Sharing Adam Leventhal's drawing of what happens if that one dependency from that XKCD fails.

A look into a risk assessment done by the Hachyderm Infrastructure team as a precaution to limit exposure to entities that may be governed by US law. The post breaks down each site and components giving an indication of the impact to service if the component were disrupted, and effort to migrate. There's a lot of interesting detail on what it takes to host a large distributed social network like Mastodon well.

This post from Candost reflects on traits of a good software engineer. It's very well thought out.

Joshua writes some good pointers on running your own public API from his experience running Pushover's API. I recommend reading his full post, I've distilled it down here with some of my notes.

• Host the API on its own hostname (i.e. api.example.com) to allow for separate control of IP, TLS settings, and so on. I've made this mistake before of figuring I could just use NGINX in front of everything on a single domain. Not entirely scalable.

• Account for users doing the bare minimum to get their application working, including inadvertently using non-conforming requests. Supporting them now will mean supporting them for all eternity unless you start working on a deprecation strategy. This reminded me of when I built a bot to send notifications of new posts on a subreddit. I created the URL for the post by inserting the subreddit name returned by the API. Within the URL I included "/r/" and the API also returned "/r/" before the subreddit name, which mean the URL generated had "/r/" twice. This still worked for a while before Reddit decided to reject those requests and I had to adjust my code. Had to dig through the Discord message archives for that one. Joshua also gives an example of not being too stringent:

Pushover's API has a message size limitation of 1,024 characters. If the message parameter is larger than that, I could reject the request because it's not correct, but then the user's message is lost and they may not have any error handling. In this case, I truncate the message to 1,024 characters and process it anyway [...] The user still receives something, and if they care that it's truncated, they can properly implement continuation or smarter truncation.

• Use API tokens were possible for authentication, and make them easy to rotate.

• Include a unique ID with every request and ask for them when providing customer support.

• Assume humans will read your error messages, make them descriptive. Please, this.

• Keep up with user failures, Pushover's API "short-circuits" the API logic after a set number of 4xx errors with a 429 response for an hour, along with a descriptive message. Use the API tokens to map the erroneous requests with a user and notify them via email.

• Prefix any tokens you create ot help sorting out random strings. This is one thing I've seen used a lot but never considered doing myself until reading this.

I learnt about the localisation efforts of Ibrahima SARR's team to create the Fulah language pack for Firefox from Eric Bailey's blog post about localising content. It shows a new perspective on common technical idioms used that may not directly translate well into other languages. The example described was the word "crash" which translated to hookii meaning "a cow falling over but not dying".

This also reminded me of a web page by Rogério de Lemos on mapping technical terms in Portuguese to their English counterparts when describing dependability.

A comic on the annoying design of modern UIs discovered via Tom Scott's Newsletter.

Multiple university professors and researchers from different institutions comment on how students from 2017 and onwards store files in a flat structure and are unaware or unwilling to use folders.

I came across this 2021 article from a comment left by Simon Willison on HackerNews on how the HTML for People book asks the reader to "create a folder".

A notion of why this mental shift could be attributed to moving away from storting physical filling cabinets but also from the way content is consumed today with curated feeds rather than having to store or locate a file within a folder. Another reason could be with the emergence of good full-text (and image) search, I'm leaning more to this being a contributing factor.