Open Source package managers are one of the most maligned pieces of software in common use today. I’m here to correct that criticism and tell developers that it’s not the package managers you hate — it’s what they’ve made you become. This contains a bit of a history lesson to explain how we got here today, as well as what I think the package management world will look like in the future.
Source: In Defense of Package Managers, an article by Dan Lorenc.
Initially used for simple metadata, HTTP headers now play an important role in the vast field that web security is.
Setting up HTTP security headers is the quickest, less expensive, and probably the most effective way to secure a web application today. Here is how.
Source: HTTP Security Headers: Why? How? What?, an article by Sylvain Kerkour.
Macros are one of the ways to extend Rust syntax. As The Book calls it, “a way of writing code that writes other code”. Here, I will talk about declarative macros, or as it is also called, macros by example. Examples of declarative macros are
vec!,println!andformat!.
Source: First steps with Rust declarative macros!, an article by Roger Torres Paes.
We recently integrated new functionality into our CrowdStrike Falcon sensor that was implemented in Rust. Rust is a relatively young language with several features focused on safety and security. Calling Rust from C++ was relatively straightforward, but one stumbling block we’ve run into is how Rust deals with out-of-memory (OOM) conditions.
Source: Dealing with Out-of-memory Conditions in Rust, an article by John Gallagher
Lately, I’ve been doing a lot more things at the command line. I’m not a hard-core terminal guy – I use VSCode more than Vim – but I’m always surprised at the number of complex tasks that can be done using just the POSIX standard command-line tools like
grep,catandsort.Tools are powerful. A good tool makes work easier and faster, and a great tool unlocks new abilities: Previously impossible things become possible and sometimes easy.
As I’ve learned more, I’ve been adding some new tools to my command-line toolbox, and in this article, I’d like to share some I’ve found valuable.
Source: 6 Command Line Tools for Productive Programmers, an article by Adam Gordon Bell.
Extensions in Swift are great. We can extend structs, classes, enums, etc., whether we own the code or not, in almost any way we need. This enables us to do easier initializations, mapping, convenience functions, protocol implementation (one of my favorites) and more. There is only one problem.
Source: Responsible code sharing using the power of protocol extensions, an article by Kamil Tustanowski.
Containers are no security devices. That's why we've curated a set of easily actionable recommendations to improve your Docker containers security.
Source: How to improve your Docker containers security, an article by Thomas Segura.
In Basics of ZFS Snapshot Management, we demonstrated how snapshots and clones can be used to access data from a given point in time. In this article, we’ll learn how ZFS boot environments (BEs) are used to boot the operating system itself into a previous point in time.
Source: Let’s Talk OpenZFS Snapshots.
Swift 5.5 introduces a new concept called “effectful read-only properties”, which essentially means that computed properties can now utilize control flow mechanisms like errors and async operations when computing their values.
Source: Throwing and asynchronous Swift properties, an article by John Sundell.
A clean git commit history is often underrated and can be immensely useful to ease code reviews and understand changes in the future (potentially in the midst of an outage).
Of course we are talking about the final history here as committed to the shared repository, not the intermediate history while we are working on the code. Sometimes the intermediate history is good enough to be pushed directly, but this is actually fairly rare.
Cleaning up the history might seem tedious at first for marginal cosmetic benefits, but it gets much easier and faster with practice. Here I am collecting some tips for cleaning up a git commit history before publishing it to others, for example in the form of a pull request.
Source: Cleaning Up Git History, an article by Robin Schroer.
I have been programming for almost six years now and have used containers for nearly the entirety of that time. For what comes with being a programmer, curiosity got the better of me and I started asking around the question, that what is a container?
Source: Life of a Container, an article by Indradhanush Gupta.
Python’s collections module provides a rich set of specialized container data types carefully designed to approach specific programming problems in a Pythonic and efficient way. The module also provides wrapper classes that make it safer to create custom classes that behave similar to the built-in types dict, list, and str.
Learning about the data types and classes in collections will allow you to grow your programming tool kit with a valuable set of reliable and efficient tools.
Source: Python's collections: A Buffet of Specialized Data Types, an article by Leodanis Pozo Ramos.
A calendar system is an attempt to make sense of the passing of time with respect to astronomical phenomena — the positioning of the Sun, the Moon and the stars with respect to our unfixed and moveable Earth. It is perhaps ironic, then, that the widely used Gregorian calendar system is a cobbled-together mishmash that better reflects the arbitrariness of history than it does either celestial order or logical consistency.
Source: Taking Months to Bits. A calendrical journey into low-level programming, an article by Kevlin Henney.
In the early afternoon I finished Stories of Your Life and Others by Ted Chiang. I liked all the stories; they are good. The ones I liked the most are Story of Your Life and Seventy-Two Letters.
So when we say PostgreSQL is the "batteries included database," this is just one reason why. With Postgres, you don't need to immediately look farther than your own database management system for a full-text search solution. If you haven't yet given Postgres' built-in full-text search a try, read on for a simple intro.
Source: Postgres Full-Text Search: A Search Engine in a Database, an article by Kat Batuigas.
Netcat is a tool that reads and writes data across network connections, using TCP or UDP protocol. Netcat has been referred to as the TCP/IP / networking swiss army knife. In this article we’ll look at different applications of netcat and how it can be useful in day to day activities of a pentester, security professional, sysadmin etc…
Source: Netcat - All you need to know, an article by Michael Ikua.
This article describes several unstable Rust compiler features. It is intended to explain the basics of these features without diving into too much detail.
Source: Awesome Unstable Rust Features, an article by Ethan Brierley.
Guile is the Prism. He is high priest and emperor, a man whose power, wit, and charm are all that preserves a tenuous peace. Yet Prisms never last, and Guile knows exactly how long he has left to live.
When Guile discovers he has a son, born in a far kingdom after the war that put him in power, he must decide how much he's willing to pay to protect a secret that could tear his world apart.
In the evening I started in The Black Prism, Lightbringer book 1 by Brent Weeks. I've already read the Night Angel trilogy by the same author and liked this trilogy a lot so I have high expectations of this series.
CSS can be hard to grasp when you're starting out. It can seem like magic wizardry and you can very easily find yourself playing whack-a-mole adjusting one property only to have something else break. It is frustrating, and that was my experience for quite a long time before things suddenly seemed to "click".
Reflecting back on this time, I think there are a few key concepts that were vital to things finally all making sense and fitting together. These were:
- The Box Model (e.g.
box-sizing,height,width,margin,padding)- Layout (e.g.
display)- Document Flow and Positioning (e.g.
position,top,left, etc.)There are also some useful concepts to keep in mind when building reusable and composable components.
Source: My First CSS, an article by Nathan Hardy.
This booklet is intended to be a catalog of tricks and techniques you may want to use if you're doing some sort of complex scripting. Some are just useful, some are more playful, and might not have such direct impact in your day-to-day life. Some are pure entertainment. You'll have to judge by yourself which things belong to which category. I'll try to keep the rhetoric to the minimum to maximize signal/noise.
Source: Shell Field Guide, an article by Raimon Grau.
Have you ever looked at a word or phrase you’re typesetting and something just looked off about it? It might just be a kerning problem. Kerning refers to the amount of space between two letters (or other characters: Numbers, punctuation, etc.) and the process of adjusting that space to avoid awkward-looking gaps between your letters and improve legibility. In this article, we will outline how to kern like a professional designer.
Source: A beginner’s guide to kerning like a designer, an article by Janie Kliever.
Linux distributions are great to use and they have some tricks under their sleeves which users may not be aware of. Let’s have a look at some command line utilities which really come in handy when you’re the guy that likes to stick with the terminal rather than using a GUI.
Dark Patterns are deceptive UX/UI interactions, designed to mislead or trick users to make them do something they don’t want to do. This term was coined in 2010 after the boom of ecommerce industries on the web. In order to generate more sales, get subscriptions, and hit target numbers in transactions etc., designers and business associates started creating deceiving user interfaces to manipulate users.
Source: Dark patterns in UX: how designers should be responsible for their actions, an article by Arushi Jaiswal.
I view at least half the written content I consume via my mobile phone, which belongs to the class of phones with a slightly smaller than average screen. In fact, it’s width as reported by the Firefox and Chrome viewport simulators is 375 pixels wide, small but not tiny. And yet many websites I visit hinder my mobile viewing experience because of a rather simple issue: horizontal scrolling.
Source: CSS: Avoid horizontal scrolling, an article by Ben Fiedler.
In a realm known as Kumandra, a re-imagined Earth inhabited by an ancient civilization, a warrior named Raya is determined to find the last dragon.
In the afternoon we watched Raya and the Last Dragon. I liked the movie and give it a 7 out of 10.
The Agile Manifesto turned 20 this year, and there are two facts that seem self-evident:
- Agile, as a label, won; nobody wants to be called non-Agile.
- Agile, as it is practiced, falls woefully short of the revolutionary ideas of its founders.
How did we get to this point? Everybody says they do Agile and yet almost nobody is Agile.
Source: Agile at 20: The Failed Rebellion, an article by Al Tenhundfeld.
In this post I'll talk about how I manage Firefox and mimick some of the behaviours/aesthetics I'd come to enjoy from using other browsers over the years.
Source: Managing Firefox on macOS with Nix, an article by Calum MacRae.
On the Italian Riviera, an unlikely but strong friendship grows between a human being and a sea monster disguised as a human.
In the afternoon we watched Luca. I liked the movie and give it an 8 out of 10.
If you’re building a new app today, it might be worth taking a closer look at making it cloud-native and using Kubernetes from the jump. The effort to set up Kubernetes is less than you think. Certainly, it’s less than the effort it would take to refactor your app later on to support containerization.
Source: Why you should build on Kubernetes from day one, an article by Max Horstmann.
New in Swift 5.5: Property wrappers can now be applied directly to function arguments, just like how they can be used to add additional functionality to a property or local variable.
Source: Attaching property wrappers to function arguments, an article by John Sundell.
Dependency Injection is a software design pattern in which an object receives other instances that it depends on. It’s a commonly used technique that allows reusing code, insert mocked data, and simplify testing. An example could be initializing a view with the network provider as a dependency.
Source: Dependency Injection in Swift using latest Swift features, an article by Antoine van der Lee.
With their warning about Lord Voldemort's return scoffed at, Harry and Dumbledore are targeted by the Wizard authorities as an authoritarian bureaucrat slowly seizes power at Hogwarts.
In the evening we watched Harry Potter and the Order of the Phoenix. I liked the movie a little less than the previous one so I give it a 7 out of 10.
namedtuple has been around since forever, and over time, its convenience saw it used far outside its originally intended purpose.
With dataclasses now covering part of those use cases, what should one use named tuples for?
In this article, we take a look at exactly that, with a few examples from real code.
The Zip file format is now 32 years old. You'd think being 32 years old the format would be well documented. Unfortunately it's not.
I have a feeling this is like many file formats. They aren't designed, rather the developer just makes it up as they go. If it gets popular other people want to read and/or write them. They either try to reverse engineer the format OR they ask for specs. Even if the developer writes specs they often forget all the assumptions their original program makes. Those are not written down and hence the spec is incomplete. Zip is such a format.
Source: Zip - How not to design a file format, an article by Gregg Tavares.
A collection of tips to help take your CSS skills pro.
Source: A collection of tips to help take your CSS skills pro.
Putting images on websites is incredibly simple, yes? Actually, yes, it is. You use
and link it to a valid source in the src attribute and you’re done. Except that there are (counts fingers) 927 things you could (and some you really should) do that often go overlooked.
Source: Images are hard, an article by Chris Coyier.
In this post, I’ll summarize what I’ve learned from an attempt to gain a deeper understanding of two important concepts in programming: Python’s generators and Scheme’s continuation. The aim is not to teach Python or Scheme programming. Rather, what I want to do is to demonstrate that generators are special cases of a much more powerful construct - continuations. Continuations allow programmers to invent new control structures, and it is the foundation upon which iterators, generators, coroutines, and many other useful constructs can be built. I have found it very useful to understand how generators work from the deeper and broader perspective of continuations.
Source: Beautiful ideas in programming: generators and continuations, an article by Hsin-Hao Yu.
This weekend I was talking with a friend about how I'd planned and estimated a huge software project in one of my previous jobs. By that I mean not something which can be done by a single team in a sprint or two, but something which requires several teams, across several quarters of effort, involving many other departments of non-engineering team members.
Source: Planning & estimating large-scale software projects, an article by Tom Russell.
A couple of weeks ago I wrote a short thread on Twitter about the undying argument Is this really bad UI, or is it just you who are averse to change? — I’m publishing these observations here simply because it will be easier to find them and reference them in the future.
Source: Habits, UI changes, and OS stagnation, an article by Riccardo Mori.
Docker is one of the tools that has simplified and eased the development of applications amongst teams. The application is being packaged in a container shipped and run giving the developers a better experience during development, testing, and deployment. This container is being created using a Docker image where all the application’s dependencies and runtime information are required to run it.
In recent years, developers have embraced this approach because they do not need to worry about installing all dependencies on their system. What is needed is just Docker on their computer.
This article will detail the steps to follow whenever we want to Dockerize our application with Node.js. With that, we mean to achieve the smooth development experience Docker provides. This article will not focus on explaining what Docker is but we will look at a few reasons why we would want to Dockerize our application.
Source: How JavaScript Works: dockerizing a Node.js application, an article by Victor Jonah.
Don’t. Worker pools are not a great fit for Rust due to its ownership model. Instead, embrace functional programming and immutable data. Rust provides simpler to use and more elegant tools: parallel Iterators and Streams.
Source: How to implement worker pools in Rust, an article by Sylvain Kerkour.
After the disappointment of my X1 Nano and learning that all future Intel “Evo”-branded laptops would lack S3 suspend, I started thinking about returning to my M1 MacBook full-time or building an OpenBSD desktop. I chose the latter, building my first desktop machine in many years.
Source: My Fanless OpenBSD Desktop, an article by Joshua Stein.
I publish Perl stories on this blog once a week, and it seems every time there’s at least one response on social media that amounts to, “I hate Perl because of its weird syntax.” Or, “It looks like line noise.” (Perl seems to have outlasted that one — when’s the last time you used an acoustic modem?) Or the quote attributed to Keith Bostic: “The only language that looks the same before and after RSA encryption.”
So let’s address, confront, and demystify this hate. What are these objectionable syntactical, noisy, possibly encrypted bits? And why does Perl have them?
Source: The four noisy horsemen of Perl hate, an article by Mark Gardner.
The best case depth for a search tree is O(logb n), if b is the arity (or branching) of the tree. Intuitively, we know that if we increase b, the depth goes down, but is that all there is to it? And if not, how do we chose the optimal branching b?
Source: Binary Trees are optimal… except when they’re not, an article by Steven Pigeon.
Many git tutorials focus on a set of commands and instructions to “get you up to speed” in git, without addressing the underlying concept of “how git works”. While the commands are important, I feel it’s more important for you to understand what’s going on behind the scenes.
Source: Fast Intro to Git Internals.
My last post on this topic caught some attention, so I’m going to continue exploring some of the systemd features that may be useful to people writing network services. Here are some more things about socket activation I didn’t cover in the previous post.
Firstly, it’s not something that needs a binding to a specific library to work (although systemd does make one available for this task). It uses conventions that already exist in Unix, and have done for a long time. The network sockets are presented as file descriptors, and some information about them as environment variables.
Source: systemd socket activation, an article by Michael Maclean.
On many Linux systems, systemd-journald runs as a daemon at boot and collects your logs. You can access them through journalctl but it turns out journald is a lot more complicated then just sending something to a text file. I’ll look at two main things here: What kind of information is included in a journald entry and how these entries get from programs to journald.
Source: Jumping into journald, an article by Artemis Tosini.
It's often said that the internet has democratized education: the sum of human knowledge is only a Google search away! And yet, having access to information is only half of the story; you also need to be able to convert raw information into usable skills.
Source: How To Learn Stuff Quickly, an article by Josh W Comeau.
Many people have contributed to developing and promoting the use of regular expressions since they were invented about half a century ago. Here's a short list of some of the most influential people behind the technology. I've written this up for two reasons:
- For people who've only gotten into the technology recently but are interested in some of the history and pioneers behind it.
- Since I fit the above description, I'm hoping readers will help fill me in on other people I've forgotten about or otherwise left out.
Source: Regex Legends: The People Behind the Magic, an article by Steven Levithan.
Most of the time you can get away with a fairly simple security posture on NixOS. Don't run services as root, separate each service into its own systemd units, don't run packages you don't trust the heritage of and most importantly don't give random people shell access with passwordless sudo.
Sometimes however, you have good reasons to want to lock everything down as much as humanly possible. This could happen when you want to create production servers for something security-critical such as a bastion host. In this post I'm going to show you a defense-in-depth model for making a NixOS server that is a bit more paranoid than usual, as well as explanations of all the moving parts.
Source: Paranoid NixOS Setup, an article by Christine Dodrill.
I’ve sometimes seen people asking about dependency management, hooks, tracking bugs and other sort of higher level (to me) things than git provides. You can see this if you look at stackoverflow questions about submodules. What’s wrong with submodules? Well, compared to what exactly? When I do a clone of a project and run yarn install, it gives me a list of CVEs that match. When I do a
bundle execit loads my project and has an opportunity (with a very high level of context) to tell me that I’ve forgotten to run migrations or run yarn update in a while. You don’t get this with git. Maybe these examples are too web-tech specific. But I’d like to suggest that this pattern will probably apply to Go, Rust and whatever else. Git is below your project and your project is trying to get better stuff done. So stop trying to solve your problem with Git and listen to how a few other communities do their thing.
Source: Git is Below Your Project, an article by Chris Dillon.
Recently, I ran into a situation where I needed a test database with lots of rows and needed it fast. So I did what any programmer would do: wrote a Python script to generate the DB. Unfortunately, it was slow. Really slow. So I did what any programmer would do: went down the rabbit hole of learning more about SQLite, Python, and eventually Rust… in my quest to get a 1B row database under a minute. This blog post is a summary of this fun and educational exercise.
Source: Inserting One Billion Rows in SQLite Under A Minute.
XML had a goal: terseness is of minimal importance. JSON seems to prove otherwise, some people think. But does JSON really demonstrate that terseness of markup is important, or does it even moreso demonstrate the terseness of declaration is important. I suggest one change that would give XML a lot more bang per buck.
Source: The Goals of XML at 25: and the one change that XML really now needs, an article by Rick Jelliffe.
This post discusses some options for accessing PostgreSQL databases from Go. I'll only be covering low-level packages that provide access to the underlying database; this post is not about ORMs, which were covered earlier in this blog.
Source: Accessing PostgreSQL databases in Go, an article by Eli Bendersky.
In the next few days those using M1 Macs will be updating to Big Sur 11.5, blissfully ignorant of how, as an admin user, their Mac could refuse to update. Because now, in addition to regular users, admin users and root, there’s another class of admin user: the Owner. Let me explain.
Source: Last Week on My Mac: The perils of M1 Ownership, an article by Howard Oakley.