You can't just inject after-the-fact "security" into a system because you can't inject quality into a system. Both characteristics infuse the code. The only way to make an insecure system secure is to replace that code with high-quality code. Band-aids don't work.
2/2
23.11.2025 16:31 β π 10 π 1 π¬ 0 π 0
I will never understand how people do not see the tight coupling of security and quality. You can't have the former without the latter. They call it an "exploit" because the hacker is exploiting a bug.
1/2
23.11.2025 16:31 β π 15 π 2 π¬ 2 π 0
Yes. I was CTO at an internet-security infrastructure company, so this comment hits a nerve with me. I will never understand how people do not seem to understand the tight coupling of security and quality. You can't have the former without the latter.
23.11.2025 16:25 β π 4 π 0 π¬ 0 π 0
It's actually Mark Zuckerberg who said that. He wasn't quoting anybody. He was the boss, in fact, not just another engineer. He also said: "Unless you are breaking stuff, you are not moving fast enough."
23.11.2025 05:57 β π 8 π 1 π¬ 1 π 0
I once had a conversation with Steve Ballmer on precisely this subject. For him, it was a business decision. Given their quasi-monopoly position, why spend money on quality if it doesn't impact revenue? Can't fault that reasoning. Pre-monopoly products were higher quality.
23.11.2025 05:54 β π 3 π 1 π¬ 0 π 0
It depends on the architecture. In a system of components w/ hard boundaries (e.g., microservices), every component has its own database. An authentication component needs nothing beyond key/value pairs at first. You won't need to replace that with a database unless the number of users requires it.
23.11.2025 05:49 β π 1 π 0 π¬ 1 π 0
Actually, the problem with Challenger, at least according to the official report, was not saving money; it was about slipping boundaries. You push something to the limit, and it still works, so that limit becomes the new center. Repeat that process, and things blow up.
23.11.2025 05:45 β π 2 π 0 π¬ 1 π 0
California is not the only government bogged under bureaucracy. It goes with the territory.
22.11.2025 20:33 β π 8 π 0 π¬ 3 π 0
Beta testing is a big-batch concept. You beta-tested the entire application (before burning it to a CD π). When the batches are very small and the code is well tested, you're determining whether the users find something useful. To me, siloing dev and prod is a bad idea. Product + DevOps for the win.
22.11.2025 20:32 β π 5 π 1 π¬ 1 π 0
It helps to be a monopoly.
22.11.2025 20:27 β π 3 π 0 π¬ 1 π 0
In general, pure research (of the "Design Thinking" variety, for example) doesn't yield particularly good results. People tend to need something that works in front of them to assess adequately. Otherwise, they're just guessing. Tiny released increments work better.
22.11.2025 20:22 β π 1 π 0 π¬ 1 π 0
Solar panels won't work unless you're located in a desert and can blanket many square miles with panels. Of existing technologies that are ready to go, safe nuclear is a better option (e.g. liquid-salt thorium). Hydro can work given a big enough river. Microsoft bought Three-Mile Island, of course.
22.11.2025 20:19 β π 0 π 0 π¬ 2 π 0
So, Iβm not sure about breaking things, but building fast is always a good idea. You just have to go about doing it sensibly.
12/12
22.11.2025 17:32 β π 106 π 5 π¬ 11 π 0
Iβve often released a small thing devoid of most of the features and bells and whistles I thought I needed, and the feedback was βthis is great!β At that point, Iβm done. Those bells and whistles were cruft. Build the thing that alleviates the most pain first, then get feedback.
11/12
22.11.2025 17:32 β π 169 π 10 π¬ 5 π 0
The most dramatic speed improvements come from not building entire features that nobody wants. Work very small to get code into your customerβs hands as quickly as possible, and then get feedback from them in a continuous conversation. Why build things nobody cares about?
10/12
22.11.2025 17:32 β π 148 π 8 π¬ 3 π 1
You do not need an architecture or infrastructure that supports 100,000 users until you have 100,000 users. You do need an incremental-friendly architecture--one that can evolve as it scales. Eminently doable, but itβs a learned skill.
9/12
22.11.2025 17:32 β π 161 π 5 π¬ 5 π 0
If you have 100 customers, for example, you probably donβt need a databaseβa flat file with JSON in it will do. You almost certainly donβt need that slick UI (you need a good UX, but you can often get that with a very simple UI).
8/12
22.11.2025 17:32 β π 145 π 8 π¬ 4 π 0
Whole-team developmentβwhere all the skills needed to get something out the door are available within the teamβeliminates dependency delays.
The next set of speed improvements comes from not building infrastructure you donβt need.
7/12
22.11.2025 17:32 β π 147 π 6 π¬ 3 π 0
The first is to change the way you work. Traditional Lean thinkingβremove waste; work on one thing at a time (reduce WIP to 1)βcuts development time in half or more. Working collaboratively (e.g., mob/ensemble programming) eliminates coordination and integration overhead.
6/12
22.11.2025 17:32 β π 172 π 6 π¬ 4 π 0
Also, buggy systems drive customers away. No startup can afford that. Buts erode trust, and attempts to regain that trust by releasing a slightly less buggy version in a month are doomed. People have long memories.
There are constructive ways to move fast, though.
5/12
22.11.2025 17:32 β π 219 π 6 π¬ 4 π 0
Every change to buggy code is painful (and time-consuming), particularly when you have no tests because you have βno time to write them.β You have no time not to write them. The best way to move fast is to increase quality and be serious about testing.
4/12
22.11.2025 17:32 β π 314 π 18 π¬ 7 π 3
Fast gets you two essential things: you get revenue sooner, and you get the feedback you need to ensure youβre building something the market actually wants.
βMove fastβ doesn't mean: get low-quality buggy garbage out the door faster. That slows you down.
3/12
22.11.2025 17:31 β π 344 π 22 π¬ 9 π 2
Even if youβre a startup, though, breaking things makes no sense at all unless youβre talking about breaking the status quo in a moribund product space. Who has time to fix broken stuff?
"Move fastβ is more interesting.
2/12
22.11.2025 17:31 β π 378 π 21 π¬ 5 π 0
Letβs talk about βMove fast and break things.β First of all, Facebook itself changed its motto to βMove fast with stable infrastructureβ in 2014. So much for breaking things, at least if youβre a soulless corporate behemoth.
1/12
22.11.2025 17:31 β π 2665 π 343 π¬ 120 π 29
Wow. It's interesting that you go there. How about "any way," as in realizing the precepts of the Agile Manifesto and Lean thinking, or working collaboratively, or creating humane work conditions?
20.11.2025 02:16 β π 0 π 0 π¬ 1 π 0
Not if you move fast by, for example, not building unnecessary stuff. There are lots of ways to move fast. Organizations that take "sustainable pace" seriously (e.g., no long hours, etc.) move faster than those that burn people out. Fast isn't the problem; bad management is.
20.11.2025 02:11 β π 0 π 0 π¬ 1 π 0
It was not convenience, it was cost. Many startups would never have succeeded if they had to run their own data centers. There are benefits of putting everybody's computer in one place. Overall, it uses less power than a large number of small data centers, for example.
20.11.2025 02:08 β π 0 π 0 π¬ 1 π 0
Not just them, though. People aren't talking enough about the environmental cost of AI, though the need for power could drive clean-tech solutions like liquid-salt thorium reactors.
20.11.2025 02:05 β π 1 π 0 π¬ 1 π 0
Even if we don't break things, moving fast is still essential. Time, quite literally, is money when you're doing development. It's also not just about profit. E.g., we need rapid feedback from small incrementsβdifficult for stand-alone, non-cloud systems.
19.11.2025 19:47 β π 0 π 1 π¬ 1 π 0
Didn't Microsoft just effectively force you to put all your data in the cloud? Even if it's still on the disk, it's so well hidden you can't find it.
19.11.2025 19:44 β π 1 π 0 π¬ 0 π 0
Girl Dad. Java Champion, Software Architect, Consultant, Curmudgeon. Mostly retired. Boomer, but one of the good ones. American, living in Spain after 12+ years in the UK, after many years in Silicon Valley (when it was cool).
Don't obey in advance.
Getting back on my social shizzle. Not Actually a YOW! Speaker. You can't always believe lists
Blogger, knitter, crafter, social media addict. Formerly at Canva & AWS. Recovering from 20 years in the tech industry. | π¦πΊπΊπΈ she/her
Spring Developer Advocate
Java Champion
Kotlin Google Dev Expert
https://YouTube.com/@coffeesoftware
https://github.com/joshlong
Lifelong Programmer, Host of the Developer Voices podcast.
OO Evangelist since 1981.
Soul polisher at feenk.com.
Emeritus professor at www.oscar.nierstrasz.org
Chief Disruptor, Chief Cloud Officer, International Keynote Speaker
I love functional programming and learning new things β¨ Gleam core team member π (he/him)
@RedHat - Senior Principal Software Engineer, working on Quarkus. Ex-IBM. Java Champion, developer, author, #cloud surfer and maker. My views are my own.
Architect at ASML. Conference speaker, JavaOne Rock Star. Chocolateynuget Java packages. InfoQ Java news author.
Software Engineer π Author of βCloud Native Spring in Actionβ and "Developer Experience on Kubernetes" π³οΈ CNCF Ambassador βοΈ Java Champion π Creator of @arconia.io ποΈ International Speaker π¨βπ» OSS. Work with Java, Cloud Native, GenAI.
todepond.com
β΅ London ΰ·΄ @tldraw.com
Soft person. Likes infosec, open source, electronics, reading, education, and privacy.
I am a Programmer I like cats, otters and llamas...
Books are awesome. Into Functional Programming and thinking about Systems.
Web: http://www.roundcrisis.com
Masto: @roundcrisis@types.pl
Poblacht na hΓireann, An Nua-ShΓ©alainn, AirgintΓn agus Sasana
Staff Dev Advocate at GitHub π₯
Australian, talks about DevOps and AI a lot.
I used to code once.
He/him
Next:
#YOW25 Dec: MEL 4-5 | BNE 8-9 | SYD 11-12
https://yowcon.com/
