HackerTrans
トップ新着トレンドコメント過去質問紹介求人

michalc

no profile record

投稿

Source code emoji proposal [pdf]

source-code-emoji.github.io
4 ポイント·投稿者 michalc·3 か月前·1 コメント

Playful leadership development in mid-career academic mentoring and coaching

wonkhe.com
1 ポイント·投稿者 michalc·4 か月前·0 コメント

Show HN: stream-unzip – Python function to unZIP on the fly

github.com
8 ポイント·投稿者 michalc·6 か月前·2 コメント

I don't use the term technical debt and neither should you

charemza.name
4 ポイント·投稿者 michalc·6 か月前·2 コメント

[untitled]

1 ポイント·投稿者 michalc·7 か月前·0 コメント

It's not done if...

charemza.name
4 ポイント·投稿者 michalc·9 か月前·0 コメント

Building better data platforms: Our open source approach to data infrastructure

digitaltrade.blog.gov.uk
1 ポイント·投稿者 michalc·9 か月前·0 コメント

It's not a hack to satisfy known requirements

charemza.name
52 ポイント·投稿者 michalc·9 か月前·58 コメント

Ordering work: a skill and culture gap

charemza.name
2 ポイント·投稿者 michalc·9 か月前·0 コメント

コメント

michalc
·12 日前·議論
Reminds me of another “slow client”-related bug in gunicorn: https://github.com/benoitc/gunicorn/issues/3334
michalc
·2 か月前·議論
The GOV.UK Design System summary list component is a description list https://design-system.service.gov.uk/components/summary-list...

And... it also uses the wrapper div for styling
michalc
·3 か月前·議論
> the rest will soon follow

If you’re looking for requests ;-), I would love an ECS (and specifically Fargate) emulator that actually ran Docker containers locally as though they were in ECS
michalc
·3 か月前·議論
Submitted to Unicode yesterday (so please be gentle!)
michalc
·4 か月前·議論
I think I can understand why this wasn’t addressed for so long: in the vast majority of cases if your db is exposed on a network level to untrusted sources, then you probably have far bigger problems?
michalc
·4 か月前·議論
So my definition of big data was data so big it cannot be processed on a single machine in a reasonable amount of time.

I guess they’re using a different definition?
michalc
·5 か月前·議論
Hmmm... depends on the project / phase of the project?

I am particularly not a fan of doing unnecessary work/over engineering, e.g. see https://charemza.name/blog/posts/agile/over-engineering/not-..., but even I think that sometimes things _are_ worth it
michalc
·6 か月前·議論
Short answer is no, not as far as I am aware/can reason about it

In more detail: so by my understanding there are two techniques in making zip bombs…

Firstly nested ZIPs that leverage the fact that some unZIP programs recursively extract member files. stream-unzip doesn’t do this (Although you could probably use stream-unzip as a component in a vulnerable recursive ZIP parser if you really wanted to… but that I would argue is not the responsibility of stream-unzip)

The second technique is overlapping member files, but this depends on them overlapping as defined by the central directory at the end of the ZIP, which stream-unzip does not use

But if you are accepting files from an untrusted source, then you should validate the size of the uncompressed data as you unZIP (which you can do as you validate along with any other properties of the data)
michalc
·6 か月前·議論
> Beyond that, I've grown fond of 'sticking to the defaults' over the years.

This resonates with me! Both in terms of things I use and things I make - I want them to "just work"
michalc
·6 か月前·議論
> without regard for the maintenance burden 1, 2, 5, 10 years down the road.

To me software craftsmanship isn't just about the code, it's about engineering use of time.

In general shouldn't knowingly make choices that would result in pain in the future, but if you're increasing the chance of the project not making it to the future, then is that really the better option? Finding out enough information to make the judgement call between long term/far future pain and short term benefits is all part of the craftsmanship.

> I don't blame agile. But I do kind of blame Agile™

(Loving the phrasing here! I think I'm right on board, especially if we're talking Scrum/Scum-ish)
michalc
·6 か月前·議論
> why not remind people of the purpose?

To answer this, I suspect that trying to change what certain words/phrases mean to people en-masse is extremely difficult, to the point of impossibility in most cases. However, we each have the power to be clearer in the words we use so they are understood by the people we're communicating with.

> engineering quality matters

But also, this to me suggests that there is some sort of absolute definition of quality, but it's much more nuanced. Nothing is inherently "bad quality", but instead has certain consequences, which may or may not happen or may or may not be acceptable in certain circumstances, and you might not even know what these are until the future. This I think is the point I'm trying to make - there is no absolute definition of engineering quality, and I suspect the term "technical debt" all too often suggests there is.
michalc
·9 か月前·議論
Have to admit the lazy thing threw me, but I can see how the “doing less” I’m arguing for could be taken that way. The “less” is not about avoiding handling edge cases that are possible now, but about avoiding putting in layers of code to handle cases possible only in some future versions of the code (with some limited exceptions that I mention at the bottom of the post)

In fact, it’s crossing my mind that people might not want to be accused of being lazy, and that is a motivation to over-engineer solutions.
michalc
·9 か月前·議論
You’re very welcome!

Have to admit I am curious: what’s the context / how has it helped you more specifically?
michalc
·10 か月前·議論
Very much agree.

It was a few years ago, and very AngularJS focused, but I posted something along these lines: https://charemza.name/blog/posts/angularjs/e2e/consider-not-...

In summary: having thing look cleaner at a glance is not helping if you’re (almost) always going to need to do more than glancing
michalc
·11 か月前·議論
> real mastery often involves learning when to do less, not more

Really love and agree with this, and (shameless plug?) I think really aligns with a way of working I (and some colleagues) have been working on: https://delivervaluedaily.dev/