18 November 2017

Snyk has been around for a while but this fantastic new addition to GitHub brings dependency vulnerability monitoring to the masses.

Vulnerabilities that have CVE IDs (publicly disclosed vulnerabilities from the National Vulnerability Database) will be included in security alerts. However, not all vulnerabilities have CVE IDs—even many publicly disclosed vulnerabilities don’t have them. We’ll continue to get better at identifying vulnerabilities as our security data grows.

They “only” support JavaScript and Ruby at the moment — in addition to those two, Snyk also supports Java, Scala, Python, Go and Gradle — but Python support is said to be coming in 2018 and I’m sure they won’t stop there.

In which Dave DeLong addresses a whole host of misconceptions held about dates and time.

The TL;DR for programmers is:

You should always use the Date and Time Services provided by the ICU Project. If you’re an iOS/macOS developer, then you should always stick to NSCalendar and its cohorts, which are all built on top of the ICU libraries.

16 November 2017

Today’s recommendation is a fantastic little Sketch plugin by Andrew Fiorillo that’ll export your selected artboards and bundle them up in a PDF. It does it perfectly and, somewhat impressively, it does it in 116 LOCs including comments and whitespace thanks to Sketch’s undocumented MSPDFBookExporter class.

If you’ve ever tried doing this manually you’ll know just how much time a plugin like this can save.

15 November 2017
13 November 2017

In a blog post about new user protection features coming to Chrome in future versions, Ryan Schoen mentions this update scheduled for Chrome 65 which should prevent the target='_blank' vulnerability known as “tabnabbing”:

When the user interacts with content, things can also go wrong. One example that causes user frustration is when clicking a link opens the desired destination in a new tab, while the main window navigates to a different, unwanted page. Starting in Chrome 65 we’ll also detect this behavior, trigger an infobar, and prevent the main tab from being redirected. This allows the user to continue directly to their intended destination, while also preserving the context of the page they came from.

If you’re unfamiliar with tabnabbing, a non-malicious demo along with recommendations on how to prevent the attack can be found here; here’s a nice concise write up about the attack too.

10 November 2017

Terence Eden with a good rundown of the problems around standardising a country input type:

Let’s start with the big one. What is a country? This is about as contentious as it gets! It involves national identities, international politics, and hereditary relationships.

[…]

Some countries don’t recognise each other. Some believe that the other country is really part of their country. Some countries don’t exist.

[…]

Borders shift. Countries disappear, merge, split, change names, change flags, and do all manner of weird things which trip up your edge cases.

8 November 2017

’Tis the season! This morning brought with it the first dusting of snow. ⛄️

This is a good post if your workflow already revolves around tools designed to run in the terminal and you’re interested in using the iPad Pro as your main computer.

I’ve experimented with this sort of thing in the past, and whilst it’s not realistic for me to use an iPad as my day-to-day machine — I need Sketch, Xcode and decent dev tooling for a start — I can certainly see why others are drawn to the idea.

One of the cons mentioned is the monthly cost of a server. It’s worth remembering that you don’t have to rent a server to have this kind of setup; you can keep a box running at home and log into that instead. When I was playing around with this stuff I was just SSHing straight into the Hackintosh that is my daily driver.

7 November 2017

Hadn’t used Google Maps’ “Send directions to your phone” feature before. 2 clicks, 1 tap and I had the route on my phone and downloaded for offline use. Props to whoever designed that flow.

Testing micro-posts…

27 October 2017

‘The Dying Art of Disagreement’, an opinion piece by Bret Stephens in the New York Times is, as far as I’m concerned, required reading.

In it he examines how a disagreement between two people is handled in today’s society; how we’ve reached a point where in many cases two people of opposing beliefs are no longer having an actual conversation. At best one party will shout the other down whilst attributing political -isms or -phobias, at worst they’ll resort to violence.

More shockingly, a narrow majority of students — 51 percent — think it is “acceptable” for a student group to shout down a speaker with whom they disagree. An astonishing 20 percent also agree that it’s acceptable to use violence to prevent a speaker from speaking.

I’d be doing the piece a disservice by going on much longer. You should instead spend that time reading it for yourself. I’ll close with the following quote:

[T]to disagree well you must first understand well. You have to read deeply, listen carefully, watch closely. You need to grant your adversary moral respect; give him the intellectual benefit of doubt; have sympathy for his motives and participate empathically with his line of reasoning. And you need to allow for the possibility that you might yet be persuaded of what he has to say.

26 August 2017

I always enjoy these sorts of posts: A developer starts with a specific goal in mind and an idea of how it might be accomplished. They proceed to run into a problem and rather than glossing over it, they document their debugging → understanding → fixing process. In this post the goal is to implement a binary tree data structure in Rust.

I particularly liked the optimisation section at the end. In my experience, it’s not uncommon for the first implementation that compiles and runs as expected to be fairly verbose. From there, optimising for usability and readability can be done fairly quickly though.

25 August 2017

U2F devices have been on my radar for a while; I’ve yet to take the time to investigate them properly though. This collection of to-the-point overviews of the most popular devices provides a nice jumping-in point.

15 August 2017
13 August 2017

Baked commenting dev log n°1

After posting some initial thoughts about baked commenting yesterday, I spent some time making sure the data structure would work. After that, I started on development.

Status

I’m at a point where a comment can be POSTed from the version of this site I have running locally. That comment will then be parsed into JSON by the server, all of the expected metadata will be added to it, and it will be written to the site’s data folder.

Continue Reading →

12 August 2017

Initial thoughts on baked commenting

A few posts ago I mentioned that I’ve been thinking about how commenting and static sites currently fit together.

There are already commenting services that can be used on static sites — services like Disqus and Muut — but I’ve yet to come across one that doesn’t require a large JavaScript file to not just work well but work at all. I want a system that won’t cripple performance. One were you load a page and the comments are already there, baked into the HTML.

I haven’t written any code yet, but I jotted down some thoughts on how this might work a couple of nights ago. What follows is an expanded version of those notes.

Continue Reading →

11 August 2017

Dave Winer:

Programming still kicks my ass after doing it for over 40 years. I still learn new stuff, reach new heights, and know much less than I thought I did, all the time. It requires incredible concentration and memory and creativity to think of ways to do things that you can kind of describe in words but have no experience making work with ones and zeros.

It’s been many months since I last heard another programmer admit that we’re all just figuring this stuff out as we go along. I always appreciate it being said though, all the more so in this case due to Dave’s accomplishments over the years.

Whether everything’s rosy or I’m struggling to figure something out, it’s always reassuring to know that I’m on the right roller coaster.

7 August 2017

So your NGINX’s http to https redirect isn’t working?

Whilst configuring the Linode box running this site’s new setup, I eventually abandoned a bug in my NGINX config that was proving problematic.

The issue was this: Though port 80 had the following settings in its server block, the Observatory’s tests were telling me that http traffic wasn’t being redirected to https.

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name elliotekj.com www.elliotekj.com;
    return 301 https://$host$request_uri;
}

This evening I revisited said bug with fresh eyes and, as happens so often in software development, quickly saw the mistake I had made: I had placed the SSL configuration options outside of the server block for port 443.

Simply moving ssl on and company into the correct server block — the one for port 443 — turned the http to https redirect test green.

3 August 2017

Google Drive and Hugo: The new publishing setup for this blog

Back in April I wrote a post about moving this site from Jekyll to WordPress. The move was prompted by Jekyll’s poor compilation performance and the restrictions a git-centric workflow imposes on a blog (namely: editing on the go).

Ultimately unsatisfied with WordPress, I’ve changed how this site is pieced together again. This time ’round opting for a setup I’d had in the back of my mind for a while but had never experimented with. Before we get into the good stuff though, let’s get the basics out of the way.

Continue Reading →