Awesome List Updates on Dec 14 - Dec 20, 2020

62 awesome lists updated this week.

🏠 Home · 🔍 Search · 🔥 Feed · 📮 Subscribe · ❤️ Sponsor

1. Awesome Firebase

Web

🔌 Firestore Lite (⭐206) - Lightweight Cloud Firestore library for the browser.

2. Terminals Are Sexy

Terminal Emulation Applications

Terminator (⭐1.4k) - Multiple GNOME terminals in one window.

3. Awesome Postgres

Resources / Tutorials

PostgreSQL Primer for Busy People - A collection of the most common commands used in PostgreSQL

4. Awesome Flask

Admin

Flask-Admin (⭐5.6k) - Functional admin panel that provides a user interface for managing data based on your models.

APIs / RESTful API Support

Eve - RESTful API framework designed for human beings.

Flask-MongoRest (⭐524) - RESTful API framework wrapped around MongoEngine.

Flask-RESTful - Quickly build RESTful APIs.

APIs / RESTful API + Swagger/OpenAPI Documentation Support

Connexion - Open source, OpenAPI-based, REST framework built on top of Flask.

Flask-Rebar (⭐231) - Combines Flask, marshmallow, and OpenAPI for robust REST services.

Flask-RESTX - Community-driven fork of Flask-RESTPlus that makes it easy to build and document RESTful APIs with Flask.

APIs / Swagger/OpenAPI Documentation Support

SAFRS: Python OpenAPI & JSON:API Framework (⭐398) - SAFRS, which is an acronym for SqlAlchemy Flask-Restful Swagger, is meant to help developers create self-documenting JSON APIs for SQLAlchemy database objects and relationships.

Auth / Basic Auth and Session-based (for HTML Endpoints)

Flask-HTTPAuth - Authentication.

Flask-Login - Account management and authentication.

Flask Principal - Authorization.

Flask-Security-Too - Account management, authentication, authorization.

Flask-User - Account management, authentication, authorization.

Auth / JWT-based (for JSON Endpoints)

Flask-JWT - Basic support for working with JWTs.

Flask-JWT-Extended - Advanced support for working with JWTs.

Flask-JWT-Router (⭐54) - Adds authorized routes to a Flask app.

Flask-Praetorian - Authentication and authorization for Flask APIs.

Auth / OAuth

Authlib - Library for building OAuth and OpenID clients and servers.

Authomatic (⭐1k) - Framework agnostic library for Python web applications that simplifies authentication and authorization of users via OAuth and OpenID.

Flask-Dance (⭐990) - OAuth support via OAuthLib.

Cache / OAuth

Flask-Caching - Caching support.

Data Validation and Serialization / OAuth

Flask-Marshmallow - Thin integration layer for Flask and marshmallow (an object serialization /deserialization library) that adds additional features to marshmallow.

Databases / ORMs

Flask-Peewee - Support for Peewee, an ORM and database migration tool.

Flask-Pony - Support for Pony ORM.

Flask-SQLAlchemy - Support for SQLAlchemy, a SQL toolkit and ORM.

Databases / ODMs

Flask-PyMongo - Bridges Flask and PyMongo for working with MongoDB.

Databases / Migrations

Flask-Alembic - Configurable Alembic migration environment around a Flask-SQLAlchemy database for handling database migrations.

Flask-DB (⭐73) - Flask CLI extension that helps you migrate, drop, create and seed your SQL database.

Flask-Migrate - Handles SQLAlchemy database migrations via Alembic.

Databases / Other Tools

Flask-Excel (⭐256) - Uses pyexcel (⭐1.2k) to read, manipulate, and write data in different Excel formats: csv, ods, xls, xlsx and xlsm.

Developer Tools / Debugging

Flask-DebugToolbar - Port of Django's debug toolbar for Flask.

Flask-Profiler (⭐747) - Endpoint analyzer/profiler.

Developer Tools / Fixtures

Flask-Fixtures (⭐62) - Create database fixtures from JSON or YAML.

Mixer - Object generation tool.

Developer Tools / Monitoring

Elastic APM Agent - Elastic APM Flask integration.

Flask Monitoring Dashboard - Dashboard for automatic monitoring of Flask web-services.

Sentry Python SDK - Sentry SDK Flask integration.

Developer Tools / Tracing

Flask-OpenTracing (⭐136) - OpenTracing instrumentation.

Developer Tools / Testing

Flask-Testing - Unittest extensions.

Pytest-Flask (⭐475) - Pytest support for testing Flask applications.

Email / Testing

Flask-Mail - Provides simple email sending capabilities.

Forms / Testing

Flask-WTF - Integrates Flask with WTForms (provides CSRF protection as well).

Full-text Search / Testing

flask-msearch (⭐211) - Full-text search.

Flask-WhooshAlchemy3 (⭐30) - Full-text search + Whoosh indexing capabilities for Flask-SQLAlchemy.

SQLAlchemy-Searchable - Provides full-text search capabilities for SQLAlchemy models.

Security / Testing

Flask-Bcrypt - Provides bcrypt hashing utilities.

Flask-CORS - Cross Origin Resource Sharing (CORS) handling.

Flask-SeaSurf (⭐191) - Cross-site request forgery (CSRF) prevention.

Task Queues / Testing

Celery - The most commonly used Python library for handling asynchronous tasks and scheduling.

Dramatiq - Fast and reliable alternative to Celery.

Huey - Redis-based task queue that aims to provide a simple, yet flexible framework for executing tasks.

Utils / Testing

Flask-Babel (⭐429) - Support for internationalization (i18n) and localization (l10n).

Flask-File-Upload (⭐152) - Easy file uploads.

Flask-FlatPages - Provides flat static pages based on text files.

Frozen-Flask (⭐781) - Freezes a Flask application into a set of static files.

Flask-GraphQL (⭐1.3k) - GraphQL support.

Flask-Limiter - Rate limiting features to Flask routes.

Flask-Moment (⭐366) - Moment.js date and time formatting helpers for Jinja2 templates.

Flask-Paginate - Pagination support.

Flask-Sitemap - Sitemap generation.

Flask-SocketIO - Socket.IO integration.

Official Resources / Testing

Project Website - Official Flask website.

Documentation - Comprehensive documentation for all Flask versions.

Flaskr Tutorial - Build a basic blog application called Flaskr.

Source Code (⭐66k) - Hosted on GitHub.

External Resources / Testing

Full Stack Python's Flask Page - Explanation of Flask philosophy and links to other resources and tutorials.

Miguel Grinberg's Blog - Multiple Flask-specific tutorials.

Nick Janetakis's Blog - Flask Tips, Tricks and Tutorials.

RealPython - Many high-quality tutorials on Flask.

TestDriven.io - Up-to-date tutorials on Flask.

Community / Testing

Discord - Pallets Projects community on Discord (use the #get-help channel for Flask support).

IRC Channel - Chat with other Flask users on IRC channel #pocoo on FreeNode.

Mailing List - General discussion of Flask and the Pallets projects ([email protected]).

Reddit - Flask subreddit.

Stack Overflow - Questions tagged flask.

Twitter - For official announcements on updates, security fixes, etc.

Conferences / Testing

Flask Conf Brazil - Conference for the developers and users of Flask.

PyCon US - The largest annual gathering for the community using and developing the open-source Python programming language.

PyCon Australia - National conference organized for the Python Programming Community.

Euro Python - The largest Python conference in Europe.

PyCon - Complete listing of all PyCons globally.

Meetups / Testing

Flask - 40+ groups in 20 countries.

Python Web Development - 600+ groups in 81 countries.

Python - 2,400+ groups in 100 countries.

Podcasts / Testing

TalkPython - The leading Python podcast with several episodes on Flask.

Podcast Init - A popular Python podcast that features Flask guests on occasion.

Python Bytes - Another Python podcast that discusses Flask from time to time.

Full Stack Python's Best Python Podcasts Page - A list of active Python-specific podcasts.

Tutorials / Testing

Flask Mega-Tutorial - Overarching tutorial for Python beginner and intermediate developers that teaches web development with the Flask framework.

Flaskr TDD (⭐2.3k) - Intro to Flask, Test-Driven Development (TDD), and JavaScript.

Make a Web App Using Python & Flask! - Creating a Python Website from the Bottom Up.

Courses / Testing

Developing Web Applications with Python and Flask - This course focuses on teaching the fundamentals of Flask by building and testing a web application using Test-Driven Development (TDD).

Test-Driven Development with Python, Flask, and Docker - Learn how to build, test, and deploy a production-grade microservice powered by Python, Flask, and Docker.

Authentication with Flask, React, and Docker - Learn how to add authentication to a Flask and React microservice!.

Deploying a Flask and React Microservice to AWS ECS - Learn how to deploy microservices to Amazon ECS powered by Flask, React, and Docker.

Build a SAAS App with Flask - Learn to build web applications with Flask and Docker.

Full Stack Foundations - Build a data-driven web app with Python.

Designing RESTful APIs - Build and Secure a backend API server.

Books / Testing

Flask Web Development - Learn the framework from the ground up by developing, step-by-step, a real-world project.

Real Python - Learn Python programming, by example.

Explore Flask - Best practices and patterns for developing web applications with Flask.

Boilerplates / Testing

cookiecutter-flask (⭐4.5k) - With Bootstrap 4, asset bundling annd minification with webpack, starter templates, and registration/authentication.

Cookiecutter Flask Skeleton (⭐66) - Flask starter project for Cookiecutter (⭐22k).

Flask-AppBuilder (⭐4.5k) - Simple and rapid application development framework that includes detailed security, auto CRUD generation for your models, Google charts, and much more.

flask-base - Includes SQLAlchemy, Redis, User Authentication, and more.

Flask-Bootstrap (⭐209) - Integrated SQLAlchemy, authentication, and Bootstrap frontend.

uwsgi-nginx-flask-docker (⭐3k) - Docker image with uWSGI and Nginx for Flask applications in Python running in a single container.

React-Redux-Flask (⭐1.5k) - Boilerplate application for a Flask JWT Backend and a React/Redux Front-End with Material UI.

Open Source Projects / Testing

ActorCloud (⭐187) - Open-source IoT Platform.

Busy Beaver (⭐68) - Chicago Python's Community Engagement Slack bot.

FlaskBB (⭐2.5k) - Classic forum software.

Indico (⭐1.7k) - Feature-rich event management system, made at CERN.

Quokka CMS - The happiest CMS in the world.

PythonBuddy (⭐273) - Online Python Editor with live syntax checking and execution.

Redash (⭐25k) - Designed to enable anyone, regardless of the level of technical sophistication, to harness the power of data big and small.

SkyLines (⭐387) - Live tracking, flight database, and competition framework.

Security Monkey (⭐4.3k) - Monitors AWS, GCP, OpenStack, and GitHub orgs for assets and their changes over time.

SecureDrop (⭐3.6k) - Open-source whistleblower submission system that media organizations can use to securely accept documents from, and communicate with anonymous sources.

SimpleLogin (⭐4.7k) - Protect your online identity with email alias.

sr.ht - Git hosting service (check out Why I chose Flask to build sr.ht's mini-services as well).

Timesketch (⭐2.5k) - Collaborative forensic timeline analysis.

5. Awesome Developer First

Analytics

Heap - Product analytics API for web and mobile, captures all events.

Mixpanel - Product analytics and dashboards.

Authentication & Identity

Auth0 - Authentication & authorization as a service.

LoginRadius - Managed user authentication service with SSO.

Okta - Embeddable authentication with SSO.

Code Quality

Codacy - Automatic code quality checks.

Deployment Hosting

Heroku - Deploy via CLI to scalable servers.

Netlify - Deploy JAMStack (mainly Gatsby) via CLI.

Media

imgix - Transforms, optimizes, and cache images.

Search

Algolia - Search as a service and full suite of search APIs.

Swiftype - Search as a service (crawlers and React ready).

Websolr - Open-source and hosted search with Solr.

Testing

Percy - Continuous visual testing.

6. Awesome Computer Vision

Computer Vision

Image Processing and Analysis - Stan Birchfield 2018

7. Awesome Cl

VSCode / Third-party APIs

commonlisp-vscode - an extension to support syntax highlight, auto completion, documentation on hover, go to definition, compile & load file, REPL. It is On GitHub (⭐35).

strict-paredit-vscode - structural editing and navigation like Emacs.

8. Awesome Haskell

Tutorials / Video Tutorials

Awesome Haskell Videos (⭐33) - Curated list of Haskell talks and tutorials

9. Awesome Translations

Other / Machine translation

Pontoon - Various Mozilla localization projects.

10. Awesome React Native

Utilities / Navigation Demos

React Native Elements Playground 🚀 - Tinker with react-native-elements components in the web.

11. Awesome Yew

Projects

rust-async-wasm-demo (⭐48) - Toy project to learn Rust and async that can be deployed to the web.

Crates / Component Libraries

muicss-yew (⭐34) - MUI-CSS Components for Yew framework.

yew-bulma (⭐20) - A Rust library providing components based on the bulma css library for projects using Yew.

ybc (⭐253) - A Yew component library based on the Bulma CSS framework.

patternfly-yew (⭐145) - Patternfly components for Yew.

Crates / Components

Yew Form (⭐94) - Components to simplify handling forms with Yew.

Crates / Utils

reacty_yew (⭐53) - Generate Yew components from React components via Typescript type definitions.

styled-yew (⭐35) - CSS in Rust, similar to styled-components, but for Yew.

12. Awesome Kotlin

Libraries/Frameworks / I/O

Dynamium/EVCalc - EVCalc is a calculation engine for mobile electric venicles (Electric scooters, electric unicycles, and so on) written in Kotlin.

13. FOSS for Dev

Documentation

Log4brains (⭐1k) - Docs-as-code knowledge base to manage Architecture Decision Records (ADR) for your project and publish them automatically as a static website

14. Awesome PICO 8

Contents / Community

#pico8 on Twitter

15. Awesome Humane Tech

Social networks / Wear our badge

Teddit - Alternative Reddit front-end focused on privacy.

Related awesomeness / Wear our badge

JustPrivacy - An in-depth list of alternatives to Google and its products.

16. Awesome Cdk

Construct Libraries / Security

k9-cdk (⭐6) - Construct to generate secure S3 bucket policies easily.

17. awsm.fish

Community Resources

The Fish Cookbook (⭐2k) - From Shell to Plate: Savor the Zest of Fish 🦞

Prompts

Tide (⭐2.6k) - A modern prompt manager for Fish

Plugins

z (⭐1.2k) - Pure-Fish rupa/z-like directory jumping

fzf (⭐1.8k) - Ef-🐟-ient key bindings for junegunn/fzf. (Alternative (⭐858))

nvm (⭐2k) - Node.js version manager lovingly made for Fish

Done (⭐745) - Automatically receive notifications after a long process finishes

Replay (⭐383) - Run Bash commands replaying changes in Fish. (Alternative (⭐2.1k))

GitNow (⭐359) - A collection of utility functions to speed up your git workflow

Getopts (⭐216) - CLI options parser (alternative to the argparse builtin)

Fishtape (⭐343) - TAP-based test runner for Fish

18. Awesome Transit

Blog posts / Ruby

"How to use GTFS data to track transit vehicles in realtime" by Tom Camp - Using GTFS and GTFS Realtime to provide continuous realtime updates.

19. Awesome Nodejs

Packages / HTTP

smoke (⭐184) - File-based HTTP mock server with recording abilities.

Packages / Web frameworks

Marble.js (⭐2.1k) - Functional reactive framework for building server-side apps, based on TypeScript and RxJS.

Packages / Testing

testcontainers-node (⭐1.8k) - Provides lightweight, throwaway instances of common databases, Selenium web browsers, or anything else that can run in a Docker container.

Packages / Automation

nut.js (⭐2.2k) - Cross-platform native GUI automation / testing framework with image matching capabilities which integrates with Jest.

20. Awesome Icons

General

IconPark (⭐8.2k) - IconPark gives access to more than 1,400 high-quality icons, and introduces an interface for customizing your icons. (Website)

Remix Icon (⭐6.6k) - Remix Icon is a set of open-source neutral-style system symbols for designers and developers. (Website)

21. Awesome Quant

Python / Visualization

mplfinance (⭐3.5k) - matplotlib utilities for the visualization, and visual analysis, of financial data.

22. Free for Dev

Other Free Resources

Web.Dev — This is a free tool that allows you to see the performance of your website and improve the SEO to get a higher rank list in search engines.

23. Awesome Testing

QA and Testing Road Map / Useful References

How to start QA and Testing career (⭐1.7k) - A wide and rich list of strategies, topics, and skills that you need to start a career in software testing and automation.

24. Awesome Machine Learning

General-Purpose Machine Learning / Data Analysis / Data Visualization

PHP-ML - Machine Learning library for PHP. Algorithms, Cross Validation, Neural Network, Preprocessing, Feature Extraction and much more in one library.

25. Awesome Newsletters

CSS / Svelte

Tailwind Weekly. Weekly newsletter about all things TailwindCSS.

26. Awesome Tailwindcss

Starters & Themes

🚀 Shopify Theme Lab (⭐736) - Shopify theme development starter using Vue and Tailwind CSS.

27. Awesome Dos

Development tools

Turbo C 2.01 - C IDE and compiler from Borland first released in 1987.

Turbo C++ 1.01 - C++ IDE and compiler from Borland released in 1991.

Interrupts

Ralph Brown's Interrupt List - HTML version - List of every documented and undocumented interrupt call known, accessible through search, categories and interrupt numbers.
- Original in downloadable .zip files from Ralph Brown's website

Open source DOS games / Commercial games with published source code

Hexen: Beyond Heretic (⭐33) - Indirect sequel to Heretic.
- Original SourceForge link for Heretic/Hexen.

28. Awesome Sre

Education

School of SRE: Curriculum for onboarding non-traditional hires and new grads

Capacity Planning

How do you do Capacity Planning

29. Awesome Cassandra

Tools / Custom Time Series

Instaclustr Minotaur (⭐5) - Command line tool for consistent rebuilding of a Cassandra cluster.

30. Awesome Jmeter

Best Practices

Concurrent, High Throughput Performance Testing with JMeter

31. Awesome Ocaml

Databases

New Implementations
- Irmin (⭐1.8k) — A distributed database that follows the same design principles as Git.
- Obigstore — A database with BigTable-like data model atop LevelDB.
- RunOrg (⭐11) - It is a WIP database server written in OCaml.
- dokeysto (⭐11) - dumb OCaml key-value store, string keys and string values. Optional on-the-fly LZ4 compression of values or tokyocabinet backend.

32. Awesome Wagtail

Apps / SEO and SMO

Wagtail Yoast (⭐34) - A tool to improve readability of your texts with SEO recommendations.

Apps / Media

Wagtail SVG (⭐35) - A Wagtail module for managing SVG files within the admin.

33. Awesome Javascript

Misc / Other

javascript-algorithms (⭐185k) - Algorithms and data structures implemented in JavaScript with explanations and links to further readings.

34. Awesome Kubernetes

Featured On

Kubernetes Native Microservices with Quarkus, and MicroProfile by John Clingan and Ken Finnigan

35. Awesome Arch

Arch-based projects / Not Linux

PacBSD - A lightweight and flexible BSD distribution that provides a base system for use of pacman package manager.

Arch-based distros / Desktop

MagpieOS - Get a fresh experience of Arch.

36. Awesome Pentest

Open Sources Intelligence (OSINT) / Penetration Testing Report Templates

Depix (⭐25k) - Tool for recovering passwords from pixelized screenshots (by de-pixelating text).

37. Awesome Cybersecurity Blueteam

DevSecOps / Fuzzing

Atheris - Coverage-guided Python fuzzing engine based off of libFuzzer that supports fuzzing of Python code but also native extensions written for CPython.

Threat intelligence / Threat signature packages and collections

FireEye's Red Team Tool Countermeasures (⭐2.6k) - Collection of Snort and YARA rules to detect attacks carried out with FireEye's own Red Team tools, first released after FireEye disclosed a breach in December 2020.

YARA Rules (⭐4k) - Project covering the need for IT security researchers to have a single repository where different Yara signatures are compiled, classified and kept as up to date as possible.

38. Awesome Gbdev

ASM / Syntax highlighting packages

sublime-rgbds - A Sublime Text 3 package for RGBDS, including syntax highlighting and some completion snippets.

39. Awesome Java

Computer Vision / Text-Based User Interfaces

ImageJ - Medical image processing application with an API.

JavaCV (⭐7.4k) - Java interface to OpenCV, FFmpeg, and much more.

40. Awesome Pixel Art

Tools / Editors

Wobblepaint - Pico8 editor that give life to pixel art with a little wobble.

41. Awesome Pascal

Control packs

DelphiUCL (⭐98). [Delphi] UWP controls for Delphi VCL.

Machine Learning

Keras4Delphi (⭐39). [Delphi] High-level neural networks API, written in Pascal with Python Binding

Other non-visual

TZDB (⭐75). [Delphi] [FPC] IANA Time Zone Database for Delphi/FreePascal

42. Awesome Datascience

MOOC's

Python for Data Science Foundation Course

43. Guides

Other / CLI

Command Line Interface Guidelines

44. Awesome Electron

Open Source / Other

Hawkpass (⭐61) - Password generator.

45. Awesome Vue

Projects Using Vue.js / Apps/Websites

Deadlines - An offline, simple deadline tracker made with Vue.js and localForage.

Scraperbox - Undetectable web scraping API. Built with Laravel and Vue.

Components & Libraries / Utilities

vue-context-composition (⭐19) - share state created with the composition API between components, similar to useContext from React Hooks

46. Awesome Mac

Developer Tools / Developer Utilities

Timelane - Visually profile your asynchronous code.

47. Awesome Perl

Args

Params::ValidationCompiler - Validate method/function parameters.

Class Builder / DSP

Object::Pad - class Example { has $x; method reader { return $x } }, experimental proving-ground for Cor

Object::Tiny - A class builder that is terse, fast, and tiny.

Data Format / DSP

CBOR::Free - Support for CBOR, IETF’s “binary JSON”

Event Loops / NoSQL Databases

Promise::XS - Promises in Perl

Protocol / NoSQL Databases

Net::Curl - (libcurl)[https://curl.se/libcurl/] integration

Protocol::DBus - D-Bus in (pure) Perl

Queueing / NoSQL Databases

Minion - Pure-Perl job queue

Stream Manipulation / NoSQL Databases

RxPerl - Perl implementation of Reactive Extensions / rxjs

48. Public Apis

Anime

API: Kitsu

Description: Anime discovery platform

Auth: OAuth

HTTPS: Yes

CORS: Yes

Geocoding

API: Zippopotam.us

Description: Get information about place such as country, city, state, etc

Auth: No

HTTPS: No

CORS: Unknown

49. Awesome Terraform

Legend

Not compatible with terraform >= 0.12 👻

Abandoned 💀

Monetized 💲

Community

Terraform PDF Doc (⭐61) 💀

Testing / Community providers

clarity (⭐139) - A declarative test framework for Terraform for unit testing.

Tools / Community providers

astro (⭐434) - Astro is a tool for managing multiple Terraform executions as a single command. 👻

blast radius (⭐2k) - Interactive visualizations of Terraform dependency graphs. 💀

json2hcl (⭐494) - Convert JSON to HCL and vice versa. 👻

para (⭐58) - The missing 3rd-party plugin manager and a "Swiss army knife" for Terraform/Terragrunt - just 1 tool to facilitate all workflows. 💀

scenery (⭐368) - Another Terraform plan output prettifier. 👻 💀

terraform-plan-parser (⭐144) - Command line utility and JavaScript API for parsing stdout from terraform plan and converting it to JSON. 👻

tfjson (⭐181) - Utility to read in a Terraform plan file and dump it out in JSON. 💀

50. Awesome Falsehood

Business

tax - A PHP 5.4+ tax management library.

Dates and Time

Your Calendrical Fallacy Is Thinking… - List covering intercalation and cultural influence, made by a community of iOS and macOS developers.

Time Zone Database - Code and data that represent the history of local time for many representative locations around the globe.

You Advocate a Calendar Reform - Your idea will not work. This article tells you why.

So You Want to Abolish Time Zones - Abolishing timezones may sound like a good idea, but there are quite a few complications that make it not quite so.

The Problem with Time & Timezones - A video about why you should never, ever deal with timezones if you can help it.

ISO-8601, YYYY, yyyy, and why your year may be wrong - String formatting of date is hard.

UTC is Enough for everyone, right? - There are edge cases about dates and time (specifically UTC) that you probably haven't thought of.

Storing UTC is not a silver bullet - “Just store dates in UTC” is not always the right approach.

Why is subtracting these two times (in 1927) giving a strange result? - Infamous Stack Overflow answer about both complicated historical timezones, and how historical dates can be re-interpreted by newer versions of software.

Education

Falsehoods CS Students (Still) Believe Upon Graduating - A list of things (not only) computer science students tend to erroneously and at times surprisingly believe even though they (probably) should know better.

Emails

I Knew How to Validate an Email Address Until I Read the RFC - Provides intricate examples that are unsuspected valid email addresses according the RFC-822.

So you think you can validate email addresses (FOSDEM 2018) - Presentation of edge-case email addresses and why you should not use regex to parse them.

Human Identity

Gay Marriage: The Database Engineering Perspective - How to store a marriage in a database while addressing most of the falsehoods about gender, naming and relationships.

Personal Names Around the World - How do people's names differ around the world, and what are the implications for the Web?

Hello, I'm Mr. Null. My Name Makes Me Invisible to Computers - Real-life example on how implemented falsehood has negative impact on someone's life.

HL7 v3 RIM - A flexible data model for representing human names.

Apple iOS NSPersonNameComponentsFormatter - Localized representations of the components of a person's name.

Internationalization

Internationalis(z)ing Code - A video about things you need to keep in mind when internationalizing your code.

Minimum to Know About Unicode and Character Sets - A good introduction to unicode, its historical context and origins, followed by an overview of its inner working.

Awesome Unicode (⭐887) - A curated list of delightful Unicode tidbits, packages and resources.

Dark corners of Unicode - Unicode is extensive, here be dragons.

Let's Stop Ascribing Meaning to Code Points - Dives deeper in Unicode and dispels myths about code points.

Breaking Our Latin-1 Assumptions - Most programmers spend so much time with Latin-1 they forgets about other's scripts quirks.

Ode to a shipping label - Character encoding is hard, more so when each broken layer of data input adds its own spice.

i18n Testing Data (⭐64) - Compilation of real-word international and diverse name data for unit testing and QA.

Big List of Naughty Strings (⭐46k) - A huge corpus of strings which have a high probability of causing issues when used as user-input data. A must have set of practical edge-cases to test your software against.

Networks

Fallacies of Distributed Computing - Assumptions that programmers new to distributed applications invariably make.

There's more than one way to write an IP address - Some parts of the address are optional, mind the decimal and octal notations, and don't forget IPv6 either.

hostname-validate - An attempt to validate hostnames in Python.

Postal Addresses

Letter Delivered Despite No Name, No Address - Ultimate falsehood about postal addresses: you do not need one.

The Bear with Its Own ZIP Code - Smokey Bear has his own ZIP Code (20252) because he gets so much mail.

Regex and Postal Addresses - Why regular expressions and street addresses do not mix.

libaddressinput - Google's common C++ and Java library for parsing, formatting, and validating international postal addresses.

addressing - A PHP 5.4+ addressing library, powered by Google's dataset.

postal-address - Python module to parse, normalize and render postal addresses.

address - Go library to validate and format addresses using Google's dataset.

Software Engineering

Popular misconceptions about mtime - Part of a post on why file's mtime comparison could be considered harmful.

Floating Point Math - “Your language isn't broken, it's doing floating point math. (…) This is why, more often than not, 0.1 + 0.2 != 0.3.”

Typography

Truths programmers should know about case - A complete reverse of the falsehoods format, on the topic of case (as in uppercase and lowercase text).

51. Awesome Ipfs

Tools

ipfs-pinner (⭐54) - A toolkit help upload files to IPFS pinning services.

wbipfs (⭐2) - A command-line tool and Go package interface for wayback webpage to IPFS.

52. Awesome Iam

Overview

The EnterpriseReady SaaS Feature Guides - The majority of the features making B2B users happy will be implemented by the IAM perimeter.

IAM Is The Real Cloud Lock-In - A little click-baity, but author admit that “It depends on how much you trust them to 1. Stay in business; 2. Not jack up your prices; 3. Not deprecate services out from under you; 4. Provide more value to you in business acceleration than they take away in flexibility.”

Security

Enterprise Information Security - Mozilla's security and access guidelines.

Mitigating Cloud Vulnerabilities - “This document divides cloud vulnerabilities into four classes (misconfiguration, poor access control, shared tenancy vulnerabilities, and supply chain vulnerabilities)”.

Cartography (⭐2.9k) - A Neo4J-based tool to map out dependencies and relationships between services and resources. Supports AWS, GCP, GSuite, Okta and GitHub.

Open guide to AWS Security and IAM (⭐36k)

Account Management

As a user, I want… - A meta-critic of account management, in which features expected by the business clash with real user needs, in the form of user stories written by a fictional project manager.

Things end users care about but programmers don't - In the same spirit as above, but broader: all the little things we overlook as developers but users really care about. In the top of that list lies account-centric features, diverse integration and import/export tools. I.e. all the enterprise customers needs to cover.

Separate the account, user and login/auth details - Sound advice to lay down the foundation of a future-proof IAM API.

Identity Beyond Usernames - On the concept of usernames as identifiers, and the complexities introduced when unicode characters meets uniqueness requirements.

Cryptography

Cryptographic Right Answers - An up to date set of recommendations for developers who are not cryptography engineers. There's even a shorter summary available.

Real World Crypto Symposium - Aims to bring together cryptography researchers with developers, focusing on uses in real-world environments such as the Internet, the cloud, and embedded devices.

An Overview of Cryptography - “This paper has two major purposes. The first is to define some of the terms and concepts behind basic cryptographic methods, and to offer a way to compare the myriad cryptographic schemes in use today. The second is to provide some real examples of cryptography in use today.”

Papers we love: Cryptography (⭐86k) - Foundational papers of cryptography.

Lifetimes of cryptographic hash functions - “If you are using compare-by-hash to generate addresses for data that can be supplied by malicious users, you should have a plan to migrate to a new hash every few years”.

Cryptography / Identifiers

Security Recommendations for Any Device that Depends on Randomly-Generated Numbers - “The phrase ‘random number generator’ should be parsed as follows: It is a random generator of numbers. It is not a generator of random numbers.”

Zero-trust Network / Identifiers

BeyondCorp: A New Approach to Enterprise Security - Quick overview of Google's Zero-trust Network initiative.

What is BeyondCorp? What is Identity-Aware Proxy? - More companies add extra layers of VPNs, firewalls, restrictions and constraints, resulting in a terrible experience and a slight security gain. There's a better way.

oathkeeper (⭐3.2k) - Identity & Access Proxy and Access Control Decision API that authenticates, authorizes, and mutates incoming HTTP requests. Inspired by the BeyondCorp / Zero Trust white paper.

transcend (⭐249) - BeyondCorp-inspired Access Proxy server.

Pomerium (⭐4k) - An identity-aware proxy that enables secure access to internal applications.

Authentication / Identifiers

Scaling backend authentication at Facebook - How-to in a nutshell: 1. Small root of trust; 2. TLS isn't enough; 3. Certificate-based tokens; 4. Crypto Auth Tokens (CATs). See the slides for more details.

Password-based auth / Identifiers

The new NIST password guidance - A summary of NIST Special Publication 800-63B covering new password complexity guidelines.

Password expiration is dead - Recent scientific research calls into question the value of many long-standing password-security practices such as password expiration policies, and points instead to better alternatives such as enforcing banned-password lists and MFA.

Banks, Arbitrary Password Restrictions and Why They Don't Matter - “Arbitrary low limits on length and character composition are bad. They look bad, they lead to negative speculation about security posture and they break tools like password managers.”

Dumb Password Rules (⭐3k) - Shaming sites with dumb password rules.

Plain Text Offenders - Public shaming of websites storing passwords in plain text.

Password Manager Resources (⭐4.1k) - A collection of password rules, change URLs and quirks by sites.

A Well-Known URL for Changing Passwords (⭐898) - Specification defining site resource for password updates.

How to change the hashing scheme of already hashed user's passwords - Good news: you're not stuck with a legacy password saving scheme. Here is a trick to transparently upgrade to stronger hashing algorithm.

Multi-factor auth / Identifiers

Breaking Password Dependencies: Challenges in the Final Mile at Microsoft - The primary source of account hacks is password spraying (on legacy auth like SMTP, IMAP, POP, etc.), second is replay attack. Takeaway: password are insecure, use and enforce MFA.

Beyond Passwords: 2FA, U2F and Google Advanced Protection - An excellent walk-trough over all these technologies.

Secrets, Lies, and Account Recovery: Lessons from the Use of Personal Knowledge Questions at Google - “Our analysis confirms that secret questions generally offer a security level that is far lower than user-chosen passwords. (…) Surprisingly, we found that a significant cause of this insecurity is that users often don't answer truthfully. (…) On the usability side, we show that secret answers have surprisingly poor memorability”.

How effective is basic account hygiene at preventing hijacking - Google security team's data shows 2FA blocks 100% of automated bot hacks.

Attacking Google Authenticator - Probably on the verge of paranoia, but might be a reason to rate limit 2FA validation attempts.

Compromising online accounts by cracking voicemail systems - Or why you should not rely on automated phone calls as a method to reach the user and reset passwords, 2FA or for any kind of verification. Not unlike SMS-based 2FA, it is currently insecure and can be compromised by the way of its weakest link: voicemail systems.

Getting 2FA Right in 2019 - On the UX aspects of 2FA.

Multi-factor auth / SMS-based

SMS 2FA auth is deprecated by NIST - NIST has said that 2FA via SMS is bad and awful since 2016.

SMS: The most popular and least secure 2FA method

Is SMS 2FA Secure? No. - Definitive research project demonstrating successful attempts at SIM swapping.

Hackers Hit Twitter C.E.O. Jack Dorsey in a 'SIM Swap.' You're at Risk, Too.

The Most Expensive Lesson Of My Life: Details of SIM port hack

SIM swap horror story

AWS is on its way to deprecate SMS-based 2FA - “We encourage you to use MFA through a U2F security key, hardware device, or virtual (software-based) MFA device. You can continue using this feature until January 31, 2019.”

Password-less auth / WebAuthn

WebAuthn guide - Introduce WebAuthn as a standard supported by all major browsers, and allowing “servers to register and authenticate users using public key cryptography instead of a password”.

Password-less auth / Security key

Webauthn and security keys - Describe how authentication works with security keys, details the protocols, and how they articulates with WebAuthn. Key takeaway: “There is no way to create a U2F key with webauthn however. (…) So complete the transition to webauthn of your login process first, then transition registration.”

Getting started with security keys - A practical guide to stay safe online and prevent phishing with FIDO2, WebAuthn and security keys.

Solo (⭐2.3k) - Open security key supporting FIDO2 & U2F over USB + NFC.

OpenSK (⭐3k) - Open-source implementation for security keys written in Rust that supports both FIDO U2F and FIDO2 standards.

YubiKey Guide (⭐11k) - Guide to using YubiKey as a SmartCard for storing GPG encryption, signing and authentication keys, which can also be used for SSH. Many of the principles in this document are applicable to other smart card devices.

YubiKey at Datadog (⭐494) - Guide to setup Yubikey, U2F, GPG, git, SSH, Keybase, VMware Fusion and Docker Content Trust.

Password-less auth / Public-Key Infrastructure (PKI)

Everything you should know about certificates and PKI but are too afraid to ask - PKI lets you define a system cryptographically. It's universal and vendor neutral.

lemur - Acts as a broker between CAs and environments, providing a central portal for developers to issue TLS certificates with 'sane' defaults.

CFSSL (⭐8.6k) - A swiss army knife for PKI/TLS by CloudFlare. Command line tool and an HTTP API server for signing, verifying, and bundling TLS certificates.

JA3 (⭐2.6k) - Method for creating SSL/TLS client fingerprints that should be easy to produce on any platform and can be easily shared for threat intelligence.

Password-less auth / JWT

Introduction to JSON Web Tokens - Get up to speed on JWT with this article.

Learn how to use JWT for Authentication (⭐4.2k) - Learn how to use JWT to secure your web app.

Using JSON Web Tokens as API Keys - Compared to API keys, JWTs offers granular security, homogeneous auth architecture, decentralized issuance, OAuth2 compliance, debuggability, expiration control, device management.

Managing a Secure JSON Web Token Implementation - JWT has all sorts of flexibility that make it hard to use well.

Hardcoded secrets, unverified tokens, and other common JWT mistakes - A good recap of all JWT pitfalls.

Adding JSON Web Token API Keys to a DenyList - On token invalidation.

Stop using JWT for sessions - And why your "solution" doesn't work, because stateless JWT tokens cannot be invalidated or updated. They will introduce either size issues or security issues depending on where you store them. Stateful JWT tokens are functionally the same as session cookies, but without the battle-tested and well-reviewed implementations or client support.

JOSE is a Bad Standard That Everyone Should Avoid - The standards are either completely broken or complex minefields hard to navigate.

JWT.io - Allows you to decode, verify and generate JWT.

loginsrv - Standalone minimalistic login server providing a JWT login for multiple login backends (htpasswd, OSIAM, user/password, HTTP basic authentication, OAuth2: GitHub, Google, Bitbucket, Facebook, GitLab).

Authorization / Policy models

Semantic-based Automated Reasoning for AWS Access Policies using SMT - Zelkova is how AWS does it. This system perform symbolic analysis of IAM policies, and solve the reachability of resources according user's rights and access constraints. Also see the higher-level introduction given at re:inforce 2019.

Authorization / RBAC frameworks

Athenz (⭐894) - Set of services and libraries supporting service authentication and role-based authorization for provisioning and configuration.

Authorization / ABAC frameworks

Keto (⭐4.8k) - Policy decision point. It uses a set of access control policies, similar to AWS policies, in order to determine whether a subject is authorized to perform a certain action on a resource.

Ladon (⭐2.4k) - Access control library, inspired by AWS.

Authorization / AWS policy tools

Become an AWS IAM Policy Ninja - “In my nearly 5 years at Amazon, I carve out a little time each day, each week to look through the forums, customer tickets to try to find out where people are having trouble.”

Policy Sentry (⭐2k) - Writing security-conscious IAM Policies by hand can be very tedious and inefficient. Policy Sentry helps users to create least-privilege policies in a matter of seconds.

IAM Floyd (⭐544) - AWS IAM policy statement generator with fluent interface. Helps with creating type safe IAM policies and writing more restrictive/secure statements by offering conditions and ARN generation via IntelliSense. Available for Node.js, Python, .Net and Java.

Authorization / Macaroons

Macaroons: Cookies with Contextual Caveats for Decentralized Authorization in the Cloud - Google's original paper.

Google paper's author compares Macaroons and JWTs - As a consumer/verifier of macaroons, they allow you (through third-party caveats) to defer some authorization decisions to someone else. JWTs don't.

OAuth2 & OpenID / Other tools

An Illustrated Guide to OAuth and OpenID Connect - Explain how these standards work using simplified illustrations.

OAuth 2 Simplified - A reference article describing the protocol in simplified format to help developers and service providers implement it.

OAuth 2.0 and OpenID Connect (in plain English) - Starts with an historical context on how these standards came to be, clears up the innacuracies in the vocabulary, then details the protocols and its pitfalls to make it less intimidating.

Everything You Need to Know About OAuth (2.0) - A good overview with a practical case study on how Teleport, an open-source remote access tool, allows users to log in through GitHub SSO.

OAuth in one picture - A nice summary card.

Open-Sourcing BuzzFeed's SSO Experience - OAuth2-friendly adaptation of the Central Authentication Service (CAS) protocol. You'll find there good OAuth user flow diagrams.

Keycloak - Open-source Identity and Access Management. Supports OIDC, OAuth 2 and SAML 2, LDAP and AD directories, password policies.

The Decline of OpenID - OpenID is being replaced in the public web to a mix of OAuth 1, OAuth 2 or other proprietary SSO protocols.

Why Mastercard Doesn't Use OAuth 2.0 - “They did this to provide message-level integrity. OAuth 2 switched to transport-level confidentiality/integrity.” (which TLS provides) (source).

SAML / Other tools

How SAML 2.0 Authentication Works - Overview of the how and why of SSO and SAML.

Web Single Sign-On, the SAML 2.0 perspective - Another naive explanation of SAML workflow in the context of corporate SSO implementation.

The Beer Drinker's Guide to SAML - SAML is arcane at times. A another analogy might helps get more sense out of it.

Secret Management / Other tools

Secret at Scale at Netflix - Solution based on blind signatures. See the slides.

High Availability in Google's Internal KMS - Not GCP's KMS, but the one at the core of their infrastructure. See the slides.

sops - Encrypts the values of YAML and JSON files, not the keys.

gitleaks - Audit git repos for secrets.

truffleHog - Searches through git repositories for high entropy strings and secrets, digging deep into commit history.

Keywhiz - A system for managing and distributing secrets, which can fit well with a service oriented architecture (SOA).

roca - Python module to check for weak RSA moduli in various key formats.

Secret Management / Hardware Security Module (HSM)

HSM: What they are and why it's likely that you've (indirectly) used one today - Really basic overview of HSM usages.

Tidbits on AWS Cloud HSM hardware - AWS CloudHSM Classic is backed by SafeNet's Luna HSM, current CloudHSM rely on Cavium's Nitrox, which allows for partitionable "virtual HSMs".

Keystone - Open-source project for building trusted execution environments (TEE) with secure hardware enclaves, based on the RISC-V architecture.

Project Oak (⭐1.3k) - A specification and a reference implementation for the secure transfer, storage and processing of data.

Trust & Safety / Hardware Security Module (HSM)

Trust and safety 101 - A great introduction on the domain and its responsibilities.

What the Heck is Trust and Safety? - A couple of real use-case to demonstrate the role of a TnS team.

Awesome List of Billing and Payments: Fraud links (⭐883) - Section dedicated to fraud management for billing and payment, from our sister repository.

Trust & Safety / User Identity

The Laws of Identity - Is this paper aims at identity metasystem, its laws still provides great insights at smaller scale, especially the first law: to always allow user control and ask for consent to earn trust.

How Uber Got Lost - “To limit "friction" Uber allowed riders to sign up without requiring them to provide identity beyond an email — easily faked — or a phone number. (…) Vehicles were stolen and burned; drivers were assaulted, robbed and occasionally murdered. The company stuck with the low-friction sign-up system, even as violence increased.”

A Comparison of Personal Name Matching: Techniques and Practical Issues - Customer name matching has lots of application, from account deduplication to fraud monitoring.

Statistically Likely Usernames (⭐890) - Wordlists for creating statistically likely usernames for use in username-enumeration, simulated password-attacks and other security testing tasks.

Sherlock (⭐54k) - Hunt down social media accounts by username across social networks.

Trust & Safety / Fraud

Investigation into the Unusual Signups - A really detailed analysis of suspicious contributor signups on OpenStreetMap. This beautiful and high-level report demonstrating an orchestrated and directed campaign might serve as a template for fraud reports.

MIDAS: Detecting Microcluster Anomalies in Edge Streams (⭐761) - A proposed method to “detects microcluster anomalies, or suddenly arriving groups of suspiciously similar edges, in edge streams, using constant time and memory.”

Gephi (⭐5.8k) - Open-source platform for visualizing and manipulating large graphs.

Trust & Safety / Moderation

Still Logged In: What AR and VR Can Learn from MMOs - “If you host an online community, where people can harm another person: you are on the hook. And if you can't afford to be on the hook, don't host an online community”.

Trust & Safety / Threat Intelligence

Awesome Threat Intelligence (⭐7.8k) - “A concise definition of Threat Intelligence: evidence-based knowledge, including context, mechanisms, indicators, implications and actionable advice, about an existing or emerging menace or hazard to assets that can be used to inform decisions regarding the subject's response to that menace or hazard.”

SpiderFoot (⭐13k) - An open source intelligence (OSINT) automation tool. It integrates with just about every data source available and uses a range of methods for data analysis, making that data easy to navigate.

Standards related to Threat Intelligence - Open standards, tools and methodologies to support threat intelligence analysis.

MISP taxonomies and classification - Tags to organize information on “threat intelligence including cyber security indicators, financial fraud or counter-terrorism information.”

Browser Fingerprinting: A survey - Fingerprints can be used as a source of signals to identify bots and fraudsters.

The challenges of file formats - At one point you will let users upload files in your system. Here is a corpus of suspicious media files (⭐1.4k) that can be leveraged by scammers =to bypass security or fool users.

SecLists (⭐56k) - Collection of multiple types of lists used during security assessments, collected in one place. List types include usernames, passwords, URLs, sensitive data patterns, fuzzing payloads, web shells, and many more.

PhishingKitTracker (⭐98) - CSV database of email addresses used by threat actor in phishing kits.

PhoneInfoga (⭐13k) - Tools to scan phone numbers using only free resources. The goal is to first gather standard information such as country, area, carrier and line type on any international phone numbers with a very good accuracy. Then search for footprints on search engines to try to find the VoIP provider or identify the owner.

Confusable Homoglyphs (⭐159) - Homoglyphs is a common phishing trick.

Trust & Safety / Captcha

Awesome Captcha (⭐1.2k) - Reference all open-source captcha libraries, integration, alternatives and cracking tools.

reCaptcha - reCaptcha is still an effective, economical and quick solution when your company can't afford to have a dedicated team to fight bots and spammers at internet scale.

Blocklists / Captcha

Bloom Filter - Perfect for this use-case, as bloom filters are designed to quickly check if an element is not in a (large) set. Variations of bloom filters exist for specific data types.

How Radix trees made blocking IPs 5000 times faster - Radix trees might come handy to speed-up IP blocklists.

Blocklists / Hostnames and Subdomains

hosts - Consolidates reputable hosts files, and merges them into a unified hosts file with duplicates removed.

nextdns/metadata - Extensive collection of list for security, privacy and parental control.

The Public Suffix List - Mozilla's registry of public suffixes, under which Internet users can (or historically could) directly register names.

Country IP Blocks (⭐698) - CIDR country-level IP data, straight from the Regional Internet Registries, updated hourly.

Certificate Transparency Subdomains (⭐337) - An hourly updated list of subdomains gathered from certificate transparency logs.

common-domain-prefix-suffix-list.tsv - Top-5000 most common domain prefix/suffix list.

hosts-blocklists - No more ads, tracking and other virtual garbage.

xkeyscorerules100.txt - NSA's XKeyscore matching rules for TOR and other anonymity preserving tools.

pyisp - IP to ISP lookup library (includes ASN).

AMF site blocklist - Official French denylist of money-related fraud sites.

Blocklists / Emails

Burner email providers (⭐1k) - A list of temporary email providers. And its derivative Python module (⭐2.8k).

MailChecker (⭐1.6k) - Cross-language temporary (disposable/throwaway) email detection library.

Temporary Email Address Domains - A list of domains for disposable and temporary email addresses. Useful for filtering your email list to increase open rates (sending email to these domains likely will not be opened).

gman - “A ruby gem to check if the owner of a given email address or website is working for THE MAN (a.k.a verifies government domains).” Good resource to hunt for potential government customers in your user base.

Swot - In the same spirit as above, but this time to flag academic users.

Blocklists / Reserved IDs

General List of Reserved Words - This is a general list of words you may want to consider reserving, in a system where users can pick any name.

Hostnames and usernames to reserve - List of all the names that should be restricted from registration in automated systems.

Blocklists / Profanity

List of Dirty, Naughty, Obscene, and Otherwise Bad Words (⭐2.9k) - Profanity blocklist from Shutterstock.

profanity-check - Uses a linear SVM model trained on 200k human-labeled samples of clean and profane text strings.

Privacy / Profanity

Paper we love: Privacy (⭐86k) - A collection of scientific studies of schemes providing privacy by design.

IRMA Authentication - Open-source app and protocol that offers privacy-friendly attribute based authentication and signing using Camenisch and Lysyanskaya's Idemix.

Have I been Pwned? - Data breach index.

Automated security testing for Software Developers - Most privacy breaches were allowed by known vulnerabilities in third-party dependencies. Here is how to detect them by the way of CI/CD.

Email marketing regulations around the world (⭐439) - As the world becomes increasingly connected, the email marketing regulation landscape becomes more and more complex.

Privacy / Anonymization

The False Allure of Hashing for Anonymization - Hashing is not sufficient for anonymization no. But still it is good enough for pseudonymization (which is allowed by the GDPR).

Four cents to deanonymize: Companies reverse hashed email addresses - “Hashed email addresses can be easily reversed and linked to an individual”.

Why differential privacy is awesome - Explain the intuition behind differential privacy, a theoretical framework which allow sharing of aggregated data without compromising confidentiality. See follow-up articles with more details and practical aspects.

k-anonymity: an introduction - An alternative anonymity privacy model.

Presidio (⭐3.6k) - Context aware, pluggable and customizable data protection and PII data anonymization service for text and images.

Privacy / GDPR

GDPR Developer Guide (⭐323) - Best practices for developers.

GDPR – A Practical guide for Developers - A one-page summary of the above.

GDPR documents (⭐262) - Templates for personal use to have companies comply with "Data Access" requests.

Dark Patterns after the GDPR - This paper demonstrates that, because of the lack of GDPR law enforcements, dark patterns and implied consent are ubiquitous.

GDPR Enforcement Tracker - List of GDPR fines and penalties.

UX/UI / GDPR

The 2020 State of SaaS Product Onboarding - Covers all the important facets of user onboarding.

User Onboarding Teardowns - A huge list of deconstructed first-time user signups.

Discover UI Design Decisions Of Leading Companies - From Leaked Screenshots & A/B Tests.

Conversion Optimization - A collection of tactics to increase the chance of users finishing the account creation funnel.

Trello User Onboarding - A detailed case study, nicely presented, on how to improve user onboarding.

Don't get clever with login forms - Create login forms that are simple, linkable, predictable, and play nicely with password managers.

Why are the username and password on two different pages? - To support both SSO and password-based login. Now if breaking the login funnel in 2 steps is too infuriating to users, solve this as Dropbox does: an AJAX request when you enter your username.

HTML attributes to improve your users' two factor authentication experience - “In this post we will look at the humble <input> element and the HTML attributes that will help speed up our users' two factor authentication experience”.

Remove password masking - Summarizes the results from an academic study investigating the impact removing password masking has on consumer trust.

For anybody who thinks "I could build that in a weekend," this is how Slack decides to send a notification - Notifications are hard. Really hard.

Competitive Analysis / GDPR

AWS Security, Identity & Compliance announcements - The source of all new features added to the IAM perimeter.

GCP IAM release notes - Also of note: Identity, Identity Platform, Resource Manager, Key Management Service/HSM, Access Context Manager, Identity-Aware Proxy, Data Loss Prevention and Security Scanner.

Unofficial Weekly Google Cloud Platform newsletter - Relevant keywords: IAM and Security.

163 AWS services explained in one line each - Help makes sense of their huge service catalog. In the same spirit: AWS in simple terms & AWS In Plain English.

History / GDPR

cryptoanarchy.wiki - Cypherpunks overlaps with security. This wiki compiles information about the movement, its history and the people/events of note.

53. Awesome Circuitpython

PyCon2019 Keynote - Light Up Your Life - With Python and LEDs - By Nina Zakharenko. Python opens a whole new world of working with wearable electronics. The slides are also available.

Python on Hardware Means Choices for Makers - By Liz Clark - Apress. CircuitPython (a fork of MicroPython that is designed from the ground up to be beginner friendly.) This allows end users to use Python for their electronics hardware projects similar to how they may have used C/C++ with the Arduino IDE.

CircuitPython on hackster.io - Posts on hackster.io related to CircuitPython.

Social

CircuitPython on Hackaday.io - Curated list of projects on hackaday.io.

Podcasts

The Best Python Podcasts - The Best Python Podcasts.

Events

ASK AN ENGINEER, Wednesday 8pm ET on YouTube LIVE - The longest running YouTube live show about electronics, information on CircuitPython each week during "Python on hardware segment".

Talks

EuroPython 2019 talk video: Nicholas Tollervey – Tools of the Trade: The Making of a Code Editor - Nicholas Tollervey.

EuroPython 2019 talk video: Radomir Dopieralski – Game Development with CircuitPython - Radomir Dopieralski.

Hanselminutes Technology Podcast – Learning CircuitPython with Scott Shawcroft - Scott Shawcroft.

Lighting Macro Photographs with CircuitPython - Lighting Macro Photographs with CircuitPython by Stacy Morse at PyCon Australia.

Writing fast and efficient MicroPython - Writing fast and efficient MicroPython by Damien George at PyCon Australia.

Contributing / Contribution Workflow Overview

Fetch the remote.

Create a branch.

Make a change.

Commit and push to your repo.

54. Awesome Selfhosted

Software / Communication - Custom Communication Systems

Mumble - Low-latency, high quality voice/text chat software. (Source Code (⭐6.2k), Clients) BSD-3-Clause C++/deb

Software / Note-taking & Editors

DailyTxT (⭐201) - Encrypted diary Web application to save your personal memories of each day. Includes a search function and encrypted file upload. MIT Docker

55. Awesome Engineering Team Management

Motivation / Happiness

6 Signs You're a Micromanager (And What to Do Instead) - “You're more involved with your employees than ever, yet they seem disgruntled, unhappy, and less productive than usual. Your check-ins seem to go unappreciated. And no one seems receptive to all of your great feedback on their work. What's going on? Well, we hate to break it to you, but you might be a micromanager.”

Engineering / Technical Debt

Technical debt as a lack of understanding - “The problem lies in "never reorganizing [the code] to reflect your understanding." (…) Organizationally, you pay in velocity and turnover; talented people are going to leave after a few rounds of bullshit.”

Politics / Equity

Making Nice or Faking Nice? Exploring Supervisors' Two-Faced Response to their Past Abusive Behavior - “It behooves organizations that want to develop highly authentic supervisors or organizational climates to seek to hire supervisors that are lower (or at least not higher) on symbolized moral identity.”

Re-organizations / Acquisition

How the Digg team was acquihired - Acqui-hire of a whole team can be seen as a type of reorg. In which managers will have to negotiate the new employment contracts in bulk in one or two days: “Because acquihires are “star” oriented, if you're a senior leaders who doesn't explicitly refuse to move forward, pressure will converge on you from all sides”.

56. Awesome Cyclejs

Libraries / Boilerplates

snowpack-cycle (⭐2) - Snowpack app template to create Cycle.js projects with create-snowpack-app

57. Awesome Billing

Cost Forecast / Market Research

How to save money on your AWS bill - “The biggest cost savings there are: 1. Turning things off that you're not using; 2. Then spot instances; 3. Then reserved instances.”

Marketplace / Market Research

Vickrey auction - Hinted by an HN comment, in which yes, “‘Asking people what they'd pay for and how much rarely works.’ (…) [but] using a Vickrey auction, similar to Google's ad auction mechanism, can elicit a person's maximum willingness-to-pay.”

Marketplace / Cloud Resources

GCP Preemptible VMs vs AWS Spot Instances - “Google's prices are fixed, whereas AWS uses a market model”.

“Look at the 3-month spot price history to estimate cost and to discover combinations of availability zone and instance type with extra capacity.” (source) - Users are seeking more transparency on the spot market.

Taxes / Currencies

Global VAT & GST on digital services - List of countries requiring application of taxes on foreign provided online services.

“British supermarkets (…) charge you a fee for their backend card processing, but they subtract that fee from your checkout price.” (source) - Which allows them to claim the VAT on processing fees as input tax.

Taxes / European VAT

How to correctly setup SaaS subscriptions to charge VAT in Europe - “If you think you can just setup a simple Stripe integration and move on, like us, you'd be sadly mistaken.”

Fraud / Cards

How I Stopped a Credit Card Thief From Ripping Off 3,537 People – and Saved Our Nonprofit in the Process - Describe a fraud technique known as "card testing", in which massive batch of stolen cards are checked for their validity against your API.

Training an ML model to score chargebacks - An example of a platform's network effect, which allows to predict the likelihood of winning a dispute.

How credit card thieves use free-to-play apps to launder gains - To prevent abuses, service provider must strengthen both credit card verification and the account creation process.

Business Intelligence / Customer Lifetime Value

You're all calculating churn rates wrong - “On the surface, churn rate may seem like a natural proxy for changes in customer lifetimes. Let's dig into why that is not true.” Churn rate is not a meaningful metric to compute CLV: during the customer lifetime, the churn probability is not constant. Most of the time because of your free trial and vouchers. This article illustrate the influence of the distribution used to model the probability of a customer quitting.

Competitive Analysis / Cloud providers

AWS Cost Management announcements - The source of all new features added to the billing perimeter.

GCP billing release notes - Latest changes of GCP billing features.

History / Cloud providers

The vanished grandeur of accounting - Accounting paintings were a significant genre in Dutch art.

58. Awesome Keycloak

Articles

Getting Started with Service Accounts in Keycloak

59. Awesome Robotic Tooling

Documentation and Presentation

mkdocs (⭐16k) - A fast, simple and downright gorgeous static site generator that's geared towards building project documentation.

Frameworks and Stacks

COMPAS (⭐93) - Robotic fabrication package for the COMPAS Framework.

Simulation / Version Control

BlueSky (⭐260) - The goal of BlueSky is to provide everybody who wants to visualize, analyze or simulate air traffic with a tool to do so without any restrictions, licenses or limitations.

Sensor Processing / Image Processing

satpy (⭐915) - A python library for reading and manipulating meteorological remote sensing data and writing it to various image and data file formats.

Sensor Processing / Lidar and Point Cloud Processing

CamVox (⭐462) - A low-cost SLAM system based on camera and Livox lidar.

60. Awesome Crystal

Algorithms and Data structures

qr-code (⭐17) - QR Code generator

Image processing

celestine (⭐92) - Create SVG images using a DSL

61. Awesome Irc

Bots / Self-hosted

IRC-BF - Brainfuck

CloudBot (⭐72) - Simple, fast, expandable. Python

Frameworks / Bridges

teleirc (⭐134) - Telegram ↔ IRC. JavaScript

62. Awesome React Components

Custom Scrollbar

rc-scrollbars (⭐142) - demo - Customizable scrollbars with flex options and 60FPS

Form Components / Autosize Input / Textarea

react-autowidth-input (⭐11) - Highly configurable & extensible automatically sized input field built with hooks.

Prev: Dec 21 - Dec 27, 2020
Next: Dec 07 - Dec 13, 2020