Dev Digest 122 – Cracks in the polyfill

Hello and join me to learn about removing malicious code, what the web is up to and why there are some cool new careers in AI.

News and articles

First things first: if you use Polyfill.io delete it immediately from your server! The – by now pretty unnecessary library – has been acquired and is used in a supply chain attack that affected 100K+ sites injecting malware. This has been warned about some time ago by the original creator, but now it hit the fan.

In a related discussion, Tim Perry deemed public CDNs as “useless and dangerous” and Sung Kim thinks programmers should not trust anyone including themselves. The question really is about longevity. How long is the great helper tool that promises you to use tomorrow’s features today safe or sensible to use? And – does it matter how big and important the tool is at the time? As an example, Google just put Material Web Components in maintenance and I remember those being “safe to use for now and later to build great apps” when they came out.

Talking about the web, the state of JS results are out and Patrick Brosset did a deep-dive analysing the State of HTML 2023 results.

The AI scraper discussion is also far from over as AI companies bypass web standard to scrape publisher sites as reported by Reddit and verified by other sources. It is tricky as you want to support search bots but not scrapers…

The Internet Archive was forced to remove 500k books, which is understandable, but there is a big group of people who can only read them there as other book display sites are inaccessible. Google has an interesting take as they donated $5 million to create inclusive tools and educational programmes. So, if you want to do some good and get
some money, why not fix those ePUB/PDF displayers?

Code and Toolsarticles

Today I got two CODE100 challenges for you – solving one gets you A VIP ticket to our World Congress and the other is a test for people to become challengers in the final of CODE100 at the same event. So, on your keyboards, get, set, go!

VIPs wanted – solve the Twilio CODE100 challenge!

code100-black

My company partnered with Twilio to give you a new CODE100 puzzle to solve. Check the
README and submit your solution for your chance to win your  WeAreDevelopers World Congress VIP ticket worth > 1000 Euro!

Join the other finalists in the CODE100 live event in Berlin<

Check out the 100 hits challenge to show us that you got what it takes to compete alongside the winners of CODE100 Zagreb, Amsterdam and Manchester. Apply now!

solved-puzzle

Other code news: GitHub Copilot in the CLI is now generally available! I’ve been using the preview for quite some time and it is amazing. Ask for a shell script, see it and run it immediately. Together with thef*ck, it is command line magic.

Leah Verou has naughty hacks to fake inline conditionals in CSS, there’s a gallery of CSS Toggles but Adrian Roselli warns about under-engineered toggles.

In bonkers code news, you can use AI to drop hats on people and llama.ttf is a font file which is also a LLM and an inference engine for that model
(what?).

Some tools for you:

Videos

Francesco Ciulla - Building an AI language app at World Congress 2024

We sat down with Francesco Ciulla ahead of his appearance at the World Congress in Berlin later
this month. We talked about public speaking, why he’s gone all in on Rust, and what we can expect from his
session. See his answers

Other videos of note:

Work and Jobsarticles

A lot has happened in the job world, the OpenAI CTO says AI kills unnecessary creative jobs but this hits freelancers hard. The CEO of Anthropic questions universal basic income as a fix for job losses and half of Dell workers chose to work remote, even though it means no
promotions. Shawn “swyx” Wang sees new use cases and careers in AI, Stack Overflow explains that real 10x developers makes their whole team better and there is a spicy take on tech hiring.

Procrastination Corner / Wonderful Weird Web