Hey everybody, and welcome back to another episode of Adventures in DevOps. This week, on our panel we have Jeffrey Girlman, Hey, check today doing all right?
We also have Caleb Fernari, Hey, Chuck, how's it going? Doing well?
I'm Charles Maxwood from dev chat dot tv. Just by way of announcement, we're starting a new show, or I guess I'm starting a new show. We released first episode this morning as we record this. It's called The dev Influencer Show. You can find it at dev influencers dot com, slash podcast, and I bet you can guess what it's about, talking about being an influencer in the developer and devop spaces. So if you're interested in that, go check out the show.
I'm also doing an accelerator and you can find more about that at dev influencers dot com. We have a special guest this week, and that is James Donahue. James, do you want to say hello and introduce yourself all the way from the Britain and BBC.
Hi?
Yeah, James, I'm a software engineer at the BBC. I'm really happy to be on the show. Thanks for having me.
Yeah, thanks for coming.
I mean some of my favorite shows come out of the BBC, Doctor Who and Downton Abbey, which are very much not alike.
Yeah, I have enjoyed those shows.
Great British Baking Show is another one that started at the BBC. I don't think they own it anymore.
But yeah, oh yeah, Roy Pokua, Yeah, everyone loves that show.
Yeah.
So you're you're like famous adjacent, right, we'll just say that, Yeah, you wrote this article on codeer Views. And what was interesting is is that we we lined it up on this show and MICHAELA was asking me what shows to get it on, and I was like, well, it's kind of good for any of the shows, and she's like,
can I get it on the devop show? And initially I told her no. And then because because usually I see the article a name, I don't see the author name, and so you get on and I'm trying to make this connection, like what are.
We talking about here?
But I realized that we're doing a lot of infrastructuring code these days, right, whether it's hey, I'm going to go spin up this virtual server and then run chef or Puppet or something against it, or whether or not we have some provisioning software that goes out and manages our network or manages our servers, or whether we have something that manages things for Kubernetes or things like that, and so those code reviews are just as important as
the other code reviews were doing. So I just kind of want to give people a little bit of background. This does apply to what you're doing in DevOps, but to get us started, I was looking at this article and you kind of explain, Hey, look, you know we we had to go remote, and because of that, you know, we experience certain things, and so we started doing the
code reviews in a certain way. And I was wondering if you could tell that story, because I think this is something that people are really going to identify with that people are going to go, oh, yeah, we have that problem, and you know, maybe this will help some of them find that solution that they're looking for.
Right, Yeah, of course, happy to you.
So basically, the area that I work in at the BBC's the World Service, and we have international news websites. We have about thirty five million weekly users across the globe. The sites are in forty different human languages as well, so there's quite a lot of complexity in our code base dealing with all of that internationalization and the fact that it has a global audience, and we started rebuilding
that application a couple of years ago. We had an old version that was a monolithic PHP applications service very well, but it was time to update the technology and we had lots of ideas new features we wanted to build. And what happened was we went in quite a short space of time from having about five developers working on a new renderer. We built a React based isomorphic single
page application to replace the old monolith. I think we had about five developers working on it initially and over the course of really just a few months we went from that to about thirty five developers. And also another thing happened was that we went from all being based in one office in London at Broadcasting House to being distributed across different cities in the UK and also in
other countries as well in Africa. We had some developers we were starting to have to get used to remote first development, and this is before the pandemic, this is before you know, the big changes of last year. We were having to adapt to scaling quite quickly and also being remote first all the time, and that's when we started to notice that something interesting was happening to code reviews. Some of our code views were taking out a bit
longer than we'd like. We noticed there were some problems where code reviews would spend a long time going on. There'd be a lot of comments on the pull requests, a lot of back and forth between different people. A lot of new engineers were contributing to the code base, and not all of them really knew how we did code reviews or how we approached them, and we felt that there was probably a lot of tacit assumptions in
the way we were doing code reviews. We also had a bit of feedback from some of our developers that they found the process quite confusing and quite stressful sometimes. And it was really at that point that we thought, Okay, we need to take a step back from this. We need to talk about what is this code review process for?
Why do we do code reviews?
And the interesting thing was that none of us could really remember ever having.
Had this conversation before.
We'd all been doing code reviews for years, and we never actually said why do we do this?
What are we trying to get out of this?
And that was really the starting point, we wanted to talk about it honestly and openly and really find out what everyone wanted to get out of the code of view process.
That makes sense.
It's funny too because as you go to kind of that remote first or primarily remote culture, right, because some companies went almost fully remote. In other companies they either had some kind of requirement or managed to have hold on to having some of their folks stay in the office, right. But as you move even part of your team out of the office, the requirements on your communication goal way up.
And so it's it's definitely interesting that, Yeah, all of a sudden you're having discussions about how you communicate in these ways. I'm a little curious before we dive into how to start approaching this though, or other panelists Jeffrey and Caleb, I mean, what, what what's been your experience with this kind of thing, going remote in this way, especially through COVID.
Yeah, I know, I think you sort of hit it on the head. I mean, it totally made us really refocus on how we communicate and and you know, you just can't walk over to the to the next person's cube or you know, or say hey, let's just grab a breakout room or something. I mean a physical breakout room that a zoom breakout room, right, and that changed a lot. But I'm curious. I want to i want
to throw a question back to James. I'm curious what you guys came up with, because when I read your article on Medium, I was thinking, Wow, you know you ask all these questions about like why are we doing code reviews? And I was thinking, you know what you said, it's all the above, and you're like, what fifteen or twenty different answers? What did you guys come up with? What is the reason, what's the motivation?
Well?
Yeah, I mean you're right, we did list a lot of things that we thought code reviews before. I think in the blog post I put like fifteen different possible reasons that you could do code reviews. The thing we kept on coming back to time and time again, the motivation for code reviews that we seemed to be hitting no matter how we talked about it was communication and understanding a lot of the things that I summarized in the article really came out of discussions in our teams
where we were asking what code reviews for? So you know, if you're if you're if you're discussing different approaches on a code review, that's a form of communication. If you're linking to other documentation or resources, that's communication. You know, you might be checking that work meets certain quality standards, or thinking about readability and maintainability, those kind of things.
Communication seems to be the recurring theme here.
So we felt that that was really something we like, we wanted to put at the heart of what we were saying that code reviews werefore because a lot of people have got different expectations about what code reviews are really for them. That and that kind of surprises people when you when you say to them, hate it's more about communication than anything else.
Yeah, absolutely, I always felt like it was. There was almost this you know, unspoken idea that it's all about quality, code quality, and hey, it's just up to snuff. And you know, I mean, I've got a security background, so I'm in cybersecurity and application security all the time. And so when you know, folks in my world think about code reviewers, we're always focused on thinking about code defects
that are of a security in nature. Right, how do we how do we try and find those underlying issues in code and sometimes just to go off on a tingent for a moment. I think that's interesting is that, you know, what, do a lot of reverse engineering of code to sort of understand, you know, where can somebody who's trying to do something nefarious, where can they sort of grab a toe hold and do something interesting, whether it's around access control, authentication, something like that, you know,
in the software base. And so I just sort of gravitate towards that idea that code reviews are always about,
you know, finding code defects. And it's interesting because I think there's a lot to what you're saying that it really should be a lot about just getting the whole team together and sort of communicating and you know, sort of more on getting them on the same page, because you know, at least generically speaking, I can see a lot of value in that and then doing you know, if you've got specific purposes like what I'm describing, then that might be a different use case, a different reason,
and maybe a different setting for running a code review outside of I think what you're describing. But I don't want to put words in your mouth, but I'm sort of just trying to get an old Sheldon in my own mind.
Sure, you know, I think you're absolutely right, Jeffrey. I mean, the view that code reviews are about finding defects is primarily about finding defectses is a really widely held one.
One of the things I mentioned in the article is there's a really interesting piece of academic research that we've done at Microsoft in I think twenty thirteen, where they examined hundreds of code reviews across large parts of their code base, and they analyzed each code of view in terms of what the actual outcome of that code review was.
They looked at every comment on the poor request and they categorized them all, and they basically figured out that the most common outcome of code reviews was basically people asking questions about something, other people explaining things, and that process of communication, learning about the code or discussing the code is the most common outcome. Whereas when they interviewed the developers and said what do you think is the most common outcome of code reviews, they said, oh, it's
all about finding defects. But there was a just found The funny effects is it does happen. Of course, it does happen. Sometimes people will find a bug in code just from looking at it visually, but there's actually a lot of other stuff going on. There's there's coaching and mentoring, there's you know, exchanging ideas and approaches.
There's not all of it.
It's just about saying, hey, we found a bug, you got this wrong, this needs to change, and although you know that is one possible outcome.
Yeah, I like that in the sense that how do I put it? Because when we do the code reviews, a lot of the communication in the code reviews is about that, right, I didn't see anything wrong with this, and so I approved the pull request. That's kind of how we run at work. I mean, we do mob programming, so you know, we have different teams of like three four people sometimes two people, you know, and we just get on a remote call. It's exhausting, by the way,
and then we just we code all day. But then we pass off our work in a PR to somebody else who does a code review on it. And yeah, a lot of it is just we want somebody to look at it and give feedback on it.
But it's not that specific.
And I think that's something that I'm kind of pulling out of this, out of your article and out of what Jeffrey is pointing out, and what you're saying is that, you know, we've got to basically open the door and say, hey, look, it's okay for you to say, hey, I don't understand this.
Can you train me on it? Right? Or I don't know?
I you know, I don't understand this approach. Can you explain to me why we went this way in not a different way? Or I'm trying to understand this particular area of code, you know, or maybe I do see that this thing could be problematic, either for maintenance or security, or you know, any of the other number of things that we wind up coming back around to because they bid us in the rear end at some point, right, and you know, in those kind of fall toward defects.
But some of those are really kind of how do I put it, they're they're kind of cloaked to something else, you know, if it's a maintenance issue, and then we eventually clean up what's causing the maintenance issue, it's not necessarily a defect. It is a defect, but we don't think of it in the same way as we think of a bug, right because the code still works. It's just every time we go change it. We have to you know, jump through a whole bunch of hoops to
make sure we didn't break anything. It's a maintenance nightmare. And so you know, and I can kind of imagine the same thing with you know, whether it's infrastructure or chef recipes or you know, whatever you're dealing with, that same kind of thing. And so yeah, if somebody can pass along, hey, look we do it this way because we found that it saves us all these other hassles
in the back end. And what's funny is is sometimes you'll get the new person in my I have a fifteen year old who's playing video games now, so the total nube will come in, right, and they'll say, oh, well, why don't you try this other approach then? Right, that has all those benefits you just listed for why you're doing it this way, but also gives us this other benefit that I'm seeing we might be able to add.
And then all of a sudden, you have a better process, right, And by understanding and documenting and pushing and communicating, that opens up all these doors. And that's really yeah, that's what we're talking about with these code views. And that's back to the original idea. It's all of the above. It sounds like you have a process, you know, after reading through this article, you have a process for conducting these code reviews that make sure that all these things get communicated about.
Right.
It's not just opening the door for it, it's explicitly calling out, hey, are we thinking about security? Are we thinking about code structure? Are we thinking about you know, these different levels of concern so that at the end of the day we know that we've covered our bases here and we're communicating about the things that we care about in our code.
Yeah.
Absolutely, I mean I think you've hit on an interesting point there, which is about who does code reviews or who can do a code review. We were quite clear in the discussions we had at the BBC that we thought that developers, engineers of all levels should participate in the code view process. It shouldn't be a situation where my code can only be reviewed by somebody who is, you know, a pair of mine, or somebody with more experience than me, or more familiarity with this than me.
Just for the reasons you've given that that quite often you get really interesting perspectives and questions and challengers from people who are new to develop new to engineering, new to this particular code base, and so in order to try and help facilitate that, we put some some prompts and suggestions into our code reviews guide, where we're saying, if you're a new developer, if you're need to this code base, here are some things you can try when
you're doing a code review. Here are some things you can ask Have you spotted something that looks a little bit inconsistent? I mean you could ask the author to explain that. Have you asked the author about if they've considered security, performance, accessibility, other kinds of non functional requirements. So a bit of a cheat sheet almost where you can say, you know, these are things we should be thinking about when we did code reviews. And it brings
more people in the team into that process, right. It means that more junior engineers or less experienced engineers can participate and actually give just as much value to that process as people who you know, have been working on the code for years.
What James is, when you're talking about kind of you know, having junior developers doing code reviews and these kind of things, it seems like a large part of what you're doing is kind of reframing the intent of the code review.
And I don't know if this is a problem you guys have had the BBC, but I've seen teams in the past where junior developers very intimidated by the code review process, and you know, it's kind of seen as a gatekeeping role where they're checking in code and then senior developers are looking at it and kind of you know, going over it. So I really like the kind of idea of reframing it so that it's you know, code
reviews are everyone's responsibility. It's a collaborative team process, and it's more about the communication rather than the gatekeeping, even though you still get maybe some of those gatekeeping functions if you do need to have security reviews or have
senior developers reviewing code and looking over those things. Just by reframing it you get all the benefits and maybe a much better participation rate, particularly in a remote context where onboarding developers can be a little bit more intimidating, Especially for junior developers. You don't have that kind of face time. You know, it's a little hard build team cohesion remotely in those kind of things. Is that the correct kind of analysis of the direction you're going with.
This, Yeah, absolutely, Caleb.
We found that, particularly we're going more remote first, that junior developers, less experienced developers were quite wary of the process and quite reluctant to get involved. And you know, as we were saying earlier, you can't just lean over to the person sat next to you at your desk and you know, informally ask for help. Everything is a bit more formal, a bit more structured once it's done just via pull requests. We wanted to really encourage people
at old levels to get involved in that process. And yeah, I think we were really reframing code of views a little bit and make it feel making it seem more like a collaborative process that is benefiting everybody in the team. I mean, I think we have to recognize as well that code views can be quite demanding, can be quite stressful in fact, for people of all levels of experience.
You know, having your work looked at by other people can be challenging sometimes, But at the same time, it's part of being a software engineer that you people are to look at your code and you have to be able to receive feedback about your code and give feedback on other's code and get comfortable with that process. So there is obviously still a gatekeeping function within code reviews, and there's an important role for that, but we wanted to try and promote the idea that the team owns
the code collectively. It's not like up to an individual person to decide whether something is okay or not.
It should be a collective decision.
People can have different perspectives on that, and to make it a bit more of an approachable process that it's not so seen as in a really intimidating thing where this really senior experienced person will come and give a verdict on your code. It's more of a dialogue where they say, okay, so why do you approach the problem this way?
Have you considered it this way?
It's not just, you know, just the kind of pure gatekeeping process that it might have been seen as occasionally in the past.
Yeah, I'm going to step into my confessional here for a second, because so the job I'm in now when I got hired, so my full time job, I'm actually writing Ruby on rails and then I kind of dabble and react. We're kind of sneaking that into the code a bit now, and when I got hired. Just to give a little bit more context, Ruby Rogues, which is our longest running podcast on chat DOTV, has been running for it will be ten years in about a month.
Oka.
And so I'm widely seen as an expert in Ruby on rails and I was sold that way when they hired me. Kay, they told everybody that works in the office here in Utah, you know, this guy's an expert.
He's a dream hire. Blah blah blah blah. And every time I do a code review, I feel like I have to live up to that, right, And so it feels that way for seniors sometimes too, right They feel like they have to be the one to catch it, they have to be the one to see it, they have to be the one to know the answer to that. And there are some parts of these applications that I just have not really done a whole lot with and I have to swallow my pride and take that too.
And so I think it's important for everybody at whatever level you're at, to just realize, look, you've got to you know, this is an opportunity for you to level up as much as it is for an opportunity for you to help somebody else level up.
You know, one thing I'm curious man, is well, I guess two things. One is, you know, with everyone that are coming into code views with a different mindset and some of it being around, hey, how do we you know,
we want to find code defects? Did you or did your team sort of decide or sort of come out of this and say okay, in order to sort of keep people focused on what we want them to be doing and not just sort of you know, getting them too stressed out about, you know, trying to find something that may not even be there, right, did your team sort of relook at well, maybe there's a better way for us to find you know, let's get people's mindset completely away from you know, I'm going to find something
wrong with somebody's code, right, and and and focus that on hey, maybe we'll do a better job, or maybe we'll sort of rethink how we formalize the QA function or you know, testing or something like this. This way, everyone understands that that's really where we do, that's where we find code efacts, right, and and to really focus people on the review process is not about that if it comes up great, if not, so that that's My first question is, you know, was there change in how you also.
Thought about finding effects?
And my second question is coming out of this, I'm not sure how long this has been put into practice now, I'm curious that what have the outcomes been, Like have you been you know, measuring instrumenting this and saying, hey, wow, this is really cool. What we're finding is that the result of all this effort has been that, I don't know, our developers are much more productive more, everyone's much.
Happier because we're communicating better or I'm not sure. I'm curious about those two areas.
Jesus team gets a thousand more code points per week, right, Yeah, I can try to answer the second question.
So there's two sides to it, really, I suppose to the qualitive quantitive side. Really, in terms of qualitative, we we didn't really have a precise way of measuring that. We had some discussions earlier on some feedback from some developers, particularly ones that were new to working on the code base on the teams, that they were finding the process
difficult and stressful. We then had some feedback later on that things had improved and that there was there was a view that things were now getting easier for especially for new developers. That's kind of a very kind of
subjective thing. On the more sort of objective quantitive side, we could see we had some software that we were using to track the number of poor requests that were open, how long those poor requests had been in code review, how many could review cycles they've been through, and how many comments from the pull requests. And we saw that all of those measurements kind of moved in the direction
we wanted them to go in. So code was spending less time in code review, it was going through less revision cycles, and the result was we were actually merging and shipping that code faster. Now, the code view process wasn't the only thing that we changed during that time. I've got to say there was a lot of changes going on at the time. One of the other things we were working on at the same time we tried, Charles, you've spoken about mob programming or swarm programming.
We called it. We've tried that as well.
So we were doing a lot of work with mobbing and additional pairing, and that may have also helped bring
down the burden of code reviews. I'm really interested to hear what other people think about that because we found that by doing more collaboration upfront before you get into the code review stage, by having more voices and more kind of perspectives heard during the initial implementation phase, quite often that the sort of formal okay, now let's do a code review part of this is actually tends to be a lot smoother because a lot of that communication
has already happened, a lot of possible objections or concerns have already been anticipated earlier on. So that was something else we were trying at the same time. And I think it's a complementary technique. It's not like you don't have to do just that or just change your code reviews process, that both things can kind of can kind
of help you achieve the same goal. But yeah, we have seen we have seen improvements both in terms of the rate in which we're able to deliver stuff and also subjective feedback from anonymous feedback from developers in the team that they were finding the process just easier and more enjoyable.
What are some tools that you've found helpful when doing code reviews or you know, you mentioned something you're using to track code reviews and things like that. What does this look like on a practical level as far as tools and process when you're doing the code amusement, are you using GitHub whole requests or do you have other, you know, sort of specialized software or less known tools that you're using to help with that.
Yes, so we use GitHub for really most of our work these days, so it's good. Pull request is the main way that we track back, and then we have some tooling dot on top of that that we were using to keep an eye on the number of pull requests that were open and the how long things have been in the code review stage. And yeah, we still use things like jerror as well for tracking some more project level activity.
So those are some of the tools we're using.
We do have a few in house tools that we use as well to just just keep an eye on the rate that things are being worked on and how long it's taking things to seem to actually make it to production.
Yeah.
I'm going to chime in here too on a couple of things that got brought up. One for the mob programming, I completely agree it helps head off so many issues because you know, I'll be focused on the code. The other two guys that I work with every day are paying attention, and they'll call stuff out, Hey, why are we doing this? Why are we doing it that way?
What about this? What about the other thing? And I do the same thing for them, and we just turn out way better code, you know, from the maintainability, from the reliability, from the performance, from pretty much any measurement you have for code. We just do, you know, And so they they make my code look better what I commit, and you know, all around vice versa. We do most of that over Microsoft Teams. I will not tell you how much I dislike Microsoft Teams, but it works. We
also use poll requests on GitHub. That's our primary way of doing that, and so all the feedback goes into the pole request and then when it gets merged, then you know, it's all still in GitHub if we ever have to go back and look at it. We don't have any real in house tools, and we don't track how long they sit in pole requests because honestly, it's abnormal for a pole request within our organization because we actually review code from the other projects that we're not
working on. Within the organization, we everybody reviews everybody's stuff, and so if you don't understand what's going on, in the other project.
That's fine.
You just ask, right, but you have to stay on top of your review, So if they answer, you have to be on top of it because you don't want to hold them up either. But yeah, that works pretty well for us. It'd be abnormal if anything stated in the queue for longer than a day for us, so that that hasn't been an issue for us. But yeah, those are the same tools we're using. I will also not tell you how much I dislike I mean hate, I mean completely hate despised Era. But we used zero
as well. So yeah, you know a lot of the same approach. But I think we're also you're working for a fairly large company. I'm working for a large enterprise. I'm deliberately not saying where I work, but I work for a fairly large enterprise company here in the US.
Yeah, I'm one of the you mentioned teams that one of the one of the things that we found when going through this process thinking about code reviews was I think some of this, probably myself included that I was guilty of this at one point, was thinking that a code review and a pull request are the same thing, and the way you do code reviews is you write
comments on a pull request. And when we started to talk about code reviews and think about how we could do them, we realized there's so many other ways of doing code reviews. You know, the idea of code reviews long predates GitHub obviously, and often adding comments to a poor request on GitHub is the least efficient way of doing.
A code review.
You know, it can be very powerful, particularly where you've got distributed teams, as we've already said, people remote working people in different time zones. It can be very efficient
if you need that asynchronous communication. But there are you know, there are situations where the most efficient way of doing a code review would be to get on a team's call or a zoom call or something else with the other person, the author if you're the reviewer, and talk through their changes and try and understand their reasoning, the
thinking behind the change they made, talk about alternatives. Yes, you might want to then think about summarizing the results of those conversations in some forms so it can be persisted to the poor request or some other forms so that other people can can you know, see the outcome
of that discussion. But one of the things we try to encourage our engineers to do is if you're having a conversation with somebody on a pull request and you're getting a comment and sort of back and forth comment report, comment reply, that's usually a sign okay, maybe this would benefit from a call. Maybe we should talk about this face to face, because it's just, you know, it's just not the most efficient way of two people explaining their thinking.
You know, getting on a call is often going to save time and save misunderstandings as well.
Man, that sounds like work.
Sorry, I I it's I'm I'm being a little bit tongue in cheek. But the reality is is that that's kind of, at least for us, our default behavior. But I don't think anybody's like formalized that as something that hey, if you're having back and forth, get on a call, which I think would be helpful for us to do, right, because sometimes it does turn into a lengthy back and forth and we should at some point just pull the cord, get on a call, and make.
It d Yeah.
So this is this is I think that some developers do that kind of thing instinctively a lot of the time. It would come down to your experiences, maybe code reviews, you've you've worked on that have gone well or gone less well, or maybe even aspects of your personality type, you know, how you prefer to communicate. Some people will instinctively, you know, if they're in an office, go over and talk to the author of the code, or they will
pick up the phone and talk to somebody. Other people because of the way they work, because of their communication preferences, would rather just write a long description of their thoughts on a pull request. So what we wanted to do through this, through writing this guide to code reviews, was to sort of at least give people the opportunities to think about the alternatives and why there might sometimes be
better ways of communicating. So you know, we don't insist upon everybody going on a call all the time to discuss poor requests. It's sometimes it's just not practical, but it should always be there as a you know, as a kind of something that people can say, Okay, look, I think this might be a good idea. It's something we probably want to consider, and at least people are aware of the options.
That makes sense.
I'm kind of curious going back to earlier in our conversation, you know, and we talked about different areas that you call out or different questions that you tell people they can ask in a code review. What areas do you specifically give people that they can think about or call out in a code review?
So I suppose the starting point, you know, I've spoken quite a bit about how we thought communication was really important. Some of the ideas that we kind of suggest in our guide is asking people to We've already spoken about it a little bit, to seek clarification. If there's things that don't seem completely obvious on the change, asking the
author to clarify them. Sometimes we find that when people seek that clarification, the author might say actually, or you know, in a conversation talking about it, you might say, well, okay, if you're asking that question, then somebody else is going to think this in the future as well. So is there a documentation need here? Is the code readable enough? Do we need to put something? You know, kind of do we have to have some additional documentation or explanations
make it easier to understand? So, yeah, getting clarification is an important first one. And then I mean everything really kind of is all about asking questions. So you know, the cliche about there being no stupid questions. We try and kind of spell that out in our guide to code reviews. We really want people to ask questions on the assumption that if you're thinking it, if you're going to ask the questions, somebody else is probably thinking it too.
Somebody else is at least wondering the same thing. And as I already said, we try and encourage developers to think about things like non functional requirements quite often, things that might have been missed during the initial requirements analysis or during the implementation. You know, have we thought about performance on this? Are we load testing this? Have we
updated documentation? Is their missing test coverage? You know, a lot of these things that can be very easily even if we have the most perfect engineering process from start to when things can get missed. And sometimes asking those questions, even if the answer is just yes, we've already anticipated all of those things, it's useful to have somebody checking
those questions. And yeah, I mean that those are kind of those are the main areas really, and we do kind of try and encourage people to if they're adding comments on THEO pull requests to sort of offer links and examples as well. So if you're going to sort of say, you know, there's a better way of doing this, or there's an alternative approach to doing this, or there's a more I don't know, idiomatic way of doing this
in this particular language. You know, it really helps it to sort of give a bit more context than that, either to give an example to link to some relevant documentation or a blog post that explains the technique in more detail, and it really kind of gives the author or the person reading the comments of the opportunity to do a bit of research and read up and understand what it is that you're saying and save some of that kind of time with back and forth explanations.
Something we asked about a lot in the DevOps world is the kind of the shift left philosophy around things like bringing security to the forefront of design before you actually even start implementing that location or even infrastructure, right like understanding how the application is going to be deployed
and designing around that during the initial phases. And some of the things that you said kind of brought that to mind as far as pull requests go, where it's like instead of kind of pushing all of the review and the collaboration to the end, you know, kind of the swarm programming approach and things like that seem like it could kind of be used in a similar manner to actually bring some of the review process to the beginning of the design rather than waiting until something's already
implemented in order.
To do that.
Is that part of kind of what you guys have done.
Do you feel like you've brought maybe some of the code review process into the design and made it more collaborative or had you thought about that aspect.
Of it at all.
I think that is a real opportunity, like and that is something that you know, we're quite excited about being able to do more of. I don't want to say that we've we've kind of necessarily completely solved that problem or we found a way of anticipating all of those issues,
you know, ahead of time. My hope is that by improving our code view process and gradually pushing, as you say, more of this thinking earlier on in the process, it will gradually become more ingrained in the way we work, and we can and we can we can get better
at anticipating those things earlier on. But yeah, I mean, I think from my point of view, the truth is that some of those things will will still get missed, and we need the code of view stage to sort of really just double check that we've we've not neglected any of those areas.
Yeah, I think I guess my thinking of that is definitely not to preempt the code review, because, like you said, that is kind of the last stage, and it's I think it's important regardless. I think it's just more around, you know, kind of increasing that collaboration early on, particularly
in a remote context. What I've seen in some teams is developers will kind of get lost in whatever they're doing and they'll forget to communicate because, you know, communications, it doesn't come naturally at all developers, right might be a stereotype or personality type, but it is what it is.
And so I think having that kind of sharing.
And communication built in earlier on can help with the types of situations where a developer works on something, implements something, and then maybe it's very technically clever, but during the review phase we find out that, oh, actually it doesn't quite do what it needs to do, and or those kind of things.
So I think there's there's an opportunity there.
To move some of that to the forefront as well, and just to work better in a remote context.
Yeah, I think you're absolutely right kind of.
And one of the ways that we one of the ways I think this affectsed US sometimes was we noticed when a certain code review had maybe been more taxing or more time consuming that it might than it might have been expected to be, or or that issues were only found out at the code review stage, which were, for example, quite significant architectural issues, things that should have been anticipated much earlier on, and we wanted to try and use use those insights that we got from the
code of view process to try and improve the earlier stages further left than our process for the for the next iteration. So when we have team retrospectives and things like that, we'll often try and talk about code reviews that were difficult or issues that only came out and code reviewed that really could have been discussed or you know, would have benefited from more communication or more collaboration earlier
on in the process. And I think that is actually quite a helpful technique, because sometimes I think there's a temptation you think, right, the code reviews finished, let's ship the code, let's forget about it and move on, And often you can actually look at the code of view and say, you know what, what have we learned from this that we could have, what insights we take away from this that we could actually apply earlier on in the development process next time we go through this cycle.
I really love that being because I think what you're what you're.
Describing is you know, a continuous improvement, which is a huge part of the DevOps philosophy. And b you're describing a feedback where you're doing something and then take the data you've gleaned from that process and improving your process as you go. So I think that's really that's really fantastic, and you know, I can really see how that ties into kind of the overall develops philosophy.
So one thing that I'm wondering about because you talked about, you know, sometimes the review process might take longer than it should have, or that you might have wanted it to and things like that, and that made me think, and it's a question that you actually, you know, put up that might be a good when to ask. And I'm kind of curious, I mean, are there downsides to a code review process or or maybe downsides to a
bad code review process? Maybe that's a better question. I don't know, are there are there reasons that you wouldn't want to do this or ways to avoid problems while you're trying to do this.
I think for us, the real goal was to we knew that code reviews were something we wanted to do, and we had this attachment to doing them, but we wanted to be able to clearly explain to ourselves and to the non engineering parts of the organization why could views exist and what they're for, and have a better
understanding of what they're for. So I think that's a useful exercise because you know, in the past we had a situation where, you know, maybe something would take quite a long time to get through a code review, and product managers or product owners might say, well, what's happening?
Why you know what's happening in this code view process? Why are we doing it?
And hopefully what we have now is it is a better set of answers for that and more of a shared understanding. The downsides, I think I can't see any downsides really about kind of reflecting on code reviews. I think I think reflecting on every stage in your development process at some point is going to give you some you know in that in that same spirit of continuous improvement is going to give you the opportunity to do things better or work smarter, or avoid pitfalls in the future.
So I think reflecting on the process is a for us has been a really powerful way of of kind of getting more understanding of our process. But you know, code of views a it can be really complicated and difficult, and things do still go wrong. You know that there are situations where code views don't go as as we'd like, but it's something that we're constantly trying to work on. We didn't want this to be a thing where we just write a document about code reviews and then said, Okay,
we're done, We've solved the problem of code views. We're going to move on. We wanted it to be something that we could keep on building on. We put it in our one of our open source repos so that it's kind of it's fronts and center that people outside the organization can see it, and we keep on iterating on it and adding to it and changing it as we get more, as we learn more about what works
for us or what doesn't work for us. You know, anybody can do a poor request against it and say, hey, this technique really worked for me in when I was learning to do code reviews, and then it becomes something that can benefit other people in the future.
So I guess kind of a follow on to that then is let's say that we've got a devaps team out there, right, and they've got you know, a set of tools and processes and people that use them and people that rely on them. Right, And some of this is codified in code, right, you know, be it Bash scripts or you know we talked about chef or I mean whatever, right, and some of it may be codified in just you know, a process that people follow for stuff.
Right.
I could see a code review being just as useful for that, right, But you know, whatever it is. Let's say that they're listening to this and they're going, you know, this is a really good idea. We should definitely have people looking over you know, what we're putting down as the way that we get this work done, right, be it you know, formal programming code or you know scripts or whatever, or yeah, even just you know, hey, do this,
then do this, do and do this and do this. Right, How should they start implementing that if they haven't been doing that today.
Well, I mean, the first thing to say is there's lots of great resources out there already, So it's not that the article that I wrote is kind of summarizing a process that we went through to think about code of views. But there's a lot lot of great advice online about code reviews, and if you google code review best practices and guidelines, there's loads of loads of articles out there, and I linked to a couple of them in the article. Some teams might find that the information
in those resources is a good fit for them. So you might read I think it's gaily as post which was a big inspiration for me about code reviews, and you might say, well, that's actually a perfect description of high I want my code reviews in my team to work. So we're just going to say this is our process,
We're just going to follow this. For us, it was a little bit different because we felt that we had there was lots of specifics about how we worked in our organization, our specific technical stack, how our continuous integration, because the r delivery process has worked, how we used githubs specifically in our teams. We wanted to have something that was a bit more tailored to our process. So I would say decide if any of the existing online resources is a good fit for you.
If it is, great, use it.
If not, then you might want to go through the process that we went through and actually come up with a guide yourself. But you know that a lot of this information is not and these and these pieces of advice is not brand new. You know, it's kind of it's it's it's wisdom that's kind of been going around
for a few years. So it's a question of picking out the things that make the most sense to you and are most relevant to you, know, your team, the structure of your organization, the technology you're working on, and then have somewhere for developers to find that information so you know and get help. You can obviously have pull request ten plates you link to a document with these guidelines and bits of advice that you want them to follow.
And I think the other part of it is, as I said, just to just to keep on reviewing that process and reflecting on it in the future. You know, if you see how it goes and try it for a few sprints, or try it for a few months, and then have a look at the process again, see if it's working and see if it needs any changes. The other thing I would say is one thing that really helped us was about in terms of reducing the burden of code reviews was to try and automate anything that you can.
So I know, one code.
Base that I worked on for a little while, a lot of the pull requests would we would have a lot of comments where people were just changing bits of white space or semicolons or minor formatting issues, which we're all completely valid, but you know, robots are much better
at those kind of code reviews. You know, if you've got linting tools available for whichever your whichever technical environment you're using, use those instead, you know, apply automatic formatting, to use automation so that when people are doing code views they can focus on the stuff that really matters. So yeah, and also, as we already said, I think pairing and mob programming can be a really good way of making code of views less difficult.
Is your guide to code reviews? Is that public or is there any plan to make it public?
I think a lot of people would be very interested, especially in an organization as large as the BBC AD as well respected as the CBC and understanding you know kind of how you guys do it and actually seeing maybe maybe the full the poor guide if that's something you guys are thinking about releasing or already have.
Sure, Yeah, it's actually already Sorry, go ahead.
I was going to say, I want to pile one because you brought up linting a minute ago. And we do that, right, We pull in the linking setup from some other company, right that they published, and then we say we're going to use their linking strategy, accept this and this and this, and yeah, I'd love to get the BB season and say.
That doesn't apply, that doesn't apply.
We're going to add this, this, this doesn't quite work for us, but something similar and yeah, and then I spend half the time putting it together and I look really smart.
Yeah, we all have a bunch of those. We have a bunch of those as well.
You know, other other company style guides that we've we've we've followed and incorporated into the way that we work. And I think you know that's that's the great thing about open source collaboration is you can reuse work that other people have done. A code of view process is obviously harder to you know, run automatically than a Linter. But the guide that we wrote is publicly accessible. I can, I can share the link with you and your listeners,
and it's out there. It's in one of our open source repos because the project that we developed it for is an open source project itself, so we wanted to put it in the read may say, look, this is how we do code reviews. If you're going to submit a poor request to this project, this is what you can expect is how we're going to approach our code reviews.
So yeah, it's.
Already out there, and we'd really welcome people's comments on it, pull requests on it, and just get more feedback from and if people find it useful in their organizations and they want to just link to it and say, hey, this is the approach we're following, then we'd love to hear about it.
Yeah, that'd be great if you put it in the chat in zoom, then we can add it to the show notes.
Any other questions you guys before we got to picks.
Nothing on my side, anything we forgot to bring up that you wanted to talk about.
James, No, nothing from me. I think yeah, we've covered.
Everything, all right, Well, let's go ahead and dive into picks then. Now, James, I don't know if you've listened to the show, but picks are is the segment at the end of the show where we talk about stuff that we like. So it's just anything that we really want to shout out about. I'll let Jeffery go first since he's kind of a little more experienced of this. Then we'll have Caleb go and then I'll throw out some picks and then we'll let you share what you want to shout out about.
Well, so I'll you know, talking about just pick I've got for this week. Is an interesting trying to leave called it.
It's really a learning platform called Learnistic, and it is a I mean, this is where there's a field full of all these different platforms for building like whether it's like actual formal courses you're trying to provide or just you know, sort of video.
Or audio content.
Right, there's a lot of different ways to do this, but I found that Learnistic has a really interesting platform where what you're trying to do is get your content out there to your audience's mobile app, you know, mobile devices through a mobile app. They are doing it, so you can basically create a custom app for you know, your company, or your podcast or whatever is that you do. It goes under it sort of bundled under the Learnistic app, but it's it becomes a separate app underneath that.
So it's sort of interesting.
And they give you a lot of control as a content developer to publish what content you want for each individual user. So what shows up for eachooser is going to be a little bit different based on you know, how they have their access control set up. So it's a really interesting and what they're doing for you is basically taking care of all of the sort of bits and pieces that make all that work. So it's it
really is a pretty robust platform. I'm starting to look at it, starting to use it for just in my practic how I provide content. Sometimes it is course courses that are customed for specific clients. Sometimes it's just you know, sort of you know, content that I just want to provide to either you know, all my sort of audience
and prospects and clients and you know, just everyone. And it's a really like I said, what I've done so far is it's really cool way, really efficient way and cost efficient as well, just to get your content out there to the folks that.
You want to get into.
So yeah, it's well, they're doing something interesting that's a little bit different from all of the other like learning platforms that exist.
Nice.
Now I want to go check it out. Yeah, I've been using Teacha ball. I'm pretty happy with it. But yeah, I'm always on the lookout for something new that might give me a little bit of an edge on yeah, just getting people what I want to give them. So anyway, Caleb, what are your picks?
Yeah, so my pick for the week is a tool called Harness. You can find it at harness dot io. It's a pretty established player in the devop space. I've used it before, but recently I was kind of looking at how in a new organization, how we can get things like Canary deployments going blue green deployments.
How do we manage you know, if.
We need to deploy interdependent services together, how do we track that, you know those kind of things. And so I was able to go through a demo the tool recently and start looking at implementing it again, and it just kind of brought it back the top of mind for me and a it is actually better than it ever was.
So when I use it a few years ago. It was good.
It's gotten even better, and I think that's something that a lot of teams are missing as kind of a developer self service platform for handling. You know, how do we deploy to these different platforms, how do we kind of track that, get visibility across the organization, how do we kind of implement standard workflows and things like that. So this is a really really interesting tool does what it does really well.
It's a little more on the enterprise.
Side of the DevOps sort of tooling space, so probably not for tiny startups, but if you are at the point where you're scaling and you're running into issues like standardizing deployments, trying to scale ups and let developers kind of self service deployments and define their own workflows and those kind of things, it's very worth looking into.
Awesome.
I'm going to jump in here with a few picks, just making sure I'm not muted. I'm going to jump in with a few picks, so I do want to
shout out about dev Influencers. I'm not going to go into too many more details than I went into at the beginning, but you can get the podcast at dev Influencers dot com a's Dev Influencers with an s dot com slash podcast, you can also apply for the Accelerator Dev Influencers dot Com Slash A reply and I've been helping people get their podcasts started and build an audience so that they can build a career.
In the future that they want. And I'm I'm really really enjoying it.
I just I did not realize how much fun helping people like coaching direct coaching is and I just I love, love, love love doing it. So and I've been recording videos and putting them up on teachable So that's that's where the teachable mention comes in a few other picks. So I don't know how things are in other parts of the US, but here in Utah things are pretty much
opening up. The mask mandate lifts for everything except schools, and I guess certain spaces with certain numbers of people where you can't social distance, But for everywhere else, the mass bandate lifts. In like three days, my wife and I actually went on a date and we went out to a movie. We were like two of the four people in the movie theater watching the movie, but we really really enjoyed it.
It was called the Career.
Has Bennetett Cover Badge in it.
It's a spy movie.
Now, before you get all excited like James Bond, No, in fact, I have to tell this story because it's pretty funny. So my wife and I we were walking out of the theater. I was waiting for her outside the restroom, and the girls who were sitting in like three rows behind us were walking out and one of them goes, did you like it? And the other one goes, yeah, it was okay, And she goes did you like it? And the other girl goes, yeah, well it was okay. But I was kind of expecting more of a James
Bond movie. And I'm sitting there thinking to myself, you didn't watch the trailer, did you? Because the trailer it's very obvious it's a Cold War spy based on a true story kind of thing, right, and so it's going to be about tradecraft. It's not going to be about somebody jumping through windows and shooting guns. Sorry, but I really enjoy some of the historical contexts that some of these films have brought up.
Yeah.
I know they take some license right to make the film more interesting, but you know, generally I find that mostly they stick to the facts on most of these films.
You just don't have to go check. Right.
But this guy, he was a salesman in Great Britain, and the British were still allowed to do business with the USSR in the sixties, and so he opened up accounts and was selling machine parts to the Soviets in Moscow in the nineteen sixties, and six recruited him on behalf of the US to carry intelligence back. And so this official in the USSR winds up becoming a trader to the USA and he's feeding them all this information and some of it like you see it and you're like,
that's how they knew about that. Oh, that's how they knew about this. So it was really really fascinating. But yeah, so he would just pass it off and this guy would just take it away, and I never knew what was in a lot of it, right, And anyway, it's a terrific film, and it's really fascinating because you're spending the whole times that they're going is he gonna get caught? And yeah, anyway, I'm not gonna spoil the end of it. I have no spoilers policy. If it's been out less
than a year. In this movie has been out less than a year, so go watch it. It's terrific. He does such a terrific job too, because you kind of see him in a lot of these other movies as kind of this svelt kind of action figure, and you know, he's been a at coub badge and so he's he's in shape, but he definitely pulls off playing the kind of normal, friendly, jovial salesman guy who you know isn't the action figure that's going to go in save the Day.
So I loved it, absolutely loved it. And so yeah, that's the courier if you're out looking for a movie to go watch.
James, what are your picks?
Okay, so my pick is about diagrams. I've been thinking a lot about diagrams recently, and a large part of my work at the moment is trying to make sure we've got architectural diagrams for some of the projects we're working on.
So my pick is, well, it's not new.
In fact, it's really old, and I'm sure a lot of people are already aware of it.
But there's a particular.
Website that I found recently, So plant mL is a tool that you can use to generate diagrams. Some people may already be aware of it. I only discovered it fairly recently, but I found a website called real World plant mL, and it gives some examples that make it much easier to see some of the things that's possible
to do with plant mL. For those who are thinking, oh, I don't want to do UML diagrams, it actually generates lots of different types of diagrams, not just UML diagrams, and we're using it quite a bit of my work for creating threat models for some of our services. One of the benefits of you plant YOUML rather than another diagramming tool is that you actually write the diagram in a textual format and then it generates the graphics from that for you, which means you can keep the source
of the diagram in version control. People can do pull requests against it and that kind of thing. Anyway, this website, real World plan YOUML, is really helpful because the syntax can sometimes be a little bit forbidding if you're not used to it, and it shows you some examples of what can be achieved with it and how you can achieve it. So that's been I've been copying quite a few things from that recently just to help with making my diagrams.
Awesome, very cool.
All right, well, before we wrap up, I'm assuming that people can find you online. Looks like you published a medium, so if you want to let people know where you do that, and then if you're on GitHub and Twitter and places like that, if you can let people know where you are there too, that would be great.
Sure.
Yes, So my username on Medium on Twitter is well my name without the ue at the end, so it's James Donald jam s d O n oh and the same one get hub as well, so you can find me that same on Twitter.
Cool. Well, thanks for coming, This was fun, Thanks for having me. It's been great. All right.
Well we'll go ahead and wrap up here and until next time, folks, max out.