OnHub Releases

Love the OnHub, and one of the greatest reasons is the great engineers, which leads to a fairly regular release cadence for both features and bugfixes. They follow the ChromeOS schedule generally, since that forms the base. Because I’m always anticipating the next release, I wanted to take a look at the past and how they stack up.

 

Advertisements

Words Matter: Language In Security Engineering

Words Matter: Language In Security EngineeringChris PalmerAbstract:Language impacts everything in software: API design, types and type systems, the grammars from which serialized inputs and outputs come, what semantics our programming languages easily and not-so-easily afford, the natural language words and ‘visual language’ we use in our user interfaces, and more.In this talk, I’ll describe how our use and mis-use of languages, broadly construed, directly impacts software safety in the field and the costs of developing safe software. I’ll describe how the concepts of language-theoretic security, typeful programming, and user interface design open broad avenues for safe, correct, and usable software that we have only begun to explore.I’ll illustrate the ideas with specific examples of how language has affected the safety of Google Chrome, for better and for worse.

Source: Stanford Security Seminar

INFRASTRUCTURE & OPERATIONS – How Google Does Planet-Scale Engineering for Planet-Scale Infra – YouTube

Fascinating talk about SREs. Best part is about the blameless postmortem. Begins with a question: a new dev pushes code that takes your main site down for three hours. What is to blame?

  1. the new dev
  2. the code reviews
  3. the lack of tests
  4. the lack of proper canary process for the code
  5. tthe lack of rapid rollback tools

The answer is everything but the new dev. Sure, people are going to write code that breaks. But the process that allows that code to get through should be fairly bulletproof.

The talk then goes on to talk about blameless reviews. This focuses on the processes that failed, and is effective because it is very rare that someone intentionally breaks something. (And even when someone does, shouldn’t there be a process in place, two-man rule, etc, to prevent it?) Blameless reviews follow a very similar thorough investigation as the NTSB does for aircraft accidents. Finding every single link in the chain of events that failed. It’s very effective both in putting in place processes that do no allow those errors to occur again, and in attracting and retaining the best employees.

At google, bonuses have been given out to people who have caused major outages, to incentivize the desired behavior: quick response and taking responsibility.

The Machiavelli of Maryland: adviser to presidents, prime ministers – and the Dalai Lama | Thomas Meaney | World news | The Guardian

The long read: Military strategist, classical scholar, cattle rancher – and an adviser to presidents, prime ministers, and the Dalai Lama. Just who is Edward Luttwak? And why do very powerful people pay vast sums for his advice?

Source: The Machiavelli of Maryland: adviser to presidents, prime ministers – and the Dalai Lama | Thomas Meaney | World news | The Guardian