Security Bsides badge
🌳 🌸
😂
Launched a tiny side project today
Don't be afraid of hosting your own database. Managed DB services want you to think is too hard. For a lot of apps it's easy to get it right.
Notepad HTML Assistant Pro BBEdit Dreamweaver Textmate Sublime Text Vim Atom Visual Studio Code PyCharm, GoLand
Most apps/organizations are not secure, they are just “not targeted by a sufficiently motivated/skilled attacker”
htmx enables me to undo the frontend/backend split that react-like apps sold us as a positive feature of that architecture.
In my experience that split translated to more time/cost with very little benefit. You will still need to build a bespoke API endpoint for every screen if you care about perf. The split requires more coordination and lockstep motion.
I’ve looked into many of the most showcased/popular react/next.js apps out there and a lot of what they do is fetch some JSON and generate some static/non-interactive DOM. Yet they pay the full price of a client side framework and related tooling.
These apps will be redically simplified if they shipped HTML directly from the server and swapped just parts of the UI as needed.
Do you really need all that client code to do that?
Really enjoying PyCharm. Once I learned 5 o 6 keyboard shortcuts I feel much more productive than using VSCode.
shift shift - search ⌘ shift a - actions ⌘ e - recent files ⌘ b - go to def ⌘ [ - back ctrl g - select another alt ⬆️ - select containing scope
favorite desk
I’m almost convinced that adding dependencies into source control is the better way of doing things
TIL that if you add .atom to a GitHub releases page it will return a RSS/Atom feed that you can follow with your reader and get notified of new releases
For example: https://github.com/benbjohnson/litestream/releases.atom
Start learning Web custom element API TODAY, it’s a great investment.
I use them to attach interactive behavior to existing DOM nodes. Starting to build a collection of very portable and reusable “components” that are very unlikely to stop working whenever a framework author feels like it
Thinking about how to implement web mentions in Beluga.
We would need a server to receive mentions on behalf of Beluga users and then deliver them when they are back online. Something like https://webmention.io
I need a good tutorial for git-send-email
The next version of HTML should look at htmx for inspiration. We need access to all HTTP verbs from and a way to replace just part of the page.
To me this sounds like hexagonal / ports and adapters architecture with a better name and a 100x better diagram.
https://medium.com/@remast/the-ddd-hamburger-for-go-61dba99c4aaf
Super Grover fixes the computer https://youtube.com/watch?v=ypP4zlpZUhI
This is where is at https://frontendmasters.com/blog/light-dom-only/
My main browser is Safari, I use Brave for video conferencing with Google Meet and Firefox for web development.
Notes #12 https://gcollazo.com/notes-12/
Just published Beluga 🐳 version 2023.3 to the AppStore. This is a small update that fixes a few issues with the generated web site.
I can’t find a logging solution that works for me.
Requirements:
- Capture logs from multiple hosts
- Docker logs
- Host /var/logs files
- Generate basic metrics from logs
- Generate alerts from metrics
- Easy to deploy on a single host
Why YAML? Can we use something else? Please 🙏
This is great. Interactive guide to CSS Grid https://www.joshwcomeau.com/css/interactive-guide-to-grid/
Taking HTML+CSS seriously and investing the time to really learn them will give you an unfair advantage over most web engineers
Great web #a11y tip https://gomakethings.com/dont-disable-buttons/
Notes #11 https://gcollazo.com/notes-11/
Development tools like code formatters, linters and similar must not clutter or interfere with my projects’s dependencies. These tools should be distributed as single-file binaries.
Python needs ONE solution for linting, code formatting, package management. Right now its just a mess.
Picking a technology to learn so you can get a job is NOT a technical decision. Just pick the technology with the most job listings, end of story. 🤓
Web technologies have been moving faster for a while now but people have not noticed it. A lot of the web toolkit is becoming unnecessary.
For example CSS has variables, nested selectors and functions like calc, max and repeat all built-in.
Use the platform.
I would never do such a thing 🥸 https://benjamincongdon.me/blog/2023/10/29/Avoid-Load-bearing-Shell-Scripts/
😏
Closing shop for the day ✌️
Weeknotes #10 https://gcollazo.com/weeknotes-10/
Weeknotes #9 https://gcollazo.com/weeknotes-9/
Weeknotes #8 https://gcollazo.com/weeknotes-8/
🤡
Weeknotes #7 https://gcollazo.com/weeknotes-7/
“The future is already here — it's just not very evenly distributed.”
- William Gibson
🥸
Weeknotes #6 https://gcollazo.com/weeknotes-6/
Mac SE Easter Egg https://trmm.net/Mac-SE_Easter_Egg/
Weeknotes #5 https://gcollazo.com/weeknotes-5
Bug bounty programs have emerged as a crucial cybersecurity measure, allowing organizations to harness the skills of the security community in identifying and resolving vulnerabilities before malicious actors can exploit them. https://gcollazo.com/running-a-bug-bounty-program-without-spending-a-fortune/
Unpopular opinion: Many (most?) web apps could run on a single cheap VM, but a lot of developers are convinced that anything that's not pressing the TAB key to Copilot suggestions is too hard and not worth it.
Weeknotes #4 https://gcollazo.com/weeknotes-4/
If your SPA is just taking JSON and adding some HTML to display on the browser and you don’t have a highly interactive and stateful UI you are wasting your complexity budget
Weeknotes #3 https://gcollazo.com/weeknotes-3/
🥸
Sao Paulo: The City With No Outdoor Advertisements https://www.amusingplanet.com/2013/07/sao-paulo-city-with-no-outdoor.html
I’m trying to post more regularly so I stole this weeknotes idea from Simon Willison’s Weblog. The plan is to share articles, videos, books and things I learn. Here’s the first one.
Unpopular opinion: AWS CloudWatch Logs is better than most other logs and metrics solutions out there
Sobran las ideas y las buenas intenciones, lo que hace falta es ejecución efectiva, rendición de cuentas y consecuencias cuando se falle.
Aquí cualquier pelagatos dirige una agencia y nadie le exige nada más que visitar a Rubén Sánchez de vez en cuando y no parecer subnormal.
El problema no es falta de imaginación ni maldad (en muchos casos), el problema es incompetencia.
«Nunca atribuyas a la maldad lo que se explica adecuadamente por la estupidez»
🤓The browser tab was a great invention
🔥
No lies detected
How much of winning a war is just logistics?
TIL where Debian code names come from: "So far they have been characters taken from the Toy Story movies by Pixar"
🖤
https://www.debian.org/doc/manuals/debian-faq/ftparchives#sourceforcodenames
Not understanding the difference between logging, metrics and traces allows me to do all using structured logs and search. It works!
Self-hosting PostgreSQL is possible
TIL that @digitalocean Spaces have support for lifecycle configuration. So my backups bucket now takes care of purging old stuff
https://www.howtogeek.com/devops/how-to-set-an-expiration-policy-on-digitalocean-spaces-buckets/
Boring tech is my favorite tech
😎
Writing Python like it's Rust https://kobzol.github.io/rust/python/2023/05/20/writing-python-like-its-rust.html
Favorite Tiny Desk Concerts https://gcollazo.com/favorite-tiny-desk-concerts/
Django's internationalization and localization features are great but if you add Poedit to your workflow it's hard not to justify having multi-language support in your apps.
¡Buenos días!
Django class-based views are harder to use than function-based views. With CBVs, one must constantly reference the docs to understand the order of method calls, their args, and return types. On the other hand, FBVs get a req and return a res, plain and simple.
Another incredible product https://teenage.engineering/products/tp-7
🏝️ 😎 🏝️
All HTMX does, is make the browser better at hypermedia by giving us more options regarding what can trigger an HTTP request and allowing us to update a part of the page rather than a full page reload.
You don’t need serverless functions at the edge
Just write a state machine and call it a day
Inside the secret list of websites that make AI like ChatGPT sound smart https://www.washingtonpost.com/technology/interactive/2023/ai-chatbot-learning/
yup
web dev can be very simple and very powerful
🏴☠️ Not paying a ransom in a doble extorsion scheme is not always the best option.
If we want the Web to stay relevant we must put huge emphasis on accessibility, usability and design.
YES superficial artsy-fartsy design too. How things look and feel is part of the experience and the Web must be as good or better than proprietary platforms like Android and iOS
Some times the solution is to create a private CA 😶🔫
Running servers with quality software isn’t as scary as someone wants you to think. https://sizovs.net/boring/
Git Worktree: Enhance your Git Workflow https://www.dylanpaulus.com/posts/git-worktree
Multiple sources of truthiness™
For the past few months, I've mostly been coding by myself. One thing that has helped a lot is that I stopped using GitHub issues and instead create TODO/FIXME comments in the code.
I use a VSCODE extension called Todo Tree to index the comments. For Xcode projects, I found a tiny script that finds the comments and creates a warning when the build runs.
👀
If you owned the hardware your software is running on you would never consider serverless functions as the architecture
🏴☠️
TIL: Go (like JavaScript) does automatic semicolon insertion
It’s Alive!!!
Selling MVP quality software is 100x easier than selling highly polished software that only exists on a slide deck. Sadly, if you want to sell a product, you have to build it. You could also fake it but IMHO it’s almost always waste of time.
Just updated my "uses" page https://gcollazo.com/uses/
True story
Public service, if your Apple TV remote stops controlling the TV volume just restart the remote. YES the remote https://support.apple.com/en-us/HT203777
Carnaval
I like vim for simple and quick file editing but prefer vscode for web dev.
I get people that have a vim/neovim setup that has evolved over years to fit their needs. I envy experienced vim users and how fast they move.
I don’t get people just getting started with vim trying to recreate vscode by installing lots of plugins and spending a lot of time configuring stuff. Most of this people would be better served by enabling vim mode on a more preconfigured editor.
Agree. At this point in my career focusing on a single thing feels too limiting and boring TBH https://world.hey.com/dhh/inspiration-is-perishable-f2c8652e
True Story
“ChatGPT Is a Blurry JPEG of the Web” https://kottke.org/23/02/ted-chiang-chatgpt-is-a-blurry-jpeg-of-the-web
Si estás haciendo software para un negocio que su idioma principal no es Inglés, está bien (y recomiendo) usar los nombres que usa el negocio en el idioma que sea #unpopularopinion
✉️ Email signstures. Please stop! 🛑
Having Touch ID on the external keyboard is a tiny quality of life improvement that I really enjoy
After years of building SPAs, getting back to the web framework approach to making web apps feels like cheating https://www.reddit.com/r/django/comments/10vl4eq/django_is_truly_amazing/
🌮 Monday? 🍺
Trolls World Tour is crazy!
📸 🌙
Been writing quite a lot of Python 🐍 lately. Like it!
People using React actually look at Facebook and see excellent front end development?
Trying to use the built-in terminal in iOS instead of iTerm 😵💫 https://support.apple.com/guide/terminal/keyboard-shortcuts-trmlshtcts/mac
Lambda Cold Starts analysis. Visualize 10 Cold Starts for each runtime, updated daily https://maxday.github.io/lambda-perf/
Rockets
Everytime I have to setup git on a new machine theres a new login method 😵💫
Good security engineering has little to do with compliance ✨
Hey YouTubers please remove the mic from the frame or even better use a lavalier 🧘♂️
New website for my consulting business https://blimp.io
The React ecosystem is great if what you sell is online courses and YouTube video views
Switched to using Firefox full time and the experience has been great. Some sites perform better than with Safari for Mac.
Don’t want to write boilerplate? Use a framework. Don’t want to use a framework? Write boilerplate. 👻
Great artists need to know a thing or two about marketing their work
Usar ChatGPT para generar los talking points de los fotutos
Llevar a tres niños a la escuela todos los dias y a tiempo es una batalla 😥
Just realized that I can add Beluga 🐳 support to a lot of shared hosting providers by creating a simple PHP script to list, updaload and delete files. The script must also authenticate the user and restrict files operations to the correct folder. IT’S DOABLE!
😬
☠️ OUCH! “malicious individual who knew a target node’s database ID could generate and accept a sharing invite for that node without being an admin of the target node’s tailnet” https://tailscale.com/security-bulletins/#ts-2023-001/
Great post. I need to read it again https://rauljordan.com/rust-concepts-i-wish-i-learned-earlier/
Bought a new laptop
This is an insane AWS bill https://twitter.com/dhh/status/1613508201953038337?s=46&t=GridpnLMsET-8z8vK0LCeA
🌳
🤔 In software going wide (superficial features) is better for sales than going deep (complex domain specific features). Good software is a mix of both, great software finds the perfect balance.
My touchbar now flashes 📸 a bright white light for a few minutes every time I wake up my laptop
Our art gallery
Password notebooks are a good idea for most non-technical users. There’s only a few tuings to have in mind to stay secure. The notebook never leaves the house, keep it in a safe place and use a different passphrase for every app or site.
https://twitter.com/troyhunt/status/1612538664533504000?s=46&t=Ae3PfrSxGpdSnb6P2-hNaw
I’ve been doing some Django web app development these days and I have to say it again. Django is great! 🔥
I missed Django for Web development. It’s really good.
Wireframes are my favorite kind of spec for MVP software 👨💻
The Rivian R1S looks like the Simpsons' Canyonero 🚗
Some folks have asked how will Beluga 🐳 handle a user with thousands of posts.
The short answer is that the beluga.json feed can be trucated after a fixed number of posts. The JSON Feed spec includes a next_url field to handle pagination. I will implement this on the app very soon.
This week I will release a new version of Beluga fixing some of the reported issues with Backblaze
✈️ Going home ☀️
🐧
Boston
❄️ Posting from my vacation just to test the experience with horrible connectivity ⛄️
First post from the cloud ✈️
Make th web weird agan https://localghost.dev/blog/building-a-website-like-it-s-1999-in-2022/
Getting ready ⛄️ ❄️ for the family winter vacation
This is good https://dynomight.net/arguments/
The feedback from yesterday’s launch was great thank you all 🐳
My response to the large feed problem https://lobste.rs/s/hvvf7a/free_twitter_like_app_for_ios_uses_s3#c_12m3f0
Currently on the #1 spot on Lobsters https://lobste.rs/s/hvvf7a/free_twitter_like_app_for_ios_uses_s3
Beluga 🐳 got to the #12 spot on Product Hunt
Just published the website https://beluga.social
Beluga 🐳 will launch tomorrow on Product Hunt
I think I might be able to add partial Mastodon 🐘 support to Beluga 🐳
“code isn’t really written so much as beaten it into shape and then refactored” https://pboyd.io/posts/cargo-cult-of-good-code/
🇦🇷
🔥 Very productive day. Designed a website before lunch, worked on some documents for Beluga 🐳 and debugged an issue on an old web app ✨
Development of the Beluga 🐳 website is getting started. Looks like I’m launching the app at some point next week.
GitHub broke the back button
Today I spent all day working on the web site design of https://beluga.social
Anoche recibí este intento de phishing via SMS diseñado para clientes de FirstBank
🥳
Now we wait
Beluga usa el formato JSONFeed para maximizar su compatibilidad. Muchos lectores RSS pueden leer este formato.
En el update de hoy de Beluga arreglé algunos issues en el website generado y también resolvi un problema con los link previews que hacia que aparecieran en el feed (beluga.json)
🎄🎄🎄
Reading text from a web page in Swift is possible but not that obvious
Lo mejor de este break del trabajo que estoy tomando es que apenas recibo emails 🥳
iOS tiene una cantidad gigante de APIs que funcionan excepcionalmente bien
Hello, World!