Weekend Reading — 👋 2-3 levels max

MsPraxis “Know your shit (as opposed to know you're shit 🤣 ) :”

Tech Stuff

Things I believe “ a collection of the things I believe about software development.“

Experiment: The hidden costs of waiting on slow build times “How much does it really cost to buy more powerful cloud compute resources for development work? A lot less than you think.”

Engineering management is explaining to the CFO why a $2000/month server bill is much cheaper than 5 developers wasting an hour a day.

Marcin Floryan 🔥

"If the train leaves every 5 minutes you don't care about a timetable. If it leaves every 2 days you want to know *exactly* when it leaves"

Great analogy from Marcus Hamrin reflecting on planning, estimating and software delivery.

What’s New In Web Performance? “We take a look at how site speed and Core Web Vitals have changed over the last 12 months. There are new web standards, better support for existing standards, new tools, and a new metric.”

Plasmo If you're building a browser extension, Plasmo is really really good:

• Bundles, resizes icons, generates manifest, etc
• Easy framework for building content script UIs
• MV3 (Chrome) and MV2 (Firefox/Edge) support (Safari coming up)
• Fast hot module reloading (using Parcel)
• Built for React
• TailwindCSS + TypeScript support
• GitHub action for publishing to multiple stores

I ported Roam, my Chrome extension for Mastodon to Plasmo in a few minutes, and then took advantage of its tab pages feature to allow users to draft multiple posts at once.

webextension-polyfill Complementary to Plasmo, a polyfill for the WebExtension API.

Write once and run on any Chrome-compatible browser (Arc, Edge, etc), Firefox, and Safari.

Edge-compatible Serverless Driver for Postgres I like serverless databases: they allow me to focus on application logic and not bother managing instances and storage.

And I like edge servers — for the same low effort of not managing anything you get fantastic response times.

Neon is serverless Postgres, and they built an edge driver for Postgres, using WebSockets as the transport protocol. It's based on node-postgres (aka pg), so a lot of code/libraries already work with it.

Just Use Postgres for Everything On some projects, you can get by with Postgres without adding new pieces of infrastructure. It can handle caching, queuing, time series, document storage, full-text search, etc.

Of course, use the right tool for the job, but take a minute to consider which power tools you actually need at your scale.

Counting unique visitors without using cookies Simple and elegant solution using cookies only to store first visit timestamp (no personal information).

Fork Awesome Icons A community-maintained open-source fork of Font Awesome without the JS.

Reverse Engineering Tiktok's VM Obfuscation (Part 1)

The platform has implemented various methods to make it difficult for reverse-engineers to understand exactly what data is being collected and how it is being used. Analyzing the call stack of a request made on tiktok.com can begin to paint the picture for us. Let's start by doing a search for the term "food". Upon pressing enter, TikTok sends off a GET request with our search term and some extra telemetry embedded.

Hacker Memes “how wireshark captures packet”

Eye for Design

fraggle

take me down to parallax city where the back moves slow and the front moves quickly

JasonMashak “Elder Scrolls”

Peoples

That Feeling When You Have So Many Things to Do You Can't Do Any of Them? TL;DR it's called “overwhelm freeze”

The silent struggles of workers with ADHD An unexpected side-effect of the pandemic:

So, as work cultures begin to become more adaptable than they once were, managers are increasingly aware workers can thrive in untraditional work cultures – something that can be particularly helpful for people with ADHD.

Brent Toderian

Have you seen this one? Before & after of a brain after a 20 minute walk — illustrates why walking to work, or school, or just to get the intellectual juices flowing, has been strongly linked to better creative & intellectual performance. Just one of MANY benefits of choosing to walk, for you and for society. Design and build walkable cities.

Insecurity

Jeremi M Gosney About the LastPass breach, here are a few things I learned over the years:

1. The default mode of software is that it's insecure — adding measures and layers of security takes significant effort
2. A lot of businesses don't try that hard — and that also includes companies that are selling security and privacy-related software
3. The price point of $0 is very tempting, and people prefer to not pay for software whatever it costs (them in the end)
4. It's called “Perverse incentive” when consumers reward a business for giving away free but defective products

Fortunately, the chances that your passwords will be compromised are low — password cracking is expensive, as Jeremi explains in detail.

Unfortunately, URLs were not encrypted, and sometimes URLs contain access tokens, passwords, and private info. They shouldn't, but see rules 1 and 2 above.

Many of you have been asking for my thoughts on the #LastPass breach, and I apologize that I'm a couple days late delivering.

Apart from all of the other commentary out there, here's what you need to know from a #password cracker's perspective!

Your vault is encrypted with #AES256 using a key that is derived from your master password, which is hashed using a minimum of 100,100 rounds of PBKDF2-HMAC-SHA256 … more

Revealed: The Israeli Firm Selling ‘Dystopian’ Hacking Capabilities Straight out of the Hollywood hacker trope:

The company sells technologies that allow clients to locate security cameras or even webcams within a given perimeter, hack into them, watch their live feed and even alter it – and past recordings – according to internal documents obtained by Haaretz and reviewed by a technical expert. Its activities are regulated by the Israeli Defense Ministry.

Machine Thinking

U.S. Copyright Office Rules A.I. Art Can't Be Copyrighted “An image generated through artificial intelligence lacked the "human authorship" necessary for protection”

Erkhyan

It’s funny how recognizing AI art nowadays is just the same old rules as recognizing the fae in old tales.
“Count the fingers, count the knuckles, count the teeth, check the shadows…”
… and under NO circumstances should you make deals with their kind.

Kim Døfler That's some "think different" design right there:

I asked #midjourney to make a photo of the long awaited Apple car.

Everything Else

1qFz74I “Pineappowl”

David Fishman

"on so many levels" usually means like 2-3 levels, max

Bob

You’d think since they’re called Zoom calls they’d go a lot faster.

An-Tim Nguyen “My near future is clear as day”

SeaTea Fact:

The best way to find every AA battery in your home is to need a pair of AAAs.

Meanwhile in Canada “Oh great, just what we need.”

∂ebraℓee

Therapy is expensive.
Bubble wrap is cheap.
You choose.

Hank Green I feel called out:

People like “that’s an hour of my life I’ll never get back” as if we would have been diligently editing Wikipedia or fixing your bathroom sink with that hour. No, we would have been watching Instagram Reels of people falling down and we know it.

Why the super rich are inevitable The Yard-sale model illustrates why wealth concentration is inevitable, and also how even tiny redistribution can even it out.

Readwise Reader They call it “read-it-later app for power readers” and it certainly feels that way.

What if you combined Instapaper, Pocket, Feedly, and Kindle, supporting PDF, YouTube, ePub, text-to-speech, email newsletters, note-taking, GPT-3 copilot for reading, and lots of keyboard shortcuts?

It's priced about the same as Instapaper/Pocket but does a lot more and the UI is pretty good. If you're a power reader, I strongly recommend checking it out.

Venomized Gamer “Santalorian”