Joe Emison - 10X Product Development
-
Upload
serverlessconf -
Category
Internet
-
view
7.471 -
download
2
Transcript of Joe Emison - 10X Product Development
10X Product DevelopmentLessons Learned and Detailed Architectures from Building Two Serverless Applications
@joeemisonMay 2016
Joe Emison @joeemison
ASSERTIONS
Product-market fit is paramount.
10X software developers do not exist.
10X product development does.
2
Joe Emison @joeemison
ASSERTIONS
• Spend development time on business-specific code
• Don’t make things people won’t use
• Don’t build things you can buy (rent)
• Stop regressions
• Maximize iterations with customers
• Big changes
• Frequent deploys
• Minimize dependences
• Don’t make developers wait (IT Ops, DBAs, Other Devs)
• Don’t make developers stop (incomplete specifications)
3
10X Product Development
Pick your development processes, staffing, and stack based on the above
Joe Emison @joeemison
COMMERCIAL SEARCH
• Zillow/Trulia/Realtor.com for Commercial Real Estate
• Demo: Search, Details, Find Broker, Login, Add Listing
4
https://www.commercialsearch.com/
Joe Emison @joeemison
COMMERCIAL SEARCH
5
https://www.commercialsearch.com/
Netlify- HTML
- CSS
- JS
Prerender.io
User BrowserAlgolia- Full Text Search
- Facet Search
- Geo Search
Auth Firebase
ETL / Queue Servers
Joe Emison @joeemison
COMMERCIAL SEARCH
• Launched in 4 months with 2 developers
• 13,307 lines of TypeScript
• 95%+ Developer Efficiency (developers deliver at estimates, few regressions)
• Conceptually: Microservices architecture, but we only wrote the core• If we were using ElasticSearch, we’d need a proxy middle tier between Angular and ES
• If we used a more traditional way of handling images (e.g., RoR with image-handling
libraries), we’d have another language and servers to support for availability (and have to
update for security)
• If we hosted our static assets on our own web server, we’d have those servers to support
for availability (and have to update for security)
6
https://www.commercialsearch.com/
Joe Emison @joeemison
LESSONS LEARNED / PAIN POINTS
• The Firebase dashboard has some limits with larger datasets (but API works fine)
• Developer learning curve from RDBMS to Firebase is non-trivial, but not insane
• Cloudinary configurations are non-obvious; need to use their (very good) support
• Algolia needs new dependent indices for each sort criteria/direction
7
Joe Emison @joeemison
PROPERTY TOUR PRO
• Tour Book (PDF, mobile web) generator for commercial
real estate brokers
• Demo: Login with LinkedIn, Add Property, View Amenities,
Crop Image, Export PDF
8
https://www.propertytourpro.com/
Joe Emison @joeemison
PROPERTY TOUR PRO
9
https://www.propertytourpro.com/
DocRaptor(PDF Generation)
User
Brower
Firebase
Auth0
Firebase Hosting- HTML
- CSS
- JS
Auth0 Webtask(simple secure JS code runner)
Joe Emison @joeemison
LESSONS LEARNED / PAIN POINTS
• Don’t use AngularFire – triple-binding just gets too slow
• CORS (and private API keys) means that you can’t hit third-party APIs
directly; use Webtask
• Auth0 is great, but documentation is frustrating
• DocRaptor doesn’t compress PDFs/images well, so you have to do that
through Cloudinary
10
Joe Emison @joeemison
WHY NOT AWS?
• AWS Serverless is about back-end processing, which we have largely outsourced• AWS Serverless is complicated: IAM + Cognito + API Gateway + Lambda
• Compare: Auth0 Webtask to Lambda + API Gateway + IAM + Cognito• Compare: Firebase to Lambda + API Gateway + IAM + Cognito + DynamoDB• Compare: Firebase Queues to Lambda + API Gateway + IAM + Cognito + SQS
• Serverless Framework, so many support libraries for Lambda are examples of what’s missing in the product
11
Joe Emison @joeemison
SECURITY
12
• Netlify
– Read-only assets (code for client)
• Algolia– Read-only based on API key shared with client
that has strict rate limits by session + IP
– Authenticated users could each have own API
key (but not implemented yet)
• Cloudinary– Images uploaded into moderated queue
(WebPurify human-driven moderation)
– Retrieval of images forced through watermarking
transformation
• Firebase– Advanced security rules evaluated as JavaScript
expressions; uses Firebase Auth
– Each listing has a set of users that can edit it
– User prefs only read / write by individual users
– Rate limits on retrieval
Joe Emison @joeemison
SECURITY
13
Joe Emison @joeemison
READ MORE / CONTACT ME
InformationWeek: http://j.mp/emisonIW
Network Computing: http://j.mp/emisonNC
The New Stack: http://j.mp/emisonTNS
14
@joeemison