Few things one should do during the second peak of a global pandemic:
So here is my second shot at relevance. TIL how to toggle god mode from the wifey, allowing you to live edit and demo design changes. Useful stuff! \o/
document.designMode = ‘on’
Software is still eating the world and I am super excited to be keynoting in Devopsdays Copenhagen! Come hang out!
"DevOps is culture, empathy and collaboration", says @yveshwang. Learn at #devopsdayscph how these 3 values shaped Circle K's journey towards #cloud, #DevOps and #microservices.https://t.co/k0U3y88rGe pic.twitter.com/JWxUd5dgR5
— DevOpsDaysCPH (@devopsdayscph) April 11, 2018
#Retailcode London 2018 is over and it was such an unique hangout-time with other fellow speakers from the retail vertical. I am honoured and thankful to be invited. Having this opportunity to share my two cents and get feedback from like-minded individuals was awesome!
Jam packed within 2 days, information and knowledge sharing flowed and tech round tables ensued. We honed in on the real issues that plagued us all, and discussed devops both in detail and in a broader contextual sense. These big guns of retail IT, whom were either born in the digital API monetisation era or has completely transformed, gave their heartfelt stories. Along with some new ideas, we shared our current pain points and hard-earned titbits without hesitation. Long before I embarked on this journey, they already were and still are, the source to which we draw our inspiration. For me personally, it was also a great hands on opportunity to evaluate and compare our existing approach to CI/CD stack.
I will summarise my raw key reflections in no specific order, and anonymised.
I have learnt a lot in the two days and now an eager beaver to hack and piecemeal some of these ideas when I get back. Thanks again for having me #retalcode London! Awesome stuff!
Ever asked yourself what would Jesus do with your personal and private data (the answer might be here)? And what happens when mere mortals revolt against such an entity by requesting for rights to access and rights to be forgotten perhaps all at once? How about a sustained revolt say over a period of months after 25th? Could lesser companies be on the verge of a new C10k problem with real world consequences? And dare I say, a GDPR flavoured DDoS? GDPR + DDoS = GDPRDDoS perhaps?
Often the greatest ideas pop up when casually discussing tech amongst close friends. Couple of beers and rounds of board games later over a quiet weekend, a realisation of how extensive one’s personal data permeates throughout all the digital services we take for granted today. Seeing that none of my immediate circle of tech friends presently works for a God-like entity capable of predicting our behaviours and futures, we started wondering what would the mere deities of the world do? In case you are wondering, God has a name, and it’s GAFAMA (Google, Amazon, Facebook, Apple, Microsoft, Alibaba).
This is my prediction and I believe that an active, distributed and organised effort to retrieve personal data will occur, and companies that have not automated anything will no doubt get hit the worst. Coining this very scenario, the GDPRDDoS.
Let’s assume a single piece of personal data is gathered in one place. This one system will have no problem retrieving such data (with consent of course). Now let’s assume this data is distributed to 3 other services all equipped with different persistence layers. Perhaps the first is structurally backed by a blockchain, another a vanilla SQL but done in an immutable and event-driven fashion, the last being a rebellious NoSQL document store. This level of integration is not uncommon for a microservice landscape and often considered fairy manageable. Now let’s then assume 1 of the 3, the blockchain oriented service, is procured as a SaaS. Whilst the NoSQL backed service is hosted in the EU cloud elsewhere but nonetheless outsourced operation and development with the vendor pretty much only responding to email based change requests. Finally let the good old SQL backed service be hosted and maintained internally with your own teams. Cos you know, we play it safe with SQL. We also assume that since the first 2 services are outsourced, they potentially have additional systems that the centralised place has no integration towards.
With that in mind, and assuming you’re responsible for these systems, let’s say 1 individual digitally asks for their data on the 25th.
Now let’s assume that the system is fairly static and that no dynamic streams of data about users are ever pumped into your systems. Your blockchained service will be in trouble if you have baked in personal information as part of the blocks. Nonetheless, we assume they are somehow issued centrally and you are in luck here. Assuming also you have a fairly decent relationship with the NoSQL backed vendor, you can turn around a change request in 2 days. You pay a minor fixed price each time. Lastly, you have a fantastic team managing your SQL backed service and doing a quick query is no problem on the existing system. Great! The cost of retrieving this data is pretty much the time and material cost of 1st two vendors plus some hours in the 3rd. Your customer service burns the data onto carton full of 5” floppy disks and hand this over to the customer with a smile on their faces.
Same setup, but now 10 requests hits. No problems! With glee, your customer service bundles the 10 requests into the same email to the vendors, perhaps wait for the 2 days, pay for the 2 days and burn 10 cartons worth of floppy disks. Assuming you still have a amicable relationship with your tech vendors, you’re fine. Your team is still ok because dude c’on, 10 additional queries? Your turnaround time is slightly increased because having to handle 10 independent cases is hard, but your customer service manages. You sleep soundly at night.
Now things gets a little interesting. Your blockchain vendor is saying that they might have to invest in some mechanism to replicate the chains and essentially re-write and verify history. Now your MS access die-hard event-sourcing CQRS SQL team is also saying the same! “This is supposed to be immutable! We are gonna have to find a way to re-create all histories and projections somehow…. But 100 requests is not that bad, we can re-create the DB each time to the nth degree.” Your NoSQL vendor is fine, scales up the bills accordingly. You are getting a little edgy because the cost of retrieving the data is no longer an email or a simple SQL join-select, no longer a simple time and material calculation. You hope that no more additional requests comes in and that the nation is finally satisfied with the knowledge that you haven’t done sweet FA to their personal data. Your customer support might be threatening to quit if they are manually coordinating this and you are fast running out of floppy disks to procure. You are twiddling your thumbs, wondering if you should hit up your back ally hookup person for some floppy disks.
At this rate, you know you are out of floppy disks, your customer support is borderlining quitting, and your blockchain and your internal teams are no longer speaking to you. You generate 1000 emails yourself in the hopes that somebody else internally will be able to piece together some kind of data to be handed over to somebody.
You rage quit and attempts to talk yourself into a job with GAFAMA because you know they have probably invested a bunch in automating all of this stuff and you got other interests other than sending out emails trying to get hold of data!
Let’s say 1% of your national population requests this on the 25th…… #fml
Though the scenarios are purely theoretical and fictional, nevertheless it was a joy to write. Our data belongs to us and it is time that all consumers take back their rightful ownerships. If businesses are not automating, or not sure how, or have systems and vendors that are vastly difficult to integrate with, then brace yourselves, your winter is coming.
Come for the rant, stay for the golden nuggets, walk away knowing how to ship better software for fuel retailers.
Details to my session as follows: https://retail-code.com/sessions/case-study-the-road-to-continuous-delivery-and-beyond-in-the-retail-world/
Super thrilled to be holding two talks in @code_europe in sunny Warsaw on the 7th of Dec! The first talk will be about tdd with serverless, automation, and tooling. I will touch on Cloudfront and Lambda@Edge with liberal sprinkling of node.js and mocha. Ultimately piecing the buzz word alphabet soup together with Jenkins in a live demo format 🙂 If the demo gods are with us, you are in for some docker in docker in vagrant spawning dockers type of inception mad science.
Second talk aims to cover the usual devops circuit and the curiosities for the macabre; a transformative journey and a deep dive. Having grown up with Bill and Ted’s Excellent Adventure as a budding young lad, I am happy to ground the subject matter in a light hearted manner this time 🙂 #strangethingsareafoot
Very grateful to be invited to speak in the International Forecourt Standards Forum (IFSF) Innovation and Collaboration Conf 2017 in Paris this year 🙂 If you are in town, swing by or hit me up on twitter, and let’s talk #docker #microservices #apis and #devops!
*Speaker Announcement* @yveshwang will be joining us in #Paris to discuss micro-service architecture #IFSFconf2017 https://t.co/3S3uIMO9TG pic.twitter.com/ufKR7aTNsb
— IFSF (@IFSFonline) August 31, 2017
You know you want to 🙂 Come hang for the rant, but stay for Mårten Rånge‘s session on Property Based Testing.
update 13.04.2017: slide deck avail here: https://github.com/yveshwang/presentations/tree/sthlm/impress.js/gbg
Here are some free and honest advice on the topic of EU General Data Protection Regulation (GDPR) – because frankly we are a little tired of the corporate jargon.
Being a good custodian of personal data does not have to be scary nor difficult. I happen to think it is quite straight forward, though it can be a fair amount work. Most important piece of the puzzle for the data controllers or processors is that you will require a devops/fullstack team. If you are an old school enterprise, then you should have gone through some kind of I.T. transformation to embrace and put in place principles of devops. This is because during the process of working through the various controls surrounding personal data, chance are things will be missed, particularly if you have a very large portfolio. The only sure thing is that as an organisation, you can work in an iterative, lean and agile, and collaborative manner.
Some unsorted advice in bullet points below.
The hard truth is, GDPR is not in anyway shape or form finite or deterministic to warrant an engineering approach or a scientific model as basis for discussion. It is more likely that the process of addressing GDPR will be personalised and unique to each company. Ironically, it is a little like personal data itself. Most importantly, if you do not meet some of these devops requirements, you might want to start there first, and fast.
<rant>
I have been racking my brains trying not to sound like a giant multi level marketing douche on the topic of EU General Data Protection Regulation (GDPR). This is my nth attempt at drafting this blog post and literally the writing has gone from selling fear and greed to regurgitating some hallelujah self-help Secret-esque scheme that regurgitated the same old concepts like “consent”, “transparency”, “pseudonymisation”, that is suppose to concretely address “privacy by design”, “obligation of data controllers”, or “data subject rights” etc. Well, at least I will portrait an image of misguided confidence whilst oozing a ton of leadership if I may say so myself. Nevertheless, I personally feel some simple, down-to-earth steer is needed on the subject matter and I have decided to put it out to the universe.
</rant>
Speaking in DevOps Vilnius this year and still feeding ’em enterprises a strict diet of #lean #devops. Come say hi! http://sched.co/9qWc
something else 