In Defense of Package Managers

Open Source package managers are one of the most maligned pieces of software in common use today. I’m here to correct that criticism and tell developers that it’s not the package managers you hate — it’s what they’ve made you become. This contains a bit of a history lesson to explain how we got here today, as well as what I think the package management world will look like in the future.

Source: In Defense of Package Managers, an article by Dan Lorenc.

6 Command Line Tools for Productive Programmers

Lately, I’ve been doing a lot more things at the command line. I’m not a hard-core terminal guy – I use VSCode more than Vim – but I’m always surprised at the number of complex tasks that can be done using just the POSIX standard command-line tools like grep, cat and sort.

Tools are powerful. A good tool makes work easier and faster, and a great tool unlocks new abilities: Previously impossible things become possible and sometimes easy.

As I’ve learned more, I’ve been adding some new tools to my command-line toolbox, and in this article, I’d like to share some I’ve found valuable.

Source: 6 Command Line Tools for Productive Programmers, an article by Adam Gordon Bell.

Cleaning Up Git History

A clean git commit history is often underrated and can be immensely useful to ease code reviews and understand changes in the future (potentially in the midst of an outage).

Of course we are talking about the final history here as committed to the shared repository, not the intermediate history while we are working on the code. Sometimes the intermediate history is good enough to be pushed directly, but this is actually fairly rare.

Cleaning up the history might seem tedious at first for marginal cosmetic benefits, but it gets much easier and faster with practice. Here I am collecting some tips for cleaning up a git commit history before publishing it to others, for example in the form of a pull request.

Source: Cleaning Up Git History, an article by Robin Schroer.

Life of a Container

I have been programming for almost six years now and have used containers for nearly the entirety of that time. For what comes with being a programmer, curiosity got the better of me and I started asking around the question, that what is a container?

Source: Life of a Container, an article by Indradhanush Gupta.

Python's collections: A Buffet of Specialized Data Types

Python’s collections module provides a rich set of specialized container data types carefully designed to approach specific programming problems in a Pythonic and efficient way. The module also provides wrapper classes that make it safer to create custom classes that behave similar to the built-in types dict, list, and str.

Learning about the data types and classes in collections will allow you to grow your programming tool kit with a valuable set of reliable and efficient tools.

Source: Python's collections: A Buffet of Specialized Data Types, an article by Leodanis Pozo Ramos.

Taking Months to Bits

A calendar system is an attempt to make sense of the passing of time with respect to astronomical phenomena — the positioning of the Sun, the Moon and the stars with respect to our unfixed and moveable Earth. It is perhaps ironic, then, that the widely used Gregorian calendar system is a cobbled-together mishmash that better reflects the arbitrariness of history than it does either celestial order or logical consistency.

Source: Taking Months to Bits. A calendrical journey into low-level programming, an article by Kevlin Henney.

Netcat - All you need to know

Netcat is a tool that reads and writes data across network connections, using TCP or UDP protocol. Netcat has been referred to as the TCP/IP / networking swiss army knife. In this article we’ll look at different applications of netcat and how it can be useful in day to day activities of a pentester, security professional, sysadmin etc…

Source: Netcat - All you need to know, an article by Michael Ikua.

The Black Prism

Guile is the Prism. He is high priest and emperor, a man whose power, wit, and charm are all that preserves a tenuous peace. Yet Prisms never last, and Guile knows exactly how long he has left to live.

When Guile discovers he has a son, born in a far kingdom after the war that put him in power, he must decide how much he's willing to pay to protect a secret that could tear his world apart.

In the evening I started in The Black Prism, Lightbringer book 1 by Brent Weeks. I've already read the Night Angel trilogy by the same author and liked this trilogy a lot so I have high expectations of this series.

My First CSS

CSS can be hard to grasp when you're starting out. It can seem like magic wizardry and you can very easily find yourself playing whack-a-mole adjusting one property only to have something else break. It is frustrating, and that was my experience for quite a long time before things suddenly seemed to "click".

Reflecting back on this time, I think there are a few key concepts that were vital to things finally all making sense and fitting together. These were:

  • The Box Model (e.g. box-sizing, height, width, margin, padding)
  • Layout (e.g. display)
  • Document Flow and Positioning (e.g. position, top, left, etc.)

There are also some useful concepts to keep in mind when building reusable and composable components.

Source: My First CSS, an article by Nathan Hardy.

Shell Field Guide

This booklet is intended to be a catalog of tricks and techniques you may want to use if you're doing some sort of complex scripting. Some are just useful, some are more playful, and might not have such direct impact in your day-to-day life. Some are pure entertainment. You'll have to judge by yourself which things belong to which category. I'll try to keep the rhetoric to the minimum to maximize signal/noise.

Source: Shell Field Guide, an article by Raimon Grau.

A beginner’s guide to kerning like a designer

Have you ever looked at a word or phrase you’re typesetting and something just looked off about it? It might just be a kerning problem. Kerning refers to the amount of space between two letters (or other characters: Numbers, punctuation, etc.) and the process of adjusting that space to avoid awkward-­looking gaps between your letters and improve legibility. In this article, we will outline how to kern like a professional designer.

Source: A beginner’s guide to kerning like a designer, an article by Janie Kliever.

Dark patterns in UX

Dark Patterns are deceptive UX/UI interactions, designed to mislead or trick users to make them do something they don’t want to do. This term was coined in 2010 after the boom of ecommerce industries on the web. In order to generate more sales, get subscriptions, and hit target numbers in transactions etc., designers and business associates started creating deceiving user interfaces to manipulate users.

Source: Dark patterns in UX: how designers should be responsible for their actions, an article by Arushi Jaiswal.

CSS: Avoid horizontal scrolling

I view at least half the written content I consume via my mobile phone, which belongs to the class of phones with a slightly smaller than average screen. In fact, it’s width as reported by the Firefox and Chrome viewport simulators is 375 pixels wide, small but not tiny. And yet many websites I visit hinder my mobile viewing experience because of a rather simple issue: horizontal scrolling.

Source: CSS: Avoid horizontal scrolling, an article by Ben Fiedler.

Luca (2021)

On the Italian Riviera, an unlikely but strong friendship grows between a human being and a sea monster disguised as a human.

In the afternoon we watched Luca. I liked the movie and give it an 8 out of 10.

Zip - How not to design a file format

The Zip file format is now 32 years old. You'd think being 32 years old the format would be well documented. Unfortunately it's not.

I have a feeling this is like many file formats. They aren't designed, rather the developer just makes it up as they go. If it gets popular other people want to read and/or write them. They either try to reverse engineer the format OR they ask for specs. Even if the developer writes specs they often forget all the assumptions their original program makes. Those are not written down and hence the spec is incomplete. Zip is such a format.

Source: Zip - How not to design a file format, an article by Gregg Tavares.

Images are hard

Putting images on websites is incredibly simple, yes? Actually, yes, it is. You use and link it to a valid source in the src attribute and you’re done. Except that there are (counts fingers) 927 things you could (and some you really should) do that often go overlooked.

Source: Images are hard, an article by Chris Coyier.

Beautiful ideas in programming: generators and continuations

In this post, I’ll summarize what I’ve learned from an attempt to gain a deeper understanding of two important concepts in programming: Python’s generators and Scheme’s continuation. The aim is not to teach Python or Scheme programming. Rather, what I want to do is to demonstrate that generators are special cases of a much more powerful construct - continuations. Continuations allow programmers to invent new control structures, and it is the foundation upon which iterators, generators, coroutines, and many other useful constructs can be built. I have found it very useful to understand how generators work from the deeper and broader perspective of continuations.

Source: Beautiful ideas in programming: generators and continuations, an article by Hsin-Hao Yu.

Planning & estimating large-scale software projects

This weekend I was talking with a friend about how I'd planned and estimated a huge software project in one of my previous jobs. By that I mean not something which can be done by a single team in a sprint or two, but something which requires several teams, across several quarters of effort, involving many other departments of non-engineering team members.

Source: Planning & estimating large-scale software projects, an article by Tom Russell.

dockerizing a Node.js application

Docker is one of the tools that has simplified and eased the development of applications amongst teams. The application is being packaged in a container shipped and run giving the developers a better experience during development, testing, and deployment. This container is being created using a Docker image where all the application’s dependencies and runtime information are required to run it.

In recent years, developers have embraced this approach because they do not need to worry about installing all dependencies on their system. What is needed is just Docker on their computer.

This article will detail the steps to follow whenever we want to Dockerize our application with Node.js. With that, we mean to achieve the smooth development experience Docker provides. This article will not focus on explaining what Docker is but we will look at a few reasons why we would want to Dockerize our application.

Source: How JavaScript Works: dockerizing a Node.js application, an article by Victor Jonah.

My Fanless OpenBSD Desktop

After the disappointment of my X1 Nano and learning that all future Intel “Evo”-branded laptops would lack S3 suspend, I started thinking about returning to my M1 MacBook full-time or building an OpenBSD desktop. I chose the latter, building my first desktop machine in many years.

Source: My Fanless OpenBSD Desktop, an article by Joshua Stein.

The four noisy horsemen of Perl hate

I publish Perl stories on this blog once a week, and it seems every time there’s at least one response on social media that amounts to, “I hate Perl because of its weird syntax.” Or, “It looks like line noise.” (Perl seems to have outlasted that one — when’s the last time you used an acoustic modem?) Or the quote attributed to Keith Bostic: “The only language that looks the same before and after RSA encryption.”

So let’s address, confront, and demystify this hate. What are these objectionable syntactical, noisy, possibly encrypted bits? And why does Perl have them?

Source: The four noisy horsemen of Perl hate, an article by Mark Gardner.

A Fast Intro to Git Internals

Many git tutorials focus on a set of commands and instructions to “get you up to speed” in git, without addressing the underlying concept of “how git works”. While the commands are important, I feel it’s more important for you to understand what’s going on behind the scenes.

Source: Fast Intro to Git Internals.

systemd socket activation

My last post on this topic caught some attention, so I’m going to continue exploring some of the systemd features that may be useful to people writing network services. Here are some more things about socket activation I didn’t cover in the previous post.

Firstly, it’s not something that needs a binding to a specific library to work (although systemd does make one available for this task). It uses conventions that already exist in Unix, and have done for a long time. The network sockets are presented as file descriptors, and some information about them as environment variables.

Source: systemd socket activation, an article by Michael Maclean.

Jumping into journald

On many Linux systems, systemd-journald runs as a daemon at boot and collects your logs. You can access them through journalctl but it turns out journald is a lot more complicated then just sending something to a text file. I’ll look at two main things here: What kind of information is included in a journald entry and how these entries get from programs to journald.

Source: Jumping into journald, an article by Artemis Tosini.

How To Learn Stuff Quickly

It's often said that the internet has democratized education: the sum of human knowledge is only a Google search away! And yet, having access to information is only half of the story; you also need to be able to convert raw information into usable skills.

Source: How To Learn Stuff Quickly, an article by Josh W Comeau.

Regex Legends: The People Behind the Magic

Many people have contributed to developing and promoting the use of regular expressions since they were invented about half a century ago. Here's a short list of some of the most influential people behind the technology. I've written this up for two reasons:

  1. For people who've only gotten into the technology recently but are interested in some of the history and pioneers behind it.
  2. Since I fit the above description, I'm hoping readers will help fill me in on other people I've forgotten about or otherwise left out.

Source: Regex Legends: The People Behind the Magic, an article by Steven Levithan.

Paranoid NixOS Setup

Most of the time you can get away with a fairly simple security posture on NixOS. Don't run services as root, separate each service into its own systemd units, don't run packages you don't trust the heritage of and most importantly don't give random people shell access with passwordless sudo.

Sometimes however, you have good reasons to want to lock everything down as much as humanly possible. This could happen when you want to create production servers for something security-critical such as a bastion host. In this post I'm going to show you a defense-in-depth model for making a NixOS server that is a bit more paranoid than usual, as well as explanations of all the moving parts.

Source: Paranoid NixOS Setup, an article by Christine Dodrill.

Git is Below Your Project

I’ve sometimes seen people asking about dependency management, hooks, tracking bugs and other sort of higher level (to me) things than git provides. You can see this if you look at stackoverflow questions about submodules. What’s wrong with submodules? Well, compared to what exactly? When I do a clone of a project and run yarn install, it gives me a list of CVEs that match. When I do a bundle exec it loads my project and has an opportunity (with a very high level of context) to tell me that I’ve forgotten to run migrations or run yarn update in a while. You don’t get this with git. Maybe these examples are too web-tech specific. But I’d like to suggest that this pattern will probably apply to Go, Rust and whatever else. Git is below your project and your project is trying to get better stuff done. So stop trying to solve your problem with Git and listen to how a few other communities do their thing.

Source: Git is Below Your Project, an article by Chris Dillon.

Inserting One Billion Rows in SQLite

Recently, I ran into a situation where I needed a test database with lots of rows and needed it fast. So I did what any programmer would do: wrote a Python script to generate the DB. Unfortunately, it was slow. Really slow. So I did what any programmer would do: went down the rabbit hole of learning more about SQLite, Python, and eventually Rust… in my quest to get a 1B row database under a minute. This blog post is a summary of this fun and educational exercise.

Source: Inserting One Billion Rows in SQLite Under A Minute.

The perils of M1 Ownership

In the next few days those using M1 Macs will be updating to Big Sur 11.5, blissfully ignorant of how, as an admin user, their Mac could refuse to update. Because now, in addition to regular users, admin users and root, there’s another class of admin user: the Owner. Let me explain.

Source: Last Week on My Mac: The perils of M1 Ownership, an article by Howard Oakley.