Your SlideShare is downloading. ×
Optimizing for change: Taking risks safely & e-commerce
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Optimizing for change: Taking risks safely & e-commerce

2,665

Published on

now with working fonts

now with working fonts

0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,665
On Slideshare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
10
Comments
0
Likes
6
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Optimizing for change: Taking risks safely & e-commerce Kellan Elliott-McCrea @kellan CTO, EtsyMonday, October 8, 12
  • 2. Monday, October 8, 12
  • 3. Launched June 18, 2005 in Brooklyn 875,000 monthly active sellers 33.5MM items for sale $525MM in sales in 2011 1.43B page views, in Aug 102 engineers 74 releases, yesterdayMonday, October 8, 12
  • 4. Take more risks. Build a better software. Have more fun.Monday, October 8, 12
  • 5. “Sure that works when you’re building social software but what about a real business with $$$ involved?” - everybody alwaysMonday, October 8, 12
  • 6. Continuous Deployment: small changes, pushed frequentlyMonday, October 8, 12
  • 7. you can’t avoid making mistakes you can avoid making BIG mistakesMonday, October 8, 12
  • 8. What are you optimizing for? MTTR MTBFMonday, October 8, 12
  • 9. MTTR MTBFMonday, October 8, 12
  • 10. 4 core techniques: 1. Put a Button On It 2. Branch in Code 3. Trunk is Always Deployable 4. Dark/Incremental LaunchesMonday, October 8, 12
  • 11. Put a Button On It.Monday, October 8, 12
  • 12. Branch in code: use features flags 4 core techniques: if ($cfg[‘awesome_new_search’]) { # new hotness $rsp = do_solr(); } else { # boring old stuff $rsp = do_grep(); }Monday, October 8, 12
  • 13. Branch in code: use features flags 4 core techniques: for free you get: 1% launches admin only launches dark launches split testsMonday, October 8, 12
  • 14. any engineer can launch an experiment to 1% of users 57 experiments live right nowMonday, October 8, 12
  • 15. Metrics driven development measure everything! feedback loops!Monday, October 8, 12
  • 16. Engineers love to measure make it ridiculously easyMonday, October 8, 12
  • 17. Metrics driven development StatsD::timing("page.render", $msec);Monday, October 8, 12
  • 18. Metrics driven developmentMonday, October 8, 12
  • 19. Metrics aren’t optional a feature isn’t done without metricsMonday, October 8, 12
  • 20. Make metrics visible remove the passwordsMonday, October 8, 12
  • 21. Some tools: Graphite, Ganglia, Logster*, StatsD*, event beacons, log files, EMR, Vertica, SplunkMonday, October 8, 12
  • 22. Getting started? Use StatsD StatsD @ Instagram, Pinterest, Github, Mozilla, LAN.com, Zynga, Kickstarter, LivingSocial and 70+ other companiesMonday, October 8, 12
  • 23. Step 1: your 5 core metrics: @ Etsy: sign ups, logins, checkout, new listings, posts in the bugs forumsMonday, October 8, 12
  • 24. Who watches the graphs?Monday, October 8, 12
  • 25. Automate your analysis USE COMPUTERS!Monday, October 8, 12
  • 26. Automate your analysis holtWintersConfidence(Upper|Lower)Monday, October 8, 12
  • 27. Automate your analysis continuous integration: unit tests, coding standards, static analysis, risky code pathsMonday, October 8, 12
  • 28. Make effective security easy by default Make insecure patterns “grep-able”Monday, October 8, 12
  • 29. Actively monitor for attacks. Spikes in 500s and failed logins are your first clue.Monday, October 8, 12
  • 30. “I discovered the vuln late Friday afternoon and wasnt quite ready to email it to them. Saturday morning, I confirmed the hole was still there and fixed a few bugs with my demo. I had my girlfriend test it from her house. It didnt work for her. I tested again and it had stopped working for me. Sure enough, it was now properly sanitized and had the correct JSON MIME type. The following Monday I received a response thanking me for reporting it, and telling me I was right. “Monday, October 8, 12
  • 31. Treat independent security researches with respect.Monday, October 8, 12
  • 32. “Culture eats strategy for breakfast”* (*possibly apocryphal)Monday, October 8, 12
  • 33. Thank you!Monday, October 8, 12

×