Investing in Open Source: Hong Kong Open Source Conference 2018

On June 16th I was honoured to keynote the opening day of the 2018 edition of the Hong Kong Open Source Conference

I was grateful to share my years of experience working in open source. My talk on “Maintaining Your Sanity While Maintaining Open Source” targets not only maintainers but consumers of open source software.


For maintainers I like to give them some tips and tricks I’ve picked up along the way to lessen their workload. As well a big part of my talk is absolving maintainers of the guilt of not being able to fix all of the issues. Open source maintainers give their time and their code freely but should not be expected to be on call 24/7.

On the other side of the equation there are a number of things that consumers of open source can do to lighten the load of maintainers and ensure that they get timely responses on their issues. It all starts with treating maintainers with empathy and respect.

Over the two day conference I was able to talk to a ton of folks from all over Asia about open source and Adobe. Sadly, not a lot of folks knew about Adobe’s contributions to open source projects which I was able to educate them on.

If you wanted to know what is the hottest topic of conversation at the conference then Blockchain would be the key winner. Besides a number of conference sessions most of the hallway track consisted of conversations on how folks could utilize blockchain in their solutions.

Visiting Hong Kong and getting to meet the organizers of the HKOS conference was a wonderful experience and I’d love to get back to Hong Kong in the future to see how the open source culture has grown.

Starting a New Job

Last week I started my new job as a Developer Advocate for Adobe. Wait, I bet you were thinking I thought you already were a developer advocate? I know it seemed like that as I would travel around espousing the benefits of building web applications, PWA's and using hybrid technologies but that's just something I did for fun.

Now I'm super excited to be joining the Developer Experience team at Adobe. In my role as a developer advocate I will continue to be speaking at conferences (upcoming talks) but I will also be working with internal teams, partners, customers and external developers to help them solve problems. I'll be coming up to speed with a ton of things that Adobe offers so that is going to be fun and challenging.

What does this mean for my open source work? Not too much really, I'll still be contributing to open source projects but now I will be broadening my horizon to a number of different projects. One of the other amazing thing about my new team is they are also the Open Source Office at Adobe and we'll be open sourcing more internal projects and working more closely with the open source community.

To that end, Adobe has announced that it has acquired Magento which is an open community driven e-commerce system. With over 300,000 community developers I'm picking a good time to change roles as there will be lots of interesting challenges as the two companies learn from each other.

Reporting Security Issues to Open Source Projects on Github

As a user of open source software there are some things you can do in order to receive a better response from maintainers and to make their workload just a bit more bearable. First and foremost would be properly filling out all the parts of their issue template

Another way you can be a good open source citizen is by properly reporting security issues. I prefer the coordinated disclosure approach. However, any issue you open on Github is by default full public disclosure. In my mind this is a jerk move. This puts tremendous pressure on the maintainer of the open source project to respond quickly. Maybe that is what you want but it won't make you any friends with the maintainers and it will leave all the other users of the software open to the vulnerability.

So how do you privately report an issue to the maintainer? If the project is maintained by a large company I suggested searching the web for "report security issue to <company name>" as the top search result will generally get you the site you need. At least it did for my quick searches for Google, Facebook and Adobe.

If the package is maintained by a single developer or a small group I suggest you email the maintainer first to open a dialog that could lead to a coordinated disclosure but how to find the maintainers email?

  • Check the README file to see if there is contact information.
  • If it is a node project look in the package.json to see if the author lists their email.
  • Clone the project and run `git log` from the CLI as frequently the maintainers email address will show up next to their commit.

Worst case scenario, create an issue asking the maintainer to contact you for details of the issue. If they don't get back to you in a reasonable amount of time then go ahead and create a public issue. Note: a reasonable amount of time to me is a minimum of two weeks. Remember OSS maintainers are people too and sometimes they take vacations or have family issues, just like you.

When you send an email to the maintainer remember to include all the details that the maintainer's issue template. Putting in the work up front to properly report an issue will get you a much better response. At least it does from me and from my experience dealing with other maintainers.


Yearly Information Diet

A few years ago I read a great book by Clay Johnson called The Information Diet. It's a fantastic book that really helped me pop the filter bubble I was in and taught me that I needed to search out quality sources of information.

Another point of the book was to periodically cull the sources of information you are consuming. I'm a bit of a completest myself and I get really bad FOMO if I'm not 100% up to date with my email, RSS feeds, twitter and podcasts. In order to save my own sanity I take some time during the first week of every new year to go though the sources of information that invade my life and answer the questions: Does this bring me any value? Do I get any joy from this? If not I click the unsubscribe/unfollow link.

So far this week I've done a pass on my Twitter feed and unfollowed about 75 accounts. Geez, I was amazed by how many "brands" I'd followed over the past year. I mean I love local breweries but do I really need to follow 6 of them? As well I've been going though my RSS feeds trimming dead feeds and unfollowing ones that don't provide me with value.

At the same time I've been trying to keep my new year's resolution in mind:

So far that's been going pretty well as I've added support for things that I love like Saturday Morning Breakfast Cereal and You Are Not So Smart podcast as well as tools I depend on like Babel

Next step is to tackle my inbox which constantly seems to be full of weekly tech emails.

What do steps do you take to avoid being overwhelmed by the firehose of information we are subjected to daily?

2017 in Books

In 2017 I read 83 books according to my Goodreads account. It was pretty evenly split between books and graphic novels. Sadly, I don't get to read as much as I used to when I averaged about two per week but I'm happy to get whatever time I can to read. 

Some folks wonder how I can even read as much as I do and one of my strategies is to always have a book on hand. Besides having access to physical books, I have a Kindle which I keep loaded with tons of books and an Audible subscription for listening to books in the car or while puttering around. This way I can always be reading but I just bought a Nintendo Switch this week so maybe not as many books in 2018?

Anyway, let's get to some thoughts I had on some memorable books this year.

Best of the Year

Easily the best book I read this year was The Fifth Season by N.K. Jemisin was amazing. Jemisin does such an excellent job of building a world that seems like it could be ours but it is different enough to leave you wondering. The intertwining of three stories from three women of different ages is a tour de force of writing.

After I finished this book I waited until the third book of the trilogy was available so I could read The Obelisk Gate and The Stone Sky back to back. This strategy worked out so well I intend to use it going forward for all trilogies. The sequels don't disappoint at all and the entire series gets my highest recommendation.

Surprise of the Year

Usually I steer away from licensed comic books as more often than not they are of lower quality art and writing with the Larry Hama written G.I. Joe comics from the 80's. However, I am an absolute sucker for the monthly Humble Book Bundles. When I saw that they were doing one on all of IDW's G.I. Joe and Transformer comics I jumped at the chance to pick them up on the cheap as they have been highly recommended by Chris Sims on the War Rocket Ajax podcast. 

I'm really glad I did as they are a delight. The art and writing is great and not as juvenile as the beloved cartoon from the 80's. Please don't send me angry emails, I still love the cartoon from the 80's. The story and characters are recognizable from the TV show or comics you loved as a kid but they are not a rehash of previous storylines so there is something new in there for everyone.

Best Programming Book

I'm not going to go too into depth on this one as I've already written a full blog post on it here.


Most Thought Provoking Read

Coming in near the end of the year was Technically Wrong by Sara Wachter-Boettcher which really left me with a lot to think about and an idea for a new conference talk. I've personally seen algorithms go wrong in my career in high tech. In 2018 I'm making it part of my goals to make sure we don't accidentally add our biases into the software we develop. If you've ready Technically Wrong I'd also recommend Weapons of Math Destruction by Cathy O'Neil

Best Graphic Novel of the Year

I'd been putting off reading The Sandman: Overture for awhile as I figured once I was done with it there would be no new Sandman comics for me. I finally set aside some time to really get into it and I loved it.

This book finally explains how Dream could be captured as we see him in the first issue of the Sandman series. Even though it is a prequel of sorts it doesn't feel like the author is re-arranging furniture to get you to that point.

Honestly though, how could this not be great when Neil Gaiman is writing, J.H. Williams III is on pencils, Dave Steward is on colours and Todd Klein on letters. These four gentlemen are at or near the top of their professions and it shows in this collection.

Worst Read of the Year

I'm still trying to figure out why this book was so popular. The only thing I can think of is it must be for folks who don't generally read science fiction. If you are an avid reader of science fiction it will seem very derivative of number of other books you've already read. Also, I know it is fiction but the science driving the plot is kinda hand waving magic crap.

Building Progressive Web Apps by Tal Ater

If you follow me on twitter you probably know that I am all in on Progressive Web Apps. That's why I was so excited to hear Tal Ater was writing a book on the topic. Full disclosure Tal sent me an ebook version that I could read but don't tell him I was planning on purchasing it anyway.

I had really high expectations for the book as Tal is the author of some really great open source software like AnnYang for adding speech recognition to your site and UpUp for detecting when your site is off-line. I knew I wasn't going to be disappointed when the first chapter opened up with a Patrick Rothfuss quote from his amazing book The Name of the Wind.

This book is the definitive tome on Progressive Web Apps. Tal does a fantastic job of introducing the topic of Progressive Web Apps to readers who may be unfamiliar with PWA's. The book is structured so that you progressively add functionality to a fictional website The Gotham Imperial Hotel. It's super easy to follow along as all the code for the site is hosted on GitHub.

While taking the reader through enhancing the site you will learn some topics that I haven't seen well covered elsewhere like the Service Worker Lifecycle. Having a solid understanding of the service worker lifecycle will help you understand what caching strategy to use for various files in your app. Too frequently tutorials on PWA's only describe the cache only strategy but this book will introduce you to a number of caching strategies besides cache only like cache, falling back to network; network only; network, falling back to cache; cache, then network; etc.

Moving on from caching strategies one of the most powerful abilities of services workers is the ability to do Background Synchronization. Tal walks you through how to provide excellent offline support for your web app starting with saving data locally with IndexedDB, moving to adding Background Sync to your service worker and finally communication between the service worker and the app using post messages. Each one of these chapters flows naturally and when you are done you'll have a web application that is tolerant of network connectivity.

The rest of the book covers important topics like setting your your site to be recognized as a PWA using manifest.json and the always controversial topic of push notifications. Yes, PWA's can do push notifications but ask yourself, "Should I bother my users?" before sending any push message.

So, if you couldn't tell by the glowing review above I highly recommend you pick up this book if you want to learn more about Progressive Web Apps.

Building Progressive Web Apps by Tal Ater (Amazon affiliate link)

April Showers Bring May Travels

Oh man, that's a horrible title. I'm kinda ashamed I wrote that but it's done now and there is no way to change things on the internet. Anyway, for most of the month of May I'll be in and around the EU hitting up conferences and meet up's. If you are in any of these cities and would be interested in getting together for a coffee to talk shop please let me know.

First I'll be headed to Basel, Switzerland on May 2nd and 3rd for an internal Adobe Open Source Summit. Then I'll head over to Berlin, Germany for JS Conf EU from May 4th to 7th. Next I'm popping over to London to talk at a Women Who Code meet up. It is in London where I hope to finally be able to see Guardians of the Galaxy Vol 2, so please no spoilers. Up next is a jaunt over to JS Day ES where I'm speaking on the 13th but hanging around for a few more days before I end up in Amsterdam on the 16th for PhoneGap Day EU which is on the 18th and 19th.

It should be a great, but busy, trip. If you have any good suggestions for things to see in do particularly in Berlin or Madrid please tweet them at me.



Any Android applications that target Android 6.0 (API level 23) or higher automatically participate in Auto Backup. This is because of the android:allowBackup attribute, which enables/disables backup. The property defaults to true in cordova-android projects as it is omitted from the AndroidManifest.xml file.

<application ...

This may cause you an issues if you are trying to clear localStorage as it will automatically be restored when the app is re-installed. As well the phonegap-plugin-contentsync project stores it's files in a backed up directory on Android.

If you don't want this default behaviour on Android you can disable Auto Backup. Include cordova-plugin-allow-backup in your project:

cordova plugin add cordova-plugin-allow-backup

If you want to set the property to true use the BACKUP  variable.

cordova plugin add cordova-plugin-allow-backup --variable BACKUP=true


So I totally biffed on the fact that edit-config is now supported in config.xml as well as plugin.xml so you don't need the above plugin. All you need to do is add an edit-config section to your config.xml file like this:

<platform name="android">
    <edit-config file="AndroidManifest.xml" 
        <application android:allowBackup="false"/>