js |
JavaScriptタグが付けられた新着投稿 - Qiita |
Chrome拡張のUnchecked runtime.lastError: Could not establish connection. Receiving end does not exist.というエラーを解決する。。。終点 |
https://qiita.com/Sukhwinder_Singh/items/a916f6e0a5d599b80d9b
|
しかし、popupjsでchromeruntimesendMessageを使ってbackgroundjsに送信し、backgroundjsでchromeruntimeonMessageaddListenerを使って受信し、sendResponseで送り返しているはずなのですが、時々UncheckedruntimelastErrorCouldnotestablishconnectionReceivingenddoesnotexistというエラーが表示されていました。 |
2021-12-16 03:09:56 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
PreferenceManagerに取り消し線が引かれる原因が知りたい |
https://teratail.com/questions/374043?rss=all
|
preferencemanager |
2021-12-16 03:42:16 |
Program |
[全てのタグ]の新着質問一覧|teratail(テラテイル) |
MetaInfoのheadについてテストしたい |
https://teratail.com/questions/374042?rss=all
|
MetaInfoのheadについてテストしたいnuxtjsでユニットテストを作成しています。 |
2021-12-16 03:10:26 |
golang |
Goタグが付けられた新着投稿 - Qiita |
GoでGraphQLサーバを作る |
https://qiita.com/zigenin/items/df9359bf2f209d08f117
|
vektahdataloadengqlgenと同じ作者ですModelごとにdataloaderのコードを生成する方式ですデータを取得するときに対象のデータを一意に識別するkeyを指定し、取得結果は取得対象のデータの型の変数に格納して返しますkeyには、intやstringなどのcomparableな型しかIDには使えませんgraphgophersdataloaderコード生成をしない方式ですデータを取得するときに対象のデータを一意に識別するkeyを指定し、結果はinterfaceに格納して返します所定のinterfaceを実装していれば、独自のstructでもkeyにすることができます私は後者の方が使いやすいと思っています。 |
2021-12-16 03:07:43 |
海外TECH |
MakeUseOf |
The 7 Best Text-to-Speech Chrome Extensions |
https://www.makeuseof.com/best-chrome-text-to-speech-extensions/
|
chrome |
2021-12-15 18:30:22 |
海外TECH |
MakeUseOf |
3 Reasons Why We Are Not Excited for the OnePlus 10 |
https://www.makeuseof.com/why-not-excited-for-oneplus-10/
|
doesn |
2021-12-15 18:26:16 |
海外TECH |
MakeUseOf |
How to Install the Google Play Store on Windows 11 |
https://www.makeuseof.com/windows-11-install-google-play-store/
|
windows |
2021-12-15 18:15:12 |
海外TECH |
MakeUseOf |
How a Battery Works and 3 Ways You Can Ruin It |
https://www.makeuseof.com/tag/battery-works-3-ways-can-ruin/
|
How a Battery Works and Ways You Can Ruin ItThe modern battery is featured in so many of our favourite technologies that you could almost be forgiven for not spending time learning about their workings |
2021-12-15 18:05:22 |
海外TECH |
MakeUseOf |
How Elon Musk Caused the Price of Dogecoin to Spike |
https://www.makeuseof.com/how-elon-musk-caused-dogecoin-price-spike/
|
crypto |
2021-12-15 18:05:22 |
海外TECH |
DEV Community |
How to build a secure crypto wallet |
https://dev.to/cossacklabs/how-to-build-a-secure-crypto-wallet-58jp
|
How to build a secure crypto walletCossack Labs security engineers are engaged in improving the security of several large public blockchain ecosystems and their hot non custodial crypto wallets We gathered lots of observations about crypto wallets security how they are different from the banking apps what are the unique threats they face and how novel crypto works with traditional crypto From security engineersーto software developers we re here to share this practical security development knowledge with you From the defender s point of view the crypto wallet s attack surface is enormous But from the attacker s point of view it s not so difficult to combine flaws especially if the crypto wallet s code is open sourced So let s explore specific security flaws and their synergies Click on the picture below to get lots of examples and practical advice on the risks and threats of crypto wallets design concerns and implementation issues ⇲Follow Cossack Labs for more updates |
2021-12-15 18:47:55 |
海外TECH |
DEV Community |
How to SSH Properly |
https://dev.to/goteleport/how-to-ssh-properly-4eg2
|
How to SSH ProperlyGus Luxton for TeleportOriginally published at goteleport com SSH Best PracticesThere s no denying that SSH is the de facto tool for nix server administration It s far from perfect but it was designed with security in mind and there s been a huge amount of tooling written over the years to make it easier to use In addition many popular products and just about every server deployment system integrates with SSH somehow It is universally supported across pretty much all architectures and distributions from Raspberry Pis all the way up to massive supercomputer clusters SSH is a powerful tool which often grants a lot of access to anyone using it to log into a server In this post I m going to talk about a few different ways that you can easily improve the security of your SSH model without needing to deploy a new application or make any huge changes to user experience In essence this blog post is a collection of industry best practices to SSH security and it s written with OpenSSH users in mind SSH certificatesMost people can agree that using public key authentication for SSH is generally better than using passwords Nobody ever types in a private key so it can t be keylogged or observed over your shoulder SSH keys have their own issues however The next level up from SSH keys is SSH certificates OpenSSH has supported the use of certificates since OpenSSH which was released back in With SSH certificates you generate a certificate authority CA and then use this to issue and cryptographically sign certificates which can authenticate users to hosts or hosts to users You can generate a keypair using the ssh keygen command like this ssh keygen t rsa b f host ca C host caGenerating public private rsa key pair Enter passphrase empty for no passphrase Enter same passphrase again Your identification has been saved in host ca Your public key has been saved in host ca pub The key fingerprint is SHA tltbnMalWg skhm VlGLdxHiVPozyuOPlWypdEO host caThe key s randomart image is RSA o o o o o o E S o o o o o o Oo oo ooo SHA ls ltotal rw gus gus Mar host ca rw r r gus gus Mar host ca pubThe host ca file is the host CA s private key and should be protected Don t give it out to anyone don t copy it anywhere and make sure that as few people have access to it as possible Ideally it should live on a machine which doesn t allow direct access and all certificates should be issued by an automated process In addition it s best practice to generate and use two separate CAs one for signing host certificates one for signing user certificates This is because you don t want the same processes that add hosts to your fleet to also be able to add users and vice versa Using separate CAs also means that in the event of a private key being compromised you only need to reissue the certificates for either your hosts or your users not both at once As such we ll also generate a user ca with this command ssh keygen t rsa b f user ca C user caThe user ca file is the user CA s private key and should also be protected in the same way as the host CA s private key Issuing host certificates to authenticate hosts to users In this example we ll generate a new host key with no passphrase then sign it with our CA You can also sign the existing SSH host public key if you d prefer not to regenerate a new key by copying the file etc ssh ssh host rsa key pub from the server signing it on your CA machine and then copying it back ssh keygen f ssh host rsa key N b t rsa ls l rw ec user ec user Mar ssh host rsa key rw r r ec user ec user Mar ssh host rsa key pub ssh keygen s host ca I host example com h n host example com V w ssh host rsa key pubEnter passphrase the passphrase used for the host CASigned host key ssh host rsa key cert pub id host example com serial for host example com valid from T to T ls l rw ec user ec user Mar ssh host rsa key rw r r ec user ec user Mar ssh host rsa key cert pub rw r r ec user ec user Mar ssh host rsa key pubssh host rsa key cert pub contains the signed host certificate Here s an explanation of the flags used s host ca specifies the filename of the CA private key that should be used for signing I host example com the certificate s identity an alphanumeric string that will identify the server I recommend using the server s hostname This value can also be used to revoke a certificate in future if needed h specifies that this certificate will be a host certificate rather than a user certificate n host example com specifies a comma separated list of principals that the certificate will be valid for authenticating for host certificates this is the hostname used to connect to the server If you have DNS set up you should use the server s FQDN for example host example com here If not use the hostname that you will be using in an ssh config file to connect to the server V w specifies the validity period of the certificate in this case weeks one year Certificates are valid forever by default expiry periods for host certificates are highly recommended to encourage the adoption of a process for rotating and replacing certificates when needed Configuring SSH to use host certificatesYou also need to tell the server to use this new host certificate Copy the three files you just generated to the server store them under the etc ssh directory set the permissions to match the other files there then add this line to your etc ssh sshd config file HostCertificate etc ssh ssh host rsa key cert pubOnce this is done restart sshd with systemctl restart sshd Your server is now configured to present a certificate to anyone who connects For your local ssh client to make use of this and automatically trust the host based on the certificate s identity you will also need to add the CA s public key to your known hosts file You can do this by taking the contents of the host ca pub file adding cert authority example com to the beginning then appending the contents to ssh known hosts cert authority example com ssh rsa AAAABNzaCycEAAAADAQABAAACAQDwiOsoQW KKQOrZZoXgyWcmAJtySILZSwoGXBKgurVjmmBNRsHetlQiJqeoKXvGRafalWuw iWjLisZrPrmDg pCbyKnreFEaDFocDhoiIcbUiImIWcpPJXFOKLuafdeKWJAfcClnAEqsA PhgxfKMQZUFGsQ GjStjIXiRYCQBHFDzzNmQuBhUsAYNqbnaiTI pRtuknsglxKP rQiNfBfPQhsGeyJzTTup KKlxarjkMOlFXMUMaAj cDrBSzvSrfOwzkqyzYGHzQhST lWQZrOddRszGPOWbRQzddUGiCMUllUxrb HQOkVyvnxDwMAtiZItSGzRPblUSHMmCVpZTwvaLLmMEEIklWHcbBAWAcdFEKBuusgJpMlFktmZkSqnimwdQApal EpdQZSHbeBcbBcbpNmYqnmBFrNSKkEpQOwBnFvjjdYBAXqQqrcqHUqfwkXBchDndwyWbAdPMg jwtVrwVqOcaeeQCNHIFhIRTqnpECFGCCy EDSFNZM JStQoNOrMOvZmecbpXH UJIHOkhwETBYIeFRUYocjHNAuPFMLbEagGtPLgSCTXNRMEXgQ host caThe value example com is a pattern match indicating that this certificate should be trusted for identifying any host which you connect to that has a domain of example com such as host example com above This is a comma separated list of applicable hostnames for the certificate so if you re using IP addresses or SSH config entries here you can change this to something like host host host or as appropriate Once this is configured remove any old host key entries for host example com in your ssh known hosts file and start an ssh connection You should be connected straight to the host without needing to trust the host key You can check that the certificate is being presented correctly with a command like this ssh vv host example com gt amp grep Server host certificate debug Server host certificate ssh rsa cert v openssh com SHA dWiLkJvfNAtyzdLmFuEkygWRtZCNaZJiF serial ID host example com CA ssh rsa SHA gVhYAAWrBWBwhuXsxyHSCjYOPo XerqQijg valid from T to T debug Server host certificate hostname host example comAt this point you could continue by issuing host certificates for all hosts in your estate using your host CA The benefit of doing this is twofold you no longer need to rely on the insecure trust on first use TOFU model for new hosts and if you ever redeploy a server and therefore change the host key for a certain hostname your new host could automatically present a signed host certificate and avoid the dreaded WARNING REMOTE HOST IDENTIFICATION HAS CHANGED message Issuing user certificates to authenticate users to hosts In this example we ll generate a new user key and sign it with our user CA It s up to you whether you use a passphrase or not ssh keygen f user key b t rsa ls l rw r r gus gus Mar user key pub rw gus gus Mar user key ssh keygen s user ca I gus goteleport com n ec user gus V d user key pubEnter passphrase the passphrase used for the user CASigned user key user key cert pub id gus goteleport com serial for ec user gus valid from T to T ls l rw gus gus Mar user key rw r r gus gus Mar user key cert pub rw r r gus gus Mar user key pubuser key cert pub contains the signed user certificate You ll need both this and the private key user key for logging in Here s an explanation of the flags used s user ca specifies the CA private key that should be used for signing I gus goteleport com the certificate s identity an alphanumeric string that will be visible in SSH logs when the user certificate is presented I recommend using the email address or internal username of the user that the certificate is for something which will allow you to uniquely identify a user This value can also be used to revoke a certificate in future if needed n ec user gus specifies a comma separated list of principals that the certificate will be valid for authenticating i e the nix users which this certificate should be allowed to log in as In our example we re giving this certificate access to both ec user and gus V d specifies the validity period of the certificate in this case d means day Certificates are valid forever by default so using an expiry period is a good way to limit access appropriately and ensure that certificates can t be used for access perpetually If you need to see the options that a given certificate was signed with you can use ssh keygen L ssh keygen L f user key cert pubuser key cert pub Type ssh rsa cert v openssh com user certificate Public key RSA CERT SHA egWNucUZaqwmzoyTtktacjxKktjOi ydrOqZ Signing CA RSA SHA tltbnMalWg skhm VlGLdxHiVPozyuOPlWypdEO using ssh rsa Key ID gus goteleport com Serial Valid from T to T Principals ec user gus Critical Options none Extensions permit X forwarding permit agent forwarding permit port forwarding permit pty permit user rc Configuring SSH for user certificate authenticationOnce you ve signed a certificate you also need to tell the server that it should trust certificates signed by the user CA To do this copy the user ca pub file to the server and store it under etc ssh fix the permissions to match the other public key files in the directory then add this line to etc ssh sshd config TrustedUserCAKeys etc ssh user ca pubOnce this is done restart sshd with systemctl restart sshd Your server is now configured to trust anyone who presents a certificate issued by your user CA when they connect If you have a certificate in the same directory as your private key specified with the i flag for example ssh i home gus user key ec user host example com it will automatically be used when connecting to servers Checking logsIf you look in your server s sshd log for example by running journalctl u sshd you will see the name of the certificate being used for authentication along with the fingerprint of the signing CA sshd Accepted publickey for ec user from port ssh RSA CERT ID gus goteleport com serial CA RSA SHA tltbnMalWg skhm VlGLdxHiVPozyuOPlWypdEOIf the user tries to log in as a principal user which they do not have permission to use for example their certificate grants ec user but they try to use root you ll see this error in the logs sshd error key cert check authority invalid certificatesshd error Certificate invalid name is not a listed principalIf the certificate being presented has expired you ll see this error in the logs sshd error key cert check authority invalid certificatesshd error Certificate invalid expiredOne way that you could make further use of user certificates is to set up a script which will use your CA to issue a certificate to log into production servers valid only for the next two hours Every use of this script or process could add logs as to who requested a certificate and embed their email address into the certificate After this is done every time the user uses that certificate to access a server regardless of which principal they log in as their email address will be logged This can provide a useful part of an audit trail There are many other useful things you can do with SSH certificates such as forcing a specific command to be run when presenting a certain certificate or denying the ability to forward ports X traffic or SSH agents Take a look at man ssh keygen for some ideas Enforce the use of a bastion hostAnother way to improve your SSH security is to enforce the use of a bastion host a server which is specifically designed to be the only gateway for access to your infrastructure Lessening the size of any potential attack surface through the use of firewalls enables you to keep a better eye on who is accessing what Switching to the use of a bastion host doesn t have to be an arduous task especially if you re using SSH certificates By setting up your local ssh config file you can automatically configure all connections to hosts within a certain domain to go through the bastion Here s a very quick example of how to force SSH access to any host in the example com domain to be routed through a bastion host bastion example com Host example com ProxyJump bastion example com IdentityFile user keyHost bastion example com ProxyJump none IdentityFile user keyTo make this even simpler if you add user key to your local ssh agent with ssh add user key you can also remove the IdentityFile entries from the SSH config file Once you re using the bastion host for your connections you can use iptables or another nix firewall configuration tool of your choosing on servers behind the bastion to block all other incoming SSH connections Here s a rough example using iptables iptables A INPUT m state state RELATED ESTABLISHED j ACCEPT iptables A INPUT p tcp dport s lt public IP of the bastion gt j ACCEPT iptables A INPUT p tcp dport j DROPIt s a good idea to leave a second SSH session connected to the bastion while running these commands so that if you inadvertently input the wrong IP address or command you should still have working access to the bastion to fix it via the already established connection Add factor authentication to your SSH logins factor authentication makes it more difficult for bad actors to log into your systems by enforcing the need for two different “factors or methods to be able to successfully authenticate This usually comes down to needing both “something you know like a password or SSH certificate in our example and “something you have like a token from an app installed on your phone or an SMS with a unique code One other possibility is requiring the use of “something you are for example a fingerprint or your voice In this example we ll install the google authenticator pluggable authentication module which will require users to input a code from the Google Authenticator app on their phone in order to log in successfully You can download the app for iOS here and Android here As a general note it s always important to consider the user experience when enforcing security measures If your measures are too draconian then users may attempt to find ways to defeat and work around them which will eventually reduce the overall security of your systems and lead to the creation of back doors To give our users a reasonable experience in this example we are only going to require factor authentication to be able to log into our bastion host Once authenticated there users should be able to log into other hosts simply by using their valid SSH certificate This combination should give an acceptable level of security without interfering too much with user workflows With this in mind however it is always prudent and appropriate to enforce extra security measures in specific environments which contain critical production data or sensitive information Install google authenticatorOn RHEL CentOS based systems you can install the google authenticator module from the EPEL repository sudo yum install for RHEL CentOS change for other versions sudo yum install google authenticatorFor Debian Ubuntu based systems this is available as the libpam google authenticator package sudo apt get install libpam google authenticatorThe google authenticator module has many options you can set which are documented here In the interest of saving time we are going to use some sane defaults in this example disallow reuse of the same token twice issue time based rather than counter based codes and limit the user to a maximum of three logins every seconds To set up Google factor authentication with these settings a user should run this command google authenticator d f t r R WYou can also run google authenticator with no flags and answer some prompts to set up interactively if you prefer This will output a QR code that the user can scan with the app on their phone plus some backup codes which they can use if they lose access to the app These codes should be stored offline in a secure location Scan the generated QR code for your user now with the Google Authenticator app and make sure that you have a digit code displayed If you need to edit or change any settings in future or remove the functionality completely the configuration will be stored under google authenticator Configure PAM for factor authenticationTo make the system enforce the use of these OTP one time password codes we ll first need to edit the PAM configuration for the sshd service etc pam d sshd and add this line to the end of the file auth required pam google authenticator so nullokThe nullok at the end of this line means that users who don t have a second factor configured yet will still be allowed to log in so that they can set one up Once you have factor set up for all your users you should remove nullok from this line to properly enforce the use of a second factor We also need to change the default authentication methods so that SSH won t prompt users for a password if they don t present a factor token These changes are also made in the etc pam d sshd file On RHEL CentOS based systems comment out auth substack password auth by adding a to the beginning of the line auth substack password auth On Debian Ubuntu based systems comment out include common auth by adding a to the beginning of the line include common authSave the etc pam d sshd file once you re done Configure SSH for factor authenticationWe also need to tell SSH to require the use of factor authentication To do this we make a couple of changes to the etc ssh sshd config file Firstly we need to change ChallengeResponseAuthentication no to ChallengeResponseAuthentication yes to allow the use of PAM for credentials We also need to set the list of acceptable methods for authentication by adding this line to the end of the file or editing the line if it already exists AuthenticationMethods publickey keyboard interactiveThis tells SSH that it should require both a public key which we are going to be satisfying using an SSH certificate and a keyboard interactive authentication which will be provided and satisfied by the sshd PAM stack Save the etc ssh sshd config file once you re done At this point you should restart sshd with systemctl restart sshd Make sure to leave an SSH connection open so that you can fix any errors if you need to Restarting SSH will leave existing connections active but new connections may not be allowed if there is a configuration problem Test it outConnect to your bastion host directly and you should see a prompt asking you for your factor code ssh bastion example comVerification code Type the code presented by your Google Authenticator app and your login should proceed normally If you check the sshd log with journalctl u sshd you should see a line indicating that your login succeeded Mar ip ec internal sshd Accepted keyboard interactive pam for gus from port ssh ConclusionIn conclusion the recommended industry best practices for SSH security are Use SSH certificates Enforce the use of bastion hosts Add factor authentication to your SSH loginsThe methods above give practical examples of several ways in which you can improve the security of your SSH infrastructure all while giving users the flexibility to keep using the tools they re familiar with This blog post was written by Gus who works on Teleport the open source SSH access tool which implements the industry best practices for SSH access by default and requires minimal configuration Related Posts SSH Handshake Explained What is SSH Handshake Restricted Shell Restricted commands for SSH |
2021-12-15 18:27:03 |
海外TECH |
DEV Community |
Advent of Code 2021 Python Solution: Day 15 |
https://dev.to/qviper/advent-of-code-2021-python-solution-day-15-1834
|
Advent of Code Python Solution Day Once I failed DSA in my bachelor s degree and I never really understood Graphs and Path Finding but each year Advent of Code makes me try it once Instead I used something easier than Dijkastra from scratch Skimage have a way to find Minimum Cost Path Solutionimport numpy as npfrom skimage import graphdata data get data data np array int i for dt in data for i in dt reshape len data datadata np array int i for dt in data for i in dt reshape len data window data copy rs cs window shapecost graph MCP window fully connected False cost find costs starts journey window pos for pos in cost traceback rs cs print f Part sum journey times biggernew window window copy nrow np hstack new window new window new window new window new window new window np vstack nrow nrow nrow nrow nrow rs cs new window shapenew window new window new window cost graph MCP new window fully connected False cost find costs starts journey new window pos for pos in cost traceback rs cs print f Part sum journey Why not read more Gesture Based Visually Writing System Using OpenCV and PythonGesture Based Visually Writing System Adding Visual User InterfaceGesture Based Visually Writing System Adding Virtual Animationn New Mode and New VUIGesture Based Visually Writing System Add Slider More Colors and Optimized OOP codeGesture Based Visually Writing System A Web AppContour Based Game Break The BricksLinear Regression from ScratchWriting Popular ML Optimizers from ScratchFeed Forward Neural Network from ScratchConvolutional Neural Networks from ScratchWriting a Simple Image Processing Class from ScratchDeploying a RASA Chatbot on Android using UnitydNaive Bayes for text classifications Scratch to FrameworkSimple OCR for Devanagari Handwritten Text |
2021-12-15 18:16:03 |
海外TECH |
DEV Community |
Collective Community: How we empower developers |
https://dev.to/linearb/collective-community-how-we-empower-developers-1noc
|
Collective Community How we empower developersThis article was written exclusively for devinterrupted com by Ben Matthews Putting employees and your community first should be a crucial priority for every organization and it shouldn t exist only in principle it must exist as an actionable goal Fostering a community within your team creates a foundation for high performance but it only works if you lead people first At Stack Overflow the level of collaboration between engineers is a step above any other organization I have seen It takes conscious effort on the part of leadership to foster a work environment that puts employees first Managers should choose to put people first because it s the right thing to do not just a vague claim to a cliche Thankfully we live in a world where the data demonstrates that caring for people first is also the economic thing to do No one has ever done a better job because they were scared stressed or worried about their future especially in jobs centered around creativity and problem solving such as software development This commitment to people is the leadership philosophy behind Stack and helps guide our decision making and our workplace culture It also helped us to create Collectiveson Stack Overflow To get there we needed a successful engineering team and culture here s how we built it Indicators of team healthCommon metrics that organizations tend to follow are often a symptom of a team s performance but not necessarily the whole story Velocity predictability bug rate etc should be viewed as an indicator of team health not as a goal to be achieved sometimes the best indicators to follow are subjective and relative to the people and teams After all what does success look like If people are getting what they need agreed upon expectations are being met and team morale is high that s real success If this kind of people driven success is occurring you ll start to notice that things like velocity time and predictability will naturally improve and not the other way around For the record predictability should never be the goal The end goal should always be to create value for your customers and or your community Any team or manager for that matter can make predictability look good if they are making sure that they never fail a given estimate on paper but that s not an indicator of good product creation If you re actually producing value and you have a well run team predictability will follow It s a side effect a symptom of good team health Servant LeadershipAt Stack Overflow we ve had long talks about what metrics we feel provide valuable feedback and those we believe are valuable to track Numbers are important and should not be ignored but again they should not be the standalone goal Tracking the right metrics should facilitate introspection for your organization and leaders would do well to keep this in mind If we have a bad sprint it tends to trigger us to think “what went wrong and “how can we improve this for next time instead of thinking this was a failure of certain individuals For instance if you had a sprint where you achieved a really high velocity you should celebrate that success But at the same time you should be asking yourself what led to that success Was there a behavior that changed Not everything is internal Sometimes external factors a pandemic as an apropos example influence successful team metrics just as much as internal ones do Remember to look behind the metrics to see what s impacting team members As far as following specific methodologies is concerned try not to get hung up on the little things analysis paralysis occurs is often a huge drain on performance and focus of the team Time spent sitting around and arguing about whether something is a three point or a four point story is not productive Call it a four and keep moving Good leaders should keep their developers developing while removing any hindrances to their performance ideally before it is even on their radar Building a team and your productIf you ve been around software development long enough I m sure you ve had the experience of joining an organization where everything is dictated in a top down approach This kind of “my way or the highway thinking ultimately undermines your teams and makes your organization rigid in an industry that is far more creative than some like to admit A good manager will do their best to accommodate their teams even if that means allowing a team to communicate or operate in a way that is not established within an organization Recently one of my most productive teams started to struggle after the project we were working on started to shift A lot of the QA and code review work associated with the stories became large and unwieldy and the common practice was to have that wrapped in with the dev story That makes sense after all the former can t ship without the later Eventually we just tried separating out the more cumbersome tasks into their own stories The immediate and biggest reaction was from folks overly invested in the metrics we just doubled our stories and made it appear that story cycle time virtually doubled The instinct was to say “this is a step backward Undo it all but that would be ignoring what s going on behind the metrics more work was getting done and the bug count dropped As those were saying we need to go back because the metrics showed team health was bad my response was to just change the metrics to accurately reflect our healthier team that chose their own workflow Adopting this mindset as a manager provides huge returns for your organization People are happier when they are not being forced into something that doesn t fit With team members that control how they work on their own and especially with each other comes higher value creation Work life BalanceI have never met anyone that works better when they re worried about what s going on in their personal life I ve found this over and over in my career as a developer and eventually a manager inspired me to write about it People who are under stress feel strained to come up with strong solutions and tend to generate less errors Those people who say “this person just works well under pressure are really just saying “This person s performance doesn t fold as much as others once emergencies happen That s a good quality for them sure but nothing an team should brag about that should be embarrassing that it happened enough that some people have reputations around crises Work life balance is not something a company sacrifices that s zero sum thinking It s been shown time and again that the opposite is true Providing people with things like leave and an investment in their mental health has more for an organization s productivity than filling out timesheets ever will At Stack we have a policy of unlimited sick days no questions asked If you need a day we trust you to be able to take care of yourself When you take care of people they will work better and faster that s also what they want to do Regardless of the stereotypes people will often hear from naysayers who balk at the idea of unlimited sick time the folks who just want to phone it in and game the system are the minority So much so that spending the effort considering how to manage the time a person takes a sick day when they aren t sick is probably more of a time sink than how much it will happen By choosing to be invested in your people s health an organization chooses to be a place that values its employees When you avoid zero sum thinking getting trapped in the idea that if employees are benefiting the company must be losing you begin to realize that working with instead of against those you represent leads to happier people and a better bottom line We took all these leadership principles and applied them to CollectivesAt Stack Overflow we re quite a flat company And I don t mean this by measuring the number of levels between an engineer and the CEO it s for the record but people of all levels have a voice in product decisions Engineers are heavily involved in what we build and how it is built Being a company built for engineers and driven by engineers is a huge part of why Stack Overflow is successful This success has allowed a beautiful community to thrive on our public platform but we are always looking at how best we can give back to that community How do we help our community grow How do we make those experiences more meaningful Those are the questions that guide us at Stack “Anything that fosters our users ability to help each other and to benefit from it That s always a homerun from the Dev Interrupted Podcast at With that in mind we ve launched Collectives a new way for the community to interact with the maintainers of the technology they use most As I discussed on the Dev Interrupted Podcast Collectives are dedicated spaces on Stack Overflow where you can find the resources including questions and technical articles and trusted answers you need faster by centralizing that content and connecting you with the product experts and trusted users For instance if you have questions about Google Go you can get answers directly from those who help maintain the language I am extremely proud of the work that went into this and the work that we continue to do to make it something our users can enjoy Like all new adventures there is a constant feedback loop we work through to try and keep making Collectives and Stack Overflow a better and more welcoming place It is still the Stack Overflow you know and loveThe Beta release of Collectives was a huge success We ve seen over users join Collectives on Stack Overflow and start collaborating since the launch in June That said we know we don t have a Collective for everyone yet For users that don t want to take part or haven t found a Collective that they re excited about yet their Stack Overflow experience is not going to change For instance we re not changing accepted answers whether it comes from Google our new partner or not If people don t vote for an answer it doesn t get accepted Content moderation will be treated the same way Moderators will interact with content from sponsored users just like they would anyone else “I think the most positive thing about it is that people aren t losing the site that they love and that we re really proud of from the Dev Interrupted Podcast at With our community update organizations will be able to improve the visibility and detail of content being created around their technologies and users will be able to find more relevant and accurate answers they can put to use solving problems while being better recognized for their contributions Ultimately providing both organizations and users with more actionable insights These efforts allow Slack to build better communities because after all that s really what we do we are in the business of building communities Collectives do just that Starved for top level software engineering content Need some good tips on how to manage your team This article is based on an episode of Dev Interrupted the go to podcast for engineering leaders Dev Interrupted features expert guests from around the world to explore strategy and day to day topics ranging from dev team metrics to accelerating delivery With new guests every week from Google to small startups the Dev Interrupted Podcast is a fresh look at the world of software engineering and engineering management Listen and subscribe on your streaming service of choice today |
2021-12-15 18:10:22 |
Apple |
AppleInsider - Frontpage News |
Apple releases Swift Playground 4 with iPad-based app development support |
https://appleinsider.com/articles/21/12/15/apple-releases-swift-playground-4-with-ipad-based-app-development-support?utm_medium=rss
|
Apple releases Swift Playground with iPad based app development supportApple has released Swift Playgrounds the newest version of its development app with support for creating apps directly on an iPad Swift Playgrounds The new version of Swift Playgrounds has been in development for some time At WWDC Apple previewed the fourth version of the app which will allow users to learn how to build apps and submit them to the App Store directly on an iPad Read more |
2021-12-15 18:52:02 |
Apple |
AppleInsider - Frontpage News |
Deals: get Apple's 2020 27-inch Intel iMac 5K for a record low $1,400 |
https://appleinsider.com/articles/21/12/15/deals-get-apples-2020-27-inch-intel-imac-5k-for-a-record-low-1400?utm_medium=rss
|
Deals get Apple x s inch Intel iMac K for a record low Apple s inch iMac is on sale for a new low price of on Amazon for a limited time Get the inch iMac at a new low priceThe Intel based inch iMac is still available for those who can t wait for the M series update or need a good Intel machine Get it today for a record low price on Amazon while supplies last Read more |
2021-12-15 18:40:22 |
Apple |
AppleInsider - Frontpage News |
Animated kids show 'El Deafo' coming to Apple TV+ on Jan. 7 |
https://appleinsider.com/articles/21/12/15/animated-kids-show-el-deafo-coming-to-apple-tv-on-jan-7?utm_medium=rss
|
Animated kids show x El Deafo x coming to Apple TV on Jan Apple TV has announced a new series for kids and families called El Deafo based on the New York Times best selling graphic memoir of the same name Apple TV series El Deafo Described as a charming and poignant three part animated series the series features voice actors like Lexi Finigan Pamela Adlon Jane Lynch and Chuck Nice All episodes of the series will debut on Jan Read more |
2021-12-15 18:27:31 |
Apple |
AppleInsider - Frontpage News |
Apple wipes on-device CSAM photo monitoring from site, but plans unchanged |
https://appleinsider.com/articles/21/12/15/apples-hold-on-implementing-on-device-csam-photo-monitoring-may-be-permanent?utm_medium=rss
|
Apple wipes on device CSAM photo monitoring from site but plans unchangedApple removed all signs of its CSAM initiative from the Child Safety webpage on its website at some point overnight but the company has made it clear that the program is still coming Apple announced in August that it would be introducing a collection of features to iOS and iPadOS to help protect children from predators and limit the spread of Child Sexual Abuse Material CSAM Following considerable criticism from the proposal it appears that Apple is pulling away from the effort The Child Safety page on the Apple Website had a detailed overview of the inbound child safety tools up until December After that date reports MacRumors the references were wiped clean from the page Read more |
2021-12-15 18:41:58 |
海外TECH |
Engadget |
‘OlliOlli World’ arrives on February 8th |
https://www.engadget.com/olli-olli-world-release-date-nintendo-switch-indie-world-showcase-183933899.html?src=rss
|
OlliOlli World arrives on February thThe latest Indie World Showcase stream has wrapped up and while there was unfortunately no word about Hollow Knight Silksong Nintendo has revealed more details about other games that are coming to Switch Among them is OlliOlli World which will be released on February th The latest OlliOlli game from Roll which Take Two recently bought is a skateboarding platformer in which you score points by pulling off tricks as you make your way through the world of Radlandia Along with there are two asynchronous multiplayer modes In Gnarvana League you ll duke it out for the highest score and the more you play the more cosmetic items you ll unlock for your character In the Gnarvana Portal mode you can take on levels that are procedurally generated with a few customizable factors in mind such as style difficulty and length You can share creations with other players using a code which will work across all platforms Roll and publisher Private Division have also announced two expansions for OlliOlli World The Void Riders DLC which will arrive in summer will add more levels characters gameplay options cosmetics and a new biome The second expansion is set for next fall and more details will be revealed later As well as Switch OlliOlli World is coming to PC PlayStation PS Xbox One and Xbox Series X S Pre orders start today and the base version of the game costs The Rad edition which costs includes both expansions Owners of the base game will be able to buy the DLC separately nbsp Other titles featured during the Indie World Showcase include Chicory A Colorful Tale The game in which you paint the world to explore and solve puzzles was a critical hit earlier this year It s available on Switch today Also coming to the hybrid console today are the excellently named action platformer Dungeon Munchies party game Let s Play Oink Games and stealth puzzle adventure Timelie for which a demo will be available Don t Starve Together nbsp and Omori are getting ported to Switch this spring Among the new games that are setting sail for Switch are Sea of Stars an RPG prequel to The Messenger which will arrive in holiday puzzle title Aliisha The Oblivion of Twin Goddesses spring Figment Creed Valley February with a demo available today and River City Girls summer |
2021-12-15 18:39:33 |
ニュース |
BBC News - Home |
Covid: UK reports highest daily cases since the pandemic began |
https://www.bbc.co.uk/news/uk-59673150?at_medium=RSS&at_campaign=KARANGA
|
covid |
2021-12-15 18:41:13 |
ビジネス |
ダイヤモンド・オンライン - 新着記事 |
タリバン支配下アフガンの危機、世界に波及か - WSJ PickUp |
https://diamond.jp/articles/-/290712
|
wsjpickup |
2021-12-16 03:50:00 |
ビジネス |
ダイヤモンド・オンライン - 新着記事 |
22年到来の「悪い円安」を止められない日銀、利上げが通用しない理由 - マーケットフォーカス |
https://diamond.jp/articles/-/290773
|
日本経済 |
2021-12-16 03:45:00 |
ビジネス |
ダイヤモンド・オンライン - 新着記事 |
米新車の値引き消滅、価格上乗せ浸透 - WSJ PickUp |
https://diamond.jp/articles/-/290637
|
wsjpickup |
2021-12-16 03:40:00 |
ビジネス |
ダイヤモンド・オンライン - 新着記事 |
米政治が正常化するはずだった年 - WSJ PickUp |
https://diamond.jp/articles/-/290772
|
wsjpickup |
2021-12-16 03:35:00 |
ビジネス |
ダイヤモンド・オンライン - 新着記事 |
住宅ローン「減税幅の縮小」は怖くない!それ以上を取り戻す簡単な方法 - ビッグデータで解明!「物件選び」の新常識 |
https://diamond.jp/articles/-/290775
|
住宅ローン |
2021-12-16 03:30:00 |
ビジネス |
ダイヤモンド・オンライン - 新着記事 |
認知症の本人から見た世界とは?お風呂に入りたくない、トイレが間に合わない… - ニュース3面鏡 |
https://diamond.jp/articles/-/288982
|
認知症の本人から見た世界とはお風呂に入りたくない、トイレが間に合わない…ニュース面鏡認知症の人から見えている世界とは認知症の「本人」の視点から、その気持ちや困りごとがまとめられた筧裕介さんの『認知症世界の歩き方』ライツ社は、認知症の人が経験する出来事を旅形式でまとめています。 |
2021-12-16 03:25:00 |
ビジネス |
ダイヤモンド・オンライン - 新着記事 |
理系の多くが、仕事に役立つ論理思考を苦手とする理由 - できるコンサルタントがしている ロジカルシンキングの技術 |
https://diamond.jp/articles/-/289854
|
経営コンサルタント |
2021-12-16 03:15:00 |
ビジネス |
ダイヤモンド・オンライン - 新着記事 |
就活は親世代と子世代でこんなに変わった!意識ギャップを埋める基礎知識 - 就活最前線 |
https://diamond.jp/articles/-/290716
|
齟齬 |
2021-12-16 03:10:00 |
ビジネス |
ダイヤモンド・オンライン - 新着記事 |
【大学入試2022】早期合格志向と少子化には「強気」の姿勢で臨もう - 2020年代の教育 |
https://diamond.jp/articles/-/290577
|
【大学入試】早期合格志向と少子化には「強気」の姿勢で臨もう年代の教育回目となる大学入学共通テストの出願も締め切られ、年度一般選抜型入試の幕が開けた。 |
2021-12-16 03:05:00 |
サブカルネタ |
ラーブロ |
そば処やじろべゑ@谷塚(きつねそば) |
http://ra-blog.net/modules/rssc/single_feed.php?fid=194607
|
配信 |
2021-12-15 18:16:00 |
コメント
コメントを投稿