Home / Companies / Semaphore / Blog / February 2023

February 2023 Summaries

9 posts from Semaphore

Filter
Month: Year:
Post Summaries Back to Blog
Trunk-based development is a software methodology that emphasizes maintaining a single source of truth in the code repository, known as the "trunk," to enhance software delivery speed and quality. This approach contrasts with other branching strategies by using short-lived branches that are frequently merged back into the trunk, reducing merge conflicts and improving collaboration among developers. It relies on practices such as continuous integration, automated testing, and feature flags to enable rapid and reliable code changes. Organizations like Google and Netflix have successfully implemented this methodology, benefiting from streamlined workflows and faster deployment cycles. However, transitioning to trunk-based development requires careful planning and gradual implementation, as it necessitates changes in team communication, code ownership, and feature management. The methodology also emphasizes reducing technical debt and ensuring code quality through systematic processes and automated tools. While it offers significant advantages, the suitability of trunk-based development depends on the maturity and structure of the development team and organization.
Feb 28, 2023 2,660 words in the original blog post.
Semaphore has introduced new Startup and Scaleup plans to offer enhanced features and flexibility previously exclusive to their Enterprise plan, catering to smaller, growth-focused teams. These plans introduce a per-seat fee structure, providing access to advanced features such as new cloud machines with increased RAM and disk space, self-hosted agents for customizable environments, and tools for performance metrics and deployment controls. The Startup plan, which replaces the older Standard plan, offers extensive build capabilities at a competitive starting price, with a usage-based pricing model that scales with team needs. Meanwhile, the Scaleup plan, an enhancement of the Enterprise plan, includes monthly credits for resources and usage, with the flexibility to adjust expenses based on business requirements. Both plans emphasize enterprise-level security and customization through add-ons, with the Scaleup plan offering additional benefits like unlimited parallelism, priority support, and a dedicated customer success manager. Current users can choose to stay on existing plans, but new organizations must select from the new offerings.
Feb 23, 2023 769 words in the original blog post.
Chandler Carruth, at CppNorth 2022, introduced Carbon Language as an experimental successor to C++, addressing the limitations of modernizing C++ due to its accumulated technical debt and the community's priority on backward compatibility. Carbon aims to enhance interoperability with existing C++ code while focusing on performance, simplicity, safety, and scalability. Unlike garbage-collected languages, Carbon does not compromise on performance, and although Rust is a viable low-level language option, its integration with existing C++ ecosystems can be challenging. Carbon is designed to be adopted alongside existing C++ codebases, optimizing the learning curve and supporting migration with improved tooling such as compilers, formatters, and IDE support. The language emphasizes simplified syntax and reserved words to improve readability and tooling efficiency. While still experimental, Carbon's roadmap indicates a potential release by 2025–2026, drawing parallels with successful successors like Swift and Kotlin, and aiming for wide adoption among companies looking to address C++’s existing challenges.
Feb 23, 2023 1,691 words in the original blog post.
Leadership is defined not by titles but by actions and qualities that inspire respect and admiration, particularly in a software development context where technical skills must be complemented by strong team management abilities. Key actions for effective leadership include prioritizing team members by actively listening to their ideas and providing support, clearly communicating and aligning the team with shared values and objectives, recognizing and celebrating excellence to boost morale, and ensuring regular, clear communication to maintain transparency and accountability. Leaders should also be decisive, delegate responsibilities to foster growth and specialization, and cultivate mutual respect to build a positive and collaborative environment. Motivating team members to improve their skills enhances productivity and software quality, while maintaining momentum through cycles of change is crucial for sustaining progress. Ultimately, successful leadership focuses on the collective success of the team, fostering a culture of shared responsibility, open communication, and continuous improvement.
Feb 22, 2023 2,125 words in the original blog post.
Govulncheck is a newly introduced official vulnerability scanner for Go projects, designed to outperform third-party tools by providing warnings about known vulnerabilities in Go modules and the standard library. Released by the Go security team in September 2022, this open-source command-line tool leverages a curated Go vulnerability database to deliver smart, comprehensive, and official security assessments. Unlike other tools, govulncheck provides warnings only for vulnerabilities in code actually used by the project, reducing noise compared to tools like npm audit, which scan only package manifests. The database integrates multiple sources, including internal reports, the National Vulnerability Database, and GitHub Advisory Database, and is expected to become part of the Go distribution itself. Despite being experimental, govulncheck can be integrated into CI/CD pipelines to enhance security by preventing the release of vulnerable software. However, it has some limitations, such as issues with projects using C extensions and high memory usage in large projects. Its integration into the CI pipeline enables teams to detect and address security issues proactively, ensuring safer software releases.
Feb 16, 2023 1,572 words in the original blog post.
React Native's growing popularity for building enterprise applications has heightened the focus on security due to its open-source nature, which makes it more susceptible to vulnerabilities. Key security measures include ensuring secure network communication via SSL pinning to protect against man-in-the-middle attacks, securing stored data on devices using tools like React Native MMKV and Encrypted Storage, and obfuscating JavaScript code to make it harder for attackers to understand and exploit. Additionally, protecting against SQL injection by validating user input, segregating authenticated from public parts of the application using tools like React Navigation, and employing Static Application Security Testing (SAST) tools such as SonarQube and Checkmarx are crucial. Regular checks for vulnerabilities in third-party libraries, detecting jailbroken or rooted devices, and preventing app tampering with tools like React Native SafetyNet are essential. Proper app distribution and signing through official channels, alongside securing the CI/CD pipeline, are vital to ensuring comprehensive security for React Native apps.
Feb 15, 2023 2,254 words in the original blog post.
Neon is an innovative, open-source alternative to traditional relational databases such as AWS Aurora or Google's Cloud SQL for Postgres, offering a serverless, scalable implementation of PostgreSQL. Launched in June 2021, Neon leverages a unique architecture that separates compute and storage layers, with the compute layer running stateless PostgreSQL on Kubernetes and the storage layer handling transactions and data persistence. A standout feature of Neon is its branching capability, which allows for the creation of writable branches similar to Git, facilitating experimentation, database migration testing, and analytics without affecting the main database. Although currently in a free technical preview with limitations like a single project per user and a branch size cap of 3GB, it provides unprecedented flexibility in database management. Neon's branching functionality offers significant potential for development and database management, as it allows developers to perform tasks such as automated testing and safe migration in isolated environments, a capability not easily achievable in traditional database engines.
Feb 14, 2023 2,155 words in the original blog post.
Ruby's 3.2 release introduces support for WebAssembly (Wasm), expanding its potential use beyond traditional backend applications. Wasm is a binary instruction format designed to run applications at near-native speeds on any modern browser, offering portability and security through a sandboxed environment. This update allows Ruby code to be executed directly in browsers, eliminating the need for a backend and making it possible to deploy Ruby applications across various platforms, including embedded devices and serverless functions. While the Wasm ecosystem is rapidly evolving, current limitations such as the lack of thread support and network access, as well as challenges with memory management, mean that Ruby's use with Wasm is still in its infancy. Despite these challenges, the integration of Ruby with WebAssembly presents exciting opportunities for developers to explore new domains like edge computing and serverless architectures, marking a significant step forward in making Ruby a more versatile language.
Feb 09, 2023 1,301 words in the original blog post.
Release managers and product owners face the challenge of making a strong first impression with their software, emphasizing the importance of quality and polish before a product reaches users. The process at Semaphore is divided into three stages: design and development, technical preview, and general availability (GA) release. Each stage is governed by a set of tasks known as Definition of Ready (DoR) and Definition of Done (DoD), which ensure the product is thoroughly prepared and reviewed. During the technical preview, selected users provide feedback on the product, allowing for improvements before general availability. GA release marks the product’s full availability, with the expectation that any issues have been addressed to minimize disruptions. Throughout this process, documentation, performance metrics, security assessments, and user feedback are crucial to a successful release, underscoring that the real challenges of software development often emerge post-coding.
Feb 02, 2023 1,692 words in the original blog post.