Posts

I started using Rust in 2017, before the stabilisation of async/await. When it was stabilised I managed to avoid it for a few more years before it was time to grapple with it. It’s fair to say that async Rust is one of the hairiest parts of the language, not because the async model is poorly designed, but because of the inherent complexity of it in combination with Rust’s goals. There have been many blog post written about async and its perceived shortcomings, as well as excellent explainers and history lessons, mostly from withoutboats.

The other day at work I, accidentally, roped myself into upgrading some dependencies in our Rust services. These were breaking changes, so not just a case of running cargo update. I had to understand the changes and make the appropriate modifications to our code. Adopting breaking changes can be frustrating in the best of times, but it was particularly annoying this time because none of these projects kept a CHANGELOG.md files, although they all had release notes on GitHub.

17 odd years ago when I stared programming, PHP was all the rage. Javascript was steadily gaining traction. Django and Ruby on Rails were in their infancy, but promised greatly increased productivity. A few years later, inspired by Ruby’s fame, Coffeescript became a mainstay in the Javascript ecosystem. Statically compiled, typed languages, used to build monolithic web applications, were rapidly falling out of favour. In 2023 the trend is reversing, static compilation and types are cool again. Monoliths are making a comeback. The pendulum is turning.

Freaking magnets NFTs, how do they work? In this post I’ll try to explain NFTs in a way that’s mostly accurate, but requires minimal technical understanding. I’m going to assume the reader is familiar with excel style software and Google Sheets in particular.

NFTs exploded into mainstream popularity in the latter half of 2021 and if you follow me on Twitter you’ll know I’m not a fan. In “crypto”-speak I’m NGMI(not gonna make it). But what are NFTs anyway?

A while back I had to re-activate my deactivated Facebook account to participate in a Messenger group chat. I wasn’t exactly happy about this, but being an absolutist about these things is not worthwhile either. After re-activating my account I decided it would make me slightly happier about the situation if I wiped all the content from my account. A digital detox if you will. Ever since then I’ve had a nagging feeling I should expand this idea to other platforms. This blog post is about how I deleted all my tweets on Twitter.

An oft discussed hypothesis is that certain apps, usually Facebook, listens to and analyses your surroundings for ad targeting purposes. It has never been conclusively proven that Facebook does this, but there are plenty of people on the internet with anecdotal stories of ads appearing for products they’ve only discussed IRL. In iOS 14 Apple added indicators to highlight when an app is using the device’s microphone or camera. Since I have access to a decently sized collection of app privacy details I decided to have a look if any apps admit to this behaviour.

In iOS 14.3, Apple added their new app privacy details to App Store listings. App privacy details, which are sometimes compared to the nutritional labels on foodstuff, are details about the data an app collects and the purposes and use of such data. What can we learn by analysing this data?

The web has a long and rich history dating back to the nineties at CERN. Back then Tim Berners-Lee laid the foundation of HTML that is still around today. There have been attempts to replace it with varying success but none have been successful, for good reason. HTML and the later invention of CSS are a remarkably powerful set of tools to build all kinds of experiences on the web. People are still trying to replace HTML, which brings us to the topic of this post: Flutter Web.

One day when doomscrolling on Twitter, I saw this tweet from James Coglan and decided it would be a good topic for a long form writeup.

If you’ve ever met me or read this blog, you know that I have a soft spot for the Rust programming language. I’m also excited about and interested in Svelte, a declarative and reactive web framework. In this blog post I will explain how these two completely different technologies are actually quite similar and why these similarities are what make them great.

Some iOS apps ship their own HTTP and TLS stack instead of relying on Apple’s NSURLSession or the lower level frameworks it relies on. There are many reasons to do this, but the most common one I’ve encountered is apps that use a shared core, typically written in C++, which is used in applications on different platforms. This poses a problem for anyone trying to snoop on the apps network traffic. Recently, I was investigating an app like this and found myself having to intercept its HTTP traffic.

It has become a somewhat of a tradition for Apple to announce new measures to safe guard user privacy at WWDC, their annual developer conference. Despite a different format, due to the COVID crisis, this proved to be that case for WWDC2020 as well. Apple announced restrictions on access to sensitive data, a new framework for tracking consent, and a notification when apps read from the iOS/iPadOS clipboard.

Software bugs often happen when the internal state of a program is invalid or inaccurate. As programmers our job is to manage state while avoiding these bugs. So how can we avoid invalid state? Well for one we could try to eliminate all state in our programs, but this approach quickly falls apart if we want to write useful software. A better approach is to make it impossible to introduce invalid state by preventing it from being represented.

I’ve been pondering the notion of “Full Stack” Developers a lot. A tweet from Peter Steinberger prompted me to write down my thoughts.

This website, for the most part, is still set up in the way I outlined in The One Cent Blog, but I’ve made a few recent improvements. Previously only static assets were edge cached via CloudFlare while the HTML pages themselves were not. With these recent changes the HTML pages themselves benefit from CloudFlare’s edge caching. With this change TTFB(Time To First Byte) was reduced by almost 90%.

During the month of December I have for the past few years been participating in Advent of Code. Advent of Code is an advent calendar of programming puzzles created by Eric Wastl I’ve come to really enjoy. Naturally I am solving the puzzles in Rust.

A while back I read The Great Divide by Chris Coyier and the ideas expressed in the piece have been stuck in my head since then. I have been thinking a lot about the divided that Chris describes between “Javascript Engineers” and “UX/UI engineers”. Frankly most of the rest of this post will not make sense if you don’t read “The Great Divide” first, so please read it. It’s okay I’ll wait… Done? Great! Wasn’t it an interesting read? Did it get you thinking about what being a front-end engineer means?

From time to time I like to fire up mitmproxy and route my phone’s traffic through my computer. This allows your computer, via mitmproxy, to inspect and even alter HTTP(s) requests applications and other services on your phone are performing.

What if there was a reliable method to hack half of the websites on the internet in a single attack? Imagine if you could compromise a single entity and gain immediate Javascript code execution on half the websites in the world; including google.com, stackoverflow.com, reddit.com and 93% of the Alexa top 10k. You could exfiltrate all kinds of valuable data such as passwords, email addresses, and full credit card details including CCVs.

About a year ago I bought a YubiKey Nano to use as a hardware token via the emerging FIDO protocol and for OTP. For some time I’ve been aware that it’s possible to keep a PGP keypair on the key and use it for signing and authentication for git. Today I decided to finally set that up. Since this process proved to be a bit confusing I figured I would write it up.

After my last post exploring SIMD instructions in Rust I was curious about the performance implications of f64 vs f32 values. My raytracer uses f64 values for all floating point calculations. If it was not clear from the last post my knowledge of low level CPU performance is limited at best. With that said I would not expect f32 to be any faster than f64 on modern 64-bit CPUs since you can do f64 calculations with a single CPU cycle anyway. In the benchmark mentioned in the previous post I tested the performance between f64 and f32 and found no difference.

Update: Cameron Hart did some further research on my methodologies in this post and what he found was quite interesting. In my benchmarks I forgot to account for the role of, the now removed, black box in the rust test crate. The purpose of the black box is to trick the optimizer into not optiziming the benchmarks. This is exactly what happened unfortunately. Based on this I went back and re-did the SIMD implementation in my raytracer fully. This resulted in a 60% increase in performance much more in line with what I expected initially. Much like my f64 vs f32 experiment showed the lesson is that micro benchmarks are dangerous and it is easy to be fooled by them. The original post is presented without modification below. I suggest reading Cameron’s research to understand my mistakes.

A pet project by Mozilla employee Graydon Hoare that grew to be one of Mozilla’s most important endeavours, The rust language was first announced in 2010. It was voted “most loved programming language” in the Stack Overflow developer survey in both 2016 and 2017.

A long time ago in a galaxy far far away I used Firefox as my default web browser. I was running Windows XP and had just started learning PHP and C++. I kept using Firefox for a few years, but then during university I got tired of how slow Firefox was and jumped ship to Chrome.

A blog post in this week’s iOS Weekly jogged my memory on one of my least favourite things about iOS development; segues and parameters. As Chris points out in the post Storyboard segues are broken, specifically they are broken because you can’t inject dependencies and parameters in the view controllers involved in segues in a good way. This is something I’ve always been annoyed by and I’ve often taken to not using storyboards at all preferring to use XIBs instead.

Recently I’ve been working on GitLab support for the Danger gem. Danger is a gem that extends the concept of CI. She(yes the gem is referred to as she) tries to formalize your pull request etiquette by introducing automated checks for tasks commonly done by humans in code reviews/PRs. This leaves humans to think about more important and difficult things. As I’ve written about before having CI systems that are as strict as possible can be strong driver for code quality and long term project health. Removing burdens from humans makes Danger a double win. Naturally I’m a big fan of Danger.

In this post I’ll show how to implement a Linked List in Swift. For this post there’s also a Playground version that works with Xcode 10 and above.

It’s WWDC week and as usual Apple has a lot of exciting announcements. This year Apple announced Source Editor Extensions for Xcode. A new extensions system that allows developers to extend the functionality of Xcode. As a plugin developer myself I was excited to see Apple finally working on first party support for Xcode extension. However as I explored the new API my excitement quickly faded and was replaced with disappointment.

Like many programmers not from the US I grew up and learned programming on a rather suboptimal keyboard layout. When I started programming at 14 I didn’t think much about the keyboard, sure typing { involved pressing the extremely awkward combination alt+shift+8 and sometimes shortcuts would not work because the author didn’t consider layouts outside of US QWERTY, I however was still happy.

Imagine that everywhere you touched a post-it with your passwords would appear. Imagine that your government and the governments in many of the countries you’ve travelled to had all your passwords. Imagine that governments weren’t that good at protecting your passwords. In the day and age of Touch ID and other technologies that use your fingerprints as passwords you don’t have to imagine.

Swift, unlike many other languages, does not separate primitive values from classes and structs. As we’ll see in this post this choice allows for some interesting and powerful constructs. In other languages, such as Java, the primitive types int, double, float, and boolean are distinctly different from classes and, because of that, you can’t use them in the same way.

It’s 2016 and many sites have still not deployed HTTPS fully even though it’s now free and largely available. Prominent websites that deal with sensitive user data are doing so in completely broken ways. Luckily the browser vendors and the web community is working to make users aware of such practice and even lockdown access to certain APIs on insecure origins.

This post details how I run this website for about $0.01/month with great scaling and HTTPS using S3, Jekyll, Cloudflare and Travis-CI. It should be noted that the cost varies depending on how much traffic your site sees, $0.01/month is just what I typically see on this website.

Validation errors suck! They cause your users frustration, they hurt conversion rates, and when they are incorrect they are confusing. My email address h@tunius.se gets rejected as being invalid quite frequently and it’s always just as frustrating. Validation errors should be actual objective errors in the submitted data, not arbitrary subjective over validation.

Writing clean majestic code is something I think we should all strive for in our work and it is important to me. The age-old Code is read more than it is written is a good reason to be writing clean code. This post is about how I have found strictness to be a great tool in the effort to write clean code.

Elasticsearch is an awesome tool for building fast and powerful search experiences. However integration testing with Elasticsearch can be painful. Elasticsearch uses a HTTP REST API to modify, setup, and search indices. The nature of this API is eventually consistent, creating an index will not be done when the HTTP call returns. This eventual consistency can become painful in test since creating, indexing, searching and then removing the index needs to happen in rapid succession.

I finally took the time to move this site to s3 instead of my previous setup with a digitalocean droplet.

We have recently started using ActiveModel::Serializer at FishBrain in favour of jbuilder. During this ongoing switch we have had to deal with a few issues mainly regarding to caching. If you haven’t used ActiveModel::Serializer before I would recommend you check it out.

Today I am writing about my experience starting out with open source contributions over at the CocoaPods blog.

Git’s force push feature is the source of a lot of controversy and errors. It’s widely considered to be dangerous and left for use only in extreme situations. I use it every single day.

Apple’s new language Swift has some really nice syntactic sugar for common operations. One of the new features is closures which are similar to blocks in Objective-C, but they have a few tricks that blocks don’t have. When the last argument to a function is a closure it’s possible to put it outside the parenthesis of the call to the function. This makes it possible to write control structures which look(almost) identical to the normal control structures.

In the latest version of Chrome Canary Google has removed the full URL from the omnibar and instead shows only the domain and HTTPS info. The same feature was introduced in Mobile Safari with iOS 7. This is a good thing. As Jake Archibald outlines in this blog post the new omnibar protects the user from phishing attempts while improving the user experience and hiding the non-vital information in the URL.

About a month ago a post on Hacker News featured an impressive spreadsheet implementation in less than 30 lines of javascript. The next day a collaborative fork in less than 45 lines of javascript was submitted. By now I think most people will agree that javascript is a powerful language with a wide array of use cases and feats like these only strengthen that standing further. Let’s pause for a second and look at how it is possible to create these wonders of javascript.

My names is Hugo Tunius, as you’re reading this you’ve found my website. This website will slowly be filled with my code, experiments, reflections and thoughts.