Labnotes

Published on

@ joeheenan "Sometimes when I don't know what to do I'll get this out my pocket & pretend it knows the answer."


Design Objective

Empathy Prompts 💡 Ideas to help consider Inclusive Design principles when making things for others to use, e.g:

Use a projector

See how your company’s website looks on a cheap projector.

This prompt helps you understand what it’s like to have a visual condition like contrast loss.

Email Design Trends of 2017 (so far) Emails are getting visually better. Now, about the timing and contents …

Security Questions 😭


Tools of the Trade

cattsmall Just plain common sense and Slacktiquette:

Suggestion to everyone using real-time digital communication software: if you want to ask a question, combine it with your greeting message.

GitPoint New iOS app for Github. Not a lot of features, but clean and simple UI. Give it a try.

@gdead ✔︎

Just got an email that one of my lightbulbs isn't responding to queries. My house has better monitoring than some enterprises I've worked at


Web-end

What’s next for CSS? Comprehensive list of CSS features and their positions in the process of becoming implemented web standards.


Lingua Scripta

SaraSoueidan 📺

Idea: reality show titled "Keeping up with the JavaScripts"

Featuring lots of developers having identity crisis, flipping tables, etc


Lines of Code

@direlog Oh my, so true:

‘programming’ is a delightful pastime in which you debug for hours only to discover the real problem is: you can’t read, and you can’t count

@danielchooper 🤔

To design better: observe people using the design.

To program better: observe a CPU executing the code.


Architectural

Modular monoliths Simon Brown explains how to not microservice. But mostly, about architecture, testing, and naming things. Lots of learning in this 45 minute talk.

Testing or Monitoring? MTBF or MTTR? Make your choice! This article explains why monitoring and testing are both important, by looking at MTBF and MTTR, and how each affects reliability. It does have one flaw, though, confusing tests for "bug finding". Tests are also a helpful tool for writing code, and will help you lower both MTBF and MTTR.

@CompSciFact This quote has aged well:

'The idea that people knew a thing or two in the '70s is strange to a lot of young programmers.' -- Donald Knuth

@ rothgar "The new OSI model is much easier to understand"


Peopleware

@sarahmei More productive than a fidget spinner:

Long ago I knew a manager who had taught her entire dev team to knit, so they could pay attention at meetings. It worked😁

@ sarahmei Thread:

There's being "neurodiverse" and then there's being "an asshole." One is a condition; the other is a behavior.


Locked Doors

About the security content of iOS 10.3.3 Update as soon as you can:

CVE-2017-9417 Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip

@x0rz "Emoji in URLs are probably a bad idea... probably"

A hacker stole $31M of Ether — how it happened, and what it means for Ethereum Another day, another coin heist. But this one is different because:

Having sounded the alarm bells, a group of benevolent white-hat hackers from the Ethereum community rapidly organized. They analyzed the attack and realized that there was no way to reverse the thefts, yet many more wallets were vulnerable. Time was of the essence, so they saw only one available option: hack the remaining wallets before the attacker did.

Underhanded Solidity Coding Contest Solidity is the programming language for Ethereum contracts. Ethereum is the next big financial technology since Bitcoin (great overview of Ethereum, Blockchain and friends). As I'm writing this, one Ethereum coin is worth $224 dollars. Anyway, back to Solidity:

There is no garbage collector. Dead allocations are never reclaimed, despite the scarcity of available memory space. There is also no manual memory management.

The compiler is riddled with mis-compilation bugs, many of them security critical. The documentation helpfully includes a list of these bugs .... in JSON.

In some situations, the optimizer replaces certain numbers in the code with routines that compute different numbers

For some types, the higher order bytes were not cleaned properly, which made it sometimes possible to overwrite a variable in storage when writing to another one.

@YrB1rd "All block cipher modes are beautiful"


Techtopia

@jacobrossi "Seems about right 😂"

@john_lam "Check out this stack trace on a FAUCET. I have now seen it all."

@lauraehall "I updated those internet-themed crayons for this the year of our lord 2017"


None of the Above

@WorldLatinStar Brilliant.

@enf Everything that's old is new again 🥑

SF Chronicle recipe for Avocado Toast, April 8, 1927

Why Are Clothes So Expensive? Perspective into how many people are involved in, and how much work goes into making a pair of pants.

Bay Area Rapid Transit Map - Mario Kart Style (h/t @SFBART)

@mizabitha 🛌

BRAIN: Hey
ME: It's the middle of the night, what is it
BRAIN: Remember all the mistakes you ever made?
ME: Yeah
BRAIN: Just checking

The New Porker Mashup of New Yorker and Overwatch.

@sciam "A tough but flexible robot unfurls like a plant using a pressurized plastic tube to inch through rugged environments."

@Anim8rJB "oh no, somebody spilled all of their puppies."

Published on

I made a Google Maps version of Westeros


Design Objective

Amazing Chat Interface Inspiration Person to person, group messaging, conversational commerce, lots of goods here.

Dropdown alternatives for better (mobile) forms For many interactions, you're better off not using a dropdown, especially on mobile devices. This article goes over different scenarios, and what UI controls best fit each.

URLs are UI "Check out this house we found! https://www.somerealestatesite.com/homes/for_sale/search_results.asp"


Tools of the Trade

Abstract Say goodbye to FINAL_final_final_homepage.sketch. Abstract uses Git, but is built for designers. Currently limited to Sketch, but promises more file types in the future. I've been using it since pre-beta, and it's slick and highly recommended!

Beautiful calculator app for Mac A natural language calculator, that lets you work with expressions like:

Cost: $20 + 56 EUR  
Discounted: prev - 5% discount  

Introducing npx: an npm package runner A better npm run.

vadimdemedes/ink React for CLIs.

seashells.io Pipe output from command-line programs to the web in real-time. Try this in your shell:

$ htop |  nc seashells.io 1337
serving at https://seashells.io/v/9xRNcFvg  

https://github.com/johngrib/vim-game-code-break Block-breaking game in Vim, is exactly what it sounds like.

@ryber Yes, please:

All tech confs need a history track where someone takes the new hotness and covers the 8 other times it was the new hotness & then abandoned

@kamggg 🤔


Web-End

shieldfy/API-Security-Checklist "Checklist of the most important security countermeasures when designing, testing, and releasing your API."

@ryconoclast "Client side validation"


Lingua Scripta

ES8 was Released and here are its Main New Features 🔥 Since June, ES 8 aka EcmaScript 2017, is the official spec that all browsers must support, if they feel like it.

@Nick_Craver "New York is so cool for programmers, they even have this sign that keeps track of how many JavaScript frameworks are out there:"


Lines of Code

The language of programming The complex relationship between programming and naming, and how it affects non-English speakers. Even though English is my second language, I gained a fresh perspective from reading this article.

Tee++ T-shirts for programmers. 👕 I need these!


Architectural

24-core CPU and I can’t move my mouse Concurrency is hard, even for OS vendors that have been doing this for decades, or as Amdahl’s law says, "if you throw enough cores at your problem then the parts that cannot be parallelized will eventually dominate execution."

Hyrum’s Law h/t

With a sufficient number of users of an interface, it doesn’t matter what you promised in the interface contracts, all observable behaviors of your class or function or whatnot will be depended upon by somebody

Legacy Train Control System Stabilisation Forever legacy: in the early 2000's, Melbourne's Metro Trains upgraded their central control software from running on a PDP-11, to running on a PDP-11 emulator that runs on Windows XP.


Peopleware

@kopshtik Does your team hold a royal meeting every morning?

The tech standup was invented by...Queen Victoria, in 1861, because she was sick of having to talk to other people any more than she had to.


Locked Doors

The .io Error Fun times for anyone using a .io domain:

Given the fact that we were able to take over four of the seven authoritative nameservers for the .io TLD we would be able to poison/redirect the DNS for all .io domain names registered.

HTTPS Certificate Revocation is broken, and it’s time for some new tools TL;DR what happens when you revoke an HTTPS certificate? A whole lot of nothing.

Millions of Verizon customer records exposed in security lapse Not only did Verizon buy Yahoo, they also integrated Yahoo's best security practices.

@rivatez "this is amazing - a hotel preparing for defcon 2001"


Techtopia

A Fictional Compression Metric Moves Into the Real World Respect for how much detail goes into producing this show:

Along with existing benchmarks the formula creates a metric that the show writers tagged the “Weissman Score.” It's not a fictional metric: although it didn’t exist before Misra created it for the show, it works and may soon find use in the real world.

Man gets stuck in ATM and slips 'help me' notes through receipt slot "You'll never see this again in your life that somebody is stuck in the ATM machine," Olden said. "It was just crazy."


None of the Above

@jrhennessy "oh, so when a bird does it it's news"

The Facebook Algorithm Mom Problem What happens when mom likes everything you post?

@buhsbaby_baby "When you attempt teleportation for the first time"

@LukeEpplin "The kids are all right."

@tprstly Conference call bingo

@fredwilson This. Regarding Silicon Valley vs the world, VCs vs ICOs. Read the whole thread for context:

Too many in SV are still chasing the old model and not seeing the new one. Driving while looking in the rear view mirror is dumb.

@623fer "There's a mattress store that gives you a mattress for your dog when you buy a normal one."

How economics became a religion 📈

So enamoured had the so-called experts become with their scientific authority that they blinded themselves to the fact that their own narrative of scientific progress was embedded in a moral tale.

@nickmagrino "here it is"

@malwareunicorn "Thank you stranger, I found my next ride: http://www.ebay.co.uk/…"

Published on

@Distinctboxes "Cambodian artist Visoth Kakvei Is Taking Doodling To Another Level."


Design Objective

Boost Your UX with These Successful Interaction Design Principles "There’s a fine line between an interaction that works and one that is unusable. Interaction design principles help bridge the divide."

Dos and don'ts on designing for accessibility You can download these posters here, in several languages. Be mindful when applying these guidelines:

Another aim of the posters is that they're meant to be general guidance as opposed to being overly prescriptive. Using bright contrast was advised for some (such as those with low vision) although some users on the autistic spectrum would prefer differently. Where advice seems contradictory, it’s always worth testing your designs with users to find the right balance, making compromises that best suit the users’ needs.

Inline validation is problematic Explores some of the issues with inline validation, and concludes:

In any case, designing the perfect inline validation experience is nigh on impossible. Any potential benefit is outweighed by the problems it introduces. Instead put the user in control by showing errors on submit.

Information Architecture: Effective Techniques For Designers This article includes some delightful concepts, that should be turned into real apps.


Tools of the Trade

muzzle A simple Mac app to silence embarrassing notifications, while screensharing. Also, best website or what?

Serving 39 Million Requests for $370/Month, or: How We Reduced Our Hosting Costs by Two Orders of Magnitude TL;DR go serverless, mind the memory usage, and cache all the things.

How does language, memory and package size affect cold starts of AWS Lambda? Dynamic languages (JavaScript/Python) out-perform static languages (C#/Java) hands down:

And also, How long does AWS Lambda keep your idle functions around before a cold start?

Raft Explains how the Raft protocol works with clear and simple animations.

sonar "A linting tool for the web", Sonar can monitor your web app for accessibility, interoperability, security, etc.

@megaserg 💳

I'm going to open my own bar and call it "Chrome". It will keep your tab open until you have no memory

@Daeinar :syntax on


Web-end

What's the Deal with Collapsible Margins? "What would be the amount of space between two sibling divs, where the 1st has a margin-bottom of 10px and 2nd a margin-top of 30px?"

Responsive CSS VW Buses CSS is the new SVG?


Lines of Code

@chrissanders88 "You’re confident about your bug fix, but are you "hot patch the Apollo 14 lander or the mission is scrapped” confident?"

My Space Shuttle story, for Catherine... Apropos, "I read the data specification in about 10 minutes and wrote a program to decode it in about 20 minutes."


Architectural

Four Laws of Software Economics ✔✔✔✔

  • The Law of Ruthless Prioritization
  • The Law of Build Once, Sell Many
  • The Law of Whole Product
  • The Law of Strategic Judgment

Engineering Mantras "Pushed or it didn't happen" and other common mantras to throw around in the Slack room.

@ctford 💵

The CAP theorem says that a paper on distributed systems cannot be simulteneously Applicable, Comprehensible and free from Paywall.


Devoops

@nixcraft 😂


Peopleware

For a More Creative Brain, Take Breaks on Purpose

Idleness is not a vice, it is indispensable for making those unexpected connections in the brain you crave and necessary to getting creative work done.

Fidget Bliss Fidget Cube vs fidget spinner. BTW I just learned these are called "stim toys", and also there are also stim blogs.


Locked Doors

Wildcard Certificates Coming January 2018 That would come in handy, and also take a minute to appreciate the progress so far:

Let’s Encrypt is currently securing 47 million domains via our fully automated DV certificate issuance and management API. This has contributed heavily to the Web going from 40% to 58% encrypted page loads since Let’s Encrypt’s service became available in December 2015.

The MeDoc Connection Cyberwar attacks cloaked as ransomware:

Given the circumstances of this attack, Talos assesses with high confidence that the intent of the actor behind Nyetya was destructive in nature and not economically motivated.

XSS Attacks: The Next Wave "XSS attacks grew 39% in Q1 of 2017, the biggest jump since Q4 of 2015"


None of the Above

@ellardent "Now *this* is how you sell Lego."

Bitcoin, Ethereum, Blockchain, Tokens, ICOs: Why should anyone care? Clear and simple explanation of blockchains, Bitcoin vs Ethereum, and what happens when tokens go on sale (aka Initial Coin Offering.)

@finalfashion

Lately I ask people to spell their names for me to help me remember. It doesn't make me seem any smarter tho. "So how do you spell.... Bob?"

How to Keep Your Rolling Suitcase From Tipping Over When It Goes All Wobbly Speed up to keep it from crash landing.

Red Panda trying to escape

According to Apple, the iPod reinvented portable music and the Apple HomePod aims to do the same with our music at home. Should we feel bad for Sonos? It's the little Big details, like:

The speaker uses six integrated beamforming microphones to probe the room dimensions, and alter its output so it sounds its best wherever it is placed ... The only other speakers that do this is the Beolab 90, and Lexicon SL-1. The Beolab 90 is $85,000/pair …

Silicon Valley Title Sequence Breakdown All the insider quips, jokes, and references.

@m1sp Shower thoughts:

Have you ever considered how adorable it is that humans build little waterfalls to put in their homes and stand under? 🚿

@Jimbobaroo "She can move in any direction you know..."

Published on

@ImACultHero "Just learned that Cheetahs are really nervous animals, and some zoos give them "support dogs" to relax"


Design Objective

@sortino Cynical, but sometimes we need a dose of that:

The Ten Principles of Good Design: 2017 Tech Industry Edition 😂

The 1,000 Floor Elevator: Why Most Designers Fail Google’s Infamous Interview Design Challenge "Yet virtually all solutions I’ve encountered fail almost immediately for the exact same reason…" can you guess what's the common reason?

Ash Huang: How Much Poison Is Acceptable in Our Technology? "For an industry that complains about the inconvenience of waiting for a cab, doing laundry, or picking up takeout, we sure build a lot of suffering into our apps."

@assafweinberg "Automotive #UX is always a great reminder that even huge companies still need help with basic human centered design."


Tools of the Trade

Using headless Chrome as an automated screenshot tool The five-minute intro to automating headless Chrome using Node.js and the debugging protocol API.

Updated Chrome Debugging Tools Worth Mentioning Block specific network requests, measure CSS and JavaScript coverage, take full page screenshots, and the "how did they do it?" async/await debugging.

@ThePracticalDev I've been in the software industry long enough to know this is absolutely true:

You are not "missing the boat" on that hot new language, framework, platform, etc. If the trend sticks, you can catch up at any time.

sindresorhus/refined-github A browser extension that fixes a bunch of Github annoyances.

7anshuai/masq A simple local dns server extracted from Pow. Allows you to use *.dev domains for development, instead of localhost.

kesselborn/spec.sh A mini test framework for Bash.

@KernCanCode The real semantics of semantic versioning:

major = a breaking change
minor = a minor breaking change
patch = a little-bitty breaking change


Web-end

Aspect Ratios in CSS are a Hack Confused by aspect ratios? I know I am. Here are four different techniques to wield CSS to your will.

UX Flow Sketch wireframe prototyping for Web and Mobile projects.


Lingua Scripta

@rauschma Why semicolons in JavaScript? Because this (hint):

Object.entries({a: 1, b: 2, c: 3})  
[1, 2].forEach(x => console.log(x))

Lines of Code

@brkwtz ⁉️

I have refactored
the code
that was in
ur repo

& which
u were probably
going
to deploy

Forgive me
it doesn't work now
but it
looks great


Architectural

@mikesherov Thread:

Everything is too slow. In the last month, just by caring, we've made npm and Webpack about 50% faster. Just by profiling, caching, etc. /1

And we're talking about real "do less work" PRs, not just "oh, avoid try/catch because v8 doesn't like it yet". Like not hacks /3

And instantly all the old friends are there: runaway GC, accidental n^2, not caching all the things, arrays instead of Maps/Sets /5

@deech 🤔

My favorite riddle: what's weightless, massless, and without form but requires teams of people to move it? Legacy code.


Techtopia

Made With ARKit Hand-picked curation of the coolest stuff made with ARKit.

@kenshirriff The future of computing, 44 years ago:

Got our vintage Xerox Alto to display images. The 1973 Alto was one of the first computers with a high-resolution bitmapped display.

@iamdevloper

tech, the only industry where there's an entire suite of apps to remind you to take a 5 min break every half hour


Locked Doors

Petya Ransomware Attack – What’s Known Another week, another widespread attack. Security analysts still debating whether to call it #Petya or #NotPetya.


None of the Above

@Pixel_Chikki Amazing lifehack 😭

@TZhongg Busy people (myself included):

"I want to pick your brain" = 1% chance of replying

"I have a specific question about X vs Y that you can answer in 5 min"= 80% chance

Amazon’s New Customer The "eat your own dog food" has evolved into the "first-and-best customer" principle:

This is the key to understanding the purchase of Whole Foods: from the outside it may seem that Amazon is buying a retailer. The truth, though, is that Amazon is buying a customer — the first-and-best customer that will instantly bring its grocery efforts to scale.

@ computerfact

That Time the TSA Found a Scientist’s 3-D-Printed Mouse Penis Scientists going through airport security:

“She totally freaked out, but had to peek in the container,” says Cleaver. “We opened it just a slit, and there were 12-14 eyes staring at her. She screamed. She did this 3 times …"

The history of cold-brew coffee is fascinating From 17th century Kyoto to an 1840s Algerian fortress and ending in with neighborhood Starbucks.

Men Can Be So Hormonal Blame it on the T.

@felixwalkens "I'm an idiot"

Published on

Craig Pearson "I'd watch this low budget Firefly reboot"


Design Objective

Remove to Improve Fantastically illustrates how to improve every visualization by simply taking things out. Whether it's charts, tables, or maps.


Tools of the Trade

How we got 1,500 GitHub stars by mixing time-tested technology with a fresh UI Newer != better:

Unfortunately, we were affected by cognitive bias: old code is bad code. But the truth can be the opposite. The old code is battle-tested by thousands of users in hundreds of different projects. Most of the critical bugs have been fixed, the documentation is complete, there are tons of questions and answers on StackOverflow and Quora.

Fontjoy Uses machine learning to generate font pairings.

OptimalBits/redbird Reverse proxy that supports HTTP/2, Let's Encrypt, Node.js cluster, Docker and more.

veltman/flubber Using best-guess methods to smoothly interpolate between 2-D shapes.

r/ProgrammerDadJokes/ There's a Reddit for programmer dad jokes, and it's exactly what you would imagine.


Web-end

Zach Holman

not many people know this but stonehenge was mankind’s first attempt at css triangles with box shadows. we still have no idea how to do it.


Lines of Code

How is GNU yes so fast? Not everything that can be optimized should be optimized, but if you must insist, a 100x speedup is quite the win.

Gojko Adzic 📣

programming lesson for today: always always always make sure a test fails first, and fails for the right reason, before trusting it to pass


Architectural

What I learned from my biggest mistake as an F1 engineer Always be learning:

In both of those occasions, it was important for us to understand whether everything that had occurred because of those mistakes was negative. Good engineering prompts you to ask whether there was anything we could learn from it – you need to embrace the unexpected nature of those accidents rather than simply explain them away.

Sam Newman "This is awesome from @aahoogendoorn - system architecture as Ikea furniture..."


Peopleware

Working Hard is Not the Same as Working Smart When 21st century work gets measured by 20th century standards.


Locked Doors

Gathering weak npm credentials When you find out all your Node.js production apps are a quick hack away from being compromised:

In total, I found 15568 valid credentials for 15495 accounts since this May.

The total number of directly affected packages was 66876 — 13% of the ecosystem.

I got publish access to … cheerio, browserify, koa, mongoose, modernizr, react, tape, winston, … 1819 packages in total were accessible through more than one user, 38 of those with more than 1 millon downloads/month, 7 — with more than 10 million downloads/month.

Credentials resets As consequence of the above:

In this case, however, passwords for a number of users were available online, accessible via Google search. These passwords were made public through security breaches of other sites, and, unfortunately, the owners of some hacked accounts re-used the passwords for their npm accounts.


None of the Above

Assaf "Me. Cooking. Every time."

Little Alchemy "Explore what you can create by mixing simple elements." The simple premise behind this addictive game.

The tragedy of FireWire How Apple and Sony made FireWire and then drove the market towards USB.

Sven Henrich "SPOTTED: Your moment of Zen"

This is why infrastructure is so expensive And never completes on time:

Once a government commits to a project, they are committing to an open checkbook. That check will be written in a system where nearly everyone involved will be compensated more the longer the project takes and the more expensive it becomes.

Emergency Kittens "at first i tought it was catpuccino"