Thought Bricks

I took the Linux Foundation’s Fundamentals of Professional Open Source Management to get some ideas about how to professionalize the way we incorporate open source into our products at work. Since we sell software to customers, we need to make sure that we understand the ins and outs of the various licenses and are doing all the right things. I’m pretty sure we are but having a bit of a policy around how open source is selected and used would be a good idea.

Since I just completed Developing Secure Software and got my certificate, I’ve been paying more attention to the security aspects of the process of developing software. This article about npm and PyPi security caught my eye. The article describes a paper that evaluates the security practices for these widely used software repositories and finds them lacking. They do follow many of the best practices but fall short on some others. The number of packages that were found to have vulnerable patterns is less than 1%, but that doesn’t help you if you use one and get attacked.

The Lindy Effect is the idea that something lasts about as long as it has already. I first heard about it in a blog post by Matt Rickard and it makes a lot of sense to me. Things that reach an equilibrium state tend to stay in that state. Plenty of physical things follow this sort of pattern and it makes sense that it applies to things that humans construct as well.

I just finished the Developing Secure Software course from The Linux Foundation. It was a solid introduction to the basics of developing more secure software. It features a good overview of the tools and techniques that can be applied during all phases of the software development lifeycle. I had a solid understanding of some of the material (e.g., cryptography and GDPR) but it was a good refresher on those topics and got me thinking much more about the process of designing and developing secure software in general.

The Ringer had a great article about the recent news that USC and UCLA are joining the Big 10. I couldn’t care less about either USC or UCLA football, but this is just the latest change pushing all of the elite college football teams into the Big 10 and the SEC. As the article points out, this might lead to some interesting games in the short run but really dilutes the real fun behind college football: rivalries.

The Economist has brought back the Big Mac Index. It’s a fun way to understand relative values of currencies with everyone’s favorite burger (although it’s honestly been years since I’ve had one). It looks like a great time to go to the Czech Republic for vacation. The raw data and code behind how the index is calculated is available for download. They also provide instructions to reproduce it from the data which is nice.

This article makes some very good points about moving on from old constructs in Python. I’m guilty of using some of the older methods including os for file manipulation instead of pathlib. Mostly this is because it’s how I learned to do it but it’s time to stop now. I’m using pathlib from now on. I’m a little better about some of the other points mentioned. I’ve used dataclasses in a few different things and they work well.

I liked the article about the VW bus in the New Yorker this week. There is a nice discussion of the history of the Bus and how it came to be. I didn’t know some of that stuff, but I could relate to the part about the six wrenches you needed to keep an air-cooled VW alive (I had a 1971 Karmann-Ghia back in the day). The VW ID.Buzz looks pretty cool but is definitely a different vibe than the old VB Bus.

This article about The Home Computer Generation struck a chord with me. I think there are a lot of us Gen Xers who fell in love with computing due to our early exposure to primitive home computers. I fondly remember the Atari 800. We had some games and a simple word processor (and a weird dot matrix printer that was super slow and noisy) but my favorite thing was Atari Basic.

The new M2 MacBook Air looks very good both aesthetically and perfomance wise. I like the new midnight blue color and the squarish profile just looks solid. However, it’s 20% more than the pretty good M1 MacBook Air. Normally, you would think that the 20% would be money well spent for the newer system, but apparently the M2 has some performance shortcomings so you probably want to spend another $200 for the bigger and faster SSD.