Musings about software
Where did the Rust go?
23 Aug 2023
There is a term that is on a lot of lips lately. “Memory Safety”. The theme of the early 10s for software security is “Move to memory-safe languages”. You hear and see it everywhere
The Cloud Is Not Optional
14 Jul 2023
When you hear that one of the vendors responsible for keeping government organizations safe had a security breach, you can easily decide that this is unacceptable. When you hear that it is hard to know who is affected and how much, you may start to feel a bit panicked. This is bad; it would be far better if it never happened.
Remove Constraints To Get Results
06 Jun 2023
We look at the world and make decisions for our actions through models. Depending on the context, some models will be more fruitful to apply than others. There is a model that I have found tremendously helpful, in particular, when discussing “open source supply chain” but also more regularly as an SRE. I dub this model Goals/Capability/Constraints. It evaluates action far differently than most models applied to these domains. The main recommendation it nearly always offers is to “remove constraints”.
What Security Tokens For 2FA Say About FOSS Consumers
27 May 2023
Recently, PyPI announced that they would force everyone that maintains a project or an organization on the platform will have to enable 2FA. This is one more step in the direction of strongly protecting the package providers and their users. I am not opposed to it. But it made me think of the discussions we have around FOSS about reciprocity and unfair burden1. And about double standards. And how it is hard to make corporations understand the upside of Open Source, and how diffuse it is. Let’s talk about security tokens, 2FA, and how corporations do not understand their place in the FOSS ecosystem.
I do not think PyPI do this here, they seem to have taken the decision ↩
The Economics of Developer Tooling
25 May 2023
It would be a major boon to software velocity, maintenance burden and safety to bring more attention to developer tooling, in particular bringing to everyone’s toolkit the techniques and technologies developed since the 80s but that was never mainstreamed. It is at least what I advocated for in We Need More Process Engineering in Software. Over the past few years, I have explained to a lot of people the current state of developer tooling development and how the economics of them work. This post aims to summarize all of this in one place.
We Need More Process Engineering in Software
25 Apr 2023
When you peruse the depth of software engineering as a discipline, you find a lot of techniques and tools laying around in corners. Pattern matching, tighter type-checking compilers, property-based testing, snappy IDE, debuggers, dynamic tracing, Result types, effect handlers, capabilities, model checkers, fuzzers, etc. And yet, they are not in use in the industry. I posit that this is because software engineering dedicated nearly all of its energy toward the invention of product part of engineering, while neglecting the Process Engineering part of the discipline.
The devs that the front-end crowd left on the side of the road
19 Mar 2023
A few things in the world of Web front-end developers have caught my attention lately. Two things mainly. The first is around how defining the front end as centered around JS is problematic, at least if we want people to use our stuff. The other is around Interop 2023 and in particular Declarative Shadow DOM. And I feel that both are more linked than we think. They reflect the reality of the evolution of WHATWG and W3C and by reflection the browser vendors in the past decade.
Support Maintainers without SBOM
04 Feb 2023
I got a lot of engagement and discussions over the last month around “I am not a supplier”. I am happy to see the conversation happening. One of the particular topics made me a little angry though. I heard multiple times the argument that some organizations want to support maintainers financially, to ensure the sustainability of their Digital Infrastructure. But they cannot until they have a working Software Bill of Materials (SBOM), because otherwise, they cannot know who to direct the money to.
I am not a supplier
31 Dec 2022
For the past few years, we have seen a lot of discussions around the concept of the Software Supply Chain. These discussions started around the time of LeftPad and escalated with multiple incidents in the past few years. The problem of all the work in this domain is that it forgets a fundamental point.
Home Office Setup 2021
09 Aug 2021
After 3 years of full remote work, i think my home office is starting to look acceptable. So let’s share it. This is of course a work in progress. I usually prioritise getting something more expensive if i expect it to stand the test of time. If i will probably still use it without pain in a decade, i am ready to pay more for it. Keep that in mind.
13 Mar 2021
What is an engineer? And engineering? The question is legitimate and pretty hard to answer. It varies from country to country based on how the profession developed and the type of contraption that proved particularly central to their society.
12 Mar 2021
Software engineering is the systematic application of engineering approaches to the development of software. 1
Books Read 2019
14 Jan 2020
Here are some notes on books I read in 2019. They’re not book reviews, more notes on whatever I found interesting or problematic in them. I can recommend reading all of them; the books I didn’t get much out of I won’t list here. As much as possible i try to link the author own site. There is no referral in any of the links.
18 Nov 2019
Like every year for a few year now, i went to CodeMesh LDN, the 07th and 08th of November. I promised some friend in the organizing team to publish my thoughts on it, so here we go.
From Nihilism to Riding Chaos
01 Jun 2019
This post is part of an ongoing “thinking aloud” series. It is meant to “put into words” some of the ideas and models I use at the instant it was writing to think about Resiliency Engineering and Software.
Famous Incidents Reading List
14 May 2019
This is a list of famous incidents i learned from. It also has various other sources i use to learn about them. There are also a lot of thing on how to learn from them.
We Should Have Caught It
28 Oct 2018
You have at least one passionate friend. Many even. Maybe are you passionate yourself. It does not matter what the focus of that passion is.
20 Oct 2018
Finally. After more than two years of talking about it, I have a place to put my rants on. I want to talk about the tech stack behind it and some choices I made. I ended up writing my own blog engine and learn a bit in the process.