Changelog

25 excellent pieces of advice from a mostly self-taught software engineer. Numbers 21 (Build projects you love) and 24 (Celebrate your wins) really resonate with me. Plus she finishes the post off with an awesome Sandi Metz quote.

Pia Mancini, CEO of Open Collective: BackYourStack is the first step to help companies discover the dependencies in their stack that are seeking to become sustainable and a way to start subscriptions to them. Each collective can set up different tiers for their subscriptions such us brand visibility, support or in-house training. Just input your GitHub org and BackYourStack will generate a list of supportable projects by analyzing your dependencies. This is a great idea and a good first step toward making it easier for organizations to put their money where their source is. (YMMV as the results are a bit limited (and maybe buggy?) at the moment. Our report is saying we only rely upon 1 open source project, which definitely doesn't cover it.)

While some dream of having a successful career, Jeff Robbins has already had several. Once the lead singer and guitarist for Orbit, Jeff has worked on some of the most famous Drupal websites. He talks to me about his early interest in computers, starting Lullabot, and adjusting to life after leaving the company he built and ran.

Adam and Jerod invite back Katrina Owen after years away focusing on Exercism—a 100% free platform for code practice and mentorship with over 2500 exercises and 48 different language tracks. They talk to Katrina about how the platform has changed, the direction it's taken, the backstory on the recently launched version 2, and how she plans to turn Exercism into a sustainable business. Also, what happens if that doesn't work?!

Looks cool, but mind the disclaimer: The project is still under alpha, there are lots of things already done, but there is also a lot of work to do! If you want to help, please contact me under marcelocamargo@linuxmail.org or create an issue! Working in community, we can soon have a CLI client as complete as the web one!

This post from Eric Holmes details how package managers can be used in supply chain attacks — specifically, in this case, a supply chain attack on Homebrew — which is used by hundreds of thousands of people, including "employees at some of the biggest companies in Silicon Valley." On Jun 31st, I went in with the intention of seeing if I could gain access to Homebrew’s GitHub repositories. About 30 minutes later, I made my first commit to Homebrew/homebrew-core. If I were a malicious actor, I could have made a small, likely unnoticed change to the openssl formulae, placing a backdoor on any machine that installed it. If I can gain access to commit in 30 minutes, what could a nation state with dedicated resources achieve against a team of 17 volunteers?

Tanner Villarete asked himself, "How far can JavaScript take us?" Then answered: Turns out, pretty dang far. This web app was my attempt at mimicking Apple's iOS music app, and I think I've come pretty close! I have to admit, he did a pretty good job. The frontend is built on React and Redux. The backend? A Laravel-based API running on a Raspberry Pi! Here's the live demo, but be nice because Raspberry Pi.

Floor Drees: Yesterday I attended a Craftwork Amsterdam workshop with the promise to ‘create a GitHub App’. With the help of ‘Hubbers’ Don, Bas and Anisha we built a bot that triages GitHub issues. It's always fun to read how folks pull together different tools/services to scratch an itch (or just have some fun).

tom 🐶 is a backoffice as service oriented to do things that you want to do, like: Create and update users via Stripe Associate your users with a subscription plan Send transactional notification via email, Slack, or Telegram Here's a demo of tom in action.

Chris and Daniel help us wade through the week's AI news, including open ML challenges from Intel and National Geographic, Henry Kissinger's views on AI, and a model that can detect personality based on eye movements. They also point out some useful resources to learn more about pandas, the vim editor, and AI algorithms.

Burke Holland: In my endless pursuit of the perfect VS Code setup, I reached out to my colleagues here on the Azure team and asked them to share their favorite extension in their own words. So clear your pallet and breathe in the aromatic flavors of productivity; I am your VS Code Extension Sommelier.

lazygit is a simple terminal UI for git commands, written in Go with the gocui library. They had me sold at "lazy" 😉

Jerod, Nick, and Chris talk with Jeff Lembeck about his tweets, the people behind npm, the need for empathy, and things they're excited about.

The cause is a 2FA fail with either SIM security or a mobile number port-out scam as the point of failure. Brian Krebs writes for KrebsOnSecurity: Of particular note is that although the Reddit employee accounts tied to the breach were protected by SMS-based two-factor authentication, the intruder(s) managed to intercept that second factor. In one common scenario, known as a SIM-swap, the attacker masquerading as the target tricks the target’s mobile provider into tying the customer’s service to a new SIM card that the bad guys control. Another typical scheme involves mobile number port-out scams, wherein the attacker impersonates a customer and requests that the customer’s mobile number be transferred to another mobile network provider. Were you exposed? ...between June 14 and 18 an attacker compromised several employee accounts at its cloud and source code hosting providers. Reddit said the exposed data included internal source code as well as email addresses and obfuscated passwords for all Reddit users who registered accounts on the site prior to May 2007. The incident also exposed the email addresses of some users who had signed up to receive daily email digests of specific discussion threads.

This interview with Evan You (founder of Vue.js) is all about the path that led him to being able to work full time on open source. It's a good read 👍 (Want to dive deeper? We've interviewed Evan on The Changelog #184 as well as Request For Commits #12)

Overcast reports podcast subscriber counts in is crawler user agent. How cool is that? All podcast apps that have their own crawler should do this! 🙏

Select a device, upload your image, and get a beautiful image you can share with the world.

Thanks to its simple specifications inspired by retro gaming consoles, such as only 16 colors can be displayed and only 4 sounds can be played back at the same time, you can feel free to enjoy making pixel art style games. If I had nothing but free time, this is one of the ways I'd spend it.

Thirteen years ago, Ashley Baxter inherited the family insurance business when her Dad passed away. Even though she's a talented photographer, and built a successful photography business, the insurance industry kept calling her name. Ashley talks about what excites her about insurance, the challenges of running a business, and how burnout forced her to focus.

The important thing to remember about leading is you have to have clear lines of communication with those you lead. I love the ideas Lara shared in this guide to writing a "week in review" team update. This doc helped me set records straight, disseminate info to lots of people at once, and open up conversation internally, while reflecting on the themes that had come up in weekly one-on-ones, backchannels, team meetings, etc. What I chose to write about each time widely varied. Though the teams who reported to me were the primary audience for this doc, I kept it internally-public, meaning that anyone at the company could read and comment in it. I found that some other managers just weren’t talking about hard things that were happening...