How we implemented zero downtime deploys to increase team productivity

We had moved our API out of Rails into a Clojure service. The service was running great, but deploys were a pain. We couldn't have downtime when deploying; so we were taking servers offline, updating them, and then bringing them back online. Using the typical rolling deployment pattern.

That worked, but it was slow and took a lot of manual time. Being slow meant longer times to fix bugs. Taking a lot of manual time meant wasted time and a hesitancy to release often. Both are bad for the team and the business.

A Considered Approach to Generative AI in Front-End Development, by @Clearleft:

https://clearleft.com/thinking/a-considered-use-of-generative-ai-in-front-end-development

#ai #processes

Accessibility Contractors Have Their Place-but It’s Not Everywhere, by (not on Mastodon or Bluesky):

https://buttondown.com/access-ability/archive/accessibility-contractors-have-their-place-but/

#accessibility #businessrelations #processes

The Software Development Lifecycle Is Dead, by @boristane.bsky.social:

https://boristane.com/blog/the-software-development-lifecycle-is-dead/

#processes #ai #cicd

The Natural Design Process, by @uxdesigncc:

https://archive.ph/i0YzW

#design #processes

Design Is Dead, It’s All Evolution Now, by @ilyabirman:

https://ilyabirman.net/meanwhile/all/design-vs-evolution/

#design #processes

Large Tech Companies Don’t Need Heroes, by @seangoedecke.bsky.social:

https://www.seangoedecke.com/heroism/

#processes #engineeringmanagement #career

The recent compromise of built-in updates infrastructure for Notepad++ strongly highlights that even the most popular software can be compromised and go unnoticed for months. We have learned three lessons here:

1) Shared hosting solutions provide their own set of security risks since the hosting space is shared across multiple unknown entities on the same server. While shared hosting might be fine for personal use or a small project depending on one's threat model, in most cases, it should be avoided by enterprises, instead, a VPS or dedicated server with its own IP address should be used. This way, your business has its own IP address and can manage everything with full control over what happens on the server.

2) Cheap shared hosting solutions are cheap for a reason as they don't always employ the best talent. What failed this time was that after the initial compromise was noticed and the exploit stopped working when the servers were patched and rebooted, the state actor still retained persistent access via a backdoor because the hosting provider hadn't rotated secret keys on the server, which the state actor used to regain access. This process failure is equivalent to changing a compromised account password but leaving MFA/2FA backup seeds and active sessions intact, if you don't rotate those seeds and clear active sessions after an account is compromised, an attacker can still access your account even after the password is changed.

3) This hack shows that verification of the integrity of downloaded updates via hashes and cryptographic signing using certificates should always be performed. Windows Update does this, many networking devices, like routers and switches, do this as well, and other software solutions implement it too. This would add another layer of protection for Notepad++ users as the update mechanism would detect a mismatch in the tampered update files and reject executing them.

#Notepad++ #Hosting #Processes #VulnerabilityManagement #Threats #Risks

Kevin Chau (@kchau)

사용자가 @bcherny에게 Claude Code CLI 실행 시 'phantom processes'가 다수 생성되는 문제를 지적하며, Claude Code CLI 도구에서 프로세스 관리나 버그 관련 조사가 필요하다고 알리고 있음.

https://x.com/kchau/status/2023093443841642831

#claude #cli #processes #bug