Alex Gaynor is a software resilience engineer focused on building reliable, secure systems across government, industry, and open source. He writes about software security, serialization, benchmarks, and the economics of open-source infrastructure.
202 articles from this blog
A guide to using the AFL fuzzing tool to test Python code for bugs and security vulnerabilities by generating random inputs.
Analyzes the tension between Red Hat's long-term enterprise support for outdated software like Python 2.6 and the burden it places on open-source community maintainers.
Explores the differences between DevOps practices and Platform Engineering, arguing that platforms provide a consistent contract for applications.
A developer's personal account of joining the US Digital Service at the VA to improve government technology and serve veterans, with a call for others to contribute.
The State of the News and TLS: Part II Tue, Dec 30, 2014 About six weeks ago I blogged about the state of the news and TLS. Spoiler alert, it wasn’t g
Analysis of TLS deployment on top US and global news websites, revealing widespread lack of HTTPS security and privacy protections.
A critique of Twitter's design flaws, arguing its broadcast model enables harassment and discourages meaningful community and conversation.
A developer describes their ideal workflow, emphasizing code review, CI/CD, and team collaboration for efficient software development.
A guide to providing constructive and respectful feedback during code reviews, using examples from Linus Torvalds and a more positive approach.
The author argues that all websites should use HTTPS by default to protect user privacy and security, making HTTP unethical.
A developer switches their default Python to PyPy for better performance and bug-finding, encouraging others to try it.
A Python developer proposes objective metrics and a schedule to measure the success of Python 3 adoption, moving beyond subjective debates.
A reflection on the ethical responsibilities of open source maintainers, especially regarding security and user dependency, beyond the 'volunteer' excuse.
A PyCon 2014 attendee reflects on the community spirit of swag bag stuffing and the technical depth of an open space session on software composition.
A programmer's journey into cryptography, sparked by a PyPy compatibility issue and the need for better, more secure cryptographic libraries in Python.
Explains how Travis CI simplifies cross-Python version testing and integrates with GitHub workflows for open-source Python projects.
A developer's side project to analyze PyPI download logs, extracting insights about Python versions, installers, and operating systems used by package consumers.
A critical analysis of Python 3's slow adoption five years after its release, examining the causes and consequences for the community.
An FAQ on using gender-neutral language in technical documentation to create inclusive and welcoming communities.
A guide outlining a responsible security vulnerability disclosure and patching process for open source software projects.
