Today I was referred to: Unicode Utilities: Confusables.
Unicode bidirectional override hack
Interesting: Security advisory for rustc (CVE-2021-42574).
As an example, the following snippet (with {U+NNNN} replaced with the Unicode codepoint NNNN):
if access_level != "user{U+202E} {U+2066}// Check if admin{U+2069} {U+2066}" {
...would be rendered by bidirectional-aware tools as:
if access_level != "user" { // Check if admin
Kevlin Henney
Catching up on my Kevlin Henney:
- Agility ≠ Speed – Kevlin Henney
- Refactoring to Immutability – Kevlin Henney
- Talking Architecture With Kevlin Henney
- ‘Declarative Thinking, Declarative Practice’ – Kevlin Henney [ ACCU 2016 ]
Some reading for later:
Surrogate Key and Natural Key
In Database Design 25 – Surrogate Key and Natural Key the presenter Caleb Curry agrees with my view that if you expose your surrogate keys they become natural keys. See around t=5:00.
Time To First Byte
This was suggested on #lobsters today:
$ curl -o /dev/null -w "Connect: %{time_connect} TTFB: %{time_starttransfer} Total time: %{time_total} \n" https://www.progclub.org/
How To Design A Good API and Why it Matters
Today I watched: How To Design A Good API and Why it Matters. Good talk. Favourite quote:
Inheritance violates encapsulation
Oh, and I followed on with: A Brief, Opinionated History of the API wherein (t=28:14) Bloch says it’s an API if you can answer yes to both of these:
- Does it provide a set of operations defined by their inputs and outputs?
- Does it admit reimplementation without compromising its users?
Back to Basics
This is the Joel Spolsky article with the good old Shlemiel the painter’s algorithm: Back to Basics.
Bad web services API
I’m reading RESTful Web Services Cookbook and on page 17 the author gives this example:
# Request POST /user/smith HTTP/1.1 Host: www.example.org Content-Type: application/xml;charset=UTF-8 Slug: Home Address <address><street>1, Main Street</street><city>Some City</city></address> # Response HTTP/1.1 201 Created Location: http://www.example.org/user/smith/address/home_address ...
There are two problems with this: the first is that “POST /user/smith” has the semantics “register address”, so it would be better if that was clear; the second is that some of the input to the business process is in the XML payload, while some of it is in the HTTP headers (viz Slug). It would be better if all the input was in the payload.
So how would I design this service?
# Request POST /api/v1/processor HTTP/1.1 Host: www.example.org Content-Type: application/x-www-form-urlencoded action=register_address&user=smith&street=Main+Street&city=Some+City&type=home_address # Response HTTP/1.1 303 See Other Location: http://www.example.org/user/smith#home_address
Actually in my designs the /api/v1/processor could be anything, including /user/smith, because the business process is indicated in the request ‘action’ with is submitted with POST. Just like God intended. Idempotency, optimistic concurrency control, authentication, authorisation, auditing, version control, all that good stuff implemented with business logic via business process for ‘register_address’.
Technical Writing Courses
Today I discovered: Technical Writing Courses via Docs for Developers.
Documenting APIs: A guide for technical writers and engineers
Today I discovered: Documenting APIs: A guide for technical writers and engineers.