recentpopularlog in

kme : bestpractices   254

« earlier  
Errata Security: Securing devices for DEFCON
Now would be a good time to clear out your saved WiFi lists, on both your laptop and phone. You should do this regularly anyway. Anything that doesn't include a certificate should be removed. Your device will try to connect to known access-points, and hackers will setup access points with those names trying to entrap you.

I also reset the WiFi MAC address in my laptop. When you connect to WiFi, your MAC address is exposed. This can reveal your identity to anybody tracking you, so it's good to change it. Doing so on notebooks is easy, though I don't know how to do this on phones (so I don't bother).
defcon  security  checklist  bestpractices  wifi  bluetooth  perspective 
2 days ago by kme
coding style - Single quotes vs. double quotes in Python - Stack Overflow
I like to use double quotes around strings that are used for interpolation or that are natural language messages, and single quotes for small symbol-like strings, but will break the rules if the strings contain quotes, or if I forget. I use triple double quotes for docstrings and raw string literals for regular expressions even if they aren't needed.
python  quotes  quotingstyle  codingstyle  bestpractices 
5 days ago by kme
Gitlab update to version from 10.* - Questions & Answers / Upgrade - GitLab Forum
This is exactly what https://docs.gitlab.com/ee/policy/maintenance.html#upgrade-recommendations says anyway.

However, there's this tidbit:
Upgrading to 12.0 is absolutely safe. We run extensive tests internally before releases are made available. 12.0 should bring some improvements and additional features/functionality.

For the smoothest possible experience, I would suggest following this sequential upgrade path: 10.8.7 -> 11.3.4 -> 11.11.4 -> 12.0.2

You can check that the upgrade was successful between versions with:

sudo gitlab-rake gitlab:check

If you have any problems, reply to this with any error messages and relevant info.
gitlab  upgrade  bestpractices 
6 weeks ago by kme
SSH tunnelling for fun and profit: SSH Config
<code>
# turn on pubkey auth per host
Host c1
HostName 192.168.0.1
PubkeyAuthentication yes
IdentityFile ~/.ssh/id_rsa_specific

# turn off pubkey auth for all hosts
Host *
PubkeyAuthentication no
IdentitiesOnly yes
</code>
<code>
# only store hashes of the hostnames
Host *
HashKnownHosts yes
</code>
<code>
# multiplex connections
Host *
ControlMaster auto
ControlPath ~/.ssh/sockets/%r@%h-%p
ControlPersist 600
</code>
ssh  ssh_config  configfile  bestpractices  security  hardening 
october 2019 by kme
The Art of Debugging
If the site they're talking about is jsbin, then I know saving does work, because I just used it, it just means that saving isn't working for them (and potentially others). Translation: saving could just be working for me.
debugging  javascript  webdevel  frontend  tipsandtricks  bestpractices  chrome  devtools 
march 2019 by kme
teaching - Mimic lecturing on blackboard, facing audience - Academia Stack Exchange | https://academia.stackexchange.com/
I teach mathematics at MSc and PhD levels. My preferred method of teaching is old-fashioned: talking and writing on the blackboard at the same time.

Why? Because it has many advantages:

Handwriting: imposes few restrictions on notation and illustration. (Complicated figures I could project from my laptop, but I have no need for this in my courses.)
Flexibility: whenever this is useful, it is easy to 'deviate from the script'.
Natural speed: it imposes a natural speed on the speaker. Preparing slides using LaTeX or PowerPoint and just clicking through them, I find myself proceeding way too fast.
Parallel displays: having several boards available for writing makes it easy to keep some text/examples on display on one board, while writing on another.
Dynamics: referring to information on the different boards allows me to move through the room, adding a more dynamic aspect to the lecture.
Ease: it is a low-tech way of achieving all these things simultaneously with easily available means.

The main disadvantage of this method is that I spend a significant amount of time of each lecture with my back to the audience.

Question: What would you recommend as a means of communication that combines the six features above (most importantly, the handwriting and parallel displays), but facing the audience?


@TobiaTesan I think the technology is just now (well, the 3 years ago as I was leaving school) coming into its own. I had a professor who wrote pages under a very sharp document cam, but then pressed a button to save the picture and keep it on one display while moving on to the next page. Multiply by 4 displays and you are on par with the big sliding blackboards of old, with the benefit of saving the notes for later upload (and not having to wipe old chalk off everything). – mbrig Mar 21 at 4:19
oldschool  pedagogy  teaching  blackboards  instructionalaids  advice  bestpractices 
march 2019 by kme
Feature Highlight: Set Due Dates for Issues and Create Milestones | GitLab | https://about.gitlab.com/
GitLab has a powerful issue tracker that completely integrates into the GitLab workflow. Our team uses our issue tracker for almost everything, including projects that contain no code. We believe that if anything is significant enough to work on then it deserves an issue. Before GitLab 8.7, there was no way to communicate that you needed a specific issue to be completed by a specified time. While we had the ability to add milestones to issues and merge requests, there was no way to s...
gitlab  issues  collaboration  workflow  bestpractices 
march 2019 by kme
The role of instructors in teaching programming — Python for Biologists | https://pythonforbiologists.com/
This is another aspect of programming that experience tends to render invisible: when you encounter a roadblock in programming and need to ask for help, very often it's difficult to know how to phrase the question. The lack of understanding that causes the student to need help in the first place also ensures that they're unlikely to know what question to ask, or the right way to phrase it.

Of course, later on in the learning process it usually becomes clear how mindblowingly useful programming is (and I purposefully structure my courses to get students to this point sooner rather than later). Nevertheless, one of the biggest problems many students have when learning programming is simply running out of steam and becoming demoralized – a process that is usually triggered by encountering yet another roadblock.
programming  teaching  learning  computing  workshop  advice  bestpractices 
february 2019 by kme
The Unix Shell: Instructor Notes | https://swcarpentry.github.io/
Many people have questioned whether we should still teach the shell. After all, anyone who wants to rename several thousand data files can easily do so interactively in the Python interpreter, and anyone who’s doing serious data analysis is probably going to do most of their work inside the IPython Notebook or R Studio. So why teach the shell?

The first answer is, “Because so much else depends on it.” Installing software, configuring your default editor, and controlling remote machines frequently assume a basic familiarity with the shell, and with related ideas like standard input and output. Many tools also use its terminology (for example, the %ls and %cd magic commands in IPython).

The second answer is, “Because it’s an easy way to introduce some fundamental ideas about how to use computers.” As we teach people how to use the Unix shell, we teach them that they should get the computer to repeat things (via tab completion, ! followed by a command number, and for loops) rather than repeating things themselves. We also teach them to take things they’ve discovered they do frequently and save them for later re-use (via shell scripts), to give things sensible names, and to write a little bit of documentation (like comment at the top of shell scripts) to make their future selves’ lives better.

The third answer is, “Because it enables use of many domain-specific tools and compute resources researchers cannot access otherwise.” Familiarity with the shell is very useful for remote accessing machines, using high-performance computing infrastructure, and running new specialist tools in many disciplines. We do not teach HPC or domain-specific skills here but lay the groundwork for further development of these skills. In particular, understanding the syntax of commands, flags, and help systems is useful for domain specific tools and understanding the file system (and how to navigate it) is useful for remote access.

Finally, and perhaps most importantly, teaching people the shell lets us teach them to think about programming in terms of function composition. In the case of the shell, this takes the form of pipelines rather than nested function calls, but the core idea of “small pieces, loosely joined” is the same.

Installing Bash and a reasonable set of Unix commands on Windows always involves some fiddling and frustration. Please see the latest set of installation guidelines for advice, and try it out yourself before teaching a class.

Tab completion sounds like a small thing: it isn’t. Re-running old commands using !123 or !wc isn’t a small thing either, and neither are wildcard expansion and for loops. Each one is an opportunity to repeat one of the big ideas of Software Carpentry: if the computer can repeat it, some programmer somewhere will almost certainly have built some way for the computer to repeat it.

Building up a pipeline with four or five stages, then putting it in a shell script for re-use and calling that script inside a for loop, is a great opportunity to show how “seven plus or minus two” connects to programming. Once we have figured out how to do something moderately complicated, we make it re-usable and give it a name so that it only takes up one slot in working memory rather than several. It is also a good opportunity to talk about exploratory programming: rather than designing a program up front, we can do a few useful things and then retroactively decide which are worth encapsulating for future re-use.
shellscripting  unix  linux  shell  bash  butwhy  programming  sevenplusorminustwo  teaching  workshop  reference  advice  bestpractices 
february 2019 by kme
CheatSheetSeries/SQL_Injection_Prevention_Cheat_Sheet.md at master · OWASP/CheatSheetSeries · GitHub | https://github.com/
The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics. - OWASP/CheatSheetSeries
sqlinjection  mysql  webmaster  webdevel  security  bestpractices  reference  cheatsheet 
february 2019 by kme
Accessibility - The State of the Web - YouTube - https://www.youtube.com/
Overview of the W3C Web Content Accessibility Guidelines (WCAG): http://bit.ly/2Vqihsf
WCAG 2.1 recommendations: http://bit.ly/2ArceuL
Free accessibility Udacity webinar by Google: http://bit.ly/2SzYzZ6
Accessibility guides on web.dev: http://bit.ly/2VqzjXe
Rob Dodson's A11ycast video series: http://bit.ly/2TrHEbt
Accessibility report on HTTP Archive: http://bit.ly/2s6Jkvq
The importance of accessibility in product design: http://bit.ly/2VjoiXA
3 tips when designing for accessibility: http://bit.ly/2R5xMan

Watch more State of the Web episodes here → http://bit.ly/2JhAzsh
w3c  standards  aria  a11y  accessibility  webdevel  bestpractices  video 
january 2019 by kme
Google's Unwritten Rule for Team Collaboration | http://blog.idonethis.com/
That social code was tacitly agreed upon, and usually instituted by the managers: the most collaborative teams, even if they have a single leader or moderator, were ones where everyone spoke equally.

This fact wasn’t written down anywhere, or decided upon by management. The teams themselves didn’t even notice they were doing it. But researchers recognized that less successful teams were the ones where a manager spoke 80% of the time or more. In successful collaborative teams, everyone engaged in “conversational turn-taking”—one of the most human things we do— whether it was through a daily standup or a monthly check-in.

Since the conversation wasn’t monopolized by one person, they were able to ask clarifying questions and give their input. In situations where only one person speaks, team members didn’t feel comfortable voicing their ideas, chiming in on other peoples’, or correcting their more vocal team members’ mistakes. Imbalanced communication, in short, defeated the purpose of collaborating in the first place.
teamwork  collaboration  communication  bestpractices 
november 2017 by kme
Git: what they didn’t tell you | Steve Bennett blogs | https://stevebennett.me/
Don’t call any remote ‘origin’

You will never understand “git reset”‘s options

The difference between “git reset”, “git reset –soft” and “git reset –hard” is beyond your comprehension. And you probably wanted “git checkout” anyway.

Rule of thumb:

If your directory is FUBAR: git reset –hard
If you just want to throw away changes to one file: git checkout file
In all other cases, google it.
git  scm  newbie  annoyance  gotcha  advice  bestpractices 
november 2017 by kme
ParsingLs - Greg's Wiki | http://mywiki.wooledge.org/
Best explanation came from the BashPitfalls article:
Never try to parse the output of ls. ls is just plain unnecessary. It's an external command whose output is intended specifically to be read by a human, not parsed by a script.
bash  unix  shellscripting  filemanagement  bestpractices  newbie  reference  butwhy 
november 2017 by kme
BashGuide/Practices - Greg's Wiki | http://mywiki.wooledge.org/
<code class="language-bash">for number in $(seq 1 10); do</code>

For the love of god and all that is holy, do not use seq to count.

Bash is able enough to do the counting for you. You do not need to spawn an external application (especially a single-platform one) to do some counting and then pass that application's output to Bash for word splitting. Learn the syntax of for already!

In general, C-style for loops are the best method for implementing a counter for ((i=1; i<=10; i++)).

If you actually wanted a stream of numbers separated by newlines as test input, consider printf '%d\n' {1..10}. You can also loop over the result of a sequence expansion if the range is constant, but the shell needs to expand the full list into memory before processing the loop body. This method can be wasteful and is less versatile than other arithmetic loops.

<code class="language-bash">i=`expr $i + 1`</code>

expr is a relic of ancient Rome. Do not wield it.

It was used in scripts written for shells with very limited capabilities. You're basically spawning a new process, calling another C program to do some math for you and return the result as a string to bash. Bash can do all this itself and so much faster, more reliably (no numbers->string->number conversions) and in all, better.

You should use this in Bash: let i++ or ((i++))

Even POSIX sh can do arithmetic: i=$(($i+1)). It only lacks the ++ operator and the ((...)) command (it has only the $((...)) substitution).
bash  shellscripting  debugging  bestpractices  reference 
september 2017 by kme
« earlier      
per page:    204080120160

Copy this bookmark:





to read