The Changelog: Software Development, Open Source - Practices of reliable software design (News)
Episode Date: August 19, 2024Chris Stjernlöf got nerd-sniped and ended up writing down his practices of reliable software design, Ben Visness has had enough with the npm community's propensity to pull in micro-libraries to suit ...every need, "Stay SaaSy" makes three metaphors for problem solving categories, Troy Hunt takes us inside the "3 billion people" National Public Data breach & Dasel is one data tool to rule them all.
Transcript
Discussion (0)
What up, nerds?
I'm Jared, and this is Changelog News for the week of Monday, August 19th, 2024.
If our Winamp and Napster talk with Jordan Eldridge pushed your nostalgia buttons at all,
then Ryan Finney's recreation of Blockbuster Video's VHS insert,
which is editable via SVG, should hit hard too.
I will link up the image and the repo in your chapter data and the newsletter.
And remember, be kind.
Rewind.
Okay, let's get into this week's news.
Practices of Reliable Software Design.
Chris Stiernoff got nerd sniped.
Out of the blue, a friend asked him how he would build an in-memory cache
laying out a few design constraints,
and he couldn't not take the bait.
Quote, in the process of answering the question
and writing the code,
I discovered a lot of things happened
in my thought processes that have come with experience.
These are things that make software engineering easier, but that I know I wouldn't have considered when I was less experienced.
End quote. Chris jotted down eight practices that he's adopted with experience and used while
writing this fast, small in-memory cache. They are one, use off the shelf. Two, cost and reliability over features. Three, idea to production quickly. Four,
simple data structures. Five, reserve resources early. Six, set maximums. Seven, make testing easy.
And eight, embed performance counters. A few of these I live by, a few of these I hadn't even
really considered. I imagine every experienced dev has of these I hadn't even really considered.
I imagine every experienced dev has a similar list floating around in their head.
Now that would be an aggregation project worthy of some effort.
Micro libraries need to die already.
Ben Visnes has had enough with the NPM community's propensity to pull in micro libraries to suit every need.
Quote, here is my thesis. Micro libraries should never be used. They should either be copy pasted into your code base or not used at all. However, my actual goal with this article is to break down
the way I think about the costs and benefits of dependencies. I won't be quantifying these costs
and benefits, but I hope that by explaining the way I think about dependencies, it will be clear End quote.
Micro is a subjective measure, but Ben is talking about single function kind of libraries.
The case study he uses is ISNUMBER, which certainly qualifies as micro by any measure. I wholeheartedly
agree with him. A saying I learned from years of producing GoTime, I believe it was Rob Pike who
said a little copying is better than a little dependency. Harvesting, fishing, panning for gold.
I like this set of metaphors for how to think about bucketing challenges into different categories.
Some problems are like harvesting.
Quote, harvesting problems have straightforward solutions and no shortcuts.
You just get a big basket and pick every strawberry in the field.
You solve these problems with pure perseverance, slogging away for weeks, months, or years until they are done.
Some problems are like fishing.
You know that there are fish out there in the ocean, but you don't know exactly where.
If a great fisherman knows where the hungriest fish are and how to set their lines just right,
they might catch everything that they need in a few hours.
Fishing problems can sometimes be solved shockingly fast by motivated teams with a bit of luck.
Some problems are like panning for gold, going out to a river or stream where there might be gold, getting your pan out, and seeing
if you can find traces of the shiny stuff in the sediment. If you find gold, you can become
generationally successful. Think of the massive moats created by Google search or the Airbnb
network. End quote. If you can categorize the problem you're trying to solve into one of these buckets,
applicable strategies become much more clear.
It's now time for Sponsored News.
Supabase Launch Week 12 Recap
Last week was Launch Week 12 for Supabase.
Here's a recap of what they shipped.
Monday, they launched Postgres.new,
an in-browser Postgres with an AI interface.
Tuesday, authorization for real-time broadcast and presence went to public beta.
You can now convert a real-time channel into an authorized channel
using RLS policies in two steps.
Wednesday, they shared three new announcements for Supabase Auth.
Support for third-party auth providers, phone-based multi-factor authentication, and new auth hooks for SMS and email.
Thursday, they released log drains,
so you can export logs generated by Supabase to external destinations like Datadog or custom HTTP endpoints.
And Friday, they released support for WebAssembly Foreign Data Wrapper.
Now anyone can create a foreign data wrapper to allow Postgres to interact with externally hosted data
and share it with the Supabase community.
That is a lot.
Learn more all about Supabase's launch week announcements by following
the link in the chapter data and the newsletter. And thank you to Supabase for launching with
ChangeLog News. Inside the 3 billion people national public data breach. Here's Troy Hunt
from Have I Been Pwned? Quote, usually, it's easy to articulate a data breach, a service people provide their information to,
had someone snag it through an act of unauthorized access
and publish a discrete corpus of information
that can be attributed back to that source.
But in the case of national public data,
we're talking about a data aggregator
most people have never heard of,
where a threat actor has published
various partial sets
of data with no clear way to attribute it back to the source. I've been collating information
related to this incident over the last couple of months, so let me talk about what's known about
the incident, what data is circulating, and what remains a bit of a mystery. End quote.
When Troy says he's been collecting info for a couple of months,
he's not kidding. This one goes deep and it's a very long post. My summary of his summary,
it's a giant mess. But here's one important takeaway. Quote, there were no email addresses
in the social security number files. If you find yourself in this data breach via have I been
pwned, there is no evidence your social security number was leaked. And if you're
in the same boat as me, me being Troy, the data next to your record may not even be correct. So
treat this as informational only, an intriguing story that doesn't require any further action.
Daycell, one data tool to rule them all. I like this pitch. Here it is. Say goodbye to learning new tools just to work
with a different data format. Dasol uses a standard selector syntax no matter the data format. This
means that once you learn how to use Dasol, you immediately have the ability to query and modify
any of the supported data types without any additional tools or effort. End quote. This is a lot like JQ,
but it supports JSON, YAML, TOML, XML, and CSV with zero runtime dependencies.
The only thing I can imagine that would be better would be to use SQL instead,
because that'd be even one less syntax for most of us to learn. But still, very cool. Check it out.
That is the news for now.
But also scan the Changelog newsletter for more goodies,
including visual data structures cheat sheets,
Go Is My Hammer and Everything Is A Nail,
Steve Kalabnik taking a stand against names,
and data is just an added sense.
Oh, and did you know that Changelog++ members can now build their own custom feeds?
What, what, what?
Feedback for this brand new feature
has been overwhelmingly positive
and people have created 124 feeds already.
So that's pretty cool.
Try it for yourself at changelog.com slash plus plus.
Have a great week.
Leave us a five-star review if you dig our work.
And I'll talk to you dig our work.
And I'll talk to you again real soon.