Skip to main content


Falling into the pit of success

Source: Imagine that systems of your organization are like a complicated piece of terrain. The people operating in the system are little balls rolling around. Victory is some sweet spot in the terrain somewhere. Depending on where Victory is it might be pretty tricky to get there. Maybe it’s up some big hill. Maybe there’s a lot of potholes. Maybe the path isn’t very direct. If you had a Pit of Success organization, then Victory would literally be this GIANT hole in the middle that you just automatically fall into. You can’t help but win. Anyone work at a place like that? Me either. Here’s the kicker. The terrain tends to get worse rather than better as things get complicated. For pretty simple reasons too. For instance, new parts of the system tend to be based on the old parts. So, say you have part of the terrain that’s full of potholes. Yup, naturally when adding to the system people are going to copy them,
Recent posts

Skills Senior Engineers need, beyond coding

Source: How to run a meeting, and no, being the person who talks the most in the meeting is not the same thing as running it How to write a design doc, take feedback, and drive it to resolution, in a reasonable period of time How to mentor an early-career teammate, a mid-career engineer, a new manager who needs technical advice How to indulge a senior manager who wants to talk about technical stuff that they don’t really understand, without rolling your eyes or making them feel stupid How to explain a technical concept behind closed doors to a senior person too embarrassed to openly admit that they don’t understand it How to influence another team to use your solution instead of writing their own How to get another engineer to do something for you by asking for help in a way that makes them feel appreciated How to lead a project even though you don’t manage any of the people workin

CORS Best Practices

Cross Origin Resource Sharing (CORS) best practices Free for all A common example is if you own a website that displays content for the public, that is not behind paywalls, or requiring authentication or authorization – you should be able to set Access-Control-Allow-Origin: * to its resources. The * value is a good choice in cases when: No authentication or authorization is required The resource should be accessible to a wide range of users without restrictions The origins & clients that will access the resource is of great variety, you don’t have knowledge of it or you simply don’t care A dangerous prospect of such configuration is when it comes to content served on private networks (i.e. behind firewall or VPN). When you are connected via a VPN, you have access to the files on the company’s network: Oversimplification of VPNs Now, if an attacker hosts as website, which contains a link to a file within the VPN, they can (in theory) create a script on their website th

lazy programmer

A lazy programmer loves programming, but hates working, so they work as little as possible. A lazy programmer finds every possible way to avoid working in the weekends. A lazy programmer writes a lot of tests, so QA junks do not waste their time. A lazy programmer documents their code, so thar coworkers do not waste their time. A lazy programmer is a master of delegation. After they delegated a task, they immeditaly forget about it. A lazy programmer do not edit long files, they teach regular expressions how to edit the file in their place. A lazy programmer do not deploy in production, they instruct Jenkins to do that. Therefore a lazy programmer is not afraid of deploying on Friday afternoon. A lazy programmer goes to the office as little as possible, possibly when other non-lazy people are not around, so they don’t waste their time. A lazy programmaer knows the best tools of their trade, so that they can reuse other people work as much as possible. A lazy programmer is easy going, b

Essential Reading List for 2021

Books on marketing, psychology, productivity, writing and startup to read in 2021. 1. Atomic Habits by James Clear 2. Deep Work By Cal Newport 3. Everybody Writes By Ann Handley,  4. Contagious: Why Things Catch On By Jonah Berger 5.  The Copywriter’s Handbook 6. Supermaker: Crafting Business on Your Own Terms By Jaime Schmidt 7. It's About Damn Time: How to Turn Being Underestimated into Your Greatest Advantage 8. The Great CEO Within: The Tactical Guide to Company Building 9. Ogilvy on Advertising 10. The Psychology of Money: Timeless lessons on wealth, greed, and happiness 11. ReWork: Change the Way You Work Forever 12. Trillion Dollar Coach: The Leadership Handbook of Silicon Valley’s Bill Campbell 13. Setting the Table: The Transforming Power of Hospitality in Business 14. Tribe of Mentors: Short Life Advice from the Best in the World 15. The Art of Community: Seven Principles for Belonging 16. Cashvertising By Drew Eric Whitman 17. All marketers are liars By Seth Godin 18. Pe

Love's Pensive

The truth is, once you fall in love with a person, you never give up on loving them. Maybe your love never finds the courage to be expressed, maybe it was expressed but never reciprocated or maybe it was reciprocated and still didn't make through. Or all of the above at different times. So your love stays, right there in your heart, never giving up. Some days you cry until your ribs shake like tectonic plates saying it's okay. Other days, you convince yourself that you deserve better. Years pass and time builds a fortress around that chunk of your heart. Love ferments into a sour disdain while butterflies drown in a reluctant resentment. You take charge and distribute yourself in other relationships, that form bricks of your fortress. And you forget it for a while. But then somewhere, you hear their favorite melody in a restaurant. You think of their lame jokes on an uneventful bus ride through the lanes near your old house. In a crowd of strangers, their perfume flits through

Never run "python" in your "Downloads" folder

  One of the wonderful things about Python is the ease with which you can start writing a script - just drop some code into a   .py   file, and run   python . Similarly it’s easy to get started with modularity: split   into   and , and you can   import my_lib   from   and start organizing your code into modules. However, the details of the machinery that makes this work have some surprising, and sometimes  very  security-critical consequences: the more convenient it is for  you  to execute code from different locations, the more opportunities an attacker has to execute it as well... Python needs a safe space to load code from Here are three critical assumptions embedded in Python’s security model: Every entry on  sys.path  is assumed to be a secure location from which it is safe to execute arbitrary code. The directory where the “main script” is located is always on  sys.path . When invoking  python  directly, the  current dir

The missing guide to remote onboarding

  0. Equipment, accounts, access should all be setup BEFORE day 1. If someone starts work without these things you need to make that process better first. 1. First thing should be a video call with your manager. Ideally they will be available for questions for at least the first 1/2 of the day. If you run into problems they should be able to take action right away and not when they're done with meetings 2. The manager should prepare a list of things to read in your first week. Wiki, chat rooms, code, etc. This list should be explained during the first call and sent as an email to reference over the first few weeks. One of those links should be documented expectations. Not informal, verbal information. Documented publicly to make sure everyone is on the same page (new hire, manager, co-workers) Ideally every company >100 people will have an up to date website with org chart information, user aliases, email, phone numbers, etc. This is going to be crucial to new hires to understan

Filtering bullshit

The three way filters to keep bullshit away: 1. As Munger said: “Show me the incentive and I’ll show you the outcome.” Be wary of views coming from people who are not free to speak their minds on the topic at hand, because of their existing incentives. 2. Favour views from those who get paid for being right, discount views from those who get paid for sounding right. 3. The balance of power is being overturned by information technology. Favour people who deeply understand it and work it into their world view.

Permanent skills

Permanent Skills Weir was one of the most popular instructors at West Point in the mid-1800s. This is odd at a military academy, because he taught painting and drawing. Weir’s art classes were mandatory at West Point. Art can broaden your perspective, but that wasn’t the point. Nineteenth-century West Point cadets needed to be good at drawing because cartography was in its infancy. High-quality maps of the United States – let alone, say, Mexico – were scarce, if they existed at all. Military officers were expected to draw maps on the fly and record a battlefield’s topography. It wasn’t a niche; it was vital to the war. Weir’s favorite student, who passed the time at West Point drawing river bends and mountain ranges, was Ulysses S. Grant. West Point no longer offers drawing or painting classes. Its sole cartography course emphasizes mapping software and technology, as you might expect. Drawing was an expiring military skill. Critical in one era, diminished in the next, unmentionable th