2376
Fruit salad: a scrum estimation scale – Frances Berriman
I’ve seen a lot of work estimation scales and most of them are terrible. This looks funny but is actually a lot better than most other systems!

(The best by the way is hours plus a confidence interval but that can be very hard to get folks to buy into.)
estimates  fruit  scrum  software  development 
25 days ago
OSMnx: Python for Street Networks – Geoff Boeing
Tools to quickly and easily download administrative boundaries and street networks. I've done some of this by hand in the past and it's a tremendous pain.
mapping  network  python  osm 
26 days ago
Making of: Best of 2019 – Johan Ronsse
A good example of building a site with Svelte. Svelte has been on my to-try list for a bit now; it looks like it fits my brain better than other front end frameworks.
framework  svelte  webdev  examples  web  js 
7 weeks ago
Getting started with Version 2 of AWS EC2 Instance Metadata service (IMDSv2)
Ah, Amazon is finally starting to take some steps to systemically address EC2 metadata weaknesses. (SSRF against the EC2 metadata service has been at the root of many many security breaches for nearly a decade, including several very high-profile breaches.)
aws  amazon  security  ec2  ssrf 
11 weeks ago
Kore4 and Python
There's a bunch of interesting stuff here - async, automatic ssl - but the seccomp stuff is _really_ fascinating. I wonder how hard it'd be to do this with Django?
python  webdev  security  frameworks  kore  seccomp 
november 2019
Design better data tables - UX Collective
I really like these patterns. I wonder if there's a good front-end library that makes this stuff easy? I tend to use django-tables2 on the backend, which handles all the sorting/filtering nicely, but the UI leaves something to be desired.
data  design  tables 
november 2019
toniblyx/my-arsenal-of-aws-security-tools
A huge list of open source AWS security tools.
aws  security  tools 
august 2019
The Difference Between Red, Blue, and Purple Teams | Daniel Miessler
A really good model for build/break/defend teams and — more importantly — the interactions between them.
engineering  redteam  security 
august 2019
60 Cybersecurity Interview Questions [2019 Update] | Daniel Miessler
Some really good interview questions here! A few tend a bit too far towards trivia for my taste, but most of them are really great.
interview  jobs  security  infosec 
august 2019
NAIP on AWS - Registry of Open Data on AWS
1m.px arial imagery in GeoTIFF format, in the public domain.
maps  imagery  satellite  gis 
june 2019
awsmfa · PyPI
Useful tool to automate some the headaches using IAM, MFA, and short-lived credentials.
aws  cli  mfa  security 
june 2019
Python in Azure Pipelines, Step by Step · Homepage of Hynek Schlawack
Azure Pipelines is a very strong new offering in the CI/CD space, but as with most of Azure the documentation is lacking and there are subtle bugs/limitations. Hynek's guide is the missing docs Python people need to get started.
github  microsoft  ci  azure  cd  testing  python 
june 2019
If You Say Something Is “Likely,” How Likely Do People Think It Is?
Mapping vague words ("likely", "probably", "never") to specific probabilities. Very useful for training and calibrating forecasters.
forecasting  predictions  probability  security 
april 2019
Bringing Okta to Massdrop – Zander – Medium
Details on how a fully-automated, SSO-and-2FA-everywhere account security system works. Zander now runs IT for HackerOne, and I've been blown away by how great the IT security is here.
security  okta  sso  2fa  saml 
april 2019
Engineering dive into Slack Enterprise Key Management
Slack's EKM is an incredibly promising model for B2B services. It gives customers much more control over how data is stored and retained, and seems to reduce risks of sensitive data on 3rd-party servers. I haven't dug super-deep into the details, and I'm sure there are potential problems and downsides. But, I love the model, and hope it's the start of a trend.
encryption  b2b  slack  security 
march 2019
Starting Up Security
The collected security writings of Ryan McGeehan (@magoo). These used to be on Medium where there were really hard to find; here they are all in one place. These articles are a tremendous resource for anyone building a security team/organization/practice; highly recommended.
security  essays 
march 2019
Jessie Frazelle's Blog: Defining a Distinguished Engineer
This is perhaps the single best description of what a senior technical IC looks like. It's Engineering-oriented but could apply to nearly any technical role.
ladder  career  distinguisted  jobs  senior  role  principle  engineering 
march 2019
Client-side instrumentation for under $1 per month. No servers necessary. · Bostata | Boston Data Engineering
I've been looking for a way out of GA. This is done work up front, but it might be just what I'm looking for.
ga  analytics  tracking  stats  lambda  aws 
march 2019
You probably don’t need a single-page application
Ignore the clickbait headline. This is a really solid breakdown of the cases where SPAs make sense, and where a more traditional (or hybrid) architecture would be a better choice.
frontend  spa  web  apis 
february 2019
2018 in Review – Ellen Chisa – Medium
I tend not to have the discipline to track my personal data this closely, but I always want to. Anyway - the major takeaway for me here is the "most important task of the day" idea. I do this weekly already, so it'd be a minor (and useful, I think) addition to take up doing it daily.
personal  yearinreview  data 
january 2019
A Comprehensive Guide to Using Airtable as a Personal CRM
I also built an Airtable for this, though it wasn't as nice. I ended up giving Monica a try instead, but it's not great, either. I might switch back to Airtable and use this as a starting point.
airtable  personal  database  adulting  crm 
january 2019
Foursquare's New Technoligy Policy
"Being able to introduce new technologies [...] is great, but there can be significant production and maintenance overhead to new systems [...] This proposal is to give some guidelines on how to introduce a new technology in a way which will be sustainable and give it the best chance of long-term success at Foursquare."
foursquare  policy  technology  process 
december 2018
I hate manager READMEs – Camille Fournier
An interesting perspective, with a lot of merit. I've found the manager README concept compelling, but never tried it. Now I'll think a lot more critically before I give it a shot (and may decide not to after all).
management 
november 2018
Reviews of U2F devices
Roundup of the various U2F devices on the market right now. Critically also includes information on which can store TOTP secrets (a key use-case for me).
authentication  security  u2f  2fa 
november 2018
SectorLabs/django-postgres-extra
Adds (among other features) upsert (ON CONFLICT ...) support for Django/Postgres.
django  postgres 
november 2018
Personal data removal & credit freeze guide workbook [PDF]
An exhaustive workbook/checklist guiding freezing credit and scrubbing personal data from the web. This is most comprehensive guide to this sort of thing I've found.
howto  internet  privacy  security  pii  checklist  workbook 
november 2018
Tiller
Like Mint &c, but syncs financial data to Google Sheets instead of a web app. I'm a huge fan of Sheets: it's a far more powerful product than you'd think, with strong scripting support and a pretty easy API. Using it for my own financial analysis seems perfect, looking forward to giving this a try.
data  spreadsheets  sheets  finance  money  google 
november 2018
A Curriculum for Python Packaging
Al Sweigart's curated selection of talks, documentation, and notes covering the Python packaging ecosystem. I'm seen most of these myself and I agree with the picks 100%: it's a great set of knowledge to help really nail down a rather-confusing part of the Python ecosystem.
python  packaging 
november 2018
How to tell if you're a good manager — Quartz at Work
Measuring a manager's success is really hard. This is one of the best sets of success signals I've seen.
measurement  metrics  management 
november 2018
Ultralight two person shelter spreadsheet
Great roundup and data on ultralight two person shelters. I really want the MLD Duomid and inner in DCF, but at nearly $1,000 for the pair I think I really should consider other options.
gear  ultralight  backpacking  tents 
november 2018
CSS Grid Garden
A game for learning CSS grid layout. I loved it, and I learned a few new tricks too. Also see Flexbox Froggy, a game teaching Flexbox layout by the same author.
css  game  learning  css-grid 
november 2018
Best on the Crest: Food and lodging on the PCT
A new (2018), very opinionated guide to towns along the PCT
pct  resupply  towns  guide 
june 2018
WX2InReach - Home
This would be a huge reason to switch from a Spot to an InReach!
pct  hiking  backcountry  inreach  weather 
june 2018
Job Hound
A tool for tracking your job hunt. Basically the inverse of an ATS. Neat!
jobs  jobsearch  tools 
april 2018
Onsite Interview Loop Template | Lara Hogan
This would be a good improvement to the hiring process/workflow I worked out at 18F.
interview  hiring 
april 2018
Alps 2 Ocean | The Ultra Adventure Race
7-day stage race in NZ, with both supported and unsupported options.
ultrarunning  race  stagerace 
march 2018
Lassen National Park | Pacific Crest Trail | Travels
Alternate route through Lassen that hits more of the park's highlights.
lassen  park  hiking  backpacking  pct 
february 2018
delta 1 - A bike ride in Bay Point, CA
Potential rote from Sac to Antioch - missing link on my Tahoe/Santa Cruz route! Bike route, but probably there's not much better walking; there aren't really trails through the delta.
acrosscalifornia  trail  bike  map  gpx  route 
february 2018
AAC Publications - Search The American Alpine Journal and Accidents
Searchable database of 50 years of climbing/mountaineering accident reports
accident  retrospectives  climbing  reports 
february 2018
1DollarScan
Turn books into PDFs - could be very useful for some of my more referency things, or as part of the cookbook digitization thing I've wanted to do for a while. Not actually $1/book: $1/100 pages, plus additional for OCR and such. Still a pretty good deal.
books  pdf  scanning  ebook  service 
january 2018
Folomov A1 Single Cell Charger Review – ZeroAir Reviews
Probably the lightest charger for 18650 batteries. Safe, but slow.
18650  charger  gear  batteries  pct 
january 2018
lighterpack.com/r/buxr7i
9lb baseweight, similar to what I want to bring (I think)
gear  pct  lighterpack 
january 2018
Maps - Thunderforest
Outdoor-oriented tilesets based on OSM data.
design  maps  tilelayers  outdoors  hiking 
december 2017
The Best Interview Questions We've Ever Published | First Round Review
There's some stuff I disagree with here, but in general lots of good questions.
hiring  interview 
october 2017
« earlier      
2008 airlines ajax algorithms amazon apache api apple apps architecture art audio authentication awesome aws backpacking backup bacon blog book books browser business charts cocoa code colocation comics community conference conferences cooking cool copyright crypto cryptography css culture data database databases dataviz db debian delicious deployment design development distributed diversity diy django djangopowered documentation download dvd ec2 economics ego election election2008 elections electronics ellington email encryption engineering erlang essays facebook farm feminism filesystem finance firefox flash flickr food framework free friends funny games gear gender geo gis git github google government gps graph graphics guide hacks hardware hiking hiring history home hosting house howto html http humor i18n icons ideas internet interview ios ipad iphone java javascript jobs journalism jquery js kansas language law lawrence legal library licenses lifehacks linux lists lucene mac management mapping maps mashup math me media metafilter microsoft mobile money monitoring movies mozilla mp3 music mysql network networking news nintendo npr opensource oscon osx p1510 passwords pct pdf performance photography php pmscs politics postgres postgresql presentations privacy programming propaganda psp pycon pycon2007 python quotes radio rails recipe recipes reference replication research rest retrospective reviews ruby running s3 scaling schema science scm scraping search secrets security series60 server sexism shopping slides social software sousvide sports sql ssh ssl statistics stats svn sysadmin tech technology testing tips tivo tls todo tools training travel tuning tutorial tv typography ubuntu ui unicode unix via:mcroydon video visualization voting weather web webdesign webdev webservices wiki wikipedia windows work workflow worldcup writing xml yahoo youtube

Copy this bookmark:



description:


tags: