The Equifax hack is likely the greatest theft of personal data ever with 143 million American consumers impacted, 44 million in the UK and I’m sure many more around the world.

Equifax didn’t get hacked because they lacked engineers. Equifax didn’t get hacked because they were unaware security was important. Caring and having resources is not sufficient.

The relentless exposure of the insecurity of our government, security & corporate infrastructure, across the world, makes plain that an entirely new culture and approach is required to bring this under control.

Our early, target demographic at Chill Code is engineers & designers at startups and web development firms that want to outsource infrastructure designs to communities that have the ability to iterate those designs in such a way that they evolve and respond to shifting needs and threats. The collective wisdom of a community with respect to the immediacy of response, the perspectives that shape change, and the perspectives that validate or invalidate alternatives is capacity far beyond an individual developer.

This wisdom has layers.

1. Design is transparent & iterative.
2. Iteration is constant.
3. Intractable disagreement is resolved through forks – code and community.
4. Community and time tells us the winner.
5. Deployment is constant, driven by automation.

This is no more than the established wisdom of the development and DevOps communities.

What should be plain is that large firms require the same capacity – and that capacity needs to be deeply incorporated into their philosophies. Corporations need to stop thinking about what they do as ‘special’ or ‘different’. Where once, organisations like banks, had ground-breaking technologies, today they sorely lag the startups defining the new approaches. The security issues facing everyone require collective responses in the form of community patterns for infrastructure and deployment and the capabilities of the communities patterns trumps by far the value of bespoke design and secrecy. All of this driven by automation that is baked into the solutions for threat detection, notification & patching.

The alternative is you keep inventing your architecture. You keep building partial solutions with limited review. You let egos and secrecy continue to dominate. And where you do achieve something positive and original – hell, why not keep it to yourself?

Of course, as a technology community, we’ve long known the right way. This is the very reason why open source has triumphed. It is the same reason that GitHub has triumphed. Community delivers better technology solutions.

 

Have you ever looked at a GitHub project and thought, ‘I’d like to give this a go, but it will take me an hour or more to get it all up and running on a server because it has so many dependencies’?

I have and so I added a new feature to Chill Code that allows developers to embed a “Launch” button inside the readme file that takes users directly to the fork page for  a project. This means that developers on a GitHub project can build a Chill that models all the dependencies, the startup commands, the configuration parameters and which references the code on GitHub. New users can fork the Chill and have the project running on AWS in under 5 minutes.

Below is a screenshot taken from an example I created that allows users to install our demo projects quickly:

You can see this example here.

Here is the markdown:

<img src="http://tomcat.apache.org/images/tomcat.png" alt="Drawing" width="32" height="32" />    [![Deploy Button](https://chillcode.io/images/launch.png)](https://www.chillcode.io/s/1O)

In this instance, I have provided an icon to represent the project (Tomcat), and a link to the fork page (https://www.chillcode.io/s/1O). Just replace these references with your own and you’re away with your own GitHub Launch button.

Of course, this is a markdown example, but you can use the same image and approach in any piece of HTML, such as the front page of a project.

We release continuously, but some releases have more visible changes than others and I thought it was worth highlighting some of these in the latest version as I think they have really made Chill Code easier to use and understand.

Firstly, we have introduced messages and alerts on the right hand side. More generally, we tidied the screen to make clear that you do your work on the left, and helpful meta stuff resides on the right. In the image below we have a welcome message and alerts highlighting that I haven’t added my AWS credentials (i.e. I can’t deploy) or any GitHub repos (I can’t add source).

You can use these alerts to set credentials outside of the credentials screen as they expand.

The message/alert layout is carried through to the Chill screen. This view of the Chill itself is now much tighter and the tabs have been removed so that your environments are more visible. The reasoning here is that people were making great Chills but never deploying them – so we’ve tried to make the deployment functionality far more visible.

Back on the front page, we’ve added a feature that allows you to create a new Chill from a software package search. In the instance below I’m looking for Node:

And I get a collection of packages back…

 

I can select one of these and then create a complete Chill from it.

Theoretically you could then deploy straight from here, though you probably want to add content and startup instructions. The goal with this mechanism is to encourage everyone to search for software that they can deploy earlier in the journey of learning about Chill Code. Indeed, we intend to add this to the front page so that anyone that visits get site is tempted to explore and get drawn in.

A brief word on the next release. The code to allow deployment to Google Compute Engine is in place (via the native API’s rather than lib cloud that we use for AWS). We need to bring these features to the front end – so hopefully that will be ready in the next fortnight.

 

 

I’m a good software engineer, but I’m not one of those engineers that delights in engineering, and is sought out for their engineering brilliance. I just want to build stuff and I want people that play with the stuff I build to be excited by their experience.

The implication is that any activity that is not focussed on creating and building great digital experiences is, for me, a distraction that grates. If there is something I’m building, then my tax return is gonna be late, and the office will be untidy. However, I reserve my maximum contempt for that time spent working out what software infrastructure to run, where to run it and how to deploy it correctly, consistently, securely, cheaply, flexibly – and quite a lot of other adverbs. Because that time isn’t occasional, it is constant, it is unavoidable, it is tedious and I am shit at it.

Designing and deploying infrastructure requires a lot of research, testing, experimentation, process and discipline. Many web agencies seek to mitigate this risk by employing the same pattern for years at a time. For example, they select Django or PHP and they get a contract with Rackspace and there are a bunch of other dependencies and that is the pattern. Node.js comes and goes. AWS and Digital Ocean arrive but the pattern is the pattern and all the great benefits of that new technology are ignored.

And I sympathise because I struggle to keep with up the latest technologies. I am frequently conservative in my choices because I simply don’t want to spend time learning what the recommended web server is today for a given class of app. What the recommended driver levels are or learning the subtle differences in how to deploy that latest version and testing all the combinations of packages.

Many engineers enjoy learning new technology – they consider it an opportunity to expand their understanding of the universe. But most don’t, and I have become one of those. We have jobs that require us to produce stuff and we are rarely judged on the currency of our technology choices.

The problem is getting worse as the pace of new new technology and resulting options increases. And whereas 15 years ago there were operators that did the installation today we have DevOps – and this is frequently just an excuse to get the developers to manage the environments without the tools, budgets and training to make it meaningful. I can barely keep up with the new languages and development methodologies – how does anyone expect me to keep up with DevOps – especially as I hate touching infrastructure and all it awkward knobbly bits?

So we built Chill Code. For me, it’s the product that I have always wanted, as a good but not fanatical software engineer. I want to know that I can go to a single location, search for patterns that broadly match my need and that have been implicitly embraced by the software community (as expressed through the fork count). I want to be able to deploy those patterns, with my source code or content from GitHub, in one click, and know that the deployment will be consistent regardless of which cloud I elect to use. That way I get to concentrate on what I care about – building things in code that give people great digital experiences.

 

 

Two of those names you probably know, but one you may not, and you really should.  These are three of the key technologies we use in Chill Code, I thought it might be useful to describe what we like about these technologies, why we use them, why we love them, and maybe a couple of things we don’t like about them.

NixOS

NixOS is a Linux distribution with a unique approach to package and configuration management. Built on top of the Nix package manager, it is completely declarative, makes upgrading systems reliable, and has many other advantages.”

— from NixOS.org

We use NixOS for almost everything, including the deployed environments you get when you deploy an environment with Chill Code.  There’s a lot of really nice aspects of NixOS – and its expression language Nix – and, of course, a couple not so nice aspects but on balance we’re big fans.

I encourage everyone to read about Nix and a closely related project Guix (pronounced “geeks” apparently).  Personally, I am not a huge fan of Guile Scheme.  I prefer Nix, but that’s only a case of different strokes for different folks.  NixOS provides us with a lot of important features that ease not only our own infrastructure but the infrastructure of the infrastructure we deploy as well.  To highlight a few:

• Declarative system configuration model – This is a big one.  It is very difficult to deal with a description of a system configuration that gets implemented in a procedural/sequential fashion.  Ordering of instructions becomes a huge issue without it, and you get into very serious problems when you try to deal with the complete software stack.  NixOS doesn’t ultimately solve this at every level since it doesn’t cover your own software for instance, unless you’ve been a hero and defined your software and configuration in Nix, but it goes a very long way.
• Atomic Upgrade + Rollback – All or Nothing or nothing config, I really can’t tell you how much easier this makes life.  My earliest incarnation as a technologist was as a database administrator – I can’t even count the number of times I wanted the equivalent of “ROLLBACK;” in systems administration
• Reproducibility- If you have the same source, and the same Nix definitions, you get the same output, almost no exceptions (and the Nix community is pretty constantly working on no exceptions).  This is more about software build tools and packaging systems than it is about system administration, although the two are clearly closely related.  How many folks reading this have had this situation: You have a pretty well crafted Maven build, but one day your well oiled and elaborate pom.xml starts producing software that is just plain broken.  After a painful amount of time you realize that so dependency deep down in the dependency tree changed in what seemed an innocuous way that broke the whole thing.

All that said there are a couple of things, which we are not fans of, but you take the good and the bad.  To highlight a couple of those:

• A very unfamiliar file system layout and a rather intimidating looking set of paths.  It’s not that bad when you get used to it, but it is a reasonably sophisticated thing to get used to.  From the Chill Code perspective we recognize it as “not great,” but we also think – generally speaking – dealing intimately with an operating system is a distraction from delivering on your ideas.
• Nix is essentially YACL (Yet Another Configuration Language) – and how many of those are there today?  It seems like over the past few years there have been a half dozen or more attempts to build the better mouse trap for configuration, complete with fanatical fan base extolling the virtues of their own dialect.  Any time a new expression language comes out, I shed a solitary tear, read up on it and then move on.  You never know when you’ll need it.  That said Nix’s declarative approach is powerful and succinct if unfamiliar.

As I’ve said though, we are big fans of Nix and NixOS.

Django

Django is a high-level Python Web framework that encourages rapid development and clean, pragmatic design. Built by experienced developers, it takes care of much of the hassle of Web development, so you can focus on writing your app without needing to reinvent the wheel. It’s free and open source.

— from www.djangoproject.com

Django just works. That is about the highest compliment in my arsenal.  Not out of the box obviously, but surprisingly close to it.  It’s one of the few frameworks that I’ve come across that saves an enormous amount of effort without forcing elaborate mental contortions trying to sync up with a new conceptual model.

My only complaint about Django is really just grumpiness on my part, and really its more about Python than Django.   I’ve been using it to one degree or another since the time I was experimenting with Xlib programming – back before the dark ages – the dark ages being my fascination with the first couple of iterations of MFC and Hungarian Notation. Over the years, I’ve developed an appreciation for strong typing and compilation combined with a powerful IDE.  Python IDEs (Komodo, PyDEV, PyCharm)  simply don’t compare to the Java (Eclipse JDT, IntelliJ, etc.) or C++ IDEs (Visual Studio, which is all but incomparable and I don’t even like MSFT programming).  In fact, I find Python IDEs,  to be more of a hindrance than a help, so I am back to just using Emacs.  Given all the other goodness that is in Python and Django its far from a painful compromise.

 

Docker

Ah, Docker, or was it Moby?  Let’s forget about the identity crisis for the moment.  We use the most basic piece of the docker ecosystem the container and relatively little else.  We use docker for two very specific reasons

1. We use it to simplify application configuration to the simplest most universal form available to day.  Simple here means that as much as possible applications are configured using the same mechanisms – at the moment we keep roughly to the 12 Factor way. Universal means that running and configuring the application should be roughly the same as way you would run an app on your desktop.  That may sound odd given that it’s still a bit unusual to run containers on your desktop, but again we are sticking to roughly the 12 Factor way.
2. We use it to encapsulate application artifacts and their runtime.  This makes it easy for Chill Code to deploy and redeploy an application and its components in a fairly predictable way, without introducing any huge new concepts for the developer to digest.

It’s interesting to note that we could have used NixOS based systemd-nspawn containers which are pretty good, but which suffer from the same problems as NixOS itself, since you essentially configure the container the same way you configure a NixOS.  Essentially, it is esoteric, and at the moment a fair amount of inconsistency about how to configure things from one service to the next.  Docker containers give us essentially three axes of configuration 1) software content 2) environment variables 3) command line.  Add to that whatever particulars your application may have (probably driving a lot of configuration off of a database a la WordPress) and quite a lot of situations are covered.

On the bad side, DockerFiles themselves are yet another configuration.  That would be fine except it weakens the immutability too much in our opinion.  There are directives you can use in DockerFiles which are by nature procedural will produce a significantly different result on from one execution to the next. That’s not a good thing in our opinion.  We ended up solving this by taking advantage of a part of Nix (dockerTools) using it to generate our docker images, but using our own mechanisms for shipping around images and running up the containers themselves.  I’d be remiss if I didn’t credit the Nix community and in particular @lethalman for coming up with a positively elegant solution to integrate docker with NixOS.  Truly very good work folks.

We may expand to use more of the docker/moby ecosystem as we progress but for now we have a pretty straightforward approach, and we always consider very carefully before we introduce new complexity to Chill Code.   The docker/moby ecosystem is in a bit of a confused mess.  At the moment really I wouldn’t say we are particularly opinionated about what should happen in the container world.  We require the most basic features of containers, and docker had the most elegant solution within reach for us.  Right now, it wouldn’t be all that difficult to enhance NixOS containers to work the way we need, or use rkt containers and we may yet do so, but its a trade off between effort spent and value we get back out of that effort.

That’s not all we use…

That is not an exhaustive survey of the technology we use at Chill Code.  Like any modern software project there are dozens of other components we use, but those are the majors.  It’s worth noting that our technology choices are guided by the same principle with which we design our own service, i.e. as much as possible the supporting infrastructure and components should get out of the way.  This is definitely the case with NixOs, Docker, and Django.  Each piece helps us implement our ideas and so far hasn’t become a job unto itself.