HackerTrans
TopNewTrendsCommentsPastAskShowJobs

joeldrapper

no profile record

Submissions

I made a better DOM morphing algorithm

joel.drapper.me
96 points·by joeldrapper·8 miesięcy temu·56 comments

[untitled]

1 points·by joeldrapper·10 miesięcy temu·0 comments

comments

joeldrapper
·3 miesiące temu·discuss
They’re in age order and age 15 starts at about a quarter of the way down.

Shame on the flaggers.
joeldrapper
·4 miesiące temu·discuss
That’s what it looks like to me, but I haven’t yet seen a good explanation of their motive. Why would the development of `rv` be such a threat to them?

I know specific individuals hate Andre and have had beef with him for years, but it’s hard to see what might have motivated Shopify and specifically Ufuk Kayserilioglu to carry this out.
joeldrapper
·4 miesiące temu·discuss
sad but true
joeldrapper
·4 miesiące temu·discuss
Some estimates are about two million but I think that’s an extremely loose definition of Ruby Developer.

I run rubyschema.org which maintains the rubocop JSON schema that’s pulled via schema store. I can see there are about 21k unique downloads each month, which I think is a pretty reasonable lower bound.

Most text editors will pull this schema when opening a project with Rubocop.
joeldrapper
·4 miesiące temu·discuss
> Ruby Central’s actions during this period were taken in response to a breakdown in a working relationship with an individual who had significant access to infrastructure and code.

This is the first time they’ve actually admitted that this was all about Andre.

> At the time, we believed a serious risk had been introduced to RubyGems and related services.

This doesn’t add up. Access was revoked and then temporarily restored. Nothing about this was mentioned in the meeting that took place before the access was removed again. See https://archive.org/details/gmt-20250917-160422-recording-64...

And what’s more, they didn’t even try to remove Andre’s access to AWS until he told them to.

> As stewards of services relied upon by millions of developers, we took that risk seriously and made the decision to act quickly to protect that infrastructure.

That’s not what Freedom said. Freedom said they needed to act quickly or lose funding.

https://apiguy.substack.com/p/a-board-members-perspective-of...

> A full, independent security audit has now been completed. The review was ultimately inconclusive because key logs required for a complete analysis were no longer available. We recognize that this creates continued uncertainty.

This makes it sound like there was some big security incident that they had to respond to. What actually happened is they forgot to remove Andre’s access to AWS and he told them and then they removed it. That’s it.

> Our intent was to stabilize a situation that was quickly escalating to work toward an amicable resolution.

If you watch the meeting (linked above) it’s clear that’s not what they were doing. This is a new spin they’ve come up with to justify it.

> Ruby Central did not initiate litigation and has consistently sought a path that would allow the community to move forward without prolonged conflict.

That is not what I’ve heard, but I’ll wait for others to post details of what’s happening in this space.

> At the same time, we recognize that aspects of how this situation was handled and communicated did not meet the expectations of the community.

They keep trying to admit fault in communication as if communication was the problem in an attempt to distract us from the fact they literally stole open source projects in a hostile GitHub takeover and used their privileges as administrators of RubyGems.org to take over the `bundler` package.
joeldrapper
·8 miesięcy temu·discuss
It can be a mistake though to assume that the DOM hasn’t changed since it was rendered. Browser extensions, ad blockers and other JavaScript can modify the DOM.

I know it’s more expensive, but it’s like 1ms to render a document on the server and 3ms to morph it in the client. If you keep an SSE connection open, Brotli compression is very effective when you send almost the same HTML again and again.
joeldrapper
·8 miesięcy temu·discuss
I don’t hate SPAs, I just think some apps are better off being MPAs. I wouldn’t build a todo list app as an MPA. But many apps really are just CRUD forms and tables.
joeldrapper
·8 miesięcy temu·discuss
Thank you so much. Please ping me if you have any questions about these techniques. I’m `joeldrapper` on Discord and GitHub.
joeldrapper
·8 miesięcy temu·discuss
I enjoy writing mostly SSR apps with just a few specific Svelte components mounted as custom elements. It works really well.
joeldrapper
·8 miesięcy temu·discuss
My specific use case was building a form where each change to an input would fetch a new copy of the form from the server and morph it in place.

It means the server-side code can be really simple. You can make parts of the form depend on the values of other parts. For example you can show/hide a section based on a checkbox or fill a select with options based on a previous selection.

Because it was a form, it was really important to maintain object identity and state perfectly so the user would not be interrupted.
joeldrapper
·9 miesięcy temu·discuss
Incredibly mature response, turning the other cheek.
joeldrapper
·9 miesięcy temu·discuss
I’m not talking about who wrote the code. Hundreds of people wrote the code, that’s not particularly relevant. I’m talking about who had maintainership of the code and how those maintainers had agreed to govern the project.

What was your maintainership status when this all kicked off? Were you one of the owners removed by HSBT?
joeldrapper
·9 miesięcy temu·discuss
I believe the quote pulled from my article is true. Freedom’s original article lines up with what other people told me. I know he’s tried to retract it, but I don’t trust him to be truthful in this matter. He has lied about other things like the takeover being necessary for security.
joeldrapper
·9 miesięcy temu·discuss
Ruby Central is making legal threats to its critics, so I hope you can see why people don’t feel safe to come forward on the record.

I can tell you that two people with direct knowledge of the situation told me that Shopify demanded that Ruby Central take full control of the RubyGems GitHub organisation and packages.

You can believe that I am lying if you want. But I can’t directly cite my sources in this case.
joeldrapper
·9 miesięcy temu·discuss
So it’s okay for Matz to get HSBT to steal people’s open source projects? What if Matz sponsors stole Ruby from him? WTF?
joeldrapper
·9 miesięcy temu·discuss
These projects were not Ruby Central’s in the first place. They were stolen for Ruby Central by a Ruby Core insider, HSBT. This is horrible news.

They were stolen from André Arko, Colby Swandale, David Rodríguez, Ellen, Josef Šimánek, Martin Emde and Samuel Giddins.
joeldrapper
·9 miesięcy temu·discuss
I believe the CDN is provided for free by Fastly. Not sure about other funding at the moment.
joeldrapper
·9 miesięcy temu·discuss
How does `.coop` get used for spam when you need to prove you’re an actual cooperative to get one?
joeldrapper
·9 miesięcy temu·discuss
Yes, I will be one of those people.
joeldrapper
·9 miesięcy temu·discuss
Only “minor” because they were in fact wrong about André being a risk. Had he been a real risk, this would have been about as major as it gets. They left him with root production AWS console and full production database access.

Fortunately he’s a standup guy and not a real security risk, so he emailed them immediately to let them know.