Created with Sketch.
35 minutes | 6 days ago
Scaling Agile with Cesario Ramos
This episode is brought to you by me. If you like this show and want to support it, please visit my courses on Pluralsight and buy my new book "200 Things Developers Should Know", which is about Programming, Career, Troubleshooting, Dealing with Managers, Health, and much more. You can find my Pluralsight courses and the book at www.developerweeklypodcast.com/About Cesario Ramos works on large scale Agile product development all over the world in banking, insurance, and high tech industries. He started back in 1999 with eXtreme Programming and started his first Scrum Team back in 2002 and was the CTO at codecentric NL, a product manager at Atos, a consultant at Xebia, a hard-core Java developer and the lead software architect at PANalytical.Cesario is the author of the book ‘EMERGENT – Lean & Agile adoption for an innovative workplace’ and co- author of the book 'A Scrum Book’. He is a frequent invited speaker at conferences around the world and organizer of the international Large Scale Scrum (LeSS). He is also a Professional Scrum Trainer at scrum.org and a certified Life Coach and Team Coach. Show resources:AgileXConnect with Cesario on LinkedInCesario's book "Emergent" on Leanpub
38 minutes | 20 days ago
Containers are cool with Elton Stoneman
This episode is brought to you by me. If you like this show and want to support it, please visitmy courses on Pluralsight and buy my new book "200 Things Developers Should Know", which is about Programming, Career, Troubleshooting, Dealing with Managers, Health, and much more. You can find my Pluralsight courses and the book at www.developerweeklypodcast.com/About Elton is a freelance trainer and consultant, focusing on Docker, Kubernetes and Microsoft Azure. He spent a decade designing and building large enterprise applications using the Microsoft technology stack, then discovered the container revolution, joined Docker and worked with the team for three fast and furious years. Now he helps people break up those old enterprise apps and build new cloud-native apps - and run them all in Docker and Kubernetes. He speaks and runs workshops at conferences around the world, writes books and video courses and helps organizations at every stage in their container journey. Elton's an 11-time Microsoft MVP and a Docker Captain. Show resources:Elton's Container Show: https://eltons.show/Elton's excellent Pluralsight coursesElton's blogElton's booksGet a 35% discount on all Manning content by going to https://www.developerweeklypodcast.com/elton with code poddevweekly20Leave a review of the show and win a free copy of Elton's books
34 minutes | a month ago
GraphQL with Maarten Louage
This episode is brought to you by me. If you like this show and want to support it, please visitmy courses on Pluralsight and buy my new book "200 Things Developers Should Know", which is about Programming, Career, Troubleshooting, Dealing with Managers, Health, and much more. You can find my Pluralsight courses and the book at www.developerweeklypodcast.com/About Maarten Louage is a true .NET XPRT, currently working at XPRTZ. He has designed and developed large-scale distributed applications but finds also real pleasure in small applications. Besides solid knowledge of .NET, Maarten has a profound love for all things web related, both frontend and backend. Show resources:Follow Maarten on TwitterFollow Maarten on GitHubGraphql.comAppolloserver GraphQl
35 minutes | a month ago
Neurodiversity in tech with Elizabeth Schneider
This episode is brought to you by me. If you like this show and want to support it, please visitmy courses on Pluralsight and buy my new book "200 Things Developers Should Know", which is about Programming, Career, Troubleshooting, Dealing with Managers, Health, and much more. You can find my Pluralsight courses and the book at www.developerweeklypodcast.com/About Elizabeth is a self-taught engineer with a decade of working with DevOps patterns and practices. As a senior consultant with Microsoft Consultant Services, she helps clients with .NET, Kubernetes, and Azure. As an out Trans woman with Asperger's, Elizabeth advocates for neurodiversity and LGBT issues in the tech industry. In her free time, Elizabeth maintains the open-source project ZendeskAPI_v2 (https://github.com/Speedygeek/ZendeskApi_v2). Show resources:Follow Elizabeth on TwitterElizabeth's talk about neurodiversity at QconThe Atlassian Balanced Teams Diversity AssessmentEmpathy vs. Sympathy videos
38 minutes | 2 months ago
AMA #1 About Learning, Teaching, Career and more with Barry Luijbregts
This episode is brought to you by me. If you like this show and want to support it, please visitmy courses on Pluralsight and buy my new book "200 Things Developers Should Know", which is about Programming, Career, Troubleshooting, Dealing with Managers, Health, and much more. You can find my Pluralsight courses and the book at www.developerweeklypodcast.com/About Barry is an independent software architect and developer with a passion for the cloud. He is also a Pluralsight author and a podcast host. He has worked for lots of companies throughout the last decades and is keen to share his knowledge with the community. He has a broad and deep knowledge of the Microsoft stack with a special interest on web technology and the cloud. He currently teaches people about the benefits of the cloud. He lives in the Netherlands with his beautiful wife and kids and loves to play with their two Siberian huskies. You can reach Barry on Twitter @AzureBarry and through his website at https://www.azurebarry.com and check out his podcast “Developer Weekly” in your favorite podcast app or at https://www.developerweeklypodcast.com.Let me know what you think of the show by rating at in your favorite podcast player. You can easily do this by going to https://ratethispodcast.com/developerweekly. Show resources:Azure Tips and TricksThe book "Limitless" by Jim KwikBarry's Pluralsight coursesBarry's book "200 Things Developers Should Know" on Amazon
40 minutes | 2 months ago
A lot of Xamarin and a bit of MAUI with Gerald Versluis
This episode is brought to you by me. If you like this show and want to support it, please visitmy courses on Pluralsight and buy my new book "200 Things Developers Should Know", which is about Programming, Career, Troubleshooting, Dealing with Managers, Health, and much more. You can find my Pluralsight courses and the book at www.developerweeklypodcast.com/About Gerald Versluis (@jfversluis) is a software engineer at Microsoft from the Netherlands. With years of experience working with Azure, ASP.NET, DevOps, Xamarin and other .NET technologies, he has been involved in a number of different projects and has been building several real-world apps and solutions.Not only does he like to code, but he is also passionate about spreading his knowledge – as well as gaining some in the bargain. Gerald involves himself in speaking, providing training sessions and writing blogs (https://blog.verslu.is) or articles,live codingand contributing to open-source projects in his spare time. Twitter:@jfversluis| Website:https://gerald.verslu.isShow resources:Gerald's blogGerald's YouTube ChannelGerald on TwitchFollow Gerald on TwitterLet me know what you think of the show by rating at in your favorite podcast player. You can easily do this by going to https://ratethispodcast.com/developerweekly.
34 minutes | 2 months ago
What does a Project Manager do with Emily Luijbregts
This episode is brought to you by me. If you like this show and want to support it, please visitmy courses on Pluralsight and buy my new book "200 Things Developers Should Know", which is about Programming, Career, Troubleshooting, Dealing with Managers, Health, and much more. You can find my Pluralsight courses and the book at www.developerweeklypodcast.com/About Emily is a Project Manager with over 10 years experience in managing projects in a variety of international, complex situations. She specializes in working with remote teams and different cultures. Her passion is sharing knowledge and helping other Project Managers develop and overcome their difficulties. Show resources:Emily's blog: www.emthepm.comFollow Emily on TwitterConnect with Emily on LinkedInLet me know what you think of the show by rating at in your favorite podcast player. You can easily do this by going to https://ratethispodcast.com/developerweekly.
61 minutes | 2 months ago
RavenDB with Oren Eini
This episode is brought to you by me. If you like this show and want to support it, please visitmy courses on Pluralsight and buy my new book "200 Things Developers Should Know", which is about Programming, Career, Troubleshooting, Dealing with Managers, Health, and much more. You can find my Pluralsight courses and the book at www.developerweeklypodcast.com/About Oren Eini is the CEO of RavenDB, a NoSQL Distributed Database that's Fully Transactional (ACID) both across your database and throughout your database cluster. RavenDB Cloud is the Managed Cloud Service (DBaaS) for easy use.Oren Eini, aka Ayende Rahien, is a frequent blogger at ayende.com. He has over 20 years of experience in software development with a focus on the Microsoft and .NET ecosystem.Oren has been awarded Microsoft's Most Valuable Professional. He's an internationally acclaimed presenter appearing at DevTeach, JAOO, QCon, Oredev, NDC, Yow! and Progressive.NET conferences as well as authoring "Inside RavenDB", published by Hibernating Rhinos.He remains dedicated and focused on architecture and best practices that promote quality software and zero-friction development.Show resources:The RavenDB website https://ravendb.net/Follow Oren on TwitterOren's blogConnect with Oren on LinkedInFallacies of distributed computingLet me know what you think of the show by rating at in your favorite podcast player. You can easily do this by going to https://ratethispodcast.com/developerweekly.
32 minutes | 3 months ago
A Data Science Primer with Megan Bloemsma
This week, I talk with Megan Bloemsma about data science. We get into what data science is, what a data scientist does all day, what tools they use and also touch on services in Azure that you can use for data science. Please rate this podcast to let us know how we are doing: RateThisPodcast.com/developerweeklyMegan Bloemsma is a data scientist working for Microsoft, where she helps companies innovate through Azure technology. Making most of your data, and using algorithms to make the machines work for YOU is incredibly exciting. And she can't wait to share her learnings.Show resources:Follow Megan on TwitterMegan's personal website and blogwww.datacamp.comhttps://channel9.msdn.com/A Developer's Introduction to Data Science Video Series
44 minutes | 3 months ago
.NET 5 with Scott Hunter
This week, I talk with Scott Hunter about .NET 5. We talk about the .NET Ecosystem and what the next version, .NET 5, is going to bring and how it fits into the bigger picture. We also touch on .NET 6, which will make the ecosystem even more simple by absorbing the Xamarin runtimes. During our conversation, Scott talks about cool new features that are already available to use today. You don't want to miss this!Please rate this podcast to let us know how we are doing: RateThisPodcast.com/developerweeklyScott Hunter is responsible for the Microsoft’s .NET platform, which includes the .NET Framework, .NET Core, ASP.NET, Entity Framework, .NET Tools, Web Tools and the managed languages (C#, F# and VB). Prior to leading the .NET Platform, Hunter helped the Azure Developer Experience team build the Azure SDK’s, App Service Tooling, Azure Cache for Redis, Azure API Management, ASP.NET, Entity Framework and the Web Tooling. In his spare time he loves hiking mountains in Washington State and around the world. Show resources:Follow Scott on TwitterThe .NET blogThe latest edition of .NET Conf
48 minutes | 3 months ago
Building a Personal Brand and a Bit About SQL with Pinal Dave
This week, I talk with Pinal Dave about SQL and a lot more. We talk about blogging every day for 13 years and creating a personal brand and consultancy and pricing your work. In the second half of the episode, we talk about SQL. We touch on tools to use when working with SQL, SQL best practices and which SQL Server feature people should really use. Please rate this podcast to let us know how we are doing: RateThisPodcast.com/developerweekly Pinal Dave is a SQL Server Performance Tuning Expert and an independent consultant. He has authored 12 SQL Server database books, 34 Pluralsight courses and has written over 5100 articles on the database technology on his blog at a https://blog.sqlauthority.com. Along with 17+ years of hands-on experience, he holds a Masters of Science degree and a number of database certifications. Show resources:Follow Pinal on TwitterEmail Pinal at pinal@SQLAuthority.comPinal's Pluralsight coursesPinal's blog: https://blog.sqlauthority.com/Pinal's YouTube channel SQL in Sixty SecondsPinal's books on Amazon Azure data studio
41 minutes | 3 months ago
Running Techorama with Gill Cleeren
In this episode I talk with Gill Cleeren about creating and maintaining community events. We talked about the history of Techorama, running a usergroup and how that is different from running a big conference and how to grow and maintain a community. Gill Cleeren is a Microsoft Regional Director, MVP and Pluralsight author. Gill is a freelance solution architect living in Belgium. He focuses on web and mobile development and loves Xamarin. He's also a frequent speaker at many international conferences. Gill also founded Techorama, the biggest IT conference in Belgium and the Netherlands. You can find his website at www.snowball.be. Show resources:Gill's Pluralsight coursesFollow Gill on TwitterGill's blogThe Techorama websiteThe VISUG website and their upcoming virtual eventFull transcript:Barry Luijbregts 0:20 Welcome to another episode of developer weekly. This week. I'm talking with Gil clear and about creating community meetups and an incredible tech conference. Gil is a Microsoft Regional Director, MVP and Pluralsight author. He also founded Techorama, which is the biggest IT conference in Belgium and the Netherlands. Welcome, Gill, how are you doing today? Gill Cleeren 0:43 Hi, Barry. I'm good. How are you? Barry Luijbregts 0:45 Yeah, I'm very good. I'm very good. Thank you very much. You know, I think it's going slightly better here in the Netherlands. COVID wise than in Belgium. I think you guys are closing down a little bit more. Gill Cleeren 0:49 We are indeed closing down again. So they're older. The initial plans that I was making already for the fall are, yeah, pretty much out of sight again. So I don't think lots of these will actually be able to get through. So yeah, we're not doing that well, at this point. Barry Luijbregts 1:13 Well, you know, we just have to live with this stuff. And it's gonna be while I guess, I think so. Yeah. I don't think it will definitely get worse before it gets better. Gill Cleeren 1:22 Yeah. But it will get better at some point. Gill Cleeren 1:37 Yeah, I like to working from home. But yeah, there's something that says You've been inside too much and and not traveling for too long. So that is really bothering me at this point. I think that's the that's the thing I miss mostly. So the a lot of traveling just like you and yeah, that's that's probably the thing I miss most because normally I'm away from home one or two weeks a month and now that's been reduced to zero. So that is starting to hurt really so. Barry Luijbregts 2:25 Yeah, yeah, you know, first world problems. Gill Cleeren 2:28 It is a first world problem but yeah, you're used to it. So yeah. In the meantime, you were used to sitting in but there's not a lot of of cake between the days. Monday Tuesday and Sunday it's all pretty much the same now so yeah, yeah, that's that's what I miss most there's nothing really to, to look forward to. And so that that's that's, I think what a lot of people in our situation really have at this point. Barry Luijbregts 2:53 Yeah, yeah, that's the thing isn't it? Well, we're still pretty lucky I guess because we can work from home a lot as well. Because we do all of our stuff digital, so you know, we will count our blessings. Gill Cleeren 3:04 Indeed, I think, indeed we complain. But I think a lot of people are in a much worse situation than we are, sir. Oh, yeah. For us, there's not that much of a change in terms of what we can do and work we can actually still do for the customers. That's indeed a big plus. All right. Barry Luijbregts 3:19 So before we get into tech around and community stuff, I want to talk about you for a bit. So how did you first get started in technology? Gill Cleeren 3:29 So I'm, actually I graduated nearly 20 years ago now. So it'll be 20 years of time. I'm working. So I started at a at a pretty difficult time, in 2000. What am I saying? I started in 2003. So it's only I'm only 17 years so I'm, I'm younger than I was thinking. So. Anyway, so it's 17 years that I've been working in. So that was still a pretty difficult time, but that was 2000 So we're not that far away from from 911. And the.com bubble was also still pretty recent. So there's a lot of a lot of people that graduated together with me and had a hard time getting into tech and had a hard time getting that first job. I got lucky. I started the as an intern at a small company, got the first job there for about, I think, one and a half years. And so yeah, by then it it started to get better again. And I immediately started in Microsoft technology. Because at the school, I was already doing dotnet and the official official curriculum was was Java but I think in the second or third year, I started doing dotnet on my own. And that's how I also got in contact with people from Microsoft at the time. I didn't think the MSP program already existed but I got some internal contacts at macro stuff. And that's also how I got my first internship after my internship in Microsoft technology and never looked back, basically. So that's that was pretty much coinciding with dotnet dotnet the first releases of dotnet 2014 that the error, that error, I started out with it, so yeah, that that and basically, I've never looked back started doing dotnet and have been doing dotnet for 1718 years now. So that's that specific basically the, my world and has been my world and I think it will always remain my world. Yeah. And yeah, so initially, I started doing ASP, net winforms here, we didn't have a lot of other things at the time. Yeah. So it was still pretty concise. I remember at the time I was telling that to some some someone there today, at that point, I had the MSDN library printed out in some books. So that's, that's it. How limited it was at that point. That's when winforms and web forms. That's, that's all we had. So, I made the dive illusion. And basically, I've been doing consultancy for her for my entire career. That's also how I got in contact with lots of interesting projects because I could hop from from one project to the other pretty much. And started, because we're here to talk about community as well, not just about me. I started getting involved in the community. already pretty early, I think often I was working like two, three years. I got him, I got to hear that there was a couple of people here in Belgium. I'm thinking of starting a user group. And so that's that's basically my, that has been my entry, let's say into, into community. And yeah, that's, that's no 15 years ago or something. So it's also already quite a long time. time ago. Barry Luijbregts 7:02 Wow. Back then they started the community already. That is a long time ago. Yeah. might be one of the first communities. Gill Cleeren 7:07 It was actually the first user group initiative that I that yet. Like I said, I was also still pretty young in the field. But it was, I think it was really one of the first user groups that definitely around the Microsoft stack, in any case, was was created. There was a couple of people from Microsoft involved here in Belgium. So from the local sub, and then, so my, my colleague and partner in crime Peter here since he actually started it, and I joined like a couple of months after, the first thing I did was building the website for for the user group. And then I basically got involved more and more and started organizing the events. And so yeah, we I think we've been running the user group now for I think it's 2005 2000 Six years to 14 or 15 years that we've been, well, the user group. Barry Luijbregts 8:04 Yep. And this is then the VISUG usergroup, the Visual Studio user group, as well, that's still around today? Gill Cleeren 8:07 That is still around today. Yeah, that is still active. Apart from this year, which has been special, the user group runs an event pretty much every month. Usually an in person event, and has been doing that for so many years has been, I think, I think on the mailing list is about a couple thousand people, three 4000 people. It's it's also user group that has been lucky enough to always have quite a few companies that that help out with sponsorship and, and and the venue for events and stuff like that. So yeah, it's been still going well, so it's an old us, man. Yeah. Barry Luijbregts 8:54 Yeah. That is very impressive. How have you seen the user group change over the years Did you see for instance, the audience changed a lot? Gill Cleeren 9:02 That is something that the audience is an interesting one. So Peter and I, and my wife is now also involved. So my wife also helps out. And she actually does a lot of the management of the user group now, because I'm more involved with with my own company and an antique aroma. But it's something that that we discussed not too long ago is that Yeah, there's a couple of people that I think have been coming for 15 years have close to 15 years, that and some faces are really familiar. Some people have changed. And and there's definitely a younger generation, although I think it's, it's less of a group of young people than then I would hope so. There isn't. There's definitely less young people that seems to be I don't know, are they less interested in going to sessions after the working hours, I don't know. It's it's something that that strikes me that our audience also seems to be getting a little bit older. And there's not not a lot of influx, let's say, of younger people. Are they more going to meetups? I don't know, we don't do stuff via meetup, we typically do everything and still find our own website. So I'm not sure if that is really part of the issue, let's say But yeah, it's, I don't see a lot of fresh faces. I see fresh faces. But I would like to see more. And it's not always easy to figure out how you can reach those people. So but we're doing a couple of things. Together, also read Microsoft, but it's not easy to actually get people, you people. Barry Luijbregts 10:45 Yeah, to come to user groups. We saw the same thing with dotnet south, which was a user group in the Netherlands, we have and also a lot of all the people that attend there, and it was very hard to reach the younger crowd and we were at actually thinking that maybe that was because of the way we ran our social media, our marketing around the thing, because we ran it, we run the social media, like we want to see it as in via Twitter and email and LinkedIn. So basically the channels but those might be the channels that all the people might be on. Maybe we should be like on Snapchat or Facebook or whatever. Gill Cleeren 11:24 Tick tock tick tock. Yeah, yeah, like I said, it's it's it's difficult to do figure out how to reach young people and if you if you think about it, the other day, it was in a new city in Belgium that the government probably the the the Netherlands as well, where you live that the government is now also making advertisements on those channels, tik tok, and I don't know what else it was actually reach people to wear a mask on the street to reach that younger generation. So maybe that's India. Maybe we should hire some, some short social marketing expert or something that can help us be better because I'm not following tik tok and that sort of thing. I'm totally unaware of what is happening on this channel. So yeah, maybe we're getting old buddy. We're getting old man. Barry Luijbregts 12:18 Well, that's definitely true. But that that just means, you know, we just have to diversify and be more inclusive in because we kind of want to have people that are not like us in the organizations of these types of things, because they can think of stuff like Tick Tock or, or other social media channels or other ways to reach people that are not like us. Gill Cleeren 12:38 Last year for the kurama in the Netherlands. We hired a social marketing expert and yeah, she indeed. Sure Of course, it's it's her profession then. She definitely has a lot of good ideas on reaching a different type of audience. It wasn't perfect. But it gave me also some insights in indeed what what are people looking at these days? Because like you say, We are always looking at the same thing. And we always reach the same bubble of people on your social media channels. And that is definitely also part of the problem, because you have to bring the information about something that you're organizing to the people that you want to reach. And that is definitely the part of the problem. Barry Luijbregts 13:24 I agree. Interesting. So take around what you were just talking about already, what is Techorama and who is it for? Gill Cleeren 13:33 So Techorama is a an international conference that so we have been running now here in Belgium for about a year for seven years now. So we started it in 2014. So it's, it was a bit of a crazy idea. So Microsoft has had been running Dec days here for many, many years, I think close to 20 years. So thinking started in 97 or so. And so, yeah, it was a long time event that they had been running. And so they said, Well, we are a lot of people at that point or real changing jobs within Microsoft. And so they said in 2013, so this is going to be the last big days that we are hurting here in Belgium. And so, at that point we, we set because we didn't and i and i also Kevin, we, we said yeah, we have been doing events for a long time had been running a local event community day, which also reached about five 600 people. Total one day free event, so we had experience already organizing things. And we said okay, let's let's try this. Let's see, because we we want to give something bigger than just a user group. So, tech days was the only event that people went to it was kind of big. There's also, I think, at its peak around 2000 people. So we started there's definitely an audience because there's nothing here in that magnitude in, in that area, even for developers, Microsoft oriented developers. And so we said, Yeah, we're going, we're going to jump in Techorama to start something new. And so that's how the kurama was born with a with a name generator that created first Dev, Rama. And then we said, Wow, that's a bit more inclusive, lets us bring everything in. So we because initially, it was only developers. So that's, that's how Techorama was born in. Summer of 2013. I think it was, that's when the initial ID was was planted. And so we had some discussions with a lot of people to see who wanted to put some money in because yeah, it was a bit of a risk. And was this going to work? So we started a new company for it. And we started may 2014. And above all expectations, we sold out the event in well before the event was taking place. So that was a smaller venue when we were doing it. I think we had six 600 people attending the first year, so we put a cap on it. And so yeah, we sold out and we were like, wow, this is going well. And we had an amazing support from from, from people here in the community. A lot of people that that started helping out back then. Martin barrio Mike, there's a lot of people that that have been in the crew helping out all these years. also loved the event like like it was a baby. We had a lot of big name speakers in year one, including rich Campbell they joined I think Tim Huckabee joined the first years really a fantastic lineup for year one event. And also, a lot of the companies that were also already involved in the user group as partner also loved the idea of being able to reach a much bigger audience. And so yeah, starting year one, it was a huge success. And we ran it for three years in that same venue until we couldn't fit it anymore. I think we were last year was 1000 people. But that was way too much for for that small venue. So then we said, yeah, we need to move to a bigger venue. And so in the first three years, it was only developers. Audience because yeah, so Peter, Kevin, and myself. We're all in the developer space. So we we had contacts with speakers and that sort of thing. So we we knew what to do. I put on the agenda as well. And we also had help from from other crew members a lot for composing the agenda. But then again, you start with something. So I didn't know a lot of IT pro stuff. So I didn't want to include it in the agenda. So we said, Yeah, let's not do that. Let's stick to what we know. And so we did develop only. So the first three years it was deaf audience. And then in so when we moved to a bigger venue is that Yeah, so this is the this is also the time to bring back everything that the tech days was doing. So tech days had it pro audience had a data oriented audience had SharePoint. So we said, Yeah, let's widen our our horizons, and let's bring them all back in. So we talked to a lot of people from that community as well. And so they do, we're really happy that we could work on something together. And so then We jumped from 1000 to 1500 people in one day. It was at 7070. I think it was. Yeah. And so, last year, we had over 1800 people attending 150 sessions, about 100 speakers in Belgium, so it's a it's quite an organization. And then in 2017, that was, what is it? Is it 20? How can I forget? So 27, late 2017 I think it was already at that point we set out. We're going to take this to the Netherlands as well. And so then we announced that we were running it in October 2018. While there was still another conference running from Microsoft, so it might take days, but that then stopped and then tech Rama also came to the Netherlands and last year's 2019 rolls at 1200 60 people attending So with the same formula, yeah. So you've been there. So you also know, it's a lot of fun. And, yeah, we hope to run it again. Of course, again. But yeah, it's not reading this year, of course. Now I, Barry Luijbregts 20:17 I worked as a volunteer for the first Techorama Netherlands edition behind the scenes. And so I know kind of what is involved there in picking speakers and doing all this stuff. But it was a very successful first edition in a new country for you guys. So a new market, really, because you didn't know anybody there. What was your process to make sure that your conference would be a success in a new country? Gill Cleeren 20:41 Well, it's, uh, we always set and you were there as well, we set the first thing that we want to do is see if the community will support it. That also what we did in Belgium, we in Belgium, we actually only like I said, When When I got the idea of starting this thing, back in 2013, we sat together with a lot of people from the community that we knew. Sorry. And so we said, who wants to be in on this? And when we decided we are going to the Netherlands, we said, well, we're greeted in islands, but only if the community, the local user group, the local meetups are willing to back this up and are willing to help out with this because it's not something you do on your own. I see a lot of conference that that actually have difficulties reaching people that have that don't have a good link with the local community. And I was like, Yeah, those people they know the audience. They can, they can reach that audience to let them know about the conference that is happening. And so that's what what has been our blend, blend, basically Not a real, not a good way to say even because we said we're only doing this if the community is willing to be involved. And like I said, you were there as well. So we, we did a big meeting with with all the local user groups. And we said, Yeah, are you guys in? Because? Or is this something that, that you also want to start supporting in a new country? Because it's doing it the way that you wanted? It's a financial risk for us as well. So we said, well, we're only doing this if the community is involved. And I think that is what that has helped a tremendous amount, because those are the people that basically say, well, this, this new thing is coming. And as a community, we are backing this up. And we also, from day one here in Belgium, too. We have always organized a kurama as a large community event, and i think i think that that's still that's still is feasible today. It is it is not a commercially run conference, there's no, we, we we have never been. We've never let let's say any agency be getting involved into how to organize an event. We've done this only with own experience. Of course, you learn how to run a conference. But it's been, it's been something that it still has that community spirit around it. And I think that also helps making it, giving it that that cozy feeling of a large, it's large, but it's still a community conference. And that's, I think, also what successes that we had, starting from day one in the Netherlands. Barry Luijbregts 23:44 Yeah, I think so too. And the clever thing with like you said is that you leverage the the audiences of the local user groups already. They have built in audiences and built in mailing lists, and followers and so you used to those To trust that the user groups put in your conference to get all the people to the conference, which worked very well. Gill Cleeren 24:07 Yeah, indeed. And, of course, having Scott Guthrie do the opening was definitely also helpful. But yeah, if no one knew that he was there, we don't have had. We had 2000 people on the first edition. And that is in a big part, thanks to the community. Barry Luijbregts 24:27 Yeah. So how do you get speakers? speakers like that as well, and other speakers? Gill Cleeren 24:33 I simply mailed him. Yeah, the simple thing is, yeah, of course, I've been an MVP for 14 years, and a regional director. So I know a lot of people I do a lot of sessions at conferences myself. So in a normal year, I'm basically scouting at pretty much every conference that I go to. I'm scouting other speakers I attend sessions. I like to learn but I also am sitting in the audience thinking he would be he or she would be a fantastic speaker. So I sent them an email and or I go and have a chat with him. So I'm, I'm not the only one, a lot of people from the from the community also help out with the agenda. And I know they do the same. We have, we have an internal tool, where we just enter, let's say, a big dump of speakers that that we come across during the year. And we put them all together and then at some point, we we reach out to the speakers and we said, well, you want to come over and have a session. So yeah, it's a it's it's that blows of course, we have to open call for papers. So it's been a bit of a mess really. We We We are honest in that we don't do a full Blind Auditions of a blind call for papers, we invite speakers. And next to that we have an open call for speakers, which gives a tremendous amount of sessions and speakers that that we don't know. We we types to read all those golf papers. So the session submissions that are that are being sent in. The last one was was it more than 1000 sessions that were submitted? So that is a huge work. Of course, I don't do that all myself. It's a group of people that we have. And so we filtered through them, we we try to compose the best agenda based on we have a set of topics that we that we assign a number of sessions and that we try to fill up so we take the content based approach, not the speaker based approach so we tend to match speakers with content Rather than the opposite, but we got you by the number of speakers and then we have a huge pool that we can select from. And then that's how we, we we are lucky that we have an amazing pool of talent that we could can choose from. I know it's a bit of a luxury problem. And it's it's always bad day that I have to send out let's say 900 session refusals. Because some people are always disappointed and I can't I can't help it. But I would love to do 1000 sessions but yeah, that that's gonna be it's gonna be a TV conference, then I don't think people are going to be interested in that, sir. Yeah, it's a it's fantastic to see that you get so many so many people that are willing to fly from literally the other side of the world to to speak at your conference, that that's an amazing feeling. I'm always amazed that the weekend before The event that I know, okay, now people are flagging for pretty much every country in the world to take around. But that's an amazing feeling. That's, that's undescribable. Barry Luijbregts 28:09 Yeah, that is amazing. And people want to speak there, because it's just an amazing conference. And I think what also helps is that you usually organize it in a theater. So as a speaker, you get to speak in this big room where you have this enormous theater movie screen. And that's just an amazing speaker experience as well. Gill Cleeren 28:28 Yeah, you have the audio, you have the video, you are basically if you're writing code on that screen, you're literally smaller than just one character. So that's, that's, that's amazing. There's a lot of beat a speaker that actually use pictures from from Nicaragua as their profile picture where you have that huge screen behind you. Yeah, that is an amazing experience as a speaker but also as an attendee because you have good seats so you're not sitting on small chairs which are which are really, really close to each other. We have sitting comfortable seats sometimes too comfortable people fall asleep. That's that's a downside. But yeah, that happens. And you have good audio. You have a good video. Yeah, that that's, that's we're lucky that we have a venue that that supports that. Barry Luijbregts 29:22 Yeah, absolutely. Well, for this year, you probably also had booked a venue, of course, but then take around Belgium was cancelled in the Netherlands also cancelled, right? Because of it. Yeah. How do you deal with that? Like, for instance, with the venue, do you get your money back? Or did you pay? Did you did you not pay upfront? How does it work? Gill Cleeren 29:44 The good The good thing is it's a bit of an inside look. But the good thing is that the venue that we use, yeah, we've been going down for four years. So we know that we know those people really well. I think we can even call them friends, people. Have a venue also the people that are catering the AV crew. We work with them pretty much the entire year because it is not a one off. The good thing is that we were able to to cancel pretty early. Yeah, not bragging but we we already saw this thing coming in February. pretty early. We already because it's the agenda was finished. We were selling tickets. I think we sold 750 to 100 tickets by the time we canceled the conference. But we Yeah, it's it's Yeah, it's you start making expenses. That's true and you start making flight bookings. You don't want to have how much those flights cost to fly in all those beakers. But so January or February is typically the For the Belgian edition, at least the time that we booked speakers, sorry that we flies that we booked tickets for speakers. So, but because we were somehow expecting this, maybe we actually, yeah, we weren't afraid to do but then you booking, flight tickets reset. I think half of everything reset, we're gonna pause booking tickets and we had just booked like maybe five hours of them. So it's still a lot of money but it's not compared to what you typically spend on it. So we already post booking flights for speakers and we sit down with the venue, I said, well, we're not sure that this is going to happen. And we were pretty much the first ones to say, well, this might actually go the wrong way. So nothing actually was was already before the initial idea was actually moving conference over the summer in Belgium. So the original plan was doing it back to back with a grandma Netherlands so that we had flying in, flown in all the speakers anyway, that was the original plan. But that would then have been in a couple of weeks. So I think that's a good plan, either. So we in that view, we were extremely lucky that we were early. And that we had no costs, canceling anything apart from some flights. But yeah, that is as a company. We've been running this for a couple of years now that we can survive, otherwise, it would have been overnight. If this would happen a couple of weeks before the event. I've heard of other conferences, sadly, that that we're in a much worse position than we are. When we were were the way this whole thing Hit. And basically a couple of weeks before the conference, we were still three, four months away. So we were lucky that it hit at that point. And so yeah, in terms of cost, we've been able to get pretty much basically make no expenses. Oh, yeah. Lucky. We really? Yeah, that's really lucky. Because otherwise you can't survive this because you can't insure we have an insurance but they don't. By the time we actually wanted to put insurance in like, like we do every year for cancellation and stuff. It but it doesn't include pandemic sorry. So they already knew as well, so they already knew. Yeah. Barry Luijbregts 33:46 Yeah, you can't insure it against the end of the world, right. It just doesn't work Gill Cleeren 33:50 that you are insured against a lot of things. But yeah, our insurance our event insurance did not cover pandemics. So But anyway, so I don't think we would have gone on gone ahead and organize the things. Anyway. So yeah. So it. Like I said, we already sold several hundreds, I think it's between seven and 800 tickets. And so that was already a lot of work to get that all arranged. And we had, I think, already 35 companies partnering, so quite a few have, have actually a lot of people actually said, Well, I'm going to come next year, so just use this payment for next year. So it but it was a lot. Oh, that's nice. Yeah, that's nice. I looked at that a lot of people actually said, well, just just keep the money. For some companies. It's just simpler because it's already part of the budgeting anyway. So we offered people to say, well, you get a refund, if you want and so it was really, really deadly. So we did a refund by default, but if you said well, just just keep the money and give me my ticket for next year. At the Price. We we give them that option. And quite a few actually did that more than I expected. Really? Barry Luijbregts 35:07 Yeah. Very nice. Yeah. It's good to have partners like that. Gill Cleeren 35:11 Yeah, tickets as well. So both partners, and at least so there's quite a few people are registered for next year. Barry Luijbregts 35:20 People want to be here. And they want to this is a very popular conference, and it usually sells out if people are happy that's already ever ticket, of course. Yeah, indeed. So lots of these conferences and user groups are now doing virtual stuff. And I saw that you guys with the visa user group, you're also doing a virtual event, right? And that's an is that a day long virtual event that I see that correctly. Gill Cleeren 35:46 It's going to be a one day but it's so last year, it was the first time we we did the user group conference. It's a local conference. It's just with local speakers. Just isn't the correct word because they're also very good session. But so that was a, that was, I think, only An Evening with, I think, three texts, three or four text. Remember, now we're going to do that. So the plan was to actually already do it starting from from the afternoon and going into the evening as a full blown in person conference. But now we're going to do that in a virtual format. So it's also going to be indeed virtual, starting at 1pm. And then heading into the evening. So that's that's the plan. That's the plan. Barry Luijbregts 36:39 Well, and how can people attend something like that? I said, via zoom or something else? Gill Cleeren 36:44 Yeah, it's a it's a we are we've been evaluating for the user group, quite a few of those platforms, a lot of platforms. Now that that are making the off lottery the online how to find the online experience for attending a conference much more elaborate than than just watching a zoom video. So we decided on using conference to go fine. It's like it looks pretty, pretty cool. And it offers a lot of interesting things that try to mimic at least what you have in real life. So it's, it's not the, you never have the networking of all the experience that you'll have in a real life conference. But it does try to mimic a couple of things. And so we're going to try that with with the user group server. It's a it's an experiment. And so yeah, of course, the main the meat of the of the thing is, of course, still the sessions. There's going to be ways for people to, to connect to connected partners. So there's there's going to be virtual boots and that sort of thing. So yeah, it's I think The best we can do at this point, that's pretty that way. Yeah. for everyone. Barry Luijbregts 38:05 Well, but that's very good already. So as we are nearing the end of this episode, can you maybe tell us a bit about your course as well, because you have a Pluralsight course about starting a user group, right? Gill Cleeren 38:20 Yeah, indeed. It's funny that you mentioned because it's quite an old cause already. Things like five years old, but yeah, those things of course, they don't change. It's indeed a course that talks a bit about also personal experience on how to run a community. Things that you have to think of before you run a session, because even a small session, one off session needs to be organized. Well, what you have to think of finding a venue finding, find your speakers. Thinking of when you're organizing, the thing is that A big enough screen is a good audio because it's not a pleasant experience for people that they've been stuck in traffic for an hour. And to come to the to the session, and then be not be able to see it because it's a tiny screen, or your your so bad. So those are that that's all in that course. And it's things that I've basically been capturing, I'd say, over all these years that I've been doing this. And also small things, of course have. We always give a small example we always give the user or the speakers where we have a small gift we have, we've been giving out custom bottles of champagne that we had made for the user group or that sort of thing. So we always have been doing that and it's pleasant because it you don't have to. Like I said, we were lucky that we've been able to do that, thanks to partners that that help out. But it does give a little extra and that those are the things that are described in that course. Excellent. Barry Luijbregts 40:07 All right, I will include that course and also a link to the VISUG day in the show notes. And obviously, also a link to where people can find you or where people can find more of your Pluralsight courses as well. And thank you very much for for taking the time. And we will see you all next week for another episode of developer weekly. Thank you for listening to another episode of developer weekly. Please help me to spread the words by reviewing the show on iTunes or your favorite podcast player. Also visit www.developerweeklypodcast.com for show notes and the full transcript. And if you'd like to support me in making the show, please visit my blog site courses and learn something new
35 minutes | 3 months ago
SOLID Principles with Steve Smith
Steve Smith (@ardalis) is an entrepreneur and software developer with a passion for building quality software as effectively as possible. He provides mentoring and training workshops for teams with the desire to improve, and has published many courses on Pluralsight. Steve has been recognized as a Microsoft MVP for over 15 consecutive years, and is a frequent speaker at software developer conferences and events. He enjoys helping others write maintainable, testable applications using Microsoft's developer tools. Connect with Steve at https://ardalis.com/.Show resources:Follow Steve on TwitterSteve's Pluralsight coursesSteve's personal websiteWeekly Dev Tips podcastAccelerate your career with devBetterFull transcript:Barry Luijbregts 0:25 Welcome to another episode of developer weekly. This week, I'm talking with Steve Smith, also known as our Dallas about solid principles. Steve is an entrepreneur and software developer with the passion for building quality software as effectively as possible. And he also has published many courses on Pluralsight thanks for being here. Steve. How are you? Steve Smith I'm doing great. How are you doing? Barry LuijbregtsYeah, I'm doing I'm doing all right. You know, the, we don't really have a hard lockdown here in the Netherlands. So it's like an intelligent to go fit lockdown. But we might be ramping up with countermeasures. Again, as we see the cases coming up, you know, people are going on holiday. Steve Smith 1:08 Yeah, yeah, as we're recording this, it's late July of 2020. And in the United States, at least we're seeing like 60 or 70,000 new cases a day. So we're probably not as lucked out as we should be. But I'm doing my best to stay home as much as I can. Barry Luijbregts 1:23 Yeah, most people here are pretty cautious as well. Although now that it's summer, you see lots of people just, you know, they want to go out and do stuff. They also want to go on holiday. So you see people stress spreading out over Europe, they're going on holiday to France or whatever. So I'm very curious to see what's going to happen when everybody comes back from all those places. Steve Smith 1:44 Who knows, you know, we're having same things happen here, I think. And it's it's difficult because some states in the United States are trying to implement things like a quarantine for people coming from outside the state. But there's there's no borders for it. There's no there's no checkpoints at the At the state borders, there's no way to implement such a thing except voluntarily and, you know, if people are gonna take the pandemic seriously and do it voluntarily, I think they would at least be wearing masks and things. I don't think you can expect people to voluntarily self quarantine for 14 days. Barry Luijbregts 2:16 No, definitely not going to do that, please. Most people probably aren't. Yeah, that's difficult times weird times. But hey, at least we can do our thing. Online as as as most of our work, so that's a good thing. Yeah. We're very forthcoming in disguise. Yeah, absolutely. So I follow you on Twitter. And I also sometimes read things on your site weekly, Dev tips.com. I enjoy that. And I always just learn something about design patterns and code quality stuff like that C sharp. So how did you get into code quality and design patterns? Steve Smith 2:52 It's been something I've been interested in since I discovered them. So as a, as a human, a junior developer, I was always interested in trying to write Better code and just trying to get better at what I'm doing. And so I would read books that had titles that sounded like, you know, that sort of thing. So, you know, in the early days, it was design patterns and refactoring, you know, those classic hardcover books from the 90s. And then more recently, there were books like clean code, and, you know, classic books like code complete. Also from the news. But Stephen candles, get a more recent version. So all of those books just sort of try and describe ways that we can write code in a more consistent, more maintainable way. And I do my best to, to try and write code that that I can be happy with later. And of course, I always fail because I always find better ways to write my code. And if you're not, I think you're not improving. But I think the, the striving toward getting better is the important part. Barry Luijbregts 3:56 Yeah, definitely agree. It is very difficult to you know, Basically, sometimes when I create something new, it's just, it's a big, messy ball of stuff, right? And then I try to make it pretty and beautiful. But it's sometimes difficult to just know how to go about that. So it's good to learn principles and and more rigid and solid principles to do that, right? Steve Smith 4:20 Yeah, and a lot of it has just been an evolving of my understanding of object oriented design. Most of the design patterns and things that I talked about are mainly object oriented principles. And when I first was learning about object oriented design, and jointed principles, I was very much thinking of them as literal objects, like in the space of the problem that we were working with, right? So if you're, if you're working on a shopping cart, you know, application, then you might have objects like customer and carts and product or something like that. And until I started getting into design patterns, I didn't really think More abstractly than that, right? That was something that really opened my eyes to the idea that you could use objects to be these abstract things within your solution in ways that you never would have thought to do if you were strictly thinking about them as, as nouns within the requirements that you were trying to build, right? Barry Luijbregts 5:18 Yeah, I think they're very interesting things. I've also dove into the cloud design patterns, as well as I'm totally into Microsoft, Azure and other cloud providers, which are things like retry pattern and stuff like that. It's a bit different, obviously, then, things that you might do in C sharp, the classic design patterns. They're very interesting things. Steve Smith 5:41 Yeah, once you know that design patterns exist, you can apply them in any field it seems or in different subfields within software development. So I mean, the point that the the authors of the Gang of Four book make is that they borrowed heavily from a book that was on architecture and town planning. Yeah, that's where they took the their structure of how they described the different patterns from. So it's clearly not something strictly limited to software or even just one type of software modeling. Barry Luijbregts 6:12 No, absolutely not. No, I don't think so. So, and then one way of applying those patterns, I think and making better and higher quality code is then using the solid principles. Can you tell me what those are and what what those are meant for? Steve Smith 6:29 Sure. So I suspect many of your listeners probably have already heard of solid but solid is a is a convenient acronym of acronyms for some object oriented design principles. And so real quickly, they stand for the single responsibility principle, the open closed principle, the liskov substitution principle, interface segregation principle, and then the dependency inversion principle. And these have been around some of them since the 80s. That's Two of them were first coined by professors and researchers in the 1980s. And the other three, I think were in the 90s. So they're they're not anything terribly new, although the acronym itself wasn't turned into solid until, you know, I don't know, probably 15 years ago. The first time I read about them, they were described in a book that didn't put them in that order. And so if you were going to make a word out of it, it wouldn't have been solid. It would have been like, oils or something. But yeah, so having having him as a name that you can actually say and pronounce. I think it certainly helps them from a marketing perspective. Barry Luijbregts 7:40 Yeah, definitely. So these are 10 principles, is that the same as patterns as in design patterns. Steve Smith 7:48 They're not that the idea is that you have principles that you can use when you're evaluating a design. And then you can use a pattern to try and change the design. implement a particular kind of design in a certain way. And then the nice thing about design patterns is that they're reusable. And so if you are faced with the same problem later on, you might be able to apply a pattern that's that's known to work on that problem. Either because you've used it before, just because other people in the industry know that this is a well known solution to this class of problem. Right? And so you want to use both you want to have principles are more abstract, they're, they're not something that's going to directly tell you exactly what to do. They don't have like a UML diagram that says, This is what this principle looks like. Right? Whereas a pattern is more specific, still broad still, like not something you could just copy paste into your code. But it's, it's like a recipe. It's like, okay, here are the basic things that you need to use this pattern, and then to apply it correctly, and so they're related and so you can use a pattern to To implement a principle or to fix a violation of a principle, if you will, but but they're, they're different. And then the other p that often goes along with those two, principle and pattern is practices, right? And so there's a bunch of books out there that talk about patterns and practices and principles. And I think they're, they're all related, right? And practices are things you actually do in the course of writing software that can be helpful. Barry Luijbregts 9:27 That's, that's a good distinction to keep in mind. And then principles are more guiding things that tell you the direction in which you might might go, and in which you then look for solutions that you might implement with the patterns. Right. So let's get into these the solid principles, like they're not new, of course, it's always good to repeat and maybe some of our listeners haven't heard of some of the principles. Steve Smith 9:55 Sure. And, and I've taken to saying recently that if you're a senior developer Upper right even whatever that means to you, you know that maybe that means you've got five years of experience or, you know, you you have people that you're mentoring. If you're at the level that you consider to be a senior developer using an object oriented language, like C sharp or Java, you should be able to teach people the solid principles. So, you know, if you're not at the point where you just know them and can teach them to someone else, you probably want to, to get to know them a little better, I would say. So, the first one is the S is the single responsibility principle. And that one basically says that your classes should be focused on doing one thing and doing it well. They should have one responsibility that they are all about doing and they should be cohesive meaning the things that are in that class, the state and the behavior that are married together within that, that classes encapsulation boundary should all be focused on the same thing. If you look at a class and you can easily see that you know, Half of the properties and methods work together and the other half work together. But separately, maybe that's two classes, right. And you could refactor that, to split it up into two classes that each did their own thing, and didn't have to worry about the other parts that the other one was doing. Barry Luijbregts 11:16 And does this only apply to the class level or also to the methods because in a class that has a certain responsibility, you could have a method that tries to do two three things, maybe that are slightly different as well. Steve Smith 11:29 Sure. And obviously, if you're following it at the class level, you want your methods to be focused. And there's other principles that apply and code smells, which is another whole topic that apply at the method level. But generally, these principles apply at the class level. Although it's certainly true that you know, if you if you have a class that follows single responsibility, its methods should be fairly small and focused on things within the realm of that responsibility. Barry Luijbregts 11:57 Yeah, I've seen people try to get away from It weird stuff, you know, that's 2000 lines of code class, Red Hat a certain responsibility, but then the methods to do all sorts of weird stuff. Steve Smith 12:11 Yeah, well, and I don't know that it's clear what a responsibility is. So when I teach these principles, I try and lay out like, what are some examples of responsibilities, because it's all too easy for someone to say if I if I go back to the, you know, the simple shopping cart example I mentioned, it's very easy for someone to say that, you know, I've got a class called shopping cart manager. And it's only responsibilities to do anything and everything related to the shopping cart. And that includes checking out adding items, removing items, validating, checking all the prices, verifying all the sales, making sure you know, that the customer follows whatever discounts they have taken care of handling and calculating all the shipping and on and on none, right. So it's not, it's not correct to say that the responsibility is you know, everything to do with Some broad topic or some broad object within the system. Like that's, that's probably too big, you know. So things like validation or responsibility, persistence as a responsibility. interacting with other collaborators is a responsibility. deciding who your collaborators are is a responsibility. If you're if you're inside of the class and all of the things you're working with, you're newing up or calling statically. That class is deciding specifically what other things it's going to work with. And that's a separate responsibility. Right. That's something that could be done somewhere else. Barry Luijbregts 13:34 Yeah, definitely. It's it's probably difficult to find the scope of the responsibility for yourself. It's it's a bit of common sense, of course. Steve Smith 13:43 Yeah, it takes it takes experience, I think and it takes Yeah, I mean, some of you could say it's common sense, but that's common sense. Isn't that common? And a lot of what I think of is common sense is, is really just experienced, but you have a hard time. You know, saying what it is exactly right. Yeah. So it's it can be hard, right? But at the end of the day, if you are following the single responsibility principle, what you'll find if you if you compare two projects, or two designs that do or don't follow it, is that you will tend to have more classes, and those classes will tend to be smaller. Right. So when we think about how that affects our practices, and maybe our tools, that means that we should get better at finding files in classes within our solution, and organizing them in such a way that it's easy for us to work with more files that are smaller. If you're only comfortable scrolling through 2000 line long classes, and you don't really have the the muscle memory or the experience of working with lots of small classes, then it's gonna feel unfamiliar to you. It's gonna, it's gonna there's gonna be friction, right? And so, moving toward following this principle sort of requires that you skill up In in working with smaller files, which isn't necessarily what, what a lot of developers are used to. Barry Luijbregts 15:05 no, no, I see a lot of them do it. Well. So this is very good. Good principle. All right. So that's the single responsibility principle. And the second one is the open closed principle. Right? Can you tell me about it? Steve Smith 15:21 So the open closed principle is sometimes confusing, because it says that your classes should be open to extension, but closed for modification. And what that means is that you should be able to change how your class works, what it does its behavior without actually changing its source code, without having to recompile it and redeploy the code to run it. And at first, oftentimes, if you've just hearing about this principle for the first time, you might scratch your head and be like, well, how the heck does that work? How am I going to change my code? Does without changing my code. But if you think about it, we do this all the time, right? The simplest way to take some code and change what it does without actually changing the code is to provide a parameter to it some kind of input that when you change that input, it changes what the code does just a parameter. And so a lot of how you implement the open closed principle is just about how we specify behavior by passing it in, in the form of parameters either at the method level, or as a constructor parameter or a property. Barry Luijbregts 16:33 So this could mean that if you have a constructor in a class that has a certain parameter that takes, let's say, a logging mechanism or something that you might be able to inject a completely different logging system in there, then they would originally have and therefore, change the behavior of the class to lock to a different system or different output for instance. Steve Smith 16:57 Sure, imagine that you wrote some code and you literally just hard coded all of your logging. And you said, I'm going to log everything to C colon backslash log dot txt. And you do and you write that code and you and it works great and you ship it. But then somebody wants to run this code, and they want to log it somewhere else, or they want to run it on Linux that you know, doesn't necessarily have a C, colon, backslash, right, or a Mac. And so now you're stuck, like you've hard coded too much into a particular implementation. And the only way to change it now is to recompile it because you've compiled all that stuff right into that routine that class. So like you said, If you instead passed in some type of a logger, class, or abstraction, or interface, and then you can implement it in such a way that maybe for you, it's fine for it to just log to a local file on your C drive. But someone else could implement that in a different way. And instead, it could be logging in any way you can imagine, right? It could go to a database, it could go to a different location, it could go to something some debug viewer, right? Yeah. And and so Now your code is open to extension and closed to modification, meaning you don't need to modify it. You don't have to change the source code now in order to get that that extended behavior. Barry Luijbregts 18:11 Yeah. Which is a great principle. And I think you shouldn't take this too far. Obviously, as in, if you have a database layer or data access layer that uses SQL server or something, you shouldn't always make it so that it can also use all sorts of other databases, for instance, right? Steve Smith 18:30 Now, yeah, not necessarily, right, every every way in which you allow your system to be extended, makes it more abstract, makes it generally more difficult to quickly understand what it's doing. So when you look at the code itself, and you try and see what like, what does this code actually doing, if it's very abstract, and there are a lot of ways that it's hooking into other things that are being passed in through parameters or constructors or dependencies, it can start to become difficult to figure out where the actual work is being done. And that's a common criticism that gets laid against, you know, overly abstract, overly designed object oriented systems. And so there's a balance here, right. And so you don't want to try and make your system extensible in every possible way up front. Instead, you want to wait and see where the changes are going to occur and where the pain is coming from. So I like to tell developers to follow PDD pain driven development. And if it's causing you pain, then use these principles or these patterns to find a way to alleviate that pain. If you if it's not causing any pain, right? If just logging straight to a sequel and text file is fine, and nobody's asking for anything else, then leave it alone. It's working. But But after the second or third time that somebody is asking for a new way to do something, you should recognize that this is an axis of change in your system. that's likely to continue to be an axis of change. And so consider making it extensible Barry Luijbregts 19:58 Yeah. Oh, that's a great That's a great principle. Pain driven development. I love that. Yeah, but it's definitely true. Especially even for things like performance optimizations, you know, I love to do performance optimizations myself, and I can just spend weeks on it. If you just let me. It's just it's usually really not necessary. Because it's fast enough, probably by default, and nobody asks for it as well. Right? So only if it's a problem, then you should really focus on it. Steve Smith 20:28 Yep, exactly. It's a it's a premature optimization. Yeah. Barry Luijbregts 20:32 All right. So that is the open closed principle. And then the next one is liskov substitution principle. Can you tell me about that one? Steve Smith 20:40 Sure. So this is the only principle that's actually named for a real person, which is Barbara liskov, who's a professor at MIT. And she coined this back in the late 80s. And the idea is that your objects should not just be oh sorry if your objects that inherit from another object or type should not just be that thing, right, they shouldn't just have an is a relationship, like we hear so often when we first learned object oriented programming, instead, they should be substitutable for that base type, anywhere and everywhere that they might be used. And so where you commonly see violations of this principle is where you might have a fairly large class or interface that you're implementing. And you, you only need some of it right now. And so you you leave some of the bits either undone, or maybe they're throwing and not implemented exception. And so you ship your code like that. And later on, somebody comes along, and they need some, some some instance of this, this interface, this type, and they see that there's already one that's been made. There's there's a provider or an adapter or whatever you want to call it that you've created for them. And so they they inject that into their system and they expect it's just going to work. And at runtime, it blows up and it says not implemented. exception. Right. And so it wasn't fully substitutable for the parent. And that's that's the best case scenario. That's where it's, you know, obviously broken, right? Because it's giving you that exception. What's worse is when it's not really easily detectable that it's doing the wrong thing, or it's not doing what it should. And that's, that's a much tougher bug to find. One of the ways you'll see this manifest in your code, is if you're doing something that should be polymorphic. Like you have a for each over a bunch of types, but they might be not actually that type. There might be a subtype. And then inside your for each loop, or inside your method that takes an instance of this base class, you're checking to see which specific subclass they might have. Right? So you like, Hey, I'm going to print out all the employees. So I say for each employee in this collection of employees, and then inside your loop, you say, Well, if employee is manager type, then I want to do something different. Like right there. Your brain Making liskov substitution because now you're checking to see what kind of type this thing is it shouldn't matter, right? That's what polymorphism is all about is you should be able to treat it exactly like its base type. And if you can't, if you have to know what its actual type is, then you're breaking that principle of object oriented programming. Barry Luijbregts 23:18 That's it. That's a great principle. I see that a lot actually, in production API's still, yeah, that you hit something and then it's not implemented yet exception. Terrible, right? Steve Smith 23:29 And where that's really a problem is because of the duplication that it entails. So if if there's one place where you need to know that subtypes specific type, because you want to do something different, okay, that's not terrible, right? That's fine. But it tends to spread. So you know, in your application, it's not going to be just one place probably where you're checking that it's going to be everywhere, you're dealing with a set of that base type, right? There's going to be some exception for some certain type that's implemented a different way. And so now when whenever some new features comes along or some change needs to be made, you've got to remember to go to all those different places, and, you know, tweak them to make sure they work just right now. Or maybe you add another subtype, and it behaves even different still from the other ones, right? So again, you've got to go to all those places where you're not using polymorphism correctly, and make sure you've got enough checks in all the right places for that new behavior. And that's where that's where you end up missing some in bugs creeping? Barry Luijbregts 24:25 Yeah, that's definitely where the bugs creep in. Yeah. And those are difficult to find as well. Certainly. Alright. So that is a liskov substitution principle. And then the next one is interface segregation principle. What is that? Steve Smith 24:40 So really briefly, the interface segregation principle says that classes should not depend on methods that they don't use or functionality that they don't use. So if you have a class, and it depends on an interface, let's go back to that logger example. Right you you've got this method that will log a line of text But then it also has some method for, I don't know, copying the log file to a backup store, right? Well, your class doesn't care about that it only cares about logging stuff. But But now there's this other method that that's all about copying things to a different store. And if that method changes, then you're going to have to recompile your code because you depend on that, even though you're not using it. And so you end up having larger ripple effects from your changes. When you have larger interfaces. And you have classes depending on pieces of those interfaces. They don't use, they don't need. So the the general way to follow the interface segregation principle is to do two things. One is to have very small interfaces that are basically following the single responsibility principle doing just one thing well, and then to having clients control their interfaces. So instead of shipping interfaces with a framework or with some set of base classes that you know, the company Many architects put together when you're writing the actual service that needs the thing. You write the interface that exposes exactly what your service needs. And then you implement it with whatever you need to write. Barry Luijbregts 26:14 Yeah, and it's very specific. Steve Smith 26:16 Yeah. And this this way, it leads into the next principle, the dependency inversion. Because, you know, normally what, what developers, especially junior developers expect, is that someone's going to give them the the framework in which to work, right? They're gonna be like, okay, here's, here's the, the, the high level structure, you just fill in the details, including stuff like base interfaces and base objects and things like that. Yeah, interface segregation, kind of says, Hey, actually, as you're creating this service that you're writing, if there are certain things you need from other dependencies or other things, you know, create an interface that is specifically for your service, or at least specifically for services like yours. And so you may not end up with an interface for every single class that needs something that would probably be overkill. But you should have some very small, very cohesive interfaces that work with your set of services that all need sort of the same thing. The dependency inversion principle, I don't want to I don't want to skip over because I actually think it's probably the most important of these principles. And what it states is that you don't want to have your high level modules depending on low level modules. Instead, you want low level stuff to depend on high level. And that kind of presupposes that we know what high and low level means. So let's let's define that real quick. Low Level means closer to an input output, you know, closer to writing bits on disk or taking input from the user, right the user interface or the data access layer, talking to the file system. That's all low level stuff. High Level is more abstract and you know the the concepts of the overall software like, you know this, this customer wants to add this item to their cart, right? It doesn't know anything about specific operating systems or file formats or anything like that those are all low level details. All right. And then related to that the high level and low level modules shouldn't depend on specifics, they should depend on abstractions instead of the other way around. So it's what's commonly the case, if you don't follow this principle is that you write code that just depends directly on its infrastructure. So if we go back to that logging example that we've been using, you know, you write some simple console app, you want to log some stuff out. So inside of there, you just new up a file using the file system API's that are in the framework, and then start writing lines directly to that file. Right. There's no abstraction there at all. You're working directly with a low level file protocol. And you probably don't have any interface You wouldn't need any interfaces in that example, because it's just a, you know, program.cs console app. But as a result, it's it's not very testable. So very extensible. It doesn't really follow object oriented principles at all. And to get it closer to being able to do those things, which needs to do is introduce some abstractions, and then depend on those instead of the details. And where this plays in the biggest benefits. And what I've seen is when you switch from having a classic interior architecture, where you have a UI that depends on a business layer that depends on the data layer that depends on a database. That's the classic model that that folks have done for decades. That's what I cut my teeth on as a junior developer was building things like that in the late 90s, early 2000s. You if you switch that and you flip it on its head and you say, No, we're going to have the the low level, the data access layer, the file providers, all those low level two Things, instead of having the business layer depend on those, we're going to have those depend on the business layer. And if you start thinking about domain driven design, which which also have a course on Pluralsight about now that that domain model is your business layer, that's sort of the core of your application. And the infrastructure, the data access layer, depends on that core instead of the other way around. And that's, that's what the inversion is talking about the dependency inversion principle, is inverting the dependency. So instead of having your high level code depend on low level code, you flip that and it's the other way around, Barry Luijbregts 30:37 And because of that, you can also switch things out way more easy, the low level bits, or you can use another implementation or something like that writes to disk or writes to another database or whatever. Steve Smith 30:48 Right now your code is incredibly modular, and there are many seams in it that make it much easier to test. Barry Luijbregts 30:54 Alright. So those are the solid principles, which are great principles. To follow, but how do you embed those in the development process of a team? And make sure that everybody's following them? Steve Smith 31:09 I think the the best thing is to have everyone sort of know what they are, right? So have some sort of level setting, you know, some lunch and learn or everybody watch this Pluralsight course or some training or whatever, if necessary, right? If there isn't already that that understanding. But once people at least know what they are, then in whatever passes for code review on your team, whether that's pair programming, or formal code reviews, or looking at pull requests, be be very clear about which principles you're citing when you offer feedback related to those. So if you're working with someone, and you're pairing on a class, and you adding some functionality, and so you add another method to this class, and the class is getting bigger, and this new thing isn't really related to what we were doing before. You know, it would be perfectly reasonable to say, Hey, aren't we sort of breaking single responsibility principle here, maybe we should put this in a new class. Like that would be, you know, one way that you would implement it. And I think just that's, that's really the best way is for team members to keep these principles in mind when they're looking at code when they're designing code, either as they're writing it or as they're reviewing what others have written. And then use the principles as a way to evaluate the quality of the code. Barry Luijbregts 32:25 And then constantly try to identify them as well, if you see them or as you try to design your codes. Steve Smith 32:33 Yeah. I mean, if you see that they're being egregiously broken, right, then the principles are something that you can cite, right? It's not just you saying that, hey, I think that this is too big. You can say, well, this principle that's been around for decades that many people in the industry feel is a good thing suggests that maybe we should try and keep this smaller or keep this, you know, dependency at arm's length or whatever it might be. Barry Luijbregts 32:56 Exactly. That is, that is a great practice. I think lots of people already do that. Hopefully I've seen it a lot, especially during code reviews as well. I've had a lot of reviews where we also talked about the solid principles. So that's very good. And if you're not doing this yet, then please dive into these principles and to try to embed them in your, in your process. I do any additional resources that listeners might be able to visit to learn more about these principles. Steve Smith 33:31 Sure. So I've got a couple of Pluralsight courses that are relevant. I've got two different courses on solid principles. One of them has been archived, but you can still get to it from my author page on Pluralsight. If you don't have a Pluralsight subscription, you can use a trial from their homepage and you'll get like a 10 day period when you could watch whatever you want. I also have a podcast of my own, where sometimes I talk about these principles. I have some some episodes in the past. I've covered them Which is at https://weeklydevtips.com/ or on https://www.youtube.com/weeklydevtips channel. And you can also follow me if you like, I'm frequently talking about these things at conferences or on Twitter. So everywhere online, you'll find me as ardalis, which I'm sure will have a link to in the show notes. Barry Luijbregts 34:17 Absolutely. Yes, I will link to all of this in the show notes. This was delightful. Thank you very much for teaching me about the solid principles. And we'll see you next week on another episode of developer weekly. Steve Smith 34:31 Awesome. Thanks. Barry Luijbregts 34:35 Thank you for listening to another episode of developer weekly. Please help me to spread the word by reviewing the show on iTunes or your favorite podcast player. Also visit https://developerweeklypodcast.com/ for show notes and the full transcript. And if you'd like to support me in making the show, please visit my Pluralsight courses to learn something new.
34 minutes | 4 months ago
Getting Started with AWS with David Tucker
43 minutes | 4 months ago
Identity in Azure with Christos Matskas
This week, I'm talking with Christos Matskas about Identity in Azure. We spoke about Azure Active Directory, (AAD), AAD B2C, Azure Key Vault, ASP.NET Identity Provider, Azure Managed Service Identities and the new Microsoft.Identity.Web that you can use to secure your applications.Christos Matskas is a software devoloper, dad, blogger, husband, speaker and all around geek. He currently works as a PM in Developer Advocacy for Microsoft Identity helping developers and teams leverage the power of Azure. Before joining Microsoft, he was a successfull entrepreuner collaborating with companies such as MarkIT, Lockheed Martin and Barclays. He's been building software for over 15 years and he's a passionate Open Source advocate. He contibutes regularly to numerous OSS projects and works closely with the developer community to make the space bigger and better. @christosmatskasShow resources:Follow Christos on Twitter Connect with Christos on LinkedInBlog of Christos MatskasLearn about Azure Active DirectoryAzure Active Directory B2CLearn about Azure Key VaultManaged Service IdentityMicrosoft.Identity.WebFull transcript:Barry Luijbregts 0:23 Welcome to another episode of developer weekly. This week, I'm talking with Christos Matskas about identity in Azure and other things. Christos works at Microsoft as a program manager for Microsoft identity. Welcome. How are you doing? Christos Matskas 0:41 I'm good. Thank you for having me. Barry Luijbregts 0:45 It's definitely my pleasure. You know, at the moment, I'm actually looking at my wife who is playing with my new Oculus quest device. You know, it's a VR headsets. I bought it yesterday. It's totally off topic, but it's so funny to see It's amazing. Have you tried any VR? Christos Matskas 1:04 I've tried it a few times, I don't own any VR headsets or devices I would love to. But it means I would have to fork out a significant amount to upgrade my hardware and get the devices. I do have a PlayStation so I could get a VR headset for the PlayStation. But to be honest, these days, time is so limited. And sounds crazy because because of COVID and the pandemic, we're actually stalking the house. But it's a great opportunity for me to spend more time with the kids and the family and, you know, catching up with them. So no VR for me, but I would love to something I would definitely look into. So Barry Luijbregts 1:42 yeah, definitely. Well, we also don't have a lot a lot of time we just do it now here in this hour. We're sorry that before we go to bed, and I mean, this might be great Christos Matskas 1:53 to do a podcast on a VR environment, right? Oh, absolutely. Barry Luijbregts 1:57 Yeah, definitely. That would be awesome. This might be actually a great device because this is this is wireless. It's not even connected to PC right now. It's totally standalone. Yeah. That's why I wanted it because I don't have a big gaming PC or anything. Christos Matskas 2:12 So you don't need a beefy hardware to run it. Barry Luijbregts 2:14 Now you can do it, you can plug it into hardware, now you can run these amazing games and stuff, but you don't have to really Christos Matskas 2:22 so well. Something to look into then there you go. Definitely. Barry Luijbregts 2:26 Yeah, definitely. So well. So let's get to today's topic, and that is identity and identity in Azure. Let's say, let's just start with, you know, let's say I have an application, a web application. And I want to run that in Azure, because you know, I like to run things in Azure. Sure. How would I go about securing that? Because I have lots of options. I need ident I need to log in somewhere. And I need to make it secure. What are my options there? Christos Matskas 2:54 Well, again, security touches so many things like identity. So it's a it's available. big subject and maybe we need to scope it down a little bit from an authentication and authorization perspective, then Azure AD ease is a great solution. If you are trading line of business applications or business to business applications, then as rabies is a great solution, it provides you with a way to register your app, and then it gives you an app ID. And depending on the flow, sometimes you have a secret as well. And then you configure this in your application, you use their appropriate libraries, depending on which version of dotnet what kind of application of dotnet could be a console, it could be a web could be a demon, it could be an Azure function. All these different things have different kind of libraries to allow you to do the authentication. And then from that point onwards, once you're authenticated and you are authorized your users, you can add some additional functionality like calling into graph or calling into other API's and extending that and we have the Microsoft authentication library, Amazon these days, that allows you to do that quite easily. So you grab a token, right you get a token, that token has your permissions, your your user ID, your your API permissions as well. And then from that point onward all you do is send your token with your requests and based on your permissions can do things. So from authentication authorization perspective as radies a start for line of business. We also talked a little bit about b2c just prior to starting the show and business to consumer is for these people that are writing applications that are going to run outside the premise of an enterprise. So you know, you have your your podcast, your website, maybe you want to get people to authenticate to your website, and leave your comments or put requests to, to be on your show. In that scenario, you will be using something like BTC to allow these users to log in with their own username and password and maybe their social accounts, Facebook, Twitter, Google and then you have, again you get a token in your application and use that token to identify those users and give them appropriate permissions. Barry Luijbregts 5:06 Right. So let's see if I understand that we're talking about Azure Active Directory. And you can use that to authenticate users, but also to authorize users, right. And authorization means that you define roles or rights that they have, that you can then use in your application to say, hey, this guy is an administrator, for instance, or, yeah, power you too. And so he can see this menu and somebody else got right. And you will figure all that in Azure Active Directory, you just click some buttons included there. Christos Matskas 5:37 Correct? Yeah, I mean, we do have a straightforward process for creating roles. We can also use group assignments. So some sometimes if you are creating an application that is going to run against Azure AD for authentication, then you can also use the the group assignments or for a specific user to allocate permissions within your application. And the nice thing about ASP net and dotnet In general is the fact that they have a built in system for doing role based authentication. So once you assign a role to a user, then they get easily surface through the user object inside dotnet. And then all you have to do in your controllers is say, I want to authorize this user. So you only accept authenticated users in your solution. And then you say, I want to check on specific roles. And then as long as the user is within a set of roles that you permit in your app, then the user either has access or doesn't have access to a specific action. Barry Luijbregts 6:32 Right. And I want to dig into that a little bit more later, as well how you do that, let's say from ASP. NET, for instance, sure library using what what tax you do. So in Azure Active Directory, you then store your identities in there, that means you have the user object, including the password and everything is all in there, right as it takes care of all that. Christos Matskas 6:52 Yes, that's delegated authentication for you. So you don't have your application doesn't need to have a local database of users. It doesn't have to have a local database. So for roles and groups and permissions and what have you, so it becomes easier for enterprise that has hundreds or even thousands of applications to manage the users in one central location. And then the developers that create applications can use that centralized system to code around there permissions. So one of the one user can be in, say, invoicing or HR, then that user can access a set number of applications, but they won't have permissions to access other applications because they don't have the right roles or the right group assignments. And it becomes easier for developers to just focus on not adding quickly authentication to their solution. And then moving on to the next task, which be adding features to that application and specific functionality. Barry Luijbregts 7:46 Right. And then, once your user is in Azure Active Directory, they can then log in with, let's say, an email address and a password. Christos Matskas 7:55 Well, the nice thing about having Azure AD is if you are running an on premise, Sorry, on an enterprise environment means that you most likely get single sign on, right? So for us at Microsoft, we have so many applications, we'd only have to put a username and password, because of maybe everything that is part of the domain automatically has single sign on. At the same time, because we're using Azure AD, we also have incremental permissions. So if a specific application now needs to go and access my calendar, for example, then they can request that automatically for free for me, or on behalf of me when I try to access the application next time. They also have two factor authentication, you get all these things for free without the developers needing to explicitly code for these things. Right? Barry Luijbregts 8:49 Yeah, and that's a fun thing because you're then logged into your laptop, let's say with crystals, blah, firstname.lastname@example.org. And during user object is email@example.com. And then Therefore, you are already logged in there with the enterprise version of Azure Active Directory. Christos Matskas 9:05 Correct? Yeah, it's a it's an Azure AD joint machine. And that means that every time I tried to access any internet application, in fact, I can't even remember my password. Let's not say that. Because Hello Barry Luijbregts 9:15 is working so great. Christos Matskas 9:17 It's surprising if you go on holiday for an extensive time, like you have paternity leave or whatever and come back. Sometimes your passwords expire. And then nothing works. Because, you know, hello, and pins work so great that people don't have to use their 16 digit character, their password. But yeah, a funny too. I have a password, and I can use it. Barry Luijbregts 9:38 Yeah, right. And now you mean Windows Hello, where you just look into the camera, and it says, Hello, you're logged in now. Yeah, exactly. Christos Matskas 9:45 Yeah. And the applications can also leverage that as well. Right. So again, it can be Hello. It can be a pain, you can have feitos you can have hardware devices for two factor authentication. So it doesn't have to be username and password and the nice thing is that libraries that we have for dotnet. And node and everything else do support this kind of a, you have an app that tries to authenticate against Azure AD, we will give you all the things for free, doesn't matter where you come from. Barry Luijbregts 10:12 Alright, so can you then also store biometric data in Azure AD to login to let's say, fingerprints and stuff? Christos Matskas 10:20 I think no, you can do that. But it's your device that defines that as a the extra factor authentication, right. So if your device has a fingerprint, login, then that becomes part of your login process. And what we store in US release your object, your object for the domain, Barry Luijbregts 10:41 right? Yeah. So as your Active Directory b2c business to consumer, that's different, right? You don't log in with your ad Microsoft account with something else. How do you log in there? Correct. So Christos Matskas 10:54 Azure AD b2c, it's a separate resource to Azure AD. Totally. To imagine that you're spinning up a new website or a new database, it's not managed by Azure AD. So it's a totally different kind of authentication system. And the whole goal there is to make it easier for developers to manage and create an authentication system, an identity provider that is centralized again, but it's aimed for consumers and anyone that needs to log into a website that is not part of their ad domain or an enterprise. So if I go to say to Walmart and I want to buy something I need to create an account, then most likely, Walmart will have a b2c tenant that I create an account for the first time I can choose to use a social media account maybe I want to log in with my facebook so I don't have to go and create everything from scratch. Or I can use a an email and password. Sometimes the login process or the signup process, may ask for additional information like my my actual name Maybe my home address. So it will make easier for me to check out from normal without having to enter that information 20,000 times. So you can have the login system, but it also becomes a bit of a database and account database where you can enrich the information of the user. So you make the hauling that action easier. Barry Luijbregts 12:18 Right? And then you basically just store all the user information in Azure Active Directory b2c, right? You don't need an additional database for that per se. Christos Matskas 12:27 Exactly. Yes, everything is managed there. Again, delegated authentication. The nice thing about this stuff is like you don't have to worry about PII. Or how how do I allow my users to sign up for GDPR requirements, right, so maybe I want to delete my account. I don't want to be there anymore. It provides you with a straightforward process. And also, as a developer, you don't have to worry about how am I storing my passwords? How am I storing my emails? Are they secure enough? What happens if an attack takes place? Am I hashing the passwords appropriately? Why am I even hashing the password because we've seen many, many companies They're not storing information securely. Barry Luijbregts 13:03 Yeah, still people not having their passwords. Oh guy. Oh, yeah, Christos Matskas 13:07 yeah, I think if you follow Troy hunt, I don't know if you ever had his database he's Have I been poned database is growing exponentially with so many attacks taking place and I don't name companies but he's still advocate advocating loud enough for center center companies that are still getting it wrong. And they're storing passwords in clear text. Barry Luijbregts 13:33 Right? So yeah, Azure AD is a really good option, right? But there are a lot of issues. You can also use your own database like if an ASP. net website and I use ASP. NET forms authentication, that that was what it was called back in the day. I don't know what it's like to know, Christos Matskas 13:53 what's the identity provider for ASP. net and ASP. NET Core. So it's still a very valid service. Are you you might not want to use Azure AD for whatever reason, or maybe you're not running on the cloud, or you can run on the cloud yet. So we do have a template straight out of studio or the COI that allows you to create a local authentication system where you have an identity provider that runs against a local database, that database houses and protects your passwords. In fact, we added GDPR to our templates, as well. So if you go to manage your account, once you create your account in that system, also allows you to delete that automatically. So developers don't really have to worry about that. But you're still running a database locally. So that can always be an issue if you are quite aware and security aware. Also, it doesn't scale as well, right? So imagine you've had thousands or millions of users, suddenly your application needs to manage that. And the other problem there's a as a company, you're probably running an identity provider Anyway, you probably have somewhere an active directory that manages your organization three, right? So now you have two systems where you need to manage users. And you have to do systems you have to manage groups and roles and what have you. So it's not particularly would advise people to do that. It's not the best solution. But if you have a small kind of an app that you have 10 users or 100 users, and you don't expect it to grow significantly, then that's that's an option. Barry Luijbregts 15:27 Right? Yeah. I don't know. There's just something icky about storing passwords in a database, even though it's secure, and hash and everything. It's just once you can query it and concedes, I don't know, I don't get a good feeling about that. Let's be able to touch Christos Matskas 15:42 exactly and also the fact that your admins now need to backup the database, they need to manage the database, they don't have visibility about what's happening in that database. So you know, if you have 10 apps, that they all have their own databases back there, then you know, it becomes a little bit of a problem because companies grow over time. Sometimes developers are not aware of other systems. I've worked in very large companies like say, Barclays in the past, where there were so many disparate teams doing their own thing. And nobody talks to each other because it's hard to have visibility across everything, that everybody had their own kind of a system that was doing those duplicating functionality. So what I'm saying here is that if you decide to go down the route of self managing the the user database, then it might not scale well as the company grows, Barry Luijbregts 16:31 right. Plus, if you have your own database, you also need to have your own login page and own password reset page and all those things that those will be part of your application, right, where as you have as your ad, you will be pointed to the Microsoft login page, which is all secure and nicely buttoned up. You don't want to do all that stuff yourself, Christos Matskas 16:51 right? Yeah, in fact, I was looking at them. These template builder allows you to because right now, if you create a new ASP net application or a snit core application and you say I want to have local authentication, it will create everything for you and but you won't see any pages, everything is actually part of a DLL. So you get a DLL that has everything compiled in there for you. So you get a sign in sign out, minus account, whatever that is all part of the dlo, there is an option to actually unravel all of that and have all these all these different pages, as actual pages in your application where you can tweak the look and feel you can change the design, you cannot additional functionality. It's about 25 pages because you have to have password resets you have to have email services, you have to if you want to send a password reset, for example, email, you have to have two factor authentication like right now you're starting to talk about I mean an email service and suddenly I need the texture which where I send the the the two factor authentication code and what have you. So it becomes very complex to start managing all this yourself, we give you all that for free. And even more like integrating two factor authentication to your office simple as going into Azure AD, flicking the switch and saying, you know, for this application, everybody needs to log in with Azure AD and have two factor authentication. So automatically your users do that. And they get the functionality out of the box. You don't have to have an email surveys and take surveys and what have you. I love that. Barry Luijbregts 18:25 Yeah, I love when other people do complicated stuff, especially with security because they don't want to be responsible for that. Christos Matskas 18:33 Yeah, leave that complexity to us. We give you a DLL. And that's all you have to do. Barry Luijbregts 18:37 So you talked about scalability as in, obviously, you can store millions and millions of user accounts in Azure AD. But what if you have users all around the world geographically distributed, what I would do with my application is I would put my application also near the users, maybe use something like Azure Traffic Manager or a CDN to make sure that my data is also close. What about Azure Active Directory? Because people then need to navigate to the Active Directory. Where is that physically located that surface? Well, we're we're doing all the hard work for you. So we make sure that we have instances all around the world. And what happens is when you try to log in, you'll be presented with a page, you don't you don't care where it's coming from. So because it's delegated authentication, you leave the website to go to another website, that's Azure AD, you do your authentication, and you come back with a token. Christos Matskas 19:30 You don't really care where that's happening. So you could have multiple that you have hundreds of instances running around the world. And we will make sure that the authentication is running flawlessly for you. You don't have to worry about scaling out Azure AD as well. We do it for you. Barry Luijbregts 19:46 Wow. So it's really identity as a service. Right? Christos Matskas 19:49 Yeah. And it scales with your with your needs, right. So you can have two users logging in can have hundreds of thousands of users logging in at the same time. You don't have to worry about performance. scalability backups. What have you. Yeah, I love Barry Luijbregts 20:03 that I, I once was, for one of my jobs. I was in Redmond at the Microsoft campus. And there we got like a customer tour of the security center Christos Matskas 20:14 that they have. I love that one. Barry Luijbregts 20:16 Yeah, that's Yeah, they have all these big screens with threats on there and botnets that Microsoft is tracking and trying to destroy with legal action and things like that. It's just amazing. And, and they're they explained as well, that's because they have so much data as an Azure Active Directory is being used so many, many millions and millions of times during the day, because everybody's logging into Outlook to Office 365 to Azure, you name it. So they have all this data. And because of that they can detect anomalies as well as if I log in from Amsterdam. And then a minute later, I log in from Australia, let's say then as your ad did. Hey, that's probably very strange. That's probably not right. But yes, up to level, maybe I'll ask for a second level of authentication, maybe you need to enter a code from your SMS or something or an email. That's just super clever. I love that. Christos Matskas 21:15 Yeah. And we had to scale significantly as, especially with COVID. And everybody's starting to work from home, we saw an explosion and on the usage of teams and the usage of Azure AD, we found that VPNs could not scale as fast as companies wanted to, you know, move hundreds of thousands or hundreds of 10s of thousands into working from home and suddenly, you know, a VPN that was working for 10 or 15 people at a time now has to manage that kind of load, which meant that we had to scale with these companies as well. And we did a lot of a lot. There's been a lot of engineering effort happening in the in the past years to make sure that we can scale with the world scaling at the same time. So you know, teams, as you said, teams are using as rabee everything Like, right now I have probably 10 different apps running on my machine, and all logged in against Azure AD. So you can see how that can take a toll from, you know, so many people working remotely, but we know we scale there were no issues, no outages, or whatever. And that's fantastic for my division to know that we're doing so. Well. Barry Luijbregts 22:18 Absolutely. And it's just really, really good work. So what about alternatives we've talked about, so you can have a database with the ASP. NET system. There's also third party things like there's identity server, which is also an identity product, also external, external identity store, right? corral is a different Christos Matskas 22:40 identity server is a great solution we've used in the past I've used in the past as well. I would say that for companies that cannot really leverage the clouds for an identity provider, then identity server is a lot better than running your own local database. Absolutely. And because they use the same kind of format where you know your questions A user logs in, they get your application get talking back and then get roles and permissions, it becomes very consistent. So if you eventually decide to move to the cloud, or if you eventually decide to move to say Azure AD, then it transition is easy. But I didn't say every something that you need to manage yourself, you runs somewhere on a VM or a machine or, you know, bare bones doesn't matter where it is, that the whole point there is that you point your application again to a delegated authentication provider. And then you get talking back that says that you have authenticated that these are your claims. And from that point onward, the developer needs to decide what to do with that user object. Barry Luijbregts 23:39 Right. So that would be a good option if you're not in Azure or on premises. But you also use as your Active Directory from let's say, if I'm using AWS. Christos Matskas 23:49 Absolutely, I mean, that's, that's why we are doing these days. We're talking to developers, normally care where you're running your solutions, whether they're on prem in Ws, Google Cloud, That what we want to make sure is that if you are going to authenticate your users, you need to use a robust solution. And if you're a no developer dotnet, Python Ruby go whatever language you're using, there is Azure AD for you on Azure AD b2c, right, let's not forget the business to consumer stuff. Barry Luijbregts 24:20 It's actually used a lot b2c, Christos Matskas 24:23 it is used quite a lot. And we've seen major customers implementing b2c. In effect, anytime that you need to interact with a consumer. You need to have a solution for that consumer to be able to login easily and efficiently and in a robust way that scales with your customer demand. Again, a reminder of these times is that with COVID, we had so many people that are moving to online shopping, right? People don't go to supermarkets anymore, don't do all the foods, they don't want to go and you know, eat at the restaurants or they choose to do take out or whatever all these companies that have had to deal with user registration. And you know, I want to go and buy something from Walmart again. So Walmart has to have a solution for for me to go and authenticate and prove who I am. So they can send the food to the right place. So you know that all of these customers need to have enough in identity provider. BTC is a great solution. Yeah. Barry Luijbregts 25:23 So all right, we love Azure Active Directory. I love Azure, web apps and App Service. I love this is a great solution to just pop your application in there. And then it just runs. And obviously, we can connect our application with Azure Active Directory. Let's say I have an ASP. NET Core application. That means I need to do something to the application. But there is also another option in App Service as your app service. And that's called easy authentication and authorization. tells you a little bit about that. Christos Matskas 25:53 Yeah, easy. auth is an easy way for you to actually implement authentication for you application without really having to change your code. So for example, assuming that you have a 10 year old solution that you decided to move to the cloud, it's been running perfectly fine on prem. And you didn't have any problems there. But suddenly, you have to put in the public domain because your company decided to move everything to Azure. Suddenly, as soon as you put into App Service, that solution becomes publicly available, right? There's a public endpoint. Yeah. Now you want to ensure that anyone that access to that application has the right permissions or they're the right account. So easy. auth allows you to set up authentication without really having to change the code. So you deploy your code and suddenly you say, you know what, I need to authenticate my users. Easy. auth allows you to go and choose the options that work best for you. So we do provide Azure Active Directory backed up authentication, which means that as long as your user is authenticated, or has has a token against Azure AD, they can go and access the application but we also give you access to social media account logins. So you can have a Microsoft account, you have a Google account, you have a Twitter account that can also be permitted to access the application, you can figure these in your app. And you can have multiple of them selected as well. The only caveat I would say is that if you decide to do that, then it's either all or nothing. So you have allow anonymous access, so everybody can access the solution, or you have authentication authorization that takes place across the whole solution. So before they even hit the first page, they have to authenticate first, you can say I want part of my solution to be anonymous, and then other parts of the solution to or the app to require authentication. So it's all or nothing. We use a bit of a trick solution, but for someone that didn't have authentication before, and now they get it for free without really having to do any code changes. It's a fantastic solution. Barry Luijbregts 27:54 Definitely. Yeah. And that stuff, of course, because as your Active Directory is then in front of your application, as well. authentication layer there. integrate into your application. Christos Matskas 28:03 Yeah. So it's a it's an interceptor, right. So there's a request coming in, we intercept the message, we check whether there are any tokens or whether there's an authentication header if you're creating an API or what have you. And then from that point onwards, we make sure that the users are authenticated before they even access the solution. Barry Luijbregts 28:23 Right. So and then the other option is, let's say I have an ASP. NET Core application, a web application, maybe even a blazer server application, which is also ASP. NET Core, then I can also connect it to Azure Active Directory. I usually do that with a wizard in Visual Studio. Sure What what happens there in the background? Ah, Christos Matskas 28:45 yeah, we we did try to make the onboarding into Azure AD much, much simpler. And the whole point there is if you are using Visual Studio, then as you create your application, there is usually an authentication option at the top hand corner. When you say I want to create an MVC or a razor page, at that point of the wizard, you can go and define what kind of invocation you you want to use. And if you say I want to use single tenant Active Directory backed up authentication, we will go and create the app registration for you. And then the application will also be populated. So if you go into the app settings or the web config, once that application registration is successful on Azure AD, then we will populate that information inside your app will also download the appropriate libraries for you. And why not the code, which means that as soon as the solution comes up, you can click Run, and then you'll be presented with a login page that runs against that operation you just did. All Out of the box without you having to write any piece of code, which is great. Barry Luijbregts 29:55 Yeah, that that is amazing. And then you can use we've talked about that In the beginning, then you can just simply put the authorize and authenticate attributes on your controllers, right? To define while this controller if you go here, which requests you need to log in, and maybe then you need to be an administrator to access this, right? Christos Matskas 30:18 Exactly, yes. So I will give you a, I think if you do if you follow the wizard, then as soon as you launch the application, it will request that you login, you can change that and then say, you know what, I want everybody that hits my homepage to be anonymous. I don't want them to authenticate by once they need to access other parts of my solution, then at that point, I want them to authenticate, maybe give them access to the application data or what have you. Barry Luijbregts 30:47 So then you have all sorts of configuration values that point to your Azure Active Directory tenant and your Azure Active Directory application. Is that safe to have that all of your configuration or is there a better place? Put, Christos Matskas 31:01 if you are going to do a Spinetta syndication without really hitting any other API's or what have you, then this that the information that we store in the web config or the app settings, so Jason is just your tenant ID, and well known and public endpoint for logging in. So there will be login.microsoft.com. And there will be your client ID, which again, it's just a grid, and nothing else. So you have your tenant name. And if you use a custom domain, so it could be see mascus.on match.com. They're well known login name and URL for login at macro tocom, the tenant ID, which can be, which will be agreed, and then the client ID. If you are, however, creating a single page app, if you're creating a node app, if you're creating something that requires implicit flow, or maybe you creating a console app, right, that doesn't have user interaction, which means that the console is running as a daemon Not every half an hour, that application needs to go and authenticate against Azure AD. And then get some information out from Azure, maybe something from graph or some other API, then I definitely need to have either client secret go to our certificate, we'd recommend people use a certificates over a client ID a client secret, because the client secret needs to be long character that needs to be stored and somewhere easily accessible. And it becomes a bit of an issue, right? So the certificate takes the ownership away. So you don't have to compromise anything, as long as you configure your app registration to use that same certificate. It's very easy and straightforward. In fact, I blogged about that a few weeks ago. So it's, it's a little bit more involved because you need to have a certificate but can use any certificate can be a self signed certificate, you don't have to have a proper certificate, more pay money for it and then just upload it into Azure AD and authenticate. So There's nothing really wrong with using the wizard because it doesn't compromise security. But once you have to store client secrets, then that becomes an issue. But we also have a workaround for that as well. Then if you if you're aware of managed identities and Key Vault and what have you. Barry Luijbregts 33:16 Yeah, so Key Vault is in a secure place in Azure, where you put secrets, right? You can put passwords in there or connection strings or even certificates if you want to. Christos Matskas 33:25 Absolutely. Barry Luijbregts 33:26 Yeah. And then what is managed service identity? Christos Matskas 33:30 Well, if I'm going to use keyboard, I need to have a way to connect to that securely. And in the olden days, you would have to have client secrets or a key for that. So you would use the URL to the keyboard. And then that key would allow you to authenticate and say, you know, I, I am an owner or a user of that keyboard. The problem there is that you have to store that secret somewhere. Yes, sometimes it can get to a point and for that reason, what We did is we created this thing called Manas identity. This is again, an entity inside Azure AD that we can use to provide proof. So if you are running an app service and their specific miners identity, then what that allows you to do is to go to Key Vault and retrieve the necessary information you need, say for Azure AD or whatever, at the point of the application starting up. And that takes away the the problem that we have of storing secrets somewhere. So minus identities. He's an account that the applications running under that context and that context allows you to go and hit other services. It's not just given it can also be SQL Server. It can be your event grade. And a lot of services on Azure are starting to adopt MSI minus identities as the way forward. And that simplifies your life as a developer because you don't have to worry about monitoring secrets. You don't have to Go to your admin and say, Oh, please give me the secret to the Key Vault or the secret connection string to the database. Your MSI does it. And now if you're developing locally, you might say, Well, I'm not running on Azure. So I don't have a massive empty Visual Studio and Visual Studio Code allow you to have an account. And there's a library, therefore dotnet allows you to locally develop against the services using your account. So as long as your account is authenticated inside of Visual Studio, and you logged in with that account, and that same account is also given permissions to those same services, then visit studio and use your code will use that information to go and reach out to those services. They're not actually using MSI. But the library that we use has three different ways of authenticating. So the first time it will try to look for an MSI. Luckily, you don't have an MSI. So we'll go to the next fallback option which is a Visual Studio account. And then the next one is an associate line. So if you don't have your car, you can use the Odyssey ally, login to Odyssey ally deck. It's a local file on your system, an encrypted file on your system that the dotnet library uses to speak to other services on Azure. Barry Luijbregts 36:13 Right? Oh, that's, that's just great. Yeah. So then you don't need to store any client secrets anymore. You just use Key Vault and managed service identity, which is part of the infrastructure or locally if we run Visual Studio, Visual Studio code, and then you're all good to go to connect to whatever and Azure Active Directory, for instance. Christos Matskas 36:32 Exactly. So for people that are hearing this podcast, hopefully, it's quite a few of them, then I hope I don't see secrets in your solutions going forward, because now I told you how to do it. Barry Luijbregts 36:44 Right. Yeah, of course, nobody does that. Nobody store secrets in their codes. I never know No, I've never done that before. Christos Matskas 36:53 No, I mean, we've all done it before. But now that I mean, back in the in the olden days, we didn't know better or there was no better solution. Do it. Yeah, these days, even dotnet core has really good ways of managing secrets. Like you don't have to have a keyboard or whatever, you can have a secrets file. And then if you're running on Azure, whether it's a function or an app service, you can use environmental variables to populate those secrets in your application. So again, you don't have to share those secrets anywhere. You don't have to compromise your solution. But with Key Vault, get other benefits like central auditing, so you can see where your logins are coming from. Again, as you said earlier on having a password it people in your company can have a dashboard that checks the logins and then if something comes from say, Romania, I wasn't expecting a login from Romania because our apps are running on totally different environments. Then that can be a red herring and suddenly you can see how you know either an account has been compromised, or something else and the nice thing about keyboard is that we do automatic girl key rolling the keys for you Same for MSI MSI, were all the keys for you. So you don't never ever know what your password is for these. Barry Luijbregts 38:06 Yeah, that's all automatic. That's awesome. Christos Matskas 38:09 Yeah. Barry Luijbregts 38:10 So we are coming up to the end of this episode. So last question is, what is new in identity? What's coming up? And where can people find out more about this topic? Christos Matskas 38:23 and identity in general, we, we made quite a few announcements are built for anyone that's dealing with, with identity, Azure AD in general, not just dotnet specific. We had we announced external identities, which is something that allows companies to bring external accounts into their org. So again, if you're Walmart and you're running a internal applications, you might want to have a vendor or somebody else to log into your organization that allows external identity allows you to do that. So it's not b2c. It's not aimed for consumers, but it's more about allowing other customers or businesses to log into your enterprise environment with Excel bmps. So not mydomain.com, but their domain.com account. So that's a big one. From $1 perspective, we did have a couple of big announcements. The first one is that we are actually not for just that, that's a correction not for dotnet only, but we are announced the deprecation of a doll, the older library for Azure AD. And going forward will only be supporting emsl. This is coming to an end in June 2022. So you still have plenty of time. And if you follow our stream on tweets, then part of our efforts are helping developers to you know migrate from a belt to emcell. We're doing lots of different themes and examples about how you can do that on your technology stack. So it doesn't have to be dotnet. So that's a quick announcement I'll stand for. And so ADL is Active Directory authentication library and emcell is the Microsoft authentication library. Barry Luijbregts 40:03 Right? Yes. Christos Matskas 40:03 And and their corresponding libraries in node and dotnet. And we have Angular libraries. And we have Python, what have you. So all all technologies and all languages have their own Ada library. Now we're moving away from that to Amazon. Because people might ask, like, why would I need to move to Amazon? What's wrong with dado with emcell, you get all the things that we talked about, like multi factor authentication, fito, keys, and whatever, as you want from the newest features automatically out of the box. So the same application running today, as soon as you move to emcell, you will get all these benefits. So that's the big announcement. And then from a dotnet perspective, something that is very modern and contemporary is the fact that we have a new library called Microsoft identity, the web that bridges the gap between the the authentication and the token management Just to clarify, in ASP dotnet core, you can do authentication using the local library, read the local identity provider, you don't have to use Active Directory. But then if you need to call other services, or ms graph or whatever you had to bring down and solve, the problem there was that even with a doll, you had to had a doll to authenticate against Azure AD. And then he had to have m salt to manage your tokens, grab it talking for graph and then go do the query with Microsoft did I didn't have the web would give you one library that erupts around himself, and does both the authentication to token management. So you indicate as a user, and then you say, go and grab my token for graph and, or these scopes, whatever you decide to do in your app registration, and we'll do it for you. It's all in one library. It's all oversimplified. it rots away the abstraction. So you can have authenticated web apps can have web API's I call other web API's can have a web app that goes on other web API All in one line, they're all nicely down through the standard of CS. And we have lots of blog posts. And we're going to be doing quite a few streams on our twitch channel to talk about why and how the changes are very small. So if you are using a Delta day, it takes only a couple of lines of code and a couple of nougat packages to get migrated to a new system. And it's highly recommended. So feel free to reach out to us if you have questions about any of the things that we talked today, by the way. Barry Luijbregts 42:29 Okay, that's great. A lot of stuff. So, okay, we are at the end of the episodes. So thank you very much for teaching me everything about identity and getting me up to date. Thank you very much for your time. Christos Matskas 42:44 Thank you for having me. It's a it's been a pleasure, and I appreciate your time. Barry Luijbregts 42:50 Thank you for listening to another episode of developer weekly. Please help me to spread the word by reviewing the show on iTunes or your favorite The podcast player. Also visit www.developerweeklypodcast.com for show notes and the full transcript. And if you'd like to support me in making the show, please visit my PluralSight courses and to learn something new.
37 minutes | 4 months ago
Take Charge of Your Technology Career with Dan Appleman
32 minutes | 4 months ago
Teaching Kids how to Code with Caleb Ndaka
This episode is brought to you by me. If you like this show and want to support it, please visit my courses on Pluralsight and buy my new book "200 Things Developers Should Know", which is about Programming, Career, Troubleshooting, Dealing with Managers, Health, and much more. You can find my Pluralsight courses and the book at www.developerweeklypodcast.com/AboutShow resources:Follow Caleb on TwitterConnect with Caleb on LinkedInFollow Kids Comp Camp on TwitterWindows Insider Feature of Caleb NdakaSupport the Kids Comp Camp: https://www.kidscompcamp.com/support/Full transcript:Barry Luijbregts 0:17 Welcome to another episode of Developer Weekly. This week, I’m talking with Caleb Ndaka about teaching kids how to code. Caleb is a co-founder at Kids Comp Camp. Caleb Ndaka is a 2019 Obama Leader, a 2018 Mandela Washington Fellow, a 2017 Microsoft’s Windows #Insider4Good fellow and a 2015 American Express and Ashoka Emerging Innovator. He is also a TEDx speaker and a part-time actor. Great to have you on the show, Caleb, how you doing?In your bio, it says that you are a 2019 Obama leader. Can you tell me a bit about what that means? Caleb Ndaka 1:48 Obama foundation runs a program called Africa leadership program in which they try to bring young African leaders together to have conversation today. Your support system for each other in order to create proactive and authentic leaders in Africa, because they do believe that the greatest gap we have in Africa is not about resources. It's about leadership. And so they believe invest in the young leaders so that they can build and change their communities. Barry Luijbregts 2:23 Right. That's incredible. Okay, so tell me a little bit more about yourself, like, where you from and how you got into software development. Caleb Ndaka 2:33 Great. Thank you for that question. I was born in North rift Kenya in a small slump called landers. And then soon after we moved to South Eastern Kenya, a small village called kV and that's where I grew up. I went to school there, up until I went to college when they got to come to the city of Nairobi. So generally Mama Mama village boy Who, by chance got into technology got into software development. Part of that story is between high school and college, I was out of school for four years. And the reason for that is because my parents could not afford my quality education. But then four years later, as more opportunity open to join one of the local University School of computer science and information technology, and I started with a certificate cause in it, then I proceeded to a diploma course in it, then eventually graduated with a bachelor's degree in it. And with that background, I was able to be introduced now to to software development and the passion to teach kids especially in rural areas, how they can learn about our not just to use technology, but to develop technology for themselves and for their communities. Barry Luijbregts 3:56 So that they are actually creators and can create things for other people as well. Caleb Ndaka 4:01 Yes, not just consumers, but also but also creators. But also, because I do believe change from within is a more sustainable change. And so having rural communities embracing technology for themselves, creating technology for themselves, is a dream that I hold very dear to my heart. And that's what I live for every day to see how can we, how can we equip them better to know how to use technology to address the most pressing issues in their communities? Barry Luijbregts 4:34 Right. And that's a very powerful thought, I think, as in to get the power from within and not be reliable. From all these other big companies from the United States and from Europe and all over the world, but to build your own strength, yes. Caleb Ndaka 4:49 change from within power from the from within is the most powerful energy employee they never gave to people. Barry Luijbregts 4:57 So random question, what is the internet It like over there. Oh, is it fast or is it limited? Caleb Ndaka 5:03 Oh great. Like I mentioned I come from Kenya and in the last five to 10 years Kenya as witnessed a very fast growing internet penetration. And so we can say like three quarters of the country you can get stable internet connection. And that is what we are leveraging on to create our program. So we have pretty good internet, it could get better back with what we have. We can also do some meaningful stuff. Barry Luijbregts 5:33 And is it expensive? Caleb Ndaka 5:36 According to the surveys which have been done in Africa, again, Kenya, we have the lowest rates of of accessing to the to the to the internet. But the thing also is the economic power for most people, is not that strong. So it is relatively cheap but Not very cheap to the majority of people and especially to the majority of people who live in rural communities whom we we solve, Barry Luijbregts 6:07 That can be a problem, I imagine. Yes. Okay, so Well, let's talk about the thing I wanted to talk with you about about kids comp camp. So I saw this online and I was very interested in how it got started and why you started it and how it actually works. Can you tell me a bit more about why you started and what it is? Caleb Ndaka 6:29 Yeah. So kids comp comp, is an initiative to help children in rural communities in Africa to catch up with a current digital driven society. And the way it began, it was a random idea. on a road trip. I was just about to graduate from the University and a few friends asked me if we could do a road trip and we said our boat we do that road trip with laptops in our bucks and go look for I don't know school in a village And to teach those kids out to use computers. That was in April of 2014. And so we did a rotary, we carried our laptops and we found a school in one of the rural counties in the in Kenya. The first class, we had 30 kids, but it is what shook us. Out of the 30 kids, only three kids, I'd seen a laptop before. And we were like, shocked. We thought like computers and access to technology is is a thing for everyone. Only that we realized we were only reserved from, from our band kind of setting. And so that was like, the glaring gaps that we saw, and we felt like we need to do more, we need to come back and do more and more, and 2014 to right now we've been able to train over 10,000 children, both here in Kenya and also in Rwanda. 90% of those kids, this was their first time to use computers, and 54% they were girls. Barry Luijbregts 8:08 Wow, that is amazing. And and what what kind of ages do you teach? What? How old are the kids? Caleb Ndaka 8:15 So we get between 8 years old to 18 years old. So, according to the Kenyan education system that is about primary school and high school, Barry Luijbregts 8:29 and do you then also teach adults? Caleb Ndaka 8:32 Um, yes, like I've mentioned, we started in 2014. So it's been almost five to six years. And one of the things that we realized, like three years into the program was that kids, especially in Africa, don't make decisions. The decision makers are parents and teachers, and therefore we thought, in order to make our program more sustainable, we need to involve the parents. We need to involve the teacher So apart from just the core business of train kids, we've started another supportive program to train their teachers and to train their parents so that they know the benefits. And also they have the the basics of becoming like a support system to this kids. So yes, we do have a program for children. And we also have a program for adult but especially adults around the kids that we're trying to reach out to where basically the parents and teachers, Barry Luijbregts 9:30 To get their buy in and to make them help the kids. It's a very clever, so can can every kids just join or how does it work? What What skills do kids and or adults need in order to participate in the competition Caleb Ndaka 9:46 so kids could come targets children and adults with no prior exposure to computers or technology, and therefore we start with them from ground zero. We don't require any scale Or an experience, what we just ask of them is that they need to be enthusiastic to learn. So no prior skills or knowledge is required, because we were trying to get our kids and parents who have not had access to computers or technology. And so we begin with them from ground zero. Barry Luijbregts 10:19 So you you completely start at the beginning as in this is a laptop. Caleb Ndaka 10:26 And that is a computer. This is a mouse This is are you right click this is click, we basically begin by bailing confidence just as I want any digital device. Barry Luijbregts 10:38 That is amazing. And do most of the participants. Have they seen other devices like phones, for instance? Caleb Ndaka 10:46 Oh, well, they're the data that we have so far is at 90% of the 10,000 plus beneficiaries of the program. This was their first attempt to use their computers. But when it comes to access to mobile devices, As the number changes a bit, we can almost say like 40% of them actually have access to, to a feature phone. And maybe 30% 20% of us have access to a smartphone. So more people right now they have access to mobile devices, but computers still as cost resource in the rural communities in Kenya. Barry Luijbregts 11:29 So it's really mobile first. Yeah. And then some, some kids will have have had access to the internet through mobile phones, I guess. The kids come in with no experience. They learn all this stuff from you, and what do they take away when they're done? What are the skills that they have? Caleb Ndaka 11:46 Great. That's a great question. So over time, we've been we've been trying to modify our curriculum to really meet the felt needs of these kids. And we've divided our curriculum into three big blocks. The first block is what to call get started and get started, like you've mentioned is trying to build confidence of this kid around to these machines I would do up in a computer how do you use the basics of that of that computer? How would you build clear audience around any device and the next big block is what to call get productive. Now that you know how to use our computer, how can you become more productive doing your your duties and in that time, also teach them how to access the internet, how to use productive programs like Microsoft Office, and other programs which they can use in their in their daily their daily lives. And then the last big block is what to call like, Get creative, which is a big block for us. And that's where we where we introduce them, introduce them now to Cody and just bring that whole notion of you do not To be a consumer of technology, you can be a creator of technology. Yeah. So those big blocks, it's our we we try to align our curriculum, get started, get productive and great creative. Barry Luijbregts 13:14 That's great, especially that you didn't end with the empowerment of you can do it yourself. You can just type in some text on the screen and some magic happens somewhere. And somebody can press a button and something Yes, Caleb Ndaka 13:27 for sure. For sure. One of the mentality that you've been trying to fight, especially in the rural communities that we work is that most people view technology as a concept of the West. Great. Most people think that technology is something which comes from elsewhere, and we just use it. So we are trained to change that and especially to this young kid as they grow up to take up their careers to choose up their studies to show them technology is just like a pen is a toy, which you can use to rights rights. And so technology is a tool they can use to, to empower themselves is a tool that they can use to empower their community is something that they can they can use for their for their better days to come. Barry Luijbregts 14:15 Right. So yeah, it's not only just skills, but it's mostly also attitude and confidence Caleb Ndaka 14:21 a lot, a lot. And let me tell you, that's something that we I didn't know when we were starting out, I thought like, we only need to give these kids skills, but then realize when those skills they land on not very prepared attitudes, then these in mice that you can, you can do and that's why we returned also to work in the in the mind and attitude change as much as we are giving them skills that they need for 21st century. Barry Luijbregts 14:50 So let's circle back a little bit. You said that one of the parts is then also to teach the kids how to use the internet. Now, I have to Young kids, and the oldest one is four. So she's not really understanding what the internet is, luckily for me, but I'm already dreading the time where she can actually access the internet and look stuff up. Because, you know, how do you guard them from the internet and all the bad stuff that you can find on there? And how do you make sure that they know what is real and what isn't real? Because there's so much stuff on there that is just non information and things that are just false? Yeah. Do you teach about that? Caleb Ndaka 15:32 Yes. online safety is a big thing to us. In 2016, I was able to attend the Internet Governance Forum in Mexico. And that's one of the things that I came out with that on in safety is not just a thing for the first world right after ro internet. Internet is threatening the cup like we've been saying, internet is making us to be a global village. So wherever Are you accessing the internet from my village in kaisi or whether you're in Netherlands like you are, as long as you can access the internet, then we are in one space, we are in one ecosystem. And therefore we we tend to be very intentional about online safety. And part of that is teaching teachers and parents how they can become informed guardians when it comes to internet use, right? Um, yeah, the thing about them, most of the population that we're dealing with is that most of them they do not accept the internet while at home. Most of them as the internet, were there, were they in school, or were they now a program. And that's a very big advantage to us, because we become like the first people to give them an introduction to the internet. And so therefore, we believe that I just given this kids putting into to know this is useful. It is not giving these kids an opportunity to know how they can protect themselves on very basic, but yet critical levels. That's something that we are we are very keen on trying to integrate, actually to each and every component of our of our curriculum. Barry Luijbregts 17:20 Right. Yeah. And then you get the advantage of catching them in the beginning where they first start to learn to access the internet. Caleb Ndaka 17:27 Yes, yes. And that's that's very important, because their first experience forms a big a big notion of the entire experience being online. Absolutely. Barry Luijbregts 17:39 Yeah. All right. So and then you start to teach them how to code. So what do you use for coding, what kind of languages and tools we use? Caleb Ndaka 17:48 Yeah. So like I mentioned, we target age to 18. Most of these kids are in rural Kenya. And one of the challenge that we have is just access to internet. So we try to Look for tools, which do not necessarily have to rely on Internet's we are biased towards tools you can use offline. And to fit that bill crutch as been a useful resource. You can just download it in our machines, and then we can be able to roll it out. But it also is very child friendly in terms of, you can teach the basics of programming, from conditional statement from logical thinking to how to issue out commands using very child friendly graphics. So scratch is like our main tool, which we are using to teach this kids. But we've also been able to use Minecraft when we have access to connection. And again, we're just trying to create this sparkless interest and give them the basics of how to, to reason like a programmer, you know, typically out to our problem solving, how to look when they're they're going about introduction to software development, once they have the basics of that, and especially now that we have all the kids in the program right now, we're able to do a bit of HTML and CSS, and now they tend to build small websites. And they're Barry Luijbregts 19:18 right, and then they can do it themselves. And then do you also give them a CI an example projects to make sure that they have something real world to work? Yes, Caleb Ndaka 19:27 um, our approach of learning is, is what are called project based learning. And it's the way we do it. Just to mention is that a good comp comp is a not for profit, we have a very small core group, but then we work a lot with volunteers, and most of them are university students or the volunteers from the community and we do have a mobile lab, which we move around the villages with, and so the mobile lab as 21 workstations, and we will also request volunteers when they come to volunteer with that they come with their laptops. And the more than we use for teaching is we have one volunteer Trainer with between three to five kids around the table, and they have access to a device. So we change the training from being a classroom, whereby one person is talking and like 30 or 50 or 100 people are listening to him. So we change that to making learning to be in very small teams, between three to five kids with a trainer and we make learning to be very project based learning, they are walking through a very particular program project in which they will be able to demonstrate by the end of the day, or by the end of the cup, Barry Luijbregts 20:50 then it will stick because of this. It is real world. Yes. That's a very good, good way of teaching. So you mentioned you work with volunteers. as well. So how largest is the organization? How many people work for it? So Caleb Ndaka 21:05 we are not a very big organization. We have a core team of five guys. But then we we are powered by volunteers every now and then we are We surely issue out a request for volunteers to come into work with us. So for the last five, six years, we've had over 1000 volunteers from all across the country, Kenner will be able to come in volunteers with us from a weekend to a holy day long depending on when they are available. Barry Luijbregts 21:37 Well, is it difficult to find volunteers? Caleb Ndaka 21:39 It is not. It is not because of two things. First and foremost. Most university students when it's during their long holiday, they are looking for things to keep them busy. And so right I've seen an opportunity First of all, we give them an opportunity to travel across the country, being places have never been. And we are giving them an opportunity for them to predict proactively and productively use their holiday time. So we've been able to have very good structure at comes to attracting volunteers in our program, Barry Luijbregts 22:12 and you pay for the travel as well. That's very attractive. I imagine. And are you planning to increase your core team? So you have five core people right now? Are you planning to increase that? Caleb Ndaka 22:27 Yes, definitely. For the last four, five years, we've been able to reach out to 10,000 kids. And our next milestone is trying to reach out 50,000 kids by 2030. In what we call the visual 50 k, r. And as we grow in numbers, we also want to grow the team. And so that's something that we are working towards that we can make the program more sustainable and more impactful, Barry Luijbregts 22:57 quite some goals. What do you need for the goals to happen. Like, how do you fund your organization? Caleb Ndaka 23:04 Great, great question there. We are a not for profit organization. And so before we are relied onasking for support from our friends and our family, we've also been writing grants. And we've also had different partnerships. We've been on Microsoft before, we have, but now we have General Electric's and a few organizations will be able to come to come on board. And so that is what we've relied on in the in the past, but also in the coming days, we are trying to make the program a little bit more sustainable by introducing what we're calling the income generating activity. Let me give you an example. Like we mentioned before, we only used to train kids, but then we realized this kids need that support system. And so we need to train the parents and their teachers. So one of the The income generating activities is actually by charging adults when they come to be trained, right? So we get, we get to two things that go when an adult comes to train their pain. And so we're able to make the program a little bit sustainable. But also, most of those adults, they end up becoming part of our community trainers. So that's something that we're trying to explore. We're trying to scale it up trying to see if we can make ourselves to be self sustaining in the coming days. Barry Luijbregts 24:33 So we've talked about how kids come in with, with zero skills, and maybe a bit of experience with the internet and a mobile device. And then they learn to use the internet they you learn to use computers, and they learn how to code as well and adults as well. Do you also follow up on people that you taught as in maybe a year later to see where they are and Or do you also provide them with access to traineeships? And ultimately a job? Caleb Ndaka 25:09 Yeah, that's an interesting question. It's something that I've been trying to address. So currently, this is the way we we've been doing it. We do not do what to call 181 that we don't do one comp and go away. We try to do every comp, we try to follow up and follow up and follow up. And, and part of that is because of something that we learned in our earlier years, community involvement and community ownership is very important. Right. And so we first avoid, we do not show up in communities. We wait to be invited. So we issue out a call for nomination people nominate, and then when you know minich we come and do a survey. And that's our base to establish if there's a need And what kind of supports the community is able to offer to us. In order for us to make our follow ups to be more seamless, and to be more effective. We are training more community based trainers, and most of this community based trainers, their local teachers, and that means that data will be not skewed for the next 510 or 20 years. And either most best placed person to do the follow up even after our initial phase of our training is, is done. And so by being intentional about training teachers in that community, that's the way we are trained to feel our follow up strategy, because the the locals in that communities, they are available in that communities. And if there's kills, and if they're motivated, then they become the best follow up methods to use. Barry Luijbregts 26:55 That's a very powerful way to scale your Organization has it and to keep keep the kids engaged. Caleb Ndaka 27:03 Yes. And also every after every program we do monitoring and evaluation, and one of the key areas would be trying to, to see is to ask ourselves, are we in talking to this kid when it comes to choosing careers and choosing, you know what to study and especially as you proceed to college, or as they proceed to, to high school, and so far 60% of the kids in our program, they are now more aligned to technology base, subjects and careers. And so we believe that's something that we are adding value to them, especially among gods who would just fear or our bad attitude towards, you know, Sciences and Technology. Barry Luijbregts 27:49 So you said, you run a non for profit that is, and you get some help also from partners like Microsoft and other companies. Can our listeners maybe also help you out in some way? Because I see on your website, https://www.kidscompcamp.com/support/. People can also support you with money and other things. Caleb Ndaka 28:16 Yeah, we believe that it it takes a village to raise a child. And so even in this digital driven society, it's good to take the digital village to ensure that every child is given equal fighting rights when it comes to tackling our today's digital driven society. And so if any listener feels they're there, they're able to come and help us to get more rural kids, that there are more than enough opportunities to do that and how to do that, like you just said, please visit our website https://www.kidscompcamp.com/support/. And there are a few ways you can you can be able to support us our mission, a few of them, you know, the first thing is that every year We run a campaign called donates lunchbox. So lunch box is food for one child for one camp at only $2. And the reason for that is sometimes we have kids who are walking up to 10 kilometers to be able to join our our camp. And so I keep cannot walk for all those kilometers and come and sit in a class with empty stomach, they will not concentrate, they will not enjoy. So wish I could say that kids comp come is about food, fun and computers. And so every year we are trying to raise food for this kid so that we can attract them to the camp. But also we can make them enjoy the training and through that they can be also to enjoy what technology can be able to offer for them. So if you can be able to donate one lunchbox, two lunchbox, 10 lunchbox, that's that would be great. A lot of boxes, only two to $2. And the challenge has always been if you can keep our lunch, maybe Be and donate that money to as a child in rural Kenya, that will be absolutely great. So how to do that? Visit www.kidscampcamp.com there are there ways you can you can be able to donate to us. The other way is if you have any unused or underused device, or even if you can consider donating devices to us, that will be great. First and foremost, it will help us to reduce the number of students to device ratio. Right now one device saves between three to five kids. If we can have one device, having two kids, that would be great. And that means we need to invest in more devices. So if you have a laptop, if you have a computer, if you have a smartphone, or a tablet, you feel it's going to be of benefit to our program would be most definitely happy to connect with you and try to see how we can. We can we can really connect. But most important if you can come volunteer with us. We believe that scene is better Leaving. And participating is only now one of the things that you've noticed is most of volunteers, they don't just come teach. After they teach, they go back and become our strongest support. So if we have time, a day, a weekend, a holy day, please come and volunteer with us. And like I mentioned, they can't come compounded calm is an email where you can reach out to us and we can be able to tell about the volunteer program that we have. So those are some of the ways in which we can, you know, work together and create a better world for this gift in rural Africa. Barry Luijbregts 31:57 Well, that is amazing. I think your organization is amazing, and you are doing just incredible work. Thank you so much for that. And I would urge everybody that's listening to this to take a look at the website at https://www.kidscompcamp.com/support/, and I will also put that link in the show notes. Caleb, thank you so much for your time.And see you all next time. Caleb Ndaka 31:58 Thank you so much Barry. I was pleased to share about our small journey in rural Africa and how we can make this was a better place.
37 minutes | 5 months ago
Keeping up With Microsoft Azure With Tim Warner
This episode is brought to you by me. If you like this show and want to support it, please visit my courses on Pluralsight and buy my new book "200 Things Developers Should Know", which is about Programming, Career, Troubleshooting, Dealing with Managers, Health, and much more. You can find my Pluralsight courses and the book at www.developerweeklypodcast.com/About Tim is a Microsoft Most Valuable Professional (MVP) in Cloud and Datacenter Management who is based in Nashville, TN in the United States. His professional specialties include Microsoft Azure, cross-platform PowerShell, and all things Windows Server-related. You can reach Tim via Twitter (@TechTrainerTim), LinkedIn or his website, TechTrainerTim.comShow resources:Twitter @TechTrainerTimLinkedInwww.TechTrainerTim.comTim's YouTube channelTim's Pluralsight coursesAzure FridayAzure LearnLinux AcademyAzure Status UpdatesPluralsight course: Microsoft Azure - What to Use When?Microsoft Azure certificationsFull transcript:Welcome to another episode of developer weekly. This week I'm talking with Tim Warner about keeping up with Azure. Tim is a Microsoft most valuable professional MVP in cloud and data center management based in Nashville, Tennessee in the United States. His professional speciality includes Microsoft Azure cross platform PowerShell, and all things Windows Server related. You can reach them via Twitter, at Tech tamer at Tech trainer, Tim, LinkedIn or his website, tech trainer tim.com. Thanks for being on the show Tim. Tim Warner 1:37 You're very welcome. Very, thanks for having me. It's a pleasure. Barry Luijbregts 1:40 So you are very active with Microsoft Azure. And amongst other things, you create videos about Azure and Azure certifications and even released a new Pluralsight Azure course on Pluralsight today. Tim Warner 1:53 Yeah, that's right. I've been an IT generalist since 1998. And I've always because I'm excited In so many different aspects of it, I've kind of intentionally avoided specialization. But it just happened over the last five or six years that I got involved in Azure. And it's been a perfect fit for me professionally, because I guess, well, more than I guess I know that as your is my professional specialization, but within Azure, given that the ecosystem is so broad, I can be a generalist within Azure. And to your point, the course that we released today is actually a complete redo of a course that I recorded Originally, I think, last summer summer of 2019. It's called something along the lines of developing batch processing solutions in Azure. And originally, I centered it around as your SQL Data Warehouse. But of course, in ignite 2019 as your synapse analytics was introduced, and as your Data Explorer is now in the forefront, so I just decided to scrap the old course and redo it from scratch. Barry Luijbregts 2:58 So you came from From an infrastructure, specialty, right? Tim Warner 3:03 That's correct. As far as the DevOps continuum, I skew more towards the operations side. However, I've always, I consider myself a hobbyist programmer. I guess I'm a professional scripter. I'm proficient with PowerShell. And to an extent Python, but more in an infrastructure scenario, like you said, Barry, but I mean, I remember my first exposure to computer programming this when my dad bought one of those tiny Timex Sinclair t 1000s. It was the $99 computer and Europe. It was called the ZX Spectrum, I think. Right. And basic programming is how I originally got into the field. Barry Luijbregts 3:45 Oh, that's, that's incredible. And now it's all into clouds. You know? Tim Warner 3:48 Isn't that something? It's funny how things turn around. I remember also, just before when I was in college, before I got into it as a career I had a summer position feed These, they look like old fashioned eight track tapes into these IBM tape drives because the company was a mainframe shop. And it's funny how things are circular now with the cloud in some ways, that's almost like a return to mainframe computing, isn't it? Barry Luijbregts 4:16 Yeah, definitely. So you've then been working with the cloud for quite a long time. And you say that you're a generalist and in the cloud, but still because Microsoft Azure is so extremely broad, as in there are developer services, but there is also infrastructure services and everything in between, right? And what do you focus on within Azure? And how do you choose what to focus on? Tim Warner 4:38 Well, in my job at Pluralsight, I'm a full time author. So I have I used to have more flexibility in the subjects that I chose, but I'm more I consider my biggest benefit to the company is that as a generalist, I can kind of pitch in and help if there's a course that maybe nobody wants to cover because it's so knew, I'm happy to jump on those subject. Those subjects. That's kind of how batch processing came onto my workbench. And I've taught a course on messaging services. And those are products that tend to skew out of my infrastructure home. So it was a good opportunity to stretch. I think in general, regardless of whether you're an author or a trainer, if you're looking at Azure as a career, you really have to be committed to always learning. I can't imagine somebody who wants to go into it primarily for financial reasons. And for job security reasons. I would really warn them against unless they really enjoy what they're doing. Because with Azure, you're going to fall behind too quickly. If you're not always actively learning new stuff. Barry Luijbregts 5:47 Yeah, it goes extremely quickly. new services are added all the time and existing services change and new features are added or they get deprecated. So So how do you do that? How do you precisely keep up to date with all those changes. Tim Warner 6:02 You and I have both shared with the community on that subject of staying current with Microsoft Azure. So the first thing I'd recommend your listeners to do is to do a good old Google or Bing search for how to stay current. And they'll find your piece I've presented at some user groups over the last year on that subject. And I'm looking at my browser right now in the Azure architecture center in the cloud adoption framework section. Microsoft itself has a nice article on staying current. Some go to like most important sites that I would recommend that people have bookmarks, or the Azure updates site, which is where I don't know if I guess all the product teams are supposed to post there. I don't know if they all actually do I'd say most. The Azure updates is where you're going to see features that are in private development and then as they come into private preview, public preview in general availability and if you're all dog like myself, In your RSS, you can subscribe to the Azure updates as a feed. There's the Azure service health dashboard within the portal. If anything on Microsoft side is going to affect your services, you can see a personalized view directly on the portal by looking up service health. Let's see I think as your has a top level blog, yeah, Azure dot Microsoft comm forward slash blog. And again, it's up to each product team, how often they post there, but you can keep up to date. And honestly, lastly, as you're working, especially in the Azure portal, pay attention when you're looking through the different blades when you see preview after something Oh, that wasn't here before. I mean, I'm surprised every day and I've, I've talked to enough Microsoft employees and team members that they get surprised too, so don't feel bad as an Azure customer. If sometimes you feel blindsided because I can attest to that I've talked to plenty of full time as your engineer And team members who are also surprised. It's just that fast moving of an ecosystem. Barry Luijbregts 8:06 Right. Yeah, it's, it's crazy. And then you can also use the preview portal right? So preview? Yes. portal.azure.com. Tim Warner 8:14 Very good. Yep, definitely, of course, there's the provision or previz or warning, whatever you want to say that, depending as a general rule, features that are in public preview don't have a support service level agreement attached to them. Sometimes Microsoft will make an exception for that. But generally speaking, when you see preview after a service, consider that to be dev test and not prod. Barry Luijbregts 8:41 Yeah, right. So when do you consider a service for learning a deeper as in, they might be in private preview or in public preview and generally available? Do you only dive in when they are generally available or already when they might be in preview? Tim Warner 8:57 When I work with customers, I really am pretty concerned. About that, because of the first of all, I'll dig with them to make sure that a team is not offering a service level agreement or any kind of support when a feature is in public preview. An exception to that is Azure migrate, they were doing production support even when the server migration pieces were in public preview, as a plural site, and author, as a policy Pluralsight. And our agreement with Microsoft, we do not cover public preview features simply due to their volatility. I mean, we're already on a six month review cycle, we revisit our training courses every six months and make any changes as appropriate. It would just be too much management overhead if we included public preview features. So I tend to get into public preview features just personally as a professional development thing more than anything else. So I have a leg up to be helpful when the feature gets closer to general available. Barry Luijbregts 10:01 Yeah, yeah, the same same for me as well. Plus, I, after a couple of years of doing this, then you get kind of a sense of where things are going and if a public preview feature is going to stick, or that it might just be something fun to, to experiment with. Tim Warner 10:18 Isn't that something? Yeah, I mean, Asher blueprints is a service that I like quite a bit. It's been in preview public preview, seemingly forever. It's been in preview so long that Microsoft worldwide learning actually includes blueprints on many of the Azure certification exams so that we were joking about that just yesterday when I was chatting with them about that. Supposedly blueprints is gone is gonna go generally available someday. And then other features like as your Bastion and this is just my own personal opinion, I think they went ga on that too quickly. They announced it as a generally available service at Ignite last year. And it still is nice as Bastion, as it has some very significant limitations that I know for a fact are preventing many businesses from adopting it. Barry Luijbregts 11:05 Yeah, I guess many of these things are dependent on marketing efforts, whatever, internal goals and targets to companies. Sure. Tim Warner 11:15 Yeah. I mean, it's human, you know, human, these companies are run by fallible human beings. And when you've got a company as enormous as Microsoft, like you said, You've got all these different groups, it's a wonder that they can ship any software. Barry Luijbregts 11:32 Yeah, absolutely. So when you then go through the lists of updates and new services and things that changed, how do you do that? Do you do that once a day or every week? Or do you do you develop healthy habits around that? Tim Warner 11:50 I don't have a habit of for instance, looking in the Azure updates, but I do have a habit of reading the tech news each day. I just use Google News is my news reader and I have alerts on Azure and Microsoft and this kind of thing. And I have my Twitter feed I checked that several times a day and because I'm connected to a lot of Azure people yourself absolutely included I'm able to get a heads up on on things probably that way more directly than anything else. And once I get a heads up on on a feature service, then I'm inspired to check the documentation and see if there's anything in there look up on the Azure updates page see like you said, the preview portal dot Azure calm if it's surfaced in there, etc, etc. Barry Luijbregts 12:39 Yeah, I do. I do the same thing as well. I create my little internet bubble of like minded people that talk about Azure, for instance, in Twitter and put them on a list and then I can can just keep up to date. Yeah. So once you've selected something like you know about a new surface that you might need to make a course for Pluralsight about how do you go about learning something new like that? Tim Warner 13:04 That's a fun question. Because I'm really I consider myself a born learner, which means that I'm extra happy and Azure. And also the fact that I am one of those folks who has multiple learning preferences. I mean, some people are more visual, some people are more listening and conversational. I'm grateful that I can adapt to all of it pretty much. If it's a brand new thing for me. Then I'm going to start by just drinking from the fire hose in as many different ways as I can. I'm going to use computer based training, and listen and pay attention to what the instructors are saying. I'm going to see if Scott hanselman talk to any engineering team members on Azure Friday. I'm going to look for blog posts. I'm going to just try to like I said drink from the fire hose to get over That initial hump, that initial learning curve, that's the toughest to get over. I'm also going to be reaching out to colleagues, professional colleagues and friends who are already expert in that technology. And I know I've reached a good point when I'm able to talk intelligently and discuss the subject with people who do it for a living, then I know I've reached that point where I'm over that initial hump, and I'm ready to go to the next level. It's Um, okay, I hope that was helpful. Barry Luijbregts 14:32 Yeah, definitely. And then, do you then also use it in a real world scenario? Tim Warner 14:39 Not everything. But mostly, what's cool about Azure is that it kind of reminds me of a magnet that's picking up metal shavings. It starts collect door a snowball rolling downhill, as my skill set with Azure expands and expands then yes, in my consulting real world life that I Have, I'm able to add those in matter of fact, I've picked up some AI some Azure AI skills over the last year. So I'm going to finally have a chance to flex my muscles on that and a consulting engagement pretty soon. So yeah, definitely as, as I pick up these skills, it's important that I actually apply them in the real world. I don't have a lot of time for consulting. But it's crucial. Like you said, Barry, because there's theory. And there's practice. And the real world practice is quite a bit messier than what you see in a typical Pluralsight lesson. Barry Luijbregts 15:38 Yeah, absolutely. You know, I also create PluralSight courses and they get the chance to edit everything out and things look a bit smoother than they are in the real world. And also, when you actually start working with something, then you get to find out what all the bugs and hurdles and little things are that you don't read about in the documentation. Tim Warner 16:01 Yeah, exactly. There's nothing like feedback expand, it doesn't have to even be me working necessarily. A large part of my professional development is talking shop with people who do this work full time in the field. And by I can capitalize and really leverage their experience and add it to my own. I'm grateful for this as your thing because I remember I've struggled over the entire time I've been in the industry, between the practical hands on experience and then being a credible instructor. And it used to be a lot harder before the cloud to the point where literally, I would work full time as an instructor for a few years, then I'd go out into the industry for a few years, then I'd go back and forth. It's kind of jarring. Now with the cloud, I'm actually able to do both I'm able to do what I love teaching and writing and transferring now But I still from the comfort of the same office that I teach from, I can do real Azure work with customers. It's a beautiful thing to be able to do both of those things simultaneously. Barry Luijbregts 17:13 I have to say my same experience. Absolutely. Yeah. And, you know, there are people that are, let's say, full time authors, they create books and PluralSight courses and other things online. But I do think that you, you need to keep consulting and working in the real world. Otherwise, you don't know if what you're teaching actually works in the real world and how we write and how it affects real customers and real solutions. Tim Warner 17:38 Oh, it's invaluable to the point where, and I think this conversation is really spring, a lot of gratitude in me that I have that because I'm thinking about when I'm teaching and how I'm always thinking of use cases and real practical scenarios and I'm grateful that I can rattle those off because I do have that side. To my skill set. Barry Luijbregts 18:02 So you also have a YouTube channel with a lot of videos on there and also a lot of videos about Azure certifications on there. What do you think of as your certification? And should people take those? Tim Warner 18:18 So long story short, I'd say is Yeah, yes. And some reasons for Azure certifications are number one, it's going to be a differentiator for you in the job market. I've heard some people make the counter argument app. certs are a waste of time all they're good for us to get you past the first step of an interview process the human resources. And I'm like, yeah, that's legitimate. Right? And if you have the cert, you may get past that first step, whereas several other people who don't have the cert don't get past that first step. Another thing is, especially nowadays, the way that these badges work, they're validated very much like SSL TLS certificate. Tickets are. So instead of just claiming that you have this certification, you can actually share it in a way that's validated directly by Microsoft. And third, if nothing else, studying for these certs is a great excuse for making sure that you're current with modern Azure practices because all of these role based certifications, the skills in there are the fruit of job task analysis, or JTA. Is that Microsoft conducted with practitioners. So it's not just speaks to what we were talking about earlier, Barry, how is Asher actually used in the world not just some ivory tower theoretical thing? Barry Luijbregts 19:42 And what would you say to the argument that there might be a lot of people that cheat on these certifications as they download the answers from from the internet or pirate sites and just cheat and then they have the certification and can get into jobs relatively easily? Tim Warner 19:59 Yeah. The brain dump problem has been a problem since the very beginning. The words of the great William Shakespeare come to mind to thine own self be true, really, by using these short circuits. Ultimately you have to do the job, you'd either know how to do the job or you're not. And again, I think of Shakespeare, the truth will out, in my experience, people who rely upon the brain dumps as a way to short circuit certification and get into a job. Eventually, if they're out if they are actually weak in the skills, it's evident. And you know, what typically happens in that scenario? Not always, but I would say most of the time. Above all else, what I find most concerning about the brain dump situation is how normalized they seem to be to the point where many people I've observed. I don't I think that they genuinely don't understand that using these is a breach of the non disclosure agreement. You sign with Microsoft, there are people that believe that they're just these brain dumps, which are thefts of the actual intellectual property of the exams are just as legitimate as, say, a measure up practice tests. So I want to Yeah, educate to the point that no these brain dumps are actually stolen exam content. And by using them, you are in fact, violating your NDA with Microsoft and I have seen people permanently decertified from the program, if Microsoft learns that you've used them. So I would suggest strongly go with legitimate practice exam exam software. Barry Luijbregts 21:39 Oh, that's great. Actually, that that happens. I didn't know that Microsoft penalize people that found that out. Oh, yeah. That's great. Yeah. Because, you know, I know that a lot of people use these brain dumps and then that negates the value of the certifications. Tim Warner 21:57 Yeah, you know, I mean, I understand Your point because if somebody cheats to get in a position, and I don't get the position because of that person, I mean, there's I understand that grievance for sure. I just need to make sure that I'm doing the right thing, because the only person I have control over is myself. And I want to make sure I have a clean conscience as I go forward. Barry Luijbregts 22:20 So what is a good certification to get started with? Like, if you're going to get started in Azure as an infrastructure person or a developer? What would you start with? Tim Warner 22:31 Yeah, I get asked that question a lot. In fact, somebody sent me a DM on Twitter just last night saying, I'm a dotnet developer. And for whatever reason, he or she didn't say why, but they need to get certified. And my answer was, well, I don't know you. But top of my head, if you're a full time developer, the most closely aligned certification would be the Azure. So as your developer role, the library of these certifications is aligned to job roles. It used to be that there was just one One certification for all of Asher, which now is kind of laughable when you think about it. But now we've got this entire portfolio of certifications that aligned to roles. So if you are an infrastructure professional, there's the Azure administrator. There's one, there's a associate cert for security engineer. There's AI data platform, Microsoft 365. There's the introduction as your fundamentals, which is, I think, a great skill set. The what's neat about the Azure fundamentals or the az 900, is that it's not intended wholly for protect people. It's intended for even non technical people like sales or marketing people who may work for a company that's in the cloud, and they need to know the vocabulary, so don't discount as your fundamentals. Barry Luijbregts 23:53 Oh, right. I didn't know that. That was also a target audience. That's good to know. So how are we And prepare for one of these things. It's been ages since I've taken an exam. And when I did it, I used these very big Microsoft press books, exam prep things. I don't know, 500 pages or something. Yeah, I just crammed that way. How do people do it nowadays? Tim Warner 24:17 Those books, Microsoft press still makes the exam rafts, and those are good because they are aligned exactly to the exam objectives. But the the issue with any print book seems to me is that it's almost impossible to keep pace because as your changes so often, and Microsoft worldwide learning revisits the exams every two months, and revisits each certification program every year. So, in terms of prep, you're going to have to go with a more agile approach. Microsoft learn is an excellent place especially for Azure fundamentals. They have a learning path, it's totally free. That covers all of the objectives of course, At Pluralsight what's cool about the Pluralsight Microsoft partnership is that you don't even have to be a Pluralsight subscriber, a paying subscriber to take advantage of a whole bunch of courses Barry or any of your Azure courses in the free partnership. Do you know? Barry Luijbregts 25:16 Yes, a couple of them. I'm not sure which one I think the as your what to use when is one? Oh, yeah. Tim Warner 25:24 Yeah, I mean, a lot of this, like we were talking about earlier depends upon what your preferred learning style is. If you're more of a book reader, instead of looking for a print book, I would suggest you go certainly to the Azure docs but also Microsoft learn, because there you're going to get the most current readable material on Azure computer based training. Obviously, there's Pluralsight. And there's other computer based vendors that I personally like a lot. I like Linux Academy and cloud Academy behind that. Let me see experientially hands on is definitely important. What's Cool about Microsoft learn as well as that they have a whole bunch of hands on labs that give you free access to the Azure portal and Microsoft subscription. So you can do development administrator data, work, whatever, all without using any of your own money or subscription credits. Pluralsight also eventually will have cloud labs for both Azure and AWS. They're currently under development now. Oh, sorry, beget Barry. Last part. There's the theory. There's the hands on but then don't forget about practice exams. Like you said, Barry, especially people who have never taken a Microsoft exam before it's been years. I've seen students get blindsided because they're coming in with lots of knowledge, lots of practical experience, but because they're not accustomed to going through case studies, and different types of interactive items where you're using your mouse. This is the real value of the practice exam to give you confidence and how many Microsoft will evaluate your knowledge. Barry Luijbregts 27:03 So are these Practice Exams exactly what the exam are like?. Tim Warner 27:11 In the case of measure up, it's pretty close measure up is Microsoft's official practice test provider. And those Practice Exams are very similar in length, content and format to the live exam. Of course, you can't use Word for word, but it's pretty close. Then up besides measure up the other company I personally recommend is called whiz labs. And their practice exams are close in content, but not really for format. They don't have all of the different item types that measure up does. And that's kind of a weakness maybe with labs will evolve that over time, but either of those companies in my experience will do a good job of getting you into the frame of mind to clear the live exam when you're ready to take it. Barry Luijbregts 27:57 Alright, that's good. So Becca I took the exams and by the way, I don't take any of these exams currently because it just doesn't fit with my business model anymore as I don't need them at the moment. Yeah, but back when I did it, I needed to go physically to an office of fingers Pearson VUE and then sit behind a computer which was monitored and with cameras and everything should it could make sure that I didn't cheat and then take the exam. Is that still the case? Or can people do it differently especially in these times? Tim Warner 28:33 Pearson VUE is still Microsoft's exam provider. Until the COVID pandemic. Yes, the Pearson VUE testing centers were the way to go. I'm not sure. I guess it depends where you are in on Earth, whether Pearson VUE have begun opening their doors, but I'm really grateful to report that the online testing has evolved to be a really great solution over the last few months since this pandemic Started, I've taken probably a dozen Azure exams using the Pearson VUE online testing format. And it's so good and so reliable and so resilient that I don't plan ever again to go to a testing center. It's so convenient to be able to take these exams from your home or office. Barry Luijbregts 29:19 And then how do they check the cheating, Tim Warner 29:21 the Pearson VUE testing software runs on Windows and Mac, it's called on view. And it's a secure application that has to be the only foreground app running on your system. So the app itself is really resilient and has a lot of security built into it directly. For example, I've used the Pearson VUE software to test on both Mac OS and Windows and it on my Mac, it wouldn't let me go into the exam until I stopped a background process I was using a keyboard shortcut utility. So it does this system this check of all the processes that are running On your system to make sure that only it and the bare OS processes are alive, really impressive. The other aspects of exam security are that you have to be on a computer that's equipped with a webcam I find and I suggest you use a laptop. And a microphone has to be enabled on the webcam as well because that's how you interact with a live Proctor. The live Proctor comes over your speakers. And one time the proctor asked me to swivel my laptop 360 degrees so he could see my room. You do take as part of the preliminary check. You use your cell phone to take pictures of your work environment. You take four pictures, one facing your computer one away, one to the left and one to the right. You have to take a picture of yourself. You take a picture of your ID front and back. So it's pretty nice. It doesn't take that long. To do the check period, I would estimate takes about five minutes total. And if you're in a room that's already pretty distraction free that is, I like to do it almost in a closet, take my laptop into a small closet. You can do it on your office desk, but you want to turn off any additional monitors besides your primary, and you'll want to make sure that your desk is cleared of everything except your keyboard and your mouse. Like I said, the proctor will come online and ask for clarification if there's any situation. So, and then lastly, I'll say that the exam experience is really resilient. I haven't had any crashes this year. A few years ago, when I used the Pearson VUE, I did have a crash during the exam session. But I was able to restart the application I got connected to another Proctor and they were able to bring back my session just like it was before so I don't know exactly what kind of checkpointing they put in but it's pretty good. Good. I've never heard of anybody losing an exam session yet. Fingers crossed. Barry Luijbregts 32:05 Wow. That's very impressive. That's that's come a long way since I've used it. Tim Warner 32:08 They really have. I give Pearson VUE, lots of props. They obviously put a lot of engineering effort into that on view client. It's great. Barry Luijbregts 32:19 All right, that's great. So we've discussed a lot of things that you can use to keep up with Azure and to learn as in there is blogs, there is Twitter, there is videos, there are also certifications that you can take that help you to keep up because then requires you to learn. And then you can also show that you actually know what you're talking about. And then as a final point, I sometimes also go to conferences and local meetups to keep up. And I believe that you're also a user group organizer, is that right? Tim Warner 32:52 That's right. I'm an organizer of the Nashville Microsoft Azure Users Group here in Nashville, Tennessee. Barry Luijbregts 33:00 So people can come to your user group as well to learn and keep up to date. Tim Warner 33:05 Yeah, exactly. It's I admire every single person who participates in a user group, because by definition, they're willing to learn. And that's always near and dear to me. I'm glad that we're closing on this human factor because it is crucial. I mean, as much as these online resources can be helpful, there's nothing like hearing about something from another human being, like you say, conference, a user group. And I would say to your listeners, if they're not already plugged into meetup calm that's, in my experience, the central place to look for Microsoft Azure user groups. And one nice thing I guess about this pandemic is that most user groups have converted to an online format, which means that you're not limited by geographic area. You can present or just participate at an Azure user group anywhere on Earth. Those are great opportunities for learning new stuff, not just from the presenter, but from other people who pipe in with their own experience. And these user groups are a great place to get hooked up with technical recruiters. Obviously, technical recruiters are going to be swarming around user groups to look for job candidates. It's really a win win situation. Barry Luijbregts 34:25 Yeah, absolutely. And I think the same now goes for conferences, as well as most conferences have moved online. Some are even free now. So you can just log on to them and just learn. Tim Warner 34:38 Isn't that something? It's amazing how the world is shifting as a result of the pandemic technical conferences. Look what Microsoft did with build recently. Barry Luijbregts 34:47 Oh, yeah, yeah, absolutely. Tim Warner 34:50 And my wife told me last night that AMC which is a major movie, movie theater chain here in the states is going To a rental model, where instead of going to a physical movie theater, you can stream movies from their website or from their app. I'm like, good for them for shifting. Barry Luijbregts 35:11 Really? That is amazing. Tim Warner 35:13 Isn't that something? Barry Luijbregts 35:15 Yeah, you know, some good came out of this. Yeah. So horrible thing, obviously. But, you know, some good came out of this as in companies need to transform their business models and set and they're doing it is incredible. Tim Warner 35:28 Yeah. And look at you in this podcast, you're transforming as well. Congratulations. Barry Luijbregts 35:35 Isn't it funny, you know, you just record something, put it out there and people can listen wherever they are. Tim Warner 35:40 Yeah, it is. It's wonderful. Barry Luijbregts 35:42 All right. So what are you working on currently and what can we expect from you next? Tim Warner 35:49 Okay, um, let me see. I've got four courses in the Azure Pluralsight partnership right now that I'm updating. Yeah, we're on the it seems like once we finish a six month review cycle, it's time for the next one. But you know, it's a good thing. I'm happy. So I've finished patching a bunch of courses. I don't even remember what they were on. It's kind of a blur. But that that's been my full time stuff. And I've been enjoying posting to my YouTube channel. You mentioned my YouTube channel, I've been posting these little nugget videos about 10 minutes each covering each objective from the Azure fundamentals, az 900 blueprint that's been a lot of fun. That skill sets a lot of fun to talk about and to teach. And it's gotten good reception from people Barry Luijbregts 36:34 That is great content. We will link to that in the show notes. Great, and to all the other things as well that we talked about today. Thank you very much, Tim, for being on, and we'll see you next week.
36 minutes | 5 months ago
Managing a Successful Open-source Project With Dennis Doomen
35 minutes | 5 months ago
How to Troubleshoot Like a Pro with Don Jones
Don Jones has been in the IT industry since the mid-1990s, and in that time has written dozens of technology books. These days, he's shifted focus to books on business, self-improvement, and even fiction, along with books that are accessible to a wider, non-tech audience. You can find the whole collection at donjones.com/books, including top sellers like Be the Master, Let's Talk Business, and How to Find a Wolf in Siberia. Show resources:Books by Don JonesDon Jones on TwitterFull transcript:Barry Luijbregts 0:17 Welcome to another developer weekly. This week, I'm talking with Don Jones about troubleshooting. Don Jones has been in the IT industry since the mid 90s. And in that time, has written dozens of technology books. These days, he shifted focus to books on business, self improvement, and even fiction, along with books that are accessible to a wider non tech audience. You can find the whole collection at dawn jones.com slash books, including top sellers, like be the monster. Let's talk business and how to find a wolf in Siberia. Welcome to the show, Don. Thanks for having me. Good to be here. Yeah, thank you very much for taking the time. As I know, you're a busy man. So today, I want to talk with you about troubleshooting. So, I followed you online for a while. I like your content. And I've met you a couple times at pro site events. But I've only recently just discovered that you actually have some books. And I've read a couple of them, including how to find a wolf in Siberia about troubleshooting. So this book is short, and it's practical, and I liked it. Can you tell me what it is and why you wrote it?Don Jones 1:32 Yeah, so I guess the why first I, I kept running into people who, you know, said I wish I had better troubleshooting skills or someone needs to do a course on how to do better troubleshooting. And I thought, you know, there's got to be something like that. I mean, that the tech industry is feels like it's 98% troubleshooting half the time. And there is a website and there's a fellow who's who's written some books and stuff, and I dug into it because if somebody's already done something, I'd rather recommend that but I think kind of struggled to get through it. And I thought it could have been more of a story, story based thing, just like help people get context. So we started really thinking about it. I talked to a lot of folks to get some different perspectives. And I remembered way back in the day when I was speaking for the experts conference in Arizona, the the CTO of net Pro, which ran the event at the time, did this little talk and he said, You know, there's this phrase, how do you find a wolf in Siberia? Well, you build a wolf proof fence. And he kind of expanded on that. And it made such a good high level analogy that it's stuck with me. It took me a long time actually, when I wrote the book, I did not know where that originated. It originally came from, how do you find a wolf in Alaska, but Siberia is bigger. So it sounds more impressive. And it was such a good analogy that that I wanted to kind of make that the theme for the book and I guess the book is is not about it's obviously I'm not going to make you an expert and everything. But the kind of the point of the book is that you don't have to be an expert in things. There's a process and a methodology. And if you follow that, and if you really stick with it, and you follow it religiously, every single time you need to troubleshoot something, it will get you through now, but it doesn't mean you're not going to have to learn some things, right? If If something's broken, that you don't know anything about that part of the process, is identifying the minimum amount you need to actually solve the problem. So it tries to take troubleshooting from being this this huge vague, this thing is broken. I don't know what to do, and giving you a place in your mind to always start fromBarry Luijbregts 3:45 right, yeah, because troubleshooting can be very daunting at times. Yeah, I'm, I'm a developer. And I think most of my time actually, I spent on troubleshooting. You know, I typed some text into Visual Studio or something. Then I press f5 and my application starts running and it doesn't do what I want. And so I start troubleshooting, why that is I fix it, and I do it all over again. So even in the development cycle when it's not even in production, I I'm troubleshooting, maybe 60 70% of the time.Don Jones 4:16 Yeah. And that's really common for for most trades, honestly, I think developers have a slightly easier in that, you can see your entire system in front of you. Like if you want to take the time, you can walk through line by line and figure things out. But I mean, any modern developer, you're also using these enormous libraries that you didn't write, and they're kind of black boxes. And if you're not interacting with it, or if maybe it's broken, then those troubleshooting skills, you know, really start to come into play.Barry Luijbregts 4:50 Yeah, absolutely. So, as a developer, you know, I think I'm a pretty good troubleshooter. And I think developers are good troubleshooters. But in the book, You say that there aren't aren't any natural troubleshooters. As in, there aren't people that are born troubleshooters? Nope. Why do you think that is?Don Jones 5:09 Well, part of it is because the human brain evolved around a correlation causation model. You know, we, we see something happen, and we look at what happened around it. And we try to assume that that's cause. And so when we troubleshoot things, we tend to try and rely on that model. It means if we've got no correlations, then it's sometimes difficult for us to figure out cause. Another thing we do, kind of as a default, is okay, if it was working yesterday, but it's not working today, then something must have changed. And so all I have to do is figure out what changed. And that's that's nominally true. But going into figuring out what changed can be hard. I mean, depending on what type of system you're working with, you know, if you're, if you're troubleshooting something in your car, Like, what changed? How do you actually go figure out what change? And because that's such a default condition for people's brains to fall into, instead of troubleshooting the problem, we go off on this tangent of trying to inventory all the things that changed. And that's not always super helpful. Like, look, sometimes that's a valid troubleshooting step to be sure, but it can't be your first step. And I think it's it's one of the reasons is that science itself, like the idea of stating a hypothesis, and then setting out to prove that hypothesis, and making sure that the hypothesis is disprovable in the first place. Those are not natural things that that come to us. And so it tends to mean we're not natural troubleshooters. Because troubleshooting really does have to be kind of a scientific process. You know, you'll you'll see people all the time. Maybe an outlet in the house isn't working. And so they'll run to the circuit breaker panel and just start flipping switches on and off. You're like, well, that's That's not troubleshooting. You're, you're just throwing spaghetti at the wall. Like, let's put some science into this. I posit that this circuit breaker is the problem. And here's my reasoning for that. And so I'm going to conduct a test to see if my reasoning is correct. And if it isn't, then that also needs to lead me in another direction. So to take the wolf analogy, if you told someone go find a wolf in Siberia, they'd maybe fly up a helicopter and start doing a search grid of some kind, right? And that's kind of that random idea of just throwing every circuit breaker to see if that was the problem. It's not actually troubleshooting the answer to how do you find a wolf in Siberia, you build a wolf proof fence down half of the country. And you then eliminate one side or the other. It doesn't matter which you eliminate first. But by eliminating that you are not only removing a potential location for the wolf, you are directing yourself to a potential location for the wolf Right. So you're, you're creating a positive outcome one way or another. It's It's like when a lot of people who aren't super familiar with networking will try to troubleshoot, you know, Oh, I can't reach the internet. Oh, it you know, it must be the router. I'll unplug the router and plug it back in. Okay, well, if it wasn't the router, you're right back where you began, that test did not put you on one side of the fence or the other. It just randomly eliminated one of many possible conditions. And now you don't necessarily have a next step. So that's what troubleshooting was really all about, for me is a process by which you're testing things, and the outcome leads you in one direction or another. It doesn't just leave you standing back where you started.Barry Luijbregts 8:44 Right. So this all that sounds like a very comprehensive approach. So let me just try to see if I understand this, because I heard a couple of troubleshooting techniques here. For instance, seeing what's changed can be a step in the troubleshooting technique, right? Yeah, absolutely. It's as a developer, it's something I reach for very quickly, because something must have changed in the code or something, right? If something breaks, that's my, my initial response with might not be a good to troubleshooting response.Don Jones 9:19 So, yeah, a lot of developers do this. I think they do. And it actually isn't a great troubleshooting response. It can seem that way. Because as a developer, in theory, you have control over your whole system. But let's take a really simple classic example of someone who's constructing a SQL query. And they're, they're maybe not doing the right thing. And they're, they're, they're assembling strings together. And they are now working with a maybe maybe they've gotten past development and they moved into production. And now things have broken. Well, okay, what what changed? As far as your code is concerned, maybe nothing changed. But maybe now your test data set or your production data set has a last name like oh dual that has a single quotation mark. And because you were building the queries the way you were, then you broke it. So your, your problem was always there, you just didn't have a broad enough test set to detect it in your code when you're in development. And so asking yourself, What changed? I mean, the only thing that changed is you move from a dev environment into a production environment. That's a lot of things that potentially changed. And so if you just start running down the list of what changed, you're not actually going to solve the problem.Barry Luijbregts 10:28 Exactly. And that's, that's the the limited mindset that I find myself a lot in as a developer, because the world in which my application runs is very big with a lot of variables and parameters that that can change.Don Jones 10:42 Yeah, yeah. And so you really have to take the approach of, okay, where could the problem be? And what can I do to definitively eliminate at least one possible choice? And right, you know, that's where you you get into debugging And you know, in the case of code, you might set some breakpoints and set some monitors, so that you can actually see the data, you know, you might, you might construct your SQL query into a variable so that you can sit there and read that thing. And that's valid. And a lot of developers will do that very naturally. And I think they don't give themselves credit. Because you are actually by doing that simply by putting the query into a variable and setting a watch on it, you are implicitly declaring a theory, my theory is that something in the query is messed up. And so I am going to conduct a test that will eliminate or confirm that. So you set the watch, you could either then just look at the query visually, or what a lot of people will do is copy it to the clipboard and then go into a tool where they can run just that query with some hard coded values in it. And and they're therefore sorry, therefore, they are eliminating or confirming their theory. And if you found out that, oh, I never factored for that particular data type, then you have confirmed your theory that that's where the problem was. But regardless, you're sending yourself in a direction. If the query ran standalone outside of your app, then you know that it's not the query. It's it's the next line of code or the next line that's doing it. So it gives you a direction to go next.Barry Luijbregts 12:21 And that's kind of the building the wolf proof fence, right? Yes, in you're splitting up the application or the problem domain into smaller and smaller pieces until you finally have the piece that it must be in. And there you can then define your thesis of what it could be, and disprove or prove it.Don Jones 12:42 Yeah, it's funny. It's tough to do now because our applications are so big and so complex. And even if you're breaking something down into microservices, there's just so many things. But some of my first programming experience was in the RPG language on an es 400. And it was right relatively common to create domain gates between chunks of code. So I worked for a retailer. And we had a distribution center and one of our most complicated sets of code was designed to look at the physical dimensions of the products we had to ship, and then figure out how many of them could go into a given carton to be handed off to ups. So a lot of very complicated math and geometry going on. And that was broken into about eight or nine domain gates, so that you could take any one domain, it's almost like writing a function where you know exactly what data is going in. And data can only get out in a certain way. And so you would you could validate each of those individually it for RPG, it was kind of a precursor to what anybody today which is called good modular programming. But by doing that by really breaking things down as you code into the smallest human possible pieces, you eliminate the number of times places that you might have to declare a theory. So you've got these these strong walls and scopes between all these different data domains, and functional domains. So when something does break, you can declare a theory and easily build your wolf proof fence around that because by nature of modular programming, it's already a wolf proof fence. It's one of the reasons, you know, experienced developers hate it when people use global scopes and things like that, because now your fence has to be so much larger. And if you could, you could, you know, ratchet that down to a smaller area. So there are some design techniques, especially encoding that can make troubleshooting easier, but it really does get down to that, break it down into the smallest bit possible and then verify that bit.Barry Luijbregts 14:43 Yeah, I like this analogy a lot to the wolf proof fence because it applies so much to what we do as developers as well. You know, sometimes when I'm really stuck with a bug or an issue in code, then I just start to and I know that it's in in One class, for instance, I know it's somewhere there, or in one page, I just start to comment out stuff, just comment out code and see, well, was this it? No. Was this it? No, yeah. Was this it? No, well, then it must be in this piece right here, what it is, how much of this before it breaks? Exactly, exactly. Or just take it all out, and then create the most minimal possible application that can run that particular piece of code, and see if it still works within that different environment of clean application without all the plumbing around it. It sometimes works for me, too.Don Jones 15:36 Yeah. And I think a lot of people, you know, if you extend that technique to a design level, then it's possible to run a page with these 20 lines commented out, then maybe they should be a standalone function somewhere else. And that way, exactly. That way you can bring them down and write yourself a little test harness to just call that one function. And that's that's also really where unit testing became such a strong thing is because it helps you build a wall around a certain section of code and verify that that code is doing exactly what you thought it was. And it's almost kind of an automated pre troubleshooting step those unit tests.Barry Luijbregts 16:17 Right? Yeah, absolutely. You know, I really don't like creating unit tests. Anybody else? Know, but it's just it's part of the deal. You know, you just need to do it. Because if you don't, I have had so many times where I didn't write a unit test, and I change something somewhere else in the application unrelated and then something broke something that was working. Yeah. And when exactly I would have if I would have written a unit test for that. I would have seen that it broken and I would have changed my behavior and my code. Yep. Okay, so, we have a technique that is finding out what changed can be a technique in some cases. is obviously building the wolf proof fence, and thereby eliminating certain parts of the problem domain, which is a very powerful one. And then we were talking about devising theories of what could be wrong. And now, in the book, you've talked about the scientific method. Yeah. Which I think this is about. Can you elaborate what that actually is the scientific method?Don Jones 17:24 Yes. So the scientific method is, is an idea that you state a theory for something that you think might be true. And then you create experiments to definitively prove or disprove that and that's, that's where a lot of people get messed up. It's not if I run this test, it will tell me if it works. If you run the test, it needs to tell you it works, or it does not work like it has to confirm one or the other. It can't just be open ended. I have a big one. lamp in my office and one bulb and it was flickering uncontrollably. So I don't know is this a loose wire in the lamp itself? That was one theory is the bulb itself just going bad? That's another theory. I can unscrew the bulb and I can put a new one in there. And it depends on how you state your theory right when you state a theory you have to make sure it is provable and disprovable. So let's say my theory was the light bulb is bad. I pull the light bulb out. I don't really have another way to test that I don't have another lamp in my office. So I put a different light bulb into the lamp and that one works. Okay, technically I fixed my problem. But I still haven't confirmed if the light bulb I removed is actually broken or not. I can still theorize that it is I mean after all the new bulb works but I would need to screw that old light bulb into a different fixture and see if it is still flickering there. If it is There, then I've proven the bulb is broken. So it's really easy to get into the idea of, Oh, I just want to test this and get the problem fixed. But really, you want to get yourself in a mindset of I'm going to do tests that prove or disprove what I think is broken, because that way you're you don't have to come back to that again. You know, it's, it's, it's the person who takes the flickering light bulb, unscrews, it puts it up on the shelf, gets a new light bulb screws it in, sees that it's working. Okay, but leaves that potentially busted bulb still on the shelf, like you never finished all the tests.Barry Luijbregts 19:37 So yeah, that that is then the scientific methods. Yeah. And that's another technique that can help you to troubleshoot.Don Jones 19:43 Yeah, and, and that's the big one, and that's why we say we want a wolf proof fence. So if I test a thing, then I have either proven or disproven a theory and that will lead me on to other theories, but it needs to be self contained. Right, I couldn't, I couldn't unscrew the light bulb, and then screw another one. And I've brought too many factors in here. Now, you know, what if the new bulb still flickers, I actually haven't proven anything. I've kind of wasted my time. It could be another broken bulb. It could be the lamps still. I didn't disprove anything. And so I'm now going to spend more time coming up with a real test. Right? Barry Luijbregts 20:27 And then those tests are also should just test one thing, right? It is very important to control your variables.Don Jones 20:35 Yeah. And that's, that's another piece of the scientific method is that you have to clearly state what your theory is. And then clearly state what you are testing. You know, it's not enough to say I can't get to the internet. All right, I'm just going to go you know, flip the circuit breaker for the whole house back and forth. Wow. Like you're testing a whole bunch of things right there. And it's very time consuming to test at that level. It would make sense A lot more sense to test Five little things. Because if each of those can definitively eliminate a potential cause of the problem, but you know, if you turn the circuit breaker back off and back on again, you rebooted the whole house, and it still doesn't work. Like now you're right back where you began.Barry Luijbregts 21:17 Right. Plus, if it worked, then you didn't know why you fixed it. So you didn't know the actual root cause?Don Jones 21:24 Yeah, because you've rebooted your computer, you've rebooted your cable modem, you've rebooted your Wi Fi access point, like, You changed several different things all at once. And so if it happens again, you still don't actually know what the problem was.Barry Luijbregts 21:39 Exactly. So that's a very important thing as well. So I once worked on an application that had some mathematical equations. And I didn't really understand what the equations did, but I knew what went in them and what the outcome would be of them. So I had this sheet and I just would program these equations. into the application, I would put the input in, and then the outputs would show and everything would be fine. But except one of these equations just didn't work for me. Whatever I put in them, the outcome was never correct. So I started troubleshooting. As in, I started to tweak the equation, where I didn't really know what it did. But at some point, it worked for me with multiple types of inputs. I just got the correct outputs out there. But I didn't really know what changed. And the trouble with that was like three months after, when I was working on something else, it actually did break because somebody inputted something that I didn't foresee. And the equation was actually not correct yet. But I thought it was, but I just didn't know the root cause and so I couldn't actually test if I actually fixed the issue. Don Jones 22:56 So that's yeah, important. It is and most of us In all of life, we deal with black boxes. You know, we deal with a lot of things that we don't necessarily know what's going on inside your, your microwave, your Wi Fi router, your television. So the idea is in troubleshooting is to get to the smallest black box possible, like eliminate as many of them as you can. Like, I realized that television is a very complicated device. But I can only troubleshoot to the entire TV, I can't crack it open and have the ability to test the individual circuits inside of it. So what I'm going to do is maybe test it with a couple of different devices to see if the device is the problem. I want to get it down to as few black boxes as possible. So maybe I'm going to disconnect every single HDMI cable and just see if the TV by itself works with nothing attached to it but power. Because if that does, well that's my wolf proof fence. I now know that the TV as a black box is probably fine. Maybe it's my Roku box, or my blu ray player or something else. And now I can start building fences around each of those and testing them, even though I can't fix them inside. My solution just might be, oh, I've got to go get a new blu ray player. But I took it down to that smallest black box level.Barry Luijbregts 24:19 Right. For you for your level of knowledge of the problems of permeability. Yeah. So in it, what we often get is when the support department, they just give us a bug, or an issue from a user, that might be a bit vague, might be like, something went wrong, basically with almost no info. What happened to me a lot is that I get these bugs and issues and I couldn't really reproduce them, not on my machine and not even on the test environment and not even in production. These are the so called no repo bugs. What do you do in that case? Because it's actually Something that a user experiences, but I can't really test it. Don Jones 25:07 You're, you're you're kind of just on the first step, what you've done there is, you've, you've built a wolf proof fence, but you've got to be really clear about what it contains. It contains this particular dev or test system. It includes this particular set of data. And so you write down what those assumptions were what is inside that fence, then you need to probably go to the users machine and see how many of those assumptions are true there. Does it still work? I'm going to use the same set of test data does it work when I use the same process? And that's where you'll often find out that you weren't really building the wolf proof fence. You thought you are the users like oh, no, I have caps off caps lock on all the time. Ah, okay. I didn't take that into account. And so my fence had an opening I need to, you know, include that in there now. So it's it's really about understanding the environment. It's in a good analogy, you know, to go back to the wolf is the title of the wolf is how do you find a wolf in Siberia? If you're looking in Alaska, you never will. And so you've got to troubleshoot the actual problem, not necessarily a recreation of the problem. And that often means, you know, going on site, if my if my air conditioner in the house broke, and I called the manufacturer support line, and they said, Well, our air conditioner here is the same model and ours works just fine. like nobody would say that that was a valid troubleshooting test. Obviously, my air conditioner is different from the one they have back in their office. And they're going to have to come out here and test my air conditioner.Barry Luijbregts 26:47 Yeah, that's, that's such a powerful thing. You know, as a developer, we all always try to reproduce the bug. Yeah, of course, because then if we fix it or if we thought we we have a fixed then we contest if it actually occurs again. But obviously, you should then also look at the actual problem that happens. So do logs on the server when it actually happened, or wherever that was maybe on the user's machine.Don Jones 27:13 Yeah, and creating your code to have diagnostics is important. If I was able to crack open my television, well, I'll do a better one in my car, because I actually can work on my car a little bit. I know I've got the manual from the manufacturer on how to maintain that thing. And I know what to measure. Right? It says, okay, you know, if you measure the electricity here, it should read this. airflow should be this. Those are all things that if I've got the right equipment, I can get in and measure because they have instrumented the car to make troubleshooting easier. They've created instrumentation to make it easier to build a wolf proof fence around a certain system. If this voltage is at this level, then it is not the charging system, you move on to the next possible thing. Some software developers are Really good at that, and others are really not good at that. To go back to query example for as an example, it's, it's a good one, if you've taken the time to put a query into a variable so that you can set a watch on it in your in your IDP, then you should also probably have a debug debugging option that an end user could turn on to output that same thing to a log, like whatever you would do in your ID to troubleshoot whatever you would look at is something that should be enable, so that the end user who doesn't have an ID and doesn't have your source code can produce the same diagnostic information that you would be accustomed to looking at in an ID so that you can kind of debug over there without having to worry about all the variables that are involved, like all the variables just get built in when it's when it's running in that situation. Barry Luijbregts 28:53 Yeah, totally agree. Absolutely. Log everything that you can and if you if you don't have a very sophisticated tools, you can always use print statements, as in just write out some text. This happened at this point in time with yes type of variables. Yep, that's always useful even for performance improvements and things like that. So as we are coming to the end of the episode, let me just share one big failure of myself. I was once troubleshooting a system that had a bug, it was a website, a very busy websites with 10s of thousands of people that were actually on it on production. But the bug was only in production. And it was a very big one that actually cost a lot of money. So we couldn't really track it down. In the end, we've decided to debug production. And this was before you had the snapshot debugger. So you actually had to attach a debugger to the production process in the server in production. We did that. And then I hit a breakpoint. And I was just sitting there with Looking at the variables of the breakpoint, and then I found a bug. And later on I fixed it. What I didn't realize was that whilst the breakpoint was hit, the website was actually stopped. Yeah, because the probe was stopped. And so the website was actually down for a couple of minutes for a lot of people, which also cost a lot of money. This was a quite a big mistake of mine. Now, nowadays, you can use a snapshot debugger, which is something in Azure, for instance, that also attaches to the process, but just emulates debugging. So it takes a snapshot of the current variables and then sends that over to you as kind of a log or something that you can use on your local machine without stopping the process. There wasn't very smart of me, but it happens. You know, you live in you learn. Do you have any of those?troubleshoot troubleshooting failure stories?Don Jones 30:58 Oh, gosh, yes. We we have a cabin up in the mountains. And if you have a cabin up there, it's hard to get contractor so you kind of learn to do everything yourself. And we had when we came in after reopening it after the winter, we've got a few things that we need to check for. Just you know, burst pipes, things like that. So we checked under the sink and really good about Okay, well, we'll turn the water back on, but we'll have someone out by the meter. So you can just scream real loud if there's a leak and we'll shut it back off and everything was okay. This was a couple years ago. And we were there for probably a week or two. I went outside to water some plants and we have a hose connection on the outside and I opened it up and everybody else comes screaming out of the cabin. Shut it off, shut it off, shut it off.It's like I crank it down real quick. Well, we had forgot to test the complete system. The pipe was fine running up to the hose connection. But that hose connection is actually that a 15 inch long metal tube that sticks through the wall and When you open the valve, it had burst over the winter. And so it started raining into the basement. And really thought we had proactively been troubleshooting the system by turning it on and running around and turning all the faucets on. But we didn't build our fence, we left an opening, because we didn't test everything. And so, we we have something that's a little bit like a unit test. It's a checklist. And so now we have a list that includes that. So we added a unit test for our hose bib on the outside. And now we know to check that and have someone standing by on the water just in case. It was a huge mess. It cost quite a bit of money to fix. So we definitely learned the lesson. Well. Barry Luijbregts 32:44 All right. Well, this has been absolutely great. I've learned a ton about troubleshooting. If people are looking for more information about troubleshooting, obviously, they can read your book. Are there any other resources that you can recommend, especially for developers, where they can learn about troubleshooting. Don Jones 33:05 Yeah, there's not unfortunately there's there's, I believe the website is troubleshooting.com. That was the resource I first came across. Some people may find that that his approach works really, really well. For them. It's not different than mine, he just kind of explains it differently in a way that didn't land as well, for me and some of the folks had spoken to. I think it really gets down to practices. I think, what I would suggest, especially for a developer is to read a lot about debugging, like even if you're an expert debugger, that's fine. Read about it, because every time you read a technique, okay, you know, you can put a breakpoint here and then go set a watch and look at a variable. Think about how could I do that proactively to make troubleshooting easier? Like what is it I could have done in advance to make this whole failure process simpler for me and adopt those as some of your standard practices, it's obviously going to differ between languages. toolsets and platforms. So you know, whatever yours is really figure those things out and think about what is hard about this and what evidence could I be producing proactively to make it better? Barry Luijbregts 34:12 Right. That is excellent advice. Thank you so much for your time. We'll see you next time. Bye bye.
Terms of Service
© Stitcher 2020