Monthly notes 44

Summer holidays are over and it’s time to get back to work and monthly notes. I spent almost whole August enjoying nature, mountain biking, hiking and coaching young mountainbikers. Less computers, more relaxing. This month’s notes are about writing great Docker images, validate code using git hooks, log management, story about npm registry, working remotely and effective Kotlin. Happy reading.

Issue 44, 6.9.2019

Microservices

How to write great Docker container images
It’s easy with these great tips and examples. I would add that use small base image like Alpine Linux if possible. (from @walokra)

Kubernetes: A Detailed Example of Deployment of a Stateful Application
Article goes through the overview to Kubernetes by covering “What are the design principles and architecture of Kubernetes?” and “How to use Kubernetes, and a simple example.” (from @java)

Software Development

Automate validating code changes with Git hooks
What could be more annoying than committing code changes and noticing afterwards that the formatting isn’t right or tests are failing? Read these tips how automate validating code changes with git hooks and make your flow smooth.

Fast log management for your apps
Nicolas Frankel talked at Berlin Buzzwords about logging. Good overview to the issue. TL;DR; no computation to logs, filesystem matters, asynchronous vs. reliability, no expensive meta-data, schema on write, send JSON.

Use morning hours for open source and improving

You’re better at your work when you’re improving your technical craft.

JavaScript

Story of money and ownership and control
“the economics of open source [in JavaScript, Node.js and npm]”. Important point of views to problems with (privately controlled) [npm] package registry. (from @walokra)

Team work

11 Best Practices for Working Remotely
Good tips for working remotely. The biggest hurdles are communication, social opportunities and loneliness and isolation. “With consistent effort, you can overcome the challenges of remote work and create a healthy, happy, productive environment for yourself and for your team.” (from @dunjardl)

If you ever have to lead a remote dev team…
The Remote Workflow:simple, transparent, predictable, frictionless. (from @ThePracticalDev)

Books

Effective Kotlin beta release
Adding this to my reading list! “First official version of Effective Kotlin is finally in distribution (as an ebook)”. Having read Effective Java this book is totally worth it.

Something different

Watch 14 minutes of new Cyberpunk 2077 gameplay footage
A new look at different gameplay styles for the upcoming open-world RPG.

Monthly notes 43

Issue 43, 25.7.2019

Microservices

How to write great container images
Article shows the principles of what writes consider “Dockerfile best practices”, and simultaneously walks through them with a real example. I would add that use small base image like Alpine Linux if possible.

Micro Frontends
The article describes breaking up frontend monoliths into many smaller, more manageable pieces, and how this architecture can increase the effectiveness and efficiency of teams working on frontend code. As well as talking about the various benefits and costs, it covers some of the implementation options that are available, and dives deep into a full example application that demonstrates the technique.

Performance

Performance Analysis Methodology
Informative presentation of Performance Analysis Methodology by Brendan Gregg at LISA ’12. Focus on the USE method which all staff can use for identifying common bottlenecks and errors. Check for: Utilization, Saturation, Errors. (from walokra)

Fast log management for your apps
You’ve migrated your application to Reactive Microservices to get the last ounce of performance from your servers. But what about logs? Logs can be one of the few roadblocks on the road to ultimate performance. Nicolas Frankel shows in his talk at Berlin Buzzwords 2019 some insider tips and tricks taken from our experience put you on the track toward fast(er) log management.

JavaScript

single-spa
A javascript framework for front-end microservices.

Node.js Memory Management in Container Environments
Best practices for managing memory in container-based Node apps. (from JavaScript Daily)

CTU JavaScript Guide
Opinionated guide to ground rules for an application’s JavaScript code, such that it’s highly readable and consistent across different developers on a team. The focus is put on quality and coherence across the different pieces of your application.

Security

Nginx Admin’s Handbook
nginx is a powerful web server but with great power comes great responsibility (to configure it for security and performance). “Nginx Admin’s Handbook” is a good collection of rules, helpers, notes and papers, best practices and recommendations to achieve it. (from walokra)

GOTCHA: Taking phishing to a whole new level
Without X-FRAME-OPTIONS you can build a  UI redressing attack that allows attackers to extract valuable information from API endpoints. tl; dr; extract chars with CSS, add captcha form, scramble chars, get user to fill in the password-captcha.

Staying Safe on GitHub: The Ultimate GitHub Security Tools Roundup
Nice overview to #security tools for #GitHub repositories. GitHub Security Alerts is provided by default, additionally use one of these: Snyk, WhiteSource Bolt, Sonatype DepShield. (from walokra)

Something different

It’s Summer and there’s plenty of Natural Parks in Finland. Go and create your Summer adventure in the wilderness. From Southern Archipelago to Northern Fells: Pallas-Yllästunturi, UKK, Pyhä-Luosto, Koli, Nuuksio.

Monthly notes 42

Midsummer is couple of days away and it’s time to take a short break from work and enjoy the Summer nights and nature. And if you have time here is a short list of articles to read and videos from React Finland 2019 conference to watch.

Issue 42, 20.6.2019

Software Development

Consulting or con-$ulting
A theory on how Hertz’s inexperience in buying software — combined with Accenture’s incompetence to deliver it — flushed $32M+ down the drain. “The lack of transparency and technical expertise combined with the lack of ownership/responsibility was ultimately the reason why Hertz managed to blow tens of millions USD, instead of just a couple.” Lessons learned: “If you are buying software for tens of millions, you must have an in-house technical expert as part of the software development process”.

Dont’ stop writing code comments
“You should write comments which matter.” @nicolas_frankel)

Improve your technical craft
More knowledge helps you to do your work (more efficiently and in less time). In knowledge work time spent at the office doesn’t equal productivity or job well done.

Or rather than 1hr per day, batch it all on e.g. Fridays when things are slow.

React Finland 2019 presentations
29 videos from React Finland 2019 conference. Some picks: Automation and Exploratory testing, More Accessible React Apps, guide to building your design system infrastructure.

Databases

Be careful with CTE in PostgreSQL
PostgreSQL doesn’t inline common table expressions, WITH clause, it materializes it and thus is unable to utilize the index => expensive. Good to know if you’re used to Oracle which doesn’t materialize CTEs by default. (from walokra)

UX

Can’t Unsee
“The devil is in the details”. A game where your attention to details earns you a lot of coins. Fun game which teaches you some UX rules and attention to details. With 5780 coins I’m a beginner :/ (or need glasses :))

It feels fine on my phone
“You literally can’t afford desktop or iphone levels of JS if you’re trying to make good web experiences for anyone but the world’s richest users, and that likely means re-evaluating your toolchain.”

“Gap between “what I get when I trade in my phone every 2 years” and the true low-end is now a gaping chasm, and even 5 years ago, that wasn’t true.”

Something different

Arofly Link brings power meters under $200 using a tire pressure monitor
Forget power meters in cranks and pedals, here’s Arofly Link. “Unlike most power meters that measure the actual force being put into your bike’s drivetrain between the pedals and the rear hub, Arofly takes it one step further apparently measuring power where the rubber meets the road.”

Monthly Notes 41

Issue 41, 31.5.2019

Software development

Gitmoji
If not considering the issue on Bamboo with this (thread), Using Emojis in Git commit messages is a nice idea. There’s even cool emoji guide for your commit messages. Going to take this into use 😊 (from walokra)

Happy Friday, Don’t push to production?
Good thread of how you should treat your deploys to production. You should deploy often and have good CI/CD practices but the overall question isn’t black or white. “Nothing goes wrong until it does, and then you’d want your people available.”  “If you’re scared of pushing to production on Fridays, I recommend reassigning all your developer cycles off of feature development and onto your CI/CD process and observability tooling for as long as it takes to ✨fix that✨.” (from walokra)

Sleep quality and stress level matter and after 24 hours awake
“Your sleep quality and stress level matter far, far more than the languages you use or the practices you follow. Nothing else comes close”. Good notes of why sleeping and rest matters (thread) 😴 There’s always more work to do, take care of yourself first! (from walokra)

Software architecture

Why software architects fail – and what to do about it
Looks at some of the most common pitfalls that ensure you’ll come up with a disaster, and discusses how they can be avoided.

Cloud

High” levels of ☁️ spending at Lyft
Continuation on the Internet-discussion whether Lyft’s spending on AWS is too high and they could do better on-premises.

Frontend

TSLint in 2019
“Once we consider ESLint feature-complete w.r.t. TSLint, we will deprecate TSLint and help users migrate to ESLint”

User Experience

Printable A3 posters for Laws of UX
(from JonYablonski)

Something different

“Work starts from problems and learning starts from questions. Work is creating value and learning is creating knowledge. Both work and learning require the same things: interaction and engagement.” (from EskoKilpi)

Monthly notes 40

Refactoring, computer science concepts on day job, doing better code reviews, battling CSS and watching cat videos. That’s Monthly notes for April. Not much so enjoy slowly :)

Issue 40, 4.2019

Learning

Refactoring.Guru
Refactoring.Guru makes it easy for you to discover everything you need to know about refactoring, design patterns, SOLID principles and other smart programming topics.

Microservices

CompSci and My Day Job
Rob Conery talked at NDC Conference London 2019 about computer science concepts he used on his day job without actually knowing them. All of this changed as he put together the first two volumes of The Imposter’s Handbook. He talks what he has learned and applied to the applications created on his day job. And gives you more tools under your belt to help you do your job better.

Software development

Code Review: How can we do it better?
Fun Fun Function talks about how to become a better code reviewer and reviews some listeners sent code. General rules for pull requests: make everything readable by humans, title, description, commit comments and most important – your code. DRY KISS

Dev perception

“However, none of the [Formula One] teams used any of the big modern frameworks. They’re mostly WordPress & Drupal, with a lot of jQuery. It makes me feel like I’ve been in a bubble in terms of the technologies that make up the bulk of the web.”

Dev perception

When we’re evaluating technologies for appropriateness, I hope that we will do so through the lens of what’s best for users, not what we feel compelled to use based on a gnawing sense of irrelevancy driven by the perceived popularity of newer technologies.

Engineering guide to writing correct User Stories
Agile people are obsessed with writing user stories. And it is a powerful instrument indeed. But, from my practice a lot of people are doing it wrong…” (from @PracticalDev)

Tweet threads to read

It’s Friday. Pushing to production ?
They say Kubernetes is simple?

Frontend

CSSBattle!
CSS code-golfing is here! Use your CSS skills to replicate targets with smallest possible code. Feel free to check out the targets below and put your CSS skills to test.

Tools of the trade

rvpanoz/luna
Luna – npm management through a modern UI

Something different

Why the Human Mind Can Become More Motivated After Watching Cute Animal Videos
“…it turns out that taking a break to view some cuteness might actually benefit your work there’s a lot we’re still learning but according to some research looking at cute animals is associated with a boost and focus and fine motor skills.” (from Weekend Reading)

Monthly notes 39

Spring is just around the corner with sun warming our souls and calling us to go outside. Here’s monthly notes for March with topics from software development rewrite stories to code quality and OWASP videos.

Issue 39, 22.03.2019

Software development

Lessons from 6 software rewrite stories
Insightful rewrite stories of i.a. Netscape (Firefox), Basecamp, Visual Studio (VS Code) and FogBugz (Trello). “Functioning app should never, ever be rewritten from the ground up” is true. With a twist. Don’t rebuild the exact product. Don’t sunset. (from @walokra)

I ruin developers’ lives with my code reviews and I’m sorry
Story of how a developer understood that “I don’t do code review for the business, I just like showing the rookies their place. My skills have finally started to pay off.” And that the mentality should be “No big deal if the code’s not good, I can fix it myself it I need to. But I can’t fix the psyche of a guy broken by dozens of harsh reviews.”

Code quality

SE-Radio Episode 357: Adam Barr on Code Quality
Software Engineerin Radio talked with Adam Barr, author of “Why Smart Engineers Write Bad Code” about code quality. How developers learn to program on their own; how that influences their thinking about code quality; what code quality is, how is can (or cannot) be measured and whether some programming languages are more prone to bad code. The discussion continues with a discussion on standardization. Why does our profession lack a professional certificate like doctors and engineers have?

Syntax podcast talked about code quality tooling and tidying up code.
Hasty treat – Tidying up code
Hasty treat – Code quality tooling
Hasty treat – Code quality tooling part 2

Security

OWASP AppSec California 2019 presentation videos
46 videos of knowledge and experiences about secure systems and secure development methodologies.

The Anatomy of an AWS Key Leak to a Public Code Repository
Many of us working with any cloud provider know that you should never ever commit access keys to a public github repo. Some really bad things can happen if you do. The writeup shows you a real case that happened last week. tl;dr; Exposed keys are quickly attacked. The concept of least privilege is important. AWS scrapes the API of all public github commits but doesn’t automatically disable the key. To prevent keys leaking use tools like git-secrets or GitGuardian.

Password Managers: Under the Hood of Secrets Management
Password managers allow the storage and retrieval of sensitive information from an encrypted database. The paper proposes security guarantees password managers should offer and examines the underlying workings of five popular password managers targeting the Windows 10 platform: 1Password 7, 1Password 4, Dashlane, KeePass, and LastPass. They found that in all password managers we examined, trivial secrets extraction was possible from a locked password manager, including the master password in some cases.

Learning

30 seconds of interviews
Quick questions of web development.

AI and Machine Learning

AI Thinks Rachel Maddow Is A Man (and this is a problem for all of us)
A data-driven review of AI bias in production systems.

Something different

The Privateer is back for Season 2
Behind every top level athlete is a support team that helps them with everything from diet and exercise to product and equipment set up. When you’re a Privateer it’s up to you to fund your racing endeavours. Adam is back for another season of racing as The Privateer.


Monthly Notes 38

Warm weather and cold Northern winds just call for a warm mug of cacao and something to read by the fireplace. Here’s monthly notes for February with topics from testing to software development project guidelines and from microservices to tips and tools. Also learning React App.

Issue 38, 19.02.2019

Testing

How to stop hating your tests
I’m not a fan of extensive ui tests. I think they should be mostly about seeing that the whole system functions when all systems are integrated and functional. This talk makes a good case out of it. If you want to skip right to this subject, it starts around at 18:50 or so.

Software development

My Opinionated Setup for Web Projects
“During the past few years, I have worked on multiple smaller and larger projects. In this blog post I explain my default project setup for a typical web frontend project.”

Project Guidelines
“While developing a new project is like rolling on a green field for you, maintaining it is a potential dark twisted nightmare for someone else. Here’s a list of guidelines we’ve found, written and gathered that (we think) works really well with most JavaScript projects here at elsewhen.”

Microservices

Introduction to Kubernetes
Introduces you to Kubernetes.

Building Microservices: Designing fine-grained systems (pdf)
“Distributed systems have become more fine-grained in the past 10 years,
shifting from code-heavy monolithic applications to smaller, self-contained microservices. But developing these systems brings its own set of headaches. With lots of examples and practical advice, this book takes a holistic view of the topics that system architects and administrators must consider when building, managing, and evolving microservice architectures.”

Microservices vs The World
“In the last 5 years microservices have been pretty much the topic on every architectural conversation. The idea is great, small, independent, cohesive, services that can be implemented, tested, maintained and released individually without much impact on the rest of the system. Microservices are then the holy grail of architectures all positives and almost zero negatives. If that is the case, why in the last 2-3 years our holy grail is getting bad press? Some engineers even suggest that a monolith is better. How can a monolith be better? Well, it all comes down to pros and cons and how the business is structured.”

Microservices architecture on paper sounds amazing but unless the business as a whole is not committed to it, then your department will end up with low morale, low productivity, and tones of code debt.

Microservices vs The World

Tools of trade

DockStation
“Application for managing projects based on Docker. Instead of lots of CLI commands you can monitor, configure, and manage services and containers while using just a GUI.” See running containers in histogram-type grapsh, monitor stats, connect with ssh to remote hosts, start/stop containers.

Scrolling inside Screen
Disable the alternate text buffer in the xterm termcap info inside screen so that you can use the scroll bars (and mouse wheel) to scroll up and down. 

~/.screenrc. # Enable mouse scrolling and scroll bar history scrolling termcapinfo xterm* ti@:te@ 

Learn

Learn React App
The goal of this tutorial is to quickly get you off the ground with React concepts. This tutorial has hands-on exercises which I consider to be the most important part of this tutorial.

Something different

MTB Trails Finale Ligure
I wish I was there shredding.

Monthly notes 37

January is turning over to February and Winter with freezing weather and lots of snow has enlightened our days. Here’s some reading for the moments when Winter wonderland is too much and warm mug of coffee and fireplace is the place to be.

Issue 37, 31.1.2019

Web and mobile development

PWAs on iOS 12.2 beta: the good, the bad, and the “not sure yet if good”
“The first beta of iOS 12.2: the first version since PWA support that responds to all the critics by offering solutions to the two biggest problems on PWAs on iOS.”

Hartington’s tweet’s thread has some information.

Microservices

Choose your tools wisely.

Tools of the trade

Lifehack.
“To test the flow of a potential scenario, storyboarding and comics can really add an extra dimension that your users can relate to (or not) and provide feedback on the types of activities, thoughts and feelings they would be experiencing along the way. “

Privacy and security


Something different

Monthly notes 36

Holiday season is soon here and it’s good to take a short break from work and maybe learn or code some new things while relaxing and enjoying the winter time outside. Here’s the monthly notes for December. Happy holidays!

Issue 36, 21.12.2018

Tips

How to Exclude an App From Dark Mode in macOS Mojave
“You can enable the old dark menu bar and dock look, you can also selectively exclude individual apps from dark mode.”

Learning

Tips of ppl who want to learn
ReaktorNow Development Discussion campaign shared some insights in the field of software engineering. “Always keep learning and expanding your skills, and remember to step out of your comfort zone.”

Beyond Cryptocurrencies
Intro to crypto talk at the a16z summit. (from @ljxie)

A novice’s guide to learning to code with CS50
“CS50 is the best learning experience I have ever had in my life.” Over 12 weeks you get two hour lecture to watch and a problem set for you to complete each week. Start with Scratch, continue on C and move to Python plus HTML, CSS, SQL, JavaScript, JQuery and JSON. (from @walokra)

Security

Taking Down an Insider Threat
Excellent story about pentesting from the inside. And of great digital forensics and incident response team and meticulously implemented security practices.

OWASP AppSec EU 2018 presentations
Presentations from OWASP AppSec EU 2018 are available from Youtube.

Software development

Everything about distributed systems is terrible
Hillel Wayne 38 minutes talk at Code Mesh LDN 18 titled “Everything about distributed systems is terrible” talks about TLA+, formal specification system designed by Leslie Lamport. The claim is that you can find bugs in your (distributed) system by model checking that could be practically impossible to find with testing or in production.

Monthly notes 35

December is just around the corner but before that here’s monthly notes for November. More about leadership and stories, something about software development.

Issue 35, 13.11.2018

Frontend

CSS and Network Performance
What are best network performance practices when it comes to loading CSS? How can we get to Start Render most quickly? Good article of how your page will only render as quickly as your slowest stylesheet. And what to do about it. tl;dr; “Lazyload any CSS not needed for Start Render”, “Avoid @import”, “Be wary of synchronous CSS and JavaScript order”, “Load CSS as the DOM needs it”. (from @csswizardy)

A React job interview — recruiter perspective
Good questions if you’re doing React interviews or being the interviewee, “A React job interview — recruiter perspective”. (from @walokra)

Tools of the trade

jp – Command line interface to JMESPath
I’ve been using jq for manipulating JSON on commandline but there’s better, more logical, alternative. jp is a cli interface to JMESPath expression language for manipulating JSON. And there’s tutorial. (from @walokra)

Bash-it
Bash-it is a collection of community Bash commands and scripts for Bash 3.2+. (And a shameless ripoff of oh-my-zsh?). Includes autocompletion, themes, aliases, custom functions, a few stolen pieces from Steve Losh, and more.

Detecting Memory Leaks From a JVM Heap Dump (with JXRay)
Good article of learning about detecting memory leaks from a JVM heap dump and Garbage Collection. Unfortunately the tool used for analyzing heap dump is commercial and not open-source tools like Eclipse MAT or VisualVM. (from @java)

Security

Can’t approve payroll? Blackhat sysadmin when my paycheck is on the line!
Interesting story from the trenches of how and what happened when infosec guy found vulnerabilities on Basware Banking software (from 2015. tl;dr; Multiple unresolved vulnerabilities in Basware Banking/Maksuliikenne. Unbelievable story especially how it was handled by vendor and related parties
(from @walokra)

Leadership

Managing with the Brain in Mind
“Treat people fairly, draw people together to solve problems, promote entrepreneurship and autonomy, foster certainty wherever possible, and find ways to raise the perceived status of everyone”. Good read about SCARF. (from @walokra)

On Being A Senior Engineer
What makes for a good senior engineer? tl;dr; Be mature engineer. Good read for everyone regardless of the line of business.

  • Seek out constructive criticism of their designs.
  • Understand the non-technical areas of how they are perceived.
  • Do not shy away from making estimates, and are always trying to get better at it.
  • Have an innate sense of anticipation, even if they don’t know they do.
  • Understand that not all of their projects are filled with rockstar-on-stage work.
  • Lift the skills and expertise of those around them.
  • Make their trade-offs explicit when making judgements and decisions.
  • Don’t practice CYAE (“Cover Your Ass Engineering”)
  • Be empathetic.
  • Don’t make empty complaints.
  • Be aware of cognitive biases

The Ten Commandments of Egoless Programming
The Ten Commandments of Egoless Programming, as originally established in Jerry Weinberg’s book The Psychology of Computer Programming.

Something different

You work to live, not live to work
Remember, your job is not your life. You work to live, not live to work. Work on what makes you happy and not burn yourself out. Thread has good tips to recognize it and take control. (from @jevakallio)

Former CIA Chief Explains How Spies Use Disguises
Cool run down on the use of disguises by a former CIA Chief of Disguise.(from @TinkerSec)