Hacker News with Generative AI: Best Practices

Ask HN: What commit message conventions do you follow? (ycombinator.com)
I'm new to the world of programming and came to know about commit conventions. Just wanted to know what conventions do you use.
Are libraries always the best choice in secure development? (ycombinator.com)
I attended a secure development course where the instructor insisted on always using third-party libraries.
The "late‐binding closure" pitfall in Python (notion.site)
Prefer tee -a, not >>, in CI (huonw.github.io)
Shell scripts sometimes have to append data to a file. Redirecting output with >> is the conventional way and works fine, but using tee -a instead is a usually better default, especially in continuous integration. It’s just as easy and gives automatic introspection: the same value is printed to stdout and so appears in normal logs too.
Disabling cert checks: we have not learned much (haxx.se)
And by that I mean the global “we” as in the world of developers.
PostgreSQL Best Practices (speakdatascience.com)
PostgreSQL (Postgres) is one of the most powerful and popular relational database management systems available today. Whether you’re a database administrator, developer, or DevOps engineer, following best practices ensures optimal performance, security, and maintainability of your database systems.
Restrict Mutability of State (medium.com)
What appears at first to be a trivial observation turns out to be a subtly important one: a great many software defects arise from the (incorrect) modification of state. It follows from this that if there is less opportunity for code to change state, there will be fewer defects that arise from state change!
21st Century C++ (cacm.acm.org)
It is now 45+ years since C++ was first conceived. As planned, it evolved to meet challenges, but many developers use C++ as if it was still the previous millennium. This is suboptimal from the perspective of ease of expressing ideas, performance, reliability, and maintainability. Here, I present the key concepts on which performant, type safe, and flexible C++ software can be built: resource management, life-time management, error-handling, modularity, and generic programming.
Reasons Not to Refactor (thoughtbot.com)
Refactoring is a wonderful practice for making code and change easier to manage. That said, here are some reasons why we should not proceed with a refactor.
It's OK to hardcode feature flags (mendhak.com)
Feature flags (or toggles) are often used to control the visibility of new features in a product.
Global variables are not the problem (codestyleandtaste.com)
In this article I'll show an example where avoiding a global variable has led to a bug, I'll define what global variables are, explain the problem, and then give examples where I have used them successfully.
Why Aren't You Idempotent? (lightfoot.dev)
Idempotency doesn't get the attention it deserves.
What have we forgotten? (mova.org)
This is the story of an organization that seems to have forgotten basic software engineering concepts. This organization does exists and has these exact problems, but it is also a generic story about similar organizations that abandon engineering excellence for their own peril.
Best Practices for Key Derivation (trailofbits.com)
Key derivation is essential in many cryptographic applications, including key exchange, key management, secure communications, and building robust cryptographic primitives. But it’s also easy to get wrong: although standard tools exist for different key derivation needs, our audits often uncover improper uses of these tools that could compromise key security. Flickr’s API signature forgery vulnerability is a famous example of misusing a hash function during key derivation.
Create-react-app is a zombie application (clientserver.dev)
create-react-app hasn't been in the official documentation for over a year, but that doesn't stop a constant flood of new developers from trying to use it.
Storage is cheap, but not thinking about logging is expensive (counting-stuff.com)
The bad habits of data over-collection run deep.
Do any languages specify package requirements in import / include statements? (ycombinator.com)
When coding small programs in python, js, java, C++ it often feels to me that the dependency requirements list in pyproject.toml, requirements.json, maven.xml, CMakeLists.txt, contains information that is redundant to the import or include statements at the top of each file.
Code reviews: A success story (blogsystem5.substack.com)
Code reviews have a bad rap: they are antagonistic in nature and, sometimes, pure red tape. Some argue that they are bad practice; others say that peer programming is better. And while these may be true, I want to tell you a story about a case where code reviews worked well!
Be Aware of the Makefile Effect (yossarian.net)
Six Sins of Platform Teams (serce.me)
Systems ideas that sound good but almost never work (learningbyshipping.com)
Some engineering patterns that sound good but almost never work as intended
Database mocks are not worth it (shayon.dev)
It’s tempting to rely on mocks for database calls. Mocking is faster and often feels more straightforward. However, testing against a real database uncovers hidden pitfalls that can appear as the application matures. Issues like unique constraint violations, default value handling, or even performance bottlenecks may only surface when the code is exercised against actual data.
State of the Art Python in 2024 (4zm.org)
Software development is about making choices. But available options change and so do the tradeoffs. Are you up to date with the best practices for creating a Python application in 2024? Let’s take a look at some great default choices.
Test Accounts: A Hidden Risk (cacm.acm.org)
When it comes to the fundamental principle of never testing in production, nearly every software engineer is guilty of breaking that rule at some point in their career. But this is not just a best practice. It is a keystone value meant to protect your reputation, your customers, and your sanity.
15 Times to use AI, and 5 Not to (oneusefulthing.org)
There are several types of work where AI can be particularly useful, given the current capabilities and limitations of LLMs. Though this list is based in science, it draws even more from experience. Like any form of wisdom, using AI well requires holding opposing ideas in mind: it can be transformative yet must be approached with skepticism, powerful yet prone to subtle failures, essential for some tasks yet actively harmful for others.
The Rules of Programming (2023) (therulesofprogramming.com)
The Rules of Programming were born of exasperation.
Refactoring in C++: Top Techniques and Best Practices (jetbrains.com)
Whether you’re a seasoned C++ developer or just starting out, refactoring is a key way you can make your code cleaner, more efficient, and easier to maintain.
Yet Another List of Random Opinions on Writing Readable Code and Other Rants (lucavall.in)
After more than a decade of writing software, I've read lots of opinions on how to write good software. Everyone loves to throw around rules and principles, so I'll do it too. Writing readable code is about making life easier for the people who have to deal with it later - not about flexing your cleverness or following trends that sound smart on social networks.
Codin' Dirty (htmx.org)
“Writing clean code is what you must do in order to call yourself a professional. There is no reasonable excuse for doing anything less than your best.” Clean Code
Ask HN: Best practices using AI as an experienced web dev (ycombinator.com)
As an Old, I came up learning the OG web dev languages - HTML, CSS, JS, PHP, etc. As a solo dev, I still largely work with these as natively as possible. But I am not a total dinosaur. I embraced jQuery in the early 2000's, Bootstrap scaffolding, and now often build reactive UI's using Vue 3.