PHP : Composer Galaxy

PHP has one of the greatest, in my opinion, dependency managers – Composer. The tool works mostly with the public projects via the Packagist website (although it also supports private repositories).

There are over 200,000 packages available on the Packagist to choose from. However, the stats could be a lot better.

Today I came across a mind-blowing visualization of the composer packages and the dependencies between them. Have a look at Code Galaxies Visualization. You can find specific packages via the search, or interactively navigate the star map, like you are in the spaceship.


Our Software Dependency Problem

Our Software Dependency Problem” is a great article going in-depth into the subject of the dependency management during software engineering.

Dependency managers have scaled this open-source code reuse model down: now, developers can share code at the granularity of individual functions of tens of lines. This is a major technical accomplishment. There are myriad available packages, and writing code can involve such a large number of them, but the commercial, legal, and reputational support mechanisms for trusting the code have not carried over. We are trusting more code with less justification for doing so.

Not only it nicely describes the problem in simple terms, but also provides practical examples and solutions to it. In particular, I enjoyed the section that suggests how to improve dependency evaluation in terms of design, code quality, testing, debugging, maintenance, usage, security, and licensing.

Redmine: Estimated Time as mandatory field

At work, we are using Redmine for all our project management needs. It is a flexible and powerful system that allows flexible configuration for the processes of most companies.

Recently, we have decided to make the Estimated Time field mandatory for all the tickets. Configuring this turned out to be trickier than I thought initially. I couldn’t find the option to do so on the first go.

Some Googling around suggested that Redmine’s source code needs to be modified for that. Not something that I wanted to do. And the tip is also from 8 years ago, so it’s probably quite outdated.

After digging deeper, I found a way, that doesn’t require source code changes. This can be accomplished via editing the Field Permissions in the Workflow. Here’s the process (for Redmine 3.3.0 stable, that we run currently):

  1. Login to Redmine as administrator.
  2. Navigate to the Administration screen (a link in the top bar or so, depending on the skin you are using).
  3. Navigate to Workflow.
  4. Switch to Field Permissions tab.
  5. Select desired roles and trackers.
  6. Press Edit button.
  7. Scroll down to the Estimated Time field.
  8. Select Required from the dropdown for each status, as needed.
  9. Press Save button.

You are all done. Now all tickets of the above selected trackers will require the input of the Estimated Time for all above selected statuses and roles.

Similarly, you can make other fields required or read-only, as per your company or team needs.

Most of What You Read on the Internet is Written by Insane People

Most of What You Read on the Internet is Written by Insane People” is a nice little roundup of statistics from a several large sites like Wikipedia, Amazon, YouTube, Reddit, etc. These stats support the viewpoint that on these huge sites, most of the content is generated by a very small number of users.

Inequalities are also found on Wikipedia, where more than 99% of users are lurkers. According to Wikipedia’s “about” page, it has only 68,000 active contributors, which is 0.2% of the 32 million unique visitors it has in the U.S. alone.
Wikipedia’s most active 1,000 people — 0.003% of its users — contribute about two-thirds of the site’s edits. Wikipedia is thus even more skewed than blogs, with a 99.8–0.2–0.003 rule.

Some of these numbers are staggering. And the people who do the work, are indeed – insane. Not medically, but by deviation of how much they do and for how long, as compared to the rest of the user base, or even population.

By the way, pretty much all posts in this very blog have been written by one person. Me. Almost 10,000 posts over 19 years. So yes, I’m also probably a little bit insane.

Why does APT not use HTTPS?

In the ever changing world of technology, people often rush to get the latest. Hype for new features, improved performance and security is everywhere, and anybody rarely stops to think about things in depth.

Use the best tool for the job, they say. And the latest is always the best.

In that, I found it surprising that APT (advanced packaging tool) used for a variety of popular Linux distributions, such as Debian, does not use HTTPS, no matter how much people push for it. For all the arguments of HTTP/2 performance and Let’s Encrypt free certificates, APT developers have their own counterarguments.

Why does APT not use HTTPS?” is a simple website that explains the reasons behind that decision. And they kind of make a lot of sense for their particular use case.