Posts

Showing posts from August, 2023

Shallow vs Deep Mindset

Image
Every single activity we do in engineering is an opportunity. We need to see this way, with positivity, and do more than we are asked to. That's how we improve. PRO players from football, basketball, or any pro sports, practice like there is no tomorrow. Practice or training is one dimension, and another dimension is vision, we need to be able to see things differently. For instance, we live in an attention economy , the issue with such an economy is that is shallow, so we live in a shallow attention economy. We need to start seeing the opportunities and encouraging a deep mindset instead of a shallow mindset. A shallow mindset is okay as a starting point, but quickly we need to switch to a deep mindset. It's all about vision because we can execute the very same task with completely different takes: Shallow vs Deep Mindsets. 

Embedded Mocks and Hidden Contracts

Image
Testing is essential . Testing requires diversity, from integration to chaos , from your local machine to production . Writing tests not always is fun because sometimes is hard to write tests because not all contracts are good, and clean and went through a lot of thought processes. Is easy to blame the design, architecture, and even the implementation, but are we sure we are not missing anything? Something that is hard to test very likely will not be tested. Testability is a good property of any design or architecture sure. Making good solutions that are easy to test is a good thing. However, mocking is often taken for granted, meaning is seen as something that is just good and has no drawbacks, but that is not true. Everything has drawbacks. Integration tests are often seen as bad practices and people tend to lean toward unit tests instead. Just keep in mind Integration tests don't require mocks. Unit tests often require mocks to keep them isolated and cut off external dependencie

Fighting Complexity

Image
Complexity is everywhere. Small, medium, or big company, does not matter, no one can escape complexity. Complexity just tends to get bigger, we depend on software more and more. Ask yourself, if your subscriptions on iPhone are increasing or decreasing in the last 5 years. There is more competition, and more streaming providers, and everything becomes a subscription, from grocery to transportation to even video games. Complexity increases, maintainability decreases, and maintaining software becomes harder. More software, more complexity. Complexity needs to be fought 24x7 at all times. However, how can we figure out something if we don't fully understand it? Is easy to just give up and do whatever since there is no escape, but there is a better way, we can do better. So what is complexity after all?

Tokenization, Encryption and Compensation Controls

Image
Security Matters. How do you know you are secure? One of the many practices is to run Threat Analysis considering attacking vectors.  Threat Modeling should be a continuous activity. Movements like DevSecOps aim to put security on the day-to-day work. Cybersecurity Ventures predicts costs will grow 15% per year over the next five years reaching 10.5 Trillion USD by 2025. Security is a never-ending game. Security is something companies will need to do forever. IF they cost more and more, maybe we should get better and learn more about security. Lack of security can destroy a brand, and damage the customer's trust and relationship with your solutions. Security is difficult because it cannot be fixed in a central place with one tool, it requires principles and continuous fighting. There are infinite amounts of attack vectors. Common attacking vectors include compromised credentials: users/passwords, weak credentials: low entropy passwords, Insider Threats: from bad actors,  Misconf