The Changelog: Software Development, Open Source - The best, worst codebase (News)
Episode Date: August 12, 2024Jimmy Miller tells us about the best, worst codebase he's ever seen, The Phylum Research Team follows up on the great npm garbage patch, Zach Leatherman logs his findings on sneaky serverless costs, D...avid Cain wants you to go on quests instead of goals & Ashley Janssen gives us szeven rules for effective meeting culture.
Transcript
Discussion (0)
What up nerds, I'm Jared and this is Changelog News for the week of Monday, August 12th,
2024.
Has Open-ish LLM quality parody arrived?
Llama 3.1 is close enough for me.
I'm in the process of ditching ChatGPT and a tab as my daily driver.
So far, Ollama plus Enchanted for Mac are proving to be a powerful combo.
Big!
Big combo!
What else should I be using or doing to maximize my gains?
Let me know in the comments.
Okay, let's get into the news. The best, worst codebase.
Jimmy Miller writes on his blog, quote, my first job was a trial by fire. To this day,
that codebase remains the worst and the best codebase I have ever had the pleasure of working
in. While the codebase will forever remain locked by proprietary walls of that particular company,
I hope I can share with you some of its most fun and scary stories.
End quote.
This post is too glorious to summarize.
Just grab some popcorn and go read it.
Okay, fine.
Here's a few samples to whet your appetite.
Talking about the database, quote, Every morning at 7.15, the. Here's a few samples to whet your appetite. Talking about the database, quote,
Every morning at 7.15, the employees table was dropped. All the data completely gone. Then a CSV
from ADP was uploaded into the table. During this time, you couldn't log into the system.
Sometimes this process failed, but this wasn't the end of the process. The data needed to be
replicated to headquarters,
so an email was sent to a man who every day would push a button to copy the data.
End quote.
And here's one on the codebase.
Quote, but to describe this codebase as merely half Visual Basic,
half C Sharp, would be to do it a disservice.
Every JavaScript framework that existed at the time was checked into this repository, typically with some custom changes the author believed needed to be made. Most notably,
Knockout, Backbone, and Marionette. But of course, there was a smattering of jQuery and jQuery
plugins, end quote. That's just the tip. Wait till you hear the part about Guilfoyle's hard drive.
The great NPM garbage patch.
The Phylum research team writes,
quote, like the island of discarded plastic twice the size of Texas
floating in the North Pacific Ocean.
NPM has accrued an astonishing amount of spam packages over the past six months.
Our 95% confidence interval for the estimate of TEA, the protocol spam, in new packages over the past six months jumped to between 68.66% and 74.67%, or somewhere between 613,000 and 667,000 packages.
In other words, among all new packages published to NPM in the past six months,
about five out of every seven packages are T-spam.
End quote.
I first covered the unintended consequence of the T-Protocol's crypto rewards back in February.
That was episode 83.
It appears the damage is even worse than previously discovered.
What a mess.
That is one big pile of shit.
The sneaky costs of scaling serverless.
Zach Leatherman decided to migrate the 11D Screenshots API off Netlify
and learned a few things along the way.
He ended up parking it on AWS Lambda, but shares the entire journey,
plus a handy little spreadsheet that shows how different serverless providers grow
based on hours of usage at various memory configurations.
Link in the newsletter.
Zach's final word on AWS is,
it's a huge pain to set up, but it's nice to have a
fallback plan that isn't going to cost an arm and a leg. It's now time for sponsored news.
Dangers of compromised Git dependencies. Sarah Gooding on the risks associated with using
Git dependencies in open source projects. Quote, while there are some legitimate use cases for referencing Git dependencies,
and not every package that does this is malicious,
it's important to understand the security risks associated with them,
such as non-immutable dependencies,
which means code can be tampered with after it's downloaded.
Unpredictability, because Git tags can be moved around, much like a branch.
Reproducibility issues, because remote Git URLs can make it difficult to ensure a reproducible build.
And security vulnerabilities, because direct references to Git repos can bypass typical vetting processes.
Is this something you actively think about?
Thankfully, Socket has your back.
Check out the article for the full rundown
and how to navigate Socket's Git dependency alert features.
Link in your chapter data and the newsletter.
And thanks to Firas and our friends at Socket
for sponsoring this episode of Changelog News.
Do quests, not goals.
I love David Cain's reframing of short-term goals,
which are uninspiring, into quests.
Quote, whereas goal has become a tired
and bloodless descriptor for the supposed intention
to do something great,
the word quest instills the right mentality
for achieving a real-life personal victory.
A quest is an adventure, and you expect it to be one.
A quest changes you, not just your situation.
A quest has a dragon to slay, and it's inside you.
Kind of creepy.
And a quest can change the world.
End quote.
The cool thing about quests is we already have terminology that further delineates.
A side quest might take a few hours of your day, whereas a main quest may require a multi-step
plan executed over many months or years. Plus, it's just a lot more fun to talk about. Saying,
I'm on a side quest to fix my vim config, is a lot more fun and impressive than saying,
I've been tweaking my Vim config for the last four hours.
Seven rules for an effective meeting culture.
Meetings. Everybody likes calling them. Nobody likes attending them.
Unfortunately, they are a necessary evil for all but the most
privileged or most isolated in the business world. So if you're going to have them, you might as well
make them effective. Here's Ashley Jansen. Quote, your meeting culture is the combination of etiquette,
protocol, and expectations for what happens before, during, and after your meetings. It's
all the things, good and bad, that make up how they are run and inform the participant's experience
in the meeting. End quote. Ashley has written a lot about how to have more effective meetings.
I think this list of seven rules to follow is a great intro to how she thinks about meetings. In brief, 1. Be on time. 2. Be prepared.
3. Be engaged. 4. Be a good listener. 5. Be inclusive. 6. Be accountable. And 7. Be reasonable.
Common sense stuff, really, but that doesn't make it wrong. Click through for full explainers of
each rule. Link in the newsletter. That's the news for now,
but we have some awesome episodes coming up this week.
On Wednesday, Andreas Kling and Chris Wanstroth
from the Lady Bird browser.
And on Friday, Jordan Eldridge talking Winamp skins
and the bizarre secrets they hold.
Have a great week.
Leave us a five-star review if you dig Chainsaw News,
and I'll talk to you again real soon.