Simple, intuitive web app for analysing and decoding data without having to deal with complex tools or programming languages. CyberChef encourages both technical and non-technical people to explore data formats, encryption and compression.
The Art of Code Comments
Sarah Drasner talked at JSConf Hawaii 2020 about how commenting code is a more nuanced thing than we give it credit for. There is just not one right way or one reason to write a comment. The talk will dig into some of the many beneficial types of comments that might all serve a different purpose, followed by patterns we might want to avoid.
Does Laravel Scale?
"Jack Ellis elaborates on the question whether Laravel or PHP can scale." People usually tell how awful PHP is but what I've recently used it (newer versions) it was just like any other backend framework. And as Hannemann writes "It’s a very powerful, professional language with a huge ecosystem and it can be used to serve fast, efficient, reliable and readable codebases." (from WDRL)
Atkinson Hyperlegible font
"Atkinson Hyperlegible is a typeface created in partnership with Braille Institute. It has been developed specifically to increase legibility for readers with low vision, and to improve comprehension." (from WDW)
Awesome Azure Penetration Testing
A collection of resources, tools and more for penetration testing and securing Microsoft's cloud platform. (from Cloud Security Reading List)
Important PostgreSQL 14 update to avoid silent corruption of indexes
"PostgreSQL 14.4 release fixes an issue with all versions of PostgreSQL 14 that can lead to silent corruption of indexes."
GitLab's Guide to All-Remote
Good writeup of remote work in GitLab, i.a. it's benefits and drawbacks and tips to better remote.
Honeycomb’s O’Reilly Book Observability Engineering
"Achieving Production Excellence by Charity Majors, Liz Fong-Jones, and George Miranda"
Set up a Terraform Pipeline with GitHub Actions and GitHub OIDC for AWS
A walkthrough of a Terraform pipeline setup. Most interesting for the use of OpenID Connect to remove the need for persistent credentials for AWS. (from Devops Weekly #590)
Terraform Best Practices for Better Infrastructure Management
Post which explores different best practices for Terraform and Infrastructure as Code, analyzes various options for handling and structuring Terraform projects, and shows how adopting helper tools could make our life easier. (from Cloud Security Reading List)
Observability 4 JVM Frameworks with Grafana in Java and Kotlin
(from Devops Weekly #591)
A Review of the AWS Security Model
AWS have released their own security maturity model, but does it stack up against what we're seeing in real-world attacks and in the approaches being suggested by the rest of the AWS security community? (from Cloud Security Reading List)
Security Overview of AWS Fargate
Amazon's own security overview of Fargate, which is helpful for new adopters and deepens understanding of Fargate for current users. (from Cloud Security Reading List)
Week 15 of 2022
Before leaving for a short Easter holiday here are some links to go through.
Top10 CI/CD Security Risks
Automagically Auditing GitHub (Actions) Security using OpenSSF Scorecards "How to use the OpenSSF Scorecards GitHub Action to audit your GitHub and GitHub Actions configuration, and a breakdown of some of the issues raised by it." (from Cloud Security Reading List)
Please put units in names
"There is one code readability trap that is easy to avoid once you are aware of it, yet the trap is pervasive: omitting units." (from Hacker Newsletter)
The Catalog of Design Patterns
Creational, Structural and Behavioral Patterns.
Java Development on an Apple M1 – A One Year Review
"Initial pitfalls when working with the Apple M1 and a collection of valuable tricks and workarounds for developing and testing Java applications." (from Hacker Newsletter)
An up-to-date guide on running Java applications in Docker containers
(from DevOps weekly)
A list of new(ish) command line tools
Maybe you should do less 'work'
Personal Goal Setting Playbook
"Setting personal goals can be used in many contexts to help people achieve tasks, objectives or improvements of any kind, big or small."
A Designer’s Guide to Documenting Accessibility & User Interactions
Understanding Figma’s interactive components feature
How to design better APIs
15 language-agnostic, actionable tips on REST API design. (from WDRL)
PHP: The Right Way
"An easy-to-read, quick reference for modern coding standards in PHP, trying to fight all the outdated and partially wrong solutions found on the web." (from WDRL)
Postgres Auditing in 150 lines of SQL
Or you can use pgAudit. (from Hacker Newsletter)
How to test if there is any element outside the viewport with Cypress
"How to use Cypress to create an automated test that checks if there is an element out of the viewport." (from CSS Weekly)
"Healthcheck is a dedicated monitoring and alerting system for cron, with a nice looking dashboard and various alerting options." (from DevOps Weekly #585)
Who watches the watchers?
"A look at using a dead-man's-switch to monitor other monitoring systems, with code examples for implementing on AWS with Prometheus and PagerDuty." (from DevOps Weekly #586)
Week 10 of 2022
"69% use TypeScript; React held the top spot for 6 years; Vue.js is on track to overtake Angular as the second place framework; 2021 has been the year of Vite with 98% satisfaction." (from WDW)
The baseline for web development in 2022
"Now that Internet Explorer seems to die really in June this year, so now we should focus on low-spec Android devices, older Safari versions or slow networks." (from WDRL)
Caching Header Best Practices
"Understanding caching is still one of the harder parts of the web and often disregarded." (from WDRL)
Buildpacks vs Jib vs Dockerfile: Comparing containerization methods
(from DevOps weekly)
Just say no to
Good reminder why :latest is bad practice.
Series: Unpacking Interview Questions
"A series sharing some of the questions I use when I interview for technical roles. I’ll unpack the question, when to ask it, and how to evaluate answers."
How Ikea tricks you into buying more stuff
Short notes on tech, week 7 of 2022
Frontend Predictions for 2022
AWS Elastic Kubernetes Service (EKS) Review
"If you are considering going with EKS, understand you are going to need to spend a lot of time reading before you touch anything. You need to make hard-to-undo architectural decisions early in the setup process." tl;dr; "If I were a very small company new to AWS I wouldn't touch this with a ten foot pole."
An Overview of Docker Desktop Alternatives
tl;dr; "minikube, microk8s, and podman". But "Is it really worth your team's time to deal with an alternative stack?"
FalsiScan: Make it look like a PDF has been hand signed and scanned
Career Advice Nobody Gave Me: Never Ignore a Recruiter
tl;dr; Good template for replying to recruiters. Or just use "Hey __. Before we move forward, can you provide me with the company name, a job description, and the expected compensation."
Atomic Design Methodology
Methodology to craft interface design systems: "Atoms, molecules, organisms, templates, and pages.
Component Driven User Interfaces
"The development and design practice of building user interfaces with modular components. UIs are built from the “bottom up” starting with basic components then progressively combined to assemble screens."
How to tame the devDependencies of your project?
tl;dr; Use mrm.
"tRPC allows you to easily build & consume fully typesafe APIs, without schemas or code generation."
Cypress vs Selenium vs Playwright vs Puppeteer speed comparison
tl;dr; Playwright is faster vs. Cypress. There's a good thread of Playwright vs. Puppeteer and about Cypress in the side on Hacker News.
How not to learn TypeScript
"Some mistakes people do when getting started with TypeScript." (from WDW)
Stories from the field
How I Got Pwned by My Cloud Costs
Troy Hunt keeps "Have I Been Pwned" service in Azure and is experienced with cloud but things doesn't always go like planned. Good story of setting safe guards. (from hackernewsletter)
"Find and copy special characters to your clipboard." (from WDW)
7 front-end interview processes I did in December 2021
"Several lessons and what front-end interviewing looks like today. Useful for those in search of a new job and teams who are looking to hire." (from WDW)
Week 2 of 2022
Software architecture patterns
Take a deep dive into several common software architecture patterns.
A collection of the best design practices. (from Web Design Weekly)
How to mentor software engineers
(from Hacker Newsletter)
Laws, Theories, Principles and Patterns that developers will find useful. (from Hacker Newsletter)
"Collective wisdom of the Write the Docs community around best practices for creating software documentation."
"The world's most hated IT stickers"
For a quick look what the career ladder could look like it's worth to check Rent the Runway (spreadsheet) which takes a fun D&D inspired Dex/Str/Wis/Cha stats based evaluation, corresponding to technical skill, productivity, impact, and communication/leadership. Management track is also included, with more focus on architecture, hiring, organizational skills, and leadership/salesmanship.
Week 50 of 2021
Developer Tools secrets that shouldn’t be secrets
Write-up of a talk at CityJS covering i.a. console.log and VS Code. (from Web Design Weekly)
2021 Design Tools Survey
Overview of the most used design tools during 2021
Meet The Man Who Shoots At Birds All Day To Keep Them Off A Toxic Pit
"If migrating species land on the Berkeley Pit for more than a few hours, they get cooked from the inside out. Now, miners use a rifle, drones, and lasers to scare the birds away."
Week 45 of 2021
Software Architecture Patterns: 5 minute read
Some of the most important parts of the Software Architecture Patterns by Mark Richards. (from Hackernewsletter)
React Aria: A headless UI component library
A library of React Hooks that provides accessible UI primitives for your design system. "You structure your DOM and css however you want, and react-aria provides hooks that return props to spread onto your elements to make them come alive."
"gamified experience to help you find your true love of coding fonts" (from Hackernewsletter)
How to improve your Docker containers security
"Containers are no security devices. That's why we've curated a set of easily actionable recommendations to improve your Docker containers security. Check out the one-page cheat sheet." (from Cloud Security Reading List)
Github Actions Security Best Practices
"Some of the key security concerns you should be aware of when using Github Actions. We will also cover the best practices that Salesforce Heroku follows." (from Cloud Security Reading List)
Attacking and Securing CI/CD Pipeline
"Comprehensive summary of both the attack methods often used against CI/CD pipelines and our insights in securing the CI/CD infrastructure." ATT&CK-like Threat Matrix for CI/CD Pipeline. (from Cloud Security Reading List)
Protect your open source project from supply chain attacks
tl;dr; Follow the SLSA framework and OpenSSF Scorecards rubric, and many can be implemented automatically by using the Allstar project. (from Cloud Security Reading List)
New language features since Java 8 to 17
Doing a job
"Human experience shows that people, not organizations or management systems, get things done."