When creating software, it’s common to deal with secrets like database passwords, API access tokens, etc. There are many ways to make secrets available to software. Below are notes on some of the ways. Threat Modeling might help you determine which way is best for what you are doing. Environment variables Putting secrets in environment variables (env vars) is very easy and might be fine if your setup is simple and otherwise very secure....

Using stored procedures instead of putting SQL statements directly into a service’s code can increase security. There are multiple reasons why. Reduced attack surface The main security benefit is that hackers will be more limited in what they can do if the database credentials they steal can only call stored procedures. As a demonstration, let’s say your data can only be accessed by stored procedures that each take a Discord user ID as input....

Discord bots run as web services that use Discord’s API. They listen for requests from Discord and send responses. They need their own databases if a way to persist data is necessary. However, some Discord bot features require saving some data about the bot in Discord’s servers, such as slash command names. Automated testing of Discord bots tends to be very limited or nonexistent since Discord has rate limits and is too complex to practically mock....

Some differences between pointers and references can be confusing, especially since there are several different definitions for those words. This can make it difficult to answer simple questions like “Does Golang have reference types?” (TLDR: most people and the official Go FAQ say that Go does have reference types.) Pointers In some languages like C++, pointers can point anywhere in memory. They can point to null, or to memory with data of the pointer’s type, or any other part of memory....

Below are a bunch of commonly used packages and other tools for software development with Go. Go has excellent backwards and forwards compatability, so tools that haven’t been updated in a long time may still be a great choice. Unless otherwise noted, each tool listed here appears to me to be good enough at what it does that I don’t feel the need to look at alternatives. If you’re new to Go, check out Learning Go....

Bookmarklets are browser bookmarks that run some JavaScript instead of navigating to a website. They can do anything JavaScript can do including change fonts, search for phone numbers, remove all images, change the background color, automatically fill a form, and so much more. This guide by Hongkiat Lim explains bookmarklets in more detail and lists many of the most popular ones. More examples Here’s one I made. You can drag it into your bookmarks bar: copy markdown link....

Here are a bunch of tools I found for reading, editing, and more with PDFs. I have not tried all of these but they all look promising. Read Sumatra PDF is the best PDF reader for Windows. The default PDF readers on other platforms seem to work well. Edit, annotate, sign, or fill SimplePDF is an in-browser PDF editor. Some browsers, such as Firefox, include PDF editing tools. You can select a PDF and “Open with” a browser....

The first full version of Stardown has been released! Stardown is a free browser extension I created for copying markdown links for websites. One click on its icon copies a markdown link for the current page. A double-click copies markdown links for all tabs. Right-clicking a website gives you a markdown link for where you right-clicked. Although I have tons of bookmarks, I save even more website links into markdown files in Obsidian and notes about software I’m working on....

Creating browser extensions is easier than I expected, but still has some challenging parts. A great way to start learning how to make extensions is the Chrome dev docs. Creating your first extension requires a lot of trial and error. It gets easier as you learn how extensions work and how to use the browser APIs. On sites like Stack Overflow, many discussions have answers that make assumptions, such as that you’re creating a content script and so have access to the document variable (which is not accessible in background scripts)....

Docker is a tool that makes running software easier by creating a container, which is like a little virtual computer with a more predictable configuration than most computers. Containers are very portable, by which I mean they can be created in and run in any operating system that can run Docker. For example, a container could run Linux within it, and the container itself could run on Mac, Windows, and Linux....