Skip to main content

Valentine's Day: I love Free Software! #ilovefs

Some people care if software is free of cost or if it has the best features, above everything else. I don't. I care that I can legally inspect its inner workings, modify and share modified versions: run, study, redistribute, modify. That's why I happily avoid macOS, Windows, Skype, Photoshop. I love … free software!

If you want to join in speaking your mind about libre software and the #ilovefs campaign, please find related artwork here.

uriparser 0.9.1 released, includes security fixes

A few days ago uriparser 0.9.1 has been released. Some highlights of version 0.9.1 include:

  • A security fix for an out-of-bounds read reported by Joergen Ibsen

  • Improvements regarding the accuracy of errorPos that is used to communicate the precise location of parse errors

For more details please check the change log.

Last but not least: If you maintain uriparser packaging or a bundled version of uriparser somewhere, please update to 0.9.1. Thank you!

Interesting! / Fwd: How To Charge More For A Logo— Deep Dive ep. 4

I'm not a designer (but a mostly-backend software developer), I'm not freelancing (and never have been) but I have always admired design and typography — simplified — from a distance.

I ran into videos involving Chris Do of The Futur (no trailing e) the other day and found multiple to be rather sharp and interesting.

The one I'd like to highlight right now is this:

How To Charge More For A Logo— Deep Dive ep. 4 w/ co-host Melinda Livsey

There is a specific playlist The Futur: Melinda Livsey for more like that.

Getting to Know an Employer as a Developer

Background

When getting to know a potential future employer, I have never asked the exact same questions twice. Many answers are given without an explicit question. Nevertheless, there is a core set of explicit questions that I want to hear about from an employer to get a better picture. I'll share that set with you today.

I won't go into much detail about what I ask each question for: for most questions it should be obvious. The overall theme is:

Can I be happy at this place, in this team, for longer?

There will hardly be time to ask all of these questions in one session or even two, so getting answers to all will be hard to unrelastic.

I have tried to categorize them a bit, but there is no clear cut for many of them. And forget about order. On to the questions!

Questions

Dynamics and Process

  • Who gets to decide what is being built, how it is build, and when?

  • What other teams does this team interact with?

  • Are you doing agile? Which flavor: Scrum, Kanban, ...? Can you walk me through your version of Scrum? How well does the current approach work for you?

  • Are developers doing DevOps as well? Who's in charge of deployment and operation?

  • How is code review done within this team?

  • How is code making its way into the master branch? What does the current branch/merge workflow look like?

  • Do you do continuous integration, do you do continuous delivery?

Team

  • Besides the people in this room: who else is on the team? Are there any freelancers / external people are involved on top?

  • I would like to get to know the rest of the team. Is that possible?

  • (How long have you been in this company?)

  • (Has anyone of you terminated his contract?)

Product

  • Can you give a quick tour of the product to me?

  • Please tell me about the current tech stack? Are there known plans for change?

  • What version are you using of ... and ...? (Debian wheezy and Django 1.8 anyone?)

Culture

  • At work, what opportunities are there to learn something new, to grow as a developer, to grow as a person, to experiment, to have fun?

  • For my position, what are potential options for promotion?

  • How do you keep technical debt down?

  • What's the approach to overtime in this company?

  • What is your take regarding home office?

  • What are the core hours for work at this company?

  • I have no plans on touching Windows or macOS. Is that okay with you?

  • Was there a 13th salary last year? Roughly how much in percent of a month's salary was it?

  • There is a conference called Chaos Communication Congress every year from December 26th to December 30th that means a lot to me. Will I be able to take vacation during that time of the year?

  • I need a truly ergonomic chair. Is that possible?

That's about it, should take quite some time. The more you rush through questions the less you hear answers!

Surprised by that list? Found it helpful? Do you ask something more that gets you interesting replies?

Drop me a mail!

Sebastian

Struggling Scrum: A Few Observations

Background

I've been scratching my head and reading more about Scrum lately. It's rather clear to me by know that Scrum needs some discipline, some interest and constant adjustment, to have an actual chance to work well for the team. What I'd like to share today is symptoms of Scrum at struggle, indicators that the agile process might not be treated as agile itself by the team. As any member of the teams involved, I am to blame for not turning the wheel around more myself, too.

I think it's important to talk about issues with Scrum, to identify causes, and to make adjustments to the process to not just "die faster" with Scrum.

So here's a few facets of a team struggling with Scrum:

Struggles

Daily Stand-Up Meetings

  • Members struggle remembering what they did in general, yet few start taking and bringing notes
  • Stand-Ups seems to keep catching everyone by surprise, while taking place the same time every day

Planning Meetings

  • Stakeholder and/or product owner are at their phones rather than really listening
  • Stakeholder wants to bypass backlog and priorities and discuss "just one small thing to be done this sprint"
  • Tickets are too big to estimate well yet feel wrong or very tedious to split up further
  • During Planning Poker: Estimates vary depending who would work on the ticket
  • Estimating something as 2, 3, 5 or 8 does not get trivial and does not correlate to time put in well (because of things not taken into account that turn out later)

Retrospective Meetings

  • No one feels like reporting anything for any of "went well", "went bad", "should be improve"; consensus is "business as usual, nothing special"
  • Notes are just filed and not acted upon outside the team
  • Constant struggle with telling "went bad" apart from "should be improve"

Review Meetings

  • Stakeholders are not really interested to hear about see things done
  • Preparing to demo during review takes a considerable amount of time (that does not seem to match value)

In General

  • Tickets are often not ready-to-be-implemented
  • Big topics (like architectural changes, updates of unsupported dependencies, decrease of technical depth) are procrastinated for month, rather than being addressed
  • Team velocity does not stabilize for months (due to: sick leave, vacation, frequent change of members)
  • Velocity is measured without taking (varying) total team hours into account
  • Product owner does not help with decisions, rather mirrors questions back to developers
  • Incidents produce new tickets that take priority and go into a sprint, directly
  • Some team members want to improve the process (and take it seriously) while others consider that a waste of time (and take as "just a tool")
  • Some team members care a lot about avoiding over-commitment while others are tending towards "we'll get done, what we'll get done"

Sounds familiar? Sounds very unfamiliar? Let me know

A look at Python Static Site Generators

A Few Words of Introduction

I had a look at available static site generators not too long ago and took some notes on the go so that I wouldn't evaluate once more if I needed yet another solution later. WordPress was still powering my blog and with dynamic PHP code that felt more and more like a bug that I wanted to get rid of.

Inspecting projects took me a bit of time so maybe I can save you some by sharing my findings. For some projects, I stopped further investigation rather quickly, so please don't expect a complete evaluation of every single of these projects.

My Requirements

I was looking for a static site generator with the following requirements:

  • Written in Python (so that contributing bugfixes is an actual option)
  • Supports Markdown or AsciiDoc syntax for posts (not YAML, HTML, rst, JSON)
  • Has one or more polished, responsive theme
  • Is still maintained, e.g. has a recent latest release
  • Is suited for both a blog and non-blog documentation-like content (so that I don't need another tool again for a slightly different case next time)
  • Bonus: Has wordpress import
  • Bonus: Has incremental builds
  • Bonus: Is already packaged in major GNU/Linux distro X

Here's what I found, with projects in alphabetical order:

Candidates

Acrylamid

  • Officially unmaintained
  • Latest release four years ago (2014-09-11)
  • 39 open issues
  • Stopped at that point, next.

Cactus

  • Latest release over two years ago (2016-02-21)
  • 85 open issues
  • Stopped at that point, next.

Complexity

  • Latest release six years ago (2013-12-03)
  • 19 open issues
  • Uses HTML and JSON for input, next.

Grow

  • Latest release just a few days ago
  • Seems unnecessary complex, documentation does not get to the matter fast enough
  • Stopped at that point, next.

Hyde

  • Latest release three years ago (2015-11-09)
  • 49 open issues
  • Does not manage to get their own website fixed from loads of dead links, also check issue #12 with zero progress on that very topic
  • Stopped at that point, next.

Lektor

  • Latest release about two month ago (2018-09-07)
  • Markdown syntax
  • Seems more like build-everything-yourself rather than text-and-go
  • Available themes do not look polished enough to me
  • Next.

MkDocs

  • Latest release about two month ago (2018-09-07)
  • Markdown syntax for posts
  • Some simple but clean themes
  • Targetting documentation a lot more than blogging, I feel — next.

Nikola

Pelican

  • Latest release more than a year ago (2017-10-01)
  • 72 open issues
  • Supports Markdown and AsciiDoc syntax (besides reStructuredText)
  • Support for import from WordPress
  • Quite a few themes of mixed quality, not easy to find a responsive one (like chameleon)
  • Ended up giving that a try at the website of libexpat.

prosopopee

  • Latest release a few months a go (2018-03-28)
  • 12 open issues
  • Seems focused on image-centered websites
  • Stopped at that point, next.

QPage

  • Latest release soon two years ago (2017-01-31)
  • 0 open issues, only 1 issue filed ever
  • Weird samples, weird website
  • No real documentation
  • Stopped at that point, next.

Sphinx

  • Latest release only hours ago
  • Markdown syntax possible
  • Great fit for documentation, less suited for blogging on its own; might work combined with:
  • I want a single thing though — next.

Statik

  • Latest release a few days ago
  • Seems to have a single theme, only
  • Rendering the blog example ends up unthemed and with absolute, broken file:// links — next!

Tarbell

  • Latest release about a year ago (2017-10-31)
  • Weird tutorial using Google spreadsheets, next.

Urubu

  • Latest release a few months ago (2018-08-15)
  • 21 open issues
  • Markdown syntax for posts
  • Still used by websites listed using Urubu
  • Only a single theme (if we ignore support for Bootswatch)
  • Has potential, feels too small as of yet — next.

wok

  • Latest release more than four years ago (2014-04-30)
  • 34 open issues
  • Stopped at that point, next.

If you have comments on these evaluations, please drop me a mail.

Thanks, Sebastian

uriparser 0.9.0 released, includes security fixes

Earlier today uriparser 0.9.0 has been released. Some highlights of version 0.9.0 include:

  • Security fixes for issues uncovered by the Google Autofuzz team

  • Support for custom memory managers for when libc calloc, free, malloc, realloc, reallocarray are not a good fit to your scenario

  • New uriParseSingleUri* convenience functions to simplify user code

  • Full support for strict C89 restored and enforced by CI

I cannot over-emphasize how helpful AddressSanitizer has been in making this new release. If you get stuck while writing a custom memory manager, please check out helpers uriTestMemoryManager and uriCompleteMemoryManager.

For more details please check the change log.

Last but not least: If you maintain uriparser packaging or a bundled version of uriparser somewhere, please update to 0.9.0. Thank you!

uriparser 0.8.6 released

A few days ago uriparser 0.8.6 has been released. Version 0.8.6 is a bugfix release including a nasty bug that has potential to crash applications when parsing certain URIs (e.g. //:%aa@). For more details please check the change log.

If you maintain uriparser packaging or a bundled version of uriparser somewhere, please update to 0.8.6. Thank you!

Expat 2.2.6 released

Expat 2.2.6 has just been released. Besides improvements to the build system, 2.2.6 is a bugfix release. For more details, please check out the changelog.

If you maintain Expat packaging or a bundled version of Expat somewhere, please update to 2.2.6. Thank you!

Sebastian Pipping

Upstream release notification for package maintainers

Repology is monitoring package repositories across Linux distributions. By now, Atom feeds of per-maintainer outdated packages that I was waiting for have been implemented.

So I subscribed to my own Gentoo feed using net-mail/rss2email and now Repology notifies me via e-mail of new upstream releases that other Linux distros have packaged that I still need to bump in Gentoo. In my case, it brought an update of dev-vcs/svn2git to my attention that I would have missed (or heard about later), otherwise.

Based on this comment, Repology may soon do release detection upstream similar to what euscan does, as well.