Understanding and Embracing TypeScript’s “readonly”

If you’ve tried to use JavaScript in a functional style, you’ve no doubt chafed at the fact that all those little objects flying around at any given time are about as far as they can possibly get from immutable. You can, of course, be careful to write code that never mutates an object, but while good practices improve your code, they’re weak defenses against bugs.

TypeScript can help you with its readonly property modifier. With readonly, you can rely on TypeScript’s static analysis to enforce and flag mutations in your codebase.
Read more on Understanding and Embracing TypeScript’s “readonly”…

Can the macOS Disk Utility really erase an SSD?

Laptop computers, especially those with a lot of internal storage, are very convenient. In the same amount of physical space that a magazine would take up, we can carry an amazing amount of data with us and work with it anywhere. One flip-side of that benefit is that all that data remains inside that computer even after we’ve moved on to a new one, unless we take steps to erase it first. Read more on Can the macOS Disk Utility really erase an SSD?…

Representing Function Properties in TypeScript

We’ve been using TypeScript on an Electron project. It’s been a huge win already—a little additional upfront investment gives us more confidence that our code is correct and reduces the chance that it will pass unexpectedly-shaped objects around, a source of many bugs in my past Node applications.

But sometimes, it’s not immediately clear how to type certain kinds of objects. You can, of course, represent these as any whenever you need to—but any any you rely on can weaken your code’s quality. Last week, I discovered another way to avoid falling back on that crutch, thanks to the power of TypeScript’s type system.
Read more on Representing Function Properties in TypeScript…

Virtual Network Customization in VMware Fusion

When working on a project where we need to run software that typically runs on another operating system, virtualization can be a very useful tool. On macOS, VMware Fusion is an excellent choice for this; it has many time-saving features, and its compatibility is top-notch—especially if you need to run Windows or macOS itself in a VM. Read more on Virtual Network Customization in VMware Fusion…

Security Hygiene for Software Professionals

As software makers, we face a unique threat model. The computers or accounts we use to develop and deliver software are of more value to an attacker than what ordinary computer users have—cloud service keys can be stolen and used for profit, and the software we ship can be loaded with malware without our knowledge. And that’s before we consider that the code we write has a tremendous value of its own and should be protected.

Padlock by Moyan Brenn. Used with permission under CC BY 2.0.

Taking responsibility for our security hygiene is, thankfully, not very difficult. Today, most tools we need are either already present in our operating systems or can be added without much effort. In this post, I’ll take you down a list of things you should consider.
Read more on Security Hygiene for Software Professionals…

The Security Spectrum of curl | sh

A growing number of organizations are delivering software, generally for macOS, with a very Unix-y but also controversial pattern: using curl(1) to download a script and piping the output directly to sh (a.k.a. Bash(1)). There’s even a blog tracking the phenomenon, with the pointed description, “People telling people to execute arbitrary code over the network.” Read more on The Security Spectrum of curl | sh…

Easy Secure Web Serving with OpenBSD’s acme-client and Let’s Encrypt

As recently as just a few years ago, I hosted my personal website, VPN, and personal email on a computer running OpenBSD in my basement. I respected OpenBSD for providing a well-engineered, no-nonsense, and secure operating system. But when I finally packed up that basement computer, I moved my website to an inexpensive cloud server running Linux instead. Read more on Easy Secure Web Serving with OpenBSD’s acme-client and Let’s Encrypt…

[Video] Command Injection: How the Shell Makes You Vulnerable

Most web developers are familiar with SQL injection, an all-too-common web vulnerability. The problem typically arises from assembling SQL queries by concatenating strings, without considering they’re allowing whoever supplies the parameters (typically, a consumer of a web API) to write their own SQL code. But SQL isn’t the only place you can get code injected. SQL injection has a close cousin that’s not nearly as well-known, but it’s just as—if not more—deadly: command injection.
Read more on [Video] Command Injection: How the Shell Makes You Vulnerable…

Date Math Across Time Zones with Moment.js

Time zones—two words that strike fear deep in the heart of every developer. And rightly so. Humans started keeping time over a century ago, pegging their concept of “noon” to the point in the day when the sun is directly overhead. Since then, the world has steadily been moving to where we are now, with humans and computers communicating with each other in sub-millisecond time around the globe. This situation has created a morass of rules that no programmer could reasonably expect to keep in their head. Read more on Date Math Across Time Zones with Moment.js…

Why You Shouldn’t “npm install -g”

I’ve been doing some reading lately on new (to me) tools in the Node.js ecosystem. This ecosystem is certainly vibrant, with lots of interesting things going on all the time, but I’m concerned about a pattern that I see popping up when people write about it.

It’s an old pattern—one I’ve seen many times in many different contexts over my decades of working on Unix-like systems—but it seems even more common now that OS X is the development platform of choice. The pattern’s telltale sign: npm install -g.
Read more on Why You Shouldn’t “npm install -g”…