Greatest Hits

Roy Fielding’s advice on versioning APIs is, well, succinct:

Don’t.

In a subsequent interview, he thankfully clarifies:

Websites don’t come with version numbers attached because they never need to.

Neither should a RESTful API.

In one of our own posts on HTTP, we hinted that HTTP does, in fact, support versioning. After all, as Fielding says in that same interview…

Read more…

Analytics and machine learning are increasingly relevant tools in the software professional’s toolbox. Statistics and probability now play a greater role than ever in our work.

Games can be a fun “gateway drug” for learning these techniques. In particular, the sports industry has recently turned to mathematics in the quest to gain a competitive advantage. Organizations like FiveThirtyEight, originally…

Read more…

Recent buzz about Facebook React—I guess there was a conference or an announcement or something?—inspired an internal discussion here at Panda Strike. We’re on the record as not being big fans of the framework, but, as a group of smart, spirited software professionals, we sometimes disagree. Our respective opinions on Facebook React, and possibly many other things, may differ from those…

Read more…

HTTP is the world’s most successful application protocol. Yet it is widely maligned and misunderstood. Part of the problem is a poor developer experience. Part of the problem is that a Ph.D. dissertation is usually not the best introduction to a subject. And part of the problem is that building network applications is hard and we blame HTTP for that when we shouldn’t.

Read more…

The HTTP protocol gets a bad rap. HTTP is simply an application protocol that provides a well-considered set of features for distributed applications. Naming, caching, compression, and so forth, are not superfluous complications introduced by HTTP. They’re just things distributed applications need to do. HTTP is annoying because distributed computing is annoying.

Read more…

Troy Hunt recently wrote a blog post with the wonderfully descriptive title, It’s 2016 already, how are websites still screwing up these user experiences?!. Many of the problems Mr.Hunt describes are manifestations of content producers inability to figure out how to make money.

Read more…

Estimating the cost and duration of software projects is, apparently, a hard problem. Thus, Hofstadter’s Law:

It always takes longer than you expect, even when you take into account Hofstadter’s Law.

I was reminded of this, and inspired to write this blog post, when I saw an Web app pop up in my Twitter feed. It’s called Guesstimate and it describes itself as “a spreadsheet for things that are uncertain.” There’s even a…

Read more…

Developers are struggling to fully leverage HTTP and REST. By definition, we can stipulate that they’re difficult technologies. This is largely because distributed computing is hard. And HTTP and REST are distributed computing technologies. If we want to solve this problem, we need make things easier. In particular, we need better tooling and libraries that make it easier to…

Read more…

Our clients hire us because we create value for them. But that value isn’t always obvious to decision-makers and stakeholders. They may believe finishing a given project is possible with fewer resources or in less time.

Ideally, we can help answer their questions. After all, I’ve played a technical leadership role in a variety of organizations over…

Read more…

Prior to becoming a Panda, I studied as a theoretical chemist. So, while my computer science education is not exactly traditional, I learned a great deal about applying computers to physical models.

The toy I’ve built for your entertainment honors both the old and new in my life. The browser conducts a 2-dimensional simulation of free particles that exert an attractive force on each other…

Read more…

Back in 2012, I wrote a blog post introducing the idea of Web capabilities. Once in awhile, someone asks me what happened to it. The answer: I don’t know. I can’t even find it on archive.org.

Since then, the rise and fall of Bitcoin introduced the capability security model to the world, in the form of the private keys used to sign Bitcoin…

Read more…

Apple recently integrated ad-blocking capabilities into iOS9. This triggered a spate of articles predicting the end of the world as we know it. The only question was whether the ending was a comedy or a tragedy.

I’m here to tell you: this ad-blocking business is the best thing ever. Empowering consumers to limit ad inventory will force…

Read more…

A long-running theme on this blog is that the Open Web matters. And, further, that the Web isn’t broken, it’s just fine, thank you very much. This includes JavaScript, which is, of course, a central part of the Open Web stack. Although it might be more fun to laugh about peculiar edge cases, or bemoan the size…

Read more…

Our recent post about Relay and REST raised some interesting questions.

Bickering about REST aside, doesn’t Relay solve some real problems?

Yes. But Facebook set up REST as a strawman. There’s enough confusion about REST already without adding to it.

Read more…

Web Components are awesome, because component-oriented architectures are a proven model for interaction design. (For example, the two major mobile operating systems are arguably component-oriented.) Also because they are being defined as part of an open standard, and, as such, will enjoy ubiquitous support from browser vendors. In short, they’re a long overdue part of the Open…

Read more…

Data-oriented API frameworks, like Relay and Falcor, are trying to solve problems for which HTTP APIs appear, even to experienced developers and architects, to be poorly suited. Let’s put aside spurious claims about HTTP and REST, and explore these concerns.

Read more…

I’ve never had any interest in being a REST or HTTP evangelist. However, I believe that the Web, and the Internet upon which it stands, are possibly the most significant technological developments since the printing press. That’s why the Web-is-broken meme bothers me so much. The Web isn’t broken—it’s better than ever. It…

Read more…

Facebook’s on an evil mission. It wants to convince you that the web is broken. So Facebook recently introduced Relay. To explain why you “need” Relay instead of REST, they made a series of claims about why REST is broken.

Read more…

A few months ago, I talked about why I don’t like React. One of the reasons is that I believe Facebook, and frameworks like React, are undermining the Open Web. This may not be intentional. I certainly don’t think it is the intention of the developers on those projects. But I’m less confident in the motivations of the people running the companies behind these frameworks. And…

Read more…

In our last blog post, we argued that if you want to keep people in a physical office so that you can assess their productivity, then you probably don’t know how to assess developer productivity. And obviously, if your job includes managing engineers, that’s a useful skill to have.

Read more…

Developers have to retool their skill sets on a regular basis if they want to stay relevant. This has been true for a very long time and it’s widely considered part of the job. But today, managers have to retool their skill sets from time to time as well. This is a new development.

Read more…

I once saw an intelligent comment on Hacker News:

Asynchronous communications are best for development teams. Taking out an exclusive lock on every developer’s full attention for 15 minutes is extremely dumb.

If you’re a programmer, you already know why this is true. If not, consider this comic, which was retweeted and linked to so widely that it crashed the server it ran on.

Read more…

Talent is crucial to running a tech company, and hiring remote workers can be a spectacular advantage. In places like San Francisco, with fierce and constant competition for engineering talent, it can be a shock to say “ok, we’ll try hiring remote,” and suddenly get inundated with amazing resumés.

Read more…

The practical meaning of “doing Agile development” has changed over the years. To quote two Agile consultants…

From a programmer-centric, Extreme Programming focus in the early days, to a more inclusive approach in the mid-2000s, to a project management and Scrum focus in more recent years.

Read more…

There’s been a lot of excitement lately about React. React seems to have bumped Angular from the top of the hippest-framework mountain. This is unfortunate, because both of these frameworks are bad for your application’s health. They’re also bad for the entire software industry. For new applications, please, for the love of all things open, use Web components instead.

Read more…

The Agile Manifesto was written in mid-February of 2001, and it made the tech industry a better place. But it was written by people, not gods, and its day is fading. Likewise, the Scrum development methodology helps people build stuff, but it has flaws. So let’s talk about what Panda Strike does instead of Scrum and Agile, and why.

Read more…

Bastion host(s) are a useful and important component of a system management infrastructure. A bastion-host, in this context, is actually more properly, but more obscurely, called a jump server. In this post I will simply use the term bastion host. It is the most commonly used term for the system’s function: a server, which has undergone security hardening steps, that is the operational and…

Read more…

Here’s what we’ve learned so far:

• In part 1, we said that HTTP views the Internet as a big key-value store.
• In part 2, we established that GET, PUT, and DELETE were the main methods, with POST acting as a fallback for things that don’t fit the key-value store model.
• In part 3, we discussed how to discover and dynamically construct URLs to reduce coupling between client and server.
• In part 4, we explored a flexible mechanism, known as content negotiation, that allows the client to choose their preferred content format.

Read more…

Here’s what we’ve learned so far:

• In part 1, we said that HTTP views the Internet as a big key-value store.
• In part 2, we established that GET, PUT, and DELETE were the main methods, with POST acting as fallback for things that don’t fit the key-value store model.
• In part 3, we discussed URLs, the principle of opacity, use of parameters to dynamically construct URLs, and discovery to obtain an initial set of URLs.

Read more…

In part 1, we said that HTTP views the Internet as a giant, distributed key-value store. In part 2, we reviewed the semantics of HTTP’s methods, with GET, PUT, and DELETE acting as the main interface, and POST acting as a fallback for things that don’t fit key-value store abstraction. In this article, we’re going to explore the utility of the ubiquitious URL…

Read more…

In part 1, we said that HTTP views the world as a distributed key-value store. The URLs are the keys and the values are resources. Resources, in turn, are actually dictionaries of different representations, or formats, for the resource. For example, a video resource might have different encodings, each of which is a representation that can be accessed if you know its media…

Read more…

The HTTP protocol is generally poorly understood. There are a variety of reasons for this, but one of them is that it’s a fairly rich protocol and, consequently, writing clients and servers that take full advantage of its features is non-trivial. Naturally, developers either make use of a subset of those features or use something else entirely, like Web Sockets…

Read more…