Banning Preemptive Sludge Justification

This is a sample of Slack messages I’ve read lately that all share a common theme:

Hi all – I’m getting acupuncture from 11:30 – 12:30 so I’ll be offline during that hour.

Hey y’all, I have a few painters in my house today and tomorrow so I may be intermittently away as I shift my workspace from room-to-room

Good weather outside, so I’m gonna go sit under a tree and read [documentation]. Will be away from Slack for about an hour.

This is my favorite

Wanted to give folks a heads up. My mom (our babysitter) pulled something in her back so she’s not able to watch [kid]. [Spouse] is taking care of it today, but if she’s not better tomorrow I’ll have to take the day off and take over. Might still call into a few meetings here and there.

These messages were posted in channels with 20+ people. Most of the people in these channels were not working directly with the authors; they were not in the middle of a chat conversation and got interrupted. Most of these authors did not have meetings scheduled with any of the other channel members during their absence.

I recently advocated that we ban this type of conversation in Slack. It didn’t go over well. Here’s my defense. Continue reading “Banning Preemptive Sludge Justification”

Seven Samurai: A Lesson In Team Dynamics

Seven Samurai is a 1965 film by Akira Kurosawa. The story chronicles the struggles of a small farming village in rural Japan during the time of the Shogun emperors. The villagers discover that they will soon be overrun by bandits who plan to rape, kill and pillage. The villagers are helpless to defend themselves, so they travel to the nearest town to recruit samurai to defend them. The villagers eventually persuade a single samurai to take up their cause. This samurai then recruits six other samurai and together they form and execute a plan to defend the village.

The film is considered a classic in cinema. The direction, camera work, acting, and story line are all amazing. It is an entertaining film that I watch over and over. One aspect of the plot that I find incredibly powerful is understanding the team dynamics among the seven samurai. It serves as a lesson in modern team structure.

Continue reading “Seven Samurai: A Lesson In Team Dynamics”

Be Careful With Your Gradle Repository Declarations

Gradle has a sophisticated process for downloading, caching, and managing third-party dependencies. However Gradle first needs to find where these dependencies are hosted. It will try to resolve each dependency by checking repositories one-at-a-time in the order they are listed in build.gradle files. Out of the box, a new Android Studio project will add two Gradle repositories to the project:

allprojects {
    repositories {
        google()
        jcenter()
    }
}

For each dependency, Gradle will first check Google’s repository for a matching dependency. If a match is found, it will then move on to the next dependency. If not, Gradle will then check JCenter’s repository. This linear search is very inefficient and creates potential security issues during the build process.

The security flaws are well documented in other stories. Simply put, if a malicious person puts a compromised “fake” artifact on a repository that is listed before a repository containing the “real” artifact, then Gradle will use that fake artifact; this situation can be hard to detect if you’re not explicitly looking for it.

I want to focus on the second issue: the inefficiencies caused by Gradle checking repositories that do not have the requested artifact.

Continue reading “Be Careful With Your Gradle Repository Declarations”