Musings about software

  • You Are All On The Hobbyists Maintainers' Turf Now

    01 Apr 2024

    For quite some time, I have felt some unease at the public discourse around OpenSource. In the past few years, we have seen a growing discourse around the sustainability and security of the large body of OpenSource software.

  • Where did the Rust go?

    23 Aug 2023

    There is a term that is on a lot of lips lately. “Memory Safety”. The theme of the early 10s for software security is “Move to memory-safe languages”. You hear and see it everywhere

  • The Cloud Is Not Optional

    14 Jul 2023

    When you hear that one of the vendors responsible for keeping government organizations safe had a security breach, you can easily decide that this is unacceptable. When you hear that it is hard to know who is affected and how much, you may start to feel a bit panicked. This is bad; it would be far better if it never happened.

  • Remove Constraints To Get Results

    06 Jun 2023

    We look at the world and make decisions for our actions through models. Depending on the context, some models will be more fruitful to apply than others. There is a model that I have found tremendously helpful, in particular, when discussing “open source supply chain” but also more regularly as an SRE. I dub this model Goals/Capability/Constraints. It evaluates action far differently than most models applied to these domains. The main recommendation it nearly always offers is to “remove constraints”.

  • What Security Tokens For 2FA Say About FOSS Consumers

    27 May 2023

    Recently, PyPI announced that they would force everyone that maintains a project or an organization on the platform will have to enable 2FA. This is one more step in the direction of strongly protecting the package providers and their users. I am not opposed to it. But it made me think of the discussions we have around FOSS about reciprocity and unfair burden1. And about double standards. And how it is hard to make corporations understand the upside of Open Source, and how diffuse it is. Let’s talk about security tokens, 2FA, and how corporations do not understand their place in the FOSS ecosystem.

    1. I do not think PyPI do this here, they seem to have taken the decision 

  • The Economics of Developer Tooling

    25 May 2023

    It would be a major boon to software velocity, maintenance burden and safety to bring more attention to developer tooling, in particular bringing to everyone’s toolkit the techniques and technologies developed since the 80s but that was never mainstreamed. It is at least what I advocated for in We Need More Process Engineering in Software. Over the past few years, I have explained to a lot of people the current state of developer tooling development and how the economics of them work. This post aims to summarize all of this in one place.

  • We Need More Process Engineering in Software

    25 Apr 2023

    When you peruse the depth of software engineering as a discipline, you find a lot of techniques and tools laying around in corners. Pattern matching, tighter type-checking compilers, property-based testing, snappy IDE, debuggers, dynamic tracing, Result types, effect handlers, capabilities, model checkers, fuzzers, etc. And yet, they are not in use in the industry. I posit that this is because software engineering dedicated nearly all of its energy toward the invention of product part of engineering, while neglecting the Process Engineering part of the discipline.

  • The devs that the front-end crowd left on the side of the road

    19 Mar 2023

    A few things in the world of Web front-end developers have caught my attention lately. Two things mainly. The first is around how defining the front end as centered around JS is problematic, at least if we want people to use our stuff. The other is around Interop 2023 and in particular Declarative Shadow DOM. And I feel that both are more linked than we think. They reflect the reality of the evolution of WHATWG and W3C and by reflection the browser vendors in the past decade.

  • Support Maintainers without SBOM

    04 Feb 2023

    I got a lot of engagement and discussions over the last month around “I am not a supplier”. I am happy to see the conversation happening. One of the particular topics made me a little angry though. I heard multiple times the argument that some organizations want to support maintainers financially, to ensure the sustainability of their Digital Infrastructure. But they cannot until they have a working Software Bill of Materials (SBOM), because otherwise, they cannot know who to direct the money to.

  • I am not a supplier

    31 Dec 2022

    For the past few years, we have seen a lot of discussions around the concept of the Software Supply Chain. These discussions started around the time of LeftPad and escalated with multiple incidents in the past few years. The problem of all the work in this domain is that it forgets a fundamental point.

  • Home Office Setup 2021

    09 Aug 2021

    After 3 years of full remote work, i think my home office is starting to look acceptable. So let’s share it. This is of course a work in progress. I usually prioritise getting something more expensive if i expect it to stand the test of time. If i will probably still use it without pain in a decade, i am ready to pay more for it. Keep that in mind.

  • Engineering Software

    13 Mar 2021

    What is an engineer? And engineering? The question is legitimate and pretty hard to answer. It varies from country to country based on how the profession developed and the type of contraption that proved particularly central to their society.

  • Software Engineering

    12 Mar 2021

    Software engineering is the systematic application of engineering approaches to the development of software. 1

  • Books Read 2019

    14 Jan 2020

    Here are some notes on books I read in 2019. They’re not book reviews, more notes on whatever I found interesting or problematic in them. I can recommend reading all of them; the books I didn’t get much out of I won’t list here. As much as possible i try to link the author own site. There is no referral in any of the links.

  • Codemesh 2019

    18 Nov 2019

    Like every year for a few year now, i went to CodeMesh LDN, the 07th and 08th of November. I promised some friend in the organizing team to publish my thoughts on it, so here we go.

  • From Nihilism to Riding Chaos

    01 Jun 2019

    This post is part of an ongoing “thinking aloud” series. It is meant to “put into words” some of the ideas and models I use at the instant it was writing to think about Resiliency Engineering and Software.

  • Good and Succesful

    23 May 2019

    Recently, I discovered this blogpost. It generated a bit of discussion on Twitter, which you can find here. One of this response was around how we can define “good”, especially for that topic of testing.

  • Famous Incidents Reading List

    14 May 2019

    This is a list of famous incidents i learned from. It also has various other sources i use to learn about them. There are also a lot of thing on how to learn from them.

  • We Should Have Caught It

    28 Oct 2018

    You have at least one passionate friend. Many even. Maybe are you passionate yourself. It does not matter what the focus of that passion is.

  • Hello World

    20 Oct 2018

    Finally. After more than two years of talking about it, I have a place to put my rants on. I want to talk about the tech stack behind it and some choices I made. I ended up writing my own blog engine and learn a bit in the process.