Table of Contents
Professional Programming - about this list
- Contributing to this list
- Must-read books
- Must-read articles
- Other general material and list of resources
- Algorithm and data structures
- API design & development
- Attitude, habits, mindset
- Career growth
- Characters sets
- Code reviews
- Coding & code quality
- Data formats
- Data science/data engineering
- Design (visual, UX, UI, typography)
Design (OO modeling, architecture, patterns, anti-patterns, etc.)
- Dev environment & tools
- Diversity & inclusion
- Editors & IDE
- Engineering management
Incident response (oncall, alerting, outages, firefighting, postmortem)
- Learning & memorizing
- Low-level, assembly
Observability (monitoring, logging, exception handling)
- Problem solving
- Project management
- Programming paradigm
- Operating system
- Releasing & deploying
- Shell (command line)
- System administration
- Site Reliability Engineering (SRE)
- Technical debt
- Version control (Git)
- Work ethics, productivity & work/life balance
- Web development
- Writing (communication, blogging)
- Writing for performance
- Resources & inspiration for presentations
- Keeping up-to-date
Professional Programming - about this list
Give me six hours to chop down a tree and I will spend the first four sharpening the axe. (Abraham Lincoln)
A collection of full-stack resources for programmers.
The goal of this page is to make you a more proficient developer. You'll find only resources that I've found truly inspiring, or that have become timeless classics.
This page is not meant to be comprehensive. I am trying to keep it light and not too overwhelming. The selection of articles is opinionated.
- 🧰 : list of resources
- 📖 : book
- 🎞 : video/movie extract/movie/talk
- 🏙 : slides/presentation
- ⭐️ : must-read
Contributing to this list
Feel free to open a PR to contribute! I will not be adding everything: as stated above, I am trying to keep the list concise.
I've found these books incredibly inspiring:
There are some free books available, including:
- Practical Advice for New Software Engineers
- On Being A Senior Engineer
Lessons Learned in Software Development: one of those articles that give you years of hard-earned lessons, all in one short article. Must read.
Things I Learnt The Hard Way
- Spec first, then code
- Tests make better APIs
- Future thinking is future trashing
- Documentation is a love letter to your future self
- Sometimes, it's better to let the application crash than do nothing
- Understand and stay away of cargo cult
- "Right tool for the job" is just to push an agenda
- Learn the basics functional programming
- ALWAYS use timezones with your dates
- ALWAYS use UTF-8
- Create libraries
- Learn to monitor
- Explicit is better than implicit
- Companies look for specialists but keep generalists longer
- The best secure way to deal with user data is not to capture it
- When it's time to stop, it's time to stop
- You're responsible for the use of your code
- Don't tell "It's done" when it's not
- Pay attention on how people react to you
- Beware of micro-aggressions
- Keep a list of "Things I Don't Know"
- Signs that you're a good programmer
- Signs that you're a bad programmer
7 absolute truths I unlearned as junior developer
- Early in your career, you can learn 10x more in a supportive team in 1 year, than coding on your own
- Every company has problems, every company has technical debt.
- Being overly opinionated on topics you lack real-world experience with is pretty arrogant.
- Many conference talks cover proof of concepts rather than real-world scenarios.
- Dealing with legacy is completely normal.
- Architecture is more important than nitpicking.
- Focus on automation over documentation where appropriate.
- Having some technical debt is healthy.
- Senior engineers must develop many skills besides programming.
- We’re all still junior in some areas.
How to Build Good Software
- A good high-level summary of fundamental engineering practices.
- The root cause of bad software has less to do with specific engineering choices, and more to do with how development projects are managed.
- There is no such thing as platonically good engineering: it depends on your needs and the practical problems you encounter.
- Software should be treated not as a static product, but as a living manifestation of the development team’s collective understanding.
- Software projects rarely fail because they are too small; they fail because they get too big.
- Beware of bureaucratic goals masquerading as problem statements. If our end goal is to make citizens’ lives better, we need to explicitly acknowledge the things that are making their lives worse.
- Building software is not about avoiding failure; it is about strategically failing as fast as possible to get the information you need to build something good.
Other general material and list of resources
List of axioms:
Precepts - Urbit
- Data is better than code.
- Correctness is more important than performance.
- Deterministic beats heuristic.
- One hundred lines of simplicity is better than twenty lines of complexity.
- If your abstractions are leaking, it's not due to some law of the universe; you just suck at abstracting. Usually, you didn't specify the abstraction narrowly enough.
- If you avoid changing a section of code for fear of awakening the demons therein, you are living in fear. If you stay in the comfortable confines of the small section of the code you wrote or know well, you will never write legendary code. All code was written by humans and can be mastered by humans.
- If there's clearly a right way to do something and a wrong way, do it the right way. Coding requires incredible discipline.
- The best way to get the right answer is to try it the wrong way.
- Practice tells you that things are good or bad; theory tells you why.
- Not being qualified to solve a problem is no reason not to solve it.
- If you don't understand a system you're using, you don't control it. If nobody understands the system, the system is in control.
- Embedded Rules of Thumb
- 50 Ideas That Changed My Life
Algorithm and data structures
Let's be honest: algorithms can be a pretty dry topic. This quora question lists some funnier learning alternative, including:
API design & development
General REST content:
More specific topics:
Attitude, habits, mindset
Mastering Programming, Kent Beck.
- The traits of a proficient programmer
The tao of programming: a set of parables about programming.
- Taking Ownership Is The Most Effective Way to Get What You Want
- Finding Time to Become a Better Developer
Ten minutes a day: how Alex Allain wrote a book in less than 200 hours, by writing 10 minutes every day.
The care and feeding of software engineers (or, why engineers are grumpy)
- In the triumvirate of software, product managers, designers, and software engineers, only the engineers are expected to turn off their creative minds and just produce.
- Both engineers and product managers tend to think, incorrectly, that product specifications or requirements are equivalent to the furniture manual from Ikea.
- This is one of the top things that make engineers grumpy: constantly shifting priorities.
- Even though many engineers will complain that product managers change their minds, almost none will account for that in their time estimates.
- Computer science programs aren’t about preparing you for the tasks you’ll face in industry.
- When there are more engineers than can be used, engineering time ends up going away from developing and towards planning, synchronization, and coordination.
- Involve engineers in the creative process
- Give engineers opportunities to be creative.
- Encourage time off.
- Let 'em code
- Express appreciation
The Product-Minded Software Engineer, Gergely Orosz
- Great product engineers know that minimum lovable products need the right depth
- Product-minded engineers quickly map out edge cases and think of ways to reduce work on them: often bringing solutions that require no engineering work
- Engage in user research and customer support
- Bring well-backed product suggestions to the table
- Offer product/engineering tradeoffs
40 Lessons From 40 Years, Steve Schlafman
- If you want to make progress on the things that matter most, you need to decide who you’re going to disappoint. It’s inevitable.
- The best investment you can make is your own education. Never stop learning. The second best investment you can make is building your network through authentic and meaningful interactions. It is what you know and who you know.
- You’ll never get what you don’t ask for or actively seek out. Go for it!
- It’s not about the light at the end of the tunnel. It’s the tunnel. Show up every day and enjoy the process.
- A great teammate always puts the organization and its purpose ahead of their own self interests.
- Pick your spots. We have limited time and our brains can only process so much. Focus is key. Choose wisely.
- Every person is likely struggling with something. Be kind. Be helpful.
On Coding, Ego and Attention
- Beginner’s mind accepts the fact that absolute knowledge is infinite and thus keeping score is a waste of time.
- Mastery is simply the accumulation of momentum, not the accumulation of knowledge.
- Dealing with ego distraction has taught me to love the problem solving process. It’s taught me to love and respect the learning process. As a result I’m more productive. I’m less anxious. I’m a better teammate. I’m a better friend and a better thinker.
- Fixed vs. Growth: The Two Basic Mindsets That Shape Our Lives
- What does a great software engineer look like?
- Good sleep, good learning, good life
- 🎞 Steve Jobs: if you don't ask for help, you won't get very far
- Programming quotes
- Being kind is fundamentally about taking responsibility for your impact on the people around you.
- It requires you be mindful of their feelings and considerate of the way your presence affects them.
Warren Buffett Says This 1 Simple Habit Separates Successful People From Everyone Else
- The difference between successful people and really successful people is that really successful people say no to almost everything.
- How to get lucky?
Imposter syndrome is underrated: a lot of talk goes into overcoming imposter syndrome. I say embrace self-skepticism and doubt yourself every day. In a fast-moving industry where lots of your knowledge expires every year, even the most junior people around you constantly cook up skills you don't have; you stay competitive by applying with the determination (and even fear) of the novice. The upside of this treadmill is that every engineer is on it: just because you're an imposter doesn't mean that other people are more deserving than you, because they're imposters too. You should advocate for yourself, take risks, pat yourself on the back when things go well, and, as you start to build a track record of solving problems, trust your skills and adaptability. Just make no mistake: you're only as good as the last problem you solve.
Dan Heller, Building a Career in Software
I had learned already never to empty the well of my writing, but always to stop when there was still something there in the deep part of the well, and let it refill at night from the springs that fed it. -- Ernest Hemingway
Biases don't only apply to hiring. For instance, the fundamental attribution bias also applies when criticizing somebody's code written a long time ago, in a totally different context.
The Conjoined Triangles of Senior-Level Development looks into how to define a senior engineer.
Ten Principles for Growth as an Engineer, Dan Heller.
Don't Call Yourself a Programmer, Patrick McKenzie.
- On being an Engineering Manager
The career advice I wish I had at 25
- A career is a marathon, not a sprint
- Most success comes from repetition, not new things
- If work was really so great all the rich people would have the jobs
- Management is about people, not things
- Genuinely listen to others
- Recognise that staff are people with finite emotional capacity
- Don’t just network with people your own age
- Never sacrifice personal ethics for a work reason
- Recognise that failure is learning
Career advice I wish I’d been given when I was young
- Don’t focus too much on long-term plans.
- Find good thinkers and cold-call the ones you most admire.
- Assign a high value to productivity over your whole lifespan.
- Don’t over-optimise things that aren’t your top priority.
- Read a lot, and read things that people around you aren’t reading.
- Reflect seriously on what problem to prioritise solving.
- Read more history.
Why Good Developers are Promoted into Unhappiness, Rob Walling. Or why management might not be for you.
- A guide to using your career to help solve the world’s most pressing problems
What's a senior engineer's job? You need to be more than just an individual contributor.
From Coding Bootcamp Graduate to Building Distributed Databases
- Read Books (and papers), not Blog Posts
- Take responsibility for your career trajectory
- 🏙 The Well Rounded Engineer includes lots of great book recommendations.
- Paradigm polyglot (learn different languages & paradigms)
- Database polyglot
- Protocol polyglot (preferably TCP/IP and HTTP)
- Proficiency with build tooling, packaging and distribution
- Debugging, observability
- Deployment, infra and devops
- Software architecture and scaling
- Ability to write toy compilers, interpreters and parsers
- Ability to write toy games
- Ability to understand algorithmic analysis
Coding & code quality
See also the SQL section.
Data science/data engineering
Design (visual, UX, UI, typography)
I highly recommend reading The Non-Designer's Design Book. This is a pretty short book that will give you some very actionable design advices.
Design (OO modeling, architecture, patterns, anti-patterns, etc.)
Here's a list of good books:
One of the absolute references on architecture is Martin Fowler: checkout his Software Architecture Guide.
You can use an eraser on the drafting table or a sledge hammer on the construction site. (Frank Lloyd Wright)
Design: database schema
A humble guide to database schema design, Mike Alche
- Use at least third normal form
- Create a last line of defense with constraints
- Never store full addresses in a single field
- Never store firstname and lastname in the same field
- Establish conventions for table and field names.
Simple Made Easy 🎞, Rich Hickey. This is an incredibly inspiring talk redefining simplicity, ease and complexity, and showing that solutions that look easy may actually harm your design.
Dev environment & tools
Article about tools:
The return of fancy tools
- Simple tools make you think a little more
- Drucker: "I’m not writing it down to remember it later, I’m writing it down to remember it now."
- Frictionless note-taking produces notes, but it doesn't produce memory.
Diversity & inclusion
Check out my list of management resources.
The palest ink is more reliable than the most powerful memory.
-- Chinese proverb
Editors & IDE
Checkout my list of management
The best way to learn is to learn by doing.
NandGame: build a computer from scratch.
Incident response (oncall, alerting, outages, firefighting, postmortem)
- Incident Response at Heroku
My Philosophy On Alerting
- Pages should be urgent, important, actionable, and real.
- Err on the side of removing noisy alerts – over-monitoring is a harder problem to solve than under-monitoring.
- Symptoms are a better way to capture more problems more comprehensively and robustly with less effort.
- Include cause-based information in symptom-based pages or on dashboards, but avoid alerting directly on causes.
- The further up your serving stack you go, the more distinct problems you catch in a single rule. But don’t go so far you can’t sufficiently distinguish what’s going on.
- If you want a quiet oncall rotation, it’s imperative to have a system for dealing with things that need timely response, but are not imminently critical.
- The Google SRE book's chapter about oncall
Writing Runbook Documentation When You’re An SRE
- Playbooks “reduce stress, the mean time to repair (MTTR), and the risk of human error.”
- Using a template can be beneficial because starting from a blank document is incredibly hard.
- The Curse of Knowledge is a cognitive bias that occurs when someone is communicating with others and unknowingly assumes the level of knowledge of the people they are communicating with.
- Make your content easy to glance over.
- If a script is longer than a single line, treat it like code, and check it into a repository to be source control and potentially tested.
Dan Milstein, “Let’s plan for a future where we’re all as stupid as we are today.”
Note: this is about you as an interviewee, not as an interviewer. To check out my list of resources for interviewers, go to my engineering-management repository.
See also the exercises section in this document.
Learning & memorizing
Learn how to learn!
How I Rewired My Brain to Become Fluent in Math: subtitled the building blocks of understanding are memorization and repetition.
One Sure-Fire Way to Improve Your Coding: reading code!
- Tips for learning programming
You can increase your intelligence: 5 ways to maximize your cognitive potential: forgive the clickbait title, it’s actually a good article.
How to ask good questions, Julia Evans.
- Stop Learning Frameworks
Learning How to Learn: powerful mental tools to help you master tough subjects
Why books don’t work, Andy Matuschak.
- "As a medium, books are surprisingly bad at conveying knowledge, and readers mostly don’t realize it."
- "In learning sciences, we call this model “transmissionism.” It’s the notion that knowledge can be directly transmitted from teacher to student, like transcribing text from one page onto another. If only!"
- "By re-testing yourself on material you’ve learned over expanding intervals, you can cheaply and reliably commit huge volumes of information to long-term memory."
Strategies, Tips, and Tricks for Anki: those advices work for any tool actually
- Add images. Our brains are wired visually, so this helps retention.
- Don't add things you don't understand.
- Don't add cards memorizing entire lists.
- Write it out. For wrong answers, I'll write it on paper. The act of writing is meditative. I really enjoy this.
- Keep on asking yourself why? why does this work? why does it work this way? Force yourself to understand the root of a topic.
- Cornell Method: when reading a topic, write out questions on the margins to quiz yourself.
- Pretend you have to teach it
- Use mnemonics phrases like PEMDAS for lists and other hard-to-remember topics.
- Delete cards that don't make sense or you don't want to remember anymore.
Effective learning: Twenty rules of formulating knowledge
- Build upon the basics
- Stick to the minimum information principle: the material you learn must be formulated in as simple way as it is
- Cloze deletion is easy and effective: Kaleida's mission was to create a ... It finally produced one, called Script X. But it took three years
- Graphic deletion is as good as cloze deletion
- Avoid sets
- Avoid enumerations
- Combat interference - even the simplest items can be completely intractable if they are similar to other items. Use examples, context cues, vivid illustrations, refer to emotions, and to your personal life
- Personalize and provide examples - personalization might be the most effective way of building upon other memories. Your personal life is a gold mine of facts and events to refer to. As long as you build a collection for yourself, use personalization richly to build upon well established memories
- Provide sources - sources help you manage the learning process, updating your knowledge, judging its reliability, or importance
- Prioritize - effective learning is all about prioritizing.
How to Remember Anything You Really Want to Remember, Backed by Science
- Quiz yourself
- Summarize and share with someone else.
- Connect what you just learned to experiences you previously had.
How To Remember Anything Forever-ish: a comic about learning
- Get better at programming by learning how things work
- How to teach yourself hard things
- Building Your Own Personal Learning Curriculum
- The Complete Guide to Effective Reading
Richard Feynman's Learning Strategy:
- Step 1: Continually ask "Why?”
- Step 2: When you learn something, learn it to where you can explain it to a child.
- Step 3: Instead of arbitrarily memorizing things, look for the explanation that makes it obvious.
Most people overestimate what they can do in 1 year and underestimate what they can do in a decade.
– Bill Gates
Frankly, though, I think most people can learn a lot more than they think they can. They sell themselves short without trying.
One bit of advice: it is important to view knowledge as sort of a semantic tree — make sure you understand the fundamental principles, ie the trunk and big branches, before you get into the details/leaves or there is nothing for them to hang on to.
— Elon Musk
"Experience is something you don't get until just after you need it."
― Steven Wright
Tell me and I forget. Teach me and I remember. Involve me and I learn.
– Benjamin Franklin
Education is the kindling of a flame, not the filling of a vessel.
That which we persist in doing becomes easier for us to do; not that the nature of the thing itself is changed, but that our power to do is increased.
– Ralph Waldo Emerson
A wise man can learn more from a foolish question than a fool can learn from a wise answer.
– Bruce Lee
Back to Basics, Joel Spolsky. Explains why learning low level programming is important.
- I think that some of the biggest mistakes people make even at the highest architectural levels come from having a weak or broken understanding of a few simple things at the very lowest levels.
- What's in a Linux executable?
- 📖 The Elements of Computing Systems: building a modern computer from first principles (nand2tetris).
The Great Confusion About URIs
- A URI is a string of characters that identifies a resource. Its syntax is
:?#, where only and are mandatory. URL and URN are URIs.
- A URL is a string of characters that identifies a resource located on a computer network. Its syntax depends on its scheme. E.g.
- A URN is a string of characters that uniquely identifies a resource. Its syntax is
Observability (monitoring, logging, exception handling)
Do not log dwells on some logging antipatterns.
- Logging does not make much sense in monitoring and error tracking. Use better tools instead: error and business monitorings with alerts, versioning, event sourcing.
- Logging adds significant complexity to your architecture. And it requires more testing. Use architecture patterns that will make logging an explicit part of your contracts
- Logging is a whole infrastructure subsystem on its own. And quite a complex one. You will have to maintain it or to outsource this job to existing logging services
Lies My Parents Told Me (About Logs)
- Logs are cheap
- I can run it better myself
- Leveled logging is a great way to separate information
- Logs are basically the same as events
- A standard logging format is good enough
- Logging - OWASP Cheat Sheet Series
- Google, Site Reliability Engineering, Monitoring Distributed Systems
- PagerDuty, Monitoring Business Metrics and Refining Outage Response
- 🧰 crazy-canux/awesome-monitoring: monitoring tools for operations.
- Monitoring in the time of Cloud Native
How to Monitor the SRE Golden Signals
- From the Google SRE book: Latency, Traffic, Errors, and Saturation
- USE Method (from Brendan Gregg): Utilization, Saturation, and Errors
- RED Method (from Tom Wilkie): Rate, Errors, and Duration
- Simple Anomaly Detection Using Plain SQL
See the Project management section on my engineering-management list of resources.
I would recommend learning:
- A compiled language (Java, C, C++...).
- A more recent language to see where the industry is going (as of writing, Go, Swift, Rust, Elixir...).
- A language that has first-class support for functional programming (Haskell, Scala, Clojure...).
A bit more reading:
There are only two kinds of languages: the ones people complain about and the ones nobody uses.
-- Bjarne Stroustrup (C++ creator)
For Python feel free to checkout my professional Python education repository.
- Jargon from the functional programming world
- Goodbye, Object Oriented Programming
Functional Programming & Haskell 🎞: some good reasons to learn FP!
Functional Programming Fundamentals: short introduction to FP and its advantages.
OO vs FP, Robert C. Martin, The Clean Code Blog. A pretty interesting take on the differences between OOP and FP from an expert in OOP.
- OO is not about state. Objects are bags of functions, not bags of data.
- Functional Programs, like OO Programs, are composed of functions that operate on data.
- FP imposes discipline upon assignment.
- OO imposes discipline on function pointers.
- The principles of software design still apply, regardless of your programming style. The fact that you’ve decided to use a language that doesn’t have an assignment operator does not mean that you can ignore the Single Responsibility Principle.
Parse, don’t validate
- Use a data structure that makes illegal states unrepresentable
- Push the burden of proof upward as far as possible, but no further
- Let your datatypes inform your code, don’t let your code control your datatypes
- Don’t be afraid to parse data in multiple passes
- Avoid denormalized representations of data, especially if it’s mutable
- Use abstract datatypes to make validators “look like” parsers
Imperative vs Declarative Programming, Tyler McGinnis.
- I draw the line between declarative and non-declarative at whether you can trace the code as it runs. Regex is 100% declarative, as it’s untraceable while the pattern is being executed.
“A complex system that works is invariably found to have evolved from a simple system that worked. A complex system designed from scratch never works and cannot be patched up to make it work. You have to start over, beginning with a working simple system.”
John Gall, General systemantics, an essay on how systems work, and especially how they fail..., 1975 (this quote is sometime referred as "Galls' law")
"Software engineering is what happens to programming
when you add time and other programmers."
Rob Pike, Go at Google: Language Design in the Service of Software Engineering
Papers we love: papers from the computer science community to read and discuss. Can be a good source of inspiration of solving your design problems.
The morning paper: one CS research paper explained every morning.
The Rule of Three, Coding Horror
- Every programmer ever born thinks whatever idea just popped out of their head into their editor is the most generalized, most flexible, most one-size-fits all solution that has ever been conceived.
- It is three times as difficult to build reusable components as single use components.
- A reusable component should be tried out in three different applications before it will be sufficiently general to accept into a reuse library.
- Refactor vs. Rewrite
- Tripping over the potholes in too many libraries
Releasing & deploying
Flipping out, Flickr. One of the first articles about feature flags.
Feature Flags, Toggles, Controls, a website documenting feature flags, from Launch Darkly.
Feature Toggles (aka Feature Flags), Pete Hodgson, martinFowler.com. Comprehensive article on the topic.
- Deliver new functionality to users rapidly but safely
- Release Toggles allow incomplete and un-tested codepaths to be shipped to production as latent code which may never be turned on.
- Experiment Toggles are used to perform multivariate or A/B testing.
- Ops Toggles control operational aspects of our system's behavior.
- Permissioning Toggles change the features or product experience that certain users receive.
- Static vs dynamic toggles
- Long-lived toggles vs transient toggles
- Savvy teams view their Feature Toggles as inventory which comes with a carrying cost, and work to keep that inventory as low as possible.
Feature Flags Best Practices: Release Management, LaunchDarkly
How we ship code faster and safer with feature flags, Github.
Flipr: Making Changes Quickly and Safely at Scale, Uber
Testing in production:
- Why We Leverage Multi-tenancy in Uber's Microservice Architecture
Developing in Production
- Complex systems have emergent behavior, producing epiphenomenon that only appears with sufficient scale.
- Wood's theorem: As the complexity of a system increases, the accuracy of any single agent’s own model of that system decreases rapidly.
- The more tools and code that you add to create elements in a system, the harder it is to replicate an environment encompassing those tools and code.
- At the core of testing in production is the idea of splitting deployments (of artifacts) from releases (of features).
Testing in Production: the hard parts, Cindy Sridharan
- The whole point of [actual] distributed systems engineering is you assume you’re going to fail at some point in time and you design the system in such a way that the damage, at each point is minimized, that recovery is quick, and that the risk is acceptably balanced with cost.
- How can you cut the blast radius for a similar event in half?
- Differentiate between deployment (0 risk) and release
- Build a deploy-observe-release pipeline
- Make incremental rollouts the norm (canaries, %-based rollouts, etc.)
- Test configuration changes just like you test code
- Default to roll back, avoid fixing forward (slow!)
- Eliminate gray failures - prefer crashing to degrading in certain cases
- Prefer loosely coupled services at the expense of latency or correctness
- Use poison tasters (isolate handling of client input)
- Implement per-request-class backpressure
- Have proper visibility from a client/end-user standpoint (client-side metrics)
- Testing in Production, the safe way
- 📖 Penetration Testing: A Hands-On Introduction to Hacking, Georgia Weidman
- Penetration Testing Tools Cheat Sheet
- A practical guide to securing macOS
- Web Application Security Guide/Checklist
Reckon you've seen some stupid security things?: everything not to do.
- Checklist of the most important security countermeasures when designing, testing, and releasing your API
OWASP Cheat Sheet Series: a series of cheat sheets about various security topics.
Secure by Design, a book review by Henrik Warne.
- There is a big overlap between secure code and good software design
- Every domain value should instead be represented by a domain primitive.
- External input needs to be validated before it is used in the system, in the following order: origin, size, lexical content, syntax, semantics.
- Entities should be consistent at creation, have limited operation, shouldn't be sharing mutable objects.
- Three Rs to do every few hours: rotate secrets automatically, repave servers and applications (redeploy on clean footprint), repair vulnerable.
- Don’t use exceptions for the control flow.
- OWASP Top Ten Web Application Security Risks
List of resources:
Shell (command line)
High Scalability: great blog about system architecture, its weekly review article are packed with numerous insights and interesting technology reviews. Checkout the all-times favorites.
Microservices/splitting a monolith:
- I already mentioned the book Release it! above. There's also a presentation from the author.
- Service Recovery: Rolling Back vs. Forward Fixing
How Complex Systems Fail
- Catastrophe requires multiple failures – single point failures are not enough.
- Complex systems contain changing mixtures of failures latent within them.
- Post-accident attribution to a ‘root cause’ is fundamentally wrong.
- Hindsight biases post-accident assessments of human performance.
- Safety is a characteristic of systems and not of their components
- Failure free operations require experience with failure.
Site Reliability Engineering (SRE)
Note: this section is only about SRE as a role. Checkout the System Architecture for more content related to reliability.
- 📖 Site Reliability Engineering
- Written by members of Google's SRE team, with a comprehensive analysis of the entire software lifecycle - how to build, deploy, monitor, and maintain large scale systems.
Reliability is the one feature every customer users. -- An auth0 SRE.
TechnicalDebt, Martin Fowler.
Fixing Technical Debt with an Engineering Allocation Framework
- You don't need to stop shipping features to fix technical debt
- Communicate the business value
- Today, any code that a developer dislikes is branded as technical debt.
- Ward Cunningham invented the debt metaphor to explain to his manager that building iteratively gave them working code faster, much like borrowing money to start a project, but that it was essential to keep paying down the debt, otherwise the interest payments would grind the project to a halt.
- Ur-technical debt is generally not detectable by static analysis.
Why bother writing tests at all?, Dave Cheney. A good intro to the topic.
- Even if you don’t, someone will test your software
- The majority of testing should be performed by development teams
- Manual testing should not be the majority of your testing because manual testing is O(n)
- Tests are the critical component that ensure you can always ship your master branch
- Tests lock in behaviour
- Tests give you confidence to change someone else’s code
How to test:
Version control (Git)
Work ethics, productivity & work/life balance
Your non-linear problem of 90% utilization, Jason Cohen: why constantly running at 90% utilization is actually counter-productive.
Evidence-based advice on how to be successful in any jobs: most self-help advices are not research-based. The ones listed in this article are.
The Complete Guide to Deep Work
- The ability to perform deep work is becoming increasingly rare at exactly the same time it is becoming increasingly valuable in our economy.
- Choose Your Deep Work Strategy
- Build a Deep Work Routine
- Discipline #1: Focus on the Wildly Important
- Discipline #2: Act on the Lead Measures
- Discipline #4: Create a Cadence of Accountability
- Our Ability for Deep Work is Finite
- The Craftsman Approach to Tool Selection
- Stop Using Social Media
- Get Your Boss on Board With Deep Work
Every productivity thought I've ever had, as concisely as possible
- Context intentionality as the key difference between home and every other place on planet earth
- Rules are about exceptions
Makers, Don't Let Yourself Be Forced Into the 'Manager Schedule'
- Research shows that it takes as long as 30 minutes for makers to get into the flow
- Use maker-manager office hours
- Communication can happen at a quieter asynchronous frequency in the form of thoughtful, written discussions rather than soul-sucking meetings or erratic one-line-at-a-time chat messages
- Build a team knowledge base to minimize repetitive questions and allow self-onboarding.
- Zettelkasten Method
100 Tips for a Better Life
- Deficiencies do not make you special. The older you get, the more your inability to cook will be a red flag for people.
- History remembers those who got to market first. Getting your creation out into the world is more important than getting it perfect.
- Discipline is superior to motivation. The former can be trained, the latter is fleeting. You won’t be able to accomplish great things if you’re only relying on motivation.
- You do not live in a video game. There are no pop-up warnings if you’re about to do something foolish, or if you’ve been going in the wrong direction for too long. You have to create your own warnings.
- Cultivate a reputation for being dependable. Good reputations are valuable because they’re rare (easily destroyed and hard to rebuild). You don’t have to brew the most amazing coffee if your customers know the coffee will always be hot.
- Compliment people more. Many people have trouble thinking of themselves as smart, or pretty, or kind, unless told by someone else. You can help them out.
Writing (communication, blogging)
➡️ See also my engineering-management list
Undervalued Software Engineering Skills: Writing Well
- From the HN discussion: "Writing a couple of pages of design docs or an Amazon-style 6 pager or whatever might take a few days of work, but can save weeks or more of wasted implementation time when you realise your system design was flawed or it doesn't address any real user needs."
Sell Yourself Sell Your Work
- If you've done great work, if you've produced superb software or fixed a fault with an aeroplane or investigated a problem, without telling anyone you may as well not have bothered.
The Writing Well Handbook
- Ideas — Identify what to write about
- First Drafts — Generate insights on your topic
- Rewriting — Rewrite for clarity, intrigue, and succinctness
- Style — Rewrite for style and flow
- Practicing — Improve as a writer
Write Simply, Paul Graham
- Writing is Thinking: Learning to Write with Confidence
It's time to start writing explains why Jeff Bezos banned PowerPoint at Amazon.
- The reason writing a good 4 page memo is harder than "writing" a 20 page powerpoint is because the narrative structure of a good memo forces better thought and better understanding of what's more important than what, and how things are related.
- Powerpoint-style presentations somehow give permission to gloss over ideas, flatten out any sense of relative importance, and ignore the interconnectedness of ideas.
Writing for performance
Resources & inspiration for presentations
- Calvin & Hobbes (search engine)
Website and RSS feeds (I use Feedly):