Articles I read in 2024

Week 52, 2024

New Google Sheet on half of 13.6" MacBook Air screen is fully covered by popups

Week 51, 2024

My favourite colour is Chuck Norris red
My Modern CSS Reset
What PWA Can Do Today
Moon
Always Go To The Funeral

In my humdrum life, the daily battle hasn't been good versus evil. It's hardly so epic. Most days, my real battle is doing good versus doing nothing.
Control the Viewport Resize Behavior on mobile with interactive-widget
State of Node.js Performance 2024
Man ran 700 miles to make ‘insanely impressive’ art on GPS fitness app
- https://www.tiktok.com/@duncan77mccabe/video/7438366744776903992
- https://www.youtube.com/watch?v=fO--TM4_6hw

Week 50, 2024

Week 49, 2024

Exploring the HTML5 Tag Ping Attribute
How to Grow Professional Relationships

There is so much to go around. The world is abundant and not zero-sum. I intentionally let people take advantage of me because I know I’ll recover whatever I need in another way. A useful habit is to practice random acts of kindness daily, whenever convenient.
Stop using JPA/Hibernate
You Must Read At Least One Book To Ride
Go vs Bun, Go언어는 정말 JS 런타임보다 빠를까?
DB 입출력이 잦은 리얼 월드에서는 Bun 런타임과 Elysia 웹프레임워크, 그리고 mysql2 라이브러리의 조합이 예상 외로 훌륭한 결과를 보여주었습니다. 동시 요청이 많아도 Go가 보여주는 것만큼의 안정적인 동작을 보여주었고, 미약해 보였던 싱글 스레드 기반의 이벤트 루프는 비동기 I/O와 함께 의외의 슈퍼 파워를 보여주었습니다.
- 데이터베이스 드라이버 병목 의심
- DB I/O가 많은 리얼 월드 환경에서는 Bun(Elysia 프레임워크와 MySQL2 라이브러리 조합)이 더 안정적이고 효율적
- 논의

Week 48, 2024

Week 47, 2024

Overflow Clip
AAA - Analytical Anti-Aliasing
A Friendly Introduction to Container Queries
How to win by doing things that don't scale - a winning strategy even well beyond the early days of a startup
The Long Tail of AI - how non-AI companies are integrating artificial intelligence.

Week 46, 2024

Introducing Copilot Edits (preview)
The disposable web
- Generated Web Apps - https://websim.ai/, https://replit.com/
Why is it so hard to find a job now? Enter Ghost Jobs
YouTube Premium Showing Ads
🌴 Stretch My Time Off - a quick experiment using Cursor (Anysphere's AI code editor) and GPT-4o to see how far AI could go in building a simple, functional site.
- https://github.com/zachd/stretch-my-time-off
What I Wish Someone Told Me About DB(Postgres)
Leaving and Waving
100 Scrappy Things

Putting in the work without expecting any external reward at first (eg views, followers, likes, etc) will pay off in the long run. Roberto Blake was talking about making 100 crappy videos to get better over time. Putting in the reps and improving a little bit each time.
Hundreds of code libraries posted to NPM try to install malware on dev machines

The IP address returned by a package Phylum analyzed was: hxxp://193.233.201[.]21:3001. While the method was likely intended to conceal the source of second-stage infections, it ironically had the effect of leaving a trail of previous addresses the attackers had used in the past.

Attacks like this one rely on typosquatting, a term for the use of names that closely mimic those of legitimate packages but contain small differences, such as those that might occur if the package was inadvertently misspelled.

Week 45, 2024

New Study Reveals Blood Sugar Control is a Key Factor in Slowing Brain Aging, Highlighting the Benefits of the Mediterranean Diet
Useful built-in macOS command-line utilities
AI Slop Is Flooding Medium
Attacking APIs using JSON Injection

This endpoint had no sanitization on the parameters throughout the processing of the JSON body. Moreover, the library Samsung relied on (json-c) was compiled with JSON_TOKENER_STRICT=0, which allows for defining strings with both single and double quotes. JSON Injection → SQL Injection → Buffer Overflow → ROP = PWNED
Clarifying the Relationship Between Popovers and Dialogs
- Popover is an umbrella term for any kind of on-demand popup.
- Dialog is one type of popover — a kind that creates a new window (or card) to contain some content.
  - Modal: A dialog with an overlay and focus trapping
  - Non-Modal: A dialog with neither an overlay nor focus trapping
  - Alert Dialog: A dialog that alerts screen readers when shown. It can be either modal or non-modal.
Sleep regularity is a stronger predictor of mortality risk than sleep duration: A prospective cohort study

Week 44, 2024

Steam games will need to disclose kernel-level anti-cheat on store pages
- https://news.ycombinator.com/item?id=41999314
The Karma connection in Chrome Web Store
How I write code using Cursor: A review
The open secret of open washing – why companies pretend to be open source
Before you buy a domain name, first check to see if it's haunted

Before I bought it, the domain was used to host pirated music. Its urls were delisted by Google (and other search engines).

Week 43, 2024

Focus on decisions, not tasks
Practical Accessibility Tips You Can Apply Today
Sucrose - The secret behind Elysia speed
Tog's paradox (also known as The Complexity Paradox or Tog’s Complexity Paradox) is an observation that products aiming to simplify a task for users tend to inspire new, more complex tasks.

Travel became simpler → more vacations now involve flying a plane and thus obtaining tickets online and thus comparison-shopping, aggregating reviews of faraway places, etc → omg, vacation travel is complex again. It just allows to fulfill more of a dream. — nine_k

Tog's paradox is the main reason why I suspect that generative AI will never destroy art, it will enhance it. It allows you to create artworks within minutes that until recently required hours to create and years to master. This will cause new art to emerge that pushes these new tools to the limit, again with years of study and mastery, and they will look like nothing we've been able to produce so far. — posix86
The story of web framework Hono, from the creator of Hono
Love being interrupted when my monitor asks me to accept user agreements

Week 42, 2024

I’ve Been Doing Blockquotes Wrong
I Self-Hosted Llama 3.2 with Coolify on My Home Server
Ask HN: Solopreneurs, how did you come up with your idea?
GOOD ENOUGH BEATS GREAT
Explore the Maya Temples at Copán Ruinas
Bike Manufacturers Are Making Bikes Less Repairable
How I Experience Web Today
zxcvbn - Low-Budget Password Strength Estimation
소프트웨어 파괴의 미학

"소프트웨어 파괴의 미학"은 소프트웨어 개발에 내재된 불확실성을 탐구하며, 끊임없이 변화하는 비즈니스 요구사항 속에서 개발자들이 완벽을 추구하는 과정에서 직면하는 어려움을 강조합니다. 이 글은 개발자들이 품질을 위해 노력하지만 복잡한 비즈니스 역학에 직면하면서 기술 부채가 발생하는 과정을 설명합니다. 또한 Kano 모델을 참조하여 고객 만족도가 시간에 따라 어떻게 변화하는지, 한때 매력적이었던 기능들이 기본적인 기대사항이 되는 과정을 보여줍니다. 이 글은 코드가 결국 시대에 뒤처질 수밖에 없다는 사실을 받아들이고, 이러한 불가피성을 예상하고 받아들이는 마음가짐인 "Destruction-Oriented Development"의 개념을 소개합니다.
FLUX is fast and it's open source
It made me $500k but I think content is a bad business
Working From Home Is Powering Productivity
- While hybrid work may have a neutral impact on individual productivity, its macroeconomic effects are positive due to broader labor market inclusion and lower transportation emissions.
  - Positive benefits include reduced commuting time and a quieter, less interrupted working environment
  - Reduced time in the office may reduce ability to learn, innovate, and communicate
  - No net productivity impact as positive and negative effects offset each other
    
    The impact of fully remote working, which has been adopted by about 10 percent of employees, is highly dependent on how well it’s managed.
1 bug, $50k in bounties, a Zendesk backdoor

Week 41, 2024

The Copenhagen Book
Automating Processes with Software is HARD
- Many people underestimate the fragility of automated systems, which can fail due to unexpected inputs or tool malfunctions.
- the author stresses the importance of human oversight, especially in high-stakes areas.
- Ironies of Automation
An Illustrated Proof of the CAP Theorem
The CAP Theorem is a fundamental theorem in distributed systems that states any distributed system can have at most two of the following three properties.
- Consistency
- Availability
- Partition tolerance
Practices of Reliable Software Design
A modest critique of Htmx
- https://news.ycombinator.com/item?id=41781457
ABC News hacks into popular robot vacuum, watches owner through camera
- Valetudo is a cloud replacement for vacuum robots enabling local-only operation.
Rust is rolling off the Volvo assembly line
Selling to Carol: Why targeting an ICP brings 10x more customers than you expected
Nearly all of the Google images results for "baby peacock" are AI generated
The Rise of Worse is Better
ARIA DevTools
Google must crack open Android for third-party stores, rules Epic judge

Epic's "First Run" program does all the things they got mad at Apple and Google about. You don't have to pay any license fees for Unreal Engine if you use Epic exclusively for payments. They give you 100% revshare for 6 months if you agree to not ship your game on any other app store.

Let's not kid ourselves, Epic never cared about consumer choice or a fair playing field, they only want the ability to profit without having to invest in building a hardware platform. — mike_d
AI won't replace human devs anytime soon (twitter.com/skeptrune)
AI is an impediment to learning web development
- https://news.ycombinator.com/item?id=41757711
Apple releases Depth Pro, an AI model that rewrites the rules of 3D vision
Gen AI Makes Legal Action Cheap — and Companies Need to Prepare
Tauri 2.0 Stable Release If you check any of the boxes below, you should use Tauri:
- Do you want a single UI codebase for all platforms?
- Do you want to reach as many users as possible on their platform (eg. Windows, MacOS, Linux, Android, iOS)?
- Are you a frontend web developer and want to write native applications?
- Are you a Rust developer looking to write applications with a nice looking UI with the option to do it in Rust?
- Do you have an existing team of web developers and want to expand to native application markets with low upfront investment?
- Do you have an existing team of rustaceans and want everything written in Rust?

Week 40, 2024

Double your specificity with this one weird trick
- .checkbox__icon.checkbox__icon
  
  "Repeated occurrences of the same simple selector are allowed and do increase specificity." — CSS Selectors Level 4
The problem with superscripts and subscripts
Introducing TODS – a typographic and OpenType default stylesheet
Solarized - Precision colors for machines and people
Why Gumroad Didn't Choose htmx
Bots, so many Bots
Bop Spotter
Meta fined $102 million for storing passwords in plain text
Too much efficiency makes everything worse: overfitting and the strong version of Goodhart's law

Week 39, 2024

NIST will standardise prohibition of requirement of composing passwords from various character styles, and requirement for periodic password changes.
- https://pages.nist.gov/800-63-4/sp800-63b.html#passwordver
Dark Patterns - Hall of Shame
Improving rendering performance with CSS content-visibility
- This final solution achieved around a 45% performance improvement in both Chrome and Firefox, reducing the load time from 3 seconds to 1.3 seconds.
- While satisfied with the content-visibility approach, the author acknowledges that a true virtual list implementation would likely provide even better performance, especially for larger datasets.
McDonald’s touchscreen kiosks were feared as job killers. Instead, something surprising happened
a “feature” Apple added that auto-corrects file extensions.
- Zed adds .s to my SQL files
- Sublime text started adding a “.s” to new files.
It is hard to recommend Google Cloud
How startups beat incumbents
Forbes Marketplace: The Parasite SEO Company Trying to Devour Its Host
Math4Devs

Week 38, 2024

Drift towards danger and the normalization of deviance - systemic migration of organizational behavior toward accident under the influence of pressure toward cost-effectiveness in an aggressive, competing environment
- Overton window
AI tool cuts unexpected deaths in hospital by 26%, Canadian study finds
rga: ripgrep, but also search in PDFs, E-Books, Office documents, zip, tar.gz, etc.
Fuck founder mode. Work in "Fuck off mode".
Oracle, it’s time to free JavaScript.
The HTTP QUERY Method
- Why an HTTP Get Request Shouldn’t Have a Body
Logical Properties in Size Queries
Animate to height: auto; (and other intrinsic sizing keywords) in CSS

Week 37, 2024

CSS display contents
I Wish I Didn't Miss the '90s-00s Internet
Why some of us like "interdiff" code review
Why Not Comments
- The "why not" comments are valuable for documenting negative information - things that the code is not doing.
- "Why not" comments can serve as signposts for future optimization or changes, even if the current code is working fine.
- Lengthy function/variable names cannot fully replace "why not" comments, as they cannot capture the tradeoffs and reasoning behind the code.
- The author suggests that "why not" comments may be a form of "counterfactuals" in human communication, which are difficult to self-document in code.
Just for Fun (2022)

I've often described my motivation for building software to others using imagery: I like to go find a secluded beach, build a large, magnificent sand castle, and then walk away. Will anyone notice? Probably not. Will the waves eventually destroy it? Yep. Did I still get immense satisfaction? Absolutely. — aliasxneo
CSS :has() performance - Browsers are really good at doing style recalculation. This isn't something we need to worry about. 😄
자바스크립트는 왜 프로토타입을 선택했을까
The Effects of Generative AI on High Skilled Work: Evidence from Three Field Experiments with Software Developers
Inside ECMAScript: JavaScript Standard Gets an Extra Stage

Week 36, 2024

Week 35, 2024

Week 34, 2024

Ikea's Inventory Drones Expansion
Algorithms we develop software by
Bun は Node より速いのか？ Misskey で検証
croc is a tool that allows any two computers to simply and securely transfer files and folders. AFAIK, croc is the only CLI file-transfer tool
Flaw has Microsoft Authenticator overwriting MFA accounts, locking users out

Week 33, 2024

Week 32, 2024

SVG Viewer is an online tool to view, edit and optimize SVGs.
Happy 33rd birthday the world's first website!
Cringey, But True: How Uber Tests Payments In Production
70% of new NPM packages in last 6 months were spam
How I Use "AI"
Organic Maps: Offline Hike, Bike, Trails and Navigation
Introducing GitHub Models: A new generation of AI engineers building on GitHub
How Google handles JavaScript throughout the indexing process
- CSR is possible but has poor support

Week 31, 2024

Don’t Let Your Domain Name Become a “Sitting Duck”
Creativity Fundamentally Comes From Memorization
GlazeWM is a tiling window manager for Windows inspired by i3 and Polybar.
Meta to pay Texas $1.4 billion for using facial recognition technology without users’ permission
Dear AI Companies, instead of scraping OpenStreetMap, how about a $10k donation?
Children should be allowed to get bored, expert says
Have It All: External, Styleable, & Scalable SVG
- SVG triangle of compromise
Europe Is in Danger of Regulating Its Tech Market Out of Existence
Get The Screen Width & Height Without JavaScript
Why "page.goto()" is slowing down your Playwright tests
You’ll Write Less Code With Svelte 5.0, Promises Rich Harris
Zstandard, or zstd as short version, is a fast lossless compression algorithm, targeting real-time compression scenarios at zlib-level and better compression ratios.
- https://x.com/adrianco/status/1560854827810361345
- https://www.uber.com/en-TW/blog/cost-efficiency-big-data/

Week 30, 2024

AI crawlers need to be more respectful
Generating sudokus for fun and no profit
Anchor Links and How to Make Them Awesome
CSS Grid Areas
Anyone can Access Deleted and Private Repository Data on GitHub
- don't use private forks. Copy the repository instead. #
- the only way to securely remediate a leaked key on a public GitHub repository is through key rotation.
Google Is the Only Search Engine That Works on Reddit Now Thanks to AI Deal
Switzerland now requires all government software to be open source
Intent to End OCSP Service
rrweb - record and replay the web
TablePlus - Database management made easy

Week 29, 2024

Week 28, 2024

Engineering Principles for Building Financial Systems
If AI chatbots are the future, I hate it
Second Factor SMS: Worse Than Its Reputation - Attackers can intercept SMS one-time passwords through techniques like SIM swapping or exploiting SS7 network vulnerabilities.
Spot the Drowning Child
SEQUOIA - Adapting to Endure
Google Chrome gives all .google.com sites full access to system / tab CPU usage, GPU usage, and memory usage. It also gives access to detailed processor information, and provides a logging backchannel. This API is not exposed to other sites - only to .google.com. — #
Rye is a comprehensive project and package management solution for Python.
Reverse engineering Ticketmaster's rotating barcodes
I'm Funding Ladybird Because I Can't Fund Firefox
How to think in writing: Part 1: The thought behind the thought

If your goal is to probe the validity of your thoughts, this is painfully inefficient. You'll get much further if you do one or two simple passes on your writing, and then pass what you've written around and ask for feedback. — BeetieB
Why privacy is important, and having "nothing to hide" is irrelevant
Identity Crisis: Sequence v. UUID as Primary Key
Radio Garden

Week 27, 2024

Cardiorespiratory fitness is a strong and consistent predictor of morbidity and mortality among adults: an overview of meta-analyses representing over 20.9 million observations from 199 unique cohort studies
Woodworking as an escape from the absurdity of software
HTMX does not play well with content security policy
Why Is Chile So Long?
gRPC: The Bad Parts
Edna is a scratchpad for developers. It's a large persistent text buffer where you can write down anything you like. Works great for that Slack message you don't want to accidentally send, a JSON response from an API you're working with, notes from a meeting, daily to-do list, etc.
KT 60만명 해킹의 심각성: 사상 최악의 사이버 범죄로부터 당신은 지금도 안전하지 않다
Building an AI-Native Company
Teo is schema-driven web server framework. The server side API is native to Rust, Node.js and Python.
마이리얼트립으로 살펴본 여행 산업에서의 SEO, 키워드 성과 분석 중요성
Microsoft’s AI boss thinks it’s perfectly okay to steal content if it’s on the open web

Week 26, 2024

Liquid Layers
Pop!_OS is an operating system for STEM and creative professionals who use their computer as a tool to discover and create. Unleash your potential on secure, reliable open source software.
A Three-Step Framework For Solving Problems 👌
What is Jobs to be Done (JTBD)?

Upgrade your user, not your product. Don’t build better cameras — build better photographers.
— Kathy Sierra
Reshot - Free Icons & Illustrations Design freely with instant downloads and commercial licenses.
1-click Exploit in South Korea's biggest mobile chat app
dotenvx - a better dotenv–from the creator of dotenv.
- run anywhere (cross-platform)
- multi-environment
- encrypted envs
Microsoft Account to local account conversion guide erased from official Windows 11 guide — instructions redacted earlier this week
Readme Driven Development
Windows 11 is now automatically enabling OneDrive folder backup without asking permission
Ruby: a great language for shell scripts!
llama.ttf is a font file which is also a large language model and an inference engine for that model.
함께해요 파이썬 생태계
EntityCode

Week 25, 2024

DB Browser for SQLite
Google Gemini tried to kill me
Cyber Scarecrow
Twitter’s Clumsy Pivot to X.com Is a Gift to Phishers
Mocking is an Anti-Pattern - Mocking is an anti-pattern. Mocking adds complexity, is hard to maintain, introduces its own bugs, doesn't test what should be tested and creates a false sense of security. Several things you can do instead:
- More unit testing
- Easier to Test IO
- Just do IO
- Separation of logic and services / IO
- E2E integration tests
좋은 에러 메시지를 만드는 6가지 원칙
Start Presentations on the Second Slide
Do not try to be the smartest in the room; try to be the kindest.
How Stripe’s document databases supported 99.999% uptime with zero-downtime data migrations

Week 24, 2024

CSS Length Units
Fine-tuning Text Inputs
Cap Unit
Group chats rule the world

— Salons and groups have always existed but why the recent shift to private discourse?
Because the public internet makes it too easy for people to sell you stuff, extract value from you, or harass you. Private chats are human-scale environments where understandable social norms---not commerce, algorithms, or formal rules---drive the interactions. It's an authentic experience. #
The Expanding Dark Forest and Generative AI

As AI takes over the public internet (the trees) the people will retreat to safe underground spaces where they know only authentic humans live. #
Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to
RunCat - The cat tells you the CPU usage of Mac by running speed.
Boop. - A scriptable scratchpad for developers.
AlDente - Charge Limiter🍝 - MacOS menu bar tool to limit maximum charging percentage
Study shows N95 masks near-perfect at blocking escape of airborne COVID-19
UUIDv7: The Time-Sortable Identifier for Modern Databases
SQLite As An Application File Format
AeroSpace is an i3-like tiling window manager for macOS
ANTI-CHEAT EXPERT: ALL YOUR PIXELS ARE BELONG TO US
"Web components" considered harmful

It's better to use the specific names (custom elements, shadow DOM, templates) instead of the umbrella term "web components" to avoid confusion and make these APIs more approachable.
"AI-powered" has become a red flag
Keylogger discovered in image generator extension
Microsoft Will Switch Off Recall by Default After Security Backlash

Satya Nadella told the entire Microsoft org that if anyone had to choose between features and security, to choose security. I'm hearing from Microsoft people that all product roadmaps are deferred for a few months while security features are addressed. Their whole corporate spiel is "Microsoft runs on trust" (see the famous standards of business training on youtube).

And then someone goes and invents Recall. This is not the work of a lone engineer and a principal PM fishing for Impact or whatever they call success at Microsoft. This had to have gone through multiple levels of review. Microsoft PMs, CVPs, their corpo legal people, marketing approval. And yet no one stopped to say, "wait, this could blow up in our faces"? — https://news.ycombinator.com/item?id=40615205
Cancel Adobe if you are a creative under NDA with your clients

Week 23, 2024

Should I Use JWTs For Authentication Tokens?

They are designed for large-scale environments like Google and Facebook, where the benefits of JWTs (not needing to query a user database for every request) outweigh the drawbacks. However, for most applications that process less than 10,000 requests per second, the complexity of JWTs is unnecessary. A simpler approach is to use a normal opaque session token stored in a database, which is the approach used by most web frameworks.
모두를 위한 디자인
LLMs Aren’t Just “Trained On the Internet” Anymore
Stealing everything you’ve ever typed or viewed on your own Windows PC is now possible with two lines of code — inside the Copilot+ Recall disaster.

Week 22, 2024

Polyfill.io, 중국 CDN 기업에 인수된 후 보안 및 안정성 문제 발생
- polyfill.io now available on cdnjs: reduce your supply chain risk
Why, after 6 years, I’m over GraphQL
Three Laws of Software Complexity
1. A well-designed system will degrade into a badly designed system over time.
2. Complexity is a Moat (filled by Leaky Abstractions).
3. There is no fundamental upper limit on Software Complexity.
An Anonymous Source Shared Thousands of Leaked Google Search API Documents with Me; Everyone in SEO Should See Them
Your API Shouldn't Redirect HTTP to HTTPS
- Redirection can lead to sensitive data being transmitted in plaintext before the encrypted connection is established.
Terminal Text Effects
Doing is normally distributed, learning is log-normal
- Software estimation is challenging because it fails to recognize that learning is non-normally distributed.
Bubble.ai
Google scrambles to manually remove weird AI answers in search

Week 21, 2024

iTerm2 and AI hype overload

A terminal emulator is probably one of the most privileged programs. It deals with all the secrets in the world, and the threat that it could be used to upload them all to a third party is great enough that people are willing to switch away from it sight unseen.

not letting you use local models
Leaked OpenAI documents reveal aggressive tactics toward former employees
Improvements to the Speculation Rules API which allows websites to prefetch or prerender future navigations to improve performance.
QPick.app website for making random choices easy and fun!
- https://qpick.app/burger,pizza,chicken
Rethinking Text Resizing on Web
- Airbnb has made improving web accessibility a priority, focusing on the WCAG 1.4.4 Resize Text guideline. This guideline is important for users with low vision, as it requires web content to be maintained when text is scaled 200%.
New alternatives to innerHTML
- setHTML
- setHTMLUnsafe does not perform input sanitization. The setHTMLUnsafe method is particularly useful for working with declarative shadow DOM, where the contents of a <template> element with the shadowrootmode attribute need to be rendered as shadow DOM. The setHTML method would remove the template element entirely, whereas setHTMLUnsafe preserves it.
A Brief Note on Highlighted Text

If you plan to style text highlighted by the browser, you must give it sufficient contrast — 3:1 for the highlight block against its background and (probably) 4.5:1 for the text within that highlighted block against that background.
Target=_blank implies rel=noopener
Thinking out loud about 2nd-gen Email
Files - Building the best file manager for Windows

Week 20, 2024

A Front-End Engineer's Take on LLMs

the indeterminism and unreliable behavior of LLMs, which is unlike the deterministic nature of typical software development. The author thinks prompt engineering will go the way testing is going. - be a skill rather than a discipline
The Times You Need A Custom @property Instead Of A CSS Variable

CSS custom properties allow developers to specify the syntax, initial value, and inheritance behavior of CSS variables. This provides more control over how variables are used, enabling advanced animations that were previously only possible with JavaScript.
Edit PDFs for free with Firefox PDF Editor
URLhaus is a project from abuse.ch with the goal of sharing malicious URLs that are being used for malware distribution.
State of HTML 2023
Not an iPad Pro Review: Why iPadOS Still Doesn’t Get the Basics Right
100k Stars
PeaZip Free Archiver
Humanoid agent robot
Avoid blundering: 80% of a winning strategy
- https://news.ycombinator.com/item?id=39902854
- https://news.hada.io/topic?id=14789

Week 19, 2024

Latency numbers every frontend developer should know
It’s always TCP_NODELAY. Every damn time. argues that in modern distributed systems, Nagle's algorithm may no longer be necessary. The author recommends that for latency-sensitive distributed systems, TCP_NODELAY should be the default setting, as it provides better performance.
Deaf girl is cured in world first gene therapy trial
Homebrew vs. MacPorts, A Systems Software Engineer's Perspective

In practice, many engineers use both package managers to combine the strengths of each. For instance, use Homebrew for common software and MacPorts for specialized projects.
chezmoi - Manage your dotfiles across multiple diverse machines, securely.
Distribution is King - What video games can teach us about building billion-dollar companies
- https://news.hada.io/topic?id=14677
Your 14-Day Free Trial Ain't Gonna Cut It

For Keygen, p50 TTC(Time-to-Convert) is 41 days. My p90, 130 days; p95, 198; p99, 290.
JSONata JSON query and transformation language
‘I will never go back’: Ontario family doctor says new AI notetaking saved her job

Week 18, 2024

You receive a call on your phone. The caller says they're from your bank
I Reviewed 1,000s of GraphQL vs. REST perspectives
I Reviewed 1,000s of Opinions on HTMX
jsDelivr May outage postmortem
Locality of Behavior in React Components

Abstractions are not an enemy of locality. You don’t need to inline everything in a single file. In the context of a React component, the invocation of the function is more important than what it actually does.
Forms 101: More tags useful in forms - <fieldset>, <legend>
Form fields: File input fields
Form fields: Autocompleting form fields
Google Made Me Ruin A Perfectly Good Website: A Case Study On The AI-Generated Internet

Google's AdSense program rejected the site, claiming it lacked unique content. To get approved, the author resorted to generating low-quality, AI-written content like recipes, poems, and blog posts about their fictional obsession with congressional apportionment. After creating this deranged additional content, Google eventually approved the site for ads. The passage is a critique of how Google's policies are leading to the proliferation of low-quality, SEO-driven content on the internet.
SVG Viewer – View, edit, and optimize SVGs
What can LLMs never do?

inability to perform certain tasks that seem simple for humans, like playing Wordle or predicting the output of cellular automata.
World Wide Web (1991)
Leaving Rust gamedev after 3 years

Rust's strengths do not always align well with the needs of practical game development.
Passkeys: A Shattered Dream

The technology has become increasingly controlled by major tech companies like Google and Apple with problems about device compatibility, data loss, and vendor lock-in. Password managers may provide a better user experience for most consumers.

Week 17, 2024

CSS: Specificity
TDD's Missing Skill: Behavioral Composition
The Man Who Killed Google Search
Cognition Labs: "Today we're excited to introduce Devin, the first AI software engineer.
- They actually dont do ANYTHING themselfs - Analytics: Hotjar, Website: NextJS, Login: Clerk, Jobs: Ashby, Waitlist: Google docs (ROFL), Learn more about their funding: A link to twitter
Programming Is Mostly Thinking
Coroutines and effects

Week 16, 2024

Why you need a "WTF Notebook"
The invisible seafaring industry that keeps the internet afloat.
NEVER sacrifice your life for an artificial deadline.
- How to determine if something is an artificial deadline? Because if it were a real deadline with significance to the business, they'd pull more hands on deck, remove roadblocks relentlessly day after day, and even offer to take portions of your work on themselves so that the deadlines can be met.
HTMX Is So Cool I Rolled My Own!
The Wax and the Wane of the Web
My favourite animation trick: exponential smoothing avoids issues like jittering or overshooting that can occur with other methods.
DevTools Tips & Tricks
Gap is the new Margin

Margin breaks component encapsulation. A well-built component should not affect anything outside itself.
Prediction: margins in stylesheets will decline as gap in stylesheets climb
Hardest Problem in Computer Science: Centering Things

STOP. USING. FONTS. FOR. ICONS.
https://ios404.com/ - missing web features in iOS
Hono is a small, simple, and ultrafast web framework for the Edges. It works on any JavaScript runtime: Cloudflare Workers, Fastly Compute, Deno, Bun, Vercel, AWS Lambda, Lambda@Edge, and Node.js.
Old CSS, new CSS

<H1><FONT COLOR=red>...</FONT></H1> …every single goddamn time.

is in fashion again! Only now it’s called class="text-red-500" :o)

Week 15, 2024

QCon London: How Duolingo Sent 4 Million Push Notifications in 6 Seconds During the Super Bowl Break
QWANJI
The Power of :has() in CSS
```
h1:has(+ h2) {
  color: blue;
}
```
How to Kill the Cascade
In-app browsers are still a privacy, security, and choice problem

How to think about HTML responsive images

<picture>
  <source media="(prefers-color-scheme: dark)" srcset="macos-dark.png" />
  <source media="print" srcset="macos-contrast.png" />
  <img src="macos-light.png" alt="…" />
</picture>

The 37signals Guide to Internal Communication

Week 14, 2024

An Interactive Guide to CSS Container Queries

/* Try to add more items and see what happens. */
.timelineWrapper {
  container: timeline / inline-size;
  --force-vertical: false;

  &:has(.c-timeline__item:nth-last-child(n + 5)) {
    --force-vertical: true;
  }
}

@container timeline (inline-size > 430px) and style(--force-vertical: false) {
  /* Apply the full variation. */
}

Reddit Migrates Media Metadata from S3 and Other Systems into AWS Aurora Postgres
Chill Scroll Snapping: Article Headers
JavaScript Visualized: Promise Execution

Long story short, Promises are just objects with some additional functionality to change their internal state.

The cool thing about Promises is that this can trigger an asynchronous action if a handler is attached by either then or catch. Since the handlers are pushed to the Microtask Queue, you can handle the eventual result in a non-blocking way. This makes it easier to handle errors, chain multiple operations together, and keep your code more readable and maintainable!
Happy 404 Day. Whats your favorite 404 error page?
- Financial Times 404
Kobold Letters - Why HTML emails are a risk to your organization

Spicing up text with text-emphasis in CSS

.text-emphasis-dollar {
  text-emphasis: "$" lime;
  text-emphasis-position: under;
}

CSS scoping from What You Need to Know about Modern CSS (Spring 2024 Edition)
CSS Button Styles You Might Not Know
The manipulation value disables gestures like ‘double-tap to zoom’. Other gestures like ‘panning’ and ‘pinch to zoom’ are unaffected. An extra benefit is that the browser no longer needs to delay the click event waiting for a second tap.
```
.button,::file-selector-button {
  inline-size: fit-content;
  touch-action: manipulation;
  user-select: none;
}
*:focus-visible {
    outline: 2px solid magenta;
    outline-offset: 2px;
  }
}
```
BIG DATA IS DEAD

The author suggests that the real problem is often data hoarding rather than true "Big Data" challenges. Overall, the passage contends that the Big Data hype has passed and organizations should focus on using their data effectively rather than worrying about sheer data volume.
What’s the Difference Between OLAP and OLTP?
Postgres is eating the database world

PostgreSQL is emerging as a dominant database platform that is capable of handling a wide range of use cases, from OLTP to OLAP workloads. Its extensibility through a thriving ecosystem of add-ons and integrations allows it to compete with specialized databases across various domains like time-series, geospatial, and vector data. The rise of analytical extensions like ParadeDB and DuckDB have further bolstered PostgreSQL's capabilities, making it a viable alternative to dedicated data warehousing solutions. As hardware advancements have addressed performance and scalability concerns, the need for separate OLTP and OLAP systems is diminishing, leading to a convergence where PostgreSQL can serve as a unified, multi-model database. The author argues that the real competitive frontier now lies in leveraging PostgreSQL's extensibility through integrated distributions and services, rather than focusing on the core database kernel.

The power of CSS Variables 💪: A flexible solution for spacing utilities

<div style="--space-top: 30px; --space-bottom: 100px;"></div>

@media (min-width: 992px) {
  [style*="--space-bottom"] {
    margin-bottom: var(--space-bottom);
  }
  [style*="--space-top"] {
    margin-top: var(--space-top);
  }
}

What is safe alignment in CSS?

.flex {
  display: flex;
  align-items: safe center;
}

LiveView is best with Svelte

LiveView is a unique approach to building web applications that combines the benefits of server-rendered and client-side frameworks. While LiveView offers many advantages, the authors found some limitations around handling complex client-side interactions and the blurry line between client and server state. To address these challenges, the authors describe using LiveView together with the Svelte frontend framework, which they found to be a powerful and productive combination. The LiveView backend handles data fetching, validation, and state management, while the Svelte frontend focuses on rendering and simple event handling. This "LiveSvelte" approach eliminates the need for a separate frontend microservice and allows for a clean separation of concerns between the client and server.

One possible solution which I didn't investigate, but should work, is to write all game logic in gleam (https://gleam.run/). Gleam is compatible with Elixir, AND it also can compile to js, so you could in theory run the same code on the server and the client. — POiNTx
HTTP Speed - Deno, Bun, Node.js
Optimizing Javascript for fun and for profit
- Avoid different shapes
Runtime compatibility across JavaScript runtimes
- https://node.green/
Alpine Ajax - Comparisons between Alpine AJAX and other similar libraries
WebSockets vs Server-Sent-Events vs Long-Polling vs WebRTC vs WebTransport

Week 13, 2024

You Want border-color: transparent, Not border: none
- @media (forced-colors: active)
There is no EU cookie banner law
Why choose async/await over threads in Rust? explains how async/await allows for more composable and flexible concurrency compared to threads, which can be difficult to synchronize. The author argues that the benefits of async/await, such as its ability to easily add timeouts and other functionality, are not always well-communicated.
- Futex congestion collapse. Starvation of unfair mutexes.
Game of Life, simulating itself, infinitely zoomable
https://www.libhunt.com/css

Week 11, 2024

mise-en-place - dev tools, env vars, task runner
Flox is a virtual environment and package manager all in one.
You should separate your billing from entitlements
5 things I learned while developing a billing system
Devin: AI Software Engineer - comments
Designing better target sizes
Techniques to Break Words
- Probably don’t add  without guidance from a copywriter.
- Probably don’t add  to foreign words without a localization expert or at least a native speaker.
- Probably don’t add  to URLs, email addresses, code blocks, and so on.
- Probably restrict <wbr> to URLs, email addresses, code blocks, and similar words where technical accuracy is paramount.
- Probably restrict <wbr> to before periods and dashes and maybe slashes in URLs and emails so it doesn’t look like the sentence or address has ended.
Getting Started with Style Queries
- Can't you do it with attributes?
Bruno - Fast and Git-friendly open-source API client (Postman alternative)

Week 10, 2024

CSS :has() Interactive Guide
A practical guide to using shadow DOM
Aristotle — How to live a good life - Ralph Ammer

Happiness is not a feeling of pleasure. Happiness is the pursuit of excellence.
CSS for printing to paper

Week 09, 2024

Blur radius comparison

the three Sketch blur types, scaled to the equivelent CSS box-shadow value. They now all match!
WebPerf Snippets
So, what exactly did Apple break in the EU?

Youtube video embedding harm reduction

<iframe
  credentialless
  allowfullscreen
  referrerpolicy="no-referrer"
  sandbox="allow-scripts allow-same-origin"
  allow="accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; battery 'none'; browsing-topics 'none'; camera 'none'; display-capture 'none'; domain-agent 'none'; document-domain 'none'; encrypted-media 'none'; execution-while-not-rendered 'none'; execution-while-out-of-viewport ''; gamepad 'none'; geolocation 'none'; gyroscope 'none'; hid 'none'; identity-credentials-get 'none'; idle-detection 'none'; local-fonts 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; otp-credentials 'none'; payment 'none'; picture-in-picture 'none'; publickey-credentials-create 'none'; publickey-credentials-get 'none'; screen-wake-lock 'none'; serial 'none'; speaker-selection 'none'; usb 'none'; window-management 'none'; xr-spatial-tracking 'none'"
  ,
  csp="sandbox allow-scripts allow-same-origin;"
  width="560"
  height="315"
  src="https://www.youtube-nocookie.com/embed/jfKfPfyJRdk"
  title="lofi hip hop radio 📚 - beats to relax/study to"
  frameborder="0"
  loading="lazy"
></iframe>

Netlify just sent me a $104K bill for a simple static site
Four Steps to Achieving Operational Flow and Improving Quality in Tech Teams
- Take on fewer things; focus on doing a complete job.
- Dependencies destroy flow. Break down and remove dependencies in order to improve your team(s)'s ability to get things done.
- Shift your focus toward keeping work moving and away from keeping people busy.
- Work creates ROI only when a customer can use it. That means that completing work is more important than being busy.
- It's more important for a team to be able to keep work moving than it is to keep the team small. Get work moving first, then think about how to reduce team size without compromising flow.
Dear Developer, the Web Isn’t About You
- The web was originally simple, robust and accessible to all due to technologies like HTML working together in a layered manner.
- Performance and accessibility are major issues for many users but not priorities for most developers.
- Simple, progressive techniques like serving HTML first make sites robust and usable for all.
- The goal is caring for all people who use the web, not prioritizing new technologies.
SaaS Payment vs. SaaS Billing - What Those Terms Mean and What the Differences Are
🦑 The 14 pains of building your own billing system
Decoding Apple's Ploy To Scuttle Progressive Web Apps
What is a non-capturing group in regular expressions?
console.delight
Quality is a hard sell in big tech

Week 08, 2024

JavaScript Bloat in 2024
Scroll-Driven Animations: You want overflow: clip, not overflow: hidden
Introducing SafeTest by Netflix: A Novel Approach to Front End Testing
🔒Securing Web: A Deep Dive into Content Security Policy (CSP)
Using localStorage in Modern Applications: A Comprehensive Guide
Using abbreviations for long CSS properties in VS Code
https://www.perfectmemory.ai/
- https://www.rewind.ai/
If Architects had to work like Programmers
Bloom Filters
- Bloom filters return true it doesn't mean "yes", it means "maybe", false-positive.
- If you're happy to accept being wrong 0.0001% of the time (1 in a million), you could use a bloom filter which can store the same data in 82% reduction in size.
In Defense of Simple Architectures
- Microservices aren't a performance strategy. They are a POTENTIAL cost saving strategy against performance. And an engineering coordination strategy.
- Towards Modern Development of Cloud Applications
The Case Against Caffeine
- But it gets worse, especially if you drink lots of caffeine throughout the day. In that case, you never give your body the chance to clear it out. So the base concentration in your blood slowly creeps up. - https://zantafakari.substack.com/i/141012714/the-science-of-sleep

htmz is a minimalist HTML microframework that gives you the power to create dynamic web user interfaces with the familiar simplicity of plain HTML.

<iframe
  hidden
  name="htmz"
  onload="setTimeout(()=>document.querySelector(this.contentWindow.location.hash||null)?.replaceWith(...this.contentDocument.body.childNodes))"
></iframe>

Week 07, 2024

LLRT (Low Latency Runtime) is a lightweight JavaScript runtime designed to address the growing demand for fast and efficient Serverless applications. LLRT offers up to over 10x faster startup and up to 2x overall lower cost compared to other JavaScript runtimes running on AWS Lambda
A Guide To Designing For Older Adults

Today, one billion people are 60 years or older. That’s 12% of the entire world population, and the age group is growing faster than any other group. Yet, online, the needs of older adults are often overlooked or omitted.
How to make external links accessible
- Why external links should open in the same tab
  - giving users the choice
- When external links should open in a new tab
  - Lose form progress
  - An alternative solution
  - Terminate login
  - User needs information on both pages
- Accessible design and code for external links opening in a new tab
  - give users a warning that it opens in a new tab.
:focus vs :focus-visible
The :focus-visible pseudo-class also matches the focused element, but only if the user needs to be informed where the focus currently is.
- https://daverupert.com/2024/01/focus-visible-love/
The psychology of site speed and human happiness
Apple has not fixed the macOS audio left/right balance bug for nearly 10 years
- https://news.ycombinator.com/item?id=39367460
I designed a cube that balances itself on a corner
How to Study
(Almost) Every infrastructure decision I endorse or regret after 4 years running infrastructure at a startup
Classless CSS
Drop-in switcher for previewing minimal CSS frameworks

Week 06, 2024

SQL for the Weary
Command Line Interface Guidelines
Simplify: move code into database functions
- Databases outlive the applications that access them.
- the database is actually quite smart.
- examples: constraints, triggers, functions, create JSON directly.
- If you like JavaScript, check out the promising plv8.
- branching? source code history(Migrations)?
  - How to work with stored procedures and not die trying?
  - You can use a DDL trigger to keep all revisions in a table in a separate database (and of course back up that database frequently). - SQL Server DDL Triggers to Track All Database Changes
It's Time To Get Over That Stored Procedure Aversion You Have
Postgresql is enough
- As an application grows in complexity, you start to realize why there's a stack, rather than just a single technology to rule them all. Trying to cram everything into Postgres (or lambdas, or S3, or firebase, or whatever other tech you're trying to consolidate on) starts to get really uncomfortable.
- ... both worked: the PG queue was never grown out of, and generally SQS was easy to work with & reliable. But what I've also seen is "Let's introduce bespoke tech that nobody on the team, including the person introducing it, has experience in, for a queue that isn't even the main focus of what we're building" — this I'm less fine with.
People will never be motivated to go the extra mile by a standardized, bureaucratized process.
- https://news.ycombinator.com/item?id=39272190
Companies embracing SMS for account logins should be blamed for SIM-swap attacks
Write code for the web
- Apple doesn’t care for me as a developer
- The best approach is to write code for the web, where no single company has control.
- https://news.ycombinator.com/item?id=39250406
tints.dev - Palette Generator + API for Tailwind CSS
The undercover generalist
- Needing to look like a specialist
- Telling people what they want to hear
Lazy Hydration and Server Components in Nuxt – Vue.js 3 Performance

Most of the components don’t need to be eagerly hydrated
How to align the text of the last paragraph line

text-align-last
Benchmarks of JavaScript Package Managers(daily updated)

Week 05, 2024

Week 04, 2024

A Single Small Map Is Enough For A Lifetime
iPhone Apps Secretly Harvest Data When They Send You Notifications, Researchers Find
npm malware (@npm_malware) on X
The problem with disabled buttons and what to do instead
When to use CSS text-wrap: balance; vs text-wrap: pretty;

Use text-wrap: balance; on headings and subheadings. And use text-wrap: pretty; on paragraphs of text to get rid of orphans on the last line. Despite the Chromium-only support, these would be a good candidate for progressive enhancement.
A Practical Introduction to Scroll-Driven Animations with CSS scroll() and view() - At the time of writing this, it is Chromium only.
12 Modern CSS One-Line Upgrades
- Stable Enhancements: accent-color, scroll-margin-top/bottom - [id]
- progressive enhancement: overscroll-behavior: contain, scrollbar-gutter
- https://news.ycombinator.com/item?id=39176717
Should I Open Source my Company?
What Is Nightshade? - An offensive tool for artists against AI art generators

Week 03, 2024

PIDs: Creating Stable Control in Games
U.S. Developers Can Now Offer Non-App Store Purchasing Option, But Apple Will Still Collect Commissions
Teach Yourself Programming in Ten Years - Why is everyone in such a rush?
Slashing Data Transfer Costs in AWS by 99%
AWS replicates S3 data between availability zones
- https://news.ycombinator.com/item?id=38999902 - https://news.ycombinator.com/item?id=38999947
Preventing HTTPS Downgrade Attacks
- configuring servers to redirect all HTTP traffic to HTTPS and setting the HTTP Content-Security-Policy and Strict-Transport-Security headers to enforce HTTPS-only browsing
- The HSTS preload directive further strengthens security by ensuring browsers always use HTTPS for a domain

Week 02, 2024

Use cases of soft delete
- You want to delete records, but also want to retain them for n number of days, just for a safer side against accidental deletion.
- You want to exclude some records (permanent retain) under explicit requirements, even if they match the criteria of an eligible record to be deleted.
- You don't want to delete the actual resource before returning the resource back. Basically, deletion before returning the value is not desired.
- You don't want to modify existing table schema(s) to accommodate soft delete key.
- You want the tables as loosely coupled as possible without having to worry about deletion logic.
All JavaScript and TypeScript Features of the last 3 years
Using the CSS contain property: A deep dive

to decrease the burden on browsers for layout calculations, paints, repaints, and reflows.
One YouTube Embed weighs almost 1.2 MB

https://github.com/paulirish/lite-youtube-embed
Correctly Configure (Pre) Connections
atuin - ✨ Magical shell history
Prevent unnecessary network requests with the HTTP Cache
Understanding SVG Paths
6 CSS snippets every front-end developer should know in 2023
Chrome enables desktop mode by default on premium tablets
Zendesk Moves from DynamoDB to MySQL and S3 to Save over 80% in Costs
Why LinkedIn chose gRPC+Protobuf over REST+JSON: Q&A with Karthik Ramgopal and Min Chen
CSS Scroll Snapping Aligned With Global Page Layout: A Full-Width Slider Case Study
What is Token-Based Authentication?

Week 01, 2024

LLMs and Programming in the first days of 2024

The author discusses their extensive use of large language models for programming tasks over the past year. They find LLMs most helpful for writing disposable code, learning new frameworks quickly, and accelerating documentation searches. While useful, LLMs still struggle with system programming problems requiring complex reasoning. The author believes LLMs have begun to show rudimentary reasoning abilities through their interpolation of concepts, but their capabilities are still limited. Overall, they argue LLMs are a valuable tool for programmers that can help focus time on more important problems and skills.
Why asking your customers what they want doesn't work

A fast food chain failed to increase milkshake sales despite adding requested elements, but succeeded by observing what "jobs" customers hired milkshakes for, such as a boring commute. Don‘t listen to your customer. Watch your customer.
Best-Practices for API Authorization
It's not microservice or monolith; it's cognitive load you need to understand first
Cold-blooded software
Heynote is a dedicated scratchpad for developers

Backlinks

Luke