:PROPERTIES: :ID: 437300b8-0f8e-4923-b6d2-d8c7a2db4b6d :END: #+Title: IROH Offsite 2023 Notes #+Author: Yann Esposito #+Date: [2023-10-09] - tags :: [[id:91f33b35-6e4e-4213-b214-972ee20722df][Cisco]] [[id:38a25196-863a-41c8-8c17-772fc9fe9b04][Yann's Personal Retrospective 2023 Offsite]] [[id:f70bf00d-8bc8-445e-a65d-2b960b46f419][Personal Retrospective Offsite Template]] - source :: * Personal Retro head/tailwinds ** Guillaume *** Headwinds - Clojure stack and expertise - Remote, Distributed team - Good collaboration with other teams Tailwinds - More self started initiatives, POCs and proposals - Team spirit & collaboration between team members - Modularize the project - Upgrade Libraries - Green field projects - Refresh our ops stack ** Matthieu *** Headwinds - use github (not jira) - Good collaboration with other teams *** Tailwinds - no (or almost none) coding time for managers - Team Spirit & collaboration between team members (ex Olivier) - Refresh our technical stack ** Kirill - Public library to shutdown properly - introducing data stream capabilities with kafka, kafka connect HTTP interface we should provide stream interface to quickly react, subscribe to changes, data-lake in CTIA, CTIM schema. Usual workday: - 80% thinking - 20% coding not implement complicated code, to type less. *** Headwinds - let's try to change everything - refactoring or "do not hesitate to change" - CTIM changes for example, allow to export to STIX Mainly change internal data structure. *** Tailwinds - need more data stream scenario ** Shafiq - Problem solving first, Clojure behind *** Headwinds - Clojure is a good tool - Team - Autonomy in the team - Async collaboration - Investing time in accordance to tasks - PR reviews, technical discussions (welcoming, healthy and think time) *** Tailwinds - We should Focus on RFC dn technical discussions across sub-teams. Promote eligible PRs to RFC. (Idea have a UI page.) - "Why" sometimes hard to track - Sieve through GH notifications - Someone to write and maintain tests :) (discussion with team, improve test framework) ** Guillaume Ereteo *** Headwinds - API first features - Highly tested code base - Favor async communication - Coffee time with Mario *** Tailwinds - Coffee time with others - Knowledge sharing and transfer - Hire and mentor junior developers - ES7 EOL; migrate to another DB ** Mario - versioning from Boeing - pair programming - demoing - zen mind and .. mind book (beginner minds, expert minds) - punishment for mistakes - distractions (via direct message in webex) *** Headwinds - No daily standup - Challenging each other respectfully in code reviews to make things a little bit better *** Tailwinds - Topple silos - move people around between subteams to spread knowledge - Prisoner swap (cycle 1-dev between services & engine team quarterly) - Does anyone ever pair? Any interest? - Have coffee w teammates & folks from other teams - Feed logs to AI and see what it can notice ** Ambrose *** Headwinds - scope creep taken seriously - design culture - test culture - review culture *** Tailwinds - ES7 EOL dependencies - Improve Weekly meetings (cross communication) improve cross team comm, (maybe team building, give me the elevated pitch) ** Yann *** Headwind - Not having daily standup - Good code reviews - Trust in each other *** Tailwinds - Not having more focus days. - Improve internal visibility to bubble up difficulties. - More casual discussions in the main chat - More in depth retro vs current weekly status - Say IROH instead of XDR. ** Wanderson *** Headwinds - No daily standup - Ability to work at unusual hours - No micro management *** Tailwinds - Too Many notifications - Kibana debugging - unfamiliarity - more docs to kibana - example of useful queries ** Olivier *** Headwins - ROWE (Result Only Work Environment) - Long-term tasks, allowing the solution to mature - keep meetings efficient & distraction to a minimum - open access to all code, repositories and tools *** Tailwinds - Using Webex as documentation & specification tool - retro in the SCRUM sense, post-mortem if a technical or deployment issue has occurred - cross-(iroh-)team collaboration on additional tools/documentation/processes ** Jerôme *** Headwinds - no daily standup - autonomy - good atmosphere in the team *** Tailwinds - tenzin - monitoring and alerting - improve configurations factorization in tenzin-config - use only binaries for iroh ** Patrick *** Headwinds - No daily standup *** Tailwinds - ops stack * Paris Olympics 2024 + POC demo - Logo of the products in the tiles missing from SX to XDR. - infinite lifetime session for the Olympics (change refresh token lifetime from user-id) * Jyoti Presentation AI assistant on the UI * Guillaume Presentation Graph API Pathom3: https://pathom3.wsscode.com * Jyoti's day ** Data retention https://whiteboard.webex.com/whiteboards/ah4JMrM3tFVTxUZV51kArb 1. Manual deletion - completed in INT and TEST - done for "ALL" orgs (SX & XDR) - objects deleted: incidents, investigations, events, assets, sightings, assets-mapping, asset-properties, relationships (involved in incident or sightings) 2. Daily Cron - same as manual but assets and sightings ** Notification System (Event Bus) https://whiteboard.webex.com/whiteboards/a5cEiUkct6CNtHZCdRJmAld ** Integrations https://whiteboard.webex.com/whiteboards/a79AlknraKGx47aFzchkiJc ** SX EOL FMC uses SX for device flow. Only to connect to SSX. CDO provide a context service. Enable SX, come to IROH-Auth & returns the key, then iroh-sse to call to ssx. ** IROH-Proxy improv - Crowdstrike ** IROH-Async improv (no time to discuss)