The Changelog The Changelog #326  – Pinned

The insider perspective on the event-stream compromise

Adam and Jerod talk with Dominic Tarr, creator of event-stream, the IO library that made recent news as the latest malicious package in the npm registry. event-stream was turned malware, designed to target a very specific development environment and harvest account details and private keys from Bitcoin accounts. They talk through Dominic’s backstory as a prolific contributor to open source, his stance on this package, his work in open source, the sequence of events around the hack, how we can and should handle maintainer-ship of open source infrastructure over the full life-cycle of the code’s usefulness, and what some best practices are for moving forward from this kind of attack.

read more...

Dave Rupert daverupert.com

A strong (and sometimes conflicting) opinion on Edge switching to Chromium

Dave Rupert feels that Microsoft Edge switching to Chromium makes other browser rendering engines “edge cases”: If there’s one thing I know about developers, it’s that we love to ignore edge cases because edge cases make our jobs more difficult. Google itself regularly ships Chrome-only products and I’ve been told by Googlers that they’re directed to only care about Chrome. Like Dave, I feel torn between different arguments. But just as Blink is a fork of WebKit, who knows if we’ll also see a fork of Chromium led by Microsoft in the future.

read more...

Jeremy Keith 24 Ways

Mistletoe offline

Jeremy Keith starts off his 24 Ways article by reminding us of Murphy’s Law. What does this have to do with the web you may ask? A service worker is a Murphy-battling technology that you can inject into a visitor’s device from your website. Once it’s installed, it can intercept any requests made to your domain. If anything goes wrong with a request—as is inevitable—you can provide instructions for the browser. That’s your opportunity to turn those server outage frowns upside down. Take those network connection lemons and make network connection lemonade. Just as we design 404 pages, designing a pleasant offline experience is important.

read more...

Rollbar Icon Rollbar – Sponsored

Errors from the world's top 100 websites (and how to avoid them)

Jennifer Marsh writes on the Rollbar blog: When you think of the top 100 sites in the world, you think of high-traffic domains and pages coded to perfection. In fact, even the most popular sites in the world have errors hidden behind the scenes that are still visible in your browser’s developer tools … We found that most of the top 100 sites had several errors which could be easily monitored and prevented. In this post Jennifer shows you the most common errors faced by the top websites in the world and how you can avoid them.

read more...
logged by @logbot permalink

Cloud crossplane.io

Crossplane – the open source multicloud control plane

Crossplane provides a universal cloud computing API. Control your workloads across clouds and on-prem environments from one unified place. Nobody wants to be locked in to their current cloud provider. With Crossplane (and a new breed of ‘multi-cloud’ tools like it), you can spread your application across multiple cloud providers at a single time, migrate managed services across multiple clouds, and more. We might be looking at the future of cloud computing, right here. I’m sure this will be a hot subject at this week’s KubeCon in Seattle. (Adam is onsite covering the event. Find him and say hi if you’re attending.)

read more...

Typicode jsonplaceholder.typicode.com

A fake online REST API for testing and prototyping

JSONPlaceholder is a free online REST API that you can use whenever you need some fake data. It’s great for tutorials, testing new libraries, sharing code examples, … It comes with a set of 6 common resources. You know, the usual suspects like /posts and /comments. Prefer to use your own data? The whole thing is powered by json-server, which will get you up and running in 30 seconds-ish.

read more...

Eran Hammer Medium

Why you should consider hapi

Eran Hammer makes the case for hapi as your Node web framework of choice. We’ve been talking about dependencies a lot lately due to recent events. In light of that, think about this: hapi was the first (and still the only) framework without any external code dependencies… I personally (and manually) review every single line of code that goes into hapi (excluding node itself). I review every pull request on every dependency regardless if I am the lead maintainer. That’s quite the selling point! He has a lot of great reasons why hapi is worthy of your consideration. Click through for the hard pitch.

read more...

.NET github.com

It is expected that all developers become a Patron to use Fody

Here’s an interesting twist on open source funding: require all users to back the project on Open Collective, but only enforce that rule via social pressure. In other words, use an honesty policy: It is an honesty system with no code or legal enforcement. When raising an issue or a pull request, the user may be checked to ensure they are a patron, and that issue/PR may be closed without further examination. If a individual or organization has no interest in the long term sustainability of Fody, then they are legally free to ignore the honesty system. The software is MIT-licensed, so all of those liberal rules apply, but don’t expect to get your PR merged or your issue taken seriously unless you’re a patron. You must be a Patron to be a user of Fody. Contributing Pull Requests does not cancel this out. It may seem unfair to expect people both contribute PRs and also financially back this project. However it is important to remember the effort in reviewing and merging a PR is often similar to that of creating the PR. Also the project maintainers are committing to support that added code (feature or bug fix) for the life of the project. The project currently has 4 organizations and 10 individuals supporting it. What do you think those numbers will look like in 6 months or a year?

read more...

Terminal eugeny.github.io

"A terminal for a more modern age"

I put Terminus’ tagline in scare quotes because while it’s intriguing, I do not know for sure whether it delivers on that promise. In more of its own words, Terminus is: …heavily inspired by Hyper. It is, however, designed for people who need to get things done. Them sound like fighting words. But what does “designed for people who need to get things done” mean, exactly? From the feature list in the README, I think maybe it means that it takes Windows more seriously than Hyper and handles printing output more quickly. But that’s just a guess… I’d love to see a roundup and comparison of this new breed of Electron-based terminals. Anybody game?

read more...

Hired Icon Hired – Sponsored

Let top tech companies apply to you? Yes please!

Hired works with over 10,000 companies — from high growth startups to multi-national enterprise corporations to place top technical talent. They have 25,000+ job openings across disciplines in Software Engineering, DevOps, Machine Learning, Data Science and Engineering Management. How does it work? It’s easy, just create a free profile at hired.com/changelognews and sit back and relax. You control the interview process. You choose what interviews to accept. You select the job that’s right for you.

read more...
logged by @logbot permalink

The New Stack Icon The New Stack

How Firecracker is going to set modern infrastructure on fire

One of the most exciting announcements from last week’s AWS re:Invent was Firecracker — an open source project that delivers the speed of containers with the security of VMs. Firecracker’s focus is transient and short-lived processes, so it differs from containers in that it’s optimized for startup speed. Why can’t we use containers? The answer is simple — slower cold start. While LXC and Docker are certainly faster and lighter than full-blown virtual machines, they still don’t match the speed expected by functions. There are also some security wins with how Firecracker is architected: Firecracker takes a radically different approach to isolation. It takes advantage of the acceleration from KVM, which is built into every Linux Kernel with version 4.14 or above. KVM, the Kernel Virtual Machine, is a type-1 hypervisor that works in tandem with the hardware virtualization capabilities exposed by Intel and AMD. There’s a lot to be intrigued by here. We should probably line up an episode on Firecracker. In the meantime, click through to go deeper on the topic.

read more...

JavaScript github.com

A lightweight, auto-curried functional programming library

arare enables you to write tacit, point-free, declarative & clean code while avoiding side-effects and mutations. Internally the library itself, comprised of over 200 functions, follows the functional programming paradigm and is materialized using fundamental functional qualities such as currying, recursion, tail calls, high-order functions, referential transparency, side-effects elimination and function composition. Ships with a built-in REPL. 💪

read more...

Practical AI Practical AI #24

So you have an AI model, now what?

Fully Connected – a series where Chris and Daniel keep you up to date with everything that’s happening in the AI community. This week we discuss all things inference, which involves utilizing an already trained AI model and integrating it into the software stack. First, we focus on some new hardware from Amazon for inference and NVIDIA’s open sourcing of TensorRT for GPU-optimized inference. Then we talk about performing inference at the edge and in the browser with things like the recently announced ONNX JS.

read more...

Ferdy Christant ferdychristant.com

The state of web browsers

Should I read this 22 minute read on the state of web browsers? Sure. Count me in! Microsoft has confirmed the rumor to be true. We now have one less browser engine, and a last man standing (Firefox) in deep trouble (reasons below). … The web now runs on a single engine. There is not a single browser with a non-Chromium engine on mobile of any significance other than Safari. Which runs webkit, kind of the same engine as Chromium, which is based on webkit.

read more...

John Gruber daringfireball.net

Electron and the decline of native apps

Mac users don’t care about mac apps like they used to. Today and the future is a web platform world with JavaScript at the center morphing into this gigantic blackhole (mainly a gravity metaphor) with everything else being pulled into its orbit. The more Mac users there are, the more Mac apps we should see. The problem is, the users who really care about good native apps — users who know HIG violations when they see them, who care about performance, who care about Mac apps being right — were mostly already on the Mac. A lot of newer Mac users either don’t know or don’t care about what makes for a good Mac app. John Gruber also quoted SwiftOnSecurity regarding Microsoft’s switch to Chromium as Windows’s built-in rendering engine, saying: This is the end of desktop applications. There’s nowhere but JavaScript.

read more...

Medium Icon Medium

Crowdsourcing the evolution of text parsing with unified

unified –for the uninitiated– is an interface for processing text with syntax trees and transforming between them. Maybe you’ve never heard of it, but you’ve probably relied on it as part of your software infrastructure: [unified] has been OSS for years, but has recently gotten more traction. It’s used in fancy technology such as MDX, Gatsby, and Prettier, and used to build things like Node’s docs, freeCodeCamp, and GitHub’s open source guide. Project’s like unified are crucial to the JavaScript ecosystem, but they’re difficult to fund and support toward sustainability. Hence, the unified collective. Today, we are pleased to announce the creation of the unified collective. It’s an effort to bring together like-minded organisations to collaboratively work on the innovation of content through seamless, interchangeable, and extendible tooling. We build parsers, transformers, and utilities so that others don’t have to worry about syntax. We make it easier for developers to develop. Let’s show these maintainers some 💚 and share this around to those who should be supporting it.

read more...

Away from Keyboard Away from Keyboard #9

Jeremy Fuksa is a unicorn

Jeremy Fuksa has had a rough few years. After deciding to go out on his own, his third year in business was filled with anxiety. Going back to working a full-time job may sound like a failure to some, but Jeremy doesn’t look at it that way. He talks to me about his unique skill set, dealing with anxiety and depression, and how his recent experience has taught him some great lessons.

read more...

Adam Stacoviak changelog.com

The Cryptography Research Group at Microsoft released Microsoft SEAL to encrypt and secure sensitive data in the cloud

If you’ve been watching the news, you know that the latest data breach involved Marriott exposing 500 million guest reservations from its Starwood database. The kicker is that the unauthorized access to the Starwood guest database stretches back to 2014. That’s FOUR YEARS of unfettered access to this database! It’s breaches like these that helped motivate the team at the Cryptography Research Group at Microsoft to be “extremely excited” to announce the release of Microsoft SEAL (Simple Encrypted Arithmetic Library) as open source under the MIT License.

read more...

Our podcasts

No matter who you are or where you are on your path of being a developer, we have a podcast for you. This community cares about the past, present, and future generation of developers. We're about lifting people up, not putting people down.

0:00 / 0:00