Bureau of Programming


“The White Working Class’s Dysfunction”

Kevin D. Williamson, for the National Review, offers a vicious takedown of America’s economically-depressed, bygone towns:

The truth about these dysfunctional, downscale communities is that they deserve to die. Economically, they are negative assets. Morally, they are indefensible.

(Editor’s note: The Bureau is a politics-free space. In keeping with our mission of sharing thoughtful ideas from around the web, we link to this provocative article that touches on economics, libertarianism, and other subjects of interest to our readers.)



How to Detect User Log-in Across Browser Tabs

Some sites like GitHub prompt users to refresh the page when they sign in using a different browser tab. This feature is useful for users, who can benefit from the additional user-specific page context, and for site operators, who may receive fewer support inquiries.

Here’s how GitHub’s Web Storage-based implementation works:

  1. Ensure the browser supports the Web Storage API (window.localStorage).

  2. Determine if the user is currently logged-in. For example, GitHub adds a meta element to its HTML responses with the user’s username:

     <meta name="user-login" content="bobsmith">

    When a user is not logged-in, the element exists, but the content is empty. (If the element can’t be found, it aborts.)

  3. Set the user’s logged-in status using window.localStorage.setItem.

  4. Monitor storage events by creating an event listener:

     window.addEventListener("storage", function(e){
       // Check for changes to the value of the key that
       // stores the user's logged-in state

    Events fire whenever a change is made to the Storage object, but only when that change is made in a different context (e.g., a different browser tab).

  5. In the listener’s callback, check for changes to the value of the key set in step #3. If e.newValue exists and differs from the initial value retrieved on page load, the user has logged-in or logged-out; prompt the user to reload the page.

GitHub’s developers chose to check and store the length of the username (bobsmith) to determine whether the user’s status has changed. This is a good design decision because not only does it detect log-ins and log-outs, but it will also detect most people who have logged-out and then logged-in again as a different user (so long as the lengths of the usernames differ).

They may have chosen not to store and use the username directly so as to reduce the impact of a browser vulnerability exposing this data to an attacker. For an even more sophisticated implementation, consider storing a one-way hash of user’s username to check against.



The Best and Worst of OSCON 2017

I attended OSCON 2017 in Austin last week. For me, it was a great opportunity to learn more about GraphQL, Rust, graph databases (Neo4j), site reliability engineering, and NGINX’s caching features.

My favorite session was led by David Celis and Garen Torikian:

From REST to GraphQL: Why a query language is perfect for writing APIs
For years, REST has been the standard architecture for APIs. But a new technology is emerging, one that’s perfect for developing rich, client-friendly APIs: GraphQL. David Celis and Garen Torikian explain why this query language is being adopted by companies like Shopify, Pinterest, and GitHub and show you how you can leverage GraphQL for your own APIs.

As O’Reilly begins to upload the slides and videos from the respective talks, I thought it’d be useful to have a reference to which events were rated most highly. After the break is a table with each tutorial and session listed by their attendees’ mean rating, as shown on their respective event pages. (Unrated events are not listed.)

Continue reading (9 minutes) • Save to Instapaper



PyCon 2017 Videos

PyCon is uploading their 2017 convention to YouTube, 143 videos—over 10,000 minutes of material—and counting.




With the non-stop hysteria over Google and Facebook smothering the open Web, you’d think there’d be more promotion of what good people are still writing and cataloging on small, independent sites. The smart way to convince people to leave the walled garden is to showcase all the hidden, unmanicured gems outside of it. Today, we’re doing our part by linking to AINT—BAD.

AINT—BAD is an independent collective and publisher of new photographic art out of Savannah, GA. The site showcases one or two contemporary photographers and their work every day (e.g., Cody Cobb).



“Kill Google AMP”

Scott Gilbertson, writing for The Register, on Google’s Accelerated Mobile Pages (AMP) project:

What [AMP] is, is a way for Google to obfuscate your website, usurp your content and remove any lingering notions of personal credibility from the web.

AMP is a lousy deal for everyone except Google.