17 Jan 2018

Launched: SOC 2 Type II Certified

This week we are happy to announce that we have achieved SOC 2 Type II certification. You may recall that last year we worked with an independent auditor to receive our SOC 2 Type I report. There are actually two kinds of SOC 2 reports—Type I and Type II.

What’s the Difference?

Type I reports on whether the systems are suitably designed. Providing an overview of the systems a SaaS platform has in place to satisfy the Trust Principles it’s being audited on. This type of report looks at your company and your procedures to determine whether they are designed to do the job you say they do. For instance, does your service correctly control access the way you say it does? However, a Type I report doesn’t take into consideration how well these actually work in practice—for that, you need a Type II report.

Type II reports look at the actual outcomes of the system and if it’s operating as designed. The report audits how well your software, team, and procedures worked with actual data within the evaluated timeframe. Were there any significant service outages? Were there any security incidents? Was the data handled effectively? Did your service effectively manage features for the allotted time, 6 months in our case, the auditors evaluated your system?

Type II Is All About CONSISTENCY

The Type II reports are what your customers really want. When a customer is trusting your service to run a portion of their business, they want to see proof your system operates effectively over the long term. And enterprise organizations like working with products that conform to the highest standards of the AICPA and that your practices back up your promises.

With a SOC 2 Type II report, you can provide customers evidence that you accomplish what you claim. You can show that external auditors have agreed that the control systems you have in place work as you say they do, and were observed over an extended period. This is not just about closing a deal, this is a key part of establishing trust that our customers can feel confident they can pass along to their customers.

12 Jan 2018

Launched: Comments, Adding Context to Your Actions

A key part of problem identification is knowing what changed in the system. For developers this is often accomplished with comments in code this is to remind your ‘Future Self‘ why you made the choices that you did. As we have built LaunchDarkly we have tried to follow our own best practices around naming flags with good descriptions, assigning clear owners to flags that map to specific areas of responsibility, and adding comments in our code to provide reminders on what a given flag is for.

However, as more teams using LaunchDarkly have implemented feature flag driven development practices the platform has become a crucial part of their change management process. For anyone that has experience with change management there is an acknowledgement that context matters. Standard audit logging is great to know who changed what, when; but lacks the why. In small systems or on small teams this often falls in the category of tribal knowledge, but in large systems and large organizations 30 seconds on formally documenting changes can save hours or days in the troubleshooting process.

Today, we are happy to rollout the ability to add comments on updates to flags. Now team members can have the option to add a brief comment on why a change is being made.

As we designed this feature we also thought it would be helpful to include these comments in your favorite established output path. So, when you do decide to add a little extra context folks will see it appear along with the who, what , and when sent to the audit log, through your established webhooks, slack channels, and Hipchat rooms.

If it’s for a developer, build it on top of an API

In keeping with our mantra around API-first development the new comments functionality is built on top of the REST API.  We added the ability to submit these optional comments with PATCH changes. With this launch, the Update feature flag resource supports comments, and support in other PATCH resources is forthcoming.

Here’s an example from our API docs for submitting a comment along with a JSON Patch document:

JSON
1
2
3
4
{
  "comment""This is a comment string",
  "patch": [ {"op""replace""path""/description""value""The new description" } ]
}

Oh, and one more thing

While we’re strong proponents of JSON Patch as a protocol for describing partial updates in our REST API, we’ve found that it can be pretty verbose for simple changes. We’ve added support for the JSON Merge Patch protocol to address this. Here’s an example merge patch document  that changes a feature flag’s description:

JSON
1
2
3
{
  "description""New flag description"
}

Compare that to the equivalent JSON Patch document:

JSON
1
2
3
4
5
6
{
  "name""New recommendations engine",
  "key""engine.enable",
  "description""This is the description",
  ...
}

This addition also means that you can get fancy and combine these two new features and submit a comment along with a merge patch document:

JSON
1
2
3
4
{
  "comment""This is a comment string",
  "merge": { "description""New flag description"}
}

Achievement unlocked. And now you’ll know why.

02 Jun 2017

Week n+1

Start? This is just the next step in the journey (image credit: Andrew Lipson)

I recently wrapped up my first official full week at LaunchDarkly. Although, I’ve been working with the team as an advisor/consultant for a number of months. Over the past year I have been advising and consulting with various start-ups looking for a good fit. I would often remark to folks that I was “company dating.”

More like introductions from friends than tinder. (Photo credit: Reddit post)

Honestly, I have very little dating experience. My wife and I met my 2nd (her 1st) year in college and haven’t looked back. Similar on the job side, I started at EMC a year after graduating and then was the first internal transfer to VMware. For almost 15 years I enjoyed the stability and resources of a large company. But, then I started to feel the need to grow and participate in the changing landscape I saw in software development trends.

Since leaving VMware I have spent a lot of time thinking about the gap between the old school development frameworks (e.g. waterfall) and newer practices (e.g. agile, scrum, continuous deployment). Tools like git, continuous integration, and automation have radically changed how we release. At EMC and VMware we measured our releases in years, or sometimes months (the same way a parent refers to their 22 month-old toddler). Compared to GitHub where we released multiple times a day.

This whole cloud thing is likely just a fad. (Photo credit: Twitter)

Recently, I’ve started to bucket these tools into three phases of for software development: Concept, Launch, and Control. I’m working on a blog series to discuss each of these in-depth, but this framework is what got me excited about LaunchDarkly. Feature management, while not the shiniest tool, provides the foundation for eliminating risk and delivering value as teams push to move faster and to be more reliable.

In addition to my passion for our product, this intelligent team, my carless commute, I did have one additional objective: to be a part of a diverse and equitable company. Not simply an organization that accepts diversity, but one that actively pursues a more diverse and inclusive team as a imperative for building better products and services. So far a great start to my next long-term relationship.

25 May 2017

Launched: Single sign-on

Spend some time at a software shop, and you’ll inevitably collect a pile of accounts for services, internal and external. Since you value security, each of your passwords are long and unique and safeguarded in a password manager. You imagine a world where you don’t need to manage passwords for each and every service you use.

That’s why we are excited to announce support for single sign-on via the industry-standard Security Assertion Markup Language 2.0 (SAML 2.0). Knowing that SAML integrations can be cumbersome and complicated, we refined the administrator experience to be simple and clear. We built a test-drive mode so administrators can verify their SAML configuration end-to-end before enabling single sign-on in LaunchDarkly for the entire team.

Our single sign-on implementation is accompanied by a couple other benefits. With LaunchDarkly’s just-in-time user provisioning, administrators can onboard new employees from their identity provider without having to also create accounts for them in LaunchDarkly. Simply grant the new employee access to LaunchDarkly via your identity provider. Then LaunchDarkly will automatically create a new account when the member visits LaunchDarkly for the first time. Additionally, any changes to the member’s profile or assigned roles will be propagated from your identity provider as soon as the member signs into LaunchDarkly.

We currently support Okta and OneLogin, with support for additional identity providers on the way.

Single sign-on is available to customers on our enterprise plans. If you’re interested in learning more about our enterprise plans, contact sales@launchdarkly.com.

Behind the curtain

Alexis and I collaborated on the single sign-on feature. The very first step we took was creating a feature flag for SSO in LaunchDarkly. With our feature flag seatbelt on, we didn’t need to maintain a long-running branch for the feature, which meant we thankfully didn’t have to suffer from massive merge conflicts. Every optional change that could be hidden behind that feature flag could be released incrementally and without extensive manual QA review.

When we demonstrated the feature in progress to a customer, we didn’t need to use a staging system; we could demo on production because the feature was hidden behind a feature flag. When we were ready for the feature to be beta-tested, it was very easy to enable it for one customer and then another. The SSO feature flag remains today, and now our sales team uses the flag to enable the feature for their customers.

03 May 2017

Integrating Feature Flags in Angular v4

A little while ago, we blogged about eliminating risk in your AngularJS applications by leveraging feature flags. Like all good web frameworks Angular continues to release new versions providing opportunities to tweak and update your code. The benefits of Angular over its predecessor include a built-in compiler,type enforcement, and a complete re-write in Typescript. All valuable of updates for reducing agony within the software development lifecycle.

If you’re thinking of making the switch to Angular, or are already using it, LaunchDarkly is here to help you eliminate the risk all the way from your initial migration to future successful launches. In this article, we’ll discuss how to eliminate risk and deliver value in your Angular project.

We’ll build on Tour of Heroes (which we’ll refer to as TOH from here on out), a demonstrative Angular app which showcases the framework’s basic concepts. Essentially, TOH is a live roster of superheroes, including search functionality and the ability to modify hero details. To learn more about TOH, and to get familiar with Angular, check out the official tutorial.

Creating our Feature Flags
Suppose we want to limit the usage of our search and modify features to a certain subset of our users. To achieve this, we’ll create two feature flags, toh-search  and toh-modify . In our case, we’ll allow logged in users access to search, and only the administrator will be able modify heroes.

An implementation of toh-search in the LaunchDarkly console

Integrating

Now, we’ll create a service which handles everything LaunchDarkly’s JavaScript SDK will throw at us. Note: for simplicity, we use a dummy user-switching feature (located in the user component of the project folder).

LaunchDarklyService’s constructor starts by initializing the SDK, and follows up by calling the built-in on method, which will update the feature flag values within our app whenever the user is changed, or the feature flag configurations are modified. This is handled by a Subject-typed variable,   flagChange , which will later be subscribed to by in the app’s components.
With our service functional, we’re now able inject it as a provider into TOH’s “search” and “hero” components, granting them full access to our feature flags!

In the hero-search component, we subscribe to the aforementioned flagChange , which will let Angular know that the search component should be toggled whenever the respective feature flag configuration is changed. The hero component is modified in a similar fashion to introduce the toh-modify  flag.

See it in action!

Search:

Modify:

Be sure to check out the complete project on GitHub, we’d love to see what other features you can build into Tour of Heroes!

19 Apr 2017

Starting a new chapter and my message to prospective LD designers

Wow, what a journey.

I joined LaunchDarkly in 2015 as employee #3 and first design hire. Every day since then, I learned something new about the product, the team, and myself. I learned from the best and brightest: from John and Edith’s unparalleled enthusiasm and leadership – to the engineering prowess of Alexis, Patrick, and Dan – to the marketing wizardry of Andrea.

For me, success is not how much money you can make… or your job title… or how many people you can manage… Success is the ability to be proud of what you have accomplished, to have helped others along the way, and to take care of your loved ones. It is also the ability to learn every day, to have a sense of wonder at the possibility of advancement, and to make a positive impact through your work.

Every single team member at LaunchDarkly is a genuinely good person. They are not here to play the Silicon Valley game, they are here to solve a problem with software releases and truly help companies deliver better software, faster. They envision a world where the LaunchDarkly product enables companies to accelerate innovation, spur new technology, and deliver more reliable software.

Though I love the team and I’m thrilled with the product, I’ve made the tough decision to start a new chapter in Southern California, home to my family and friends, at Ten-X (a happy LaunchDarkly customer!). I will miss LaunchDarkly dearly, but I know I did the best I could during my tenure.

Design at LaunchDarkly

If you’re a designer interested in LaunchDarkly, let me give you some insight into what it’s like to work here.

Imagine a team of engineers who are brilliant, humble, supportive, and funny (gifs upon gifs!). Working with this team day after day has been a privilege and a whirlwind of a learning experience. They do not cut corners when it comes to code quality and product. You will absolutely learn best practices, innovative strategies, and work with a state-of-the-art stack. You will 100% become a better, smarter designer and make an immediate impact on the product. I guarantee you will be truly proud of what you design and the quality of its programmatic execution.

Your job will not be to push pixels. You will be a systemic thinker – someone who takes ownership of the design process from start to finish. You will learn to love our customers and take a personal interest in their happiness by building a world-class user experience.

Not only that, but every team member at LaunchDarkly is a designer in their own right. While you will be the one who will take ownership of design, the team enjoys contributing feedback and ideas, making the entire process collaborative and company-wide.

To infinity… and beyond!

And on this note, I say goodbye to my second family as I make my transition from proud employee to happy customer. LaunchDarkly will continue to be the industry leader in feature flag management – a true disruptor and unicorn in the software development space. If you’re a designer and you’re thinking about LaunchDarkly, just do it.