Are you using GitHub? Within that, how close to GitFlow are you? Having experienced an awful version control system, this is key. GitHub is really flexible and gives you enough rope to hang yourself in the foot. A fun thing is commenting commits correctly. Google it.
What’s your branching strategy? How long do you expect a branch to live?
Branch lifetime should be of the order of a day. Any longer than that, have a quiet word with your SCRUM master.
How automated are your deployments? Do you create .rpms/.debs? Packages make deployments and rollbacks so much easier. Add YYYYMMddhhmmss to the name so you can keep track of them, or a build number so you can identify them.
Test automation is great. It builds, runs tests and creates modules. And anything else that makes your life easier.
What’s your test automation like? It’s part of CI, right? Do you measure test coverage?
CI is also a good time to run code hygiene tests like pylint or perlcritic even if you have them on your commit hook.
How is your test data managed? Do you create a temporary database and populate it or do you have one database and run your tests within a transaction?
Security? How close to the developers is this managed? Separate security departments are often understaffed. Do you keep an eye on the OWASP top ten? Are you religious about escaping strings when composing SQL queries?
How close to continuous delivery are you? How long do rollbacks take? Do you use something like Ansible or puppet to manage your systems? Bonus points for terraform. How fungible are your live servers?
How loosely coupled is your architecture or is it a big ball of mud? This is another thing that burned me recently. With mod_perl potentially going away in some form, parts of the system could have been moved to a new framework.
What other tools do you have and who chose them? Are you running popular systems for monitoring or code review or some open-source system that might wither on the vine?
Are you agile? Do you do SCRUM or KANBAN? Do you have a SCRUM master and a product owner? So many teams think they are agile when they’re merely doing some agile type things sandwiched in a blob of waterfall.
Who authorises changes? Do the developers do it or do you have a separate approvals board? It’s so much better to have decisions made at the lowest level by team members than to be farmed out to some remote change approvers.
What system monitoring do you have? What is your average time to fix?
What is your ticketing system, and why isn’t it JIRA? Does your SCRUM master visualise progress and use all the tools to measure the team performance. Does your SCRUM master measure project velocity?
So there you have it. How to extend an interview beyond the allotted time.
Did I miss anything? Comments, as always, welcome.
Coming out of a job where I was working on a 20-year old Perl codebase, I’ve got some burns to get off my chest. I’m reading “Accelerate” by Forsgren, Humble and Kim which claims to have scientific backing for what makes for efficient development in a team. In my recent experience:
Use decent version control. To me, that means GitHub. Use a branching strategy to code each branch to a JIRA. Make the branches short-lived, preferably a day. GitHub is stateless. Diffs are resolved at merge-time when pull requests are made. Under NO circumstances use something like Perforce. That is like putting a large speed bump under a low slung car. It’s stateful. Mapping a repo into your filesystem is a pain. Rewinding commits is a royal pain. Ugh.
Release often, releases should be easy. A marker of a high performing team is how frequently they release software. A release should not be confined to one person on the team and take half a day.
Great balls of mud are hopeless. We’ve been writing new software as microservices for a while now, and more recently bundling them up in Docker containers (and if you’re really advanced then using Kubernetes). In the Perl world that means using a framework such as Mojolicious, Catalyst or Dancer with excellent modules like the Template Toolkit for the view and DBIx::Class for the model and not v1 of view software that’s barely been touched for years and v2 exists. It also highly bound to Apache and hard to use elsewhere.
Ongoing support for mod_perl in Apache 2.x is ongoing. It’s already been abandoned in Apache 1.x so I would note that software is doomed at some point.
Be very careful layering software upon software. Or using features that make things opaque. Oh, and having magic variables and not documenting them. For example, you have Puppet. That’s great. Why not layer Heira on top and render most of the puppet documentation useless. Or use a templating system that magically calls in a hierarchy of other templates. Oh, and where does that database handle come from? Somewhere in the bowels of that page startup. Not sure which module.
In summary, I’d say be aware of the speedbumps. How can you improve them?
Macksville resident Melanie Williams was also shocked by a swarm of spiders climbing the outer wall of her home as they fled for higher ground. “I occasionally see spiders around the place but never anything like that, it was just insane,” she told the ABC.
The spiders outside her home were “horrific” but her neighbour told her there were twice as many inside his garage, she told Guardian Australia.
I’d found out about the Newport wetlands and after a kerfuffle on Reddit, found there was a Cardiff Wetlands down in the bay. We went and had a mosey. That was disappointing. It’s a patch of land inside the barrage, probably left over from a dock back in the day. Despite the enthusiasm of the signposts, the wildlife was disappointingly vanilla: ducks, swans, tits, crows, magpies and so on. The air was reassuringly noisy, but if there were exotic birds, they were shy. It’s worth a little walk. Once. Enjoy some pictures.
Totally unfamiliar territory for me. I have a Maven install unpacked. How to get Jenkins to see it? Answer: go to Global Tool Configuration, and set your Maven installation to *not* install automatically, then set MVN_HOME to where your install is. Simple!
The day after the vote when the result was revealed, my reaction was incandescent and aghast. How could 52% of the people who voted be so daft? Turns out it’s a common delusion. My acceptance speech as leader of an independent political party:
“My Lords, Ladies and Gentlemen,
We are now in the privileged position of having got rid of the Tories and their austerity agenda and are now in a position to move this country forward again. BTW, The word Tory derives from the Middle Irish word tóraidhe; modern Irish tóraí; modern Scottish Gaelic Tòraidh: outlaw, robber or brigand, from the Irish word tóir, meaning “pursuit”, since outlaws were “pursued men”.
David Cameron’s ill-advised referendum to save the Tory party disenfranchised 48% of the population, and in the subsequent years and we have since been fed a steady stream of lies by leaver politicians and press.
Unlike the squirrels in leavers heads, I treasure the pillars of being in the EU. I like having free trade with 27 other countries. I like that the Good Friday agreement, which ended what was, in other words, a civil war, is enshrined in an open border. Northern Ireland has come on in leaps and bounds. My neighbour will probably go back to Switzerland or Germany if the university research funding dries up.
The bullshit about the “unelected beaureaucrats” is exactly that. We elect MPs to the European parliament and we get a veto over any legislation. We have rejected remarkably little.
I like the fact my human rights are enshrined by law. The Tories in their Brexit panic threatened to do away with it.
I waited in vain for the £350 million a week for the NHS. The Tory promises of more police or more money for the NHS doesn’t even make a dent in the damage done by ten years of austerity. Turkey was never going to join the EU, more’s the pity.
If you Google “leaver lies” you’ll find plenty of collated lists. If an unworkable Brexit had gone through, I’d have been off to Asia.
So anyhow, here’s to a future of being part of one of the largest free trade areas in the world, Schengen and the Euro.”
So this is all about getting started with AWS. I’ve been using AWS tangentially for about five years, almost always EC2 instances, so not really pushing the envelope. I’d really like to get my head round serverless and lambdas but I’m having a bit of a conceptual problem trying to work out a use case to do at home.
I have done the Udemy “AWS Certified Cloud Practitioner Practice Exam” which was quite frankly brutal, demanding 90% for three papers. First time through each I got 70-80% which I thought wasn’t too shabby but obviously not good enough for their arbitrary cutoff. The second time through I got >90% which was nice.
The biggest takeaway I have is once you’ve created a root account, create a user account and only give it only the privileges it needs. Security you know!
This is the list of white papers I’ve ingested to far. I hope it proves useful.
This is the motherlode. If you want an overview of all available services on AWS, this is the place to start. For us in the perl world, that’ll be git, CI/CD pipelines and EC2/Fargate. If you’re jiggy, docker too. At this point for most of that, I like Gitlab, especially since M$ took over github.
AWS Well Architected Framework
This takes the overview one step further. Apparently as you partition your app vertically, VPSs are the trick. Security again.
In a good chunk of the contracts I’ve done, the developers have been good boys and written tests, but there was no way of automatically running them. Jenkins fixes this. Better still using the Perl TAP output formatter we can get a nice graph of the number of tests increasing. If you like, you can run Bamboo or GoCD but I’ve not had happy experiences with either of these.
Practising Continuous Integration and Continuous Delivery on AWS
Taking Jenkins one step further. In an ideal world code gets committed to master and then gets made live. Your process may vary. Oh, and database versioning is Hard. I’m reliably informed squitch is the one for this.
A common whinge I’ve heard is that unless you’re careful and out of the free first year tier, is that suddenly your AWS usage blooms into thousand of pounds a month. Having been charged £15 a month for static IP I can well believe it.
So that’s what I have so far. I think most of the time, we’ll go EC2 and then RDS. I’d put Cloudflare on the front unless I particularly needed a Route53 feature. Serverless is still in the land of dragons and Perl isn’t spectacularly well supported. I’d like to see a world where the code pipeline is under Amazon as well as horizontal scaling with the load balancers.
This would be hilarious if it weren’t so serious. About 50,000 people got their printers hacked and had promotional printouts for YouTube Vlogger “PewDiePie” printed out. This raises the question: HOW? In the real world we should all be behind firewalls, all our computers should have anti-malware software on. This should not be an issue. Printers should not be connected to the internet!
More seriously, it’s possible to destroy computers from afar by repeatedly writing to their firmware. This is not a desirable outcome.
Please folks, if you want to talk about security, there are people like me out there who are more than capable of doing a quick audit and vulnerability scan.
So, PHP and MySQL, two slightly suboptimal technologies run a fairly large chunk of the internet in the form of WordPress. You have the idea for a blog or maybe want to knock up a quick corporate web site. What’s your first step?
Choose a WordPress theme. There are loads out there, some free some paid for. My site of choice for finding themes free or otherwise is Themeforest. A fair number of the themes are free, and you can choose 2 or 3 column, responsive and so on.