Relay compiler and VSCode

If you are using relay to make your graphql development easier (it generates typescript types from your graphql schemas). This can make working with VSCode difficult as the IDE sometimes has a different view of the world to the latest generated version.

I have found the following extension for VSCode: Relay for VSCode I plan to try this tomorrow to see if it helps.

This may also help testing the components that use relay:

It’s impossible to secure the browser!

If you are exposing an endpoint to your front end on the public internet then it can be called at any time. There is no way to ensure that the call came from a browser. The only sane approach is to assume that any endpoint that you are exposing to the browser is a public API and should be treated as such (with the exception of ensuring backwards compatibility – private API’s are still subject to change/retirement without notice).

This also means that any javascript that you embed in the page and download to the browser will include a map of your exposed backend services and examples of how to authenticate and use it. Obfuscation will only go so far – the urls struct that you send out will be included in the messages.

Functional Domain Models and CQRS

I started brushing up on my DDD skills by re-reading Evans.(2004).
The main inspiration was to determine how to document a domain model.

Various searches led me to this article:

It’s the start of a series of articles on Event Sourcing/CQRS in Elixir. The sample application is about consent for medical records, but looks to be ideal for consent for GDPR!

This is a great introduction to CQRS with a functional approach.

The underlying git repository is here:

How To Have Boring Releases

Typically you would want to advertise exciting features when advertising a book. This time I want to prome boring releases.

This book includes a chapter on how we managed to take the drama out of releasing software. The software we released was exciting, but the actual releases were calm and measured. In one case we had a project manager prepare 30 scenarios, 27 bad and 3 good. In the end it went so well that none of the good scenarios applied. This was the digital release of the Cursed Child Script book.

Here is the book including a chapter on how we made the magic:

GDPR Compliance is Not A Afterthought

Here is the guidance from the ICO,by%20design%20and%20by%20default’.

The idea is that any system that is being worked on requires data protection by design and default.

This includes:

Asking permission from the user to use their personal information. If they need to opt in this needs to be explicit rather than assumed. (There are some circustances where permission is not required, but you need to make the owner of the data aware).

You should also record the version of the privacy notice that they accepted. If the terms change to include additional usage then permission needs to be requested again before the data is used. Permission may also be withdrawn.

The use, storage and processes must be clear. Breaches of these need to be reported to the authorities and affected users.

Fully doing this is not simple. There are benefits. This will typically require personal data to be held in a single place which can simplify processes (less duplication and inconsistency). The need to understand your internal processes will also help. It forces good communication practices.

How To Effectively Report a bug

If you want to report a bug to a (typically an open source) project. Follow these steps:

Check if the bug is already in the tracker. If so see if you could add a new test case to demonstrste the issue.

If it is not in the tracker create a simple test case that demonstrates the problem. Being able to recreate the issue makes it far easier to work on, making it far more likely to be picked to work on.

If you know how to fix the problem check that they accept Pull Requests and supply one. Allow the maintainer to edit it. Its likely that you are going to have missed some internal rules of the project.

Contributions to documentation are really appreciated by maintainers.

Small Improvements

I have been following Codurance Fireside Chats (This is Episode 38).

Public Interest Note: I currently work for Codurance.

In this episode Sandro mentions that there is very little impact that you can have in 20% of the time.
I disagree, you can achieve a big impact with small changes over an extended period.

A good example came when I was supporting a production client system (in addition to other new development work). At the start of each day I would check the most frequent error listed in the logs for the past 24 hours. I would either try and resolve that error or improve the logging so that it can be resolved in the future. This would take less than 15 minutes per day.

There is an interesting statistical effect that happens in any distribution of events. It is extremely unlikely that everything happens at the same frequency. Certain items will dominate the sample.. Items that have identical frequencies are likely to be coupled (such as a system reporting the same error in two places). This is known as the Power Law

By using the Power Law I was able to significantly reduce the volume of error messages. The top 5 formed 50% of the overall messages so in a week the error volume had halved. This made the error logs easier to read. This process repeated for a few months and eventually there were only a handful of errors left that were so infrequent as to not be worth fixing. The next target was the warnings.

This makes a great principle: try and fix or improve one small thing each day. Even if the rest of the day is fairly monotonous at least you have that one small win. By the end of a year you will have hundreds of small wins which should be significant (even if some of them had to be rolled back).