Will EJS Escape Save Me From XSS? Sorta

If you’ve never had your website reported for cross-site scripting (XSS) vulnerabilities then you’re missing out. Of course, it’s great to get it right the first time. But it’s hard to beat that sense that you’re wide open for attack, it’s your fault, and everyone knows it thanks to some white-hat hacker. This raises the… Continue reading Will EJS Escape Save Me From XSS? Sorta

Are You Being Wooed?

An interesting and short article went over the predictable labor shortage caused by the difference between the sizes of the Baby Boomer and Gen X population groups. It talked about Employment Branding.

The technical term is “Employment Branding,” and it’s how companies woo top talent. They showcase their company culture, values, benefits, perks, executive team, staff members, business mission, and anything else that will make a great candidate want to work for them instead of their competitor.

… Google, Zappos, Amazon, and Facebook aren’t the only hot employers on our planet. They’re just the ones that embraced Employment Branding when others didn’t. But soon, we’ll be seeing companies of all shapes and sizes strutting their stuff in hopes of catching our eyes. It’s going to be a great year!

Has this been true for you? I know I talk up our unique workplace — especially for top candidates. How prominently has “Employment Branding” featured in your recent job interviews?

Just finished putting up flags around my neighborhood with my two oldest sons. (It’s a Cub Scout fundraiser.) I hope you have a meaningful day.

You might try out FamilySearch.org for finding out more about your ancestors today. I admit I’m biased. I’ve written code there.

(My words are my own and no-one else’s. They are particularly not my employer’s or the BSA’s.)

An Irritable Programmer Calls 911

Operator: Please state the nature of your emergency. Programmer: I need immediate assistance. Operator: Are you injured? Programmer: Look lady, I don’t want to turn this into a status meeting. Status is Not Stupid I’ve noticed people saying the word “status” with scorn: “Now, instead of getting work done we’re just reporting on status.” In fact, I’ve heard… Continue reading An Irritable Programmer Calls 911

Merge Pull Requests Like a Legendary Project Maintainer

If you haven’t written code on GitHub then stop what you’re doing and make something out there. (You really should have a portfolio on GitHub.)

When you’re working all by your lonesome it doesn’t come up much, but add another person to the mix and pull requests can get stressful and laggy real fast. If you’re ready to upgrade your workflow then read about the better way to merge pull requests.

If you don’t learn how to use the hub command line tool then you’ll often find yourself having to decide how bad the request has to be before you’ll throw it back for polish.

Git OCD types will be particularly gratified now they can easily tweak pull requests before merging them. Now you can fix little problems here and there while still giving proper props.

Thanks to Jamis Charles for posting this link.

Embrace The Right Stress

An excellent article in a recent Wall Street Journal lays out a better way to deal with performance anxiety. Though most of us (91%) think of calming down as the proper response to stage jitters the proven better alternative is to welcome the anxiety as a performance enhancer.

In other words, it’s better to tell yourself, “I am excited,” than to give the aspirational lie, “I am calm.”

Not only does your audience rate you better, and your performance on objective criteria rises, but you will find the event less taxing.

According to the article this simple trick of stress-mindset may even be effective at avoiding burnout.

The article doesn’t mention this, but it seems wise to see that there is a difference between the stress that accompanies a moment of high-performance, and the chronic stress of worry.

I’m sure you should still find times in the day and week to unplug and seek a lower level of energy. But in the moment when performance is necessary it is clearly better to be truthful about your emotions, accept them, and have faith that they will elevate your performance.

Sublime Text’s column mode makes it really easy to create multiple cursors and make repetitive edits. This comes in handy all the time.

On Mac, Sublime Text’s default key-binding for entering column mode conflicts with the system’s default key bindings for the “slow-mo” version of mission control.

I like mission control. I hate slow mo. Apparently you can’t have one bound to ctrl-up without the other bound to ctrl-shift-up.

Luckily it’s pretty easy to modify the sublime text shortcut from ctrl-shift-up (and down) to ctrl-alt-up (and down).

Just add the following bindings to your user key-bindings:

{ "keys": ["ctrl+alt+up"], "command": "select_lines", "args": {"forward": false} },
{ "keys": ["ctrl+alt+down"], "command": "select_lines", "args": {"forward": true} }

Of course, take care to get the line-ending-commas right if you already have bindings in that file.

I hope that helps you.

Mac Tip: “Show Hidden Files” Key Combo

Often I need to look at hidden files or files in hidden directories. Thanks to this article I now know the key combo to show them: ⌘⇧. (command plus shift plus period)

Quotpourri: Listening, Safety, and Leadership

From an SSCA Newsletter (and the linked to Desktop Coach article). Active Listening Listen with the absence of thought. Listen without a filter. Listen without inserting your own viewpoints, paradigm, personal experiences, or belief systems. Listen without feeling the need to provide an answer. Build a Circle of Safety [The] best organizations foster trust and cooperation because… Continue reading Quotpourri: Listening, Safety, and Leadership

Hug Your Kids and Smell Their Hair

This article on Burnout comes thanks to Grant Skousen (@gskousen) who sent it to me in reply to the article I linked to on Tuesday.

I’m pretty sure I was burning out some-time in 2013. A lot of what the article says resonates with me. The top two are

1 – “Make time for numero uno”

It’s kinda silly so I don’t like to tell a lot of people, but I often listen to fiction on my commute. Especially Epic Fantasy like The Wheel of Time or Words of Radiance.

I blush to add that I’m now branching into vampire novels. It’s not great writing, but that’s not the point: SOMETIMES MY BRAIN NEEDS A TWINKIE.

When I was a developer I always listened to 2 to 4 technical and management podcasts on my commute every day. (Thank goodness for 3x playback.) It made me feel so productive. I loved what I was learning.

The bloom started to wilt a few months after becoming a manager. I would get this rising level of anxiety that said, “These ideas are awesome! I have to do them all RIGHT NOW!“

Since I’ve added fiction to my rotation I’ve found I get to work energized and come home ready to adore my kids.

I still listen to business and technical books and podcasts from time to time, but I keep a close watch on how they affect my state of mind. Maybe it sounds silly, but it works for me.

2 – “Have a process”

This was something I didn’t need as much as a developer, but is CRITICAL as a manager.

I thought life was bad as a dev. In management it got worse.

I have way more “bosses” now than I ever had as a dev. I have far more conflicting “number one priorities.”

Having a process for ingesting, digesting, and executing on input has become more and more crucial for me.

A Bow Always Strung Loses Its Spring

It’s great to be driven. But if you aren’t careful you’ll loose it all.

Practice mindfulness. Smell those roses. If you have kids then smell their hair when you hug them (my favorite smell in the world).

You’ve got to respect all those clichés or they will gang up and get you, eventually.