> if you need that level of documentation, trying to shoehorn it into package.json is just the wrong place for it. Soon enough your package.json looks like a graffiti wall.
So the right place is to make a graffiti out of another place, instead of in the place where people actually declare the dependencies?
I find it bizarre when people believe in one true way of doing things. I mean, you can declare your dependencies how you like, but if others do it differently, then they're clueless?
You're clueless if you think adding comments to package.json - a file that regularly gets rewritten - is anything but an exercise in futility. Any time you run "npm install [whatever]" you are rewriting package.json. How exactly do you expect to maintain your random comments in this case? You expect nodejs to understand how comments are being written in package.json and not mess that up? You don't seem to understand how npm or package.json works.
I would argue that the gain is more than "negligible" in some cases. I'm building an app involving storing and serving images and I'm surprised that for the same images with the same resolution/quality, WebP is often 3x-4x smaller than PNG, which translates to lower storage cost, faster serving time, and happier users. You made a good point that people with older devices wouldn't be able to use apps like mine. But for me, the gain is so significant that I might just accept that.
Lowering your hosting costs usually translates into savings counted in the tens or hundreds of dollars per year. Loosing just a single customer because they can't see images of your product means loosing income of tens or hundreds of dollars, depending on what you're selling. Now take that times hundreds, or thousands of customers.
Optimized JPG images are tiny, and will load fast on any device. Any web designer worth their salt must know how to make a performant site without needing WebP images.
I'm working on Pictera [1], an AI product where users can upload their photos (like selfies) to create high-quality, hyper-realistic images of themselves in just about any style they want.
Originally, I built Pictera for myself to use because I couldn’t find any service that produced decent photos. Besides, I was very concerned that popular products in this space included broad terms allowing them to keep and use users' photos indefinitely for any purposes, including marketing [2]. But I've been enjoying working on the product so much that I've put way more time into polishing it and thought others would find it useful too.
Now, it's been a very long time since I see a mention of "Internet Explore 5". Kudos for highlighting the support for it but does it matter, who in the world are still using Internet Explorer 5?
IE5 was never a relevant contemporary of npm. The one that cast a long shadow on the web was IE6, pretty much exclusively, due to the unusual circumstances around antitrust intervention in the US and Europe putting MS off of really pushing their browser for nearly a decade (IE7 was pretty much DOA). IE5 was quickly replaced by IE6; nobody cared about it much even in 2005, let alone 2015. That was already an age of Chrome-first dev, complaining about Apple's lagging support for web ""standards"", and Firefox I guess more relevant than today but already increasingly an afterthought. The IE you'd be targeting, if any, was probably 8, unless you knew you wanted the userbase that was stuck with IE6.
A decade ago (2014) IE5 was completely dead. Some people were still force to care about IE6 but it was marginal. The default browser from that period was IE9 !
Great point on focusing on high-impact tests. I agree that LLMs risk giving a false sense of coverage. Maybe a smart strategy is generating boilerplate tests while we focus on custom edge cases.
Absolutely with you on the need for high-impact tests. I find that humans are still way better at coming up with the tests that actually matter, while AI can handle the implementation faster—especially when there’s a human guiding it.
Keeping a human in the loop is essential, in my experience. The AI does the heavy lifting, but we make sure the tests are genuinely useful. That balance helps avoid the trap of churning out “dumb” tests that might look impressive but don’t add real value.
Are there any browser extensions or tools that effectively prevent fingerprinting including canvas fingerprinting? Or is this one of those privacy battles we just have to accept as unwinnable?
Safari adds some noise to canvas. So the website above will say it's unique, but each time Safari swaps its web process (when you load a different website or a new window or a new tab) it will change to a different one.
Wish all browsers, at least the big ones, would do this by default. It would save regular users like us from fumbling around trying to figure out what works.
Unfortunately, it didn't pass the fingerprint test. You can see the results here: https://coveryourtracks.eff.org/.
On the other hand, Brave does pass it. I'd like to use Brave for all my browsing, but for some reason the devs haven't been able to get hardware-accelerated video decoding to work in their latest builds. That's why I've been using Librewolf for a very long time.
I don't buy that cover your tracks applies to the Firefox strategy to privacy. The Firefox strategy is to make your browser incredibly unique every time. If you visit the same website twice, you look very unique but like two totally different visitors. This is effective for real privacy and cover your tracks doesn't account for it well
Cover Your Tracks shows this kind of obfuscation strategy as "Randomized Fingerprint", but it only shows it for Brave, not for Librewolf when I tested it. Brave fingerprint is unique but it randomizes, while Firefox doesn't.
It's a setting in Firefox that is off by default because it can make some websites super annoying to deal with. But it's easy to get to, and allows you to be totally random per request or per tab-session, iirc
having a unique fingerprint in a group (such as tor browser / resist fingerprint enabling browser) can be better than a individually semi random unique one
> Or is this one of those privacy battles we just have to accept as unwinnable?
It depends on what you want to win. There are two types of fingerprinting:
- Browser fingerprinting (what you see here): Make sure that your Chrome on Windows behaves like every other Chrome on Windows and it isn't really a bot pretending to be Chrome. This results in you being treated like a real user and getting less CAPTCHAs.
- User specific fingerprinting: Determining that your browser is unique among all the browsers the website has seen so that you can be tracked without cookies.
The latter is obviously bad. Some people would argue the prior is bad, but it is a LOT of work to make every browser behave like every other browser across operating systems for little privacy benefit.
Is it bad if I use fingerprinting to track anonymous users so that I can provide them with a great UX without requiring them to give me all their personal details? Or should I only use cookies, that the user might delete? I don't see an issue with either for this purpose.
Imagine you sat one of you users down, and explained the details of how your fingerpriting system worked.
You explain that their browser has all kinds of little, subtle leaks of information about what software they're using, what operating system they're using, whether it's up to date, what hardware they're running, whether they're in a public space or an office or a home, which city they're in, what ISP they use, how they've configured their monitor and screen, what settings they set in their browser, what language they use at home, etc etc
You explain that you can collect all this information without them knowing you were doing it, without them really being able to stop you if they wanted to, and that you can collate it into an identifier that lets you know every time they visit your site even if they don't tell you themselves in some way, and with no way to ask you to stop.
And you explain that you do this for them, to make their experience of your site better for them, and harder for them to accidentally break.
How do you think they'd respond?
To be clear, I'm not asking this as some rhetorical trick. There absolutely are users who wouldn't care in the least, and who might even see you as really clever for doing it.
But that's how you can know if it's bad or not. If you think your users would be creeped out or otherwise troubled by it, or might feel like you've invaded their privacy or their right to control their own experience in their own browser, then you already know it's bad. If you think they wouldn't mind, then -- and only then -- maybe it's not.
I think that's a solid model to use, however, I would argue that its safe to assume that: ** There absolutely are users who wouldn't care in the least, and who might even see you as really clever for doing it.** Makes up >= 95% of recurrent anonymous users by default.
You should be using a cookie for this purpose, you could in fact just store the ui settings directly in the cookie.
It becomes tracking once you say “I have an ID in a cookie, and I’m going to look up the settings for that ID in my own giant DB”.
What you’re suggesting - using fingerprinting - is the worst. It’s not reliable nor robust, it implicitly requires tracking (you have to record the fingerprint<=>setting db and look it up), and user cannot opt out of it nor trivially change state at will, etc.
There is fundamentally no legitimate reason to ever use fingerprinting over the actual explicit mechanisms for persistent storage.
Facebook, Apple and Google use people faces to track them. Governments use public cameras to track people. Google and Facebook also use other kind of tracking people.
But somehow it's immoral for average Joe to track not people but browsers.
Um, as far as I know apple does not use faces to track people.
I'm not sure about google, but my experience with the folk working their make me suspect that even they would not start correlating faces across accounts/users (though I suspect they aren't as careful as apple to avoid that information being visible to them).
But more to the point you're saying "if entity X tracks people it's immoral for anyone else to not track people" rather than "it's immoral for entity X to track people", which is some kind of gross mental gymnastics, and applies to pretty much anything: "if person X gets away with assault, then I should also get away with assault", etc
>- User specific fingerprinting: Determining that your browser is unique among all the browsers the website has seen so that you can be tracked without cookies.
I worked briefly for an ad company that not only did their own fingerprinting but bought a lot of fingerprinting data, along some other type of info: country, age cathegory, sex, income cathegory.
Funny anecdote: back in 2004-2006 when I held the Infosec 101 course at the university, I raised an obvious point in the privacy section. If an individual harvests data on other people and then uses that to track their movements, actions and behaviours - we'd call it stalking. When a company does that, we call it data mining.
The lecture used to shock the students from the economics department.
the only way to actually prevent fingerprinting is to never connect. your ip, os, tls cryptographic protocols (or lack there of), screen resolution, mouse speed+movement, keystrokes+keyboard layout and much much more all can be used to fingerprint a user. even the reduction of all these points can be a fingerprint.
since most of those are unlikely to actually happen (yet) with the usual dragnet ad surveillance, just using hardened firefox (arkenfox/librewolf/mullvad browser) with a vpn or just tor browser is sufficient.
I used to freelance and I can totally relate to the "feast or famine" cycle. Freelancing often sounds ideal—freedom, flexibility, and the chance to work on diverse projects. But the reality of inconsistent income, lack of benefits, and the need to constantly hustle for clients.
For those who have freelanced for a while, do you find it sustainable long-term, or is it more of a stepping stone toward building something more stable, like a product or SaaS? And how do you manage the stress of income unpredictability? Curious to hear from people who've made freelancing work on a larger scale.
Long-term freelancer here (several decades) who has almost never been a full-time employee. While the points in this article are generally true, there is much variety in the world of freelancing that isn't touched on here.
My first few freelancing jobs were basically full-time, working for one client at a time. While I didn't get benefits (health insurance, paid vacation, stock options, extra overtime pay), I did command a fairly high hourly rate which made up for that.
My time wasn't monitored as closely as that of a full-time employee, i.e. if I came in at 10 am and left at 4 pm, I got paid for that time (minus lunch) and nobody cared, as long as I got the job done. Conversely, if I worked from 9 am to 11 pm, I got paid for all those hours (minus time for meals, of course)!
Eventually I got smaller clients/projects, but more of them. These days my situation is much closer to that described in the article. However, I'm in a much different position financially now than I was then, and am okay with the large fluctuations in work.
If work starts to dry up, your safety net is to get a full time job, like all the other working stiffs out there. You have been building your skills as a freelancer, especially during dry spells, haven't you? So theoretically you're well positioned to apply for a job. There's also unemployment benefits, which vary by country of course, so hopefully you won't end up on the streets unless you suffer setbacks well beyond your control.
If I had to give advice to somebody who just started freelancing, it would be to save as much as possible as early as possible, and to stash as much as possible in a retirement account and the rest in an investment(s) that will be relatively safe in the long term. Ask your accountant and financial planner for specific advice here, but long story short: index funds like the S&P 500.
I'm doing various forms of small business including freelancing for 20+ years. Some of these years I was working as a consultant for one client, a few years were primarily focused on own products, some years were "pure freelancing" similar to what's described in the article. Now again working primary for one client but still managing my own products and taking small gigs on the side.
Except in the beginning, I've had no issues with income but as the others said you need safe cash cushion and financial discipline.
Context switching and overburning is a problem but ask any small business owner outside of the IT and they'll tell you something alike.
Freelancing is just a form of small business and small business is hard. But the level of freedom is higher than that of the employee.
I started out freelancing and eventually built a consulting firm w/ a partner, I left around 50 people because selling time for money just never got fun.
Took a business partner, a couple engineers, and one of the products we had built for an old customer from the consulting firm (on good terms!) and built an enterprise SaaS product out of it, much happier working working with a small team on a product.
For me the value of working on lots of things was meeting lots of people I'd like to continue working with and getting product ideas.
It depends on the type of your contracts - there's also longer-term contracts out there (at lower hourly rates).
You can do any mix of those (if you can find them) - ideally, you've got long-term contracts that cover you basic income needs, and do short-term contracts or product development on top of that.
Regarding the feast or famine cycles - you need a very healthy cash cushion.
And speaking of health, that's a risk in itself. Long-term health issues that prevent you from working as much as you need to will drain your cushion.
I’ve been consulting for 4 years with considerable success so you could say it’s kinda “freelancing long term”. Whilst I originally was stressed about the need to constantly seek new projects/clients, it’s stabilized a little bit and I have built up some savings to at least give me a buffer. For managing internal stress, I’ve turned to Buddhism to help keep me going through tough times but also realized that reputation and client base has played a key role in me keeping this up long term.
My client base is a mix of startups and enterprises. Enterprises have given me longer term projects and have deeper pockets which reduces income unpredictability. The good work that me and my team does also provides us with good referrals and case studies that we can talk about with future customers.
As a solo consultant at the beginning of the journey, I adopted the mindset of being a 1 person business and acted like a business which meant doing sales/marketing activities (i.e. built partnerships, strategize to focus on value propositions, act like an advisor) to keep things going.
Thanks for sharing your journey, it's very inspiring. I'm curious, how did you find your first enterprise clients, and what strategies helped you secure long-term projects? Any advice for building that initial trust as a solo consultant?
I've done both - built a software product and company around it, as well as consulting (including some big projects like one processing $1B/mo in payments).
>>how do you manage the stress of income unpredictability<<
By squirreling away as much as I can from those "feast" times.
I've found many people I meet on fixed incomes who haven't been through the "feast or famine" cycle you mentioned don't appreciate just how hefty a safety net it takes to feel secure. I keep seeing naive guidance out there in the range of months, where personally I was looking out in terms of 1-2 years (or more). It necessitated significant sacrifices when I was starting out, in terms of disposable income, homeownership, etc. I was young, so my personal needs were really frugal.
>>do you find it sustainable long-term<<
A few things that helped make it sustainable (this is looking back in retrospect - it's not like I was deliberate about sustainability at the time as I was busy trying to make a living, build up a reputation and fiscal capital, and most importantly make cool new things):
- Personal flexibility in terms of scheduling 'vacation' time. Got a couple months without anything on deck? Great, spend 6 weeks catching up on work you let slide while you were insanely busy on the last consulting gig, then take two off and travel or do something else to recuperate. I always struggled to be 'truly' disconnected, but clients tended to recognize how hard I work to make them happy and were supportive (i.e. tried to be a little more self-sufficient while I was away) - and it's still possible to have a great trip while checking in from time to time (I recall a couple weeks in Boracay where I'd be on email all morning then kitesurf in the afternoons).
- Innate satisfaction from pleasing clients and from building new things. Money isn't the only reward out there to hit your dopamine. You already mentioned diversity in projects, which falls in the same vein as this.
- Being open to long workweeks when times are busy. It's not a clock, it's about achieving the objective (have logged 80+ hours for weeks at a time - if you're excited about and deeply committed to the work it's not as bad as it sounds). Billing hourly or some other remuneration arrangement that leaves you feeling compensated for your time is really important here.
- Exercise - find a physical activity that helps burn off your stress.
- A bit of hubris around selectivity. Don't get a warm fuzzy feeling from this lead? That's fine, skip it and look for a different opportunity. I think the sense of control and agency here is something those at regular day jobs sometimes miss. Of course it takes going through some crap projects to get to where you can recognize and filter on the good ones.
- Reputation. A lot of the stuff that was hard at first becomes easier once you're established and can leverage a network of thrilled customers and partners. I don't advertise anymore, and get more opportunities than I can handle from word of mouth. I turn down more work than I take on. (Of course as you grow, you get a new and different set of hard challenges to tackle).
I toyed with having employees on the consulting side, but as I worked with larger clients I unexpectedly found it sometimes worked better to "commandeer" staff directly from them for a project (especially if you've got buy-in at the C-level). One thing I've learned is I much prefer working with a small, talented and focused team than an 'army of mediocrity', and lately have charted course back into the product realm.
>>or is it more of a stepping stone<<
Everything we do in life is a stepping-stone to where we'd like to be. Some stones give way, some hold unexpected surprises when you turn them over. One way or another you're going to get your feet wet.
Sounds like you're living the dream! I definitely agree that a few months of safety net doesn't feel "safe" at all and 1-2 years is more reasonable. One question, how did you initially start building that network of clients to reach a point where word of mouth sustains the business?
Basically by starting out doing projects for peanuts, for anyone I could (eg. acquaintances, contacts from summer jobs, etc). That got me references.
When I developed my first software title and sold it B2B, that helped bring in lots of new customers from around the world - many wanted to buy customizations or integrate the technology into their products.
This naturally led to higher margin consulting work and is how my focus began to pivot. I was also posting guidance online to solve certain challenges in my niche of expertise that were previously considered somewhat intractable, which helped with exposure.
After that it was just years of hard work and a deep commitment to customer success.
So the right place is to make a graffiti out of another place, instead of in the place where people actually declare the dependencies?
I find it bizarre when people believe in one true way of doing things. I mean, you can declare your dependencies how you like, but if others do it differently, then they're clueless?