Reads – Page 15 – Customer Servant Consultancy

Read GitHub Free users now get unlimited private repositories

If you’re a GitHub user, but you don’t pay, this is a good week. Historically, GitHub always offered free accounts but the caveat was that your code had to be public. To get private repositories, you had to pay. Starting tomorrow, that limitation is gone. Free GitHub users now get unlimited private repositories.

I think this is over all a good thing, although I’m hesitant to take this as some sort of goodwill sign from Microsoft. I find that it’s easier to deal with the disappointment that inevitably arises when platforms remove or limit features if one keeps in mind that these are business decisions and nothing more. Plus, honestly, I still don’t trust Microsoft when it comes to free/open source software. Their newfound love for open source hasn’t been around long enough to erase their very long history of having an anti-open-source stance. This article opines that most developers have come to terms with Microsoft’s Github acquisition. Well of course we have. Most of us use Github either for our own projects or for projects we contribute to, and it’s easier to just come to terms than it is to spin up decentralized operations and move everything over to those. Decentralized is the better approach, although I think managing the social aspects of software contribution is still a hurtle. I need to look into this more.

Read Tech Ethics New Year’s Resolution: Don’t Build Software You Will Regret by Jennifer Riggins

we should be working not just to pay the bills, but to make sure we don’t create software that we will one day regret.

In the web accessibility space, we talk a lot about how everyone has a role to play when it comes to accessibility. We’ve been talking about this for a very long time, and I’m glad to see the idea that when it comes to cross-disciplinary things like ethics, it’s not just one person’s responsibility. Accessibility, at its core, is an ethics issue, and I think that, just as accessibility as a part needs a good business case to support it, tech ethics as a whole will need that too. Right now we’re still in the beginning stages of considering tech ethics as a whole, so we’re not to the part yet where the business case for it, or even the general idea of a business case, is being considered. But I suspect we’ll get there soon enough.

Read New 5.0 Target Date

Based on the stability, testing, and reports on the release candidates for WordPress 5.0 so far, we are now targeting Thursday December 6th for public release and announcement. 5.0.1 will open for commits soon, and will be an area people can choose to focus on at the contributor day at WordCamp US …

For those of you who are reading this in your inbox, the context for this post is the recently-published, (as in yesterday), target release date for WordPress 5.0, which rolls out the new Gutenberg editor. I’d like to say I’m surprised by this, but I’m just not. I find myself asking a few questions: First, I find it very difficult to believe that a piece of software that is being released with known, significant issues, (up to and including significant accessibility issues, and no, that doesn’t just apply to assistive technology users), can be declared stable enough for release. Accessibility problems, just by themselves, are bugs. Well, they are if you claim to consider accessibility a priority. Next, if the plan was to release the Thursday before WordCamp US, (and I have to concur with those who believe it has been), what was the point of all those one-on-one office hours? How is anyone in the WordPress community supposed to believe that Matt is dealing in good faith when he has apparently convinced himself of the superiority of his own definition of quality and stability, and that his cause is so right and so perfect that it’s worth literally sneaking a major release out the door while everyone is traveling to WordCamp US? I am not opposed to the concept of Gutenberg, and I never have been. I know the current editor is not perfect, and that it can be improved. But this whole thing wreaks of fanaticism, arrogance, dishonesty, a complete disregard for any standard definitions of quality control, (there’s no way, absolutely none, that enough time for actual testing, complete with stress cases, could have been performed between RC 2 and RC 3, and that’s not even counting RC 1), a complete disregard for those of us who work with WordPress users outside of what is apparently a hermetically sealed bubble of perfection in which Matt lives, and the day-to-day experience that has informed our comments since day one, along with a healthy dose of hope as a strategy when it comes to Gutenberg. The question and answer session at this weekend’s State of the Word address is going to get interesting, as is the dev chat this Wednesday.

Read Prototypes and production

Don’t build prototypes with a production mindset. Don’t release prototype code into production.

I don’t think I’m too far off base to suggest that so many of the problems we face on the web could be avoided if the prototype mindset discussed in this article were limited to the prototype phase by developers and designers, and kept completely separate from the production process.

Read XSS in hidden input fields

At PortSwigger, we regularly run pre-release builds of Burp Suite against an internal testbed of popular web applications to make sure it’s behaving properly. Whilst doing this recently, Liam found a

I can absolutely see a case where users would interact, and and therefore become vulnerable to this exploit: Keyboard-only users, screen reader users, and speech recognition users. So this might be worth looking into, especially if you’re adding a ton of keyboard shortcuts to your app and calling it an accessibility improvement.

Read De-facto closed source: the case for understandable software

Code is the only thing you can trust when you want to know what the software is doing, when the company goes belly up, or when your system isn’t the same system that the original authors were developing on.
Code is the only thing you can trust, and by not reading it, you’ve forfeited the most important benefit provided by this ecosystem: the choice of not having to trust the authors regarding behavior or continuity.

This is a good read regarding the event-stream ongoing saga, and I agree with it, but I also have some things to add to it. For those of you who may not be familiar, (non-developers), event-stream was pulled from Node Package Manager, (something that gets used pretty frequently when building software in order to manage dependencies, otherwise known as other code bits you need in order to run/build your code bit), because it relied on another package which was found to have vulnerabilities. It was then handed over to someone else, who promptly added a cryptocurrency iner to it, at which point the internets freaked out. Frankly I don’t completely blame the new maintainer for adding the cryptocurrency miner. There are very large corporations who have no problem using open source software for their benefit, all while not supporting the maintainers. See for example: Apple and Microsoft. And if you can’t be relied on to hit that donate button, well then we’ll just use your processing power because eating habbits need to be supported. I’d like to add to the post I’m linking to though that, while I think code does need to be simpler and thus easier to understand, I also think maybe we need to simplify our build processes. But back to the “understanding” point, reading code is a learned skill, and I think to a certain extent it’s on the users, (and in this case the users are developers), to learn how to read code. As much as I’d like code to be simpler, outside of everyone who writes code taking courses/reading books on best practice and then applying all that, I don’t see this happening.