Table of Contents
Professional Programming - about this list
- Contributing to this list
- Must-read books
- Must-read articles
- Other general material and list of resources
- Algorithm and data structures
- API design & development
- Attitude, habits, mindset
- Beyond software engineering & random
- Career growth
- Characters sets
- Code reviews
- Coding & code quality
- Data formats
- Data science/data engineering
- Design (visual, UX, UI, typography)
- Design (OO modeling, architecture, patterns, anti-patterns, etc.)
- Dev environment & tools
- Diversity & inclusion
- Editors & IDE
- Engineering management
- Functional programming (FP)
- Incident response (oncall, alerting, outages, firefighting, postmortem)
- Learning & memorizing
- Licenses (legal)
- Linux (system management)
- Low-level, assembly
- Observability (monitoring, logging, exception handling)
- Operating system
- Personal productivity
- Problem solving
- Project management
- Programming languages
- Programming paradigm
- Releasing & deploying
- Shell (command line)
- System administration
- System architecture
- Site Reliability Engineering (SRE)
- Technical debt
- Version control (Git)
- Work ethics, productivity & work/life balance
- Web development
- Writing (communication, blogging)
- Resources & inspiration for presentations
- Keeping up-to-date
Professional Programming - about this list
Give me six hours to chop down a tree and I will spend the first four sharpening the axe. (Abraham Lincoln)
A collection of full-stack resources for programmers.
The goal of this page is to make you a more proficient developer. You'll find only resources that I've found truly inspiring, or that have become timeless classics.
This page is not meant to be comprehensive. I am trying to keep it light and not too overwhelming. The selection of articles is opinionated.
- 🧰 : list of resources
- 📖 : book
- 🎞 : video/movie extract/movie/talk
- 🏙 : slides/presentation
- ⭐️ : must-read
Contributing to this list
Feel free to open a PR to contribute! I will not be adding everything: as stated above, I am trying to keep the list concise.
I've found these books incredibly inspiring:
- 📖 The Pragmatic Programmer: From Journeyman to Master: hands-on the most inspiring and useful book I've read about programming.
- 📖 Code Complete: A Practical Handbook of Software Construction: a nice addition to The Pragmatic Programmer, gives you the necessary framework to talk about code.
- 📖 Release It!: this books goes beyond code and gives you best practices for building production-ready software. It will give you about 3 years worth of real-world experience.
- 📖 Scalability Rules: 50 Principles for Scaling Web Sites
- 📖 The Linux Programming Interface: A Linux and UNIX System Programming Handbook: outside of teaching you almost everything you need to know about Linux, this book will give you insights into how software evolves, and the value of having simple & elegant interfaces.
- 📖 Structure and interpretation of Computer Programs (free): One of the most influential textbooks in Computer Science (written and used at MIT), SICP has been influential in CS education. Byte recommended SICP "for professional programmers who are really interested in their profession".
There are some free books available, including:
- 📖 Professional software development: pretty complete and a good companion to this page. The free chapters are mostly focused on software development processes: design, testing, code writing, etc. - and not so much about tech itself.
- 🧰 vhf/free-programming-books
- 🧰 EbookFoundation/free-programming-books
- Practical Advice for New Software Engineers
- On Being A Senior Engineer
- Lessons Learned in Software Development: one of those articles that give you years of hard-earned lessons, all in one short article. Must read.
Things I Learnt The Hard Way
- Spec first, then code
- Tests make better APIs
- Future thinking is future trashing
- Documentation is a love letter to your future self
- Sometimes, it's better to let the application crash than do nothing
- Understand and stay away of cargo cult
- "Right tool for the job" is just to push an agenda
- Learn the basics functional programming
- ALWAYS use timezones with your dates
- ALWAYS use UTF-8
- Create libraries
- Learn to monitor
- Explicit is better than implicit
- Companies look for specialists but keep generalists longer
- The best secure way to deal with user data is not to capture it
- When it's time to stop, it's time to stop
- You're responsible for the use of your code
- Don't tell "It's done" when it's not
- Pay attention on how people react to you
- Beware of micro-aggressions
- Keep a list of "Things I Don't Know"
- Signs that you're a good programmer
- Signs that you're a bad programmer
7 absolute truths I unlearned as junior developer
- Early in your career, you can learn 10x more in a supportive team in 1 year, than coding on your own
- Every company has problems, every company has technical debt.
- Being overly opinionated on topics you lack real-world experience with is pretty arrogant.
- Many conference talks cover proof of concepts rather than real-world scenarios.
- Dealing with legacy is completely normal.
- Architecture is more important than nitpicking.
- Focus on automation over documentation where appropriate.
- Having some technical debt is healthy.
- Senior engineers must develop many skills besides programming.
- We’re all still junior in some areas.
How to Build Good Software
- A good high-level summary of fundamental engineering practices.
- The root cause of bad software has less to do with specific engineering choices, and more to do with how development projects are managed.
- There is no such thing as platonically good engineering: it depends on your needs and the practical problems you encounter.
- Software should be treated not as a static product, but as a living manifestation of the development team’s collective understanding.
- Software projects rarely fail because they are too small; they fail because they get too big.
- Beware of bureaucratic goals masquerading as problem statements. If our end goal is to make citizens’ lives better, we need to explicitly acknowledge the things that are making their lives worse.
- Building software is not about avoiding failure; it is about strategically failing as fast as possible to get the information you need to build something good.
Other general material and list of resources
- The Imposter's Handbook - $30. From the author: "Don't have a CS Degree? Neither do I - That's why I wrote this book."
- mr-mig/every-programmer-should-know: a collection of (mostly) technical things every software developer should know
- Famous Laws Of Software Development
- The Amazon Builders' Library
- kdeldycke/awesome-falsehood: Falsehoods Programmers Believe in
- TechYaks: list of talks
- Talks that changed the way I think about programming
- What every computer science major should know
- mtdvio/every-programmer-should-know: a collection of (mostly) technical things every software developer should know about
List of axioms:
Precepts - Urbit
- Data is better than code.
- Correctness is more important than performance.
- Deterministic beats heuristic.
- One hundred lines of simplicity is better than twenty lines of complexity.
- If your abstractions are leaking, it's not due to some law of the universe; you just suck at abstracting. Usually, you didn't specify the abstraction narrowly enough.
- If you avoid changing a section of code for fear of awakening the demons therein, you are living in fear. If you stay in the comfortable confines of the small section of the code you wrote or know well, you will never write legendary code. All code was written by humans and can be mastered by humans.
- If there's clearly a right way to do something and a wrong way, do it the right way. Coding requires incredible discipline.
- The best way to get the right answer is to try it the wrong way.
- Practice tells you that things are good or bad; theory tells you why.
- Not being qualified to solve a problem is no reason not to solve it.
- If you don't understand a system you're using, you don't control it. If nobody understands the system, the system is in control.
- Embedded Rules of Thumb
- 50 Ideas That Changed My Life
- Reflections on 10,000 Hours of Programming
- 20 Things I've Learned in my 20 Years as a Software Engineer
- Google Tech Dev Guide
- The Missing Semester of Your CS Education, MIT. Includes lectures about the shell, editors, data wrangling, git, debugging and profiling, meta programming, security and cryptography.
- Mathematics for the adventurous self-learner, Neil Sainsbury
- jwasham/coding-interview-university: a complete computer science study plan to become a software engineer.
- Teach Yourself Computer Science: an opinionated set of the best CS resources.
Algorithm and data structures
- Read the CLRS. You can watch and download the course on OCW - there are newer courses as well.
- Or The Algorithm Design Manual
- Try out some algorithms on Project Euler
- Algorithms, Jeff Erickson
Let's be honest: algorithms can be a pretty dry topic. This quora question lists some funnier learning alternative, including:
- Grokking Algorithms
- Essential Algorithms
- Data Structure Visualization
- 🎞 15 Sorting Algorithms in 6 Minutes
- The Algorithms
API design & development
General REST content:
- Architectural Styles and the Design of Network-based Software Architectures, Roy Fielding (the inventor of REST)
- A collection of useful resources for building RESTful HTTP+JSON APIs.
- Best practices for REST API design, Stack Overflow Blog
- 📖 Undisturbed REST: a guide to designing the perfect API: very complete book about RESTful API design.
- Microsoft's Rest API guidelines
- Zalando RESTful API and Event Scheme Guidelines
- Google's API Design Guide: a general guide to design networked API.
More specific topics:
Why you should use links, not keys, to represent relationships in APIs, Martin Nally, Google
- "Using links instead of foreign keys to express relationships in APIs reduces the amount of information a client needs to know to use an API, and reduces the ways in which clients and servers are coupled to each other."
Give me /events, not webhooks
- Events can unlock much-needed webhook features, like allowing your webhook consumers to replay or reset the position of their webhook subscription.
Attitude, habits, mindset
- Mastering Programming, Kent Beck.
- The traits of a proficient programmer
- The tao of programming: a set of parables about programming.
- Taking Ownership Is The Most Effective Way to Get What You Want
- Finding Time to Become a Better Developer
- Ten minutes a day: how Alex Allain wrote a book in less than 200 hours, by writing 10 minutes every day.
The care and feeding of software engineers (or, why engineers are grumpy)
- In the triumvirate of software, product managers, designers, and software engineers, only the engineers are expected to turn off their creative minds and just produce.
- Both engineers and product managers tend to think, incorrectly, that product specifications or requirements are equivalent to the furniture manual from Ikea.
- This is one of the top things that make engineers grumpy: constantly shifting priorities.
- Even though many engineers will complain that product managers change their minds, almost none will account for that in their time estimates.
- Computer science programs aren’t about preparing you for the tasks you’ll face in industry.
- When there are more engineers than can be used, engineering time ends up going away from developing and towards planning, synchronization, and coordination.
- Involve engineers in the creative process
- Give engineers opportunities to be creative.
- Encourage time off.
- Let 'em code
- Express appreciation
The Product-Minded Software Engineer, Gergely Orosz
- Great product engineers know that minimum lovable products need the right depth
- Product-minded engineers quickly map out edge cases and think of ways to reduce work on them: often bringing solutions that require no engineering work
- Engage in user research and customer support
- Bring well-backed product suggestions to the table
- Offer product/engineering tradeoffs
40 Lessons From 40 Years, Steve Schlafman
- If you want to make progress on the things that matter most, you need to decide who you’re going to disappoint. It’s inevitable.
- The best investment you can make is your own education. Never stop learning. The second best investment you can make is building your network through authentic and meaningful interactions. It is what you know and who you know.
- You’ll never get what you don’t ask for or actively seek out. Go for it!
- It’s not about the light at the end of the tunnel. It’s the tunnel. Show up every day and enjoy the process.
- A great teammate always puts the organization and its purpose ahead of their own self interests.
- Pick your spots. We have limited time and our brains can only process so much. Focus is key. Choose wisely.
- Every person is likely struggling with something. Be kind. Be helpful.
On Coding, Ego and Attention
- Beginner’s mind accepts the fact that absolute knowledge is infinite and thus keeping score is a waste of time.
- Mastery is simply the accumulation of momentum, not the accumulation of knowledge.
- Dealing with ego distraction has taught me to love the problem solving process. It’s taught me to love and respect the learning process. As a result I’m more productive. I’m less anxious. I’m a better teammate. I’m a better friend and a better thinker.
- Fixed vs. Growth: The Two Basic Mindsets That Shape Our Lives
- What does a great software engineer look like?
- Good sleep, good learning, good life
- 🎞 Steve Jobs: if you don't ask for help, you won't get very far
- Programming quotes
- Being kind is fundamentally about taking responsibility for your impact on the people around you.
- It requires you be mindful of their feelings and considerate of the way your presence affects them.
Warren Buffett Says This 1 Simple Habit Separates Successful People From Everyone Else
- The difference between successful people and really successful people is that really successful people say no to almost everything.
- How to get lucky?
Programmers should stop celebrating incompetence, DHH
- The magic of programming is largely just things you don't know yet.
- It's not fine to think you shouldn't be on some paths towards mastery, if you intend to make programming your career.
- There’s no speed limit
Imposter syndrome is underrated: a lot of talk goes into overcoming imposter syndrome. I say embrace self-skepticism and doubt yourself every day. In a fast-moving industry where lots of your knowledge expires every year, even the most junior people around you constantly cook up skills you don't have; you stay competitive by applying with the determination (and even fear) of the novice. The upside of this treadmill is that every engineer is on it: just because you're an imposter doesn't mean that other people are more deserving than you, because they're imposters too. You should advocate for yourself, take risks, pat yourself on the back when things go well, and, as you start to build a track record of solving problems, trust your skills and adaptability. Just make no mistake: you're only as good as the last problem you solve.
Dan Heller, Building a Career in Software
I had learned already never to empty the well of my writing, but always to stop when there was still something there in the deep part of the well, and let it refill at night from the springs that fed it. -- Ernest Hemingway
- The Grug Brained Developer: habits of self-aware programmer. Like Tao of Programming, different style.
Good judgment comes from experience. Experience comes from bad judgment.
Beyond software engineering & random
Biases don't only apply to hiring. For instance, the fundamental attribution bias also applies when criticizing somebody's code written a long time ago, in a totally different context.
- Cognitive bias cheat sheet. #hiring
- The Conjoined Triangles of Senior-Level Development looks into how to define a senior engineer.
- Ten Principles for Growth as an Engineer, Dan Heller.
- Don't Call Yourself a Programmer, Patrick McKenzie.
- On being an Engineering Manager
The career advice I wish I had at 25
- A career is a marathon, not a sprint
- Most success comes from repetition, not new things
- If work was really so great all the rich people would have the jobs
- Management is about people, not things
- Genuinely listen to others
- Recognise that staff are people with finite emotional capacity
- Don’t just network with people your own age
- Never sacrifice personal ethics for a work reason
- Recognise that failure is learning
Career advice I wish I’d been given when I was young
- Don’t focus too much on long-term plans.
- Find good thinkers and cold-call the ones you most admire.
- Assign a high value to productivity over your whole lifespan.
- Don’t over-optimise things that aren’t your top priority.
- Read a lot, and read things that people around you aren’t reading.
- Reflect seriously on what problem to prioritise solving.
- Read more history.
- Why Good Developers are Promoted into Unhappiness, Rob Walling. Or why management might not be for you.
- A guide to using your career to help solve the world’s most pressing problems
- What's a senior engineer's job? You need to be more than just an individual contributor.
From Coding Bootcamp Graduate to Building Distributed Databases
- Read Books (and papers), not Blog Posts
- Take responsibility for your career trajectory
- 🏙 The Well Rounded Engineer includes lots of great book recommendations.
- Paradigm polyglot (learn different languages & paradigms)
- Database polyglot
- Protocol polyglot (preferably TCP/IP and HTTP)
- Proficiency with build tooling, packaging and distribution
- Debugging, observability
- Deployment, infra and devops
- Software architecture and scaling
- Ability to write toy compilers, interpreters and parsers
- Ability to write toy games
- Ability to understand algorithmic analysis
Some career advice, Will Larson.
- Advice you get is someone’s attempt to synthesize their experiences, not an accurate statement about how the world works.
- Build a reservoir of prestige.
- Some folks are so good at something that they end up being irreplaceable in their current role, which causes them to get stuck in their role even if they’re a good candidate for more interesting ones.
- Great relationships will follow you everywhere you go. Bad ones too.
- Early in your career, try to work at as many different kinds of companies and in different product vertical as you can.
- Evil tip: avoid "easy" things
- The Ultimate Code Kata
- Traits of a senior software engineer: impact, perception, visibility, influence, mentoring
Software Engineering - The Soft Parts
- Think critically and formulate well-reasoned arguments
- Master the fundamentals
- Focus on the user and all else will follow
- Learn how to learn
Getting to Staff Eng
I became a FAANG Staff Engineer in 5 years. These are the 14 lessons I learned along the way.
- Software engineering isn’t just coding. Actually, coding is a small part of it.
- Pipeline your work
- Be open to feedback and listen. Like, seriously, listen.
- Great feedback is hard to find; treasure it.
- Keep an eye on the horizon (but not both).
- Figure out what matters and let the rest go.
- Comparison really is the thief of joy.
- Mentorship is a beautiful thing.
- Good days, in general, don’t just “happen”.
- Advice and guidance are just that; they aren’t rules.
- Guides for reaching Staff-plus engineering roles, Will Larson
- The Absolute Minimum Every Software Developer Absolutely, Positively Must Know About Unicode and Character Sets (No Excuses!)
- open-guides/og-aws: a practical guide to AWS
- How to do a code review, Google's engineering practices documentation.
- Post-Commit Reviews: an interesting idea to increase developer velocity (there are some caveats though).
How to Make Your Code Reviewer Fall in Love with You
- Review your own code first
- Write a clear changelist description
- Automate the easy stuff
- Answer questions with the code itself
- Narrowly scope changes
- Separate functional and non-functional changes
- Respond graciously to critiques
- Artfully solicit missing information
- Award all ties to your reviewer
- Minimize lag between rounds of review
- How to Do Code Reviews Like a Human
- Ask HN: How do you review code?: great discussion on HackerNews, full of interesting ideas.
Maslow's pyramid of code reviews
- Another one on the same topic: The Code Review Pyramid
- Code review in remote teams: very complete set of rules.
No code reviews by default
- Responsibility over convention
Coding & code quality
- Write code that is easy to delete, not easy to extend
- The Ten Commandments of Egoless Programming
- 📖 Clean Code: A Handbook of Agile Software Craftsmanship, Robert C. Martin. Describes numerous useful best practices. A bit long. There's also a clean code cheatsheet.
What Software Craftsmanship is about
- We’re tired of writing crap.
- We will not accept the stupid old lie about cleaning things up later.
- We will not believe the claim that quick means dirty.
- We will not allow anyone to force us to behave unprofessionally.
Tips on naming boolean variables
- There is a convention to prefix boolean variables and function names with "is" or "has".
- Try to always use is, even for plurals (
isEachUserLoggedInis better than
- Avoid custom prefixes (
isPaidForis better than
- Avoid negatives (
isEnabledis better than
- How To Write Unmaintainable Code
- kettanaito/naming-cheatsheet: : comprehensive language-agnostic guidelines on variables naming. Home of the A/HC/LC pattern.
- 🧰 Quality Engineering Guides
The downsides of JSON for config files, Martin Tournoij.
- Can't add comments
- Excessive quotation and syntax noise
- Using DC (declarative configuration) to control logic is often not a good idea.
Your configs suck? Try a real programming language
- Most modern config formats suck
- Use a real programming language
See also the SQL section.
- A plain English introduction to CAP Theorem
- PACELC theorem: "in case of network partitioning (P) in a distributed computer system, one has to choose between availability (A) and consistency (C) (as per the CAP theorem), but else (E), even when the system is running normally in the absence of partitions, one has to choose between latency (L) and consistency (C)."
- Safe Operations For High Volume PostgreSQL (this is for PostgreSQL but works great for other DBs as well).
- Zero downtime database migrations (code examples are using Rails but this works great for any programming language)
- Algorithms Behind Modern Storage Systems, ACM Queue
- Let's Build a Simple Database
- Readings in Database Systems, 5th Edition
- Comparing database types: how database types evolved to meet different needs
- How does a relational database work
- Use the index, Luke
- NOSQL Patterns
- NoSQL Databases: a Survey and Decision Guidance
- The DynamoDB docs has some great pages:
- Redis Explained
Falsehoods Programmers Believe About Phone Numbers, Google's
- Rules for Autocomplete: rough specifications for autocomplete fields
- Falsehoods programmers believe about addresses
- Falsehoods Programmers Believe About Names
- kdeldycke/awesome-falsehood: falsehoods programmers believe in
- Understanding UUIDs, ULIDs and String Representations
Data science/data engineering
- A dirty dozen: twelve common metric interpretation pitfalls in online controlled experiments
- datastacktv/data-engineer-roadmap: roadmap to becoming a data engineer
- Awesome Data Engineering Learning Path
- Emerging Architectures for Modern Data Infrastructure
How to Move Beyond a Monolithic Data Lake to a Distributed Data Mesh
- Data platforms based on the data lake architecture have common failure modes that lead to unfulfilled promises at scale.
- We need to consider domains as the first class concern, apply platform thinking to create self-serve data infrastructure, and treat data as a product.
- Uber's Big Data Platform: 100+ Petabytes with Minute Latency
- Rubber Duck Problem Solving
- Rubber Ducking
- Five Whys
- The Infinite Hows: this provides a strong criticism of the five whys method.
- Linux Performance Analysis in 60,000 Milliseconds
- Post-Mortems at HubSpot: What I Learned From 250 Whys
- Debugging zine, Julian Evans
- If you understand a bug, you can fix it
- The Thirty Minute Rule: if anyone gets stuck on something for more than 30 minutes, they should ask for help
- How to create a Minimal, Reproducible Example , Stack Overflow
Some ways to get better at debugging, Julia Evans
- Learn the codebase
- Learn the system (e.g., HTTP stack, database transactions)
- Learn your tools (e.g.,
- Learn strategies (e.g., writing code to reproduce, adding logging, taking a break)
- Get experience: according to a study, "experts simply formed more correct hypotheses and were more efficient at finding the fault."
Design (visual, UX, UI, typography)
I highly recommend reading The Non-Designer's Design Book. This is a pretty short book that will give you some very actionable design advices.
- If you're working on data, Edward Tufte's The Visual Display of Quantitative Information is considered a classic.
- The Universal Principles of Design will give you enough vocabulary and concepts to describe design challenges into words.
- Book recommendations from HackerNews
- 🏙Design for Non-Designers
10 Usability Heuristics Every Designer Should Know
- Visibility of System Status
- The Match Between The System And The Real World
- Every system should have a clear emergency exit
- Don't forget that people spend 90% of their time interacting with other apps
- Recognition Rather Than Recall (recognition = shallow form of retrieval from memory, e.g. a familiar person, recall = deeper retrieval)
- ”Perfection is achieved, not when there is nothing more to add, but when there is nothing left to take away.” – Antoine de Saint-Exupery
- Help Users Recognize, Diagnose, And Recover From Errors
- Butterick’s Practical Typography
- How to pick more beautiful colors for your data visualizations
- 🧰 bradtraversy/design-resources-for-developers: design and UI resources from stock photos, web templates, CSS frameworks, UI libraries, tools...
Design (OO modeling, architecture, patterns, anti-patterns, etc.)
Here's a list of good books:
- 📖 Design Patterns: Elements of Reusable Object-Oriented Software: dubbed "the gang of four", this is almost a required reading for any developer. A lot of those are a bit overkill for Python (because everything is an object, and dynamic typing), but the main idea (composition is better than inheritance) definitely is a good philosophy.
- 📖 Patterns of Enterprise Application Architecture: learn about how database are used in real world applications. Mike Bayer's SQLAlchemy has been heavily influenced by this book.
- 📖 Domain-Driven Design: Tackling Complexity in the Heart of Software, Eric Evans
- 📖 Clean Architecture, Robert C. Martin. Uncle Bob proposes an architecture that leverages the Single Responsibility Principle to its fullest. A great way to start a new codebase. Also checkout the clean architecture cheatsheet and this article.
- 📖 Game Programming Patterns: a book about design, sequencing, behavioral patterns and much more by Robert Nystrom explained through the medium of game programming. The book is also free to read online here.
One of the absolute references on architecture is Martin Fowler: checkout his Software Architecture Guide.
- O'Reilly's How to make mistakes in Python
- Education of a Programmer: a developer's thoughts after 35 years in the industry. There's a particularly good section about design & complexity (see "the end to end argument", "layering and componentization").
- Domain-driven design, Wikipedia.
- On the Spectrum of Abstraction 🎞, Cheng Lou
- The “Bug-O” Notation, Dan Abramov
- Inheritance vs. composition: a concrete example in Python. Another slightly longer one here. One last one, in Python 3.
- Composition Instead Of Inheritance
- Complexity and Strategy: interesting perspective on complexity and flexibility with really good examples (e.g. Google Apps Suite vs. Microsoft Office).
- The Architecture of Open Source Applications
The Robustness Principle Reconsidered
- Jon Postel: "Be conservative in what you do, be liberal in what you accept from others." (RFC 793)
- Two general problem areas are impacted by the Robustness Principle: orderly interoperability and security.
- Basics of the Unix Philosophy, Eric S Raymond
- Eight Habits of Expert Software Designers: An Illustrated Guide
You can use an eraser on the drafting table or a sledge hammer on the construction site. (Frank Lloyd Wright)
Design: database schema
A humble guide to database schema design, Mike Alche
- Use at least third normal form
- Create a last line of defense with constraints
- Never store full addresses in a single field
- Never store firstname and lastname in the same field
- Establish conventions for table and field names.
KeystoneInterface, Martin Fowler.
- Build all the back-end code, integrate, but don't build the user-interface
- 101 Design Patterns & Tips for Developers
- Python Design Patterns: For Sleek And Fashionable Code: a pretty simple introduction to common design patterns (Facade, Adapter, Decorator). A more complete list of design patterns implementation in Python on Github.
- SourceMaking's Design Patterns seems to be a good web resource too.
- Anti-If: The missing patterns
- Simple Made Easy 🎞, Rich Hickey. This is an incredibly inspiring talk redefining simplicity, ease and complexity, and showing that solutions that look easy may actually harm your design.
Dev environment & tools
- Glances: An eye on your system
- HTTPie: a CLI, cURL-like tool for humans
- jq: command-line JSON processor
- tmux: terminal multiplexer
- htop: an interactive process viewer for Linux
- htop explained
- Visual guide to SSH tunnels
- casey/just: a command runner written in Rust (claims to be better than Makefile)
Gazr: an opinionated way to define your
Article about tools:
The return of fancy tools
- Simple tools make you think a little more
- Drucker: "I’m not writing it down to remember it later, I’m writing it down to remember it now."
- Frictionless note-taking produces notes, but it doesn't produce memory.
Diversity & inclusion
Check out my list of management resources.
See also the Python-specific section in charlax/python-education.
Best Practices Around Production Ready Web Apps with Docker Compose
- Avoiding 2 Compose Files for Dev and Prod with an Override File
- Reducing Service Duplication with Aliases and Anchors
- Defining your
HEALTHCHECKin Docker Compose not your Dockerfile
- Making the most of environment variables
- Using Multi-stage builds to optimize image size
- Running your container as a non-root user
Docker Best Practices for Python Developers
- Use multi-stage builds
- Pay close attention to the order of your Dockerfile commands to leverage layer caching
- Smaller Docker images are more modular and secure (watch out for Alpine though)
- Minimize the number of layers (
- Use unprivileged containers
- Cache python packages to the docker host
- Prefer array over string syntax
- Understand the difference between
- Include a
- Whenever possible, avoid using the
- Don't store secrets in images
- Use a
- Lint and Scan Your Dockerfiles and Images (e.g. with
- Log to stdout or stderr
- Docker Containers Security
- Documentation-Driven Development
- Writing automated tests for your documentation: this should be required, IMO. Testing code samples in your documentation ensures they never get outdated.
- 🏙 Documentation is king, Kenneth Reitz
- Keep a Changelog
- Architectural Decision Records: a way to document architecture decision.
- The documentation system
- Checklist for checklists
- Best practices for writing code comments
Always be quitting
- Document your knowledge
- Train your replacement
- By being disposable, you free yourself to work on high-impact projects.
- Write documentation first. Then build.
The palest ink is more reliable than the most powerful memory. -- Chinese proverb
Editors & IDE
- Sublime Text essential plugins and resources
- Bram Moolenaar (Vim author), Seven habits of effective text editing (presentation). This is about Vim but it contains good lessons about why investing time in learning how to be productive with your text editors pays off.
VScode is one of the most popular text editors as of writing.
- Visual Studio Code Can Do That?, Smashing Magazine.
- Coding with Character
About Vim specifically:
- 🧰 vim-awesome
- 🎞 Vimcasts
- ⭐️ Is Vim Really Not For You? A Beginner Guide
- The first part of a series of 6 articles with lots of detailed and practical tips for using Vim efficiently.
- A Vim Guide for Advanced Users: more advanced shortcuts and commands
- 📖 Learning the vi and Vim Editors
- 📖 Practical Vim, Drew Neil
- Learn Vimscript the Hard Way
- VimGolf: nice challenges to learn Vim
- Vim anti-patterns
- Learn Vim For the Last Time: A Tutorial and Primer
- Vim Cheat Sheet & Quick Reference
- History and effective use of Vim
Checkout my list of management resources.
The best way to learn is to learn by doing.
build-your-own-x: compilation of well-written, step-by-step guides for re-creating our favorite technologies from scratch
- Richard Feynman: "what I cannot create, I do not understand"
- The elevator programming game
- Challenging projects every programmer should try: text editor, space invaders, compiler (Tiny Basic), mini OS, spreadsheet, video game console emulator.
- More challenging projects every programmer should try: ray tracer, key-value store web API, web browser, stock trading bot.
- Let’s Build a Regex Engine
- Write a time-series database engine from scratch
- 7 GUIs to build to learn fundamental UI programming skills
Functional programming (FP)
- Goodbye, Object Oriented Programming
- Functional Programming & Haskell 🎞: some good reasons to learn FP!
- Functional Programming Fundamentals: short introduction to FP and its advantages.
OO vs FP, Robert C. Martin, The Clean Code Blog. A pretty interesting take on the differences between OOP and FP from an expert in OOP.
- OO is not about state. Objects are bags of functions, not bags of data.
- Functional Programs, like OO Programs, are composed of functions that operate on data.
- FP imposes discipline upon assignment.
- OO imposes discipline on function pointers.
- The principles of software design still apply, regardless of your programming style. The fact that you’ve decided to use a language that doesn’t have an assignment operator does not mean that you can ignore the Single Responsibility Principle.
Parse, don’t validate
- Use a data structure that makes illegal states unrepresentable
- Push the burden of proof upward as far as possible, but no further
- Let your datatypes inform your code, don’t let your code control your datatypes
- Don’t be afraid to parse data in multiple passes
- Avoid denormalized representations of data, especially if it’s mutable
- Use abstract datatypes to make validators “look like” parsers
- 🏙 Functional Programming
- Monads in 15 minutes
- hemanth/functional-programming-jargon: jargon from the functional programming world in simple terms
- Choosing an HTTP Status Code — Stop Making It Hard
- 10 Surprising Things You Didn't Know About HTTP
- The HTTP crash course nobody asked for
The Jeff Dean Facts
- Compilers don't warn Jeff Dean. Jeff Dean warns compilers.
- Unsatisfied with constant time, Jeff Dean created the world's first
- Jeff Dean mines bitcoins. In his head.
- The Daily WTF: Curious Perversions in Information Technology
Incident response (oncall, alerting, outages, firefighting, postmortem)
- Incident Response at Heroku
My Philosophy On Alerting
- Pages should be urgent, important, actionable, and real.
- Err on the side of removing noisy alerts – over-monitoring is a harder problem to solve than under-monitoring.
- Symptoms are a better way to capture more problems more comprehensively and robustly with less effort.
- Include cause-based information in symptom-based pages or on dashboards, but avoid alerting directly on causes.
- The further up your serving stack you go, the more distinct problems you catch in a single rule. But don’t go so far you can’t sufficiently distinguish what’s going on.
- If you want a quiet oncall rotation, it’s imperative to have a system for dealing with things that need timely response, but are not imminently critical.
- This classical article has now become a chapter in Google's SRE book.
- The Google SRE book's chapter about oncall
Writing Runbook Documentation When You’re An SRE
- Playbooks “reduce stress, the mean time to repair (MTTR), and the risk of human error.”
- Using a template can be beneficial because starting from a blank document is incredibly hard.
- The Curse of Knowledge is a cognitive bias that occurs when someone is communicating with others and unknowingly assumes the level of knowledge of the people they are communicating with.
- Make your content easy to glance over.
- If a script is longer than a single line, treat it like code, and check it into a repository to be source control and potentially tested.
- Incident Review and Postmortem Best Practices, Gergely Orosz
- A great example of a postmortem from Gitlab (01/31/2017) for an outage during which an engineer's action caused the irremediable loss of 6 hours of data.
- Blameless PostMortems and a Just Culture
- A list of postmortems on Github
- Google's SRE book, Postmortem chapter is excellent and includes many examples.
"Let’s plan for a future where we’re all as stupid as we are today."
– Dan Milstein
Example outline for a postmortem:
- Executive Summary
- Root cause
- Number of impacted users
- Lost revenue
- Team impact
- Root cause analysis
- E.g. with 5 whys method
- Lessons learned
- Things that went well
- Things that went poorly
- Action items (include direct links to task tracking tool)
- Tasks to improve prevention (including training)
- Tasks to improve detection (including monitoring and alerting)
- Tasks to improve mitigation (including emergency response)
Note: this is about you as an interviewee, not as an interviewer. To check out my list of resources for interviewers, go to my engineering-management repository.
- System design interview for IT company
- Technical Interview Megarepo: study materials for SE/CS technical interviews
- How to Win the Coding Interview
- I spent 3 months applying to jobs after a coding bootcamp. Here’s what I learned.
- Top 10 algorithms in Interview Questions
- Questions to ask your interviewer
- Interactive Python coding interview challenges
- Tech Interview Handbook
- Questions to ask the company during your interview
- A complete computer science study plan to become a software engineer
- Interview advice that got me offers from Google, Microsoft, and Stripe
- A framework for grading your performance on programming interview problems
- Preparing for the Systems Design and Coding Interview, Gergely Orosz
- What I Learned from Doing 60+ Technical Interviews in 30 Days
- Twipped/InterviewThis: questions to ask prospective employers
- The Red Flags on Your Resume
What we look for in a resume
- We look for demonstrated expertise, not keywords
- We look for people who get things done
- We look for unique perspectives
- We care about impact, not meaningless metrics
See also the exercises section in this document.
Learning & memorizing
Learn how to learn!
- How I Rewired My Brain to Become Fluent in Math: subtitled the building blocks of understanding are memorization and repetition.
- One Sure-Fire Way to Improve Your Coding: reading code!
- Tips for learning programming
- You can increase your intelligence: 5 ways to maximize your cognitive potential: forgive the clickbait title, it’s actually a good article.
- How to ask good questions, Julia Evans.
- Stop Learning Frameworks
- Learning How to Learn: powerful mental tools to help you master tough subjects
Why books don’t work, Andy Matuschak.
- "As a medium, books are surprisingly bad at conveying knowledge, and readers mostly don’t realize it."
- "In learning sciences, we call this model “transmissionism.” It’s the notion that knowledge can be directly transmitted from teacher to student, like transcribing text from one page onto another. If only!"
- "By re-testing yourself on material you’ve learned over expanding intervals, you can cheaply and reliably commit huge volumes of information to long-term memory."
Strategies, Tips, and Tricks for Anki: those advices work for any tool actually
- Add images. Our brains are wired visually, so this helps retention.
- Don't add things you don't understand.
- Don't add cards memorizing entire lists.
- Write it out. For wrong answers, I'll write it on paper. The act of writing is meditative. I really enjoy this.
- Keep on asking yourself why? why does this work? why does it work this way? Force yourself to understand the root of a topic.
- Cornell Method: when reading a topic, write out questions on the margins to quiz yourself.
- Pretend you have to teach it
- Use mnemonics phrases like PEMDAS for lists and other hard-to-remember topics.
- Delete cards that don't make sense or you don't want to remember anymore.
Effective learning: Twenty rules of formulating knowledge
- Build upon the basics
- Stick to the minimum information principle: the material you learn must be formulated in as simple way as it is
- Cloze deletion is easy and effective: Kaleida's mission was to create a ... It finally produced one, called Script X. But it took three years
- Graphic deletion is as good as cloze deletion
- Avoid sets
- Avoid enumerations
- Combat interference - even the simplest items can be completely intractable if they are similar to other items. Use examples, context cues, vivid illustrations, refer to emotions, and to your personal life
- Personalize and provide examples - personalization might be the most effective way of building upon other memories. Your personal life is a gold mine of facts and events to refer to. As long as you build a collection for yourself, use personalization richly to build upon well established memories
- Provide sources - sources help you manage the learning process, updating your knowledge, judging its reliability, or importance
- Prioritize - effective learning is all about prioritizing.
How to Remember Anything You Really Want to Remember, Backed by Science
- Quiz yourself
- Summarize and share with someone else.
- Connect what you just learned to experiences you previously had.
- How To Remember Anything Forever-ish: a comic about learning
- Get better at programming by learning how things work
- How to teach yourself hard things
- Building Your Own Personal Learning Curriculum
Always do Extra
- Extra is finishing those two screens, but then researching a new library for form validation that might reduce the boilerplate code.
- Extra must be balanced against Normal Work.
- Extra must be aligned with your Normal Work.
Against 3X Speed
- Lectures are most effective when they’re only a component of the classroom experience
- Learning is about spaced repetition, not binge-reading books
- The Problems with Deliberate Practice
- Why Tacit Knowledge is More Important Than Deliberate Practice
In Praise of Memorization
- You can't reason accurately without knowledge
- Memorizing organized your knowledge
- It stays with you
Celebrate tiny learning milestones, Julia Evans.
- Keep a brag document
- You can do a lot "by accident"
- Fixing a bug can be milestone
About Zettelkasten and PKM (personal knowledge management):
Richard Feynman's Learning Strategy:
- Step 1: Continually ask "Why?”
- Step 2: When you learn something, learn it to where you can explain it to a child.
- Step 3: Instead of arbitrarily memorizing things, look for the explanation that makes it obvious.
Most people overestimate what they can do in 1 year and underestimate what they can do in a decade. – Bill Gates
Frankly, though, I think most people can learn a lot more than they think they can. They sell themselves short without trying. One bit of advice: it is important to view knowledge as sort of a semantic tree — make sure you understand the fundamental principles, ie the trunk and big branches, before you get into the details/leaves or there is nothing for them to hang on to. — Elon Musk
"Experience is something you don't get until just after you need it." ― Steven Wright
Tell me and I forget. Teach me and I remember. Involve me and I learn. – Benjamin Franklin
Education is the kindling of a flame, not the filling of a vessel. – Socrates
That which we persist in doing becomes easier for us to do; not that the nature of the thing itself is changed, but that our power to do is increased. – Ralph Waldo Emerson
A wise man can learn more from a foolish question than a fool can learn from a wise answer. – Bruce Lee
A lecture has been well described as the process whereby the notes of the teacher become the notes of the student without passing through the mind of either. — Mortimer Adler
Fools learn from experience. I prefer to learn from the experience of others. — Bismark
Linux (system management)
Back to Basics, Joel Spolsky. Explains why learning low level programming is important.
- I think that some of the biggest mistakes people make even at the highest architectural levels come from having a weak or broken understanding of a few simple things at the very lowest levels.
- What's in a Linux executable?
- 📖 The Elements of Computing Systems: building a modern computer from first principles (nand2tetris).
- Old pattern powering modern tech
The Great Confusion About URIs
- A URI is a string of characters that identifies a resource. Its syntax is
<scheme>:<authority><path>?<query>#<fragment>, where only
<path>are mandatory. URL and URN are URIs.
- A URL is a string of characters that identifies a resource located on a computer network. Its syntax depends on its scheme. E.g.
- A URN is a string of characters that uniquely identifies a resource. Its syntax is
urn:<namespace identifier>:<namespace specific string>. E.g.
- A URI is a string of characters that identifies a resource. Its syntax is
Observability (monitoring, logging, exception handling)
Do not log dwells on some logging antipatterns.
- Logging does not make much sense in monitoring and error tracking. Use better tools instead: error and business monitorings with alerts, versioning, event sourcing.
- Logging adds significant complexity to your architecture. And it requires more testing. Use architecture patterns that will make logging an explicit part of your contracts
- Logging is a whole infrastructure subsystem on its own. And quite a complex one. You will have to maintain it or to outsource this job to existing logging services
Lies My Parents Told Me (About Logs)
- Logs are cheap
- I can run it better myself
- Leveled logging is a great way to separate information
- Logs are basically the same as events
- A standard logging format is good enough
- Logging - OWASP Cheat Sheet Series
- Error handling antipatterns in this repo.
Writing Helpful Error Messages, Google Developers' course on Technical Writing
- Explain the problem
- Explain the solution
- Write clearly
- Google, Site Reliability Engineering, Monitoring Distributed Systems
- PagerDuty, Monitoring Business Metrics and Refining Outage Response
- 🧰 crazy-canux/awesome-monitoring: monitoring tools for operations.
- Monitoring in the time of Cloud Native
How to Monitor the SRE Golden Signals
- From the Google SRE book: Latency, Traffic, Errors, and Saturation
- USE Method (from Brendan Gregg): Utilization, Saturation, and Errors
- RED Method (from Tom Wilkie): Rate, Errors, and Duration
- Simple Anomaly Detection Using Plain SQL
- How percentile approximation works (and why it's more useful than averages)
- 📖 The Linux Programming Interface: A Linux and UNIX System Programming Handbook: already mentioned above.
- 📖 Modern Operating Systems, Andrew Tanenbaum, Herbert Bos (not read)
- 📖 Operating Systems: Three Easy Pieces (free book, not read)
- 📖 Linux Kernel Development, Robert Love. A very complete introduction to developing within the Linux Kernel.
- The 10 Operating System Concepts Software Developers Need to Remember
- Play with xv6 on MIT 6.828
- 10 modern software over-engineering mistakes
- A good example of over-engineering: the Juicero press (April 2017)
You Are Not Google: the UNPHAT method to avoid cargo cult.
- Don’t even start considering solutions until you Understand the problem. Your goal should be to “solve” the problem mostly within the problem domain, not the solution domain.
- eNumerate multiple candidate solutions. Don’t just start prodding at your favorite!
- 1st poison: education.
- 2nd poison: marketing.
- 3rd poison: ego
- Solution: Stop trying to connect all the dots ahead of time. Embrace uncertainty and start doing.
“A complex system that works is invariably found to have evolved from a simple system that worked. A complex system designed from scratch never works and cannot be patched up to make it work. You have to start over, beginning with a working simple system.”
— John Gall, General systemantics, an essay on how systems work, and especially how they fail..., 1975 (this quote is sometime referred as "Galls' law")
"Software engineering is what happens to programming when you add time and other programmers."
You can’t connect the dots looking forward; you can only connect them looking backwards. So you have to trust that the dots will somehow connect in your future. You have to trust in something — your gut, destiny, life, karma, whatever. This approach has never let me down, and it has made all the difference in my life.
— Steve Jobs
- Numbers Everyone Should Know
- Latency numbers every programmer should know
Rob Pike's 5 Rules of Programming
- You can't tell where a program is going to spend its time.
- Fancy algorithms are slow when n is small, and n is usually small.
- Fancy algorithms are buggier than simple ones
- Data dominates.
- Performance comparison: counting words in Python, Go, C++, C, AWK, Forth, and Rust: a great way to learn about measuring performance.
Check out this section on my list of management resources, "Personal productivity".
At 31, I have just weeks to live. Here's what I want to pass on
- First, the importance of gratitude.
- Second, a life, if lived well, is long enough.
- Third, it’s important to let yourself be vulnerable and connect to others.
- Fourth, do something for others.
- Fifth, protect the planet.
Life Is Not Short
- "The most surprising thing is that you wouldn’t let anyone steal your property, but you consistently let people steal your time, which is infinitely more valuable." — Seneca
- Dealing with Hard Problems
Invert, always, invert
- Define the problem - what is it that you're trying to achieve?
- Invert it - what would guarantee the failure to achieve this outcome?
- Finally, consider solutions to avoid this failure
- 🎞 Hammock Driven Development, Rick Hickey
- A classic talk on problem solving.
I would recommend learning:
- A compiled language (Java, C, C++...).
- A more recent language to see where the industry is going (as of writing, Go, Swift, Rust, Elixir...).
- A language that has first-class support for functional programming (Haskell, Scala, Clojure...).
A bit more reading:
- A brief, incomplete, mostly wrong history of programming languages
- Resources To Help You To Create Programming Languages
- Effective Programs - 10 Years of Clojure 🎞, Rich Hickey. The author of Clojure reflects on his programming experience and explains the rationale behind some of Clojure's key design decisions.
Learn more programming languages, even if you won't use them, Thorsten Ball
- These new perspectives, these ideas and patterns — they linger, they stay with you, even if you end up in another language. And that is powerful enough to keep on learning new languages, because one of the best things that can happen to you when you’re trying to solve a problem is a change of perspective.
- Programming Language Checklist: a fun take on "so you want to build your own language?"
- Static vs. dynamic languages: a literature review
- Polyglot Programming and the Benefits of Mastering Several Languages
- It's not what programming languages do, it's what they shepherd you to
- Ask HN: What do you code when learning a new language/framework?
There are only two kinds of languages: the ones people complain about and the ones nobody uses.
-- Bjarne Stroustrup (C++ creator)
For Python feel free to checkout my professional Python education repository.
- A Guide to the Go Garbage Collector: a very insightful guide about Go's GC
Imperative vs Declarative Programming, Tyler McGinnis.
- I draw the line between declarative and non-declarative at whether you can trace the code as it runs. Regex is 100% declarative, as it’s untraceable while the pattern is being executed.
- 🎞 Imperative vs Declarative Programming
- Papers we love: papers from the computer science community to read and discuss. Can be a good source of inspiration of solving your design problems.
- The morning paper: one CS research paper explained every morning.
- The Complete Guide to Effective Reading
- The benefits of note-taking by hand
- The Art of Reading More Effectively and Efficiently
- You should be reading academic computer science papers, Stack Overflow Blog
How to Remember What You Read
- Take notes
- Stay focused
- Mark up the book
- Make mental links
- Quit books
The Rule of Three, Coding Horror
- Every programmer ever born thinks whatever idea just popped out of their head into their editor is the most generalized, most flexible, most one-size-fits all solution that has ever been conceived.
- It is three times as difficult to build reusable components as single use components.
- A reusable component should be tried out in three different applications before it will be sufficiently general to accept into a reuse library.
- Refactor vs. Rewrite
- Tripping over the potholes in too many libraries
Releasing & deploying
- How we release so frequently
- How to deploy software, Zach Holman
- BlueGreenDeployment, Martin Fowler
- Move fast and break nothing, Zach Holman
- 🏙 Move fast and don't break things, Google
- Shipping to Production, The Pragmatic Programmer
- SemVer - Semantic Versioning
- CalVer - Calendar Versioning
- Semantic Versioning Will Not Save You
- Version numbers: how to use them?
- Production Readiness Checklist, Gruntwork
- Checklist: what had to be done before deploying microservices to production
- Things end users care about but programmers don't: includes colors, formatting, themes, integrations, UX, compatibility, operations.
- Flipping out, Flickr. One of the first articles about feature flags.
- Feature Flags, Toggles, Controls, a website documenting feature flags, from Launch Darkly.
Feature Toggles (aka Feature Flags), Pete Hodgson, martinFowler.com. Comprehensive article on the topic.
- Deliver new functionality to users rapidly but safely
- Release Toggles allow incomplete and un-tested codepaths to be shipped to production as latent code which may never be turned on.
- Experiment Toggles are used to perform multivariate or A/B testing.
- Ops Toggles control operational aspects of our system's behavior.
- Permissioning Toggles change the features or product experience that certain users receive.
- Static vs dynamic toggles
- Long-lived toggles vs transient toggles
- Savvy teams view their Feature Toggles as inventory which comes with a carrying cost, and work to keep that inventory as low as possible.
- Feature Flags Best Practices: Release Management, LaunchDarkly
- How we ship code faster and safer with feature flags, Github.
- Flipr: Making Changes Quickly and Safely at Scale, Uber
Testing in production:
- Why We Leverage Multi-tenancy in Uber's Microservice Architecture
Developing in Production
- Complex systems have emergent behavior, producing epiphenomenon that only appears with sufficient scale.
- Wood's theorem: As the complexity of a system increases, the accuracy of any single agent’s own model of that system decreases rapidly.
- The more tools and code that you add to create elements in a system, the harder it is to replicate an environment encompassing those tools and code.
- At the core of testing in production is the idea of splitting deployments (of artifacts) from releases (of features).
Testing in Production: the hard parts, Cindy Sridharan
- The whole point of [actual] distributed systems engineering is you assume you’re going to fail at some point in time and you design the system in such a way that the damage, at each point is minimized, that recovery is quick, and that the risk is acceptably balanced with cost.
- How can you cut the blast radius for a similar event in half?
- Differentiate between deployment (0 risk) and release
- Build a deploy-observe-release pipeline
- Make incremental rollouts the norm (canaries, %-based rollouts, etc.)
- Test configuration changes just like you test code
- Default to roll back, avoid fixing forward (slow!)
- Eliminate gray failures - prefer crashing to degrading in certain cases
- Prefer loosely coupled services at the expense of latency or correctness
- Use poison tasters (isolate handling of client input)
- Implement per-request-class backpressure
- Have proper visibility from a client/end-user standpoint (client-side metrics)
- Testing in Production, the safe way
- 📖 Penetration Testing: A Hands-On Introduction to Hacking, Georgia Weidman
- Penetration Testing Tools Cheat Sheet
- A practical guide to securing macOS
- Web Application Security Guide/Checklist
- Reckon you've seen some stupid security things?: everything not to do.
- Checklist of the most important security countermeasures when designing, testing, and releasing your API
- OWASP Cheat Sheet Series: a series of cheat sheets about various security topics.
Secure by Design, a book review by Henrik Warne.
- There is a big overlap between secure code and good software design
- Every domain value should instead be represented by a domain primitive.
- External input needs to be validated before it is used in the system, in the following order: origin, size, lexical content, syntax, semantics.
- Entities should be consistent at creation, have limited operation, shouldn't be sharing mutable objects.
- Three Rs to do every few hours: rotate secrets automatically, repave servers and applications (redeploy on clean footprint), repair vulnerable.
- Don’t use exceptions for the control flow.
- OWASP Top Ten Web Application Security Risks
- ukncsc/zero-trust-architecture: Principles to help you design and deploy a zero trust architecture
- 🏙 Minimum Viable Security
- The Open Software Assurance Maturity Model
- Security by Obscurity is Underrated
- Don't Wanna Pay Ransom Gangs? Test Your Backups, Krebs on Security
- The Beginner’s Guide to Passwords
- Learnings from 5 years of tech startup code audits
- API Tokens: A Tedious Survey: don't use JWT.
- The Six Dumbest Ideas in Computer Security
Training for developers:
- OWASP Security Knowledge Framework
- PagerDuty Security Training
- Gruyere: Web Application Exploits and Defenses
List of resources:
- 🧰 meirwah/awesome-incident-response: tools for incident response
- 🧰 Starting Up Security
- 🧰 decalage2/awesome-security-hardening: security hardening guides, tools and other resources
Shell (command line)
- 🧰 alebcay/awesome-shell
- 🧰 dylanaraps/pure-bash-bible: pure bash alternatives to external processes.
- The Bash Hackers Wiki provides a gentler way to learn about bash than its manages.
- Awk in 20 Minutes
- 🏙 Linux Productivity Tools
- jlevy/the-art-of-command-line: master the command line, in one page must read
- Minimal safe Bash script template
- Command Line Interface Guidelines
- The Linux Commands Handbook
- How to write idempotent Bash scripts
- Learn bash by playing an adventure
- Effective Shell
- Computing from the Command Line
- SQL styleguide
- Best practices for writing SQL queries
- Practical SQL for Data Analysis
- Reasons why SELECT * is bad for SQL performance
- Animate SQL
- 🧰 kahun/awesome-sysadmin: a curated list of amazingly awesome open source sysadmin resources
- 🧰 donnemartin/system-design-primer: learn how to design large scale systems. Prep for the system design interview.
- 🧰 A Distributed Systems Reading List
- 🧰 Services Engineering Reading List
- 🧰 System Design Cheatsheet
- High Scalability: great blog about system architecture, its weekly review article are packed with numerous insights and interesting technology reviews. Checkout the all-times favorites.
- 📖 Building Microservices, Sam Newman (quite complete discussion of microservices)
- 📖 Designing Data-Intensive Applications
- 6 Rules of thumb to build blazing fast web server applications
- Service oriented architecture: scaling the Uber engineering codebase as we grow
- The twelve-factor app
- Introduction to architecting systems for scale
- The Log: What every software engineer should know about real-time data's unifying abstraction: one of those classical articles that everyone should read.
- Turning the database outside-out with Apache Samza
- Scaling to 100k Users, Alex Pareto. The basics of getting from 1 to 100k users.
Systems that defy detailed understanding
- Focus effort on systems-level failure, instead of the individual component failure.
- Invest in sophisticated observability tools, aiming to increase the number of questions we can ask without deploying custom code
- Fallacies of distributed computing, Wikipedia
The biggest thing Amazon got right: the platform
- All teams will henceforth expose their data and functionality through service interfaces.
- Monitoring and QA are the same thing.
Building Services at Airbnb, part 3
- Resilience is a Requirement, Not a Feature
Building Services at Airbnb, part 4
- Building Schema Based Testing Infrastructure for service development
Microservices/splitting a monolith:
- Don’t start with microservices in production – monoliths are your friend
- Deep lessons from Google And EBay on building ecosystems of microservices
Introducing domain-oriented microservice architecture, Uber
- Instead of orienting around single microservices, we oriented around collections of related microservices. We call these domains.
- In small organizations, the operational benefit likely does not offset the increase in architectural complexity.
- Best Practices for Building a Microservice Architecture
- 🏙 Avoid Building a Distributed Monolith
- 🏙 Breaking down the monolith
Monoliths are the future
- "We’re gonna break it up and somehow find the engineering discipline we never had in the first place."
- 12 Ways to Prepare your Monolith Before Transitioning to Microservices
- Scalable web architecture and distributed systems
- 📖 Scalability Rules: 50 Principles for Scaling Web Sites (presentation)
- I already mentioned the book Release it! above. There's also a presentation from the author.
- Service Recovery: Rolling Back vs. Forward Fixing
How Complex Systems Fail
- Catastrophe requires multiple failures – single point failures are not enough.
- Complex systems contain changing mixtures of failures latent within them.
- Post-accident attribution to a ‘root cause’ is fundamentally wrong.
- Hindsight biases post-accident assessments of human performance.
- Safety is a characteristic of systems and not of their components
- Failure free operations require experience with failure.
- 🧰 Testing Distributed Systems
- 🏙 The Walking Dead - A Survival Guide to Resilient Applications
- 🏙 Defensive Programming & Resilient systems in Real World (TM)
- 🏙 Full Stack Fest: Architectural Patterns of Resilient Distributed Systems
- 🏙 The 7 quests of resilient software design
- 🧰 Resilience engineering papers: comprehensive list of resources on resilience engineering
Site Reliability Engineering (SRE)
Note: this section is only about SRE as a role. Checkout the System Architecture for more content related to reliability.
- 📖 Site Reliability Engineering
- Written by members of Google's SRE team, with a comprehensive analysis of the entire software lifecycle - how to build, deploy, monitor, and maintain large scale systems.
- Graduating from Bootcamp and interested in becoming a Site Reliability Engineer?: a great collection of resources to learn about SRE.
Operating a Large, Distributed System in a Reliable Way: Practices I Learned, Gergely Orosz.
- A good summary of processes to implement.
Production Oriented Development
- Code in production is the only code that matters
- Engineers are the subject matter experts for the code they write and should be responsible for operating it in production.
- Buy Almost Always Beats Build
- Make Deploys Easy
- Trust the People Closest to the Knives
- QA Gates Make Quality Worse
- Boring Technology is Great.
- Non-Production Environments Have Diminishing Returns
- Things Will Always Break
- A good availability metric should be meaningful, proportional, and actionable. By "meaningful" we mean that it should capture what users experience. By "proportional" we mean that a change in the metric should be proportional to the change in user-perceived availability. By "actionable" we mean that the metric should give system owners insight into why availability for a period was low. This paper shows that none of the commonly used metrics satisfy these requirements…
- 🏙 High Reliability Infrastructure migrations, Julia Evans.
- 🏙 The Paradox of Alerts: why deleting 90% of your paging alerts can make your systems better, and how to craft an on-call rotation that engineers are happy to join.
Reliability is the one feature every customer users. -- An auth0 SRE.
- 🧰 dastergon/awesome-sre
- upgundecha/howtheysre: a curated collection of publicly available resources on SRE at technology and tech-savvy organizations
- TechnicalDebt, Martin Fowler.
Fixing Technical Debt with an Engineering Allocation Framework
- You don't need to stop shipping features to fix technical debt
- Communicate the business value
- Today, any code that a developer dislikes is branded as technical debt.
- Ward Cunningham invented the debt metaphor to explain to his manager that building iteratively gave them working code faster, much like borrowing money to start a project, but that it was essential to keep paying down the debt, otherwise the interest payments would grind the project to a halt.
- Ur-technical debt is generally not detectable by static analysis.
- ⭐️ Testing strategies in a microservices architecture (Martin Fowler) is an awesome resources explaining how to test a service properly.
Why bother writing tests at all?, Dave Cheney. A good intro to the topic.
- Even if you don’t, someone will test your software
- The majority of testing should be performed by development teams
- Manual testing should not be the majority of your testing because manual testing is O(n)
- Tests are the critical component that ensure you can always ship your master branch
- Tests lock in behaviour
- Tests give you confidence to change someone else’s code
How to test:
- A quick puzzle to test your problem solving... and a great way to learn about confirmation bias and why you're mostly writing positive test cases.
- Testing is not for beginners: why learning to test is hard. This shouldn't demotivate you though!
- Arrange-act-assert: a pattern for writing good tests
- Test smarter, not harder
- The test pyramid, Martin Fowler
- Eradicating non-determinism in tests, Martin Fowler
The practical test pyramid, MartinFowler.com
- Be clear about the different types of tests that you want to write. Agree on the naming in your team and find consensus on the scope of each type of test.
- Every single test in your test suite is additional baggage and doesn't come for free.
- Test code is as important as production code.
- Software testing anti-patterns, Kostis Kapelonis.
- Write tests. Not too many. Mostly integration. for a contrarian take about unit testing
- 🎞 Unit test 2, Integration test: 0
- Testing in the Twenties
- Just say no to more end-to-end tests, Google Testing Blog
- End-to-end testing considered harmful, DZone
- DevDocs API Documentation: a repository for multiple API docs (see also Dash for macOS).
- DevChecklist: a collaborative space for sharing checklists that help ensure software quality
- 🧰 Free for developers: list of free tiers for developments tools and services
- Choose Boring Technology
- Ask HN: Best dev tool pitches of all time?
Version control (Git)
Learning Git, courses and books:
- 📖 Git Book
- Git from the inside out
- Git Tutorials and Training, Atlassian
- Git Immersion
- A Visual Git Reference (a bit more advanced)
- Think Like (a) Git
- Git's database internals I: packed object store: an insightful deep dive from Github
More specific topics:
- Conventional Commits
- Git Merge vs. Rebase: What’s the Diff?
- 🏙 Story-telling with Git rebase
- 🏙 Git Rebase vs. Merge
- 🏙 10 Git Anti Patterns You Should be Aware of
- Learn Git Branching: an interactive game
- Fix conflicts only once with git rerere
- Monorepo Explained
- How to Write a Git Commit Message
Work ethics, productivity & work/life balance
- Your non-linear problem of 90% utilization, Jason Cohen: why constantly running at 90% utilization is actually counter-productive.
- Evidence-based advice on how to be successful in any jobs: most self-help advices are not research-based. The ones listed in this article are.
The Complete Guide to Deep Work
- The ability to perform deep work is becoming increasingly rare at exactly the same time it is becoming increasingly valuable in our economy.
- Choose Your Deep Work Strategy
- Build a Deep Work Routine
- Discipline #1: Focus on the Wildly Important
- Discipline #2: Act on the Lead Measures
- Discipline #4: Create a Cadence of Accountability
- Our Ability for Deep Work is Finite
- The Craftsman Approach to Tool Selection
- Stop Using Social Media
- Get Your Boss on Board With Deep Work
Every productivity thought I've ever had, as concisely as possible
- Context intentionality as the key difference between home and every other place on planet earth
- Rules are about exceptions
Makers, Don't Let Yourself Be Forced Into the 'Manager Schedule'
- Research shows that it takes as long as 30 minutes for makers to get into the flow
- Use maker-manager office hours
- Communication can happen at a quieter asynchronous frequency in the form of thoughtful, written discussions rather than soul-sucking meetings or erratic one-line-at-a-time chat messages
- Build a team knowledge base to minimize repetitive questions and allow self-onboarding.
100 Tips for a Better Life
- Deficiencies do not make you special. The older you get, the more your inability to cook will be a red flag for people.
- History remembers those who got to market first. Getting your creation out into the world is more important than getting it perfect.
- Discipline is superior to motivation. The former can be trained, the latter is fleeting. You won’t be able to accomplish great things if you’re only relying on motivation.
- You do not live in a video game. There are no pop-up warnings if you’re about to do something foolish, or if you’ve been going in the wrong direction for too long. You have to create your own warnings.
- Cultivate a reputation for being dependable. Good reputations are valuable because they’re rare (easily destroyed and hard to rebuild). You don’t have to brew the most amazing coffee if your customers know the coffee will always be hot.
- Compliment people more. Many people have trouble thinking of themselves as smart, or pretty, or kind, unless told by someone else. You can help them out.
- 🏙 2011 GTD Getting Things Done
- Build tools around workflows, not workflows around tools
- Rethinking Best Practices
- The Cult of Done Manifesto
"Do what you love until you love to Do" I often think about the “Read what you love until you love to read” comment from @naval, and this is a good generalization. My experience has been that it is easier to educate a Do-er than to motivate the educated; you have to believe you can Do before you embark on an effort. – John Carmack
- grab/front-end-guide: a study guide and introduction to the modern front end stack.
- Maintainable CSS
- Front-End Developer Handbook 2019, Cody Lindley
- A Directory of design and front-end resources
- Client-Side Architecture Basics
- 🧰 codingknite/frontend-development: a list of resources for frontend development
- 136 facts every web dev should know
- Checklist - The A11Y Project for accessibility
Writing (communication, blogging)
➡️ See also my engineering-management list
Undervalued Software Engineering Skills: Writing Well
- From the HN discussion: "Writing a couple of pages of design docs or an Amazon-style 6 pager or whatever might take a few days of work, but can save weeks or more of wasted implementation time when you realise your system design was flawed or it doesn't address any real user needs."
Sell Yourself Sell Your Work
- If you've done great work, if you've produced superb software or fixed a fault with an aeroplane or investigated a problem, without telling anyone you may as well not have bothered.
The Writing Well Handbook
- Ideas — Identify what to write about
- First Drafts — Generate insights on your topic
- Rewriting — Rewrite for clarity, intrigue, and succinctness
- Style — Rewrite for style and flow
- Practicing — Improve as a writer
- Write Simply, Paul Graham
- Writing is Thinking: Learning to Write with Confidence
It's time to start writing explains why Jeff Bezos banned PowerPoint at Amazon.
- The reason writing a good 4 page memo is harder than "writing" a 20 page powerpoint is because the narrative structure of a good memo forces better thought and better understanding of what's more important than what, and how things are related.
- Powerpoint-style presentations somehow give permission to gloss over ideas, flatten out any sense of relative importance, and ignore the interconnectedness of ideas.
- Programming and Writing, Antirez
- Writing one sentence per line
- Ask HN: How to level up your technical writing?. Lots of great resources.
- Patterns in confusing explanations, Julia Evans
- Technical Writing for Developers
Guides & classes about technical writing:
Documentation Guide — Write the Docs
- Style guides
- Docs as code
- Markup languages
Technical Writing One introduction, Google
- Active voice
- Clear & short sentences
If you’re overthinking, write. If you’re underthinking, read. – @AlexAndBooks_
Resources & inspiration for presentations
- Calvin & Hobbes (search engine)
Website and RSS feeds (I use Feedly):