Scaling Teams, Supply Chain Attacks, and Battling Cold Weather in EVs

Author

Chris Lojniewski
March 27, 2024

Hi there!

After Devin’s AI introduction, we all want to keep an eye on the AI development movement. So to stay in the loop I added some interesting things like AutoDev and OpenDevin.

But you will find more interesting topics below, like something anyone can face: an “incompetent” mentee. And of course a dive into leadership and the need to take the risk.

Like always I prepared some tech “snacks”: Automated DevSecOps CI/CD Pipeline for Secure Node.js App Deployment, and a comparison of Next.js and Astro!

So, let’s jump right in, ready to learn, and maybe even change our minds.

Catch you inside!

Last week's newsletter had a 34.1% open rate. The most-clicked link was Ditching Task Estimates to Build a Faster Team.

In The Queue Today

  • Scaling Without Hiring, Derisking Leadership, and Fake Python Infrastructure Attacks

  • DuckDB's JSON Parsing Power, Mini AgentDev Roundup, and Next.js vs. React Fundamentals

  • Tortoise: Kubernetes Auto-Scaler, Glassdoor's Trust Violation Warnings, and Lapdev's Global Development Environment

  • And, putting batteries in the microwave

Reduce Friction

Source: Checkmarx

How to Scale Your Team With Team Augmentation

Growth is a sign of success, but also a significant challenge, especially when it comes to identifying and retaining talent. Here are some ideas for scaling a team without adding FTEs.

From Tech Lead to Team Lead

The transition from hero dev cranking code to a force multiplier for the entire team is not an easy one. Caleb Mellas shares lessons learned from his journey from tech lead to team lead.

Ex-Technology Companies

A number of companies are losing their "technology company status". This is creating a new kind of company where employees, and investors think of themselves as being in a technology company, but where the company itself is no longer able to effectively provide that experience to employees, or valuation to investors.

Over 170K Users Affected by Attack Using Fake Python Infrastructure

We're React developers, but sophisticated supply chain attacks like this one affecting Python users highlight a risk faced by all who rely on open source software. In this attack, the threat actors used multiple tactics, techniques, and procedures, including account takeover via stolen browser cookies, contributing malicious code with verified commits, and publishing malicious packages to PyPi registry.

Frustrated With Your "Incompetent" Mentee?

Learn a framework to help your mentees overcome challenges and grow as engineers. Reinforces the importance of thoroughly assessing the situation, providing actionable suggestions, and tracking progress when mentoring others.

Deepen Your Expertise

Source: OpenDevin

Astro vs Next js

Discover the key differences and best use cases for Astro and Next.js web frameworks. Learn how Astro prioritizes static websites with minimal JavaScript, while Next.js shines for dynamic, interactive applications built with React.

pagepro.co/blog/astro-nextjs

DuckDB as the New jq

DuckDB can natively read and parse JSON as a database table, among many other formats. The only tricky part is querying nested JSON with the ->> operator.

Mini AgentDev Roundup

Cognition's Devin has driven a lot of discussion and speculation. Here's a quick mini roundup of a few recent agentic development happenings.

Automated DevSecOps CI/CD Pipeline for Secure Node.js App Deployment

Discover how to set up a robust DevSecOps Jenkins CI/CD pipeline for a secure Node.js app deployment. Gain hands-on experience integrating code quality analysis, security testing, and Docker image scanning to ensure top-notch quality and security throughout the development lifecycle.

How Next.js Breaks React Fundamentals

Discover how Next.js compromises React fundamentals for performance gains. This article provides practical examples that demonstrate the negative impact on developer experience, and proposes a better approach that automatically deduces component runtime environments based on the dynamic features used.

Increase Scalability

Source: Lapdev

mercari/tortoise

A cool Kubernetes auto-scaler project. With minimal configuration, Tortoise unleashes clever historical data utilization to manage autoscaler parameters, making life easier for both platform teams and service owners.

Glassdoor's Trust Violation Is Just the Start

The tone is panicky, but the underlying message is a good reminder: it's easy to leak user data accidentally, or as a second-order effect of something benign. The author is selling a related service, but the post provides a helpful reminder to be vigilant in our development process.

lapce/lapdev

Lapdev is a self-hosted remote development environment management system designed for seamless scaling from a single machine to a global fleet of servers. Leveraging the Devcontainer specification, it enables defining development environments as code, ensuring consistency, and accelerating onboarding.

Protecting AI Apps From Bots and Bad Actors With Vercel and Kasada

A helpful walkthrough of using Vercel's Next.js Middleware and Kasada to keep malicious actors/bots from running up large AI inference bills.

Just Cool

Source: Prescouter

Can EV Batteries Keep Up With the Cold? The Latest Breakthroughs and Advances

Cold weather diminishes the distance an EV can travel on a single charge. Here is a cool overview of new tech that addresses this challenge. Yes, one involves microwaves.

What did you think of today's email?

Your feedback helps me create better emails for you!

Login or Subscribe to participate in polls.

If you’re reading a forwarded version of this newsletter and would like your own subscription, head over to frictionlesspost.com and sign up there.