Software Sessions
Sep 16, 2019
How HTTP Works with Julia Evans
playlist_add
Julia Evans is best known for her zines and blog posts that break down technical topics in a friendly way. She has written educational material on everything from Linux system calls to working with managers.
She joins us to talk about what she learned while writing her latest zine: HTTP: Learn your browser's language.
Timestamps:
- 0:50 - Why write a zine about HTTP?
- 1:21 - What's a header that could break your site?
- 2:50 - What does HTTP look like?
- 5:58 - What headers are most important?
- 8:39 - Response Codes
- 12:26 - Authentication
- 14:57 - Cookies
- 18:37 - Using browser development tools
- 19:46 - Caching and CDNs
- 25:46 - Referrer Header and Hotlinking images
- 27:34 - Resuming file downloads
- 30:00 - URLs
- 32:11 - Why webpages show different languages
- 34:34 - Same Origin Policy / CORS
- 43:42 - Compression / GZIP
- 45:58 - Intermediate Programming Education
- 49:35 - Picking topics for blogs and zines
- 57:10 - Picking an audience to write to
- 59:54 - Types of educational material (zines, books)
- 64:03 - Why Julia likes the zine format
- 65:53 - Working on education full time
Links:
- HTTP: Learn your browser's language
- Julia's blog
- Julia's twitter
- Wizard Zines
- Mozilla Developer Network
- netcat
More episodes from Software Sessions
Jan 10, 2023
Megan Cutrofello on Leaguepedia
Leaguepedia is a MediaWiki instance that covers tournaments, teams, and players in the League of Legends esports community. It's relied on by fans, analysts, and broadcasters from around the world.
Megan "River" Cutrofello joined Leaguepedia in 2014 as a community manager and by the end of her tenure in 2022 was the lead for Fandom's esports wikis.
She built up a community of contributing editors in addition to her role as the primary MediaWiki developer.
She writes on her blog and is a frequent speaker at the Enterprise MediaWiki Conference Topics covered:
* When to use MediaWiki
* Visual vs code editor
* MediaWiki's rough syntax
* Templates and markup
* Limiting user input to simplify pages
* Choosing not to transliterate long player names in certain languages
* Handling mobile clients
* Building aliases for search results
* Creating a single source of truth
* Roster changes and caching
* Cargo (Query data in MediaWiki templates using SQL)
* Hiding implementation details from editors
* Optimizing for the editor, not a clean codebase
* Training your users to use workarounds
* MediaWiki only supports es5
* The wiki aesthetic
* Who is working on the wiki + onboarding
* Who is using the wiki
* The future of Leaguepedia
* How Megan got into wiki development
* Issues as opportunities to onboard Related Links
* River Writes - Megan's Blog
* Leaguepedia - League of Legends esports wiki
* MediaWiki
* VisualEditor
* VueJS in MediaWiki
* Open issue to support ES6 in MediaWiki
* Whitespace programming language
* Lua MediaWiki extensions
* CharInsert - Add code snippets into the MediaWiki editor
* Semantic MediaWiki (SMW) - Store and query data inside Wiki pages
* Cargo - Replaced SMW at Leaguepedia Conference Talks
* Usage of Cargo with Lua on LoL Gamepedia
* Mediawiker SublimeText plugin
* Cargo/Lua Best Practices, and When Not To Use Them
* MediaWiki Lua Tutorial
* Editing your wiki with Python is easier than you think Other podcast appearances
* Between the Brackets Transcript
You can help edit this transcript on GitHub.
[00:00:00] Jeremy: Today I'm talking to Megan Cutrofello. She managed the Leaguepedia eSports wiki for eight years, and in 2017 she got an award for being the unsung hero of the year for eSports. So Megan, thanks for joining me today.
[00:00:17] Megan: Thanks for having me.
[00:00:19] Jeremy: A lot of the people I talk to are into web development, so they work with web frameworks and things like that. And I guess when you think about it, wikis are web development, but they're kind of their own world, I suppose. for someone who's going to build some kind of a site, like when does it make sense for them to use a wiki versus, uh, a content management system or just like a more traditional web framework?
[00:00:55] Megan: I think it makes the most sense to use a wiki if you're going to have a lot of contributors and you don't want all of your contributors to have access to your server.
also if your contributors aren't necessarily as tech savvy as you are, um, it can make sense to use a wiki. if you have experience with MediaWiki, I guess it makes sense to use a Wiki.
Anytime I'm building something, my instinct is always, oh, I wanna make a Wiki (laughs) . Um, so even if it's not necessarily the most appropriate tool for the job, I always. My, my first thought is, hmm, let's see, I'm, I'm making a blog. Should I make my blog in in MediaWiki? Um, so, so I always, I always wanna do that. but I think it's always, when you're collaborating is pretty much, you always wanna do MediaWiki
[00:01:47] Jeremy: And I, I think that's maybe an important point when you say people are collaborating. When I think about Wikis, I think of Wikipedia, uh, and the fact that I can click the edit button and I can see the markup right there, make a change and, and click save. And I didn't even have to log in or anything. And it seems like that workflow is built into a wiki, but maybe not so much into your typical CMS or WordPress or something like that.
[00:02:18] Megan: Yeah. Having a public ability to solicit contributions from anyone. so for Leaguepedia, we actually didn't have open contributions from the public. You did have to create an account, but it's still that open anyone can make an account and all you have to do is like, go through that one step of create an account.
Admittedly, sometimes people are like, I don't wanna make an account that's so much work. And we're like, just make the account. Come on. It's not that hard. but, uh, you still, you're a community and you want people to come and contribute ideas and you want people to come and be a part of that community to, document your open source project or, record the history of eSports or write down all of the easter eggs that you find in a video game or in a TV show, or in your favorite fantasy novels.
Um, and it's really about community and working together to create something where the whole is bigger than the sum of its parts.
[00:03:20] Jeremy: And in a lot of cases when people are contributing, I've noticed that on Wikipedia when you edit, there's an option for a, a visual editor, and then there's one for looking at the raw markup. in, in your experience, are people who are doing the edits, are they typically using the visual editor or are they mostly actually editing the, the markup?
[00:03:48] Megan: So we actually disabled the Visual editor on Leaguepedia, because the visual editor is not fantastic at knowing things about templates. Um, so a template is when you have one page that gets its content pulled into the larger page, and there's a special syntax for that, and the visual editor doesn't know a lot about that.
Um, so that's the first reason. And then the second reason is that, there's this, uh, one extension that we use that allows you to make a clickable, piece of text. It's called (https://www.mediawiki.org/wiki/Extension:CharInsert) CharInserts, uh, for character inserts. so I made a lot of these things that is sort of along the same philosophy as Visual Editor, where it's to help people not have to have the same burden of knowledge, of knowing every exact piece of source that has to be inserted into the page. So you click the thing that says like, um, insert a pick and band prefill, and then a little piece of JavaScript fires and it inserts a whole bunch of Wiki text and then you just enter the champions in the correct places. In the prefills of champions are like the characters that you play in, uh, league of Legends.
And so then you have like the text is prefilled for you and you only have to fill in into this outline. so Visual Editor would conflict with CharInserts, and I much preferred the CharInserts approach where you have this compromise in between the never interacting with source and having to have all of the source memorized.
So between the fact that Visual Editor like is not a perfect tool and has these bugs in it, and also the fact that I preferred CharInserts, we didn't use Visual Editor at all. I know that some wikis do like to use Visual Editor quite a bit, and especially if you're not working with these templates where you have all of these prefills, it can be a lot more preferred to use Visual Editor.
Visual Editor is an experience much more similar to editing something like Microsoft Word, It doesn't feel like you're editing code. and editing code is, I mean, it's scary. Like for, and when I said like, MediaWiki is when you have editors who aren't as tech savvy, as the person who set up the Wiki.
for people who don't have that experience, I mean, when you just said like you have to edit a wiki, like someone who's never done that before, they can be very intimidated by it. And you're trying to build a sense of community. You don't want to scare away your potential editors. You want everyone to be included there.
So you wanna do everything possible to make everyo…
playlist_add
Jan 2, 2023
Victor Adossi on Yak Shaving
Victor is a software consultant in Tokyo who describes himself as a yak shaver. He writes on his blog at vadosware and curates Awesome F/OSS, a mailing list of open source products. He's also a contributor to the Open Core Ventures blog.
Before our conversation Victor wrote a structured summary of how he works on projects. I recommend checking that out in addition to the episode. Topics covered:
* Most people should use Dokku or CapRover
* But he uses Kubernetes anyways
* Hosting a Database in Kubernetes
* Learning technology
* You don't really know a thing until something goes wrong
* History of Frontend Development
* Context from lower layers of the stack and historical projects
* Good project pages have comparisons to other products
* Choosing technologies
* Language choice affects maintainability
* Knowing an ecosystem
* Victor's preferred stack
* Technology bake offs
* Posting findings means you get free corrections
* Why people use medium instead of personal sites Victor
* VADOSWARE - Blog
* How Victor works on Projects - Companion post for this episode
* Awesome FOSS - Curated list of OSS projects
* NimbusWS - Hosted OSS built on top of budget cloud providers
* Unvalidated Ideas - Startup ideas for side project inspiration
* PodcastSaver - Podcast index that allows you to choose Postgres or MeiliSearch and compare performance and results of each Victor's preferred stack
* Docker - Containers
* Kubernetes - Container provisioning (Though at the beginning of the episode he suggests Dokku for single server or CapRover for multiple)
* TypeScript - JavaScript with syntax for types. Victor's default choice.
* Rust - Language he uses if doing embedded work, performance is critical, or more correctness is desired
* Haskell - Language he uses if correctness and type system is the most important for the project
* Postgresql - General purpose database that's good enough for most use cases including full text search.
* KeyDB - Redis compatible database for caching. Acquired by Snap and then made open source. Victor uses it over Redis because it is multi threaded and supports flash storage without a Redis Enterprise license.
* Pulumi - Provision infrastructure with the languages you're already using instead of a specialized one or YAML
* Svelte and SvelteKit - Preferred frontend stack. Previously used Nuxt. Search engines
* Postgres Full Text Search vs the rest
* Optimizing Postgres Text Search with Trigrams
* OpenSearch - Amazon's fork of Elasticsearch
* typesense
* meilisearch
* sonic
* Quickwit JavaScript build tools
* Babel
* SWC
* Webpack
* esbuild
* parcel
* Vite
* Turbopack JavaScript frameworks
* React
* Vue
* Svelte
* Ember Frameworks built on top of frameworks
* Next - React
* Nuxt - Vue
* SvelteKit - Svelte
* Astro - Multiple Historical JavaScript tools and frameworks
* Underscore
* jQuery
* MooTools
* Backbone
* AngularJS
* Knockout
* Aurelia
* GWT
* Bower - Frontend package manager
* Grunt - Task runner
* Gulp - Task runner Related Links
* Dokku - Open source single-host alternative to Heroku
* Cloud Native Buildpacks - Buildpacks created by Heroku and Pivotal and used by Dokku
* CapRover - An open source PaaS-like abstraction built on top of Docker Swarm
* Kelsey Hightower's tweet about being cautious about running databases on Kubernetes
* Settling the Myth of Transparent HugePages for Databases
* Kubernetes Container Storage Interface (CSI)
* Kubernetes Local Persistent Volumes
* Longhorn - Distributed block storage for Kubernetes
* Postgres docs
* Postgres TOAST
* Everything I've seen on optimizing Postgres on ZFS
* Kubernetes Workload Resources
* Kubernetes Network Plugins
* Kubernetes Ingress
* Traefik
* Kubernetes the Hard Way (Setting up a cluster in a way that optimizes for learning)
* How does TLS work
* Let's Encrypt
* Cert manager for Kubernetes
* Choose Boring Technology
* A Linux user's guide to Logical Volume Management
* Docker networking overview
* Kubernetes Scheduler
* Tauri - Build desktop applications with web technology and Rust
* ripgrep - CLI tool to recursively search directory for a regex pattern (Meant to be a rust replacement for grep)
* angle-grinder / ag - CLI tool to parse and process log files written in rust
* Object.observe ECMAScript Proposal to be Withdrawn
* Ruby on Rails - Ruby web framework
* Django - Python web framework
* Laravel - PHP web framework
* Adonis - JavaScript
* NestJS - JavaScript
* What is a NullPointerException, and how do I fix it?
* Mastodon
* Clap - CLI argument parser for Rust
* AWS CDK - Provision AWS infrastructure using programming languages
* Terraform - Provision infrastructure with terraform language
* URL canonicalization of duplicate pages and the use of the canonical tag - Used by dev.to to send google traffic to the original blogpost instead of dev.to Transcript
You can help edit this transcript on GitHub.
[00:00:00] Jeremy: This episode, I talk to Victor Adossi who describes himself as a yak shaver. Someone who likes trying a whole bunch of different technologies, seeing the different options. We talk about what he uses, the evolution of front end development, and his various projects.
Talking to just different people it's always good to get where they're coming from because something that works for Google at their scale is going to be different than what you're doing with one of your smaller projects.
[00:00:31] Victor: Yeah, the context. Of course in direct conflict with that statement, I definitely use Google technology despite not needing to at all right? Like, you know, 99% of people who are doing like people like to call it indiehacking or building small products could probably get by with just Dokku. If you know Dokku or like CapRover. Are two projects that'll be like, Oh, you can just push your code here, we'll build it up like a little mini Heroku PaaS thing and just go on one big server, right? Like 99% of the people could just use that. But of course I'm not doing that. So I'm a bit of a hypocrite in that sense.
I know what I should be doing, but I'm not doing that. I am writing a Kubernetes cluster with like five nodes for no reason. Uh, yeah, I dunno, people don't normally count the controllers.
[00:01:24] Jeremy: Dokku and CapRover, I think those are where it's supposed to create a heroku like experience I think it's based off of the heroku buildpacks right? At least Dokku is?
[00:01:36] Victor: Yeah Buildpacks has actually been spun out into like a community thing so like pivotal and heroku, it's like buildpacks.io, they're trying to build a wider standard around it so that more people can get involved.
And buildpacks are actually obviously fantastic as a technology and as a a process piece. There's not much else like them and you know, that's obvious from like Heroku's success and everything. I know Dokku uses that. I don't know that Caprover does, but I haven't, I haven't really run Caprover that much.
They, they probably do. Like at this point if you're going to support building from code, it seems silly to try and build your own buildpacks. Cause that's what you will do, eventually. So you might as well use what's there.
Anyway, this is like just getting to like my personal opinions at this point, but like, if you think containers are a bad idea in 2022, You're wrong, you should, you should stop. Like you should, you should stop. Think about it. I mean, obviously there's not, um, I got a really great question at an interview once, which is, where are containers a bad idea?
That's probably one of the best like recent interview questions I've ever gotten cause I was like, Oh yeah, I mean, like, you can't, it can't be perfect everywhere, right? Nothing's perfect everywhere. So it's like, where is it? Uh, and of course the answer…
playlist_add
Oct 1, 2022
Xe Iaso on Tailscale
Xe Iaso is the Archmage of Infrastructure at Tailscale and previously worked at Heroku.
This episode originally aired on Software Engineering Radio but includes some additional discussion about their blog near the end of the episode.
Topics covered:
* Use cases for VPNs
* Simplifying service authentication by identifying users via IP
* Peer-to-peer vs centralized "Virtual Pain Networks"
* Tailscale's tech stack and why they forked the go compiler
* DERP relay servers
* Struggling with the iOS network extension size limit
* The surprisingly small amount of infrastructure required to run a VPN
* Running your company on your own product
* Working at Heroku vs Tailscale
* Using the socratic style of debate in technical blog posts
Related Links
* @theprincessxena
* Xe's Blog
* ACL samples
* Go links origin story
* How Tailscale works
* Tailscale SSH
* How Tailscale assigns IP addresses
* Hey linker, can you spare a meg?
* My Blog is Hilariously Overengineered to the Point People Think it's a Static Site
* The Sheer Terror of PAM
Transcript
[00:00:00] Jeremy: Today I'm talking to Xe Iaso, they're the archmage of infrastructure at tailscale, and they also have a great blog everyone should check out.
Xe, welcome to software engineering radio.
[00:00:12] Xe: Thanks. It's great to be here.
[00:00:14] Jeremy: I think the first thing we should start with, is what's a, a VPN, because I think some people they may have used it to remote into their workplace or something like that. But I think the, the scope of what it's good for and what it does is a lot broader than that. So maybe you could talk a little bit about that first.
[00:00:31] Xe: Okay. a VPN is short for virtual private network. It's basically a fake network that's overlaid on top of existing networks. And then you can use that network to do whatever you would with a normal computer network. this term has been co-opted by companies that are attempting to get into the, like hide my ass style market, where, you know, you encrypt your internet information and keep it safe from hackers.
But, uh, so it makes it really annoying and hard to talk about what a VPN actually is. Because tailscale, uh, the company I work for is closer to like the actual intent of a VPN and not just, you know, like hide your internet traffic. That's already encrypted anyway with another level of encryption and just make a great access point for, uh, three letter agencies.
But are there, use cases, past that, like when you're developing a piece of software, why would you decide to use a VPN outside of just because I want my, you know, my workers to be able to get access to this stuff.
[00:01:42] Xe: So something that's come up, uh, when I've been working at tailscale is that sometimes we'll make changes to something. And it'll be changes to like the user experience of something on the admin panel or something. So in a lot of other places I've worked in order to have other people test that, you know, you'd have to push it to the cloud.
It would have to spin up a review app in Heroku or some terrifying terraform of abomination would have to put it out onto like an actual cluster or something. But with tail scale, you know, if your app is running locally, you just give like the name of your computer and the port number. And you know, other people are able to just see it and poke it and experience it.
And that basically turns the, uh, feedback cycle from, you know, like having to wait for like the state of the world to converge, to, you know, make a change, press F five, give the URL to a coworker and be like, Hey, is this Gucci?
they can connect to your app as if you were both connected to the same switch.
[00:02:52] Jeremy: You don't have to worry about, pushing to a cloud service or opening ports, things like that.
[00:02:57] Xe: Yep. It will act like it's in the same room, even when they're not it'll even work. if you're at both at Starbucks and the Starbucks has reasonable policies, like holy crap, don't allow devices to connect to each other directly. so you know, you're working on. Like your screenplay app at your Starbucks or something, and you have a coworker there and you're like, Hey, uh, check this out and, uh, give them the link.
And then, you know, they're also seeing the screenplay editor.
[00:03:27] Jeremy: in terms of security and things like that. I mean, I'm picturing it kind of like we were sitting in the same room and there's a switch and we both plugged in. Normally when you do something like that, you kind of have, full access to whatever else is on the switch. Uh, you know, provided that's not being blocked by a, a firewall.
is there like a layer of security on top of that, that a VPN service like tailscale would provide.
[00:03:53] Xe: Yes. Um, there are these things called access control lists, which are kind of like firewall rules, except you don't have to deal with like the nightmare of writing an IP tables rule that also works in windows firewall and whatever they use in Mac OS. The ACL rules are applied at the tailnet level for every device in the tailnet.
So if you have like developer machines, you can put people into groups as things like developers and say that developer machines can talk to production, but not people in QA. They can only talk to testing and people on SRE have, you know, permissions to go everywhere and people within their own teams can connect to each other. you can make more complicated policies like that fairly easily.
[00:04:44] Jeremy: And when we think about infrastructure for, for companies, you were talking about how there could be development, infrastructure, production, infrastructure, and you kind of separate it all out. when you're working with cloud infrastructure. A lot of times, there's the, I always forget what it stands for, but there's like IAM.
There's like policies that you can set up with the cloud provider that says these users can access this, or these machines can access this. And, and I wonder from your perspective, when you would choose to use that versus use something at the, the network or the, the VPN level.
[00:05:20] Xe: The way I think about it is that things like IAM enforce, permissions for like more granularly scoped things like can create EC2 instances or can delete EC2 instances or something like that. And that's just kind of a different level of thing. uh, tailscale, ACLs are more, you know, X is allowed to connect to Y or with tailscale, SSH X is allowed to connect as user Y.
and that's really different than like arbitrary capability things like IAM offers.
you could think about it as an IAM system, but the main permissions that it's exposing are can X connect to Y on Zed port.
[00:06:05] Jeremy: What are some other use cases where if you weren't using a VPN, you'd have to do a lot more work or there's a lot more complexity, kind of what are some cases where it's like, okay, using a VPN here makes a lot of sense.
(The quick and simple guide to go links https://www.trot.to/go-links)
[00:06:18] Xe: There is a service internal to tailscale called go, which is a, clone of Google's so-called go links where it's basically a URL shortener that lives at http://go. And, you know, you have go/something to get to some internal admin service or another thing to get to like, you know, the company directory and notion or something, and this kind of thing you could do with a normal setup, you know, you could set it up and have to do OAuth challenges everywhere and, you know, have to put and make sure that everyone has the right DNS configuration so that, it shows up in the right place.
And then you have to deal with HTTPS um, because OAuth requires HTTPS for understandable and kind of important reasons. And it's just a mess. Like there's so many layers of stuff like the, the barrier to get, you know, like just a darn URL, shortener up turns from 20 minutes into three days of effort trying to…
playlist_add