Lunch and coffee meetings, Maakaf Meetup
Yesterday did not seem to be a very productive day, but it was a very good day.
I've created the projects page on the OSDC web site.
I published the 4th episode of the Learning Rust together in Hebrew video series and worked a bit more on Rust. It is hard for me to learn a new programming language and just as the day before I was quite frustrated that things don't go as well as I expected. Nevertheless I managed to create the first skeleton of the Rust Digger. Well it was mostly just setting up GitHub Actions to run the code that generates GitHub pages, but there was also a small Rust program to create a 5-lines long HTML file. At the very last minute before I went to Tel Aviv I also managed to implement the ROT13 encryption in Rust.
I also set up a simple web page for the Maakaf group. I hoped they will be glad to use it. But no pull-request arrived.
I took the bus to the train station and then the train to HaShalom where I met a friend for lunch and then another friend for coffee. Though I was drinking a shake.
I really miss these in-person meetings with friends. I need to do a lot more of them.
The conversations were both very interesting and as both work in hi-tech some of the conversation was about things they do and the things I do. It is interesting to see the perspectives of others about some subject.
In most case the problem is not so much technical, but the organizational culture in the company and it comes from the top. Also, you can't change culture unless you change the people.
People took the idea of agile and started to sell top down implementation of Scrum under the title Agile. This just ruined the name Agile for everyone.
People came up with the idea of DevOps basically saying that developers and operations people need to talk to each other and cooperate more. Instead of that companies either renamed the ops team to DevOps or created an entirely new silo called DevOps. In either way they don't realize the real value in the idea of DevOps.
I don't think we can create a product that will change the culture but we can educate the people who are entering the workforce and we can create a company where the culture reinforces communication and transparency and in general the values we have.
About Agile: The real world is not agile, or not ready for agile. Many times the clients to want continuous delivery. Either because they have extra work with each new installation. Or even if we provide a service, they don't want the UI to change every 3 days. Actually they don't want any change in the UI without proper notification and proper training. Think about a call-center software where the client wants to make sure the call-center employees are well trained to the UI they use. You cannot just change that suddenly. It is not easy to get sales and the clients on board with continuous delivery.
Separating the delivery and the deployment phases and feature flags might be a solution, but that's extra work
It is not easy to get the developers (even top down) to get on board with the idea of continuous integration and continuous delivery.
A small company (is a company with 50 developer still a small company?) most likely won't invest in the maintenance of 3rd party open source software.
In the evening I went to the Maakaf meetup. I met a number of new people a few I know for a long time from various Open Source communities.
There were two very good presentations.
The first one was Open Source Development: Myths, Misconceptions, and Realities by Evyatar Alush. He talked about topics I also often talk about so it was very interesting to hear what he recommends how to select an open source project to contribute to and why contribute at all.
The second one was Don't Trust in Code from Strangers by Baruch Odem from Checkmarx. It was extremely interesting how people create "supply-chain attacks" by uploading malicious code to PyPI, npm, and probably all the other 3rd-party library registries.
e.g. ChatGPT recommends modules that don't exist so they go ahead and create those modules with malicious code. They overtake accounts or maybe the real contributor decides to participate in the war efforts in one of the conflicts.
The create packages with typos in the name so people will fall on them. In the meta data they set the repository link of some other project and the registry will blindly fetch the information from there. (Opus, in the Digger projects I also assumed this.) So one thing the diggers should probably check is if the code that comes from the registry is really the same as the code that comes from the git repository.
Also the binary versions included in the packages might be different.
And as I mentioned elsewhere, the package might not even include the source code and the source code might not be available at all.
He also showed us the os-scar/overlay project.
All in all I thought that they are doing a lot more with the data I wanted to analyze which made me feel really bad. I mean what can I offer if these things already exists? On the other hand it also energized me and I felt lucky to encounter this, basically by chance.
Before I managed to sit down and write this I already finished listening to this podcast: Episode 27: Leading with Values: Sid Sijbrandij joins Matt Mullenweg to talk about GitLab, Transparency and Growing a Distributed Company. I had a lot of thoughts that I thought I should write down.
They talked about what is the most important thing in your company? What are the most important things? They went with "family and friends". I'd separate that out and say: After family and friends the most important for the company is ... and then should be customers, employees, results, transparency, etc.
I suddenly realized that on OSDC the C can stand for Company or Corporation as well. So maybe that's what I am doing.
A couple of thoughts:
- Thing should be documented an transparent.
- Being remote is not the goal. Allowing people from remote areas to work is a goal.
- Reducing time, money, and environment wasted on commuting is a goal.
Plans for Today
Find more Meetups that might be interesting to attend. - DONE
Find Meetups and other opportunities where I might give a presentation.
Record more videos for the Rust course in Hebrew.
Record a new video in English for the Open Source projects series.
Learn more about Rust, update the slides and make progress with the Rust digger.
Start to write a page on the OSDC web site called handbook that will describe the goals the values etc.
This post, the daily report/plan took me more that 2 hours to do. Mostly because I had to collect my thoughts about yesterday which was an intensive day, but also as I have already done some of the things I planned for today.