Posts
What do you think is the biggest challenge faced by the software product engineering community today?
This is part of my series of interview questions for Agile India 2022.
It is difficult to articulate what the biggest challenge to software product engineering is, because there’s a fair few of them, so I’ll try to describe a few of my bug bears.
Process over people In my opinion, a huge issue that we unfortunately find all too often is when the principles of the agile manifesto are ignored or not applied.
Posts
What got you started in modern software development methods?
After being accepted for speaking at Agile India 2022 I was asked a few questions. I figured rather than a paragraph, the questions would make interesting blog posts:
I came to agile completely the wrong way. I’ve been developing software professionally since I was a teenager and was lucky enough to start out with projects where I was given plenty of agency to decide on how to tackle problems and the independence to make my own mistakes and learn from them.
Posts
Less is more agile
Dave Farley and Allen Holub are two people that I respect hugely when it comes to Software Development. I’ve been following them on twitter for quite a while, and am always taken in about their takes on driving continuous delivery and “lowercase agile” forward. So when both came together for Dave’s Engineering Room (sponsored by Equal Experts, who I work with), it was bound to be very interesting.
In this post I try to outline my key takeaways from watching the chat.
Posts
A mission statement that actually makes sense
I was really positively and pleasantly surprised when I found out what HMRC Digital’s mission statement was.
Normally, I am not a fan of mission statements. They usually read like this:
Our mission is focused on six core aspirations the company continually strives to achieve…
Or some such drivel. Verbal gymnastics to make a company sound like everything to everyone - without being offensive to anyone - which then gets used to “align” people on mandated fun days.
Posts
Curating Dependency Vulnerabilities
In this post, I am going to look at an increasingly important part of securing applications: Your supply chain. This includes every library, tool or service that you are using to build, run and monitor your service.
When the log4shell vulnerability hit, it wasn’t just a matter of looking at the dependencies that your source code pulls in, but also at the infrastructure you’re using and the build pipeline.
Have you had a look at the vulnerability reports of your dependencies lately?
Posts
How to run a Digital Platform at Scale
This post peels back the covers on what it is like to work with a large digital platform. The platform in question is MDTP - Multichannel Digital Tax Platform, which supports a UK-based tax collection agency which is using a hyperscale cloud provider with a sideline in books.
I’ve previously described what it is like to work in MDTP (Making Software. Quickly) during the Covid-19 responses that allowed the UK government to provide financial support for millions turning around projects in record time.
Posts
On the weaponisation of open source
First of all I need the preface this article on how much I abhor the Russian invasion of Ukraine and I wholeheartedly support the sanctions. However, I think the conflict has spilled over into areas of software development that have got some unintended consequences attached.
As part of this post, I’m going to look at
the decision by MongoDB to cut off services in Russia the destructive change in a node library that deleted files on Russian IPs a change in code/licence in a community terraform module to assert that Putin is a dickhead MongoDB cutting off Russian customers MongoDB is a company and in order to comply with sanctions they have decided to cut off Russian customers.
Posts
What makes a good developer
A few days back as part of a general discussion about interviewing at Equal Experts, we looked at the question “What makes a good developer?” Could we come up with a list of qualities in a developer that we’d want to look for? This post illustrates my thinking.
Why do you ask? To put it in a bit of context, I’m a software developer, I’m not a recruiter, but I’ve been involved with technical interviewing for quite a while, and have marked a fair number of take-home tests over the years, but recently we thought that the experience was not as good as it could be.
Posts
Pwnkit: How to exploit and check
Pwnkit is a vulnerability that uses a bug in polkit to elevate permissions to root. This write-up shows how to reproduce it using Ubuntu and what to do to check whether a system is vulnerable.
What went wrong? Quoting from the original researchers:
This vulnerability is an attacker’s dream come true:
pkexec is installed by default on all major Linux distributions; pkexec is vulnerable since its creation, in May 2009; any unprivileged local user can exploit this vulnerability to obtain full root privileges; although this vulnerability is technically a memory corruption, it is exploitable instantly, reliably, in an architecture-independent way; and it is exploitable even if the polkit daemon itself is not running.
Posts
Bitcoin: When will the madness stop?
In this writing I ask: When will this madness end? When will we wake up from this fascination with cryptocurrencies (chief amongst which Bitcoin) that is turning technological orthodoxy on it’s head: It used to be that technological progress was measured on making things cheaper, faster, more secure or more scalable. But it seems that Bitcoin does not follow these.
Bitcoin Over the last 12 years, it is hard to have lived and not notice the poster child of blockchains: Bitcoin.