Maintainer burnout and package security

Write Every Day

personal meta suggest edit

My head is crammed with ideas just jostling to see the light of day. I imagine them pounding the inside of my cranium screaming LET US OUT!. And in response, I say the same thing I always say. Not yet. It’s counter productive.

Read More

Better Security Through Package Fingerprints

It seemed like an innocuous enough update. Someone yanked bootstrap-sass ruby gem version 3.2.0.2 and published 3.2.0.3. Ruby gems more or less follows the SemVer versioning scheme (albeit with an extra version number). An increment of the patch number communicates that this release should be a safe bug fix update. The command, bundle update --patch, should be safe as it updates to the next patch version which should be safe.

Read More

Package Author Identity through Social Proofs

Why NuGet Package Signing Is Not (Yet) for Me

Strap in for a rollicking exploration of the NuGet package signing feature. What is the feature and what is it good for? And does it live up to its purpose? Yes, my friends, I know how to party.

Read More

Managing Risk

Every project risks failure to some degree or other. There’s the risk of delivering late. The risk of not being able to deliver at all. Or the risk that when you do deliver, it solves the wrong problem. It’s a risky business, but not the kind with Tom Cruise lip-synching in his underwear. When you work on a project, it’s important to be aware of and manage risk. There are several good tools for doing this.

Read More

Include my Git Aliases

git aliases suggest edit

I’m a big fan of Git aliases as a means of improving your developer workflow when using Git. They are great for automating common tasks. They also can help make sense of the byzantine set of options Git has.

Read More

SemVer's New Maintainers

semver suggest edit

For several years now, I’ve been the maintainer of the SemVer specification. It’s been an honor and privilege to be in this position. But I’ll be honest, it’s also an enormous responsibility and a big pain in the ass. This is why I’m happy to say that I am stepping down as the maintainer of SemVer and passing the torch to a team of maintainers better suited to direct its future. Now the pain (and honor, don’t forget the honor) can be distributed among multiple people, and not focused on just one.

Read More

New Year, New Job

GitHub had about 50 employees when I joined back in December 2011. Seven years later, it blew past 950 people and Microsoft acquired it for $7.5 Billion. What would you say if I told you it could have been way more valuable than that?

Read More

Increase your giving by 50% for free

What if I told you there’s a way you can increase your giving by up to 50% or more (depending on your tax bracket) at no cost to you? For every dollar you put in, you’d have $1.50 to give to a charity of your choice? Interested? Read on then.

Read More

Phil Haack is no longer a GitHubber

personal work suggest edit

It used to be a tradition at GitHub to announce new hires with a blog post with the pattern, “So and so is a GitHubber.” Each post would be accompanied by an image.

Read More

Steal My Blog Design

A name like Haack does not make me destined to win awards as an outstanding designer. I’ve come to grips with that. I’m not terrible, mind you. I’d say my skill level is somewhere in the ballpark of slightly above Geocities and closely approaching the aesthetics of Craigslist, on a good day.

Read More

An adventure in CSS with column lists

css design suggest edit

Sit back and relax as I regale you with a harrowing account of trying to do something straightforward with CSS. Ha! Straightforward. How silly was I to think that. As they say,

Read More

The Problem of Package Manager Trust

nuget security suggest edit

UPDATE April 3, 2019 Several years after I wrote this post, NuGet added a package signing feature. I wrote a blog post that takes a close look at the feature.

Read More

Land that first programming job

How does a person land their first job as a developer these days?

Read More

Caribbean Developer's Conference

Picture a developer’s conference held at a resort on a tropical island. What comes to mind? An endless supply of Piña Coladas? Sand abrasions in all the dark crevices of your body? Or perhaps, if you’re a developer, you imagine sitting on the beach, staring out at the ocean as a nice respite between sessions.

Read More

Abolish Performance Reviews

Who doesn’t love the smell of performance reviews in the morning? A smell welcomed by employees and managers alike with joy and delight. An efficient ritual that is fair and definitely motivates everyone to improve. A ritual that no one doubts is worth the investment of time and energy.

Read More

Comments for Jekyll Blogs

If you are a long time reader of my blog, you might notice something different starting today. No, the content hasn’t gotten any better. What’s new is the comment system.

Read More

Scientist.NET 2.0 Release

I have some big news! Scientist.NET 2.0 is now available on NuGet.

Read More

PR information at your fingertips

The Information Industry Association adopted the motto “Putting Information at Your Fingertips” way back in the hazy days of the 1970s. However it was during a 1990 Comdex keynote (you can watch a scratchy VHS recording of it on YouTube), when a relatively young Bill Gates articulated a vision to bring that idea to reality.

Read More