Chromium style guide on gender neutral code

Chromium has migrated the codebase to become gender neutral. This is a step in the right direction, even if very small.

Some points in our code, documentation and comments contain needless assumptions about the gender of a future reader, user, etc. Example: “When the user logs into his profile.”

Our Code of Conduct under “Be respectful and constructive” says:

Each of us has the right to enjoy our experience and participate without fear of harassment, discrimination, or condescension, whether blatant or subtle.

Emphasis is added: unnecessarily gendered code is discriminatory and condescending, and reading biased code isn’t enjoyable.

https://chromium.googlesource.com/chromium/src/+/master/styleguide/gender_neutral_code.md

Rules of Abstraction

Martin Thompson on Designing for Performance, presented at a talk two months ago in Stockholm. Martin made the case for having a representative model, a domain model that is fit with the purpose in mind.

On the topic, Martin presented the Rules of Abstrations:

  1. Don’t use Abstraction

2. Don’t use Abstraction.

3. Only consider abstraction when you see at least 3 things that ARE the abstraction.

4. Abstractions must pay for themselves.

5. Beware DRY, the evil siren that tricks you into abstraction => Coupling.

 

Discover the OWASP Cheat Sheets for improving security in applications

OWASP has started building a library of cheat sheets, information that summarizes a lot of the knowledge around managing, reviewing, building and testing software and services.

No doubt you as a developer or the development organization you work with already know about OWASP, the top-10 list and coding guidelines. OWASP also provides the Cheat Sheet series, high value information on specific topics written by security professionals who have expertize in these topics.

Cheat Sheets for your QA and Requirements

The Web Application Security Testing Cheat Sheet, currently published as a draft, provides hints for QA on how to address initial high level security testing of a service. Among other things, it lists a number of injection attacks, and even if there of course are more it will give the tester the basis on how to set up a test plan. The  Authentication Cheat Sheet is great for helping a product manager or architect to find requirements on how to log in to the service.

References

[1] https://www.owasp.org/index.php/OWASP_Cheat_Sheet_Series
[2] https://www.owasp.org/index.php/Web_Application_Security_Testing_Cheat_Sheet
[3] https://www.owasp.org/index.php/Authentication_Cheat_Sheet

Developer MacBook setup

I recently got myself a MacBoook Pro, using it for both working when at home but primarily for my side projects. These are the tools I am using  for that. It is not an exhaustive list, as most of the work is done in linux, either remotely or virtualized on the machine and there are quite a few online services that I use as well. However, this maybe can help someone with getting started when switching to Mac OS X.

Java Development

Mobile Development

  • Install XCode for iOS development projects.
  • Install Android Studio for all things android.
  • Install Unity.

Modeling

  • Install Modelio for systems design.
  • Install OmniGraffle.
  • Install Microsoft Visio. This is comparably expensive, but is needed for several projects.

General Development

  • Use Emacs for mostly everything.
  • Install Sublime for occasional web development.
  • Install iTerm to replace the terminal.
  • Install Brew, a mac os x package manager.
  • Install Bower, for web development.
  • Install NodeJS.
  • Install Yarn.
  • Install Grunt.
  • Install Microsoft Remote Desktop.
  • Install Chrome.
  • Install Firefox.
  • Install Oracle VirtualBox.
  • Install vagrant.
  • Install docker.
  • Install Kubernetes.
  • Install Keka. Free mac file archiver.
  • Install git.
  • Install SourceTree from Atlassian.
  • Install zsh – highly customizable command shell.
  • Install MenuMeters

Utilities

  • Install Scroll Reverser 2 (Karabiner does not work with macos Sierra)
  • Install keybase.io
  • Install OVPN
  • Install SpectacleApp for Windows management.
  • Install Airdroid for file transfers locally
  • Install Greenshot – a better screen clipper
  • Get USB Overdrive for support of mouse buttons…

Other development related

  • Setup bash completion
  • Install Licecap. Screen to animated GIF.
  • Install Chrome.
  • Install Firefox.
  • Install Adobe Creative Cloud.

Chrome plugins

  • Install Postman. A very good REST API development tool.
  • Install Ghostery. Know what they know about you.
  • Install getpocket. Saving stuff for later read.
  • Install LastPass. Keep track of your secrets.
  • Install Evernote clipper.
  • Install Tampermonkey when you need that extra functionality on someone else’s website.
  • Install OneTab to close all tabs but keeping track of them for later.
  • Install The Great Suspender to save memory even though you cannot let go of browser tabs.

Looking at my local Network

  • Install Wireshark
  • Install PacketPeeper

On Virtual Machines

Using Vagrant/VirtualBox,

  • Install CentOS
  • Depending on the project at hand, set up the instance with what is needed (Cassandra, Hadoop, Zabbix etc).

Other things that I use the MacBook for

  • Install HandyLock
  • Install Little Snitch
  • Install Spotify.
  • Install Sonos for the speakers.
  • Install Dropbox
  • Install Google Drive
  • Install Microsoft OneNote
  • Install Microsoft Office.

 

Svårigheten med att inte dela med sig

Vad som avhandlas mellan dig och din doktor är något som stannar mellan doktorn, journalen och dig. Under besöket kanske du också ställer en fråga om något som oroar dig, eller om något besvär du har är ett symptom på något mer allvarligt. Din sjukdomsbild eller vad du oroar dig för angår förstås ingen annan än dig och din läkare eller sjuksköterska. När mottagningen flyttat ut på nätet så gäller förstås samma principer. Här har 1177.se ett problem.

1177.se beskriver sig själva som:

“1177 Vårdguiden är hela Sveriges samlingsplats för information och tjänster inom hälsa och vård. […] Bakom 1177 Vårdguiden står den svenska sjukvården genom alla landsting och regioner i samverkan.”

1177.se använder sig av minst en extern spårningstjänst, troligen för att personalen på vårdguiden enkelt ska kunna se besöksstatistik. Men, när en webbsida använder en extern tjänst, om så bara för att hämta en bild, så är det underlag för extern spårning.

1177 screenshot

Beroende på vilken tjänst man använder så ges olika möjligheter till vidareförädling  för den som spårar. Bland dessa finns bättre träff på fokusgrupp för reklam, att hitta trender, men även att paketera och att raffinera informationen sökorden till en mer eller mindre komplett bild av till exempel personens hälsotillstånd. Ett skrupelfritt försäkringsbolag kan senare lätt skicka en förfrågan till ett informationsmäklare som tillhandahåller sådan information, och anpassa kostnaden för en försäkring.

Enligt svensk lagstiftning ska sajtägare fråga sina besökare om de godkänner att cookies används för spårning. Även om 1177.se skulle ha följt lagen och ställt den frågan, så kvarstår problemet. Informationen om dina krämpor ägs av någon annan.

[1] http://motherboard.vice.com/read/looking-up-symptoms-online-these-companies-are-collecting-your-data

[2] http://1177.se/

Why the proxies are free

In the wake of the Snowden revalations, many has turned to proxy services for raising the bar for the prying eyes.

Some are turning on private mode in their browser, other’s suggest that one should be using “privacy enhanced” browsers like Epic, that automatically turns on proxying for you.

There is a problem with the proxies, you are trusting someone else with your traffic. You had better know what the proxy is.

https://blog.haschek.at/post/fd9bc