The Practical DeveloperModify

2025-11-13 08:08:39

Sick of the endless back-and-forth to get decent ChatGPT results? Jeff Su’s got four game-changing hacks that slashed his AI workflow in half across any role or industry.

Reverse-engineer your best prompts, spin one piece of content into multiple formats in minutes, use the Red Team technique to have ChatGPT critique its own work, and force it to outline its reasoning (Blueprint Scaffolding) before executing. Each trick’s backed by real examples you can steal today.

Watch on YouTube

2025-11-13 08:02:08

Summary

In the latest Ringer Movies episode, Bill Simmons, Sean Fennessey, and Van Lathan crown themselves “kings of the sewer” after diving back into Brian De Palma’s Snake Eyes, starring Nic Cage, Gary Sinise, and Carla Gugino. They unpack De Palma’s signature camera moves, Cage’s scene-stealing quirks, and the film’s over-the-top set pieces with their usual banter.

Produced by Craig Horlbeck, Chia Hao Tat, and Eduardo Ocampo, this podcast is brought to you by PayPal—score 5% cash back when you Pay in 4 all holiday long. Don’t forget to subscribe to The Ringer channels for more movie takes.

Watch on YouTube

2025-11-13 08:01:45

Predator: Badlands, the second PG-13 entry since 2004’s Alien vs. Predator, has won over fans and critics alike, smashing franchise opening-weekend box office records. Flipping the Predator from villain to hero in this sequel/Alien crossover clearly paid off.

For a spoiler-packed deep dive, catch The Weekly Planet podcast every Monday on YouTube, Spotify, Apple Podcasts and more. Don’t miss early videos and bonus episodes at BigSandwich.co.

Watch on YouTube

2025-11-13 07:58:57

Supporting one language is easy.
Supporting one country is manageable.

Supporting multiple countries, multiple languages, and many services — while keeping Google happy — is an engineering problem that almost no tutorial really covers.

This post walks through the real-world challenges of building a multi-lingual, multi-territory, multi-service website that actually ranks, using concrete examples from:

• Finland
• Sweden
• Estonia
• Latvia
• Lithuania

We’ll cover:

• Slugs
• Canonicals
• Alternate tags (hreflang)
• Shared languages across different countries
• Authority compounding under one domain
• Correct anchor text strategy across regions

1. Why Multi-Territory SEO Is a Different Beast

Most “multi-language SEO” content assumes:

One domain, a few languages, same market.

But if you operate across multiple countries, you don’t just have languages — you have:

• Local legislation
• Local pricing
• Local expectations
• Localized search terms
• Localized service names
• Localized slugs
• Shared languages across borders (like RU + EN in the Baltics)

This results in a combinatorial explosion of nearly identical pages.

If you don’t structure them correctly, Google:

• picks the wrong canonical
• shows the wrong language to users
• collapses pages together
• splits your authority

A perfect example: home cleaning, which exists in different countries with different names and languages.

2. Slug Strategy: Fully Localized, Not Just Translated

It’s easy to accidentally use English slugs everywhere, like:

/fi-FI/services/home-cleaner
/sv-SE/services/home-cleaner

This destroys local relevance.

Correct approach:

• Finland: https://nuuduu.com/fi-FI/services/kotisiivous
• Sweden: https://nuuduu.com/sv-SE/services/hemstadning
• Estonia: https://nuuduu.com/et-EE/services/kodukoristus
• Latvia: https://nuuduu.com/lv-LV/services/majas-uzkopsana
• Lithuania: https://nuuduu.com/lt-LT/services/namu-tvarkymas

These are the exact service names real users type into search engines.

3. Canonical: Always Self-Canonical — Never a Global Master Page

The golden rule:

Each localized page must be canonical to itself.

Alternates must always include the canonical URL.

Finland example (3 languages, one territory)

<link rel="canonical" href="https://nuuduu.com/fi-FI/services/kotisiivous">
<link rel="alternate" href="https://nuuduu.com/fi-FI/services/kotisiivous" hreflang="fi-FI">
<link rel="alternate" href="https://nuuduu.com/sv-FI/services/hemstadning" hreflang="sv-FI">
<link rel="alternate" href="https://nuuduu.com/en-FI/services/home-cleaner" hreflang="en-FI">

Sweden example

<link rel="canonical" href="https://nuuduu.com/sv-SE/services/hemstadning">
<link rel="alternate" href="https://nuuduu.com/sv-SE/services/hemstadning" hreflang="sv-SE">
<link rel="alternate" href="https://nuuduu.com/ar-SE/services/tnzyf-almnazl" hreflang="ar-SE">
<link rel="alternate" href="https://nuuduu.com/en-SE/services/home-cleaner" hreflang="en-SE">

The Baltics (shared RU + EN, different main language)

Estonia

<link rel="canonical" href="https://nuuduu.com/et-EE/services/kodukoristus">
<link rel="alternate" href="https://nuuduu.com/et-EE/services/kodukoristus" hreflang="et-EE">
<link rel="alternate" href="https://nuuduu.com/ru-EE/services/uborka-doma" hreflang="ru-EE">
<link rel="alternate" href="https://nuuduu.com/en-EE/services/home-cleaner" hreflang="en-EE">

Latvia

<link rel="canonical" href="https://nuuduu.com/lv-LV/services/majas-uzkopsana">
<link rel="alternate" href="https://nuuduu.com/lv-LV/services/majas-uzkopsana" hreflang="lv-LV">
<link rel="alternate" href="https://nuuduu.com/ru-LV/services/uborka-doma" hreflang="ru-LV">
<link rel="alternate" href="https://nuuduu.com/en-LV/services/home-cleaner" hreflang="en-LV">

Lithuania

<link rel="canonical" href="https://nuuduu.com/lt-LT/services/namu-tvarkymas">
<link rel="alternate" href="https://nuuduu.com/lt-LT/services/namu-tvarkymas" hreflang="lt-LT">
<link rel="alternate" href="https://nuuduu.com/ru-LT/services/uborka-doma" hreflang="ru-LT">
<link rel="alternate" href="https://nuuduu.com/en-LT/services/home-cleaner" hreflang="en-LT">

4. One Domain, Many Countries: Authority Compounding

Subdomains split authority:

fi.example.com  
se.example.com  
ee.example.com  

Path-based locales consolidate it:

example.com/fi-FI/...  
example.com/sv-SE/...  
example.com/et-EE/...  

This lets strong markets lift weaker ones.

Every backlink benefits the whole ecosystem.

5. Hreflang Must Be a Closed Loop

Each page must:

• list all alternates in that territory
• include itself as an alternate
• use correct country codes
• avoid linking to redirects or 404s

This prevents Google from collapsing similar pages or showing the wrong market version.

6. Anchor Text in a Multi-Territory Setup

Below are anchor text examples using “Order home cleaning” in each local language. The anchor link text is a strong signal to Google on what the page is about.

Provided as HTML code and exampled.

🇫🇮 Finland (FI–FI)

HTML

<a href="https://nuuduu.com/fi-FI/services/kotisiivous">Tilaa kotisiivous</a>

Rendered:

Tilaa kotisiivous

🇸🇪 Sweden (SV–SE)

HTML

<a href="https://nuuduu.com/sv-SE/services/hemstadning">Beställ hemstädning</a>

Rendered:

Beställ hemstädning

🇪🇪 Estonia (ET–EE)

HTML

<a href="https://nuuduu.com/et-EE/services/kodukoristus">Telli kodukoristus</a>

Rendered:

Telli kodukoristus

🇱🇻 Latvia (LV–LV)

HTML

<a href="https://nuuduu.com/lv-LV/services/majas-uzkopsana">Pasūtīt mājas uzkopšanu</a>

Rendered:

Pasūtīt mājas uzkopšanu

🇱🇹 Lithuania (LT–LT)

Markdown

< a href="https://nuuduu.com/lt-LT/services/namu-tvarkymas">Užsakyti namų tvarkymą</a>

Rendered:

Užsakyti namų tvarkymą

7. The Payoff When Everything Works Together

With correct slugs, canonicals, alternates, architecture and localized anchor text:

• Google shows the correct language in each country
• Pages stop competing against each other
• Each region ranks independently
• Authority compounds globally
• Adding new markets becomes predictable and safe

Closing Thoughts

Scaling internationally requires a real SEO-aware routing system:

• Localized slugs
• Self-canonical pages
• Closed-loop alternate tags
• Shared authority under one domain
• Localized anchor text

Once this foundation exists, expanding to new markets is safe, predictable and technically clean.

2025-11-13 07:51:36

DevContainers make reproducibility a team sport.

A devcontainer.json plus a pinned image and feature set gives you an environment you can clone, build, and attest.

It’s not purity—it’s pragmatic determinism for developers who actually need to ship code.

Meme recap: Old security checks IDs.

EnvSecOps checks IDs and the bag.

This post: Why DevContainers are a practical, portable way to define and prove the bag.

Why DevContainers fit EnvSecOps

1. Declarative build recipe: devcontainer.json defines image, features, mounts, extensions.
   
   Rebuild it anywhere, same result.

2. Version control + lockfiles: Store it in the repo; features and images can be pinned to digests, not tags.

3. Reproducible onboarding: The “works on my machine” excuse dies quietly.
   
   Everyone starts from the same attested bag.

The bag stops being “my laptop and vibes” and becomes “this image digest plus these layers, signed at source.”

Policy: allow only attested containers

Use policy as code (OPA, Conftest) to reject drifting definitions:

package policies.devcontainers

deny[msg] {
  input.image_tag == "latest"
  msg := "Base image must use a pinned digest, not 'latest'"
}

deny[msg] {
  not input.signed
  msg := "DevContainer manifest must be signed"
}

`

A simple conftest test devcontainer.json in pre-commit or CI catches violations long before deployment.

Renewal: prove the running bag at each credential issuance

• Compute and store the digest of the built DevContainer image.
• When a developer requests credentials, re-hash the current environment.
• If the digests match, issue the token.
• If they don’t, deny and log.

Result: Credentials exist only for verified environments.

Migration playbook (fast & boring)

1. Start with one repo; add a devcontainer.json if it doesn’t exist.
2. Pin the base image by digest (image@sha256:…).
3. Generate and store a signature (cosign sign --key fulcio).
4. Add an OPA policy enforcing pinned and signed containers.
5. Integrate into CI: build, attest, verify, renew.
6. Ratchet down TTLs and reject any build with a mismatched signature.

Ops Shells: Same Rules, Higher Stakes

Developers aren’t the only ones carrying bags.
Operators open shells into production — often with the same long-lived images and unpinned tooling that we already rejected for builds.

Those shells must be treated as attested DevContainers too:

• Launch from a signed devcontainer.json, not a mutable image tag.
• Gate access on environment digest verification (same process as the developer bag).
• Issue short-lived credentials only after the shell proves it’s on-policy.

This way, “break glass” access doesn’t mean “trust me.”
It means “verify me, then time-limit the proof.”

The bag doesn’t care if you’re writing code or restarting a service — it only cares that it’s clean.

Where DevContainers shine in this setup

• Lower barrier to entry: Developers already use them; no new DSL to learn.
• Cross-platform: Works in VS Code, GitHub Codespaces, or bare Docker.
• Composable: Layers, features, and extensions can each be signed and verified.
• Interoperable: Existing container tooling (Crane, Cosign, Witness) already fits the workflow.

Lockfile diffs become change requests.
Policies migrate with the code.
Rebuilds are deterministic enough for attestation.

Caveats (be honest)

It’s not perfectly pure—DevContainers depend on Docker build caching and external registries.
You’ll still need:

• Pinned digests everywhere (@sha256: not :latest).
• Verified build provenance (cosign verify).
• Signed feature sources (don’t fetch extensions blindly).

And runtime enforcement still applies: read-only mounts, minimal capabilities, short-lived credentials.

TL;DR

DevContainers turn “check the bag” into check the build.
Attest a devcontainer.json, sign the resulting image, and refuse to mint tokens for anything else.

No signed, policy-approved DevContainer → no token.

2025-11-13 07:50:28

• Watches the current state of the cluster (from the API server),
• Compares it with the desired state (from YAML manifests),
• Acts to fix differences (create/update/delete resources).

Example:

You define “3 Pods” → if only 2 are running, the controller starts 1 more.

🧩 2. Main Categories of Controllers

There are 3 broad categories:

⚙️ 3. Core Workload Controllers (Most Common)

These are the controllers you’ll use daily.

🏗️ 4. Cluster & Infrastructure Controllers

These are system-level controllers running in the kube-controller-manager (on the control plane).

All these run inside one process:

kube-controller-manager

🧰 5. Cloud-Specific Controllers (on Managed Clusters)

When you use EKS, GKE, or AKS, additional controllers integrate Kubernetes with the cloud provider:

🧬 6. Custom Controllers

Developers can create their own controllers to automate any workflow.

Example:
You define a Custom Resource Definition (CRD) called Database, and a custom controller ensures that:

• When a Database object is created → a Pod and PVC are provisioned.
• When it’s deleted → resources are cleaned up.

This is how Operators are built.

🧠 7. Operator Controllers (Advanced)

Operators are custom controllers that encode domain-specific operational logic.

Operators use:

• Custom Resources (CRDs)
• Custom Controllers (logic)
• Often written in Go, Python, or with frameworks like Kubebuilder.

🧮 8. Summary Table — All Controller Types

🧩 9. Where They Run

All default controllers (like Deployment, StatefulSet, etc.) are part of the kube-controller-manager process on the control plane.

Custom and Operator controllers run as Pods inside the cluster.

🧠 10. How to See Active Controllers

You can check which controllers are running:

kubectl get pods -n kube-system | grep controller

You might see:

kube-controller-manager-minikube
aws-load-balancer-controller-xxxx
ingress-nginx-controller-xxxx