I'll soon be available for hire!
What you get if we work together:
- 7 years of experience building beautiful, accessible, and scalable fullstack React / Node.js / Next.js apps
- Level 47 TypeScript wizard
- Keen eye for design & clean architecture
DMs open, RT appreciated 🙏
#ConfinementJour21
- Analyse de l'attestation numérique fournie par le gouvernement 🇫🇷👇
- Les premières analyses de Numérama sont correctes:
- Pas d'envoi de données
- QR Code en clair avec date de génération
En revanche... 1/
@FdeRugy
Ok, donc arrêt immédiat du projet
#MontagnedOr
, des exploitations de
@total
au large de la Guyane, du
#GCO
(et j'en passe). Sinon vous êtes complice.
@tdinh_me
I'm a "back-and-forth" fullstack dev.
Safari compatibility issues? Let's work on the API instead.
Orchestration and scaling problems? Now wouldn't that subscribe button better with another shade of blue?
😅
@rafrasenberg
Both, because they don't have the same purpose.
Client-side is to tell the user what is wrong before they submit.
Server side is because you should never trust user-provided input. Your client-side validation can easily be bypassed by a direct POST from an attacker.
Stock
@nodejs
keeps getting better and better.
You no longer need the following packages:
glob → node:fs (v22)
dotenv → --env-file
chalk → { styleText } from 'node:utils'
jest → node:test
Props to
@matteocollina
,
@yagiznizipli
and team 🙌
Comment utiliser ce service de manière privée et sécurisée ?
- Passez en mode incognito sur votre navigateur (ça règle le problème des cookies)
- Fermez la page une fois le formulaire généré
- Rouvrez une nouvelle page pour chaque génération, toujours en incognito
8/
Alors oui, c'est relou de re-rentrer ses informations à chaque fois. Mais n'oublions pas:
- Un confinement strict est la seule manière de réduire l'exposition au COVID-19
- Ces dérogations doivent être exceptionnelles
En gros:
#RestezChezVous
😘
Donc en gros, ça sent moyen bon tout ça:
- Les cookies peuvent pister la génération des formulaires
- L'info de génération est envoyée à une entreprise Américaine
(pour une fois, ce n'est pas Google)
Positif:
- Les infos personnelles restent en local
7/
@matteocollina
One of the best talks on the topic is
@jasnell
's "Broken Promises"
Lots of good tips of things to avoid, and why it matters for performance. I learnt a lot from it.
Mon analyse de l'
#attestationdedeplacement
numérique:
👍 Pas d'envoi des données
😕 Un service hébergé aux USA 🇺🇸
😱 Des cookies pistant la génération du PDF
Solution:
🕵️ Utiliser le mode incognito du navigateur
Plus de détails 👇
#ConfinementJour21
- Analyse de l'attestation numérique fournie par le gouvernement 🇫🇷👇
- Les premières analyses de Numérama sont correctes:
- Pas d'envoi de données
- QR Code en clair avec date de génération
En revanche... 1/
@SimonHoiberg
Quick
#a11y
tip: don't use clickable <div>, it's not accessible to users with screen readers or tab navigation.
Use <button> or <input type="button"> for anything interactive. It uses semantic HTML elements that are tailored for the job.
The
@prisma
docs are one of the best in town. TIL they also have published this Data Guide.
Everything you wanted to know about databases but were afraid to ask.
🏗 Data modelling
🧩 Migrations
🐘 PostgreSQL
🐬 MySQL
🗄 SQLite
C'est donc inquiétant: grâce au cookie visid_incap_783176, le gouvernement peut pister les requêtes de génération de formulaires, avec un identifiant unique par visiteur valable pour un an.
Il y a également un 3e cookie: ___utmvc, qui contient un paquet de données.. 3/
Pour ceux qui se poseraient la question du RGPD et de la légalité du pistage sans opt-out, le point est soulevé dans la politique de confidentialité:
Cela dit, vu qu'ils utilisent des cookies limités au bon domaine, pas sûr que ces réglages s'appliquent..
@wesbos
I can't count the number of times I learned a cool CSS technique from diving in the devtools on a site that showcased it like this.
This is the beauty of the open web: it's there for all to see and learn.
Ce cookie ne dure pas longtemps, quelques secondes à peine. C'est plus son utilisation qui est intéressante: un pixel de tracking !
Plus précisément, vers une route /_Incapsula_Resource
4/
Qui plus est, résoud vers l'IP 152.199.19.183, qui est située...
En Virginie, aux USA 🇺🇸
Sûrement car le service d'Incapsula utilise ses propres serveurs.
6/
Une requête de téléchargement du formulaire vierge est envoyée à chaque téléchargement, avec deux cookies:
incap_ses_467_783176
visid_incap_783176
Le premier est lié à la session, et regénéré lorsqu'on ferme et rouvre la page.
Le second en revanche est valable pour un an. 2/
✨New blog post: Mobile device frames for
@excalidraw
I made some frames for iOS devices (iPhone, iPad, Apple Watch). They are free to use (CC-BY-4.0), and can be downloaded here:
Android & others coming soon, add your requests below! 👇
Incapsula est un service Américain qui peut servir à la mitigation d'attaques DDoS, ou à la livraison optimisée d'applications web. En l’occurrence ici, je ne vois pas trop ce que le pixel de traçage vient faire là.
5/
Prototyping something cool: field-level encryption for
@prisma
🔐
- Annotate which fields to encrypt in the schema
- The Post.title field is encrypted in the sqlite DB
- But the response is in clear text
Transparent field-level encryption at rest 🥳
@SimonHoiberg
Side-effect alert: this will mutate the `movie` variable, injecting the meta object into it.
For immutable merges with Object.assign, start with an empty object where all further arguments can be merged into:
Object.assign({}, movie, meta)
@t3dotgg
Or if macOS Preview/Quicklook supported it.
I don't particularly care about the format, just let me see the image without opening a photo editing app.
💡Handy little hack for
@excalidraw
: use
@Firefox
Container Tabs to open multiple sketches.
It works because each Container Tab isolates localStorage, where the sketch data is stored.
No more losing your work when opening a file: use a new container.
@athoune
Moins hacker, plus sysadmin: Cillian Murphy dans Tron Legacy, qui `ps | grep | kill` une "attaque".
Ca passe vite, mais ça fait plaisir de voir des vraies commandes utilisées correctement.
Weekend project: contribute to
@alisalahio
's
#opensource
status checker toolbar, by adding support for
@clever_cloud
🇫🇷
Now I can monitor all the services my apps depend on in one place 🥳
Weekend project preview: partitioning a circle into 32 sections of equal-ish areas to represent SHA256 hashes as avatars. Each section will have an 8 bit color in it.
cc
@TheBuilderJR
😉
#buildinpublic
@SimonHoiberg
I find it hard to reason about, but fortunately* JavaScript has a `padStart` function that does a similar job:
* unless you're stuck in IE.
Say hi to Docs: end-to-end encrypted collaborative document editing in Proton Drive
✍️ Create, edit, and share documents securely
🤝 Collaborate in real-time with live cursors, presence indicators, and comments
↕️ Import/export with ease
1 / 2
✍️ New blog post: "Testing against every
@nextjs
canary release"
TL;DR: I made a little cron script to poll the GitHub releases API and trigger a GitHub Actions workflow run when they publish a release, to bulletproof next-usequerystate.
Tip: Using
@chakra_ui
colors with external styles.
Combine useToken and useColorModeValue to add dark mode support to components that need a resolved value:
I'm going to ship a micro-SaaS today 🚀
It gives you an OpenGraph image URL from a Figma design in one click.
Follow along as I
#buildinpublic
.
This morning:
- Proof of concept
- Landing page skeleton
Tech used:
- Next.js
-
@vercel
-
@chakra_ui
-
@figmadesign
@SimonHoiberg
1 and 2 will mutate the original list object
3 and 4 will create a new list without the first element
Another immutable approach that I'd use:
const newList = list.slice(1)
Yes, slice and splice will do the same thing in this particular case, but beware their difference.
From the archives: Authenticating with the
@Strava
API in a
@rustlang
CLI.
Covers:
- The basics of OAuth
- Authentication vs Authorization
- Data-race freedom & multithreading safety
Full code is
#opensource
as usual.
Design system tip: if you have opaque backgrounds/borders on UI components, use mix-blend-mode: multiply, so they work on different coloured backgrounds.
@SimonHoiberg
And if TypeScript / ESLint yells at you about an "unused variable":
const { qux: _, ...cleanFoo } = foo
By convention, variables starting with _ (or just _ itself, it's a valid variable name in JavaScript) mean "unused" or "internal", and validation tools tend to ignore them.
@jackdomleo7
You can build a house with Lego, but if you only use bricks of the same colour, you'll have a hard time finding the doors and windows. Using different colours and shape for those make them stand out, and make your task easier: some bricks are already door or window-shaped.
Route links with
#ChakraUI
&
#NextJS
:
- Supports `as` for Next.js dynamic routes
- Stylable with Chakra style props
- Full TypeScript typings
Since I use those all the time I might ship a library for Next.js + Chakra UI utilities (_app.tsx boilerplate, theming...)
Weekend project: a transaction explorer for
@CentralizedCoin
Using the hash avatars I made on Friday and CC's public API.
Made with
@chakra_ui
, React Query & Next.js.
@SimonHoiberg
I do both C++ and JavaScript for various clients. Here's my quick fits-in-a-tweet feedback:
JavaScript gigs are easier to find (usually startups)
C++ gigs are easier to scale (usually larger businesses)
Also: why pick ? Learn a few different languages, it gives perspective.
Building a
#2FA
feature with ChakraUI in a Next.js app :
✅ 😍 Elegant
✅ 😀 Complete UI toolkit with
#a11y
✅ ⚡️ Fast prototyping with API routes
✅ 🚀 Performant
👏
@thesegunadebayo
&
@rauchg
@FaktCheck
@FlatEarthOrg
@NASAhistory
Have you ever wondered why you never see the Google car directly on Street View shots ? Same reason you don't see Curiosity's "selfie stick"
My freelance business is thriving this year, I just passed the 35.6k€ threshold to require charging VAT. 🥳📈
🇫🇷 Quelques astuces pour les autoentrepreneurs en France 👇
@wistia
Yeah, nothing speaks "Business should be human" like "we're going to violate GDPR and CCPA and make tons of cash on top of people who have not accepted any of this".
I'm making a batteries-included SaaS starter template:
⚡️ Built on Next.js
🎨
@chakra_ui
for
#a11y
UIs
🐘
@prisma
+ PostgreSQL + React Query
💳
@stripe
to accept payments in minutes
🔒
@nextauthjs
(login with any service + email + passwordless)
🟦
@typescript
💯
🤖 SEO ready
@silindsoftware
It depends®.
Arrow functions for local inline function definitions (eg: map/filter/reduce callbacks with a helpful name).
Named function for top-level exported functions, so they show up nicely in the call stack/debugger.
@SimonHoiberg
Another useful one: the constructor.
Create an Array of 12 elements: const a = Array(12)
However, those will be 12 "empty slots", to iterate over them you'll need to fill it first with anything:
Array(12)
.fill(0)
.map((_, index) => index)
=> [0, 1, 2, 3, 4, ...]
Damn,
@AtilaFassina
's talk on signals and fine-grained reactivity makes me want to try
@solid_js
.
For a React conference, a lot of the good stuff is ironically not about React 😅
#ReactParis
@imjulianeral
@benawad
@ryanflorence
JWTs are stateless, you don't need to store them on the backend.
I split mine into two cookies (both SameSite, https only):
- Payload accessible by JS, expires with JWT
- Signature httpOnly
Read more about this pattern:
With my PR accepted in
@chakra_ui
, I'll be able to keep the menu open to show a spinner when loading the customer portal.
Other meny links navigate instantly and close the menu as usual 😊