Maya Shavin

My printed books have arrived today, what a surprise! 🥳❤️❤️

Tired of cloud vendor lock-in? Time to reclaim your infrastructure! 🛠️ In this week's "The Weekly Five," Santosh highlights 5 powerful Open Source tools to build your own stack and put control back on your machine: 1️⃣ qmd - Local, semantic search engine 2️⃣ valkey - Community-driven Redis fork 3️⃣ databasus - Self-hosted DB backups (Postgres, MySQL, Mongo) 4️⃣ crewAI - Multi-agent AI orchestration 5️⃣ Pascal Editor - WebGPU-powered 3D architectural design Don't miss these game-changers. Read the full issue here: weeklyfive.io/p/the-weekly-f… P.S. Building OSS? Check out the note on getting CodeRabbit for free at the end! 🚀 #OpenSource #DevTools #SelfHosted #WebDev #Engineering #OSS

There will be no AI jobpocalypse. The story that AI will lead to massive unemployment is stoking unnecessary fear. AI — like any other technology — does affect jobs, but telling overblown stories of large-scale unemployment is irresponsible and damaging. Let’s put a stop to it. I’ve expressed skepticism about the jobpocalypse in previous posts. I’m glad to see that the popular press is now pushing back on this narrative. The image below features some recent headlines. Software engineering is the sector most affected by AI tools, as coding agents race ahead. Yet hiring of software engineers remains strong! So while there are examples of AI taking away jobs, the trends strongly suggest the net job creation is vastly greater than the job destruction — just like earlier waves of technology. Further, despite all the exciting progress in AI, the U.S. unemployment rate remains a healthy 4.3%. Why is the AI jobpocalypse narrative so popular? For one thing, frontier AI labs have a strong incentive to tell stories that make AI technology sound more powerful. At their most extreme, they promote science-fiction scenarios of AI “taking over” and causing human extinction. If a technology can replace many employees, surely that technology must be very valuable! Also, a lot of SaaS software companies charge around $100-$1000 per user/year. But if an AI company can replace an employee who makes $100,000 — or make them 50% more productive — then charging even $10,000 starts to look reasonable. By anchoring not to typical SaaS prices but to salaries of employees, AI companies can charge a lot more. Additionally, businesses have a strong incentive to talk about layoffs as if they were caused by AI. After all, talking about how they’re using AI to be far more productive with fewer staff makes them look smart. This is a better message than admitting they overhired during the pandemic when capital was abundant due to low interest rates and a massive government financial stimulus. To be clear, I recognize that AI is causing a lot of people’s work to change. This is hard. This is stressful. (And to some, it can be fun.) I empathize with everyone affected. At the same time, this is very different from predicting a collapse of the job market. Societies are capable of telling themselves stories for years that have little basis in reality and lead to poor society-wide decision making. For example, fears over nuclear plant safety led to under-investment in nuclear power. Fears of the “population bomb” in the 1960s led countries to implement harsh policies to reduce their populations. And worries about dietary fat led governments to promote unhealthy high-sugar diets for decades. Now that mainstream media is openly skeptical about the jobpocalypse, I hope these stories will start to lose their teeth (much like fears of AI-driven human extinction have). Contrary to the predictions of an AI jobpocalypse, I predict the opposite: There will be an AI jobapalooza! AI will lead to a lot more good AI engineering jobs, and I’m also optimistic about the future of the overall job market. What AI engineers do will be different from traditional software engineering, and many of these jobs will be in businesses other than traditional large employers of developers. In non-AI roles, too, the skills needed will change because of AI. That makes this a good time to encourage more people to become proficient in AI, and make sure they’re ready for the different but plentiful jobs of the future! [Original text in The Batch newsletter.]

🗓️ The full lineup & schedule is uncovered! This year at JSNation, 50+ speakers covering AI-assisted coding, full-stack architecture, micro-frontends, WebMCP, observability, JS runtimes, tooling, and more. Hope to see you there!

VS Code was already used by millions of developers for agentic coding. However, the editor layout has traditionally been optimized for single-task and single-workspace workflows. Today, we're introducing a new window to enable our users (and ourselves!) to work with multiple agents across multiple projects: Agents. Now available in VS Code stable!

@liran_tal It was interesting to see in the TanStack incident people talk about npm and pnpm like yarn doesn’t exist 😅

@MayaShavin Good question :D

Anyone still uses Yarn?

@claudiucjc 😂 same here.

@MayaShavin I like yarn, but I use pnpm 😂

@claudiucjc Don’t know. Just curious 🤷🏻‍♀️

@MayaShavin why not?

@FrancescoCiull4 5% 🫠

Again. LinkedIn set to layoff 5 percent of staff....

@MayaShavin Snyk will detect if you've been exposed to the known malware packages across npm, PyPI and other ecosystems as soon as they're added to our database for prevention I recommend: 1. github.com/lirantal/npq 2. github.com/lirantal/npm-s…

@baskarmib Oh nice! 👍🏻 Didn’t know that :)

@MayaShavin Yeah! I have been FDE for past 10 years and even now working day in day out with client business and IT teams.

So now in addition to FED - Front End Development, we have FDE 😆 - Forward Deployed Engineers. Keeping up to the acronyms can be hard sometimes 🙃

@niklas_wortmann This makes more sense. Because if we let AI write the tests, 90% the time we will not even review those generated tests 😅, and that’s dangerous.

The test-first workflow with AI agents is underrated. Don't be lazy, write the test yourself. You define what "correct" means. Let the agent write the implementation. If the test fails, agents have all the tools to fix the implementation and iterate!

practical mitigation[1] steps[2] against the tanstack compromise and other supply chain attacks on npm [1] reduces vulnerable surface [2] apply to your pnpm config too * see more security best practices on the repo

Si estás usando npm install, estás en peligro. ¡Así de crudo te lo cuento para que reacciones! Ayer se comprometieron paquetes de TanStack en npm. De las bibliotecas más usadas en el mundo JavaScript. Y de ahí saltó a Mistral, OpenSearch, UiPath, PyPI... Porque muchos ataques no necesitan que importes nada. Basta con una instalación para infectarte. ¿Cómo? Colando scripts como preinstall o postinstall que se ejecutan durante la instalación. Lo importante es que tiene solución: ① Usa pnpm 11 Viene con defensas por defecto contra este tipo de ataques. ② Si sigues usando pnpm 10, npm, yarn o bun Activa minimumReleaseAge y ponle 1440. Evita instalar versiones publicadas el mismo día. ③ Bloquea scripts de instalación por defecto pnpm evita que cualquier dependencia ejecute código en tu máquina solo por instalarla. Por favor, comparte esto para que le llegue al máximo número de personas y paremos la cadena de ataques.

@liran_tal 💯 now serious question - will Snyk help in this TanStack case?

@MayaShavin Every time is a good time to add security controls :-)

WRT the tanstack supply chain compromise The core attack centered on pwn request / pull_request_target method Snyk published several artifacts on this that you should read: - GitHub Actions scanner: github.com/snyk-labs/gith… - Write-up from June 2024: labs.snyk.io/resources/expl…

Great AI comes more human responsibility in maintaining security and review? 😅🫤

@FrancescoCiull4 AI doesn’t replace us, but certainly it changes the game rules 🫤

@MayaShavin more bad news..

In case you didn’t get enough bad news about jobs in tech... GM laying off 600 IT workers while hiring AI-focused roles feels like a preview. Maybe AI isn’t “replacing developers”. It’s redefining what developers are expected to know. We need to wake the fu*k up.