Notes

Every piece of code is a potential vulnerability, really. Not just dependencies.

But code that you don’t own, that’s outside your control, is particularly vulnerable.

One of the big myths of using frameworks and libraries and cloud services is that you no longer have the “own” that piece of the code. You’re benefiting from someone else having already solved it.

We deal with this a lot at my job and I think it's important to take note of. We thankfully have dependency checkers to catch known vulnerabilities in the packages we reference so issues are hopefully caught and identified sooner rather than later. But the fact remains that we can be at the mercy of the frameworks and libraries to fix them.

Third party developers could abandon their libraries or they only fix it in a version that has breaking changes compared with the version you're using. Either way, it means that you're now in a bind with your website or app.

This is not to say don't use third party libraries or frameworks. Most developers are fantastic and are legitimately doing their best to write good software. But it should cause you to do at least two things. First, be mindful of what dependencies you use. Second, do what you can to make sure you, and/or your company support the open source developers who make the tools you use.

I try not to delve too much into politics here, but I heard this and thought it matters.

Here’s what she says in this tweet yesterday: “Trump brought up the idea” to that GOP meeting of “‘an all tariff policy’ that would lead to getting rid of the income tax, per sources in the room.” So, this. This frustrates me so deeply. Number one, because it’s just idiotic and economically illiterate, which I’ll explain in a moment. But number two, it is an example of the, I don’t want to say chasing our tails, but the knocking down of idiocy that the economic and financial media is going to have to do if the former president wins because facts matter. So, super quickly. I looked up these numbers. We generate $2.2 trillion in revenue from the income tax every single year. We import about $3.8 trillion worth of stuff into this economy every single year. So, in order to get $2.2 trillion to replace the income tax from a tariff on $3.8 trillion worth of income, you’d have to have a tariff of nearly 60% across the board, just to start, right? But what happens when you tax things? That is to say when you put tariffs on them, because tariffs aren’t taxed on imported goods that consumers pay so. When you tax things, people buy less of them, so our imports will go down, but we’ll have to still make that $2.2 trillion nut. So, our tariff rates are going to have to increase. As the tariff rates increase, the amount of stuff we’re going to buy is going to go down because when you tax stuff more, the amount of stuff you buy that is taxed goes down. And so on and so forth, until you get to a tariff rate of infinity. It’s just stupid. I can’t tell you how annoying this is to me, that we’re going to have to chase our tails on idiotic stuff like this because it’s being bandied about by a guy who, this isn’t me, this is Janet Yellen, does not understand the economy. It just. I can’t tell you how absolutely fried my brain gets when I think about this. That’s it. That’s all I’ve got.

I can’t add any more to Kai Ryssdal’s rant here. In the lead up to the election this November, do your best to stay informed.

I love this. Ever since the death of X/Twitter I’ve been much more focused on making sure that I control the data and content I post that means the most to me.

Own your data. Your content, your metadata, your identity.

Use and publish visible data. For humans first, machines second.

Above all, have fun. When the web took off in the 90’s people began designing personal sites with tools such as GeoCities. These spaces had Java applets, garish green background and seventeen animated GIFs. It may have been ugly and badly coded but it was fun. Keep the web weird and interesting.

It’s like and, but we have developed a whole language around what these symbols mean, right? Over the course of decades. And so, if we don’t use them anymore, and everything is AI generated. If we AI generate emojis, you know, we’re not going to have a common language around them anymore. So, I wonder how many people just, kind of, default to the old emojis will just still just because they maybe understand what they mean.

Kimberly Adams isn’t wrong. People have taken emojis and integrated them into language. In some cases the emoji doesn’t equate to its actual meaning. It’s going to be interesting if that starts to fade with some of this or if it will stick around.

People create these sites simply so that they exist. They are not fed to an algorithm, or informed by any trends. It is quieter and slower, meant to tether us to a more mechanical framework of the web.

This is the analog web.

I’ve mentioned it many times, but the personal site renaissance is one of my favorite things. I know they’ve existed looooong before Twitter. I go through my RSS feeds and it just feels nicer, calmer. I hope I can help contribute to it.

Edit 6/9/2024: Fixed a typo. Thanks Andrew!

But now-a-days, any cross-disciplinary interest is easily interpreted as a lack of specialization and dedication to craft. If you’re doing design and code, how can you be really great at either? You’re not maximizing.

I don’t think there’s anything wrong with specializing, I also don’t think there’s anything wrong with becoming a jack-of-all-trades.

Designers versus coders aside, I find it odd sometimes when people think that front end developers know no backend and vice versa. We all might be better in one area than another, but I feel like we can all contribute.

So here’s a small piece of advice, from one reformed overachiever to another (future) one: half-ass it. Pick a task, something small to start, and do it carelessly. Do half (or less) of what you would ordinarily do. Then see what happens. Consider it an experiment in which your intention is to learn, whatever the outcome. I’m betting your half-assed version is better than most people’s whole ass, but you can test that assertion yourself.

All too often people (including myself) say we’re going to do something, learn something, and then never actually do it. Doing something sloppy to learn something is often more than others do.

I’ve been asked when interviewing for a front end ecommerce position how the Javascript event loop works — in detail. I told the interviewer I didn’t know, had never needed to in previous positions but was confident I could figure it out. They hired me. I’ve taken a similar tack when discussing other roles with interviewers — I don’t know, but I like to learn and I’ll figure it out. Don’t know enough React? I’ll learn. Don’t know bespoke framework/internal tool X? I’ll learn.

This is the correct mindset. Don’t try to BS through answers, people will figure it out. Learn the fundamentals and picking up new frameworks and libraries will be doable.

You don’t need fancy software to write. You also don’t need a £1k+ camera to take photos, the latest console to play video games, or a certificate to learn something.

I’ve seen artists use Microsoft Paint to create amazing pictures. It goes to show you don’t need fancy tools to do great things. If you’re trying something new, start with the basics and go from there.

The question of whether CSS is a programming language serves only one purpose: to demote those who write it.

There is no confusion that needs to be clarified, and no other purpose in asking, beyond the most trivial kind of pedantry.

The debate itself is an act of gatekeeping, whether intentional or not. Its only significant effect is to elevate some work over other work, despite their essentially identical nature.

The only meaningful function of the question is segregation.

I really don’t get the whole “CSS isn’t a programming language” crowd. I see what other developers can do with CSS and am amazed. It’s something I’ve been consistently trying to improve on. The gatekeeping stuff is just BS.

It took no time at all to master Garfield, but when I started getting Calvin and Hobbes, I knew I was making progress; even when I didn’t understand the words, I could still marvel at the sheer exuberance and detail of the art.

I still read Calvin & Hobbes and I’m amazed at how much more I still get out of the strips. Bits and pieces of humor, insights into life, and more still permeate the strips.

There was always the running joke with how to center content. Then it became easier with CSS grid and flexbox. Now you don’t even need that.

With align-content available for block layout, you can achieve vertical alignment without needing to create a flex or grid layout for the property to work. No additional properties are needed as the item remains a block item, the only change is to the alignment.

Reporting on Trump has been giving the media fits since he first started his presidential run in 2015. The editor for The Cleveland Plain Dealer writes about what should be obvious.

The north star here is truth. We tell the truth, even when it offends some of the people who pay us for information.

This is what journalism is supposed to be. The truth regardless of what it is.

This is not subjective. We all saw it. Plenty of leaders today try to convince the masses we did not see what we saw, but our eyes don’t deceive. (If leaders began a yearslong campaign today to convince us that the Baltimore bridge did not collapse Tuesday morning, would you ever believe them?) Trust your eyes. Trump on Jan. 6 launched the most serious threat to our system of government since the Civil War. You know that. You saw it.

The facts involving Trump are crystal clear, and as news people, we cannot pretend otherwise, as unpopular as that might be with a segment of our readers. There aren’t two sides to facts. People who say the earth is flat don’t get space on our platforms. If that offends them, so be it.

I wish more of the news media was willing to ditch the false equivalency of Trump and the GOP and focus more on the truth regardless of who it might upset.

But despite all these claims, CSS is also somehow “not a real programming language.” Many people online will tell you so, often quite loudly, and sometimes even using memes. Same with HTML.

Sadly I understand where Josh is coming from.

Becoming better with CSS is something I really want to do. I want to improve my skills there and slowly I think I am.

Shame on anyone who thinks that creating amazing, beautiful, and accessible layouts with HTML & CSS is “easy” or should be devalued.

People keep saying “but they do the same to us.” That’s no excuse. We shouldn’t take a page from the Chinese censorship playbook and basically give them the moral high ground, combined with the ability to point to this move as justification for the shenanigans they’ve pulled in banning US companies from China.

If we’re doing what China is with regards to censorship, we’ve failed. This whole thing reeks of bad reasoning, and curtailing people’s speech.

Public sentiment in the US regarding China is reaching record lows, with the vast majority of Americans reasonably concerned about China’s role in the world. So if China is using TikTok to propagandize to Americans, it’s doing a shitty job of it.

Yup...

It's the getting people to understand the organizational changes needed to address them that is the hard part. It's a lot of time convincing people of things that have been documented for years. It's a lot of time spent educating people on things you learned 1, 5, 10 year(s) ago

I’ve been working on a new project at work and thankfully the team is on board in making sure it’s accessible. But I’ve been on the other side of it as well. It can be hard to make people recognize the extra work to ensure accessibility is both necessary and the right thing to do.

And I’ll also admit that I haven’t always put accessibility where it needs to be and have in the past skipped out on it. I’ve been trying to make sure that’s no longer the case.

But banning TikTok, while refusing to pass a privacy law or regulate data brokers (which traffic in significantly greater volumes of sensitive data at much greater collective scale), winds up mostly being a performative endeavor driven more by anti-competitive intent (and a desire to control the flow and scope of modern news, information and propaganda) than any desire for serious reform.

I don’t use TikTok, I don’t have an account nor, do I intend on ever creating one. But if China wants to get info on all of us, they don’t need TikTok. They can just go to a random data broker and slurp up what they have on all of us. And best of all, that’s pretty much completely legal. They can get more data than TikTok (probably) has and we’re still screwed.

But even lawmakers who sincerely believe that banning TikTok makes meaningful inroads on national security or consumer privacy generally don’t seem to understand the size and scope of the problem we’re dealing with.

That’s unfortunately so often the case in many fields when it comes to technology (and more).

Utility-first detractors complain a lot about how verbose this is and, consequently, how ugly. And it is indeed. But you’d forgive it that if it actually solved a problem, which it doesn’t. It is unequivocally an inferior way of making things which _are_alike look alike, as you should. It is and can only be useful for reproducing inconsistent design, wherein all those repeated values would instead differ.

I've certainly built some utility classes is CSS and I believe they certainly have a place. Using them for the just about everything is not my preferred way of doing things and would recommend against it.

It turns out, people in tech are particularly bad at distinguishing between paradigm shifts and paradigm sharts. That’s why we have nose-diving cryptocurrencies, dust-collecting monkey JPEG portfolios, and AI-generated children’s books teaching kids about pink, two-headed dinosaurs that never existed.

Truer words have never been spoken.

These are mostly my thoughts about what I was expecting as a junior and how I perceived senior developers. To be honest, I was romanticizing them quite a bit — senior developers were the people who could solve all the problems, constantly told me what to do, and knew all the answers.

I wish I had all the answers, that would make my life so much easier. 17 years in the work force and I'm learning something new every day.

I don’t like the fact that libraries like React are so heavily used, but over the years, I’ve grown more empathetic about the decision by teams to use them. The web platform doesn’t currently give us all the tools we might need, but I’m hopeful it will in the longer term. I also get that people can’t wait for that and need to get moving, so libraries service their needs better than the web platform currently does.

Definitely agree here. For bigger & more complicated projects, libraries can provide a lot of help to get it off the ground quickly. Necessary, no, but from a practical perspective I get it. Managers and higher ups don't necessarily always care about what is best, they care about the bottom line and having something to ship.

All I would say is finding the lowest-tech solution and leaning into browser capabilities as much as possible is a good way to build something resilient and reliable.

Completely agree, if you can avoid over-complicating your builds with libraries and sticking with HTML & CSS, go for it.