DEV Community: Roman Kalkowski

Why Unleash loves private instances

Roman Kalkowski — Fri, 14 Apr 2023 08:40:37 +0000

TL;DR

Unleash started as a self-hosted, open-source side project.
Single tenant private instances made sense as a natural extension of open source.
From that decision came a lot of what makes Unleash unique in the feature management space.

Unleash: From side hobby to hosted solutions

“We didn’t intend to commercialize at first. I really didn’t want to set up a multi-tenant solution if I didn’t have to. Plus the fact that we were open source was already a huge part of our identity.”

This is Ivar Østhus, CTO of Unleash and one of its cofounders. He built Unleash as a side hobby. He didn’t anticipate that Unleash would grow into the company it is today.

“Our first paid customer requested that we host them,” Ivar shares. “I looked at it as a one-time thing. It made a lot of sense to just set them up in a private instance.”

It wasn’t a one-time thing. Or a three-time thing, for that matter. Unleash kept growing its cloud offering, and each new customer was given a single tenant private instance.

“Eventually we had a lot of customers that we managed manually, and it was at that point we had to decide whether to move on to a multi-tenant solution that could support all customers in a single application,” Ivar says

By then, Unleash was already seeing huge benefits with offering a single-tenant hosted solution.

Private instances mean security, flexibility, and…well, privacy

“The main benefit of private instances is obviously security, but it’s also about flexibility and privacy.” says Ivar. “If you tell us to host your instance in the US, we can. We’ll host it in our US cluster and it won’t be in Europe.”

In other words, private instances allowed Unleash to offer true data residency. Ivar knew that a multi-tenant hosted solution would be more limiting.

“With multi-tenant, you don’t know where the data goes. You don’t know where it’s housed,” Ivar says.

Privacy is in fact a huge benefit. Unleash’s approach to building private instances plays a huge part in it.

“We didn’t build single tenancy into the software itself, but in the infra layer instead,” says Ivar. ”It basically means we can run separate instances of Unleash with unique configurations per customer.”

Unleash customers also benefit from how we use Kubernetes to run applications in Docker containers: We use a separate namespace for each customer. This means a single customer can never access another customer’s data.

“Every customer has their own database,”says Ivar. “It’s not technically possible to access the secrets of another customer.”

Kubernetes brings with it a number of security features.

“The industry trusts Kubernetes,” Ivar says. “We do too. It’s the de facto standard of how you run applications today. With Kubernetes, it’s pretty much impossible to break out of a container.”

Unleash also discovered a unique scalability that comes with private instances.

“If a customer uses beyond their committed resources, we can add resource limits or increase capacity at the customer level,” says Ivar. “We don’t have to apply it to the whole platform.”

What this means is that, as a customer hosted by Unleash, you can trust that another customer’s usage won’t affect your own.

“We’re able to measure the performance–and in general, the SLI– per customer,” Ivar shares. “We have objectives per customer, not across customers. So we can figure out pretty quickly why a single customer might have a lower quality experience.”

Shifting from outdated technology to a future way of hosting

“If we had started Unleash just a few years earlier, we would not have been able to scale private instances like we have,” says Ivar.

This is because platforms like Kubernetes empowers Unleash to efficiently sandbox customers. And as managed Kubernetes matures, this sandboxing becomes easier and easier to run.

“This significantly brought down the cost of choosing single tenant private instances over multi-tenant solutions,” says Ivar. “It changed the calculus, especially when you bring in all the benefits of single tenancy.”

In this way, single tenant private instances have shifted from an outdated way of doing things, to the future.

“Ten years ago it would have been nonsensical to choose single tenant,” says Ivar. “It would have been seen as a step backwards.”

A focus on private instances is not for everybody, particularly for B2C companies.

“While we can do more today, there is obviously a cap on how many customers we can do this with,” Ivar says. “We’re nowhere near that limit, and newer technologies could make this even more scalable over time. But for a B2C company with millions of tenants, private instances probably wouldn’t make sense just yet.”

Private instances will likely be unique to Unleash for a while

“In theory, if we wanted to shift to multi-tenancy at some point, I don’t imagine we’d encounter many hurdles,” says Ivar. “You can’t say the same going in the other direction.”

This is because Unleash scales per customer. Moving to a multi-tenant solution would only consist of a simple migration.

Multi-tenant solutions don’t have it so easy. “They would basically need to re-architect everything,” says Ivar. “This is especially true with a shift to microservices. They don’t easily migrate and require special, individualized attention.”

There are obviously unique reasons why the switch from multi- to single tenant solutions would be complex, but the main gist is that multi-tenant solutions are just not built for the switch.

In the end, for Ivar, it’s all about simplicity.

“I really love what you can unlock by thinking in simple terms,” says Ivar. “For the customer, it’s just an app. It’s not rocket science.

Simplicity is something that tends to resonate with developers, who habitually work with very complex systems. As a developer, Ivar is familiar with this mindset.

“We’re very good at making stuff complex, and making microservices on huge platforms where everything needs to be perfect,” says Ivar. “And we can be proud of complex systems that nobody understands.”

Private instances are a way to solve that inclination. “This is especially true with how Unleash has moved tenancy to the infra layer,” says Ivar.

In other words, by using an infra layer for our private instances, aspects of Unleash like security, performance, privacy, and hosting flexibility remain baked in the Unleash infrastructure.

“This means we don’t have to reconsider those needs for every change we make to Unleash’s core application,” says Ivar.

As a result, the Unleash experience not only is a lot less complex, but can easily adjust to whatever a user needs.

“What we’ve managed to do is make something simple, scalable,” Ivar says.

Community-built: How Unleash’s open-source community coded its Flutter SDK, from the ground up

Roman Kalkowski — Fri, 27 Jan 2023 12:40:38 +0000

Arif Hidayat couldn’t find the front-end SDK he needed to develop mobile apps with Flutter. So he built it himself.

Arif is a software engineer at Bukalapak, an Indonesia-based e-commerce company. Its app is available in multiple app stores. The company recently transitioned to Flutter to develop its apps in tandem, and was looking into compatible feature flag solutions.

“We wanted to check for open source projects that we could use for feature flags,” says Arif. “At the same time we had just migrated to Flutter. We checked if Unleash had an official SDK for us to use.”

Arif’s search had limited success. “There was a server-side Dart SDK that we could use, where we could see all our flags and manipulate them. This is great for our backend, but there wasn’t anything that we could use for our frontend side, on mobile. So we created it ourselves.”

A new library from scratch

Diving into building the app was a learning experience for Arif. “I built the code from scratch. It was a great experience for me, as it was the first time I created a library,” says Arif.

His approach was methodical. “We started out looking at the minimum requirements to implement our own SDK, including what would be needed using Unleash’s proxy with the different app stores. I checked with my engineering manager on where we would need more support, and what that would be. That list became the basis for our approach to coding the SDK,” says Arif.

The process has given Arif a new set of skills. “I think building libraries will be a lot easier for me in the future. I totally want to try again,” Arif laughs.

Throughout, Arif was in touch with the Unleash team. “I reached out to (Community Manager) Pranshu, then (Unleash CTO) Ivar, and we had a discussion about what I had built so far,” shares Arif. “We went over what needed to be implemented to go forward with the SDK. Eventually we passed the SDK to the Unleash team for its final polish.”

Testing out the SDK in the Unleash community

“I searched in GitHub and found that there was a package in development by a writing team. When the first version was published, I immediately jumped on to try it. It worked.”

This is Davide Campagnola, a full-stack developer at Tutored. His company’s main product is an app which helps students and graduates apply for job offers. The traditional way of developing mobile apps was slowing Davide and his team down.

“Every feature was tied to when the app was published. If it didn’t work, it didn’t work,” Davide shares. “We found it difficult to analyze the results of feature changes. It was a problem.”

The team wanted a better understanding of its users. “If people stopped applying, it was difficult to see why. Even if we did know why and wanted to switch off a feature, it could take days to get approval from the app stores. This was painful.”

Because Tutored’s app is available in both iOS and Google Play, the company uses Flutter to build its mobile app.

“We had seen earlier that feature flags were a good way to test new features,” Davide shares. “So we contacted Unleash about a Flutter SDK, and were one of the first users to try out the new SDK when it was published. This was two months ago.”

Davide was really happy with the results. “With the Flutter SDK, I can test new features. We can publish an app as soon as possible, even on Fridays!” Davide laughs.

With the ability to use Flutter with Unleash, Davide and his team can experience the full benefits of feature management, including experimentation.

“Once published, we can check if a feature is working, which is really cool,” says Davide. “We can also experiment because all our flags are sent to an analytics service. We’re now able to know what changes once a flag is active, and if our audience applies to more job postings as a result.”

Through pairing Unleash with Flutter, Davide’s company found a new way of developing software. “This is an approach that we never did before,” says Davide.

Building on a strong base

The Flutter SDK is new, and Davide has ideas on how it could be even better.

“What we’d like from the Flutter SDK is a more reactive approach,” says Davide. “Right now you have a new widget that is built every time a flag changes. We know it’s possible to make it more synchronous because that’s how the JavaScript SDK functions. So there definitely are improvements, but we’re really happy with the Flutter SDK as it is today.”

Arif agrees, and is eager to contribute to the future of Unleash’s Flutter SDK. He has ideas on where he’d like to start.

“The SDK is never done,” says Arif. “ We’re still improving it. One thing we’d like to do, for example, is create a widget so we don’t need to create a grid for another region to use the SDK. Or a builder that would synchronously update a flag. We also have some plans for implementing more analysis functions.”

Now that the Flutter SDK is available, Davide’s team has seen tremendous results. “I don’t know if I can estimate how much time we’re saving, but it’s really a lot,’ Davide says. “Releasing in a more controlled way with rollouts and kill switches is a huge change. It transforms your entire development approach.” ** **

“For us, the Flutter SDK has saved us a lot of time because we can do partial releases of features,” says Arif. “We have a real store and we’re an eCommerce company. And it’s really helpful to test out a release with say, 100 people, before releasing it to everyone else. I could easily say this saves at least one or two months of work.”

How To Implement Trunk-Based Development? A Practical Guide

Roman Kalkowski — Thu, 05 Jan 2023 08:00:51 +0000

Trunk-Based Development is one of the most effective approaches in software development and can be a first step towards making the switch to feature management. Read this article to learn what it is and how it differs from how most engineering teams work.

Why the standard approach to the software development process doesn’t work

Before we explain Trunk-Based Development, let’s look at the standard approach typical for most development teams.

So, each developer creates a new branch for each recent change or feature. Then, when their component is completed and tested, it is merged with another branch of a lower environment (for example, dev or QA).

So, most of the time, the developer works on a small part belonging to a larger whole, and changes in the branch do not affect other developers on the team. Only after time is his code merged upwards and then into the repository’s main branch to deploy a new, bigger production release. This approach is called branch-based development or branching strategy.

Unfortunately, this way is usually inefficient, time-consuming, and expensive. It takes a long time to make each change, which can leave customers or users unsatisfied. What’s more, any bug in an application can cause significant downtime, and undoing the changes made is a complicated, risky and costly process.

Does software development have to be long and expensive?

As you can see, the abovementioned process can be inefficient and slow down the entire software development process. Fortunately, another approach allows you to develop software faster, more efficiently, and cheaper. And now, of course, we’re talking about Trunk-Based Development.

What is Trunk-Based Development?

In short, Trunk Based Development (TBD) is a software development process that involves a development team working in small batches and merging their work into one main trunk.

The name comes from the concept of a growing tree, where the thickest and longest element is the trunk (master), from which thinner and shorter branches develop. The method involves delivering small changes and fixes that, when completed, go straight back to the master. It means that releases come directly from the master branch. In this practice, the IT team tries not to create branches or maintain them for a maximum of one day. At the end of each day, work from all team members is merged into the main branch, which is merged upward.

With this method, developers don’t waste time and energy on tiresome code merges or broken builds, and the code can be continuously improved. And what about the code quality? Well, adding automated tests and test code coverage metrics to the Continuous Integration process ensures that incoming changes have high-quality assurance.

Key benefits of using trunk-based development

Trunk-Based Development is a prevalent method that has many followers around the world. What is its phenomenon? Here are the most important benefits of this practice:

Adding changes quickly and efficiently

The trunk-based branching strategy continuously merges changes into the main branch. There are no long-lived feature branches to maintain and resolve conflicts. By implementing small changes, development teams avoid the risk of unexpected bugs or integration issues. Software developers can focus on creating code rather than making merges and fixing bugs.

Easily deploying new software versions

Trunk-Based Development is a method that works well not only for implementing small changes. When the IT team works on new software versions, they are also developed from the trunk, and different versions on environments can be deployed at will. Importantly, you don’t have to switch changes between branches to deploy new code to production.

Smaller and easier Code Review

Small changes are more accessible for code review. When you follow this practice, only a few or a dozen files are changed in the code. As a result, the development team can focus more on the code, identify bugs faster, and easily improve code readability.

One codebase for testing

When working in a Trunk-Based Development model, developers typically work on one software codebase, which is tested and deployed to production. New ones can be turned on or off using so-called Feature Toggles or Feature Flags, still based on a single code base. With this approach, the team can minimize the number of test environments and focus on only one or a few of the most stable ones.

Ability to introduce a CI/CD process

In a trunk development model, you can easily introduce a fast software release cycle through a Continuous Integration (CI) and Continuous Deployment (CD) process.

After the changes are sent to the main branch, automated and quality tests will follow, and the application can be deployed to the test environment. In the next step, the development team can decide to deploy the changes or automatically send them to production. If you want to opt for the second option, you must remember to provide an easy and fast process for rolling back changes.

Increase speed and frequency of delivery

With a strategy based on small continuous deployments, the clients or users do not have to wait long for the changes they need. The development team can regularly deploy new updates without creating large, complicated ones.

What’s more, if you’re not sure if users will well receive the changes, you can make them available to selected customers for early feedback. If the changes don’t work out, you can quickly withdraw them.

Implementing Trunk-Based Development – best practices

What can you do to ensure your trunk development implementation achieves the best results? Here are some proven practices that will bring you the most important benefits.

Implement automation

First of all, you should implement automation wherever it is possible and effective. It can involve software development, testing, and deployment. This approach will allow your team to perform fast and efficient iterations, minimizing the risk of damage to the main branch.

Use pair programming or mob programming

In Trunk-Based Development, code review should be done immediately. Moreover, automated testing will not always ensure good quality code, so it is worth using techniques such as pair programming or mob programming to improve team communication and allow real-time code review. The benefits of these solutions are great, as they not only affect the quality of the code, but also help integrate the team and enable the valuable exchange of knowledge. The last one is especially important if you have juniors on your team.

Try a feature flags management tool

Feature management is a technique for managing the feature development and testing process. It allows you to gradually release changes or new features to selected user segments before the entire software is deployed. The practice applies a technique called feature flags that enables IT teams to wrap new changes or features in an inactive code path and activate them at any moment.

To make this process as easy as possible, it’s worth using off-the-shelffeature management software such as Unleash. This tool allows you to experiment with features and A/B tests to determine which version best meets users’ expectations. Moreover, the platform also enables continuous deployment of microservices, so developers can combine testing with feature deployment.

All features are deployed without affecting the stability of the software, and your team can easily roll back any feature without affecting the rest of the software and without risking damage to the code in production.

Make code development even more efficient

Trunk-Based Development (TBD) is a well-known and efficient method used by technology giants such as Facebook, Google, and Netflix. According to theAccelerate State of DevOps 2021 report published by Google: high-performing organizations are more likely to have implemented trunk-based Development.

However, for this method to bring the best benefits to your company, you must ensure that you follow best practices.

If you want to make code development and change management even more efficient – try Unleash. Our simple and intuitive platform lets you choose which users have which features. You can use multi-variant toggle flags across multiple environments, applications, and services.

To use feature toggles, all you have to do is toggle them on (on) or off (off) with the toggle switch. What’s more, you can enable the feature for specific groups of users, such as users with specific IP addresses, hostnames, and others.

Don’t wait and check out our feature management tool today.

Top 10 DevOps Trends for 2023

Roman Kalkowski — Tue, 03 Jan 2023 09:00:00 +0000

DevOps is a set of practices that emphasizes collaboration and communication between teams involved in the software development process. By using tools like automation, continuous integration, and monitoring, DevOps aims to improve the speed and efficiency of software development by bringing together people, processes, and technology.

In recent years, organizations using DevOps principles and practices are seeing improvements in the overall efficiency and effectiveness of their organization.

If you’re looking to make cool things happen in your organization—and we think you are—here are ten 2023 DevOps trends you should pay attention to.

1: Scaling up smartly

Need safety and speed? This trend focuses on ensuring that scaling up applications and infrastructure does not come at the expense of security or stability.

Scaling up smartly allows for businesses to increase their overall load capacity without having to sacrifice their system’s performance or stability. It helps organizations reduce costs associated with application development, maintenance, and deployment while also maintaining a high level of security standards throughout the entire process.

2: Bringing speed to heavily regulated industries

Bringing speed to heavily regulated industries is a key trend for 2023. With traditional models struggling to keep up with the increasing workloads, businesses are trying to find new ways to optimize their processes while still adhering to strict regulations. By introducing automated systems and better tracking mechanisms, companies will be able to accelerate their progress while staying compliant.

3: Taking clouds private

As the world of DevOps continues to evolve, private clouds have emerged as an important trend that businesses should prepare for. Once known as single-tenant clouds, private clouds are the key for companies looking to modernize without sacrificing security.

Companies can use private clouds to take advantage of traditional cloud features such as automated scalability, massive storage capabilities, real-time analytics, and data processing–all without having to manage their own hardware or infrastructure.

4: Transforming DevOps with Artificial intelligence (AI)

The fourth trend to look out for in 2023 is the integration of Artificial Intelligence (AI) into DevOps. From automation to predictive maintenance, AI is transforming the way businesses operate today.

AI allows developers and operations teams to concentrate their efforts on more strategic initiatives with greater precision and agility. There’s also tremendous potential for streamlining processes within an organization while enabling faster development cycles and better product releases.

5: CI/CD as a time saver

The fifth trend to look out for in 2023 is known as Continuous Integration, Continuous Delivery, and Continuous Deployment (CI/CD). This process involves automatically building a product after every code change and then testing those changes to ensure that the entire system is working correctly.

It also ensures that all the components of the product are properly tested before they are released into production. CI/CD tools can drastically reduce the time it takes for a product to be built and deployed, allowing companies to move faster when launching new features or fixing existing problems.

6: From monolith to microservices

As we look ahead to 2023, microservices are set to be a key development in how companies create their technology infrastructure. A microservice architecture breaks up complex applications into smaller, independent components that can be developed and deployed independently from one another.

In comparison with traditional monolithic architectures, microservices offer increased agility and faster time-to-market for new features or products.

7: The GitOps influence

GitOps is a DevOps practice that has been gaining popularity into 2023. It combines version control with infrastructure as code and automation to enable rapid and secure deployment of applications. With this method, teams can speed up the production environment by deploying applications quickly and reliably using git-based workflow pipelines. This allows them to track changes, collaborate more effectively, and ensure compliance with organizational policies.

By investing in this technology, businesses can benefit from improved collaboration between development and operations teams, faster deployments, simplified rollbacks for errors, and greater transparency about software changes across the organization. The adoption of GitOps is likely to become one of the most significant DevOps trends over the next several years due to its effectiveness in managing complex environments.

8: Front to back security with DevSecOps

DevSecOps is an approach to software development that integrates security into the development process from the very beginning. It aims to shift security left, meaning that security considerations are taken into account from the earliest stages of the development process, rather than being an afterthought.

Overall, DevSecOps aims to improve the security and reliability of software by integrating security into the development process and making it an integral part of the culture and practices of the development and operations teams. As DevSecOps becomes more widely adopted, its impact on DevOps practices for 2023 will be significant.

9: The speed and agility of low code application

Low code application has emerged as one of the most sought-after DevOps trends for 2023. This technology enables developers to create applications quickly and efficiently without having to write complex code. It also helps traditional software development teams transition from monolithic architectures to microservices. This allows them to manage services independently while unifying them with common infrastructure and management tools. Low code application technology reduces development time, increases agility, and provides an intuitive development experience.

10: Improving response time with observability

Observability has become an increasingly important DevOps practice, and is set to remain a key trend in the coming years. It is a critical aspect of the development and operation of software systems, as it enables development and operations teams to identify and resolve issues quickly and effectively.

Observability in DevOps involves the use of monitoring, logging, and tracing tools and practices to understand the behavior and performance of a system. This includes tracking metrics such as response times, error rates, and resource utilization, as well as collecting logs and traces of system activity.

By using observability tools and practices, teams can identify issues and anomalies in a system and take corrective action to prevent problems from occurring or worsening. This can help to improve the reliability and performance of a system, as well as the overall quality of the software.

Conclusion

As DevOps trends of 2023 take shape, it’s important to understand the new capabilities available and how they can be leveraged to your advantage. By understanding how these trends may affect your long-term strategy, you can focus your efforts, empower your DevOps team, and advance your organization in this ever-evolving landscape.

Unleash x Statsig: Analytics and Insights for Every Feature Toggle

Roman Kalkowski — Wed, 14 Dec 2022 15:56:39 +0000

Unleash and Statsig come together to provide a birds eye view to every feature toggle. Use the connector and unlock deep Analytics and Insights with Statsig.

What is Statsig?

Statsig is a modern product observability platform built on experimentation and feature management. Statsig goes beyond measuring events and clicks, and empowers teams to easily see which feature releases drive core business metrics.

What is Unleash?

Unleash is an open-source feature management solution that gives teams full control of how and when they enable new functionality for end users. Unleash lets teams ship code to production in smaller releases whenever they want—increasing developer efficiency and overall speed.

We’re flexible, which means developers like you are able to quickly examine, use, and modify our code to suit your needs. We see this play out when our users around the world download and install Unleash in a huge variety of infrastructure environments everyday. We love aspects of our open source like extensibility, and how our users are not bound or dependent on the limitations of our code. A large part of how we get there is data.

When you use Unleash to gradually roll out a feature to your users–or in a canary, or to a smaller group of users in a strategy–it often means you want to collect data through a feature flag. While you report and experiment on the data, you need an element of observability throughout the experiment.

An example of Unleash Rollout, showing 90% Rollout success

Analytics for users under the rollout on Statsig.

With Statsig, every time you add a feature toggle in Unleash, you can power it up with data analytics.

To try out Statsig, just sign up for a Statsig account athttp://www.statsig.com/signup. It’s free to sign up and comes with 5 million free events each month.

How Analytics work on Statsig

It is easy to setup Statsig and pretty easy to use:

After logging in, turn on “impression data” and log the impression event to Statsig using thestatsig-unleash-connector. You can now use the connector to log any analytics events like “sign_up” and “purchase” to your Statsig project, and you will be able to see metric lifts on these events across all of your features with impression data. Make sure to read up more about how to use the connector here.

Here’s an example of how the setup looks like to get analytics for a 50% gradual rollout feature toggle in Unleash and Statsig:

Test toggle on Unleash with fifty percent rollout

Unleash Test toggle working in sync with Statsig to share insights into the product.

Want to see Statsig in action in connection with Unleash? Join us at the Dev Hangout with Statsig Engineer and Product Manager. Get an overview of the connector and learn how to get the most out of the Statsig-Unleash integration.

Unleash brings powerful Constraints feature to OSS users

Roman Kalkowski — Tue, 04 Oct 2022 13:41:36 +0000

Unleash is the largest open-source feature flagging solution on Github, that gives developers greater control over how to deploy new features. There are 12 official client and server SDKs and 10+ community SDKs available for greater flexibility and control over data and feature management deployment.

One of Unleash’s most requested Enterprise features is now available to all users.

You spoke, we listened: Available now, all open-source users of Unleash who upgrade to version 4.16 will get access to strategy constraints and custom context fields.

Add strategy constraints to your Unleash today

What are Strategy Constraints?

Strategy constraints give you granular control over who gets to see a specific feature by adding preconditions to one of your activation strategies. You can add preconditions for any Unleash context field. As of version 4.16, Unleash supports 15 different constraint operators, fine-tuned for a number of use cases.

Here’s an example: A gradual rollout strategy could target 50% of a user base. But what if you want to only target users with a company email? For that, you’ll need strategy constraints.

Quickly schedule feature releases and feature availability windows. Target feature rollout to users based on variables like region or email address domain. Generate user demand with time-limited feature releases. There are a ton of ways to use strategy constraints, and this is only scratching the surface.

Any strategy on any feature can have as many strategy constraints as you want. Note that when a strategy is evaluated, all strategy constraints must be met for the strategy to pass.

You’ll find that, in most cases, strategy constraints replace the need for custom activation strategies. This means that you no longer need to define custom strategies, then implement them across your SDKs.

How do I use strategy constraints?

Note: Before creating strategy constraints, you’ll need to set up a feature toggle in Unleash, then give it an activation strategy.

Open the constraints menu
Find and select the edit strategy button on the strategy you are working with.

Click the "add constraint" button to open the constraints menu.

Add and configure the constraint

From the "Context Field" dropdown, select the context field you would like to constrain the strategy on. Choose a constraint operator.
Define the values to use for this constraint. The operator you select determines whether you can define one or multiple values and what format they can have.
Save the constraint, then save the strategy.

If you want to update an existing constraint, find the constraint in the edit strategy screen and use the constraint’s edit button.

Because strategy constraints use Unleash context fields, make sure you pass the relevant context to your client SDK. Read more in the SDK section of our the SDK section of the strategy constraints documentation.

Strategy constraints are available today to all version 4.16 open source users

While strategy constraints are now free to all users, you won’t have access to the feature unless you upgrade to version 4.16. For users with versions 4.0 and above, you can grab the latest version from the Docker hub. Users of earlier versions should reference our migration guide before upgrading.

Feel free to play around first! Try out our demo instance to get a quick taste of what strategy constraints can do.

In the mood to dig around? Visit Unleash on GitHub to check out the strategy constraints source code.

Want to try out strategy constraints?

Unleash 4.14: User groups and the playground

Roman Kalkowski — Fri, 05 Aug 2022 11:36:00 +0000

Unleash 4.13 introduced the long-awaited segmentation feature, letting you split your users into any number of groups. Unleash 4.14 introduces another feature we’ve heard a lot about, plus a brand, spanking new feature we’re really excited about! And as always, you’ll also find the usual small fixes and improvements everywhere. So let’s get to it!

👩‍👩‍👧‍👦 User groups
If you have a ton of users in Unleash and it feels like organizing them is becoming a chore, we have a great solution for you – Groups! And it’s out in 4.14 for enterprise users.

A group is a collection of users that lets you manage the Unleash access rights of all the group members in a single shot.

Managing access rights with groups is exactly the same as managing access rights with users, except you can now add the entire group to a project instead of having to add each user one by one.

Once you’ve added access for your groups to the projects that you want, each time you add a new user to that group, permissions will automatically sync and those users will have new permissions to do what they need to do right away!

But sometimes it’s easier to show rather than tell, so check out this video demo for a real use case for groups:

🧸 The playground

Ever wanted a way to test your feature toggle configuration and then found out you’d have to wire up a client SDK? That feels like a lot of work, right? Yeah, we think so too. So we’re very excited to announce the Unleash playground, available in the admin UI from version 4.14 onwards!

The playground lets you test an Unleash context against a set of feature toggles and shows you which toggles would be enabled with that context. You also get to see which variant you’d get if the feature toggle has variants. In essence, you can now test new feature toggle configurations directly from the admin UI instead of wiring up an external application or making an API call. How neat!

This first version only shows you how the toggles resolve, but not necessarily why they resolve the way they do. But stay tuned! There’s more updates coming this way pretty soon!

🍬 Other treats

As always, there’s a lot cooking here at the Unleash HQ, so there’s too many small improvements to mention, but our new OpenAPI specs are worth a brief mention:

We’ve also been working a lot on our OpenAPI documentation for the past few months, and as of 4.14, we’ve covered all the endpoints in the open-source version of Unleash. There’s still a few pro and enterprise endpoints underway, but they’re coming! And this is just a first iteration: there are some exciting improvements coming! If you want to enable the OpenAPI endpoint and the Swagger interface for yourself, have a look at the how to enable OpenAPI and Swagger guide we wrote.

Well, then: until next time!

SOC 2 Type II compliance achieved by Unleash

Roman Kalkowski — Wed, 13 Jul 2022 08:58:22 +0000

We proudly announce that our company Bricks Software AS achieved SOC 2 Type II compliance in accordance with American Institute of Certified Public Accountants (AICPA) standards for SOC for Service Organizations also known as SSAE 18.

Achieving this standard with an unqualified opinion serves as third-party industry validation that our company provides enterprise-level security for customer’s data secured in the Unleash platform.

Here is Bricks Software AS’s security & compliance principles guide how we deliver our products and services, enabling people to simply and securely access the digital world.

Secure Personnel

Bricks Software AS takes the security of its data and that of its clients and customers seriously and ensures that only vetted personnel are given access to their resources.

All Bricks Software AS contractors and employees undergo background checks prior to being engaged or employed by us in accordance with local laws and industry best practices.
Confidentiality or other types of Non-Disclosure Agreements (NDAs) are signed by all employees, contractors, and others who have a need to access sensitive or internal information.
We embed the culture of security into our business by conducting employee security training & testing using current and emerging techniques and attack vectors.

Secure Development

All development projects at Bricks Software AS, including on-premises software products, support services, and our own Digital Identity Cloud offerings follow secure development lifecycle principles.
All development of new products, tools, and services, and major changes to existing ones, undergo a design review to ensure security requirements are incorporated into proposed development.
All team members that are regularly involved in any system development undergo annual secure development training in coding or scripting languages that they work with as well as any other relevant training.
Software development is conducted in line with OWASP Top 10 recommendations for web application security.

Secure Testing

Bricks Software AS deploys third-party penetration testing and vulnerability scanning of all production and Internet-facing systems on a regular basis.

All new systems and services are scanned prior to being deployed to production.
We perform penetration testing both by internal security engineers and external penetration testing companies on new systems and products or major changes to existing systems, services, and products to ensure a comprehensive and real-world view of our products & environment from multiple perspectives.
We perform static and dynamic software application security testing of all code, including open source libraries, as part of our software development process.

Cloud Security

Bricks Software AS Cloud provides maximum security with complete customer isolation in a modern, multi-tenant cloud architecture.
Bricks Software AS Cloud leverages the native physical and network security features of the cloud service, and relies on the providers to maintain the infrastructure, services, and physical access policies and procedures.

All customer cloud environments and data are isolated using Bricks Software AS’s patented isolation approach. Each customer environment is stored within a dedicated trust zone to prevent any accidental or malicious co-mingling.
All data is also encrypted at rest and in transmission to prevent any unauthorized access and prevent data breaches. Our entire platform is also continuously monitored by dedicated, highly trained Bricks Software AS experts.
We separate each customer’s data and our own, utilizing unique encryption keys to ensure data is protected and isolated.
Client’s data protection complies with SOC 2 standards to encrypt data in transit and at rest, ensuring customer and company data and sensitive information is protected at all times.
We implement role-based access controls and the principles of least privileged access, and
review revoke access as needed.

Compliance

Bricks Software AS is committed to providing secure products and services to safely and easily manage billions of digital identities across the globe. Our external certifications provide independent assurance of Bricks Software AS’s dedication to protecting our customers by
regularly assessing and validating the protections and effective security practices Bricks Software AS has in place.

SOC 2 Type 2

Bricks Software AS successfully completed the AICPA Service Organization Control (SOC) 2 Type II audit. The audit confirms that Bricks Software AS’s information security practices, policies, procedures, and operations meet the SOC 2 standards for security.

Bricks Software AS was audited by Prescient Assurance, a leader in security and compliance certifications for B2B, SAAS companies worldwide. Prescient Assurance is a registered public accounting in the US and Canada and provide risk management and assurance services which includes but not limited to SOC 2, PCI, ISO, NIST, GDPR, CCPA, HIPAA, CSA STAR etc.

An unqualified opinion on a SOC 2 Type II audit report demonstrates to the Bricks Software AS’s current and future customers that they manage their data with the highest standard of security and compliance.

Customers and prospects can request access to the audit report here.

How we use analytics as a privacy focused OSS company

Roman Kalkowski — Fri, 08 Jul 2022 09:01:59 +0000

TLDR: Privacy is really important for us at Unleash. Here you will find the full story on how we ended up with an analytics solution that does not collect personal data and has very short retention. Whenever we evaluate a new feature at Unleash, we always start with one question. How does this fit with our values? This question is powerful. It can quickly qualify or disqualify a feature from consideration, putting some amount of work in an explore further bucket and some amount of work in a forget about it bucket.

When it comes to analytics, this has been a very difficult question. On one hand, as a team who cares deeply about their product, we feel the need to become more data-driven in our approach. For example, where to prioritize our efforts, how to figure out what features are being used the most in our product, which screen should we revamp next, and should we even care about mobile for a developer-centric product? As a small team, getting some breadcrumbs on where to focus next, or perhaps more importantly — which questions we should ask — can be very valuable.

On the other hand, we pride ourselves on being a very privacy-focused company. Our product core is open source, which means that you can copy, use and even enhance our code with your own modifications to get the version of Unleash that works best for your use case. This also means that you can self-host unleash and take full control of your data. However, if you don’t want to manage your own instance and instead opt for our SaaS platform — you can rest assured that unleash is architected in such a way that your domain data never leaves your application. We never see any of your data, because all feature toggle evaluation happens locally in the SDKs.

I’m not going to lie. Reconciling our needs with our values has been a challenging effort. We live in n a world where privacy is becoming more and more important, as evidenced by a significant amount of major breaches, and misuse of data in terms of swaying voter opinion in democratic elections.

It’s becoming increasingly obvious that data needs to be protected. For companies, data can represent critical business functions, information about customer relationships, or proprietary information. For the regular consumer, data is deeply personal. It’s about who you are, what your habits are, who in your life is important and what you care about. If we allow bad actors access to this information the consequences for both companies and consumers can be significant. As a SaaS vendor, it’s our responsibility to take these concerns into account when making decisions. It’s unacceptable to compromise on our own values to gain an advantage, which is why this is a decision we have not made lightly.

With this in mind, are there any analytics alternatives that can satisfy these strict requirements? Considering that France, Austria and Netherlands banning google analytics for GDPR violations it’s obvious that traditional analytics providers should deliver higher privacy standards.

How can we make sure that we don’t collect personal data, while still gaining some actionable information about the usage of our SaaS platform?

After evaluating multiple vendors, we eventually landed on Plausible. Here are some of the reasons why we chose this vendor:

The product is open source, allowing us to self-host Plausible.
No personal data is collected - Plausible does not track and store any PII
No tracking across devices
Data is aggregate only
Data is only scoped to a single day
Minimized data collection
Minimal footprint (<1kb)

These reasons and the ease of use of this product have made an otherwise hard decision a lot easier. The fact that options like Plausible are growing reflects the shift in the industry towards a privacy-first approach, and we believe that we will continue to see increased attention to this area in the future. We are proud to be a part of preserving the privacy of companies and individuals on the internet, and celebrating tools like Plausible which enable actionable insights for companies like ours without compromising our core values.

If you have any questions regarding our integration with Plausible, or what kind of data we collect in our SaaS platform, feel free to reach out to us on slack or social media to keep this discussion going! #privacyfirst

Your documentation is a product too

Roman Kalkowski — Thu, 07 Jul 2022 15:09:00 +0000

It's a strange thing, product documentation. Everyone agrees that it's important, and yet it's often seen as a chore that no one wants to do. In smaller teams – and especially in startups, where getting the product ready and on par with competitors is the prime directive – people often focus on new features. For a developer product, though, where users need to be able to integrate your product into their own code bases, documentation is crucial.

When I joined Unleash, we were getting a lot of feedback saying our docs were lacking: That users couldn't find what they were looking for, that features and configuration options weren't documented, and that the docs were misleading or even plain wrong.

Now, six months later, most of that feedback is gone. This post outlines what I consider to be some of the most important steps we took to address the documentation issue. But while we have made some good strides toward improving the docs, we're not done yet. There's still lots of work to do and we keep working on it every day. But with sustained internal effort and the help of our users and outside contributors, we're steadily improving.

Treating the documentation as a product

As an open-source company we’re all about transparency and sharing what we know. Part of that is also about learning from others in areas where we can improve. Thankfully, we’ve got a few connections that can help us in those areas.

Right about when I started, I had a meeting with Dan McKinney over at Cloudsmith (who have received a lot of praise for their documentation). A very nice meeting in many regards, the most important thing I took away from it was Cloudsmith's attitude towards documentation: treat your docs as a product.

Treating the docs as a product means that you need to prioritize and work on the documentation just as you would any other part of the product: The docs can't just be a byproduct of some other product. They need actual love.

It also means that if you get a user asking a question because they haven't found what they're looking for in the docs, then you have a bug. Yup, documentation bugs. They're a thing now. And as with software bugs: if someone discovers a bug, you create a ticket to fix it. That way you can prioritize the issue, log duplicates, and treat it as any other bug.

If this comes off as strange, ask yourself this one question: who knows what the documentation is missing better than the users, better than the people who can't find what they're looking for? And by taking user input in this way, they actually prioritize it for you! If you work on things people ask about, then you know that you're working on things people are using.

Adopting Diátaxis

As with so many other things, there's no right or wrong way to organize your documentation. But certain ideas do have more merit than others. After looking around a bit, I stumbled upon Daniele Procida's Diátaxis framework.

Diátaxis provides you with 4 distinct kinds (or modes) of documentation and gives you guidelines on how to tell them apart and how to write for them.

We used this framework to restructure our documentation from vague categories such as "user guide" and "advanced" into more clearly labeled "reference guides", "tutorials", "how-tos", and "topic discussions".

In addition to just organization, the Diátaxis framework also provides you with clear guidelines for how to write for each of the documentation kinds. In particular, it expressly tells you what not to write. This has helped us tremendously in avoiding duplication between related topics, which means updates get a lot easier to manage.

What's next?

We can't just stand still. We gotta keep moving and improving. If you want your product to be the best, you better make sure the documentation is up to the task! In addition to keeping everything up to date and documenting new features as they arrive, we also have lots of plans and ideas that we'd like to see come to fruition:

Now that we've (almost) got full OpenAPI support for our APIs, I'd love to see that become integrated into the documentation. I don't know if you've tried, but writing API reference documentation out by hand? Now that is a chore.
Some of the best developer docs out there provide you with ready-to-copy code samples complete with variables that are correct for your use case. As we don't require any sort of authentication for the docs, we can't just grab your details from anywhere, but we can let you enter them yourself and update code samples accordingly.

If you've got any ideas or other input, we would of course love to hear it! Please don't hesitate to reach out to us.