{:ok, "Joel Jucá"}
@joeljuca.com
SWE. Founder & CM @elug-ce.github.io
👉 https://joeljuca.com
#elixirlang #golang #ruby #javascript #typescript #nodejs #scheme #lisp #react #postgres #sqlite #couchdb #linux #freebsd #opensource
👉 https://joeljuca.com
#elixirlang #golang #ruby #javascript #typescript #nodejs #scheme #lisp #react #postgres #sqlite #couchdb #linux #freebsd #opensource
Pinned
{:ok, "Joel Jucá"}
@joeljuca.com
· Jan 1
Ok, it’s 2025 already and I’d like to state my 2025 indie-hacking goals:
- get into the founder mode
- launch my small business app
- launch at least a 2nd app
- deploy AI at work & life
- at least 1K USD ARR
- write articles (at least, monthly)
- get into the founder mode
- launch my small business app
- launch at least a 2nd app
- deploy AI at work & life
- at least 1K USD ARR
- write articles (at least, monthly)
I'm working with #TypeScript after many years with #Elixirlang. GOSH how I MISS Elixir's super-cheap procs!
Being able to solve tasks by breaking them up in smaller ephemeral procs, putting them over a supervisor to restart them if smt breaks, and not having to worry much about cloud costs is gold.
Being able to solve tasks by breaking them up in smaller ephemeral procs, putting them over a supervisor to restart them if smt breaks, and not having to worry much about cloud costs is gold.
December 29, 2025 at 2:37 PM
I'm working with #TypeScript after many years with #Elixirlang. GOSH how I MISS Elixir's super-cheap procs!
Being able to solve tasks by breaking them up in smaller ephemeral procs, putting them over a supervisor to restart them if smt breaks, and not having to worry much about cloud costs is gold.
Being able to solve tasks by breaking them up in smaller ephemeral procs, putting them over a supervisor to restart them if smt breaks, and not having to worry much about cloud costs is gold.
The language is quite easy, I give it to Go. Check the free book Learn Go With Tests, it’s a great tool to learn the lang — and get used to writing tests in Go.
December 22, 2025 at 8:56 AM
The language is quite easy, I give it to Go. Check the free book Learn Go With Tests, it’s a great tool to learn the lang — and get used to writing tests in Go.
I'm starting to submit my apps to HSTS Preload list today with 10y of max-age (yep, 10 years; like I said: I'd prefer to have my sites/services to be unavailable than be available under serious security risks).
I'll also do/recommend the same for each and every project/team I work with from now on.
I'll also do/recommend the same for each and every project/team I work with from now on.
December 14, 2025 at 5:30 PM
I'm starting to submit my apps to HSTS Preload list today with 10y of max-age (yep, 10 years; like I said: I'd prefer to have my sites/services to be unavailable than be available under serious security risks).
I'll also do/recommend the same for each and every project/team I work with from now on.
I'll also do/recommend the same for each and every project/team I work with from now on.
This issue is simple: if HTTPS is not available, I'd like my site/app to NOT function rather than functioning with such a serious security vulnerability. In 2025, a site/app running in plain HTTP is absolutely unacceptable.
So, given the severity, HSTS is now a hard business requirement.
So, given the severity, HSTS is now a hard business requirement.
December 14, 2025 at 5:30 PM
This issue is simple: if HTTPS is not available, I'd like my site/app to NOT function rather than functioning with such a serious security vulnerability. In 2025, a site/app running in plain HTTP is absolutely unacceptable.
So, given the severity, HSTS is now a hard business requirement.
So, given the severity, HSTS is now a hard business requirement.
Who TF would want their sites/apps exposed on the web without HTTPS?
This is serious: if your site/app is not using HTTPS, you're exposing your business and users/clients to very serious threats.
This is serious: if your site/app is not using HTTPS, you're exposing your business and users/clients to very serious threats.
December 14, 2025 at 5:30 PM
Who TF would want their sites/apps exposed on the web without HTTPS?
This is serious: if your site/app is not using HTTPS, you're exposing your business and users/clients to very serious threats.
This is serious: if your site/app is not using HTTPS, you're exposing your business and users/clients to very serious threats.
Important: when you submit your site/web app to this HSTS Preload list, it's very hard to remove it. It'd take months for this change to take effect, and there were recommendations for not doing it if you need unencrypted HTTP.
IMHO, this is absolutely INSANE! 🤦🏻♂️
IMHO, this is absolutely INSANE! 🤦🏻♂️
December 14, 2025 at 5:30 PM
Important: when you submit your site/web app to this HSTS Preload list, it's very hard to remove it. It'd take months for this change to take effect, and there were recommendations for not doing it if you need unencrypted HTTP.
IMHO, this is absolutely INSANE! 🤦🏻♂️
IMHO, this is absolutely INSANE! 🤦🏻♂️
This list can also be updated with sites/web apps interested in turning HSTS on by default: these websites must include the `preload` in their HSTS headers:
```
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
```
Then, submit themselves in hstspreload.org 😎👍
```
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
```
Then, submit themselves in hstspreload.org 😎👍
HSTS Preload List Submission
hstspreload.org
December 14, 2025 at 5:30 PM
This list can also be updated with sites/web apps interested in turning HSTS on by default: these websites must include the `preload` in their HSTS headers:
```
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
```
Then, submit themselves in hstspreload.org 😎👍
```
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
```
Then, submit themselves in hstspreload.org 😎👍
If a browser is processing a plain-HTTP request to your site/web app for the very first time, it'd do it w/o upgrading to HTTPS, because it does not know it uses HSTS. This, by definition, is a serious security risk.
To mitigate this, browsers ship with a list of hard-coded sites to force HSTS.
To mitigate this, browsers ship with a list of hard-coded sites to force HSTS.
December 14, 2025 at 5:30 PM
If a browser is processing a plain-HTTP request to your site/web app for the very first time, it'd do it w/o upgrading to HTTPS, because it does not know it uses HSTS. This, by definition, is a serious security risk.
To mitigate this, browsers ship with a list of hard-coded sites to force HSTS.
To mitigate this, browsers ship with a list of hard-coded sites to force HSTS.
It's possible to include subdomains in this protection as well, by including the `includeSubDomains` option in the header:
```
Strict-Transport-Security: max-age=31536000; includeSubDomains
```
This way, the HSTS protection is extended to subdomains as well. 🙌
BUT, there's a problem:
```
Strict-Transport-Security: max-age=31536000; includeSubDomains
```
This way, the HSTS protection is extended to subdomains as well. 🙌
BUT, there's a problem:
December 14, 2025 at 5:30 PM
It's possible to include subdomains in this protection as well, by including the `includeSubDomains` option in the header:
```
Strict-Transport-Security: max-age=31536000; includeSubDomains
```
This way, the HSTS protection is extended to subdomains as well. 🙌
BUT, there's a problem:
```
Strict-Transport-Security: max-age=31536000; includeSubDomains
```
This way, the HSTS protection is extended to subdomains as well. 🙌
BUT, there's a problem:
It works by setting a very simple HTTP header in your project:
```
Strict-Transport-Security: max-age=31536000
```
The `max-age` sets a max time for browsers caching the config. That's it, then browsers will convert any/all HTTP requests to HTTPS automatically.
```
Strict-Transport-Security: max-age=31536000
```
The `max-age` sets a max time for browsers caching the config. That's it, then browsers will convert any/all HTTP requests to HTTPS automatically.
December 14, 2025 at 5:30 PM
It works by setting a very simple HTTP header in your project:
```
Strict-Transport-Security: max-age=31536000
```
The `max-age` sets a max time for browsers caching the config. That's it, then browsers will convert any/all HTTP requests to HTTPS automatically.
```
Strict-Transport-Security: max-age=31536000
```
The `max-age` sets a max time for browsers caching the config. That's it, then browsers will convert any/all HTTP requests to HTTPS automatically.
I recently discovered HSTS and I was: "🤯 how TF have I missed this til now? It's smt I'd adopt in absolutely ALL of my projects, with NO exceptions!"
👉 HSTS – or HTTP Strict Transport Security, is a very simple yet super-powerful HTTP/browsers feature to force HTTPS in your projects.
I explain:
👉 HSTS – or HTTP Strict Transport Security, is a very simple yet super-powerful HTTP/browsers feature to force HTTPS in your projects.
I explain:
December 14, 2025 at 5:30 PM
I recently discovered HSTS and I was: "🤯 how TF have I missed this til now? It's smt I'd adopt in absolutely ALL of my projects, with NO exceptions!"
👉 HSTS – or HTTP Strict Transport Security, is a very simple yet super-powerful HTTP/browsers feature to force HTTPS in your projects.
I explain:
👉 HSTS – or HTTP Strict Transport Security, is a very simple yet super-powerful HTTP/browsers feature to force HTTPS in your projects.
I explain:
This is so absurd. US used to be known as a land of progress and freedom for serious, hard working people. Now, any person can clearly see how broken the country is, how racism, xenophobic, how bad is their current state of affairs.
What a terrible nightmare the US has become.
What a terrible nightmare the US has become.
December 14, 2025 at 12:33 PM
This is so absurd. US used to be known as a land of progress and freedom for serious, hard working people. Now, any person can clearly see how broken the country is, how racism, xenophobic, how bad is their current state of affairs.
What a terrible nightmare the US has become.
What a terrible nightmare the US has become.
Eu já levei umas multas que, sinceramente, não sei nem como levei. Tomei uma esses dias por passar em cima de faixa branca (algo assim, n lembro o texto exato). Eu fiz questão de passar no endereço pra conferir, e n tem marcação. Eu não sei de onde saiu isso até hj!
December 13, 2025 at 2:20 AM
Eu já levei umas multas que, sinceramente, não sei nem como levei. Tomei uma esses dias por passar em cima de faixa branca (algo assim, n lembro o texto exato). Eu fiz questão de passar no endereço pra conferir, e n tem marcação. Eu não sei de onde saiu isso até hj!
Rapaz, pois aqui em Fortaleza se vc piscar, cê leva multa. A cidade é lotada de pistas onde, em um pedaço é 60 km/h, noutro 50, dps vira 60 dnv, dps fica 40…
Isso sem falar na BR, com 5 vias largas em cada lado, e máxima de 60. Onde já se viu BR ter máxima de 60!?!
Eu odeio o trânsito daqui.
Isso sem falar na BR, com 5 vias largas em cada lado, e máxima de 60. Onde já se viu BR ter máxima de 60!?!
Eu odeio o trânsito daqui.
December 13, 2025 at 2:18 AM
Rapaz, pois aqui em Fortaleza se vc piscar, cê leva multa. A cidade é lotada de pistas onde, em um pedaço é 60 km/h, noutro 50, dps vira 60 dnv, dps fica 40…
Isso sem falar na BR, com 5 vias largas em cada lado, e máxima de 60. Onde já se viu BR ter máxima de 60!?!
Eu odeio o trânsito daqui.
Isso sem falar na BR, com 5 vias largas em cada lado, e máxima de 60. Onde já se viu BR ter máxima de 60!?!
Eu odeio o trânsito daqui.
Ah nem — não me venha validar industria da multa, que cidadão nenhum, em sua sã consciência, deveria sequer cogitar isso!
December 12, 2025 at 6:16 PM
Ah nem — não me venha validar industria da multa, que cidadão nenhum, em sua sã consciência, deveria sequer cogitar isso!
Hj tô almoçando gostosinho (cuscuz com carnes moída, ovo, cheiro-verde) com suco de caju aqui no Centro das Tapioqueiras.
Se tem jeito mais **cearense** de almoçar, eu desconheço. 😂 Cuscuz é bom demaaais!
Se tem jeito mais **cearense** de almoçar, eu desconheço. 😂 Cuscuz é bom demaaais!
December 12, 2025 at 6:15 PM
Hj tô almoçando gostosinho (cuscuz com carnes moída, ovo, cheiro-verde) com suco de caju aqui no Centro das Tapioqueiras.
Se tem jeito mais **cearense** de almoçar, eu desconheço. 😂 Cuscuz é bom demaaais!
Se tem jeito mais **cearense** de almoçar, eu desconheço. 😂 Cuscuz é bom demaaais!
Types in Golang are not that bad. I like to use them. My problem with Golang is that supposedly Railway programming we *have* to do with `if err != nil` in every 5 LOC or so.
But I find Golang a much better DX than TypeScript.
But I find Golang a much better DX than TypeScript.
December 9, 2025 at 11:39 AM
Types in Golang are not that bad. I like to use them. My problem with Golang is that supposedly Railway programming we *have* to do with `if err != nil` in every 5 LOC or so.
But I find Golang a much better DX than TypeScript.
But I find Golang a much better DX than TypeScript.
I think so. There’s also the quirks of JavaScript dynamic typing as well, which makes some noisy typing needed.
Every time I get a problem that’s about parallelism I’m like “I wish Node.js had some actor system, it’d be gorgeously solved with a simple dedicated actor!”
Instead, I gotta do jobs.
Every time I get a problem that’s about parallelism I’m like “I wish Node.js had some actor system, it’d be gorgeously solved with a simple dedicated actor!”
Instead, I gotta do jobs.
December 9, 2025 at 11:34 AM
I think so. There’s also the quirks of JavaScript dynamic typing as well, which makes some noisy typing needed.
Every time I get a problem that’s about parallelism I’m like “I wish Node.js had some actor system, it’d be gorgeously solved with a simple dedicated actor!”
Instead, I gotta do jobs.
Every time I get a problem that’s about parallelism I’m like “I wish Node.js had some actor system, it’d be gorgeously solved with a simple dedicated actor!”
Instead, I gotta do jobs.
Well I guess I'm used to the higher quality of Elixir DX (developer experience). It'll take a bit to adapt again.
December 8, 2025 at 11:26 PM
Well I guess I'm used to the higher quality of Elixir DX (developer experience). It'll take a bit to adapt again.
After working mostly w/ #Elixirlang for some good years, I'm back to writing mostly #TypeScript in a full-stack project. The code is... so much!
It's a lot of code to do very little – and a lot of type noise. I'm not against types, I use types in Elixir and Golang, but MAAN, TypeScript is so... 😩
It's a lot of code to do very little – and a lot of type noise. I'm not against types, I use types in Elixir and Golang, but MAAN, TypeScript is so... 😩
December 8, 2025 at 11:26 PM
After working mostly w/ #Elixirlang for some good years, I'm back to writing mostly #TypeScript in a full-stack project. The code is... so much!
It's a lot of code to do very little – and a lot of type noise. I'm not against types, I use types in Elixir and Golang, but MAAN, TypeScript is so... 😩
It's a lot of code to do very little – and a lot of type noise. I'm not against types, I use types in Elixir and Golang, but MAAN, TypeScript is so... 😩
We are a lot of people 😄
December 8, 2025 at 7:20 PM
We are a lot of people 😄
Apparently, there’s is a workahound: storing a zero-byte object with a redirect header. Works for browsers, not for direct API usage.
I might explore it at some point, if the pain of having to duplicate files in my S3 grows too big.
I might explore it at some point, if the pain of having to duplicate files in my S3 grows too big.
December 8, 2025 at 7:05 PM
Apparently, there’s is a workahound: storing a zero-byte object with a redirect header. Works for browsers, not for direct API usage.
I might explore it at some point, if the pain of having to duplicate files in my S3 grows too big.
I might explore it at some point, if the pain of having to duplicate files in my S3 grows too big.
Yeah bro I know S3 ain’t a filesystem. What I’m saying exactly and precisely is that I’d like/expect to have this feature in S3.
It does not. That’s my point. I believe it should have support for smt like this.
It does not. That’s my point. I believe it should have support for smt like this.
December 8, 2025 at 7:04 PM
Yeah bro I know S3 ain’t a filesystem. What I’m saying exactly and precisely is that I’d like/expect to have this feature in S3.
It does not. That’s my point. I believe it should have support for smt like this.
It does not. That’s my point. I believe it should have support for smt like this.
Files are:
- some/prefix/file1
- other/prefix/file2
And id like to group them in a:
- specific-group/file1
- specific-group/file2
It’s trivial in POSIX but totally impossible in S3. And I think it’s quite common thing in most scenarios (group somewhat related files for processing together)
- some/prefix/file1
- other/prefix/file2
And id like to group them in a:
- specific-group/file1
- specific-group/file2
It’s trivial in POSIX but totally impossible in S3. And I think it’s quite common thing in most scenarios (group somewhat related files for processing together)
December 8, 2025 at 6:52 PM
Files are:
- some/prefix/file1
- other/prefix/file2
And id like to group them in a:
- specific-group/file1
- specific-group/file2
It’s trivial in POSIX but totally impossible in S3. And I think it’s quite common thing in most scenarios (group somewhat related files for processing together)
- some/prefix/file1
- other/prefix/file2
And id like to group them in a:
- specific-group/file1
- specific-group/file2
It’s trivial in POSIX but totally impossible in S3. And I think it’s quite common thing in most scenarios (group somewhat related files for processing together)
Say we have a bunch of files scattered across different paths. The app was architected/created with some dir path hierarchy, etc. — but then, for some reason, I’d like to group a bunch of existing files in a single “dir” (which in fact are just path prefixes) and set up a prefix based access rule
December 8, 2025 at 6:50 PM
Say we have a bunch of files scattered across different paths. The app was architected/created with some dir path hierarchy, etc. — but then, for some reason, I’d like to group a bunch of existing files in a single “dir” (which in fact are just path prefixes) and set up a prefix based access rule