a blog by Sara Farquharson

what i'm reading: February 2

Hit the point where I need to start adding metadata to individual links, because I’ve posted enough reading lists that I can’t reliably remember where to find a particular article I want to go back to! Started looking at Hugo data templates but won’t have time to play with it for a while. In the meantime, more unordered lists:

Current Books

  • Started on Safiya Umoja Noble’s Algorithms of Oppression: how search engines reinforce racism with some trepidation, but so far it is neither overwhelmingly depressing nor devoid of new information about algorithmic failures. Still a little depressing tho.

  • Finally pulled Martin Kleppmann’s Designing Data-Driven Applications off the to-be-read pile and already enjoying the tone! I think this’ll be a faster read that Systems Performance because I’ve studied a bit of distributed systems design already, and Kleppmann promises to stay pretty high-level.


  • This older article from Christopher Allen about natural thresholds to community sizes goes much deeper than the casual references to Dunbar Number I’ve seen before, and provides an interesting way to think about communities!

  • Still haven’t gotten around to writing any tech talks, but Nina Zakharenko’s Ultimate Guide to Memorable Tech Talks has some very useful pointers for the whole process, including my sticking point: choosing a topic.

  • Also looked at Phil Nash’s summary of how to find CFP’s for developer conferences but it still sounds exhausting.

  • I feel like Marc Brooker was on to something with this twitter thread attempting to define the different things people mean when they talk about “containers” but to an outsider like me it was still a little opaque. Still thinking about it.

  • Clint Gibler (whose summary of AppSec Cali 2019 delighted me a few weeks ago) posted the slides from his talk at AppSec Cali 2020 talk An Opinionated Guide to Scaling Your Company’s Security. There is so much content here I feel like the talk must be two hours long, but I still want to watch it now. And also read all of the embedded links.

    • I’ve heard about Repokid before but now it reminded me of a coworker’s question at lunch the other day so I read the Netflix tech blog post about it
    • Gibler also mentions Salesforce’s Policy Sentry in the same “automated IAM permissions” space, so read that too
  • Learned something weird about bash

  • James Ma talks about the Lean concept of build-measure-learn and how it can lead to negative feedback loops but in my opinion doesn’t really stick the landing of…what to do about it? I think my takeaway is that any process introduced to improve a team can backfire and you have to think critically about what impact it’s actually having.

  • I’ve been intrigued by Coraline Ehmke’s Ethical Open Source Movement, but am not precisely versed in the minutiae of open source licenses. I found it interesting to read Christie Koehler’s critique of the approach for context on why Ehmke’s work is apparently controversial. I still fall on the side of not wanting software I write to be used for things I consider evil, so I will keep watching.

  • Breanne Boland wrote about how she moved from an SRE to an Application Security Engineer role. I found the most interesting part to be her detailed description of how she prepared for the interview. I hadn’t seen anyone talk about that kind of systematic approach before.

  • Paul Ionescu’s Secure Code Review 101 series has a lot of good info, but I was hoping for a genuine 101-level guide that I could use as teaching materials for someone unfamiliar with secure coding and this isn’t quite it.

  • This editorial guidelines for writing a compelling technical blog post piece by Maureen McElaney is more of a random grab-bag of tips than I expected when I clicked on it, and some of those tips are very specific to the editorial preferences of a single publication. Regardless I saw some good advice in there.

  • I haven’t used a feed reader in many years, but Jason McIntosh’s review of Fraidycat intrigues me as a way to both consolidate my reading sources and not get sucked into the endless vortex of More Content.

  • Bonnie Eisenman does a good job defining different types of work developers do including “exploratory work”, in a way that both makes me feel validated for not having checked in any code in ages, and also that I am doing exploratory work wrong and need to improve.

  • This Engineer’s Guide to Career Growth interview with Raylene Yung has some insightful advice both for growing as an engineer and on becoming an engineering manager.

  • Tanya Janca provides advice for when a vulnerability isn’t a vulnerability, which is a good thing to keep in mind when making or receiving vulnerability reports.