Discord reduced its websocket traffic by 40% through two key
optimizations. It first replaced its existing compression algorithm,
zlib, with zstandard

Sign Up [1] |Advertise [2]|View Online [3]

TLDR

TOGETHER WITH [Clerk] [4]

TLDR WEB DEV 2024-09-23

BUILDING SESSION MANAGEMENT IN NEXT.JS FROM SCRATCH: HOW TO KEEP YOUR
USERS LOGGED IN (SPONSOR) [4]

Session management is a concept that flies under the radar in most applications, but it has a crucial role to play: keeping users
securely logged in when they use different tabs or devices (imagine
life without that!).

Because session management is often abstracted away by auth libraries,
many developers are fuzzy about the details. How do you actually know
where a session starts, and when it ends?

In this blog post, the Clerk team details the step-by-step process of
building session management in Next.js [4], without using any
authentication library. Read [5] the blog [4] to understand what's
happening under the hood!

¨¨

ARTICLES & TUTORIALS

HOW DISCORD REDUCED WEBSOCKET TRAFFIC BY 40% (17 MINUTE READ) [6]

Discord reduced its websocket traffic by 40% through two key
optimizations. Firstly, it replaced its existing compression
algorithm, zlib, with zstandard, achieving higher compression ratios
and shorter compression times. It further improved performance by
implementing streaming compression for zstandard, allowing it to
utilize historical data for better compression of small payloads.
Secondly, it introduced Passive Sessions v2, which only sends updates
about changes in server information instead of sending complete
snapshots.

ONE YEAR OF RUST IN PRODUCTION (10 MINUTE READ) [7]

This developer found that Rust's type-safety and compile-time checks
led to a smooth transition to production without major issues. After a
year, they reflect back on how it's going. They find that Rust's long
compile times, particularly with macro-heavy libraries, necessitate a
different development workflow. At the same time, Rust is still
satisfying to use and will continue to be used in production.

GAINING ACCESS TO ANYONE'S BROWSER WITHOUT THEM EVEN VISITING A
WEBSITE (7 MINUTE READ) [8]

A vulnerability in Arc Browser's use of Firebase allowed unauthorized
access to any user's browser without them visiting a website. This was
possible because Arc's cloud features, like Boosts, stored data in
Firestore with insecure security rules. An attacker could exploit this
by obtaining a user's ID, creating a malicious Boost, and changing the
Boost's creator ID to the victim's. This has since been addressed by
Arc, who patched the vulnerability, added a feature to disable Boosts,
and started a bug bounty program.

¨

OPINIONS & ADVICE

NO ONE BUILDS IN PUBLIC (5 MINUTE READ) [9]

The "build in public" trend within the indie hacker community has an over-reliance on sharing revenue figures. While initially
attention-grabbing, the constant stream of success stories may be
losing its impact and overshadowing the discussion of actual product development. Also, the "build in public" approach may not be necessary
for success, as some prominent indie hackers have achieved great
results without actively sharing their progress publicly.

A NEW ERA OF WRITING CODE (5 MINUTE READ) [10]

LLMs can significantly speed up development by taking care of
repetitive tasks, but they still have limitations, especially when
dealing with complex or open-ended features. While LLMs can't replace
engineers entirely, they can help them to focus on higher-level tasks.


80% OF DEVELOPERS ARE UNHAPPY. THE PROBLEM IS NOT AI, NOR IS CODING
(5 MINUTE READ) [11]

A recent Stack Overflow survey revealed that 80% of developers are
unhappy with their jobs, with many reporting feeling burnt out and
demoralized. The primary culprit appears to be a combination of
factors, including unrealistic expectations, technical debt,
bureaucratic obstacles, and a lack of work-life balance.

¨

LAUNCHES & TOOLS

IMPROVE WEB PERFORMANCE BY OPTIMIZING JAVASCRIPT BUNDLE SIZES
(SPONSOR) [12]

Nobody likes slow front end response - not you, your users, or
search engines. Learn how to get ahead of bloated JavaScript bundles
and improve your web performance in this blog. Read more on the Sentry
blog [12]

KAMAL PROXY (GITHUB REPO) [13]

Kamal Proxy is an HTTP proxy that makes it easy to coordinate
zero-downtime deployments. It can deploy changes to web applications
without interrupting any of the traffic in progress.

SCALAR (GITHUB REPO) [14]

Scalar is an offline-first API client and interactive reference
generator. It uses OpenAPI/Swagger documents to create user-friendly documentation and API clients for various languages and frameworks.

CSS PEEPER (CHROME EXTENSION) [15]

CSS Peeper is a Chrome extension that allows designers to easily view
and inspect CSS styles on any website. It allows for browsing
components and colors in a visual way.

¨

MISCELLANEOUS

FORGET CHATGPT: WHY RESEARCHERS NOW RUN SMALL AIS ON THEIR LAPTOPS (9
MINUTE READ) [16]

Researchers are increasingly choosing to run smaller AI models on
their laptops instead of relying on online services like ChatGPT. This
shift is driven by the availability of open-source AI models and the development of smaller models that can run efficiently on consumer
hardware.

THE SORRY STATE OF JAVA DESERIALIZATION (12 MINUTE READ) [17]

Java deserialization is surprisingly slow. This developer benchmarks
various techniques for reading 1 billion rows of data from disk,
including using `DataInputStream`, JDBC, Protobuf, Parquet, and custom solutions. The results show that even with optimized custom
implementations, Java's performance lags significantly behind the
theoretical maximum for disk I/O.

ANALYZING THE OPENAPI TOOLING ECOSYSTEM (14 MINUTE READ) [18]

This is an exploration of the OpenAPI Specification (OAS) tooling
ecosystem that visually diagrams the various tasks tools perform and
how they relate to each other. The tools are separated into three
areas: Parsing libraries, OAD tools, and API tools.

¨

QUICK LINKS

SANDING UI (4 MINUTE READ) [19]

"Sanding UI" involves repeatedly clicking and interacting with a
user interface to identify and fix subtle usability issues.

WRITE CHANGE-RESILIENT CODE WITH DOMAIN OBJECTS (3 MINUTE READ) [20]

By using domain objects that represent the fundamental ideas of a
product, rather than specific requirements, code becomes more
resilient to changes in those requirements.

HOW I HIRE PROGRAMMERS (6 MINUTE READ) [21]

A better programmer hiring process focuses on evaluating candidates'
past work, conversational intelligence, and compatibility with the
team rather than traditional interviews like Leetcode questions.

I LIKE MAKEFILES (5 MINUTE READ) [22]

This developer prefers using Makefiles for project automation due to
their simplicity, consistency across projects, and compatibility with
various build tools.

Love TLDR? Tell your friends and get rewards!

Share your referral link below with friends to get free TLDR swag!

https://refer.tldr.tech/363c65bf/3 [23]

Track your referrals here. [24]

Want to advertise in TLDR? ¨

If your company is interested in reaching an audience of web
developers and engineering decision makers, you may want to ADVERTISE
WITH US [25].

If you have any comments or feedback, just respond to this email!

Thanks for reading,
Priyam Mohanty, Jenny Xu & Ceora Ford

If you don't want to receive future editions of TLDR Web Dev, please unsubscribe from TLDR Web Dev [26] or manage all of your TLDR
newsletter subscriptions [27].



Links:
------
[1] https://tldr.tech/webdev?utm_source=tldrwebdev
[2] https://advertise.tldr.tech/?utm_source=tldrwebdev&utm_medium=newsletter&utm_campaign=advertisetopnav
[3] https://a.tldrnewsletter.com/web-version?ep=1&lc=df5a9a84-734c-11ef-ae5c-1145880928d7&p=69b24446-7985-11ef-a20b-85db7d9d6075&pt=campaign&t=1727090478&s=780e650ba0d5e0cdb7d278b3834dbd7aa83bde214f2f550c1d788a1db89b7186
[4] https://go.clerk.com/dykM8q7
[5] https://clerk.com/blog/complete-guide-session-management-nextjs
[6] https://discord.com/blog/how-discord-reduced-websocket-traffic-by-40-percent?utm_source=tldrwebdev
[7] https://yieldcode.blog/post/one-year-of-rust-in-production/?utm_source=tldrwebdev
[8] https://kibty.town/blog/arc/?utm_source=tldrwebdev
[9] https://laike9m.com/blog/no-one-builds-in-public,160/?utm_source=tldrwebdev [10] https://www.developing.dev/p/a-new-era-of-writing-code?utm_source=tldrwebdev
[11] https://shiftmag.dev/unhappy-developers-stack-overflow-survey-3896/?utm_source=tldrwebdev
[12] https://about.codecov.io/blog/improve-web-performance-by-optimizing-javascript-bundle-sizes/?utm_source=tldr&utm_medium=paid-community&utm_campaign=codecov-fy25q2-bundleanalysis&utm_content=newsletter-bundleblog-read
[13] https://github.com/basecamp/kamal-proxy?utm_source=tldrwebdev
[14] https://github.com/scalar/scalar?utm_source=tldrwebdev
[15] https://chromewebstore.google.com/detail/css-peeper/mbnbehikldjhnfehhnaidhjhoofhpehk?utm_source=tldrwebdev
[16] https://www.nature.com/articles/d41586-024-02998-y?utm_source=tldrwebdev [17] https://www.marginalia.nu/log/a_110_java_io/?utm_source=tldrwebdev
[18] https://modern-json-schema.com/analyzing-the-openapi-tooling-ecosystem?utm_source=tldrwebdev
[19] https://blog.jim-nielsen.com/2024/sanding-ui/?utm_source=tldrwebdev
[20] https://testing.googleblog.com/2024/09/write-change-resilient-code-with-domain.html?utm_source=tldrwebdev
[21] http://www.aaronsw.com/weblog/hiring.en?utm_source=tldrwebdev
[22] https://switowski.com/blog/i-like-makefiles/?utm_source=tldrwebdev
[23] https://refer.tldr.tech/363c65bf/3
[24] https://hub.sparklp.co/sub_c9fe76197514/3
[25] https://advertise.tldr.tech/?utm_source=tldrwebdev&utm_medium=newsletter&utm_campaign=advertisecta
[26] https://a.tldrnewsletter.com/unsubscribe?ep=1&l=e8d201ca-3e93-11ed-9a32-0241b9615763&lc=df5a9a84-734c-11ef-ae5c-1145880928d7&p=69b24446-7985-11ef-a20b-85db7d9d6075&pt=campaign&pv=4&spa=1727089238&t=1727090478&s=55b09d5ba91bca2ea23c734fc86e3f4fcb102e5a50b2cc86e8972e3bdc767e4c
[27] https://tldr.tech/webdev/manage?email=tldr%40synchro.net

---
þ Synchronet þ Vertrauen þ Home of Synchronet þ [vert/cvs/bbs].synchro.net