Best of The New StackJuly 2024

  1. 1
    Article
    Avatar of newstackThe New Stack·2y

    5 JavaScript Security Best Practices for 2024

    JavaScript applications face numerous cyber threats in 2024, including cross-site scripting (XSS), man-in-the-middle (MitM) attacks, and denial of service (DoS) attacks. Key security best practices include securing APIs, implementing Content Security Policies (CSP), input sanitization, and performing regular security audits. Tools like Snyk, ZAP by OWASP, and the Cypress Testing Framework are essential for maintaining robust security in JavaScript development.

  2. 2
    Article
    Avatar of newstackThe New Stack·2y

    How To Master JavaScript Performance Optimization

    JavaScript optimization is crucial for ensuring fast and responsive web applications. Techniques include measuring performance with tools like Chrome DevTools, implementing code splitting using dynamic imports and webpack, using lazy loading to defer nonessential resources, and leveraging web workers for heavy computations. Additional methods like minifying code, asynchronous loading, and using CDNs further enhance performance. Adopting these practices helps meet user expectations and improve overall user experience.

  3. 3
    Article
    Avatar of newstackThe New Stack·2y

    The Anatomy of Slow Code Reviews

    Slow code reviews are a common complaint among software developers due to various social and cultural factors. Identifying bottlenecks and optimizing the process through well-defined review guidelines, ownership, and iterative feedback can enhance code review times. Implementing review and revision SLOs, prioritizing code reviews, and using tools can further streamline the process and improve developer satisfaction. Encouraging manageable changes and recognizing the importance of cross-team reviews are also key strategies for improvement.

  4. 4
    Article
    Avatar of newstackThe New Stack·2y

    Linux: Understand sudo to Rule Your Server

    The post explains the importance of the sudo command in Linux for administrative tasks. It highlights the difference between sudo and su, the history of sudo, and details on how users can be added to the sudo or wheel groups depending on the distribution. Additionally, it describes how to configure the sudoers file using the visudo editor to set custom permissions.

  5. 5
    Article
    Avatar of newstackThe New Stack·2y

    Devs Need System Design Tools, not Diagramming Tools

    Engineering teams often face the XY problem when selecting tools for software system design, focusing on specific solutions instead of underlying issues. This results in fragmented approaches and significant inefficiencies. System design goes beyond diagramming and requires tools that support dynamic and continuous design processes, incorporating real-time updates, collaboration, and comprehensive system understanding. Modern software's complexity demands tools that facilitate visibility and understanding, surpassing the limitations of traditional diagramming tools.

  6. 6
    Article
    Avatar of newstackThe New Stack·2y

    Install the Webmin GUI Server Manager on AlamaLinux

    Learn how to install and configure the Webmin GUI server manager on AlmaLinux to simplify server management tasks. Webmin provides an extensive range of modules, from handling backups and user management to system logs and software updates. The tutorial covers prerequisites, updating AlmaLinux, adding the Webmin repository, installing Webmin, configuring the firewall, and initial login steps, including converting Unix users to Webmin users.

  7. 7
    Article
    Avatar of newstackThe New Stack·2y

    4 API Security Best Practices

    APIs are crucial to modern digital solutions, making API security a top priority. Key points include utilizing an API gateway to enforce policies and secure endpoints with HTTPS, and using access tokens like JWTs for robust authorization. These measures help mitigate common risks such as broken object-level authorization and unrestricted resource consumption. Implementing OAuth or OpenID Connect can enhance security further by centralizing the management of access tokens.

  8. 8
    Article
    Avatar of newstackThe New Stack·2y

    5 Creative Ways Developers Are Using AI

    Developers are leveraging AI in various innovative ways to enhance productivity and streamline tasks. Uses include AI-generated code testing and PR reviews, creating personalized learning paths, automating repetitive tasks, enhancing search tools for programmers, and generating documentation and data models. While the benefits are substantial, experts caution about potential downsides like data privacy concerns and a possible decline in code quality. Despite these challenges, upcoming tools like GitHub Copilot Workspace promise further advancements.

  9. 9
    Article
    Avatar of newstackThe New Stack·2y

    Poor Documentation Is Costly: Here’s How to Fix It

    Effective documentation may seem boring but is crucial for organizational success. Poor documentation can lead to wasted hours, reduced productivity, and employee frustration. It’s vital to regularly review and update documentation, use appropriate tools, and clearly outline essential processes. Investing in good documentation practices can significantly boost efficiency and job satisfaction.

  10. 10
    Article
    Avatar of newstackThe New Stack·2y

    The Python Linter Ruff Is a Win for Open Source — and Rust

    Ruff, a high-performance Python linter written in Rust by Astral Software, has quickly become a success story in the open-source community. Launched by Charlie Marsh, Ruff aims to consolidate multiple Python development tools into one fast and adoptable solution. With millions of downloads, it offers features like performance and auto-fixes, serving as a drop-in replacement for tools such as Flake8 and isort. Future plans for Ruff include advanced type inference and cross-file analysis. Astral Software continues to expand its toolkit, recently adding the uv package installer, also written in Rust.

  11. 11
    Article
    Avatar of newstackThe New Stack·2y

    Python Meets JavaScript, Wasm With the Magic of PythonMonkey

    PythonMonkey is a groundbreaking JavaScript runtime embedded within Python, built on Mozilla's SpiderMonkey engine, created by Distributive to cut code maintenance costs and bridge the gap between JS and Python. It enables cross-language functionality, letting developers leverage Python packages from JS and vice versa with minimal performance loss. Key features include native support for WebAssembly, a just-in-time compiler, and a runtime environment similar to Node.js. PythonMonkey also offers improved cross-language coercion, stack trace handling, and a better developer experience. The project’s goals include seamless integration of JS and Python libraries and offering a unified development environment.

  12. 12
    Article
    Avatar of newstackThe New Stack·2y

    Next.js 15 Cache, Rust Adds to AI Salaries, and Million.js

    Next.js 15 introduces significant changes to caching, requiring explicit opt-in for caching API fetches and database queries. Vercel's VP of Product Marketing, Lee Robinson, emphasizes improving the local development experience by making operations dynamic. Research indicates that skills in Rust can significantly boost AI-related job salaries. Additionally, Million.js, a minimalistic JavaScript compiler, offers a more efficient way to handle DOM updates compared to React, though it faces challenges like a steep learning curve and a smaller ecosystem.

  13. 13
    Article
    Avatar of newstackThe New Stack·2y

    How to Create a Python Executable File With PyInstaller

    Learn how to create an executable file from your Python code using PyInstaller. This guide demonstrates the necessary steps, including installation of Pip and PyInstaller, and provides detailed instructions for bundling your app into a folder or creating a single file executable. This method simplifies running and distributing your Python app across different machines.

  14. 14
    Article
    Avatar of newstackThe New Stack·2y

    You’ll Write Less Code With Svelte 5.0, Promises Rich Harris

    Svelte 5.0 promises to be more robust, reliable, smaller, faster, and flexible than its predecessor. It introduces fine-grained universal reactivity and maintains popular features like motion primitives, transitions, and server-side rendering. The compiler output is leaner, reducing bundle size. The use of Signals in Svelte enhances code readability and performance. The post also discusses the adoption curve of Signals and opinions on React Server Components, which help in colocating CSS, JavaScript, and HTML but introduce complexities in managing server and client components.

  15. 15
    Article
    Avatar of newstackThe New Stack·2y

    How To Test How Much Memory Your Java Application Uses

    Understanding a Java application's memory requirements is crucial for maximizing performance and minimizing operational costs. This guide shows how to use garbage collector (GC) logs to determine the necessary memory size. Key steps include simulating real-world loads, interpreting GC logs, and using tools like JMeter for load testing. Practical examples with the Spring PetClinic application and different Java runtimes are provided to illustrate the process.

  16. 16
    Article
    Avatar of newstackThe New Stack·2y

    Develop a Master AI Agent With LangGraph in Python

    LangGraph, a tool within the LangChain ecosystem, streamlines creating and managing AI agents. It uses states, nodes, and edges to manage complex workflows and interactions, making it easier to build advanced AI applications. The setup involves installing necessary packages and defining an AI agent's behavior using nodes and edges. An example scenario is provided for a customer support conversation using OpenAI's GPT-3.5-Turbo model. The tutorial provides step-by-step guidance, including setting up the environment, building the conversation logic, and running the simulation.

  17. 17
    Article
    Avatar of newstackThe New Stack·2y

    Zed Ported Its Text Editor to Linux and It’s Pretty Special

    Zed, a new text editor designed for Linux, promises speed and extensive features. Built by creators of the Atom editor and written in Rust, Zed offers impressively fast performance and unique real-time collaboration tools, including integrated chat and a feature termed 'multiplayer.' Additional functionalities include customizable UI, automatic language detection, and integration with GitHub Copilot. Zed aims to be more than just a text editor, catering to a community-driven development environment. It's available for both Linux and macOS.

  18. 18
    Article
    Avatar of newstackThe New Stack·2y

    Ansible vs. Salt: Which Is Best for Configuration Management?

    Salt is an open-source software application that offers robust solutions for configuration management, remote execution, and orchestration, making it highly effective for at-scale infrastructure management. Unlike Ansible, which uses an SSH-based, agentless setup that can be cumbersome at large scale, Salt employs a master-minion architecture using the ZeroMQ protocol for faster and more secure communication. Salt's modular and extensible design adds to its adaptability, making it a powerful choice for complex, large-scale environments.

  19. 19
    Article
    Avatar of newstackThe New Stack·2y

    Is GraphQL Over or Do We Just Need to Rethink It?

    GraphQL, developed by Facebook and open-sourced in 2015, has gained popularity for its flexible and efficient data query capabilities. However, its growth is now hindered by security, performance, and complexity issues. To ensure its future viability, the community may need to rethink how GraphQL is defined and implemented, leveraging it as a development tool and considering compiler-based implementations to overcome its current challenges.

  20. 20
    Article
    Avatar of newstackThe New Stack·2y

    How To Run Databases in Kubernetes

    Running databases in Kubernetes has been debated, as many prefer managed services for their simplicity. However, there are effective design patterns for running databases within Kubernetes by using node selectors, dedicated node pools, and Kubernetes operators like the Zalando Postgres Operator to ensure high availability and systematic recovery strategies. Employing taints, tolerations, and pod affinities can help manage resource allocation and data integrity. Although setting up may be complex, it can be more cost-effective and provide greater vendor agnosticism compared to managed services.

  21. 21
    Article
    Avatar of newstackThe New Stack·2y

    7 Urgent Lessons from the CrowdStrike Disaster

    The CrowdStrike disaster highlights critical lessons for IT and software management. Key takeaways include the dangers of relying on monocultures, the importance of quality assurance and staged rollouts, and the necessity of disaster recovery plans and enhanced monitoring. Implementing robust risk management strategies can help mitigate similar incidents in the future.

  22. 22
    Article
    Avatar of newstackThe New Stack·2y

    How to Work With Branches in Git and GitHub

    Learn to work with branches in Git and GitHub to safely make changes to your project and merge them back into the main branch. Understand the difference between Git and GitHub, and follow a step-by-step guide to create, manage, and merge branches effectively while avoiding common pitfalls like merge conflicts. Remember, never make changes directly on the main branch to ensure stability and consistency in your codebase.

See all The New Stack archives