The Stack Overflow Podcast

Why has this empty NPM package been installed 700,000 times? We’ve got the answer for ya.A nice article and podcast on flow state, including the claim that 23 minutes is the magic number of minutes it takes to find your flow.Thanks to our Lifeboat badge winner of the week, Manjusha, for explaining how to: Parse a pipe-delimited file in Python

Vercel is a developer-first, frontend-focused platform. Together with Google and Meta, Vercel built Next.js, an open-source React framework that helps developers build high-performance web experiences with ease.PlanetScale is a MySQL-compatible serverless database platform that enables infinite SQL horizontal scale.Tools like Webflow and Squarespace have made web development accessible for casual programmers, but what does this mean for professional developers?This week’s Lifeboat badge goes to user Michael Thelin for their answer to How can I play a Spotify audio track with Python?.Find Guillermo on LinkedIn here.Find Sam on LinkedIn here.

Once a company reaches a certain size, their customers might start asking for proof that it has good security and data habits. They want to know if there’s a business continuity plan in place in case disaster strikes. For many companies, formalizing this proof means submitting to an auditing process known as SOC 2. If you’re a developer at one of these companies, particularly if you provide or use SaaS applications, you’ll end up having to implement the controls these audits require. On this sponsored episode of the podcast, Ben and Ryan talk with James Ciesielski, CTO and co-founder, and Megan Dean, information security and risk compliance manager, both of Rewind. We talk about how you can prep for and successfully get through a SOC 2 audit, how backing up your SaaS data can provide business continuity, and the benefits of establishing a relationship with your auditor. A SOC 2 report shows your customers the level of security controls that you have in place. It’s based on the auditing standards set by the American Institute of Certified Public Accountants. You tell them what controls you have in place and they verify it. Once a company starts attracting enterprise-level customers, a SOC 2 becomes a must-have. Companies perform SOC 2 audits using a variety of tools: sometimes it’s purpose-built SaaS tools; sometimes it’s a cascade of spreadsheets. Ultimately, what’s important is providing an audit trail for your controls, a record that proves that your security does what you claim it does. Trust, but verify. The process can grow complicated, as companies can have 100 to as many as 300 SaaS applications running in their business. That’s a lot of important business data on someone else’s cloud. Many of these SaaS applications operate data on the shared responsibility model: they ensure the service is available and secure, and you ensure that your data is accurate and secure. A key part of these security controls is disaster recovery and business continuity. Imagine that you’re using a SaaS application to track your audit process. What happens if a disgruntled employee wrecks your data, or your cat walks over your keyboard, hitting just the right combination of keys to delete something important? Or what if you unwittingly get flagged on a T&C violation and get deplatformed? Your audit trail could be lost if you haven’t upheld your end of the shared responsibility model and backed up your data. Ultimately, having experts who know the process can help. Your auditor, too, can be a resource, so get to know them. They want you to succeed. They want to help you improve your audit process because it makes their lives easier.

Geriatric millennials unite.Learn more about GitHub’s move to put prebuilt Codespaces into public beta, plus check out CodeSandbox, home of self-proclaimed lazy developers.Meanwhile, in blockchain: Polygon, a solution designed to expand transaction efficiency and output for Ethereum, raised $450 million “to consolidate its lead in the race to scale Ethereum.”Is Decentraland the most annoying blockchain project? The competition is fierce.The 2022 Java Developer Productivity Report found that microservices and CI/CD are decreasing developers’ productivity, not increasing it. The team talks through what that means.This week, Ben recommends the book Appleseed by Matt Bell, Cassidy recommends the productivity app Centered, Adam points listeners to Unix-like operating system SerenityOS, and Ceora shouts out Tanya Reilly’s talk-turned-blog-post Being Glue.Find Adam on LinkedIn here.

Danielle’s path to software engineering began when she was accepted into MIT’s Women’s Technology Program, an education and mentorship opportunity for high schoolers interested in engineering or computer science. She later earned her CS degree from MIT.Danielle’s first role out of college was a junior developer working on Meteor, a full-stack JavaScript framework that was just starting a GraphQL project they called Apollo. She tells the team how Meteor started looking at GraphQL and how that became Apollo.If McDonald’s is a REST API, then Chipotle is GraphQL. Think about it!Find Danielle on LinkedIn here.This week’s Lifeboat badge goes to user torek for their answer to Why doesn’t Git natively support UTF-16?.

The team pays tribute to Microsoft’s Visual Studio, an IDE and source code editor that turns 25 this month.Read Simon Willison’s article on how companies can financially support the open-source contributors they rely on. Learn more about open source’s diversity problem, and how to address it, here and here.Why are K-pop NFTs so unpopular with fans? The Atlantic digs in.ICYMI: Listen to our conversation with HashiCorp cofounder Mitchell Hashimoto: Moving from CEO back to IC.

David is a CS major who worked in Apple’s music group in the 90s and went on to become CEO of eMusic in the aughts. At Venrock, David invested in early-stage crypto, consumer, and enterprise tech companies. He was early to crypto as a node maintainer on the Bitcoin blockchain and an Ethereum miner, setting up a rig in his basement several years ago.At CoinFund, he focuses on early- and growth-stage crypto and blockchain companies and technologies like Upshot, a platform for crowdsourced NFT appraisals, and Rarible, a digital art NFT platform.ICYMI: Listen to our episode Web3 won’t save us.This week’s Lifeboat badge goes to user M-M for their answer to Find the area of an n-interesting polygon.

Learn more about GitHub’s ​​machine learning-based code scanning, which finds security issues before they make it to production.Google invests $100 million in a skills training program for low-income Americans. Is there a catch?Take2 is a New Zealand program that teaches incarcerated people to code: building marketable skills, opening up employment opportunities, and dramatically reducing recidivism. At the time of writing, Take2 has a 100% success rate in preventing recidivism.We have two Lifeboat badges this week: Varad Mondkar, for answering How does the app:layout_goneMarginLeft and its variants affect the view arrangements in constraintlayout?, and Eugene Sh., for answering What is this “a.out” file and what makes it disappear?.

Expensify is an expense management solution that integrates with your travel, ERP, and finance/accounting software. Check out their full list of integrations.Expensify engineers rely on Stack Overflow for Teams to make knowledge accessible and shareable, rather than wading through swathes of documentation. Read the case study.Flat organizations like Expensify have minimal or no middle management, meaning there’s no management layer between staff and executives. A similar model for decentralized management is Holacracy.Find David Barrett on LinkedIn here.

Ceora shouts out Mermaid, a JavaScript-based diagramming and charting tool that creates diagrams dynamically based on Markdown-inspired text definitions. Coinbase’s bouncing QR code ad proved so popular it crashed the app. Considered passé pre-pandemic, QR codes have obvious value now: they’re touch-free, easy to scan, and ubiquitous. (Just don’t call it a comeback.)In preparation for his move from New Zealand to Canada, Matt is overhauling his hardware and transitioning to an M1 MacBook Pro for performance and efficiency.Speaking of hardware, Intel is buying Israeli chipmaking company Tower Semiconductor for $5.4 billion to build out its Intel Foundry Service division, launched last year to build chips for other companies.This week’s Lifeboat badge goes to user Basile Starynkevitch for their answer to the question Can you make a computed goto in C++?