Posts

Showing posts from 2021

My first (flutter) mobile app accepted on the Apple store

Image
   Lessons learned to get my first mobile application approved by Apple: Change the default string for the reason location is being requested. Don't submit screenshots with the default "Debug" overlay that Flutter provides.

Innersource Summit - How GitLab breaks down barriers to increase collaboration during the software development process

Image
Innersource Summit - How GitLab breaks down barriers leveraging open-source processes to increase collaboration during the software development process It was a pleasure to present how GitLab breaks down barriers at the recent InnerSource summit.   DRI  (Directly responsible individual): Priorities for engineering teams are primarily set by product managers as the DRI in conjunction with their stakeholders, including the engineering managers, sales, support, etc. The backlog is actively managed by the product manager and engineering manager. Transparency : Employees can comment on any epics and the issues they break down into.  The general public can also do this for a significant portion of them.   The author of a change can be an employee on a team responsible for a section of code, an employee from another team, or the general public. The author creates and tests the change manually and by observing the results of the automated test cases and security scanning. Th...

Fail Faster Podcast Continuous Growth with Continuous Iteration

Image
 It was great to be a part of the Fail Faster #podcast.  The theme was Continuous Growth with Continuous Iteration. We talk about how bringing transparency and constantly iterating leads to growth and fulfillment. We also discussed applying machine learning to improve the user experience. Podcast link

Top five actions engineers should take based on the OWASP Top 10 2021 security updates

Image
Blog My blog on the top five actions engineers should take based on the OWASP Top 10 2021 security updates was published today.  Blog: https://about.gitlab.com/blog/2021/11/15/top-five-actions-owasp-2021/ Trends It was also great to see the OWASP top 10 trends over the years graph that I created used in this GitLab blog and by others outside the company who came across it and found it to be useful.  It even made the front page of hackernews for a short time 😀 https://news.ycombinator.com/item?id=28938504 Animation: https://public.flourish.studio/visualisation/7574790/?utm_source=embed&utm_campaign=visualisation/7574790 Static:

GitLab issue to email monitoring from inception to live in a few weeks

Image
  I had an idea to help make GitLab team members more proactively aware of email delivery issues that can cause issues for our user base. I was able to "get my hands dirty again" and wrote some code for an MVC. Fun! I collaborated with a couple of team members to improve my plans. Nice! I released it open-source. Check it out here: https://gitlab.com/gitlab-org/growth/issue-to-email-monitor/-/blob/main/README.md Cool! I brought it live. Sweet! I am now open to volunteers to collaborate to improve it (both GitLab team members and the general public). Marvelous!   In other words..#anyonecancontribute A little about the monitor: This monitor determines if there are issues observing from the time a GitLab issue is created to the time an email about the issue is received. This allows us to know how long the emails take to be delivered as this can impact user satisfaction based on the timeliness of receiving these updates. Many of the same components are used as a part o...

Great discussion with Sai Charan Paloju from the Smart Cherrys podcast

Image
 Great discussion with  Wayne Haber is Director of Engineering said about his work, How things works And What Drives Him, His Motivation, How He Solves Problems Get Solutions, Some Crucial And Key Points Was Intriguing, Its Nice To Project Him On My Show.

Reliability Training for Developers

Image
 It was a fun project to lead the effort to put together this reliability training for developers.   At GitLab, we have a focus on reliability in engineering. We have made many changes to our handbook, production documentation, and processes. While we have announced them via multimodal communication (engineering week in review document, slack, email, meetings, etc), not everyone has likely seen and internalized all of the important changes. We gathered all the crucial changes, explain why we made them, discuss a summary, and link to where you can find more information. Most of this training is available to the public. Some content is GitLab specific and some apply to any company focusing on reliability in engineering. The topics include:     The business impact of reliability     Reliability and values     Blameless culture     Limiting the impact of far-reaching work     Risk mapping    ...

How to get a better tech job - podcast interview

Image
I did a podcast interview a couple of weeks ago about engineering recruiting from both the candidate and hiring manager perspectives. Check it out!   Watch this unique interview with GitLab's Director of Engineering, Wayne Haber, who gives hands-on tips on what can any software developer do to increase a chance of landing a superb Tech job... such as the one at GitLab!    

Production First Mindset Podcast

Image
  I enjoyed my podcast discussion with Liran from the Production First Mindset.  We discussed error budgets, managing different deployment models, deployment velocity, growth engineering, and more. You can listen here

Scaling Tech Organizations - CTO of Reddit

Image
It had great fun facilitating a Q&A session with the CTO of Reddit at the PlatoHQ Elevate conference. The topic was scaling technical organizations. 

Security Shouldn’t be a Secret. Why Transparency Matters - OWASP Los Angeles

Image
My presentation on security and transparency at GitLab with OWASP Los Angeles. I kicked off the presentation with my first attempt at humor (after taking a public speaking class with a standup comedian).  Please let me know if it lands or bombs!  The presentation covers: Examples of transparency in security Benefits and risks How you can increase transparency in your organization Slides available here:   https://drive.google.com/file/d/1knHejc1xgQ6TRozL4z-S4zvy8Ejo0qZI/view      

Zoom meeting best practices

Image
  My Zoom meeting best practices (also now in my engineer read me): If I don't have my video feed on, it is likely because I am listening but multitasking (working on something, doing something at home, etc) and I don't want those other activities to be distracting to the meeting attendees. I will sometimes use the Zoom emoji feature rather than interrupting the speaker to express my feedback on something. I find that this allows me to provide feedback without interrupting whoever is speaking. I am working on interrupting people less, slowing down my pace, and pausing more often. This is to increase the clarity of what I am communicating while also increasing my emotional intelligence. I am getting real-time feedback on this via a system called Poised . In particular, rather than interrupting a speaker when I have something to say, I am trying to indicate that via non-verbal communication via video. Photo by iyus sugiharto on Unsplash  

My notes on No Rules Rules: Netflix and the Culture of Reinvention

Image
  Summary Value people over process Emphasize innovation over efficiency Minimize controls Talent density Talented people make one another more effective. High performers thrive where talent density is high. Adequate performers: Sap manager’s energy Reduces the quality of discussions Cause others to work around them Drive people who seek excellent to quit Show the team that the leader accepts mediocrity Jerks, slackers, and sweet people with non-stellar performance, or pessimists on the team will bring down the performance of everyone. Feedback Put feedback on the agenda of every one on one meeting. Don’t just ask for feedback, but show your team it is expected. Clarify the difference between being selflessly candid vs being a brilliant jerk Don’t seek to please your boss, seek to do what is best for the company. Innovation cycle: Farm for descent Test out big ideas Make your bet If it succeeds, celebrate. If it fails, sunshine it (learn from it and make it transparent so others ...

AMA : Transparency - A core value at GitLab

Image
  I did an AMA on "Transparency - A core value at GitLab" with PlatoHQ.  What a fun discussion!

Panel discussion on 20 years of agile - the good, the bad, and the ugly

Image
 I was able to participate in a great panel discussion on 20 years of agile - the good, the bad, and the ugly sponsored by Agile New England .   Details and contact information for the speakers.

Engineering productivity, metrics, & morale

Image
You will find below my talk (sponsored by the non-profit https://big-on.dev/ in Singapore) on engineering productivity, metrics, and morale.  The questions were awesome. 😎 It's all about psychological safety for the team for the best combination of team morale and team effectiveness. Summary Development metrics Team productivity: Per department and per team merge request (AKA pull request) rate, defined as the number of requests merged divided by the number of employees on that team Productivity of the review process : Open merge request review time Quality: Past due issues by severity and type (customer-facing, security, infrastructure) Web application performance:   LCP  (largest contentful paint)  Backend application health: Error budgets (error rates and performance analysis per service/endpoint) Investment: Issue count by weight by type (feature, bug, maintenance, other) GitLab-specific development metrics Team Morale Use a combination of sync (meeting) an...

Security Shouldn't be a Secret. Why Transparency Matters

Image
 Security Shouldn't be a Secret. Why Transparency Matters   Two discussions on this topic are below.   Interview with Security Weekly podcast Security can be somewhat of a mystery at a lot of organizations. Most companies choose to be tight-lipped about the security measures they have implemented. Rightfully so, there is an underlying fear that publicizing your security efforts could make you more vulnerable to security attacks and damage your reputation with your customers. However, there is another way. Transparency can be your ally in security.  In this interview, we will be talking about how transparency practices can lead to improved security. With transparency being one of our core values at GitLab, we will talk about the processes we have implemented to maintain our security stance while operating with the highest possible public transparency and how you can apply them to your enterprise to achieve increased security and transparency.  Recording:  I...

Nice to see this patent application I worked on with a peer published by the USPTO

Image
Systems and Methods for Distributed Extended Common Vulnerabilities and Exposures Data Management http://appft.uspto.gov/netacgi/nph-Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=/netahtml/PTO/search-bool.html&r=1&f=G&l=50&co1=AND&d=PG01&s1=20210112087&OS=20210112087&RS=20210112087 Abstract In one aspect, the present disclosure is directed to systems and methods for validating and securely storing security entry updates. The security entry update is received from a contributor, and broadcast to a plurality of computing nodes. It then is determined whether to validate the received security update at each computing node of the plurality of computing nodes. If the received security entry update is validated, information relating to the received security update is added as transaction information in a current block, the current block is included in a blockchain that is stored in a datastore of each computing ...

Kali Linux moves to GitLab

I am thrilled to see the article on Kali moving to GitLab finally published.  It was great to collaborate with the folks from Kali as I have been a fan of it for years! How GitLab helped Kali Linux attract a growing number of community contributions Since moving to GitLab in 2019, Kali Linux has gone from company-only contributions to a growing number of community contributions. Kali Linux is a well-loved Debian-based Linux distribution aimed at advanced Penetration Testing and Security Auditing. We sat down with Ben Wilson ( @g0tmi1k ), senior developer at Kali, to hear more about why Kali Linux moved to GitLab and see if they've noticed any changes to their project since adopting GitLab as their DevOps solution. ... Full blog here: https://about.gitlab.com/blog/2021/02/18/kali-linux-movingtogitlab/

The psychology of influence and hacking growth

Image
 I finished two books recently on the related topics of hacking growth and the psychology of influence.   My notes and excerpts are below.  They surely do not do the books justice as the books include essential details and great stories about these concepts in action. They also discuss how to influence others (with good intentions or bad intentions).  The influence book also includes recognizing when someone is attempting to influence you and how to react accordingly. Influence: The Psychology of Persuasion I highly recommend this book for everyone who wants to influence others or detect when someone is attempting to manipulate them. Influence patterns The primary influencing patterns are:     •    Reciprocation
     •    Commitment & consistency
     •    Social proof
     •    Liking
     •    Authority
  ...