Testing in prod, engineering balance, and thinking fast and slow!๐ก
Monday Ideas โ Edition 138
๐ Codacy Security โ security made simple for devs
Hey! This week I am happy to promote Codacy Security, which is here to make your code more secure without slowing you down.
With tools like Static Application Security Testing (SAST) to catch issues like XSS or SQL injection, and Supply Chain Security (SCA) to keep your dependencies in check, itโs got you covered.
It also finds hard-coded secrets, scans Infrastructure-as-Code (IaC) for misconfigurations, and helps with runtime vulnerabilities through Dynamic Application Security Testing (DAST).
Bonus? Pen testing services are part of the deal. Supporting 49 languages, Codacy plugs right into your workflow, making security a seamless part of your DevSecOps journey.
Back to this weekโs ideas!
1) ๐ Letโs make 2025 the year you test in production!
Testing in production has a bad reputation because many people conflate it with testing only in production โ which of course is a different thing!
Testing in prod matters because, no matter how good your staging environment is, it is never going to be exactly like prod. It is not possible to have the same concurrency, the same chaos, the same variability, because every moment in production is unique.
When I interviewed Charity Majors last year she said you may or may not have a staging environment โ thatโs up to various factors โ but you canโt not invest in good production tooling.
Counterintuitively, the right mindset, most of the times, is to invest in fixing problems faster, rather than preventing problems.
The former leads to speed, flow, and CD. The latter leads to gating, batching, and pain.
You can find the full interview with Charity below! ๐
2) โ๏ธ Balance your engineering investment
We are wrapping up the results of our survey about how teams use data to get better, and โ spoiler alert! โ one of the practices that is coming out as an absolute winner is to intentionally allocate engineering time across multiple areas.
Unless you already have a good way of doing this, I recommend starting with the Balance Framework, which helps you understand the nature of the engineering work.
Based on the framework, work is divided into two main areas:
๐ด Mandatory investments โ to support running the business (a.k.a. keeping the lights on, KTLO).
๐ข Elective investments โ anything that is up for discussion and can be prioritized.
Elective investments are further divided into three categories:
๐จ New things โ work towards your business objectives, like new products, features, or integrations.
๐ง Improving things โ improvements to existing features, including performance, reliability, and security.
โ๏ธ Productivity โ improvements to engineering productivity. This may affect operations and other departmentsโ productivity as well.
Categorizing all of your work helps you have conversations based on data rather than intuition. You can define priorities, defend them based on grounded evidence, and build a sustainable work balance.
We wrote a full piece about this, which you can find below ๐
3) ๐ง System 1 vs System 2
Two months ago I reviewed Daniel Kahnemanโs cornerstone work: Thinking, Fast and Slow โ and I still think about it often.
Kahneman's central thesis revolves around two modes of thought: System 1 and System 2. This concept is fundamental to understanding how we make decisions:
1๏ธโฃ System 1 โ is fast, intuitive, and emotional. It operates automatically and quickly, with little or no effort and no sense of voluntary control.
2๏ธโฃ System 2 โ on the other hand, is slower, more deliberative, and more logical. It allocates attention to effortful mental activities that demand it, including complex computations.
What's surprising โ and somewhat unsettling โ is how much we rely on System 1, even when we think we're being logical and methodical. We often pride ourselves on our analytical abilities (especially in engineering ๐ซ ), but Kahneman shows that we're far more inclined to do quick, intuitive judgments.
The main problem is that we donโt have a reliable way to figure out when to engage System 2 โ the analytical side โ vs. accepting the quick answer provided by System 1.
This is perfectly displayed in the famous bat and ball problem:
"A bat and ball cost $1.10. The bat costs one dollar more than the ball. How much does the ball cost?โ
Most people answer 10 cents, which is System 1 stuff. The correct answer (5 cents) would require engaging System 2, but we usually accept the quick answer because it looks good.
This reminded me of chess. During lunch I often watch Hikaru videos, where he often talks about the problem of knowing when to spend your time. Modern chess has shifted more and more towards shorter time controls (e.g. 10-minute games), which means players spend little time, on average, on every move. Whatโs interesting, especially in grandmaster games, is that players do not spend a similar amount of time on every move โ they blitz most of them (i.e. few seconds) and spend long chunks of several minutes on a few crucial ones.
Blitz moves are System 1 โ quick judgment and pattern-matching โ while the long ones are when players engage their analytical brains.
Knowing when it is worth spending more time on a move โ i.e. when to engage System 2 vs when to trust intuition โ is a crucial quality that separates outstanding players from the good ones.
Ok, but chess is time-constrained: in real life, couldnโt we deliberately skew towards System 2 most of the time? No sir, because System 2 is 1) slow, and 2) extremely costly, while System 1 is basically free.
Using System 2 quickly leads to cognitive strain, so we can rely on it sparingly.
Kahneman then goes on to explain all kinds of biases that plague our minds โ and reading about these was definitely a humbling experience.
You can find my full review below ๐
And thatโs it for today! If you are finding this newsletter valuable, consider doing any of these:
1) ๐ Subscribe to the full version โ if you arenโt already, consider becoming a paid subscriber. 1700+ engineers and managers have joined already! Learn more about the benefits of the paid plan here.
2) ๐ฃ Advertise with us โ we are always looking for great products that we can recommend to our readers. If you are interested in reaching an audience of tech executives, decision-makers, and engineers, you may want to advertise with us ๐
If you have any comments or feedback, just respond to this email!
I wish you a great week! โ๏ธ
Luca