dandi8
@dandi8@fedia.io
- Comment on Telegram says it has 'about 30 engineers'; security experts say that's a red flag 5 hours ago:
Interesting! Out of curiosity, what is the source? Is there a breakdown per role?
- Comment on Telegram says it has 'about 30 engineers'; security experts say that's a red flag 12 hours ago:
It's no more a risk than throwing more developers at it when they're not needed.
“Too many devs“ can, and often is, a significant bottleneck in and of itself. The codebase may simply not be big enough to fit more.
Besides, I still don't see what all those additional engineers would actually be doing. "Responding to incidents" presupposes a large number of incidents. In other words, the assumption is that the application will be buggy, or insecure enough, that 30 engineers will not be enough to apply the duct tape. I stand by the claim that an application adhering to modern standards and practices will not have as many bugs or security breaches, and therefore 30 engineers sounds like a completely reasonable amount.
- Comment on Telegram says it has 'about 30 engineers'; security experts say that's a red flag 15 hours ago:
I have no idea why you're even bringing up OT. We're not talking about PLCs or scientific equipment here, we're talking about glorified web apps.
Web apps that need to be secure and highly available, for sure, but web apps all the same.
- Comment on Telegram says it has 'about 30 engineers'; security experts say that's a red flag 18 hours ago:
I have never, in my decade as a software dev, seen a role dedicated to "making sure unit tests stay functional, meet standards and fixing them". That is the developer's job, and the job of the code review.
The tests must be up to standards and functional before the functionality they're testing gets merged into main. Otherwise, yes, you may actually need hundreds of engineers just to keep your application somewhat functional.
- Comment on Telegram says it has 'about 30 engineers'; security experts say that's a red flag 18 hours ago:
Even if you have a full-time role for continuously auditing the infrastructure, you still didn't show how that needs a 15-person team, and an otherwise-untouched infrastructure should just keep on working (barring sabotage), unless someone really messed something up.
- Comment on Telegram says it has 'about 30 engineers'; security experts say that's a red flag 1 day ago:
This sounds like the devs are personally, sword and shield in hand, defending the application from attacks, instead of just writing software which adheres to modern security practices, listening to the Security Officer and occasionally doing an audit.
- Comment on Telegram says it has 'about 30 engineers'; security experts say that's a red flag 1 day ago:
This comment smells of outdated software development practices.
- Comment on Telegram says it has 'about 30 engineers'; security experts say that's a red flag 1 day ago:
If you have separate developers for writing unit tests, and not every developer writing them as they code, something is already very wrong in your project.
Deployment and infra should also mostly be setup and forget, by which I mean general devops, like setting up CI and infrastructure-as-code. Using modern practices, which lean towards continuous deployment, releasing a feature should just be a matter of toggling a feature flag. Any dev can do this.
Finally, if your developers are 'code monkeys', you're not ready for a project of this scale.
- Comment on Telegram says it has 'about 30 engineers'; security experts say that's a red flag 2 days ago:
There are good reasons to dislike Telegram, but having "just" 30 engineers is not one of them. Software development is not a chair factory, more people does not equal more or better quality work as much as 9 women won't give birth to a baby in a month.
- Comment on Open-Source, Language-Agnostic Mutation Testing Tool Using LLM Agents 1 week ago:
Regarding mutation testing, you don't write any "tests for your test". Rather, the tool modifies your production code to see if the modification will be caught by any of your tests.
- Comment on Open-Source, Language-Agnostic Mutation Testing Tool Using LLM Agents 1 week ago:
On the one hand, mutation testing is an important concept that more people should know about and use.
On the other, I fail to see how AI is helpful here, as mutation testing is an issue completely solvable by algorithms.
The need to use external LLMs like OpenAI is also a big no from me.
I think I'll stick to Pitest for my Java code.