After a very long porting journey, Launchpad is finally running on Python 3 across all of our systems. I wanted to take a bit of time to reflect on why my emotional responses to this port differ so much from those of some others who’ve done large ports, such as the Mercurial maintainers. It’s hard to deny that we’ve had to burn a lot of time on this, which I’m sure has had an opportunity cost, and from one point of view it’s essentially running to stand still: there is no single compelling feature that we get solely by porting to Python 3, although it’s clearly a prerequisite for tidying up old compatibility code and being able to use modern language facilities in the future. And yet, on the whole, I found this a rewarding project and enjoyed doing it. Some of this may be because by inclination I’m a maintenance programmer and actually enjoy this sort of thing. My default view tends to be that software version upgrades may be a pain but it’s much better to get that pain over with as soon as you can rather than trying to hold back the tide; you can certainly get involved and try to shape where things end up, but rightly or wrongly I can’t think of many cases when a righteously indignant user base managed to arrange for the old version to be maintained in perpetuity so that they never had to deal with the new thing (OK, maybe Perl 5 counts here). I think a more compelling difference between Launchpad and Mercurial, though, may be that very few other people really had a vested interest in what Python version Launchpad happened to be running, because it’s all server-side code (aside from some client libraries such as launchpadlib, which were ported years ago). As such, we weren’t trying to do this with the internet having Strong Opinions at us. We were doing this because it was obviously the only long-term-maintainable path forward, and in more recent times because some of our library dependencies were starting to drop support for Python 2 and so it was obviously going to become a practical problem for us sooner or later; but if we’d just stayed on Python 2 forever then fundamentally hardly anyone else would really have cared directly, only maybe about some indirect consequences of that. I don’t follow Mercurial development so I may be entirely off-base, but if other people were yelling at me about how late my project was to finish its port, that in itself would make me feel more negatively about the project even if I thought it was a good idea. Having most of the pressure come from ourselves rather than from outside meant that wasn’t an issue for us. I’m somewhat inclined to think of the process as an extreme version of paying down technical debt. Moving from Python 2.7 to 3.5, as we just did, means skipping over multiple language versions in one go, and if similar changes had been made more gradually it would probably have felt a lot more like the typical dependency update treadmill. I appreciate why not everyone might want to think of it this way: maybe this is just my own rationalization. Reflections on porting to Python 3 I’m not going to defend the Python 3 migrat

PRECIS (Preparation, Enforcement, and Comparison of Internationalized Strings) is a framework for consistent and secure management of Unicode strings in web applications. If you haven’t read my previous article Input validation of free-form Unicode text in Python, that contained the problem statement and low-level solution using Unicode character categories. PRECIS goes one step further by proposing specific string classes that represent typical usage scenarios involving processing of Unicode strings. PRECIS starts from just two use cases — string used as an identifier, that will be subsequently used in URIs and databases, where one of the most challenging problems is reliable comparison. For example, are “ŻÓBR” and “ŻÓBR” the same usernames, or group names? Visually they should be identical in most fonts and displays, and both could have been honestly typed by the same user using different keyboards, yet they are composed of different code points. First, using a non-combining keyboard: > import unicodedata > x='ŻÓBR' > for c in x: print(f'{c}: {unicodedata.name(c)}') Ż: LATIN CAPITAL LETTER Z WITH DOT ABOVE Ó: LATIN CAPITAL LETTER O WITH ACUTE B: LATIN CAPITAL LETTER B R: LATIN CAPITAL LETTER R Second, using letters followed by combining accents: > x='Z\u0307O\u0301BR' > x 'ZOBR' > for c in x: print(f'{c}: {unicodedata.name(c)}') Z: LATIN CAPITAL LETTER Z : COMBINING DOT ABOVE O: LATIN CAPITAL LETTER O : COMBINING ACUTE ACCENT B: LATIN CAPITAL LETTER B R: LATIN CAPITAL LETTER R Usual byte-by-byte comparison will fail, and if you’re not careful your application will allow creation of visually identical usernames that are assigned distinct user objects. In my previous article (Input validation of free-form Unicode text in Python) I suggested using Unicode normalisation to always convert these homoglyphic forms into a single, consistent one. PRECIS The two string classes proposed by PRECIS are IdentifierClass and FreeformClass, and their purpose is quite self-describing. What sits inside them, is a carefully selected combination of character classes (such as letter, digits, spaces) that are allowed, others that are disallowed (e.g. funny text direction changing characters), additional contextual rules as well as policy towards characters that are yet unknown in the current version of Unicode. As you can guess, these rules for IdentifierClass are much more strings, while for FreeformClass they are much more lax and permissive. Not surprisingly, Unicode normalisation (specifically, NFC) is an important part of these transformations. On top of these basic string classes, you can build your own string profiles, that reflect your applications data objects more accurately. For example, one Python library precis-i18n implements UsernameCasePreseved (strict) and NicknameCasePreserved (lax). Here’s what happens when you try to pass my name through both of them. First, nickname profile, apparently indended to be displayed as the profile name but not used in identifiers: > import precis_i18n > precis_i18n.get_profile('NicknameCasePreserved').enforce('Paweł Krawczyk') 'Paweł Krawczyk' However, let’s tr

Quoting Wikipedia on the classic social science text, "Exit, Voice, and Loyalty": The basic concept is as follows: members of an organization, whether a business, a nation or any other form of human grouping, have essentially two possible responses when they perceive that the organization is demonstrating a decrease in quality or benefit to the member: they can exit (withdraw from the relationship); or, they can voice (attempt to repair or improve the relationship through communication of the complaint, grievance or proposal for change). For example, the citizens of a country may respond to increasing political repression in two ways: emigrate or protest. Similarly, employees can choose to quit their unpleasant job, or express their concerns in an effort to improve the situation. Disgruntled customers can choose to shop elsewhere, or they ask for the manager. Exit and voice are also two possible strategies for a software user, who might be one person, or an organization of multiple people. If the user would like the software to change, or would like it to stop changing, they can employ either "exit" or "voice". Voice: A user can file bugs, complain, and request that the software developer make the user's desired changes. Exit: Or the user can switch to using some other piece of software which is more to their liking, paying various switching costs, like learning to use the new software. Open source provides a third option: fork For open source software, there's a third option. Both the user and the original software developer have the same power to change the software. So if the original developer refuses to make some change, the user can find some other person with programming skill, and ask (or pay) them to make the change instead. Let's call this ability "fork". That's a bit of a misnomer, because this sense of "forking" doesn't have to be acrimonious or even public. A user might make some private change to the software which they know wouldn't be accepted into the main version, while still making other changes as part of the main community. The ability to fork has implications for "exit" and "voice". Exit is less important for open source In different situations - not just in software - "exit" can be easier or harder. For example, someone working in a small town will have fewer job opportunities than someone working in a big city, so exiting a bad job is harder. Since exit is essentially one's only option if voice fails, people will do things to make exit easier - like taking a job in a big city where there are many other jobs. In software, one of the key influences on the ability to "exit" is portability. Portable software can be used on different platforms or with different dependencies and portable data formats can be read by different programs. For example, if a piece of software "FooSoft" depends on non-portable features of a proprietary library "libprop", the piece of software can't easily stop using the proprietary library. FooSoft and its users are reliant on "voice" to make sure that libprop changes only in good ways. If FooSoft instead only depends on such portable, widely available

Wed, May 27, 2020There are not a lot of very strong empirical results in the field of programming languages. This is probably because there’s a huge amount of variables to control for, and most of the subjects available to researchers are CS undergraduates. However, I have recently found a result replicated across numerous codebases, which as far as I can tell makes it one of the most robust findings in the field: If you have a very large (millions of lines of code) codebase, written in a memory-unsafe programming language (such as C or C++), you can expect at least 65% of your security vulnerabilities to be caused by memory unsafety. This result has been reproduced across: Android (cite): “Our data shows that issues like use-after-free, double-free, and heap buffer overflows generally constitute more than 65% of High & Critical security bugs in Chrome and Android.” Android’s bluetooth and media components (cite): “Use-after-free (UAF), integer overflows, and out of bounds (OOB) reads/writes comprise 90% of vulnerabilities with OOB being the most common.” iOS and macOS (cite): “Across the entirety of iOS 12 Apple has fixed 261 CVEs, 173 of which were memory unsafety. That’s 66.3% of all vulnerabilities.” and “Across the entirety of Mojave Apple has fixed 298 CVEs, 213 of which were memory unsafety. That’s 71.5% of all vulnerabilities.” Chrome (cite): “The Chromium project finds that around 70% of our serious security bugs are memory safety problems.” Microsoft (cite): “~70% of the vulnerabilities Microsoft assigns a CVE each year continue to be memory safety issues” Firefox’s CSS subsystem (cite): “If we’d had a time machine and could have written this component in Rust from the start, 51 (73.9%) of these bugs would not have been possible.” Ubuntu’s Linux kernel (cite): “65% of CVEs behind the last six months of Ubuntu security updates to the Linux kernel have been memory unsafety.” And these numbers are in line with what we’ve seen in 0days that have been discovered being exploited. This observation has been reproduced across numerous very large code bases, built by different companies, started at different points in time, and using different development methodologies. I’m not aware of any counter-examples. The one thing they have in common is being written in a memory-unsafe programming language: C or C++. Based on this evidence, I’m prepared to conclude that using memory-unsafe programming languages is bad for security. This would be an exciting result! Empirically demonstrated technical interventions to improve software are rare. And memory-unsafety vulnerabilities are one of the only kind that we know how to completely eliminate, by choosing memory-safe languages. However, it’s critical we approach this question as rational empiricists, and see if the evidence really merits the conclusion that memory-unsafe programming languages are bad for security. Let’s consider the Venn diagram of vulnerabilities: There are vulnerabilities that can exist only in memory-unsafe languages (e.g. buffer overflows or use-after-frees) There are vulnerabilities that can exist in any

Where I currently work we are all in on event-driven architecture. For our DLQs, we have alerts on when the queue is growing in size or if messages are in the queue too long. When those alerts come in, we manually move the messages back to the normal queue for reprocessing and if they get DLQed again after that we will look into the reason it is failing.One of the benefits of this architecture for us is the ability to easily share information between services. We utilize SNS and SQS for a pub/sub architecture so if we need to expose more information we can just publish another type of message to the topic or if we need to consume some information then we can just listen to the relevant topic.There are two big issues that I've run into while at this company. One is tracking down where events are coming from can be a big pain, especially as we are replacing services but keeping message formats the same. The other big issue is setting up lower environments (dev,qa,etc) can be difficult because you pretty much need the entire ecosystem in order for the environment to be usable, which requires buy-in from all teams in the organization I guess it's still harder to track down event emitters, but have you tried using bitbucket or GitHub code search to search all of your repos at once? Yea, I have use GitHub search in a pinch and sometimes it is helpful enough to show me exactly where to look. Unfortunately, though, there are several events we emit that are many layers of string concatenation, so GitHub search may narrow it down to 4 or so places and I have to manually go from there. "Everything looks like a red thumb when you're holding a golden hammer."Events are a part of a greater whole. It's a tool that you can use to solve certain data flows, but not all data flows. When you start taking more liberty with the word "eventually," you are almost certainly in a realm where event-driven makes the most sense. CQRS is a pretty good example of using many architectures (including event-driven) under a single greater architectural umbrella, and the thought patterns it introduces you to are incredibly useful. But no architecture is gospel, not even close.Any "pure" architecture is the tail wagging the dog. The problem comes first, the solution comes second, the architecture comes third. Monolith is easier to handle. With microservices, any network connection could break, you need a lot more code to handle all that complexity and orchestration. Not sure if there are any communities. My general advice is to invest as much as possible in a good logging solution, traceability, and just general things to make debugging easier. Come up with a way to replay events easily. You'll thank yours

→ Listen to this story on Racket.“You just learn one thing, and that’s the browser,” quipped Bill Gates while showcasing the then-upcoming Windows 98.The empire that Microsoft had built piecemeal—software languages here, DOS and Windows there, Office and a software ecosystem tying it all together—was suddenly threatened by the web. The earliest web apps promised you could run anything, anywhere. A browser, not the latest operating system, was all you’d need.Ignoring the web wasn’t possible. Microsoft’s infamous Embrace, Extend, Extinguish philosophy would have to work instead.So they acquired Hotmail, one of the first web apps, and built the web so deeply into Windows 98 the US Government would accuse Microsoft of using Internet Explore to maintain a monopoly.Gates correctly recognized that browsers were the last app we’d learn how to use, that so much of the software to come would be browser-based SaaS.Yet somehow, it seems unlikely he’d have imagined that decades later, a browser would be all you’d need to run Windows 98—or at least a facsimile its most memorable features.Rebuilding the past.We run everything in the browser today: Slack, and Figma, and Superhuman, and Airtable, and Google Docs, and so many of the other tools that make today’s work happen.So why not run Windows in the browser, too?That was—in part—the idea that got ctrlz and their fellow students to painstakingly recreate the Windows of the ’90’s in the browser with Windows 96. It’s a passion project that lets you relive some of your formative computing memories—and it started with a chance encounter.“Back around 2016, I saw the Ubuntu online tour,” wrote ctrlz, before coming across the Windows 93 online desktop the following year. “I was fascinated with the concept of running a web desktop inside the browser”—even if these earlier attempts were largely non-functioning demos. So they set out to build their own. Unlike so many of the other web desktops—including Microsoft’s own Live Mesh—ctrlz’s project wouldn’t try to imagine what the future could look like, rethink how a desktop could look if it lived in the browser. It’d recreate computing’s past, in a brand new way.And so, hand-me-down MacBook Pro in hand, ctrlz started coding first a Windows XP-style web desktop built with static images in 2017, then a Windows 10-style UI in 2018. But newer didn’t make it better. “I wasn't happy with the way it looked,” said ctrlz, “so I eventually settled for a 9x interface in early 2019, when I decided to go ahead and make something of it.”Soon enough, they and a team of students had recreated the operating system they’d first used on aging school computers—rebuilt using the latest web tech.“I'm compelled to say ‘Magic’,” replied ctrlz when asked how they got so many things to work in their browser-OS, “but really, it’s a combination of WebAssembly and also intense problem solving.” It took a month to build the file system, something ctrlz is most proud of, while UTF-4096, another team member, is still working to build an AirDrop-style peer-to-p

Exclusive Google Cloud’s global sales president has assumed temporary control of operations in Europe, the Middle East and Africa (EMEA) following the exit of Chris Ciauri some 20 months after he took the job. "Chris Ciauri has decided to leave Google to pursue external opportunities. We are very grateful for his leadership during his time with us, and we wish him all the best for his future endeavours," said a Google Cloud spokesperson. "Our Global President for Google Cloud Sales, Rob Enslin, will step in as interim lead until we appoint a new leader for EMEA," they added. Ciauri quit his post at Salesforce in September 2019 after 10 years as executive veep president and GM EMEA, and set about trying to build a regional team to lead Google's Workplace and Cloud Platform business where it's playing catch-up with AWS and Microsoft. In 2020, Ciauri hired a bunch of experienced sales heads from Salesforce, Microsoft and SAP. These included Pip White to run Google Cloud in the UK and Ireland; Daniel Holz as boss of DACH and Northern Europe; Samuel Bonamigo as bigwig for Southern Europe; and Laurence Lafont as veep for EMEA industries (excluding France). These execs then in turn recruited to swell their own ranks. Sources who discussed the situation on the condition of anonymity said the regional hiring spree added to overheads and the expectations of senior leaders in Santa Clara. "Google opened up the cheque book and he [Ciauri] went and signed up some big hitters to run different country operations. Google Cloud is doing really well in the US," said one. Cloud builders hoover up 60% of ALL servers sold in 2020 as enterprise bit barns left to sweat So Jeff Bezos is stepping back from Amazon to play with his space rockets. Who's this Andy Jassy chap? Google Docs users, you are on notice: Code rewrite may break browser extensions Open-source developers under corporate pressure to adopt less-permissive licenses, Percona CEO says Google Cloud EMEA also grew fast in calendar 2020, and clearly remains an important part of parent Alphabet' s central plans, but it expanded slower than the rest of the company's other two major regions in the US and Asia Pacific. In and among the numbers, total revenue at Google Cloud grew 46.4 per cent year-on-year to $13.059bn. The US arm posted a higher than the average lift at 49.6 per cent to $6.137bn and Asia Pacific was up 55.63 per cent to $2.35bn. In EMEA, revenue went up 41.7 per cent to $3.917bn, accounting for 30 per cent of group sales versus 31 per cent in 2019. Ciauri hardly presided over a sales flop, and the company also notched up some customer wins under his leadership, including Deutsche Bank, Nokia, Orange, Lloyds Banking Group, Group Renault and Swedish bank SEB. However one source told us: "It was a bit like fantasy football, and when you open up the cheque book, expectations rise." Google Cloud reported an operating loss of $5.6bn in 2020, compared to an operating loss of $4.645bn in the prior year. The company did not publish the regional breakdown. In its 10K SEC filing [PDF] for the annual results, Google states: "The increase in

There’s an air of desperation among tech employers this summer. Software talent, it seems, is in such high demand that companies are morphing how they hire. And workers are the ones with the power.Good and experienced tech workers are being treated like local celebrities — hounded by recruiters, courted by managers, and bestowed a bevy of options before choosing their next boss.“It makes you feel like you’re amazing, when really ... you’re just another software engineer that’s looking for a job,” said Henry Chesnutt, who just moved back to San Diego from San Francisco to work at the rapidly growing tech startup Flock Freight.The job outlook for workers like Chesnutt has been good for much of the past decade. But now, a multitude of factors is driving competition for talent to a level not seen in nearly 20 years, some recruiters say. “This is the most competitive market I can remember in my professional career, with many people comparing it to the dot-com market of the late ‘90s,” said Jim Bartolomea, vice president of Global Talent at tech titan ServiceNow, which employs a huge chunk of the software talent in San Diego.Last month, employers posted more than 365,000 job openings for IT workers, the highest monthly total since September 2019, according to IT trade group CompTIA. The positions highest in demand include software developers, IT support specialists, systems engineers and architects. The demand has been attributed to all sorts of things. During the pandemic, businesses that had been slow to adopt enterprise software began rapidly catching up. A tidal wave of productivity software, conferencing and collaboration tools, and e-commerce tech flooded the world. The same was true for consumer tech, with video game development, entertainment tech and social platforms booming. Many of these jobs are going unfilled, as competition for new hires ramps up. Simultaneously, remote work became the status quo in the tech industry. Suddenly, software talent could pick and choose from a massive pool of job opportunities. All while existing talent is beginning to stray. Roughly a third of more than 2,800 IT professionals said they plan to look for a new job in the next few months, according to a recent Robert Half International survey.Aaron Bartholomew, a lead backend developer at tech company Trust & Will, just went through a two-month job search in which he held the power in the employer-worker exchange. “I realized pretty quick that I was the one with the upper hand,” Bartholomew said. “All these companies were moving incredibly fast to try and close on me.”Software interviews have a reputation for being slow, painful processes that involve tests of logic, design and computer science knowledge. Years ago, Chesnutt was tested for five straight hours on algorithms during an interview with YouTube. But now, these technical interviews are often being waived, said Chesnutt and Bartholomew, who both experienced this step dropped for the sake of urgency. Recruiters are increasingly using what Chesnutt sees as pressure tactics, such as “exploding offers,” which are job of