Web Excursions 2021-10-09
20 Things I've Learned in My 20 Years as a Software Engineer by simplethread.com
The hardest part of software is building the right thing
Designing software is mostly a listening activity, and
we often have to be part software engineer, part psychic, and part anthropologist.
Investing in this design process, whether through dedicated UX team members or by simply educating yourself, will deliver enormous dividends.
The best code is no code, or code you don’t have to maintain
If you don’t have a good grasp of the universe of what’s possible, you can’t design a good system
Every system eventually sucks, get over it
Worry less about elegance and perfection;
instead strive for continuous improvement
and creating a livable system that your team enjoys working in and sustainably delivers value.
People don’t really want innovation
If you truly innovate, and change the way that people have to do things, expect mostly negative feedback.
If you believe in what you’re doing, and know it will really improve things, then brace yourself for a long battle.
Your data is the most important part of your system
Dealing with this data in the future can become a nightmare.
Just remember, your data will likely long outlive your codebase.
Spend energy keeping it orderly and clean, it’ll pay off well in the long run.
Look for technological sharks
Old technologies that have stuck around are sharks, not dinosaurs.
They solve problems so well that they have survived the rapid changes that occur constantly in the technology world.
Don’t mistake humility for ignorance
Never assume that just because someone isn’t throwing their opinions in your face that they don’t have anything to add.
Software engineers, like all humans, need to feel ownership
If you divorce someone from the output of their work, they will care less about their work.
How Safari 15 Checks a Secure Connection by eclecticlight.co
Safari uses machine learning to determine whether sites are likely to be part of a phishing attack,
a result which is reported in the log [in the form of]
0.697267 MLPhishing Safari SafariSharedUI Classified URL <private> as LikelyNotPhishing
macOS uses an open source derivative of OpenSSL named BoringSSL to handle its TLS connections.
[ In a strange case the author found himself in, ]
The certificate information provided by Safari on that Mac showed it was the intermediate certificate which had already expired, a day before the Root did.
However, as [the author] recorded, connecting to exactly same site using Safari 15 on Monterey beta resulted in success,
with the certificate information reporting the updated certificates, neither of which had expired.
As far as I can see, the only explanation
is that the Big Sur system obtained its intermediate and root certificate information locally,
from a cache or database which hadn’t been updated for the new certificates,
while the Monterey system obtained fresh certificate information which did reflect the changes.
Cloudflare Doesn’t Have to Cut Off Copyright-Infringing Websites, Judge Rules by arstechnica.com
Cloudflare was sued in November 2018
by Mon Cheri Bridals and Maggie Sottero Designs,
two wedding dress manufacturers and sellers
that alleged Cloudflare was guilty of contributory copyright infringement
because it didn't terminate services for websites that infringed on the dressmakers' copyrighted designs
The lawsuit said the Cloudflare terms say that
any violation of law justifies termination of service and that
"CloudFlare's policy is to investigate violations of these terms of service and terminate repeat infringers."
The plaintiffs sent Cloudflare thousands of takedown notices,
and often up to four notices about the same infringing sites,
but "Cloudflare has ignored these notices and takes no action after being notified of infringing content on its clients' websites.
[The Judge wasn't convinced, wrote in the decision that the] plaintiffs did not prove
that the faster website-load times enabled by Cloudflare "would be likely to lead to significantly more infringement."
Additionally, Cloudflare removing infringing material from its cache would not prevent users from seeing the copyrighted images. "
The plaintiffs also tried to prove contributory infringement by pointing to Cloudflare security services that detect suspicious traffic and prevent attacks on a website's host.
The judge dismissed this argument
Twitch’s Security Problems Started Long Before This Week’s Hack by theverge.com
The Verge has spoken to multiple sources who claim that
during their time at Twitch, the company valued speed and profit over the safety of its users and security of its data.
In August, hate raids
in which marginalized streamers were subjected to uncontrollable numbers of bots spamming hate speech
erupted across Twitch.
[There was a] unreported security problem occurred in 2017, according to the source, and opened up the platform to new risks.
Twitch uses a lot of third-party services that Amazon has traditionally avoided.
Twitch was on Slack before Amazon eventually adopted it,
has struggled to perform effective audits on the software and tools it has been using in the past.
The same source claims they were also being asked to “approve and review documents” months after they had left Twitch.
It’s Time to Stop Paying for a VPN by nytimes.com
The reality is that web security has improved so much in the last few years that VPN services,
which charge monthly subscription fees that cost as much Netflix,
offer superfluous protection for most people concerned about privacy
Many of the most popular VPN services are now also less trustworthy than in the past
because they have been bought by larger companies with shady track records.
For several years, I subscribed to a popular VPN service called Private Internet Access.
In 2019, I saw the news that the service had been acquired by Kape Technologies, a security firm in London.
Kape was previously named Crossrider,
a company that had been called out by researchers at Google and the University of California for developing malware.
In the last five years, Kape has also bought several other popular VPN services,
including CyberGhost VPN, Zenmate and, just last month, ExpressVPN in a $936 million deal.
This year, Kape additionally bought a group of VPN review sites that give top ratings to the VPN services it owns.
Explainer: caching – The Eclectic Light Company
In general, a buffer provides temporary storage, like a reservoir, which copes with transfers in which one or more steps are significantly slower than others.
A buffer is normally fairly simple to manage as a ‘first in, first out’ queue.
Caches are normally more complex, and don’t just act as simple reservoirs, but provide fast-access local storage which can save having to wait to access data over a slower connection.
macOS tends to hide its caches away to discourage users and software from tampering with them.
A peek in one of the more obvious locations
~/Library/Caches
will probably reveal several GB of cache files, many of which the client apps are blissfully unaware of.
Another favourite location for caches is in
/var/folders
,stored on the Data volume,
where opaquely named folders are full of mysterious files, amounting to another several GB of unknown data.