Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
10X Product Development
Lessons Learned and Detailed Architectures from Building Two Serverless Applications
@joeemison
Ma...
Joe Emison @joeemison
ASSERTIONS
Product-market fit is paramount.
10X software developers do not exist.
10X product develo...
Joe Emison @joeemison
ASSERTIONS
• Spend development time on business-specific code
• Don’t make things people won’t use
•...
Joe Emison @joeemison
COMMERCIAL SEARCH
• Zillow/Trulia/Realtor.com for Commercial Real Estate
• Demo: Search, Details, Fi...
Joe Emison @joeemison
COMMERCIAL SEARCH
5
https://www.commercialsearch.com/
Netlify
- HTML
- CSS
- JS
Prerender.io
User Br...
Joe Emison @joeemison
COMMERCIAL SEARCH
• Launched in 4 months with 2 developers
• 13,307 lines of TypeScript
• 95%+ Devel...
Joe Emison @joeemison
LESSONS LEARNED / PAIN POINTS
• The Firebase dashboard has some limits with larger datasets (but API...
Joe Emison @joeemison
PROPERTY TOUR PRO
• Tour Book (PDF, mobile web) generator for commercial
real estate brokers
• Demo:...
Joe Emison @joeemison
PROPERTY TOUR PRO
9
https://www.propertytourpro.com/
DocRaptor
(PDF Generation)
User
Brower
Firebase...
Joe Emison @joeemison
LESSONS LEARNED / PAIN POINTS
• Don’t use AngularFire – triple-binding just gets too slow
• CORS (an...
Joe Emison @joeemison
WHY NOT AWS?
• AWS Serverless is about back-end processing, which we have largely outsourced
• AWS S...
Joe Emison @joeemison
SECURITY
12
• Netlify
– Read-only assets (code for client)
• Algolia
– Read-only based on API key sh...
Joe Emison @joeemison
SECURITY
13
Joe Emison @joeemison
READ MORE / CONTACT ME
InformationWeek: http://j.mp/emisonIW
Network Computing: http://j.mp/emisonNC...
Upcoming SlideShare
Loading in …5
×

Joe Emison - 10X Product Development

21,325 views

Published on

Presented at ServerlessConf NYC 2016.

In this session, Joe will describe the architectures of two serverless applications he has recently launched, PropertyTourPro.com and CommercialSearch.com, as well as talk through lessons learned during the development and deployment of both applications.

Published in: Internet

Joe Emison - 10X Product Development

  1. 1. 10X Product Development Lessons Learned and Detailed Architectures from Building Two Serverless Applications @joeemison May 2016
  2. 2. Joe Emison @joeemison ASSERTIONS Product-market fit is paramount. 10X software developers do not exist. 10X product development does. 2
  3. 3. Joe Emison @joeemison ASSERTIONS • Spend development time on business-specific code • Don’t make things people won’t use • Don’t build things you can buy (rent) • Stop regressions • Maximize iterations with customers • Big changes • Frequent deploys • Minimize dependences • Don’t make developers wait (IT Ops, DBAs, Other Devs) • Don’t make developers stop (incomplete specifications) 3 10X Product Development Pick your development processes, staffing, and stack based on the above
  4. 4. Joe Emison @joeemison COMMERCIAL SEARCH • Zillow/Trulia/Realtor.com for Commercial Real Estate • Demo: Search, Details, Find Broker, Login, Add Listing 4 https://www.commercialsearch.com/
  5. 5. Joe Emison @joeemison COMMERCIAL SEARCH 5 https://www.commercialsearch.com/ Netlify - HTML - CSS - JS Prerender.io User Browser Algolia - Full Text Search - Facet Search - Geo Search Auth Firebase ETL / Queue Servers
  6. 6. Joe Emison @joeemison COMMERCIAL SEARCH • Launched in 4 months with 2 developers • 13,307 lines of TypeScript • 95%+ Developer Efficiency (developers deliver at estimates, few regressions) • Conceptually: Microservices architecture, but we only wrote the core • If we were using ElasticSearch, we’d need a proxy middle tier between Angular and ES • If we used a more traditional way of handling images (e.g., RoR with image-handling libraries), we’d have another language and servers to support for availability (and have to update for security) • If we hosted our static assets on our own web server, we’d have those servers to support for availability (and have to update for security) 6 https://www.commercialsearch.com/
  7. 7. Joe Emison @joeemison LESSONS LEARNED / PAIN POINTS • The Firebase dashboard has some limits with larger datasets (but API works fine) • Developer learning curve from RDBMS to Firebase is non-trivial, but not insane • Cloudinary configurations are non-obvious; need to use their (very good) support • Algolia needs new dependent indices for each sort criteria/direction 7
  8. 8. Joe Emison @joeemison PROPERTY TOUR PRO • Tour Book (PDF, mobile web) generator for commercial real estate brokers • Demo: Login with LinkedIn, Add Property, View Amenities, Crop Image, Export PDF 8 https://www.propertytourpro.com/
  9. 9. Joe Emison @joeemison PROPERTY TOUR PRO 9 https://www.propertytourpro.com/ DocRaptor (PDF Generation) User Brower Firebase Auth0 Firebase Hosting - HTML - CSS - JS Auth0 Webtask (simple secure JS code runner)
  10. 10. Joe Emison @joeemison LESSONS LEARNED / PAIN POINTS • Don’t use AngularFire – triple-binding just gets too slow • CORS (and private API keys) means that you can’t hit third-party APIs directly; use Webtask • Auth0 is great, but documentation is frustrating • DocRaptor doesn’t compress PDFs/images well, so you have to do that through Cloudinary 10
  11. 11. Joe Emison @joeemison WHY NOT AWS? • AWS Serverless is about back-end processing, which we have largely outsourced • AWS Serverless is complicated: IAM + Cognito + API Gateway + Lambda • Compare: Auth0 Webtask to Lambda + API Gateway + IAM + Cognito • Compare: Firebase to Lambda + API Gateway + IAM + Cognito + DynamoDB • Compare: Firebase Queues to Lambda + API Gateway + IAM + Cognito + SQS • Serverless Framework, so many support libraries for Lambda are examples of what’s missing in the product 11
  12. 12. Joe Emison @joeemison SECURITY 12 • Netlify – Read-only assets (code for client) • Algolia – Read-only based on API key shared with client that has strict rate limits by session + IP – Authenticated users could each have own API key (but not implemented yet) • Cloudinary – Images uploaded into moderated queue (WebPurify human-driven moderation) – Retrieval of images forced through watermarking transformation • Firebase – Advanced security rules evaluated as JavaScript expressions; uses Firebase Auth – Each listing has a set of users that can edit it – User prefs only read / write by individual users – Rate limits on retrieval
  13. 13. Joe Emison @joeemison SECURITY 13
  14. 14. Joe Emison @joeemison READ MORE / CONTACT ME InformationWeek: http://j.mp/emisonIW Network Computing: http://j.mp/emisonNC The New Stack: http://j.mp/emisonTNS 14 @joeemison

×