a tumblelog

Pipenv and Poetry: Benchmarks & Ergonomics II

Let's take a look at how Pipenv and Poetry stack up after eight months of development, first at their current versions, then ergonomic enhancements, and finally benchmarks.

Source: Pipenv and Poetry: Benchmarks & Ergonomics II, an article by John Franey.

6 steps to writing better CSS

The goal of good CSS should be to write simple, modular and, most importantly, easily maintainable rules. Here we give you some simple and smart rules to help you create and maintain a healthy codebase.

Source: 6 steps to writing better CSS, an article by Kyle Tranel.

How to port an awk script to Python

Before porting an awk script to Python, it is often worthwhile to consider its original context. For example, because of awk's limitations, the awk code is commonly called from a Bash script and includes some calls to other command-line favorites like sed, sort, and the gang. It's best to convert all of it into one coherent Python program. Other times, the script makes overly broad assumptions; for example, the code might allow for any number of files, even though it's run with only one in practice.

After carefully considering the context and determining the thing to substitute with Python, it is time to write code.

Source: How to port an awk script to Python, an article by Moshe Zadka.

Let's Go: Object-Oriented Programming in Golang

In this tutorial you'll learn about all the intricacies of object-oriented design in Go, how the pillars of object-oriented programming like encapsulation, inheritance, and polymorphism are expressed in Go, and how Go compares to other languages.

Source: Let's Go: Object-Oriented Programming in Golang, a tutorial by Gigi Sayfan.

Why office noise bothers some people more than others

No one likes an office whistler or pen clicker – but for some people, these noises aren’t just a nuisance, they’re a full-blown aural assault. Why?

Source: Why office noise bothers some people more than others, an article by Zaria Gorvett.

Pandas GroupBy: Your Guide to Grouping Data in Python

Whether you’ve just started working with Pandas and want to master one of its core facilities, or you’re looking to fill in some gaps in your understanding about .groupby(), this tutorial will help you to break down and visualize a Pandas GroupBy operation from start to finish.

Source: Pandas GroupBy: Your Guide to Grouping Data in Python, an article by Brad Solomon.

How containers work: overlayfs

I wrote a comic about overlay filesystems for a potential future container zine this morning, and then I got excited about the topic and wanted to write a blog post with more details.

Source: How containers work: overlayfs, an article by Julia Evans.

The Value in Go's Simplicity

After using Go for a couple years, I’ve really come to appreciate its simplicity. I started writing Go at work a couple months ago, and have found it really easy to iterate on – much more so than Python and Java.

Source: The Value in Go's Simplicity, an article by Benjamin Congdon.

Autism And Intelligence: Much More Than You Wanted To Know

Several studies have shown a genetic link between autism and intelligence; genes that contribute to autism risk also contribute to high IQ. But studies show autistic people generally have lower intelligence than neurotypical controls, often much lower. What is going on?

Source: Autism And Intelligence: Much More Than You Wanted To Know, an article by Scott Alexander.

When to use pointers in Go

One of my pet peeves is finding places in Go code where pointers are being used, when it’d be better if they weren’t. I think one of the major misconceptions of where you want to use pointers comes from the idea that a pointer in Go is pretty much like a pointer in C.

Source: When to use pointers in Go, an article by Dylan Meeus.

In Defense of Utility-First CSS

“Favor composition over inheritance”. This piece of wisdom from Design Patterns, one of the most influential software engineering books, is the foundation of utility-first CSS. It also shares many principles with functional programming: immutability, composability, predictability, and avoidance of side-effects. The goal behind all those fancy terms is to write code that’s easier to maintain and to scale.

Source: In Defense of Utility-First CSS, an article by Sarah Dayan.

Mexico City’s ‘walking fish’

While gaining traction as a symbol of Mexico City, these curious amphibians offer hope for healing the human body, but face near extinction in the wild.

Source: Mexico City’s ‘walking fish’, an article by Megan Frye.

CSS Utility Classes and "Separation of Concerns"

Over the last several years, the way I write CSS has transitioned from a very "semantic" approach to something much more like what is often called "functional CSS."

Writing CSS this way can evoke a pretty visceral reaction from a lot of developers, so I'd like to explain how I got to this point and share some of the lessons and insights I've picked up along the way.

Source: CSS Utility Classes and "Separation of Concerns", an article by Adam Wathan.

The perils of functional CSS

Functional CSS is a contentious topic, and one that regularly generates heated comment thread debate. In such situations, it can be tricky to tease out the hyperbole from the measured opinion.

Here’s my view on the subject, based on my recent experimentations with the approach during a project to build a web application.

Source: The perils of functional CSS , an article by Jay Freestone.

How To Set Up Nginx with HTTP/2 Support

HTTP/2 is a new version of the Hypertext Transport Protocol, which is used on the Web to deliver pages from server to browser.

Source: How To Set Up Nginx with HTTP/2 Support on Ubuntu 18.04, an article by Brian Hogan.

In the evening I modified the NGINX configuration for Plurrrr to support HTTP/2 using the above article. This resulted in a Lighthouse mobile audit Performance score of 100 and a Best Practices score of 100.

Lighthouse mobile audit score for Plurrrr
Lighthouse mobile audit score for Plurrrr.

The low SEO score is in part caused by Plurrrr having an empty robots.txt file. According to Lighthouse:

robots.txt is not valid Lighthouse was unable to download a robots.txt file

An empty robots.txt is not valid
An empty robots.txt is not valid.

However, Google's Robots.txt Testing Tool reports 0 errors and 0 warnings. I reported what I consider a bug as Empty robots.txt is reported as not valid to the Google Chrome Lighthouse project.

We reduced our Docker images by 60% with –no-install-recommends

Here at Canonical, we use Dockerfiles on a daily basis for all our web projects. Something that caught our attention recently was the amount of space that we were using for each Docker image, and we realized that we were installing more dependencies than we needed.

In this article, I’ll explain how we improved our image build time and reduced the image size by using the flag --no-install-recommends in our Dockerfiles.

Source: We reduced our Docker images by 60% with –no-install-recommends, an article by Francisco Jiménez Cabrera.

Raku Guide

This document is intended to give you a quick overview of the Raku programming language. For those new to Raku, it should get you up and running.

Source: Raku Guide, an article by Naoum Hankache.

Object Oriented Programming in Python 3

Python provides very clean object oriented design syntax. With the help of certain keywords, we can program the code by visualizing it as real world object. This chapter will not cover all object oriented programming concepts. However, it will teach you how to design an object oriented program in Python.

Source: Object Oriented Programming - Part I, part of a Python 3 Tutorial by Satya Jugran.

Why You Shouldn’t be Using BCrypt and Scrypt

I start by saying that this is certainly an opinion piece. However it’s not just pure opinion. My opinion on this subject is backed by a mathematical analysis of hashing algorithms. There are certainly some complicating factors that may be argued to influence the described scenario in all reality. However, given that I believe the core logic holds, a strong argument may be made against the use of B/S-crypt.

Source: Why You Shouldn’t be Using BCrypt and Scrypt, an article by Ben Prime.

Strange but True: Cats Cannot Taste Sweets

Sugar and spice and everything nice hold no interest for a cat. Our feline friends are only interested in one thing: meat (except for saving up the energy to catch it by napping, or a round of restorative petting) This is not just because inside every domestic tabby lurks a killer just waiting to catch a bird or torture a mouse, it is also because cats lack the ability to taste sweetness, unlike every other mammal examined to date.

Source: Strange but True: Cats Cannot Taste Sweets, an article by David Biello.

Why Some People Get Sick From the Flu Shot

It seems that there are two main thinking camps when it comes to the flu shot.

  1. Either you believe that the flu shot absolutely causes the flu and you should never take it, or…
  2. You believe it’s actually impossible to get the flu from the flu shot, and that anyone who disagrees probably also thinks the flat earth climate changed on 9/11.

As it turns out, the truth is more nuanced but still very simple.

Source: Why Some People Get Sick From the Flu Shot, an article by Daniel Miessler.

Debugging Software Deployments with strace

Most of my paid work involves deploying software systems, which means I spend a lot of time trying to answer the following questions:

  • This software works on the original developer’s machine, so why doesn’t it work on mine?
  • This software worked on my machine yesterday, so why doesn’t it work today?

That’s a kind of debugging, but it’s a different kind of debugging from normal software debugging. Normal debugging is usually about the logic of the code, but deployment debugging is usually about the interaction between the code and its environment. Even when the root cause is a logic bug, the fact that the software apparently worked on another machine means that the environment is usually involved somehow.

So, instead of using normal debugging tools like gdb, I have another toolset for debugging deployments. My favourite tool for “Why isn’t this software working on this machine?” is strace.

Source: Debugging Software Deployments with strace, an article by Simon Arneaud.

A neat static microsite generator

Today I noticed that user jeffsj of added a link to the GitHub repository of tumblelog to his November 2019 link dump. The anchor text used is "A neat static microsite generator"; thanks!

A neat static microsite generator
A neat static microsite generator.

A Black Cat on the Bridge Railing

In the afternoon, when taking some fresh air, I spotted a black cat resting on the railing of a bridge. When I petted it, it started to move around on top of the railing. I took a photo when it was standing still for a short moment.

a black cat standing on the railing of a bridge
A black cat standing on the railing of a bridge.

Lightweight To-Do list formatting

I recently ran across the todo.txt format project, which allows use to use plain text action item lists to create and manage your projects. I love the simplicity of the idea but there were a number of items that prevented me from wholeheartedly adopting it.

Source: Lightweight To-Do list formatting, an article by Erica Sadun.

Remote Working: The Ultimate Guide

There is no single formula for how to become an efficient remote worker. Everyone will work at different times and have different tips on how to make the most of their time. Indeed, one of the major benefits of remote work is the flexibility it affords. That said, there are a few common practices you can expect to use as a remote worker.

Source: Remote Working: The Ultimate Guide, a guide by James Gallagher.

Caching Tutorial for Web Authors and Webmasters

This is an informational document. Although technical in nature, it attempts to make the concepts involved understandable and applicable in real-world situations. Because of this, some aspects of the material are simplified or omitted, for the sake of clarity. If you are interested in the minutia of the subject, please explore the References and Further Information at the end.

Source: Caching Tutorial for Web Authors and Webmasters, an article by Mark Nottingham.

Guide to Fuzzy Matching with Python

This post is going to delve into the textdistance package in Python, which provides a large collection of algorithms to do fuzzy matching.

Source: Guide to Fuzzy Matching with Python, a guide by Andrew Treadway.

Lesser known Docker tips for advanced users

I've lately been tasked with migrating a classic .Net business web API to .NET Core. One of the goals of this migration was to host the API inside a Linux system using Docker containers. It was quite a long and enjoyable journey. Now that it's all done, I thought I'd share some interesting Docker bits I learned along the way.

Source: Lesser known Docker tips for advanced users, an article by Anas Mazioudi.

Avoid OR for better PostgreSQL query performance

PostgreSQL query tuning is our daily bread at Cybertec, and once you have done some of that, you’ll start bristling whenever you see an OR in a query, because they are usually the cause for bad query performance.

Of course there is a reason why there is an OR in SQL, and if you cannot avoid it, you have to use it. But you should be aware of the performance implications.

In this article I’ll explore “good” and “bad” ORs and what you can do to avoid the latter.

Source: avoid OR for better PostgreSQL query performance, an article by Laurenz Albe.

Finding a memory leak in a Go app with cgo bindings

Usually, finding a leak in Go apps is rather trivial thanks to the built-in profiling tool that comes with Go. go tool pprof with a minimum setup steps will show you all recent allocations and the overview of the memory heap. Our case turned out to be a lot more interesting.

Source: Finding a memory leak in a Go app with cgo bindings · Kir Shatrov, an article by Kir Shatrov.

When to Use a List Comprehension in Python

Python is famous for allowing you to write code that’s elegant, easy to write, and almost as easy to read as plain English. One of the language’s most distinctive features is the list comprehension, which you can use to create powerful functionality within a single line of code. However, many developers struggle to fully leverage the more advanced features of a list comprehension in Python. Some programmers even use them too much, which can lead to code that’s less efficient and harder to read.

Source: When to Use a List Comprehension in Python, a tutorial by James Timmins.

Postgres is a great pub/sub & job server

If you're making any project of sufficient complexity, you'll need a publish/subscribe server to process events. This article will introduce you to Postgres, explain the alternatives, and walk you through an example use case of pub/sub and its solution.

Source: System design hack: Postgres is a great pub/sub & job server, an article by Colin Chartier.

Staticcheck in Action

Staticcheck is a static analysis tool for Go code. It has various checks, such as a check for unused variables, a check for deferring the Lock method on a mutex right after locking (the user probably meant to defer Unlock instead), a check for unreachable code, and more.

In this post we'll show sample code for which staticcheck returns errors, and how to fix the affected code.

Source: Staticcheck in Action, an article by Shawn Smith.

The problems with piping curl to a shell are system management ones

I was recently reading Martin Tournoij's Curl to shell isn't so bad (via), which argues that the commonly suggested approach of using 'curl | sh' is not the security hazard that it's often made out to be. Although it may surprise people to hear this, I actually agree with the article's core argument. If you're going to download and use source code (with its autoconfigure script and 'make install' and so on) or even pre-build binaries, you're already extending quite a lot of trust to the software's authors. However, I still don't think you should install things with curl to shell. There are two reasons not to, one a general system management one and one a pragmatic one about what people do in these scripts.

Source: The problems with piping curl to a shell are system management ones, an article by Chris Siebenmann.

Why Is Category Theory a Trending Topic?

Recently, various scientific media have been paying attention to a branch of mathematics called “category theory” that has become pretty popular inside the mathematical community in recent years. Some mathematicians are even starting to complain on Twitter that more people are tweeting about category theory than their own specialties. But what is this branch of mathematics, and why is it becoming so fashionable?

Source: Why Is Category Theory a Trending Topic?, an article by John Baez.

The Night Fire: excellent

After midnight I finished The Night Fire, a Renée Ballard and Harry Bosch novel by Michael Connelly. An excellent read, highly recommended.

Salvation Lost

In the afternoon I started in Salvation Lost, The Salvation Sequence Book 2 by Peter F. Hamilton. I liked the first book in the sequence a lot, so I have high expectations for this sequel.

Curl to shell isn't so bad

Piping curl to s(hell) claims that using curl | sh to install software is a “glaring security vulnerability”. I’ve seen this claim many times in other places as well, with strong terms like “malpractice”.

I don’t get it. you’re not running some random shell script from a random author, you’re running it from a software vendor who you already trust to run software. Are you going to audit all of oh-my-zsh? Probably not. So why give extra gravity to their install script? If you trust oh-my-zsh, then why distrust their install script?

Source: Curl to shell isn't so bad, an article by Martin Tournoij.

Go Turns 10

This weekend we celebrate the 10th anniversary of the Go release, marking the 10th birthday of Go as an open-source programming language and ecosystem for building modern networked software.

Source: Go Turns 10, an article by Russ Cox.

Basic troubleshooting with telnet and netcat

In the early years of computing, telnet was used to connect to the command line on remote systems. SSH has replaced telnet for remote access needs, and these days when you hear about telnet, it is usually when somebody is using the client as a generic network troubleshooting tool.

That’s because, in troubleshooting sessions, sysadmins turn to telnet and netcat to test connectivity to service offerings.

Source: Basic troubleshooting with telnet and netcat, an article by Dustin Minnich.

Coincidentally, today I used nc because macOS Mojave doesn't come with telnet out of the box.

OpenWrt on TP-Link TL-WDR4300

Today I flashed a second hand TP-Link TL-WDR4300 bought online on Tuesday with OpenWrt 18.06.4. I took some notes while doing this which I turned into a blog post in the evening: Flashing a TP-Link TL-WDR4300 with OpenWrt firmware

Parse, don’t validate

about a month ago, I was reflecting on Twitter about the differences I experienced parsing JSON in statically- and dynamically-typed languages, and finally, I realized what I was looking for. Now I have a single, snappy slogan that encapsulates what type-driven design means to me, and better yet, it’s only three words long:

Parse, don’t validate.

Source: Parse, don’t validate, an article by Alexis King.

HTTP Security Headers - A Complete Guide

In this article, I will walk through the commonly evaluated headers, recommend security values for each, and give a sample header setting. At the end of the article, I will include sample setups for common applications and web servers.

Source: HTTP Security Headers - A Complete Guide, a guide by Charlie Belmer.

Mozilla Observatory scan summary
Mozilla Observatory scan summary; an A+ for Plurrrr.

Using this guide and Mozilla Observatory I managed to get Plurrrr from an F to an A+.

Note that the guide has syntax errors in the NGINX configuration example. At least, at the time of writing, I had to remove the colon after each header name and had to put some values between double quotes.