Changelog News

Developer news worth waking up for

Jerod here! 👋

Have you heard of the Dead Internet theory? It posits that most social Internet activity today is artificial & designed to manipulate humans for engagement.

Let’s set aside how hard it is to define “most”, for now. If this theory is even approximately true, what does it mean for those of us who work, play & often live our lives on the Internet? Might AI slop be the first salvo in the rise of The Machines?! Maybe ignorance is bliss.

Or maybe, just maybe, the time is coming (and now is) to take the red pill…

(Sorry, I’ve been watching too many Matrix clips lately. Best shootout scene evar!)

Ok, let’s get into the news.

🎧 Simply the best pods for devs

🚀 Linux distros (Jorge Castro)
💚 Kaizen! Just do it (Gerhard Lazu)
🎙️ The best, worst codebase (Jimmy Miller)
🪩 It’s all about the squiggles (Squiggle Conf crew)
⏰ How I lost my (old) job to AI (Johnny & friends)
🤖 Pausing to think about scikit-learn & OpenAI o1 (Daniel & Chris)

💭 Imagine Fly.io on your own VPS

Sidekick creator, Mahmoud Mousa:

I’m tired of the complexity involved in hosting my side projects. While some platforms, like Fly.io, stand out in the crowded field of Heroku replacements, I believe a simple VPS can be just as effective. That’s why I created Sidekick: to make hosting side projects as straightforward, affordable, and production-ready as possible. You’ll be surprised how much traffic a $8/month instance on DigitalOcean can handle.

Grab a VPS (or your own hardware if you prefer, just need a public IP) with Ubuntu on it, set up SSH access for yourself, and let sidekick init take you from there to a deployed production application “in minutes.”

📬 “Oracle, it’s time to free JavaScript.”

Node & Deno creator, Ryan Dahl, has had enough of Oracle bogarting “JavaScript” but not even using it:

Dear Oracle,
You have long ago abandoned the JavaScript trademark, and it is causing widespread, unwarranted confusion and disruption.
JavaScript is the world’s most popular programming language, powering websites everywhere. Yet, few of the millions who program in it realize that JavaScript is a trademark you, Oracle, control. The disconnect is glaring: JavaScript has become a general-purpose term used by countless individuals and companies, independent of any Oracle product.

He goes on to detail exactly why Oracle’s hold on the JavaScript trademark “clearly fits the legal definition of trademark abandonment.” At the end of the letter, a place to sign your name in agreement alongside 11,495 others (including yours truly).

😽 kty is a terminal for Kubernetes

kty is the easiest way to access resources such as pods on your cluster - all without kubectl. Once kty is installed on your cluster, ssh gives you a dashboard to interact with the cluster.

With kty, you can:

Use your Github or Google account to log into the cluster. No more annoying kubectl auth plugins
Get a shell running in pods - just like you would when SSH’n into a host normally
Access the logs for running and exited containers in a pod
Forward traffic from your local machine into the cluster or from the cluster to your local machine
scp or sftp files from pods
Access the cluster from any device that has an SSH client, from phones to embedded devices

💰 Secure every PR from vulnerable & malicious dependencies

Thanks to Feross & the Socket team for sponsoring Changelog News

Who has time to run a security audit on all of their dependencies?! Socket does.

Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.

The easiest way to get started with Socket is the 2-click GitHub app install. From there, whenever a new dependency is added in a pull request, Socket analyzes the package’s behavior and security risk and tells you at that moment, before the code is merged, whether or not you’re introducing a vulnerable or malicious dependency.

You can run Socket in your CI/CD pipeline, as a CLI tool or even as a web extension so you can spot malicious packages on the web.

Socket helps developers and security teams to work more efficiently and cut through the noise to focus on real threats. Get actionable alerts for the supply chain risks that matter.

Learn more and get started at socket.dev!

👋 ~70% of Redis users considering alternatives

According to a survey by open source database support biz Percona, the move to the Redis Source Available License (RSALv2) and Server Side Public License (SSPLv1) has motivated almost three quarters of the 151 developers and database managers questioned to look for alternatives.

The biggest question when Redis relicensed was which fork would make the most sense for the most people. It appears the Linux Foundation’s Valkey effort is leading that pack, with 60% of respondents considering or actively testing it out. I love how much this topic effectively snipes the nerds (myself included). The Register’s comment thread on this story is, unsurprisingly, almost entirely filled with arguments for/against the GPL. 😆

🏛️ Nine Node.js pillars

A bunch of smart JS folk (James Snell, Natalia Venditto, Michael Dawson, Matteo Collina) got together to write up “nine guiding principles for creating robust, scalable, and maintainable Node applications in enterprise environments.” Briefly:

Do not block the event loop
Monitor Node specific metrics and  act on them
Use Node LTS versions in production
Automate testing, code review and conformance as much as possible
Avoid dependency creep
De-risk your dependencies
Avoid global variables, config or singletons
Handle errors and provide meaningful logs
Use API specifications and automatically generate clients

Many of these are pillars of any well-factored application…

🎞️ Adam Jacob talks open source giants

Clipped from Adam (Stacoviak)’s epic deep-dive into Adam (Jacob)’s career. Listen here.

😨 How to cope with technology FOMO

Some things Avdi Grimm would say to a younger version of himself, struggling with technology-churn angst and FOMO:

Focus on learning how to learn
‘ware the Hacker News bias
Identify keyframe technologies, and start with them
The Lindy Effect is Real
80% of real-world developer work is maintenance
You don’t need to know how to do things, you do need to know what’s possible

There’s more than six, but I’ll stop there because that last one is 👨‍🍳💋

🤒 All is not well in WordPress-landia

At WordCamp US 2024, Matt Mullenweg unleashed on WP Engine, calling it a “cancer to WordPress” (in writing, too). It seems his beef is that:

They don’t contribute back as much as they should
They disable content revisions, which is core to what WordPress does

I don’t yet know what to make of all of this. We’re trying to get Matt back on the pod to answer our (many) questions. We’ll see if that comes to fruition…

💰 Building auth is hard. AuthKit makes it easy.

Thanks to WorkOS for sponsoring Changelog News

AuthKit is the world’s best login box, powered by WorkOS + Radix. When talking with users over the past year, WorkOS heard a consistent theme emerge:

“Building auth is hard. But can you also help us solve user management?”

Common complaints about existing vendors include:

Limited UI customization / too front-end focused
Lack of modularity with vendor “lock-in”
Opaque pricing, forced contracts, arbitrary rate limits

AuthKit is a flexible open source toolkit for authentication UI with support for both hosted & headless builds. Oh, and WorkOS gives you AuthKit with user management including social auth, MFA, RBAC & more.

All this for FREE up to 1 million users.

🐸 A database management TUI for Postgres

TIL frogs find refuge in elephant tracks (Built with Rust & Ratatui)

📐 Everyone’s favorite ordered list

That’s the news for now, but we have some great episodes coming up this week:

On Wednesday: Ryan Dahl talking Deno 2
On Friday: Nick Nisi talking… probably Vim & TypeScript

Have a great week, forward this to a friend who might dig it & I’ll talk to you again real soon. 💚

–Jerod