Tim Fisken explains the problem with soft deletion, a simple measure of software dependency freshness is proposed, a deep-dive on sound design in software, a web app with over 80 handy developer tools built in & Luke Plant reminds us that programming mantras are proverbs, not laws.

Bahaa Zidan says your web framework doesn’t matter, DHH writes about magic machines, Dylan Huang reviews thousands of opinions on HTMX, Tim Ottinger says programming is thinking & Tim Spann says small language models (SLM) for the win.

Daniel Hooper lists out all the good ideas in computer science, Jeff Geerling declares 2024 the year corporate open source dies, Jared Turner says all kinds of works-in-progress are waste, Daroc Alden covers the leadership crisis in the Nix community & John Hawthorn explains why Ruby may be faster than you think.

Forrest Brazeal is concerned about the open source threat from within, Vicki Boykis explains why Redis is forked, John O’Nolan and the Ghost team plan to federate over ActivityPub, Llama 3 is now available for “businesses of all sizes” & nolen writes up questions to ask when you don’t want to work.

YouTuber “Internet of Bugs” breaks down why AI “software engineer” Devin is no Upwork hero, Redka is Anton Zhiyanov’s attempt to reimplement Redis with SQLite, OpenTofu issues its response to Hashicorp’s Cease and Desist letter, Brian LeRoux introduces Enhance WASM & PumpkinOS is not your average PalmOS emulator.

HashiCorp sends OpenTofu a nasty-gram in the wake of Matt Asay’s infringement claims, Polar is like Patreon but for software creators, a Common Corpus of LLM data is released on HuggingFace & Loki is an open source tool for fact verification.

The big story right now is the recently uncovered backdoor in liblzma (aka XZ) – a relatively obscure compression library that happens to be a dependency of OpenSSH. This incident is noteworthy for so many reasons: the exploit itself, how it was deployed, how it was found, what it says about our industry & how the community reacted. Let’s dig in!

Redis’ re-licensing prompts forks like Drew DeVault’s Redict, Matthew Miller thinks we need more community built software, Paul Gross makes the case that DuckDB is the new jq, Anton Zhiyanov shares how he makes a living as a developer despite being “pretty dumb” & Baldur Bjarnason chimes in on the state of the web developer job market.

A new badge for open source projects that won’t be getting any maintenance, everything Chip Huyen learned from looking at 900 open source AI tools, CNBC writes up tech’s renewed layoff trend, Teable is a Postgres-Airtable fusion & Target announces an open source fund.

Puter puts an entire operating system in your web browser, the kapa.ai team write down how to structure your docs for LLMs, Daytona is an open source Codespaces alternative, Gleam v1.0 has been released & Rolldown is a JavaScript bundler written in Rust.

Apple backs off killing web apps (but the fight continues), Luka Kladaric writes about how to ship quality software in hostile environments, Deno’s new package registry is an npm superset, Martin Fowler on the value of periodic face-to-face & Eugene Ghanizadeh wants us to get more decentralized than the Fediverse. Leave us nice words!

GPTScript is a new scripting language to automate your interactions with LLMs, Adam Wiggins conducts a retrospective on Muse, Nikita Prokopov surveyed a bunch of popular websites to see how much JS they loaded on their pages, Pages CMS is a no-hassle CMS for GitHub pages & Jim Nielsen writes about the subversive hyperlink.

Ship It is back! IEEE Spectrum writes about quantum computing’s reality check, Maxim Dounin announces freenginx, Nadia Asparouhova goes deep on AI & the “effective accelerationism” movement, Angie Byron helps first time open source contributors avoid common pitfalls & Miroslav Nikolov writes up his advice for high-risk refactoring.

Changelog Beats drops a new Dance Party album, Will McGugan’s new Toolong (tl) terminal app, Mitchell Baker is out as Mozilla CEO, Microsoft’s Jordi Adoumie announces sudo for Windows, Tatu Ylonen tells the tale of how they got SSH to be port 22 & Jack Lindamood gives an “Endorse” or “Regret” rating for ~50 different services, tools & processes he used over the 4 years he led infrastructure at a startup.

Geoffrey Litt thinks browser extensions are underrated, Adolfo Ochagavía on being a generalist in a specialist’s world, Jack Garbus praises the Arch Wiki, Terence Eden tries to rebuild FourSquare for ActivityPub using OpenStreetMap & Sebastien Dubois teaches us how to connect ideas together.

The Rune team announces $100k in open source grants for indie game devs, the Zed code editor is now open source, the Ollama team releases Python & JavaScript libraries, Max Bernstein tells the story of Scrapscript & Pooya Parsa writes up some notes from a tired maintainer.

Alex Ellis’ new actions-batch project uses GitHub Actions as a time-sharing supercomputer, DevDocs.io combines multiple API documentations in a fast, organized, and searchable interface, Jarred Sumner announces Bun’s very own JavaScript shell, Shoelace is a forward-thinking library of web components & Martin Heinz writes an awesome guide to building an indoor air quality monitoring system with Prometheus, Grafana & a CO2 sensor.

Niklaus Wirth makes his plea for lean software, PocketBase puts your entire backend in 1 file, Vanna is a Python RAG framework for accurate text-to-SQL generation, Henrik Karlsson wants you to think more about what to focus on & Calvin Wankhede shares how he built a fully offline smart home (and you should too).

Daniel Stenberg is frustrated with the state of AI tooling for finding security bugs, Brian Birtles is surprised by weird things engineers believe about web dev, Feross Aboukhadijeh details the fallout from a nasty npm prank, Rob Pike shares what he thinks they got right and wrong with Go & Gavin Howard writes up why he believes “all code is tech debt” is all wrong.

This episodes diverges from our traditional fare. I’ve reviewed the 50 previous editions and picked (IMHO) the coolest code, best prose & my favorite podcast episode from each month!

A group of researchers set out to test claims that its open source rivals had achieved parity (or even better) with ChatGPT on certain tasks, Richard Hipp and his team have rewritten SQLite’s text-based JSON functions, Ratatui is a Rust crate for cooking up TUIs, Morris Brodersen built a complex app in vanilla JS as a case study & Headscale is Kristoffer Dalby’s open source, self-hosted implementation of the Tailscale control server.

ChatGPT’s new GPTs feature leak their prompts, Firefox’s share of the browser market will soon drop below 2%, Robin Berjon tries to formalize a name for those who can’t be named, Amy Lai tells the tale of the weirdest bug she’s ever seen & Facundo Olano trumps the “code is read more than written” cliche with his own: “code is run more than read.”

Zach Leatherman on the tension and future of the Jamstack community, Chenxin Li helps you avoid 13 bad practices in data visualization, Laravel Pulse is coming real soon, Max Chernyak develops a new way to accomplish long term refactors & Spencer Baugh makes the case for more libraries and less services in our software stacks.

The internet watches OpenAI unravel in real-time, tldraw has a new experiment going with GPT-4 Vision that turns mockups into code, Tony Ennis makes the case for HTML First, James Somers writes a “eulogy” to coding for The New Yorker & Laurence Tratt describes and details four kinds of optimisation.