Archive for the ‘software’ Category

While I wait for GitHub to get their act together on my Dependabot Wishlist I’ve created a little script for my first frustration – rollups. Another morning, another patch release of Dart, another 4 Dependabot PRs in my inbox: Only this time I was able to simply run: and the subsequent 3 PRs were rolled […]

GitHub is at the heart of how I do work, and Dependabot is one of the core tools. Even before we started using OpenSSF Scorecards, which pushed us to pin dependencies, Dependabot was something we used a lot to ensure that things were up to date. But, Dependabot isn’t perfect, and looking at the discussion […]

TL;DR OSSF Scorecards provide a visible badge that lets people see that an open source repo is adhering to a set of practices that minimise risks, measured by a set of automated checks. Getting this right for a single repo can be an involved process, but with that experience in hand applying the learning to […]

The GraphQL Way


TL;DR From a short time using GraphQL APIs I sense that there’s a ‘GraphQL Way’ for how things should be. A set of promises that the technology makes to its users. But those promises are frequently being broken, or at least undermined, as people rush to create GraphQL end points without perhaps investing enough time […]

The @ Company uses a lot of SSL certificates, and we’ve been using ZeroSSL and its Certbot wrapper zerossl-bot to automate how we manage certs. But we wanted more control over the process, which has driven us towards the ZeroSSL API. Sadly the docs don’t provide usage examples, which has made it quite a journey […]

TL;DR Best practice gets encoded into industry leading software (and that happens more quickly with SaaS applications). So if you’re not using the latest software, or if you’re customising it, then you’re almost certainly divergent from best practices, which slows things down, makes it harder to hire and train people, and creates technology debt. Background […]

TornadoVM was definitely the coolest thing I learned about at QCon London last week, which is why I wrote up the presentation on InfoQ. It seems that people on the Orange web site are also interested in the intersection of Java, GPUs and FPGA, as the piece was #1 there last night as I went […]

In a note to my last post ‘Safety first‘ I promised more on this topic, so here goes… TL;DR As software learns from manufacturing by adopting the practices we’ve called DevOps we’ve got better at catching mistakes earlier and more often in our ‘production lines’ to reduce their cost; but what if the whole point […]

…at least not in an embedded environment. There’s a commonly held myth in modern software development that compilers are smarter than people at optimising code for its eventual runtime environment. By extension there’s no point in writing efficient code, because your idea of efficient code might not actually be all that efficient, and any time […]