Is Bitwarden no longer free software? Forking best practices, Press Onward, you should go to conferences & more

Changelog News

Developer news worth your attention

Jerod here! 👋

Forever ago, Devon Zuegel came on the show and told us about the making of GitHub Sponsors. In that conversation, we learned of her fascination with city planning & even encouraged her to start a podcast about it (she did btw)

Turns out, Devon’s been doing far more than just studying & talking about city building. She announced late last week that her and some friends are creating a new town in California wine county, called Esmeralda! How cool is that?!

A painting of what Esmeralda might look like. An adult and a child holding hands approach a valley with the city off in the distance. Behind it a lake. Surrounding it a forrest. Cottages abound. It’s beautiful and quaint.

Kinda makes you want to throw that CRUD app out the window and think bigger, huh… Ok, let’s get into this week’s news.

🎧 Simply the best pods for devs

💚 You’ll rent chips and be happy (Zac Smith)
🚀 Kubernetes is an anti-platform (Adam Jacob)
🤖 Practical workflow orchestration (Adam Azzam)
🪩 Digging through Jerod Santo’s tool box (KBall & yours truly)
🎙️ Lessons from 10k hours of programming (Matt Rickard)

🧟 Naming conventions that need to die

Will Crichton, in November of 2018:

Names are an important tool of thought. They provide a loose, lightweight way to manage and structure knowledge. However, bad names inhibit learning and impede progress. We should root out and destroy the processes that lead to bad names.

Will takes umbrage with names pointing back to their inventor/discoverer (Planck constant, Bernoulli distribution, etc.), using numbers as names (Type 1 error, Type 2 error, etc.), lazily choosing a random word (Pig, Flink, Spark, Hive, Arrow, Kafka, etc.) & historical accidents (master/slave, car vs cdr, etc.)

I’ll add another: stop using names that are already overloaded! For instance, if a name you want to use has a lengthy disambiguation page on Wikipedia, maybe pick something fresh? Or I guess you could just throw “lang” in there at the end…

🔐 Bitwarden: no longer free software?

GitHub user brjsp noticed that the Bitwarden team recently introduced a dependency in their clients that contains a proprietary statement in its license:

You may not use this SDK to develop applications for use with software other than Bitwarden (including non-compatible implementations of Bitwarden) or to develop another SDK.

Since it is not possible to build Bitwarden clients without this dependency, it appears that this has leavened the whole lump of software. GitHub user xndc followed up with:

Also see bitwarden/sdk#898. It looks like this is part of a deliberate campaign by Bitwarden, Inc. to fully transition Bitwarden to proprietary software, despite consistently advertising it as open source, without informing customers about this change.

For whatever the opinion of one user is worth, I’ve switched away from Bitwarden due to this.

Later on in the thread, Bitwarden founder/CTO (Kyle Spearrin) posted this reply:

Thanks for sharing your concerns here. We have been progressing use of our SDK in more use cases for our clients. However, our goal is to make sure that the SDK is used in a way that maintains GPL compatibility.

  1. the SDK and the client are two separate programs
  2. code for each program is in separate repositories
  3. the fact that the two programs communicate using standard protocols does not mean they are one program for purposes of GPLv3

Being able to build the app as you are trying to do here is an issue we plan to resolve and is merely a bug.

Kyle’s statement was analyzed & addressed by gasche on Lobsters. How far down the rabbit hole will this go?

🍴 Forking best practices

Joaquim Rocha:

Fork maintenance — keeping your changes in sync with the latest updates from the original project — can quickly become a mess. Trust me. Over the years, my work did sometimes involve maintaining forks of various open-source projects. That’s not the case with my job now, but when a colleague reached out for help with a fork that hadn’t been rebased in ages, it got me thinking that the steps I follow might be useful for other developers too. Hence this article.

This is an excellent guide for what can be a tricky (a.k.a. frustrating) task. Before Joaquim gets into the rebasing/merging section, he kicks off with some great day-to-day development tips, such as:

  1. Use atomic commits
  2. Identify your fixes and non-fixes
  3. No evil merges
  4. Rebase early, rebase often
  5. Contribute changes back
  6. Keep a good relationship with upstream

Side note: we shouldn’t need all these guides! There’s a lot of value (a.k.a. money) to be made by anyone who makes the entire code collaboration process an order of magnitude easier…

💰 New in Socket: Java, Ruby & Socket Optimize

Thanks to Feross & Socket for sponsoring Changelog News

You know we’re fans of Socket and we’re even bigger fans of secure open source dependencies. Socket recently announced three major wins taking us another huge step in this direction.

  1. Java Support. With this release, Java teams can now leverage Socket’s comprehensive security tools to protect their software supply chain from the rising threat of attacks. Whether you’re building large-scale Java enterprise applications, maintaining a legacy Java monolith, or shipping an Android app, Socket has your back.
  2. Ruby support (now in Beta) is ready to try for all users enabling security scanning and zero-day supply chain attack prevention to your Rails projects in just two clicks via the free Socket for GitHub app.
  3. Socket Optimize is a new powerful CLI command you can use for proactive dependency hygiene. It’s designed to make it easy for developers to reduce dependencies, leverage new platform features, improve performance, and address security issues - all with one simple CLI command.

Learn more about these on Socket’s awesome blog: socket.dev/blog

🚌 You should go to conferences

Sophie Koonin (whose website is too cool, btw) makes her case for you spending time/money on attending conferences. I agree with all of her major points, but especially:

The talks are obviously very important, but one of the best things about conferences is the “hallway track” – that is, meeting and chatting to like-minded folks. Organisers will often encourage the “Pac-Man rule” - standing in a circle with a gap to always allow new people to join in.

We love the hallway track so much (coming soon to Raleigh, fyi) that we created an entire flavor of The Changelog in its image! Sophie also gives some conference-attending advice & shares some of her favorite smaller web conferences in the UK, Europe & the rest of the world.

Press Onward (putting WP on SQLite)

mhoye:

Mullenweg’s been melting down for most of a year at this point, and there’s no end in sight. My heart goes out to the people who work there – kids, when somebody offers you money to quit you take that money and run, every time – but ultimately his tantrum doesn’t matter. It’s all free software; people might depend on the code, but nobody depends on the companies. That’s sort of the point.

To make life easier on those of us caught up in the crossfire, he created a repo that takes the WordPress tarball and modifies it to run on SQLite.

But it’s nice; you can have WordPress without needing babysit MySQL, run a big machine or really much of anything. Installation is a breeze, and if you turn off comments and put WP-Supercache in front of it, it’ll be perfectly happy humming along day to day on the tiniest VM you can find.

🎞️ The cloud made us reckless

Tim Banks on Ship It! Great episode, all around…

A picture of Tim Banks on the right. On the left, text that says “The cloud made us reckless.”

🤩 It turns out I’m still excited about the web

Ben Werdmuller is worried he’s become cynical about technology as he’s aged, but he’s still excited about the web just like he was back in 1994:

“The internet is people,” I used to say; more than protocols and pipes, the web was a fabric of interconnectedness that we were all building together. Even in the beginning, some people saw the web and thought, “this is a way I can make a lot of money.” For me, it was always a way to build community at scale.

The web has changed a lot since then, but Ben has tempered his cynicism:

My cynicism has been tempered by the discovery that there are still movements out there that remind me of the web’s original promise — efforts that focus on reclaiming independence and fostering real community. Despite the commercialization of the web, these are still places where that original spirit of openness and community-building thrives.

💰 Enterprise Ready Conf (by WorkOS)

Thanks to WorkOS for sponsoring Changelog News

Our friends at WorkOS are bringing together product and engineering leaders who are shaping the future of enterprise SaaS.

  • When? Oct 30, 2024
  • Where? Mission District, SF

Gain actionable insights from industry leaders who have successfully crossed the enterprise chasm.
Network with a community of builders and share insights from your own journey to becoming Enterprise Ready.
Boost your move upmarket with insights on improving your product’s security, control, and compliance.

Learn more and register at enterprise-ready.com

🏭 A Node.js MVC web app framework

designed for people interested in quickly building fast, scalable web sites instead of digging around Node’s guts or cobbling together a wobbly Jenga tower made out of 50 different packages. Use citizen as the foundation for a traditional server-side web application, a modular single-page application (SPA), or a RESTful API.

📐 Everyone’s favorite pyramid scheme

That’s the news for now, but we have some great episodes coming up this week:

  • On Wednesday: Elastic CTO Shay Banon
  • On Friday: freeCodeCamp founder Quincy Larson

Have a great week, forward this to a friend who might dig it & I’ll talk to you again real soon. 💚

–Jerod