Gosh, this week has been busy. It’s been short, which I suspect is a reason why it feels so busy. But I’m also feeling the pressure of being the only technical person across many different places.

MiSc

The next module kicks off next week. I continue to be the person organising things, though some of the new starters (the programme has two start dates, October and April) are already self-organising into study groups. No exam results yet, so I continue on, entirely convinced I’ll be retaking at least one exam.

I’ve decided to pick a random page from my notes to show off (and to make sure I update, if the notes are no good). The script is:

import os
import random

def random_file():
  files = [os.path.join(dp, f) for dp, dn, fn in os.walk(os.path.expanduser("./")) for f in fn if f.endswith("md")]
  print(random.choice(files))

This week’s random page from my notes is injection, which at time of writing has…no content. But it is linked to from the OWASP Top Ten page and week 07 of CYM050 which…also has no content.

Alright, at least I know what I’m doing this weekend!

Work

I’ve picked up a new and database-y sort of problem. My biggest customer wants to be able to group data up, except they want to be able to do it in an app whose communication with the database is mediated through an API. All of this means I’m writing up a design document and thinking out loud as I go. I think there are a few requirements I’m going to have to challenge, because given how many people are on the team (just me, for now), there’s a limit to what I can actually do.

Separately, I’m thinking about abstraction and where we put it. For context, I’ve got a great big dataset – let’s suppose it’s the tally of ‘good’ and ‘bad’ actions. Yeah, I’m subcontracting for Santa. Those tallies are being updated all the time, and Santa wants to chunk up his deliveries and his present-offering. Say: more than 1000 good points, more than 1000 bad points, and everyone above a 50-good-point differential. So we have rules and a task that needs to be run fairly frequently.

So this information – these rules – they have to go somewhere. I can put them in the database and extract them that way.

class Group:
  name: str
  rule: dict

rule = {"good_points__gte": 1000}
good_group = Group(name="more-than-1000", rule={"good_points__gte": 1000})

# and then filter the Children
Children.objects.filter(**good_group.rule)

But this means that changing the rules means accessing the database. Changing a production database by hand is generally considered a Bad Thing, so instead access is mediated through an interface. I can try to control that, but there is a small risk that some tiny hacker will be able to change the ‘good rule’ to include 100% of children. Santa will not be happy with that. Additionally, if these test are run very frequently, these database reads are going to get very computationally expensive. Additionally, these filter criteria are quite simple, and are pretty much hard coded. Writing a rule for a 50-good-differential is pretty tricky with this setup.

Instead, I could put it in the application layer.

def best_children():
  return Children.objects.filter(good_points__gte=1000)

def middle_children():
  return Children.objects.filter(good_points__gte=F("bad_points") + 50) 
  # I genuinely had to get out a pen and paper to figure this one out

I could hard code these, and then it would be down to me or another developer to change the rules. This would be faster, because the rules are stored in memory, but also more difficult to change. If Santa needs a change now, he’s going to have to wait, because I have clocked off for the week. If he had access to the rules via a special administrator interface, he could change them himself (or give an elf his credentials and get them to do it, which is very poor security practice).

I don’t think there’s a right answer before you start. The right answer becomes obvious as I do the work, and sometimes this is good because it’s the same answer I picked at the beginning but sometimes…sometimes it is not. The best tactic will be to return to the people asking for this and try to tease out from them what the rules are likely to be.

Other

I’ve picked up a new mentee, and she’s brilliant. This will be the easiest mentoring relationship ever. She’s absurdly overqualified and frankly I think she could be two grades above where she is at the moment. My only job will be to help her get out of her own head, out of her own way.

I’ve also got a technical interview for a promotion coming up. Would anyone like to run a practice with me?