Tes engineering blog

This May I was lucky enough to attend the J on the Beach conference, in Marbella, Spain. The event is able to (just about truthfully) advertise itself as ‘on the beach’, but given the proliferation of ‘data’ and ‘DevOps’ conferences, did it stand out? Did it succeed in its aim of unifying us all around Big Data? And, most importantly, what does the ‘J’ stand for?

A sense of separation has sometimes existed between Security and Development, as though the two are not inherently connected. Security considerations have always fed into the way we work at Tes, but without the right connections it can be easy to end up viewing security as an impediment to speedy delivery or vice versa. We started a Security Engineering team (‘SecEng’ if you like) to bridge this gap and ensure our engineering teams see strong security in data handling as critical, and crucially, something firmly within reach.

Before introducing async-define, I’d like to give some context to explain what problem it solves and why we have to deal with these kind of problems at Tes. micro-services integration One of the most important decisions we had to take when designing our micro-service architecture, is how to make micro-services work together. This is a particularly tricky choice, because you should choose a pattern that allows micro-services to be shipped independently and create the least amount of friction between services (and teams as per Conway’s law).

You’ve all heard the old adage: There’s no ‘I’ in ‘Team’. Teamwork would be much easier if we were working with clones! But we are all unique so we have to find a way to figure out how to work with other people who don’t think like us. Remember, we travelled different paths to reach the current point in our career and picked up different skills along the way.

Our working culture at Tes emphasises a “remote first” approach. This means that any team member can work from any location. It’s awesome and it allows us to work with lots of lovely colleagues based around the world. It also means that if you want to go off and travel while working, you can go - no questions asked. Or if you want to come to our London office every day, that’s totally fine too.

The Tes engineering team could be seen as a managerless engineering team. It’s better described as an engineering team where the management responsibilities are shared across the team. If you’re wondering how this works, sit down and I’ll paint a picture.

The fact is, it’s just easier to work remotely with people you’ve met in so-called “real-life” - folks you’ve shared laughs and meals with.¹

One of the best things about working on a remote team is getting together in real life. Tes Engineering Week happens once a year in October. This year was the second edition after a successful trial in 2017.

Individual teams get together fairly frequently; however Engineering Week is one week in the year when all the engineers come together to bond. This is a significant investment of time and money for Tes but is worth it for both the shared experiences and trust that is established during the week.

Exploiting known vulnerabilities is still the number one way attackers compromise a system and is on the OWASP list of the Top 10 Most Critical Web Application Security Risks, so we’ve made automated vulnerability checking an important part of our development flow here at Tes. We’ve been using nsp, a neat little command line tool from the Node Security Platform (NSP), to find known vulnerabilities. All good things come to an end The NSP was recently acquired by npm and has just been shut down.

Imagine discovering your house had subtly changed every time you came home. The cupboard doors open different ways. The light-switches control different lights, and the hot and cold taps in your kitchen swap places. The inconsistency would be maddening – and the same goes for apps and websites. Creating a consistent UI keeps your users sane and orientated. For any product where there are multiple developers, the ideal solution is a shared set of common elements and styles, but this is not simple to achieve.