The Changelog The Changelog #360  – Pinned

Modern software is built on APIs

Abhinav Asthana (founder of Postman) joined the show to talk about Postman, an ADE — API Development Environment — that began as open source and is now a full-fledged company that just announced a $50 million dollar Series B. We talk about why Postman has grown so successfully, APIs and their impact to core business factors, what it means to be an API Development Environment (ADE), and how they created one of the most popular API platforms and community.

read more

Liran Tal Snyk

Sequelize ORM found vulnerable to SQL injection

SQL injection is a serious vulnerability, effectively allowing an attacker to run roughshod over your entire database. If you’re using Sequelize, drop everything (pun unintended) and get patched up. As a testament for Sequelize’s commitment to security and protecting their users as fast as possible, they promptly responded and released fixes in the 3.x and 5.x branches of the library, remediating the vulnerability and providing users with an upgrade path for SQL injection prevention.

read more

KubeCon + CloudNativeCon Icon KubeCon + CloudNativeCon – Sponsored

10% off KubeCon registration using `KCNACHANGELOG19`

Share this discount code with your friends and tell them to thank us on Twitter (not required, but appreciated)! We’re excited to be partnered with the Cloud Native Computing Foundation’s flagship conference, which gathers adopters and technologists from leading open source and cloud native communities. This year the conference takes place in San Diego, California from November 18-21, 2019. Join Kubernetes, Prometheus, Envoy, CoreDNS, containerd, Fluentd, OpenTracing, gRPC, rkt, CNI, Jaeger, Notary, TUF, Vitess, NATS, Linkerd, Helm, Rook, Harbor, etcd, Open Policy Agent, CRI-O, and TiKV as the community gathers for four days to further the education and advancement of cloud native computing. Learn more and register — get 10% off with the code KCNACHANGELOG19.

read more

logged by @logbot permalink

Windows github.com

Fancy Zones is an envious tiling window manager for Windows

Fancy Zones is a window manager that is designed to make it easy to arrange and snap windows into efficient layouts for your workflow and also to restore these layouts quickly. Fancy Zones allows the user to define a set of window locations for a desktop that are drag targets for windows. When the user drags a window into a zone, the windows is resized and repositioned to fill that zone. I want this in my life. Anybody know of a similar tool for macOS?

read more

Databases abe-winter.github.io

ORMs are backwards

I think all ORM users have a journey from ‘there should be a way to’ to ‘this is saving me so much work’ to ‘I have to reach into the vending machine to get my change out’. I see the value in ORMs, but I also see where Abe is coming from in this article. I think the sweet spot for an ORM is when you’re just getting started making apps and you want to minimize how many technologies you need to learn to get there. I certainly learned SQL over a slow, productive period while utilizing its features from the warm embrace of Active Record. Stick around to the end of the article where he reveals the anti-ORM he’s working on to solve some of these problems.

read more

Stanisław Pitucha github.com

Questions to ask a company during your interview

This repo gained 3,100+ stars in the first day and topped the charts of Changelog Nightly! This is a list of questions which may be interesting to a tech job applicant. The points are not ordered and many may not apply to a given position, or work type. It was started as my personal list of questions, which grew over time to include both things I’d like to see more of and red flags which I’d like to avoid. I’ve also noticed how few questions were asked by people I interviewed and I think those were missed opportunities. PRs are welcome!

read more

Eileen Uchitelle github.blog

Running GitHub on Rails 6.0

Eileen Uchitelle shared the backstory of how they have GitHub running on Rails 6.0 just 1.5 weeks after its final release. 👏 As soon as we finished the Rails 5.2 upgrade last year, we started upgrading our application to Rails 6.0. Instead of waiting for the final release, we’d upgrade every week by pulling in the latest changes from Rails master and run all of our tests against that new version. This allowed us to find regressions quickly and early—often finding regressions in Rails master just hours after they were introduced. Upgrading weekly made it easy to find where these regressions were introduced since we were bisecting Rails with only a week’s worth of commits instead of more than a year of commits.

read more

Marty Cagan svpg.com

Product teams vs feature teams

Marty Cagan is certain to upset many people product-people with this article. Read at your own risk. This article is certain to upset many people. I’m sorry for that, but the degree of ongoing noise and confusion surrounding the role of product at tech companies is only getting worse. Moreover, I see the issues and problematic behaviors getting institutionalized in conference talks, training programs and so-called certification programs for product people. So while this article might be painful to read, if you’ve been frustrated with the contradictory and confusing messaging from people in the product world, if you bear with me here, I am hopeful that this will provide some much needed clarity. BTW, Marty and his book INSPIRED was talked about in this recent episode of The Changelog featuring Ryan Singer talking about Basecamp’s new book Shape Up.

read more

Podcasts from Changelog

Weekly shows about developer culture, software development, open source, building startups, artificial intelligence, and the people involved.

0:00 / 0:00