Jonathan Lalou's Blog

Archive for the ‘en-US’ Category

George Gkogkolis from Travelite Group shared a 15-minute case study at Devoxx Greece 2025 on re-platforming to process 1 million emails per hour.

The Challenge

Travelite Group, a global OTA handling flight tickets in 75 countries, processes 350,000 emails daily, expected to hit 2 million. Previously, a SaaS ticketing system struggled with growing traffic, poor licensing, and subpar user experience. Sharding the system led to complex agent logins and multiplexing issues with the booking engine. Market research revealed no viable alternatives, as vendors’ licensing models couldn’t handle the scale, prompting an in-house solution.

The New Platform

The team built a cloud-native, microservices-based platform within a year, going live in December 2024. It features a receiving app, a React-based web UI with Mantine Dev, a Spring Boot backend, and Amazon DocumentDB, integrated with Amazon SES and S3. Emails land in a Postfix server, are stored in S3, and processed via EventBridge and SQS. Data migration was critical, moving terabytes of EML files and databases in under two months, achieving a peak throughput of 1 million emails per hour by scaling to 50 receiver instances.

Lessons Learned

Starting with migration would have eased performance optimization, as synthetic data didn’t match production scale. Cloud-native deployment simplified scaling, and a backward-compatible API eased integration. Open standards (EML, Open API) ensured reliability. Future plans include AI and LLM enhancements by 2025, automating domain allocation for scalability.

Links

• Travelite Group
• Devoxx Greece

The landscape of personal computing continues to evolve, with ChromeOS at the forefront of delivering intuitive and robust experiences. Marisol Ryu, alongside Emilie Roberts and Sam Richard, outlined the platform’s ongoing mission to democratize powerful technology. Their discussion emphasized enhancements that cater to diverse user needs, from premium hardware integrations to refined app ecosystems, ensuring that simplicity and capability go hand in hand.

Expanding Access Through Premium Hardware and AI Features

Marisol highlighted the core philosophy of ChromeOS, which has remained steadfast since its inception nearly fifteen years ago: to provide straightforward yet potent computing solutions for a global audience. This vision manifests in the introduction of Chromebook Plus, a premium lineup designed to meet the demands of users seeking elevated performance without compromising affordability.

Collaborations with manufacturers such as Acer, Asus, HP, and Lenovo have yielded eight new models, each boasting double the processing power of top-selling devices from 2022. Starting at $399, these laptops make high-end computing more attainable. Beyond hardware, the “Plus” designation incorporates advanced Google AI functionalities, like “Help Me Write,” which assists in crafting or refining short-form content such as blog titles or video descriptions. Available soon for U.S. users, this tool exemplifies how AI can streamline everyday tasks, fostering creativity and productivity.

Emilie expanded on the integration of AI to personalize user interactions, noting features that adapt to individual workflows. This approach aligns with broader industry trends toward user-centric design, where technology anticipates needs rather than reacting to them. The emphasis on accessibility ensures that these advancements benefit a wide spectrum of users, from students to professionals.

Enhancing Web and Android App Ecosystems

Sam delved into optimizations for web applications, introducing “tab modes” that allow seamless switching between tabbed and windowed views. This flexibility enhances multitasking, particularly on larger screens, and reflects feedback from developers aiming to create more immersive experiences. Native-like install prompts further bridge the gap between web and desktop apps, encouraging users to engage more deeply.

For Android apps, testing and debugging tools have seen significant upgrades. The Android Emulator’s resizable window supports various form factors, including foldables and tablets, enabling developers to simulate real-world scenarios accurately. Integration with ChromeOS’s virtual machine ensures consistent performance across devices.

Gaming capabilities have also advanced, with “game controls” allowing customizable mappings for touch-only titles. This addresses input challenges on non-touch Chromebooks, making games accessible via keyboards, mice, or gamepads. “Game Capture” facilitates sharing screenshots and videos without disrupting gameplay, boosting social engagement and app visibility.

These improvements stem from close partnerships with developers, resulting in polished experiences that leverage ChromeOS’s strengths in security and speed.

Fostering Developer Collaboration and Future Innovations

The session underscored the importance of community feedback in shaping ChromeOS. Resources like the developer newsletter and RSS feed keep creators informed of updates, while platforms such as g.co/chromeosdev invite ongoing dialogue.

Looking ahead, the team envisions further AI integrations to enhance accessibility, such as adaptive interfaces for diverse abilities. By prioritizing inclusivity, ChromeOS continues to empower users worldwide, transforming curiosity into connection and creativity.

Links:

• Marisol Ryu on LinkedIn
• Sam Richard on LinkedIn

Marjolaine Grondin, trailblazing co-founder of Jam—pioneering Francophone chatbot, now woven into June Marketing’s warp—reflected on AI’s apostolic role at DotAI 2024. Forbes’ 30 Under 30 luminary and MIT’s Top Innovator Under 35, Grondin’s odyssey—from Sciences Po to Berkeley’s blaze, HEC’s honing—crested at Meta’s F8, the first femme founder to orate. Her homily: AI as alter ego, alchemist of aspirations, transfiguring toil into transcendence.

Rekindling the Spark: From Frustration to Fabrication

Grondin’s genesis: a decade dawning with Jean-Claude’s jeremiad—”no app surfeit”—propelling Jam’s pivot from platform to progeny, a student savant ahead of its epoch. Exit’s exhale: jettisoning Jira’s juggernauts, Trello’s tomes—embracing AI’s embrace, where prompts propel prototypes.

This liberation, she luminous, liberates luminaries: builders bereft of bots’ bounty, squandering sparks on scaffolding. Grondin’s gambit: bespoke bedfellows—Claude as confidant, charting charters; Midjourney as muse, manifesting mockups; Perplexity as polymath, probing precedents.

She shared serendipities: Claude’s counsel catalyzing company crystallizations—hypotheses honed, hazards hazarded—yielding validations velvety as velvet.

Embracing the Uneasy Endowment: Humanity’s Horizon

Grondin grappled with AI’s “unsettling boon”: routines relinquished, revealing rifts—what renders us rare? This disquiet, she divined, is destiny’s dispatch: urging uniqueness—curiosity’s caress, creativity’s conflagration, compassion’s core.

Meta’s Yan LeCun’s quip—”dumber than felines”—reiterated: AI augments, not annexes—propelling to “ikigai’s” interstice: passions pursued, proficiencies parlayed, planetary pleas placated.

Grondin’s gallery: app augmentations, arcana unlocked, tomes tendered, tennis with tots, tableaux transcendent. Her heuristic: harvest discomfort as catalyst, AI as accelerant—best lives beckoned.

In benediction, Grondin bestowed a boon: bespoke GPT genesis—tinker, tailor, transmute. AI, she avowed, isn’t usurper but usher—toward tapestries uniquely threaded.

Links:

• Marjolaine Grondin on LinkedIn

Emily Bache, a seasoned technical coach, shared her expertise at DevoxxUK2025 on fostering software excellence in large organizations through technical coaching. Drawing on DORA research, which correlates high-quality code with faster delivery and better organizational outcomes, Emily emphasized practices like test-driven development (TDD) and refactoring to maintain code quality. She introduced technical coaching as a vital role, involving short, interactive learning hours and ensemble programming to build developer skills. Her talk, enriched with a refactoring demo and insights from Hartman’s proficiency taxonomy, offered a roadmap for organizations to reduce technical debt and enhance team performance.

The Importance of Code Quality

Emily began by referencing DORA research, which highlights capabilities like test automation, code maintainability, and small-batch development as predictors of high-performing teams. She cited a study by Adam Tornhill and Marcus Borie, showing that poor-quality code can increase development time by up to 124%, with worst-case scenarios taking nine times longer. Technical debt, or “cruft,” slows feature delivery and makes schedules unpredictable. Practices like TDD, refactoring, pair programming, and clean architecture are essential to maintain code quality, ensuring software remains flexible and cost-effective to modify over time.

Technical Coaching as a Solution

In large organizations, Emily noted a gap in technical leadership, with architects often focused on high-level design and teams lacking dedicated tech leads. Technical coaches bridge this gap, working part-time across teams to teach skills and foster a quality culture. Unlike code reviews, which reinforce existing knowledge, coaching proactively builds skills through hands-on training. Emily’s approach involves collaborating with architects and tech leads, aligning with organizational goals while addressing low-level design practices like TDD and refactoring, which are often neglected but critical for maintainable code.

Learning Hours for Skill Development

Emily’s learning hours are short, interactive sessions inspired by Sharon Bowman’s training techniques. Developers work in pairs on exercises, such as refactoring katas (e.g., Tennis Refactoring Kata), to practice skills like extracting methods and naming conventions. A demo showcased decomposing a complex method into readable, well-named functions, emphasizing deterministic refactoring tools over AI assistants, which excel at writing new code but struggle with refactoring. These sessions teach vocabulary for discussing code quality and provide checklists for applying skills, ensuring developers can immediately use what they learn.

Ensemble Programming for Real-World Application

Ensemble programming brings teams together to work on production code under a coach’s guidance. Unlike toy exercises, these sessions tackle real, complex problems, allowing developers to apply TDD and refactoring in context. Emily highlighted the collaborative nature of ensembles, where senior developers mentor juniors, fostering team learning. By addressing production code, coaches ensure skills translate to actual work, bridging the gap between training and practice. This approach helps teams internalize techniques like small-batch development and clean design, improving code quality incrementally.

Hartman’s Proficiency Taxonomy

Emily introduced Hartman’s proficiency taxonomy to explain skill acquisition, contrasting it with Bloom’s thinking-focused taxonomy. The stages—familiarity, comprehension, conscious effort, conscious action, proficiency, and expertise—map the journey from knowing a skill exists to applying it fluently in production. Learning hours help developers move from familiarity to conscious effort with exercises and feedback, while ensembles push them toward proficiency by applying skills to real code. Coaches tailor interventions based on a team’s proficiency level, ensuring steady progress toward mastery.

Getting Started with Technical Coaching

Emily encouraged organizations to adopt technical coaching, ideally led by tech leads with management support to allocate time for mentoring. She shared resources from her Samman Coaching website, including kata descriptions and learning hour guides, available through her nonprofit society for technical coaches. For mixed-experience teams, she pairs senior developers with juniors to foster mentoring, turning diversity into a strength. Her book, Samman Technical Coaching, and monthly online meetups provide further support for aspiring coaches, aiming to spread best practices and elevate code quality across organizations.

Links:

• DORA Research website
• Samman Coaching website
• Sharon Bowman’s Training Resources

Cory Doctorow, a renowned author and digital rights advocate, delivered a passionate keynote at DEF CON 32, dissecting the decline of the internet and rallying hackers to reclaim its potential. Introducing the concept of “enshittification”—the degradation of online platforms due to unchecked corporate greed—Cory argued that restoring competition, regulation, interoperability, and tech worker power is essential for a new, user-centric internet. His call to action, rooted in decades of activism, inspired attendees to fight for technological self-determination.

Understanding Enshittification’s Roots

Cory began by lamenting the loss of the “old, good internet,” where Google delivered reliable search results, and platforms like Facebook prioritized user preferences. He attributed the rise of the “enshitternet” to corporate decisions prioritizing growth over security, such as data sharing with agencies like the NSA. Drawing on his work with the Electronic Frontier Foundation, Cory explained how the absence of competitive pressures, regulatory oversight, and worker advocacy allowed executives to degrade services, locking users into walled gardens that prioritize profits over functionality.

The Mechanics of Platform Decay

Delving deeper, Cory outlined the enshittification process: platforms initially attract users with quality services, then exploit them through data harvesting and degraded experiences, as seen in Amazon’s proliferation of low-quality drop-shipped products or Uber’s shift to higher fares and lower driver pay. He highlighted how tech giants leverage monopolistic control to stifle innovation, citing Apple’s pivot from privacy advocacy to surveillance-friendly practices. Cory’s analysis underscored the systemic nature of these changes, driven by executives exploiting unchecked power within corporate structures.

Empowering Hackers for Change

Cory urged the DEF CON community to lead the charge against enshittification by leveraging their technical expertise. He advocated for interoperability—enabling users to move seamlessly between platforms—and supported regulatory measures to curb monopolistic practices. Referencing his blog, Cory encouraged hackers to develop open-source alternatives and challenge proprietary systems. He emphasized the role of tech workers, citing the Tech Workers Coalition as a model for organizing to restore user-focused innovation.

Building a New Digital Future

Concluding, Cory envisioned a revitalized internet combining the simplicity of Web 2.0 with the decentralized ethos of the early web. He called for a “digital nervous system” to address global challenges like fascism, climate change, and inequality, urging hackers to reject the narrative that user experience and enshittification are inseparable. His post-talk book signing at the vendor area invited attendees to engage directly, fostering a collaborative push for a freer, more equitable digital landscape.

Links:

• Cory Doctorow’s blog
• Electronic Frontier Foundation website
• Tech Workers Coalition website

The DEF CON 32 Hacker Jeopardy Night 2, hosted by the spirited duo Lint and Miss Kitty, delivered an electrifying conclusion to the iconic contest, blending technical prowess with raucous entertainment. With a dedicated crew and enthusiastic audience, the event showcased cybersecurity-themed challenges, culminating in a dramatic finale where team Stepmoms clinched victory. Lint’s dynamic hosting and Kitty’s birthday celebration added a personal touch, reinforcing the community spirit that defines DEF CON’s beloved game show.

Crafting a Cybersecurity Spectacle

Lint kicked off the evening with gratitude for the 14-person crew’s tireless efforts, emphasizing the complexity behind the seamless show. The introduction of the “Lentil Lookalikes,” replacing past crew roles, brought fresh energy to the stage. The contest featured teams like Pandemonium and OnlyFans, competing in categories testing hacking knowledge, from network protocols to historical exploits. Lint’s humor and Kitty’s candid revelation of her “30 [expletive] years” birthday infused the event with camaraderie, making it a memorable celebration of hacker culture.

The Thrill of the Final Jeopardy

The competition intensified in the final round, where a question about OSI model layers—application, presentation, session, transport, network, data link, physical—tested the teams’ precision. Pandemonium’s correct answer, marred by failing to phrase it as a question, led to a catastrophic point loss, while OnlyFans’ alphabetical misordering cost them their lead. Stepmoms’ strategic zero wager secured their win, earning them a coveted Black Badge. Lint’s animated commentary amplified the drama, cementing Hacker Jeopardy’s reputation as a high-stakes, community-driven spectacle.

Fostering Community and Legacy

Reflecting on Hacker Jeopardy’s evolution, Lint highlighted its role in uniting the DEF CON community, encouraging attendees to “be [expletive] excellent to each other.” The event’s blend of technical rigor and playful chaos, supported by the crew’s dedication, showcased the hacker ethos of collaboration and creativity. Kitty’s personal touch, sharing her birthday with the audience, deepened the sense of connection, ensuring Hacker Jeopardy remains a cornerstone of DEF CON’s cultural legacy.

Links:

• None available

Adnan Khan and John Stawinski, security researchers, delivered a riveting presentation at DEF CON 32, exposing systemic vulnerabilities in GitHub Actions’ self-hosted runners. Their research revealed how misconfigurations enable attackers to compromise major open-source projects like PyTorch, leading to supply chain attacks. Earning over $250,000 in bug bounties, Adnan and John shared tactics, techniques, and procedures (TTPs) to elevate trivial compromises into critical breaches, urging organizations to bolster CI/CD security.

Exploiting Self-Hosted Runner Misconfigurations

Adnan and John opened by explaining GitHub Actions’ role as a leading CI/CD platform and its reliance on self-hosted runners—machines executing workflow jobs. They detailed how insecure defaults allow attackers to compromise runners, gaining access to sensitive repositories. Their attack on PyTorch demonstrated how a runner compromise enabled code contributions to the main branch, malicious release uploads, and backdooring related projects, highlighting the catastrophic potential of such flaws.

Escalating Privileges in GitHub Actions

Delving deeper, the duo showcased techniques to escalate privileges within GitHub Actions workflows, leveraging GitHub’s permissive features. Their research campaign uncovered vulnerabilities in organizations like Microsoft, TensorFlow, and ByteDance, exploiting misconfigured runners to achieve critical impacts. Adnan’s live demo illustrated how attackers could manipulate workflows to gain unauthorized access, emphasizing the need for robust access controls and monitoring in CI/CD pipelines.

Real-World Impact and Bug Bounty Success

Adnan and John shared war stories from their extensive bug bounty submissions, noting that internal CI/CD systems are often more vulnerable than public ones. Their work, yielding significant bounties, exposed a lack of awareness around CI/CD security. They highlighted successful mitigations by triage teams, urging organizations to learn from their findings. The duo’s research on platforms like HackerOne provides a blueprint for identifying similar vulnerabilities in other systems.

Strengthening CI/CD Security

Concluding, Adnan and John emphasized the need for heightened awareness among developers, architects, and executives to prevent supply chain attacks. They recommended isolating privileged runners, auditing configurations, and educating teams on CI/CD risks. Their call to action inspired attendees to explore these attacks and implement controls, ensuring organizations are better equipped to thwart the next critical breach in their CI/CD pipelines.

Links:

• HackerOne website
• Adnan Khan on LinkedIn
• John Stawinski on LinkedIn

In an engaging and humorous presentation at NDC Melbourne 2025, Lee Dunkley explores how Domain-Driven Design (DDD) can prevent software projects from spiraling into chaotic, unmaintainable codebases—likening such failures to Australia’s infamous Emu War. By drawing parallels between historical missteps and common software development pitfalls, Lee illustrates how DDD practices, such as event storming and ubiquitous language, can steer teams toward solving the right problems, thereby enhancing maintainability and extensibility.

The Emu War: A Cautionary Tale for Coders

Lee begins with a whimsical analogy, recounting Australia’s 1930s Emu War, where soldiers armed with machine guns failed to curb an overwhelming emu population devastating crops. The emus’ agility and sheer numbers outmatched the military’s efforts, leading to a humbling defeat. Lee cleverly translates this to software development, where throwing endless code at a problem—akin to deploying infinite soldiers—often results in a complex, bug-ridden system. This sets the stage for his argument: without proper problem definition, developers risk creating their own unmanageable “emu wars.”

He illustrates this with a hypothetical coding scenario where a client demands a solution to “kill all the pesky emus.” Developers might churn out classes and methods, only to face mounting complexity and bugs, such as emus “upgrading to T-Rexes.” The lesson? Simply writing more code doesn’t address the root issue, much like the Emu War’s flawed strategy failed to protect farmers’ crops.

Modeling Smells in E-Commerce

Transitioning to a more practical domain, Lee applies the Emu War analogy to an e-commerce platform tasked with implementing an “update order” feature. Initially, the solution seems straightforward: create an endpoint to modify orders. However, as Lee demonstrates, this leads to bugs like customers receiving too many items, being undercharged, or getting empty boxes. These issues arise because the vague “update order” requirement invites a cascade of edge cases and race conditions.

By examining the system’s event timeline, Lee highlights how an “order updated” event disrupts critical processes like payment capture and stock reservation. This modeling smell—where a generic action undermines system integrity—mirrors the Emu War’s misaligned objectives. The real problem, Lee argues, lies in failing to define the business’s true needs, resulting in a codebase that’s hard to test and extend.

Refining with Domain-Driven Design

Here, Lee introduces DDD as a remedy, emphasizing techniques like event storming and the five whys to uncover the true problem space. Revisiting the Emu War, he applies the five whys to reveal that the goal wasn’t to kill emus but to secure employment for returning soldiers. Similarly, in the e-commerce case, the “update order” request masks specific needs: ensuring shoppers receive only desired items, adding forgotten items, and canceling orders.

By reframing these needs, Lee proposes targeted solutions, such as a “supplementary order” endpoint for adding items and a time-bound “order received” event to allow cancellations without disrupting the system. These solutions, rooted in DDD’s ubiquitous language, reduce complexity by aligning the code with business intent, avoiding the pitfalls of generic actions like “update.”

Simplicity Through Abstraction

Lee challenges the notion that complex problems demand complex solutions. Through DDD, he shows how elevating the level of abstraction—by focusing on precise business goals—eliminates unnecessary complexity. In the e-commerce example, replacing the problematic “update order” endpoint with simpler, purpose-specific endpoints demonstrates how DDD fosters maintainable, extensible code.

He acknowledges the challenges of implementing such changes in live systems, where breaking changes can be daunting. However, Lee argues that aligning solutions with the problem space is worth the effort, as it prevents the codebase from becoming a “Frankenstein’s monster” burdened by accidental complexity.

Conclusion: Avoiding Your Own Emu War

Lee wraps up by urging developers to wield their coding “superpower” wisely. Instead of burying problems under an avalanche of code, he advocates for DDD practices to ensure solutions reflect the business’s true needs. By employing event storming, refining ubiquitous language, and questioning requirements with the five whys, developers can avoid fighting futile, unmaintainable battles.

This talk serves as a compelling reminder that thoughtful problem definition is the cornerstone of effective software development. Lee’s blend of humor and practical insights makes a strong case for embracing DDD to create robust, adaptable systems.