04 Nov 2024
There are 4 main takeaways for me from this recent experience:
- Be aware of your cognitive biases - in this case Recency Bias
- Reassess your foundations - just because something has been like that forever, doesn’t mean it is correct
- Follow the data - sometimes the data doesn’t make sense because your assumptions are wrong
- Never underestimate the power of turning things off & back on again!
This is the story of how a routine database upgrade triggered a brief 20 hour performance boost and how we eventually got to the bottom of it!
I’m very happy that we came across this and our apps are now 3x faster, using 10x less CPU, and saving hundreds of days in loading time for our users.
Head over to the OUB Engineering Blog to see it in full!
05 Feb 2024
In May of 2023, I attended a fantastic talk at OWASP Newcastle by Robin Fewster describing different threat modelling approaches and how to get development team buy-in.
I’d always been interested in the topic and wanted to try it out; this talk was the spark that ignited me to try adopting the practice at One Utility Bill.
One Utility Bill is a fast moving start-up with around 15 engineers, and we were able to apply threat modelling at multiple different stages of our SDLC without it getting in the way of delivery!
I decided to write a pragmatic guide detailing our journey to help any other security conscious start-up or SME wanting to do the same.
At a more meta level, this is a guide on how to roll out any sort of new process change.
Head over to the OUB Engineering Blog to see it in full!
07 Jun 2023
Running external vulnerability scanners against your infrastructure is a great way of bolstering your security 🔒
Whilst working at One Utility Bill, I came across and adopted Intruder.io.
I’ve really enjoyed their product, offering regularly scheduled scans and emergency scans whenever new CVEs are disclosed.
To make life easier whenever provisioning new servers, I produced an Ansible role to automate the enrollment and scanning of new servers.
Head over to the OUB Engineering Blog to see it in full!
06 Oct 2022
Relational databases have been an area that I’ve felt I didn’t really understand what was happening under the hood, how to optimise queries and how to troubleshoot issues.
You may be able to relate with me, you can get a long way with a basic understanding of queries but when things go wrong it can feel daunting to dig into all of the complexity that a RDBMS is handling for you under the hood.
After encountering a couple of different scenarios at work where database locks resulted in impaired system behaviour, I decided to spend some time to dive more deeply into transactions & database locks in MySQL and MariaDB.
I initially wrote up an internal troubleshooting guide to aid the rest of the team at One Utility Bill, but when we decided to launch our own Engineering Blog I turned it into a proper blog post.
Head over to the OUB Engineering Blog to read the post in full!
28 Jul 2019
Docker-in-Docker (DinD) is the recommended way to build and test Docker images in GitLab.
By running each build with it’s own fresh Docker daemon, you get the benefit of having a clean build environment and the ability to run concurrent jobs without any conflicts from other build containers.
However, your build times suffer because you can no longer cache the image layers on disk between builds, instead having to download them.
This post will tell you how to get a speed increase by adding a couple of lines to your .gitlab-ci.yml file.
More …