Kind bookmarks

GitHub is updating how GitHub Actions’ pull_request_target and environment branch protection rules are evaluated for pull-request-related events. These changes will take effect on 12/8/2025. They aim to reduce security critical…

Supply chain attacks exploit fundamental trust assumptions in modern software development, from typosquatting to compromised build pipelines, while new defensive tools are emerging to make these trust relationships explicit and verifiable.

It seems so rude and careless to make me, a person with thoughts, ideas, humor, contradictions and life experience to read something spit out by the equivale...

Fool me once, shame on you; fool me twice, shame on me.

A lightweight way to add ambient social cohesion for remote teams.

The difference can be subtle

Automating things, even when it doesn't save time, is how you learn the skills to automate the things that will.

Too many open source projects suffer from inadequate documentation, and that hurts their adoption, their communities, and puts more burden on maintainers. Many people who create open source software don't see see themselves as writers, but today I'm sharing tips for documenting open source projects

I’ve been working for over 20 years in the field of “developer experience,” where we help developers be more effective, efficient, and happy, by improving tools, systems, and processes. I have been intimately involved in designing key aspects of the developer experience at Google and LinkedIn, have been very involved with the research community in this space, and I’m constantly in touch with developer experience leaders at every major tech company. I’d like to spell out for you the fundamental principles of what makes a great developer experience—the most important things to understand in the space. I’m only going to

Please, make it stop.

The description suggests that this is some kind of extended metaphor about work. It appears to be written in that _Choose Your Own Adventure_ style second-person voice, yet there are no choices to be found within. Against your better judgment, you follow the link.

Overworked, under pressure, and subjected to abuse – is it really worth it?

OpenAPI is hard. At a glance it might seem really straight forward to build tooling for it, but then we learn there are monsters down below.

Security Okay, friends. Here’s what we’re going to do. It’s not going to take long.Let’s install Signal. Signal is an open-source, end-to-end encrypted instant messaging app. When you message someone …

It’s been over a year since one of the most significant turning points in my life, and it’s time to reflect on that.

Don’t be tricked into writing software that hurts people.

Over the last three and a half weeks I’ve become such a potato that I’m considering changing my name to Maris Piper

An infrastructure engineer, focused on distributed storage system

Do you work in Software Engineering, and have you seen messages or sentences like these before?

How geopolitics can alter digital infrastructure

<p>Folks, today's the day.</p> <p>As of this morning, I've made over a million dollars on GitHub sponsors. Wowoweewow.</p> <p><img src="/pos...

Elastic is adding AGPL as an open source license option to Elasticsearch alongside ELv2 and SSPL....

How could our tools change to reduce the cost of breaking changes?

Writing about the big beautiful mess that is making things for the world wide web.

Replacing Twitter is not a task for a few—it is a barn raising that the entire social community must undertake together. Here’s my tips for joining this change.

Talking through why choosing a versioning scheme is of vital importance and why SemVer is the best option for most.

The “innovation token” model for selecting technologies is bad, and here’s why.

Platform engineering and developer productivity initiatives are often focused on improving how a team works. But how do you advocate for your own growth?

Why I still enjoy using GraphQL after 8 years

GraphQL is an incredible piece of technology that has captured a lot of mindshare since I first started slinging it in production in 2018. You won’t have to ...

At Labor Notes 2024, I had the chance to facilitate a panel on class consciousness and how one might raise it among tech workers. Prior to the panelists answering the questions, I highlighted Weber’s …

After working on the initial stages of several largish projects, I accumulated a list of things that share the following three properties:

Free and open source software has become a modern commons, but now it's vulnerable. Freedom isn't sufficient to secure it for the future.

SQLite is often misconceived as a &amp;#34;toy database&amp;#34;, only good for mobile applications and embedded systems because it&amp;#39;s default configuration is optimized for embedded use cases, so most people trying it will encounter poor performances and the dreaded SQLITE_BUSY error. But what if I told you that by tuning a

stateunstableinblogdate3/29/2024 😖 Unstable Updating at the speed of light, blink once and a word could be gone! These nodes are eratic, unstable, dangerous, but that's why they are fun. Please note: …

I’ve been through close to a dozen reorgs. This article contains the advice I wish I’d been given earlier in my career when I didn’t yet have that experience. Reorgs are disruptive, and nobody really tells you what to do in the wake of one. It’s easy to feel adrift, scared for your future, and uncertain about how to behave. Some of that fear is warranted: your job security probably goes down in the months following a reorg. But confusion and chaos aren’t necessarily signs that the reorg will go poorly, and there are things you can do to help give you and your team a better chance of emerging successfully.