0 Comments

Dieses Jahr nahm ich zum ersten Mal (mit meinen Kollegen) an der BASTA teil. Remote, weil ich dafür nicht nach Mainz fahren wollte. Und auch nur zwei Tage: ein Session-Tag (Dienstag) und ein Workshop-Tag (Freitag). Hier ein paar Notizen zu Dienstag…

Keynote: Zurück in die Zukunft: AI-driven Software Development

Präsentation von Jörg Neumann und Neno Loje (Link zu Video auf entwickler.de)

Die Keynote hat mir erstaunlich gut gefallen. Wahrscheinlich, weil ich bisher noch keine Künstliche Intelligenz beim Arbeiten genutzt habe, das Thema spannend ist, sich viel verändert, und ich es sicherlich in Zukunft einsetzen werde.

allgemein: Codegenerierung via ChatGPT, AI auf eigenen Daten trainieren: https://meetcody.ai/

Integration von KI in Entwicklung: Cody, Github Copilot (Plugins in VS Code, VS, JetBrains IDE)

  • Code schreiben lassen (anhand von Kommentaren)
  • Code analysieren lassen
  • Code anpassen / verbessern lassen
  • UnitTests generieren lassen


Azure: eigenes ChatGPT aufsetzen
theforgeai.com: mehrere KIs miteinander kombinieren und Abläufe definieren (verschiedene Rollen - wie im agile team)

Fazit: Ich denke, dass KI uns helfen kann: Wir müssten Szenarien identifizieren, wo KI uns helfen kann, und es dann dort ausprobieren. Daten- und Code-Sicherheit muss natürlich gegeben sein. Auch das Know-How um die Anpassungen / Erstellungen der KI zu analysieren, zu verbessern.
Wir sind (zu) wenige Leute in unserer Firma: KI kann uns Arbeit abnehmen. Dadurch können wir uns auf andere wichtige Sachen konzentrieren.

Sessions

1. Backends ausfallsicher gestalten

Präsentation von Patrick Schnell

Definition Ausfallsicherheit

Event-Driven-Design

2023-09-26_11h20_30

Module, die über http kommunizieren, entspricht nicht EDD

Event-Hub / Message-Queue

Beispiele: Redis (einfach), RabbitMQ, …

Stateful vs. Stateless: Vor- und Nachteile

Fazit: Nur an der Oberfläche gekratzt. Nicht viel was ich da mitnehmen konnte, oder was wir da nutzen können. Aber gut sich dieses Konzept mal wieder zu vergegenwärtigen.


2. Simple Ways to Make Webhook Security Better

Präsentation von Scott McAllister

webhooks.fyi: open source resource for webhook security

Webhook Provider – Webhook Message

why webhooks:

  • simple protocol: http
  • simple payload: JSON, XML
  • tech stack agnostic
  • share state between systems
  • easy to test and mock

security issues: (listener does not know when a message will come through)

  • interception
  • impersonation
  • modification / manipulation
  • replay attacks

security measures:

  • One Time Verification (example: Smartsheet: verifies that subscriber has control over their domain)
  • Shared Secret
  • Hash-based Message Authentication (HMAC)
  • Asymmetric Keys
  • Mutual TLS Authentication
  • Dataless Notifications (listener only gets IDs, listener than has to make API call with authentication)
  • Replay Prevention (concatenate timestamp to payload with timestamp validation)

TODOs for Providers: https, document all the things (show payload example, demonstrate verification, show end-to-end process)

TODOs for Listeners: check for hash, signature

Fazit: Ein guter Überblick über die potentiellen Schwachstellen. Gut dargestellt anhand eines github Webhooks. Da wir potentiell auch Webhooks bereitstellen (derzeit via "Dataless Notifications"), ist das gut im Hinterkopf zu behalten.


3. Leveraging Generative AI, Chatbots and Personalization to Improve Your Digital Experience

Präsentation von Petar Grigorov

What is the best way for humanity to live / survive on earth: empathy, kindness, sharing stories

AI in CMS

AI in Personalization

Fazit: Etwas langatmiger Vortrag, der zum Punkt zu kommen schien.


4. Agiles Recruitment und enttäuschte Erwartungshaltungen

Präsentation von Candide Bekono

Agiles Vorstellungsgespräch: verschiedene Personen im Einstellungsteam haben (Beurteilung aus unterschiedlichen Perspektiven), Authentizität

Feedback von Kandidaten und Einstellungsteam einholen: nach Gesprächen, warum möchte Kandidat nicht zum Unternehmen

Kandidatenzentrierter Ansatz: Anpassung der Rekrutierungserfahrung an Bedürfnisse, Präferenzen, Erwartungen der Kandidaten

Pipeline Management: Pflege zu potentiellen / ehemaligen Kandidatinnen (aufwendig)

Selektion: Definition wesentlicher Kriterien und die messen

warum agile Rekrutierungsprozesse: schneller lernen was funktioniert, ausprobieren (Anpassung Stellenanzeige), anpassen des Prozesses (requirements, sourcing, …)

2023-09-26_16h27_15

Reflektierung der Kandidaten: Job Fit, Unternehmenskultur

Erwartungen der Arbeitgeber:

  • Fähigkeiten, Erfahrungen
  • Cultural Fit
  • Kommunikation, Reaktionszeit
  • Interesse und Begeisterung der Kandidaten
  • Langfristiges Engagement

Fazit: Beim Einstellungsprozess kürzere Feedbackzyklen anstreben, Dinge ausprobieren, auswerten, anpassen (agile). Präsentator betonte auch immer wieder, dass das Auswerten nicht vernachlässigt werden darf (aber oft wird – wie bei uns).

5. Done oder nicht done? Strategien für auslieferfähige Inkremente in jedem Sprint

Präsentation von Thomas Schissler

warum Done-Inkremente: Unsicherheiten minimieren, Blindflugzeiten reduzieren

2023-09-26_17h15_57

-----

Bauen wir das, was den größten Mehrwert liefert?

Annahmen überprüfen

Feedback – nicht nur von Kunden (technisches Feedback von Entwicklern)

-----

Passt unsere Qualität?

Missverständnisse früh aufdecken

Überraschungen vermeiden

-----

Wie können wir unser Vorgehen verbessern?

Indikatoren für Verbesserungen

Ausprobieren, Lernen, Verbessern

-----


Vorgehen:

  • Durchstich definieren
  • Abnahmekriterien definieren
  • Sonderfälle erstmal weglassen

Swarming: alle Entwickler an einem Projekt, statt an verschiedenen – damit zumindest einige Projekte innerhalb des Sprints fertig sind

Nebeneffekte von Swarming: daily scrum, sprint planning nicht mehr aneinander vorbei / nebeneinander (mehr Interesse da, weil alle am selben Projekt arbeiten)

Continuous Integration: Branches sollten eigentlich nicht alt werden – da möglichst innerhalb eines Sprints in development reingemergt (siehe auch feature toggles statt branches)

Continuous Testing: nicht erst nach dem Entwickeln testen, sondern schon parallel

Leidenschaft für das Produkt kann durch Done-Inkremente gesteigert werden

Definition of Done: einstellbar durch Developer, immer wieder anpassen (für nächsten Sprint) um bestehende Probleme (nicht auslieferbar, ausbremsende Dinge) zu vermeiden

Fazit: Ein mitreißender Vortrag (vor allem wegen des Vortragenden) über Themen, die wir auch mehr in unseren Alltag integrieren können.

0 Comments

the task:

Set a recurring reminder in the meetings-channel so that every week a different person (rotating through all the people in the company) has the duty of being meeting-master – with the name of the person who is meeting master that week in the message.

the obstacle:

Setting recurring reminders in Slack via the /remind is a pain. (I know the task is possible to set up with the vanilla /remind command, but it always takes me quite a while to figure out the right syntax after not using the command for a year.)

the occasion:

Every two weeks everyone at discoverize has the opportunity to use a few hours for somthing “funky”.

the path + the solution:

At first I thought I would program a .NET Core application which sends messages to Slack at the appriopriate times with the appropriate person as meeting-master. Then my toughts wandered to background tasks (which right now we also use in a different service). And I found Hangfire which would persist the tasks for me, making my life easier – on the downside of using a third-party app.

I already started to look into our Slack apps to create a new one (to follow this tutorial), but then realized that there probably already are Slack apps out there doing a better job of helping to create recurring reminders. And since my time was already dwindeling away, I just searched and compared apps. I landed on RemindUs, installed it to our Slack and started using it. It seems to do the job well enough. Task accomplished.

update:

After testing out RemindUs it did not suit our use case well. It did not convert a @user statement in a message to an alert to that user. Furthermore the layout and text was that of a reminder (of course) which felt weird. We just want a message to appear repeatedly as if it was just entered by a bot/user.

I researched other Slack Apps, but only paid ones did the thing I needed. And for this simple usage I do not want to pay a monthly amount of 6 Dollars or more.

So I reverted to vanilla Slack and the /remind command. Here is the usage in our use case:

/remind #_meetings "@anton - you are meeting master this week" on 08.05.2023 every five weeks

And then setting up this reminder for every team member in meeting master rotation one week apart.

0 Comments

This year the Developer Open Space took place in a new location: Basislager Coworking. (Of course I have that space in my portal: https://coworking-spaces.info/basislager-coworking-leipzig) The atmosphere has improved, especially since we could use the rooms without having to close for the night between Friday and Sunday. The organization was top as every year – thanks Olga and Torsten. It was a pleasure to attend – I like to go there every year. What follows now are short notes and summaries:

Workshop: JavaScript, React and GraphQL

  • we used Atomic Design to model our requirements
  • Mike lectured us about GraphQL, we dove into Apollo GraphQL
    • queries and mutations – separate components accordingly
    • GraphQL simplifies data details in the queries (in comparison to REST services, for instance): you can specify what data exactly you want to retrieve without having to create a new service endpoint for that (in REST you need multiple end-points for different types and combination of types)
    • GraphQL saves requests and data transfer, simplifies end-points
    • many Links possible: decide which service takes care of which queries (client, state, http)
  • Mikes library (see workshop branch)
  • GraphQL hub and playground
  • teamaton: We might use it for a side project, but it increases the complexity quite a bit (queries have to written and translated).

Session: Cypress

  • cypress is a framework for frontend testing which can be part of continuous integration (CI –> TeamCity)
  • is an alternative to Selenium (or coypu)
  • can run on headless chrome or electron, can run locally
  • LocalStorage in browser can be manipulated (for instance to simulate logged-in user), to separate testing concerns
  • cypress provides snapshots for each test step
  • build up a library example:
    • define features in cucumber (usually with QA)
    • reuse steps where possible
    • translate steps into cypress language
  • teamaton:We might want to write integration tests for important features and run them after each stage deployment.

Session: Time Tracking

  • HourGlass plugin for RedMine: connection to US/Bug –> immediate labels, open source, mobile App, Git integration
  • programmers do not really want to track time – only if needed, it needs to be simple
  • managers want to have a Freeze Time: everything what came before that (in that project) cannot be changed anymore (has been transferred to an invoice)
  • ManicTime: records which programs you have been working in – can be tagged afterwards
  • Netresearch TimeTracker: JIRA synchronization (JIRA could be an alternative for us to Zendesk)
  • teamaton: lemon: no example on marketing page (getlemon.com), so it cannot be shown very well (we had one in the olden times)
  • teamaton: An integration with PivotalTracker does not seem reasonable: Starting US/Bug in PT results in starting record in lemon, record will be stopped as soon as US/Bug is finished in PT. Too many exceptions I can think of. Code review and testing would still need manual starts/stops in lemon.

Session: Key Performance Indicator

  • formulate goals –> define success parameters –> measure (automated): predefine boundaries for “not good”, “good”, “very good”
  • for instance “delight customers”: What are success parameters for teamaton? How can we measure them?
  • ask customers what they want –> formulate goals out of feedback
  • feature development: KPI: estimation vs. actual hours
  • use KPIs for self reflection in team (for instance code issues per code line per person) –> celebrate successes
  • teamaton: Do we have a need to make “delight customers” more measurable? I generally like the “ask customers what they want –> formulate goals out of feedback” – if we think about finding out what portal owners want.

Session: BenchmarkDotNet

  • can be used after profiling to measure impact of changes in code
  • BenchmarkDotNet should only be used on code fragment / function
  • runs both code versions many, many times and compares results – can take some time
  • Could it be used in Continuous Integration? Maybe for critical methods which need to be fast?
  • teamaton: I think we do not need this.

Session: Azure, AWS, Google Cloud

  • abstraction of hardware and OS – no need to worry about these, you get CDNs
  • might cost more on the face of it, but you save admin costs, license costs, scaling costs (paying just what you are using)
  • Azure functions: lightweight processes
  • firebase alternative: heroku
  • teamaton: In the long-term we probably need to be more flexible and reactive: adding resources if portals need more, move quickly from faulty instance (server) to another one. Oliver’s proposal to use containers might be a beginning in mid-term. Maybe using VMs to faster setup environments could also help.

Session: ASP.NET Core

  • PageModel instead of Controller: controller and model in one
  • .NET Core is generally faster than .NET Framework: less legacy, re-implemented from scratch
  • teamaton: Use .NET Core for next new projects!

Session: How to Collect Requirements Well

  • path-to-requirementsflow: event storming and/or domain storytelling (customer with sales person) results in User Stories (one US per event or action), structure USs in Epics, add key specifications (gherkin: who+what+why) to USs, use Story Mapping to plan releases, refine USs with Specifications
  • create prototypes (sketches) for fast feedback
  • treat customer as part of the team: make sure team can contact customer with follow-up questions
  • teamaton: Maybe use event storming to show customer discoverize and see where customers process overlaps with our software and where customer needs more features.
  • teamaton: For more complex features we might want to use part of this flow: to better understand the needs of the customer, to address most questions beforehand, to make better architectural decisions, to implement features faster (because of better specifications).

Session: Nothing / Psychology

  • be aware of the psychology of words: for instance “technical debt” – you might want to use a different term, like “software betterment”, “actually ok” – address the reservations
  • men vs. women: there is a region “nothing” which only gets activated in men’s brains (in MRT): seems like men really can think about nothing if a subject does not fit a category (brain region), women jump from one category to another if something does not fit (I have requested more literature on this, because I could not believe that there is such a definite distinction between the sexes. Will read about that soon.)
  • “do sometime later” – We should ask ourselves: When is “sometime later”? Is it never?
  • How can you change the behavior of someone (for instance to use a clean code pattern)?
    • invite to make new experiences
    • be a good role model
    • prepare the change well
    • allow for as few obstacles as possible, so that that someone does not have to jump too high / change too much
  • try to do a meeting like an Open Space
  • teamaton: Do more DiscoTECH: might result in perceptive improvements, could lead to feeling of mastery (one of the key motivators for creative people: autonomy, mastery, purpose)

Session: JavaScript Frameworks

  • vue.js
    • has an extra GUI to create projects, add libraries, install packets, run server
    • similar to react/redux (state mangement)
    • HTML not inline, but in a template
    • change-management: looks like magic, difficult to grasp for big sites (simpler in react on component level)
    • relatively light-weight
  • ag-grid: table infrastructure for multiple JS frameworks
  • Angular:
    • a bit unwieldy, large
    • documentation not as fast as platform development
    • is here to stay: used by Google and Microsoft for projects
  • discordapp: many discussions about JS frameworks in forums, fast help with problems

Session: Team Organization

team-organisation

  • playing :) cooperative game (street kitchen) to test out different communication strategies (silence, without preparation, with preparation, with feedback loop, specialized, one meal per player, …)
  • best score when everyone has a specialization on one or two tasks, helping out the tasks in the chain before or after, with directions in-between the players

Session: Distributed Teams

  • use digital white board when brainstorming or talking about features
  • Visual Studio has live-sharing option: both people working on same machine, no need to merge
  • working in different time zones / during different times: it’s just a matter of getting used to
  • teamaton: information asymmetry due to people being in office or alone: tackle by posting a summary of discussions / infos in slack
  • teamaton: get together more often (do not forget to repeat Brzezno)

Session: Hands-On Configuration of a Azure Function

  • helping in a specific case: update information after every git commit to repository

Session: Objectives and Key Results

  • objectives should be inspiring, motivating to help team outperform
  • objectives should be challenging – therefore not often suitable for continuous development cycles (KPIs have been developed for product development)
  • choose objectives so that they are achievable in 50% of the cases
  • break down quarterly OKRs into 4-week priorities, and then into weekly priorities
  • objectives could be: customer satisfaction, code health metrics like not too many bugs, team satisfaction, number of unit tests
  • teamaton: Andréj already has looked into OKRs.

Session: Culture Hacks (did not attend)

culture-hacks-2

 

culture-hacks-1

0 Comments

We had the problem that one domain (freenet.de) started replying with “550-inconsistent or no DNS PTR record for <IPv6> (see RFC 550 1912 2.1)”. Seems that they started checking whether the reverse DNS to the IP is a plausible one. (DNS PTR record and Revese DNS Entry are synonyms.)

Trying to set reverse DNS for IPv6

On one server we never even set the DNS PTR record for the IPv4 – we adjusted that. Yet the webtropia (our server hoster) interface for the reverse DNS for IPv6 did not work – no feedback, nothing. We asked the support which replied to just disable IPv6 on the server for the network adapter.

Trying to disable IPv6

I removed the check for IPv6 in the network adaptor. Now I could send mails to freenet.de again. But a few days later we got the same error. Seemed like our hMailServer still used the IPv6 to send emails. Looking into the issue I was about to disable IPv6 for good via the registry.

Setting IP binding in hMailServer

Before restarting the server I checked the hMailServer logs. Turns out that hMailServer tries to send via the IPv4 first, but gets a "457 Greylisted, please come back later" reply. (That is normal behaviour to avoid spams when the triplet (IP, sender, recipient) has not occurred yet.) Only after a few tries hMailServer uses the IPv6 to send, which results in the above mentioned 550 error. Another search brought up a setting in hMailServer where you can explicitly state which IP it should use for sending (Settings/Protocols/SMTP –> Advanced –> "Bind to local IP address"). After configuring that sending emails worked again without problems.

0 Comments

We use multiple build steps in our TeamCity configuration. One build step runs NUnit on our test project dll. If it fails some tests the build status is set to failed but the build step status may not be set to failed (even if process returns 1 – which usually corresponds to failed)!

We use TeamCity Professional 2017.1.3 with the following failure conditions for our configuration:

2017-08-18_14h05_58

And we used the following setting in all subsequent build steps after the NUnit build step:

2017-08-18_14h07_56

We had to change that setting to “Only if build status successful” (thanks to Ahmed on stackoverflow):

2017-08-18_14h11_09

That way we can stop within one build configuration after unit tests fail and before we deploy :).