开源日报 - Page 38 of 262 - Open Source Daily

开源日报第890期：《99 jikeaiqing》

9 9 月, 2020
开源日报每天推荐一个 GitHub 优质开源项目和一篇精选英文科技或编程文章原文，坚持阅读《开源日报》，保持每日学习的好习惯。
今日推荐开源项目：《99 jikeaiqing》
今日推荐英文原文：《How Prime Numbers Keep the Internet Secure》

今日推荐开源项目：《99 jikeaiqing》传送门：项目链接
推荐理由：难得的 99 之日，如果自己没有可以 99 的人，看一些别人的故事也未尝不可。这个项目就是一个非常适合 99 之日看的日常故事集，轻松的日常故事再加上情侣元素自然对于这一日再合适不过。
今日推荐英文原文：《How Prime Numbers Keep the Internet Secure》作者：Sun-Li Beatteay
原文链接：https://medium.com/better-programming/how-prime-numbers-keep-the-internet-secure-680cc1743133
推荐理由：别看质数好像没什么存在感，在安全方面可是很重要的
How Prime Numbers Keep the Internet Secure

And why life wouldn’t be the same without them
Whether you know it or not, you use prime numbers every day. Do you see that lock symbol in the address bar of your web browser? The one that looks like this:

Image credit: author

That lock means you’re using prime numbers at this very moment. That’s because the internet uses prime numbers. In fact, prime numbers are so ingrained into the fabric of our daily lives that the world would be a drastically different place without them. We’d still be doing all our banking in person and buying everything in cash. And forget about texting, because we’d still all be pen pals.

So what is it about prime numbers that makes them so special? To answer that, let me ask you a simple question: Is this a prime number?

9307398526401816703683197763617206082269079617576835286211259044095385462270542532346398139788788003092515521098292832872130802035097419307557532476688657

If you said, “I have no idea,” you wouldn’t be alone. No one would know at first glance. The natural instinct might be to search for an online program that could check if it was prime. The problem is that that number is too large for online prime-number checkers. They’ll all say it’s not a prime number — whether it is or not — because they can’t store it in memory.

The next inclination might be to write your own function or use one from a programming library. Go ahead, try it. Here, I even wrote a simple function you can try yourself:
```
function isPrime(n) {
    n = BigInt(n);

    if (n <= BigInt(3)) {
        return n > BigInt(1);
    } else if (n % BigInt(2) === 0 || n % BigInt(3) === 0) {
        return false;
    }

    let i = BigInt(5);
    while ((i*i) <= n) {
        if (n % i === 0 || n % (i + BigInt(2)) === 0) {
            return false;
        }
        i += BigInt(6);
    }

    return true
}
```
You can copy and paste that into your browser console or node REPL and call:

isPrime(9307398526401816703683197763617206082269079617576835286211259044095385462270542532346398139788788003092515521098292832872130802035097419307557532476688657);

There’s one major problem — it won’t finish. At least not for a long, long, long time. The reason is that it’s computationally expensive to detect if a number is prime. There are certain methods, such as the Miller-Rabin primality test, that are very fast. But for large enough numbers, it’s still slow.

And the fact that it’s inefficient to detect if a number is prime makes it a useful tool for encryption!
Encryption
For those who don’t know, encryption is the act of turning information into an unreadable format called a cipher. Decryption is the opposite process of turning a cipher back into the original information.

In other words, encryption allows us to keep information private and out of the hands of people who might use it for malicious purposes. That’s why it has become a cornerstone of the modern internet.

Without encryption, I wouldn’t be able to do most of the things I do online, such as buy groceries, pay off debts, or message my friends — at least not securely. Encryption prevents hackers from stealing my banking information and spying on my private conversations.

It’s not just the internet that uses encryption but many modern devices, such as computers, smartphones, or even smart fridges. They all use encryption. Suffice it to say, encryption is important and everywhere.

But how does encryption work?

Encryption algorithms use keys to encrypt and decrypt data. How those keys are used depends on the type of encryption, of which there are two: symmetric and asymmetric. Both of which have different use cases.
Symmetric encryption

Symmetric encryption. Image credit: Ons Jallouli via ResearchGate.

Symmetric encryption gets its name because it uses the same key for both encryption and decryption. Since it uses a single key for both encryption and decryption, symmetric encryption is very fast — but fragile. The key must always be kept private and only shared between trusted parties.

Because of this, one of the main uses for symmetric encryption is securing data at rest. This means encrypting devices like computers, databases, or IoT devices. If you remember the drama that occurred between Apple and the FBI — that was a battle over iPhone encryption.

While symmetric encryption works well, it has an inherent flaw. In order for multiple parties to have encoded communication via symmetric encryption, they must all agree on a key ahead of time. And in the context of the internet, where you’re communicating with hundreds of servers a day half-way across the world, that’s not possible.

That’s where asymmetric encryption comes in.
Asymmetric encryption

Asymmetric encryption. Image credit: Ons Jallouli via ResearchGate.

Asymmetric encryption uses two keys, one for encryption and one for decryption. This works because the keys are complements of one another. When they’re used together, they cancel each other out — similar to how complement colors cancel one another out into white.

Image credit: author

The key used for encryption is known as the public key. As you might guess, it’s safe to share this key with anyone.

The decryption key, on the other hand, is called the private key because it must be kept private. Only the holder of the private key can decrypt ciphers that were encrypted with the public key. Even if a malicious user were to intercept a ciphertext, they’d just see gibberish.

This makes asymmetric encryption an ideal tool for sharing sensitive data. Not only that, but since a private key should only be owned by a single entity, it works well for authentication as well. That’s exactly how it’s used in the TLS handshake.
The trapdoor
One of the reasons that asymmetric encryption is as important as it is is because it works as a trapdoor function.

Image credit: author

This means it’s very simple to execute in one direction but very difficult to reverse — unless you have special information, otherwise known as the trapdoor or secret.

In the context of asymmetric encryption, it’s very simple to encrypt data but very difficult to decrypt it using only the public key. It becomes simple again with the private key.

But not all asymmetric-encryption algorithms are built the same. How laborious it is to reverse the trapdoor function determines an algorithm’s security. To see just how secure asymmetric encryption can be, let’s explore one of the most popular algorithms in use today: RSA.
RSA encryption
RSA was invented in 1977 by three cryptographers: Ron Rivest, Adi Shamir, and Leonard Adleman — hence the name. Since its inception, it has spread to nearly every corner of the earth.

If you’ve ever used Secure Shell (SSH) …

An example SSH private key. Image credit: author.

… or GNU Privacy Guard (GPG) …

Example GPG key. Image credit: author.

… you have RSA to thank for it. However, it’s most known for its use in TLS and HTTPS to prevent man-in-the-middle attacks.

RSA in a TLS handshake. Image credit: author.

While RSA is nearly half a century old, it’s one of the most commonly used asymmetric-encryption algorithms in the world. Its ubiquity is a testament to its security.

But why is it so secure? Short answer: prime numbers. Long answer? That’ll involve some math. But the best answer would be to try and break it ourselves.
Breaking RSA
Here’s the scenario: We’re hackers trying to impersonate Medium’s server. We want to intercept all traffic going to Medium’s website in order to steal user credentials and ransom their data.

Using Wireshark, we’re able to get a copy of Medium’s RSA public key and website certificate.

Medium’s RSA public key as seen in Wireshark. Image credit: author.

But in order to impersonate Medium and fool users into connecting to our phishing server, we need the private key. Luckily, all is not lost.

One thing I haven’t mentioned is that RSA keys are just numbers. An RSA private key is just a single number, which we’ll call d. The public key is made up of two numbers, e and N. And N is the product of two more numbers, p and q.

I know, that’s a lot of numbers to track of. But it’s just those last two numbers, p and q, that we need to focus on. Because according to RSA’s key-generation algorithm, if we know e, p, and q, we can recreate the private key.

“Well, perfect,” one might say. “Since we have the public key, we know e and N. And since we know N, we just need to split it apart to get p and q. How hard could that be?”

Not so fast, person I just made up to ask loaded questions — p and q are prime numbers. Gasp!

I mentioned before that detecting if a number is prime is hard. What’s even harder is prime factorization.

How hard, you might ask?

Very hard. Image credit: author.

RSA typically uses numbers 1024, 2048, or 3096 bits long. As you can see in the graph above, it only takes seconds to minutes to create N, but it’d take millions to billions of years to factor it apart.

The reason for this is — for average, nonquantum computers — the best approach to factoring numbers is brute force. And to brute force through a number like this is going to take a while:

12647218591793774062037539860814590913847656969568852342569985866826731647633698490555162899129013020883082990527279827064849704038819915244363097120031062841681483530795022535252488366169730386558454292994968234214045666016756933262308367238453012386845278265898125397947728757013541963782671274800429212175737617916738370351721854897974375037404102868790995317383226110430324268401945063200233204784127599950729869495397377610047121343931821194220803396259107891220452870079636709770538139479748696178546655932056530040495898965404702415803790560056325250086900175615221136804225865647753477561884491932551643726743

While it’s not impossible, the level of effort is astronomical and not worth it. We’d all be long dead by the time we could generate Medium’s private key.

So long story short, prime numbers are pretty darn hard to break. And that’s how they keep the internet secure.
Parting Thoughts
As a software developer, I’m often intimidated by all the different moving parts on the internet. It can feel like a magical and bewildering place. And as a result, I usually feel like I have no idea how any of it works or what I’m doing.

But any time I learn something new about the systems I use on a daily basis, the world becomes just a little less chaotic and magical. I hope this article has helped demystify some of the mysteries of the internet for you as well.

And in case you were wondering, the prime number from the very beginning of this article isn’t prime.
下载开源日报APP：https://opensourcedaily.org/2579/
加入我们：https://opensourcedaily.org/about/join/
关注我们：https://opensourcedaily.org/about/love/
开源日报第889期：《JS爬虫 Jspider》

8 9 月, 2020
开源日报每天推荐一个 GitHub 优质开源项目和一篇精选英文科技或编程文章原文，坚持阅读《开源日报》，保持每日学习的好习惯。
今日推荐开源项目：《JS爬虫 Jspider》
今日推荐英文原文：《How I Use My Terminal as a Webcam》

今日推荐开源项目：《JS爬虫 Jspider》传送门：项目链接
推荐理由：该项目使用 JavaScript 来发送请求并获取数据，从而快速爬取文件。对于少量的数据来说，右键检查并写几行代码就爬取成功，比开新的 python 脚本要轻松得多。
今日推荐英文原文：《How I Use My Terminal as a Webcam》作者：PRAKHAR KAUSHIK
原文链接：https://medium.com/better-programming/how-i-use-my-terminal-as-a-webcam-b706ccc9d216
推荐理由：作者用 Python 将命令行终端变成了摄像头，不用说肯定很糊，但是这不就是 ASCII 码的艺术所在嘛。
How I Use My Terminal as a Webcam

The TE-WE project
Te-We is a project which focuses on using a webcam just with a terminal. We will be creating a terminal stream powered by Python from a webcam.

One day I was going through my system to find a webcam application but was not able to find one because I use Debian Linux, and I had added each and every piece of software manually. I never downloaded anything for the webcam.

So I thought, “why not make something with a terminal for this?” I came across a project which was an image-to-ASCII project, and I thought, “why not combine the video stream with a similar project?” and hence TE-WE was developed.

This whole thing is ASCII art of a video stream from the webcam. If you find it interesting, you can find the whole unscripted programming video of it below.

https://www.youtube.com/watch?v=xvqsFTUsOmc&feature=emb_rel_end

So getting back to the code part — let’s start with it.

Step 1
Create an ASCII image using an actual image.

Step 2
Replace the ASCII image with a video stream frame and print them one over the other to get the effect of a continuous frame.

Done!

Let’s discuss everything in detail. Our first aim will be to convert the following image:

(Deadpool (Image source: walpaperlist))
to an ASCII image like the one below.

(Deadpool (Image source: Author’s terminal))
Once that’s done, all that’s left is to create a video stream as a source for frames to the program.

Let’s see the code first.
```
def renderImg(img):
    # img = cv2.imread("deadpool.jpg")
    width, height, _ = img.shape
    aspectRatio = height / width
    newWidth = 120
    newHeight = int(newWidth * aspectRatio * 0.25)
    img = cv2.resize(img, (newWidth, newHeight))

    colorCodes = []
    for row in img:
        colorCodes.append([rgb2short_fast(pixel) for pixel in row])
    img = cv2.cvtColor(img, cv2.COLOR_BGR2GRAY)

    chars = ["B", "S", "#", "&", "@", "$", "%", "*", "+", "!", ":", "."]
    newImg = []
    for rowIndex in range(len(img)):
        temp = []
        for cellIndex in range(len(img[rowIndex])):
            print(
                fg(colorCodes[rowIndex][cellIndex])
                + chars[img[rowIndex][cellIndex] // 25],
                end="",
            )
            temp.append(
                fg(colorCodes[rowIndex][cellIndex])
                + chars[img[rowIndex][cellIndex] // 25]
            )
        newImg.append("".join(temp))
        print()
    import sys

    with open("test.txt", "w") as fl:
        fl.writelines(newImg)

    CURSOR_ONE_UP = "\033[A"
    for i in range(len(img)):
        sys.stdout.write(CURSOR_ONE_UP)
```
Let me explain everything here. For now, ignore lines 10–12. The remaining part is simple: Convert the whole RGB image to a black and white image so that we can actually get the intensity of each pixel.

Then, based on the intensity of each pixel, we will find a suitable character for each pixel and create an image out of it.

But the problem is that it’s still black and white, so the next part will be to get the approximate ANSI color for each pixel, and hence we will find the colored image printed.

Let’s see the code to get RGB to ANSI. It was taken from the library torrycrass/image-to-ansi.

So with this, we will get the ANSI color code from RGB, and then we just need to get the ANSI color for each pixel.

And here’s where lines 10–12 will come into action. We are using their RGB value for each pixel and saving the ANSI color code separately before converting the image to black and white.

And done — our first part is done.

Step 2
Adding a video stream is simple and can be found anywhere, as it’s just using opencv to get the frames from video and print them on the screen.

So here we are, done.

Feedback
Do leave feedback on the project. If you want to check out the source code, it’s on GitHub at pr4k/Te-We.

下载开源日报APP：https://opensourcedaily.org/2579/
加入我们：https://opensourcedaily.org/about/join/
关注我们：https://opensourcedaily.org/about/love/
开源日报第888期：《elasticsearch》

7 9 月, 2020

开源日报每天推荐一个 GitHub 优质开源项目和一篇精选英文科技或编程文章原文，坚持阅读《开源日报》，保持每日学习的好习惯。
今日推荐开源项目：《elasticsearch》
今日推荐英文原文：《FCC estimates it’ll cost $1.8B to remove Huawei, ZTE equipment from US networks》

今日推荐开源项目：《elasticsearch》传送门：项目链接
推荐理由：Elasticsearch 是一个分布式的 RESTful 风格的搜索和数据分析引擎，能够解决越来越多的用例。作为 Elastic Stack 的核心，它集中存储您的数据，帮助您发现意料之中以及意料之外的情况。Elasticsearch 是一个实时的分布式搜索分析引擎，它能让你以一个之前从未有过的速度和规模，去探索你的数据。它被用作全文检索、结构化搜索、分析以及这三个功能的组合。
今日推荐英文原文：《FCC estimates it’ll cost $1.8B to remove Huawei, ZTE equipment from US networks》作者：Carrie Mihalcik, Marguerite Reardon
原文链接：https://www.cnet.com/news/fcc-estimates-itll-cost-1-8b-to-remove-huawei-zte-equipment-from-us-networks/
推荐理由：从近几年开始, 美国政府开始以各种”威胁国家安全”的借口打击中国的有关企业. 但是, 正是因为美国也难免使用中国制造, 美国为了制裁, 自身也要付出高昂的代价, 据估计代价会达到18亿美元.
FCC estimates it’ll cost $1.8B to remove Huawei, ZTE equipment from US networks
The Federal Communications Commission on Friday said it could cost an estimated $1.8 billion to remove and replace Huawei and ZTE equipment that’s in US telecommunications networks receiving federal funds.

In June, the FCC officially classified Huawei and ZTE as national security threats, though since 2019, the agency has barred carriers from using its $8.3 billion a year Universal Service Fund to purchase equipment from the two Chinese tech giants.

US President Donald Trump also signed legislation in March that stops carriers from using government funds to buy network equipment from Huawei and ZTE.

“By identifying the presence of insecure equipment and services in our networks, we can now work to ensure that these networks — especially those of small and rural carriers — rely on infrastructure from trusted vendors,” said FCC Chairman Ajit Pa in a release, adding that he would “once again strongly urge” Congress to appropriate funding to reimburse carriers.

Earlier this year, the FCC began collecting data from US carriers that use network gear from Huawei and ZTE, to help it reimburse smaller and rural carriers for those costs.

The US, UK and Australia have all banned Huawei from providing 5G technology for their respective wireless networks over security concerns that Huawei has close ties with the Chinese government. Huawei has repeatedly denied that charge. India is also expected to lock Huawei and ZTE out of its 5G rollout.

Security concerns

The main issue with Huawei is its cozy relationship with the Chinese government. National security officials fear that its equipment could be used to spy on other countries and companies.

One concern is over a Chinese law requiring companies in its jurisdiction to comply with requests from intelligence services and to not disclose them to any third parties could put communications networks around the world in jeopardy.

Huawei has long denied its gear can be used to spy or to compromise US security.

Lawmakers on Capitol Hill, both Republican and Democrat, have also sounded the alarm regarding these Huawei and ZTE and have worked to blacklist them from US communications networks.

Earlier this year, Congress passed and Trump signed into law the Secure and Trusted Communications Act. This legislation bans the use of federal funds to buy equipment from companies that pose a national security threat, such as Huawei or ZTE. The law also creates a fund to help telecom providers, most of whom are in rural areas, rip out gear from these Chinese firms and replace it with equipment from “trusted providers.”

Rep. Frank Pallone, Jr., a New Jersey Democrat who chairs the House Energy and Commerce committee, said Friday that it’s now up to Congress to make good on its promise to fund the replacement of this gear in communications networks.

“The FCC’s estimate of the costs of replacing suspect equipment in US networks shows just how prevalent suspect equipment is — particularly among smaller carriers who cannot afford to replace it on their own,” he said in a statement. “That’s why it’s critical Congress fund the Secure and Trusted Communications Networks Act’s rip and replace program to secure our communications supply chain.”

Secure networks and 5G

The stakes are especially high when it comes to 5G, the next generation of wireless technology rolling out across the world. This new technology promises to deliver much faster wireless service and a more responsive network. It’s ability to connect more devices and offer real-time feedback is expected to spark a sea change in how we live and work, ushering in new advances like self-driving cars to advanced augmented reality experiences.

Carriers around the globe are racing to deploy networks. In the US, AT&T, Verizon and T-Mobile are well on their way to building out 5G.

The country that leads in the deployment of 5G could gain an edge in rolling out these future technologies. And just as the US benefited from the crop of services and businesses that emerged from 4G — think everything from livestreaming on Facebook to ride-sharing services like Uber — many believe 5G will spark a similar renaissance of new businesses.

Huawei is a dominant supplier in the 5G market, which again heightens the stakes when it comes to 5G. National security experts say Huawei gear could be used for espionage or to shut down critical communications networks during some future conflict.

“As we embark on this 5G development and deployment phase, let’s make sure that the equipment going into these networks, and the standards that are being developed … don’t raise undue risk,” Pai said in an interview last October at the WSJ Tech Live conference.

Huawei gear in the US

None of the major US telecom operators, including AT&T, Verizon or T-Mobile, which now includes Sprint’s assets, say they have deployed Huawei or ZTE 5G gear in the US. The FCC has not published which carriers in the US have used Huawei or ZTE gear. But the big three wireless carriers in the US — AT&T, Verizon and T-Mobile — have each said they don’t have any this equipment in their 4G LTE networks either.

“Let me be clear — we do not use Huawei or ZTE network equipment in any area of our network. Period. And we will never use it in our 5G network,” said former T-Mobile CEO John Legere in written testimony in February 2019 before a House communications subcommittee on the company’s merger with Sprint.

The carriers in the US that have been using Huawei gear are generally smaller rural operators. These operators have previously taken advantage of financing options that have made the Chinese equipment more affordable than alternatives from companies like Ericsson and Nokia, both based in Europe.

Steven Berry, president and CEO of the Competitive Carriers Association, an industry group representing rural carriers, has testified before Congress about the difficulty of mounting such an extensive project to replace Huawei and ZTE equipment. In March, he told the Senate Commerce committee that ripping out and replacing equipment in rural networks would be like “attempting to rebuild the airplane in mid-flight.”

He said the biggest difficulty for smaller carriers would be ensuring that they would still be able to keep service going.

“While those inside the beltway often refer to the process as ‘rip and replace,’” Berry said in his testimony, “in practice carriers will typically need to ‘replace, then rip’ to ensure that the consumers served by rural carriers do not lose service.”

On Friday, after the FCC released its report, he issued a statement stating that his organization “strongly supports efforts to protect and secure our nation’s communications networks.”

But he added that Congress needs to make sure it funds the project to replace the gear.

“Today’s release further underscores the need for Congress to fully fund the Secure and Trusted Communications Networks Reimbursement program to ensure that carriers, especially those serving rural areas, have the resources needed to remove covered equipment and services while keeping Americans connected,” he said.
下载开源日报APP：https://opensourcedaily.org/2579/
加入我们：https://opensourcedaily.org/about/join/
关注我们：https://opensourcedaily.org/about/love/
开源日报第887期：《安全化 DOMPurify》

6 9 月, 2020
开源日报每天推荐一个 GitHub 优质开源项目和一篇精选英文科技或编程文章原文，坚持阅读《开源日报》，保持每日学习的好习惯。
今日推荐开源项目：《安全化 DOMPurify》
今日推荐英文原文：《How Mentorship Helped Shape My Career》

今日推荐开源项目：《安全化 DOMPurify》传送门：项目链接
推荐理由：这个项目可以用于清洗用户输入的 HTML 或 SVG 字符串从而防止可能的 XSS 攻击，在 README 中提供了一些小的 XSS 输入例子来演示其对于各种脚本标签与事件都可以做到检测与清理，使得处理后的用户输入是足够安全的；唯一需要注意的就是不要让你的第三方库再次影响已经处理完成的数据即可。
今日推荐英文原文：《How Mentorship Helped Shape My Career》作者：Marco Ziccardi
原文链接：https://medium.com/better-programming/how-mentorship-helped-shape-my-career-b5566d92be76
推荐理由：导师是如何在职业生涯中起作用的
How Mentorship Helped Shape My Career

What good mentorship looks like
During the past 15 years, I’ve explored different ways to acquire the necessary knowledge and skill to move forward in my growth. Most of my efforts were spent on formal training and courses. I thought it was the way to build up the fundaments of my future. I still believe it was the right thing to do, but I didn’t know I was neglecting one of the most effective learning methods.

I’m a history lover, and a few years ago, I was reading about the Renaissance movement — a cultural revolution that changed the course of world history between the 14th and 17th centuries. In a chapter about Raffaello Sanzio, one of the greatest protagonists of that magnificent Ere, I found out he was the pupil of Pietro di Cristoforo Vannucci, another legendary artist better known as Perugino. Vannucci, in turn, was the pupil of one of the pioneers of the Renaissance, Andrea del Verrocchio, mentor to other artists like Sandro Botticelli, Domenico Il Ghirlandaio, and Leonardo da Vinci.

Of course, I’m aware that the social and economical ecosystems were the fundamental factors of the Renaissance. However, that example helped me realise how human interaction boosts the learning pace. It improves their existing skills via other people’s knowledge and experience. The learning experience is built around the learner’s personality and attitude, which makes it unique and not replicable in the same configuration for the learner.

That “learning chain” made me decide that in order to develop and improve all the different aspects of my work, I needed to gain knowledge from multiple angles and shapes. Courses, training, and books are really important to support the learning process. However, the information flow is unidirectional and flat. It is often based on well-defined structures, which assumes we all acquire knowledge in the same way. I agree that building knowledge at scale requires structures and processes, but I believe we can’t ignore what is, in my opinion, the most powerful learning source: mentorship.

I started to integrate my learning plan with interactive sessions, like workshops, meet-ups, and the one I love the most: 1:1 mentorships.

What I find really empowering about mentorship is that it doesn’t just enable two-way communication between the learner and the source of knowledge — as you can get that from other interactive techniques — but it creates a direct and exclusive relationship. Sessions are often based on day-to-day needs and the knowledge acquired can be applied and validated immediately.
How Mentorship Helped Me
For over ten years, I was a builder. To me, engineering was about coding and project management. I knew from the beginning that I didn’t want to write 40-year-old code. However, I didn’t know how to evolve my career. It was mainly aspirational and idealistic.

I was particularly confused about how my skills and attitude could be better used to help the growth of an engineering organisation. I saw myself as a tech person — versatile for sure, but still a techie.

Everything changed when I joined a scaling company, where I’ve been exposed to a different set of issues and people. Two former colleagues, in particular, helped me understand the differences between technical and organisational growth. While they were sharing their stories, I developed a passion for software development methodologies, software craft at scale, and behavioural change management. I could finally see that my background (a master’s degree in HCI), my analytical mindset, and my passion for human dynamics were incredibly valuable to help the company scale.

When I chose to study HCI, I was interested in resolving people’s dynamics while using technology. I never considered people’s dynamics in crafting technology. They are two different sets of problems. However, there are commonalities. Knowing how people interact while using technology, and how the crafting process works, provided me with the fundaments to deal with an engineering team at scale.

The path was already there. Mentorship enabled me to take it and supported me during the transformation process. Topics like resolution of conflict are totally contextual and there are so many variables that without factual experience, any possible approach is basically a guess. Having someone who shared their experience and point of view with me was a blessing. Most of the solutions I’ve adopted were a mixture of scenarios I had never experienced in person.

If it wasn’t for all my mentors, I would have probably pursued a pure tech career. I don’t know if I would have been successful. I doubt it. At any rate, I’ve never regretted my choice.
What Good Mentorship Looks Like
If I had to list the main characteristics I appreciated from my mentors, I would group them into two macro aspects: heterogeneity and reciprocity.
Heterogeneity
First, we need to understand that all mentors are different. They come with different experiences and can provide you with alternative views of the same problem. In this regard, I really like the way Ellen Ensher approaches the problem of finding a mentor.

“One mentor is not enough. You need a network of different types of mentors because we grow and learn professionally in so many different ways.”

I think this is the essence of mentorship. If we make it mutually exclusive, then we are enforcing counterproductive limiting boundaries.

Reciprocity
The second aspect we need to consider is that the power of mentorship comes from its intrinsic reciprocal nature. As Simon Sinek points out, you learn from your mentor as much as your mentor learns from you. This is extremely important because it’s necessary if you want to create a healthy and balanced relationship.

In addition to the two main pillars, there are three related characteristics I’m usually looking for:
- Competence: They have to be an expert in the field you are interested in. They need to have enough experience to help you optimise your efforts. As we said, we can all learn something from everybody, regardless of their experience. However, you need them to have well-developed competencies if you want to be able to absorb them.
- Empathy: Mentors need to be aware of how important their role is in people’s development. They should listen actively, treat people with respect, and be tactful in the way they deliver feedback. Empathy is essential and non-negotiable.
- Challenge: A good mentor is not only a nice and competent person. They need to have the ability to challenge you. If you want to grow, you have to step out of your comfort zone. The mentor has to help you understand who you are and how you can challenge your status quo.
A Good Mentor Is Also a Good Friend
In today’s society, it is not that easy to find people with those characteristics. It may take a good while to find the right person and it could grow frustrating over time. They are the real unicorns, but the payoff is worth the effort.

You first need to establish a personal relationship with potential mentors. They are going to help you improve and make difficult decisions that may have consequences on your working and personal life. I strongly believe you need a certain level of friendship in place to be able to get the most out of them and give them the best of yourself.

Thanks for reading!
下载开源日报APP：https://opensourcedaily.org/2579/
加入我们：https://opensourcedaily.org/about/join/
关注我们：https://opensourcedaily.org/about/love/