In React, useEffect let’s you perform side effects in function components. They are meant to run once when the component is mounted, however you can recursively call it by combining adding a useState data dependency to it. By toggling the value of the data dependency inside the effect, it recursively call the effect. This is useful, for example, in implementing retry logic to an API call say for automatically retrying when an access token expires.

const [retryToggle, setRetryToggle] = useState(false);

React.useEffect(() => {
  if (someConditionToPreventInfiniteLoop) {
    return
  }

  fetch("http://example.com")
    .then((r) => handleSuccessHere(r))
    .catch((err) => setRetryToggle( i=> !i))

  // This dependency allows us to re-run the effect whenever this
  // value changes.
}, [retryToggle]);

People often get hung up on the ‘viable’ part of a minimum viable product (MVP) and tend to think of it as something that can be crappy. Framing how you are building the first revision of a product idea as a minimum remarkable product (MRP?) makes clear that it has to be obviously better than what’s currently out there or it will not get anyone’s attention.

This framing is less of a functional definition (minimum viable evokes ‘it kinda sorta works’) and more of a user centered definition (minimum remarkable evokes ‘what would get our users attention?').

(I couldn’t find a source, but it comes from Amazon or Jeff Bezos).

See also:

• This is closer to the advice of build an initial product a small group of users love

A refresh token in an OAuth setup using Json Web Tokens (JWT) is used to request a new access token. Because access tokens are short lived (to minimize the impact of a token being exfiltrated), a long lived refresh token is commonly used to, for example, stay logged into an app rather than need to log in every n minutes (the length of the access token).

Why have two tokens? In web apps this provides an additional layer of security and a better access story for your auth service (for high traffic app). Access tokens have a short life and the signed token is verified on every request (CPU bound), a refresh token affords a chance for the auth service to cut off access (using a deny list in a database i.e. IO bound) and is also stored separately (HttpOnly cookie) to prevent cross-site-scripting (XSS) attacks. This also improves scalability, authentication happens less frequently (at login time and token refresh time) which can reduce load on an auth service.

The refresh token should be treated differently because it has a longer expiry. It should be stored in a more secure way to prevent leaking it. In the browser that means storing it in an HttpOnly, Secure, and SameSite (to prevent CSRF attacks) cookie in the browser which can not be accessed from JS and refresh token rotation. This makes it possible to “refresh” an access token by making a request and including the cookie (using fetch with credentials: 'include').

See also:

• Storing JWT in cookies creates a cross site request forgery (CSRF) vulnerability.
• Block old browsers if you use SameSite cookies to prevent CSRF.
• Read An in-depth look at refresh tokens in the browser.

Unlike the Lord of the Flies, a real life story about six shipwrecked boys who ended up on a deserted island in Tonga for 15 months showed cooperation and loyalty rather than murder and mayhem.

The group stole a boat out of boredom and got caught in a storm that brought them to the island. They survived by scavenging.

They also survived by working together. One of the boys fell and broke their leg so they fashioned a makeshift split. They made a guitar out of coconuts and wire that washed ashore. They sung together and prayed every night to keep their spirits up, for 15 months before they were rescued by a fishing boat.

Read the article

Merging data from the Occupational Information Network (O*NET), National Longitudinal Survey of Youth 1979 (NLSY79) round 16, and American Time Use Survey (ATUS) shows that an estimated 45% of jobs (~67MM based on number of employed citizens) in the US can be done remotely. However, prior to the pandemic only 10% of workers who could work remotely actually did (the takeup rate).

Read Ability to work from home: evidence from two surveys and implications for the labor market in the COVID-19 pandemic from the U.S. Bureau of Labor Statistics.

See also:

• Of those who did work remotely two-thirds want to continue to work remotely
• This also shows 55% of jobs can’t be done remotely which may correlate with the inequality of remote work
• COVID-19 changed the takeup rate significantly, 18.3 of workers ‘telecommuted’ in April 2021 according the May Employment Situation Summary

Markets exhibit the Pareto principle in that most of the advantages accrue to a small number of players—mostly number one. These advantages include growing faster, network effects, recruiting the best people, expanding to new opportunities quickly and most of the 7 Powers.

That’s why it makes sense for businesses to aim to be the market leader or create a new market. That’s also why startups tend to use high-variance strategies (being number one is basically a tournament) rather than more incremental ones.

See also:

• No one notices this happening and it seems giant companies appear over night because compounding benefits occur at the end

A study of 10,000 workers at an Asian IT company found that when comparing before the pandamic and during (the work from home period), the number of hours worked increased by 30% (including 18% increase outside of normal working hours, but the average output remained the same. This led the researchers to conclude that the overall productivity of remote work declined by 20%.

It’s tough to general conclusions about remote work from this study. A study found that organizational support of remote work correlates with reported productivity which could explain this disparity. We also shouldn’t discount the fact this all occurring suddenly during a global pandemic.

Read the study

See also:

• Two-thirds of remote workers want to continue to work remotely
• Half of Millennials and Gen Z would consider quitting if employers don’t allow remote work
• It’s more difficult for certain groups to be productive—minority job candidates are significantly more worried about being able to work remotely

Getting logging to work using FastAPI in a production ECS environment is a mess of configuration and awkward interfaces. For example, there are multiple modules that interact in subtle ways: the python logging module, uvicorn, and gunicorn. Take a look at this example of the ceremony required to appease all three loggers depending on the run time—not quite the spirit of python ‘explicit over implicit’.

See also:

• In this case, the fundamental theorem of software engineering could be rewritten that too many layers of indirection results in a ball of mud

Zero Trust refers to securing at the device level rather than at the network level. Each device (or network) is on the public internet and uses encryption and authentication (using certificates and a certificate authority) between connections in the network. This has the advantage of being flexible—devices communicate directly to each other—and maybe more secure—there’s no ‘network’ to compromise (e.g. taking over the VPN server).

Examples:

• BeyondCorp based on Google’s white paper and implementation
• Tailscale which positions itself as a zero config VPN
• ZeroTier

See also:

• When compared to trust models this would be closer to 1 of N (there’s some central authority for authentication) rather than 0 of N

At the end of the week I reflect on what went well, what’s not working, and what I learned. The key is to write down an observation and then add specific supporting examples. What I typically find is that I’m drawing conclusions from a small number of instances—or none at all. This is often enough to dispel broad based worrying that accumulates at the end of the week (especially on weeks that haven’t gone well).

See also:

• Writing forces you to think analytically and leads to clarifying understanding (even when it’s your own feelings)
• Writing is like getting naked in public, I imagine doing a weekly reflection with some small audience would be even more effective

The Münchhausen trilemma occurs when attempting to prove anything to be true. Such attempts fall into three tropes—a circular argument which supports itself (A <-> B), a regressive argument where the proof requires further proof infinitely (“why?” x infinity), and a dogmatic argument which relies on an assertion which is not defended (“because”).

A good example is conspiracy theories—it’s not useful to argue with someone about because it will inevitably fall into one of these tropes.

See also:

• Godel incompleteness is kind of like a proof of a regressive argument of math
• Epistemology is the study of how we know what we know

When asking for an introduction, make at is easy as possible for the person making the introduction. Share a short blurb (4-5 sentences) about your company (or yourself) so they can copy it into an email. Research before hand who you want to be introduced to and that the person you are asking knows them. Finally, write the email in a way that they can forward it directly with almost no effort (subject: looking to speak with X, body: I’d love to speak with X about Y, here’s a short summary of what we are doing).

See also:

• You should be able to get from seed to series A on your network alone
• Founding Sales

This note does not have a description yet.

Resilient systems that can absorb shocks (short peaks of rapid change) have multiple layers that move at different speeds. For example, technology is a fast moving layer—it changes very quickly. In contrast, culture is a slower moving layer which, over the course of time, is nudged along over a longer time period.

In fast to slow order, we can model civilization as fashion/art, commerce, infrastructure, governance, culture, and nature.

See also:

• The Clock of the Long Now introduced this model and talks about how violations in this framework cause problems e.g. radical fast change in governance like the USSR.
• Amara’s Law might explain why this is a difficult model to understand
• Doughnut economic model

During the rapid expansion westward in America between 1790 and 1830, the average adult drank more than nine gallons of spirits per year. Most were drinking to get drunk and most of the drinking was done at home due to isolation on the frontier. Even in the eastern cities, industrialization caused widespread loneliness and anxiety from labor changes.

In modern day America, sales of alcohol during the COVID-19 pandemic have increased significantly. Just about all of that consumption happening at home because bars are closed. Americans are drinking more, more frequently, and alone.

Read America Has a Drinking Problem.

See also:

• One reason for the uptick in alcohol consumption is that activities we relied on for relief from every day stress and anxiety are no longer available to us (including drinking socially)

Most early founder-led sales will come from the founder’s personal network. Once you are bootstrapped with a few customers, you should also receive referrals from them (if you are not, that’s a signal that you don’t have something people love). For B2B startups charging high 5 figures, low 6 figures per installation, you should be able to close all of the sales you need (learning and adjusting along the way) to get from seed stage to raising your series A.

See also:

• The number one job of a startup CEO is finding product market fit, getting good feedback early requires asking for money
• This shouldn’t be outsourced, founder led sales helps identify product problems
• The path from concept to product is an annealing process, there is danger in committing too soon to the wrong buyer, pricing, and packaging

A study published in Nature found that intermittent fasting improved long-term memory, neurogenesis, and longevity (increased expression of Klotho) in mice. They found that intermittent fasting (every other day feeding) is superior to calorie restriction (10% less calories).

It’s unclear how well this relates to human adults, but it’s interesting to see the cognitive effects of intermittent fasting being studied (as opposed to weight loss).

A poll done by Morning Consult on behalf of Bloomberg News in May 2021 showed that 39% of U.S. adults would consider quitting if they weren’t able to work from home. Millenials and GenZ respondents showed 49%.

Update April 2022: 64% of global workers said they would consider quitting rather than return to the office.

See also:

• A different survey found nearly half of employees are likely to move to work remotely
• And another found two-thirds of remote workers want to continue to work remotely
• Not everyone can work from home, see inequality of remote work

Fields that exhibit tournaments with asymmetric and convex payouts favor high-variance strategies (variance from the benchmark mean).

For example, fund managers that end up on the Morningstar list (top fund managers) tend to be founder-managed funds with highly concentrated positions (they also underperform in later periods). High variance from an index benchmark is favorable because if you make it to the top fund manager list you will receive many more clients and make a lot on fields.

Another example is baseball where, before Babe Ruth, the prevailing strategy was high-contact (hitting many singles). Babe Ruth showed a high-variance strategy by swinging for the fences every time. His failure rate was much higher (he led the league in strikeouts), but he also overwhelmingly led the league in home runs making him one of the most valuable players in the league. (A corollary in recent times is the rise of three pointers in basketball).

Other fields that exhibit this incentive for high-variance strategies include politics (making outrageous statements until something sticks has little downside these days) and venture capital (losses are capped, but gains are not).

Read Swinging for the Fences.

See also:

• Warren Buffet talks about the lollapalooza effect as what you are looking for as an investor (outsized gains from the culmination of several factors acting in concert)
• While fund managers seeking large gains use highly concentrated positions, something similar can be said about product development—a cathedral for creation a bazaar for growth
• The Economics of Superstars also describes this phenomenon (but more mathematically)

Many companies are moving to a hybrid remote setup when it’s safe for employees to return to offices. Some will allow employees to choose when they work from home and when they work from the office. However, this leads to an in-group (people in the office) and an out-group (people working from home more often).

This is especially problematic for women with young children who want to work from home full-time 50% more than men. Employees working from home have a 50% lower rate of promotion after 21 months.

Read Don’t Let Employees Pick Their WFH Days from HBR.

See also:

• In-group favoritism
• Two-thirds of remote workers want to continue to work remotely
• Inequality of remote work

According to a recent survey by WayUp that measured how job seekers felt in the current COVID-19 job climate, Black and Hispanic/Latino job seekers were 145% more likely to be concerned about being capable of doing a job remotely compared to White job seekers. Lack of physical space, access to broadband, and having more people in the household are contributing factors.

See also:

• Blacks and Hispanics have less access to broadband internet compared to Whites
• Inequality of remote work

This note does not have a description yet.

A 2019 Pew Research survey found that Black and Hispanic people have less access to broadband internet than White people (66% 61% vs 79% respectively). This digital divide is becoming more pronounced due to trends in remote work.

See also:

• Minority job candidates are significantly more worried they about being able to work remotely
• Inequality of remote work

There are misconceptions that companies allowing remote work means you can work move around and work from anywhere. That is not the case. Having employees move around constantly poses several challenges for the company (security, taxes, registration, insurance, HR compliance) and teammates (poor internet connection, timezone issues, focus).

Working remotely should default to meaning working from home. Working from coffee shops and the like is fine within reason for the role (you probably shouldn’t have lots of sales calls using coffee shop wifi), but consistency in location is ideal for employers and teammates.

See also:

• Trailing tax liability
• Nearly half of employees are likely to move to work remotely
• Organizational support of remote work correlates with reported productivity