Nginx doesn’t use SemVer but still does Odd-Even Versioning: odd-numbered releases are “development” and even-numbered are “LTS”. The significance of this release is that there is now a new stable LTS version that includes everything from the latest development branch.
Linux and GNOME used to do Odd-Even Versioning, but stopped many years ago. Other big projects that still do this are Node (major versions) and RHEL (minor versions).
In self-certification processes like the OIDC certification program, it's common for developers to certify their own software. This is because the process is designed for developers to evaluate their own implementations against the established standards and requirements set by the certification program.
Self-certification doesn't mean that the process lacks validity or rigor. On the contrary, it involves thorough testing and validation against industry standards to ensure that the software meets the necessary criteria for interoperability, security, and functionality.
If you're curious about the specifics of the process, you can find more information on the OIDC certification FAQ pages. These resources provide detailed explanations of the certification process, the criteria for certification, and the testing procedures involved.
AFAIK there's no "certifying body" that would be able to provide an external "certification".
In any case Filip Skokan has essentially made a career out of building open source OAuth stuff, so even if it's a bit humorous that he certifies his own stuff, it's likely that this implementation is one of the most compliant out there.
The following features are currently out of scope:
CommonJS
Can’t be the best if CJS support is not offered. I know everyone’s hot for ESM but the fact of the matter is that there is an endless supply of legacy projects that will never migrate to ESM. Deliberately eliminating huge swath of potential users is IMO hostile. Especially because there are tools like tsup that can cross build out of the box.
All target runtimes of oauth4webapi natively support ESM. Furthermore, experimental "require(esm)" is coming with Node.js 22 in the coming days, giving library authors such as myself even less of a need to bother with CJS targets, publishing, dual CJS/ESM hassles and more. See https://joyeecheung.github.io/blog/2024/03/18/require-esm-in...
Systemd also gives you cpu/memory limiting, file system isolation, locked down capabilities for the process, CPU affinity, can use different Node versions for different apps, etc. It removes the need for Docker for the vast majority of cases.
Systemd won’t do load balancing, but you should have nginx/caddy in front of Node anyway, and either will handle load balancing just fine.
Yep, systemd is an excellent and stable process runner - it can start your processes whenever, with dependencies (eg redis/pg), or on a flexible schedule etc.
This write up is very grounded and practical for bootstrappers. I’m in enterprise SaaS, but every point tracks 100%. The most painful lesson was that zero to one sales talent does not exist, and it’s all on you, dear founder.
It makes a lot more sense when you understand two things:
1) Untrained software engineers' unconscious inclination is to estimate the amount of time after which it's probably time to reassess, rather than complete.
2) The distribution of actual completion is not a normal distribution with respect to estimates of completion, it is log normal: there's a really really long tail.
Software is a kind of art. It's never finished, but abandoned. You can continue to polish the code without adding functions (or even fixing bugs), so yes, it can take forever.
OTOH, when you give that ~180%, you reach to a maturity level most of your users perceive as "done", so what's most developers are after is that point.
Then, there are passion projects, which go on for 30+ years (Vim, BBEdit, etc.), where people work on it because they love the project and they're able to.
*: BBEdit is closed source/commercial software, but it sells because it's well crafted. It's not crafted to sell well.
magic is the core detection logic of file that was extracted out to be available as a library. So these days file is just a higher level wrapper around magic
> increasing in-person collaboration in our hubs, and concentrating the time zones in which we operate
Massive turn-around since Brex declared themselves to be remote-first and said things like "Yes, employees can relocate permanently with Brex’s transition to remote-first" https://www.brex.com/journal/remote-first-at-brex
Linux and GNOME used to do Odd-Even Versioning, but stopped many years ago. Other big projects that still do this are Node (major versions) and RHEL (minor versions).