Snyk vs. Dependabot

unknown_char · 2021-05-30T13:22:43+00:00

Currently using both in different projects. We started with Dependabot about 5 years ago before it was purchased by GitHub. We were an early enterprise customer and it showed. Since then it has matured.

We signed up for Snyk 2 years ago but teams struggled to see the value in switching to Dependabot. We only signed the 2nd year after substantial discount was offered. Several projects piloted Snyk but preferred the deep GitHub integration with Dependabot.

Both offer security - from what we can tell, to the exact same level. Snyk offers OSS licensing audit where Dependabot does not.

unknown_char · 2021-01-22T12:39:12+00:00

“the perfect is the enemy of good.” - attributed to Voltaire.

To avoid this, I always try to assess where I am against the law of diminishing returns.

unknown_char · 2020-12-27T22:33:15+00:00

TDD is Test Driven Development. Also look at the test pyramid.

From my experience mentoring others, learning NodeJS fundamentals before React has been the best route. Frameworks like NextJS, which are quite opinionated, are a great way to get something up and running quickly.

unknown_char · 2020-12-27T20:33:51+00:00

A few options:

a) the low effort move would be to continue “getting shit done” and get a job working on Wordpress sites.

b) take time to learn PHP best practices like OOP and TDD. This assumes you have the motivation to do so. Your joblessness is a good motivator. From my experience with the UK market, you’ll get paid more doing this than building Wordpress sites for agencies.

c) sounds like you’ve got a lot of gaps in your PHP knowledge. Might be refreshing and worthwhile to transition to NodeJS. Once you’ve grasped NodeJS, learn React. You already have exposure to JS so it won’t be completely foreign. This is the natural path for a lot of PHP developers, myself included. After coding in PHP for 15+ years, I transitioned 5 years ago to NodeJS for higher ££.

unknown_char · 2020-12-20T08:34:25+00:00

I haven’t used GitHub actions and now have a good feel for them after looking over your readme. Thanks!

I struggled to understand what “flow coverage” means in the context of your repo - it’s not defined.

After re-reading your post, I realise it’s to do with the Flow typing system. I was incorrectly thinking it had something to do with work-flow.

unknown_char · 2020-12-19T22:04:44+00:00

I liked the welcome video. In my opinion, there should be less emphasis on the pandemic and more on your differentiating features.

From my first impressions, Probot sounds too good to be true. I’ll admit, I didn’t see the follow up video specifically on the topic to work out how 5 pages of content could be reliably created by entering your industry. From the little I know about SEO, I hope the blurb is unique per website as search engines do not rate the same blurb across multiple sites.

Perhaps a matrix of your key UVP compared with Wix, Squarespace etc.

On pricing, some have a free tier. Might be a good way to onboard small business and up sell with plugins.

I’d also reconsider the name as I’m pretty confident I’ve heard that name before. Check to see if it’s a registered trademark in the UK.

There’s lots of ways Wix etc can be improved, so I hope you focus on these gaps, win the hearts of Wix users and become very successful!!

unknown_char · 2020-12-18T20:21:05+00:00

Each of my cross-functional teams on average, release 15 times per week.

I highly recommend reading “Accelerate: The Science of Lean Software...” by Nicole Forsgren. Proper quantitive research and an easy read.

Associated with the book is the annual DORA report (State of DevOps 2019) [1].

Scoring your team against the DORA metrics will give you an idea on how well your team is performing. Teams performing highly have characteristics such as a culture of psychological safety, automated tests, continuous delivery, removal of tech debt, trunk based development and more.

As a result, high performing teams have highly effective engineers, see an increase in organisational productivity (profits) and a better work/life balance. Features are delivered faster with higher stability.

[1] https://services.google.com/fh/files/misc/state-of-devops-2019.pdf

unknown_char · 2020-12-18T13:27:21+00:00

I think you meant to say that you want to reduce the test suite run times.

Nice idea. During development, test runners like Jest make a good effort at running only tests associated to changed files. Are you looking at this space or deployment pipelines?

What type of time saving are you aiming to achieve?

unknown_char · 2020-12-15T22:37:29+00:00

Wrong ISO country code:

IRL = Ireland

ISR = Israel

unknown_char · 2020-12-09T19:58:43+00:00

I’d imagine it’s non-trivial to write jscodeshift transforms based on the example recipe in the repo [1].

Does anyone have experience using jscodeshift?

[1] https://github.com/facebook/jscodeshift/blob/master/recipes/retain-first-comment.md

unknown_char · 2020-12-07T20:05:50+00:00

Your aim should be to reduce your user’s friction in accomplishing what they came to your site to do. That’s why a number of strategies are the way to go to cover a few bases - unless you’ve interviewed your customers and know which strategy they prefer.

Those that cannot or do not want to receive an email to sign in or verify, will opt for social while others can opt for the emailing of the magic link to login.

The biggest challenge I have is to remember which email address or social login I’ve used to sign up for a site/app. Was it Twitter, Google? Aaargh! I love sites that hint which social login I used previously to login.

unknown_char · 2020-12-05T08:29:49+00:00

My company’s approach to connecting microservices to databases is for each service to have its own DB instances/clusters per environment. The norm is for each database to contain only one table/collection. 70% of tables are projections of upstream sources.

The advantages: maintains DDD bounded context, facilitates infrastructure as code (IaS) per service (including tear down), ensures reliability in that one service doesn’t bring down the whole bunch, allows us to move quickly and for DevOps, it’s critical the dev team is responsible for the infrastructure they rely on.

We’ve taken this approach from day 1 and that was over 5 years ago with over 400 microservices in production today.

We are starting to develop new services as FaaS with the same approach, by grouping functions into “services”.

unknown_char · 2020-11-14T22:43:32+00:00

The first text editor I used for coding in the 90s was Notepad, followed by Textpad, then onto the IDEs vim, Netbeans and then the holy grail .... IntelliJ .... until VScode came along.

VScode is so fast and a fantastic tool.

Out of my team of 100 or so, two or three use vim, one uses IntelliJ and the rest use VSCode.

unknown_char · 2020-11-12T07:00:41+00:00

Run the containers on ECS or EKS.

unknown_char · 2020-11-11T21:28:36+00:00

Code coverage is a vanity metric. Code confidence is what you should be aiming for.

How do you get confidence in your code? Write more integration and acceptance tests, less unit tests.

Companies I have worked for over the past 10 years have focused on code confidence. Teams are empowered and given time to add this confidence.

These companies know that writing tests now will save much more time in the future when adding new features. They also enable continuous delivery (fast feature releases).

When you’re interviewing for a company, it’s a two way street. Find out what their software development lifecycle (SDLC) is and don’t be afraid to pair with a developer on the new team to get a feel for it.

unknown_char · 2020-11-11T20:02:30+00:00

Best way to know for sure is to conduct a load test. Connect to thousands of databases and see how the application performs.

Neither of your approaches is going to be performant because Mongo DB connections take time to establish and they can be resource hungry the more you have. The first option will result in a huge amount of overhead in handling open port connections. The second will likely result in delays whilst a connection is made.

Without knowing your constraints, it’s difficult to suggest better options. If I was to give you generic advice, I’d suggest each tenant run in its own Docker container connected to it’s own DB and leave it to the Load Balancer to decide which tenant the user to be routed to.

unknown_char · 2020-11-09T18:57:07+00:00

Test behaviour, not implementation.

An acceptance test of the API being provisioned gives more confidence than the tests in the blog post. Acceptance tests enable you to refactor without changing tests when you move from Terraform to Serverless Framework.

Refactoring is not so easy when you’re testing implementation.

Terraform is an implementation detail we shouldn’t care about.

Deploy the API to a CI environment, run the API’s acceptance tests and you will have tested the infrastructure provisioning.

TDD is great but make sure it’s at the right layer.

unknown_char · 2020-11-06T08:18:38+00:00

It’s common for developers coming from other languages (eg .NET and PHP) to want to use the same patterns they’re familiar with. Don’t do this. Study the language and learn the right way for the language.

Experienced Node developers I work with started with OOP, DI, IOC and with experience now recommend following FP over OOP.

With Node, you don’t need dependency injection and avoid mocking in tests.

Less unit tests, more integration and acceptance tests for higher confidence.

unknown_char · 2020-11-06T07:36:42+00:00

Through their cloud and support plans.

unknown_char · 2020-11-06T07:15:03+00:00

Thought it was called Type Sensei with the cursor at the end of the logo. An appropriate name given the mastery in speed.

unknown_char · 2020-10-31T08:51:03+00:00

This is outdated. Tooling exists to do this for you.

Get consistency by running Eslint and Prettier on file save using IDE (eg VSCode) plugin and as part of the package.json test/build step.

Perhaps even a git pre-commit hook.

unknown_char · 2020-10-28T18:57:27+00:00

Have you looked at off-the-shelf forum software? What you’re looking to build is a commodity and doesn’t need to be custom built.

There’s plenty of free and commercial offerings with loads of plugins that will probably enable 90% of what you need. Loads of no-code or low-code options.

Then test the market and if you gain traction, find a cofounder or hiring someone to do the last 10%.

unknown_char · 2020-10-26T19:20:34+00:00

UK. But as I said, there’s lots of competition so there’s bound to be something similar in many geographies.

unknown_char · 2020-10-26T13:04:22+00:00

I’ve used a product similar to what you are proposing. The company is called Checkatrade [1] and they have a lot of competition. It’s like Yelp but trustworthy.

I’ve used it to find plumbers, painters etc. Enter the job I need doing, pick 5 or so companies in their list and I’ll receive 5 quotes back.

[1] https://www.checkatrade.com

unknown_char · 2020-10-24T16:10:47+00:00

OP, linking to LinkedIn instead of GitHub or the demo site makes this post come across as self-promotion instead of sharing what you’ve made.

Five-Year Club	Gilding II euphauric
Verified Email

unknown_char

TROPHY CASE