“Intermediary” programmers

I’ve started running more and more into what one could call “Hype” programmers.

It’s these folks (actually, it’s men, it’s always men) who have read all of hacker news, know all the greatest buzzwords and why you should use tech X over tech Y but have never actually shipped real things.

I should use this deployment strategy or this container orchestration software, but when you dig below the surface, they can’t tell you why.

I think the biggest indicator of someone’s degree of knowledge relating to technology is how many buzzwords they throw at you. The higher the number, the less they actually know.

Context is key when buying a car, in digital government or in PHP

I often find folks in tech to be very dogmatic. “Framework X is the best “, “Java is a terrible language”, “pineapple doesn’t belong on a pizza”, etc.

There seems to often be a lack of context when we throw out thoughts like that.

It’s a bit like someone asking you what’s the best car and you tell them a Ferrari. So they go and buy a Ferrari and they try to use it to move their family across the country.

I saw a talk by the creator of PHP Rasmuf Lerdorf looking back at the 25 years of PHP. If there’s one thing that everyone who’s been using PHP with version 4 knows is that register globals was a terrible idea.

For everyone didn’t code PHP way back in the day. Previously, if you had a GET or POST parameter such as ?test=random_string a variable called $test was created automatically with the value passed in. No sanitation etc. So if you had some code that let’s say checked if a variable existed, well an attacker could basically inject any variable they wanted. I (and pretty much everyone) always thought this was the dumbest thing.

In his talk Rasmuf talks about register globals. And one thing he mentions is that, when this was created, JavaScript didn’t exist….. That blew my mind. In that context it made much more sense! A whole attack vector just didn’t exist when it was created. Now I’m not saying it was a good idea even considering that but just learning about the whole context was mind opening.

I find that searching for the context behind decisions is at times missing in digital government. I’m working at CDS and when working with partners there are often technology decisions that will make people’s eyes roll (I’m sure I’ve been guilty of this as well).

I think those kinds of comments don’t help anyone. They certainly don’t help us understand the context in which these decisions were made.

It’s easy to shit on tech work in government, what’s less easy is really trying to understand the context that lead to these decisions. The constraints people were under, the requirements, the available resources. All those things we might not know about. Only after we’ve started to build a shared understanding of what the current context is can we, together, find a better solutions to serve people better

Don’t use SMS for 2FA

I’ve been travelling recently and it’s ridiculous how many banking or finance app will use SMS as a second step for login.
There are 2 big problems with this:

1) Usability: If you detected that my IP is out of the country, what are the odds that I’m not using my local SIM card?
2) SMS is super not secure!

Let me use an authenticate app or check if my machine has already logged in from my home country or something.

Using a Raspberry Pi as file server

I just set up a pseudo NAS with a Raspberry Pi 4 B and a random external hard drive we had lying around. I was really impressed with the Pi’s capabilities. Even when being used as a desktop it’s super snappy. The thing has 4 USB ports and 2 HDMI outs as well as Wifi 5 (AC) and a gigabit LAN (that maxes out around 300MBs).

I know how fast technology changes. Yet it’s so interesting to think back to 25 years ago when I had a Pentium 120Mhz with 16MB ram and a 1GB hard drive (That was huge!). I think I recall the tower costing something like 2500$ (over 4000 in current day dollars) in a big tower. And now this little thing has 250 times more RAM, 4 cores running at 1.5Ghz and with all the add-ons I bought with it was less than 100$.

At times it seems like things move slowly (Where’s my flying car?). And at other times I realize how crazy the next 25 years will be. (You know, if we don’t burn up the planet and all)