Duplicated code bloats a code base and is a breeding ground for defects. It's costly! Code that's hard to understand is hard to modify and extend. It too is costly. There are many more examples of costly software design.
I think we can all agree that poor design incurs costs.
So why do we call poor designs code smells? I've gotten to a point where I find that "cost" is a better term than "smell."
Code Costs. Duplicated code costs. Obscure code costs, etc.
Everyone, no matter if they are technical or non-technical, a maker or a manager, can understand the term, cost. The same is not true for smell. Cost is a ubiquitous word, an idea that a whole team can discuss and manage together.
Posts, page 1 of 4
I had two exiting days at State of Open Con 2025. I had the honour of volunteering an afternoon shift on day 1 and a morning shift of day 2. I was lucky enough to help out in rooms both days, so as well as running around with microphones, counting people and making things ran smoothly and to time, I got to listen to more talks than I'd hoped for. Thank you volunteering scheduling gods!
Here's a few things that stood out to me:
- There's a growing sovereignty risk for European countries heavy reliance on US cloud providers. European cloud providers market share continues to go down. EU want to reverse this trend, with a focus on open source solutions. Interestingly UK Gov has confirmed multi-region cloud is fine.
- open source suffers from toxic behaviour and drama (see some examples). Some recommendations: have a strong code of conduct in place, be consistent in applying it and transparent in its use.
- Great security (particularly supply chain) resources and stuff to get involved with at CD.Foundation, Cloud Native Computing Foundation (Cloud Native Landscape is a fun way to realise software is very complicated these days!), OpenSSF's projects provide security tooling and best practices galore (I particularly like the Best Practices project), all of which are particularly helpful in securing your software supply chain, SLSA is about verifying provenance. And not forgetting OWASP's projects.
- People like Lord Nat Wei are pushing for open government "finish what the internet and open source started by open sourcing politics and government"
- In the global south, understanding of open-source development model is limited, accustomed to traditional vendor relationships providing software, and cloud deployments are rare for production (partly because the well-known cloud vendors don't have data centres in many global south countries)
Here's some recent laws I learnt about:
- EU Cyber Resilience Act and the forthcoming UK Cyber Security and Resilience Bill
I've set up https://garden.rowlando.dev to publish some of the notes I make in Obsidian. Thank you to Wanderloots for making a concise, informative video to guide me through the Obsidian Digital Garden plug-in.
Behind the scenes the plug-in uses Eleventy, the static site generator I use for this website. The plug-in publishes to GitHub, Netlify kicks off a build process and then deploys the website.
This is all for free. The only thing I pay for is £10 a year my domain name.
# #digitalgarden in posts
Confirmation bias is the essential engine of AI training. The weight given to an outcome that deems it “most likely” doesn’t come from reason, but confirmation bias.
AIs with confirmation bias are also notoriously opaque - decisions are made quickly and confidently, but never justified. The closest you might get to an explanation is a vague indication that some input resembles past inputs. This is of course how prejudice and intolerance work: the only explanation is “everyone just knows this is true.”
Mandate the publication of a standard set of APIs and events by public sector organisations. Starting with an expectation that every new service in central government departments will have an open API.
# #government in quotes
What distinguishes software architecture from coding and design? Many things, including the role that architects have in defining architectural characteristics, the important aspects of the system independent of the problem domain. Many organizations describe these features of software with a variety of terms, including nonfunctional requirements, but we dislike that term because it is self-denigrating. Architects created that term to distinguish architecture characteristics from functional requirements, but naming something nonfunctional has a negative impact from a language standpoint: how can teams be convinced to pay enough attention to something “nonfunctional”? Another popular term is quality attributes, which we dislike because it implies after-the-fact quality assessment rather than design. We prefer architecture characteristics because it describes concerns critical to the success of the architecture, and therefore the system as a whole, without discounting its importance.
An architecture characteristic meets three criteria:
- Specifies a nondomain design consideration
- Influences some structural aspect of the design
- Is critical or important to application success
Source: Mark Richards and Neal Ford. Software Architecture 2024 V2 . Kindle Edition.
# #architecture in quotes
For work I have a mandatory secure development course that includes a web security lab. PortSwigger has a broad array of details topics on web security covering the ones you'd expect but also advanced, newer topics like Web LLM attacks.
One thing I did learn was that, even though I have multi-factor authentication set up for AWS, it's not truly multi-factor. I use a password and a passkey but they both are provided by password manager using my fingerprint. It's very convenient though. Maybe I should continue getting a second factor from my phone's authenticator app, which is slightly more time consuming, but more secure.
Here are a few way I explore CSV files, with DuckDB being a new entrant.
CSVKit
I find myself working with CSV files these days. I sometimes need to look around inside. For 10s of rows, a text editor will do - I just use VS Code. csvlook from csvkit is great too.
The following command will allow me to scroll through the first 500 lines of a file. The --no-inference flag informs csvlook to not infer data type and format values accordingly.
head -n 500 yourfile.csv | csvlook --no-inference | less -S
Sometimes I find myself needing to filter out rows. The following command will filter rows based on the presence of \\N in any of the columns between 1 and 12, and output the inverse (-i) results (good data) to a file.
csvgrep -c 1-12 -m "\\N" -i -a file_with_unwanted_data.csv > file-with_unwanted_rows_removed.csv
SQLite
Sometimes I want to explore the file a bit and csvkit tools becoming a bit unwieldy. SQLlite is perfect for the job. Remember, SQLite is included in macOS and Mac OS X by default, so sqlite-utils will just work once installed.
This command switches to CSV mode and imports the CSV file into a table called prices:
sqlite>.mode csv
sqlite>.import prices.csv prices
Julia Evans mentioned sqlite-utils in her blog post sqlite-utils: a nice way to import data into SQLite for analysis It's another tool from the prolific Simon Willison.
The following command installs sqlite-utils and uses it to create a new databases called prices.db (sqlite is a file-based database) with a table called prices with records inserted into the table from the CSV file:
brew install sqlite-utils
Once installed, you can import with this command:
sqlite-utils insert prices.db prices prices.csv --csv
With large files, Simon notes sqlite-utils can be slower compared to using SQLite directly. You can import JSON and other formats just as easily.
Once you have a SQLite database, use standard SQL to query.
DuckDB
I just listed to a podcast on Software Engineering Daily about DuckDB. The founder, Hannes Mühleisen, makes a claim that the DuckDB team have inadvertently built the worlds best CSV reader.
duckdb -c "select * from read_csv('prices.csv')"
DuckDB doesn't need to ingest the data into its database engine. There are clients for various programming languages. And you can read from many different data formats beyond CSV. Paul Gross has started to use DuckDB as a replacement for jq.
Complexity is the gotcha of event-driven architecture. David Boyne talks about the inevitable complexity of EDAs at part of GOTO's most recent EDA Day.
What was new to me was the The project paradox which is summed up by the question "Why do we take the biggest decisions at a time when we have the least knowledge?".
EDAs ease this because they are evolutionary by nature but can get complex quickly if not managed, which you do by documenting your events and architecture.
programming for kids. Borislav has been teaching his 10 year old daughter how to code. He views programming as something to be literate in, not something to have a career in necessarily. I agree. I wonder how E will respond if I try to teach him a bit every day. Borislav has kept a record of each day's lesson. He has managed to teach on 403 days so far! Wow, what a gift to his daughter.