June 27, 2012.
One of my recent tasks in Ginger was to ensure that we weren’t leaking referrer URLs when you click on an external link in Ginger. It seemed like an easy task and one that’s probably been solved before. What I found was a trainwreck of solutions and a classic example of the trade-off between security and usability.
We use human-readable slugs in our URLs in Ginger. It makes it easy to identify where a link goes just by looking at it. It’s a win for usability. We also allow users to create links to external sites in the messages they create. Another usability win.
The problem is when a user clicks on one of these links, the URL from Ginger could be sent as the HTTP Referrer to the external site. This is bad for security and privacy. Those nice URLs could leak sensitive information ...
June 15, 2012.
When your client is hundreds of miles away, but your bed only three feet, it helps to understand motivation.
The first thing to understand about motivation is that it’s not something you do to someone. That’s called coercion. With enough power you can make anyone do almost anything, but you can’t make them want to; and typically creative work done by people who want to do it is better. The tl;dr of motivation is this:
If you want to build a ship, don’t start by collecting wood, sawing planks and assigning tasks, but awaken in people’s hearts a yearning for the beautiful deep sea. – Antoine de St Exupéry, Citadelle
Extrinsic motivation (especially contingent rewards such as bonuses) has been shown to only improve performance on menial repetitive tasks, and to decrease performance on even slightly creative tasks. There’s a good summary in ...
June 5, 2012.
After a month or two of being submersed in Backbone, I’ve seen the light and am now relatively competent. When I got started I was completely lost. Here are some things that probably would have helped me back then. Whenever possible, I’ve linked to the source of the Backbone Todo example for code samples.
In many ways, Backbone and Django are similar. They’re both MVC-like, but some of the terminology they use is different. Here’s a quick map: