Sep 06, 2019 newsletter

Officially blocked: npm bans packages from showing ads in your terminal

Last week, the popular JavaScript library Standard began showing ads in the terminal from sponsors such as Linode and LogRocket. Other open source packages occasionally display donation requests after installation, but Standard was the first JavaScript package to display ads from third-parties directly inside the terminal. Standard used another npm package, Funding, that provided a platform for open source packages to integrate ads to fund their projects.

The backlash from developers against Standard was swift and unfavorable. Both sponsors, Linode and LogRocket, backed out of the program after negative responses from the development community. Standard promptly removed the ads from its library and ceased development of Funding, its terminal advertising platform. Now, npm, Inc, the team behind the npm ecosystem and registry, is moving to officially ban the practice in the future.

npm, Inc updated its official policies about commercial content to restrict ads in packages. Packages can no longer display ads at runtime, installation, or any other part of the software development process. Furthermore, while packages with code that can be used to display ads are acceptable, those packages cannot display ads to the developers using them.

As the registry has grown in size and popularity, its role in the development world and its importance in the software supply chain has come under increasing scrutiny. To allay concerns, npm, Inc is actively working to standardize the packages that are hosted on its public registry. Following the most recent advertising debacle, the npm team is in the process of standardizing CLI post-install scripts, which should formalize rules about donation requests, advertisements, and any other terminal messaging. The npm team has also strengthened its policies around security and package ownership, working to prevent package hijacking and protect libraries that are exceptionally critical to the development ecosystem.

The npm ecosystem has largely been reactive to new and unforeseen threats and changes. As software continues to fragment across reusable libraries and modules, npm will likely be a trailblazer in answering complex ethical quandaries. For now, comprehensive rules around terminal advertising are a positive step.


The 2019 Accelerate State of DevOps report quantifies operational differences between elite and low performance engineering teams

The 2019 Accelerate State of DevOps report from DevOps Research and Assessment (DORA) team seeks to quantify the performance of elite engineering teams. The report builds on six years of research with data from 31,000 professionals from around the world in a variety of software development roles.

The report analyzes how engineering teams can be more productive in developing and deploying software. Productivity, according to the report, is a combination of engineering throughput and software stability. When compared to low performance teams, elite engineering teams have:

  • 208 times more frequent code deployments. Elite teams make multiple deployments per day, while low performers deploy roughly once per month.
  • 106 times faster lead time. Lead time is a proxy for throughput, measuring the time from code changes to deployment. Elite teams experience lead times that are usually less than 24 hours, while low performance teams require one to six months to move code from commit to deployment.
  • 2,604 times faster time to recover from incidents. During outages and service disruptions, elite teams recover in less than one hour, but low performance teams can take anywhere from one week to one month.
  • 7 times lower change failure rate when changes to production result in degraded application performance for users. Elite teams experience change failure rates ranging from 0% to 15%, while low performance teams can experience rates between 46% and 60%.

To build high performance engineering teams, the report suggests that companies should carefully consider how they define their culture and organize their knowledge.

According to DORA’s analysis, “high-performing teams need a culture of trust and psychological safety, meaningful work, and clarity.” The report highlights the importance of fostering a culture that allows team members to take risks with the backing of a supportive team. Optimizing for information flow, trust, innovation, and risk-sharing is predictive of software delivery and operational performance.

Knowledge-sharing, too, is an important component of building a high performance company culture. Teams that actively use and maintain internal knowledge tools are 1.73 times more likely to be productive. Effectively scaling teams requires careful knowledge management, as well. Low performance teams preferred training centers (otherwise known as DOJOs), where employees are removed from their usual routines to learn new tools or technologies, and centers of excellence, where expertise is centralized and consults others. Both methods create silos and isolate expertise, negatively impacting team productivity. Elite teams employ communities of practice, where groups that share common interests in methodologies are encouraged to share knowledge within and across teams, and grassroots scaling, where small teams work together to transform a development process and then informally share their success with the organization.

Toolchains, like knowledge sharing, can be optimized as well. The highest performing engineers are 1.5 times more likely to use easy-to-use tools (e.g. not proprietary software or difficult to maintain software). Moreover, according to the report “elite performers automate and integrate more frequently into their toolchains on almost all dimensions.”

To synthesize the reports main points: the most successful, high performance teams actively work to accelerate their development processes by maintaining an open and team-based culture that effectively balances development throughput, automation, speed.


Microsoft loosens its grip on Linux and open source software by making remaining exFAT patents available

Microsoft has a long history of intellectual property aggression, seeking revenue from its patents that are often used across the open source world. The patents surrounding Microsoft's File Allocation Table (FAT) and Extended File Allocation Table (exFAT) file systems caused noticeable tension with the open source Linux community, which has not included the file system technology in its kernel due to patent concerns. Now Microsoft is now making its remaining FAT patents regarding its exFAT specifications available to Linux and members of the Open Invention Network (OIN).

FAT and exFAT are the file system for hundreds of millions of storage devices. Originating with floppy disks, the file system eventually evolved with MS-DOS, Windows, USB devices, and SD cards. Given its ubiquity, according to Microsoft, “it's important to us that the Linux community can make use of exFAT included in the Linux kernel with confidence. To this end, we will be making Microsoft's technical specification for exFAT publicly available to facilitate the development of conformant, interoperable implementations.”

The Open Invention Network is the largest patent non-aggression community in the world, with members agreeing to share patents with each other without needing to pay royalties. Microsoft joined the OIN in 2018, adding 60,000 of its patents to the royalty-free portfolio.

Microsoft is in the midst of an open source renaissance, removing its patent levers in favor of the developer community. Linux, in particular, offers Microsoft an increasingly lucrative opportunity to capture developer mindshare, bolster its developer-friendly reputation, and thwart competitors. To that end, Microsoft has not only accepted Linux, it is actively encouraging its success; in a world where the cloud (including Microsoft Azure) is dominated by Linux servers, aligning with the Linux community is a chance to intertwine the success of the Microsoft ecosystem with that of Linux.


Small bytes

  • Reasoning about leverage in engineering organisations [DEHORA]
  • Never mind the code quality: bad code and pull requests [IPROGRAMMER]
  • Why building a social presence can improve your developer journey [SKILL PATHWAY]
  • Productivity principles for developers that stand the test of time [BETTER PROGRAMMING]

Tools

  • Git-flight-rules is a guide about what to do when things go wrong with Git [GITHUB]
  • eBay's TSV Utilities are a set of command line tools for large, tabular data files, including filtering, statistics, sampling, joins and more [EBAY]
  • Faceswap is the leading free and open source multi-platform Deepfakes software [FACESWAP]
  • wttr.in is a console-oriented weather forecast service [WTTR]
  • ApexCharts is a modern JavaScript charting library to build interactive charts and visualizations with simple API [APEX CHARTS]
  • Electron Fiddle lets you create and play with small Electron experiments [ELECTRON]
  • Become a professional at tech interviews by solving one problem every day with other engineers like you [DEVMATES]
  • Nushell is a powerful and intuitive modern shell built with Rust [NUSHELL]
Never miss the big news

Every week, our team will send you three of the most important stories for developers, including our analysis of why they matter. Software development changes fast, but src is your secret weapon to stay up to date in the developer world.

Featured articles
AI Ethics: How Diverging Global Strategies Open a Gaping Regulatory Void

Today global initiatives on AI are a series of regulatory and ethical gambles—a dangerous, potentially existential game.


Can Master Chief win the day for Microsoft Azure?

Why the Xbox will be Azure’s unlikely hero.


Churn Baby, Churn

Understanding churn rates can help developers be more productive and write quality code

Made with by Software. Read more about our mission.