Monthly notes 50

Issue 50, 15.6.2020

Serverless

AWS Lambda — should you have few monolithic functions or many single-purposed functions?
Interesting question of if single responsibility principle (SRP) should be followed in the serverless world. What is a “function” if not SRP? TL;DR; many single-purposed functions are better.

Stories

Twitter search of "telling early-in-career engineers stories of times you messed something up real bad is a good way to help them combat their own impostor syndrome." from (@ElleArmageddon)

Kubernetes

In Kubernetes, what should I use as CPU requests and limits?
Good Twitter thread of what are the difference of requests and limits.

How should I answer a health check?
Explains how to use liveness and readiness probes (on Kubernetes). Heard that liveness probe should be always off unless there’s a bug in app which it can’t recover. And long checks can be cached.

Managed Kubernetes Price Comparison (2020)
"TL;DR: Azure and Digital Ocean don’t charge for the compute resources used for the control plane, making AKS and DO the cheapest for running many, smaller clusters. For running fewer, larger clusters GKE is the most affordable option. Also, running on spot/preemptible/low-priority nodes or long-term committed nodes makes a massive impact across all of the platforms."

Learning

Performance profiling for Web Applications with Sam Saccone
"How to use Chrome DevTools to understand a Web application's performance bottlenecks. Goes over a few different workflows that will help us to answer the question "Why is this slow and how can I fix it"."

Tools

OpenSnitch
GNU/Linux port of the Little Snitch application firewall. (from Hacker Newslettter #490, comments)

Kubectl-debug
kubectl-debug is an out-of-tree solution for troubleshooting running pods, which allows you to run a new container in running pods for debugging purpose (examples). The new container will join the pid, network, user and ipc namespaces of the target container, so you can use arbitrary trouble-shooting tools without pre-installing them in your production container image.

Lighthouse audit add-on for Firefox
"Report, Performance, Accessibility, PWAs, SEO scores for any public site. Without opening DevTools."

Monthly notes 49

Working From Home edition.

Issue 49, 27.3.2020

Conferences

Now that COVID-19 has all of us in corontine and working from home, also the technology conferences have been moved to online and free. Here's some.

WFHConf
Working From Home Conf with talks from technology to projects, best practices, lessons learned and about working from home. Agenda and recorded videos: part 1, part 2, part 3.

DEVOPS 2020, April 21 to 22
The Next Decade. The first day (main conference) has interesting talks from use cases and lessons learned, scaling devsecops, transformation journey and more.

MagnoliaJS, April 15-17
JavaScript heavy talks like component reusability, modern JavaScript for modern browsers, JavaScript’s exciting new features, how to supercharge teams and much more.

Red Hat Summit 2020, April 28-29

Tips and tricks

How to do effective video calls
tl;dr; TL;DR "Get good audio, use gallery view, mute if not talking, and welcome the cat."

Tools

Screen
Work together like you’re in the same room. Fast screen sharing with multiplayer control, drawing & video. (from @use_screen)

Kap
An open-source screen recorder built with web technology.

Setapp
The paramount collection of productive Mac apps.

Monthly notes 48

This time monthly notes is for learning Node.js best practices and some interesting approaches for (Node.js) software architecture. Happy reading and be a better developer!

Issue 48, 25.2.2020

Learning

Docker and Node.js Best Practices talk at DockerCon 2019
Slides and Examples .
tl;dr; Use even numbered LTS releases; Don’t use :latest tag; Use Debian:slim/stretch or Alpine; Add node_modules to .dockerignore; Use node user; Proper shutdown (--init, tini, capture SIGINT); Multi-stage builds; healthchecks;

Node.js Best Practices
More than 80 best practices, style guides, and architectural tips with additional info. The repository is a summary and curation of the top-ranked content on Node.js best practices.

Testing in production: ideas, experiences, limits, roadblocks
Talk from Bristech 2019 by Jorge Marin. "Are you afraid of testing in production? Do you test in production? Do you use real data? By definition testing in production is hard. This talk puts together my experience testing in production a large scale system that affects millions of users."

Software Architecture

Using Clean Architecture for Microservice APIs in Node.js with MongoDB and Express
This is an interesting approach to construct your application. "Talk about Bob Martin's Clean Architecture model and I will show you how we can apply it to a Microservice built in node.js with MongoDB and Express JS."

Monthly notes 47

Issue 47: 30.1.2020

War Stories

#Y2038 problem. "It's *already here*. Fix your stuff."
In many systems time is represented as number of seconds passed since 00:00:00 UTC on 1 Jan 1970 and stored as signed 32-bit integer. Such implementations can't encode times after 03:14:07 UTC on 19 January 2038. (from @walokra)

Ops Lessons We All Learn The Hard Way
Good Twitter thread of lessons learned on Ops.

Web

Front-End Performance Checklist 2020
Great resource to read for better front-end performance. Remember, if you don’t measure it, you can’t improve it 🚀 To get you started: use i.a. page speed and lighthouse to see where you stand.

JavaScript

20 ways to become better node.js developer in 2020
tl;dr; Sleep more; Use Jest & Ava; GraphQL!; Check Nest.js; Gradual deployment; Test in production? Learn Docker & Kubernetes; Read vulnerable code; Use monitoring; CI with quality tools;

Kubernetes

How Soon We Forget: Security in the Age of Docker & Kubernetes
Good starting point for hardening your containers and Kubernetes cluster. tl;dr; Running as non-root. Read-only file system. Not terminating TLS too soon. Setting resources limits (Denial of service). Use Kubernetes policies. (from nicolas_frankel)

Software Development

Goodbye, Clean Code
AHA! Avoid Hasty Abstractions. Prefer duplication over the wrong abstraction. Check also Dan’s tweet’s thread.

Remote working tips
tl;dr; the thread: 1) activity signal to start work day 2) frequent small breaks 3) dedicate a space for work (not sofa/bed) 4) take sick days 5) connect with other humans 6) non-project connection point with peers 7) block out distractions 8) go out for lunch.

Tools

tiny-helpers.dev
Collection of useful single-purpose online tools that are useful for web devs. (from @stefanjudis)

Insomnia
"Debug APIs like a human, not a robot". If you don't like Postman then try Insomnia which says to be powerful HTTP and GraphQL tool belt and open source. Seems that it doesn't have similar scripting and testing features as Postman though.

Something different

Finding the best bicycle chain
tl;dr; No major reason for not to use drivetrain manufacturer’s recommended chain. The lubricant you use will play the most critical role in drivetrain durability. Run a good lube and keep your drivetrain clean.

Monthly notes 46

December is full Christmas carrols and hassle before holidays. So, take a short break and learn to master Kubernetes, become better human and developer and make remote (working) a success. Also think about privacy. Good reading and happy holidays!

Issue 46, 17.12.2019

Cloud

Mastering the KUBECONFIG file
Good tips like Auto-$KUBECONFIG based on directory with direnv; Know which context you’re pointing at with kube-ps1; Save GKE contexts to separate files. (from @walokra)

Tutorial: Debug Your Kubernetes Apps (youtube)
Debug your Kubernetes apps tutorial from KubeCon. Slides: https://aws-samples.github.io/debug-k8s-apps/#/, code: https://github.com/aws-samples/debug-k8s-apps. Covers cluster design, networking, kubectl, pods, lb & ingress, monitoring, resource reservation and stateful sets. (from @ArunGupta)

JavaScript

20 ways to become a better Node.js developer in 2020
"20 skills, technologies and considerations on choosing between them. Picking the right tools became one of our greatest challenges — the Node.js ecosystem has matured and present attractive options in almost every field. Vanilla or TypeScript? Ava, Mocha or Jest? Express, Fastify or Koa? or maybe Nest?"

Learning

Things You Should Read To Become A Better Human & Developer
"As developers, we are creators of systems and worlds. However, to be effective at our jobs, we need to understand these systems and worlds we’re creating. When we read, we expand the borders that define our domain of knowledge."

Don’t Learn to Code — Learn to Automate
"avoid thinking of writing code as the goal and learn to solve problems."

A Guide to Distributed Teams
How thoughtful systems (and lots of emoji) make for happy, efficient teams—whether your desks are distributed across floors, cities, or continents. Hacker News comments

How to Make Remote a Success
"It's all about sharing and communicating". E.g. Write down everything: knowledge base to blog posts, make weekly notes; Make everyone feel connected: smarter meetings, daily check-ins/check-outs. Hacker News comments

Privacy

You’re Tracked Everywhere You Go Online. Use This Guide to Fight Back
Advertisers are tracking and monitoring your behavior almost everywhere you go online. Here's how to (mostly) stop it. (from @TimHerrera)

Privolta Consent Study: Google
Great example how to quantify the degree to which 'dark patterns' dominate privacy consent interactions online. (from @ashk4n)

Tools

Falco
Falco is an automatic, easy-to-use Web Performance auditing tool. Open Source WebPageTest runner which helps you monitor, analyze, and optimize your websites. (from @PHacks)

Fx
Command-line tool and terminal JSON viewer. "If you’ve got some files full of JSON that you want to process, Fx will slice and dice it however you want, including using JavaScript one-liners to add a bit of logic to the process." (from DB Weekly #284)

Monthly notes 45

Snow is covering the ground and hibernation period starts? Or more time inside reading and learning new things? Here's monthly notes for Octorber.

Issue 45, 30.10.2019

Software Development

What qualities make up a 1x engineer?
I can relate to this.

My favourite Git commit
Good example how git commit messages should be done especially if the change is ambiguous. Doing explanatory commits need extra effort than just “Fixed it” but it pays out later. (from @walokra)

DevOps

A Practical Framework for DevSecOps
Nice overview to key #DevSecOps domains and activities. “With a limited budget start with Monitoring and Responding. Then focus on how to prevent vulnerabilities from being introduced in the first place.” (from @walokra)

Docker for Pentesters
Docker has completely changed my workflow, and I wrote up 10 examples and scripts for how pentesters can leverage Docker to speed up testing. Lmk how you use Docker - this could be a series! (from @walokra)

iOS

Announcing my Shortcuts Library, featuring 150 Siri Shortcuts to use with iOS 13
With iOS 13, Shortcuts is installed by default on every device – hundreds of millions of people will inevitably use this app now. And you can control them with Siri.

Technology

The secret life of GPS trackers
"We decided to take a look at several child (GPS) trackers available on Amazon, eBay, and Alibaba to see how they stood up to our scrutiny."

Something different

Dumbass Home 2.0
Excellent overview to “Smart” home and available solutions. "S in IoT stands for Security” so use separate WiFi, Zigbee, hub with Raspberry Pi, Raspbee & Home Assistant (or Hue/SmartThings), gadgets from Trådfri, Xiaomi (~), Philips & Osram with discount. (from @walokra)

Monthly notes 44

Summer holidays are over and it's time to get back to work and monthly notes. I spent almost whole August enjoying nature, mountain biking, hiking and coaching young mountainbikers. Less computers, more relaxing. This month's notes are about writing great Docker images, validate code using git hooks, log management, story about npm registry, working remotely and effective Kotlin. Happy reading.

Issue 44, 6.9.2019

Microservices

How to write great Docker container images
It's easy with these great tips and examples. I would add that use small base image like Alpine Linux if possible. (from @walokra)

Kubernetes: A Detailed Example of Deployment of a Stateful Application
Article goes through the overview to Kubernetes by covering "What are the design principles and architecture of Kubernetes?" and "How to use Kubernetes, and a simple example." (from @java)

Software Development

Automate validating code changes with Git hooks
What could be more annoying than committing code changes and noticing afterwards that the formatting isn’t right or tests are failing? Read these tips how automate validating code changes with git hooks and make your flow smooth.

Fast log management for your apps
Nicolas Frankel talked at Berlin Buzzwords about logging. Good overview to the issue. TL;DR; no computation to logs, filesystem matters, asynchronous vs. reliability, no expensive meta-data, schema on write, send JSON.

Use morning hours for open source and improving

You're better at your work when you're improving your technical craft.

JavaScript

Story of money and ownership and control
"the economics of open source [in JavaScript, Node.js and npm]". Important point of views to problems with (privately controlled) [npm] package registry. (from @walokra)

Team work

11 Best Practices for Working Remotely
Good tips for working remotely. The biggest hurdles are communication, social opportunities and loneliness and isolation. "With consistent effort, you can overcome the challenges of remote work and create a healthy, happy, productive environment for yourself and for your team." (from @dunjardl)

If you ever have to lead a remote dev team…
The Remote Workflow:simple, transparent, predictable, frictionless. (from @ThePracticalDev)

Books

Effective Kotlin beta release
Adding this to my reading list! "First official version of Effective Kotlin is finally in distribution (as an ebook)". Having read Effective Java this book is totally worth it.

Something different

Watch 14 minutes of new Cyberpunk 2077 gameplay footage
A new look at different gameplay styles for the upcoming open-world RPG.

Monthly notes 43

Issue 43, 25.7.2019

Microservices

How to write great container images
Article shows the principles of what writes consider "Dockerfile best practices", and simultaneously walks through them with a real example. I would add that use small base image like Alpine Linux if possible.

Micro Frontends
The article describes breaking up frontend monoliths into many smaller, more manageable pieces, and how this architecture can increase the effectiveness and efficiency of teams working on frontend code. As well as talking about the various benefits and costs, it covers some of the implementation options that are available, and dives deep into a full example application that demonstrates the technique.

Performance

Performance Analysis Methodology
Informative presentation of Performance Analysis Methodology by Brendan Gregg at LISA '12. Focus on the USE method which all staff can use for identifying common bottlenecks and errors. Check for: Utilization, Saturation, Errors. (from walokra)

Fast log management for your apps
You've migrated your application to Reactive Microservices to get the last ounce of performance from your servers. But what about logs? Logs can be one of the few roadblocks on the road to ultimate performance. Nicolas Frankel shows in his talk at Berlin Buzzwords 2019 some insider tips and tricks taken from our experience put you on the track toward fast(er) log management.

JavaScript

single-spa
A javascript framework for front-end microservices.

Node.js Memory Management in Container Environments
Best practices for managing memory in container-based Node apps. (from JavaScript Daily)

CTU JavaScript Guide
Opinionated guide to ground rules for an application’s JavaScript code, such that it’s highly readable and consistent across different developers on a team. The focus is put on quality and coherence across the different pieces of your application.

Security

Nginx Admin's Handbook
nginx is a powerful web server but with great power comes great responsibility (to configure it for security and performance). "Nginx Admin's Handbook" is a good collection of rules, helpers, notes and papers, best practices and recommendations to achieve it. (from walokra)

GOTCHA: Taking phishing to a whole new level
Without X-FRAME-OPTIONS you can build a  UI redressing attack that allows attackers to extract valuable information from API endpoints. tl; dr; extract chars with CSS, add captcha form, scramble chars, get user to fill in the password-captcha.

Staying Safe on GitHub: The Ultimate GitHub Security Tools Roundup
Nice overview to #security tools for #GitHub repositories. GitHub Security Alerts is provided by default, additionally use one of these: Snyk, WhiteSource Bolt, Sonatype DepShield. (from walokra)

Something different

It's Summer and there's plenty of Natural Parks in Finland. Go and create your Summer adventure in the wilderness. From Southern Archipelago to Northern Fells: Pallas-Yllästunturi, UKK, Pyhä-Luosto, Koli, Nuuksio.

Monthly notes 42

Midsummer is couple of days away and it's time to take a short break from work and enjoy the Summer nights and nature. And if you have time here is a short list of articles to read and videos from React Finland 2019 conference to watch.

Issue 42, 20.6.2019

Software Development

Consulting or con-$ulting
A theory on how Hertz’s inexperience in buying software — combined with Accenture’s incompetence to deliver it — flushed $32M+ down the drain. "The lack of transparency and technical expertise combined with the lack of ownership/responsibility was ultimately the reason why Hertz managed to blow tens of millions USD, instead of just a couple." Lessons learned: "If you are buying software for tens of millions, you must have an in-house technical expert as part of the software development process".

Dont' stop writing code comments
"You should write comments which matter." @nicolas_frankel)

Improve your technical craft
More knowledge helps you to do your work (more efficiently and in less time). In knowledge work time spent at the office doesn't equal productivity or job well done.

Or rather than 1hr per day, batch it all on e.g. Fridays when things are slow.

React Finland 2019 presentations
29 videos from React Finland 2019 conference. Some picks: Automation and Exploratory testing, More Accessible React Apps, guide to building your design system infrastructure.

Databases

Be careful with CTE in PostgreSQL
PostgreSQL doesn't inline common table expressions, WITH clause, it materializes it and thus is unable to utilize the index => expensive. Good to know if you're used to Oracle which doesn't materialize CTEs by default. (from walokra)

UX

Can't Unsee
"The devil is in the details". A game where your attention to details earns you a lot of coins. Fun game which teaches you some UX rules and attention to details. With 5780 coins I'm a beginner :/ (or need glasses :))

It feels fine on my phone
"You literally can't afford desktop or iphone levels of JS if you're trying to make good web experiences for anyone but the world's richest users, and that likely means re-evaluating your toolchain."

"Gap between "what I get when I trade in my phone every 2 years" and the true low-end is now a gaping chasm, and even 5 years ago, that wasn't true."

Something different

Arofly Link brings power meters under $200 using a tire pressure monitor
Forget power meters in cranks and pedals, here's Arofly Link. "Unlike most power meters that measure the actual force being put into your bike’s drivetrain between the pedals and the rear hub, Arofly takes it one step further apparently measuring power where the rubber meets the road."

Monthly Notes 41

Issue 41, 31.5.2019

Software development

Gitmoji
If not considering the issue on Bamboo with this (thread), Using Emojis in Git commit messages is a nice idea. There's even cool emoji guide for your commit messages. Going to take this into use 😊 (from walokra)

Happy Friday, Don't push to production?
Good thread of how you should treat your deploys to production. You should deploy often and have good CI/CD practices but the overall question isn't black or white. "Nothing goes wrong until it does, and then you'd want your people available."  "If you're scared of pushing to production on Fridays, I recommend reassigning all your developer cycles off of feature development and onto your CI/CD process and observability tooling for as long as it takes to ✨fix that✨." (from walokra)

Sleep quality and stress level matter and after 24 hours awake
"Your sleep quality and stress level matter far, far more than the languages you use or the practices you follow. Nothing else comes close". Good notes of why sleeping and rest matters (thread) 😴 There's always more work to do, take care of yourself first! (from walokra)

Software architecture

Why software architects fail – and what to do about it
Looks at some of the most common pitfalls that ensure you’ll come up with a disaster, and discusses how they can be avoided.

Cloud

High" levels of ☁️ spending at Lyft
Continuation on the Internet-discussion whether Lyft’s spending on AWS is too high and they could do better on-premises.

Frontend

TSLint in 2019
"Once we consider ESLint feature-complete w.r.t. TSLint, we will deprecate TSLint and help users migrate to ESLint"

User Experience

Printable A3 posters for Laws of UX
(from JonYablonski)

Something different

"Work starts from problems and learning starts from questions. Work is creating value and learning is creating knowledge. Both work and learning require the same things: interaction and engagement." (from EskoKilpi)