Happy New Year!

• Testing Microservices, the sane way - One of the best online essays I've ever had the pleasure of reading. Essential if you're involved in a microservice transition (and who isn't?).
• Engineering management stuff I learned in 2017 - From a manager on Stripe's infrastructure team. A bit cryptic but there are interesting things on both the people and computing side here.
• 2017, The Flood of CVEs - If you think there have been lots more reported vulnerabilities this year, you're right.
• Stimulus - "A modest JavaScript framework that works with the HTML you already have," apparently extracted from Basecamp (so presumably works well with Rails' opinions).
• SecLists - Useful lists for security assessments.
• Programming Cryptocurrencies and Blockchains (Book Edition) - Ebook in progress.

• Ruby 2.5: Ruby’s Christmas Release is Here! - Some notes on new stuff including IRB enhancements.
• Ruby 2.5.0 upgrade remarks - This one focuses on some "gotchas" that you might hit when upgrading.
• The Tampio Programming Language - An "object-oriented programming language that looks like a natural language – Finnish." This is what life is like for your non-native-English-speaking friends trying to work in Ruby.

• A Practice Guide to (Correctly) Troubleshooting with Traceroute - Probably more than you really wanted to know.
• Zam - Another entrant in the JS library sweepstakes, this one promising DOM traversal, event handling, and Ajax while remaining as "vanilla as possible."
• What’s new in Ruby 2.5 - Lots of nice little tweaks for your code.

• Ten years in, nobody has come up with a use for blockchain - Bitcoin et al really aren't good for much besides proving "greater fool" theory, you know.
• Awk in 20 Minutes - Just enough awk to be dangerous.
• A Better Online Experience - Guide to setting up MacOS for better privacy, security, and speed.

Merry Christmas-ish! Two thousand of these things. Habits will eventually make you an institution.

• Ruby 2.5.0 Released - The Christmas present some of us were expecting did indeed arrive.
• Agile’s Three Leaps of Faith - Sometimes you need to suspend your disbelief to make progress with agile.
• Gitmoji - A guide to emojis for use in commit messages. Or, as I taught my children, you could use your words.
• Introducing Pointed - Mock HTTP backends as a service.
• Termipal - JavaScript GUI builder for adding a pretty face to MacOS terminal applications.
• Scott Galloway Says Amazon, Apple, Facebook, And Google should be broken up - Amen. I wish I believed it could actually happen.
• Fireworq - The obligatory "q" is a tip-off that this is "a lightweight, high-performance, language-independent job queue system."
• Danger - Automated code review chores during your CI process.
• Zen Rails Security Checklist - A depressingly long list of things that you should worry about.
• NetSPI SQL Injection Wiki - A "one stop resource for fully identifying, exploiting, and escalating SQL injection vulnerabilities."
• The Presence Prison - Do your coworkers and boss really need to know in real-time if you're paying attention?
• Alva - Interactive design tool that lets engineers & designers share the same components (as long as your components are built in React, anyhow).
• Pine - A "hassle free .gitignore manager" that draws on GitHub's repo of .gitignore files. I didn't know editing a file was a hassle, or that such a repo existed. Live and learn.
• Rust for Rubyists - A comparison of idiomatic patterns.
• Untangling Jenkins - Some lessons learned sorting out a CI process.
• Security warning for Thunderbird users and Enigmail users: vulnerabilities threaten confidentiality of communication - A security audit says "don't use RSS feeds in Thunderbird right now."

• Oh shit, git! - Helpful recipes for getting out of trouble.
• Chrome 63 changing http to https - If you're staying up to date on Chrome, you need to switch away from local .dev domains.
• Internet Chemotherapy - The saga of BrickerBot.

• Welcome to the Future of Thunderbird - Yes, the Mozilla email client is still being developed. There's even a recent beta.
• Why you're having trouble hiring developers - All the things that employers say in interviews to minimize their chances of hiring anyone.
• Using the Add-Host Flag for DNS Mapping within Docker Containers - A useful switch for wiring Docker containers together.

• The Last JSON Spec - Well, maybe. At least this one makes it clear that UTF-8 rules the roost.
• RemoteRetro - Self-hosted web application for agile retrospectives.
• Drone-Ver - Best software versioning system ever.

• Ruby 2.5.0-rc1 Released - Looks like we're still on track for a Ruby Christmas present this year.
• CVE-2017-17405: Command injection vulnerability in Net::FTP - More not-nice things in Ruby.
• Mount Stupid - Things you can try to get more functional communication in your team.

• REST is the new SOAP - A rant. Rants are always fun. And as a user at one time or another of SOAP, RPC, and REST, I enjoyed this one.
• RubyMine: Code Insight for Ruby and Rails -Why you might want to use an IDE for Rails development. Sponsored by an IDE vendor, but still worth reading.
• Automating Your Oncall: Open Sourcing Fossor and Ascii Etch - Server diagnostic tools from LinkedIn Engineering.

• NoMouseAllowed - MacOS software to punish you for touching the mouse.
• PhishMe Holiday Bundle - Free security awareness training from my current employer.
• The State of JavaScript 2017 - A survey looking for responses.

• Kubernetes Best Practices - I don't know enough about Kubernetes to know whether this makes sense, but I do think it'll provoke some discussion in my current scrum team.
• Just watch this - Yes. Do. And then think about what you can do to help take our profession back from the jerks.
• Announcing AWS Single Sign-On (SSO) - Amazon does SAML/
• -
• -
• -
• -
• -

• 5 Things I wish I’d known as a developer - There's more to successful software than just writing code.
• Some SpiderMonkey optimizations in Firefox Quantum - Low-level JavaScript wonkery for fun & profit (and speed!).
• AntidoteDB - "A planet-scale, available, transactional database with strong semantics" Also an experimental/academic project so I don't think I'd bet the farm on it.

• Introducing Conduit - Lighter-weight alternative to linkerd as a service mesh for Kubernetes.
• Parcel - "Blazing fast, zero configuration web application bundler"
• Your career is your responsibility - Some professional growth tips for developers.

• Nebula Container orchestrator - "Nebula container orchestrator aims to help devs and ops treat IoT devices just like distributed Dockerized apps."
• Sandboxing ImageMagick with nsjail - Reducing the chance of an attacker using ImageMagick as a vector.
• How To Tell If Your Linux Server Has Been Compromised - And what to do if it has (spoiler alert: wipe it and start over).

• Every feature considered harmful: debts in software development - A pessimistic view of the software development process. Or maybe it's a realistic one.
• Using elasticsearch in a Rails application - A basic tutorial.
• Building a DSL in Ruby — Part 1 - Enough metaprogramming to start building your own version of Factory Bot.

• Unapocalyptic Software - Tim Bray argues that software development has matured, and there's no collapse on the horizon. I think he's probably right.
• A Year of Developer Journals with jrnl.sh - Regardless of what tool you use, keeping a developer journal is an important practice for backtracking your steps. I use a set of files in my text editor, personally.
• Why your programmers just want to code - An analysis of one of the many ways to screw up onboarding new developers.
• Git PSA: git-rev-parse - A gateway to more advanced git knowledge.
• How I automated my team’s agile and Scrum processes with Scrumile - Review of a tool to make managing agile on top of JIRA less painful.
• MyRocks - Use RocksDB as a storage engine for MySQL.

• Amazon EKS - It's getting increasingly safe to say "Kubernetes Wins."
• The Power Of tmux Hooks - Advanced customization for heavy tmux users.
• Smarter Rails Services with Active Model Modules - How to use the ActiveModel machinery without database persistence.
• Joplin - Open-source note-synching software that includes import from Evernote and clients for Windows, macOS, Linux, Android and iOS.
• Blockchain Graveyard - Why anyone puts money into this crap is beyond me. Prediction: in 20 years blockchain is going to be right up there with social media on the "what WERE we thinking?" list.
• Google APIs Explorer - There are many of them.
• Breach Insider - Security breach monitoring as a service.

• Products Over Projects - A ThoughtWorks piece on why stable, long-lived teams focused on business issues deliver better than teams that come together for a single project.
• ComfortableMexicanSofa - CMS in a gem, just updated for Rails 5.2.
• Talking to ActionCable without Rails - Using plain JS from a React application.
• AWS Cloud9 - Cloud IDE from Amazon that can be used with any server supporting SSH, not just AWS EC2 instances.
• https://docs.djangoproject.com/en/2.0/releases/2.0/ - I'm not a Django guy, but hey, major versions deserve some love.
• Books from Phoenix Inside Out series - A deep dive into the Phoenix web framework.
• Kubernetes: Getting Started - Something I may need to do soon enough.

• One Bite At A Time: Partitioning Complexity - Strategies from Kent Beck for programming without having a brain the size of a small planet.
• Developer’s Guide to Successful Distributed Teams - Ideas from Backerkit, some of which I like, some of which I don't. I think they may have optimized for extroverted remote developers.
• Empowering teams to build great products - A plug for "autonomous teams" within an overall corporate framework. I suspect the current cash glut in software is part of what makes this possible, but I could just be a curmudgeon.