Nov 22, 2019 newsletter

How do you take down an 800-pound gorilla in web development?

Gatsby and the 800-pound WordPress gorilla

Gatsby, creator of the eponymous open source static site generator, announced the launch of a new cloud offering to help developers build and deploy Gatsby-based websites. Dubbed Gatsby Cloud, the new tool strengthens Gatsby in its attack on the WordPress-dominated web.

As Gatsby continues its meteoric rise in popularity, what happens next could forever change how the web is built.

WordPress still powers a staggering portion of the internet—roughly 34% of all websites. Developers appreciate the richness of the WordPress ecosystem and ease of getting started.

Web development is changing, though. Developers are foregoing traditional development stacks, such as the LAMP stack that WordPress depends on, in favor of modular applications. When engineers want to add to their websites features like search, payments, or ecommerce, they turn to modular and API-first tools like Algolia, Stripe, and Shopify.

Gatsby excels at orchestrating these modular services.

Known as a content mesh, Gatsby provides an infrastructure layer that stitches together content systems for easy development and deployment. For example, developers can add Gatsby’s Shopify plugin to pull product listings and data when building their website.

Now, Gatsby Cloud is the next step in expanding that content mesh.

With Gatsby Cloud, users have access to cloud-based quickstarts, real-time previews, CMS integrations, and a new CI/CD solution optimized for the Gatsby web framework that dramatically reduces build time to feel nearly instantaneous.

Overall, Gatsby Cloud creates a richer, more powerful, and more user-friendly content mesh. That brings the Gatsby platform closer to unseating WordPress.

WordPress built an empire by letting developers easily spin up and launch powerful websites. As the most robust and most accessible website building tool available, WordPress stamped out most competition.

With Gatsby Cloud, however, the 800-pound WordPress gorilla starts to look a little more vulnerable.


Facebook backs Visual Studio Code as Microsoft's bets pay off

Visual Studio Code and Facebook

Facebook is teaming up with Microsoft to expand Visual Studio Code and its remote development capabilities.

Visual Studio Code is turning out to be one of the tech world’s most valuable developer platforms, growing to prominence in four short years and now used by more than 50% of developers. That dominant position puts Microsoft far ahead of its competition in preparation for the next wave of engineering trends—like remote development.

What Visual Studio Code managed to achieve—and what other editors failed to do—is turning the code editor into a viral developer platform.

To hook developers, Microsoft released its code editor as open source software with easy-to-use and robust extension APIs. Any developer could create extensions. Many did: the Visual Studio Code marketplace lists 14,000+ extensions, nearly triple that of Sublime Text and slightly less than double that of Atom.

As more developers use Visual Studio Code, big companies like Facebook build even more extensions. More extensions from reputable engineering teams further entrenches Visual Studio Code as the platform with the richest developer toolset.

With so many developers and tech companies invested in the platform, Visual Studio Code holds a dominant spot as big companies adopt emerging, and lucrative, technologies—like remote development. Such tech will likely integrate with Azure and other Microsoft services, bringing Microsoft more paying customers.

Visual Studio Code has long been an experiment by Microsoft to see if powerful open source software could eventually pull developers, especially at big tech companies, into its ecosystem. Facebook’s blessing shows those bets may finally be starting to pay off.


Avoiding the mayhem of modular code from the beginning

Bytecode Alliance

A handful of tech giants—including Mozilla, Fastly, Intel, and Red Hat—announced the formation of the Bytecode Alliance, a new initiative to create a more secure and composable future for WebAssembly by collaborating on new standards.

Such efforts could help reign in today’s Wild West of open source software and reshape how developers implement modular code.

Much of software development today focuses on modular applications. Roughly 80% of the average code base comes from package registries like npm, PyPI, and crates.io. By tapping into community resources, modular code helps developers build better products faster.

Development speed and open source code, however, open the door to complex security issues.

Malicious code is a serious threat, with open source packages giving bad actors discreet entry points into popular software. Unsurprisingly, the number of malicious modules published to npm more than doubled from 2017 to 2019.

Vulnerabilities are a problem, too. Only 59% of packages have known fixes for disclosed vulnerabilities. Many maintainers don’t have the time or the security know-how to fix them. The result is that nearly 40% of npm modules depend on code with at least one publicly known vulnerability.

Existing band-aids—scanners, monitoring, code reviews, and containers—are slow, manual, resource-intensive, or prone to overlooking issues.

The Bytecode Alliance is working on ways to avoid such package mayhem in the fledgling WebAssembly ecosystem by implementing more rigorous standards. WebAssembly runtimes, code generators, and language tooling are carefully designed make the ecosystem more secure by default. New standards, like nanoprocesses, wrap modules or groups of modules to regulate how data is exchanged between them, limiting module access to critical system functions.

Ultimately, the Bytecode Alliance hopes to minimize the tradeoff between developer productivity and security. The goal is to support today’s open source modularity, but with better guardrails.

Just as JavaScript spread across the software development world, from browsers to desktops to servers, WebAssembly could be on a similar path. A better approach from the start could save developers time and energy farther down the road.

If the group succeeds, its methods will be a massive lesson for all of software development in how to grapple with the growing popularity and importance of open source software.


Small bytes

  • GitHub launched Security Lab, a set of tools to help researchers find and report vulnerabilities in open source projects. As the center of the open source world, GitHub is increasingly focused on security [GITHUB]
  • Web Almanac, by HTTP Archive, released its report on JavaScript usage across the web [ALMANAC]
  • Intel is building oneAPI, a new model for running software across different hardware. Intel hopes to help developers write code—particularly machine learning algorithms—without worrying about the underlying hardware [ARS TECHNICA]
  • Gravitational raised $25M to continue building its Kubernetes-driven software that makes code more portable across cloud services [TECHCRUNCH]
  • Indeed released a new report that reveals SQL sits at the top the list of most in-demand tech skills. Python and machine learning skills are also rising rapidly [IEEE SPECTRUM]
  • Google is working to run Android with the regular Linux kernel. If successful, Google would manage less technical overhead and could help advance the Linux ecosystem [ANDROID POLICE]

Tools

  • JSON Generator is a free tool to randomly generate JSON data [JSON GENERATOR]
  • SandDance is a web-based tool and Visual Studio Code extension that helps visualize complex data [SANDDANCE]
  • Draw.io is a free app for making diagrams that stores all data locally [DRAW.IO]
  • CSS Scan is the easiest way to get and edit the CSS of any website, live [CSS SCAN]
  • EasyDB is a a one-click database with no server required [EASYDB]
  • goormIDE is a powerful cloud IDE service to maximize the productivity for developers and teams [GOORMIDE]
Never miss the big news

Every week, our team will send you three of the most important stories for developers, including our analysis of why they matter. Software development changes fast, but src is your secret weapon to stay up to date in the developer world.

Featured articles
AI Ethics: How Diverging Global Strategies Open a Gaping Regulatory Void

Today global initiatives on AI are a series of regulatory and ethical gambles—a dangerous, potentially existential game.


Can Master Chief win the day for Microsoft Azure?

Why the Xbox will be Azure’s unlikely hero.


Churn Baby, Churn

Understanding churn rates can help developers be more productive and write quality code

Made with by Software. Read more about our mission.