Double Shot #2381

Jul 8, 2019

• Ruby gem strong_password found to contain remote code execution code in a malicious version, further strengthening worries of growth in supply-chain attacks - Long headline but important news.
• SKS Keyserver Network Under Attack - Longstanding vulnerabilities may be catching up with OpenPGP.
• Meet the Noops - Silly little APIs designed just to play with.
• "Should I Dish Up My Rails Front End With Webpack, Webpacker, Bundler, or the Asset Pipeline?" - A look at the current state of Rails asset management.
• pihole-google - If you're really worried about Google's power, you can block it from your network entirely.
• lazydocker - "A simple terminal UI for both docker and docker-compose." Looks like a reasonable alternative to keeping multiple terminal windows running.
• How to get started with Threat Modeling, before you get hacked - A skill that not enough developers are familiar with.
• AWS Security Incident Response Guide - A solid framework for handling incidents in the cloud, at least if you use AWS.
• urlpages - The URL *is* the web page here.

Double Shot #2380

Jul 5, 2019

• Implement With Types, Not Your Brain! - Using Haskell's strong type-checking to help guide your development. Not the way I personally code but an interesting approach.
• Algo VPN - "Algo VPN is a set of Ansible scripts that simplify the setup of a personal IPSEC and Wireguard VPN. It uses the most secure defaults available, works with common cloud providers, and does not require client software on most devices."
• Track This. - Firefox script to pollute your browsing history in the interest of confusing your advertising profile. Hey advertisers, track THIS explains the thinking behind it.
• HTML is the Web -I tend to agree but I think this might be a losing battle.
• As a leader, your job should change every six months even if you stay put - Cate Huston offers a thoughtful approach to evolution as a manager.
• On scripting runtimes and macOS - And how this will screw up a bunch of software.
• 3 Strategies for implementing a microservices architecture - A quick look at the options from GitLab.
• Using Microservices to Solve Slow Build Times - Stop building the entire world on every commit.

Double Shot #2379

Jul 4, 2019

• On Open Source Dependencies, GitHub, Gender, Philosophy of Science and the nature of Self - Thoughts on collaboration in & out of tech from James Governor, who always inspires.
• ActiveRecord::PGEnum - A gem that lets you use real PostgreSQL ENUM types to back Rails enums.
• AWS Security Hub - Being pitched to enterprises but it looks to me like a lot of small sites could slide into pretty cheap pricing.
• New – VPC Traffic Mirroring – Capture & Inspect Network Traffic - I wonder if you could use this new AWS capability to route a copy of production traffic to a next-generation dark test site?
• The Secret of Good Electron Apps - Do as much work as you can locally in the background. Sample implementation code is included.
• Cypress Framework: The Swiss Army Knife for your Tests - "Cypress is an all-in-one testing framework that includes mockups, libraries and automated E2E tests without using Selenium." At least if you're using React, Vue, Angular or the like.
• Debugging Your Startup: What to Do When Things Aren’t Working - Advice for & from startup CEOs.
• Introducing Elastic SIEM - Elastic is branching out of generalized search, starting with a security information & event management product.
• I’ve spent 5 years writing a JavaScript framework on my own. - An introduction to Typescene, a framework written in TypeScript.
• GraphQL - The Pros and the Cons - Everybody likes a good pros & cons article.
• Without a GUI--How to Live Entirely in a Terminal - It can be done. If nothing else, this article introduced me to w3m.
• pg_insights - "Convenient SQL for monitoring Postgres database health." Yes please.

Double Shot #2378

Jul 3, 2019

• Ladybug Podcase - "Debugging the tech industry" from four women whose Twitter feeds I quite enjoy. Looking forward to this one.
• Ageism in Effect: The Earnings Ceiling for Tech Professionals Over 40 - Some hard data from Hired.com.
• What’s new in Streamline 3.0? - A ton. 10000+ icons in 3 different weights with integration to your design process for $274.
• macOS Catalina first look: goodbye, iTunes; hello, iPad apps on Mac - I would really like Apple to ship a professional OS as an option to installing this crap.
• Floppycasts - 1.44MB Podcasts - How to put half an hour of audio on a floppy disk. I knew I was saving them for something!
• Project Oak - "The goal of Project Oak is to create a specification and a reference implementation for the secure transfer, storage and processing of data."
• Announcing Square’s New Ruby SDK - If you're using Square from Ruby it's time to think about updating your code, because this looks much nicer than the old way.
• Onivim 2 - "Onivim 2 aims to bring the speed of Sublime, the language integration of VSCode, and the modal editing experience of (neo)vim together, in a single package." Currently in a pre-alpha state.
• Making Technical Decisions - Learning from some mistakes in building web applications.
• Slack Importer - Build a Keybase team from your existing Slack team.
• Understanding Array.prototype.flatMap - I'm glad people like Laurie are keeping up with new JavaScript so they can explain it to me.
• Awk by example - "An intro to the great language with the strange name". Oldie but goodie.

Double Shot #2377

Jul 2, 2019

• Coaching tool: The ORG team building model - A model and set of actions to help you coach teams to their best.
• There and Back Again, A GraphQL Lifecycle Tale - Looking into the plumbing of how request gets to response.
• Mastery with SQL - "A hands-on practical course for anyone who wants to learn modern SQL" presented through videos & exercises. Intro pricing $49, which looks like a bargain to me.
• Enough With the Service Objects Already - Sometimes a procedure can just be a procedure.
• Desktop Institute - "Researching a better desktop environment" by looking at what's out there now in the open source and commercial worlds.
• On Ruby and type checkers - "To me, static type checking is a form of ceremony. The bigger a team is, the more ceremony needed." This is a statement I broadly agree with.
• Eleven - Nothing to do with my varied professional interests, but I was excited to see a plan to bring back Glitch. It was always much better than Slack.
• Elixir v1.9 released - I'm not currently using Elixir but I still keep half an eye on it. 1.9 adds self-contained releases to the core.
• I'm worried about Ruby future - There are some disconnects between Ruby core and some of the community.
• Instance Variable Performance - A deep dive from Tenderlove.
• Debugging the .gitignore file - There's always one more git command to learn.
• Makings of a Modern Risk Management System - How one company is combining machine learning with actual people.

Double Shot #2376

Jul 1, 2019

• Some career advice. - Notes on navigating a software career from the author of An Elegant Puzzle.
• Startup idea checklist - A collected set of questions to help you determine whether your idea might turn into a company.
• No Ageism in Tech - A listing of age-friendly companies.
• When Developers Disagree - Ways to help a team have more functional conflict.
• How to Fix Your Tech Interview to Increase Diversity - A collected Twitter discussion to help move hiring to a less-broken state.
• Configuring Amazon ElastiCache for Redis for higher availability - I need to think about doing this.
• Principles of Designing & Developing an API Product [Part 2 of 4] - Part of a series from Pivotal.
• Messages on Rails Part 3: RabbitMQ - A look at how to integrate RabbitMQ and supporting gems with Rails applications.
• Launch: Autoscaling Sidekiq on Heroku - A nice new feature for Rails Autoscale customers.
• Reinventing Firefox for Android: a Preview - "With Firefox Preview you’re browsing the mobile web faster, more efficiently and more privately."
• Connecting to Your Linux Instance Using EC2 Instance Connect - A useful update to SSH security for AWS users.
• npm 6.9.1 is broken due to .git folder in published tarball - If you updated to this version you're kinda screwed.

Double Shot #2375

Jun 28, 2019

• Fullstaq Ruby Beta - A new binary Ruby distribution from Phusion, memory-optimized for production servers.
• A Scoop of Sorbet - First Impressions - Brandon Weaver dives into the new Ruby type-checking library.
• Postgres 12 highlight - SQL/JSON path - This is starting to bring back memories of the xmlpath stuff I had to deal with in my .NET days. They're not good memories.
• Why I don't use web components - Because they're a bit of a mess.
• SSH gets protection against side channel attacks - Well, it does if you're using OpenBSD.
• Introducing time.cloudflare.com - A new publicly-available NTP server with NTS support.
• catj - "Displays JSON files in a flat format." This makes it easier to find the path to an element you need.
• Dreams and Realities in the SDLC - All too true.

Double Shot #2374

Jun 27, 2019

• Now GA: MariaDB Community Server 10.4 - With non-blocking DDL operations. Some of my former coworkers should be happy with that.
• Google to reimplement curl in libcrurl - A look from the maintainer of curl.
• Before You Use a Password Manager - They may not be for everyone but boy howdy are they a step forward for most of the internet users I know.
• How to write great container images - Guidance for Dockerfiles.
• I Git it! - Some aha! moments with git.
• Hylia - A "lightweight Eleventy starter kit to help you to create your own blog or personal website."
• Getting 2FA Right in 2019 - Basically, it's still a mess.
• Open-sourcing Sorbet: a fast, powerful type checker for Ruby - So far I don't think I'll use this, but perhaps I'll change my mind. And I say that as someone who has used type-checked languages in the past. In practice, I almost never get bit by a type error.

Double Shot #2373

Jun 26, 2019

• Pull Panda - GitHub bought this PR management addon, so now it's free.
• The future of diversity and inclusion in tech - There may be light at the end of the tunnel, but it's still a long ways off. A survey of where we are in this important area.
• Help me do my best work - A template to help teams communicate.
• Everything You Need to Know About Date in JavaScript - The word "craptacular" comes to mind, but this is a nice roundup of how to work with the mess.
• Go Creeping In - Thoughts from Tim Bray. If I do decide to learn another language, Go is a strong contender.
• Web Single Sign-On, the SAML 2.0 perspective - If you're just getting into SSO, here are some guideposts.
• macOS-Simple-KVM - "Documentation to set up a simple macOS VM in QEMU, accelerated by KVM." I suspect this is not 100% legal.
• Forget monoliths vs. microservices. Cognitive load is what matters. - Thinking about team interactions to build complex software.

Double Shot #2372

Jun 25, 2019

• HAProxy 2.0 and Beyond - What's up with this new load balancer release.
• rga - "ripgrep, but also search in PDFs, E-Books, Office documents, zip, tar.gz, etc.," built on top of ripgrep itself.
• Sustainable Web Manifesto - A pledge to work on the web in a way that is better for the world.
• So you think Scrum = Agile training wheels? - The author doesn't think the analogy makes sense.
• API Platform - A "REST and GraphQL framework to build modern API-driven projects" build on PHP on the server side.
• In defence of the technical interview - A reasonable case for algorithmic code challenges as part of an interview, but I'm not 100% convinced.
• The Rise and Fall of Visual Basic - This one brought back a ton of memories from my pre-open-source days.
• Introduce support for ActionView::Component - The master branch of Rails never stands still. Looks like we're getting a framework for creating reusable components.

Double Shot #2371

Jun 24, 2019

• Rails ActionCable  - the good and the bad - A reasonably balanced evaluation from a vendor who offers a more robust commercial messaging platform.
• slim - "slim will build a micro-vm from a Dockerfile. Slim works by building and extracting a rootfs from a Dockerfile, and then merging that filesystem with a small minimal kernel that runs in RAM."
• Games and Graphics in Popup URL bars - A low-res animated emoji canvas built from multiple pop-up windows. Please don't do this.
• List of (Advanced) JavaScript Questions - A frequently-updated site to increase your JS knowledge.
• When should you be using Web Workers? - If you're targeting low-end devices (and you are, if you're a popular web site), the answer is probably yes.
• How to set up a serious Kubernetes terminal - A few tools you should know if you're heading down the k8s path.
• One liner npm package "is-windows" has 2.5 million dependants, why on earth?! - A reddit thread that goes deep into the swamp that is NPM. Depressing stuff.
• Every Layout - Learn how to do CSS layouts in a sensible, modern way.

Double Shot #2370

Jun 21, 2019

• Why Dark Gray is Brighter than Gray In CSS - Because reasons.
• VLC 3.0.7 and security - The new release of VLC comes with some reflections on bug bounties.
• What's new in Soulver 3? - Quite a bit. I reach for this enhanced MacOS calculator app quite frequently, and I'm glad to see it remaining a viable business.
• Make the Most of your Browser’s Address Bar - Why yes, you can set up custom shortcuts in your browser.
• Graviton: A Minimalist Open Source Code Editor - A fresh Electron-based editor.
• Home .git - How and why to version the contents of your home directory.
• Weird Ruby: Block Comments - A vestige of perl in Ruby.
• The DevOps Phenomenon - An "executive crash course" on modern development practices.

Double Shot #2369

Jun 20, 2019

• Things I Learnt The Hard Way (in 30 Years of Software Development) - I don't necessarily agree with all of these points, but I'm heartily in favor of thinking and learning.
• IPFS, Again - IPFS seems like a nice idea but implementing it from scratch is still a bucket of pain.
• Framework for an Observability Maturity Model - A white paper from Honeycomb with plenty to chew on.
• I never liked technical interviews - An argument for centering things on the interviewee, not the interviewer. I'm on board with this.
• Project Svalbard: The Future of Have I Been Pwned - HIBP is growing beyond what one guy can handle. Frankly I'm amazed that it got this far with Troy Hunt doing everything. Thanks, Troy.
• Micro Frontends - The ThoughtWorks view of what this means.
• Always. Own. Your platform. - This is why I stick with my own hosting and RSS.
• "You are my victim"​: An Analysis of fear-based enriched extortion attacks - Just when I thought I'd seen all the twists on phishing...

Double Shot #2368

Jun 19, 2019

• Octolinker - Browser extension to add some nice automatic hyperlinking to GitHub repos.
• keys.openpgp.org - There's a new OpenPGP key server in town.
• Pika - A CDN for JavaScript designed not to download polyfills when they're not needed by the current browser.
• The ideal DevOps team structure - How communication, leadership, and specialization can play into figuring out what's ideal for your own organization.
• Shift Left Testing: How to end the tester vs. dev war - Pushing QA upstream in the process helps keep everyone aligned.
• Why ['1', '7', '11'].map(parseInt) returns [1, NaN, 3] in Javascript - Because computers hate us, of course.
• 3 Powerful Examples of Destructuring Assignment - But some JS is actually nice.
• Advice From A 19 Year Old Girl & Software Developer - A nice bit of inspiration for beginning developers.

Double Shot #2367

Jun 18, 2019

• Engaging Stakeholders with Opportunity Solution Trees: 3 Tactics to Try - Using an agile visual aid for product discovery.
• From monoliths to the modern web - The great unbundling - Thoughts about the history & future of static site design.
• -
• 7 Principles That Helped Us Bootstrap a 7-figure Business - Notes from a co-founder at Gleam, which has grown well without VC nonsense.
• Use Honeycomb to trace ActiveRecord calls inside of ActiveJob - I'll probably need this some day.
• 7 Reasons I'm Sticking With Minitest and Fixtures in Rails - Somehow using the defaults has become the contrarian view.
• Introducing the new HTML element - welcome <clippy>! - Or at least, introducing another example of Google's arrogance.
• Analysis – Using materialized views in Rails and PostgreSQL - I might actually have a perfect use case for this. Time to dig in.

Double Shot #2366

Jun 17, 2019

• Corporations and open source: why and how - Investigating the (lack of) incentives, and a plug for Tidelift.
• How my distributed team communicates so no context is left behind - Some advice and tips from an engineering lead at CircleCI.
• Strapi - Open-source Node.js CMS.
• The State of Developer Ecosystem 2019 and 2019 Open Source Database Report and State of CSS 2019 - A few sets of detailed survey results to poke through.
• Creating a Collaborative Editor - A look at some of the hard work that actually goes into implementing CRDTs.
• Comparing LibreOffice 6.2 Versions: AppImage, Flatpak, and Snap - Bottom line: they all work (and I wish they were more used, but that's another story).
• Ruby 2.7: The Pipeline Operator - Meh.
• Ship Your Enemies GDPR - Using the web to weaponize poorly-designed laws.

Double Shot #2365

Jun 14, 2019

• Multi-team Software Delivery Assessment - A "simple, easy-to-execute approach to assessing software delivery across many different teams within an organisation."
• Unwalled.Garden: souped-up RSS for P2P social apps - "Unwalled.Garden is a files-oriented protocol for building open social applications." It's being implemented in the experimental Beaker browser.
• gatsby-gitbook-starter - A starting point for documentation and tutorial sites.
• Node.js MongoDB Tutorial - Not the most popular choice but probably worth being familiar with.
• Automatic merge of GitHub security fixes - Using Dependabot and Mergify together.
• Observability Doesn’t Work in Dev - An argument that the dev tool stack is falling behind and slowing us down.
• Hold My Beer - Will SoftBank be the trigger for the next big online crash? Maybe so.
• AdTech Sucks - Confessions of an ex-AdTech developer.

Double Shot #2364

Jun 13, 2019

• CSS Grid Level 2 – subgrid is coming to Firefox - I don't even understand Level 1. Behind again.
• Arc - Donate some of your bandwidth to create "a community-powered CDN that crowdfunds websites and rewards users, without ads."
• Introducing Inkdrop 4 - A cloud-backed Markdown editor & note storage solution.
• CSS Grid: No Nonsense Layouts - Perhaps it's not too late for me to learn Level 1!
• Dash for Slack - Support for temporary channels. Nice idea; channel sprawl has been a real problem for me in past usage.
• Plot to steal cryptocurrency foiled by the npm security team - To be honest I don't feel all that good that NPM's security model is apparently "we try to notice when people break in through the unfixable holes in this mess we've created."
• Termius - SSH client designed as an app with good mobile support.
• Agile is a Crunchy Nut Frog (and some dirty secrets) - What, you thought it was all rainbow-farting unicorns?

Double Shot #2363

Jun 12, 2019

• Mastering Programming - Kent Beck enumerates habits and thought processes that he's observed in master programmers.
• The Dark Side of Dark Mode - "But for the vast majority of people, the science is pretty clear—Dark Mode can hurt your productivity."
• semantic - "semantic is a Haskell library and command line tool for parsing, analyzing, and comparing source code." Recently open-sourced by Github.
• Logidze - Track database changes directly using triggers instead of application code.
• Heads-down DevOps - A reminder that change comes from many people, not just the well-known conference speakers and bloggers.
• Learn git concepts, not commands - I certainly would have been personally better off if I'd developed a mental model of git a decade or so sooner.
• aerc - "The world's best email client," at least if you're the sort of person who delights in keyboard-driven tools in the terminal.
• Apple replaces bash with zsh as the default shell in macOS Catalina - It'll be interesting to see how many opaque cookbook support answers from random people on the internet this breaks.

Double Shot #2362

Jun 11, 2019

• When you want to quit - Some ways to get through the inevitable hard times when you're just learning to be a programmer.
• Phishing attacks that bypass 2-factor authentication are now easier to execute - More and more SMS 2FA is looking like a bad idea.
• Rails 6 boot sequence - What happens when you fire up that new application for the first time.
• The Secret to Being a Better Boss: Create a “How to Work With Me” Manual - I'm conflicted about this sort of thing. As an employee it feels like useful information, but also like all the burden of building a working relationship is on me and none is on my manager.
• When it comes to privacy, default settings matter! and Technology with respect and honesty. Here’s how we do it. - Mozilla is beating the privacy drum pretty hard these days. I like it.
• An update on last week's customer shutdown incident - A post-mortem from DigitalOcean on a problem that was largely process rather than technology.
• Plausible Deniability and Gaslighting in Fighting Ad Blockers - No one should be really surprised that Google wants to use its browser dominance to protect its ad business.
• the “future of work” is here… so why aren’t more companies remote-first? - If you're a budding CEO you really ought to think about this stuff.

• ← Newer Posts
• Older Posts →

subscribe via RSS