no dogma podcast

Summary Peter Welch, code monkey, blogger and author, and I talk about the software industry and the people in it. Details Peter's background; his books; programming sucks, problems in the interview process; utilitarian programming; complexity in software; how bad are things in the industry, business doesn't understand complexity; Bryan rants about C level people in companies, Peter tells a story about restaurants, whose job is it to ensure quality work is done, over engineering; respect for engineers; are great engineers dangerous, arrogant engineers are worse; politics - taking part of avoiding; "everything is broken because there's no good code and everybody's just trying to keep it running", HeartBleed, is the "sophisticated hack" a fair excuse, hard for old businesses to move to new tech; standards and practices; "all programmers....are slowly going mad", how do we make programming better, Peter is an optimist!; complexity.

Summary Jeff Glennon of Software Delivery Labs and I talk about how to improve the software delivery process. Details Jeff's background and company, what is software delivery vs project management; getting all teams working together, deathmarch towards a release date; blame always lands on engineering; other problems, forcing new processes on teams, disputes, transparency is the best approach; power and politics, no silver bullet; how to improve the process, responsibility without blame; agile seems to be the only choice, what if the client doesn't want scrum; end to end example, miscommunication, delays, finger pointing, lost money, get to prototype and fire 'em all; when is your work done; outsource mentoring.

Summary Bob Familiar and I discuss how to bring the principles of lean engineering to the enterprise. Details About Bob and BlueMetal Inc; time at Microsoft; what is lean engineering, origins, just in time, small batches, failing fast, continuous improvement, applicability to software; batching and automation of the software process, continuous delivery, failing fast "common sense is hard to come by"; over lap with dev ops; build, measure and learn; principle of lean - "seeing the whole" vs "deciding as late as possible", comparison with Agile; leveraging cloud as part of lean; bring lean to large enterprises; changing behaviour instead of thinking, change in small steps, easier for an external party to bring change; patterns, micro-service architecture, deployment pipeline pattern, strangler pattern.

Summary Igor Moochnick of Constant Contact and I discuss dev ops, deployment pipelines and other architectural concerns. Details What Constant Contact does, Igor's role; what is dev ops, moving towards dev ops, provisioning servers, changes to dev cycles; from code to production deployment, source control, tracking code/sql and deployment pipelines; human intervention in the process; how the process changes have helped; reverting a deployment of an app, reverting a database, evolutionary databases; Jenkins CI, pipeline generator; architectural changes needed, decoupling release cycles of teams, SoA, microservices, shared libraries; enforcing rules, resistance to change, training dev teams to be independent; role of release engineering team; adoption of dev ops will be driven by commercial needs.

Summary Todd Gardner tells me about Track:js, a JavaScript error tracking tool and how to get a three month free trial. Details Todd and I discuss his background; what is Track:js, client side errors, stack trace; when to use Track:js in the life-cycle of an app, challenges of production JavaScript apps; installing and using Track:js, turning it on and off for periods or for particular browsers; overhead of Track:js, duck punching and monkey patching; Track:js is for developers, not for marketing analytics; who uses Track:js, high end developers, value per customer; building a scalable system and gathering the data, 120 errors a second reported, hosting in Azure, throttling, elastic search; choosing a cloud platform, BizSpark support, Digital Ocean, Amazon, self hosting, OVH; security issues with data being tracked, what is and is not tracked; local installs of Track:js; monatizing Track:js, subscription tiers; Azure queueing strategy; future development of Track:js, convergence of Angular, Ember and React; how to get a three month free trial.

Summary Henry Cipolla of Localytics and I discuss analytics, its real time uses and how Localytics tools work. Details Henry's background, what Localytics does; SDK; analytics and app marketing; recording user behavior; how customers use data from Localytics; figuring out what customers do and want; acting on data; competitors; how it works, AWS, real time processing, Scala, Angular, Mongo, Hadoop, Redshift; growing the system; incorporating third party tools and figuring out how to remove them, moving large volumes of data; scaling; tracking users and privacy; advice on using big data, queues, store all data, tagging; misunderstanding the cloud.

Summary Gus Warren of Disconnect discusses their tools, privacy, tracking and acceptable advertising. Details Gus’ background, what is Disconnect; how ads track us, cookies, fingerprinting; why is the information gathered, tying online behavior to offline identities; privacy matters even if you have nothing to hide, incognito/private browser mode is not enough; what Disconnect does, blocking, search, ratings, not an ad blocker, differences from Ghostery, targeted, but private advertising; getting people to opt-in to advertising; how the tech works, data usage reduction, faster page loads, private searching; Google pulling Disconnect mobile from app store, side loading; free and premium editions; advertising industry response to blocking tools, future of tracking, EFF Do Not Track policy; spreading word about Disconnect; partnerships, Black Phone; building a browser; future work.

Summary Michael O Church and I discuss whether software engineers have become the manual laborers of the 21st century, open allocation, agile development and how companies could be better. Details Michael’s background; being an engineer vs a manager; poor perception of engineers, value of engineers, makers vs takers, engineers as a commodity; not everyone with an MBA is a bad person; engineers are the manual laborers of the 21st century, craziness of interview processes; continuing low status after staring a job, getting credit for work done; open allocation solves many problems, better work, better rewards, happier engineers, language choices, learning new code is harder than learning a new language; agile in an open allocation company, agile as micromanagement, scrum masters, lords and knights, sprints; what Michael’s company would be, constrained open allocation, small, profit sharing; how companies can improve, become engineer driven, engineers should engage more with business, understand convexity; understanding company politics; hard to challenge bad ideas, open allocation helps; arrogance is rewarded; engineers are not always the best at communication or accepting criticism, engineers should learn to fight for themselves; reading broadly, book recommendations, Breaking Bad executions and map reduce.

Summary Jason Haley talks about the good, bad and ugly of life as a software consultant. Details Background, why go independent, working and hustling; getting the first customer; liability and setting up a company, being self employed vs an entrepreneur , get a lawyer and an accountant, networking, business bank account, branding, contractor vs consultant, confidence in presenting yourself; getting paid, income as a consultant, long dry spells, have multiple clients, saying no to a client, fitting with a client; judging what you can deliver, best clients understand software; being a generalist vs a specialist, finding a niche; picking a rate, factoring in costs, charge what you deserve, keep a rainy day fund, watch expenses; support network, billable hour trap, taking advice; managing the client relationship; pick a good company name, importance of referrals, don’t negotiate a rate, don’t keep a bad client; review if consulting is for you after a while.

Summary Robert Hurlbut and I discuss various aspects of software security. Details Background, why security isn’t thought about enough, out of the box security with MVC, XSS, CSRF, model binding and parameter tampering; https everything or just on parts of a site; Microsoft improving security, open source issues, inclusion of open source in hardware security devices; unmanaged code in web apps; typical weaknesses in software, password security; software review process, threat models, code reviews, fuzz testing; healthcare security, medical devices, attack vectors, Barnaby Jack, how to build secure devices; finding good security professionals, conferences and tradeshows; books; dont roll your own security; Robert’s presentation at Boston Code Camp.