The Changelog: Software Development, Open Source
Naming conventions that need to die (News)
Mon, 21 Oct 2024
Will Crichton wishes some naming conventions would die already, GitHub user brjsp noticed that Bitwarden's new SDK dependency isn't open source, Joaquim Rocha details his forking best practices, Sophie Koonin explains why you should go to conferences & Mike Hoye puts WordPress on SQLite.
What up nerds? I'm Jared, and this is Changelog News for the week of Monday, October 21st, 2024. Forever ago, Devin Zugal came on the show and told us about the making of GitHub Sponsors. In that conversation, we learned of her fascination with city planning and even encouraged her to start a podcast about it, which she did, by the way.
Turns out Devin's been doing far more than just studying and talking about city building. She announced late last week that her and some friends are creating a new town in California wine country called Esmeralda. How cool is that? Kind of makes you want to throw that crud app out the window and think bigger, huh? Okay, let's get in to this week's news. Naming conventions that need to die.
Here's Will Crichton writing in November of 2018. Quote, End quote. Will takes umbrage with names that point back to their inventor or discoverer, such as Plank Constant, Bernoulli Distribution, etc. He also doesn't like using numbers as names, like Type 1 Error, Type 2 Error, etc. lazily choosing a random word like Pig, Flink, Spike, Hive, Arrow, Kafka, all of which are Apache projects.
And he'd also like to expunge historical accidents like Master Slave, CAR versus CDR, Enlisp, etc. I will add another. Stop using names that are already overloaded. For instance, if the name you like has a lengthy disambiguation page on Wikipedia, go, go, maybe pick something fresh. Or I guess you could just throw Lang on there at the end and call it good. Bitwarden, no longer free software?
GitHub user brjsp noticed that the Bitwarden team recently introduced a dependency in their clients that contains a proprietary statement in its license. Quote, you may not use this SDK to develop applications for use with software other than Bitwarden, including non-compatible implementations of Bitwarden, or to develop another SDK, end quote.
Since it is not possible to build Bitwarden clients without this dependency, it appears that this has leavened the whole lump of software GitHub user XNDC followed up with, quote, also see pull request 898. It looks like this is part of a deliberate campaign by Bitwarden Inc., End quote. Later on in the thread, Bitwarden founder-slash-CTO Kyle Spearin posted this reply...
Quote, thanks for sharing your concerns here. We have been progressing using of our SDK in more use cases for our clients. However, our goal is to make sure that the SDK is used in a way that maintains GPL compatibility. One, the SDK and the client are two separate programs. Two, code for each program is in separate repositories.
Three, the fact that the two programs communicate using standard protocols does not mean they are one program for purposes of GPLv3. Being able to build the app as you are trying to do here is an issue we plan to resolve and is merely a bug. End quote. Kyle's statement was analyzed and addressed by user Gash on Lobsters. We'll link to that. How far down the rabbit hole will this one go?
Forking best practices. Here's Joaquim Rocha, quote, Fork maintenance, keeping your changes in sync with the latest updates from the original project, can quickly become a mess, trust me. Over the years, my work did sometimes involve maintaining forks of various open source projects. This is an excellent guide for what can be a tricky, aka frustrating, task.
2.
3.
No evil merges. Four, rebase early, rebase often. Five, contribute back changes. And six, keep a good relationship with upstream. Side note, I don't think we should need all these guides. There's a lot of value, aka money, to be made by anyone who makes the entire code collaboration process an order of magnitude easier. Please, someone go for it. It's now time for Sponsored News.
Socket adds support for Java, Ruby, and Socket Optimize. You know we're fans of Socket, and we're even bigger fans of secure open source dependencies. Socket recently announced three major wins, taking us another huge step in this direction. One, Java support.
With this release, Java teams can now leverage Socket's comprehensive security tools to protect their software supply chain from the rising threat of attacks. Whether you're building large-scale Java enterprise apps, maintaining a legacy Java monolith, or shipping an Android app, Socket has your back.
Two, Ruby support is now in beta and ready to try for all users, enabling security scanning and zero-day supply chain attack prevention to your Rails projects in just two clicks via the free Socket for GitHub app. And three, Socket Optimize is a new powerful CLI command you can use for proactive dependency hygiene.
It's designed to make it easy for devs to reduce dependencies, leverage new platform features, improve performance, and address security issues all with a simple CLI command. Learn more about these announcements at Socket's awesome blog, socket.dev slash blog. You should go to conferences.
Sophie Coonan, whose website is too cool by the way, makes her case for you spending time and money on attending conferences. I agree with all of her major points, but especially this one. Quote, the talks are obviously very important, but one of the best things about conferences is the hallway track. That is, meeting and chatting to like-minded folks.
organizers will often encourage the pac-man rule standing in a circle with a gap to always allow new people to join in end quote we love the hallway track so much and we're coming soon to raleigh fyi that we created an entire flavor of the changelog in its image Yes, changelogging friends is like putting the hallway track at your favorite conference on repeat year round.
Sophie also gives some conference attending advice and shares some of her favorite smaller web conferences in the UK, Europe, and the rest of the world. Press onward, putting WordPress on SQLite. M. Hoy says, But ultimately, his tantrum doesn't matter. It's all free software. People might depend on the code, but nobody depends on the companies. That's sort of the point. End quote.
To make life easier on those of us caught up in the crossfire, he created a repo, which we will link to, that takes the WordPress tarball and modifies it to run on SQLite. Quote, it's nice. You can have WordPress without needing Babysit MySQL, run a big machine, or really much of anything.
Installation is a breeze, and if you turn off comments and put WP Super Cache in front of it, it'll be perfectly happy humming along day to day on the tiniest VM you can find.
That's the news for now, but do scan our companion newsletter for even more stories worth your attention, like why Ben Wordmuller is still excited about the web, a new Node.js MVC web app framework, and everyone's favorite pyramid scheme of awesome links. If you don't get the newsletter, fix that bug at changelog.com slash news. We have some sweet episodes coming up this week.
On Wednesday, Elastic CTO Shea Bannon talks Elasticsearch's return to open source. And on Friday, we celebrate 10 years of free code camp with Quincy Larson. Have a great week. Leave us a five-star review if you dig the show. And I'll talk to you again real soon.