Categories
Community Tips

Securing Your Digital Life: The Necessity of Hardware Security Key for Developers and Privacy focused Individuals

This is a blog series on Hardware Security Keys such as Yubikey. In this series, you will learn how to use a Yubikey to enhance your digital security and privacy practices, such as using it for 2-factor authentication, using Yubikey for SSH, saving PGP Keys, signing code-commits and much more. This is the first part of the blog series, where you will learn how to set up a Yubikey for U2F-based 2-factor authentication. Please suggest in the comments or on our forum if you wish to see any other guide related to Yubikey.

Introduction

Securing your online presence in an era dominated by digital interactions has become more crucial than ever. With the rising threat of cyber attacks and privacy breaches, finding reliable ways to safeguard your accounts should be a top priority for everyone, especially developers. The YubiKey is a hardware USB security key from Yubikey, which stands out as a versatile and robust solution for privacy-focused individuals. This blog post will explore why a hardware security key like YubiKey is indispensable and provide step-by-step instructions on implementing two-factor authentication (2FA) for your Github account.

Need for Hardware Security Keys

1. Physical Security:

Hardware security keys offer an extra layer of protection by introducing a physical element to the authentication process. Unlike traditional methods that rely solely on passwords, YubiKey provides a tangible key resistant to phishing attacks. The cryptographic hashes used to authenticate you to an online service are saved on your key, and since only you have possession of the device, you can log in. This also protects you from becoming a victim of a malicious or phishing website since they don’t have saved your Security keys to authenticate with.

2. Versatility:

YubiKey supports various authentication standards, including FIDO2 and U2F, which are industry standards for multi-factor authentication, making it compatible with a wide range of services and platforms. Its versatility makes it a one-stop solution for strengthening security across different online accounts.

3. Privacy Concerns:

As concerns about online privacy continue to grow, a YubiKey can help you to mitigate risks associated with password breaches. By eliminating the need for passwords altogether in some cases and providing an additional layer of security in others, YubiKey enhances overall digital privacy. Newer Yubikeys also supports Passkeys, currently the most secure ways of passwordless authentication. We will probably cover how to use a Yubikey for passkeys generation in a later blog, but you can read all about Passkeys in our previous blog here.

Setting Up YubiKey 5C for Two-Factor Authentication (2FA)

1. Choosing Services:

Begin by selecting online services that support YubiKey for 2FA. Popular platforms like Google, GitHub, and others offer seamless integration. You can check the complete list of all the online services that support U2F / Yubikey here.

2. Registering YubiKey:

Follow these steps to register YubiKey for 2FA on the chosen services we will use it for Github:

Example: Setting up YubiKey 2FA on Google

  1. Head to your Github account settings into Password and Authentication tab
  2. Under Two-factor authentication, select Security Keys as your preferred method
  3. Click Add New Security key
  4. A pop-up will appear asking you to insert your Yubikey on the USB port of your workstation.
  5. Insert the security key and touch the pad or press the button depending on your security key model

6. This should register the security key, and you can add more keys, such as a backup key, using the same steps

7. If your Yubikey supports NFC, you can also add it using a NFC Compatible mobile device

Complete steps, along with the walkthrough video can also be found here.

3. Testing the Setup:

Verify the effectiveness of your 2FA setup by logging in with your YubiKey. Experience the seamless and secure authentication process.

Tips for Developers

1. Integrating YubiKey into Development Workflow:

Developers can enhance their security practices by integrating YubiKey into their workflow. Platforms like GitHub and tools like Git also support YubiKey for secure authentication and signing your commits (more in upcoming blogs).

2. Best Practices for YubiKey Usage:

To ensure the longevity and effectiveness of your YubiKey:

  • Safely store and manage your YubiKey.
  • Consider having a backup YubiKey in case of loss or damage.

Conclusion

In conclusion, a YubiKey is not just a USB security key; it’s a powerful tool for fortifying your digital defences. By implementing two-factor authentication, you can significantly enhance your online security. Whether you’re a developer or passionate about privacy, the YubiKey is a necessary addition to your digital toolkit. Prioritise your digital security, adopt YubiKey, and enjoy a safer online experience.

Remember, in the evolving landscape of digital threats, taking proactive measures is the key to a secure and resilient online presence. Stay safe, stay secure!

Categories
Community

2023 Year-In-Review: A Year of Firsts, Community Growth and Trust Building

As we bid farewell to 2023, it’s that time of the year again where we reflect on this incredible journey we’ve had together as a developer community this year. With over 80,000+ members, our community has not just grown in numbers but has become a vibrant hub of collaboration, knowledge-sharing, and mutual support. Let’s begin with:

Community Milestones

1. Strength in Numbers

Our community is now a powerhouse with over 80,000+ members worldwide. Your enthusiasm and commitment to help other developers have been the driving force behind this phenomenal growth.

2. Global Insights

The year 2023 saw our survey reaching new heights, connecting with more than 30,000 developers across 165+ countries. The diverse perspectives shared have enriched our community with a wealth of knowledge.

By the way, the 26th Developer Nation survey is live! Unlock valuable insights – start here!

3. Developer Forum Launch

To foster collaboration and mutual support, we launched a dedicated Developer Forum. This platform has become a space where community members can connect, seek advice, and help each other grow, and we’re so excited to see the interesting conversations happening there.

developer nation forums

4. Podcast Triumphs

Our podcast journey in 2023 was spectacular in many ways. Season 1 concluded with impactful discussions featuring experienced guests. To make your podcast experience even better, we’ve launched a new landing page at https://developernation.net/podcast/ for easy access to all episodes.

developer nation broadcast

5. Content Galore

Throughout the year, we published more than 85  new informative blogs and sent out 25 resource-packed newsletters, delivering valuable insights directly to your inbox. To ensure you never miss out, we also created an archive landing page for our old newsletters, open-sourced for everyone on GitHub.

6. Giving back: Surveys, Prizes, and SoGenX

In 2023, we conducted 14 surveys, giving away prizes worth over $58,000 USD to 89 winners. As a testament to our commitment to open collaboration, we also created and hosted the social link-sharing utility app, SoGenX, available at: https://linkgen.developernation.net/ which is used by our team during the survey period.

twitter winner
developer nation swag twitter

7. Bringing  Enterprise Developers on the spotlight

Our Enterprise Developer Interview series shed light on the work of enterprise developers, offering a unique glimpse into their world as first hand experience. Checkout the blog at: https://developernation.net/blog/meet-the-enterprise-developers-interview-series-1-investment-sector

8. Educational Blog Series

We delved into Docker, Linux, and initiated a series on Hardware Security Keys usage. Our commitment to providing valuable content for your professional growth remains unwavering.

9. Developer Nation Writers Club

Recognizing the stars among us, we launched the exclusive Developer Nation Writers Club. This club acknowledges and supports our outstanding blog contributors. If you want to write for Developer Nation, do reach out to me or checkout: https://forum.developernation.net/t/write-for-developer-nation-blog/352

10. Pulse Report Discussions and Video Episodes

Engaging with you in real-time discussions was among our priorities for 2023. A great example was a discussion around the findings of the Pulse Report which was made available on YouTube Checkout the recording here

Additionally, we ventured into the visual realm by launching video versions of four podcast episodes. The entire video podcast playlist can be accessed here.

developer nation pulse report q1 2023

11. Year-End Fun: Meme Competition and Virtual Meetup

To cap off the year, we added a touch of humour with the End-of-Year Meme Competition. Congratulations to the winners, and thanks to all who participated! We also organised our very first virtual community meetup, providing an enjoyable space for everyone to connect. You can get a taste of what happened in the meetup here.

Looking Ahead to 2024

1. Exciting Podcast Developments

Get ready for more captivating content as we gear up for Season 2 of our podcast. The journey continues with more insightful discussions, industry trends, and expert guests.

2. Expanding Video Content

Our commitment to visual content grows stronger as we plan to publish more video episodes of our podcast. Expect an immersive and engaging experience to enhance your learning.

3. Ambassador Program Launch

In 2024, we’re thrilled to plan and introduce our new Ambassador Program, designed to recognize and empower our active community members. Your contributions will now have an even more significant impact.

4. More Community Meetups

We’ve seen your feedback and it’s incredible that you loved our meet-up and want us to do it more often. Building on that success, we’re excited to announce that more community meetups are on the horizon. These events provide a space for learning, networking, and fostering connections. Newsletter is the best source to stay updated on the next one.

Closing Thoughts

As we step into 2024, our commitment remains steadfast—to bring you more valuable content, foster collaboration, and help each member of our community level up their programming game and make smarter career decisions. Thank you for being an integral part of our incredible journey. Here’s to another year of growth, learning, and success!

Stay tuned, stay connected, and let’s make 2024 an even more remarkable year together!

@iAyanPahwa

Developer Nation Community

Categories
Community

Podcast #4 – Designing APIs means adding value to the Digital Chain

In this captivating Developer Nation Podcast episode, host Ayan engages in a comfortable and insightful conversation with Darshan, the founder and CEO of API Wiz. Darshan shares his 15-year journey in the software development industry, touching on experiences with diverse technologies and industries. The genesis of API Wiz emerges from Darshan’s realisation of significant gaps in API management within the developer ecosystem.

APIWiz, developed over four years, aims to revolutionise API management by addressing technical debt and the maturity and collaboration challenges enterprises face. Darshan emphasises the importance of a platform approach, likening it to an integrated assembly line for building cars. The platform, API Wiz, manages the entire API lifecycle, offering enterprises the flexibility to choose their preferred gateway.

Darshan recounts the challenges faced during the inception of APIWiz, including the need to overcome tool sprawl and foster collaboration across departments. The platform’s recent launch, APIWiz 2.0, and the introduction of Astrum for the developer community are highlighted. Astrum allows developers to use the platform for free, demonstrating APIWiz’s commitment to enabling more with less.

Throughout the episode, Darshan’s passion for solving customer-centric and developer-centric problems shines through, making this podcast a must-listen for developers, DevOps practitioners, and anyone interested in the dynamic world of API management. Tune in to gain valuable insights, learn from Darshan’s experiences, and discover the transformative impact of APIWiz in the evolving landscape of software development. Don’t miss out – hit that listen button now!

Listen to other episodes at : https://developernation.net/podcast/

Please share your feedbacks about this episode or the entire podcast in general in our forum thread here.

Categories
Community

Developer Nation Techie Treats: The Ultimate Holiday Gift Guide for Developers – 2023

‘Tis the season to celebrate people in your life with the perfect holiday gifts, and if they happen to be coding wizards, hardware enthusiasts, or coffee aficionados, We at Developer Nation are here again with our most curated list of 10 must-have items that will make the eyes of Developers in your life light up. Read on for our top picks and discover the ideal presents for the tech-savvy minds who make the digital world go around. 

Before we get started, let me quickly tell you about our Emerging Technologies Developer Survey in which you can participate and win some of the gifts mentioned here and more.

1. Desk Mat: This doesn’t need any explaining but is a must-have for every Developer Desk.

camera, macbook, iphone

2. GaN Charger: Supercharges any workspace with a GaN Charger. The compact and efficient charger uses Gallium Nitride technology, providing faster and more efficient charging for all their devices. A good 10W charger can charge your laptop, phone and more at the same time. Our recommendation is UGreen or Anker.

ugreen

anker

3. Hardware Crypto Wallet Ledger Nano S Plus: They say if you don’t keep your cryptos in your own wallet, you don’t own it. So, keep your developer’s cryptocurrency safe and sound with the Ledger Nano S Plus. This hardware wallet provides top-notch security, ensuring all digital assets are protected from cyber threats.

ledger

4. Yubikey 2FA Hardware Security Key: This is a must-have; you might have noticed us giving away many of these lately as part of our survey prize draws. This device adds an extra layer of protection to online accounts, making it an essential tool for any developer serious about safeguarding their digital identity.

yubikey


5. Pourover Coffee Brewing Kit: Fuel late-night coding sessions with the v60 Pourover Coffee Brewing Kit. Give your developer the gift of barista-level coffee, enhancing their productivity and adding a touch of luxury to their work breaks.Our recommendation is one from Hario.

hario pourover

6. Aeropress Coffee Brewing Kit: For the developers who are always travelling but appreciate good coffee, the Aeropress Coffee Brewing Kit is a game-changer. Compact and efficient, it’s perfect for busy coding days when time is of the essence.

aeropress

7. Raspberry Pi 5: Unleash the creativity of your favorite developer with the new improved and powerfuk Raspberry Pi 5. This mini-computer opens up a world of DIY projects, from home automation to gaming, making it an ideal gift for those who love to tinker with technology.

Raspberry Pi 5

8. Zima Board: Dubbed as advanced hacked single board computer, it’s definitely much more powerful than the Raspberry Pi, thanks to x86 Intel CPU. It offers tons of I/Os including dual Gigabit Ethernet, and a PCIe which is phenomenal. It’s an ideal computer to run your personal cloud, Network Attached Storage or Media Servers. 

zima board

9. Rubber Duckies: “Quack the C0de” Sometimes, the best debugging partner is a rubber duck! These adorable desk companions serve as silent sounding boards, helping developers troubleshoot and unravel coding conundrums.

rubber duckies

10. A Book – “Soul of a New Machine”: Feed their minds with “Soul of a New Machine,” a classic in the world of tech literature. This Pulitzer Prize-winning book provides insight into the world of computer engineering, making it a captivating read for any developer.

11. USB C Cable Checker: It can be frustrating to identify the right USB cables. They all might look the same, but some don’t support Thunderbolt, high-speed data transfer or fast charging. So a USB C checker like this or this or even an advanced one like this can really come in handy.

usb c cable checker

We hope these gifts will make the developers in your life feel truly appreciated. If we miss any must-have items on our list, Share your suggestions in the comments below, and let’s make this holiday season the most tech-tastic one yet! Happy coding and happy holidays!🎄

– @iAyanPahwa

Categories
Developer Nation Broadcast

Podcast #3 – The Developer Advocacy Universe with Adrienne Tacke

In this Developer Nation broadcast episode, Ayan interviews Adrienne Tacke, a Senior Developer Advocate at Cisco, discussing her career journey and the field of developer advocacy. Adrienne shares her unexpected path into software development, starting with an internship during college. She emphasizes that a computer science degree isn’t necessary for a successful career in development; a passion for learning and an eagerness to explore new technologies can be equally valuable. While a degree can provide a solid foundation, ongoing learning is key, and it’s beneficial to grasp foundational computer science concepts even without formal education.

Adrienne discusses her transition to developer advocacy, driven by her desire to share her journey through conference speaking. She highlights the joy of travelling and connecting with various developer communities worldwide. However, she also mentions the challenges faced by developer advocates, including multitasking, burnout risk, and maintaining high-quality content creation. While the role offers numerous rewards, it comes with hard work and demands attention to balance and prioritization. The conversation sheds light on the behind-the-scenes work and the multifaceted nature of developer advocacy.

Intrigued by Adrienne’s journey and the world of developer advocacy? If you want to dive deeper into her experiences, challenges, and the vibrant field of developer relations, don’t miss the full episode. Tune in for a wealth of insights and inspiring stories.

You can listen on Spotify:

or watch the entire thing here:

Categories
Tips

Passwords are DEAD, Let’s meet Passkeys and our new State of Software Supply Chain Security Survey 

Let’s get real. It’s a pain generating unique long alpha-numeric passwords and 2-factor authentications for every web or app service we use today, often ending up using the same old password (we can remember) across services and skipping 2fas if not enforced. Even if you use a password manager to generate and auto-fill your state-of-the-art strong passwords, you’re still vulnerable to attacks like Phishing, where a website looks identical to the one you are trying to access, although in reality it is a fraudulent copy -trying to use and steal your passwords as soon as they’re entered. 

Using a 2-factor authentication is handy in this situation. Still, it involves either SMS-based OTPs or authenticator apps like Authy or Google Authenticator for TOTPs, requiring cellular connectivity or installation of additional apps. Not to mention, if you lose your password manager, it will be a nightmare. 

Enter Passkey 

Passkey is a new passwordless authentication, standard by the FIDO alliance that aims to replace passwords and 2FAs, providing a faster, easier, and more secure authentication process.


Passkeys work on public-key architecture, generating public and private keys for each web or app service you use. The public key is saved on the web/mobile service server you intend to use, and the private key is kept securely on your local device, e.g. your Smartphone. Every modern smartphone processor today has a Secure Element which will generate and save these passkeys, which means not even  you can  read or directly access your private key. 

Whenever you want to authenticate on a service,- a signature generated from your saved public key will be sent to your device, and you can authenticate this signature using your private key + Biometric Authentication, e.g. your device PIN, fingerprint or Face ID. Once the signature from the public key and private key matches, you’ll be successfully logged in, meaning you don’t have to enter any password or OTPs, saving you from creeping eyes while entering your passwords in the coffee shops. The Private key never leaves your device, and you don’t need to remember everything, + it’s Phishing proof since Phishing sites won’t have your public key anyway 😉 

So, to actually hack you, the hacker will require your device + your fingerprints/FaceID, and I don’t wanna imagine that scenario anyway.

Passkey in Action

Every service you wish to use will generate a unique passkey that can be synced across all your devices using the ecosystem cloud sync, e.g. iCloud or password manager provided by your browser. You can also share your passkeys with devices and people you want. Hardware keys like Yubikeys can also be used to generate and save passkeys. If you’re on a desktop, you can still use your mobile device for passkey authentication using QR codes generated by the services while trying to log in. The QR code can then be scanned by your phone and finished with the passkey authentication. 

For businesses, it saves cost on OTP services you provide for your users, and it’s pretty easy to add support for passkeys in your web or mobile applications using already existing authentication APIs offered for all major platforms – iOS, Android, Chrome, etc.

To start with Passkeys, look at the services already supporting it at https://www.passkeys.io/who-supports-passkeys and join the Passwordless train.

Take the survey

Participate in our ongoing survey and share your thoughts to help us and our partners build a secure experience for You! 

Categories
Developer Nation Broadcast

Podcast #2 – Open Source, Navigating Engineering Career, Android and more with Lars Bergstrom

In this podcast episode, our host Ayan interviews Lars, the Director of Engineering at Android within Google. Lars begins by discussing the differences between working in open-source organizations like Mozilla and corporate entities like Google. At Mozilla, Lars experienced radical transparency and openness, where even future plans and business strategies were shared publicly, promoting trust and early community involvement. Conversely, Google’s approach to open source centers around accommodating numerous vendors building on Android while respecting their privacy.

Lars delves into his day-to-day responsibilities, which encompass people management, project management, and long-term strategic planning for Android. He emphasizes the importance of understanding the tools and systems used by his team and occasionally participating in code-related tasks to stay connected with the development process.

The conversation also touches upon the challenges of developing for Android, with a focus on the longevity of APIs, the adaptability of libraries to various devices, and the dynamic nature of user features based on changing usage patterns, such as a transition to video-based applications and the management of a high volume of notifications.

This episode provides valuable insights into the intricacies of managing a large open-source project like Android, balancing innovation, developer needs, and evolving user experiences in the technology landscape.

You can listen on Spotify:

or watch the entire thing here:

Categories
Tips

Headless Raspberry Pi Setup – WiFi and SSH

Setting up a new Raspberry Pi Board can be daunting without a monitor and keyboard, Once you flash a new image of the Operating System – Raspberry Pi OS or similar, the next obvious step is to boot the Pi, log in to it and access the terminal over SSH. But for a headless setup, i.e. without a Monitor and Keyboard, it’s not that straightforward. The same goes if you’re using a lite image of the OS (without a Desktop Environment). For SSH to work, you first need to get your board on your home network, even if you manage to create an ad-hoc network between your Pi and workstation, the SSH is disabled for security reasons. 

Are you ready to influence the tech landscape too? Take part in the Developer Nation survey and be a catalyst for change. Your thoughts matter, and you could be the lucky recipient of our weekly swag and prizes! Start Here

There are two simple ways to sort this out, and we’ll look into it one-by-one 

#1 The Simple Way: Using the official Raspberry Pi Imager, 

Raspberry Pi’s official flashing utility can be downloaded from here . This tool allows you to pick the OS image you want to flash. It also has a setting page where you can enable SSH and add credentials of your home router WiFi SSID and password. All this information is baked into the OS image during the SD card flashing process.

#2 The Ninja Way: Underneath the hood 

While the Raspberry Pi Imager way works pretty straightforward, for the ninja user, it’s important to understand how this all works underneath the hood. So the job of the flasher programmer is to partition your SD card into two segments – BOOT and the Root File System (rootfs) of the raspberry pi. This is how typical how Linux distributions are stored. 

The boot partition holds all the essential files used during the booting process, including the bootloader, and the rootfs partition holds the primary filesystem of the Linux operating system. Now let’s add settings for our WiFi connection and enable SSH on the raspberry pi board the ninja way. 

Once you flashed a new operating system, the SD card shall be auto-ejected, so re-insert the SD card, and you shall see a partition named BOOT mounted on your system. Create a new file in the root folder of the boot partition with the exact name – wpa_supplicant.conf. In this file add following using your favourite text editor or terminal: 

“` code-block

This information shall be used by “wpa_supplicant”, a utility used by Linux distributions like Debian to connect to wifi networks. After the boot is complete, it’ll scan for WiFi networks nearby and connect to your SSID and password you supplied. 

Don’t worry about supplying your password in plain text, after the boot, this file will be removed automatically.

Now to enable SSH, which is disabled by default for security, just create a new empty file with the name ssh in the root directory of the boot partition. Use the terminal command to create this file 

And that’s it, your raspberry pi will be connected to your WiFi network and ready to accept incoming SSH connection requests, and all this is done without ever connecting your board to a monitor and keyboard – Headless. 

Test your SSH connection from your workstation open the terminal, and type:

and you shall be logged in.

Found this tutorial interesting? Read more about the latest trends in Embedded System development in our previous blog here and take your embedded projects to IoT using MQTT via this blog here .

Categories
Community

Introducing Developer Nation forums

It’s been a while (read 3 months) since we launched the Official Developer Nation forum along with our revamped website. But we have yet to make a formal announcement about it. This blog will serve as an official bulletin illustrating our rationale behind launching a self-hosted forum for Developer Nation.

Being a global community, we are aware that developers worldwide depend on us and each other for support, sharing ideas, collaboration, and diverse perspectives to make informed decisions in their programming journey. However, we didn’t want to hastily create yet another Discord server or Slack workspace without careful consideration, which could result in unanswered queries and inactivity.

How we support our global developer community 

We have been providing extensive assistance to our community members via email for a considerable period. Our support ranges from answering their questions, and connecting them with relevant individuals in the community, to sharing developer market research reports upon request from our vast data repository. We also extend it to help them with job hunting, among other things. However, we noticed all this happening behind closed doors, isolated from the rest of the community, for no reason but a lack of an open platform. Even if another developer had a similar query or request, they could not benefit from previous conversation flows with other members. Therefore, we decided to take this to the next level by providing the community with a platform to collaborate openly and benefit from the conversations other members are having.

Announcing Developer Nation Forums

Developer Nation forums are our discourse server which can be accessed at: https://forum.developernation.net/, now without actually telling you what you can do here, I would highly encourage you to check it out yourself and consider this our community playground where nothing is wrong, and everything posted is regarded as a healthy flow of conversations within the community. We’ve created the categories we see fit (for now), but this is ever-evolving as we receive community feedback. 

One of the key goals of creating our own forums is to help our community self-serve themselves; that means once the forums have significant conversations, the chances of you finding an answer to your query increase by many folds. Thus, new members can better navigate our community and surveys and get support without needing to reach out to us personally.

Apart from creating your own threads and participating in conversations started by other community members, you can customise the look and feel from dark to light mode. Feel free to explore more and share your feedback with me on how we can make it better and more inclusive for everyone. I believe our community members will generously help each other on the forums and make it a sustainable healthy hangout place for all the members.

P.S: Since every member of the Developer Nation community team, including me, spends time on forums every day, the chances of your query being addressed are relatively high there.

I’ve created this short video as a quick crash course on using the forums for the first time; check it out, and I look forward to welcoming you there. Cheers!

– Ayan

Categories
Community Enterprise Developers

Meet the Enterprise Developers – Interview Series #1:  Investment Sector 

The term Enterprise Developer has been showing up quite frequently over the past few years in Developer Nation and other programming communities. In our experience, this term can have slightly varied meanings, but it often relates to the Developers working in big teams/organisations, supporting enterprise-grade software development. 

To shape a more accurate definition and learn more about Enterprise Developers’ roles, responsibilities, and challenges, we decided to ask them directly. Hence, starting this new series of blog Interviews at Developer Nation, talking with Enterprise Developers, giving our community more clarity about their work and how it differs from a startup environment.

The first interviewee in this series has requested us to keep their identity anonymous; hence respecting their privacy, we will call them Dev A.

Ayan: Can you briefly describe your job as an Enterprise Software Developer

Dev A: I work as a Software Developer at an investment firm, my work revolves around writing tools and data pipelines that help traders/operations and also data pipelines that run during and pre/post trading.

Dev A has briefly described their work as building tools and data pipelines that help investors trade on the platform. 

A data pipeline is a function that processes raw data from various data sources and then posts it to a data warehouse for further analysis.

Ayan: What are some of the challenges and benefits of working at a large company compared to a startup?

Dev A: Challenges – a lot of existing infra to go through and gain understanding on. Slow review and deployment process, lot of stakeholders.

Benefits – Learn about processes, scalable solutions, how large infra is maintained. You get a hang of good practices.

Processes make it easier for developers to work and support each other in a big team setup. However, these processes can also sometimes  become bottlenecks when new features of patches in the code need to be shipped to the production. As Dev A mentioned, the review and deployment process is slow, and many stakeholders are there whose reviews are needed. On the good side, these processes ensure the quality of the code having it being reviewed by multiple parties. Especially in financial organisations a bug showing an incorrect balance can be a disaster for the product. 

Ayan: If you could change one thing about how your organization operates, what would it be?

Dev A:  n/a

I asked Dev A if there’s anything they would want to change about the way their organization operates. Apparently there isn’t anything that is rare but good to know. 

Ayan: How is AI impacting your day-to-day life? Is there a policy regarding the use of AI tools in your company?

Dev A: Not allowed to enter proprietary information in LLMs. Consider anything entered into ChatGPT is as good as posting it on social media.

AI helps generate quick commands for generic things – e.g bash commands, generate snippets, etc. Stack overflow replacement in a crude way.

From the response, Dev A’s org seems to have a strict policy when it comes to using Large Language Models like ChatGPT with any proprietary information. However, Dev A has been using it to support their development work, like generating Bash commands or code snippets to automate aspects of their job, using it as a Stack Overflow replacement – Very Interesting. 

Ayan: How much of your work depends on specific tools, frameworks, programming languages, or cloud providers?

Dev A : Many libraries are inbuilt and maintained in-house, but many are used from outside as well. e.g redis, github etc.

This one is a classic. To be easily maintainable a big software project is usually organised into libraries, which are easier to maintain and reuse in different projects. As Dev A mentioned, many libraries are built and maintained within the org itself. However, like any other software product, they also depend on other work in open source and outside to support the product development. 

That was all from this interview, but keep an eye out for more. If you know anyone we should invite for this kind of interview session, please feel free to write me at ayan.pahwa@slashdata.co

Ayan