Interview questions for your new employer

Hacking

Following on from my previous post about how to avoid major development speedbumps, here’s a list of interview questions to ask when they think they’re interviewing you and you’re actually interviewing them. You want your employer to help you do your job, right?

  1. Are you using GitHub? Within that, how close to GitFlow are you? Having experienced an awful version control system, this is key. GitHub is really flexible and gives you enough rope to hang yourself in the foot. A fun thing is commenting commits correctly. Google it.
  2. What’s your branching strategy? How long do you expect a branch to live?
  3. Branch lifetime should be of the order of a day. Any longer than that, have a quiet word with your SCRUM master.
  4. How automated are your deployments? Do you create .rpms/.debs? Packages make deployments and rollbacks so much easier. Add YYYYMMddhhmmss to the name so you can keep track of them, or a build number so you can identify them.
  5. Which CI system do you use? If not Jenkins, why?
  6. Test automation is great. It builds, runs tests and creates modules. And anything else that makes your life easier.
  7. What’s your test automation like? It’s part of CI, right? Do you measure test coverage?
  8. CI is also a good time to run code hygiene tests like pylint or perlcritic even if you have them on your commit hook.
  9. How is your test data managed? Do you create a temporary database and populate it or do you have one database and run your tests within a transaction?
  10. Security? How close to the developers is this managed? Separate security departments are often understaffed. Do you keep an eye on the OWASP top ten? Are you religious about escaping strings when composing SQL queries?
  11. How close to continuous delivery are you? How long do rollbacks take? Do you use something like Ansible or puppet to manage your systems? Bonus points for terraform. How fungible are your live servers?
  12. How loosely coupled is your architecture or is it a big ball of mud? This is another thing that burned me recently. With mod_perl potentially going away in some form, parts of the system could have been moved to a new framework.
  13. What other tools do you have and who chose them? Are you running popular systems for monitoring or code review or some open-source system that might wither on the vine?
  14. Are you agile? Do you do SCRUM or KANBAN? Do you have a SCRUM master and a product owner? So many teams think they are agile when they’re merely doing some agile type things sandwiched in a blob of waterfall.
  15. Who authorises changes? Do the developers do it or do you have a separate approvals board? It’s so much better to have decisions made at the lowest level by team members than to be farmed out to some remote change approvers.
  16. What system monitoring do you have? What is your average time to fix?
  17. What is your ticketing system, and why isn’t it JIRA? Does your SCRUM master visualise progress and use all the tools to measure the team performance. Does your SCRUM master measure project velocity?

So there you have it. How to extend an interview beyond the allotted time.

Did I miss anything? Comments, as always, welcome.

Efficient programming

Coming out of a job where I was working on a 20-year old Perl codebase, I’ve got some burns to get off my chest. I’m reading “Accelerate” by Forsgren, Humble and Kim which claims to have scientific backing for what makes for efficient development in a team. In my recent experience:

  1. Use decent version control. To me, that means GitHub. Use a branching strategy to code each branch to a JIRA. Make the branches short-lived, preferably a day. GitHub is stateless. Diffs are resolved at merge-time when pull requests are made. Under NO circumstances use something like Perforce. That is like putting a large speed bump under a low slung car. It’s stateful. Mapping a repo into your filesystem is a pain. Rewinding commits is a royal pain. Ugh.
  2. Release often, releases should be easy. A marker of a high performing team is how frequently they release software. A release should not be confined to one person on the team and take half a day.
  3. Great balls of mud are hopeless. We’ve been writing new software as microservices for a while now, and more recently bundling them up in Docker containers (and if you’re really advanced then using Kubernetes). In the Perl world that means using a framework such as Mojolicious, Catalyst or Dancer with excellent modules like the Template Toolkit for the view and DBIx::Class for the model and not v1 of view software that’s barely been touched for years and v2 exists. It also highly bound to Apache and hard to use elsewhere.
  4. Ongoing support for mod_perl in Apache 2.x is ongoing. It’s already been abandoned in Apache 1.x so I would note that software is doomed at some point.
  5. Be very careful layering software upon software. Or using features that make things opaque. Oh, and having magic variables and not documenting them. For example, you have Puppet. That’s great. Why not layer Heira on top and render most of the puppet documentation useless. Or use a templating system that magically calls in a hierarchy of other templates. Oh, and where does that database handle come from? Somewhere in the bowels of that page startup. Not sure which module.

In summary, I’d say be aware of the speedbumps. How can you improve them?

Ron Weasley’s worst Australian spider nightmare

spiders

Macksville resident Melanie Williams was also shocked by a swarm of spiders climbing the outer wall of her home as they fled for higher ground. “I occasionally see spiders around the place but never anything like that, it was just insane,” she told the ABC.

The spiders outside her home were “horrific” but her neighbour told her there were twice as many inside his garage, she told Guardian Australia.

https://www.theguardian.com/environment/2021/mar/22/horrific-swarms-of-spiders-flee-into-homes-and-up-legs-to-escape-nsw-floods

Poor Ronald.

Cardiff Wetlands

I’d found out about the Newport wetlands and after a kerfuffle on Reddit, found there was a Cardiff Wetlands down in the bay. We went and had a mosey. That was disappointing. It’s a patch of land inside the barrage, probably left over from a dock back in the day. Despite the enthusiasm of the signposts, the wildlife was disappointingly vanilla: ducks, swans, tits, crows, magpies and so on. The air was reassuringly noisy, but if there were exotic birds, they were shy. It’s worth a little walk. Once. Enjoy some pictures.

IMG_17921
IMG_17851
IMG_17861
IMG_17791
IMG_17811
IMG_17751
IMG_17701
IMG_17931
IMG_17891
IMG_17881
IMG_23291
IMG_17761
previous arrow
next arrow
IMG_17921
IMG_17851
IMG_17861
IMG_17791
IMG_17811
IMG_17751
IMG_17701
IMG_17931
IMG_17891
IMG_17881
IMG_23291
IMG_17761
previous arrow
next arrow

Brexit

The day after the vote when the result was revealed, my reaction was incandescent and aghast. How could 52% of the people who voted be so daft? Turns out it’s a common delusion. My acceptance speech as leader of an independent political party:

“My Lords, Ladies and Gentlemen,

We are now in the privileged position of having got rid of the Tories and their austerity agenda and are now in a position to move this country forward again. BTW, The word Tory derives from the Middle Irish word tóraidhe; modern Irish tóraí; modern Scottish Gaelic Tòraidh: outlaw, robber or brigand, from the Irish word tóir, meaning “pursuit”, since outlaws were “pursued men”.

David Cameron’s ill-advised referendum to save the Tory party disenfranchised 48% of the population, and in the subsequent years and we have since been fed a steady stream of lies by leaver politicians and press.

Unlike the squirrels in leavers heads, I treasure the pillars of being in the EU. I like having free trade with 27 other countries. I like that the Good Friday agreement, which ended what was, in other words, a civil war, is enshrined in an open border. Northern Ireland has come on in leaps and bounds. My neighbour will probably go back to Switzerland or Germany if the university research funding dries up.

The bullshit about the “unelected beaureaucrats” is exactly that. We elect MPs to the European parliament and we get a veto over any legislation. We have rejected remarkably little.

I like the fact my human rights are enshrined by law. The Tories in their Brexit panic threatened to do away with it.

I waited in vain for the £350 million a week for the NHS. The Tory promises of more police or more money for the NHS doesn’t even make a dent in the damage done by ten years of austerity. Turkey was never going to join the EU, more’s the pity.

If you Google “leaver lies” you’ll find plenty of collated lists. If an unworkable Brexit had gone through, I’d have been off to Asia.

So anyhow, here’s to a future of being part of one of the largest free trade areas in the world, Schengen and the Euro.”

Getting started with Amazon AWS

So this is all about getting started with AWS. I’ve been using AWS tangentially for about five years, almost always EC2 instances, so not really pushing the envelope. I’d really like to get my head round serverless and lambdas but I’m having a bit of a conceptual problem trying to work out a use case to do at home.

I have done the Udemy “AWS Certified Cloud Practitioner Practice Exam” which was quite frankly brutal, demanding 90% for three papers. First time through each I got 70-80% which I thought wasn’t too shabby but obviously not good enough for their arbitrary cutoff. The second time through I got >90% which was nice.

The biggest takeaway I have is once you’ve created a root account, create a user account and only give it only the privileges it needs. Security you know!

This is the list of white papers I’ve ingested to far. I hope it proves useful.

AWS Overview

https://d1.awsstatic.com/whitepapers/aws-overview.pdf

This is the motherlode. If you want an overview of all available services on AWS, this is the place to start. For us in the perl world, that’ll be git, CI/CD pipelines and EC2/Fargate. If you’re jiggy, docker too. At this point for most of that, I like Gitlab, especially since M$ took over github.

AWS Well Architected Framework

This takes the overview one step further. Apparently as you partition your app vertically, VPSs are the trick. Security again.

https://d1.awsstatic.com/whitepapers/architecture/AWS_Well-Architected_Framework.pdf

Jenkins on AWS

In a good chunk of the contracts I’ve done, the developers have been good boys and written tests, but there was no way of automatically running them. Jenkins fixes this. Better still using the Perl TAP output formatter we can get a nice graph of the number of tests increasing. If you like, you can run Bamboo or GoCD but I’ve not had happy experiences with either of these.

https://docs.aws.amazon.com/aws-technical-content/latest/jenkins-on-aws/jenkins-on-aws.pdf

Practising Continuous Integration and Continuous Delivery on AWS

Taking Jenkins one step further. In an ideal world code gets committed to master and then gets made live. Your process may vary. Oh, and database versioning is Hard. I’m reliably informed squitch is the one for this.

https://d1.awsstatic.com/whitepapers/DevOps/practicing-continuous-integration-continuous-delivery-on-AWS.pdf

Development and Test on Amazon Web Services

More on the subject.

https://d1.awsstatic.com/whitepapers/aws-development-test-environments.pdf

Overview of AWS Cloud Adoption Framework

Similar overview.

https://d1.awsstatic.com/whitepapers/aws_cloud_adoption_framework.pdf

AWS DevOps

Taking a more DevOps approach to AWS.

https://d1.awsstatic.com/whitepapers/AWS_DevOps.pdf

DevOps for startups

More on the subject of DevOps.

https://blog.thesparktree.com/devops-for-startups

Docker

Now we start getting to the docker meat. I’m not sure how applicable this is to a clunky monolithic Perl framework. I dockerised a simple Catalyst app and it was HUGE. Back to CGI.pm?

https://docs.aws.amazon.com/AmazonECR/latest/userguide/docker-basics.html#docker-basics-create-image

Deploy Docker containers

Now we get to the meat.

https://aws.amazon.com/getting-started/tutorials/deploy-docker-containers/?trk=gs_card

Cost optimisation

A common whinge I’ve heard is that unless you’re careful and out of the free first year tier, is that suddenly your AWS usage blooms into thousand of pounds a month. Having been charged £15 a month for static IP I can well believe it.

https://d0.awsstatic.com/whitepapers/Cost_Optimization_with_AWS.pdf

Considerations for the Beginner Serverless Developer

Epsagon have a good trove of blogs too.

https://epsagon.com/blog/considerations-for-the-beginner-serverless-developer/

The Most Popular Deployment Tools For Serverless

https://epsagon.com/blog/the-most-popular-deployment-tools-for-serverless/

5 Ways To Gain Serverless Observability

https://epsagon.com/blog/5-ways-to-gain-serverless-observability/

Yubl’s road to Serverless architecture — Testing and CI/CD

https://theburningmonk.com/2017/02/yubls-road-to-serverless-architecture-part-2/

Serverless observability, what can you use out of the box?

https://theburningmonk.com/2018/04/serverless-observability-what-can-you-use-out-of-the-box/

Our Journey from Heroku to Kubernetes

Kubernetes land is still a mystery to me. Every way I’ve tried to approach it, from linux to Mac I’ve been thwarted. Oh well, one day it’ll be mature enough and actually work for me.

https://www.salsify.com/blog/engineering/our-journey-from-heroku-to-kubernetes

AWS custom runtime for lambda really works: How I developed a lambda in Perl

Now we get to some interesting stuff. It seems hideously convoluted to be but still. It’s a Perl lambda!

https://medium.com/@avijitsarkar123/aws-lambda-custom-runtime-really-works-how-i-developed-a-lambda-in-perl-9a481a7ab465

An alternative Perl lambda

A different approach.

https://github.com/moznion/aws-lambda-perl5-layer

Using the AWS Serverless Application Model (AWS SAM)

https://docs.aws.amazon.com/lambda/latest/dg/serverless_app.html

What Is the AWS Serverless Application Model (AWS SAM)?

https://docs.aws.amazon.com/serverless-application-model/latest/developerguide/what-is-sam.html

Considerations for the Beginner Serverless Developer

https://epsagon.com/blog/considerations-for-the-beginner-serverless-developer/

Serverless and startups, the beginning of a beautiful friendship

https://aws.amazon.com/blogs/aws/serverless-and-startups/

So that’s what I have so far. I think most of the time, we’ll go EC2 and then RDS. I’d put Cloudflare on the front unless I particularly needed a Route53 feature. Serverless is still in the land of dragons and Perl isn’t spectacularly well supported. I’d like to see a world where the code pipeline is under Amazon as well as horizontal scaling with the load balancers.

Upwards of 50,000 people hacked

hack

This would be hilarious if it weren’t so serious. About 50,000 people got their printers hacked and had promotional printouts for YouTube Vlogger “PewDiePie” printed out. This raises the question: HOW? In the real world we should all be behind firewalls, all our computers should have anti-malware software on. This should not be an issue. Printers should not be connected to the internet!

More seriously, it’s possible to destroy computers from afar by repeatedly writing to their firmware. This is not a desirable outcome.

Please folks, if you want to talk about security, there are people like me out there who are more than capable of doing a quick audit and vulnerability scan.

Source: https://www.bbc.co.uk/news/technology-46552339

WordPress spice with plugins

Wordpress logoSo, PHP and MySQL, two slightly suboptimal technologies run a fairly large chunk of the internet in the form of WordPress. You have the idea for a blog or maybe want to knock up a quick corporate web site. What’s your first step?

Themes

  • Choose a WordPress theme. There are loads out there, some free some paid for. My site of choice for finding themes free or otherwise is Themeforest. A fair number of the themes are free, and you can choose 2 or 3 column, responsive and so on.

Having chosen your host (we use bluehost.com for www.pandaandpolarbear.com and this site), then it’s time to flesh out the functionality of your site with plugins.

Plugins

  • Akismet – a pretty good comment spam filter plugin. It will mark spam for you so you can you through and trash it. Not sure I’ve ever had a spam comment go through.
  • Cloudflare – These guys are making the internet better. A DDoS, CDN and free SSL solution. 128 data centres. Who is to argue with that?
  • Cookie Consent – Everyone needs this, right?
  • XML sitemaps. Does what is says on the can!
  • Jetpack – Even more themes, stats, SEO tools, Security stuff.
  • Loading Page – while the page is loading, shows a pretty graphic. Given the stats on site abandonment, any distraction is worth it.
  • NextScripts: Social Networks Auto-Poster – lets you spam nearly 30 social media channels.
  • P3 (Plugin Performance Profiler) – Really useful to see where the CPU time is going and if a plugin is taking the time. In my experience, plugins take about 50% of the page render time.
  • W3 Total Cache – caching is good. Most site are not that dynamic so caching is relly good to have.
  • Wordfence Security – useful to have. We’ve had someone uploading rogue JavaScript to WordPress and this spotted it.
  • WP Smush – optimise graphics for the size you’re rendering them at. This is a cool speedup. When you’ve got four years of art, it’s a big win.
  • Yoast SEO – If you’re wordy like me, it’s good to have something reminding you of the good stuff to put in your posts to get the attention of the search engines.
  • Amazon Associates Link Builder  – nice integration with Amazon associates.
  • Finally, Link checker – useful to check for broken links, or destination pages that have gone away.

Other stuff

Don’t forget to sign up to the Google suite, Google analytics, Google webmaster tools, and Google Lighthouse.

Conclusion

That’s a small selection of the plugins we use. There are a whole bunch of Woocommerce related WordPress ones and others related to selling stuff.

I did a site for Dusty Knuckle Pizza, which was working great until they foolishly decided to spend money and get something worse. IMHO.

So that’s that. Your site is now standing on the shoulders of giants.

Remind me, why do people still build web sites manually?