Labnotes

Weekend Reading — Not a doctor

Published on

API XKCD nails it again

Design Objective

Breaking It Down You can’t ship what you don’t understand:

  1. Before you come up with a solution, figure out your problem.
  2. The solution should match your problem’s size.
  3. Break it all down.
  4. Review often.

Keeping GitHub OAuth Tokens Safe And now for something totally different. Github is both taking security very seriously and sweating all the little details:

Starting today you can commit more confidently, knowing that we will email you if you push one of your OAuth Access Tokens to any public repository with a git push command. As an extra bonus, we'll also revoke your token so it can't be used to perform any unauthorized actions on your behalf.

Material Design for Bootstrap If you didn't like how Bootstrap made your site look like very other site, you'll hate this theme that makes your site look like every other Google. I appreciate familiar UIs, so thinking of using this in a future project.


Tools of the Trade

What Will Save Us from the Dark Side of CSS Pre-Processors? I'm not saying alternative languages are bad, but if what you're after is cross-browser compatibility and new CSS features, consider writing your stylesheets in the native CSS4 and using a post-processor.

addyosmani

Protip: With @ChromeDevTools open, click/hold the Reload button for bonus Empty Cache & Hard Reload options:

On Use of the Lang Attribute The HTML lang attribute and how it affects accessibility. Also just learned, and it makes perfect sense that:

Firefox, IE10, and Safari (as of a year ago) only support CSS hyphens: auto when the lang attribute is set

mkcast Super cool: "A tool for creating GIF screencasts of a terminal, with key presses overlaid."

Condense "OCR everything on the fly."

Icecomm.io WebRTC as a service, currently in beta.

slacker-cli Messages to Slack from command line.

DrawAttention Adds a whiteboard to the back of your computer/tablet: “you need more than digital space, you need a white space.”


Lingua Scripta

Variables and scoping in ECMAScript 6 Everything you wanted to know about let and const.

What Are Weakmaps In ES6? And what they're good for.

ECMAScript 6 from an Attacker's Perspective Just because you can't use ES6 with all browsers, doesn't mean attackers aren't writing code to use ES6 features available in some browsers. Specifically, most XSS filters, JavaScript sandboxes and other security features, are only looking out for ES5 exploits.


Lines of Code

The Queen Of Code A short and fascinating movie about the legacy of Grace Hopper.

What Color is Your Function? On the difficulty of working with a mix of synchronous and asynchronous functions, the promise of async/await, and why some languages opt for threads.

Simple Testing Can Prevent Most Critical Failures: An Analysis of Production Failures in Distributed Data-Intensive Systems

We found the majority of catastrophic failures could easily have been prevented by performing simple testing on error handling code – the last line of defense – even without an understanding of the software design.

Applying Eigenvalues to the Fibonacci Problem Because math!

Commits.io Connect your Github repo, upload a logo, and Commits.io will turn the source code into a poster you can hang on the wall.

deech

I'm a 10x engineer, where x is my original estimate.


Locked Doors

Ulbricht guilty in Silk Road online drug-trafficking trial The conclusion to the Government vs Dread Pirate Roberts is as epic as the rest of this absurd trial. Here's the defense, claiming their client is guilty of being stupid:

An entire copy of the Silk Road site was found, encrypted, on a thumb drive on Ulbricht’s bedside table. “Would Dread Pirate Roberts do that?” he asked.

As Flash 0day exploits reach new level of meanness, what are users to do? Another day, another Flash vulnerability. But if you do need to use Flash, at least use Chrome:

Attacks exploiting CVE-2015-0313 are unable to escape the Chrome security sandbox, research from Trend Micro found.”

Anthem confirms data breach, but full extent remains unknown Is your Target-gifted free credit card protection about to expire? Good news: Anthem will soon offer you free credit protection. While Anthem disclosed the breach on January 27, 2015, the web site they created for that disclosure was registered on December 13, 2014, a quick 3 days after they detected the attack. Because PR takes priority over information security.

Your Local Gas Station Could Be a Major Security Vulnerability

This scan revealed 5,800 vulnerable ATGs globally, with 5,300 of them in the U.S. The researchers then sent Get In-Tank Inventory Report requests to these exposed ATGs, quickly gleaning a station’s name and address along with the number of tanks and their levels and fuel types.

Three credit card transactions could reveal your identity It only takes three transactions to fingerprint you.

Get Your Loved Ones Off Facebook You know FB tracks and analyizes whatever your share on the site, but do you realize how prevasive their data collection goes? All those lame-ass "Like us on FB" buttons no one clicks on? They exist to track every web page you visit. Much more is collected about you than you realize, or opted to share.


Not a Doctor

Here’s What’s Actually In Your Supplements The thing about "alternative medicine" is that, if it was medicine, it wouldn't need to call it "alternative":

the New York attorney general’s office found that four out of five of the most popular herbal supplements sold at those major retailers contained precisely zero of the ingredients listed on their labels.

I’m an Anti-Braker A great take-down on the anti-vaccine "logic".

seldo "Dear anti-vaxxers: I report, you decide."


None of the Above

8-bit Simpsons

Public and Scientists’ Views on Science and Society The public "is positive about science’s impact on the quality of health care, food and the environment," except for that part where we believe what we want to believe and damn what science has to say:

Citizens’ and scientists’ views diverge sharply across a range of science, engineering and technology topics. Opinion differences occur on all 13 issues where a direct comparison is available. A difference of less than 10 percentage points occurs on only two of the 13.

Stupid Tricks with Promoted Tweets Since they're not going away, might as well use them for some good old pranking.

Tech’s High Barrier to Entry for the Underprivileged

The Truth About What Went Wrong With The Third Season Of Star Trek

thegrugq

Guess which one is the weed grow house? Yeah, police guessed that one too...