Unnecessary Printing

Several years ago, my Grandad decided to try learn how to use a computer and experience the internet. He went all-in and bought a printer as well.

One time, I went around to his house and he said he had problems with his computer. Anything that resembled any kind of error, he seemed to panic.

I can’t even remember what his problem was exactly, probably something like OneDrive failing to sign-in. When I followed him into his computer room, he picked up a stack of papers and handed them to me. I looked at them and he had printed out the errors!

I thought it was hilarious. I told some of my colleagues about it and it became and inside-joke, so if one of us has an error we would tell each other to print it out so we can help resolve it.

A few months back, I saw Wes Bos tweet this and it made me laugh because I felt it was something my Grandad would have done.

Wokeness at work

March 8th was International Women’s Day and so people at work made a few posts about it. One person made a post about “Gender bias“:

“Gender bias comes in many different forms including stereotypes, assumptions and discrimination. It can be both deliberate and unconscious, malicious and unintended – but above all, it is a common barrier to equality – both for women and those who identify as women.

Today is a perfect opportunity to reflect on the role of gender bias in the workplace and in society as a whole and how we can all become allies and support our female colleagues, friends and family members. The best place to start is with our own learning.”

Person 1

I find today’s “woke” culture quite interesting because it’s actually quite difficult to say the right thing and it’s very easy to be hypocritical. She says “both for women and those who identify as women.” which implies they aren’t equal – this is basically a microaggression. The correct thing to do is not actually point it out, and just use the term “women”. However, she then goes on to use the term “female” instead of women in the following sentence. Ironically she did call out it can be “unintended” discrimination, and the “best place to start is with our own learning.”

Another person recommended these “unconscious bias” tests https://implicit.harvard.edu/implicit/takeatest.html 

“I tried the gender and race tools and it helped highlight to me where I have to think and work on my ‘implicit associations’. These associations should not be judged by anyone other than myself (they are after all how my brain has become wired over 50+ years) – but will help me understand, moderate and change my interactions and thought process when looking at a whole number of things.”

Person 2

I gave a few of them a go. The ones I tried had the same style. The test is that there’s a group of words associated with 4 categories. You are given a pair of categories, one on the left, one on the right. You are shown one word at a time, and have to press “I” and “E” on the keyboard to assign it to the correct category.

For example: “Gender – Career. This IAT often reveals a relative link between family and females and between career and males.”

I think the idea is that when Career and Males are paired together on one side, and “Family and Female” on the other, then you will match the words faster because of the strong association that these words are related.

As the Result screen states:

The order in which you take the test can influence your results, but the effect is small. We minimise this effect by giving practice trials after the categories switch sides. We also randomly assign the order of the IAT so that some people get one order and other people get the reverse order.

Harvard

I do think this will have a bigger impact than they claim, although maybe it depends on the individual. When I got to the end, sometimes I thought I was submitting the answers faster because I was used to the way the test worked, but then sometimes I ‘d get the wrong answer and think it was down to the fact that I recall pressing “E” when I saw “Salary”, but then in this round, I should be pressing “I”.

I did the Sexuality (‘Gay – Straight’ IAT) test first, and I was conscious of how it was expecting me to be biased, so I focussed more and was more determined to score higher. In the end it suggested I had a fairly strong preference for Straight. I would have liked to have seen the timings because I was convinced I had scored consistently in the later rounds, or even better because I was aware of how it was trying to trip me up. I think I messed up more in the early rounds because I was getting used to the test.

Personally, I wouldn’t read too much into the results anyway.

Salary: Cost of living increase

In the last few years, my employer hasn’t bothered matching inflation. When challenged, the HR Director has said they traditionally don’t do this and are not obligated to do so.

It’s basically a wage-cut if they don’t though, and each of these years they seem to be posting record profits. Always seems really sketchy when you get told there’s no budget but they seem to forget they are a Public Limited Company and need to announce their finances, including director’s bonuses and all that.

This time they acknowledged that inflation is very high this year, and are hyping up how caring they are because they are actually giving an increase… although in most cases it still is going to be under inflation. It was pretty predictable that it was going to rise further than the 5% they were benchmarking against. The current figure published by the ONS was 6.2%.

They claim to be giving “an excess of 7% rise“. Everyone is getting a 2% rise, with a further 3% at the discretion of line managers but they can’t give it if your salary has changed in the last 6 months. Last year, when they finally acknowledged I was underpaid, they staggered the increase in 2 instalments so I only got my full rise in January so that means I don’t qualify for this 3%. They are also giving 2% profit share which is a one-off payment and not a salary increase at all. Pension will increase by 0.5%.

So according to their maths, 2 + 3 + 2 + 0.5 is 7.5%. But 2 of that is the one-off payment so at most you can get 5.5%, but 0.5% is your pension, which is nice, but it doesn’t end up in your bank; so we only get 5% direct in our bank.

Personally, I just get the 2% plus 0.5% pension. That is supposed to cover the 6.25% inflation, and is it even going to stay that way? Could rise further.

I love that in the FAQ they provided with the announcement, they went with:

Will I receive a salary increase if I leave? 

Surely no one would even think that. How can you get a salary increase from a company you are no longer employed by.

:upside_down_face:

Software engineering team structures

This post outlines a useful structure for product-based software engineering teams. I believe it is a fairly standard structure in a modern software company. I’ve adapted this post from a contribution from a colleague.

The main principles are:

  1. to keep communication flowing;
  2. accountability is defined and understood;
  3. the ability to scale horizontally

People

A team size should be 7 +/- 3, or as Jeff Bezos calls it “The two-pizza size rule”: If you can’t feed the team on two pizzas, the team is too big.

The composition of the team should involve these people.

  • Technical Lead
  • Senior Engineers
  • Engineers
  • Junior Engineers (or Graduates/Apprentices)

A trend in the industry is to move towards the general term of “Engineer” rather than distinguishing between Developers and Testers. However, if there’s a lack of Automated Testing, then more Manual Testing is required which then has a stronger requirement to make this distinction between the roles. Having a distinction can lead to the “us and them” culture as code is “thrown over the fence” to be tested. The team can feel more fragmented – this isn’t always the case though.

Technical Leads do not necessarily need to be the most technical on the team, but they need leadership and management skills. They need to know who can solve an issue in their team and be the facilitator.

Juniors (or graduates/apprentices) are an important part of growing your business. When many job adverts ask for the standard “2 years experience”, how do you get it? Recruit juniors into your team and teach/mentor them, shaping them into the engineers you need.

A team needs to be a blend of skills, strengths, personalities. A junior engineer is a part of that blend. It keeps the senior members in the team on their toes, as they need to coach, mentor, and explain concepts to receptive minds. This can ground the team, and make them more productive.

Earlier we defined people, not roles. These are the roles that augment the team:

  • Product owner
  • Architect
  • Scrum master

These roles could be people in the team, but not every organisation will be at the scale to require a Full Time position for each team. If you don’t have a dedicated full time position, the team will need to decide who will pick up the duties of these roles.

Accountability

Responsibility – Who feels guilty when the team doesn’t deliver, or something goes wrong.

Accountability – Who takes the blame when the team doesn’t deliver, or something goes wrong.

When a team is formed, they are all responsible for everything the team needs to do. As a member of the team, you do whatever is needed to “get over the line”. Your process should not create single points of failure, or knowledge silos. Your process should provide mentoring to junior team members, and be supportive of learning.

The Technical Lead is accountable for making sure everything is complete and to the desired standard.

So what is everything? A non-exhaustive list would include:

  • Technical/Solution design.
  • Backlog management.
  • Both product and technical.
  • Development and testing.
  • Deploy and release management.
  • Support and documentation.
  • Monitoring and telemetry.
  • Reporting to managers
  • Sprint reports.
  • Roadmaps.
  • Quality metrics.
  • Quality control.

Line management can be with the Technical Lead, split between Technical Lead and another Senior within the team, or even people outside the team. If it is the latter, then the accountability needs to be clear.

Scaling

Scaling needs to be “horizontal” when a team unit becomes saturated: You do not make teams incrementally larger to scale your output. You add more teams and give accountability to these new teams. This goes back to the 7 +/- 3 idea.

you need to add another team:

  • If the average velocity of the team is not delivering the quantity you require.
  • If you are asking the Technical Lead if they need more people to deliver, and they are already at the top end of the 7 +/- 3 bracket.

If you are scaling, you are likely to come across engineering teams that need to work across product teams. Examples potentially could be: security; authentication; UI Libraries; or overall platform stability/accountability. Whilst these are individual products in their own right, they are servicing other development teams. They need to be more collaborative, open, and aware of the business needs of other teams. Their decisions will impact more people than decisions made in a single focus team. They will need to be honest and clearly communicate priorities.

Making Yourself Redundant

I often find that managers end up writing jargon-fueled posts that don’t mean anything to me. It’s often just hype, or a slight change which makes no difference in the grand-scheme of things. So it just frustrates me or makes me laugh. I was talking to a friend about this topic and he said he loves it when they get the word “synergy” in there, so I was glad to read in in this post:

One thing is certain in life, and that is that change is inevitable. But change doesn’t mean it’s a bad thing; it means new beginnings, new opportunities, new ways to improve. Over the coming weeks we will see some change come to our Product Team. A new structure to bring synergy with our SAFe implementation so that we are better aligned than ever to deliver our hugely important product roadmaps over 2022.

Most notably, Product Owners will move to report directly into the appropriate value-oriented structure (Vertical Markets or Horizontal values).This change will reflect the need to provide autonomy to the relevant specialist areas enabling them to;

  1. make clear decisions on their respective priorities.
  2. bring the Product Owner and Programme Management teams closer together supporting their knowledge of the ‘Why’ and the customers that we are focusing upon.
  3. provide greater consistency of resources working on specific areas based on the technology/product/market in which they specialise

Certainly sounds brilliant doesn’t it? The next bit made me laugh though.

As a result of these changes, the role of Head of Product Owners no longer fits into the product structure and so, unfortunately, George will be leaving the business. He’s been heavily involved in designing the new structure…

Wait…what? He came up with this new team structure and forgot to put himself in it?

Troy Hunt: The Responsibility of Disclosure

Troy Hunt is a cyber security expert and creator of the popular website Have I Been Pwned. I do read his blog and listen to his podcast in which he mainly discusses cyber security (obviously) but also discusses some life events and hobbies.

YouTube recommended me a presentation he did for AusCERT2017 about responsible disclosures. It’s actually an interesting topic how some companies are very welcoming for people to report security vulnerabilities, whereas others are very distrusting and can threaten to sue.

You can watch the presentation in full:

AusCERT2017 Day 1 Troy Hunt: The Responsibility of Disclosure

Otherwise, here is a summary of the presentation.

He begins by telling a story of how someone found a security vulnerability on a website, extracted loads of data, used some of the login credentials to get in. He filmed it all and put it on YouTube. He got arrested.

Even though someone like that could claim to not be malicious, he would clearly violate some laws like Computer Misuse Act.

  • So how can you investigate a security flaw?
  • How can you disclose it?
  • Where is the line between being responsible and irresponsible?

Troy has a “Sinéad O’Connor” test. Enter her name in the data entry field of the website. If the apostrophe in a name gives you an SQL error, then you know there is a vulnerability – it is prone to SQL injection. You don’t need to go any further and actually carry out the attack; illegally accessing data to prove it.

If you grab 1 record, the company is obligated to disclose this to the user who lost their data. If someone takes 10,000 records, it’s a bigger problem and more inconvenient to the company. Just 1 unauthorised access to a record sufficiently illustrates the point. Accessing more than you need is more likely to be met with a negative response and possible legal action.

He then goes through some more notable examples and attitudes to the disclosure:

PayAsUGym got breached and ignored the hacker. Although the hacker was trying to extort money, by ignoring them completely, PayAsUGym had no idea how bad the breach was. Initiating the dialogue could have at least given them more information to attempt to limit the damage.

Cloud Pets had a security flaw in their toy, but also had a publicly exposed MongoDB database which attackers wiped and ransomed. Later on, when journalists contacted the owner, he responded

you don’t respond to some random person about a data breach“.

Spiral Toys CEO

As Troy says, random people are exactly the people that will tell you about a problem.

Australian Red Cross Blood Service disclosed their breach very quickly, put out communication through multiple channels, and apologised. Troy was impressed with this response. The problem was a third-party who placed backups on a public-facing server so they could have easily downplayed it or passed the blame.

For more info, Troy also has a blog about disclosures, including the example of Cloud Pets.

Jurassic Park: The Software Issues

I read Michael Crichton’s Jurassic Park recently.

:dinosaur:

It seems obvious to the average person that a dinosaur park containing vicious species such as the acid-spitting Dilophosaurus, the intelligent hunters Velociraptor, aggressive flying Pterodactyls, and the ferocious Tyrannosaur was going to end in disaster.

A more docile park could work as long as other mistakes aren’t made. If we ignore the dangerous dinosaurs, it’s essentially poor software and a malicious developer that is Jurassic Park’s downfall.

The software controlling the automation contains many bugs and is also closely tied to the security and surveillance system. Computer programmer Dennis Nedry is brought to Isla Nublar to fix some bugs and add improvements. However, he uses his access privileges to take down the system which allows him to physically access restricted areas and steal the dinosaur eggs.

So the software is bad architecturally from a security aspect, but then Nedry was a malicious insider that abused this software flaw. The power outage and the aggressive dinosaurs is the main catastrophe that happens, but there’s also the existing issue of dinosaurs leaving the island undetected.

They don’t realise the dinosaurs have been breeding because of the way the software is designed. The user has to enter a number for the expected number of dinosaurs, then the park is scanned and stops counting when it finds that amount; so the system can only report that same value or fewer. This efficiency was added because the scientists have only cloned female dinosaurs – so it is “impossible” for them to breed. However, the dinosaurs can change their sex due to a type of frog DNA also being used in the genetic cloning process. This means some dinosaurs have switched sex to male, and have been breeding. The increased population has gone undetected, and some dinosaurs have been hitching rides on the ferry off the island.

This is definitely a cautionary tale of software issues.

Configuration Manager tool – Text Matching

When we add new, optional features, we often put in a flag to enable or disable the feature for certain users. This allows us to slowly roll-out the feature, or only enable it for customers that pay the premium. If there’s problems, you can also disable the feature quickly without pushing out a new version of our software.

One team had decided to rename their module, and therefore were updating the configuration flag’s name.

A lead developer, who reviewed the change, questioned if they could do that without running into incompatibility issues. The project team’s lead stated:

“No, we have the feature validation at source and target separately before we do anything. So, there should not be any compatibility issues.”

Project Lead

However, I was convinced the lead developer was correct. We have multiple versions of our software deployed, but we only have one version of the Configuration Manager tool.

So let’s say in Version1, the new module is called “User Manager“, but in Version2 they want the module to now be called “Staff Management” – and so they update the main software and the Configuration Manager tool to use this new name.

When we use the Configuration Management tool for new users that are using Version1, we update their config to use the new name “Staff Management“, however Version1‘s software will be looking for “User Manager” and will not find it, so will think the module is disabled.

Existing users on Version1 with the old flag in their configuration will work as normal, but it won’t work for new users. For Version2 users, the Configuration will have to be redeployed since their config will have the old name, but Version2 will be looking for the new name.

If the Configuration Management tool used ID’s rather than matching on text; it wouldn’t be a problem, so we have screwed ourselves over there. Matching on text is rarely a good idea due to possible spelling mistakes, case sensitivity (is “User Manager” the same as “user manager“?), and usually less efficient matching on something else like a number ID.

I spent a while trying to think of ways around this issue. Ideas that I thought of involved writing complex database scripts, running scripts outside the release process and getting other people involved. But then I think all my ideas still wouldn’t solve the incompatibility issues and it seemed way too much work for something trivial.

The team were adamant they wanted to rename it though, but it didn’t really matter too much. Only our staff see the Configuration Management tool, and we can update the main software so the users see the new name. It just adds confusion if someone tells you to enable “Staff Management” but you can’t see the option, so they have to correct themselves and ask for “User Manager” instead.

I would have thought the project team would have ran through different scenarios to test if their idea was feasible for new and existing users. But even after questioning it was feasible, they were adamant there wouldn’t be any compatibility issues so I had to explain the scenarios to them.

Related Blogs:

Configuration Switches
String Comparisons

Mentoring #7

I am mentoring an Apprentice who has never done C# before, and this is his first programming job. So this is a diary of some-sort of his progression and my ability to mentor.

Managers love rearranging teams and sometimes I facepalm at how ridiculous it gets. When our teams were first formed, I was in Team A and my Apprentice was in Team B. I flagged this to my manager as a strange choice because it would make more sense if I was working alongside him and knew the work that he was assigned to do.

After several months, I got reassigned to Team B. A few months later, he has been reassigned to Team A but will work as a Software Tester. So now we are in opposite teams once more.

All this switching is just stupid, but I don’t object to him switching roles. Recently, he did say he understands C# a lot more now and can read more code that he could before, but he struggles to understand what our software currently does.

The annoying thing is, I did suggest to him early on that; temporarily, (or intermittently) switching role to a Software Tester may be beneficial to him. Testing the software will mean he learns the functionality of what it is supposed to do, he sees more of our process, and also understands how the Test Environments are deployed/configured etc. Our software is really complex so I felt his insistence to get stuck into the code was actually hindering him.

He actually sounded quite excited to try it now, and I felt that if he does enjoy it, it might suit his abilities more. If he doesn’t do well, then we may end up letting him go.

This is the thing, he has been here a few years and hasn’t really learnt anything, and when he does ask basic questions, I find myself telling him I had already gone through all this stuff before. I don’t expect him to retain everything I tell him, but I did emphasise there was a lot to learn, and this team is incredibly difficult so needs to put the effort in early on – which he didn’t do. Now Colin (who I have written about many times on the blog) has moved roles from Developer to Manager, Colin told me he is aware that there are several underperforming people, and that he is going to be looking to move them on; my apprentice is one of them.

Colin seemed to suggest that if he can’t complete work himself (either from a Development or Testing point of view), then he could be let go. A week later, my apprentice was asking questions from a Developer perspective and I asked what happened to the Testing work. He said something about “not wanting to be a Tester” and “didn’t want to get stuck doing that work”.

Not a good idea.

Showing he can do Testing would be much easier than trying to fix some difficult Bugs. Going against a manager’s idea when you are close to being let go is also playing with fire. Also, what happened to the enthusiasm he showed a week prior?

I’d also previously explained to him how there’s always times where Developers have to chip in and help Testers. Those that kick off a fuss or don’t contribute enough are always looked down upon since they are not “team players” and don’t show a “quality” mindset which everyone should show.

We will have to see what happens. I’ve only ever known people to be sacked for having major arguments with managers, or doing something really offensive. It’s a rare occurrence so I’d imagine we would just keep him around, even if he doesn’t contribute much.

Ukraine Cyber Attacks

Our security expert in the IT department made a security announcement last week:

“Due to the growing tensions in Ukraine, it is not surprising that the UK may be subjected to increased cyber-attacks”

Security Expert

When I started reading this, I’m thinking “why is it not surprising that we would have increased cyber-attacks?“; it is written like it is stating the obvious, but why are we under threat? My immediate thought is that Russians aren’t able to tell the difference between the UK and Ukraine. I mean, they do sound kinda similar.😁

So I read on, and I was a bit confused when the following paragraph goes on to say “whilst there is no specific current threat to UK organisations…“. I guess the keyword is “specific“, because much later in the post, he finally clarifies what he means. He was referring to the usual phishing attacks and donation scams. For example: emails asking for donations to help Ukraine, and you could be likely to click links and hand over cash for a worthy cause; but you will be handing  money to criminals.

So it will be true that there’s more “cyber-attacks” across the world, so no idea why he mentioned the UK then had to clarify that it wasn’t specifically the UK in the very next paragraph.

He also wrote

“instructions have been issued to all areas of the business to bolster their cyber security measures”.

Security Expert

I find this a bit of a nonsense statement really; shouldn’t we already have max security? After all, just like he also states: “We take data security very seriously and it requires all of us to play our part.

So are we at our most secure or not? It makes me think that we aren’t. Anyway, after instructing everyone to be suspicious of clicking links, he then provides some links for us to click to find out more.