Hello! Apologies for the radio silence. It’s been a strange, uh (sweats, checks date of previous blog post) 14 months! I have updates regarding my employment status and OSS releases. Plus! Extremely mediocre section-title wordplay.

People? In rooms together?! In THIS pandemic?!?!

Quick note: I’ll be attending PyCon US in Pittsburgh, my first time doing anything in large non-family-related groups since 2019. Shoot me a Mastodon DM or an email if you’d like to say a masked hello.

Jumping-off point

As seen on my resumé and in the last blog post I wrote on this topic, I spent the tail end of last decade and first third of this one, working for an international fintech firm, Jump Trading. In addition to being oncall and various devops wrangling, I was generously given a day a week to support internal/external use of my OSS projects.

This led to a number of important upgrades and experimental APIs for my bigger codebases, and helped keep the lights on despite problems with burnout.

Unfortunately, as you already know, computers the economic underpinnings of the last decade shifted recently – resulting in previously-generous financial arrangements (and pandemic-era remote work affordances) evaporating due to becoming “ZIRPs”1. My position at Jump turned out to be one of these, and I became unemployed in September 2023.

A generous severance meant I didn’t have to worry about job hunting immediately, and the nature of the split did not improve my already-poor mental health – so I took the opportunity to disengage and refill the ol’ HP meter a little.

Can you be an absentee landlord if almost nobody pays rent?

Said disengagement included my open source, for which, I apologize. A little, anyways; many words have been spilled about how us maintainers don’t actually owe the users anything, and there is truth to that. My activity also wasn’t zero - eg I spent a while updating Paramiko to address a recent CVE you may have heard of.

But I ought to have made my status clearer than random self-pitying subtoots on Mastodon. Hopefully there’s no repeat of this particular situation, but if there is, I’ll try to do better.

I did, also, intend to re-engage with the OSS eventually, starting around now and lasting through fall: the severance kept me in groceries and mortgage for a ~year, so my plan for the middle half of 2024 was a combo of job hunting and OSS hacking.

But then! Stuff happened!

Reach for the stars security

Specifically, I was alerted a few months ago to an Employment Opportunity™ from a Python community buddy who had joined a small security startup – they’d just raised a Series A and were looking to hire. The company had need for a Pythonista who could improve their infrastructure and development pipeline alongside regular feature work.

Even better? They’re distributed (no RTO!) and I’d coincidentally spent the previous few years virtually hanging with a bunch of wonderful security-adjacent nerds on a private Slack – giving me a(n even) greater appreciation of the importance of cybersecurity work.

This seemed too good to pass up, so when Reach Security made an offer, I accepted!

Never heard of them, what do they do?

I get a little “sus” when folks get chatty about their employer, so I’ll limit this to the basics: the elevator pitch for Reach is that instead of being Yet Another Security Tool, their raison d’être is extracting the full value of the security tools your company is already paying for.

The average IT/infosec team is typically not positioned to make the most out of their current firewall, spam filter, endpoint protection, identity/auth system, and so forth. Growing such teams with the headcount and experience required to configure those systems well, is increasingly costly – especially as attackers aren’t standing still.

Reach’s bet is that, for less than that hypothetical staffing increase, they can apply (or suggest, in a read-only mode) a smart and constantly updating set of configuration updates, tailored to their customers’ environments.

Makes sense to me; and it’s a nice perk to care about your employer’s product for a change. (Also, we’re still hiring, so get in touch!)

So what about the OSS?

This part is less rosy. “A day a week for your OSS” was, in hindsight, its own ZIRP; I was incredibly lucky to have it at the last couple of jobs. There’s no such agreement this time around.

What does exist is the possibility of applying my projects where relevant. At the start, this is Invoke, bringing a consistent and centralized CLI experience to a formerly seed-stage-startup level of repo organization. I’m already bumping into multiple long-term bugs/missing features that will need work!

Whether this later involves Fabric/Paramiko depends on how the company’s infrastructure grows. As came up in early chats with another company/friend, shoehorning tools where they don’t belong, purely because I have a need to keep the projects relevant in my dayjob is…not a good thing. I don’t want to become “that guy” any more than I already am.

And these days, “SSH via Python” is not the correct default tool in many situations – it’s harder to justify in a world full of serverless computing, containers, and IaC than it was in the late 2000s.

That said: I still use all 3 projects for personal tech, and there is absolutely a “long tail” of groups for whom Pythonic SSHing is a valid tool in the box; long tails being something those of us near the bleeding edge love to forget about.

So Fabric/Paramiko have a future - the question is just how much time I can make for them in the short/medium term, and whether I can successfully grow the maintainership.

Watch this space for more, and in the meantime, I’m hoping to generally re-engage with my projects in whatever time I can make for them. The staycation is over!


  1. Zero-Interest-Rate Phenomenon ↩︎