Experience

[rhendric]

Question

What experience do you have with being responsible for making headline decisions about software used and depended upon by thousands of people? How many years have you held (or did you hold) that (or those) position(s) of responsibility?

(‘Depended upon’ is an important part of this question; a computer game might be played by thousands but of course that's nowhere near the same level of responsibility as making decisions about the Nix projects.)

Candidates I'd like to get an answer from

I am primarily interested in responses from candidates who have not been members of the Nix team, been core Nix infrastructure maintainers, or held similar positions of responsibility in a project under the NixOS umbrella.

Reminder of the Q&A rules

Please adhere to the Q&A guidelines and rules

[numinit]

I have led a team actively developing a handful of software products at my day job for the past 7 years. Our primary product is a mobile device manager with thousands of deployments on Android devices. There's no pressure or anything: one bad update can cause a device to need to be factory reset even though they sometimes end up that way without our help. Thorough testcases help a lot, especially end to end ones.

Still, I'm especially proud that a client from 5 years ago works on a newly built server, and vice versa. That's the power of people agreeing on schemas that can evolve gracefully (and an honorable mention to protobuf). 🙂

Besides developing for backwards compatibility (and reasoning about when maintaining compatibility may be a bad idea), responding to security reports, and so on, part of my day job is making sure that every part of our infrastructure from the builds to the deployed product are working well (usually leveraging Nix, of course). Listening to pain points from our customers and other developers is super important here.

OSS stewardship is definitely part of that job for me, and pushing upstream whenever possible is part of the dev process. As much as people depend on our software to work, we depend on our systems to be reliable, so that's why I try to contribute things that were useful for us back to nixpkgs. Things like the androidenv rewrite (which has been reliably running our builds for years at this point) came out of that, and community feedback has been very useful to iterate on it. So, instead of making some conditional "if I'm elected" promise, I'm just going to keep iterating and listening to feedback regardless of whether it's in the context of the SC or not, because it seems to be working.

[mschwaig]

At my previous job my main responsibility was securing a mobile payment app, which is used by quite a lot of banks in Austria and a few other customers in Europe.

• People would rely on our app to make payments at point of sale terminal and withdraw money from ATMs. This had to work worldwide and with some deliberate limitations offline. People trust our app, and some leave their cash and plastic cards at home. They would have a really bad time if that app did not work reliably.
• At the same time our solution needed to be secure to a high standard, to manage the risk of hackers being able to make fraudulent transactions.
• We had to pass regular external penetration tests, which I was the technical contact for. I also coordinated the efforts involved in fixing identified issues and generally communicated with a wide variety of stakeholders.
• My work involved following a lot standards, both open and proprietary, but also creating our own security concepts. These often did not make tradeoffs between security and good user experience, but combined them synergistically, by taking advantage of new hardware capabilities, through new platform APIs.

I had originally joined this company as a software developer, then spent some time abroad, and later came back and spent three years focused on security in different roles, leading a small project team for some of it.

Among other things, this taught me about

• the balance between sticking to a long term plan with a steady hand and reacting to change,
• the value of clear and deliberate communication, and
• how much two people's roles and responsibilities can shape that communication.

At the tail end of that experience in 2020 I both discovered Nix, and wanted to make some changes in my life, so I decided to pursue a PhD.
This gave me a lot of time to really dig into Nix and its applications to (supply chain) security, especially proving the relationship between some running system or some binary, and the source code it was produced from.

While I enjoy this work and will present some of its outcomes at NixCon, I miss the extensive collaboration, variety, external responsibility, and immediate impact that was more present in my previous job.
Joining the SC is a big opportunity for me, because it brings a lot of what I'm missing into my life, in a way that complements what I have been doing out of passion for the last 4 years already very well.

[Gabriella439]

I created Dhall and led the Dhall ecosystem for over a decade; for a large part of that time it was basically like a second full-time job for me. Not only did I create the Haskell implementation of the language, but I also:

• created the language standard
• created the standard evolution process
• created and self-hosted all of the Dhall shared infrastructure and the website
• mentored contributions to the ecosystem through Google Summer of Code
• did evangelism on meetups, social media, podcasts, conference presentations and blog posts
• wrote almost all of the documentation
• set up OpenCollective funding
• contributed Nixpkgs and Docker support for Dhall
• participated heavily in language design and evolution discussions

Also, since you asked specifically about headline decisions directly attributable to me, a lot of Dhall's infamous design decisions are documented here including:

• forbidding Text parsing/interospection/equality
• very limited support for arithmetic
• very limited language support for sets/maps

… and those decisions are directly attributable to my influence over the language evolution process. There were quite a few discussions where I had to argue against features that would have improved ergonomics but eroded the language's type safety guarantees or language security guarantees.

[tomberek]

Other than Nix-specific responsibilities, I am familiar with large and consequential decisions. I was part of a technical evaluation and lengthy selection process for a multi-billion dollar cloud contract for software and hardware. This would then be used host services depended upon by a few million families.

[winterqt]

I do not and have not ever held any similar positions in OSS software, but I am also familiar with large/consequential decision making.

[proofconstruction]

While the majority of my time has not been spent making top-level decisions in organizations so large, I have spent considerable time supporting the use of software in organizations of many hundreds or thousands (especially in various universities, within which I've spent several years supporting various departments), and in these contexts my decisions have had some effect on large numbers of people.

To address what I take to be the spirit of this question, our community needs more than just software-focused know-how. We also need leadership that is:

• visionary, able to integrate disparate sources of information into a coherent vision of where we're at and which direction we must head,
• inspiring, gifted in not only presenting the facts but also of motivating action, particularly by reproducing these behaviors in others, and
• empathetic, willing to break down barriers and bridge divides to keep the community collaborating towards our shared goals

In light of these, I believe the most important experience I bring is not that of a software leader specifically, but rather of a systems-thinker and educator in general.

[asymmetric]

I don't have experience being in a position of power in a large organizations. I do have experience participating in political groups, as well as an education in political sciences, which gave me valuable lessons, both theorical and practical, about power (dynamics), ethics and justice. I've also worked with tools of consensus decision-making, non-violent communication and active listening. I imagine those would be useful too :)