How do you improve bad software architecture? Introducing low risk, incremental changes is pretty straight forward but improving architecture often involves bold leaps such as complete rewrites. Where do you start? Here's a strategy I've been using: Imagine the future you want without worrying about how to get there. I'm calling this a North Star Exercise.

When talking about legacy code, have you ever heard someone say we're gonna strangle it!? This article is for them. The strangler pattern is a powerful way to gradually rewrite a software system while still running the old system. However, words matter and language shapes the way we think. Also, let's be real, calling it the ivy pattern never really caught on. I'd like to propose the Chrysalizer Pattern. You can now say we're gonna chrysalize it.

TypeScript makes JavaScript safer and even opens up new architectural possibilities such as better unit tests. I highly recommend it. However, the default configuration encourages unsafe patterns that developers might not be aware of. Specifically, I wanted to illustrate the dangers of any and show how you can define custom generics instead. I'll also offer some lint rules that will help your team write safer TypeScript.

I've been at Bluecrew for a month now and one thing I'm actively improving is their continuous integration (CI) strategy. Every team has values around their code and systems. The existential question I ask about each value is this: does CI enforce the value? If not, the value does not exist. You could think of this as an all or nothing CI strategy.

I first heard about test-driven development (TDD) around 2006-ish and I still hear about it often. TDD encourages you to write effective tests because you always see both states: the failing state and the passing state. This is great but it's easy to write the wrong code for a feature as you learn more about it. Duplicating that exploratory effort on tests is a waste of time. After many years of building software on small to medium sized teams, I prefer a leaner approach that accomplishes the same goal: something I call spike, test, break, fix.

When studying Sound and Film at art school, I spent most weekends renting as much equipment as possible, wheeling it into my dorm room, and staying up late creating work. I've been called a workaholic for this kind of behavior and maybe it's true; I really love working on meaningful projects. I also realize that it's an honor and privilege to work on projects I care about. After Mozilla, I'll be joining Bluecrew full time to help build a platform for working. Bluecrew creates apps for on-demand staffing (temp work) but with a twist: workers receive W-2 status and everything that comes with it. This includes minimum wage protection, overtime / sick pay, workers' comp., eligibility for healthcare, etc. Bluecrew connects people to jobs like light industrial work, hospitality, and logistics, providing opportunities at varying skill levels.

I originally sent this as an all-company email. Below is an edited version. After 9 fantastic years I’ve decided to move on from Mozilla. Here are some reflections about what makes Mozilla such a special place to work at. My first commit was a simple right to left localization fix on addons.mozilla.org -- wow, I couldn't believe I was shipping a web app used in 40 languages! It has been an honor to make such a powerful impact in so many people’s lives all over the world. Thanks to Mozilla for inviting me to be a part of their unique and crucial mission. Since then I've had the chance to work on many different projects and technologies, most recently in UI engineering. Working in the open has been fascinating to me...

At Mozilla, the Add-ons team hosts a casual show & tell each month. It's a public meeting and we invite community members to share their work. This time I demo'd some of the work I've been doing to profile and optimize our code manager, a tool that the review team uses to make sure add-ons are safe for Firefox users. It's a code viewer that looks like an IDE: a file list on the left, code in the middle, and a file overview on the right. The UX is similar to reviewing a pull request on GitHub but the main difference is we integrate our automated scanning tools to provide hints about potential problems. Watch the demo. The big challenge we ran into is how to display very large code files and diffs without lag...

A skeleton screen is a technique of rendering placeholders for text, numbers, and other parts of a UI that haven't yet loaded. As a user interacts with the UI, they immediately see the illusion of new screen states—the skeleton—and this makes the app feel very fast. The skeleton layout is typically animated in some way to convey that data is still loading. My team at Mozilla built addons.mozilla.org with skeleton screens for all loading states. This article covers some of the details about the techniques and approaches we took and some gotchas. It focuses more on the concepts rather than the implementation...

React first emerged as a powerful way to build living, breathing client side web applications. When my team at Mozilla set out to build a React frontend for addons.mozilla.org in 2016 we knew we needed server side rendering (SSR) for SEO and performance but we underestimated how much of a challenge it would be. This is a deep dive into how SSR is fundamentally different from what React was designed for...

I hear a lot about how static typing makes JavaScript safer but what about its influence on code architecture? As someone who has worked extensively with dynamically typed languages, I was surprised to realize that type safe applications can be written in entirely new ways. I'd like to illustrate a fast and effective unit testing strategy that is only possible once you have type safety. I'll be talking about React in TypeScript but this may apply to similar realms...

I wrote an article for Mozilla Hacks about testing React / Redux apps. TL;DR Setting up a test for a Redux connected component is simple: just dispatch the actions needed to enter a desired state. There's no need for mock objects or API calls. If you need to assert that the component dispatches an action in response to a UI event, you can spy on store.dispatch(). Shallow rendering lets you run fast, encapsulated unit tests. For example, breakage in an component (that might be used all across the app) would not break your entire test suite. Testing component interfaces rather than complete end to end coverage improves encapsulation and makes tests more maintainable. For example, if the component under test passes an onSubmit prop to another component, it's better to simulate the integration by calling otherComponent.prop('onSubmit')(). There's no need to fully mount the other component. I recommend using static typing with these testing strategies to ensure all components are integrated correctly.

I've been working remotely from a home office with Mozilla since about 2010 (4 years so far) and although it has challenges I still enjoy it. It requires some discipline and most importantly a routine. Matt Gemmell's article on this has excellent pointers on routines and setting up an isolated work space at home. I wanted to add a few things to his post from the perspective of working as a software engineer (my profession)...

The OpenSSL heartbleed bug was a heavy wake up call. This video provides a quick overview if you want the details. In summary, an attacker could craft a payload with a fake size (up to 64k) and trick openssl into sending a random chunk of server memory. WTF?! To understand how bad this was I spent a minute hacking on this script that was going around. I pointed it at login.yahoo.com (which is no longer vulnerable) and tried to see if I could catch a username and password flying by. I had one within 30 seconds. That's how bad it was; you could read random parts of the server's memory which may contain passwords, private keys, or whatever else OpenSSL was processing for current site visitors. I had stolen someone's credentials. Game over, right? How do you protect yourself against something as bad as this? ...