Generation Z Developers
Generation Z Developers
Buy on Leanpub
Generation Z Developers

Table of Contents

0.1 GitHub Issues

All content related to this book is hosted at the GitHub DinisCruz/Book_Generation_Z_Developer repo.

This repo not only contains all text (in Markdown), but also all pending issues and ideas. I'm using the exact workflow and ideas presented in this book in the development of this book :)

You can read more about GitHub and Git in the respective chapters, but if you want to be involved in an open source and Creative Commons project, this would be a good place to start.

Here are the current list of issues (as of the last time this book was generated) that you can help out

Issues list

Using GitHub api on 05 Mar 2018 the following 5 issues had the show-in-book label:

  • Add chapter on 'cloud-native' : #6
  • Add chapter on 'Typography and Design' : #5
  • Add chapter on 'Closure' : #4
  • Re-apply context fixes submitted to Build repo : #3
  • Add chapter on 'Coordinated Disclosure' : #2

I Generation Z Developers

1. Introduction

Hi Generation Z Developer, if you are passionate developer who wants to learn as much as you can about your craft, this is the book for you.

I decided to write this book after doing a series of presentations to Gen Z audiences, where I realised a number of key gaps in your generation is understanding of the history behind a number of key technologies that underpin the technological revolution that we are the in middle of.

Here is the slide that started it all, how many do you recognize?

My presentation started by me asking the audience if they recognized those logos, and then realising that not only they didn't recognised most of the logos, they didn't knew the history behind them. More importantly why they where created, and what was the problem (or itch) they addressesed

All these icons where 'catalysts of change' and it is important to understand the history behind them, why they occured, and what happened next

Each one of these icons changed the world of technology, and the paradigms shifts that they created and still impacting our world today.

For example one of these changes/revolutions was the Creative Commons copyright license, which was one of my 'WFT you don't know what that means' realizations. Creative Commons gives a number of rights to the consumer of creations. This book is release under an 'Creative Commons Attribution-ShareAlike 4.0' license, which basically means you are free (as in freedom) to use all the materials and content from this book (only requirements are that you provide some acknoledgement of the source and that you use a similar license). You can even sell books based on content from this book.

As you will seen thorough the book, what I find interesting, is not that that a particular technology or ideas allowed X to happen. What matters to me are the ways those ideas change how we act, how we think and how we behave.

We are in the middle of a massive technological and cultural revolution and you need to decide if you want to be a pawn, a player or even a play-maker in this new world. If you don't understand the past, you are bound to not only repeat past mistakes, but you will not even understand what game is being played.

Please join me in this interesting trip down memory lane, where I will try to explain how I understand and learned from a multitude number of technologies, ideas and events.

Be involved and contribute

If you have never contributed to an Open Source (or Creative Commons) project, then what about using this book as your first experiments?

You can find all content for this book in this GitHub repo and you can submit ideas and issues (you found when reading this book) here

Please share your views, suggestions and criticisms and don't hesitate to reach out to me on @DinisCruz

1.1 Generation Z

Generation Z is the generation that was born after 1996 and represents a very interesting mix of great values and digital capabilities.

The older members of this generation at about 22 years old at the moment (2018), they where 11 when the first iPhone come out (2007) and are the first real digital/online generation (they never experienced a world without internet or without google). This is the generation that is entering the market place at the moment.

In addition to having personal experience with this generation (I have two daughters aged 12 and 14), I have been involved (professionally) in a number of projects with this generation (for example teaching High School kids in the UK how to 'hack' and working with projects that aim at teaching developers coding skills usable in the real-world).

The reason I'm focusing on this Generation, due to my realization that they missed a number of key revolutions (in the technology space) whose history understanding is fundamental (in order to be competitive in the market place).

In hindsight this is normal, since we (as a society) still don't do a very good job at explaining why things happened and why did they where needed in the first place.

Without an understanding of the past, we only learn from shadows and curated versions of reality.

I'm worried about Gen Z

Although Gen Z have some spectacular features and values (for example they are much more tolerant and diverse than previous generations), they have a lack of intellectual curiosity that worries me

We need to learn from the past (in order not to repeat it), but lots of key technological revolutions and paradigm shifts seem to be not understood by Gen Z

Ironically, in an age when information and knowledge is a click (or google search) away, in conversation after conversation with Gen Z teenagers, I've found that they have a very thin understanding of the history of particular technologies, why they occurred in the first place and what problem they tried to solve.

My hope with this book is to break through those gaps, and provide context and references, so that better informed decisions can be made by members of this generation (who will need to save the world from the mess the previous generations are creating)

Overwhelming curiosity

What I hope to provide is a couple moments where you get this overwhelming curiosity to just learn more about topic, where you start to follow link after link about a particular topic, and that you get a number of 'WOW, that is fr**** awesome!' moments

If you are lucky enough to find yourself in this place, congratulations, you just found 'the zone' which is this amazing enviroment when you are single minded and 100% focused learning (which is the best way to learn)

Whenever you find yourself with this headspace, dont stop! Fololow it as long as your brain allows it, and don't stop for anything (namely social events, eat or sleep). This 'zone' is a magical place to be , so learn to recognize when you are inside it and explore it as much as you can.

1.2 How to get a job

One of my objectives with his book is to help you to find a great job, one that you will love to go everyday, one where you are in a steep learning curve and one that aligns what you passionate about with what your employeer is happy to pay for.

It is very important to realise that if you are in an job (or school) where your learning curve is not off-the-charts, you are short-changing your life and your career. Nobody cares as much about your carer as you do, and you are the only one that has full control over your attitude to learning. You can chose everyday on how engaged and receptive you are to learn and to help others to help you learn. It is not exaggeration to say that you decide your future's direction and path with every decision that you make everyday.

There is a lot of competition out there and if you look at what is coming next (namely AI and the next billion of internet users), you need to maximise your changes and opportunities.

I really like the Gen Z realization that a job is something that should be rewarding and not just a way to make money. After all the best job is when you are paid to do something that you would do for free. Although I am very fortunate to be in that situation, where I love my job and what I do every day, that didn't happened by accident. I made a number of key decisions in my life (some with very short-term negative implications) that allowed me to align what I love to do with what the market wants to pay.

Being passionate and love your job

Find what you are passionate for, what you really care about, and align your carrer with those ideas. The best part is that this is a massive win-win situation, since the more passionate you are about a particular topic, the more you care about it, and the more valuable you are the company that is employing you to work on those topics.

Having one competitive advantage

The best way to get a job is to have 1 (one) competitive advantage. One activity or task that you can do better than the person/company hiring you. For example in the 1990s for a lot of companies it was using a computer, in the 2000s is was using the internet. For development or security, for a while all it took was good programming or hacking experience. Although it might look that the bar was lower those days, the reality is that the ones that could do it, where the ones that proactively embraced those technologies and learned them agaist all odds (at the time when most companies, including technological companies, where ignoring it). These days, it is thinks like: ML/AI, Graphs, Chaos Engineering, GitHub, Git, Jira, Creative Commons, Continuous Integration, AWS, WallabyJs and the other technologies/ideas covered in this book :)

Own your carer development

You are the one that is in change of your carer. Don't let anybody tell you what you should be doing and what paths to follow. You need to discover these paths by yourself (via trial and error), and a great way to do that is to work for companies that are alligned with those paths

And how do you start working with those companies?

Easy, start collaborating on their Open Source projects. Act like you are part of the company (understand their values, and behave in ways that that add value to that company, namely the tech stack)

Start by meeting offline and online the key individuals (and developers) from those companies and communities in a way that adds value to them . Build relationships that will teach you a lot, and potentially lead to very interesting job offers (or references). Start learning how to add value and how to become really good at proactively solving problems (which is one of the most valuable assets you can bring to a company)

What is interesting is that there is nothing stopping you from doing this!

So why don't you?

After all you have nothing to lose? (and all to gain)

2. What is this

Important ideas and technologies to understand what they are that why they where created in the first place.

2.1 Docker

As a developer it is critical that you understand how docker works and how it became so successful and widely used.

The first time I saw and used docker, I was massively impressed by its simplicity and its potential to change how not only applications are deployed, but how applications are developed and sandboxed.

To understand Docker and its power, the first concept to master is how docker is a "process that exposes a multi-layered file system as an fully isolated OS"

It is easy to see Docker as just a faster VM environment or a faster Vagrant (which is a way to programmatically create VMs). I've seen companies that because they had automated VM deployments to such an extent (i.e. they become really good at automating the creation and deployment of multi-gigabyte VMs) they dismissed Docker as just another IT fad.

The problem is that Docker is much more than just a faster VM. Btw, by fast, I mean super-fast. normal VMs book in minutes, Docker can give you a fully working Ubuntu box with Node installed in sub second start time.

Docker starts in second(s) because it is just a process. The magic sauce is created by:

  1. a number of linux kernel technologies that are able create a sandboxed environment for that process (for files and network access)
  2. a layered (i.e. docker images) file system, where each layer contains a diff with the previous layer.This is a powerful graph db, where each file location is dynamically calculated when you are inside the docker image.

From a security poing of view, Docker has massive advantages. Finally it is possible to run 3rd party code in isolated (i.e. sandboxed) environments, where any malicious code running inside those docker containers, would not have access to the current host user's data. This is actually the future of desktop and server-side apps. where easy external (or even missing critical) service/code is executed inside containers.

Topics to cover and ideas

  • What is happening is that each layer is immutable, and when a file is changed inside docker it is either a) lost when the docker image stops or b) saved a new docker image
    • rewrite paragraph (above) that tries to explain how docker file system works and how new images are created)
  • why docker image development environment is so powerful and fast (explain the concept of images commits)
    • if you don't understand git and virtual file systems you will struggle to understand git

Kubernetes

  • what problem it solves
    • k8s architecutre
    • the power of coding your server environment (just a higher level of programming abstraction layers)
  • AWS Elactic container service
  • Digital Ocean Docker droplet
  • explain Kubernetes (how it come from Google's Borg)
    • this container's capability was why google grew so fast and innovated so much in the last decade
  • Docker Compose and Swarm

Couple examples of Docker in action

  • add some technical examples of how to use docker (and how easy it is)

Testing Docker - repeatable bash scritps - testing of docker images and builds is still a very imature space (no good tools, IDEs and Test Runners). I played with BATS but it wasn't very good - we need TDD for docker development - big comptetitive advantage in the market place if you understand these concepts

where to focus

  • a very good research area is the visualisation and mapping or docker environment

references - Containerization - by MAYA Design - Containerization: The Most Influential Invention That You've Never Heard Of

3. Technologies

Another important technologies to know.

3.1 Books

I love books, the ‘real world’ physical ones, the BookBook(s). Not the digital alternatives who are a shadow of a book and are not good technologies to consume knowledge.

I love books, and for a while I too had the a guilty feeling of 'holding on to legacy technology', as the world moved into consuming more and more digital content (including digital books).

For reference I buy hundreds of books per year and spend far too much money than I should on books. Have I read them all, no of course not! Have I found amazing books to read every year that improved my skills and knowledge, absolutely yes!!! The reason I buy so many books (multiple per topic) is because until I start reading them, I don't know which one is perfect (at that moment in time)

After looking closely at why I liked books so much, I had the epiphany that "Books are actually the best technology to consume and process information".

There is also a growing body of research that shows that the use of digital technologies are also affecting kid's learning capabilities (see "students find it easier to read and learn from printed materials")

Basically, if you don't use books or printed materials to read and review the information you are consuming (and creating), you are missing a massive trick.

The digital world is really good at promoting group think and to present the previous technologies as 'legacy' and old-fashioned.

My experience is that books (and printed materials) are much better technologies for the consumption of information. One area where the advantages of the digital books can be significant are novels and fictional stories (namely the conveinience of access and the weight difference), in this case the books are just a transient medium that is being used to tell a story, just like in a movie (in most cases, what the reader is getting are emotional connections with the characters/story, and not really learning from the text)

The reality is if you want to learn, you are better of using a book or printed materials.

The same happens with reviewing materials. It not coincidence that we all have experiences of writing content in a digital medium (i.e. the computer) and while reading it on a screen it kinda looks ok. Then once we print it, and enjoy the unidirectional, offline and 100% focused activity experience that is 'reading a piece of paper', we find tons of errors and 'WTF was I thinking when I wrote that!' moments. In fact making notes on printed versions of digital content, is exactly how I am writing and reviewing this book's content.

Yes, the fact that books are offline is one of the book's main competitive advantanges!

The boook's 'features' of not being interrupted by a constant stream of apps/websites notifications and not having a browser at hand, does wonders for your ability to focus and to consume information.

Another powerful feature of books (in addition of rendering contentin HD with real-time refresh rate), is that they allow your brain to consume information in a 3D format and with more senses. For example, notice how when you flick back pages looking for a particular passage or diagram, your eyes will be looking at a particular section of the page. This means that your brain not only is capturing the content that it is reading, it is also capturing (and storing) the location of that content, and how it relates to the rest of the page. One of the reasons that lead me to the epiphany of the value of books was how I noticed that it was bothering me the fact that the kindle reorders paragraphs and pages when you flick back (and how it was affecting my ability to find content I've already read)

Environmental impact of books

My undestanding (and please correct me if I'm wrong) is that most books these are are printed from either recycled paper or from sustainable forrests (i.e. forests where they plant at least as many new trees as they cut).

This mean that these days, the impact of books on the environment is minimal.

3.2 Pen and Paper

Another powerful technology that seems to be going out of fashion is the pen and paper (pencil is also a great option).

As covered in the 'Book' chapter, analogue techniques like the pen and paper are actually better technologies for creating and capturing ideas.

The fact that a piece of paper (or notebook) is not 'online' and one cannot easily change its contents, are actually some of its best features.

What is really important is to capture the ideas and thoughts that you have. There are also studies that shows that just the fact that you write something, will make it easier for you to remember and to process that information.

I have so many examples of situations when I started writing just some ideas, and after a couple pages, the real interesting ideas come out (due to the hyperlinked nature of how ideas are generated in the brain). What is important is the realisation that those 2nd or 3rd generation of ideas would had not been captured without the first batch of ideas and notes. I've also found that my brain retains the location of where I made some notes, and I'm able to go back to those notebooks and remember what where those ideas (even after a couple years).

These days, to keep track of what I have reviewed and processed, I have the workflow/habit or crossing-over the ideas or texts that I moved to a digital format or delegated.

The reality is that you will forget the ideas you are having today!

The only way to make sure that your future self has access to those ideas, is to capture them now!

It is great when you review your older notebooks (could be from last week or year) and not only remember an idea you had since forgotten, but you are able to expand that idea and take it to the next level.

My favourite are the Moleskin books plain A5 notebooks, since they represent a nice balance of white space and portability ( I use them everyday)

A nice site effect of having mobile phones with cameras, is that it's easy to share a picture of one of the notebook's pages.

3.3 Brain

How well do you know your brain? Do you know how it works? What areas it is really strong at, what areas it is weak and how to maximise its capabilities?

The human brain is one of the world's great wonders and we live in a age where we now know a tremendous amount of details on how it works.

You need understand how your brain work, so that you understand it's blind spots and why we behave in the way we do.

How do you think? How do you remember? How do you see? How rational are your decisions? Who is actually making the decisions in your head?

If you have not looked at this topic before, you will be very surprised with the answers to these questions.

This is where you need to apply your logical and computing side of the brain and reverse engineer how your own brain works.

I've always found the brain fascinating and the more I learned about it, the better I become at understanding how I and others think.

A good place to start is the Freakonomics: A Rogue Economist Explores the Hidden Side of Everything book, which uses economic techniques to answer a number of very interesting questions.

The Predictably Irrational: The Hidden Forces That Shape Our Decisions takes that to another level, where it shows example after example how we are not rational at all in a number of decisions we make everyday

The best one I've read is the Incognito - The Secret lives of the brain which not only explains really well how the brain works, it really challenges our understanding of how the brain works.

How you think

When self analysing how I think (from an engineering point of view), I found that I have two types of thinking techniques.

  • A slow(ish) type of thinking - where I'm basically taking to myself in my head. This is also how I tend to read (I heard the text I'm reading in my head)
  • A fast type of thinking - where I 'somehow' am making a large number of analysis and decisions, and 'know' what I'm thinking without really needing to articulate in my head all the explanations of what I'm doing. This is the kind of thinking that one tends to get when in 'the Zone' (which is that magical place where ideas 'just flow' and we are hyper productive)

I've also found that although my brain is able to hold a large amount of hyperlilnked information (creating a graph of linked data that I'm working on), it is not good at all at multi-tasking (i.e. working on multiple domain problems at the same time).

This is why is so important to be able to spend concentrated time on a particular topic, since it takes a while to upload all relevant data to the parts of the brain focused on the task at hand.

Switching content and interruptions

A reason why even a 1 second interruption can be massively disruptive (for example a text message, or slack/snapchat/instragram/facebook/twitter notification) is because it breaks the mojo of your brain and destroys a number of those hyperlinked graphs you had created in your head.

It is even worse when the interruption actually requires some extra activity (for example a question from somebody at the office).

One area that these interruptions happen a lot in the normal developer's coding workflow is Testing. The simple fact of having to manually run a test (either via the command line, or by clinking on a web browser), will break your mental models and make you 'switch context'

I can't explain (you need to experience it yourself) how productive is it to code in an environment where the context switching is minumal (which is what happens when coding using tools like wallbyjs or NCrunch)

3.4 Hugo

Hugo IO is a Static Website Generator (SWG) and represents a very interesting twist on the development stack of a website (another popular Static Website Generator is Jekyll )

In addition to having a great environment to create content (and to maintain it), what hugo represents is a completely different paradigm shift on how to create and publish websites.

Basically what SWG (Static Website Generators) do, is to pre-create all possible web pages during a build stage, and to place them all in a single folder that can be easily deployed to any server or service that is able to host static files (for example AWS S3)

In practice this means that you can have a website running from valina web pages, with no backend and no moving parts. Not only this is massively secure (no server-side code to hack), this has amazing performance implications (i.e. the site is super fast, when compared with dynamically generated sites).

Ask yourself the question: "Why do you need a database?"

It is amazing how in tons of cases a database is not actually needed (specialy when it is possible to pre-generate all pages programmatically).

In fact Hugo is using a very efficient and scalable database and cache: The file system :)

I really like the pattern of using the file system as a database, specially when combined with git for deployment.

Hugo is also a great case-study of how modern development techniques, technologies, and open source innovation create products/apis that are miles ahead of the competition (with killer features)

I use Hugo a lot these days, in all sort of internal and external sites, and after using (and developing) all sorts of CMS (Content Management Systems), I have to say that it provides me a spectacular and highly-productive content creation/editing workflow.

This book for example has a companion websites that is created using Hugo, and I've created a number of extra pages that help to improve my productivity (for example search and print pages)

3.5 Machine Learning and AI

One of the most important areas that you need to gain a strong understaning in the next 5 years is Machine Learning and Artificial Intelligence (AI).

This is not about an Skynet kinda scenario where an super-intelligence singularity is going to take over the world and destroy humanity.

This is about the next major revolution in technology and whether you are going to be a player or a pawn in what is happening next.

I highly recomend that you read Kevin Kelly's The Inevitable: Understanding the 12 Technological Forces That Will Shape Our Future book where he provides a really clean mapping of what (most likely) will happen next.

One area that Kevin talks in detail and you can already see it happening around us is the introduction of AI capabilities in all sort of devices and business activities.

This is where you need to take a proactive approach and start learning about how all this works and how to program it.

The great news is that in the last couple years the major cloud providers have been investing really hard on these technologies and are now providing environments where you can easily play around and learn how machine learning and AI works

See for example all the different tools and technolgies that AWS is already offering in the machine learning space (Microsoft is also providing some really cool capabilities on Azure)

As a developer, you will be soon be asked to write code that integrates with Machine Learning technology to process large amounts of data or to integrate an app with AI services like voice, image recognition or domain-specific analysis (for example in medicine)

Where are we going

For a nice view of what could be happening next see - Life 3.0: Being Human in the Age of Artificial Intelligence - Homo Deus: A Brief History of Tomorrow - What Technology Wants

3.6 Jira

Jira is a web application that is widely used by development, engineering and technical teams to manage they day to day tasks/activities.

We (at Photobox Group Security) use Jira extensively in our day-to-day activities, where not only it helps us to track our tasks and risks, we create tons of custom Jira Workflows and write custom applications.

We basically use JIRA as an graph database (see Creating a Graph Based Security Organisation ) and Confluence as a way to display the information stored in JIRA.

The key point I want to make here is that the tools that we use in the enterprise need to be customised and extended (in order to make them work).

Being able to write these customisations and understanding at a much deeper level (when compared to 'normal' or 'power' users) what is possible with these tools, is a massive competive advantage.

In fact if you are able to write custom JIRA workflows that are usable by a development team, that is a massive competitive advantage for you, and it will make you highly employable today.

Use Jira in your life

Create Jira projects for your life activities (with Epics to track group of tasks)

Create a Kanban board for your personal tasks and Epics.

Create custom workflows and learn how to manage Jira. This will give you tons of confidence when using Jira in the real world (or when intervewing)

And since Atlassian has evaluation version for their cloud version of Jira, there isn't any cost to try this.

Now you have no excuse to not having used Jira before (at a level more advanced that most corporate users and the developers interviewing you)

4. Life Patterns

….

4.1 Learning

Do you know how to learn?

Learning to learn is one of the most important skills that you can have, and in fact, that is the main skill to learn from school and life. This is ironic, since usually very little time is spent at school and life in learning out to learn.

Learning is like a muscle, the more you do it, the better your become. And just like in sports, there are specific techniques that you can use to learn more efficiently.

As a developer if you are not passionate about learning, you are on the wrong job!

It is not about learning one Language or Framework. You need to learn 10+ languages and be on a constant learning curve. Each language will tech you something new (don't worry, only the first 5 will be hard, after that, the key paradigms will always feel familiar). For example, it is very hard to learn about functional programming until you start coding in Node or in Scala (after banging your head against the wall for a bit, it will click, and you will love its power and ability to write really simple code)

It is about learning new paradigms, about interconnecting your skills. What you learn in one domain, will be applicable in another. For example, being a better musician, artist, athlete, car mechanic or philosopher will make you a better developer

Application Security (AppSec) will take this to another level, since you will be asked to code review in all sorts of languages (which is great, since that is the best way to learn). AppSec focus on how 'it' really works, now just how it behaves as a black box.

The reality is that we are in age of the 'professional amateur', where you very rarely have time to really specialise in a particular language or technology. And when you do specialise, if you are not careful, you will be stuck in the past and be the one that is responsible for maintaining the legacy applications.

What you really need to be worried about is when you stop learning. Ironically this can happen the more you move up the company's corporate ladder. There is a big trap of management, which pushes highly technical and proficient developers into 'management' or 'architectural' positions (this is also called the Peters Principle where "employees are promoted to the maximum of their incompetence"). When this happens, these highly knowledgeable professionals have very little time to spend on technical issues, spending most of of their on meetings, spreadsheets and 'non learning activities'

My view is that no matter your role, you must make sure that you remain highly technical, have a deep understanding of what is going on, and always keep learning. And programming is one of the best ways to do this.

Ideally this learning environment will be part of your job. If not, then evenings and weekends are a great time to learn, while you find another job that puts learning at the center of their ecosystem (if you love learning, that extra effort should feel like leisure/relaxing).

4.2 Be a founder

The single thing that you personally control when you go to work, is your attitude to your work and how you approach it.

One of the concepts that I really like is the idea that you should "act like one of the founders of the business".

Image you where employee #4 and you really cared deeply about the company you currently are working on!

Ask yourself:

"If I was a founder of the company/department/section I work now, with the responsibilities that I have at the moment: ?"

  • "Wow would I behave everyday?"
  • "What needs to be done now, that will make a big difference?"
  • "What can I do that will help?"
  • _"What would I do differently?"
  • "What values and principles would I fight for?"

Hopefully you will get some interesting ideas and actions (from this mental exercise)

The question now is: "what is stopping you from doing just that?"

How is telling you "Don't do it"?

At the moment it is just you!

You can even do this for companies that don't employ you. You can contribute to their open source projects, you can write blog posts about them (and use twitter to reach out to key individuals)

You can choose to care about the team that you are currently in, and the work that needs to be done.

The irony is that the more you care and the more you behave like a founder, the more value you usually add and the more valuable you will become for that company.

4.3 Backup your life

Backing up your code (and ideas) is one of the most important patterns that you must master. Your current approach to backups will depend on how much have you lost, and how painful it was.

The reality is that sometime and somewhere in the future, you will lose some of your data (and ideas).

This could be something as simple as a lost laptop, or some data that was deleted by accident, or even an ransomware attack that encrypted all the files in your devices or servers. If you don't have a good strategy and habits for how you do your backups, it is just a matter of time before you have a catastrophic event.

Trust me, there are few things in life more soul destroying and demotivating, than having to re-create something again (that you were happy with and you had spent a lot of time creating). Even worse when you are not able to recreate it, which in a business environment can easily lead to you being fired for lack of due-diligence or negligence.

The solution is to think about where you classify and store your data (and ideas), so that you can come up with strategies that work in your day-to-day activities.

I'm going to provide a number of examples of how I do it, which hopefully will give you some ideas:

  • Secrets Minimisation - From a security point of view, the less secrets you have the better (and the easier it is to backup the rest). This is where the more you embrace the idea to publish as much of your data (and ideas) as possible, the easier it is to use web based services as your backup medium.
  • Passwords - A clearly important piece of data not to lose or disclose. My strategy is to pick formulas that I can remember and to use 2FA authentication (like SMS) as much as possible (which dramatically reduce the importance of passwords)
  • Future Self - Part of my drive to share, is to think that one day in the future, my future self will need it. This is also why I like to Open Source as much as as possible, since it makes sure that as I move jobs, I don't have to start from scratch (for example what happened with me and the O2 Platform research or the Maturity Model tool I developed recently)
  • Git - Git is not just a version control which you use when you want to commit to the main repo. I've seen developers that code for days before doing a commit. This is missing a massive trick. Not only during those periods between commits there is a high risk of data loss, the developer is also missing the opportunity to go back to a version created a couple hours ago (which was better than the current one). Basically there is only so much Ctrl-Z can help you. Note that you should be using git to store as much data (and ideas) as possible, since this workflow is not just for source code (another reason why I like to use markdown for content and DOT for graphs)
  • Autosave and Commits - When using git as a data store, I always enable auto-save on the IDEs so that I never have unsaved text in memory. I then use git commits (and git staging) to really understand what has been changed (and to double check those changes before committing to the target branch). This is very empowering and liberating, since I don't really worry about losing anything
  • GitHub - I push as much code (and ideas) on GitHub as possible. For example I have repos (some private) that act like document storage and (literally) backups. My expectation is that GitHub's backup strategy is sound and better than mine.
  • DropBox and GDocs - Same thing for DropBox and Google Docs. I use them to store data and rely (as most companies do) on their security and backups (very important to have 2FA on these accounts and to pay for the commercial versions, which provide features like version control and much more storage)
  • Twitter - I use twitter as my personal search engine, and use it to store all sort of links and ideas that I might be interested in the future
  • Google - A great site effect of putting your data (and ideas) online on a public and hyperlinked location (for example on a blog or slideshare), is that Google (and Web Archive project) will eventually index it (and keep a copy for ever). I actually have used these service's caches to recover ideas that I published ages ago, on a platform or site that has since disappeared!
  • Simulate disaster - Ask yourself, if you lost your laptop now, how painful it would be? For example at this very moment, the only thing I would lose if my laptop disappeared (or was stolen) would be the text in this chapter (and in about 30m, I wouldn't lose anything, since I will have committed this text into Git and GitHub)
  • External Drives - For large files and VM (not really much these days) I also have a number of external drives in my house that hold it (although some of the most interesting research VMs, like the ones I was using when developing the O2 Platform, have been moved to dropbox)

Finally, you probably noticed that every time I mentioned code I also added a note about 'ideas'. The reason is that you also need to backup your ideas so that your future self has access to them. The reality is that you will forget about those ideas and the connections that got you there. The only way to make sure they are not lost forever is to publish them into an hyperlinked medium.

You basically need to backup your life!

Please make sure that when (not if) some of your devices lose (or encrypt) your creations, you have a quick and efficient way to recover them.

4.4 The future needs you

Sometimes the future just doesn't happen! It needs people like you to make the difference.

Re-enforcing the concept that what matters is not ideas but energy and focus in execution, there are a number of ideas that although brilliant, we still need the right individuals at the right place in order for them to become a reality.

This happens in all fields (for example there is a great interview by Elon Musk where he talks about how the concorde and moon landings are good examples of us going backwards in technological capabilities).

On the developing/coding world, in addition to the WallbyJS (real-time unit test execution and code-coverage visualisation) that I cannot understand why all IDEs do not replicate and deeply integrate those capabilities in their engines, another amazing example is the Zoetrope (Interacting with the Ephemeral Web) research by Adobe.

This research was published in this YouTube video, and it shows a working real-time time machine for web pages (and other content).

This research transformed the Ephemeral and 'no-past' nature of web pages, into a multi-dimensional graph, where the previous versions of a page's content can be visualised, transformed and analysed in all sorts of ways (check out the video and you will be blown away).

Given how powerful this idea is, the interesting question is "Why hasn't it evolved!".

My view is that because there is a significant amount of research and technology required to reach the workflow shown in that video, and the fact that the technology and ideas where not released under an Open Source license (or Creative Commons), any new attempts would have to start from scratch (since it clearly looks like Adobe did not continued the research projects)

Also important is that an individual's vision and an sustainable economic model matter (i.e. someone who understand the problem and someone who is funding the research). Although the key concepts are clearly shown in the video and easy to understand, in the last 10 years we had not had an individual (or team) with the right energy and drive that has decided to replicate this research into an Open Source environment, and built a strong community around it.

I'm very frustrated by this lack of development, since there are tons of areas in Application Security where this kind of anti-ephemeral technology would be massively important.

Gen Z dev, if you are looking for a place to start replicating this idea, here is one for you:

Create a tool/website to search and visualise the git files history (for example how to do a search across previous versions of files)

That is not a problem that has been solved today, and not only you would let a lot about how git works, you would be creating a tool very useful to you and the development community. As an example that would allow for the easily discovery of secrets stored in git repos that have been 'deleted' using commits (which means that the secrets still exist in that repo and are available to anybody that can clone it)

Pick a vision and be the one that makes the deference

Part of your path as a Gen Z developer, is to find something that you are really passionate for which you can execute. The win-win scenario is when you pick an idea that either is quite new (like chaos engineering) or has been around for a while but the momentum has been lost. For example the Zoetrope mentioned here, or SAST technology (Static analysis of software/applications/infrastructure for finding security issues)

II Draft Chapters

5. What is this

5.1 Creative Commons

https://en.wikipedia.org/wiki/Creative_Commons

These licenses allow creators to communicate which rights they reserve, and which rights they waive for the benefit of recipients or other creators)

Topics to cover and ideas

  • "For a typical author, obscurity is a far greater threat than piracy." Tim O'Reilly on Piracy is Progressive Taxation, and Other Thoughts on the Evolution of Online Distribution
  • how CC is changing research
    • for example collaboration of code and datasets on cancer research
  • the amount of data that is being shared today is hugo
    • show examples from the multiple visualisation's books (and websites)
    • show example of data released by the UK
      • https://data.gov.uk/ which uses http://www.nationalarchives.gov.uk/doc/open-government-licence/version/3/ (compatible with Creative Commons Attribution License 4.0 )
  • more and more there is an moral and techical argument that all data created by government should be released under an creative commons license, and all code paid by the government should be released under an open source license
  • publishing your research under an CC license is harder than it looks. It means that you have made the paradigm shift from close to open.
    • It means that you now view your value as someone who can execute ideas (and are happy to share your creations)
    • anybody can have ideas, the execution is the hard part
      • in fact deciding what NOT to do is that hard part (what ideas to say NO is one of the most important decisions to do)
        • this is easy when you have a good vision of the journey ahead.

5.2 Open Source

  • explain key concepts
  • the creation of the Open Source idea and movement (how an how)
  • Richard Stallman - Copy Left, GNU, philosopher
    • explain the GNU/Linux situation
  • Security will push code to be open ('who '
  • companies using & developing open source
  • open source business models
  • I was called a communist many times (in early open source conversations)
  • "Open source as won, but Gen Z is not aware of it"
  • When you open source an app or code, what will happen next is : Nothing!
    • it is veru hard to create a community around an open source project
    • what you will have done (with adding the license file to your code (which is all it takes, assuming you wrote all the code so far)), is to create future opportunities for that code and sent a strong message about your agenda (i.e. you are not going to lock in the future the users that are using your current code today).
      • you are allowing somebody (which could be you) in the future to use your code
      • you are also protecting your research, so that if you move companies, you can still use that code (there is nothing worse for a programmer than to having to rewrite something that was working ok (specially when it is a framework that supports a particular workflow)
  • big success of companies collaborating internally externally (i.e. internal collaboration between different teams via open source code)
    • although most devs have access to all code, the number of cross-team pull requests is very low (open source license help a lot with this)
    • allowing other to use your code is a great way to find programmers to hire or companies to buy
    • the myth of the company that will take your code and just run with it (they will be massive locked to your code)
      • example of team that created a fork of Chrome (to add security features) and couldn't keep up with Chrome's development speed
      • the open source tax (when you don't contribute back your changes)
  • companies should pay developers to work on open source apps/modules that are used in the company.
    • my experience with helping an open source project (that we used), and then getting help from a key developer from that project in a hard problem that we were having
  • Question: "Why don't you open source your code?"
    • I bet the answer is a combination of:
      • "I don't think my code is good enough"
      • "I'm embarrassed about my code"
      • "Nobody will want to use my code"
    • the first thing to understand is that I have heard these same excuses from all sorts of developers and companies, for code in all sorts of quality and completeness.
    • this is your Lizard brain in action (making excuses of why you shouldn't do something)
    • the key is to just do it (add the license and slowly staring building the community)

The Cathedral and the Bazaar

  • https://en.wikipedia.org/wiki/The_Cathedral_and_the_Bazaar
  • In this book/essay Raymond provides 19 lessons which are still as relevant today (2018) as when they were published (1998)
    • Every good work of software starts by scratching a developer's personal itch.
    • Good programmers know what to write. Great ones know what to rewrite (and reuse).
    • Plan to throw one [version] away; you will, anyhow. (Copied from Frederick Brooks' The Mythical Man-Month)
    • If you have the right attitude, interesting problems will find you.
    • When you lose interest in a program, your last duty to it is to hand it off to a competent successor.
    • Treating your users as co-developers is your least-hassle route to rapid code improvement and effective debugging.
    • Release early. Release often. And listen to your customers.
    • Given a large enough beta-tester and co-developer base, almost every problem will be characterized quickly and the fix obvious to someone.
    • Smart data structures and dumb code works a lot better than the other way around.
    • If you treat your beta-testers as if they're your most valuable resource, they will respond by becoming your most valuable resource.
    • The next best thing to having good ideas is recognizing good ideas from your users. Sometimes the latter is better.
    • Often, the most striking and innovative solutions come from realizing that your concept of the problem was wrong.
    • Perfection (in design) is achieved not when there is nothing more to add, but rather when there is nothing more to take away. (Attributed to Antoine de Saint-Exupéry)
    • Any tool should be useful in the expected way, but a truly great tool lends itself to uses you never expected.
    • When writing gateway software of any kind, take pains to disturb the data stream as little as possible—and never throw away information unless the recipient forces you to!
    • When your language is nowhere near Turing-complete, syntactic sugar can be your friend.
    • A security system is only as secure as its secret. Beware of pseudo-secrets.
    • To solve an interesting problem, start by finding a problem that is interesting to you.
    • Provided the development coordinator has a communications medium at least as good as the Internet, and knows how to lead without coercion, many heads are inevitably better than one.

5.3 CPU

Topics to cover and ideas

  • power of assembly, the importance of learning how to code in ASM
  • how assembly relates to bytecode in .Net (MSIL) and Java
  • spectre and meltdown vulnerability
  • I learned how to code assembly by hand
    • a bit difficult (I was 13 at the time) but I had only one book and no internet
    • manually translated assembly code into binary (I didn't had an asm compiler at the time)
    • I was learning massively about architecture, memory layout, programming, etc… (without noticing). I was in the 'zone'
    • totally worth it
    • learning about hardware interupts, TSR (Terminate and Stay Resident),and kernel vs user land memory did wonders for my understanding of Window's programming/architecture and computer science
  • when I was 16 I programmed on the Motorola 68000 which was much easier and more interresting (the 68000 CPU was used in the Amiga, and was much more powerful that the x86 architecure (we still used today))
  • my peek and poke moment: 'change a pixel on screen' (and falling in love with programming)
  • mention history of processors:
    • Zilog Z80,Motorola 68000 and Intel x80, x286 and Pentium
      • "I remember when 286 was fast"
  • Great tools on windows are ollydbg and Ida Pro

Topics to cover and ideas

  • What is it
  • understand its history
  • Why was it created
  • Is it working
  • Positive side effects and Negative side effects
  • Copyleft
  • Opensource and Creative Commons are copyright licenses
  • Music and its relationship with copyright
    • what happens when the cost of distribution goes to zero
    • customers will still buy (if the product and distribution is right)

5.5 EFF

EFF (Electronic Frontier Foundation)

Topics to cover and ideas

  • https://www.eff.org/ (one of the logos for the cover)
  • brief history
  • major success stories
  • why is it important
  • why you should support them (add link)
  • net neutrality
  • hackers it defended in court (and other privacy related cases)
    • ones they won and lost

5.6 Free Sofware Foundation

Topics to cover and ideas

  • history
  • Richard's s story
  • copy left
  • why they were so important
  • the problem of not mapping it to a business model
  • the problem of taking an extreme view
  • key arguments have been won, but lost a lot of momentum (and not fulfilled it potential)
  • inevitability of Open Source
    • even Microsoft does open source these days (they were the ones that called open source 'cancer)'

5.7 OWASP

Part of building you brand and carrer is the participation in Open Source community groups like OWASP

OWASP (the Open Web Application Security Project) is a world wide organisation that is focused on Application Security.

Topics to cover and ideas

  • Great community
    • chapters, conferences, guidance, tools, books, summit
  • be involved
  • make of companies that are hiring now!
  • dramatic need for application security professionals
  • security is a key skills for developers (add AWS CTO quotes)
  • owasp summits
  • working sessions
  • chapters, join or start one
  • projects
    • JuiceShop
    • Top 10
    • mobile testing guide

5.8 Python

Topics to cover and ideas

  • Here is how it all started
  • what makes python special
  • how guido was hired by google
  • Guido van Rossum
    • https://twitter.com/gvanrossum/
    • guido created python when he was 35
    • https://gvanrossum.github.io/
      • http://neopythonic.blogspot.co.uk/2016/04/kings-day-speech.html
  • make reference to other languages like NodeJs

5.9 Slack

Slack is how we communicate daily (just like we used to using ICQ, MSN Messenger, Skype, Phone, Smoke Signals, etc…)

Topics to cover and ideas

  • Slack bots
  • Why slack one
  • Integrations
  • Copy and paste of images

5.10 WallabyJS


Topics to cover and ideas

  • why wallabyJS is a massive paradigm shift and why is it so good
    • real time test execution
    • only execution of tests affected by changes
    • ability to see the code coverage in real-time
    • ability to easily just run one test
      • which with the real-time coverage, provides a much better way to debug that the normal 'debug/breakpoint model'
    • ability to run all the tests impacted by an code change (blast radious of code changes)
  • the power of sub-second execution
    • when tests require more than 1 sec to run, there is some problem somewhere
    • only full end-to-end test should take that long
    • power of 'surrogate dependencies' (link to presentation)
  • we need similar capabilities for cloud infrasture
  • add ideas from Bret Victor's Inventing on principle presentation (name the need for inventors to be close to what they create and have quick feedback)

5.11 XCode

Topics to cover and ideas

  • Write your own mobile app today (now easy with Swift)

5.12 google


Topics to cover and ideas

  • do you know how to use google?
    • show examples of powerful google searches
    • google docks (and finding vulns and credentials via google)
  • google's history
  • why google won
  • what makes google algorithm work
  • show how google tracks all clicks (why you can't just copy an google's url)
  • Google move to graphs (see what happens when you search for a movie)

5.13 linux

Topics to cover and ideas

  • linux history (it all started by Linus Torvalds inspired by a MINIX system)
    • mention some of Linus views
  • Linux patch submitted by an 4 year old
  • most complex software in the world
    • git was created to manage the linux code development
  • you need to learn it, how to install kernel drivers, how to hack it, how to rebuilt it
  • power of raspberry pi is that it gives you a linux environment for you to play with
  • Mac is 'just about' linux under the hood (same heritage), but with a better UI and integrations

5.14 raspberry-pi

Topics to cover and ideas

  • why was it created
    • https://en.wikipedia.org/wiki/Raspberry_Pi_Foundation
    • https://www.makeuseof.com/tag/raspberry-pi-creditcard-sized-arm-computer-25/
  • use a raspberry PI to connect to a hardware (get one of the starter kits (add link). Make a led blink, create a mobile phone, etc..
  • connected to maker movement and IOT world
  • article Raspberry Pi device will 'reboot computing in schools'

6. Technologies

6.1 AST (Abstract Syntax Tree)


Topics to cover and ideas

  • Why is so important
  • How they work
    • object model of source code
    • amazing paradigm shift when one can 'see code as a graph'
  • Using AST to write tests
  • Powerful AST abstractions (specially when added the code refactoring mappings)
  • how code refactoring works
  • source code is not the best medium to consume code
    • explain how O2Platform's Method Streams work and how they are a lot more effective
    • what you want to see is all the code relevant to the path you are looking at
  • we also need the equivalent of AST and static complilation for all the 'coding' that exists in all the cloud environments and between services (i.e. we need a DSL)
    • for example for AWS lambdas and how they behave

6.2 AWS

AWS is Amazon's Cloud offering and is spectacular success story

Topics to cover and ideas

  • What is it
  • History
  • How it made Amazon the powerhouse it is today
  • Key technologies
    • route 53
    • EC2
    • S3
    • Container Service
    • Lambda
  • why the cloud revolution happened (why were they so successful)
    • the failure of sysops data centers to modernise
      • no scalability, failed to modernise, no shared resources, tool expensive, no shared learnings, insecure
    • the cost of installing one server (£2k to £5k in large companies)
    • vs the cost of spinning up entire racks (programmatically)
  • AWS today is as complex as an OS (windows or linux). It can only be managed in a programmatic way. But today the testing capabilities of AWS and other cloud providers is still very low (namely on end-to-end tests and configurations changes)
  • If you don't have an AWS or Azure or Google Cloud account, what are you wait for? All have really generous free tiers that allow you to try a large number of their capabilities for free. And as long as you shut down everything everyday, the costs shouldn't be that high.
  • AWS is what happens when a tech team becomes so good that is able to provide those services to 3rd parties
    • think about this, Amazon.co.uk is getting their IT and development costs paid by 3rd party companies (some direct competitors with Amazon)
    • https://www.investopedia.com/articles/investing/011316/what-amazon-web-services-and-why-it-so-successful.asp
    • https://qz.com/1051814/what-is-amazon-really/
    • Amazon in 2011 was shipping to production every 10s (http://assets.en.oreilly.com/1/event/60/Velocity%20Culture%20Presentation.pdf)

The amazon machine - how amazon become one of the best development houses in the world - https://www.ben-evans.com/benedictevans/2017/12/12/the-amazon-machine (great article that talks about the Amazon machine, which is the real power behind it)

6.3 DSL

DSL (Domain Specific Language)

Topics to cover and ideas

  • what are they
  • why are they so important
  • abstractions layers
    • make the code as simple as posible
    • .net extension methods are a great compiler trick to achieve very clean domain(ish) languages with strongly type
    • why support for static compilation and code complete is very important (groovy and javascript problem)
  • refactor the code to make it aligned with the bsuiness functions it is execution

6.4 Dopamine

Do you know what Dopamine is? Do you know why mobile phone notifications are so addictive?

  • https://en.wikipedia.org/wiki/Dopamine

Topics to cover and ideas

  • detox from your phone
  • detox from notificaitons
  • stop notifications
  • related to the Zone and Deep work concepts
  • Your ability to perform uninterrupted and focused work is one of your most important skills and a massive competitive advantage. This is how the best code is produced
  • you are addicted to your phone. Mobile phones 'attention grabbing activites' are the new smoking (they affect the brain)
  • "why do you have the huge to check your phone when you hear an interruption". it is like a thread has started in your brain that wont complete until you check it.
  • the problem is that these dopamine interruptions make you lose context (and lose the 'zone')

Notes Why We're All Addicted to Texts, Twitter and Google

6.5 Dot Language

Topics to cover and ideas

  • Graphs as code
  • Why is this such a big deal, major paradigm shift required
  • Why visio and other diagram tools don't scale
  • the fact that you can't control the diagram layout (in the same way you do in visio) is actually a major feature

6.6 IOT (Internet of Things)

Topics to cover and ideas

  • why it is big
  • what it means for programmers
  • massive job opportunities
  • the power of software vs hardware
  • it is all about code
  • security
    • most IOT vendors don't understand much about modern development practices and security
    • shodan google for IoT (find tons of vulnerable devices)
    • IoT worms (example of power grid exploit)
      • the ones that generated billions of requests and Tb of data
    • hacking baby cameras and dools
  • developers have a big responsibility here
  • risk's mappings of reality could be a great way to get vendors to do the right thing
  • Electricity analogy (take current devices and add AI)
  • it is already amongst us (controled by Siri and Alexa)
  • Arduino
    • What is it, why is it important, how much it costs
    • spend money on new IoT devices in kickstarter, for example on Arduino related projects (even better invent something and start a kickstarter campain, if that is successful, you will be highly employable)
    • get an arduino (or raspberry pi) and create your own IoT appliance for your home ( this is a great story to go on your CV)

6.7 Node JS

Topics to cover and ideas

  • why NodeJS took the world by storm
  • the power of async code
  • generating 20k requests with a couple lines of code
  • coding at the speed of thought (and type)
  • node history (based on chrome's V8)
  • the node forking incident (io.js)
    • why it was so important
    • why java could had done with a fork like that

7. Concepts

7.1 BDD (Behaviour-Driven Development)

Topics to cover and ideas

  • what is it
  • great evolution
  • where is works
    • when it works well it is amazing
  • great connection with business
  • can create bit white elaphants (like like Selenium)
    • requires quite a lot of discipline and investment to keep up to date
  • explain Gherkin language

7.2 TDD (Test-Driven Development)

Topics to cover and ideas

  • the most coverage you get, the more changes you are happy to make, the better the code is because you have the confidence to make the hundreds of small changes that the only way to create a high quality and scalable application
  • be a craftsman
  • explain history
  • key challenges
  • why the TDD community created dogma and lost the plot
  • if you don't have 100% code coverage, what are those bits of code not covered by tests? (what happens if that code changes)
  • everything should be tested
    • history of a site that went down for hours because of a one char (pipe) change in a nginx config file

** bugs as features**

  • replicate bugs first (before trying to fix them)
  • link my slideshare presentation on this topic

7.3 FDD (Feedback-Driven Development)

Topics to cover and ideas

  • real-time feedback in IDE (REPLs)
    • this is key to learn
    • run code as you lift your fingers or press save
  • show screenshot of my typical dev environment
  • wallabyjs
    • great example of what this UI needs to be
    • incredible how it has not be copied into all IDEs (as far as I can tell only NCrunch has the same features)
  • all code changes (except refactoring) should require a test change
    • see http://pitest.org/
    • see chaos engineering
  • every developer does tests all time
    • the question is how repeatable, scalable, mesuable those tests are
    • and how much context switching occurs
  • the FDD applies to much more than just coding (see chapter on "Inventing on Principle") it is also related to how we learn
  • Power of Feedback loops

7.4 Agile and Kanban

Topics to cover and ideas

  • history
  • why it worked
  • agile manifesto
    • https://www.agilealliance.org/agile101/the-agile-manifesto/
      • Individuals and interactions over processes and tools
      • Working software over comprehensive documentation
      • Customer collaboration over contract negotiation
      • Responding to change over following a plan
  • Software Craftsmanship
    • Not only working software , but also well-crafted software
    • Not only responding to change , but also steadily adding value
    • Not only individuals and interactions , but also a community of professionals
    • Not only customer collaboration , but also productive partnerships
  • Anton cords
  • explain concepts (with diagrams)
  • how agile become dogma and created environments where agile teams where not agile at all
    • processes become more important than understanding why something was being created in the first place, to much effort was put on estimates, to much focus was placed on what could be done in 2 weeks
  • Scrumbam is a nice alternative
  • The Mythical Man-Month

7.5 CV Testing

Topics to cover and ideas

7.6 Change

Topics to cover and ideas

7.7 Change Engineering

Topics to cover and ideas

  • what is it
  • see my slideshare presentation

7.8 Chaos Engineering

Topics to cover and ideas

  • Great concept (from 2017)
  • Security has been doing this for ages
  • Add references to site and best posts
  • focus on resilient systems
  • need to understand and visualize what is going on
    • a massive problem with micro-services (and any services/monolith) based application is vibility into what is going on (and even just getting good graphs is the first step, just ask anybody who has deployed AppDynamics)
  • integrate this concept with the SRE's 'Error Budget'
  • expand on the concept of 'Steady state' (and write tests for it)
    • how we want tests to replicate it

references:

7.9 Continuous Integration

Topics to cover and ideas

  • why it matters
  • how it works
  • key technologies
  • build your CI pipeline now
    • from your laptop to deployed site (push to production in seconds) - Hugo is a great way to see this in action
    • key paradigms shifts occur when one see this in action
    • Give example of EC2 environment with:
      • vulnerable website
      • ZAP (to generate attack traffic)
      • ELK (to visualise traffic)
      • Write security tests that execute against site
  • compare with CD (Continuous Delivery)O

7.10 Facts

Data-driven decisions


Topics to cover and ideas

  • be data and facts driven
  • science up your arguments (be intellectually curious)
  • check your sources
  • understand the agenda of who is talking to you
  • don't trust what is on the media namely when it is selling fear (after all if it is on the media it is because it is rare)
  • FUD (Fear Uncertainty and Doubt) - Used to be used a lot in the technology sector

7.11 Functional Programming

Topics to cover and ideas

  • explain how it works and the power of it
  • examples in Node
  • dangers of creating hard to read and debug code
    • I've seen cases where code exists that nobody really understands how it works (in Scala environments)
      • this is a security risk
      • developers though they were the problem (problem was function that was too complex)
      • it is not because you can that you should
      • code readability and maintainability (by the ones that have to maintain the code, not by the one who wrote it) is a big factor in the quality, value and risk of a piece of code
      • another situation is the ability to not create a full list of urls/endpoints (when function programming is used for handling web-requests)
  • when functions are objects
  • that said, when funtional programing is well used it can produce code that is super elegant and efficient

7.12 GDPR

Topics to cover and ideas

7.13 Gamification

  • Game Theory
  • add Ted talk on it
  • You (Gen Z) see this everyday in your digital interactions (the badges, the nudgets, the rewards, the streaks)
    • you are being manipulated into being hooked into the apps your used
    • you are the product, not the client
    • there are teams that their job is to find more ways to hook you (and your time) into their platform
      • supported by lots of Science and Research (into how we consciously and unconsciously behave)
    • understand when you are being played (or brains are not designed to control the stimulus we receive)
  • the power of nudges and FOMO (Fear Of Missing Out)
  • that said, as a developer this is a really powerful skil to have
    • when developing gamification systems quick feedback loops are critcal

7.14 Inventing on Principle


Topics to cover and ideas

  • Bret Victor's inventing on principle (https://vimeo.com/36579366)
  • (add transcription reference) <- print this and read it

7.15 Karma Points

Topics to cover and ideas

  • "Luck is when oportunity meets the prepared"
  • "make their day" - do this for everybody you work with a collaborate
  • never waste an oportunity to help others, to share knowledge and to create connections

7.16 Legacy Applications

Topics to cover and ideas

  • Why they happen
  • The code you are writing today will be legacy tomorrow
  • SecDevOps Legacy - and the opportunity of legacy applications (and why it might be a good idea to work on them)
    • best features: "no new features", "very low expectations of changes", "changes are supposed to be hard", "lots of low-hanging-fruit for refactoring"
    • add link and references to this presentation

7.17 Micro-Services

Topics to cover and ideas

  • explain concepts
  • where they work great
  • Swagger.io
  • problem of understanding how they work together
  • move from a 'blob of code' (the monolith app) into a 'large blog' (the constlation of Micro-services that nobody really has a good understanding of all moving parts and inter-dependencies)
    • this is where Chaos Monkey is a great tool to understand side effects

7.18 Netflix Culture

Read this https://jobs.netflix.com/culture

Here are their core concepts

  • Encourage independent decision-making by employees
  • Share information openly, broadly and deliberately
  • Are extraordinarily candid with each other
  • Keep only our highly effective people
  • Avoid rules

The best companies are (or will be) following these concepts, not because its 'cool' but because it makes companies more productive, more nimble and more profitable.


Topics to cover and ideas

-

7.19 Pair Programming


Topics to cover and ideas

  • https://en.wikipedia.org/wiki/Pair_programming
  • idea that pair programming is not optimal at the moment
  • When I code in a 'real-time coding environment' I am pair programming with myself
  • a much more interesting pair programing model is one where programmer A codes and programmer B writes the test
    • this is a situation where we actually want the more experienced programmer to be writing the code, since for code to scale we want 'coding excellence as BAU'
    • the more powerful and effective code the code written by the less experienced developer, the more scalable and effective the current development environment is
    • specially important, given the current skills shortage with developers and the companies preference to use an XYZ budget to hire 2x less experienced developers vs 1x more experience developers

7.20 REPL

Topics to cover and ideas

  • explain concept: Read Execute Print Loop
  • how O2 Platform did this really well
  • concept still not very well understood and used
    • some languages have added this to their core workflows (Scala for example)

7.21 Recursive Functions


Topics to cover and ideas

  • explain what they are
  • how power for symplicity
  • show dangers
  • the visitor pattern
  • vulnerabilities created by it (find SSL CA vuln presented by moxi at BH)

7.22 Serverless


Topics to cover and ideas

  • latest industry fad, but important development
  • important to understand why is it gaining momentum
  • important to understand the limitations
  • another example of the failure of Techops to innovate
  • the path to 'Serverless'
  • How AWS Lambda changed the paradigm
    • big example of how it can work in enterprise enviroments
    • lots of powerful side applications (for example creating AWS WAF rules)
      • Writing AWS WAF rules is a skill that would get you hired! (for example dynamically blocking IPs)
  • serverless doesn't mean 'no servers'
    • of course that there is a server, just that the app abstraction goes up another level (it lots of cases it is an function)
    • this will be successfully because it is massively cost effective (story of the crazy cost reductions and performance gains from moving to a lambda based architecture)
    • when you look at how much process and memory (in aggregate) is actually used in by apps in dev, qa and production, you will see that the amount of waste and over-provisioning is huge (i.e. resources not used)
    • once we add more scalable and dynamic micro-services architectures and applications that are able to 'self-degragade' their features based on load (and other factors like security), we will have a very powerful, resilient, available and secure application environment.

7.23 graphs

Topics to cover and ideas

-

8. Your CV

8.1 Blogs

Topics to cover and ideas

  • Workpress, medium, Blogger
  • find your voice
  • hard part are the first 50 blog posts
  • it is really hard to write
  • view it as an exercise
  • any feedback is healthy
  • amazing feeling when one post gain traction (and it referenced in sites like redit)
  • comments are gold (get rid of any kind of spam or link-bait in comments)
  • use your blog to ask questions (with data behind your question and the paths you have tried)
    • don't worry about how rusty and rough they are, what matter is that you have started to publish
    • it is your blog and you are learning
  • write about things you are doing on the day-to-day. explain your path and personal stories about making it to work
  • write for your future self
  • key concept: "answer questions made to you with a blog" (great way to write good/relevant content and scale your time (specially important when you get asked the same question by multiple people/colleagues))
    • i.e. when somebody asks you a question, write a blog post with the answer and send them the link to it
  • Blog titles are very important (since they help with SEO a lot)

8.2 Future Self

Topics to cover and ideas

  • create assets that will be useful for him/her
  • power of opensourcing your ideas
  • letters to a younger self are not that useful (unless you have a time machine)
  • this is why you want to share
  • example of how I use it (twitter case study)
  • use twitter as your personal search engine. Here is a perfect example that happened with me when writing this book:
    • image
      image
    • image
      image

8.3 Git

Topics to cover and ideas

  • git history: "Here is how it all started…"
    • what git means in the UK and in the US
  • "the opposite of SVN"
  • why is it called git
  • TED talk about 'git for the rest of us'
  • explain git architecture
    • graph and tree based
    • how every commit is connected to all commits (hashed together)
    • very similar to blockchain
    • the distributed nature of git
  • invented to scale
    • linux is one of the most complex and large software development project (and community) in the world
  • Git (version control) all your documents
  • Use Git as your backup
    • get a version of your code or document from a couple hours (or days) ago
  • write code that consumes Git Native objects
  • learn about git hooks namely the post commit ones
  • learn what is inside the .git folder
  • collaborate with your colleages (at school or work) using git (and GitHub/GitLab)
  • why forks and branching are so easy and fast in git (just a pointer)
  • graph based structure/database
  • in git the files don't exist on disk (the paths are dynamically generated based on the git graph) - "Git is fundamentally a content-addressable filesystem with a VCS user interface written on top of it" (https://git-scm.com/book/en/v1/Git-Internals)
    • this is why branching is so fast (no need to copy files to the file system)
    • best way to learn this is to clone a repo with lots of files and versions, and just checkout different branches (each with a different file structure). What is impressive in this example is how we can see major directories changing in seconds in front of us (i.e. with each branch checkout)
  • explain why git cannot store empty folders
  • by now (2018) we should have git based file systems
  • git is also great for site deployment
    • explain pattern of having a special web method that listen for github webhooks and triggers a pull (updating the site in seconds)
    • git deployment also works great for binaries (for example we one setup an git deployment workflow for .Net binaries). Upgrades and rollbacks become a simple fact of doing a git checkout
  • use Git everyday

8.4 Github

Topics to cover and ideas

  • use github as your personal back up and time machine
  • build on top of Open source
  • with a proprietary service on top
  • interesting open source challengers:
    • GitLab
    • Gogs https://github.com/gogits
  • amazing innovation, how many times it pushes to production everyday. GH is one of the best development teams in the world
  • Github is your CV
    • shows how you code, how you interact with others
    • your commits and pull requests show your voice
    • your accepted pull requests by other Open Source repos (the more popular the better) should go on your CV (they are your badges of honor)
    • number of people/projects using your tools ia validation of your skills (much better than LinkedIn recommentation system)
  • you should have a long tail of projects and forks (altough beware of the polution caused by forks that you don't contribute to). Keep this curated, since after all it is your research playground
  • Github Bug Bounty programme (Gamification)
  • use Github commit dashboard (a box for everyday that you did a commit) as a way to check 'how am I doing' (since you don't want to see big periods with no commits (warning: don't go over the top and try to have a commit EVERY day, sometimes it is good to rest and not commit anything)
  • Use GitHub projects to understand the Kanban workflow

8.5 LinkedIn

Topics to cover and ideas

  • Your cv
  • connect to people so that you can reach them
  • build your network
  • get recommendations
  • Graph database
  • bought by Microsoft
  • low signal/noise ration (and they have a really bad email/messaging system)

8.6 Upwork

Topics to cover and ideas

  • what is it
  • how it works
  • how we use it
  • success stories in finding talent in Upwork
  • on demand economy (not just a race to the bottom)
  • can be used to hire any type of professional
  • Upwork and Upwork enterprise (good to get a monthly bill)
  • use upwork to scale up your tasks
    • make good ecoconmic decisions (who is faster and more cost effective to do particular task)
    • delegating to a freelancer is really hard (and one that you need to learn)

8.7 leanpub

  • reference leanpub manifest
  • more than just a website
  • great culture
  • use it to publish your books
  • direct connection with your readers
  • story: how I built this book using leanpub
  • story: all the other leanpub books that I have not completed
  • pricing strategy: is it better a) less readers by all are paid b) lots more readers: and a significant percentage is not paying
  • publish early and often
    • email readers on new versions
  • ability to get a print-ready pdf (who can be used to print on amazon.com or amazon.co.uk)
    • there are print on demand books, with no cost to you

8.8 twitter

Topics to cover and ideas

  • Use it only for your carrer (no personal, tweets)
  • Tweet for your future self
  • use as archive
  • Create connections with professionals
  • '…you will be amazed how approachable some of the most knowledgeable professionals are'
  • see future self chapter for an example of me using twitter as my personal search engine

9. Security

9.1 3rd-party-modules

Topics to cover and ideas

  • package management systems (https://en.wikipedia.org/wiki/List_of_software_package_management_systems)
  • massive problem for quality and securtiy
    • add examples of npm changes that broke tons of apps
      • https://medium.freecodecamp.org/npm-package-hijacking-from-the-hijackers-perspective-af0c48ab9922
    • add story about nmp module hack (simulated)
  • this applies to both open source and proprietary code
    • at least with open source we have the ability to see that is inside the code (at least we have a change to detect and even fix (if we are paying attention))
      • and eventually as a community we will be able to add (or paid for) enough eyeballs to review it (namely the dependencies we use)
      • we can leverage the community's trust in packages (just like AVs today) and be able to quickly propagate information about bad packages
        • https://snyk.io/ is a really good commercial service in this space
  • Bitcoin mining
    • injection in 3rd party javascript library (to which read out webpages for blind or partially sighted people) hit tons of websites in the uk https://www.theregister.co.uk/2018/02/11/browsealoud_compromised_coinhive/
    • Bitcoin mining via module injection is going to dramatically change the security of 3rd party modules, since there is now a business model for attacking 3rd party modules (up until now the options to monetise those libraries was not very easy). Just to be clear, the reason more 3rd party libraries (used my millions of applications) have not been compromised is not because they were developed and deployed securely, it was just that the malicious attackers did not a good business model to exploit it (now they do)
    • there is even an interesting question if it is ok for popular open source libraries to mine bitcoins from their users.
      • for example what if JQuery did this and it took 0.1% of the user's CPU (or %1% of the QA servers) and used these funds to support the develpment of the next version (and pay for example for dedicated developers or security reviews)
      • this could solve the problem of how to fund the development of popular open source frameworks
      • maybe the browsers or servers could even support this natively (with 5% or 10% of CPU allocated for 3rd party services bitcoin mining)
      • Add story behind the developers that were thinking of doing this using the sleep function

9.2 Bug Bounties

Topics to cover and ideas

  • big business these days
  • talk about history of it

9.3 Defcon

Topics to cover and ideas

  • Defcon
  • relation with Blackhat
    • list other important security conferences (including OWASP)
  • attendees got arrested , bit clashes with companies
  • this was before bug bounties
  • my experience at presenting at DefCon (how my research was done over there). Talk some details about the vulnerability we discovered and how it was exploited
  • 'why you should go to defcon' -

9.4 Pointers


Topics to cover and ideas

  • How they work
    • C/C++ programing will really help to understand how it works
  • how all methods calls in Java and .NET are pointers
  • how managed languages solve this
    • is .NET managed? (who is enforcing the type?)
  • understand the difference between Stack and Heap
  • understand and exploit buffer overflows (stack and heap based exploits)
    • Countermeasures
      • Canaries
      • ASLR (Address space layout randomization)
    • understanding how buffer overflows work will do wonders for your understanding on how memory works

9.5 Security creates better developers

Topics to cover and ideas

  • Security requires to go deep
  • to really understand what is going on
  • promotes a 'problem solving' and 'pragmatic' approach that is very useful in development

9.6 Strings should be banned

Topics to cover and ideas

  • Strings are not strongly typed
  • You never want a string , you want a specific type (with a very specific format/regex)
  • Strings are 4Gb monsters
  • What happens is some fields are given 100k of data (what is the impact on the back end
  • Each layer needs to validate all data that it receives and consumes
  • add link to John W article

10. Life Patterns

10.1 BBS and Modems

Topics to cover and ideas

  • How it blew up my home's telephone systems trying out BBS (I had to manually disconnect the phone line and recreate the plug to connect to the modem)
  • story on my first connections to an BBS (with sync communications) and the files I downloaded from them
  • story of the first BBS we published and the first couple users we had
  • expand on other network concepts
    • TCP vs UDP
    • Routers
    • NAT
  • publish your own server on your own broadband connection (easy to do)
  • see this video Warriors of the net published in 2002 which is a brilliant explanation of the internet, tcp packets and even security. I remember being the first time I actually visualised how the internet and its multiple components work (now take a step back and realise that all of that happens in milliseconds around the world in today's technology)
    • these are really important concepts to understand

10.2 Curse of Knowledge

Topics to cover and ideas

  • (find book that mentioned it)
  • tapping a song story
  • the power and problem of making paradigm shifts
    • very hard to see and remember what the world/pattern/idea looked like before making the paradigm shift
  • where's wally story
    • very hard to unsee

10.3 Ideas


Topics to cover and ideas

  • Ideas need to be protected
  • (find video of Steve Jobs and Jonny Ive talking about ideas)
  • http://www.businessinsider.com/steve-jobs-ideas-2014-3?IR=T
  • the more ideas you generate the more ideas you will have. Capture them on books, create hyperlinked connections between them
  • in my mind, ideas are like little fairies (which are fragile and precious and need to be protected/nurtured).
    • every time an idea is not captured and hyperlinked, it is like a killing one of those fairies (since in most cases those ideas will be lost forever)

10.4 Impostor Syndrome

Impostor syndrome (also known as impostor phenomenon, fraud syndrome or the impostor experience) is a concept describing individuals who are marked by an inability to internalize their accomplishments and a persistent fear of being exposed as a "fraud". wikipedia

This happens all the time to a lot of people, and can be very damaging to your career.

You really need to understand that everybody as doubts about their capacities and everybody makes mistakes. Your value is on your ability to execute and it is key that you learn to share what you do and be confortable with what you create.

Topics to cover and ideas

  • find post about what can happen (quickly) after Impostor Syndrome
    • Fraudster Syndrome (or something similar)
      • "I'm past it"
      • "it was a good run, but now I can't do it anymore"

10.5 Kind is naked

Topics to cover and ideas

  • always be ready to challenge status quo
  • Steve jobs quote ("it has always been done like that")
  • don't assume that because a lot of people are doing, doesn't make it right or that it cannot be changed
  • my barefoot walking story
    • mainly social
    • hard on the mind
    • I liked it a lot
    • "it is not because 99.9% of others don't do it, that makes it wrong"
  • every major changes in our culture or society started with a small number of 'rebels'
  • our industry (IT, development, security) is very receptive and encouraging of different ways of thinking

10.6 Learn to Hack


Topics to cover and ideas

  • You need to learn how to hack
  • understand what hacking is and what is its history (and how the media is the one that gave it a bad name)
  • great OWASP resources (WebGoat, JuiceShop, Testing Guides)
  • in order to write secure code you need to understand how to exploit it

10.7 Mentors

Topics to cover and ideas

  • find them
  • you will be surprised by how approachable they are
    • if you have the right attitude, the mentors will see themselves in you (which is why most have a soft spot to help)
  • Books and publications are great mentors
  • use the ones that you can physically or digially reach
  • push your company or school to create mentor network (based on Slack for example)
    • this is what we did at Photobox Group Security
  • What 5,000 Gen Z’ers Tell Us About the Future of Work - see reference on importance of mentoring

10.8 Publish, Publish Publish


Topics to cover and ideas

  • why is important to publish all the time
  • graph that shows how great minds and artists publish a lot (the frequency of publishing is one the best indications of talent)
  • story of how this book is being written and how as soon as I had some content (20% done) I published it on Leanpub

10.9 Refactoring

{{% panel theme="success" header="Topics to cover" %}}

  • What is it
  • How to apply to your life {{% /panel %}}

10.10 Start with Why

Topics to cover and ideas

  • key concepts from 'Start with Why' presentation
    • Why
    • How
    • What
  • point is not to challenge everything, but to understand why things happen, or why we are doing something

10.11 The Zone

Topics to cover and ideas

  • prob is constant interruptions
  • Deep work (https://www.amazon.co.uk/Deep-Work-Focused-Success-Distracted/dp/0349411905)
  • "tap dancing to work", "Still day one" - Jeff bezos
  • two different types of zone
  • learn to be comfortable with incremental improvements. Detect moments of diminishing returns
  • learn how to play the game of 'compound effects of ideas and capabilities'
  • do the 'Happy dance'
    • always celebrate minor achievements
    • journey is the most important part (destination is usually very anti-climatic)
  • learn to trust that the next Zone will occur and learn with the periods when you are not in the Zone
    • what is scary is when 'ideas stop flowing'
  • there are ways to try to get into the Zone (professional athletes and musicians do it all the time)

10.12 Thinking as programmer

Topics to cover and ideas

  • Elon Musk "cost of rocket's atoms"

10.13 Workflows

Topics to cover and ideas

  • Thinking in systems and workflows
  • this is actually how most programming works
  • create systems with
    • Incremental Gains
    • Marginal gains theory
  • power of digital flows and analogue flows
  • what I look for in a workflow
  • why books work but a type-writter doesn't
  • show JIRA workflows examples
  • explain workflow I'm using when writing this book
    • for example print, make notes, digitalise notes, repeat

11. Misc

11.1 Diagrams to add

  • Info-graphic on GenerationZ - https://twitter.com/B_La_D/status/965704619035906050

11.2 Generation Z Research

articles - Why Generation Z will change the world -If you’re over 25, you’re probably wrong about Generation Z. They’re the best crop of teenagers America has ever produced.

videos

11.3 O2 Platform

Topics to cover and ideas

  • explain what is it
  • o2platform.com , https://github.com/o2platform
  • fluentnode and fluentsharp
  • REPL
  • how this was my php
    • spent a year coding it
    • unlucky to come out of it when the economy crashed
  • what I've learned

11.4 Stories to tell

Topics to cover and ideas

  • Monkey in cage that don't get the bananas from celling
  • My dad's "Building a university in field story"
  • FISH! 4 concepts
    • Be present
    • Chose your attitude
    • make their day
    • play
  • curse of knowledge (find book where I read it)
  • the dip
  • "disagree and commit"
  • "you are the product" - you need to regain control of your data
  • "Great minds discuss ideas; average minds discuss events; small minds discuss people."
  • "Mathematician's Lament"
  • https://waitbutwhy.com/ references
  • https://haveibeenpwned.com/