Double Shot #2520

Jan 23, 2020

systemd service sandboxing and security hardening 101 - I didn't know this was a thing.
HTTPie 2.0 - Major version update of this command-line HTTP tool that claims more intuitive syntax than curl.
Everything I know about SSDs - A year old, so probably out of date by now, but plenty of good info.
JetBrains Mono - Free typeface for developers. I tried this & didn't much like the look, but YMMV.
Dev Degree - Work at Shopify and get an accredited CS degree at the same time.
Ouroboros - "Ouroboros is a peer-to-peer transport network built on a new recursive network paradigm according to a UNIX design philosphy. The aim is to provide a secure and private networking experience and to provide a simple API for writing distributed software and networked application libraries."
New year, new browser – The new Microsoft Edge is out of preview and now available for download - I've been using Edge as an occasional test browser and it's not bad. Plus Microsoft might be big enough to serve as a counterweight to some of Google's stupider ideas for the Chromium engine.
kubernaughty - A collection of Kubernetes stuff. "There are many gotchas, mud pits and blind spots running distributed systems, and kubernetes is no different. Hopefully, this stuff helps you and your team."
Big list of http static server one-liners - If you have a folder of files you want to see in a web UI, there are lots of choices.
Zero trust architecture design principles - This is getting to be more important.
Turbo Boost Switcher for OS X - Throttle back your MacBook for longer battery life and less heat.
DevOps Questions & Exercises - Everything from basic Linux to advanced Prometheus (and much more) in a single repo.

Double Shot #2519

Jan 22, 2020

Highlights from Git 2.25 - Partial clones and spare checkouts are the new hotness here.
GoatCounter - Privacy-aware simple web analytics. Worth a look.
Debugging Through WebAssembly Is Impossible - So obviously you just need to write perfect code the first time.
Why I still love Ruby - And many of us agree.
Cache Crispies - Fast, Flexible Rails Serializer - A new JSON serializer that appears worth a look.
Istio as an Example of When Not to Do Microservices - Really, not everything benefits from being chopped into small pieces.
Building a more private web: A path towards making third party cookies obsolete - Yeah right. When Google says "more private" check your wallet. And then switch browsers.
How to Make a Raspberry Pi VPN Server - Looks like a fun & easy little project.
DuckDuckGo Lite - About as simple as a search experience can get.
Centric Server - A general purpose programmable automation server with a web UI.
OneDev - "Super Easy All-In-One DevOps Platform," think self-hosted GitLab functionality.
Bring your monorepo down to size with sparse-checkout - Why and how to use the latest git features.

Double Shot #2518

Jan 21, 2020

Understanding Memory Cards - A comprehensive guide to small digital storage (aimed at digital cameras, but there's a lot of solid basic info here).
Deploy your side-projects at scale for basically nothing - Google Cloud Run - If it's in Docker, it's easy to deploy, run, and scale.
Deceiving blue teams using anti-forensic techniques - Don't assume that the people invading your network are idiots.
Resources for designers looking to sketch more in 2020 - Articles, books, and tools.
Let’s Reverse Engineer Discord - And discover that they can MITM all your audio & video traffic.
The Supreme Court will decide software development's future in Google v. Oracle - If Oracle prevails, we're all in trouble.
Great Teams Break the "Rules" All the Time - There really isn't One True Way to develop software, adherents of particular branded approaches to the contrary.
The 'No Code' Delusion - We've seen this movie before, many times. It always ends badly.
eSQLate - "Build minimum viable admin panels quickly with just SQL."
A brand new browsing experience arrives in Firefox for Android Nightly - Well, brand new if you didn't try Preview, but fun nonetheless.
A sad day for Rust - Open source vs. human nastiness once again.
Software certifications; a waste of time and money! - I've spent a lot of time in the certification racket, and yeah. But this is a wider issue than just software.

Double Shot #2517

Jan 20, 2020

ungoogled chromium - If you like the Chrome browser but don't like the amount of information it shares with Google, here's an alternative.
The Good Parts of AWS - An opinionated ebook ($38 to purchase).
IgniteOS - "Ignite Os is a simple linux OS focused on productivity and git tools, optimized with all drivers to run on Chromebooks, Netbooks and micro boards." Under active development.
Cloudron - "Cloudron is a platform that makes it easy to install, manage and secure web apps on your server. You can install Cloudron on your server (from say AWS, Digital Ocean etc), give it a domain name and start installing apps." Free up to 2 apps, then $30/month.
JollysFastVNC - Secure VNC/ARD client (which lets me have both Linux & Mac boxes open as remote desktops at the same time).
Rete.js - "Rete is a modular framework for visual programming. Rete allows you to create node-based editor directly in the browser. You can define nodes and workers that allow users to create instructions for processing data in your editor without a single line of code."
Nota - Terminal-based calculator that handles things like radicals and Greek letters and trig functions.
Live Streaming Server Setup - A how-to guide to setting up RTMP on your own infrastructure.
Copy & paste from tmux to system clipboard - A tip for the Linux users out there.
darken - Javascript library to make dark mode easy to implement.
Secure 2FA SSH and PGP using Krypton - Turn your phone into an all-purpose 2FA device.
Creating Tables and Querying data with AWS DynamoDB - An introduction.

Double Shot #2516

Jan 17, 2020

How Blazor Is Going to Change Web Development - Well, if you're a .NET developer, anyhow.
Rails PG Extras - Easy retrieval of PostgreSQL tuning info from within your app.
How I Do (Hopefully) Fair Performance Reviews for Software Developers - Though I'm not convinced big-company practices translate to startups in this area.
Managing product requests from customer-facing teams: top 2 things - An interesting way to collaborate with customer teams on product prioritization.
Important information about our Elixir and Ruby Open Source projects - Platformatec has been acquihired, but they're doing a good job of making sure their open source work survives.
Adobe retires Flash in December 2020 - And web developers everywhere cheer.
DynamoDB is Not a Database - Think of it as a durable data structure in the cloud.
Introducing Tanka, Our Way of Deploying to Kubernetes - From Grafana, an alternative to using raw YAML files or Helm.
lsvine - "tree -L 2 with less empty screen space."
Awesome Uses - Maybe I'm odd but I enjoy reading what other devs use to get the job done (and maybe I should get off my butt and publish my own /uses page).
Is SMS 2FA Secure? - You already know the answer to that one, right?
A Graduate Course in Applied Cryptography - In the form of an online ebook.
Encrypted Secrets(Credentials) in Rails 6, Rails 5.1/5.2, older versions and non-Rails applications - Managing secrets in various environments.

Double Shot #2515

Jan 16, 2020

I have been underestimating JS - Digging deeply into V8 and NodeJS Streams.
Rails: How to Use Greater Than/Less Than in Active Record where Statements - Well heck, I didn't know you could use infinite ranges with ActiveRecord.
Two niceties about Ruby Structs - Constructors with keyword arguments are a win.
Deep Dive on Amazon ECS Cluster Auto Scaling - Understanding this sort of thing can be important if your budget is not infinite.
Data Detox Kit - "Everyday steps you can take to control your digital privacy, security, and wellbeing in ways that feel right to you."
Chime - "A Go editor for macOS." Currently in closed beta but looks nice.
Cutting Google out of your life - Lots of alternatives to Google products.
This Is Why You Always Review Your Dependencies, AGPL Edition - How taking an update to a bundled chunk of code can affect your own licensing.
Rails, Routes, & Flags - And here I was still piping things into grep.
Pomodoro - Pomodoros in bash script are probably about as simple and portable as it can get.
chatwoot - "An opensource alternative to Intercom, Zendesk, Drift, Crisp etc."
Redash - A hackerish take on freeing up business intelligence.
Pixelfed - "A free and ethical photo sharing platform." Powered by ActivityPub federation.
What TDD is -- and isn't -- like. - Ron Jeffries suggests that some of the objections are at best strawman attacks on what actually works.

Double Shot #2514

Jan 15, 2020

Notes on Technical Writing - General guidance from an engineer who has worked on the WordPress docs.
WTF is Chrome’s SameSite cookie update? - It's something that needs to be on your radar if you run a site that shares cookies across multiple subdomains.
git-story - Build a static site from git history.
Promiscuous Cookies and Their Impending Death via the SameSite Policy - Troy Hunt digs into the upcoming changes.
Neumorphism in user interfaces - Perhaps the next UI trend to watch for.
JobFunnel - "Automated tool for scraping job postings into a .csv file."
Terrastruct - "Terrastruct is a tool to create diagrams that excel at visually explaining complex systems, such as your organization's engineering architecture."
micro-jaymock - "Tiny API mocking microservice for generating fake JSON data."
The Hidden Cost of Ransomware: Wholesale Password Theft - Life online continues to deteriorate.
Are you ready to work remotely? - Some questions for the new developer.
My list of almost indispensable Chrome Extensions - One developer's view. I avoid Chrome myself, so no strong opinions from me.
Faktory Enterprise - Mike Perham's latest language-independent background job system.. If I was working in the enterprisey space I'd be looking to send some money his way for this.
Open Source, SaaS and Monetization - Inspired by Sentry's license change.
Is your fancy new domain hurting your performance? Benchmarking the top-level domain names - Well, maybe on the first visit.

Double Shot #2513

Jan 14, 2020

Shadow requesting for great good - One interesting way to load test realistically is to replay extra copies of production traffic.
Yggdrasil - "Yggdrasil is an early-stage implementation of a fully end-to-end encrypted IPv6 network. It is lightweight, self-arranging, supported on multiple platforms and allows pretty much any IPv6-capable application to communicate securely with other Yggdrasil nodes. Yggdrasil does not require you to have IPv6 Internet connectivity - it also works over IPv4."
Ruby 2.7 NEWS: Commentary by Cookpad’s Full Time Ruby Committers - A look at what's new along with a deep dive into some of the design background.
Migrate Your Rails App from Heroku to AWS Lambda - The ActiveRecord Adapter for Amazon Aurora Serverless makes this easier.
The Mac Malware of 2019 - An analysis from Objective-See. The numbers are going up.
S3 Email - Lashing together AWS services to get a full email stack that you don't have to manage yourself.
Scripting tmux - Using the command line instead of workspace management utility wrappers.
Colour Wheels, Charts, and Tables Through History - There's probably some design inspiration to be had here, but really I'm just linking it because it's fun.
Problems with Pull Requests and How to Fix Them - A long look at how some of our tools affect the development process.
Fighting Packet Loss with Curl - With the right parameters curl can do a good job of getting through flakey networks.
My Firefox addons as of Firefox '74' (the current development version) - One developer's tweaks focused largely on privacy.
localghost - This is what happens when web developers have too much free time.
Snowpack - "Build web applications with less tooling and 10x faster iteration." An alternative to webpack or parcel.
Broot - A new CLI directory listing & file manipulation utility.

Double Shot #2512

Jan 13, 2020

Evolving Threat series — Infiltrating Python’s Software Supply Chain - Given the dependency management dumpster fire that we've created, it's a safe bet that we'll see more high-profile supply chain attacks in 2020.
The Comprehensive Guide to Speaking at Technology Conferences in 2020 - Giving talks is a good way to up your profile in software-land, as long as you're not a complete hermit.
Chronologic Versioning 2019.05.19 - An alternative to semver.
Authoritarian Nations Are Turning the Internet Into a Weapon - And depending on who you work for, you're helping them.
Rails User Auth - It's been a few years, time for a new authentication system.
Kno Ruby - Or if you prefer you could go with passwordless authentication.
UnicodePlot - Plot your data by Unicode characters - So you can add charts to your CLI code.
Cut Your RSpec/Minitest Runtime With TestProf - The first step to speeding things up is figuring out where the slowdowns are.
How to use Query Objects to refactor Rails SQL-queries - A technique for tidying up messy controller code.
Eventide on Rails - Integrating this pub/sub and event sourcing system directly with Rails apps.
Major union launches campaign to organize video game and tech workers - I'm not necessarily a fan of Big Labor in this country, but I think they're preferable to Big Tech.
Ruby on Rails Sentry logger installation and configuration - My current project uses Sentry and I'm pretty happy with it.
It is perfectly OK to only code at work, you can have a life too. - A message that bears repeating.
Half of the websites using WebAssembly use it for malicious purposes - Well that's just depressing, though it's not clear how good the sample was.

Double Shot #2511

Jan 10, 2020

ffsend - Command-line client for Firefox's free & secure file-transmission service.
leanweb - "Tool set for generating web components based web project." A shot at a web development package without so very many dependencies.
Unintuitive JSON Parsing - Thinking like a computer can be difficult.
ElastiQuill - "ElastiQuill is a modern blog engine built on top of Elasticsearch."
Dockerfile for Ruby on Rails Deployments - Setting up a local environment step-by-step.
Build an 8-bit computer from scratch - Using breadboards and logic gates. Video instructions & part kits available.
Programmers Should Plan For Lower Pay - An argument that the gravy train is bound to run dry.
The unreasonable effectiveness of one-on-ones - So why not apply them in your non-professional life?

Double Shot #2510

Jan 9, 2020

AWS Security Toolbox (AST) - A "simple Docker container that contains all security-related tooling for your AWS Assessments."
Continuous Deployment With GitLab, Docker And Heroku - How to do it.
Key practices for achieving large professional goals - Somewhat idiosyncratic but worth skimming.
The future of product is fraud - Just in case you're not feeling pessimistic enough yet.
Jenkins X - "Jenkins X is a CI/CD solution for modern cloud applications on Kubernetes."
Automate the Boring Stuff with Python - Free ebook for programming beginners.
So you got a smart device. Here’s how to keep it secure. - Advice from Mozilla.
Bash-my-AWS - "Bash-my-AWS is a simple but extremely powerful set of CLI commands for managing resources on Amazon Web Services."

Double Shot #2509

Jan 8, 2020

Working with Capistrano: Environment Variables and Remote Commands - Understanding how the pieces fit together to install and use rbenv remotely.
AWS Lambda the CLI Way - Understanding serverless concepts without using a Web UI.
Managing my dotfiles as a git repository - Doing things the simplest possible way.
spark-joy - A collection of "easy ways to add design flair, user delight, and whimsy to your product." Aimed more at the developer than the designer.
A look at Firefox Preview, probably the best browser in the Android world - A tour of major features.
Thunderbird - Looks like development on Mozilla's email client is heating up again. Maybe it's time to switch back.
Squoosh - Nice online tool for interactively compressing image files.
BuggedPlanet.info - Wiki of information about signals intelligence vendors and related topics. Read it and weep.

Double Shot #2508

Jan 7, 2020

bandwhich - CLI utility to show which processes are using your bandwidth.
How I enhance pull request quality on Github and Azure DevOps - Building a thorough pull request template.
Switching to Zeitwerk - Some things to watch out for with the new Rails autoloader.
KafkaHQ - "Kafka GUI for topics, topics data, consumers group, schema registry, connect and more."
Zwitterion - "A web dev server that lets you import anything" which makes it another attempt to simplify modern web development.
Brett’s Favorites 2019 - There are a lot of best-of lists out there, but I found more apps and hardware of interest to me on Brett's than most others.
Choosing a license for GoatCounter - One developer sorts through copyleft alternatives.
Snapcast - "Snapcast is a multi-room client-server audio player, where all clients are time synchronized with the server to play perfectly synced audio."/li> </ul>

Double Shot #2507

Jan 6, 2020

Multi-branch CodePipeline strategy with event-driven architecture - Implmenting GitFlow entirely within AWS tools.
Computer Science from the Bottom Up - "In a nutshell, what you are reading is intended to be a shop class for computer science." A free online textbook to help you understand what's underneath the hood.
IncludeOS - "IncludeOS allows you to run your application in the cloud without an operating system. IncludeOS adds operating system functionality to your application allowing you to create performant, secure and resource efficient virtual machines."
Ruby Lazy Enumerators - Syntax I've never needed, but who knows what the future will bring (or what opportunities I've missed).
Wyze Exposes User Data via Unsecured ElasticSearch Cluster - Merry Christmas. Remember, IoT stands for "Internet of Trash."
Distributed systems learnings in 2019 - From one of Uber's engineering managers.
Truemail - "The Truemail gem helps you validate emails via regex pattern, presence of DNS records, and real existence of email account on a current email server."
Chromda - "Chromda is an AWS Lambda function for serverless capturing screenshots of websites." Trigger it via SQS, SNS, API Gateway or Cloudwatch events.

Double Shot #2506

Jan 3, 2020

Hacking your keyboard with karabiner - Advanced techniques for Mac users who prefer to do everything via keystrokes.
When MFA isn't necessarily strong - Raising the bar is still good even if it could be higher.
Managing warnings emitted by Ruby 2.7 - Your Rails logs in particular will be full of warnings if you don't do something.
Can We Build Trustable Hardware? - "Why Open Hardware on Its Own Doesn’t Solve the Trust Problem" - determined adversaries just have too many channels for an attack.
Optimizing for the Speed of Light - A lot of APIs aren't well designed for current networking practices.
localdots - A lashup of various things to give you automated configuration of HTTPS certificates in your development environment.
Astuto - "Astuto is a free, open source, self-hosted customer feedback tool. It helps you collect, manage and prioritize feedback from your users."
Outline - "An open, extensible, wiki for your team built using React and Node.js."

Double Shot #2505

Jan 2, 2020

JIT development progress at Ruby 2.7 - The progress mainly being in eliminating things that didn't work.
I only use an iFrame to crawl and scrape content - Injecting a web scraper from the developer console.
Why npm lockfiles can be a security blindspot for injecting malicious modules - I do wish there was some way to roll back the clock and uninvent NPM. Failing that, I stick my head in the sand like everyone else.
Kinchan -"Composable browser automation with Ruby."
Wifi deauthentication attacks and home security - Don't like Ring surveillance devices? Knock them off their networks. This is likely illegal but I'd love to see this sort of thing catch on. I can imagine a standalone battery-powered "Ring killer" that could be tossed in the bushes to do it's work. Wipe your fingerprints off first.
Stroom - "Stroom is a data processing, storage and analysis platform. It is scalable - just add more CPUs / servers for greater throughput. It is suitable for processing high volume data such as system logs, to provide valuable insights into IT performance and usage."
faasd - "aasd is a Golang supervisor that bundles OpenFaaS for use with containerd instead of a container orchestrator like Kubernetes or Docker Swarm."
Ruby 2.7 - Comprehensive changelog with links and code examples.

Double Shot #2504

Jan 1, 2020

My Business Card Runs Linux - Winning as an embedded systems engineer.
Colleges are turning students’ phones into surveillance machines, tracking the locations of hundreds of thousands - More revolting news from the cutting edge of technology.
Minimalism — The most undervalued development skill - "Focus on the bare essentials and get rid of the rest. It's an easy way to differentiate, because most others are doing the opposite: tons of crap."
Nodemailer App - An email debugging tool: "App includes local SMTP and POP3 servers, a sendmail replacement, catchall email domain service, and it imports emails from EML files, EMLX files, large MBOX files from Gmail takeout, Maildir folders and Postfix queue files for inspection and preview."
The One Weird Trick SecureROM Hates - Even if you're not interested in jailbreaking an iPhone, the amount of wizardry that goes into this stuff is amazing.
Grumpy Website - Ranting about UX annoyances can be fun to read.
Go Micro - A microservices framework written in Go, of course.
All you need to know about Ruby 2.7 - Well maybe not everything, but a good tour of major changes.

Double Shot #2503

Dec 31, 2019

JSON on the command line with jq - A cookbook of useful examples.
memory safety: necessary, not sufficient - Reflecting on lessons from the known universe of Flash vulnerabilities.
unDraw - Open-source vector graphics with an online color-picker to let you do some light customization to match your branding.
The future of the web, isn't the web - What ubiquitous user agents might mean for information design.
Glow - Fancy markdown rendering from the CLI.
Should this be a microservice? - Things to think about when splitting a codebase.
Working for a startup makes less sense - Here's the deal: if you want to maximize income, go to work for one of the FAANGs or Microsoft. Personally, I can't stomach that, so I've left millions on the table over the course of my career.
My tmux setup - One developer's tweaks.

Double Shot #2502

Dec 30, 2019

Letters To A New Developer - "What I wish I had known when starting my development career"
What Medieval People Got Right About Learning - An argument that apprenticeships beat classrooms.
Mobile Privacy with DoH using Firefox and LibreDNS - It's not super-easy to use DNS over HTTPS on mobile, but it can be done.
Well, That Escalated Quickly - A catalog of ways to escalate your privileges on AWS after you've gotten a foothold in the account.
Teaching "the smell" - Thoughts on detecting incipient trouble in complex systems.
22120 - Experimental project to cache everything you browse, for later offline use.
Amazon RDS customers: Update your SSL/TLS certificates by February 5, 2020 - Something to be aware of, though as far as I can tell Rails doesn't care by default.
Debugging a live saturn V - You think your debugging efforts are heroic? Yeah, not so much.

Double Shot #2501

Dec 27, 2019

5 things I wish I’d known before switching from Engineering to Product - Just in case you're contemplating a career switch.
Ruby 2.7.0 Released - I wonder how far behind on updates I'll be when I retire?
The #1 bug predictor is not technical, it's organizational complexity - So says Microsoft Research, so probably add "at Microsoft" to that title.
Rails 5.2.4.1 has been released! and Rails 6.0.2.1 has been released!- Fixes for a rack security bug.
Weird Ruby: For Loops - Or at least non-mainstream ruby.
Lessons on leadership: The 10 most impactful lessons I’ve learned from 1,000+ managers in 2019 - Plenty to think about here if you manage people.
Ruby on Rails with Visual Studio Code in 2020 - Extensions, tasks, and settings.
Designing Engineer Onboarding at Affinity - Focused on getting into the code quickly.
Abbott Laboratories Sends Heavy-Handed Copyright Threat To Shut Down Diabetes Community Tool For Accessing Blood-Sugar Data - What's that line about killing the lawyers first?
Results vs. Hours: creating a results-focused workplace - Are you doing the work that matters?
Use GitHub actions at your own risk - Feeding secrets into random code you grab from a marketplace is probably a bad idea.
Octane is Here - A major update to (and rethinking of) Ember.js.
Outdoor Computing with a Deck Desk - If you're working at home why are you stuck indoors?
Why we switched to Figma as the primary design tool at Zomato - Because (among other things) it's better for collaborating than Sketch.