Felix Crux

Technology & Miscellanea

Tags: , ,

The problem with getting a pile of comments from a “360 feedback” peer review process with your coworkers is that whatever is written is usually not Truth (with a capital “T”). It’s not that anyone is lying, but rather that the feedback you receive is the final output of a sequence of multiple lossy steps. To discern the signal within the noise, we have to try to work backwards through those stages and apply interpretation and judgement to reverse the distortion and extract useful meaning.

By the time you’re reading a comment from a feedback document, it’s pretty far from being a direct line to objective universal Truth. It actually represents (1) someone’s phrasing of (2) an opinion that is in their mind, derived from (3) their preferences, opinions, and past experiences being applied to (4) their interpretation of events they’ve observed/data they’ve gathered, which are drawn from (5) the limited subset of your actions that have been visible to the feedback author. Phew — that’s a mouthful of a sentence. No worries if you need to re-read it a few times for it to make sense.

Tags: ,

Whether or not to regularly spend time and effort upgrading dependencies can be a contentious topic on development teams. Advocates argue that not doing the work allows tech debt and bitrot to accumulate, while opponents accuse them of chasing new-and-shiny novelties while ignoring what’s actually valuable to the product. Despite what feels like an unending amount of time spent on the churn of upgrades, security teams still struggle to get risky old dependencies patched, and developers complain about using deprecated tools.

After being burned several times by excruciatingly tedious forced upgrades of vulnerable or broken legacy codebases, I’ve come down firmly on the side of favouring frequent updates — with plenty of flexibility and some caveats.