Rob Witoff: Crushing Tech Debt Through Automation at Coinbase
This was the best presentation for me personally. Rob Witoff is working at Coinbase which is fully committed and lives Continuous Deployment as it should be.
Witoff sees technical debt as the main obstacle that hinders progress. It looks like Coinbase management shares this opinion as they give their engineers the time required to do things the right way even if it takes longer.
On his first day a developer does an own deployment. That removes the fear and deployment becomes a no-brainer.
They never blame a developer if a bug gets out. There are some very good automatic procedures in place that check if everything is working correctly. When a bug does slip through, Coinbase improves the automatic procedures so the same mistake doesn’t happen again.
Where customers’ money is involved, there are stricter rules for core services and deployment is not done as often.
Coinbase heavily invests in fast infrastructure. They say that a human should never wait for a machine. Humans are more expensive. The machines should wait for them.
Their infrastructure is fully automatic - there is no single administrator. All changes are applied via git pull requests. No single machine runs for more than 30 days which should avoid hacks due to unpatched vulnerabilities.
For configuration management they are using Vault, which I didn’t know before.
Alasdair Allan: Keynote - Security War Stories: The Battle for The Internet of Things
The keynote was about the security risk posed by IoT devices and the cloud. These devices almost never get updated. Original settings are unchanged. Worst of all, they can be accessed from the internet directly. Therefore, quite commonly, they are taken over and used for DoS attacks or other bad things.
He introduced some good notions of using Blockchain technologies as basic data storage and letting go of the requirement to “lock data away”. Unfortunately, he did not elaborate any further.
The second part was a collection of entertaining stories how easy it is to break into IoT devices.
Michael Feathers: Strategic Code Deletion
Michael Feathers started with an explanation of the differences between unreachable, dead and low value code.
Unreachable code never gets executed. Dead code executes but its result is not used at all. Removing unreachable and dead code is straightforward.
Low value code, however, has to be maintained for a variety of reasons - even if it isn’t used very often. The typical example Feathers gave was individual code for an important customer.
First low value code needs to be identified. He proposed the use of generic monitoring tools that are triggered when the low value part is executed. Scythe is a good option in Python.
Feathers emphasized the importance of unit tests when you rewrite an application. It makes sure you don’t introduce bugs and becomes part of the specification. He also showed some coding techniques to reduce the number of conditional commands.
Colin Breck: Using Quality Views to Tackle Technical Debt @Tesla
This presentation from an employee of Tesla introduced an approach to visualizing technical debt for non-engineers.
Each component or service of a system is rated by seven different factors which together should provide a holistic view. The communication and dependencies of these services are shown in a graph and each service gets a colour dependent on its rating.
Breck argued that, just by using some colour, you immediately get more attention from technical managers and the understanding to eliminate technical debt increases.
Greg Murphy: Building Reliability in an Unreliable World
This was a presentation about GameSparks which provides services for online games. They allow their customers to run their own code and persist data on their platform.
GameSparks have implemented many infrastructure features that would otherwise require separate tools from many sources. Murphy reviewed several of these features including a load balancer for web sockets and an auto indexer to improve the query execution on MongoDb.
They can identify JavaScript applications that consume high resources. At peak times they can isolate them into a secondary thread pool so the resource consumption does not hinder the other applications.
They rewrote their original monolith into microservices and implemented a self-written auto scaling system.
Manu Cupcic: Evolving Engineering Culture @Criteo
Criteo is a French company with about 500 technicians spread all over the world. Cupcic explained how they are still trying to achieve a shared culture. Basically they use an exchange programme, where single developers are temporarily assigned to other teams.
Open Spaces: Javascript
Open Spaces is a social event where you have the possibility to discuss a topic you are interested in within a small group of other conference attendees.
We discussed the JavaScript ecosystem in general, static typing, and how to maintain a huge Javascript application (5 developers worked for 5 years on it).
The main conclusion was that the Javascript community is very helpful, but they still lack the high degree of stability of the Java ecosystem. The participants identified the quick change of frameworks (Angular 1 & 2, React, EML) or the movement of typings (Definitely Typed to Typings to @Types) as quite risky in terms of longer-term investment.