Published
Weekend Reading — Epic meltdown
So I've been sick for most of last week. Hence this edition of Weekend Reading is short and late. Feeling better now, thank you for asking.
Also, traveling this week. So the next edition will also be short and late. Back to our normal schedule in the second half of January.
Design Objective
What to consider when creating pie charts When to use pie charts, when to avoid them, and how to make them easier to read.
Emergent Principles: A Rebel Leader’s Secret to Better Team Design Decisions TL;DR observing how users interact with software should inform its design, but more important, which design principles to prioritize:
Emergent principles go beyond divinely-inspired principles because they are rooted in the problems the team identifies from their research. They are unique to every project, even in large organizations.
Tools of the Trade
Timeline Animations Sketch Cool plugin for designing keyframe animations, and exporting to GIF/video.
I’m harvesting credit card numbers and passwords from your site. Here’s how. TL;DR all too easy to hijack dependencies and mask vulnerabilities:
There’s no shortage of smart, nasty people out there, and 400,000 npm packages. It seems to me that the odds are better than even that at least one of those packages has some malicious code in it, and that if it’s done well, you would never even know.
"zero config" is strange developer marketing. It's not what I want.
I would settle for: "has sensible defaults but also configurable without hiring a core team member"
What makes system thinking applicable in real-world problem solving, without overwhelming the practitioner, is the power of defining a system boundary.
Web-end
The State of JavaScript Frameworks, 2017 Mirror, mirror, on the wall, who's the most popular JavaScript framework of them all?
Chrome is turning into the new Internet Explorer 6 We've been through this once before, and it took the web years to recover:
Chrome, in other words, is being used in the same way that Internet Explorer 6 was back in the day — with web developers primarily optimizing for Chrome and tweaking for rivals later.
Architectural
Testing Microservices, the sane way Long and detailed write up on different ways to test microservices:
Of course, I’m papering over the nitty-gritty of security compliance, data integrity and so forth, but I genuinely believe that live traffic testing with good Observability into the impact of the tests being conducted is the way forward for testing microservices.
Sarah Mei Thread:
Is there a term for the human propensity to seek “silver bullet” solutions (or look for a savior) rather than improving what exists?
JBD 💯
The secret behind many great engineering organizations is how they answer this question.
"Are you rewarding people for building a whole bunch of complex stuff that no one can maintain or are you rewarding people for doing the simplest thing?" -- @lizthegrey
Brett Bim True story:
Engineer 1: Docker will really simplify things
Engineer 2: We'll need Kubernetes to simplify Docker.
Engineer 3: Helm really helps simplify Kubernetes
Engineer 4: Tigera does something with Kubernetes to make networking easier
Me: Pass the fucking Dewars.
Devoops
John Arundel For quick performance wins:
Start the day with a cock-up. 'DELETE FROM...' where you meant 'SELECT * FROM...'
On the plus side, the database is a lot faster now.
Locked Doors
Meltdown and Spectre Fun way to start the year. Meltdown affects pretty much every device you own with an Intel Inside. Spectre also affects devices that use AMD and ARM CPUs.
And while the attack itself is very low level, relying on speculative branch execution, and other silicon dark arts, the proof of concept is written in JavaScript and can run in any modern browser. Yikes.
Chrome and Firefox issued patches already, as are major OS vendors, so update early and update often.
Meltdown, Spectre: The password theft bugs at the heart of Intel CPUs TL;DR
CERT has downgraded its advice from "replace CPU" to "apply updates.
Reading privileged memory with a side-channel For a detailed (very technical) explanation of how Meltdown and Spectre work.
Triple Meltdown: How so many researchers found a 20-year-old chip flaw at the same time So four teams reported this new class of attacks to Intel, within a period of a few months. Chances others new about the vulnerability and exploited it?
Lillian Ablon, one of the RAND study's authors, sees the Spectre and Meltdown rediscoveries not as a broad sign that all bugs are found several times over, but that trends in computer security can suddenly focus many eyes on a single, narrow field
Ian Chan This may hurt your hosting bill:
The #Meltdown patch (presumably) being applied to the underlying AWS EC2 hypervisor on some of our production Kafka brokers [d2.xlarge]. Ranges from 5-20% relative CPU increase. Ooof.
Techtopia
Fred Turner on Utopias, Frontiers, and Brogrammers One of the most insightful reads about Silicon Valley, and how it's using technology to shape the future, blind to the real world:
Engineers try to do politics by changing infrastructure.
That’s what they do. They tweak infrastructure. It’s a little bit like an ancient Roman trying to shape public debate by reconfiguring the Forum. “We’ll have seven new entrances instead of six, and the debate will change.”
The engineering world doesn’t have a conception of how to intervene in debate that isn’t infrastructural.
None of the Above
The Sticky Truth about Modern Written Language What heiroglyphics, emoji, and stickers have in common.
Sassy Outwater Did not know:
So you know all those emoji and punctuation marks in your Twitter names get read aloud by screen readers, right? If it takes me longer to hear your Twitter name than to read your tweet? I scroll right on by. Please remember this when adding lots of emoji to things. Thanks.
foone Epic troll level:
Start the new year by finding a way to create a little joy, no matter how small or fleeting