not quite here yet.

Provides interactive git add, git log (👀 below), git diff, and a bunch more. Powered by fzf

Connor Sears, founder and CEO of Rewatch, joins Adam to share the journey of creating Rewatch. What began inside of GitHub to help them thrive and connect is now available to every product team on the planet. Rewatch lets teams save, manage, and search all their video content so they can collaborate async and with greater flexibility. We talk about where the tool’s inspiration came from (spoiler alert, inside GitHub it was called GitHub TV which you’ll hear during the show), how teams leverage video to reduce the constraints of communication, how Connor and his co-founder knew they had product-fit and how they grew the team and product, and of course the flip side of that — we talk about some of Connor’s failures along the way, and knowing when it’s the right time to take a big swing.

CloudNativePG is distributed under the Apache License 2.0, and is now owned and governed by a newly formed community of contributors to the project, built on solid principles and values inspired by the Cloud Native Computing Foundation (CNCF).

Among these are openness, fairness, inclusivity, technical excellence, “community over product/company,” built-in quality and built-in security. I’m part of the initial group of maintainers of the project, currently made up by the top six committers of the project within EDB.

If you’ve been following Ship It’s Kaizen episodes, you know we had troubles running Postgres in K8s and recently moved to a managed (sorta) database. I wonder if Gerhard will be tempted to try this operator out anyhow…

Curl creator/maintainer Daniel Stenberg is writing a book. It’s (aptly) named: Uncurled

Because of my background and life with Open Source and probably a lot because of the relative success some of my projects have had, I frequently get questions about subjects related to maintaining Open Source. How to run a project and what makes them succeed? For a long time I have been collecting lessons from my life with Open Source into a list of advice for fellow Open Source library hackers. This document is my attempt to convert those thoughts and experiences into words.

I don’t believe it’s finished, but there’s a lot here already! Excited for this and while it’s a free to read GitBook right now, I hope it ends with some kind of physical manifestation.