-
I didn’t post this because I agree. It’s very relevant to software engineering. We should understand and be aware of culture, expectations, other opinions on how to get stuff done, what to be cautious of, etc. It’s also important to understand that this does not represent views of the entire community. Would like to see thoughts both from people who agree and those who disagree with this mindset, and why.
-
-
An American Sickness: How Healthcare Became Big Business and How You Can Take It Back. I’m only 3 chapters in but it’s very insightful if you want to understand the mess that is American Healthcare and how we got here. A bit depressing + infuriating but strongly recommend.
-
Made it to page 3 and bailed.
-
itamarst
1 year ago
|
link
| on:
sslsecure.vim - Highlight insecure SSL/TLS cipher suites and protocols as errors in your editor
The fact this is plausibly useful is a sad comment on the state of software engineering.
-
-
Distributions of major server software would come with good configurations out of the box, alleviating every developer from being responsible for configuring things.
https://caddyserver.com/ is a great example of this; you configure it to do what your app needs, all the TLS defaults are well curated.
-
While I agree that a “reasonably secure default” should be standard, mostly you have to find a trade-off between security and compatibility. If you need support for IE8, there’s no way around SHA. If you want to support Windows XP or Android 2, there’s no hope at all. If you want it more secure (as of today) you fence out most Androids (but 4.x), Javas, IEs, Mobile Phones, non-up-to-date browsers. Unfortunately, there is no one size fits all.
-
On the other hand, compatibility with older software is very easy to figure out (people see an error message), whereas insecure configuration appears to work perfectly fine. I also believe developers are more likely to know that they need to support some obsolete software (modern web development doesn’t “just work” on IE8 or Android 2) than about the newest TLS configuration options.
-
I think if you want that, we ought to have APIs that express things in terms of goals, instead of implementation details:
ssl_ciphers +modern +ie8maybe. Then it’s clear what needs to be changed to drop a platform, instead of it being a guessing game. -
-
-
-
-
-
I agree with this post, and yet Slack remains the path of least resistance. I finally broke down and created one for my main open source project. Since creating it a few weeks ago contributors have started trickling in and a community is slowly forming.
We can still export chat logs via bots and create the desired permalinks to discussions. Clojurians slack does this, although I’m not sure what the tool is that they use.
-
Posted on 4/1. Not sure if I should take it seriously.
-
-
I signed up to see what it’s like, and I’m greeted with a dialogue that, in order to post, has a button labelled “Toot!”
I can’t shake the feeling that this is could be really, really weird.
-
The explanation I was given is that birds tweet, while mastodons toot (like elephants, and other proboscideans). Apparently “trumpet” was also considered as the verb, but dismissed as unwieldy and possibly too grandiose.
I do note that the contemporary canonical reference on animal onomatopoeia agrees that “the elephant goes toot”.
-
-
Toot is fine you bikeshedders :V
-
-
-
-
Radical idea not mentioned: build a client using something other than a web browser runtime?
-
My exact thought.
I think web has become so ubiquitous that many FE engineers wouldn’t even consider writing a GUI in anything other than html/js/css. The popularity of tools, frameworks, conventions, experience, docs, community, etc all built around web far outweigh native as far as I can tell. On the other hand, projects like React Native help to bridge this gap, so I’m not sure what the reasoning is.
-
Some is just ease of cross platform support I think. If they were writing for one platform it’s not clear they’d pick the web stack just for its tools/community. But Slack supports six client platforms: Windows, Linux, Mac, Android, iOS, and webapp. The solutions for that are either to write six different native apps, or use web tech, more or less. There’s also, conceptually, the category of cross-platform GUI toolkits that compile to code native for each platform, but those projects seem to be far from healthy these days (Tk? wxWindows?) and I don’t believe any has been extended to support all six of those platforms.
-
-
-
-
I wonder if Jenkins will ever escape its legacy of being slow, monolithic, heavy, old school CI. This feels like a step in the right direction, but possibly just lipstick on pig. Today we have quite a few modern alternatives (both oss and saas) that have been well-designed (both from a systems design and UX perspective) from the ground up without all the baggage. A few that come to mind: Drone, Travis, GitLab CI, CircleCI, Concourse, Shippable.
-
It already did. Setting up Jenkins using a Jenkinsfile and the pipeline plugin quickly done and is a nice tradeoff between having an easy to get started with setup with a lot of options in the long run.
There’s no CI server that handles inter-project dependencies and long build pipelines as good as Jenkins.
-
I don’t agree. We’ve been using Jenkins 2.x for the last ~11 months and it’s been a nightmare. Jenkinsfile is a bug-ridden incomplete implementation of the Groovy language that errors on valid code constantly. This is consistent with its legacy and reputation.
Good point on inter-project deps; not something I need very often so I don’t get to take advantage of it.
-
-
-
-
No
-
- TLSing all the things at work.
- Checking out Drone.io 0.5 (not yet released) as an alternative to Jenkins. I think it’s time everyone stopped using Jenkins. What a horrible piece of software.
- Playing with Kubernetes 1.3 PetSets and Init Containers: awesome!
- Working on a 1.0 release of Yetibot, my Clojure chat bot.
- Training for a 50 mile, Labor day weekend mountain bike race in South Dakota.
-
The fact that there’s a flag called “force” tells me that is probably not a recommended work flow. In the context of distributed applications, i don’t think rewriting the history of a shared object is desirable.
-
It’s really useful in situations where you push a commit and then the tests fail, or you notice a typo, and you don’t want to litter the commit history. When you’re trying to figure out why someone did something it’s much more useful to review one commit that’s a larger change than seven small commits, most of which have poor commit messages (“WIP fix test”, “Fix test”, “Typo”, “Initial work on the controller” &c).
-
seven small commits, most of which have poor commit messages (“WIP fix test”, “Fix test”, “Typo”, “Initial work on the controller” &c)
Ideally the committer would cherry-pick or otherwise replay/rewrite these commits into a new “this is really it” branch and pull requests that instead. I know that isn’t always the case however and if it is a world wide public repo you could get a really terrible pull request :)
-
-
-
-
Sure, once it’s pushed, it’s public. But that doesn’t mean anyone is basing their commits off it. It’s a process thing. Also, if you pushed to a private fork that no one has access to, then you’re guaranteed to be able to safely force push.
--force-with-leasemakes any force push safer in all of these cases.Lots of options to build a team’s process around.
-
-
-
-
Seems a bit excessive to always force push IMO, even with
--force-with-lease. Or did they mean that they always used--force-with-leaseonly when they otherwise would force push? -
-
+1
Rebasing a feature branch on latest master is a common way to keep your branch up-to-date and your history linear. It avoids one or many merges from master into your branch and the eventual merge of that mess back into master. I’ve done this for years.
But when you benevolently “rewrite history” like this, you must use –force to push your branch (such as when you’re ready to open a pull request). I’ve always use
git push -fto push my feature branch quite sure that I’m not overwriting anything because I’m the only one working on it. But there’s no guarantee. I’ll start using –force-with-lease, just to be sure. -
-
Billings, MT
-
Realised my cycling events this year aren’t as far away as I thought they were, and thus have ordered a few upgraded parts for the bike to get used to them ahead of time. This week will be split between getting back into a training regime and fettling the various upgrades onto the bike as they arrive. (Very interested to see what difference shortening my cranks 2.5mm makes.)
Also just ordered a Raspberry Pi 3, as not having to mess with wifi dongles is a major bonus, and it has Bluetooth LE. First project to be a “how many people in the house right now” API I think.
-
Also just ordered a Raspberry Pi 3, as not having to mess with wifi dongles is a major bonus, and it has Bluetooth LE
Have you checked out http://getchip.com/? They don’t ship until June 2016, but for $9 it’s pretty amazing. I ordered 5 last November.
-
-
-
-
The impact of crank length on power is surprisingly complex [pdf]!
-
-
-
-
Investigating CI/CD tools: HashiCorp Atlas, Scalr, Spinnaker, Jenkins, StackStorm.
-
This is the nature of cloud computing. If you can’t handle downtime you need multiple machines behind a load balancer. If you can’t handle data loss you need backups or data redundancy or both.
It’s not a question of “if” your server will disappear; it’s “when”.
-
Yes, Azure won’t give you an uptime guarantee of any kind unless you have at least two instances.
-
-
To be fair, every line of code you wrote was probably a bad idea in one way or another.
This looks great! What about a feature where you can import your data from LinkedIn? I like keeping my LinkedIn as the “source of truth” for all my work history, skills, projects, etc, then using it to generate a resume. Open to thinking differently about this.
Hey! Thanks for the feedback. Yes, I’m thinking of implementing this particular feature but for that I needed to setup a server for the same. Right now, it is hosted on GitHub Pages.