TL;DR: we’ve just released Preflight, a CI tool against supply chain attacks that stops attacks like the recent Codecov hack:

It’s been a few weeks since the CodeCov hack sent ripples across the software development industry. One of these ripples was an increased awareness of supply chain attacks and the risks they present. That said, it’s easy to see that this awareness is not yet implemented as a best practice in the field.

Teller is an open source secrets management tool for developers built in Go, that helps you manage, protect, and fix problems in your code and security posture when it comes to your vaults and key stores. It also lets you control all of your stores in one place, in a secure way.

The further down the line we discover a software defect — the more it costs to fix and recover from it, whether it’s a bug that leads to visual error like a spacecraft crash or a more day-to-day bug, human error, or plainly scale issues, that leads to a service being down.

Source: Schiaparelli Impact Site on Mars, in Color

In fact, there’s plenty of research and writing about software bugs, their cost, and their real cost. A few examples you can find here, here and here.

As an industry having to ship software faster and faster each day with…

To be able to troubleshoot Rust compilation, we first need to understand in a rough cut how it works. The goal is to give you a map that will be easy to remember, and be operational rather than highly detailed and academic.

Think of it as a kind of an 80/20 rule set for the first steps you should do when you are trying to handle a slow build that’s unacceptable. …

Github Actions make a compelling option if one of your main challenges are to build binaries over wide array of platforms such as Linux, Windows, and macOS.

While the difference between a Linux and a given macOS in terms of build aren’t significant (we’ll see how they can become significant actually), Windows and especially how to get to a nice Rust build on Windows using MSVC require an investment on your part.

For the most part the Rust cross-compilation toolchain holds its weight well when you’re looking to build for various architectures, but we’ll see a few cases where you’re…

styled-components created a new standard for how we do CSS-in-JS. It introduced a sweet spot between writing CSS and React components, and it looked like this:

With this new API you could:

  • Use something that looks like CSS, using the new template literal feature from recent ECMAScript versions
  • Create atomic-feeling React components
  • Still preserve flexibility with access to props and use them through out the template literal freely

Lightscreen is one component out of the Spectral platform for Kubernetes. It’s a modular admission controller toolkit for Kubernetes built in Go for Go developers.

A Word About Admission Controllers

I’ve just finished my book, working on it on and off in the span of the last 3 years, I finally had the chance to invest some serious time to gather all of the notes, half-baked texts, drafts, and go through the painful process of producing something that I can be proud of.

Here are a few excerpts of the chapter titled: “Flow”

Low Energy

How effective you are with your work and tasks depends on your mental state. Ever wake up for an alert being on-call and tried to troubleshoot an incident? It’s one of those memories that tend to…

Testing, test strategies and tooling change often. Eight years ago we were all drinking the BDD coolaid, dreaming about our Product Managers writing our specs in Cucumber while we just happily write the code that makes them pass.

It took the testing world by a storm. But then it stopped.

Formation is a generic functional middleware infrastructure for Python.

With Formation, you can build production-grade software — whether you want to build resilient, circuit-breaker infused and operable HTTP clients, HTTP services, or easily apply best practices and standards to other kinds of software to be flexible, composable, and maintainable.

Although not tied to a web service framework, it takes inspiration from Ruby’s Rack middleware, and Node’s connect. In the context of Python, you can think of it as a higher-level abstraction or “WSGI over anything”.

The Pipeline Abstraction and Functions

A graphics pipeline in digital cameras often helps perform these (photography connoisseurs may notice it’s…

Dotan Nahum

@jondot | Founder & CEO @ Spectral. Rust + FP + Hacking + Cracking + OSS. Previously CTO @ HiredScore, Como, Conduit.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store