Architecture is the Hard Parts. Don’t rush into it!

I talk with a lot of people who are new in the industry. They're usually either just out of school or recently graduated from a boot camp and transitioning into a new career. Throughout these conversations, I ask what excites them about software, what they want to learn next or their career goals. I'm always… Continue reading Architecture is the Hard Parts. Don’t rush into it!

Lean into the Edge Effect for Engineering Velocity

Recently, someone at work asked me to weigh in on my experience with Developer Productivity and Velocity. I love this topic so much. There are a ton of different areas to explore. It's a delightful topic to dig into with a team that is currently "underperforming," according to them or someone else in their org.… Continue reading Lean into the Edge Effect for Engineering Velocity

Observability isn’t Monitoring, and it’s useless without Analysis

Time for some buzzword bingo. Monitoring and Observability are often used interchangeably. They’re usually seen in the context of discussions about architecture and distributed systems, with Observability being touted as the “new kid on the block.” or "rebranded monitoring." It’s not new, though. Nor is it the same thing as Monitoring. Despite the typical jaded… Continue reading Observability isn’t Monitoring, and it’s useless without Analysis

You Aren’t Just a Developer, You’re a Polyglot

And that doesn't mean you can write both Java and C#. Software development as a craft is an exercise in being multilingual. The most primitive view (read: outmoded) of a software engineer doing their job is someone who rolls into work at 10:30 am, just in time for standup. Right after our Socially Compulsory Run-on… Continue reading You Aren’t Just a Developer, You’re a Polyglot

Stop committing secrets

Anything that is secret or varies per environment is configuration (though not all configuration is secret). Configuration should never be part of the application. Therefore it doesn't belong in version control and should never be committed. Inject these arguments dynamically as part of a CI / CD workflow and never expose them to the client.… Continue reading Stop committing secrets

RIFM: AWS Key Management Service Best Practices

Whitepaper (Amazon) Whitepaper (Backup) TL;DR AWS KMS makes securing your information easy(ier) by abstracting the availability, physical security, and maintenance concerns of cryptographic implementations. Thanks to a first class integration in AWS you can benefit from tight integrations with the rest of the services they provide, all while providing exceptional logging to help meet compliance… Continue reading RIFM: AWS Key Management Service Best Practices

AWS S3 Policies List* vs Get*

TL;DR If you are are running into problems with ListObject or any other List command using the S3 SDK, make sure your policy statement specifies List at the bucket level, and Get at the object level. Wrong { "Version": "2012-10-17", "Statement": [ { "Sid": "S3Config", "Effect": "Allow", "Action": [ "s3:Get*", "s3:List*" ], "Resource": [ "arn:aws:s3:::bucket-name"… Continue reading AWS S3 Policies List* vs Get*