Skip to content


Links for 2019-07-15

  • Reviewbot

    posts GitHub pull requests that are ready to be reviewed into Slack. How does it know when a pull request is ready? We have a special label in our repositories, aptly named READY TO REVIEW (all caps so it’s easier to spot). When a pull request is ready for review, the author adds this label to their PR to mark it as finished. Meanwhile, all pull requests without this label are seen as works in progress and shouldn’t be reviewed. Next, an engineer can pick from the READY TO REVIEW pull requests and start reviewing — all code changes at PSPDFKit get reviewed by at least one other person. After the review is done, the pull request author incorporates the feedback and merges the PR.

    (tags: github reviews code-review slack integration team)

  • Details of the Cloudflare outage on July 2, 2019

    Great writeup from jgc. Worth noting some important lessons: * config changes should be rolled out carefully and gradually, just like code; * particularly regexps, which are effectively code anyway; * emergency-use rollback systems need to work, of course!; * having emergency-only systems is a risk, too, since infrequently-used code paths are likely to atrophy and break without anyone noticing (as nsheridan said); * /.*/ in a regexp is pretty much always bad news, and would have been worth a linter to catch before commit.

    (tags: cloudflare outages regex postmortems regexps deployment rollback via:jgc)

  • The Configuration Complexity Clock

    This, so much this…..

    Frustratingly there are still some business requirements that can’t be configured using the new [post-config-file] rules engine. Some logical conditions simply aren’t configurable using its GUI, and so the application has to be re-coded and re-deployed for some scenarios. Help is at hand, someone on the team reads Ayende’s DSLs book. Yes, a DSL will allow us to write arbitrarily complex rules and solve all our problems. The team stops work for several months to implement the DSL. It’s a considerable technical accomplishment when it’s completed and everyone takes a well earned break. Surely this will mean the end of arbitrary hard-coded business logic? It’s now 9am on the clock. Amazingly it works. Several months go by without any changes being needed in the core application. The team spend most of their time writing code in the new DSL. After some embarrassing episodes, they now go through a complete release cycle before deploying any new DSL code. The DSL text files are version controlled and each release goes through regression testing before being deployed. Debugging the DSL code is difficult, there’s little tooling support, they simply don’t have the resources to build an IDE or a ReSharper for their new little language. As the DSL code gets more complex they also start to miss being able to write object-oriented software. Some of the team have started to work on a unit testing framework in their spare time. In the pub after work someone quips, “we’re back where we started four years ago, hard coding everything, except now in a much crappier language.”
    (via Oisin)

    (tags: configuration scripting dsls script config rules-engines rules via:oisin dsl coding hard-coding)

  • Palantir’s Top-Secret User Manual for Cops

    The Palantir user guide shows that police can start with almost no information about a person of interest and instantly know extremely intimate details about their lives. The capabilities are staggering, according to the guide: If police have a name that’s associated with a license plate, they can use automatic license plate reader data to find out where they’ve been, and when they’ve been there. This can give a complete account of where someone has driven over any time period. With a name, police can also find a person’s email address, phone numbers, current and previous addresses, bank accounts, social security number(s), business relationships, family relationships, and license information like height, weight, and eye color, as long as it’s in the agency’s database. The software can map out a person’s family members and business associates of a suspect, and theoretically, find the above information about them, too. All of this information is aggregated and synthesized in a way that gives law enforcement nearly omniscient knowledge over any suspect they decide to surveil.

    (tags: police surveillance palantir creepy grim data-privacy privacy)

  • Ireland putting profit before people with genomic medicine strategy

    From David McConnell and Orla Hardiman at TCD:

    Much of the medical information sought by GMI [Genomics Medicine Ireland] has been collected from patients in public hospitals funded by the exchequer at great expense […]. Clinicians are being contracted and asked to obtain consent from their patients to transfer clinical information to GMI, along with a tissue sample for WGS [Whole Genome Sequencing]. We understand GMI will pay for the additional hospital clinical costs required for the project. It will obtain the full genetic code for each patient (WGS), and it will analyse all the data. For the most part …. there is minimal tangible benefit to the patient who participates in this programme. It is important to realise that GMI will own all the clinical and WGS data that they have acquired from the health service, which is of considerable commercial value. GMI will also have complete control over the research and any outcomes. Participating patients do not appear to have access to their data held by GMI – and there does not seem to be a “right to be forgotten”, despite the commercial nature of the enterprise. Moreover, the genomic and clinical data may also be transmitted outside of the European Union, and thus will not be protected by the stringent data-protection laws within the EU.[….] The Government has made a very big investment in GMI. There may be a view that it is not necessary to provide any additional public investments in genomic medicine in Ireland. However, to those of us who care about the longer-term development of genomic medicine in Ireland, this would be a seriously short-sighted approach. One person in 20 will develop a genetic disorder in their lifetime and half of the Irish population will experience a form of cancer. These and many other patients should be able to benefit from a publicly-available genomics project that can drive new medical care in Ireland. Genomic medicine is here to stay. We urgently need a properly governed genomics programme in Ireland that will ensure that Irish genomics remains within the public (non-commercial) domain, and that data obtained from Irish citizens will be used to benefit the entire Irish population.
    (via Aoife McLysaght)

    (tags: gmi wgs genome open-data data-privacy gdpr privacy health medicine ireland genomics)

  • Rossa McMahon re GMI

    Rossa McMahon with a twitter thread on the legality of GMI’s genomic data collection program in Ireland:

    GMI is a big, expensive company. It announced planned investment injection of $400m last year. It is engaged in a hot industry – hot because of investor interest and hot because of regulatory/ethics concerns. GDPR is not new. It has been known since 2016. Data protection law is not new. It has been known since 1988. The impact of these laws on genetic data collection & use is not a surprise. So if you have a $400m+ business and this is a key business issue, you have taken advice. And you have, no doubt, been in a position to take that advice from some of the best and/or most expensive advisors available. Assumptions are dangerous, but I think it is fair to assume this has happened. So read the story again. Would you be looking for repeated meetings with [Department of Health], answers to questions on regulatory matters and assurances from the State, if you had legal advice of your own to the effect that you are operating or can operate as your currently are?

    (tags: gmi genomics genetics data-privacy privacy gdpr ireland)