Monday, March 13, 2017

Brown-field development

Image Copyright @ Robert Brooklyn http://unemployedprogrammer.blogspot.com/

Developers often complain about working on legacy code base. “Green field” development, i.e. writing brand-new systems where no code existed before, is relatively rare. Most software development work happens in the midst of the pre-existing and often relatively old coding.

Why is so much work being done on legacy projects? If people prefer to work on new code, and people in software development industry often get what they want – why isn’t there more of brand-new software projects?  After all, software developers nowadays get shiny offices with nap pods and gourmet catering, free laundry services and massages on-site.

It is well-documented that most of tech startups fail.  Most ideas do not lead to sufficient ROI and good business value. A lot of software projects get done [to some degree] and then thrown away, because they did not turn out to be viable enough to keep investing in. 

So what is left is a select few projects that turned out to be spectacular successes: profitable enough to keep using and getting business value from for a good long time. Organizations choose to continue to invest in these projects because older systems offer continuous income and a well-known ROI based on past history. While these projects are relatively rare, they tend to be large: small projects grow over time, and over 80% of investment in a software system happens after the project is declared done and enters maintenance mode.

Most of the non-startup development happens on the large, hairy, hugely successful projects with boring names and scrappy old interfaces. The code can be old, but the system is brilliant – it survived the competition with all other competing projects in its business space.  This is where the ROI and the business value are.  

The offices may be getting nicer and brighter, but we are likely to continue working on in the deep-brown for the foreseeable future. 





Wednesday, December 21, 2016

The bug of security theater


It seems like the Internet and web-based services have been around forever and work well – from anywhere, just open up a browser on any device that supports Internet browsers. Well, at the end of 2016, there is a new bug going around, preventing many different services from serving. The bug of security theater.

After many a security breach, billions of records exposed or stolen, millions of people affected in some serious or minuscule or unknown ways, the providers have learned that security matters. However, security breaches are still relatively rare, unsystematic, and often caused by an ‘oops’ – some singular event that wasn’t supposed to happen, like operator error.  In many cases, there is simply not enough information how to prevent the break-ins and unwanted exposure or loss of data. In other cases, providers may be able to do somewhat better – but at the great expense of re-training staff, updating and enforcing stricter policies, and re-working technical systems.  

Still, there is something that is relatively cheap and easy to do, and improves security – at least in the eyes of users and media.  Security theater is commonly show-cased in the user interface. Many-factor authentication, secure codes sent by email or text message or by audio in a phone call, highly sophisticated personal and public questions going back many years for the users to answer – all for the privilege of accessing the same old web-based email account.

Many providers are requesting a smart phone# to authenticate against, which is good for them – more data, but bad for us – more advertising phone calls.  Many providers require a live exchange of data over the phone or email before allowing access, which is hardly good for them, and definitely bad for us – the wait times are often unreasonable.  Still others insist on following up online communication with a phone call – which is bad for everybody, because if we wanted to communicate by phone, we would not bother with online access at all.


Security is different from security theater.  Security is hard, and should enable us to do more business. Security theater is cheap, generates false sense of being protected (and very real frustrations), and prevents us from doing things we want to do. 


Monday, December 12, 2016

Conversations on diversity


I want to share a few  interesting conversations with or about women in technology industry: 

A young white American male, on attending Grace Hopper Celebration - a conference by and for women in computing
- It felt really weird to be part of the small minority of men there. I usually feel like I belong when I go to technology events, but this was different. 



A different young white American male, works in a heavily male-dominated office
- So, as a member of the majority, what can I do to welcome more women to participate in tech?
Another young white American male, same workplace
- But we welcome women! We are a total meritocracy.  Women just do not apply.



Mid-career software professional, female, working in the public sector
- Yesterday, I suggested researching a way to automatically add new users to "AR" group. I told it three times. It was ignored and dismissed. By the end of the meeting, Garry said exact same thing. Adolfo carefully recorded it in his plan of action.
Experienced white male, in response to the woman’s comment above
- Sad that it upset you so much. How much easier would be your work if you just shrug and ignore, even better, do not notice these little injustices. The credit, that little bit of authorship honor, was stolen from you. The whole incident was a waste of time and emotions.



Another professional woman
- I get a flood of emotion when I realize that consistently in our staff meetings one of my male coworkers echoes my comments or objections loudly for the whole group, either in agreement or augmenting them with his own thoughts in legitimate discussion. This is a first in my career that I feel consistently heard, even with the many female coworkers I've had. And he is raising a daughter.