Generation Z 2

Generation Z Developers
Key concepts and ideas for the next generation of developers
Dinis Cruz
This book is for sale at http://leanpub.com/generation-z
This version was published on 2018-03-05
This is a Leanpub book. Leanpub empowers authors and publishers with the Lean Publishing process.
Lean Publishing is the act of publishing an in-progress ebook using lightweight tools and many
iterations to get reader feedback, pivot until you have the right book and build traction once you do.
This work is licensed under a Creative Commons Attribution 4.0 International License
Also By Dinis Cruz
Practical Git and GitHub
Practical AngularJS
Practical Eclipse Plugin Development
Practical Jni4Net
Thoughts on OWASP
Exploiting MVC Model Binding
Practical O2 Platform Tools
SecDevOps Risk Workflow
Hacking Portugal
Contents
0.1 GitHub Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
I Generation Z Developers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1 Generation Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
1.2 How to get a job . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
2. What is this . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.1 Docker . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
3. Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.1 Books . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
3.2 Pen and Paper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
3.3 Brain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.4 Hugo . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.5 Machine Learning and AI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.6 Jira . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
4. Life Patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.1 Learning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.2 Be a founder . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.3 Backup your life . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
4.4 The future needs you . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
II Draft Chapters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
5. What is this . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.1 Creative Commons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.2 Open Source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
5.3 CPU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
5.4 Copyright . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
5.5 EFF . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
5.6 Free Sofware Foundation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
5.7 OWASP . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.8 Python . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
5.9 Slack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
5.10 WallabyJS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
5.11 XCode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
CONTENTS
5.12 google . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
5.13 linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
5.14 raspberry-pi . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
6. Technologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
6.1 AST (Abstract Syntax Tree) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
6.2 AWS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
6.3 DSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
6.4 Dopamine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
6.5 Dot Language . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
6.6 IOT (Internet of Things) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
6.7 Node JS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
7. Concepts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
7.1 BDD (Behaviour-Driven Development) . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
7.2 TDD (Test-Driven Development) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
7.3 FDD (Feedback-Driven Development) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
7.4 Agile and Kanban . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
7.5 CV Testing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
7.6 Change . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
7.7 Change Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
7.8 Chaos Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
7.9 Continuous Integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
7.10 Facts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
7.11 Functional Programming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
7.12 GDPR . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
7.13 Gamification . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
7.14 Inventing on Principle . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
7.15 Karma Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
7.16 Legacy Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
7.17 Micro-Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
7.18 Netflix Culture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
7.19 Pair Programming . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
7.20 REPL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
7.21 Recursive Functions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
7.22 Serverless . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
7.23 graphs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
8. Your CV . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
8.1 Blogs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
8.2 Future Self . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
8.3 Git . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
8.4 Github . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
8.5 LinkedIn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
8.6 Upwork . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
8.7 leanpub . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
8.8 twitter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
9. Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
9.1 3rd-party-modules . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
CONTENTS
9.2 Bug Bounties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

9.3 Defcon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
9.4 Pointers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
9.5 Security creates better developers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
9.6 Strings should be banned . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
10. Life Patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

10.1 BBS and Modems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
10.2 Curse of Knowledge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
10.3 Ideas . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
10.4 Impostor Syndrome . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
10.5 Kind is naked . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
10.6 Learn to Hack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
10.7 Mentors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
10.8 Publish, Publish Publish . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
10.9 Refactoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
10.10 Start with Why . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
10.11 The Zone . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
10.12 Thinking as programmer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
10.13 Workflows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
11. Misc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
11.1 Diagrams to add . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
11.2 Generation Z Research . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
11.3 O2 Platform . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
11.4 Stories to tell . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
CONTENTS 1
0.1 GitHub Issues
All content related to this book is hosted at the GitHub DinisCruz/Book_Generation_Z_Developer1 repo.
This repo not only contains all text (in Markdown), but also all pending issues and ideas2 . I’m using the
exact workflow and ideas presented in this book in the development of this book :)
You can read more about GitHub and Git in the respective chapters, but if you want to be involved in an
open source and Creative Commons project, this would be a good place to start.
Here are the current list of issues (as of the last time this book was generated) that you can help out
Issues list
Using GitHub api on 05 Mar 2018 the following 5 issues had the show-in-book label:
• Add chapter on ’cloud-native’ : #63

• Add chapter on ’Typography and Design’ : #54
• Add chapter on ’Closure’ : #45
• Re-apply context fixes submitted to Build repo : #36
• Add chapter on ’Coordinated Disclosure’ : #27
1
https://github.com/DinisCruz/Book_Generation_Z_Developer
2
https://github.com/DinisCruz/Book_Generation_Z_Developer/issues
3
https://api.github.com/repos/DinisCruz/Book_Generation_Z_Developer/issues/6
4
5
6
7
I Generation Z Developers
1. Introduction
Hi Generation Z Developer, if you are passionate developer who wants to learn as much as you can about
your craft, this is the book for you.
I decided to write this book after doing a series of presentations to Gen Z audiences, where I realised
a number of key gaps in your generation is understanding of the history behind a number of key
technologies that underpin the technological revolution that we are the in middle of.
Here is the slide that started it all, how many do you recognize?
My presentation started by me asking the audience if they recognized those logos, and then realising
that not only they didn’t recognised most of the logos, they didn’t knew the history behind them. More
importantly why they where created, and what was the problem (or itch) they addressesed
All these icons where ’catalysts of change’ and it is important to understand the history behind them, why
they occured, and what happened next
Each one of these icons changed the world of technology, and the paradigms shifts that they created and
still impacting our world today.
For example one of these changes/revolutions was the Creative Commons copyright license, which was
one of my ’WFT you don’t know what that means’ realizations. Creative Commons gives a number
of rights to the consumer of creations. This book is release under an ’Creative Commons Attribution-
ShareAlike 4.0’ license, which basically means you are free (as in freedom) to use all the materials and
content from this book (only requirements are that you provide some acknoledgement of the source and
that you use a similar license). You can even sell books based on content from this book.
As you will seen thorough the book, what I find interesting, is not that that a particular technology or
ideas allowed X to happen. What matters to me are the ways those ideas change how we act, how we
think and how we behave.
We are in the middle of a massive technological and cultural revolution and you need to decide if you
want to be a pawn, a player or even a play-maker in this new world. If you don’t understand the past, you
are bound to not only repeat past mistakes, but you will not even understand what game is being played.
Introduction 4
Please join me in this interesting trip down memory lane, where I will try to explain how I understand
and learned from a multitude number of technologies, ideas and events.
Be involved and contribute
If you have never contributed to an Open Source (or Creative Commons) project, then what about using
this book as your first experiments?
You can find all content for this book in this GitHub repo1 and you can submit ideas and issues (you found
when reading this book) here2
Please share your views, suggestions and criticisms and don’t hesitate to reach out to me on @DinisCruz3
1.1 Generation Z
Generation Z is the generation that was born after 19964 and represents a very interesting mix of great
values and digital capabilities.
The older members of this generation at about 22 years old at the moment (2018), they where 11 when
the first iPhone come out (2007) and are the first real digital/online generation (they never experienced a
world without internet or without google). This is the generation that is entering the market place at the
moment.
In addition to having personal experience with this generation (I have two daughters aged 12 and 14), I
have been involved (professionally) in a number of projects with this generation (for example teaching
High School kids in the UK how to ’hack’ and working with projects that aim at teaching developers
coding skills usable in the real-world).
The reason I’m focusing on this Generation, due to my realization that they missed a number of
key revolutions (in the technology space) whose history understanding is fundamental (in order to be
competitive in the market place).
In hindsight this is normal, since we (as a society) still don’t do a very good job at explaining why things
happened and why did they where needed in the first place.
Without an understanding of the past, we only learn from shadows and curated versions of reality.
I’m worried about Gen Z
Although Gen Z have some spectacular features and values (for example they are much more tolerant
and diverse than previous generations), they have a lack of intellectual curiosity that worries me
We need to learn from the past (in order not to repeat it), but lots of key technological revolutions and
paradigm shifts seem to be not understood by Gen Z
Ironically, in an age when information and knowledge is a click (or google search) away, in conversation
after conversation with Gen Z teenagers, I’ve found that they have a very thin understanding of the history
of particular technologies, why they occurred in the first place and what problem they tried to solve.
My hope with this book is to break through those gaps, and provide context and references, so that better
informed decisions can be made by members of this generation (who will need to save the world from
the mess the previous generations are creating)
1
https://github.com/DinisCruz/Book_Generation_Z_Developer
2
https://github.com/DinisCruz/Book_Generation_Z_Developer/issues
3
https://twitter.com/DinisCruz
4
https://twitter.com/PaoliCGPI/status/961121404048601088
Introduction 5
Overwhelming curiosity
What I hope to provide is a couple moments where you get this overwhelming curiosity to just learn more
about topic, where you start to follow link after link about a particular topic, and that you get a number
of ’WOW, that is fr**** awesome!’ moments
If you are lucky enough to find yourself in this place, congratulations, you just found ’the zone’ which is
this amazing enviroment when you are single minded and 100% focused learning (which is the best way
to learn)
Whenever you find yourself with this headspace, dont stop! Fololow it as long as your brain allows it, and
don’t stop for anything (namely social events, eat or sleep). This ’zone’ is a magical place to be , so learn
to recognize when you are inside it and explore it as much as you can.
1.2 How to get a job
One of my objectives with his book is to help you to find a great job, one that you will love to go everyday,
one where you are in a steep learning curve and one that aligns what you passionate about with what
your employeer is happy to pay for.
It is very important to realise that if you are in an job (or school) where your learning curve is not off-the-
charts, you are short-changing your life and your career. Nobody cares as much about your carer as you
do, and you are the only one that has full control over your attitude to learning. You can chose everyday
on how engaged and receptive you are to learn and to help others to help you learn. It is not exaggeration
to say that you decide your future’s direction and path with every decision that you make everyday.
There is a lot of competition out there and if you look at what is coming next (namely AI and the next
billion of internet users), you need to maximise your changes and opportunities.
I really like the Gen Z realization that a job is something that should be rewarding and not just a way
to make money. After all the best job is when you are paid to do something that you would do for free.
Although I am very fortunate to be in that situation, where I love my job and what I do every day, that
didn’t happened by accident. I made a number of key decisions in my life (some with very short-term
negative implications) that allowed me to align what I love to do with what the market wants to pay.
Being passionate and love your job
Find what you are passionate for, what you really care about, and align your carrer with those ideas. The
best part is that this is a massive win-win situation, since the more passionate you are about a particular
topic, the more you care about it, and the more valuable you are the company that is employing you to
work on those topics.
Having one competitive advantage
The best way to get a job is to have 1 (one) competitive advantage. One activity or task that you can do
better than the person/company hiring you. For example in the 1990s for a lot of companies it was using
a computer, in the 2000s is was using the internet. For development or security, for a while all it took
was good programming or hacking experience. Although it might look that the bar was lower those days,
the reality is that the ones that could do it, where the ones that proactively embraced those technologies
and learned them agaist all odds (at the time when most companies, including technological companies,
where ignoring it). These days, it is thinks like: ML/AI, Graphs, Chaos Engineering, GitHub, Git, Jira,
Creative Commons, Continuous Integration, AWS, WallabyJs and the other technologies/ideas covered in
this book :)
Own your carer development
Introduction 6
You are the one that is in change of your carer. Don’t let anybody tell you what you should be doing and
what paths to follow. You need to discover these paths by yourself (via trial and error), and a great way
to do that is to work for companies that are alligned with those paths
And how do you start working with those companies?
Easy, start collaborating on their Open Source projects. Act like you are part of the company (understand
their values, and behave in ways that that add value to that company, namely the tech stack)
Start by meeting offline and online the key individuals (and developers) from those companies and
communities in a way that adds value to them . Build relationships that will teach you a lot, and potentially
lead to very interesting job offers (or references). Start learning how to add value and how to become
really good at proactively solving problems (which is one of the most valuable assets you can bring to a
company)
What is interesting is that there is nothing stopping you from doing this!
So why don’t you?
After all you have nothing to lose? (and all to gain)
2. What is this
Important ideas and technologies to understand what they are that why they where created in the first
place.
2.1 Docker
As a developer it is critical that you understand how docker works and how it became so successful and
widely used.
The first time I saw and used docker, I was massively impressed by its simplicity and its potential to
change how not only applications are deployed, but how applications are developed and sandboxed.
To understand Docker and its power, the first concept to master is how docker is a ”process that exposes
a multi-layered file system as an fully isolated OS”
It is easy to see Docker as just a faster VM environment or a faster Vagrant (which is a way to
programmatically create VMs). I’ve seen companies that because they had automated VM deployments to
such an extent (i.e. they become really good at automating the creation and deployment of multi-gigabyte
VMs) they dismissed Docker as just another IT fad.
The problem is that Docker is much more than just a faster VM. Btw, by fast, I mean super-fast. normal
VMs book in minutes, Docker can give you a fully working Ubuntu box with Node installed in sub second
start time.
Docker starts in second(s) because it is just a process. The magic sauce is created by:
1. a number of linux kernel technologies that are able create a sandboxed environment for that process
(for files and network access)
2. a layered (i.e. docker images) file system, where each layer contains a diff with the previous
layer.This is a powerful graph db, where each file location is dynamically calculated when you
are inside the docker image.
From a security poing of view, Docker has massive advantages. Finally it is possible to run 3rd party code in
isolated (i.e. sandboxed) environments, where any malicious code running inside those docker containers,
would not have access to the current host user’s data. This is actually the future of desktop and server-side
apps. where easy external (or even missing critical) service/code is executed inside containers.
–
Topics to cover and ideas
• What is happening is that each layer is immutable, and when a file is changed inside docker it is
either a) lost when the docker image stops or b) saved a new docker image
– rewrite paragraph (above) that tries to explain how docker file system works and how new
images are created)
• why docker image development environment is so powerful and fast (explain the concept of images
commits)
What is this 8
– if you don’t understand git and virtual file systems you will struggle to understand git
Kubernetes
• what problem it solves

– k8s architecutre
– the power of coding your server environment (just a higher level of programming abstraction
layers)
• AWS Elactic container service
• Digital Ocean Docker droplet
• explain Kubernetes (how it come from Google’s Borg)
– this container’s capability was why google grew so fast and innovated so much in the last
decade
• Docker Compose and Swarm
Couple examples of Docker in action
• add some technical examples of how to use docker (and how easy it is)
Testing Docker - repeatable bash scritps - testing of docker images and builds is still a very imature space
(no good tools, IDEs and Test Runners). I played with BATS but it wasn’t very good - we need TDD for
docker development - big comptetitive advantage in the market place if you understand these concepts
where to focus
• a very good research area is the visualisation and mapping or docker environment
references - Containerization1 - by MAYA Design - Containerization: The Most Influential Invention

That You’ve Never Heard Of2
• Trillions3 - video from MAYA Design

• Trillions: Thriving in the Emerging Information Ecology4
1
https://vimeo.com/49392667
2
https://www.youtube.com/watch?v=F-ZskaqBshs
3
4
https://www.amazon.co.uk/Trillions-Thriving-Emerging-Information-Ecology/dp/1118176073
3. Technologies
Another important technologies to know.
3.1 Books
I love books, the ‘real world’ physical ones, the BookBook1 (s). Not the digital alternatives who are a
shadow of a book and are not good technologies to consume knowledge.
I love books, and for a while I too had the a guilty feeling of ’holding on to legacy technology’, as the
world moved into consuming more and more digital content (including digital books).
For reference I buy hundreds of books per year and spend far too much money than I should on books.
Have I read them all, no of course not! Have I found amazing books to read every year that improved
my skills and knowledge, absolutely yes!!! The reason I buy so many books (multiple per topic) is because
until I start reading them, I don’t know which one is perfect (at that moment in time)
After looking closely at why I liked books so much, I had the epiphany2 that ”Books are actually the best
technology to consume and process information”.
There is also a growing body of research that shows that the use of digital technologies are also affecting
kid’s learning capabilities (see ”students find it easier to read and learn from printed materials3 ”)
Basically, if you don’t use books or printed materials to read and review the information you are
consuming (and creating), you are missing a massive trick.
The digital world is really good at promoting group think4 and to present the previous technologies as
’legacy’ and old-fashioned.
My experience is that books (and printed materials) are much better technologies for the consumption
of information. One area where the advantages of the digital books can be significant are novels and
fictional stories (namely the conveinience of access and the weight difference), in this case the books are
just a transient medium that is being used to tell a story, just like in a movie (in most cases, what the
reader is getting are emotional connections with the characters/story, and not really learning from the
text)
The reality is if you want to learn, you are better of using a book or printed materials.
The same happens with reviewing materials. It not coincidence that we all have experiences of writing
content in a digital medium (i.e. the computer) and while reading it on a screen it kinda looks ok. Then
once we print it, and enjoy the unidirectional, offline and 100% focused activity experience that is ’reading
a piece of paper’, we find tons of errors and ’WTF was I thinking when I wrote that!’ moments. In fact
making notes on printed versions of digital content, is exactly how I am writing and reviewing this book’s
content.
Yes, the fact that books are offline is one of the book’s main competitive advantanges!
1
https://medium.com/r/?url=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3DMOXQo7nURs0
2
http://blog.diniscruz.com/2013/09/physical-books-are-best-technology-for.html
3
https://twitter.com/nicolekearney/status/963946721662267392
4
https://en.wikipedia.org/wiki/Groupthink
Technologies 10
The boook’s ’features’ of not being interrupted by a constant stream of apps/websites notifications and
not having a browser at hand, does wonders for your ability to focus and to consume information.
Another powerful feature of books (in addition of rendering contentin HD with real-time refresh rate), is
that they allow your brain to consume information in a 3D format and with more senses. For example,
notice how when you flick back pages looking for a particular passage or diagram, your eyes will be
looking at a particular section of the page. This means that your brain not only is capturing the content
that it is reading, it is also capturing (and storing) the location of that content, and how it relates to the
rest of the page. One of the reasons that lead me to the epiphany of the value of books was how I noticed
that it was bothering me the fact that the kindle reorders paragraphs and pages when you flick back (and
how it was affecting my ability to find content I’ve already read)
Environmental impact of books
My undestanding (and please correct me if I’m wrong) is that most books these are are printed from either
recycled paper or from sustainable forrests (i.e. forests where they plant at least as many new trees as they
cut).
This mean that these days, the impact of books on the environment is minimal.
3.2 Pen and Paper
Another powerful technology that seems to be going out of fashion is the pen and paper (pencil is also a
great option).
As covered in the ’Book’ chapter, analogue techniques like the pen and paper are actually better
technologies for creating and capturing ideas.
The fact that a piece of paper (or notebook) is not ’online’ and one cannot easily change its contents, are
actually some of its best features.
What is really important is to capture the ideas and thoughts that you have. There are also studies that
shows that just the fact that you write something, will make it easier for you to remember and to process
that information.
I have so many examples of situations when I started writing just some ideas, and after a couple pages, the
real interesting ideas come out (due to the hyperlinked nature of how ideas are generated in the brain).
What is important is the realisation that those 2nd or 3rd generation of ideas would had not been captured
without the first batch of ideas and notes. I’ve also found that my brain retains the location of where I
made some notes, and I’m able to go back to those notebooks and remember what where those ideas (even
after a couple years).
These days, to keep track of what I have reviewed and processed, I have the workflow/habit or crossing-
over the ideas or texts that I moved to a digital format or delegated.
The reality is that you will forget the ideas you are having today!
The only way to make sure that your future self has access to those ideas, is to capture them now!
It is great when you review your older notebooks (could be from last week or year) and not only remember
an idea you had since forgotten, but you are able to expand that idea and take it to the next level.
My favourite are the Moleskin books5 plain A5 notebooks, since they represent a nice balance of white
space and portability ( I use them everyday)
5
https://www.amazon.co.uk/Moleskine-Sapphire-Large-Plain-Notebook/dp/B015NG45Q0/
Technologies 11
A nice site effect of having mobile phones with cameras, is that it’s easy to share a picture of one of the
notebook’s pages.
3.3 Brain
How well do you know your brain? Do you know how it works? What areas it is really strong at, what
areas it is weak and how to maximise its capabilities?
The human brain is one of the world’s great wonders and we live in a age where we now know a
tremendous amount of details on how it works.
You need understand how your brain work, so that you understand it’s blind spots and why we behave
in the way we do.
How do you think? How do you remember? How do you see? How rational are your decisions? Who is
actually making the decisions in your head?
If you have not looked at this topic before, you will be very surprised with the answers to these questions.
This is where you need to apply your logical and computing side of the brain and reverse engineer how
your own brain works.
I’ve always found the brain fascinating and the more I learned about it, the better I become at
understanding how I and others think.
A good place to start is the Freakonomics: A Rogue Economist Explores the Hidden Side of Everything6
book, which uses economic techniques to answer a number of very interesting questions.
The Predictably Irrational: The Hidden Forces That Shape Our Decisions7 takes that to another level,
where it shows example after example how we are not rational at all in a number of decisions we make
everyday
The best one I’ve read is the Incognito - The Secret lives of the brain8 which not only explains really well
how the brain works, it really challenges our understanding of how the brain works.
How you think
When self analysing how I think (from an engineering point of view), I found that I have two types of
thinking techniques.
• A slow(ish) type of thinking - where I’m basically taking to myself in my head. This is also how I
tend to read (I heard the text I’m reading in my head)
• A fast type of thinking - where I ’somehow’ am making a large number of analysis and decisions,
and ’know’ what I’m thinking without really needing to articulate in my head all the explanations
of what I’m doing. This is the kind of thinking that one tends to get when in ’the Zone’ (which is
that magical place where ideas ’just flow’ and we are hyper productive)
I’ve also found that although my brain is able to hold a large amount of hyperlilnked information (creating
a graph of linked data that I’m working on), it is not good at all at multi-tasking (i.e. working on multiple
domain problems at the same time).
6
https://www.amazon.co.uk/Freakonomics-Economist-Explores-Hidden-Everything/dp/0141019018
7
https://www.amazon.co.uk/Predictably-Irrational-Hidden-Forces-Decisions/dp/0007256531
8
https://www.amazon.co.uk/Incognito-Secret-Lives-Brain-Canons/dp/1782112464
Technologies 12
This is why is so important to be able to spend concentrated time on a particular topic, since it takes a
while to upload all relevant data to the parts of the brain focused on the task at hand.
Switching content and interruptions
A reason why even a 1 second interruption can be massively disruptive (for example a text message, or
slack/snapchat/instragram/facebook/twitter notification) is because it breaks the mojo of your brain and
destroys a number of those hyperlinked graphs you had created in your head.
It is even worse when the interruption actually requires some extra activity (for example a question from
somebody at the office).
One area that these interruptions happen a lot in the normal developer’s coding workflow is Testing.
The simple fact of having to manually run a test (either via the command line, or by clinking on a web
browser), will break your mental models and make you ’switch context’
I can’t explain (you need to experience it yourself) how productive is it to code in an environment where
the context switching is minumal (which is what happens when coding using tools like wallbyjs9 or
NCrunch10 )
3.4 Hugo
Hugo IO11 is a Static Website Generator (SWG) and represents a very interesting twist on the development
stack of a website (another popular Static Website Generator is Jekyll12 )
In addition to having a great environment to create content (and to maintain it), what hugo represents is
a completely different paradigm shift on how to create and publish websites.
Basically what SWG (Static Website Generators) do, is to pre-create all possible web pages during a build
stage, and to place them all in a single folder that can be easily deployed to any server or service that is
able to host static files (for example AWS S313 )
In practice this means that you can have a website running from valina web pages, with no backend
and no moving parts. Not only this is massively secure (no server-side code to hack), this has amazing
performance implications (i.e. the site is super fast, when compared with dynamically generated sites).
Ask yourself the question: ”Why do you need a database?”
It is amazing how in tons of cases a database is not actually needed (specialy when it is possible to pre-
generate all pages programmatically).
In fact Hugo is using a very efficient and scalable database and cache: The file system :)
I really like the pattern of using the file system as a database, specially when combined with git for
deployment.
Hugo is also a great case-study of how modern development techniques, technologies, and open source
innovation create products/apis that are miles ahead of the competition (with killer features)
I use Hugo a lot these days, in all sort of internal and external sites, and after using (and developing)
all sorts of CMS (Content Management Systems), I have to say that it provides me a spectacular and
highly-productive content creation/editing workflow.
9
wallabyjs.com
10
http://www.ncrunch.net/
11
https://gohugo.io
12
https://jekyllrb.com/
13
https://aws.amazon.com/s3
Technologies 13
This book for example has a companion websites that is created using Hugo, and I’ve created a number
of extra pages that help to improve my productivity (for example search and print pages)
3.5 Machine Learning and AI
One of the most important areas that you need to gain a strong understaning in the next 5 years is Machine
Learning and Artificial Intelligence (AI).
This is not about an Skynet14 kinda scenario where an super-intelligence singularity15 is going to take
over the world and destroy humanity.
This is about the next major revolution in technology and whether you are going to be a player or a pawn
in what is happening next.
I highly recomend that you read Kevin Kelly’s The Inevitable: Understanding the 12 Technological Forces
That Will Shape Our Future16 book where he provides a really clean mapping of what (most likely) will
happen next.
One area that Kevin talks in detail and you can already see it happening around us is the introduction of
AI capabilities in all sort of devices and business activities.
This is where you need to take a proactive approach and start learning about how all this works and how
to program it.
The great news is that in the last couple years the major cloud providers have been investing really hard
on these technologies and are now providing environments where you can easily play around and learn
how machine learning and AI works
See for example all the different tools and technolgies that AWS is already offering in the machine
learning17 space (Microsoft is also providing some really cool capabilities on Azure18 )
As a developer, you will be soon be asked to write code that integrates with Machine Learning technology
to process large amounts of data or to integrate an app with AI services like voice, image recognition or
domain-specific analysis (for example in medicine)
Where are we going
For a nice view of what could be happening next see - Life 3.0: Being Human in the Age of Artificial
Intelligence19 - Homo Deus: A Brief History of Tomorrow20 - What Technology Wants21
3.6 Jira
Jira22 is a web application that is widely used by development, engineering and technical teams to manage
they day to day tasks/activities.
14
https://en.wikipedia.org/wiki/Skynet_(Terminator)
15
https://en.wikipedia.org/wiki/Technological_singularity
16
https://www.amazon.co.uk/Inevitable-Understanding-Technological-Forces-Future/dp/0525428089
17
https://aws.amazon.com/machine-learning/
18
https://azure.microsoft.com/en-gb/overview/machine-learning/
19
https://www.amazon.co.uk/Life-3-0-Being-Artificial-Intelligence/dp/024123719X/
20
https://www.amazon.co.uk/Homo-Deus-Brief-History-Tomorrow/dp/1910701874
21
https://www.amazon.co.uk/What-Technology-Wants-Kevin-Kelly/dp/0143120174
22
https://www.atlassian.com/software/jira
Technologies 14
We (at Photobox Group Security) use Jira extensively in our day-to-day activities, where not only it helps
us to track our tasks and risks, we create tons of custom Jira Workflows and write custom applications.
We basically use JIRA as an graph database (see Creating a Graph Based Security Organisation23 ) and
Confluence24 as a way to display the information stored in JIRA.
The key point I want to make here is that the tools that we use in the enterprise need to be customised
and extended (in order to make them work).
Being able to write these customisations and understanding at a much deeper level (when compared to
’normal’ or ’power’ users) what is possible with these tools, is a massive competive advantage.
In fact if you are able to write custom JIRA workflows that are usable by a development team, that is a
massive competitive advantage for you, and it will make you highly employable today.
Use Jira in your life
Create Jira projects for your life activities (with Epics to track group of tasks)
Create a Kanban board for your personal tasks and Epics.
Create custom workflows and learn how to manage Jira. This will give you tons of confidence when using
Jira in the real world (or when intervewing)
And since Atlassian has evaluation version for their cloud version of Jira, there isn’t any cost to try this.
Now you have no excuse to not having used Jira before (at a level more advanced that most corporate
users and the developers interviewing you)
23
https://www.slideshare.net/DinisCruz/creating-a-graph-based-security-organisation-devseccon-keynote-81345667
24
https://www.atlassian.com/software/confluence
4. Life Patterns
….
4.1 Learning
Do you know how to learn?

Learning to learn is one of the most important skills that you can have, and in fact, that is the main skill
to learn from school and life. This is ironic, since usually very little time is spent at school and life in
learning out to learn.
Learning is like a muscle, the more you do it, the better your become. And just like in sports, there are
specific techniques that you can use to learn more efficiently.
As a developer if you are not passionate about learning, you are on the wrong job!
It is not about learning one Language or Framework. You need to learn 10 languages and be on a constant
learning curve. Each language will tech you something new (don’t worry, only the first 5 will be hard, after
that, the key paradigms will always feel familiar). For example, it is very hard to learn about functional
programming until you start coding in Node or in Scala (after banging your head against the wall for a
bit, it will click, and you will love its power and ability to write really simple code)
It is about learning new paradigms, about interconnecting your skills. What you learn in one domain, will
be applicable in another. For example, being a better musician, artist, athlete, car mechanic or philosopher
will make you a better developer
Application Security (AppSec) will take this to another level, since you will be asked to code review in
all sorts of languages (which is great, since that is the best way to learn). AppSec focus on how ’it’ really
works, now just how it behaves as a black box.
The reality is that we are in age of the ’professional amateur’, where you very rarely have time to really
specialise in a particular language or technology. And when you do specialise, if you are not careful, you
will be stuck in the past and be the one that is responsible for maintaining the legacy applications.
What you really need to be worried about is when you stop learning. Ironically this can happen the more
you move up the company’s corporate ladder. There is a big trap of management, which pushes highly
technical and proficient developers into ’management’ or ’architectural’ positions (this is also called the
Peters Principle1 where ”employees are promoted to the maximum of their incompetence”). When this
happens, these highly knowledgeable professionals have very little time to spend on technical issues,
spending most of of their on meetings, spreadsheets and ’non learning activities’
My view is that no matter your role, you must make sure that you remain highly technical, have a deep
understanding of what is going on, and always keep learning. And programming is one of the best ways
to do this.
Ideally this learning environment will be part of your job. If not, then evenings and weekends are a great
time to learn, while you find another job that puts learning at the center of their ecosystem (if you love
learning, that extra effort should feel like leisure/relaxing).
1
https://en.wikipedia.org/wiki/Peter_principle
Life Patterns 16
4.2 Be a founder
The single thing that you personally control when you go to work, is your attitude to your work and how
you approach it.
One of the concepts that I really like is the idea that you should ”act like one of the founders of the
business”.
Image you where employee #4 and you really cared deeply about the company you currently are working
on!
Ask yourself:
”If I was a founder of the company/department/section I work now, with the responsibilities that
I have at the moment: ?”
• ”Wow would I behave everyday?”

• ”What needs to be done now, that will make a big difference?”
• ”What can I do that will help?”
• _”What would I do differently?”
• ”What values and principles would I fight for?”
Hopefully you will get some interesting ideas and actions (from this mental exercise)
The question now is: ”what is stopping you from doing just that?”
How is telling you ”Don’t do it”?
At the moment it is just you!
You can even do this for companies that don’t employ you. You can contribute to their open source projects,
you can write blog posts about them (and use twitter to reach out to key individuals)
You can choose to care about the team that you are currently in, and the work that needs to be done.
The irony is that the more you care and the more you behave like a founder, the more value you usually
add and the more valuable you will become for that company.
4.3 Backup your life
Backing up your code (and ideas) is one of the most important patterns that you must master. Your current
approach to backups will depend on how much have you lost, and how painful it was.
The reality is that sometime and somewhere in the future, you will lose some of your data (and ideas).
This could be something as simple as a lost laptop, or some data that was deleted by accident, or even an
ransomware attack that encrypted all the files in your devices or servers. If you don’t have a good strategy
and habits for how you do your backups, it is just a matter of time before you have a catastrophic event.
Trust me, there are few things in life more soul destroying and demotivating, than having to re-create
something again (that you were happy with and you had spent a lot of time creating). Even worse when
you are not able to recreate it, which in a business environment can easily lead to you being fired for lack
of due-diligence or negligence.
The solution is to think about where you classify and store your data (and ideas), so that you can come
up with strategies that work in your day-to-day activities.
I’m going to provide a number of examples of how I do it, which hopefully will give you some ideas:
Life Patterns 17
• Secrets Minimisation - From a security point of view, the less secrets you have the better (and the
easier it is to backup the rest). This is where the more you embrace the idea to publish as much of
your data (and ideas) as possible, the easier it is to use web based services as your backup medium.
• Passwords - A clearly important piece of data not to lose or disclose. My strategy is to pick
formulas that I can remember and to use 2FA authentication (like SMS) as much as possible (which
dramatically reduce the importance of passwords)
• Future Self - Part of my drive to share, is to think that one day in the future, my future self will
need it. This is also why I like to Open Source as much as as possible, since it makes sure that as
I move jobs, I don’t have to start from scratch (for example what happened with me and the O2
Platform research or the Maturity Model tool I developed recently)
• Git - Git is not just a version control which you use when you want to commit to the main repo.
I’ve seen developers that code for days before doing a commit. This is missing a massive trick. Not
only during those periods between commits there is a high risk of data loss, the developer is also
missing the opportunity to go back to a version created a couple hours ago (which was better than
the current one). Basically there is only so much Ctrl-Z can help you. Note that you should be
using git to store as much data (and ideas) as possible, since this workflow is not just for source
code (another reason why I like to use markdown for content and DOT for graphs)
• Autosave and Commits - When using git as a data store, I always enable auto-save on the IDEs
so that I never have unsaved text in memory. I then use git commits (and git staging) to really
understand what has been changed (and to double check those changes before committing to the
target branch). This is very empowering and liberating, since I don’t really worry about losing
anything
• GitHub - I push as much code (and ideas) on GitHub as possible. For example I have repos (some
private) that act like document storage and (literally) backups. My expectation is that GitHub’s
backup strategy is sound and better than mine.
• DropBox and GDocs - Same thing for DropBox and Google Docs. I use them to store data and
rely (as most companies do) on their security and backups (very important to have 2FA on these
accounts and to pay for the commercial versions, which provide features like version control and
much more storage)
• Twitter - I use twitter as my personal search engine, and use it to store all sort of links and ideas
that I might be interested in the future
• Google - A great site effect of putting your data (and ideas) online on a public and hyperlinked
location (for example on a blog or slideshare), is that Google (and Web Archive2 project) will
eventually index it (and keep a copy for ever). I actually have used these service’s caches to recover
ideas that I published ages ago, on a platform or site that has since disappeared!
• Simulate disaster - Ask yourself, if you lost your laptop now, how painful it would be? For example
at this very moment, the only thing I would lose if my laptop disappeared (or was stolen) would
be the text in this chapter (and in about 30m, I wouldn’t lose anything, since I will have committed
this text into Git and GitHub)
• External Drives - For large files and VM (not really much these days) I also have a number of
external drives in my house that hold it (although some of the most interesting research VMs, like
the ones I was using when developing the O2 Platform, have been moved to dropbox)
Finally, you probably noticed that every time I mentioned code I also added a note about ’ideas’. The
reason is that you also need to backup your ideas so that your future self has access to them. The reality
is that you will forget about those ideas and the connections that got you there. The only way to make
sure they are not lost forever is to publish them into an hyperlinked medium.
2
https://web.archive.org/
Life Patterns 18
You basically need to backup your life!

Please make sure that when (not if) some of your devices lose (or encrypt) your creations, you have a
quick and efficient way to recover them.
4.4 The future needs you
Sometimes the future just doesn’t happen! It needs people like you to make the difference.
Re-enforcing the concept that what matters is not ideas but energy and focus in execution, there are a
number of ideas that although brilliant, we still need the right individuals at the right place in order for
them to become a reality.
This happens in all fields (for example there is a great interview by Elon Musk where he talks about how
the concorde and moon landings are good examples of us going backwards in technological capabilities).
On the developing/coding world, in addition to the WallbyJS (real-time unit test execution and code-
coverage visualisation) that I cannot understand why all IDEs do not replicate and deeply integrate those
capabilities in their engines, another amazing example is the Zoetrope (Interacting with the Ephemeral
Web) research by Adobe.
This research was published in this YouTube video3 , and it shows a working real-time time machine for
web pages (and other content).
This research transformed the Ephemeral4 and ’no-past’ nature of web pages, into a multi-dimensional
graph, where the previous versions of a page’s content can be visualised, transformed and analysed in all
sorts of ways (check out the video and you will be blown away).
Given how powerful this idea is, the interesting question is ”Why hasn’t it evolved!”.
My view is that because there is a significant amount of research and technology required to reach the
workflow shown in that video, and the fact that the technology and ideas where not released under an
Open Source license (or Creative Commons), any new attempts would have to start from scratch (since it
clearly looks like Adobe did not continued the research projects)
Also important is that an individual’s vision and an sustainable economic model matter (i.e. someone
who understand the problem and someone who is funding the research). Although the key concepts are
clearly shown in the video and easy to understand, in the last 10 years we had not had an individual (or
team) with the right energy and drive that has decided to replicate this research into an Open Source
environment, and built a strong community around it.
I’m very frustrated by this lack of development, since there are tons of areas in Application Security where
this kind of anti-ephemeral technology would be massively important.
Gen Z dev, if you are looking for a place to start replicating this idea, here is one for you:
Create a tool/website to search and visualise the git files history (for example how to do a search
across previous versions of files)
That is not a problem that has been solved today, and not only you would let a lot about how git works,
you would be creating a tool very useful to you and the development community. As an example that
would allow for the easily discovery of secrets stored in git repos that have been ’deleted’ using commits
(which means that the secrets still exist in that repo and are available to anybody that can clone it)
3
https://www.youtube.com/watch?v=7C-B7qdClak
4
https://en.wiktionary.org/wiki/ephemeral
Life Patterns 19
Pick a vision and be the one that makes the deference

Part of your path as a Gen Z developer, is to find something that you are really passionate for which
you can execute. The win-win scenario is when you pick an idea that either is quite new (like chaos
engineering) or has been around for a while but the momentum has been lost. For example the Zoetrope
mentioned here, or SAST technology (Static analysis of software/applications/infrastructure for finding
security issues)
II Draft Chapters
5. What is this
5.1 Creative Commons
https://en.wikipedia.org/wiki/Creative_Commons
These licenses allow creators to communicate which rights they reserve, and which rights they waive for
the benefit of recipients or other creators)
• ”For a typical author, obscurity is a far greater threat than piracy.” Tim O’Reilly on Piracy is
Progressive Taxation, and Other Thoughts on the Evolution of Online Distribution1
• how CC is changing research
– for example collaboration of code and datasets on cancer research
• the amount of data that is being shared today is hugo
– show examples from the multiple visualisation’s books (and websites)
– show example of data released by the UK
* https://data.gov.uk/ which uses http://www.nationalarchives.gov.uk/doc/open-govern-
ment-licence/version/3/ (compatible with Creative Commons Attribution License 4.0 )
• more and more there is an moral and techical argument that all data created by government should
be released under an creative commons license, and all code paid by the government should be
released under an open source license
• publishing your research under an CC license is harder than it looks. It means that you have made
the paradigm shift from close to open.
– It means that you now view your value as someone who can execute ideas (and are happy to
share your creations)
– anybody can have ideas, the execution is the hard part
* in fact deciding what NOT to do is that hard part (what ideas to say NO is one of the
most important decisions to do)
· this is easy when you have a good vision of the journey ahead.
5.2 Open Source
• explain key concepts

• the creation of the Open Source idea and movement (how an how)
• Richard Stallman - Copy Left, GNU, philosopher
– explain the GNU/Linux situation
• Security will push code to be open (’who ’
– Reflections on Trusting Trust2
• companies using & developing open source
• open source business models
1
http://www.openp2p.com/pub/a/p2p/2002/12/11/piracy.html
2
https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
What is this 22
• I was called a communist many times (in early open source conversations)
• ”Open source as won, but Gen Z is not aware of it”
• When you open source an app or code, what will happen next is : Nothing!
– it is veru hard to create a community around an open source project
– what you will have done (with adding the license file to your code (which is all it takes,
assuming you wrote all the code so far)), is to create future opportunities for that code and
sent a strong message about your agenda (i.e. you are not going to lock in the future the users
that are using your current code today).
* you are allowing somebody (which could be you) in the future to use your code
* you are also protecting your research, so that if you move companies, you can still use that
code (there is nothing worse for a programmer than to having to rewrite something that
was working ok (specially when it is a framework that supports a particular workflow)
• big success of companies collaborating internally externally (i.e. internal collaboration between
different teams via open source code)
– although most devs have access to all code, the number of cross-team pull requests is very
low (open source license help a lot with this)
– allowing other to use your code is a great way to find programmers to hire or companies to
buy
– the myth of the company that will take your code and just run with it (they will be massive
locked to your code)
* example of team that created a fork of Chrome (to add security features) and couldn’t
keep up with Chrome’s development speed
* the open source tax (when you don’t contribute back your changes)
• companies should pay developers to work on open source apps/modules that are used in the
company.
– my experience with helping an open source project (that we used), and then getting help from
a key developer from that project in a hard problem that we were having
• Question: ”Why don’t you open source your code?”
– I bet the answer is a combination of:
* ”I don’t think my code is good enough”
* ”I’m embarrassed about my code”
* ”Nobody will want to use my code”
– the first thing to understand is that I have heard these same excuses from all sorts of developers
and companies, for code in all sorts of quality and completeness.
– this is your Lizard brain3 in action (making excuses of why you shouldn’t do something)
– the key is to just do it (add the license and slowly staring building the community)
The Cathedral and the Bazaar
• https://en.wikipedia.org/wiki/The_Cathedral_and_the_Bazaar
• In this book/essay Raymond provides 19 lessons which are still as relevant today (2018) as when
they were published (1998)
– Every good work of software starts by scratching a developer’s personal itch.
– Good programmers know what to write. Great ones know what to rewrite (and reuse).
– Plan to throw one [version] away; you will, anyhow. (Copied from Frederick Brooks’ The
Mythical Man-Month)
– If you have the right attitude, interesting problems will find you.
3
https://facilethings.com/blog/en/lizard-brain
What is this 23
– When you lose interest in a program, your last duty to it is to hand it off to a competent
successor.
– Treating your users as co-developers is your least-hassle route to rapid code improvement and
effective debugging.
– Release early. Release often. And listen to your customers.
– Given a large enough beta-tester and co-developer base, almost every problem will be
characterized quickly and the fix obvious to someone.
– Smart data structures and dumb code works a lot better than the other way around.
– If you treat your beta-testers as if they’re your most valuable resource, they will respond by
becoming your most valuable resource.
– The next best thing to having good ideas is recognizing good ideas from your users. Sometimes
the latter is better.
– Often, the most striking and innovative solutions come from realizing that your concept of
the problem was wrong.
– Perfection (in design) is achieved not when there is nothing more to add, but rather when
there is nothing more to take away. (Attributed to Antoine de Saint-Exupéry)
– Any tool should be useful in the expected way, but a truly great tool lends itself to uses you
never expected.
– When writing gateway software of any kind, take pains to disturb the data stream as little as
possible—and never throw away information unless the recipient forces you to!
– When your language is nowhere near Turing-complete, syntactic sugar can be your friend.
– A security system is only as secure as its secret. Beware of pseudo-secrets.
– To solve an interesting problem, start by finding a problem that is interesting to you.
– Provided the development coordinator has a communications medium at least as good as the
Internet, and knows how to lead without coercion, many heads are inevitably better than one.
5.3 CPU
• power of assembly, the importance of learning how to code in ASM

• how assembly relates to bytecode in .Net (MSIL) and Java
• spectre and meltdown vulnerability
• I learned how to code assembly by hand
– a bit difficult (I was 13 at the time) but I had only one book and no internet
– manually translated assembly code into binary (I didn’t had an asm compiler at the time)
– I was learning massively about architecture, memory layout, programming, etc… (without
noticing). I was in the ’zone’
– totally worth it
– learning about hardware interupts, TSR (Terminate and Stay Resident),and kernel vs user
land memory did wonders for my understanding of Window’s programming/architecture and
computer science
• when I was 16 I programmed on the Motorola 68000 which was much easier and more interresting
(the 68000 CPU was used in the Amiga, and was much more powerful that the x86 architecure (we
still used today))
• my peek and poke moment: ’change a pixel on screen’ (and falling in love with programming)
• mention history of processors:
– Zilog Z80,Motorola 68000 and Intel x80, x286 and Pentium
What is this 24
* ”I remember when 286 was fast”

• Great tools on windows are ollydbg4 and Ida Pro5
5.4 Copyright
…
• What is it
• understand its history
• Why was it created
• Is it working
• Positive side effects and Negative side effects
• Copyleft
• Opensource and Creative Commons are copyright licenses
• Music and its relationship with copyright
– what happens when the cost of distribution goes to zero
– customers will still buy (if the product and distribution is right)
5.5 EFF
EFF (Electronic Frontier Foundation)

• https://www.eff.org/ (one of the logos for the cover)

• brief history
• major success stories
• why is it important
• why you should support them (add link)
• net neutrality
• hackers it defended in court (and other privacy related cases)
– ones they won and lost
5.6 Free Sofware Foundation
…
• history
• Richard’s s story
• copy left
4
http://www.ollydbg.de
5
https://www.hex-rays.com/products/ida/
What is this 25
• why they were so important

• the problem of not mapping it to a business model
• the problem of taking an extreme view
• key arguments have been won, but lost a lot of momentum (and not fulfilled it potential)
• inevitability of Open Source
– even Microsoft does open source these days (they were the ones that called open source
’cancer)’
5.7 OWASP
Part of building you brand and carrer is the participation in Open Source community groups like OWASP
OWASP (the Open Web Application Security Project) is a world wide organisation that is focused on
Application Security.
• Great community
– chapters, conferences, guidance, tools, books, summit
• be involved
• make of companies that are hiring now!
• dramatic need for application security professionals
• security is a key skills for developers (add AWS CTO quotes)
• owasp summits
• working sessions
• chapters, join or start one
• projects
– JuiceShop
– Top 10
– mobile testing guide
5.8 Python
…
• Here is how it all started

• what makes python special
• how guido was hired by google
• Guido van Rossum
– https://twitter.com/gvanrossum/
– guido created python when he was 35
– https://gvanrossum.github.io/
* http://neopythonic.blogspot.co.uk/2016/04/kings-day-speech.html
• make reference to other languages like NodeJs
What is this 26
5.9 Slack
Slack is how we communicate daily (just like we used to using ICQ, MSN Messenger, Skype, Phone, Smoke
Signals, etc…)
• Slack bots
• Why slack one
• Integrations
• Copy and paste of images
5.10 WallabyJS
• why wallabyJS is a massive paradigm shift and why is it so good

– real time test execution
– only execution of tests affected by changes
– ability to see the code coverage in real-time
– ability to easily just run one test
* which with the real-time coverage, provides a much better way to debug that the normal
’debug/breakpoint model’
– ability to run all the tests impacted by an code change (blast radious of code changes)
• the power of sub-second execution
– when tests require more than 1 sec to run, there is some problem somewhere
– only full end-to-end test should take that long
– power of ’surrogate dependencies’ (link to presentation)
• we need similar capabilities for cloud infrasture
• add ideas from Bret Victor’s Inventing on principle6 presentation (name the need for inventors to
be close to what they create and have quick feedback)
5.11 XCode
…
• Write your own mobile app today (now easy with Swift)
6
What is this 27
5.12 google
• do you know how to use google?

– show examples of powerful google searches
– google docks (and finding vulns and credentials via google)
• google’s history
• why google won
• what makes google algorithm work
• show how google tracks all clicks (why you can’t just copy an google’s url)
• Google move to graphs (see what happens when you search for a movie)
5.13 linux
• linux history (it all started by Linus Torvalds inspired by a MINIX system)
– mention some of Linus views
• Linux patch submitted by an 4 year old7
• most complex software in the world
– git was created to manage the linux code development
• you need to learn it, how to install kernel drivers, how to hack it, how to rebuilt it
• power of raspberry pi is that it gives you a linux environment for you to play with
• Mac is ’just about’ linux under the hood (same heritage), but with a better UI and integrations
5.14 raspberry-pi
• why was it created

– https://en.wikipedia.org/wiki/Raspberry_Pi_Foundation
– https://www.makeuseof.com/tag/raspberry-pi-creditcard-sized-arm-computer-25/
• use a raspberry PI to connect to a hardware (get one of the starter kits (add link). Make a led blink,
create a mobile phone, etc..
• connected to maker movement and IOT world
• article Raspberry Pi device will ’reboot computing in schools’8
7
https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=690b0543a813b0ecfc51b0374c0ce6c8275435f0
8
https://www.theguardian.com/education/2012/jan/09/raspberry-pi-computer-revolutionise-computing-schools
6. Technologies
6.1 AST (Abstract Syntax Tree)
• Why is so important
• How they work
– object model of source code
– amazing paradigm shift when one can ’see code as a graph’
• Using AST to write tests
• Powerful AST abstractions (specially when added the code refactoring mappings)
• how code refactoring works
• source code is not the best medium to consume code
– explain how O2Platform’s Method Streams work and how they are a lot more effective
– what you want to see is all the code relevant to the path you are looking at
• we also need the equivalent of AST and static complilation for all the ’coding’ that exists in all the
cloud environments and between services (i.e. we need a DSL)
– for example for AWS lambdas and how they behave
6.2 AWS
AWS is Amazon’s Cloud offering and is spectacular success story

• What is it
• History
• How it made Amazon the powerhouse it is today
• Key technologies
– route 53
– EC2
– S3
– Container Service
– Lambda
• why the cloud revolution happened (why were they so successful)
– the failure of sysops data centers to modernise
* no scalability, failed to modernise, no shared resources, tool expensive, no shared
learnings, insecure
Technologies 29
– the cost of installing one server (£2k to £5k in large companies)

– vs the cost of spinning up entire racks (programmatically)
• AWS today is as complex as an OS (windows or linux). It can only be managed in a programmatic
way. But today the testing capabilities of AWS and other cloud providers is still very low (namely
on end-to-end tests and configurations changes)
• If you don’t have an AWS or Azure or Google Cloud account, what are you wait for? All have really
generous free tiers that allow you to try a large number of their capabilities for free. And as long
as you shut down everything everyday, the costs shouldn’t be that high.
• AWS is what happens when a tech team becomes so good that is able to provide those services to
3rd parties
– think about this, Amazon.co.uk is getting their IT and development costs paid by 3rd party
companies (some direct competitors with Amazon)
– https://www.investopedia.com/articles/investing/011316/what-amazon-web-services-and-why-
it-so-successful.asp
– https://qz.com/1051814/what-is-amazon-really/
– Amazon in 2011 was shipping to production every 10s (http://assets.en.oreilly.com/1/event/60/Velocity%20Cultu
The amazon machine - how amazon become one of the best development houses in the world
- https://www.ben-evans.com/benedictevans/2017/12/12/the-amazon-machine (great article that talks
about the Amazon machine, which is the real power behind it)
6.3 DSL
DSL (Domain Specific Language)

…
• what are they

• why are they so important
• abstractions layers
– make the code as simple as posible
– .net extension methods are a great compiler trick to achieve very clean domain(ish) languages
with strongly type
– why support for static compilation and code complete is very important (groovy and javascript
problem)
• refactor the code to make it aligned with the bsuiness functions it is execution
6.4 Dopamine
1
https://upload.wikimedia.org/wikipedia/commons/thumb/2/2f/Dopamine.svg/220px-Dopamine.svg.png
Technologies 30
Do you know what Dopamine is? Do you know why mobile phone notifications are so addictive?
• https://en.wikipedia.org/wiki/Dopamine
• detox from your phone

• detox from notificaitons
• stop notifications
• related to the Zone and Deep work concepts
• Your ability to perform uninterrupted and focused work is one of your most important skills and a
massive competitive advantage. This is how the best code is produced
• you are addicted to your phone. Mobile phones ’attention grabbing activites’ are the new smoking
(they affect the brain)
• ”why do you have the huge to check your phone when you hear an interruption”. it is like a thread
has started in your brain that wont complete until you check it.
• the problem is that these dopamine interruptions make you lose context (and lose the ’zone’)
Notes Why We’re All Addicted to Texts, Twitter and Google2
6.5 Dot Language
…
• Graphs as code
• Why is this such a big deal, major paradigm shift required
• Why visio and other diagram tools don’t scale
• the fact that you can’t control the diagram layout (in the same way you do in visio) is actually a
major feature
6.6 IOT (Internet of Things)
…
• why it is big
• what it means for programmers
• massive job opportunities
• the power of software vs hardware
2
https://www.psychologytoday.com/blog/brain-wise/201209/why-were-all-addicted-texts-twitter-and-google
Technologies 31
• it is all about code

• security
– most IOT vendors don’t understand much about modern development practices and security
– shodan3 google for IoT (find tons of vulnerable devices)
– IoT worms (example of power grid exploit)
* the ones that generated billions of requests and Tb of data
– hacking baby cameras and dools
• developers have a big responsibility here
• risk’s mappings of reality could be a great way to get vendors to do the right thing
• Electricity analogy (take current devices and add AI)
• it is already amongst us (controled by Siri and Alexa)
– what happens when these bots start to clash to one another (seemy 2020 vision, AI Edition4 )
• Arduino
– What is it, why is it important, how much it costs
– spend money on new IoT devices in kickstarter, for example on Arduino5 related projects
(even better invent something and start a kickstarter campain, if that is successful, you will
be highly employable)
– get an arduino (or raspberry pi) and create your own IoT appliance for your home ( this is a
great story to go on your CV)
6.7 Node JS
…
• why NodeJS took the world by storm

• the power of async code
• generating 20k requests with a couple lines of code
• coding at the speed of thought (and type)
• node history (based on chrome’s V8)
• the node forking incident (io.js)
– why it was so important
– why java could had done with a fork like that
3
https://www.shodan.io/
4
https://www.linkedin.com/pulse/my-2020-vision-ai-edition-taras-novak
5
https://www.kickstarter.com/discover/advanced?ref=nav_search&term=arduino
7. Concepts
7.1 BDD (Behaviour-Driven Development)
• what is it
• great evolution
• where is works
– when it works well it is amazing
• great connection with business
• can create bit white elaphants (like like Selenium)
– requires quite a lot of discipline and investment to keep up to date
• explain Gherkin language
7.2 TDD (Test-Driven Development)
• the most coverage you get, the more changes you are happy to make, the better the code is because
you have the confidence to make the hundreds of small changes that the only way to create a high
quality and scalable application
• be a craftsman
• explain history
• key challenges
• why the TDD community created dogma and lost the plot
• if you don’t have 100% code coverage, what are those bits of code not covered by tests? (what
happens if that code changes)
• everything should be tested
– history of a site that went down for hours because of a one char (pipe) change in a nginx
config file
** bugs as features**
• replicate bugs first (before trying to fix them)

• link my slideshare presentation on this topic
Concepts 33
7.3 FDD (Feedback-Driven Development)
• real-time feedback in IDE (REPLs)

– this is key to learn
– run code as you lift your fingers or press save
• show screenshot of my typical dev environment
• wallabyjs
– great example of what this UI needs to be
– incredible how it has not be copied into all IDEs (as far as I can tell only NCrunch has the
same features)
• all code changes (except refactoring) should require a test change
– see http://pitest.org/
– see chaos engineering
• every developer does tests all time
– the question is how repeatable, scalable, mesuable those tests are
– and how much context switching occurs
• the FDD applies to much more than just coding (see chapter on ”Inventing on Principle”) it is also
related to how we learn
• Power of Feedback loops
7.4 Agile and Kanban
• history
• why it worked
• agile manifesto
– https://www.agilealliance.org/agile101/the-agile-manifesto/
* Individuals and interactions over processes and tools
* Working software over comprehensive documentation
* Customer collaboration over contract negotiation
* Responding to change over following a plan
• Software Craftsmanship1
– Not only working software , but also well-crafted software
– Not only responding to change , but also steadily adding value
– Not only individuals and interactions , but also a community of professionals
– Not only customer collaboration , but also productive partnerships
• Anton cords
• explain concepts (with diagrams)
• how agile become dogma and created environments where agile teams where not agile at all
– processes become more important than understanding why something was being created in
the first place, to much effort was put on estimates, to much focus was placed on what could
be done in 2 weeks
• Scrumbam is a nice alternative
• The Mythical Man-Month2
1
http://manifesto.softwarecraftsmanship.org/
2
https://en.wikipedia.org/wiki/The_Mythical_Man-Month
Concepts 34
7.5 CV Testing
…
• Test your pipeline

• ”config changes can be more dangerous than code changes”
– find source (quote from AWS re:Invent 2017: Performing Chaos at Netflix Scale (DEV334)3 )
– the reason this is true is because we don’t test out config changes (at least the same way we
test our code)
7.6 Change
• Change is the only constant

• Enjoy lose briefs (they are an opportunity to refactor those briefs into something that you are good
at)
• put yourself in places where you are being highly productive while learning a lot.
– find the sweet spot where you are adding a lot of value
• view problems as oportunities (which can be broken down into smaller problems and tasks)
• Who Moved My Cheese: An Amazing Way to Deal with Change in Your Work and in Your Life4
• Our Iceberg is Melting: Changing and Succeeding Under Any Conditions5
7.7 Change Engineering
…
• what is it
• see my slideshare presentation
7.8 Chaos Engineering
• Great concept (from 2017)

• Security has been doing this for ages
• Add references to site and best posts
• focus on resilient systems
3
https://www.youtube.com/watch?v=LaKGx0dAUlo
4
https://www.amazon.co.uk/Who-Moved-My-Cheese-Amazing/dp/0091816971
5
https://www.amazon.co.uk/Our-Iceberg-Melting-Succeeding-Conditions/dp/1509830111/
Concepts 35
• need to understand and visualize what is going on

– a massive problem with micro-services (and any services/monolith) based application is
vibility into what is going on (and even just getting good graphs is the first step, just ask
anybody who has deployed AppDynamics)
• integrate this concept with the SRE’s ’Error Budget’
• expand on the concept of ’Steady state’ (and write tests for it)
– how we want tests to replicate it
references:
• The Language of Chaos Experiments in Chaos Toolkit6

• https://github.com/chaostoolkit , http://chaostoolkit.org/ , http://chaostoolkit.org/faq/
• http://www.oreilly.com/webops-perf/free/chaos-engineering.csp book
• Chaos Engineering: Why the Label Matters7
• Chaos Engineering for the Business8 introduces great concept ”Limited scope, continuous, disaster
recovery”
• Are you ready for Chaos Engineering?9
• Chaos engineering paradigm10
• https://github.com/Netflix/chaosmonkey
• From resilient to antifragile - Chaos Engineering Primer DevSecCon11
7.9 Continuous Integration
• why it matters
• how it works
• key technologies
• build your CI pipeline now
– from your laptop to deployed site (push to production in seconds) - Hugo is a great way to see
this in action
– key paradigms shifts occur when one see this in action
– Give example of EC2 environment with:
* vulnerable website
* ZAP (to generate attack traffic)
* ELK (to visualise traffic)
* Write security tests that execute against site
• compare with CD (Continuous Delivery)O
6
https://medium.com/chaos-toolkit/the-language-of-chaos-experiments-in-chaos-toolkit-bd55a5c04057
7
https://medium.com/russmiles/chaos-engineering-why-the-label-matters-35ddbb974fa5
8
https://medium.com/russmiles/chaos-engineering-for-the-business-17b723f26361
9
https://medium.com/russmiles/are-you-ready-for-chaos-engineering-59b859091281
10
https://www.codibly.com/2017/05/chaos-engineering-paradigm/
11
https://www.slideshare.net/sbodiu/from-resilient-to-antifragile-chaos-engineering-primer-devseccon
Concepts 36
7.10 Facts
…
Data-driven decisions
• be data and facts driven

• science up your arguments (be intellectually curious)
• check your sources
• understand the agenda of who is talking to you
• don’t trust what is on the media namely when it is selling fear (after all if it is on the media it is
because it is rare)
• FUD (Fear Uncertainty and Doubt) - Used to be used a lot in the technology sector
7.11 Functional Programming
…
• explain how it works and the power of it

• examples in Node
• dangers of creating hard to read and debug code
– I’ve seen cases where code exists that nobody really understands how it works (in Scala
environments)
* this is a security risk
* developers though they were the problem (problem was function that was too complex)
* it is not because you can that you should
* code readability and maintainability (by the ones that have to maintain the code, not by
the one who wrote it) is a big factor in the quality, value and risk of a piece of code
* another situation is the ability to not create a full list of urls/endpoints (when function
programming is used for handling web-requests)
• when functions are objects
• that said, when funtional programing is well used it can produce code that is super elegant and
efficient
7.12 GDPR
• Know your rights. What does it mean for you

• History of privacy
– The Right to Curate an Identity12
12
https://pbx-group-security.com/blog/2017/12/04/the-right-to-curate-an-identity/
Concepts 37
7.13 Gamification
• Game Theory
• add Ted talk on it
• You (Gen Z) see this everyday in your digital interactions (the badges, the nudgets, the rewards, the
streaks)
– you are being manipulated into being hooked into the apps your used
– you are the product, not the client
– there are teams that their job is to find more ways to hook you (and your time) into their
platform
* supported by lots of Science and Research (into how we consciously and unconsciously
behave)
– understand when you are being played (or brains are not designed to control the stimulus we
receive)
• the power of nudges and FOMO (Fear Of Missing Out)
• that said, as a developer this is a really powerful skil to have
– when developing gamification systems quick feedback loops are critcal
7.14 Inventing on Principle
• Bret Victor’s inventing on principle (https://vimeo.com/36579366)

• (add transcription reference) <- print this and read it
7.15 Karma Points
• ”Luck is when oportunity meets the prepared”

• ”make their day” - do this for everybody you work with a collaborate
• never waste an oportunity to help others, to share knowledge and to create connections
7.16 Legacy Applications
…
• Why they happen

• The code you are writing today will be legacy tomorrow
Concepts 38
• SecDevOps Legacy - and the opportunity of legacy applications (and why it might be a good idea
to work on them)
– best features: ”no new features”, ”very low expectations of changes”, ”changes are supposed
to be hard”, ”lots of low-hanging-fruit for refactoring”
– add link and references to this presentation
7.17 Micro-Services
…
• explain concepts
• where they work great
• Swagger.io
• problem of understanding how they work together
• move from a ’blob of code’ (the monolith app) into a ’large blog’ (the constlation of Micro-services
that nobody really has a good understanding of all moving parts and inter-dependencies)
– this is where Chaos Monkey is a great tool to understand side effects
7.18 Netflix Culture
Read this https://jobs.netflix.com/culture

Here are their core concepts
• Encourage independent decision-making by employees

• Share information openly, broadly and deliberately
• Are extraordinarily candid with each other
• Keep only our highly effective people
• Avoid rules
The best companies are (or will be) following these concepts, not because its ’cool’ but because it makes
companies more productive, more nimble and more profitable.

-
Concepts 39
7.19 Pair Programming
• https://en.wikipedia.org/wiki/Pair_programming
• idea that pair programming is not optimal at the moment
• When I code in a ’real-time coding environment’ I am pair programming with myself
• a much more interesting pair programing model is one where programmer A codes and programmer
B writes the test
– this is a situation where we actually want the more experienced programmer to be writing
the code, since for code to scale we want ’coding excellence as BAU’
– the more powerful and effective code the code written by the less experienced developer, the
more scalable and effective the current development environment is
– specially important, given the current skills shortage with developers and the companies
preference to use an XYZ budget to hire 2x less experienced developers vs 1x more experience
developers
7.20 REPL
…
• explain concept: Read Execute Print Loop

• how O2 Platform did this really well
• concept still not very well understood and used
– some languages have added this to their core workflows (Scala for example)
7.21 Recursive Functions
• explain what they are

• how power for symplicity
• show dangers
• the visitor pattern
• vulnerabilities created by it (find SSL CA vuln presented by moxi at BH)
Concepts 40
7.22 Serverless
• latest industry fad, but important development

• important to understand why is it gaining momentum
• important to understand the limitations
• another example of the failure of Techops to innovate
• the path to ’Serverless’
• How AWS Lambda changed the paradigm
– big example of how it can work in enterprise enviroments
– lots of powerful side applications (for example creating AWS WAF rules)
* Writing AWS WAF rules is a skill that would get you hired! (for example dynamically
blocking IPs)
• serverless doesn’t mean ’no servers’
– of course that there is a server, just that the app abstraction goes up another level (it lots of
cases it is an function)
– this will be successfully because it is massively cost effective (story of the crazy cost reductions
and performance gains from moving to a lambda based architecture)
– when you look at how much process and memory (in aggregate) is actually used in by apps in
dev, qa and production, you will see that the amount of waste and over-provisioning is huge
(i.e. resources not used)
– once we add more scalable and dynamic micro-services architectures and applications that
are able to ’self-degragade’ their features based on load (and other factors like security), we
will have a very powerful, resilient, available and secure application environment.
7.23 graphs
…
-
8. Your CV
8.1 Blogs
• Workpress, medium, Blogger

• find your voice
• hard part are the first 50 blog posts
• it is really hard to write
• view it as an exercise
• any feedback is healthy
• amazing feeling when one post gain traction (and it referenced in sites like redit)
• comments are gold (get rid of any kind of spam or link-bait in comments)
• use your blog to ask questions (with data behind your question and the paths you have tried)
– don’t worry about how rusty and rough they are, what matter is that you have started to
publish
– it is your blog and you are learning
• write about things you are doing on the day-to-day. explain your path and personal stories about
making it to work
• write for your future self
• key concept: ”answer questions made to you with a blog” (great way to write good/relevant
content and scale your time (specially important when you get asked the same question by multiple
people/colleagues))
– i.e. when somebody asks you a question, write a blog post with the answer and send them the
link to it
• Blog titles are very important (since they help with SEO a lot)
8.2 Future Self
…
• create assets that will be useful for him/her

• power of opensourcing your ideas
• letters to a younger self are not that useful (unless you have a time machine)
• this is why you want to share
• example of how I use it (twitter case study)
• use twitter as your personal search engine. Here is a perfect example that happened with me when
writing this book:
Your CV 42
– image
– image
8.3 Git
• git history: ”Here is how it all started…”

– what git means in the UK and in the US
• ”the opposite of SVN”
• why is it called git
• TED talk about ’git for the rest of us’
• explain git architecture
– graph and tree based
– how every commit is connected to all commits (hashed together)
– very similar to blockchain
– the distributed nature of git
• invented to scale
– linux is one of the most complex and large software development project (and community) in
the world
• Git (version control) all your documents
• Use Git as your backup
– get a version of your code or document from a couple hours (or days) ago
• write code that consumes Git Native objects
• learn about git hooks namely the post commit ones
• learn what is inside the .git folder
• collaborate with your colleages (at school or work) using git (and GitHub/GitLab)
• why forks and branching are so easy and fast in git (just a pointer)
• graph based structure/database
• in git the files don’t exist on disk (the paths are dynamically generated based on the git graph) -
”Git is fundamentally a content-addressable filesystem with a VCS user interface written on top of
it” (https://git-scm.com/book/en/v1/Git-Internals)
– this is why branching is so fast (no need to copy files to the file system)
– best way to learn this is to clone a repo with lots of files and versions, and just checkout
different branches (each with a different file structure). What is impressive in this example is
how we can see major directories changing in seconds in front of us (i.e. with each branch
checkout)
• explain why git cannot store empty folders
• by now (2018) we should have git based file systems
• git is also great for site deployment
– explain pattern of having a special web method that listen for github webhooks and triggers
a pull (updating the site in seconds)
Your CV 43
– git deployment also works great for binaries (for example we one setup an git deployment
workflow for .Net binaries). Upgrades and rollbacks become a simple fact of doing a git
checkout
• use Git everyday
8.4 Github
• use github as your personal back up and time machine

• build on top of Open source
• with a proprietary service on top
• interesting open source challengers:
– GitLab
– Gogs https://github.com/gogits
• amazing innovation, how many times it pushes to production everyday. GH is one of the best
development teams in the world
• Github is your CV
– shows how you code, how you interact with others
– your commits and pull requests show your voice
– your accepted pull requests by other Open Source repos (the more popular the better) should
go on your CV (they are your badges of honor)
– number of people/projects using your tools ia validation of your skills (much better than
LinkedIn recommentation system)
• you should have a long tail of projects and forks (altough beware of the polution caused by forks
that you don’t contribute to). Keep this curated, since after all it is your research playground
• Github Bug Bounty programme (Gamification)
• use Github commit dashboard (a box for everyday that you did a commit) as a way to check ’how
am I doing’ (since you don’t want to see big periods with no commits (warning: don’t go over the
top and try to have a commit EVERY day, sometimes it is good to rest and not commit anything)
• Use GitHub projects to understand the Kanban workflow
8.5 LinkedIn
• Your cv
• connect to people so that you can reach them
• build your network
• get recommendations
• Graph database
• bought by Microsoft
• low signal/noise ration (and they have a really bad email/messaging system)
Your CV 44
8.6 Upwork
• what is it
• how it works
• how we use it
• success stories in finding talent in Upwork
• on demand economy (not just a race to the bottom)
• can be used to hire any type of professional
• Upwork and Upwork enterprise (good to get a monthly bill)
• use upwork to scale up your tasks
– make good ecoconmic decisions (who is faster and more cost effective to do particular task)
– delegating to a freelancer is really hard (and one that you need to learn)
8.7 leanpub
• reference leanpub manifest

• more than just a website
• great culture
• use it to publish your books
• direct connection with your readers
• story: how I built this book using leanpub
• story: all the other leanpub books that I have not completed
• pricing strategy: is it better a) less readers by all are paid b) lots more readers: and a significant
percentage is not paying
• publish early and often
– email readers on new versions
• ability to get a print-ready pdf (who can be used to print on amazon.com or amazon.co.uk)
– there are print on demand books, with no cost to you
8.8 twitter
• Use it only for your carrer (no personal, tweets)

• Tweet for your future self
• use as archive
• Create connections with professionals
• ’…you will be amazed how approachable some of the most knowledgeable professionals are’
• see future self chapter for an example of me using twitter as my personal search engine
9. Security
9.1 3rd-party-modules
…
• package management systems (https://en.wikipedia.org/wiki/List_of_software_package_manage-

ment_systems)
• massive problem for quality and securtiy
– add examples of npm changes that broke tons of apps
* https://medium.freecodecamp.org/npm-package-hijacking-from-the-hijackers-perspective-
af0c48ab9922
– add story about nmp module hack (simulated)
• this applies to both open source and proprietary code
– at least with open source we have the ability to see that is inside the code (at least we have a
change to detect and even fix (if we are paying attention))
* and eventually as a community we will be able to add (or paid for) enough eyeballs to
review it (namely the dependencies we use)
* we can leverage the community’s trust in packages (just like AVs today) and be able to
quickly propagate information about bad packages
· https://snyk.io/ is a really good commercial service in this space
• Bitcoin mining
– injection in 3rd party javascript library (to which read out webpages for blind or partially
sighted people) hit tons of websites in the uk https://www.theregister.co.uk/2018/02/11/browsealoud_-
compromised_coinhive/
– Bitcoin mining via module injection is going to dramatically change the security of 3rd party
modules, since there is now a business model for attacking 3rd party modules (up until now
the options to monetise those libraries was not very easy). Just to be clear, the reason more 3rd
party libraries (used my millions of applications) have not been compromised is not because
they were developed and deployed securely, it was just that the malicious attackers did not a
good business model to exploit it (now they do)
– there is even an interesting question if it is ok for popular open source libraries to mine bitcoins
from their users.
* for example what if JQuery did this and it took 0.1% of the user’s CPU (or %1% of the QA
servers) and used these funds to support the develpment of the next version (and pay for
example for dedicated developers or security reviews)
* this could solve the problem of how to fund the development of popular open source
frameworks
* maybe the browsers or servers could even support this natively (with 5% or 10% of CPU
allocated for 3rd party services bitcoin mining)
* Add story behind the developers that were thinking of doing this using the sleep function
Security 46
9.2 Bug Bounties
…
• big business these days

• talk about history of it
9.3 Defcon
• Defcon
• relation with Blackhat
– list other important security conferences (including OWASP)
• attendees got arrested , bit clashes with companies
• this was before bug bounties
• my experience at presenting at DefCon (how my research was done over there). Talk some details
about the vulnerability we discovered and how it was exploited
• ’why you should go to defcon’ -
9.4 Pointers
• How they work

– C/C programing will really help to understand how it works
• how all methods calls in Java and .NET are pointers
• how managed languages solve this
– is .NET managed? (who is enforcing the type?)
• understand the difference between Stack and Heap
• understand and exploit buffer overflows (stack and heap based exploits)
– Countermeasures
* Canaries
* ASLR (Address space layout randomization)
– understanding how buffer overflows work will do wonders for your understanding on how
memory works
Security 47
9.5 Security creates better developers
• Security requires to go deep

• to really understand what is going on
• promotes a ’problem solving’ and ’pragmatic’ approach that is very useful in development
9.6 Strings should be banned
…
• Strings are not strongly typed

• You never want a string , you want a specific type (with a very specific format/regex)
• Strings are 4Gb monsters
• What happens is some fields are given 100k of data (what is the impact on the back end
• Each layer needs to validate all data that it receives and consumes
• add link to John W article
10. Life Patterns
10.1 BBS and Modems
…
• How it blew up my home’s telephone systems trying out BBS (I had to manually disconnect the
phone line and recreate the plug to connect to the modem)
• story on my first connections to an BBS (with sync communications) and the files I downloaded
from them
• story of the first BBS we published and the first couple users we had
• expand on other network concepts
– TCP vs UDP
– Routers
– NAT
• publish your own server on your own broadband connection (easy to do)
• see this video Warriors of the net1 published in 20022 which is a brilliant explanation of the internet,
tcp packets and even security. I remember being the first time I actually visualised how the internet
and its multiple components work (now take a step back and realise that all of that happens in
milliseconds around the world in today’s technology)
– these are really important concepts to understand
10.2 Curse of Knowledge
…
• (find book that mentioned it)

• tapping a song story
• the power and problem of making paradigm shifts
– very hard to see and remember what the world/pattern/idea looked like before making the
paradigm shift
• where’s wally story
– very hard to unsee
1
https://www.youtube.com/watch?v=PBWhzz_Gn10
2
http://www.warriorsofthe.net/
Life Patterns 49
10.3 Ideas
• Ideas need to be protected

• (find video of Steve Jobs and Jonny Ive talking about ideas)
• http://www.businessinsider.com/steve-jobs-ideas-2014-3?IR=T
• the more ideas you generate the more ideas you will have. Capture them on books, create
hyperlinked connections between them
• in my mind, ideas are like little fairies (which are fragile and precious and need to be protected/nur-
tured).
– every time an idea is not captured and hyperlinked, it is like a killing one of those fairies (since
in most cases those ideas will be lost forever)
10.4 Impostor Syndrome
Impostor syndrome (also known as impostor phenomenon, fraud syndrome or the impostor experience) is
a concept describing individuals who are marked by an inability to internalize their accomplishments and
a persistent fear of being exposed as a ”fraud”. wikipedia3
This happens all the time to a lot of people, and can be very damaging to your career.
You really need to understand that everybody as doubts about their capacities and everybody makes
mistakes. Your value is on your ability to execute and it is key that you learn to share what you do and
be confortable with what you create.
• find post about what can happen (quickly) after Impostor Syndrome
– Fraudster Syndrome (or something similar)
* ”I’m past it”
* ”it was a good run, but now I can’t do it anymore”
10.5 Kind is naked
…
• always be ready to challenge status quo

• Steve jobs quote (”it has always been done like that”)
3
https://en.wikipedia.org/wiki/Impostor_syndrome
Life Patterns 50
• don’t assume that because a lot of people are doing, doesn’t make it right or that it cannot be
changed
• my barefoot walking story
– mainly social
– hard on the mind
– I liked it a lot
– ”it is not because 99.9% of others don’t do it, that makes it wrong”
• every major changes in our culture or society started with a small number of ’rebels’
• our industry (IT, development, security) is very receptive and encouraging of different ways of
thinking
10.6 Learn to Hack
• You need to learn how to hack

• understand what hacking is and what is its history (and how the media is the one that gave it a bad
name)
• great OWASP resources (WebGoat, JuiceShop, Testing Guides)
• in order to write secure code you need to understand how to exploit it
10.7 Mentors
…
• find them
• you will be surprised by how approachable they are
– if you have the right attitude, the mentors will see themselves in you (which is why most have
a soft spot to help)
• Books and publications are great mentors
• use the ones that you can physically or digially reach
• push your company or school to create mentor network (based on Slack for example)
– this is what we did at Photobox Group Security
• What 5,000 Gen Z’ers Tell Us About the Future of Work4 - see reference on importance of mentoring
4
https://medium.com/@doorofclubs/what-5-000-gen-zers-tell-us-about-the-future-of-work-6dd00f796e8f
Life Patterns 51
10.8 Publish, Publish Publish
• why is important to publish all the time

• graph that shows how great minds and artists publish a lot (the frequency of publishing is one the
best indications of talent)
• story of how this book is being written and how as soon as I had some content (20% done) I published
it on Leanpub
10.9 Refactoring
{{% panel theme=”success” header=”Topics to cover” %}}
• What is it
• How to apply to your life {{% /panel %}}
10.10 Start with Why
…
• key concepts from ’Start with Why’ presentation

– Why
– How
– What
• point is not to challenge everything, but to understand why things happen, or why we are doing
something
10.11 The Zone
• prob is constant interruptions

• Deep work (https://www.amazon.co.uk/Deep-Work-Focused-Success-Distracted/dp/0349411905)
• ”tap dancing to work”, ”Still day one” - Jeff bezos
• two different types of zone
• learn to be comfortable with incremental improvements. Detect moments of diminishing returns
• learn how to play the game of ’compound effects of ideas and capabilities’
• do the ’Happy dance’
Life Patterns 52
– always celebrate minor achievements

– journey is the most important part (destination is usually very anti-climatic)
• learn to trust that the next Zone will occur and learn with the periods when you are not in the Zone
– what is scary is when ’ideas stop flowing’
• there are ways to try to get into the Zone (professional athletes and musicians do it all the time)
10.12 Thinking as programmer
• Elon Musk ”cost of rocket’s atoms”
10.13 Workflows
…
• Thinking in systems and workflows

• this is actually how most programming works
• create systems with
– Incremental Gains
– Marginal gains theory
• power of digital flows and analogue flows
• what I look for in a workflow
• why books work but a type-writter doesn’t
• show JIRA workflows examples
• explain workflow I’m using when writing this book
– for example print, make notes, digitalise notes, repeat
11. Misc
11.1 Diagrams to add
• Info-graphic on GenerationZ - https://twitter.com/B_La_D/status/965704619035906050
11.2 Generation Z Research
articles - Why Generation Z will change the world1 -If you’re over 25, you’re probably wrong about
Generation Z. They’re the best crop of teenagers America has ever produced.2
videos
• A manifest from Generation Z3 , Elise By Olsen , TEDxOslo
11.3 O2 Platform
…
• explain what is it
• o2platform.com , https://github.com/o2platform
• fluentnode and fluentsharp
• REPL
• how this was my php
– spent a year coding it
– unlucky to come out of it when the economy crashed
• what I’ve learned
11.4 Stories to tell
• Monkey in cage that don’t get the bananas from celling

• My dad’s ”Building a university in field story”
• FISH! 4 concepts
– Be present
– Chose your attitude
1
https://medium.com/@fluidui/why-generation-z-will-change-the-world-18b400268fa8
2
https://medium.com/@jelenawoehr/if-youre-over-25-you-re-probably-wrong-about-generation-z-39f479df069d
3
https://www.youtube.com/watch?v=CrX5O2XWHws
Misc 54
– make their day

– play
• curse of knowledge (find book where I read it)
• the dip
• ”disagree and commit”
• ”you are the product” - you need to regain control of your data
• ”Great minds discuss ideas; average minds discuss events; small minds discuss people.”
• ”Mathematician’s Lament”
• https://waitbutwhy.com/ references
• https://haveibeenpwned.com/

Generation Z 2

Загружено:

Сведения о документе

Оригинальное название

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Generation Z 2

Загружено:

Авторское право:

Доступные форматы

Generation Z Developers

Key concepts and ideas for the next generation of developers

This version was published on 2018-03-05

0.1 GitHub Issues . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1

9.2 Bug Bounties . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46

10. Life Patterns . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48

0.1 GitHub Issues

• Add chapter on ’cloud-native’ : #63

1.2 How to get a job

• what problem it solves

Couple examples of Docker in action

references - Containerization1 - by MAYA Design - Containerization: The Most Influential Invention

• Trillions3 - video from MAYA Design

3.2 Pen and Paper

3.5 Machine Learning and AI

Do you know how to learn?

• ”Wow would I behave everyday?”

4.3 Backup your life

You basically need to backup your life!

4.4 The future needs you

Pick a vision and be the one that makes the deference

5.2 Open Source

• explain key concepts

The Cathedral and the Bazaar

Topics to cover and ideas

• power of assembly, the importance of learning how to code in ASM

* ”I remember when 286 was fast”

EFF (Electronic Frontier Foundation)

• https://www.eff.org/ (one of the logos for the cover)

5.6 Free Sofware Foundation

• why they were so important

• Here is how it all started

Topics to cover and ideas

• why wallabyJS is a massive paradigm shift and why is it so good

Topics to cover and ideas

• do you know how to use google?

Topics to cover and ideas

Topics to cover and ideas

• why was it created

Topics to cover and ideas

AWS is Amazon’s Cloud offering and is spectacular success story

– the cost of installing one server (£2k to £5k in large companies)

DSL (Domain Specific Language)

• what are they

Topics to cover and ideas

• detox from your phone

Notes Why We’re All Addicted to Texts, Twitter and Google2

6.5 Dot Language

6.6 IOT (Internet of Things)

• it is all about code

• why NodeJS took the world by storm

Topics to cover and ideas

7.2 TDD (Test-Driven Development)

Topics to cover and ideas

• replicate bugs first (before trying to fix them)

7.3 FDD (Feedback-Driven Development)

Topics to cover and ideas

• real-time feedback in IDE (REPLs)

7.4 Agile and Kanban

Topics to cover and ideas

• Test your pipeline

Topics to cover and ideas

• Change is the only constant