A Cup Of Matcha 18
I had some time off last week - I went to RHS Bridgewater and failed to photograph bees, and to a big Yayoi Kusama exhibition. The rest of the week was apparently headaches. But I still have links!
First the Identity Management links:
- IAMActionHunter I don’t use AWS IAM much but I do like how this tool extracts settings and presents them in a spreadsheet for review
- Why Identity Governance needs authorization controls Beyond the actual topic (not letting direct access conflict with automated, controlled changes) I find it interest that “governance” has already become a service, a technology, rather than just agreements and organisational culture. I don’t like this - I think governance should exist totally outside any technical service used to apply changes.
- app_identity Another way for services to authenticate with each other (and an Elixir implementation)
- TikTok Passkeys for Login TikTok adds Passkeys. SSID/DID’s fox has been absolutely machine-gunned to bits now.
- Repel OAuth refresh token replay attacks with Elixir and Ecto Article on preventing oauth replay attacks in Elixir (a bit too specific I know)
- Proton Pass is open source and audited for security Proton have open sourced their password manager
Last week Google attempted to sneak out a proposal to destroy the open Web by implementing a form of DRM in browsers. Nobody liked that.
- A terrible idea explained dishonestly
- Web-Environment-Integrity/issues Github issues for the proposal were locked after a crowd with flaming torches and pitchforks appeared
- So, you don’t like a web platform proposal We don’t like it because it’s obviously awful
The number of project management related links seems to be growing each week. Here are some more:
- Accidentally load-bearing Here for the mention of Chesterton’s Fence
- You can’t stop the business, or why rewrites fail Ah, failed rewrites…
- Names should be as short as possible while still being clear Good advice about naming functions
- Why Do SBOM Haters Hate? I don’t hate SBOMs but I haven’t made any either, so there’s time
- Why software projects take longer than you think: a statistical model “I suspect devs are actually decent at estimating the median time to complete a task. Planning is hard because they suck at the average.”
- The unconference toolbox I enjoyed my first unconference a few weeks ago, and this page looks like a good resource for people planning them.
People enthusing about things:
- DisplayPort: A Better Video Interface Why DisplayPort is the best way to connect a monitor
- 2023 May Be A Year Of TOML Why TOML is the best config file format
Lots of software and web development links as usual:
- sniffnet A nice TUI app that monitors network traffic. I might have linked to this before but I’m too lazy to check.
- Event sourcing : But why? an overview of Event Sourcing
- charming Nice server-side graphs and charts for Rust
- LiFi Standard Released A new relative of WiFi that uses flickering light rather than radio.
- Introducing ADBC: Database Access for Apache Arrow Apache Arrow has its own version of database drivers that focus on columns
- do_it A CLI framework for Elixir
- twenty An open source alternative to SalesForce for CRM
- GoRead A TUI RSS reader
- Pop A commandline email client - people seem to think this is a new thing, it really isn’t!
- The Case Against Ecto.Multi When to not use Ecto Multi, and to just use database transactions instead
- Timeseries with PostgreSQL Maybe you don’t need special plugins to do time series work with PG
- Skiff Mail review Open Source secure webmail
- systemd vs init Controversy, A Layman’s Guide An alternative to listening to old sysadmins grumble about SystemD
- Observe Your Phoenix App with Structured Logging A more semantic way to log from Elixir
- Configuring Phoenix apps An alternative way to configure your Phoenix configuration
- TrueMail A Very comprehensive library for validating email addresses in Ruby
- ShaleRB An object mapper for Ruby with lots of serialisation formats and features
- New MLS protocol provides groups better and more efficient security at Internet scale Encrypting group messages
- lazydocker a Docker TUI by the author of lazygit
- 2023 State of the API Report I am, frankly, shocked at how much SOAP is being used in 2023
- Rethinking infrastructure as code from scratch A very interesting proposal to restructure infrastructure as code to resemble the HTML and CSS split
- How malicious libraries can steal all your application secrets Not a huge risk but worth considering
Only one silly thing, but it is really quite silly:
- minegrub-theme This makes GRUB boot menus (as seen on Linux PCs) look like Minecraft.