2015 goto

Here are some of my learnings, inspirations and thoughts from the Goto Conference 2015 Berlin in Berlin:

• Security
• Architecture
• Infrastructure
• Collaboration
• UX
• Programming

Security

Microservices - a security Nightmare?

• Microservices do not only introduce new vulnerabilities, they do also have a positive effect on security
  • breaches are limited
  • data is not shared,
  • CD of small services makes fixes very fast
  • "Zoo" of technologies limits exploits to certain services
• Security should be part of the DOD, it must be "baked into" the software
  • SecOps needed!
  • Sec Trainings needed
• Security Tests should be part of CI
• There are security measures to secure docker
  • There's an ebook: Docker Security
  • There are tools to scan images for vulnerabilities
• You should run apps with different security levels on different hosts

Architecture

DDD and Microservices

• Different services speak and understand possibly different languages
• A service can conform the language of another service
  • "If I conform to a mess - what does it make me?" (this is also transitive ...)
  • To prevent close coupling, an Anti-Corruption layer can be applied
• Not all of a large system will be well designed
• "Models need to be clear, not big."
  • It's better to have multiple small models, instead of few big ones
• Contexts (the setting that determines the meaning of a word) do not necessarily correspond to a single service - they might emerge from different services
  

Infrastructure

Consul

• Consul offers Service Discovery, Load Balancing, a Key-Value storage and some more stuff

Docker Orchestration

• There are cool Docker Orchestration Tools: Docker machine, Docker compose, Docker swarm, Docker network
• https://www.digitalocean.com/ can easily be used to host docker Test Setups
• DCOS and Kubernetes look interesting
  • Slides of Kubernetes on Top of Mesos on Top of DCOS
  • Run DCOS on AWS

Collaboration

How to Lead your Leaders:

• Understand that managers often do not understand you
  • help them to understand, become a teacher
  • do it in private
• Assign work to your manager:
  • give away management suitable tasks you can not really solve yourself
  • everybody likes to feel useful, accomplishment is fun
• help your boss succeed
  • success leads to more trust and freedom
  • "Its amazing what you can accomplish, when nobody care who takes the credit" => let the manager get the credit
  • keep up a good communication
• think different
  
  • have empathy for people that need to adopt a new way of thinking
  • help others by sharing your "light-bulb" moments in form of questions
    • e.g. "In which way is ... helping us, to reach our goal?"

UX

You don't always get what you want

• always test your designs
  • every nice design done in theory will fail in front of users
  • make videos of people using your software
  • validate design choices early
• if you want people to read something, make it short!
• designing a clear UI exposes business logic flaws
• allow graceful recovery from mistakes
  • make short pages of longer forms
• make people feel uncomfortable, until users do not 

Programming

Improving Correctness with Types:

• Defensive programming creates a lot of boilerplate code, hides errors and makes code more difficult to understand
• Use side-effect free functions with immutable data structures
• Use total functions (instead of partial functions)
• Shrink domain and range of a function as much as possible
  • e.g. 
    • Wrapper types in Scala (allows to reduce the possible values for a String)
    • non-empty lists
    • sealed traits
  • reduces the amount of test cases needed, because the compiler ensures only valid values are passed to a function call
• "The purpose of abstraction is not to be vague, but to create new semantic level in which one can be absolutely precise" Dijkstra

Paradigm: Functional Programming

• both functional programming and OO programming have their pros and cons - be open to both and profit from the advantages out of both worlds
• Good learning portal for Clojure: https://www.4clojure.com/

Lambdas all the way down

• Otto uses spark, HDFS, python & clojure for some parts of their software (e.g. recommendations)
• spark is used to distribute function calls on multiple nodes
• an immutable file system is a good fit for batch-processing
• core.async is a cool clojure library that provides async channels 
• In the experience of Christian Stamm, Clojure development is much faster (among others because of missing type system)

Thinking in a Highly Concurrent, Mostly-functional Languare

• Whatsapp backend is written in erlang :-)
• It is much easier and less error prone to handle immutable state in a concurrent environment
• Erlangs concurrency model is interesting (see talk notes)