The whole team got this email today. Okay, it wasn’t today and these are not the exact words, but it was something like this:

We have a serious regression in build 456. We have set the project back rather than taken it forward. We need the utmost focus and commitment on fixing it. We’ve broken it and we stay in the office until it’s fixed.

I’ve had a few of those messages over the years and while it’s intended to focus minds it often has the opposite effect. Let’s examine why.

With the fuss about the Log4Shell vulnerability finally dying down, it’s time to step back and take a good, long think about what happened and, more importantly, what can be done to stop it from happening again.

Sadly the prognosis is not good. The tl;dr is both simple and obvious: we simultaneously like free stuff and getting paid for our own work.

Most companies treat open source software exactly the same as commercial software but with a much lower purchase cost. When the software goes wrong, we want someone else to fix it for us. Unfortunately, sometimes we don’t even know where the software comes from. In the case of log4j, it’s run by volunteers. There is no 24/7 help desk with eager employees waiting to take your call.

As is common these days, I was complaining about something on Twitter.

https://twitter.com/sdarlington/status/1523588282986033152

It’s easy to complain about security practices which, if I’m honest, is why I do it. But there is an important point, one that I included in a follow-up tweet:

https://twitter.com/sdarlington/status/1523602044791115776?s=61&t=69wO28ER8NUpssCyeNkqJw

The security team in many companies models itself on the DUP. Say no to everything. But – and this is the key – offer no alternative.

As I’ve done on many previous occasions, I thought I’d write a few words about the latest Apple operating systems. I’m sure you’ve seen the reviews and possibly even upgraded yourself, so I’ll keep this brief! This is not intended to be complete; just a few highlights from my point of view.

First: they’re both stable. I’ve not seen any significant problems this year. If you were happy with iOS 15 and watchOS 8, and you’re able to, there’s no good reason not to upgrade.

I stumbled across “On git and cognitive load” and it got me thinking. That post led me to “Oh shit, git!?!” and that got me thinking further.

But first, a disclaimer: this is a post more about having perspective than providing answers. If I knew a better way, I’d be doing it.

The first blog argues that git is difficult to use. Further, that it was designed with the limitations of the time and that those limitations are no longer valid constraints. A decentralised system was required when poor network connections were the norm. Now we have cloud providers and ridiculous amounts of bandwidth.

1. The underlying technology, blockchain, might have uses but a currency isn’t it
2. Many crypto experts were surprised when governments said that profits from trading in digital currencies were taxable in the same way that as any other capital gains. Why would this be a surprise?
3. They also claim that it’s great because it’s decentralised. Except, a few companies do a vast percentage of all business meaning that in reality it’s not very well distributed
4. Much of traditional financial services is not centralised either. There’s no “exchange” for currency trading, for example
5. The lack of regulation in crypto is considered an advantage, right until the point that one of the few exchanges (see above point about decentralisation) is in trouble and stops accepting sell orders. Regulation is there for a reason
6. Decentralisation is supposed to democratise trading. Except, trading in crypto is surprisingly expensive. And, just like traditional finance, quickly gets complicated
7. And it’s slow
8. Many of crypto’s biggest promoters are economically illiterate
9. It’s basically a pyramid scheme
10. Many crypto “experts” claim that it’s possible to reduce the risk of transactions with certain complications. They tend not to use the word “hedging” which is what this is. It’s something that the “old-fashioned” financial services companies have been doing for ever
11. It’s almost like they don’t understand traditional financial markets
12. They says it’s progressive and about freedom, but it entrenches existing hierarchies, if anything, more effectively than the existing systems
13. Except for the use of blockchain, there’s not a lot that’s new. For traditional financial services, regulation means that the worst scams are banned for retail inventors. The “Wild West” of crypto isn’t a feature
14. And no, this piece is not intended as a defence of the traditional financial services companies or their regulators. They are far from ideal

I confess that I’ve stolen the title of the post from elsewhere. My objective here is not to detract from that post, which is great, but to build on a few points that I thought it was going to make but didn’t. To make it clear where I’m coming from, here’s a Tweet that I wrote some time before I read that blog:

People who complain that “enterprise” software is too expensive have clearly never come across the bizarre, arbitrary and nonsensical policies and rules these companies have. It’s not unusual to have two customers with contradictory policies.

I greatly enjoyed Graham Lee’s series of posts about specialisation versus generalisation in software engineering¹, quite possibly because it’s me.

My background is a little different from Lee’s, though, so I thought it was worth sharing.

I have a two tier experience². With a few minor blips, Unix has been a constant technology underpinning since my first year at university. I started using Linux around the time 1.0 was released. I got a Mac when — or possibly before — OS X was ready for mainstream use because it was Unix with a nice UI. At work I’ve seen the change from big Solaris and HP-UX machines, to Linux, to containerised applications (which are normally based on minimal Linux distributions). Sure, the different Unix variants are not exactly the same, but most of them have something bash-like and ls does the same thing everywhere, even if the more esoteric options vary.

How does switching email hosts disable your Bluetooth headphones? Read on to find out.

As many people did recently, I got The Email from Google telling me that my Apps for Domains (Legacy) account is going away and that I should either pay up or move away.

I’m not averse to paying. I use email a lot and I have my own domain, so I appreciate that I’m not a typical consumer. But I do object to paying Google because it feels like they’re double-dipping: both data mining my information and billing me for the service¹.

I made the mistake of suggesting that there was a blog to be made from this tweet. This is that post.

People still underestimate the value in (Developer|Operator) Experience when building platforms and honestly it’s kinda shocking to me.

If you want to win mindshare you need to make your tools actually usable. If you don’t want to lose it you need the same.