Reducer #2: Writing, Lisp, and DevOps
Welcome to Reducer.
Writing
What is your edge over competitors?
How do you react to unforeseen risks?
What have you changed your mind about recently?
What part of your job are you not good at? (View Highlight)
The Writing Process - How to Write a Quality First Draft
Break down the writing process, optimizing quality and speed. Split creative and polishing work makes the process more enjoyable.
Here is the structure for a great article:
1. State that the reader's current view of the world is false.
2. Establish how so many people being wrong about this hurts our world.
3. Establish what's required to get everyone to change their view.
4. Predict how the world would be different once the transition is complete.
5. Explore the exciting byproducts of the world being different.
You don't have to get fantastic insights to create good texts. The best content articulates something everyone's thinking about, but no one is saying.
How to Rewrite Your Writing - Clarity, Intrigue, and Brevity
Reading should be fun, even for technical stuff. We can use art techniques to make texts more engaging by adding humor, intrigue, and others. The organization of ideas is essential; the reader must finish the article with the key message and reflecting on it. Build up to deliver the core insight towards the end, but make sure the introduction is the best piece of the text.
To form your article's peak, condense your most insightful and surprising talking points into one section. Craft a climax.
Photo by Casey Horner on Unsplash
Tech
I'm writing a few articles, a few on Lisp and the problem RunOps is solving. These are the two things that get me fired up, and this is the best way to write.
Lisp
The Lisp articles will talk about why Lisps are used so little despite being so good. This is something a lot of people know, but few are talking about.
These two articles talk about an era of Lisp where engineers were hacking with it. They have excellent insights into the type of people attracted to Lisp and connections to the state today. Unfortunately, most of these points don't hold any more; great Lisp implementations grew with excellent communities, like Clojure.
Runops
RunOps is going to change how companies build software. It's the end of the battle between DevOps and compliance. Change Management doesn't have a good reputation, but it's necessary for compliance and regulation.
Runops makes it transparent to developers that Change Management is even happening. Although the article discusses how all companies will eventually need CM when they hit a particular scale, some companies only do it in-house Runops implementations.
Podcast
DevOps Community With Derek Weeks and Mark Miller
Derek
Just as developers moved to more automation, so have the adversary.
It takes 3 days for a vulnerability announcement to turn into exploits
I may Saltstack announced on Wednesday afternoon, and 18 breaches announced on Saturday morning
Mark
Adversaries know all the tools developers are using, but developers have no idea what tools adversaries use.
Derek
Developers don't just want a better way to manage packages; we want to know the quality.
Software supply chain report: depending on language, 10-40% of packages have to know vulnerability
Open-source is skyrocketing: maven central 7 years ago 13 billion downloads; this year, nearly 300 billion downloads.
NPM repository 6 years ago was unknown; this year, 1.2 trillion downloads
Best organizations take 2 days to find and patch a vulnerability, adversaries on average, take 3 days to exploit. Average organization take a week to identify and a week to remediate
Security is a trusted advisor and not dictating the rules anymore.
The CTO of a large company in SV has a 5 minutes rule: if a tool doesn't give feedback in less than 5 minutes, they would not even talk. Developers have feedback loops of seconds; they can't add more time there.
Mark
DevOps will go away. If you are doing software development properly, it will go back to how it was before. If you talk to Patrick Deboaba, they were doing it before. It just didn't have a name,
you should go back to building good software.
Security
Just as developers moved to more automation, so have the adversary. It takes 3 days for a vulnerability announcement to turn into exploits. I may Saltstack announced on Wednesday afternoon, and 18 breaches announced on Saturday morning. Adversaries know all the tools developers are using, but developers have no idea what tools adversaries use.
Best organizations take 2 days to find and patch a vulnerability, adversaries on average, take 3 days to exploit. Thus, moderate organizations take a week to identify and a week to remediate.
Depending on the language, 10-40% of packages have to know vulnerability.
OSS
Open-source package downloads
Maven Central
2013: 13 billion
2020: 300 billion
NPM
2013: 0
2020: 1.2 trillion downloads
Teams
Security is a trusted advisor and not dictating the rules anymore.
The CTO of a large company in SV has a 5 minutes rule: if a tool doesn't give feedback in less than 5 minutes, they would not even talk. Developers have feedback loops of seconds; they can't add more time there.
DevOps will go away. If you are doing software development properly, it will go back to how it was before. If you talk to Patrick Deboaba, they were doing it before; it just didn't have a name. So we should go back to building good software.
--
EndNote
If you're enjoying Reducer, I'd love it if you shared it with a friend or two. You can send them here to sign up. I try to make it one of the best emails you get during the week, and I hope you're enjoying it.
And should you come across anything interesting this week, send it my way! I love finding new things to read through members of this newsletter.
Have a great week,
Andrios.