Ylan Segal

The REPL: Issue 32 - March 2017

Use the Unofficial Bash Strict Mode (Unless You Looove Debugging)

Bash is ubiquitous. Even Windows runs it now. Often, it’s the minimum common denominator you can expect a computer to have, without needing to install extra dependencies, which is why I often find myself writing bash scripts. In this article, Aaron Maxwell explains how to set a few options that will make it easier to avoid bash’s many pitfalls.

Validation, Database Constraint, or Both?

Derek Prior brings a well-articulated argument of when to use Rails validations and when to rely on database constraints. His advice is solid, for Rails, which doesn’t handle constraint violation in the database well. After reading this article, I found out that Ecto – an Elixir database wrapper – does handle database constraints and makes them errors to the rest of the application. I wish Rails had that!

So you want to be a wizard

Julia Evans made available a transcription of a keynote talk she gave recently. I really liked how show approached learning and breaking down big problems into manageable pieces. At some level, what she proposes is basic curiosity, without getting hung-up on your current level of understanding. Do you need to debug tcp networking in Linux, but don’t know about it? Read some books on it. Is that not enough? Open up the source code and read that. Inspiring, yet refreshing. We can all learn anything, as long as we do it methodically and with dedication.

I Also Built a CLI Application in Crystal

Recently, I’ve read about porting a Ruby application or writing a command-line application to Crystal. As it happens, I had started doing the same thing myself a while ago and recently finished it. My motivation was intellectual curiosity. Learning a new language is useful in itself, but I have also found that it learning paradigms in a new language influences how we use other languages as well.

Crystal is inspired by Ruby. Much of it’s syntax is the same. Much of the standard library is very similar. It also has it’s differences. Mainly it’s type system and the fact that it’s compiled, as opposed to interpreted.

I decided to write a port of franklin, a toy project of mine. I wrote about it before. It’s on Github. All the code for the port to crystal is also on Github.

The REPL: Issue 31 - Februrary 2017

Online migrations at scale

Performing database migrations – changes in the underlying schema – is a necessity for many web systems, usually because they don’t want to disrupt customer traffic. This post described how they solve this at Stripe. In my team, we follow a similar approach, but instead of dual-writing, we solve the problem by dual-reading. In any case, I commend Strip and other companies like it for detailing their successes in articles like these. The whole software engineering community gains.

The Security Impact of HTTPS Interception

In this fascinating article, researches from academics and industry detail how they went about measuring the use HTTPS interception products and it’s impact on security. HTTPS interception is usually deployed by IT systems so that they can decrypt HTTPS traffic and scan it. Essentially, it’s like a man-in-the-middle attack that the user consents to. Not surprisingly, in most cases, the use of HTTPS interception results in downgraded security.

Software Engineering at Google

Fergus Henderson describes Google’s key software engineering practices. There are great insights into their process and approach, as would be expected from one of the most successful software companies today. It includes things like how they store their source code, which languages they use, their build system, code review process, debugging and profiling, 20% investment time and project and people management. Not every company can or should adopt all their practices, but most would benefit from some of them.

The REPL: Issue 30 - January 2017

The four indicators of a healthy Ruby On Rails project

Software consultants often need to evaluate existing projects. Błażej Kosmowski writes a thoughtful post on four things he focuses on: Outside-In TDD, use of design patterns, a balance between DRYness and readability and automation (around code quality). I like all of those and would add a few more around project deployment, like automation of deployment, staging to production promotion of code, etc.

The Disciplines of Web Design

Joshua Ogle writes a good introduction of what the different disciplines of web design are (visual design, user interface, user experience) and how to interact with each other. I found it very informative. I usually focus on backend programming, but work with designers and their concepts often.

Instrumentation: The First Four Things You Measure

In the context of computer programming, instrumentation refers to an ability to monitor or measure the level of a product's performance

Instrumentation provides insight into what exactly is happening to your running code. Antoine Grondin lays out what are the basics of what to measure, to be able to quickly understand the situation in times of trouble. From experience, I can say that just modest investments in instrumentation provide great value.

The REPL: Issue 29 - December 2016

Learn Graphviz and Up Your Diagramming Game

I’ve bumped with Graphviz in the past only indirectly. After reading this article, I will definitely keep it in mind when needing to create diagrams in the future. I like the idea of specifying the relationships in a diagram in text – and manage it with source control – and then generating a graph from it.

Microservices? Please, Don’t

Sean Kelly explores why some of the often-repeated arguments for microservices. Certainly, some of the benefits of microservices can be achieved without needing to separate them into different web applications, which in itself can brings complications in deployment, coordination and increased network interaction.

RbNaCL: The Ruby Cryptography Library

This repository is a great idea: Provide a cryptographic library that makes it easy and straightforward to use high-level cryptography correctly, and avoid the many pitfalls of trying to assemble a secure system from cryptographic primitives. The APIs are designed to provide abstractions like public-key / secret-key encryption, digital signatures, etc.