Bryan Kennedy

Ideate, Innovate, Launch

Page 2

The mathematics of team productivity

When it comes to growing the productivity of a software engineering team, I believe there are four basic types of engineers: Adders, Subtracters, Multipliers, and Dividers. I find this framework helpful during hiring as well as determining when to let someone go.

Adders are your standard, talented engineers. They learn and grow over time, striving to improve themselves and their code. They add to your team’s productivity by being team players and strivers of excellence.

Subtracters are your below average performers. They complete what is assigned to them, and perhaps even do good work from time to time, but they subtract from the overall productivity of the team. Subtracters write code that must be refactored later, don’t stay current, and generally aren’t passionate about software development. Subtracters can become adders given time and a culture of code reviews or pairing, but you

Continue reading →

I break stuff all the time

Continuous integration as a development practice already feels pretty magical. Imagine writing code and then deploying it to production in one seamless step, all the while knowing that your tests have run and your application is good to go. Until recently, continuous integration was one of those dev tool nice-to-haves that we hadn’t quite found time to implement.

That day changed when we came across CircleCI: Running tests is no longer a chore to remember to do and wait for before every merge to master - it’s just something that happens in the course of committing new code to your branch. We’ve only been using them for six months now and it has quickly become one of the tools we rely on daily.

CircleCI will run your tests (which have 100% code coverage like ours do, right? ;-) ) whenever you push a new commit and email you if you break something. Honestly, how many times have you

Continue reading →

My First 5 Minutes On A Server; Or, Essential Security for Linux Servers

Server security doesn’t need to be complicated. My security philosophy is simple: adopt principles that will protect you from the most frequent attack vectors, while keeping administration efficient enough that you won’t develop “security cruft”. If you use your first 5 minutes on a server wisely, I believe you can do that.

Any seasoned sysadmin can tell you that as you grow and add more servers & developers, user administration inevitably becomes a burden. Maintaining conventional access grants in the environment of a fast growing startup is an uphill battle - you’re bound to end up with stale passwords, abandoned intern accounts, and a myriad of “I have sudo access to Server A, but not Server B” issues. There are account sync tools to help mitigate this pain, but IMHO the incremental benefit isn’t worth the time nor the security downsides. Simplicity is the heart of good security.

Continue reading →

A user is stealing from us right now and I don’t mind

As I write this, some guy in Florida is using stolen credit cards to successfully steal tens of thousands of dollars of products from us. Or at least, that’s what he thinks he’s doing.

When someone steals, buys, or generates a credit card number with the intention of committing purchase fraud, the typical first step is determining if the card is valid. A stolen number runs the risk of being cancelled at any moment, and nothing stops a promising career in white collar crime in its tracks quite like a decline in the Walmart checkout aisle with $5000 of merchandise in the cart.

The preferred method then is to run a small online transaction on each stolen card. Once you’ve found a valid card number, you re-magnitize a card and the shopping spree begins! This is why if you’ve ever had your card stolen, you’ll almost always see a smaller test transaction at an online retailer before the

Continue reading →

Setting up MySQL replication without the downtime

I clearly don’t need to expound on the benefits of master-slave replication for your MySQL database. It’s simply a good idea; one nicety I looked forward to was the ability to run backups from the slave without impacting the performance of our production database. But the benefits abound.

Most tutorials on master-slave replication use a read lock to accomplish a consistent copy during initial setup. Barbaric! With our users sending thousands of cards and gifts at all hours of the night, I wanted to find a way to accomplish the migration without any downtime.

@pQd via ServerFault suggests enabling bin-logging and taking a non-locking dump with the binlog position included. In effect, you’re creating a copy of the db marked with a timestamp, which allows the slave to catch up once you’ve migrated the data over. This seems like the best way to set up a MySQL slave with no downtime, so I

Continue reading →

An inside look at the app that powers Sesame

Though Sincerely has been shipping physical goods to our users’ homes since day one, last week’s Sesame Gifts launch marks the first time we’ve done fulfillment in-house. So how does a startup go from shipping apps to shipping boxes? By building an app, of course!

From the start, we knew we wanted a Sesame gift to be more than just a brown box in the mail - that receiving one would be an experience in itself. We also knew that we’d want the same freedom to quickly iterate on new fulfillment and packaging ideas that we’d become accustomed to in software development. So we decided to do it ourselves and transform our beautiful office in downtown San Francisco into a state-of-the-art fulfilment warehouse, like this one:

Amazon's warehouse is like a huge Walmart that caters to pro shoppers

Ok, we’re not quite there yet! Tasked with setting up a fulfillment center in less than 8 weeks, our team created an internal iOS app that helps ensure orders get out

Continue reading →