89. Dealing with Third Party Software

November 20, 2018

On today’s show we are going to be talking about the software we didn’t write and using third party services. We are developers and we do not like writing software — so why is that? The only thing better than deleting code is just not writing it in the first place. We have third party defenses that we always install, like using our package managers. But sometimes, that’s not enough. Sometimes you need a little more muscle! So inside today’s episode we are talking all about third party services, why it’s helpful to have them, why it’s not always better reinventing the wheel, as well as some of the pain points of using third party services. Keep listening to hear more!

Key Points From This Episode:

  • Saving time by finding the right package that does exactly what you need it to do.
  • Using a scroll sync package for a react.
  • Building your own feature flags.
  • Payments as a service and how it has opened the field for online businesses.
  • How third party services allow businesses to focus on the business.
  • The painful parts of using third party services.
  • Making use of support bubbles.
  • And much more!

Transcript for Episode 89. Dealing with Third Party Software

[0:00:01.9] MN: Hello and welcome to The Rabbit Hole, the definitive developer’s podcast in fantabulous Chelsey Manhattan. I’m your host, Michael Nunez. Our co-host today.

[0:00:09.8] DA: Dave Anderson.

[0:00:10.3] MN: Today, we’re going to be talking about the software we didn’t write and using third party services.

[0:00:16.1] DA: Man, I love not writing software.

[0:00:21.2] MN: Yeah, we are developers and we do not like writing software, what’s going on here?

[0:00:25.8] DA: Yeah, I mean, like the only thing better than deleting code is just not writing it to begin with.

[0:00:31.8] MN: Exactly. My god, that is pretty great. It’s just like being able to use other services that exist in the wild so you don’t have to, what I call, reinvent the wheel.

[0:00:41.9] DA: Yeah.

[0:00:41.9] MN: Which is like the programming wheel. No, just stop, don’t do that.

[0:00:47.1] DA: Yeah, there’s a class for that, the wheel, like inherits from circle.

[0:00:52.4] MN: Exactly, go download that package, never use a wheel again, I’m sure there’s a wheel JS somewhere out there.

[0:01:00.0] DA: I mean, there are wheels in python that’s like the packet. For packages.

[0:01:05.1] MN: There’s a wheel?

[0:01:05.3] DA: Yeah, it’s a wheel of cheese, from the cheese shop.

[0:01:09.2] MN: Why does Python have a wheel of cheese? Stinks like cheese?

[0:01:12.5] DA: It’s a python thing, I don’t know. That’s a different episode I guess.

[0:01:17.5] MN: That’s a different python, yeah, got it.

[0:01:20.2] DA: Yeah, I guess we have like third party defenses that we always install, like using our package managers. But sometimes, that’s not enough, sometimes you need a little more muscle.

[0:01:29.3] MN: I think like, overall, we were joking about reinventing the wheel but you do end up saving time when you find the right package that does exactly what you need it to do.

[0:01:38.0] DA: yeah.

[0:01:38.9] MN: It’s great.

[0:01:39.6] DA: Our team started using this like scroll sync package for a react. My god, it’s so dope. I’ve written scroll syncing before and it’s not that hard but –

[0:01:48.6] MN: The fact that you don’t have to worry about it this time around.

[0:01:50.7] DA: Yeah, done. Sometimes it’s more complicated than just the scroll sign, sometimes you got to do something like with a really complicated domain like geo located time zones.

[0:02:01.5] MN: Gosh, location and time zones. Two pain points right there.

[0:02:05.7] DA: yeah. Let’s just leave that on the table and let somebody else take care of that.

[0:02:11.9] MN: Yeah, let somebody get that headache and then you go and use the package and that’s it. I mean, I imagine a lot of listeners probably use google for that, right? For maps and geo location and what not, which is great.

[0:02:22.5] DA: Yeah, who has a great API services that are super useful and yeah, they save you a bunch of time to do a really well-implemented functionality.

[0:02:33.6] MN: Yeah, I think in one of the other clients that I’ve worked at, we used a Store Mapper. Store mapper is essentially very similar to google maps but you don’t have to use google map JS to load up the map and do stuff. It’s like semi-established company so they have like the random popup that says, “Hey, this person is going to help you today,” like you can message them if necessary and what not.

[0:02:57.7] DA: Pretty vertically, specific for like, “I have a store and I want someone to go to the store” instead of like a generic thing like location services like finding the nearest point or the distance or –

[0:03:10.0] MN: yeah, because you don’t need to worry about finding the nearest point of a distance, you can literally say "Hey, I’m going to upload the name of the store and the geo location” and then next I’ll spreadsheet and it will plop those things for you using their services. It’s like really nice. It’s like a really cool thing.

[0:03:24.6] DA: Nice.

[0:03:25.1] MN: I think like one of the cool things about using it is being able to constantly update it and not have to worry about engineers updating that for you to feed into a database like, other people can also interact with it which is great.

[0:03:38.2] DA: Yeah. It’s like a lot of other kinds of services that we have like specific like reliability requirements for that, we might not have time to think about so much like log out your VHN or like error reporting, stuff like that. It’s nice to be a little, I pay somebody else to like get something that works pretty well and is really intuitive.

[0:04:01.2] MN: Yes, kind of like meta services for programmers. Yeah.

[0:04:05.4] DA: Feature flags to it, you can build your own feature flagging service.

[0:04:08.0] MN: Yeah, you mentioned one recently, no?

[0:04:10.0] DA: yeah, I’ve been working with Launch Darkly recently and it’s pretty nice because I’ve built my own feature flags before.

[0:04:17.6] MN: Right.

[0:04:17.6] DA: It’s not that hard but when you go with a service, you get all these additional things like filtering by like dimensions for the user and like rolling things out by percentages and all kinds of crazy stuff like that.

[0:04:30.9] MN: is Launch Darkly, are you able to change the experiments if you will? Or the feature toggles without having to be an engineer that has to deploy it to the wild?

[0:04:43.3] DA: Theoretically, yes.

[0:04:44.5] MN: okay.

[0:04:44.9] DA: But they just need to have the patience to like understand how to do it.

[0:04:48.1] MN: It’s like very intuitive interface but sometimes it seem like rocket science when you're like –

[0:04:53.2] DA: Creating equations for like shake down match and whatever.

[0:04:55.5] MN: Yeah, I see. It is possible but you have to like fine tune it.

[0:05:00.3] DA: Yeah. You need it to be very reliable, very available, if that thing fails then your site doesn’t work properly.

[0:05:09.2] MN: Yeah.

[0:05:10.3] DA: That’s good to have that reassurance. Like some other things that have additional requirements, that might be nice to outsource like – have your work with payments or anything like that.

[0:05:21.5] MN: yeah, definitely have been working with payments. I’ve been using Recurly like for managing subscriptions and stuff like that.

[0:05:29.6] DA: Cool.

[0:05:30.1] MN: That one’s really interesting, never use Recurly before but they definitely manage when a user makes a purchase, their account can be charged at billing be and they take care of the charging of the credit card and stuff like that. There are many different payment gateways that allows you to charge the user whether it’s like through a credit card or through PayPal and I imagine in the future, bitcoin. It’s just me guessing. I don’t know, it’s real about maybe bitcoin.

[0:05:59.3] DA: You think you’ll be able to pay with bitcoin?

[0:06:01.8] MN: I mean, if the subscription service allows you to do that, they’re able to do that because they’re the middle service of the thing that will charge the user or something like that.

[0:06:12.1] DA: Right, if you want to get paid then you can just get paid.

[0:06:14.7] MN: Yeah, then like they also manage like, let’s say when the credit card expires, like they have their own system in determining whether the user is available to use your product or not and have all sorts of different web hooks that connect to your systems to ensure that someone isn’t scheming to get a free product out of you?

[0:06:33.5] DA: Fascinating, yeah.

[0:06:35.5] MN: I think it’s very important to have like, especially for payments because there are so many other regulations that you have to manage when it comes to a payment like, “What is it? A PCI compliant?” I hear that word every so often.

[0:06:52.2] DA: You hear PCI and then people just like kind of shake.

[0:06:56.3] MN: Okay, let’s fix it.

[0:06:57.9] DA: you put a credit card number in a database?

[0:07:00.8] MN: No. Burn it, throw it out, microwave the server right now.

[0:07:07.5] DA: Right. Just starting over from scratch, new application.

[0:07:11.3] MN: You don’t have to worry about that, you just have that service will take care and be PCI compliant as long as you pass them ensure that you don’t log in plain text, someone’s credit card into your database and database logs then you’re like perfect, you’re fine. That’s like important so you don’t want to do that.

[0:07:27.2] DA: yeah. It’s essential, I was reading recently that like, just the simple idea of like payments as a service has like opened up the field so much for people to make online businesses, it just makes it so much easier, the bar is just so much lower to – we can just focus on the actual thing that you want to build that makes like your company unique and so they’ve like – all these odds and end requirements.

[0:07:57.4] MN: Yeah, you don’t have to worry about the legality of storing someone’s credit card. I mean, I’m sure, you know, these different payment services charge a fee but is that fee worth, you know, potentially going to jail because you didn’t think about this one particular edge case that a credit card comes in or something like that.

[0:08:18.8] DA: You go to jail?

[0:08:20.5] MN: I mean, what happens if you’re not PCI compliant? I don’t know, you get a fine, I imagine, right? You’re not going to jail.

[0:08:26.5] DA: Well, maybe, I don’t know. I think you might go to jail.

[0:08:31.8] MN: The way that I’ve seen people act a big PCI compliant, I think you go to jail.

[0:08:38.3] DA: Or if you don’t, then you probably wish that you were in jail.

[0:08:41.3] MN: Yeah, I know. That would be better. Because the fine is probably ridiculous so don’t – I mean, stuff like that, it’s very beneficial to use a third party service. Because then you don’t have to worry about these things. Dave, I think you did bring up a good point about these third party services, allowing online businesses to focus on the business.

What other tools are there that you can think of right now that would help the business? Just think about the thing that they’re trying to solve?

[0:09:08.2] DA: Right, you know, advertising services are pretty huge, that’s like, a huge business in itself in New York. Just being able to like, hook in and like dispatch ads on your pages. You just have to focus on like making the content and getting people there and then you know, you can use your services to get ads.

Yeah, I guess, also like, analytics of like tracking, who is there and who is where.

[0:09:34.9] MN: Who is clicking on what, what product actually gets clicked more, like that kind of stuff.

[0:09:39.9] DA: Yeah. There’s some pretty advanced tools out there, Google Analytics is kind of a baseline thing but then you have something like Hot Jar where you can have like heat maps and –

[0:09:50.4] MN: Yeah.

[0:09:50.5] DA: Other services where you can track in real time like where the user is, you know, who they are.

[0:09:57.2] MN: Yeah, that’s pretty nuts.

[0:10:00.0] DA: But yeah, if you want to build that yourself then you’d be basically –

[0:10:04.3] MN: Maybe not for long that be your product.

[0:10:06.4] DA: Right that would be your product. Yeah you had built it and then you go, “Wait I should sell this.”

[0:10:10.6] MN: Yeah, exactly because it takes a long time to set up these things that already exists that allows you to say, “All right, just hook this in and see what analytics all collect and what ads actually, what ads I can sell to the website” with that in mind, we can save a lot of time at the end of the day when you do use these third party services.

[0:10:33.4] DA: I guess things don’t always go well.

[0:10:34.5] MN: No, I think this is the second part where we talk about the painful parts of using third party services. Oh man, yes. Google Analytics is great, Recurly is great but when you have the right test for these things make sure that they work and sometimes it can be really difficult to hook into these API’s because the service exists elsewhere outside of your organization or your company.

[0:11:04.1] DA: Yeah, that is definitely tricky. You might need to mock out all of the API calls in your application and I think we talk about in the past about how challenging that can be with testing. Using a tool like VCR with RSpec and maybe we’ll get you there, record the request, response and play that back but that is not easy and it can be sometimes unreliable.

[0:11:32.2] MN: Right, because you can have a VCR and save that cassette so you don’t want to have to fetch that every so often but that cassette could be old and then you could be potentially expecting a response to act a certain way when it has changed for some time and your test is still going to pass but then won’t have any idea why you’re API is failing.

[0:11:55.2] DA: I like to try abstract a third party, give it some kind of a thin wrapper in the code base so that way I can do the mocks at that point and just have someone understanding about what that service should do. Like my internal imaginary mapping service or location service that just secretly wires out to something else or my secret future flag service that calls out but.

[0:12:22.3] MN: Right, I think that is a good pattern to follow right? Because you want to make sure that say Launch Darkly doesn’t work out for you anymore and you find a better feature flag third party service.

[0:12:33.1] DA: Launch Brightly.

[0:12:34.4] MN: Yeah, Launch Brightly, yes.

[0:12:36.5] DA: Totally is not copyrighted for today.

[0:12:39.2] MN: But if you had a wrapper that wraps over your Launch Darkly then that interface it doesn’t matter what third party service you use because you should be able to replace it with act accordingly to the code that currently exists which is a good pattern to follow but yeah, I think like VCR, there is definitely other cases where one may expect these third party features to work and they made new changes that break a code and you are unaware of it because you mock it differently than what’s expected in real time.

Probably something like smoke test would help you catch that but even then it is probably too late because your users are now seeing it and that sucks.

[0:13:19.5] DA: Yeah I guess that deals into documentation and service aspects when your API changes on a special day. Hopefully they are doing some communication, they are documenting it really well and doing it in a controlled fashion so you are not in that crappy situation or like you can plan for it.

[0:13:43.3] MN: I think the only good example I’ve seen of that is probably React. I know it’s weird to call that a third party service but I know if you open up the console and you use certain features without importing, the example that comes to mind is prop types like, “Oh you can’t use prop types that way anymore, please import prop types the actual package to continue using it if you are using an old React version” or something like that but I think the counts.

[0:14:11.5] DA: Yeah, deprecation warning.

[0:14:12.3] MN: Yeah, exactly. Deprecation warnings definitely help in that regard but you don’t – I don’t often see that in other third party services. You just go to the docks there and say, “Hey that looks different. You know what I am currently doing, maybe I should update that”

[0:14:25.7] DA: I know GitHub has been pretty good with their V3 GraphQL API because it is like a first class thing that they can indicate like "hey, this field is going away, it’s been deprecated” and I have looked at that. They have something like pretty detailed docs but then you do have to do your due diligence and actually look at it when you have something else to do with your life probably.

[0:14:49.2] MN: Exactly. You know you can’t just build it and then forget it when you use third party apps because they may just change right onto you.

[0:14:54.4] DA: Yeah, I guess you are saving time upfront but you still have to invest in it. Yeah sometimes if you are doing things in your local environment or a non-production environment that could also be a little bit weird.

[0:15:08.5] MN: Yeah, I definitely fall into that trap often because my local environment isn’t going to respond to web hooks that are going to come from the third party service.

[0:15:18.8] DA: Oh yeah.

[0:15:19.5] MN: Then it would be really weird to configure to my particular IP address so that the web hook like the third party service that hits my machine, it’s not a thing. It’s really to prove.

[0:15:31.2] DA: You bet client payment on your local machine or something like that.

[0:15:35.2] MN: Exactly and it is really difficult to set that up. So I don’t think for non-production testing of third party software it just doesn’t work as well.

[0:15:46.1] DA: Yeah and like you said, it depends on how well supported it is too because if it is really popular that might be easier to do because they’ve invested the time and how it should work but if it isn’t, then maybe you got to figure it out for yourself.

[0:16:01.2] MN: What are the other pain points that I’ve seen is when you use a third party service that has the support bubble, you have a question and it’s just like really difficult to get answer. Like another person on the size trying to do their best, answering the question, sometimes it could just be really difficult, “that’s not the answer I’m looking for, I do it better.”

[0:16:22.9] DA: It’s just like going way off the script that they’re ready to –

[0:16:27.1] MN: A lot of the times it’s so funny, I’ll just like, hit up the support bubble and then just start dropping like Java Script objects and then like wow, we’re going to contact our third level support and we’ll get back to you, those are always – just like hey, when in doubt, just drop Java Script objects into that support bubble and they’ll be like “wow, hold on a second, we’ll get right back to you.”

Someone will get back to you and then you could talk Java Script to that person which is great.

[0:16:56.0] DA: Yeah, that’s true. I’ve done that in the past too with like ad services too. It’s pretty specific to integrate with those things and you want to do it the right way so that you’re not impacting the user negatively when the page is loading and what not. They do have like engineers who are available if you like, if you poke the right people.

[0:17:17.4] MN: Yeah, exactly. Hey, I have this object that I got as error as you drop that.” “What are other errors that I may expect in this experience." “We’ll get right back to you,” “cool, awesome, thank you.”

[0:17:30.7] DA: Nice, that’s a pro tip.

[0:17:32.6] MN: There you go, give that one for free, don’t worry about it. There you have it. I do think that even though we mentioned those pain points that we discussed just now, there are some third party tools that you should just use, I don’t think reinventing the wheel for payment is a good idea when you just want to sell something.

[0:17:53.2] DA: Yeah. I’m not going to write a GS special time service to – for tab someone for something.

[0:17:59.4] MN: Please, don’t ask your engineers to do that please. If your boss is telling you to do that, have him play this episode. It takes a lot of time and energy to reinvent the wheel when you can easily download a package that may do it for you in half the time so that you could still deliver awesome product.

[0:18:20.5] DA: Yeah, when you play this episode for your boss, make sure that you get him to like and subscribe and give us a five-star review.

[0:18:27.1] MN: There you go leave a five-star review, that’s very important.


[0:18:31.1] MN: Follow us now on Twitter @radiofreerabbit so we can keep the conversation going. Like what you hear? Give us a five-star review and help developers just like you find their way into The Rabbit Hole and never miss an episode, subscribe now however you listen to your favorite podcast. On behalf of our producer extraordinaire, William Jeffries and my amazing co-host, Dave Anderson and me, your host, Michael Nunez, thanks for listening to The Rabbit Hole.

Links and Resources:

The Rabbit Hole on Twitter



Store Mapper

Launch Darkly


Google Analytics

Hot Jar