Labnotes

Published on

@sarah_edo "Time to throw a *software party*"

This week we're throwing a software party; the hardest problem in computer science is "npm complete"; how we stopped teaching kids about recursion; artisinal, small batch, uptime; we find the Internet's biggest blind spot; fix your SSH; and cats taking selfies.

Tools of the Trade

Medis Beautiful Management Application for Redis (OS X)

No, I Don't Want To Configure Your App! Even software designed strictly for developers should just work:

“Oh goddess, finally!” you exclaim, exasperated. You feel as if a major weight had been lifted from your shoulder, but you’re too frustrated with how bad computers are to think properly about this. “Now I can actually move on and get some work done,” you conclude, grumbling.

Eliminating Known Vulnerabilities With Snyk Snyk makes it easy for you to find, fix and monitor for known vulnerabilities in Node.js.

variadico/noti Trigger a notification when a terminal process finishes (OS X/Linux).

Safari 9.1 iOS 9.3 and OS X 10.11 betas support <picture> element, CSS variables, no-delay taps, and much more.

@bitemyapp

It's weird to me that programmers even assume all resources for learning a discipline that is very well paid should be free.

TheMozg/awk-raycaster Pseudo-3D shooter written completely in awk using raycasting technique.

@searls

TIL if you can't get your shrinkwrap.json file to work, the problem is said to be "npm complete"

Lines of Code

A software developer's guide to clean code Great rule for naming things:

The larger the scope, the more important to get the name right. Don't concatenate your variable and function names, you're not going to run out of bytes! But self-describing code is just about understanding the intent. It's also about refactoring and improving your code flow. Imagine if you did a standard "Search & Replace" for all references of variable "x" or even worse "a" or "b". A world of fun awaits as you undo your changes and revert to manually changing all instances of that variable.

@manisha72617183

Writing correct code at scale is essentially impossible.The best we can do is write simple code w/ as little undocumented magic as possible.

@tomaspetricek

Ouch. "50 million accountants use monads in Excel. They just don't go around explaining monads to everyone..." @Felienne #ndclondon

@soopa

Steps in mastery of a programming skill: 1. Can I do this? 2. Can I do this more easily? 3. Can I do this more elegantly? 4. Can I not do this?

@librarythingtim "Why kids today don't understand recursion."

Architectural

Tear Down This Wall! When IT needs grow, the common knee jerk reaction is to throw more coupling at it:

Ok, NOW you have a problem. Because now you’ve got coupling. And coupling is a much worse enemy than duplication. The number of systems doesn’t matter nearly as much as the amount of coupling you have between them.

@tef_ebooks

it's for craftsmen who need artisanal, small batch, uptime

Peopleware

Elaconf Keynote by Saron Yitbarek "Punching your feelings in the face." Fantastic talk.

How I Stumbled Upon The Internet’s Biggest Blind Spot Open source software, necessary, but not getting the investment it needs:

What could go wrong? Well, this, or this, or this. People getting burned out and quitting. Bugs or security vulnerabilities that go undetected. But also, people just making less stuff. Society moving a little more slowly.

Locked Doors

OpenSSH: client bugs CVE-2016-0777 and CVE-2016-0778 Patch your SSH config, while waiting to patch your SSH client:

echo 'UseRoaming no' >> /etc/ssh/ssh_config

TrendMicro node.js HTTP server listening on localhost can execute commands Friendly reminder that anti-virus software is often buggy and makes your computer less secure.

@jsoltero

Two factor authentication is great until you put the second factor in the washing machine.

@old_sound "I've built my own crypto"

None of the Above

@rrhoover "1/This cat is taking a selfie"

@JohnLyonTweets

Tips for improving concentration: - Make a list of tasks. - Take on one task at a time. - Take On Me was a fun song. - Ooh I found the video.

The Reductive Seduction of Other People’s Problems

If you’re young, privileged, and interested in creating a life of meaning, of course you’d be attracted to solving problems that seem urgent and readily solvable. Of course you’d want to apply for prestigious fellowships that mark you as an ambitious altruist among your peers. Of course you’d want to fly on planes to exotic locations with, importantly, exotic problems.

The resolution of the Bitcoin experiment Turns out, building distributed solutions at scale is a people problem:

Bitcoin has no future whilst it’s controlled by fewer than 10 people. And there’s no solution in sight for this problem: nobody even has any suggestions. For a community that has always worried about the block chain being taken over by an oppressive government, it is a rich irony.

Ruggie™ - The World's Best Alarm Clock Alarm clock that won't stop until you get out of bed and step on it.

Kittens VS BB8 Droids

Published on

#starwars #calvinandhobbes

This week we learn some functional programming; ES6 module loading in Node? beware of falling deer; we take a look at hiring; are you ready for laundry day?

Design Objective

@lukew Always be focusing:

If you have a culture of learning, you don't have more than 3 product priorities at any time.

Tools of the Trade

What Is Functional Programming? In a nutshell:

Or put another way: Let's not hide what a piece of code needs, nor what results it will yield. If a piece of code needs something to run correctly, let it say so. If it does something useful, let it declare it as an output. When we do this, our code will be clearer. Complexity will come to the surface, where we can break it down and deal with it.

And the follow up Which Programming Languages Are Functional?

Angular 2 versus React: There Will Be Blood To which I would add: React may make you learn functional programming, and Angular will make you forget.

Octo Linker Google Chrome extension for navigating across files and packages on GitHub.com with ease.

How good is Google's Big Query as compared to Amazon's Red Shift? TL;DR BigQuery is fully managed, while Redshift is DIY challenge to keep the entire engineering team occupied.

Image diffing using CSS This is pretty simple and effective: -webkit-filter: invert(100%) opacity(50%);

@ade_oshineye

You are in a maze of package managers. All different.

@CamAppSolutions "Then and now!"

Lingua Scripta

ES6/WhatWG Loader & Node What it would take to use ES6 module loading natively in Node. Maybe next LTS in October? (YouTube)

loverajoel/jstips About a JavaScript trip a day.

Lines of Code

@ag_dubs This:

it occurs to me that a problem with the tech community is that most professional programmers act like "temporarily embarrassed geniuses"

@GonzoHacker

Always code as if the person who ends up maintaining your code is a regular human being just trying to get through the week

@archiloque "Legacy codebase"

Peopleware

How to Hire Solid:

Hiring Principles: 1. Hiring means we failed to execute and need help 2. Startup employee effectiveness follows a power law 3. False Positives are ok, False Negatives are not 4. Culture is defined by who we hire

Three hundred programming interviews in thirty days

  1. Performance on our online programming quiz is a strong predictor of programming interview success
  2. Fizz buzz style coding problems are less predictive of ability to do well in a programming interview
  3. Interviews where candidates talk about a past programing project are also not very predictive

None of the Above

@lsv

The last sentence is a 3 for 1: It explains the statistical drop, is very funny, and is kind of frightening.

@alicemazzy

if I was a reporter every so often I'd ask a candidate for comment on a plausible-sounding fake geopolitical event just to see what they say

@jonnysun

CLOUD: wow im honored, no one ever flies up here to visit me up in the skya

HELICOPTER: well im a gigantic fan

A peek inside the super-secret Social Justice Warrior training camp So true.

@aarontrites

If people are upset about $600 for VR just wait until they find out about the staggering cost of actual reality

@JohnCleese

I would like 2016 to be the year when people remembered that science is a method of investigation,and NOT a belief system

Laundry Day "You can scan your laundry tags and app will tell you how to wash your clothes. It works like magic, but no, it is a technology!"

New Yorker Jan 11 "Does your car have any idea why my car pulled it over?"

Published on

/r/AccidentalRenaissance Of course there's a Reddit for that.

This week we struggle with the website obesity crisis; we guesstimate like a pro; React is the back-door that teaches front-end developers about functional programming; more insights from young CTOs; a case study for defense in depth; let's shake a tree, maybe a drone will fall out.

Design Objective

The Website Obesity Crisis Why websites are getting fat and worse for it, how to apply The Taft Test, and yes, there is hope with this two-step program:

  1. Make sure that the most important elements of the page download and render first.
  2. Stop there.

You don't need all that other crap. Have courage in your minimalism.

Why the 90-9-1 Rule No Longer Exists I think it's the reverse: new UIs lowered barriers to participation, some UIs are as easy to use as text messaging.

People are “writing” more than ever because of the rise of messaging products, which are increasingly replacing phone conversations. These messaging products are essentially serving as training for creating content on other services.

Conceptual Debt is Worse than Technical Debt "Model twice, code once"

It can be hard to undo conceptual debt. First you need to realize you have chosen the wrong concepts, or that your concepts are outdated. Then you are embarking on a substantial redesign. …

@charliesome

Hey, if you're making a website and want to override scroll with your own custom behaviour, have you considered not doing that?

Tools of the Trade

guesstimate-app "Guesstimate is a tool for performing estimates using monte carlo experiments." Think of it as spreadsheet for calculating with uncertainties. Brilliant. You can try it out here.

@JoeSondow Haha.

"In real life you won't always have a calculator with you." — math teachers in the 80s

igrigorik/videospeed HTML5 video speed controller for Google Chrome. I find it easier to focus on tech talks when watching/listening at x1.5.

WebSockets, caution required! Does your app needs to use WebSockets?

For realtime web applications we need simple APIs to broadcast information reliably and quickly to clients. We do not need new mechanisms for shipping information to the server.

FGRibreau/match-when Pattern matching for modern JavaScript.

awslabs/aws-shell An integrated shell for working with the AWS CLI.

How we organize GitHub issues: A simple styleguide for tagging Interesting idea.

Lines of Code

Jessica Kerr - Functional Principles In React If you're a front-end developer, watch out, React has a hidden agenda to get you hooked on functional programming.

@manisha72617183

There is nothing as destructive as indifference towards code quality; it makes your code rot and it will get harder and harder to maintain.

@BobRossGameDev

If you’ve been struggling with a tough ol’ programming problem all day, maybe go for a walk. Talk to a tree. Trust me, it helps. 🌲

Architectural

@chromatic_x So true.

Star Wars is an extended riff on the need for redundant failure recovery systems.

Peopleware

What Leaders in Tech Wish They’d Been Told It's all about the team:

You have to find people who are dying to work with you to make that thing come into life. You want those people to be real owners. They will always be the ones who step up and take ownership over something, take responsibility for it. They will tell you when they think something is broken and needs to get fixed or they’ll just go fix it themselves. And you want to surround yourself with owners.

Shields Down The moment at which an employee is ready to resign from their job:

Still, seeing it isn’t the moment of resignation. The moment happened the instant you decided, “What the hell? I haven’t seen Don in months and it’d be good to see him.”

Your shields are officially down.

What Are the Key Skills to Being a CTO? Another good one from the Codeship interview series:

Understanding second- and third-order effects is really important. … Just assume that those two or three metrics are immediately going to be gamed, because that’s how people work. Then that’s the first-order effect. That metric’s going to be gamed. So, what is the second-order effect of that? Hopefully, you can get to the third-order effect. How is this going to affect the product? How is this going to affect culture? That’s a really important thing.

Locked Doors

SummitRoute/osxlockdown Disables/enables OS X features to reduce attack surface (e.g kill AirDrop and iCloud sync, enable FileVault and GateKeeper). For OS X 10.11 (El Capitan).

"Instagram's Million Dollar Bug": Case study for defense A great case study on this vulnerability, how it was discovered, and how to prevent this from happening in your network.

  1. Internal server exposed to the Internet
  2. Reliance on third-party authentication
  3. Unaudited code resulting in unchanged secret token
  4. Unfettered access once the attacker gained RCE on the server
  5. Poor secret management
  6. Privilege escalation by finding more credentials

None of the Above

@mikko "15 years ago."

@anildash

I'm really enjoying Facebook sending 46-year anniversary notices today for every undated relationship on the site. UNIX epoch never fails!

@TheMichaelRock

Wife: Where are the kids?

Me turns off router

[from down the hallway]

HEYYYYYYY!!!!

Me: They're in their rooms.

Rands Management Glossary

All-Hands — A company-wide meeting, usually run by the CEO. If you’re a manager and there are lots of surprises at these meetings, you might be out of touch. Humans often posture during these events by supplying inane questions and status updates along with really dumb questions. An all-hands meeting without an announced subject implies layoffs or other disasters.

@januszeal

If you didn't get that #drone you wanted for #Christmas, tomorrow go to your nearest public park and shake a tree.

@SpaceCatPics "The littlest nope ever."

Published on

@CuteEmergency "just a little reminder that taco cat spelled backwards is taco cat"

This week we discover the simplest way to run Docker on OS X; we learn how to hide bugs in plain sight; that order of operations matters; why humility helps us avoid catastrophe; how to remote disable AirBnB spycams; the challenges of leading in tech; and the secrets to parenting a princess.

Design Objective

How to design: 7 principles

  1. Approach each problem with a beginner’s mindset.
  2. Compare multiple solutions before committing.
  3. Prototype to build understanding.

Tools of the Trade

nlf/dlite Probably easiest way to use Docker on OS X. Kick boot2docker to the curb.

inikulin/elegant-status Create elegant task status for CLI.

RxJS is great. So why have I moved on? Another success story for ClojureScript:

There are tons of great UI developers that can build great work with React and JS. 85% of our development time for our web app at Capital One is building UI. We don’t need a huge barrier for entry to get great developers doing great work in our web app. With ClojureScript they don’t even need to know they are using ClojureScript.

But also — confirmation bias alert! — insular developer syndrome?

I’m the only front-end developer that needs to know ClojureScript when the rest of the devs just use JavaScript.

@sgillies

My kids' favorite HTTP status code is 204 OK BUT

Lingua Scripta

@kev_nz

I like arrow functions as much as the next person, but they are NOT just shorthand for function #knowthedifference

Lines of Code

Juniper's Backdoor Password Disclosed, Likely Added In Late 2013 I'll cover the cryptographic implications later, but first, let's learn how to hide a bug vulnerabilty in plain sight:

The argument to the strcmp call is <<< %s(un='%s') = %u, which is the backdoor password, and was presumably chosen so that it would be mistaken for one of the many other debug format strings in the code. This password allows an attacker to bypass authentication through SSH and Telnet, as long as they know a valid username.

@synhershko

Cooking is just like programming. You follow an algorithm, and once you try to make an optimisation you screw everything up.

Architectural

Good Mail Sorting Whenever state is involved, the order of operations always matters:

Code that enumerates files and then moves them around is much harder to screw up catastrophically than code that is responsible for data that only exists in main memory.

@denormalize "This Dijkstra quote perfectly represents my views on JavaScript frameworks + build tools"

Simplicity is a great virtue but it requires hard work to achieve it and education to appreciate it. And to make matters worse: complexity sells better.

-- Edsger W. Dijkstra

Peopleware

Messy Accidents

The problem with most engineering projects – particularly complex, highly coupled, high performance, extreme environment engineering projects –is that there are too many issues to deal with. … There is never enough resource (time, people, money) to get to the depths on all the issues that are out there. By their very nature, complex problems require priority setting and resource allocation.

So what do you do?

Or you can just remember to think “I’m not as smart as I think I am.” Properly applied, that can work too.

Meritocracy or Bias? Hopefully this will settle it once and for all:

research findings suggest that the definition of meritocracy used by white people is far more fluid than many would admit, and that this fluidity results in white people favoring certain policies (and groups) over others.

@raganwald

Programmers: “It’s ridiculous when managers make decisions about things they don’t understand. That’s why we shouldn’t have managers.”

Locked Doors

Why 451? Why we need HTTP 451 Unavailable For Legal Reasons.

On the Juniper backdoor And more here.

To sum up, some hacker or group of hackers noticed an existing backdoor in the Juniper software, which may have been intentional or unintentional -- you be the judge! They then piggybacked on top of it to build a backdoor of their own, something they were able to do because all of the hard work had already been done for them. The end result was a period in which someone -- maybe a foreign government -- was able to decrypt Juniper traffic in the U.S. and around the world.

Detect and disconnect WiFi cameras in that AirBnB you’re staying in dropkick.sh, based on glasshole.sh, kicks DropCam cameras off the WiFi network.

Startup Life

What Are the Challenges of Leading in Tech?

Trying to understand your core customer, how many iterations of the product you have to go through, how you get the right economics for the business to work.

None of the Above

@zackkanter

Colorado's new $225,000 iPhone killer.

Facebook Bends to Publishers, Tweaks Instant Articles Advertising Here's a new term that will help define websites for years to come:

The feature will ensure maximum ad load is reached for each Instant Article.

Why you should always buy the men’s version of almost anything

Another analysis from the University of Central Florida found women’s deodorants typically cost 30 cents more than the same product for men. Wrote the authors,“The only discernible difference was scent.”

@nntaleb

1st lecture I ever gave, quizzed students on best strategy to profit in casinos. Lot of answers but noone got the right one: start a casino.

I get why a lot of people hate the whole princess culture aimed at little girls

But when I was a tiny princess, my dad used to be my royal advisor. He would come to me, and over tea we would discuss the problems of the kingdom. He would tell me that new people wanted to move to the kingdom, and ask me what we should do. Or he would tell me that the teddybears and the dolls were fighting over the enchanted forest, and ask me what to do. Basically, he took the trappings of the princess culture, and used it as a tool to teach me about leadership, civic responsibility, and compassion.

So if you have a little princess around, consider helping her figure out how to run her kingdom. There’s no sense in telling a kid they can’t be a leader, or that they can’t wear sparkles while they do it.

@__wtfsara

a wise woman once said "fuck this shit" and she lived happily ever after

@phaiidros "Machine learning"

Published on

@braddybb "oh my good god"

This week we get a new pair of socks; the ==== comparison operator; we fix a bug in production; the tale of a startup with no servers; cryptomeopathy is bunk science; on lowering the bar and diversity in tech; boatload of people take the ice challenge – ends horribly.

Tools of the Trade

heroku/react-refetch A simple, declarative, and composable way to fetch data for React components (Background)

Daplie/node-letsencrypt Automates Let's Encrypt certificates for Node.js/Express.

BDDon’t We need to distinguish between "behavior" as the right abstraction for testing, and BDD frameworks like Cucumber, which are just horrible ideas:

It’s easy to construct a seemingly valid (from a user perspective) scenario that nevertheless won’t work because of the underlying dependencies. It’s tempting to write clever steps that sidestep these problems with conditional logic and defaults, but this quickly becomes a dark rabbit hole. By the time your test code is clever enough to handle whatever can go wrong, it will be as complicated as your application itself.

howdyai/botkit "Botkit designed to ease the process of designing and running useful, creative or just plain weird bots (and other types of applications) that live inside Slack!"

Modern Javascript Tools and the Stories Behind Them The origin stories behind HomeBrew, Gulp, WebStorm and other popular tools.

Choosing an HTTP Status Code — Stop Making It Hard Surprising how many developers are still confused by the proper way to use HTTP status codes. Maybe this will help.

B2 Cloud Storage BackBlaze is my favorite backup tool, and they just released a new product for cloud storage. An S3-like API for storing content at a fraction of the cost.

Four years of Schema.org - Recent Progress and Looking Forward "Structured data markup is now a core part of the modern web." Yet, you won't find any structured data on Google's own web pages.

d3.compose I like how the chart builds up, as you scroll down through the code examples. What a fantastic way to teach by example.

Netflix socks pause your show automatically, so you never miss a moment

Lingua Scripta

Observations on Promises Think of promises as a dependency graph of deferred values.

Babel and CommonJS modules The differences and similarities.

Why is (0,obj.prop)() not a method call? What JavaScript really thinks when it sees you referencing a variable or object property.

@inorganik

'=====' is a good comparison operator to avoid type coercion and for checking if object is down to netflix and chill. #js #protip

Lines of Code

Why Don't Schools Teach Debugging? Such a fundamental skill to software development and computer science:

Why do we leave material out of classes and then fail students who can’t figure out that material for themselves? Why do we make the first couple years of an engineering major some kind of hazing ritual, instead of simply teaching people what they need to know to be good engineers?

Less comments, more structure - a proposal for self explanatory code The one simple trick that will make your code easier to write, read, and maintain (and if you don't localize the functions, also easier to test).

@jdegoes

Don't confuse familiarity with simplicity. Scary things you don't yet know are sometimes far simpler than the hard things you already know.

@kev_nz

Two big things I've found that help me lately is enforcing code standards with eslint, and writing tests. No surprise really.

@JonathanDeMoor "When you fix a bug in production."

Architectural

The Serverless Start-Up - Down With Servers! Using AWS Lambda to build a startup that has no servers per se.

aboutthoselava_lamps.md

This was another of my Aha! moments: Everyone knew broken builds should be fixed quickly. No one did it. Introduction of a completely irrelevant stimulus/challenge caused people to behave correctly. Reason could not counteract unreasonable natural inclination, but a different unreasonable natural inclination could.

Locked Doors

Secret Code Found in Juniper’s Firewalls Shows Risk of Government Backdoors

This is a very good showcase for why backdoors are really something governments should not have in these types of devices because at some point it will backfire.

On Encryption and Terrorists When encryption is little understood, it's seen as black magic, rather than a useful tool:

Ford and Toyota build automobiles so that the entire world can have access to faster transportation and a better quality of life. If a terrorist is suspected of using a Toyota as a car bomb, it’s not reasonable to expect Toyota to start screening who it sells cars to, or to stop selling cars altogether.

@secdefect

People ask me "How come all the hackers of these big companies are kids?" You should ask "How come it's only the kids that get caught?"

@staatsgeheim "Applied Cryptomeopathy" This term needs to be part of our lexicon when talking about the politics of cryptography.

Peopleware

The "Just F**king Do It" Manifesto

When I come across teams who have almost no say in how they do their work, there's usually a long backstory of micromanagement leading to disappointment leading to even worse micromanagement, until developers have to go through a long chain of command to get a pack of index cards.

@jedc

Perhaps the most important startup equation? (Constant improvement trumps all)

Lowering the bar

Now, I know for a fact that “bars” get “lowered” for some candidates, because people have lowered the shit out of them for me many times. I’m white, I speak the nerd argot (see?), and I taught myself to code when I was 12. Because of this, every company I’ve ever interviewed at has overlooked the fact that I don’t have a college degree, my GPA both in high school and in the brief period that I was actually in college was abysmal (2.0ish, for reference), I routinely flake out on work to go hiking or bike-riding for months at a time, and – as a small degree of probing would uncover – my organizational skills are pathologically bad.

Silicon Valley’s Diversity Problem is Not a Myth Anecdotes is not a good framework for hiring.

A Modern Day Take on the Ethics of Being a Programmer

When someone on a platform that we helped build and are responsible for maintaining is being hurt by other people on our platform, through our platform, are we ethically obligated to do everything in our power to try to fix it? Even if it’s really hard? Even if we might fail?

None of the Above

@maggieserota

#ExplainAFilmPlotBadly Paranoid billionaire afraid of immigrant

@SilverVVulpes

I'm just sayin', everyone that confuses correlation with causation eventually ends up dead.

@BatLabels

Placebo effects are weak: regression to the mean is the main reason ineffective treatments appear to work What medicine gets wrong by confusing correlation and regression to mean.

Donkey Basketball

Untangling the Tale of Ada Lovelace Fascinating story!

I suspect she was something of a nerd, complete with math jokes and everything. She was also capable of great and sustained focus, for example over the months she spent writing her Notes.

Who Y Combinator Companies Want A survey of hiring preferences in Y Combinator startups.

@USAMensaDropout

Boat load of people take the Ice Bucket Challenge. Ends horribly. #ExplainAFilmPlotBadly