Labnotes

Published on

Muselk "Whoever designed this floor is evil. THATS A FLAT CARPET."


Design Objective

Optical Effects in User Interfaces (for True Nerds) How to make optically balanced icons, correct shapes alignment, and perfect corner rounding.


Tools of the Trade

Tobie Langel "Finally captured a picture of the @github octocat in its natural habitat."

Relicensing React, Jest, Flow, and Immutable.js The developer community has spoken, and Facebook is backing down and relicensing some of its open source technologies. No mention of GraphQL. I've seen many reactions from people who didn't understand how that patent clause works, so encourage you read 3 Points to Consider.

mozilla/valence First extensions, now Mozilla wants developers to embrace Firefox as drop-in replacement for Chrome:

Mozilla no longer maintains this project. Cross-browser remote debugging is still a priority. To enable browser/device agnostic inspection and debugging, we intend to make our tools be directly compatible with the Chrome DevTools Protocol.

Probot Github apps you can install with a single click.

Patrick McKenzie 🤔

Every time Git/Github/continuous integration/etc causes me to need to push a vacuous commit to trigger something I do a doc update instead.

This is rapidly producing the best, most consistent documentation progress of my career.

Dmitri Sotnikov "deploying Docker Compose to production"


Web-end

Dan Abramov Summary of reasons not to use React. React is a great, but also not a fit for every project, the thing is the hype is so strong right now, lists like this need to be made and shared:

It is JavaScript-centric. If you don’t want to learn JavaScript, it is harder to work with than template-centric libraries.

It has a larger runtime than some libs so if you’re building something sensitive to that (e.g. embed widgets), may want to look elsewhere.

David Smith "Probably my favorite thing is the look of horror people get when I point out this section of the SVG 1.2 spec (yes, the image format)"


Lines of Code

Sarah Mei "What if we design the test code, and let the code code fall out from there?"

I want some way to explicitly apply software design to tests, so we can let changes there drive parallel changes in code to make them green.

It's sort of like Conway's Law for testing. Your code recapitulates the structure of your tests.

Therefore, to make changes, you want to manipulate the source - the tests - and let that recapitulation happen to make them pass again.

Never Give Up, Retry: How Software Should Deal with Failures An introduction to retry logic.

The art of destroying software Going to watch this again today.

Vranac Srdjan 🐉

YOU ARE IN A LEGACY CODEBASE
> RUN TESTS
YOU HAVE NO TESTS
> READ SPEC
YOU HAVE NO SPEC
> WRITE FIX
YOU ARE EATEN BY AN ELDER CODE HACK.


Architectural

Multiple Perspectives On Technical Problems and Solutions Why and how Etsy runs an architecture review process:

In other words, engineering (as an activity) does not have “correct” solutions to problems. As an aside, if you’re looking for correct solutions to problems, I’d suggest that you go work in a different field (like mathematics); engineering will likely frustrate you.

Breaking Up the Behemoth Does your codebase has that one piece of logic that no developer dare touch? What are you doing to fix that?

A 5,000 line class exerts a gravitational pull that makes makes it hard to imagine creating a set of 10 line helper classes to meet a new requirement. Make new classes anyway. The way to get the outliers back on the green line where they belong is to resist putting more code in objects that are already too large. Make small objects, and over time, the big ones will disappear.

Radoslav Stankov 👍

When a feature is very hard to implement, do something else make the feature easier, then do it. This tactic have saved me countless hours


Locked Doors

Security Researchers Lose Faith in HTTP Public Key Pinning In retrospect, a bad idea and browser vendors should remove this feature:

It turns out that certificate pinning can cause more harm than good because it’s hard to configure and getting it wrong can leave websites inaccessible. On top of that, hackers can also potentially abuse it for ransomware-like attacks.


None of the Above

Apple blocking ads that follow users around web is 'sabotage', says industry Of course advertisers feel that way. Also, fantastic new feature, may Chrome follow soon.

Screen-Shot-2017-09-23-at-9.47.42-AM

Octlantis: the underwater city built by octopuses "In Australia, the species has been seen to congregate, communicate and even evict one another at a site marine biologists call Octlantis."

Scientists Can Now Repaint Butterfly Wings Wow CRISPR:

By deleting the optix gene in a wide variety of butterflies, team member Linlin Zhang showed that red parts of the wing consistently turn black. The Gulf fritillary transforms from a vivid orange insect into a dark inky one. The small postman loses the vivid red streaks on its hind wings.

Magic Sudoku This app takes the fun out of solving Sudoku, but wow AR. Watch the video:

Anatomy of a Moral Panic Why is Channel 4 frightening us about high-school science projects?

The real story in this mess is not the threat that algorithms pose to Amazon shoppers, but the threat that algorithms pose to journalism. By forcing reporters to optimize every story for clicks, not giving them time to check or contextualize their reporting, and requiring them to race to publish follow-on articles on every topic, the clickbait economics of online media encourage carelessness and drama. This is particularly true for technical topics outside the reporter’s area of expertise.

ICOs are where the frauds will take place TL;DR "Anyone can promise anything and no one is overseeing it."

Alex Chaffee, 늙다리 미치 "Twitter is fun sometimes."

Published on

Emergency Kittens "chubby but mathematically perfect"


Design Objective

Mastering the Power of Nothing How to use whitespace in user interface design.

How to Design a Form Wizard "Wizards are best employed for long and unfamiliar tasks that the user needs to complete once or rarely."

Design for iPhone X New screen size and notch, explained.

The Uncomfortable A collection of deliberately inconvenient everyday objects (thanks, drewish).

Dylan Beattie 🇪🇺 😂

"Yeah - there's already a user legend for that."
"A what?"
"A user legend. It's like a user story, but for stuff we know will never happen."


Tools of the Trade

Sublime Text 3.0 Hundreds of new improvements under the hood, including goto definition, new syntax highlighting engine, new UI, and expanded API.

Comlink Tiny RPC library that works on windows, iframes, WebWorkers and ServiceWorkers.

Understanding & Measuring HTTP Timings with Node.js TL;DR Node.js fires socket events for DNS lookup, TCP connection, and TLS handshake.

fastify A Node.js framework for building fast JSON APIs.

On React and WordPress WordPress is the latest to ditch React due to licensing issue.

iPhone X leaked benchmarks match MacBook speeds and destroy Android phones This pocket device will be faster than a MacBook Pro!

OSTIF Official Adding insult to injury:

Equifax uses open source software that it in no way contributes to, to protect $14B of data.

Equifax blames OSS for hack.

Don't be Equifax

The Coder's Coloring Book 🖍


Web-end

htmlreference.io HTML reference with code samples and live demos. Also check out cssreference.io.

The Ultimate Guide to CSS caniuse for HTML emails.

css-variables User Agent properties and variables #1693 Introduces safe-area-inset-top, safe-area-inset-right and friends, because we need new CSS properties to style around the iPhone X notch. Sigh.

Ben Schwarz 🇦🇺 The next big thing in server-side rendering:

A react plugin that pretenders your site to deliver a screenshot of the site with image map for links

SwiftOnSecurity Related:

When u realize it'd be faster for news websites to just send you a screenshot rather than download 8 megs of JavaScript and render the page


Lingua Scripta

Using ES modules natively in Node.js ES modules coming soon to a Node.js near you.

What's new in Node.js 8.5? ES modules, performance hooks, and file copy.

“Elements kinds” in V8 Avoid sparse arrays, reading beyond end of array, and polymorphism (= shape shifting is slow).


Architectural

Ruthless Prioritization This article is one gem after another. My favorite:

there is always a way to accomplish your goal faster than you currently plan to.

Akeem Adeniji Proud to be a member of this club:

first rule of software development club: don't promise shit. deliver, always deliver but don't promise anything!

Mikeal Rogers What happened to OpenStack also applies to Kubernetes:

Thread: Enterprise adoption w/o downmarket adoption signals a short lifecycle and quick death.

Yes, this is also true for kubernetes.

11 great quotes from The Tao of Programming Words to live by: "Though a program be but three lines long, someday it will have to be maintained."

Eustáquio Rangel Bespoke architectures:

Seems today instead of "make your blog in 15 minutes" the hype is "make your blog in 15 containers". What happened to the simple things?


Devoops

Sysadmin war story: “The network ate my font!” Caching meets "why is this setting not enabled by default?"


Peopleware

Russell Keith-Magee Phrasing:

OH: It's not "hard" skills vs "soft" skills - its "technical" vs "professional" skills.


Locked Doors

Face ID, Touch ID, No ID, PINs and Pragmatic Security Is the best writeup I've seen on Face ID and it's threat model:

Face ID: for 99.x% of people, their "threat actors" are people who steal their phone at a bar. For everyone else, don't use biometrics.

How a fish tank helped hack a casino What? "The hackers attempted to acquire data from a North American casino by using an Internet-connected fish tank."

Ayuda! (Help!) Equifax Has My Data! Remarkable attention to security:

The “list of users” page also featured a clickable button that anyone authenticated with the “admin/admin” username and password could use to add, modify or delete user accounts on the system.

Joseph Menn So true:

"You are already getting a free pen test, you just aren't getting the report," --@k8em0, #InternetSummit


Techtopia

facebook, you needy sonofabitch "They’ve gotten so brazen in their tactics to keep users engaged (ENGAGED!) I think it’s no longer possible to be a casual Facebook user."

Raj Sivaraman "DO NOT HELP GOOGLE FIND SARAH CONNER."


None of the Above

Kengarex "This Mural Was Painted Upside-Down To Reflect Off Of The Water"

Chimamanda Adichie 🙏

May Your CV reach the Right Hands.

That Delta Plane Flying Straight Through Hurricane Irma was NBD Amazing: "In fact, the real daredevil work happened before takeoff—and even before the plane landed in San Juan."

Ryan Teague Beckwith Government, 2017 edition:

Under the Constitution, the House tweets. If the Senate retweets, it goes to the President, who favs it into law.

Chris Chaten How the events of 9/11 led to the development of mobile check deposits.

Equifax’s Maddening Unaccountability This must change:

There are technical factors that explain why cybersecurity is so weak, but the underlying reason is political, and it’s pretty simple: Big corporations have poured large amounts of money into our political system, helping to create a regulatory environment in which consumers shoulder more and more of the risk, and companies less and less.

Channel 4 Confirmed:

BREAKING: The world's problems will not be solved by arguing with strangers on Twitter. We'll update you when we have more on this story.

Facebook Enabled Advertisers to Reach ‘Jew Haters’ It's a tiny category, but the fact that such categories even exist …

Autumn Williamson Always be creating:

Published on

Jaguar has restored this old E-type with an electric upgrade Classic styling and all new wirings.


Design Objective

Little UI Details The little details that make a big difference:

Adding a subtle shadow to white text when on a bright background not only makes it more legible but helps it 'pop' more.

Flat UI Elements Attract Less Attention and Cause Uncertainty Use strong signifiers, and declutter the UI:

The problem is not that users never see a weakly signified UI element. It’s that even when they do see the weak element, they don’t feel confident that it is what they want, so they keep looking around the page.

These findings also confirm that flat or flat-ish designs can work better in certain conditions than others. As we saw in this experiment, the potential negative consequences of weak signifiers are diminished when the site has a low information density, traditional or consistent layout, and places important interactive elements where they stand out from surrounding elements.

Floating Labels Are Problematic Highlights some problems with floating labels, a follow up to Placeholders are problematic.

Baz Scott "From the Apple chess engine code 🤣🤣🤣" (via eran)


Tools of the Trade

1Password command-line tool: Getting started You can now automate 1Password from the command line:

op get item WestJet | jq '.details.fields[] | select(.designation=="password").value'

fasttext-node Node wrapper for Facebook's text classifier FastText.


Web-end

Building Skeleton Screens with CSS Custom Properties Skeleton screens should have fast time to first meaningful paint, easy with a little bit of HTML and critical-path CSS.


Lingua Scripta

James Kyle Unfortunately, ESLint has the opposite rule:

Async-await footgun pointed out to me last night by @bassjacob: Always return await or if you wrap with try-catch it won't be caught


Architectural

Michael (Doc) Norton This:

The gap between "Here's what worked for us" and "Here's what you should do"
is often perceived as tiny but is usually absolutely massive.

David Andress "This is a very important general point: people are far too inclined to believe that a crisis averted was never a crisis at all."


Peopleware

A Sense Of Urgency On balancing the RAMPS forces:

a very common question: managers turn to me and say, "my team lacks a sense of urgency, how can i give them one?"
...
RAMPS -- Rhythm, Autonomy, Mastery, Purpose, and Safety. someone else said it better than me: make great software by making great teams.


Locked Doors

Equifax Breach Response Turns Dumpster Fire Yeah it's bad. They lost the identity data of about half the US population, sat on that information for over a month, while some executives sold shares in the company, and then had the audacity to opt people out of class action lawsuit.

Mel Tajon Bet you didn't see this coming:

Confirmed: I’m also able to unlock the Samsung Galaxy Note 8 with people’s Facebook profile pics and Instagram selfies from my iPhone…

A Simple Design Flaw Makes It Astoundingly Easy To Hack Siri And Alexa Apparently, voice assistants listen on frequencies that are not audible to humans, making this stealth attack possible:

The researchers didn’t just activate basic commands like “Hey Siri” or “Okay Google,” though. They could also tell an iPhone to “call 1234567890” or tell an iPad to FaceTime the number. They could force a Macbook or a Nexus 7 to open a malicious website. They could order an Amazon Echo to “open the backdoor” (a pin would also be required, an August spokesperson clarifies). Even an Audi Q3 could have its navigation system redirected to a new location.

KRANG T. NELSON 🛋

ME: and then there's this dumbass verification code thing. like, wtf

THERAPIST: this is $250/hr do u want to talk abt anything else

ME: no


None of the Above

Hervé Piton "Floppy disks have been gone for so long they've become almost mythical and people start to make up how they worked."

Patrick McKenzie Follow this thread for some tips on what to do when someone opens a credit card in your name.

It occurs to me that my hobby in writing letters about the Fair Credit Reporting Act is suddenly topical! So some quick opinionated advice:

Boston Red Sox Used Apple Watches to Steal Signs Against Yankees The snark just writes itself: another northeast sports team caught cheating, also, finds a practical use for the Apple Watch.

dontmakemechokeaginge.tumblr.com Collection of funny parent/child t-shirt pairings.

There are some crazy medical codes out there—here are the weirdest on record These are the ones that appear in insurance claims in the US:

Perhaps with all our eyeballs glued to phones and tablets these days, the oblivious walking accidents aren’t surprising. But barnyard animals have less of an excuse. In the last year, 1,700 people showed up with W5522: “struck by cow,” and 200 had W6132: “struck by chicken.”

zonohedonist 😹

cat: my human is broken
cat technical support: have u tried asking to be let outside, then asking to be let back in

Andy Jackson "Sign spotted in the depths of the @britishlibrary"

Published on

🌹PⒶVEL 🌹 "After you defeat all the other landscapers, you must face the final boss"


Design Objective

The One Question Great Designers Ask Hate the hyperbole, but agree strongly with the premise:

Not “How should it work?” But “How should it work?”

Ignore what everyone else is doing. Ignore what the engineers say is possible or easy to build. Start with a blank slate and then think through the ideal experience.

The Tiny Keyboard Problem: Do People Complete Forms on Their Phones? TL;DR "Users viewed forms at fairly similar rates between desktop and mobile, but were 81% more likely to submit on desktop."

Are app reviews worth reading? "Human beings are delightfully creative, and you never know how people might use a product out in the wild" and other insights from Dropbox reading their app reviews.

A quick beginner’s guide to drawing "The basic craft of drawing is about two things: you learn to control your hand and to see."

chen 🍄 🛌

my favorite design tool is sleep

Daniel Yount "head explodes"


Tools of the Trade

Rethinking drag and drop "Taking something basic and making it beautiful", but also responsive, accessible, fast, and properly tested. Check it out.

gmaster New Git client that goes above being a command line wrapper: side-by-side semantic diff, proper 3-way merge, and more. Currently for C#, C/C++, and Java.

Software development 450 words per minute What it's like to develop software using a screen reader. And here's what it sounds like going at 450 wpm:

farzher/fuzzysort Fast SublimeText-like fuzzy search for JavaScript.

Headless mode And Firefox just added headless browsing mode, and the WebDriver API, for all your testing/automating/scripting needs.

Developing from an iPad How to run bash, screen, Vim, and other 90's favorites on a modern day tablet.

Atmo A macOS/Windows app for mocking HTTP/S services, with logic in JavaScript, and single click deploy to Zeit's Now.

Meredith L Patterson

new sshd who dis


Lingua Scripta

Building a Maybe in JavaScript Easier than it sounds, but will this ever go popular/native:

const maybeOne = Maybe.just(5);
maybeOne.map(x => x + 1); // Maybe.just(6);

const maybeTwo = Maybe.nothing();
maybeTwo.map(x => x + 1) // Maybe.nothing();

mikeal/r2 The spiritual successor to the widely-used "request" HTTP client lib, based on the Fetch API, and designed for async/await (but why let and not const?)

let obj = {ok: true}

let resp = await r2.put('http://localhost/test.json', {json: obj}).json

Lines of Code

Merrick Christensen Alert fatigue is a real thing:

ProTip: Keep your console free of warnings and errors. Even if they are false alarms (mute/fix them). Getting used to errors will cost you.

Jeran Fox "Most Javadoc"


Architectural

Event Sourcing: What it is and why it's awesome Gentle introduction to the benefits of event sourcing (which in theory I really love, waiting for half decent tooling to arrive.)

Rob Mayoff Reminds me of some company I used to work for:

“Have you ever heard of ‘not-invented-here’ syndrome?”
“Yes, but we have our own term for it.”


Locked Doors

Obscurity is a Valid Security Layer When used correctly:

When the goal is to reduce the number of successful attacks, starting with solid, tested security and adding obscurity as a layer does yield an overall benefit to the security posture. Camouflage accomplishes this on the battlefield, and PK/SPA accomplish this when protecting hardened services.

What Being a Female Hacker Is Really Like Think I chose the wrong career path. When we're dealing with a major crisis, we get donuts delivered to the conference room:

On top of that, when there is a major cyber attack, you could be flown to the scene of the crime for crisis control, and, depending on the urgency of the investigation, you might even get upgraded to a private jet.

Inside an Epic Hotel Room Hacking Spree "A vulnerability in hotel keycard locks was a security disaster—and the opportunity of a lifetime for one burglar."


Techtopia

Using chatbots against voicespam: analyzing Lenny’s effectiveness If we could train chatbots to respond to voicespam, would it make voicespam too expensive and a thing of the past? (via @drewish)

social justice mage BART is trying to tell us something:


None of the Above

Emergency Kittens "i cannot believe "if it fits, i sits" transcends boundaries in this way"

Saron Know the stage:

I've spoken at a lot of tech confs over the years, and there are things that are normal now that really threw me off as a 1st-time speaker.

The Adorkable Misogyny of The Big Bang Theory "Adorkable Misogynists are male characters whose geeky version of masculinity is framed as comically pathetic … lets them off the hook for a wide range of creepy, entitled, and sexist behaviors."

Tara Mann Yes, please! "Quick mock for a really dumb app I wish existed.... CAN I PARK HERE OR NOT?"

Bryce Roberts 🏋

Free business idea- A crossfit gym that's actually just a farm or a construction site.

Microsoft is finally fixing a notorious Outlook emoji problem that's plagued users for seven years Well, that took a while J

There’s No Such Thing As a Free Watch "Special Investigative Report For the Museum of Capitalism"

Harvey Didn’t Come Out of the Blue The US is very good at not talking about ways to prevent/mitigate disasters.

Tom Hatfield "Every time I see news coverage of a protest I remember this image"

How the GDPR will disrupt Google and Facebook Brief analysis of how EU's General Data Protection Regulation could affect Facebook and Google. And your product, if it's used in the EU and collects user info.

See_u_in_SF_in_a.gif "OK... this is the most amazing gif I have ever seen."

Published on

Lowcostcosplay Epic!


Design Objective

Gojko Adzic 🤔

#1 reason for using post-its for user stories: if it's not done when the glue dries up so much to fall down from the wall, it's obsolete

Stop Using The Cup of Coffee vs. $0.99 App Analogy Please. It never was and never will be a good analogy:

I know I’ll like my cup of coffee. It will fully meet my expectations. … It’s an experience I can fully trust will be pretty much the same each time. There’s no gamble here.

Last week I bought a game for 99 cents and it was terrible. I played it once, for 15 seconds. I could be shoving $1 straight down the toilet again for all I know. Your app, good sir, is a total gamble.


Tools of the Trade

Caiyeon/goldfish A UI for HashiCorp Vault. And you can request policy change by Github commit.

jarulraj/sqlcheck A linter for SQL queries.

whitequark So what's UDP?

TCP is not a protocol, it's actually an elaborately designed honeypot that teaches humility to developers for over 35 years

On The Turing Completeness of PowerPoint Someone actually built a turning machine using PowerPoint and wow.

Cassidy Williams Been there, done that:

I'm:
⚪️ a man
⚪️ a woman
🔘 an aspiring vim user

and I'm looking for:
⚪️ a man
⚪️ a woman
🔘 how to exit


Web-end

Jen Simmons Spec work is hard and often under-appreciated:

Why does new CSS take so long to invent & ship? CSSWG has to figure out how everything misbehaves. Here, debating floats + initial letter.


Lines of Code

Tautology Tests How to find tautology tests in your code:

  1. Tests that get updated much more frequently than the code they’re testing when they fail.

  2. Test code that’s impossible to edit without looking at the implementation.

Ben Reilly "how haven’t I been fired for this kind of thing I mean honestly"


Architectural

Nathan Marz Not the only, but definitely my first choice:

1/ The only way to design abstractions is through the unification of concrete use cases. Anything else leads to disaster.

2/ The art is figuring out which use cases are related and share an underlying structure.

3/ This is why great programming is a process of discovery, not invention. Great abstractions wait to be found and use cases are your map.

Tom ✊🏼 Croucher This never gets old:

Modern computer science is just rediscovering which 50s, 60s or 70s paper describes the solution to what we are doing on the 2017 Internet.

Luke VanderHart Never thought about it that way:

Reminder: every time you design something so it will be "easy to change" you are making assumptions about what kind of change you expect.


Devoops

Alice Goldfuss 🖥

doesn't matter how big the company, someone in it is provisioning shit with bash scripts


Techtopia

Google's Anti-Bullying AI Mistakes Civility for Decency The problem with machine learning algorithms starts with the training:

The project, Perspective, is an API that was trained by asking people to rate online comments on a scale from "very toxic" to "very healthy," with "toxic" being defined as a "rude, disrespectful, or unreasonable comment that is likely to make you leave a discussion." It's part of a growing effort to sanitize conversations online, which is reflective of a certain culture within Silicon Valley and the United States as a whole: The culture of civility.

And so we get:

A number of other highly problematic phrases—from "men are biologically superior to women" to "genocide is good"—rank low on toxicity. Meanwhile, "fuck off" comes in at 100 percent.

VW engineer sentenced to 40-month prison term in diesel case Just a reminder that "blindly executed a misguided loyalty to his employer” doesn't hold as defense in court.

Have Smartphones Destroyed a Generation? Every technology has downsides, they're real, they could be affecting you, or your kids, so pay attention.

Lesley 🥞 2017, the year I stopped understanding how to use a dishwasher:


None of the Above

Miss Texas 1967 "I both can and can't believe it"

Federico Viticci Did not see that one coming:

Very nice: when sharing AMP pages to iMessage or Reading List, iOS 11 Safari automatically removes AMP’s crap from the URL. Go Apple 👍

Offline "You must go offline to view this page" 💯

Assaf "A/B testing"

Carolyn Wood "Don't feed the trolls" meets algorithmic timeline:

A reminder if you use FB. Algorithm makes most replied to, not most liked, rise to top. If you reply to trolls, they become most prominent.

I’ve seen a lot of videos going around of urban-dwelling critters coming to humans for help with various problems How do they learn that?

does it ever strike you how weird it is that we’ve got a whole collection of prey species whose basic problem-solving script ends with the step “if all else fails, go bother one of the local apex predators and maybe they’ll fix the problem for no reason”?

Lowcostcosplay And again, because I can't pick which of his many cosplays I like the most.

Things to Hang on Your Mental Mug Tree Interesting tidbit about advertising and context (via Julia Galef):

But, under communism, anything that was worthwhile or desirable was generally in short supply. Consumers inferred that the only possible reason that the government might be promoting something was that they'd accidentally managed to produce something of such unremitting crappiness that people weren't willing to queue for it. Advertising in that context told you what not to buy.

The Dodo "This dog stole the baby's toy — then apologized for it!"