SlideShare a Scribd company logo

Productizing Twilio Applications

Download as PPTX, PDF
Patrick McKenzie
Patrick McKenzie

Patrick McKenzie (patio11) at TwilioConf 2011. Topic is about taking Twilio "beyond the quickstart guides": making applications which are secure, testable, maintainable, and appropriate for running businesses on top of.

Technology
1 of 40
PRODUCTIZING TWILIO APPLICATIONS Patrick McKenzie – Kalzumeus Software
My Business
Twilio Has The Power To Make You… Sob softly at 3 AM in a cold, wet, dar
How could I have avoided that?  Process: Do not push new code to production at 5 PM on Friday night.  Process: Test on staging server first. Fail the deploy if core features do not work as expected.  Tech: Switch to idempotent queues.  Tech: How about we don‟t call the same person 50 times in five minutes?  Tech: Activity spike 500x historical max = Shut. Down. Everything.
Testing Twilio Apps
Testing Pitfalls With Twilio  Testing is dangerous  Testing trivial changes often requires manual work  Your view code (Twiml) will frequently blow up business logic  Poor separation of concerns between model, view, controller, Twilio libraries, and Twilio API. Many classes of bugs not exercised by automated testing
Treat All Guns As Loaded
What To Test  Business logic, business logic, business logic  Scheduling calls / SMSes per business rules  Call flow  Am I calling Twilio API the way Twilio expects?  Twimllooks OK?  Parameters for requests passed correctly?  Does stuff actually work?
Don‟t Contact Twilio In Tests  Makes tests slow  Potentially dangerous  Bought numbers in unit test. Twilio.revenue += 340  Hurts reproducability  Instead, record and playback (VCR gem, etc)  NotRuby? Use Twilio API explorer, copy/paste response to mock.
Use localtunnel in development  Quicker than “FTP new version to site”  Won‟t break stuff for real customers
Staging Servers Are Required  Staging = Production – Customers  “Same” hardware, configurations, etc, different Twilio numbers  Ban the Internet (except Twilio) from servers  Strongly recommend no real data in staging DB  Staging servers good for automated test calls
Staging Servers Protect Production  Prior to pushing to production, push to staging.  Run a script to automatically drive website and telephone, verifying that stuff actually works.  Fail deploy to production if anything goes wrong.  Adds ~5 minutes to a deploy, will save you outages, catastrophic blowups, and your sanity.
Modeling Calls
“How Do We Do A Call Tree?”
“How Do We Do A Call Tree?”
Case Statements Considered Harmful  Easy to introduce subtle bugs  Very difficult to test  Requires manual testing (with a phone !?)  Tightly couples business logic w/ Twilio  Hard to maintain  Adding menu item => stuff breaks  Change a number => stuff breaks  Restructure flow => stuff breaks
A Better Way
You‟ll Appreciate This Later
What To Use State Machines For?  Call flows  Business logic testable (in model)  Forces similar organization on model, view, controller, and vocal assets  SMS flows  Necessity for contact in the first place  Avoid easiest catastrophic failure mode with Twilio
Specifics To Modeling Calls  Each call gets a DB/model object  Model tracks call state  Set state to “processing” prior to initiating call (or at entrance to Twilio script for inbound)  Then, transition based on input, using each transition to:  trigger side-effects (updating DB, etc)  present user with view state (voice, etc)
Answering Machines
Twilio‟s IfMachine = Continue  Wait until call recipient says something  If they don‟t say something, must be a machine.  If they do say something, maybe still a machine?  Error rates ~20% in my limited experience
Problems With IfMachine=Continue  “I tried a test call to myself and it never started talking. I‟m concerned my customers would hang up before my message plays.”  If you don‟t pick up beep correctly, first several seconds of message does not get recorded.  “My customers hit 1 and nothing happens.”
Other Options (Not Answers)  Give machines/humans the same message.  Give machines/humans the same message, but force a keypress (“1”) prior to talking. This coerces most answering machines/voicemails into starting recording, even early.  “This is an automated message from Your Company Here. Press 1 to hear your message.” <Gather> their input. If input, play human message. If none, play answering machine message.
Be Careful With Answering Machines Hit 5 To Confirm Your Appointment
Be Careful With Answering Machines Message Erased
This Is A Real Problem
This Is A Real Problem We are that stupid.
Security
Check Your Application For…  Application security issues  Unintended information disclosure  Catastrophic degradation during failure conditions  The 4Chan Rule
Outgoing Call Security  Educate users regarding proper use.  This will require firing some of them.  Establish per-account, per-destination, and global rate caps. Review manually after triggers.  Have a global “Stop all outgoing calls” button.
Most Important Part of Data Security This call could end up over the PA at
Incoming Call Security  Caller IDs can be spoofed. Do not gate important stuff on them.  “Thanks for calling our automated system. Put in your task code to continue.”  Task code: 4~6 digit random ID. Expires in 1 hour. If possible, flush codes if > 3 failures in a row.  Per-account call-in numbers when feasible. Increases security and cuts down on support costs.
Scaling
One Commodity Server Has…  6 hours per working day  3,600 seconds per hour  ~25 requests per second  ~3 requests per 2 minute phone call 180,000
People Hate Numbers So… Do you need to call all of Little Rock?
Why Rate Limit Then?  Control costs to your business and customer.  Protect customer from crushing their offline processes which are feeding to/from the phones.  “Great that it scales. By the way, can we get an off button? To turn off calls for a few hours?”  “Why do you need an off button?”  “Our operators sometimes get called away from their desks, for meetings and whatnot.”  “Certainly. How many operators do you have?”  “Two.”
Random Advice
Random Grabbag Of Advice  Never contact Twilio in request/response cycle. Queue requests, use worker process.  Fiverr.com for voice actresses. Find one you like, put her on retainer.  Record copious information about errors. Very hard to get individualized “What did your customer do to hear that unspecified „Something broke‟ message?”  Fail closed: default to not making the call.
Thanks For Listening  http://www.kalzumeus.com  patrick@kalzumeus.com  I‟m patio11 on Twitter or HN.  I love talking about this. Feel free to get in touch.

Recommended

Lets have some fun with twilio open tok
Lets have some fun with twilio open tokLets have some fun with twilio open tok
Lets have some fun with twilio open tokmirahman
 
Into In Infrastructure "what I Need"
Into In Infrastructure "what I Need"Into In Infrastructure "what I Need"
Into In Infrastructure "what I Need"egyappassiut
 
How to Get Employees to Really Use New Technology
How to Get Employees to Really Use New TechnologyHow to Get Employees to Really Use New Technology
How to Get Employees to Really Use New TechnologyEMERGE App
 
MyFirmsApp Small Firms Live Product Demo AU
MyFirmsApp Small Firms Live Product Demo AUMyFirmsApp Small Firms Live Product Demo AU
MyFirmsApp Small Firms Live Product Demo AUDaniel Richards
 
Email for Mobile Phones
Email for Mobile PhonesEmail for Mobile Phones
Email for Mobile PhonesVerticalResponse
 
Paul Sokol - Get It Done: Process
Paul Sokol - Get It Done: ProcessPaul Sokol - Get It Done: Process
Paul Sokol - Get It Done: ProcessInfusionsoft
 
Supply Chain Visibility: A Business Case for Automation in Your Supply Chain
Supply Chain Visibility: A Business Case for Automation in Your Supply ChainSupply Chain Visibility: A Business Case for Automation in Your Supply Chain
Supply Chain Visibility: A Business Case for Automation in Your Supply ChainEmily Millard Murphy
 
Pel softlabs
Pel softlabsPel softlabs
Pel softlabsPelsoftlabs
 

Recommended

Lets have some fun with twilio open tok
Lets have some fun with twilio open tokLets have some fun with twilio open tok
Lets have some fun with twilio open tokmirahman
 
Into In Infrastructure "what I Need"
Into In Infrastructure "what I Need"Into In Infrastructure "what I Need"
Into In Infrastructure "what I Need"egyappassiut
 
How to Get Employees to Really Use New Technology
How to Get Employees to Really Use New TechnologyHow to Get Employees to Really Use New Technology
How to Get Employees to Really Use New TechnologyEMERGE App
 
MyFirmsApp Small Firms Live Product Demo AU
MyFirmsApp Small Firms Live Product Demo AUMyFirmsApp Small Firms Live Product Demo AU
MyFirmsApp Small Firms Live Product Demo AUDaniel Richards
 
Email for Mobile Phones
Email for Mobile PhonesEmail for Mobile Phones
Email for Mobile PhonesVerticalResponse
 
Paul Sokol - Get It Done: Process
Paul Sokol - Get It Done: ProcessPaul Sokol - Get It Done: Process
Paul Sokol - Get It Done: ProcessInfusionsoft
 
Supply Chain Visibility: A Business Case for Automation in Your Supply Chain
Supply Chain Visibility: A Business Case for Automation in Your Supply ChainSupply Chain Visibility: A Business Case for Automation in Your Supply Chain
Supply Chain Visibility: A Business Case for Automation in Your Supply ChainEmily Millard Murphy
 
Pel softlabs
Pel softlabsPel softlabs
Pel softlabsPelsoftlabs
 
Software For Underserved Markets
Software For Underserved MarketsSoftware For Underserved Markets
Software For Underserved MarketsPatrick McKenzie
 
Software Businesses On 5 Hours A Week
Software Businesses On 5 Hours A WeekSoftware Businesses On 5 Hours A Week
Software Businesses On 5 Hours A WeekPatrick McKenzie
 
CTIA Keynote - Jeff Lawson - Twilio - Ways of the Software People or the Way ...
CTIA Keynote - Jeff Lawson - Twilio - Ways of the Software People or the Way ...CTIA Keynote - Jeff Lawson - Twilio - Ways of the Software People or the Way ...
CTIA Keynote - Jeff Lawson - Twilio - Ways of the Software People or the Way ...Twilio Inc
 
Scaling Company Values - Twilio - TechWeek 2012
Scaling Company Values - Twilio - TechWeek 2012Scaling Company Values - Twilio - TechWeek 2012
Scaling Company Values - Twilio - TechWeek 2012Twilio Inc
 
Scaling Twilio - Evan Cooke - Twilio Conference 2011
Scaling Twilio - Evan Cooke - Twilio Conference 2011Scaling Twilio - Evan Cooke - Twilio Conference 2011
Scaling Twilio - Evan Cooke - Twilio Conference 2011Twilio Inc
 
Twilio Web Service API for building Voice Applications
Twilio Web Service API for building Voice ApplicationsTwilio Web Service API for building Voice Applications
Twilio Web Service API for building Voice ApplicationsTwilio Inc
 
Twilio Voice Applications with Amazon AWS S3 and EC2
Twilio Voice Applications with Amazon AWS S3 and EC2Twilio Voice Applications with Amazon AWS S3 and EC2
Twilio Voice Applications with Amazon AWS S3 and EC2Twilio Inc
 
How Test Driven Development started the Robot Apocalypse; Lessons learned usi...
How Test Driven Development started the Robot Apocalypse; Lessons learned usi...How Test Driven Development started the Robot Apocalypse; Lessons learned usi...
How Test Driven Development started the Robot Apocalypse; Lessons learned usi...Rudy Jahchan
 
How the Realtime Web is influencing the future of communications
How the Realtime Web is influencing the future of communicationsHow the Realtime Web is influencing the future of communications
How the Realtime Web is influencing the future of communicationsPhil Leggetter
 
Microconf Europe 2013 -- Patrick McKenzie
Microconf Europe 2013 -- Patrick McKenzieMicroconf Europe 2013 -- Patrick McKenzie
Microconf Europe 2013 -- Patrick McKenziePatrick McKenzie
 
Patrick McKenzie Opticon 2014: Advanced A/B Testing
Patrick McKenzie Opticon 2014: Advanced A/B TestingPatrick McKenzie Opticon 2014: Advanced A/B Testing
Patrick McKenzie Opticon 2014: Advanced A/B TestingPatrick McKenzie
 
Conversion Optimization in Practice: BaconBiz 2013
Conversion Optimization in Practice: BaconBiz 2013Conversion Optimization in Practice: BaconBiz 2013
Conversion Optimization in Practice: BaconBiz 2013Patrick McKenzie
 
Deploying Next Gen Systems with Zero Downtime
Deploying Next Gen Systems with Zero DowntimeDeploying Next Gen Systems with Zero Downtime
Deploying Next Gen Systems with Zero DowntimeTwilio Inc
 
Call Tracking with Twilio - Cloudstock 2010
Call Tracking with Twilio - Cloudstock 2010Call Tracking with Twilio - Cloudstock 2010
Call Tracking with Twilio - Cloudstock 2010Twilio Inc
 
Hashtag Aggregation - Tools
Hashtag Aggregation - ToolsHashtag Aggregation - Tools
Hashtag Aggregation - ToolsRoman Zoechlinger
 
Global Phone Numbers: Taking Your App Around The World
Global Phone Numbers: Taking Your App Around The WorldGlobal Phone Numbers: Taking Your App Around The World
Global Phone Numbers: Taking Your App Around The WorldTwilio Inc
 
Influencer Marketing with Klear
Influencer Marketing with KlearInfluencer Marketing with Klear
Influencer Marketing with KlearKlear
 
Best practices of modern marketing & sales for talent acquisition leaders
Best practices of modern marketing & sales for talent acquisition leadersBest practices of modern marketing & sales for talent acquisition leaders
Best practices of modern marketing & sales for talent acquisition leadersFrancois Dufour
 
Pitch Influencer Marketing to your Boss
Pitch Influencer Marketing to your BossPitch Influencer Marketing to your Boss
Pitch Influencer Marketing to your BossKlear
 
Salesforce Integration with Twilio
Salesforce Integration with TwilioSalesforce Integration with Twilio
Salesforce Integration with TwilioPat Patterson
 
Tech campmemphis slides_post_session
Tech campmemphis slides_post_sessionTech campmemphis slides_post_session
Tech campmemphis slides_post_sessionStewart Whaley
 
Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...
Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...
Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...Ron Pierce
 

More Related Content

Viewers also liked

Software For Underserved Markets
Software For Underserved MarketsSoftware For Underserved Markets
Software For Underserved MarketsPatrick McKenzie
 
Software Businesses On 5 Hours A Week
Software Businesses On 5 Hours A WeekSoftware Businesses On 5 Hours A Week
Software Businesses On 5 Hours A WeekPatrick McKenzie
 
CTIA Keynote - Jeff Lawson - Twilio - Ways of the Software People or the Way ...
CTIA Keynote - Jeff Lawson - Twilio - Ways of the Software People or the Way ...CTIA Keynote - Jeff Lawson - Twilio - Ways of the Software People or the Way ...
CTIA Keynote - Jeff Lawson - Twilio - Ways of the Software People or the Way ...Twilio Inc
 
Scaling Company Values - Twilio - TechWeek 2012
Scaling Company Values - Twilio - TechWeek 2012Scaling Company Values - Twilio - TechWeek 2012
Scaling Company Values - Twilio - TechWeek 2012Twilio Inc
 
Scaling Twilio - Evan Cooke - Twilio Conference 2011
Scaling Twilio - Evan Cooke - Twilio Conference 2011Scaling Twilio - Evan Cooke - Twilio Conference 2011
Scaling Twilio - Evan Cooke - Twilio Conference 2011Twilio Inc
 
Twilio Web Service API for building Voice Applications
Twilio Web Service API for building Voice ApplicationsTwilio Web Service API for building Voice Applications
Twilio Web Service API for building Voice ApplicationsTwilio Inc
 
Twilio Voice Applications with Amazon AWS S3 and EC2
Twilio Voice Applications with Amazon AWS S3 and EC2Twilio Voice Applications with Amazon AWS S3 and EC2
Twilio Voice Applications with Amazon AWS S3 and EC2Twilio Inc
 
How Test Driven Development started the Robot Apocalypse; Lessons learned usi...
How Test Driven Development started the Robot Apocalypse; Lessons learned usi...How Test Driven Development started the Robot Apocalypse; Lessons learned usi...
How Test Driven Development started the Robot Apocalypse; Lessons learned usi...Rudy Jahchan
 
How the Realtime Web is influencing the future of communications
How the Realtime Web is influencing the future of communicationsHow the Realtime Web is influencing the future of communications
How the Realtime Web is influencing the future of communicationsPhil Leggetter
 
Microconf Europe 2013 -- Patrick McKenzie
Microconf Europe 2013 -- Patrick McKenzieMicroconf Europe 2013 -- Patrick McKenzie
Microconf Europe 2013 -- Patrick McKenziePatrick McKenzie
 
Patrick McKenzie Opticon 2014: Advanced A/B Testing
Patrick McKenzie Opticon 2014: Advanced A/B TestingPatrick McKenzie Opticon 2014: Advanced A/B Testing
Patrick McKenzie Opticon 2014: Advanced A/B TestingPatrick McKenzie
 
Conversion Optimization in Practice: BaconBiz 2013
Conversion Optimization in Practice: BaconBiz 2013Conversion Optimization in Practice: BaconBiz 2013
Conversion Optimization in Practice: BaconBiz 2013Patrick McKenzie
 
Deploying Next Gen Systems with Zero Downtime
Deploying Next Gen Systems with Zero DowntimeDeploying Next Gen Systems with Zero Downtime
Deploying Next Gen Systems with Zero DowntimeTwilio Inc
 
Call Tracking with Twilio - Cloudstock 2010
Call Tracking with Twilio - Cloudstock 2010Call Tracking with Twilio - Cloudstock 2010
Call Tracking with Twilio - Cloudstock 2010Twilio Inc
 
Global Phone Numbers: Taking Your App Around The World
Global Phone Numbers: Taking Your App Around The WorldGlobal Phone Numbers: Taking Your App Around The World
Global Phone Numbers: Taking Your App Around The WorldTwilio Inc
 
Influencer Marketing with Klear
Influencer Marketing with KlearInfluencer Marketing with Klear
Influencer Marketing with KlearKlear
 
Best practices of modern marketing & sales for talent acquisition leaders
Best practices of modern marketing & sales for talent acquisition leadersBest practices of modern marketing & sales for talent acquisition leaders
Best practices of modern marketing & sales for talent acquisition leadersFrancois Dufour
 
Pitch Influencer Marketing to your Boss
Pitch Influencer Marketing to your BossPitch Influencer Marketing to your Boss
Pitch Influencer Marketing to your BossKlear
 
Salesforce Integration with Twilio
Salesforce Integration with TwilioSalesforce Integration with Twilio
Salesforce Integration with TwilioPat Patterson
 

Viewers also liked (20)

Software For Underserved Markets
Software For Underserved MarketsSoftware For Underserved Markets
Software For Underserved Markets
 
Software Businesses On 5 Hours A Week
Software Businesses On 5 Hours A WeekSoftware Businesses On 5 Hours A Week
Software Businesses On 5 Hours A Week
 
CTIA Keynote - Jeff Lawson - Twilio - Ways of the Software People or the Way ...
CTIA Keynote - Jeff Lawson - Twilio - Ways of the Software People or the Way ...CTIA Keynote - Jeff Lawson - Twilio - Ways of the Software People or the Way ...
CTIA Keynote - Jeff Lawson - Twilio - Ways of the Software People or the Way ...
 
Scaling Company Values - Twilio - TechWeek 2012
Scaling Company Values - Twilio - TechWeek 2012Scaling Company Values - Twilio - TechWeek 2012
Scaling Company Values - Twilio - TechWeek 2012
 
Scaling Twilio - Evan Cooke - Twilio Conference 2011
Scaling Twilio - Evan Cooke - Twilio Conference 2011Scaling Twilio - Evan Cooke - Twilio Conference 2011
Scaling Twilio - Evan Cooke - Twilio Conference 2011
 
Twilio Web Service API for building Voice Applications
Twilio Web Service API for building Voice ApplicationsTwilio Web Service API for building Voice Applications
Twilio Web Service API for building Voice Applications
 
Twilio Voice Applications with Amazon AWS S3 and EC2
Twilio Voice Applications with Amazon AWS S3 and EC2Twilio Voice Applications with Amazon AWS S3 and EC2
Twilio Voice Applications with Amazon AWS S3 and EC2
 
How Test Driven Development started the Robot Apocalypse; Lessons learned usi...
How Test Driven Development started the Robot Apocalypse; Lessons learned usi...How Test Driven Development started the Robot Apocalypse; Lessons learned usi...
How Test Driven Development started the Robot Apocalypse; Lessons learned usi...
 
How the Realtime Web is influencing the future of communications
How the Realtime Web is influencing the future of communicationsHow the Realtime Web is influencing the future of communications
How the Realtime Web is influencing the future of communications
 
Microconf Europe 2013 -- Patrick McKenzie
Microconf Europe 2013 -- Patrick McKenzieMicroconf Europe 2013 -- Patrick McKenzie
Microconf Europe 2013 -- Patrick McKenzie
 
Patrick McKenzie Opticon 2014: Advanced A/B Testing
Patrick McKenzie Opticon 2014: Advanced A/B TestingPatrick McKenzie Opticon 2014: Advanced A/B Testing
Patrick McKenzie Opticon 2014: Advanced A/B Testing
 
Conversion Optimization in Practice: BaconBiz 2013
Conversion Optimization in Practice: BaconBiz 2013Conversion Optimization in Practice: BaconBiz 2013
Conversion Optimization in Practice: BaconBiz 2013
 
Deploying Next Gen Systems with Zero Downtime
Deploying Next Gen Systems with Zero DowntimeDeploying Next Gen Systems with Zero Downtime
Deploying Next Gen Systems with Zero Downtime
 
Call Tracking with Twilio - Cloudstock 2010
Call Tracking with Twilio - Cloudstock 2010Call Tracking with Twilio - Cloudstock 2010
Call Tracking with Twilio - Cloudstock 2010
 
Hashtag Aggregation - Tools
Hashtag Aggregation - ToolsHashtag Aggregation - Tools
Hashtag Aggregation - Tools
 
Global Phone Numbers: Taking Your App Around The World
Global Phone Numbers: Taking Your App Around The WorldGlobal Phone Numbers: Taking Your App Around The World
Global Phone Numbers: Taking Your App Around The World
 
Influencer Marketing with Klear
Influencer Marketing with KlearInfluencer Marketing with Klear
Influencer Marketing with Klear
 
Best practices of modern marketing & sales for talent acquisition leaders
Best practices of modern marketing & sales for talent acquisition leadersBest practices of modern marketing & sales for talent acquisition leaders
Best practices of modern marketing & sales for talent acquisition leaders
 
Pitch Influencer Marketing to your Boss
Pitch Influencer Marketing to your BossPitch Influencer Marketing to your Boss
Pitch Influencer Marketing to your Boss
 
Salesforce Integration with Twilio
Salesforce Integration with TwilioSalesforce Integration with Twilio
Salesforce Integration with Twilio
 

Similar to Productizing Twilio Applications

Tech campmemphis slides_post_session
Tech campmemphis slides_post_sessionTech campmemphis slides_post_session
Tech campmemphis slides_post_sessionStewart Whaley
 
Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...
Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...
Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...Ron Pierce
 
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012Nick Galbreath
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
 
Flo-Tech E-book-Avoiding Device Failure
Flo-Tech E-book-Avoiding Device FailureFlo-Tech E-book-Avoiding Device Failure
Flo-Tech E-book-Avoiding Device FailureThomas Clifford
 
The on-call survival guide - how to be confident on-call
The on-call survival guide - how to be confident on-call The on-call survival guide - how to be confident on-call
The on-call survival guide - how to be confident on-call Raygun
 
OSMC 2008 | Review of notification methods by Jose Luis Martinez
OSMC 2008 | Review of notification methods by Jose Luis MartinezOSMC 2008 | Review of notification methods by Jose Luis Martinez
OSMC 2008 | Review of notification methods by Jose Luis MartinezNETWAYS
 
The Lean Startup EA edition
The Lean Startup EA editionThe Lean Startup EA edition
The Lean Startup EA editionEric Ries
 
The DevOps Pay Raise: Quantifying Your Value to Move Up the Ladder
The DevOps Pay Raise: Quantifying Your Value to Move Up the LadderThe DevOps Pay Raise: Quantifying Your Value to Move Up the Ladder
The DevOps Pay Raise: Quantifying Your Value to Move Up the Laddertlevey
 
The Lean Startup fbFund Edition
The Lean Startup fbFund EditionThe Lean Startup fbFund Edition
The Lean Startup fbFund EditionEric Ries
 
2600 v02 n10 (october 1985)
2600 v02 n10 (october 1985)2600 v02 n10 (october 1985)
2600 v02 n10 (october 1985)Felipe Prado
 
Operationalizing Machine Learning in the Enterprise
Operationalizing Machine Learning in the EnterpriseOperationalizing Machine Learning in the Enterprise
Operationalizing Machine Learning in the Enterprisemark madsen
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to knowEric Klein
 
ZenAlert, The Thing Care Platform - Why you need it and how it works -
ZenAlert, The Thing Care Platform - Why you need it and how it works -ZenAlert, The Thing Care Platform - Why you need it and how it works -
ZenAlert, The Thing Care Platform - Why you need it and how it works -ZenAlert
 
Breaking the bank : how to really test/annoy financial institutions
Breaking the bank : how to really test/annoy financial institutionsBreaking the bank : how to really test/annoy financial institutions
Breaking the bank : how to really test/annoy financial institutionsSensePost
 
Voice Biometrics automated password_reset
Voice Biometrics automated password_resetVoice Biometrics automated password_reset
Voice Biometrics automated password_resetKunal Grover
 
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your BusinessConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your BusinessConnXus
 
The limits of unit testing by Craig Stuntz
The limits of unit testing by Craig StuntzThe limits of unit testing by Craig Stuntz
The limits of unit testing by Craig StuntzQA or the Highway
 

Similar to Productizing Twilio Applications (20)

Tech campmemphis slides_post_session
Tech campmemphis slides_post_sessionTech campmemphis slides_post_session
Tech campmemphis slides_post_session
 
Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...
Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...
Free Report 16 Critical Questions You Must Ask Before Hiring Any IT Company -...
 
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
Fraud Engineering, from Merchant Risk Council Annual Meeting 2012
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?
 
Flo-Tech E-book-Avoiding Device Failure
Flo-Tech E-book-Avoiding Device FailureFlo-Tech E-book-Avoiding Device Failure
Flo-Tech E-book-Avoiding Device Failure
 
The on-call survival guide - how to be confident on-call
The on-call survival guide - how to be confident on-call The on-call survival guide - how to be confident on-call
The on-call survival guide - how to be confident on-call
 
Dit yvol5iss32
Dit yvol5iss32Dit yvol5iss32
Dit yvol5iss32
 
OSMC 2008 | Review of notification methods by Jose Luis Martinez
OSMC 2008 | Review of notification methods by Jose Luis MartinezOSMC 2008 | Review of notification methods by Jose Luis Martinez
OSMC 2008 | Review of notification methods by Jose Luis Martinez
 
The Lean Startup EA edition
The Lean Startup EA editionThe Lean Startup EA edition
The Lean Startup EA edition
 
The DevOps Pay Raise: Quantifying Your Value to Move Up the Ladder
The DevOps Pay Raise: Quantifying Your Value to Move Up the LadderThe DevOps Pay Raise: Quantifying Your Value to Move Up the Ladder
The DevOps Pay Raise: Quantifying Your Value to Move Up the Ladder
 
The Lean Startup fbFund Edition
The Lean Startup fbFund EditionThe Lean Startup fbFund Edition
The Lean Startup fbFund Edition
 
2600 v02 n10 (october 1985)
2600 v02 n10 (october 1985)2600 v02 n10 (october 1985)
2600 v02 n10 (october 1985)
 
Operationalizing Machine Learning in the Enterprise
Operationalizing Machine Learning in the EnterpriseOperationalizing Machine Learning in the Enterprise
Operationalizing Machine Learning in the Enterprise
 
VoIP Security 101 what you need to know
VoIP Security 101 what you need to knowVoIP Security 101 what you need to know
VoIP Security 101 what you need to know
 
ZenAlert, The Thing Care Platform - Why you need it and how it works -
ZenAlert, The Thing Care Platform - Why you need it and how it works -ZenAlert, The Thing Care Platform - Why you need it and how it works -
ZenAlert, The Thing Care Platform - Why you need it and how it works -
 
Breaking the bank : how to really test/annoy financial institutions
Breaking the bank : how to really test/annoy financial institutionsBreaking the bank : how to really test/annoy financial institutions
Breaking the bank : how to really test/annoy financial institutions
 
Salesdialers Presentation
Salesdialers PresentationSalesdialers Presentation
Salesdialers Presentation
 
Voice Biometrics automated password_reset
Voice Biometrics automated password_resetVoice Biometrics automated password_reset
Voice Biometrics automated password_reset
 
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your BusinessConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business
ConnXus myCBC Webinar Series: Cybersecurity Risks to Your Business
 
The limits of unit testing by Craig Stuntz
The limits of unit testing by Craig StuntzThe limits of unit testing by Craig Stuntz
The limits of unit testing by Craig Stuntz
 

Recently uploaded

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024BookNet Canada
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Strongerpanagenda
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesManik S Magar
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Nikki Chapple
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfpanagenda
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...itnewsafrica
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Mark Goldstein
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityIES VE
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxfnnc6jmgwh
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observabilityitnewsafrica
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...itnewsafrica
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Farhan Tariq
 

Recently uploaded (20)

Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
New from BookNet Canada for 2024: Loan Stars - Tech Forum 2024
 
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better StrongerModern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
Modern Roaming for Notes and Nomad – Cheaper Faster Better Stronger
 
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotesMuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
MuleSoft Online Meetup Group - B2B Crash Course: Release SparkNotes
 
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
Microsoft 365 Copilot: How to boost your productivity with AI – Part one: Ado...
 
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdfSo einfach geht modernes Roaming fuer Notes und Nomad.pdf
So einfach geht modernes Roaming fuer Notes und Nomad.pdf
 
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...Zeshan Sattar- Assessing the skill requirements and industry expectations for...
Zeshan Sattar- Assessing the skill requirements and industry expectations for...
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
Arizona Broadband Policy Past, Present, and Future Presentation 3/25/24
 
Decarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a realityDecarbonising Buildings: Making a net-zero built environment a reality
Decarbonising Buildings: Making a net-zero built environment a reality
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptxGenerative AI - Gitex v1Generative AI - Gitex v1.pptx
Generative AI - Gitex v1Generative AI - Gitex v1.pptx
 
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security ObservabilityGlenn Lazarus- Why Your Observability Strategy Needs Security Observability
Glenn Lazarus- Why Your Observability Strategy Needs Security Observability
 
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
Abdul Kader Baba- Managing Cybersecurity Risks and Compliance Requirements i...
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...Genislab builds better products and faster go-to-market with Lean project man...
Genislab builds better products and faster go-to-market with Lean project man...
 

Productizing Twilio Applications

  • 3. Twilio Has The Power To Make You… Sob softly at 3 AM in a cold, wet, dar
  • 4. How could I have avoided that?  Process: Do not push new code to production at 5 PM on Friday night.  Process: Test on staging server first. Fail the deploy if core features do not work as expected.  Tech: Switch to idempotent queues.  Tech: How about we don‟t call the same person 50 times in five minutes?  Tech: Activity spike 500x historical max = Shut. Down. Everything.
  • 6. Testing Pitfalls With Twilio  Testing is dangerous  Testing trivial changes often requires manual work  Your view code (Twiml) will frequently blow up business logic  Poor separation of concerns between model, view, controller, Twilio libraries, and Twilio API. Many classes of bugs not exercised by automated testing
  • 7. Treat All Guns As Loaded
  • 8. What To Test  Business logic, business logic, business logic  Scheduling calls / SMSes per business rules  Call flow  Am I calling Twilio API the way Twilio expects?  Twimllooks OK?  Parameters for requests passed correctly?  Does stuff actually work?
  • 9. Don‟t Contact Twilio In Tests  Makes tests slow  Potentially dangerous  Bought numbers in unit test. Twilio.revenue += 340  Hurts reproducability  Instead, record and playback (VCR gem, etc)  NotRuby? Use Twilio API explorer, copy/paste response to mock.
  • 10. Use localtunnel in development  Quicker than “FTP new version to site”  Won‟t break stuff for real customers
  • 11. Staging Servers Are Required  Staging = Production – Customers  “Same” hardware, configurations, etc, different Twilio numbers  Ban the Internet (except Twilio) from servers  Strongly recommend no real data in staging DB  Staging servers good for automated test calls
  • 12. Staging Servers Protect Production  Prior to pushing to production, push to staging.  Run a script to automatically drive website and telephone, verifying that stuff actually works.  Fail deploy to production if anything goes wrong.  Adds ~5 minutes to a deploy, will save you outages, catastrophic blowups, and your sanity.
  • 14. “How Do We Do A Call Tree?”
  • 15. “How Do We Do A Call Tree?”
  • 16. Case Statements Considered Harmful  Easy to introduce subtle bugs  Very difficult to test  Requires manual testing (with a phone !?)  Tightly couples business logic w/ Twilio  Hard to maintain  Adding menu item => stuff breaks  Change a number => stuff breaks  Restructure flow => stuff breaks
  • 19. What To Use State Machines For?  Call flows  Business logic testable (in model)  Forces similar organization on model, view, controller, and vocal assets  SMS flows  Necessity for contact in the first place  Avoid easiest catastrophic failure mode with Twilio
  • 20. Specifics To Modeling Calls  Each call gets a DB/model object  Model tracks call state  Set state to “processing” prior to initiating call (or at entrance to Twilio script for inbound)  Then, transition based on input, using each transition to:  trigger side-effects (updating DB, etc)  present user with view state (voice, etc)
  • 22. Twilio‟s IfMachine = Continue  Wait until call recipient says something  If they don‟t say something, must be a machine.  If they do say something, maybe still a machine?  Error rates ~20% in my limited experience
  • 23. Problems With IfMachine=Continue  “I tried a test call to myself and it never started talking. I‟m concerned my customers would hang up before my message plays.”  If you don‟t pick up beep correctly, first several seconds of message does not get recorded.  “My customers hit 1 and nothing happens.”
  • 24. Other Options (Not Answers)  Give machines/humans the same message.  Give machines/humans the same message, but force a keypress (“1”) prior to talking. This coerces most answering machines/voicemails into starting recording, even early.  “This is an automated message from Your Company Here. Press 1 to hear your message.” <Gather> their input. If input, play human message. If none, play answering machine message.
  • 25. Be Careful With Answering Machines Hit 5 To Confirm Your Appointment
  • 26. Be Careful With Answering Machines Message Erased
  • 27. This Is A Real Problem
  • 28. This Is A Real Problem We are that stupid.
  • 30. Check Your Application For…  Application security issues  Unintended information disclosure  Catastrophic degradation during failure conditions  The 4Chan Rule
  • 31. Outgoing Call Security  Educate users regarding proper use.  This will require firing some of them.  Establish per-account, per-destination, and global rate caps. Review manually after triggers.  Have a global “Stop all outgoing calls” button.
  • 32. Most Important Part of Data Security This call could end up over the PA at
  • 33. Incoming Call Security  Caller IDs can be spoofed. Do not gate important stuff on them.  “Thanks for calling our automated system. Put in your task code to continue.”  Task code: 4~6 digit random ID. Expires in 1 hour. If possible, flush codes if > 3 failures in a row.  Per-account call-in numbers when feasible. Increases security and cuts down on support costs.
  • 35. One Commodity Server Has…  6 hours per working day  3,600 seconds per hour  ~25 requests per second  ~3 requests per 2 minute phone call 180,000
  • 36. People Hate Numbers So… Do you need to call all of Little Rock?
  • 37. Why Rate Limit Then?  Control costs to your business and customer.  Protect customer from crushing their offline processes which are feeding to/from the phones.  “Great that it scales. By the way, can we get an off button? To turn off calls for a few hours?”  “Why do you need an off button?”  “Our operators sometimes get called away from their desks, for meetings and whatnot.”  “Certainly. How many operators do you have?”  “Two.”
  • 39. Random Grabbag Of Advice  Never contact Twilio in request/response cycle. Queue requests, use worker process.  Fiverr.com for voice actresses. Find one you like, put her on retainer.  Record copious information about errors. Very hard to get individualized “What did your customer do to hear that unspecified „Something broke‟ message?”  Fail closed: default to not making the call.
  • 40. Thanks For Listening  http://www.kalzumeus.com  patrick@kalzumeus.com  I‟m patio11 on Twitter or HN.  I love talking about this. Feel free to get in touch.