I am an author, speaker, and loud-mouth on the design of enterprise software. I work for ThoughtWorks, a software delivery and consulting company. This site contains lots of my writing on software development, which primarily focuses on software design and agile methods. To find your way around this site, go to the intro guide.
News and Updates
My atom feed (RSS) announces any updates to this site, as well as various news about my activities and other things I think you may be interested in. I also make regular announcements via my twitter feed, which I copy to my facebook page.
Basics of Web Application Security: Bind Parameters for Database Queries
Mon 22 Feb 2016 08:50 EST
Cade and Daniel now move onto a simple but vital technique: ensuring you use parameter binding in your database queries to ensure your database doesn't suffer the ravages of Little Bobby Tables.
Final part of Feature Toggles
Mon 08 Feb 2016 09:55 EST
Pete finishes his article on feature toggles with some advice on where to place toggle points and managing the carrying cost of toggles.
Working with feature-toggled systems
Fri 05 Feb 2016 09:48 EST
Pete offers some advice on working with feature-toggled systems, including dealing the issue of how to select toggle combinations for testing.
Basics of Web Application Security: Encode HTML output
Wed 03 Feb 2016 10:01 EST
In the second part of their evolving article, Cade and Daniel describe the danger of sending malformed data to the browser, including techniques that avoid turning a Supreme Court justice into an attack vector.
Configuration of Feature Toggles
Tue 02 Feb 2016 07:50 EST
Pete now moves on to how you manage the configuration of all these feature toggles
Implementation techniques for feature toggles
Thu 28 Jan 2016 15:35 EST
Feature Toggles seem to beget rather messy Toggle Point code, and these Toggle Points also have a tendency to proliferate throughout a codebase. It's important to keep this tendency in check for any Feature Toggles in your codebase, and critically important if the toggle will be long-lived. In this installment, Pete covers a few implementation patterns and practices which help to reduce this issue.
The Basics of Web Application Security
Thu 28 Jan 2016 10:20 EST
Modern web development has many challenges. Of course, you need to write code that fulfills customer functional requirements. It needs to be fast. Further you are expected to write this code to be comprehensible and extensible.
Somewhere, way down at the bottom of the list of requirements, behind, fast, cheap, and flexible is “secure”. That is, until something goes wrong, until the system you build is compromised, then suddenly security is, and always was, the most important thing.
Specialized techniques, such as threat analysis, are increasingly recognized as essential to any serious development. But Cade Cairns and Daniel Somerfield explore how security can be significantly enhanced with some basic practices which every developer can and should be doing as a matter of course.
Continuous Integration and Delivery
For a long time I’ve been a champion of Continuous Integration which reduces integration risk by integrating early and often, an application of the principle of Frequency Reduces Difficulty. We’ve found CI to be a core technique at ThoughtWorks and use it almost all the time. At the heart of this is a style of development that minimizes long feature branches with techniques like Branch By Abstraction and Feature Toggles.
While this is useful, there was still risk present from software that works in the development environment to getting it to work in production. As a result we developed Deployment Pipelines to reduce this risk, moving closer to our aim of Continuous Delivery: building software in such a way that we confidently deploy the latest builds into production whenever there is a business need. We find this improves feedback, reduces risk, and increases the visibility of project progress.
For more information: take a look at my guide page on Continuous Delivery.
NoSQL Databases
I’ve been involved in enterprise software for two decades and while we’ve seen huge technological change during that time, the relational database has been a constant figure. Previous attempts to dethrone relational databases have failed, but some people think the new rise of NoSQL databases will finally consign relational databases to history. While I think relational databases are going to be an important part of the landscape for a long time, I do think that there is a big change coming in the database field.
I’ve been collaborating with my colleague Pramod Sadalage, on exploring and explaining this shift. For more information take a look at the nosql guide.
I discovered ThoughtWorks in 2000: then a small American company whose philosphy of software development was remarkably similar to my own. Now we’ve grown to around 2500 people world-wide, but kept the values that make us special. My colleagues have built critical systems for many clients in that time, and I’ve learned many lessons from them. While doing this, we found we often didn’t have the tools we needed, so we started to build them. This led to open-source tools such as CruiseControl, Selenium, Frank, and Moco as well as commercial products.
I have many opportunities, but I’ve stayed at ThoughtWorks because of the quality of my colleagues, who include both well-known speakers and those who may not be famous names but do an excellent job of software delivery (and feed me the information to write about). We are inspired by working with each other and our unusual three-pillar philosophy that raises professional excellence and social justice to the same level as financial performance.
And we are always looking for more great people to join our curious company. Maybe I’ll see you in one of our offices some day.
