The four indicators of a healthy Ruby On Rails project

Software consultants often need to evaluate existing projects. Błażej Kosmowski writes a thoughtful post on four things he focuses on: Outside-In TDD, use of design patterns, a balance between DRYness and readability and automation (around code quality). I like all of those and would add a few more around project deployment, like automation of deployment, staging to production promotion of code, etc.

The Disciplines of Web Design

Joshua Ogle writes a good introduction of what the different disciplines of web design are (visual design, user interface, user experience) and how to interact with each other. I found it very informative. I usually focus on backend programming, but work with designers and their concepts often.

Instrumentation: The First Four Things You Measure

In the context of computer programming, instrumentation refers to an ability to monitor or measure the level of a product’s performance

Wikipedia

Instrumentation provides insight into what exactly is happening to your running code. Antoine Grondin lays out what are the basics of what to measure, to be able to quickly understand the situation in times of trouble. From experience, I can say that just modest investments in instrumentation provide great value.

Learn Graphviz and Up Your Diagramming Game

I’ve bumped with Graphviz in the past only indirectly. After reading this article, I will definitely keep it in mind when needing to create diagrams in the future. I like the idea of specifying the relationships in a diagram in text – and manage it with source control – and then generating a graph from it.

Microservices? Please, Don’t

Sean Kelly explores why some of the often-repeated arguments for microservices. Certainly, some of the benefits of microservices can be achieved without needing to separate them into different web applications, which in itself can brings complications in deployment, coordination and increased network interaction.

RbNaCL: The Ruby Cryptography Library

This repository is a great idea: Provide a cryptographic library that makes it easy and straightforward to use high-level cryptography correctly, and avoid the many pitfalls of trying to assemble a secure system from cryptographic primitives. The APIs are designed to provide abstractions like public-key / secret-key encryption, digital signatures, etc.

Most programming languages provide some flexibility on what they consider valid syntax. Take a boring piece of code:

I previously wrote about changing my certificate authority to Let’s Encrypt. About the only downside I found about using it with my hosting service, Nearly Free Speach, is the need to manually renew every 3 months. Today, I went through the process and found it to be relatively simple.

Open-Sourcing Yelp’s Data Pipeline

The Yelp Engineering team has been posting regularly about they structure data consumption between different teams. The backbone of their system is Apache Kafka, but they have created a lot of tooling around it. In this announcement, they have open sourced (Apache License 2.0) many of these tools. MySQL Streamer pipes data from MySQL to Kafka. Schematizer stores and tracks the various data schemas used throughout their pipeline. There is a lot to learn in this projects and the blog itself, which provides an overview of how they approach dealing with data.

Offshoring roulette: lessons from outsourcing to India, China and the Philippines

Troy Hunt writes a lengthy post about his experience offshoring development work to teams in India, China and the Philippines. He goes through the motivation for offshoring in the first place, the challanges and rewards, and the differences he encountered in different countries. His conclusion:

if you’re looking at hourly rate as a metric for outsourcing success, you’re doing it very, very wrong!

NIST’s new password rules – what you need to know

The United States National Institute for Standards and Technology has come up with new guidelines for password policies. If you are wondering which password rules to follow in your product, these are a great baseline. Note that the NIST policies contradict the FBI’s. While you are at it, consider if you actually need to store a password at all. Medium, for example, emails you a link to log in. Because of “forgot your password” functionality in most sites, access to your email is essentially equal to access to the site. Medium just made it explicit and removed the need for them to store users passwords. Those passwords are probably re-used elsewhere. If you don’t store them, you can’t loose them. Right?