Een artikel, 19 dagen geleden geplaatst
onder
website & murb.
After more than 10 years, it was time to update the design of this website.
Most important changes:
Using the murb design system; a much bigger name for what it actually is, just another minimalistic cascading style sheet that is reused in several projects
Less distraction (previous design had a busy background with all 'feed items' generated by me elsewhere; they're still in on the blog section though.
Other than that, technically not much has changed. It is still a simple Rails app (now updated to 8). If I'd start from scratch I would have made it as a static site, but this site has quite some history :)
Voortijdige optimalisatie, of premature optimisation, is een bekende neiging van veel software ontwikkelaars. Het is een idee verbonden aan Donald Knuth:
Veel ontwikkelaars halen eer uit het maken van "slimme" oplossingen die het draaien van de code net een beetje sneller zouden kunnen maken. De nadruk ligt op zouden omdat het veelal niet gebaseerd is op het daadwerkelijk meten aan de applicaties. Slechts door het applicatiegedrag goed te monitoren kunnen de échte performance problemen geïdentificeerd worden.
Erger is dat er kosten verbonden zijn aan zulke voortijdige optimalisaties:
Het kost vaak extra tijd om een feature op te leveren (wat mij betreft niet het ergste)
Ik ben een groot fan van open source software. Het voorkomt vendor lock-in; je zit dus niet vast aan een bepaalde partij. Indien akkoord maak ik ook graag de code die ik voor jou schrijf direct openbaar, zoals ik heb gedaan met een uitleen systeem en een collectiemanagement systeem en diverse kleinere herbruikbare componenten, zie b.v. murb op rubygems. Het voorkomt ook het eeuwige herbouwen van bijna dezelfde oplossingen.
Steeds meer mensen zijn aan het verhuizen van wat Twitter heette naar een alternatief. Twee populaire bestemmingen zijn Mastodon en BlueSky, waarbij die laatste net iets populairder lijkt te zijn. Maar, waarom valt de meerderheid toch weer in diezelfde val?
BlueSky wordt weer een Twitter
BlueSky leeft nu van de 'anti-X' beweging, waarbij ze duidelijk de taal spreken van wat aanspreekt bij zij die migreren: we gaan niet 'enshittifyen' 1, geen reclame, ze hebben goede mensen aan de leiding, maar…
In tegenstelling tot Mastodon is BlueSky is het nog steeds een enkele dienst (weliswaar met een mogelijkheid tot het zelf hosten van je eigen content) die je gegevens opsluit. Neem daarbij dat de investeerders op een gegeven moment geld willen verdienen, en het is maar één kant welke het op kan gaan, de kant die alle sociale netwerken op lijken te gaan. Alle? Nee niet alle…
Het echte alternatief, een sociaal netwerk voor en door gebruikers
Recently I posted 'Doing less'. Tl;dr: I wondered why we (as tech-society) seem to be thrilled about making inefficient round trips using AI for development, or chase each other to use typed languages, while we could be using more expressive programming languages instead. Instead of guessing human input, we could write untyped short scripts that detail every edge case carefully, but without extreme uncertainty of human language input nor the extreme preciseness of typed languages. Scripting, however, is scoffed at by Real Programmers, but then why oh why do we AI?
Someone suggested I should share more about another programming language (knowing that I'm a rubyist) called Crystal, a language that shares performance characteristics of other compiled languages like C and Rust (not always in the top regions, but close). And although I heard of it a long time ago, I kinda forgot ab…
Traditional software is downloaded, installed, then run. With web applications it is different. These are built, then pushed to a remote server and then the interface of that application is presented to the screen of the users via web-technologies like HTML, CSS & JavaScript, in the past sometimes assisted by Flash, these days using WASM. Besides that web applications need databases, storage, cache-systems, maybe a search solution, and sometimes more dedicated tools. From the end-user's perspective, it became a lot easier (although more restrictive) to access these tools, but getting it up and running got harder.
In the old days web software was deployed by uploading software via FTP, in a folder that was then read by a web server, and then presented to the user of the web-application. I've also deployed compiled .war files manually via a tomcat web-interface. Databases, storage, these were all pretty much managed by hand, sometimes even requiring physically adding a new drive or…
This may not be the complete list of possible strategies, but this is my own documentation of a short exploration.
textarea
One of the simplest form of "editors" is the plain textarea. Sometimes enriched by Javascript, adding snippets of text to assist more complicated markup styles (e.g. select text, and make it bold by surrounding it with a double asterisk (in case of markdown)).
Advantages:
robust
simple
Disadvantages:
No advanced markup (and/or relies on e.g. markdown, which is nice, but not for everyone)
By offering a preview of the markup, the disadvantage can be mitigated to some extend.
It is possible to position autocomplete helpers when the entry font is of a fixed type; as you can find the position of the caret within the text (using [selectionStart (on MDN)](https://developer.mozilla.org/en-US/docs/Web/API/HTMLTextAreaElement/…
A lot of automation is about doing less manual labour. People who automate enjoy doing less. This desire lead to new programming languages, advanced IDE-tooling, but recently we've gotten a new type of assistance: AI. Microsoft using Github Copilot, Amazon with CodeWhisperer, and more will follow offering yet another Code predictor using 'open source' models.
But is it the right approach?
Solving problems that I don't have
I mainly write in a language that was developed for developer happiness: ruby. It wasn't designed for optimal performance, but allows code to be readable and easy to write (when you have a certain proficiency in Ruby that is). After having turned CodePilot on and off for a year, I'm really not impressed. It has saved me typing strings that I might have otherwise copied from an earlier test, but with the disadvantage that the resulting text…
Gisteren luisterde ik nog een staartje van de NRC podcast “Zo simpel is het niet” over Altruïsme. Daarin werd duidelijk gemaakt dat mensen gestimuleerd kunnen worden om het juiste te doen door goede voorbeelden te geven, zodat mensen leren dat er meer mensen zijn die ‘het juiste doen’. Naar Groenland of New York gaan om een stukje te rennen, of naar Londen voor een optreden, en dan weer retour te vliegen hoort daar echt niet bij. We moeten, om het klimaat te redden, ondermeer minder ver gaan reizen. Aanleiding voor het artikel lijkt een onderzoekje van een exploitant van luchthavenlounges en is verder nog verrijkt met quotes van een touroperator. De psychologie die …
When you're writing server to server communication locally, and these servers are running behind some proxy like puma-dev that enables SSL connections, you may face issues with OpenSSL (or variant) not trusting the connections. That is good, you want OpenSSL not to trust just any random certificate. But how to make it pass?
Your web browser probably allows you to visit a page on a server and even approve the certificate. You should then export the chain as .pem (Firefox makes this pretty easy: click on the lock, view security, view certificate, go to the "CA"-tab for that certificate and export the chain.
This PEM chain is just a plain text file, containing the public certificates of your local 'CA' (created by Puma-Dev)
Copy the text using an editor of choice.
And now open up: /opt/homebrew/etc/ca-certificates/cert.pem and add it.
Also make sure that everything uses this cert.pem by symlinking it to this file, so for example with ruby run
I enjoy the ruby programming language because you can get a long way by just assuming things. A collection implements each, every object has nil?, in rails, I can get the relationship of a record and use scopes to filter the relationships as defined in the class of that related record. If it ands with a questionmark, it returns a boolean(y). Anyway.
So while they might say: "never assume things", and sure, a lot of things are chaos, but ideally not our code base :) I prefer to work from assuming t…
Sometimes I get confused by terminology. And many of the marketing pages that reply to such queries don't really help. So I here is my simple breakdown of these terms in relation to each other.
Entitlements
Entitlements are Granular Permissions. Entitlements represent specific rights or privileges and are the building blocks of roles and can be assigned individually or as part of a role.
Example: An entitlement might be "Access to Premium Reports". This entitlement can be part of multiple roles, such as "Admin" or "Premium User".
Note that not always entitlements are explicitly exposed, and are roles used in downstream applications to determine the exact entitlements associated with a role. Enterprise applications do attempt to separate these, but there is a lot of additional administration associated with this, especially when applications are extended rapidly.
Roles
Can be considered a collection of entitlements, a higher-level abstraction that groups m…
It is good practice to leave your database in a consistent state. There are different ways to do this. Foreign key constraints, indexes, typing of columns, are all strategies to keep your database in a consistent state. Transactions are another way providing you a tool to keep the database consistent: if one of the inserts or updates fail, your database will rollback to the state before the first in the series of inserts and updates within that transaction.
Some languages make it really simple to create a transaction. In Ruby on Rails it is simply opening a block:
User.transaction do
## ... all db operations are now in a transaction
end
But be cautious; transactions don't come for free: they lock the table or row, which is bad for performance. It can, by design, stop other processes from updating the same rows. And all this gets worse when transactions take longer, when for example they contain request to remote resources.
I'm fond of data-URI's (MDN Link). 12 years ago I reappropriated a tool that stored a webpage with its related resources in a Microsoft specific format and rewrote it into something that would store it in normal HTML where the related resources were encoded in data URI's. Recently the topic came up again at a project I was working in, where microservices are still a thing. And while discussing it with colleagues it seemed as if knowledge about this quite useful URI-scheme wasn't on top of everyone else's mind. Instead, the original idea was, we could upload the resource to S3, pass the link, download the resource from S3 at the receiving end, and then have some policy that takes care of deleting it… nah…
In archives it helps to have PIDs: Persistent IDentifiers. PIDs help organisations attribute data to consistently identified objects. There are many PID-schemes. Books can be persistently identified by their ISBN. In science, DOIs are popular to identify scientific articles. And there are plenty of other persistent identifiers.
What most of them share is the following: they need registration. And while that could be a good thing, I've seen well meant attempts at creating a PID where the central entity went rogue, links are dependent on some centralised resolver and it all falls apart.
The requirements
When I was tasked to create a long lasting QR label the requirements were clear:
The basis had to be a URL (QR Codes can contain anything, but URLs deliver the best UX)
It should have a fallback: the URL should not be a meaningless string; it should at least contain an identifier it was once assigned; in the …
