Development Experience(s)

Testing vs. Monitoring-and-Acting Consider continuously running your main journeys in production! Order a CD every 25 minutes to ensure that things are OK! Don't run destructive tasks though ... ;-) This is an excellent way to identify things that are out of your reach when developing the software, such as changes in a firewall configuration (done by someone else, to resolve an issue elsewhere in your corporation). Canaries Make a checklist of what a good service is, deploy a new parallel version and redirect parts of the traffic to the canary, while monitoring its characteristics. If it fulfills the requirements of your checklist, it works and you can safely retire the old version of the service. UIs User Interfaces are compositional in nature. We don't want to interact with a system through its distinct parts - we want a cohesive experience. One way of accomplishing this, is to create BFFs, or Backends For Frontends : Other schools of thought call these

NDepend 6 is out; let's see what it can do for us! I got the latest bits and ran an analysis on an old project of mine - a MUD Bot. For such a small project, the dependency graph (depicted below) didn't tell me much that I didn't already know, but the code quality analysis was a lot more telling. NDepend quickly ran through its 273 queries, highlighting first an issue with a method being too complex. It was the ShortenPath  method in my NavigationModule  depicted to your right. Seeing the code, I immediately realized that I was lacking a crucial domain concept - that of a Path! A room in a MUD world doesn't just have exits  that can be represented as a string, but they can also be temporarily disabled, e.g. blocked by a locked door. Well, that was a quick win! One big reason to upgrade to NDepend 6, is to get support for Visual Studio 2015. From what I can tell, it doesn't yet support .NET Core projects, but I've gotten back to them about that, so

( This is a continuation post:  Part 1  discussed what Microservices are, capabilities, complexities, service modelling and collaboation styles; Part 2  discussed SOAP or HTTP services, splitting, databases, continuous integration, containers (docker), service location and service discovery ). Security Identify which of your data is sensitive within your domain. Talk to your team about the threats described in OWASP Top 10 : OWASP Top 10 - 2013 (Current Version) A1-Injection A2-Broken Authentication and Session Management A3-Cross-Site Scripting (XSS) A4-Insecure Direct Object References A5-Security Misconfiguration A6-Sensitive Data Exposure A7-Missing Function Level Access Control A8-Cross-Site Request Forgery (CSRF) A9-Using Components with Known Vulnerabilities A10-Unvalidated Redirects and Forwards Patch your OS! It will mitigate 70% of existing threats. Beware of wasp/bee mentality where we are happy with only a perimeter defense and reason that "any

( This is a continuation post ) SOAP or HTTP-services? HTTP-services ( sometimes referred to as REST services , even though they aren't following the required REST constraints ) benefit a lot more from HTTP infrastructure than SOAP services. SOAP services tend to get easier to start with, however, because of rigorous frameworks in most languages and on most platforms. Sam argued that RPC gets you started quicker - bigger initial bang for the buck - but that you pay for it later with greater complexity, as you need to address scaling, and that the reverse is true for HTTP-services. I agree. "Don't let the data model affect your API or Service Model", was his next advice. "Try to go the first few iterations without any persistence at all" (or write to a local, plain, text file). This is to hammer out your API and service interaction before locking yourself down to a storage model. Splitting Services Why would you want to split your services? M

This June, I had the opportunity to partake in Sam Newman's microservices workshop at NDC in Oslo. The attendees represented 10 different countries, including France, Germany, Iceland and the USA. I learnt a lot; here are my notes and reflections: Format and facilitator Sam started out by letting each participant to briefly introduce themselves and tell their fellow participants what they'd like to get out of the class, writing down  each topic on a magic whiteboard , so that he could adjust his workshop based on our wishes! He then proceeded to check off each subject as he addressed them. Needless to say, I was impressed how he snipped bits out of 5 other presentations to get us the most value out of our workshop. He was also very honest about subjects where he didn't have enough knowledge in the subject matter , enabling the class to "learn together", i.e. have an open discussion and contribute, sharing knowledge amongst the participants. What are Micros