Rich-Harris

Note: I'm not involved in Prepack in any way — please correct me if I say anything incorrect below!

A few people have asked me if Prepack and Svelte are similar projects with similar goals. The answer is 'no, they're not', but let's take a moment to explore why.

What is Prepack?

Prepack describes itself as a 'partial evaluator for JavaScript'. What that means is that it will run your code in a specialised interpreter that, rather than having some effect on the world (like printing a message to the console), will track the effects that would have happened and express them more directly.

So for example if you give it this code...

jashkenas

Spurred by recent events (https://news.ycombinator.com/item?id=8244700), this is a quick set of jotted-down thoughts about the state of "Semantic" Versioning, and why we should be fighting the good fight against it.

For a long time in the history of software, version numbers indicated the relative progress and change in a given piece of software. A major release (1.x.x) was major, a minor release (x.1.x) was minor, and a patch release was just a small patch. You could evaluate a given piece of software by name + version, and get a feeling for how far away version 2.0.1 was from version 2.8.0.

But Semantic Versioning (henceforth, SemVer), as specified at http://semver.org/, changes this to prioritize a mechanistic understanding of a codebase over a human one. Any "breaking" change to the software must be accompanied with a new major version number. It's alright for robots, but bad for us.

SemVer tries to compress a huge amount of information — the nature of the change, the percentage of users that wil

mikeal

I've known people at nodejitsu for years, since before the company even existed. I still consider many of them friends. That said, somebody over there has lost their mind.

Trademarks are an important part of open source. They protect the integrity of the trust that is built by any project. A classic example of why this is the case is Firefox. Suppose that a malware producer takes the Firefox codebase, which is free and open source, packages up their malware with it and then releases it as "Firefox". Then they buy search advertising and suddenly their bad and malicious version of Firefox is the first result on search engines across the web. This is clearly a bad thing for Firefox and open source everywhere, but what can Mozilla do to protect their community of users?

They can't enforce a software license since the use is permitted under the Mozilla Public License. They can, however, enforce on these hypothetical bad actors using their trademark on the word "Fi

bevacqua

function pluck (a, prop) {
  return a.map(function (a) { return a[prop]; });
}

asvd

Why declaring globals is better than exporting

The module pattern

During the past several years the way of managing JavaScript dependencies evolved bringing some advanced solutions. One of the concepts which became very popular today, is a module pattern. The beginning of [this

jbenet

a simple git branching model (written in 2013)

This is a very simple git workflow. It (and variants) is in use by many people. I settled on it after using it very effectively at Athena. GitHub does something similar; Zach Holman mentioned it in this talk.

Update: Woah, thanks for all the attention. Didn't expect this simple rant to get popular.

konklone

# Basically the nginx configuration I use at konklone.com. 
# I check it using https://www.ssllabs.com/ssltest/analyze.html?d=konklone.com
# 
# To provide feedback, please tweet at @konklone or email eric@konklone.com.
# Comments on gists don't notify the author. 
# 
# Thanks to WubTheCaptain (https://wubthecaptain.eu) for his help and ciphersuites.
# Thanks to Ilya Grigorik (https://www.igvita.com) for constant inspiration.

server {

jed

How to set up stress-free SSL on an OS X development machine

One of the best ways to reduce complexity (read: stress) in web development is to minimize the differences between your development and production environments. After being frustrated by attempts to unify the approach to SSL on my local machine and in production, I searched for a workflow that would make the protocol invisible to me between all environments.

Most workflows make the following compromises:

• Use HTTPS in production but HTTP locally. This is annoying because it makes the environments inconsistent, and the protocol choices leak up into the stack. For example, your web application needs to understand the underlying protocol when using the secure flag for cookies. If you don't get this right, your HTTP development server won't be able to read the cookies it writes, or worse, your HTTPS production server could pass sensitive cookies over an insecure connection.

• Use production SSL certificates locally. This is annoying

remy

#!/usr/bin/env python
# saved to ~/bin/batcharge.py and from
# http://stevelosh.com/blog/2010/02/my-extravagant-zsh-prompt/#my-right-prompt-battery-capacity
#!/usr/bin/env python
# coding=UTF-8

import math, subprocess

p = subprocess.Popen(["ioreg", "-rc", "AppleSmartBattery"], stdout=subprocess.PIPE)
output = p.communicate()[0]

dypsilon

Backend Development

• node.js
  • Installation paths: use one of these techniques to install node and npm without having to sudo.
  • Node.js HOWTO: Install Node+NPM as user (not root) under Unix OSes
  • Felix's Node.js Guide
  • Creating a REST API using Node.js, Express, and MongoDB
  • Node Cellar Sample Application with Backbone.js, Twitter Bootstrap, Node.js, Express, and MongoDB
  • JavaScript Event Loop
• Node.js for PHP programmers