Notes #3

The Xerox Smalltalk-80 GUI Was Weird

At first glance, this looks incredibly similar to something like the desktop of the Apple Lisa or early Mac OS. It’s easy to see why people might think that Apple sort of stole the graphical user interface from it’s rich neighbor Xerox. It’s not true, though.

The first thing is that the Smalltalk environment wasn’t really an operating system the same way something like Mac OS was. It’s more like an IDE that runs on bare hardware.

CommonJS is hurting JavaScript

In 2009, CommonJS was exactly what JavaScript needed. The group took a tough problem and forced through a solution that continues to be used millions of times a day.

But with ESM as the standard and the focus shifting towards cloud primitives — the edge, browsers, and serverless compute — and CommonJS simply doesn’t cut it. ESM is a better solution for developers, as they can write browser-compliant code — and for users who get a better end experience.

SQLite Package Manager/Registry

Given the vast amount of SQLite extensions, it’s only logical to have a package registry and a package manager.

So today I’m launching both! Meet sqlpkg — the (unofficial) SQLite package registry and manager.

Data analysis with SQLite and Python

A 2h45m video tutorial about SQLite, Python, sqlite-utils and Datasette presented at PyCon 2023.

Joins 13 Ways

Relational (inner) joins are really common in the world of databases, and one weird thing about them is that it seems like everyone has a different idea of what they are. In this post I’ve aggregated a bunch of different definitions, ways of thinking about them, and ways of implementing them that will hopefully be interesting. They’re not without redundancy, some of them are arguably the same, but I think they’re all interesting perspectives nonetheless.

What is self-documenting code?

People say self-documenting code is not possible. This is not true. Not only is it possible but it is recommended, in all cases. As I explain. In this video.

Sao Paulo: The City With No Outdoor Advertisements

In September 2006, the mayor of São Paulo passed the so-called “Clean City Law” that outlawed the use of all outdoor advertisements, including on billboards, transit, and in front of stores. Within a year, 15,000 billboards were taken down and store signs had to be shrunk so as not to violate the new law.

Don’t Build A General Purpose API To Power Your Own Front End

It’s popular in web dev nowadays to build a backend that serves JSON, and a frontend that renders the app. This is fine. I’m not the biggest fan, but it’s really okay. Except it’s not okay if you think that your backend needs to be designed like a generic public API. This will not save you time.

Hypermedia APIs vs. Data APIs

When designing a hypermedia API, you should use a different design mindset than you use for data APIs. Churn is much less of a concern, and providing the end points you need for a good hypermedia experience should be your primary goal.

Binding On Port 0

A commonly occurring problem is that you you have a program that needs to bind on some TCP or UDP port, but you don’t actually care what port is chosen. The most obvious way to solve this would be to pick a port at random, but this is a poor solution because you could randomly pick a port that’s already in use. Another solution here is to bind on port 0. If you do this the kernel will select an unused port from the ephemeral port range. You can subsequently use getsockname(2) to determine which port was actually chosen.

What is going on here?

I write here about thoughts I have, things I’m working on, stuff I’ve read, experiences I’ve had, and so on. Whenever a thought crystalizes in my head, I type it up and post it here. I don’t read over it, I don’t show it to anyone, and I don’t edit it — I just post it.

Aaron Swartz


GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems.

The project collects legitimate functions of Unix binaries that can be abused to get the f**k break out restricted shells, escalate or maintain elevated privileges, transfer files, spawn bind and reverse shells, and facilitate the other post-exploitation tasks.

How to Find Unencrypted SSH Keys and Encrypt Them

SSH keys are commonly used to sign into servers, push code, and verify identities. It’s important they are password-protected.

How to make macOS remember my ssh password

You can follow these steps to mimic the older functionality of macOS remembering your password between sessions and restarts.

Here’s the updated command:

ssh-add --apple-use-keychain ~/.ssh/your_key

1Password SSH agent

The 1Password SSH agent uses the SSH keys you have saved in 1Password to seamlessly integrate with your Git and SSH workflows. It authenticates your Git and SSH clients without those clients ever being able to read your private key.