web development

Stop Learning Frameworks

“Stop Learning Frameworks” is exactly what I’ve been saying and doing for years.

Technology come and go, but it has a lot in common. Set priorities right. Invest 80% of your learning time in fundamentals. Leave 20% for frameworks, libraries and tools.

After 20 or so years working with technology, it always amazes me how most of the new and cool tech is actually another iteration on something that existed and has been used since forever.

Cloud computing, and even the newest hype of serverless architectures, are just another iteration on the ever-going problem of large and centralized versus small and decentralized (mainframes, PC, terminal servers and thin clients, and on, and on, and on). NoSQL databases have a very familiar feeling to anyone who have worked with LDAP. All the modern instant messengers iterate over the same problems (and often solutions) from the ancient protocols – NNTP, email (POP, IMAP, SMTP), IRC, and tools that implemented them for different purposes. And on, and on it goes.

There isn’t enough time in the world to learn even a fraction of all that technology. But focusing on the fundamentals helps a lot. If there was one thing to add, I’d also prioritize open technologies and formats versus proprietary. Open technologies survive the longest and tend to be reused a lot more.

The Book of Secret Knowledge

“The Book of Secret Knowledge” is a collection of awesome lists, manuals, blogs, hacks, one-liners, cli/web tools and more. It is intended for everyone and anyone – especially for System and Network Administrators, DevOps, Pentesters or Security Researchers.

While you are at it, also have a look at:

Hacker News: Ask HN: Best Command-Line Applications?
Awesome Shell curated list
Awesome CLI Applications curated list

Well-Known URIs

Back when Let’s Encrypt started giving out free SSL certificates, one bit that visible all over the web was the “well-known” directory. I never thought much about it – it’s just a name after all.

Turns out, there is actually an RFC 5785 that defines a standard for the well-known uniform resource identifiers (URIs). And that’s a lot more generic than just the bit that Let’s Encrypt needs.

Accidentally stumbled upon this while reading “A Well-Known URL for Changing Passwords” draft.

Beyond Passwords: 2FA, U2F and Google Advanced Protection

“Beyond Passwords: 2FA, U2F and Google Advanced Protection” is a rather lengthy, but insightful article on the subject of 2-factor authentication, multi-factor authentication, and other related options. It nicely explains which option is which and how it works, as well as clears a lot of confusion between these terms.

The article itself is not too technical, so it’s strongly recommended for anyone dealing with authentication, sensitive data, and security in general.

The best way to get the full PHP version string

Jeff Geerling shares the best way to get the full PHP version string. I’d think that “php –version” externally or “echo PHP_VERSION” internally would do the job. However, that’s not exactly right, as there are a number of inconsistencies on different platforms. The best option seems to be the combination of the PHP_MAJOR_VERSION, PHP_MINOR_VERSION, and PHP_RELEASE_VERSION constants.

$ php -r 'echo join(".",[PHP_MAJOR_VERSION,PHP_MINOR_VERSION,PHP_RELEASE_VERSION]);'
7.2.12