Short notes on tech 15/2022

Week 15 of 2022

Before leaving for a short Easter holiday here are some links to go through.


Top10 CI/CD Security Risks

Automagically Auditing GitHub (Actions) Security using OpenSSF Scorecards "How to use the OpenSSF Scorecards GitHub Action to audit your GitHub and GitHub Actions configuration, and a breakdown of some of the issues raised by it." (from Cloud Security Reading List)

Software development

Please put units in names
"There is one code readability trap that is easy to avoid once you are aware of it, yet the trap is pervasive: omitting units." (from Hacker Newsletter)

The Catalog of Design Patterns
Creational, Structural and Behavioral Patterns.

Java Development on an Apple M1 – A One Year Review
"Initial pitfalls when working with the Apple M1 and a collection of valuable tricks and workarounds for developing and testing Java applications." (from Hacker Newsletter)

An up-to-date guide on running Java applications in Docker containers
(from DevOps weekly)


A list of new(ish) command line tools
"Like ripgrep and fd and fzf and exa and bat."


Maybe you should do less 'work'

Short notes on tech 13/2022


Personal Goal Setting Playbook
"Setting personal goals can be used in many contexts to help people achieve tasks, objectives or improvements of any kind, big or small."


A Designer’s Guide to Documenting Accessibility & User Interactions

Understanding Figma’s interactive components feature
(from WDRL)


How to design better APIs
15 language-agnostic, actionable tips on REST API design. (from WDRL)

PHP: The Right Way
"An easy-to-read, quick reference for modern coding standards in PHP, trying to fight all the outdated and partially wrong solutions found on the web." (from WDRL)


Postgres Auditing in 150 lines of SQL
Or you can use pgAudit. (from Hacker Newsletter)


How to test if there is any element outside the viewport with Cypress
"How to use Cypress to create an automated test that checks if there is an element out of the viewport." (from CSS Weekly)


"Healthcheck is a dedicated monitoring and alerting system for cron, with a nice looking dashboard and various alerting options." (from DevOps Weekly #585)

Who watches the watchers?
"A look at using a dead-man's-switch to monitor other monitoring systems, with code examples for implementing on AWS with Prometheus and PagerDuty." (from DevOps Weekly #586)

Short notes on tech 10/2022

Week 10 of 2022

Web development

The State of JavaScript 2021 Survey Results
"69% use TypeScript; React held the top spot for 6 years; Vue.js is on track to overtake Angular as the second place framework; 2021 has been the year of Vite with 98% satisfaction." (from WDW)

The baseline for web development in 2022
"Now that Internet Explorer seems to die really in June this year, so now we should focus on low-spec Android devices, older Safari versions or slow networks." (from WDRL)

Caching Header Best Practices
"Understanding caching is still one of the harder parts of the web and often disregarded." (from WDRL)


Buildpacks vs Jib vs Dockerfile: Comparing containerization methods
(from DevOps weekly)

Just say no to :latest
Good reminder why :latest is bad practice.


Series: Unpacking Interview Questions
"A series sharing some of the questions I use when I interview for technical roles. I’ll unpack the question, when to ask it, and how to evaluate answers."

Something different

How Ikea tricks you into buying more stuff

Short notes on tech 7/2022

Short notes on tech, week 7 of 2022

Software development

Frontend Predictions for 2022
The return of micro-frontends, functional JavaScript & the death of Jamstack as we know it. (from Web Design Weekly)


AWS Elastic Kubernetes Service (EKS) Review
"If you are considering going with EKS, understand you are going to need to spend a lot of time reading before you touch anything. You need to make hard-to-undo architectural decisions early in the setup process." tl;dr; "If I were a very small company new to AWS I wouldn't touch this with a ten foot pole."


An Overview of Docker Desktop Alternatives
tl;dr; "minikube, microk8s, and podman". But "Is it really worth your team's time to deal with an alternative stack?"

FalsiScan: Make it look like a PDF has been hand signed and scanned

Professional life

Career Advice Nobody Gave Me: Never Ignore a Recruiter
tl;dr; Good template for replying to recruiters. Or just use "Hey __. Before we move forward, can you provide me with the company name, a job description, and the expected compensation."

Web Design

Atomic Design Methodology
Methodology to craft interface design systems: "Atoms, molecules, organisms, templates, and pages.

Component Driven User Interfaces
"The development and design practice of building user interfaces with modular components. UIs are built from the “bottom up” starting with basic components then progressively combined to assemble screens."

Short notes on tech 5/2022

Software development

How to tame the devDependencies of your project?
tl;dr; Use mrm.

"tRPC allows you to easily build & consume fully typesafe APIs, without schemas or code generation."

Cypress vs Selenium vs Playwright vs Puppeteer speed comparison
tl;dr; Playwright is faster vs. Cypress. There's a good thread of Playwright vs. Puppeteer and about Cypress in the side on Hacker News.


How not to learn TypeScript
"Some mistakes people do when getting started with TypeScript." (from WDW)

Stories from the field

How I Got Pwned by My Cloud Costs
Troy Hunt keeps "Have I Been Pwned" service in Azure and is experienced with cloud but things doesn't always go like planned. Good story of setting safe guards. (from hackernewsletter)


"Find and copy special characters to your clipboard." (from WDW)


7 front-end interview processes I did in December 2021
"Several lessons and what front-end interviewing looks like today. Useful for those in search of a new job and teams who are looking to hire." (from WDW)

Short notes on tech 2/2022

Week 2 of 2022

JavaScript for impatient programmers
"This book makes JavaScript less challenging to learn for newcomers, by offering a modern view that is as consistent as possible."

Software architecture patterns
Take a deep dive into several common software architecture patterns.

Checklist Design
A collection of the best design practices. (from Web Design Weekly)

How to mentor software engineers
(from Hacker Newsletter)

Hacker laws
Laws, Theories, Principles and Patterns that developers will find useful. (from Hacker Newsletter)

Documentation Guide
"Collective wisdom of the Write the Docs community around best practices for creating software documentation."

"The world's most hated IT stickers"

Careen ladders
For a quick look what the career ladder could look like it's worth to check Rent the Runway (spreadsheet) which takes a fun D&D inspired Dex/Str/Wis/Cha stats based evaluation, corresponding to technical skill, productivity, impact, and communication/leadership. Management track is also included, with more focus on architecture, hiring, organizational skills, and leadership/salesmanship.

Short notes on tech 50/2021

Week 50 of 2021

Developer Tools secrets that shouldn’t be secrets
Write-up of a talk at CityJS covering i.a. console.log and VS Code. (from Web Design Weekly)

2021 Design Tools Survey
Overview of the most used design tools during 2021

Meet The Man Who Shoots At Birds All Day To Keep Them Off A Toxic Pit
"If migrating species land on the Berkeley Pit for more than a few hours, they get cooked from the inside out. Now, miners use a rifle, drones, and lasers to scare the birds away."

Short notes on tech 45/2021

Week 45 of 2021

Software Development

Software Architecture Patterns: 5 minute read
Some of the most important parts of the Software Architecture Patterns by Mark Richards. (from Hackernewsletter)

React Aria: A headless UI component library
A library of React Hooks that provides accessible UI primitives for your design system. "You structure your DOM and css however you want, and react-aria provides hooks that return props to spread onto your elements to make them come alive."

Coding font
"gamified experience to help you find your true love of coding fonts" (from Hackernewsletter)


How to improve your Docker containers security
"Containers are no security devices. That's why we've curated a set of easily actionable recommendations to improve your Docker containers security. Check out the one-page cheat sheet." (from Cloud Security Reading List)

Github Actions Security Best Practices
"Some of the key security concerns you should be aware of when using Github Actions. We will also cover the best practices that Salesforce Heroku follows." (from Cloud Security Reading List)

Information Security

Attacking and Securing CI/CD Pipeline
"Comprehensive summary of both the attack methods often used against CI/CD pipelines and our insights in securing the CI/CD infrastructure." ATT&CK-like Threat Matrix for CI/CD Pipeline. (from Cloud Security Reading List)

Protect your open source project from supply chain attacks
tl;dr; Follow the SLSA framework and OpenSSF Scorecards rubric, and many can be implemented automatically by using the Allstar project. (from Cloud Security Reading List)


New language features since Java 8 to 17
(from Hackernewsletter)


Doing a job
"Human experience shows that people, not organizations or management systems, get things done."

Short notes on tech 42/2021

Week 42 of 2021

Software development

How to win at CORS
Interactive learning of CORS with The CORS Playground.


No, we don’t use Kubernetes
Ably runs a large scale production infrastructure with Docker but uses "just" AWS EC2 instances and writes about should they use Kubernetes as their primary deployment platform at some point.

Top 20 Dockerfile best practices
TL;DR; rootless, distroless, copy, image scanning, healthcheck.


The Insane Innovation of TI Calculator Hobbyists
"In the mid-to-late 2000s there was in fact a thriving scene of hackers who had bent graphic calculators to their will, writing games, math software, and more generally hacking on the platform just for the sake of it."


"Next Generation Frontend Tooling"

"An extremely fast JavaScript bundler". Hackernews thread

Nginx playground
"It's like codepen for nginx -- you paste in an nginx config, and then a server starts nginx for you and runs any curl or http command you want against that nginx server."

"The multi-repository documentation site generator for tech writers who love writing in AsciiDoc."

"Record and replay web applications with familiar browser dev tools."

Short notes on tech 37/2021

Week 37 of 2021

Software development

Give me /events, not webhooks
"This post clearly explains the benefits of using an /events endpoint + long polling. Simpler and more reliable than webhooks. On the web we don't have much of a choice, most platforms support webhooks and few support event streams. For internal applications don't go with webhooks as the first choice just because they're prevalent on the web." (from Weekend reading)

Writing JavaScript, but with types!
"I’ve often run into a situtation in which I’ve wished my JavaScript code would have types and they would be enforced. This would save me from a lot of runtime headache that can happen." But you can't use TypeScript to enforce it. The article explain one option to help your development.


A Security Review of Docker Official Images: Which Do You Trust?
This research demonstrates the importance of keeping track of the images that you use, and not assuming that even official images from Docker Hub will be maintained in perpetuity. (from Cloud Security Reading List)

Docker is Updating and Extending Product Subscriptions
"Docker Subscription Service Agreement includes a change to the terms for Docker Desktop: Docker Desktop remains free for small businesses (fewer than 250 employees AND less than $10 million in annual revenue), personal use, education, and non-commercial open source projects. It requires a paid subscription (Pro, Team or Business), starting at $5 per user per month, for professional use in larger businesses."


So You Inherited an AWS Account
"Many engineers have found themselves in the unenviable position of being handed the keys to an AWS environment with absolutely no explanation of its contents, documentation, or training." (from Cloud Security Reading List)

Top things to do when setting up a new Org
"What you should do when setting up a new AWS Organization from scratch." (from Cloud Security Reading List)

Web development

How I Experience Web Today

Level up your CSS linting using Stylelint
"Lint all the things" (from CSS Weekly)


Automating App Store Screenshots
"Whenever I mention using fastlane's snapshot tool for App Store screenshots, I justify it by saying it'll save you time if you have "ten screenshots for every device type in different localisations". In reality, even if you have just two screenshots in one language for your app, you'll still save so much time by doing this. Let Daisy Ramos show you how to make the best of this fantastic tool." (from iOS Dev Weekly)

Something different

Branded in Memory
Iconic brands drawn from memory