Frontend Security Checklist (11 minute read)
A notorious hack of a fast-food chain's mobile app exposed a loophole that allowed users to generate unlimited free meal vouchers. This incident shows the importance of securing both frontend and backend systems against vulnerabilities like XSS, CSRF, and IDOR. Proper input validation, content security policies, and secure handling of environment variables are important for security.
|
Effect Best Practices (4 minute read)
This is a compilation of best practices, pitfalls to avoid, and code snippets for using the Effect library. It emphasizes the importance of using Effect for fallible operations and avoiding unnecessary use of "any" and "unknown" types. Developers should also handle errors appropriately and avoid common mistakes like swallowing errors and misusing Effect.catchAll and Effect.retry.
|
|
You should make a new programming language (8 minute read)
Programmers should create their own programming language as a learning exercise. Creating a language, even if it's "bad," offers valuable insights into language design, parsing, runtime execution, and the inner workings of other languages. By experimenting with different language features and implementation choices, programmers can gain a deeper understanding of the tools they use daily.
|
Make things simpler than possible (3 minute read)
Simplifying concepts beyond what is strictly accurate makes them easier to learn. This concept originates from Dante Alighieri's work, which in turn references Aristotle's observation that examples are not always the foundation of an argument. Simplifying beyond truth can be useful in the initial stages of learning something, allowing for learning complex concepts turn-by-turn.
|
It's in the stories (7 minute read)
Leaders who go beyond their expected roles to connect with employees are more memorable and influential than those who don't. Good leaders should focus on producing these memorable anecdotes that carry their desired message, rather than simply focusing on their official duties. This article goes over various stories and examples of good leaders who have done so.
|
|
PGLite (Website)
Run a full Postgres database locally in WASM with reactivity and live sync.
|
H2Loop (Website)
Convert unstructured tech specs, design docs, and code into structured datasets for model fine-tuning.
|
|
350M Tokens Don't Lie: Love And Hate In Hacker News (15 minute read)
This post analyzes Hacker News posts to understand community sentiment and trends. Using a large language model, its author analyzed over 100,000 posts and millions of comments to identify popular topics, like programming and computer science, and topics that evoke negative reactions, such as FTX and police misconduct. Certain topics, like GNOME and Google, can generate both positive and negative reactions because they are divisive.
|
Onboarding as a Web Engineer @ Pinterest (8 minute read)
Rebecca Yi and Jordan Cutler, two Senior Web Engineers at Pinterest, share their onboarding experience, detailing the structured learning program they went through, from the first week's Pintro sessions to launching their first projects two months later. The onboarding program included a combination of company-wide engineering sessions (Basecamp) and team-specific web engineer curriculum, which covered topics like web architecture, data fetching, and performance optimization. They both found their first projects, a performance audit and a Pin video feature improvement, an impactful and valuable learning experience.
|
The C̶a̶k̶e̶ User Location is a Lie!!! (19 minute read)
This blog post discusses the complexities of location-based programming and the challenges of accurately determining a user's location. There are various methods used like user reporting, device heuristics, IP address, and edge compute. However, none of these methods can be fully trusted due to user dishonesty, device manipulation, IP spoofing, and the inherent limitations of edge compute.
|
|
Humans >> Data (2 minute read)
Focusing solely on data to measure developer productivity is ineffective and potentially harmful - actual human interaction and relationships should be focused on instead.
|
Puter (GitHub Repo)
Puter is an advanced, open-source internet operating system designed to be feature-rich, exceptionally fast, and highly extensible.
|
|
|
Love TLDR? Tell your friends and get rewards!
|
|
Share your referral link below with friends to get free TLDR swag!
|
|
|
|
|
Track your referrals here.
|
|
Want to advertise in TLDR? 📰
|
If your company is interested in reaching an audience of web developers and engineering decision makers, you may want to advertise with us.
If you have any comments or feedback, just respond to this email!
Thanks for reading,
Priyam Mohanty, Jenny Xu & Ceora Ford
|
|
|
|