The Changelog: Software Development, Open Source - Imagine Fly.io on your own VPS (News)
Episode Date: September 23, 2024Mahmoud Mousa releases Sidekick, a tool for hosting side projects on a cheap VPS, Ryan Dahl, has had enough of Oracle bogarting "JavaScript" but not even using it, Thomas Rampelberg's kty is a sweet t...erminal for Kubernetes, Redis users are considering alternatives after their relicense & a bunch of smart JS folks wrote up nine Node.js pillars.
Transcript
Discussion (0)
What up nerds, I'm Jared and this is Changelog News for the week of Monday, September 23rd,
2024.
Have you heard of the dead internet theory?
It posits that most social internet activity today is artificial and designed to manipulate humans
for engagement. Let's set aside how hard it is to define most for now, if this theory is even
approximately true. What does it mean for those of us who work, play, and often live our lives
on the internet? Might AI slop be the first salvo in the rise of the machines?
Maybe ignorance is bliss.
Or maybe, just
maybe, the time is coming
and now is to take the
red pill.
And I show you how deep the rabbit hole goes.
Sorry, I've
been watching too many clips of The Matrix lately,
but I mean, come on. Shootout in the lobby?
Best shootout scene ever guns lots of guns okay enough of that let's get into this week's news
imagine fly.io on your own vps here's sidekick creator makhmud musa mousa musa or mousa you
decide quote i'm tired of the complexity involved in hosting my side projects.
While some platforms, like Fly.io, stand out in the crowded field of Heroku replacements,
I believe a simple VPS can be just as effective.
That's why I created Sidekick, to make hosting side projects as straightforward,
affordable, and production-ready as possible.
You'll be surprised how much traffic
an $8 per month instance on DigitalOcean can handle.
End quote.
Grab a VPS or your own hardware if you prefer.
Just need a public IP?
Load it with Ubuntu, set up SSH access for yourself,
and let Sidekick init take you from there
to a deployed production application
in minutes. Oracle, it's time to free JavaScript. Node and Deno creator Ryan Dahl has had enough
of Oracle bogarting JavaScript, but not even using it. Quote, Dear Oracle, you have long ago
abandoned the JavaScript trademark and it is causing widespread unwarranted confusion and End quote. The disconnect is glaring. JavaScript has become a general purpose term used by countless individuals and companies
independent of any Oracle product, end quote.
Rye goes on to detail exactly why Oracle's hold on the JavaScript trademark
clearly fits the legal definition of trademark abandonment.
At the end of the letter, there's a place to sign your John Hancock
alongside 11,495 others, including yours truly.
John Hancock. It's Herbie Hancock.
KTY, which I'm going to assume is pronounced Kitty, is a terminal for Kubernetes.
Kitty is the easiest way to access resources such as pods on your cluster,
all without kubectl or kubectl, if you will.
Once KITI is installed on your cluster,
SSH gives you a dashboard to interact with the cluster.
With KITI, you can
use your GitHub or Google account to log into the cluster.
No more annoying kubectl auth plugins.
Get a shell running in pods,
just like you would when SSH'd into a host normally.
Access the logs for running and exited containers in a pod. Forward traffic from your local machine
into the cluster or from the cluster to your local machine. SCP or SFTP files from pods.
Access the cluster from any device that has an SSH client, from phones to embedded devices.
It's now time for sponsored news.
Secure every PR from vulnerable and malicious dependencies.
Who has time to run a security audit on all of their dependencies?
Socket does.
Socket is a developer-first security platform that protects your code from both vulnerable and malicious dependencies.
The easiest way to get started with Socket is the two-click GitHub app install.
From there, whenever a new dependency is added in a pull request,
Socket analyzes the package's behavior and security risk and tells you at that moment,
before the code is merged, whether or not you're introducing a vulnerable or malicious dependency. You can run Socket in your CICD pipeline as a CLI tool or even as a web extension
so you can spot malicious packages on the web. Socket helps developers and security teams to
work more efficiently and cut through the noise to focus on real threats. Get actionable alerts
for the supply chain risks that matter.
Learn more and get started at socket.dev
and thanks to Faras and our friends at Socket
for sponsoring ChangeLog News.
About 70% of Redis users are considering alternatives.
Quote, according to a survey
by open source database support biz Percona,
the move to the Redis source available license
and server-side public license
has motivated almost three quarters
of the 151 developers and database managers questioned
to look for alternatives, end quote.
The biggest question when Redis re-licensed
was which fork would make the most sense
for the most people.
It appears the Linux Foundation's Valkey effort is leading that pack
with 60% of respondents considering or actively testing it out.
I love how much this topic effectively snipes the nerds, myself included.
The register's comment thread on this story is, unsurprisingly,
almost entirely filled with arguments for or against the GPL.
LOL. Big LOL.
9. Node.js Pillars
A bunch of smart JavaScript folks,
James Snell, Natalia Venditto, Michael Dawson, Matteo Colina,
got together to write up nine guiding principles
for creating robust, scalable, and maintainable node applications
in enterprise environments. They are, scalable, and maintainable Node applications in enterprise environments.
They are briefly,
one, do not block the event loop.
Two, monitor Node-specific metrics and act on them.
Three, use Node LTS versions in production.
Four, automate testing, code review,
and conformance as much as possible.
Five, avoid dependency creep.
Six, de-risk your dependencies.
Seven, avoid global variables, config, or singletons.
Eight, handle errors and provide meaningful logs.
And nine, use API specifications and automatically generate clients.
Many of these are pillars of any well-factored application.
We have Matteo Collina and hopefully Natalia Venditto coming on JS Party in October to talk through all nine of them. That's the news for now, but also scan the companion changelog newsletter
for even more stories worth your attention, like Avdi Grim on how to cope with technology FOMO. All is not well in WordPress
Landia as Matt Mullenweg lashes out against WP Engine and a database management tooey for
Postgres. Oh, and I forgot to mention this here on news. During the month of September, we're
trading free Changelog sticker packs for thoughtful five-star reviews and blog posts about our pods.
Just send proof of your review to stickers at changelog.com along with your mailing address We'll see you next time.