# SaaS In the News

This page collects links to interesting articles relevant to the course topics, organized by which chapter/topic each is relevant to and sorted most-recent-first within each topic. Links to articles, videos, etc. does not imply endorsement by us of their points of view, nor do we have any formal connection to the authors unless otherwise stated; we just think these are relevant to software engineering and useful in helping to put in context some of the material taught in the course.

Evergreen articles—generally relevant and not tied to a specific event—have *<mark style="color:green;">**bold italic green titles**</mark>***.**

## General

[The Unix Chainsaw](https://www.youtube.com/watch?v=ZQnyApKysg4) \[video]: a great explanation of why Unix command-line skills are so valuable for developers, and a great illustration of the "Unix philosophy" of combining small specialized tools. One of the examples is a mini-master-class in using the entire Unix environment as your IDE.

## 1 Introduction to Software as a Service, Agile Development, and Cloud Computing

*<mark style="color:green;">**October 2021:**</mark>* [Missouri (USA) state government goes after newspaper and computer science prof for revealing bug in state-run software that exposes public school teachers' personal information](https://www.nytimes.com/2021/10/15/us/missouri-st-louis-post-teachers-hack.html) (Followup article in ArsTechnica: [Viewing website HTML code is not illegal or “hacking,” prof. tells Missouri gov.](https://arstechnica.com/tech-policy/2021/10/viewing-website-html-code-is-not-illegal-or-hacking-prof-tells-missouri-gov)) Gov. Mike Parson of Missouri has asked for a criminal investigation of a St. Louis Post-Dispatch reporter who told the state that a website revealed teachers’ Social Security numbers. In fact, the only thing the reporter did was view the source of a publicly visible Web site and notice that Social Security numbers were present in cleartext in the source. This story underscores the importance of having public officials who either have some minimal competence with technology, or are inclined to hire and listen to staff aides who do.

*<mark style="color:green;">**November 2021:**</mark>* [Techie parents in Stockholm in trouble after building open-source app to replace crappy proprietary app for accessing school data](https://arstechnica.com/information-technology/2021/11/these-parents-built-a-school-app-then-the-city-called-the-cops/). The Swedish government spent years and millions of dollars to have 5 companies build national platform for schools (combination of LMS, registration info, grades, parent portal, student portal...) The apps are buggy and get awful reviews from parents and students, and lots of complaints (since they're the only way parents can get info about how their kids are doing in school, etc.) Some techie parents reverse engineer the apps' server APIs and create their own open-source mobile apps, which are widely praised, as well as a well-designed publicly-accessible API shim over the original crappy undocumented API. The government cracks down and launches a national investigation around "possble illegal access to data" and starts making deliberate breaking changes to APIs. The nation eventually comes to its senses and now there is an "official" decent API that anyone (with permission and API key) will be able to use to build similar apps.

*<mark style="color:green;">**June 2023:**</mark>* [How NASA Writes Space-Proof Code](https://www.youtube.com/watch?v=GWYhtksrmhE) \[video]. The ultimate plan-and-document organization writes code for systems that may be millions of miles away and/or unreachable when something goes wrong. How do they do it?

*<mark style="color:green;">**November 2023**</mark>*: [Why do mainframes still exist? What's inside one?](https://www.youtube.com/watch?v=ouAG4vXFORc) \[video] A theme of this class is that good design is about choices, and while SaaS+Agile+Cloud is a great choice for many apps, some apps have quite different requirements. This video, replete with technical detail, is a fascinating look at the latest IBM zSeries mainframes—their design, including AI acceleration hardware; redundancy and reliability; and the kinds of apps that need those affordances.

*<mark style="color:green;">**October 2023**</mark>*: [The IRS is rolling out its (new) free tax-filing tool, and surprisingly, it's great](https://www.fastcompany.com/91178532/the-irs-is-rolling-out-its-free-tax-filing-tool-to-30-million-americans-and-surprisingly-its-great). Chapter 1 of ESaaS tells the dismal story of the disastrous 2013 rollout of Healthcare.gov, the US Government's health insurance portal, which was to be a signature achievement of President Barack Obama's administration. We also presented some opinionated commentary about whether things might have turned out better if government software efforts were developed with more of the Agile practices in mind, rather than the BDUF approach that had characterized most government software procurement. Fast forward ten years, and I guess the government took our advice :-)  The Internal Revenue Service (the tax-collecting agency of the US Government) worked with the [US Digital Service](https://usds.gov) and with [18F](https://18f.gsa.gov), an organization founded by several Presidential Innovation Fellows during the Obama administration to modernize US Government IT by bringing in the best practices of private industry.  They followed some of the most important Agile practices: they allowed potential users to play with different mockups, observing their behavior and putting the best ideas into the prototype; they included the customer in continuous refinements of the design; they started with a small deployment to find and fix bugs and make improvements before scaling up. As a result, Direct File processed more than 140,000 returns during its first year, exceeding its goal of 100,000, and suffered no outages in the process. (By comparison, H\&R Block, one of the largest private-sector providers of tax services, suffered some outages on tax day.) A General Services Administration survey found that more than 90% of users who tried Direct File rated it “excellent” or “above average,” and  86% of users said the experience increased their trust in the IRS, a government agency not traditionally known for high user confidence or loyalty.

*<mark style="color:green;">**December 2023**</mark>*: [What Do ChatGPT and AI-based Automatic Program Generation Mean for the Future of Software?](https://cacm.acm.org/blogcacm/what-do-chatgpt-and-ai-based-automatic-program-generation-mean-for-the-future-of-software/) Distinguished software engineer and professor Bertrand Meyer argues that while LLMs will generate better and better code, some of the key activities that differentiate *software engineering* from *programming,* such as requirements generation, specification, and verification, will only increase in importance.

*<mark style="color:green;">**December 2024**</mark>*: Addy Osmani [observes](https://addyo.substack.com/p/the-70-problem-hard-truths-about) (as have many others) that experienced and novice developers use generative AI in very different ways to assist in software development, often with very different outcomes.

*<mark style="color:green;">**June 2025**</mark>*: IRS Direct File has been [released](https://www.fsf.org/blogs/community/irs-direct-file-released-as-free-software)  on[ GitHub as public domain](https://github.com/IRS-Public/direct-file) software. This SaaS project was a triumph of collaboration between 18F and the US Digital Service (see "October 2023" item above), allowing US taxpayers access to a free SaaS app to electronically file their taxes. After a successful pilot in 2024, it was rolled out to about half of all states, and user reactions were overwhelmingly positive. In 2025, the Trump administration disbanded the team that built the service and [announced it would be shut down](https://www.nytimes.com/2025/11/06/business/taxes-irs-direct-file.html?unlocked_article_code=1.zE8.8Rpp.DdCvReM69GcA\&smid=url-share). Some of the team  released it as public domain software in the hopes that it won't die.

## 2 How to Learn a New Language

## 3 SaaS Application Architecture: Microservices, APIs, and REST

*<mark style="color:green;">**September 2023**</mark>*: [Google's widely-opposed ad platform, "the privacy sandbox," launches in Chrome](https://arstechnica.com/gadgets/2023/09/googles-widely-opposed-ad-platform-the-privacy-sandbox-launches-in-chrome/). Cookies have a (well earned) bad reputation for being used to track users across websites, but rather than a tracking-free experience, Google has been pushing an alternative model that the Electronic Frontier Foundation calls "[a terrible idea](https://www.eff.org/deeplinks/2021/03/googles-floc-terrible-idea)." But because it'll be built into Chrome, a lot of users will probably unknowingly opt in by default.

*<mark style="color:green;">**October 2025:**</mark>* [HATEOAS for Haunted Houses](https://www.sanfordtech.xyz/posts/hateoas-for-haunted-houses/). A case-study in using Hypermedia as the Engine of Application State (HATEOAS) architecture to build a flexible control system for a local haunted house on a tight delivery schedule. HATEOAS promotes a simple, streamlined, hypermedia-centric request-reply architecture that takes REST to heart: all the information necessary to understand and trigger whatever operations are available on which resources is readily available in a delivered hypermedia document, largely eliminating the need for API documentation or client-side rendering logic. While HTML is technically a hypermedia language, this article uses HTMX, a fairly clean and minimal extension to HTML that allows expressing common RESTful behaviors in declarative HTML with no application-specific JavaScript.

## 4 SaaS Framework: Rails as a Model--View--Controller Framework

## 5 SaaS Framework: Advanced Programming Abstractions for SaaS

## 6 Mobile and Desktop SaaS Clients: JavaScript Introduction

## 7 Requirements: BDD and User Stories

## 8 Testing: Test-Driven Development

February 2024: [Self-pay gas station pumps break across NZ as software can’t handle Leap Day](https://arstechnica.com/gadgets/2024/02/leap-year-glitch-broke-self-pay-pumps-across-new-zealand-for-over-10-hours/). We thought this was amusing since a very similar bug is used as the example of TDD and debugging (the leap year problem with Microsoft Zune music player).

## 9 Software Maintenance: Enhancing Legacy Software Using Refactoring and Agile Methods

*<mark style="color:green;">**February 2023**</mark>*: [The Airline Industry's Problem With Absolutely Ancient IT](https://www.youtube.com/watch?v=1-m_Jjse-cs) \[video]. The catastrophic meltdown of airlines at Christmas 2022, once the terrible weather had subsided, was largely an IT problem. Here's a lesson in what happens when legacy systems are ignored for too long rather than updated incrementally.

## 10 Agile Teams

## 11 Design Patterns for SaaS Apps

## 12 Dev/Ops

*<mark style="color:green;">**January 2019**</mark>*: [SQL Is No Excuse to Avoid Dev/Ops](https://cacm.acm.org/practice/sql-is-no-excuse-to-avoid-devops/). Besides busting the myth that "heavyweight" SQL databases (vs. NoSQL stores) somehow get in the way of agile deployment due to schema-management concerns, this practitioner-focused article basically walks through a feature-flagged, schema-versioned approach to agile dev/ops very close to the one espoused by ESaaS, including how to test such changes in CI before production deployment.

*<mark style="color:green;">**November 2023:**</mark>* [Highly invasive backdoor snuck into open source packages targets developers. ](https://arstechnica.com/security/2023/11/developers-targeted-with-malware-that-monitors-their-every-move/)Typical modern software projects rely on hundreds of open source libraries. But how do you know there isn't malicious code lurking in those libraries? (See also April 2026 article about WordPress plugins, below)

*<mark style="color:green;">**July 2024:**</mark>* [How Crowdstrike brought worldwide IT to a halt](https://www.youtube.com/watch?v=wAzEJxOo1ts) \[video]. A good explanation by a Windows developer of what specific properties of this anti-malware product allowed it to compromise so many systems in such a thorough way.&#x20;

*<mark style="color:green;">**April 2026:**</mark>* [Somebody bought 30 WordPress plugins and planted a backdoor in all of them](https://anchor.host/someone-bought-30-wordpress-plugins-and-planted-a-backdoor-in-all-of-them/). Apparently [wordpress.org](https://wordpress.org) used to do some level of code review before listing a plugin on the official WordPress  catalog, and they are no longer doing so (or doing it sloppily). As a result, a company that was looking to cash out on some (legitimate) plug-ins it had developed sold all of them to an unidentified new developer, who planted backdoors in them and distributed the "update" to all the users who had downloaded the original (legitimate) plug-ins. It's a lesson on the role of trust in "app store"-like scenarios, and the tension between Apple's highly regulated iOS/Mac App Store and Google's much less regulated Android/Google Play store.<br>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://teach.saasbook.info/chips/saas-in-the-news.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.