TLDR Web Dev 2024-04-01

xz backdoor explained πŸ“”, saving Google πŸ€”, how to gain technical expertise 🧠

πŸ§‘β€πŸ’»
Articles & Tutorials

The Great Migration from MongoDB to PostgreSQL (3 minute read)

Infisical, a secrets management platform, migrated from MongoDB to PostgreSQL because of difficulties configuring transactions in MongoDB, a lack of relational features, inconsistent versioning across cloud providers, and a lack of a good user experience with MongoDB. The migration process required a temporary block on write operations and involved careful data transformation to map MongoDB's structure to PostgreSQL's relational model. LevelDB was used to persistently store and map identifiers between the databases. The migration itself led to significant performance gains and cost reductions.

React Compiler & React 19 - forget about memoization soon? (7 minute read)

React 19 and the React Compiler have been dominating the React discussion over the past month over the possibility of never having to think about memoization in React very soon. However, a huge change like this is not as simple as a version or tool release. This post summarizes and clarifies what is coming in React 19 and the React Compiler and offers a technical explanation of the coming changes.

Running OCR against PDFs and images directly in your browser (6 minute read)

This article is a breakdown of a web app that combines PDF.js for PDF processing and Tesseract.js for OCR functionality, allowing users to drag and drop PDFs or images directly in their browser for text extraction. The project was built quickly with the help of Claude 3 Opus and ChatGPT for code generation. The end result is a program that is simple, runs locally without data uploads, and will work well without needing any updates in the future.
🧠
Opinions & Advice

How to get deep, technical expertise as an engineer (9 minute read)

It is important to understand fundamentals as a software engineer. A good way to do so is to challenge yourself by building without frameworks and proactively seek out areas where you can take ownership in your projects. Anyone can achieve a high level of technical proficiency by taking initiative, focusing on the fundamentals, and embracing a growth mindset.

Don’t use your ORM entities for everything β€” embrace the SQL! (7 minute read)

Object-Relational Mappers (ORMs) are useful tools, but shouldn't be treated as the only way to interact with your database. The belief that ORMs completely eliminate the need to write SQL is misguided - SQL should be used directly to optimize your database interactions. Using techniques like projections that select only the necessary data can improve performance a lot.

"Insecure vibes" are a self-fulfilling prophecy (4 minute read)

Insecure vibes are subtle signals you may unintentionally emit when feeling anxious or uncertain. They can weaken your communication and interactions. These vibes manifest as overcompensating, defensiveness, or a lack of confidence, which are the very things you may be trying to hide. To combat insecure vibes, be mindful of your behavior and actively project confidence, even if you don't feel it internally.
πŸš€
Launches & Tools

Spice (GitHub Repo)

Spice is a runtime that provides developers with a unified SQL query interface to locally materialize, accelerate, and query datasets sourced from any database, data warehouse, or data lake.

Pragmatic drag and drop (Website)

A performance-focused drag-and-drop library that can be used to power experiences on any frontend stack.

Create Vue3 App (GitHub Repo)

This tool uses Vite to help you spin up a new Vue-based app using tools based on answers you give to a number of questions.
🎁
Miscellaneous

How GitHub replaced SourceForge as the dominant code hosting platform (12 minute read)

Before GitHub, sites like SourceForge and Google Code existed for hosting open-source software, but they lacked the social features and focus on Git that makes GitHub so useful. GitHub's focus on making collaboration seamless and social catapulted it to its dominant position. However, GitHub's market share might decline in the future as the market for code development tools matures and engineers demand more specialized tools for closed-source development.

Everything I know about the xz backdoor (4 minute read)

A sophisticated security attack compromised the xz compression library, a critical dependency of OpenSSH. The backdoor, introduced by a seemingly helpful new maintainer, allowed attackers to gain unauthorized access to affected servers. The backdoor was discovered by Andres Freund, a software engineer at Microsoft, when he found that SSH logins were using a lot of CPU power compared to normal.

Can Demis Hassabis Save Google? (10 minute read)

Demis Hassabis, the founder of DeepMind, is now tasked with keeping Google in the lead of the AI race. To succeed, Hassabis must translate DeepMind's research into tangible product improvements and convince Google to embrace potentially disruptive changes. If he is successful, DeepMind's focus on reinforcement learning could position the company well as chatbots evolve into autonomous agents that can take action in the real world.
⚑️
Quick Links

Code Smell 244 - Incomplete Error information (2 minute read)

Error messages should contain information needed to identify and fix the problem.

Guess My RGB (Website)

A fun game using RGB sliders to try to match the background color of the website.

Top 9 website performance metrics you cannot ignore (2 minute read)

To optimize website performance, focus on minimizing load time, time to first byte, request count, DOMContentLoaded, time to above-the-fold load, first contentful paint, page size, round trip time, and render-blocking resources.

I tested Claude 3 Opus on real Github issues (3 minute read)

Claude 3 Opus is able to generate a partially correct code patch in minutes.
Get our free, 5-minute newsletter read by 350,000 frontend, backend, and full stack developers
Join 300,000 readers for