development programming

Things I don’t know as of 2021

Things I don’t know

Last time round, I stated the things I didn’t know. Whilst the technical list hasn’t changed much, there’s a new set of skills I want to talk about for this year, as these are the things I want to know.

How to build a diverse team

I’ve worked in plenty of diverse teams, and I’m proud that we managed to build a team from all male to 50% female in the 2 years I was at my last job, but there was a lot of unique features about that job that makes it harder to replicate elsewhere. And some of the groundwork was laid before I joined.

How to be a good mentor

I started mentoring via coding coach last year, and I’ve had to tune my approach to each individual, but I’m still not sure the best questions to ask, and what’s the best structure. If I find out, I’ll share it here.

How to get a sleep routine

Sleep is important. But between the existential crisis of a global pandemic, with the subsequent upheaval of work processes, and the constant desire to get more done, I don’t always timebox what needs to be done, and things fall, including my blog, and my fitness. I have thoughts on how to prioritise and plan better, but I can’t control for external factors.

How to work remotely

Whilst I’ve been used to sort periods of working from home and working with teams spread across multiple offices, this COVID lockdown is different.

I’ve learned how to work asynchronously, but there’s no good replacement for the serendipity of a chat grabbing a coffee or over lunch. Whilst I’m cautious about returning, even when we can, I definitely look forward to seeing people in the flesh again. Even if we’re wearing masks.

Is there a better way to work?

Whilst trying to find how to work “like this, but over video”, I’ve started looking at how properly remote-first companies do it, reading DHH and Reinventing Work, and thinking if there’s a better way of organising work completely. Asynchronous, pull-driven, self-organised. How do open-source and open-contribution (e.g. Wikipedia) work, and are there lessons we can learn there to make companies more effective, more value-driven and more scalable?

.net code data development

CosmosDb in The Real World : Azure Global Bootcamp 2019 (Glasgow)

Thank you to those who came to my talk today about CosmosDb. I hope you found it useful.

If you’d like to review the slides, you’ll find the presentation online here :

CosmosDb In The Real World – GitPitch

If you have any further questions please ask below and I’ll do my best to answer.

.net development leadership programming

If you’re not living on the edge, you take up too much room

.net is a battleship, and it’s taken a long time to change everything to core, and figure out what the Framework/Core future is. In the meantime, you may have found your project crushed in the path as new APIs change or old technology gets deprecated.

Ask Java developers about where Oracle is taking their language and you’ll hear a similar story. The future is different. Maybe better, but in some places definitely worse.

Change is inevitable. That’s why our industry has embraced agile, so we’re ready to change on weekly or monthly cycles, not yearly ones. The longer it takes to make the decision to change, the more baggage you have, and the harder that change will be. That’s why Jez Humble recommends “if it hurts, do it more often”. That change may come from the business, from the competition, from the platform, or from the environment. How did you deal with Heartbleed, or Spectre? How many of your customers are still vulnerable, and are reducing herd immunity for the rest? Are other companies carrying your baggage without knowing it? Are you the reason that IE6 VMs are still a thing?

The bleeding edge is painful. .net Core broke things, Angular 2 broke things, Python 3 broke things, Edge broke things. But not keeping up breaks more.

How do you keep your tech contemporary?

code development leadership programming

Java without semicolons

When I was a tutor at university I remember one student who I only saw towards the end of the year. I think computer science was their additional course. They came in after apparently spending the best part of a year learning Java, and sat down to complete their assignment.

It didn’t take long before I was called over to help. Their code wouldn’t compile. A fairly standard console application, with some output. And no semicolons.

I was incredulous, and as a young eejit, I’m not sure how well I hid that. I couldn’t believe someone could have completed the lectures, read the books, and completed the previous 29 assignments without using semicolons.

How could they spend a year on a Java course and not learn anything?

Regrettably, I refused to help them and pointed them towards the obvious and clear error messages that they’d obviously been looking at before they called me over.

I wasn’t going to build it for them. I couldn’t teach them 1 year’s coding in 15 minutes.

And yet, they turned up. They asked for help instead of struggling on. Exactly the things I’d wish for in my new starts when I started leading teams and onboarding staff.

They knew the shape of the solution and they knew where their talents were. If I’d been a little more patient, I could have nudged them gently on. But I don’t know if that would have been enough.

If you are mentoring or leading developers, are you stepping in early enough? Are you praising effort and being vulnerable enough to ask for help? Can you see their strengths and weaknesses? Are you giving yourself enough time with them?

Are you being the senior that you wish you’d had when you were a junior?


No More Secrets: Using PKCE in OAuth for your JavaScript apps

Thanks to everyone who came to Scottish Developers to see myself and Christos talking about identity. If you missed it, be sure to watch again on YouTube. Many thanks to Carole and Andrew for getting Scottish Developers back and running again.

If you want to review the slides, they’re available here – if you want to use them yourself, please let me know.

Don’t share secrets in your SPA. Use PKCE instead.

During the session, a few questions came up that I want to put here for the permanent record.

Pop-up vs redirect flow

If you were watching myself and Christos closely, you may have noticed that I was using the redirect flow in my examples, whereas Christos, and most of the Microsoft examples, use the pop-up flow.

The key difference here is that the pop-up flow leaves the app intact, does the auth in a separate window, then returns the token to the app from JavaScript. The redirect flow leaves the app, does the login, then redirects back to the app.

The popup flow is thus easier to develop and work with, but it doesn’t work on browsers with strict pop-up settings. I’ve had to change Firefox to get it working, and I’ve never seen it work reliably with an iOS or Android browser. If you need to support IE, MSAL will fallback to redirect flow anyway.

To get the redirect flow to work reliably, you need to be able to restore state when your app gets reloaded. The best way to do this will depend on your app, but common methods would be to persist state (or just current route) in localStorage if there’s nothing sensitive, or pass the current route/state as a data parameter to the login call, and this will be returned to your callback URL, for you to handle appropriately.

Storing Access Tokens

Access Tokens are your secrets. Treat them as securely as passwords. Don’t use local storage for access tokens.


Best option is to keep them in memory, and rely on the browser process sandboxing to keep the secret safe.

As Christos mentioned, if you use the MSAL library, it has its own credential cache that will handle this for you.

Passwordless login

If you can, definitely prefer passwordless login. Chances are your website, or your intranet, isn’t important enough to your users for them to create a unique, secure password. Azure AD supports passwordless as well as 2FA and Hardware auth (including biometric on supported devices).

Auth0 supports passwordless login too

More technical details

Is there a use case for server-side secrets?

Yes. For backend services that don’t have an interactive login (such as timer-based jobs), and can keep the secret secure. However, where a service supports it, please use the Managed Principle approach as shown by Christos. If the service never knows the password, it cannot lose it. Let the identity provider grant trusted access on demand.

Where there is an interactive component, the OAuth flow allows the user to verify and control access to whichever subset of their data they choose.

development leadership

Ask Your Mentor These 40 Questions : about me (Q31-40)

Lifehacker suggests 40 questions to ask your mentor. So that I don’t have to repeat myself, I’m posting the answers here in 4 chunks.

31. What’s the greatest obstacle you’ve overcome?

I was a terrible communicator. Very wordy and imprecise. I started to give presentations, I started writing a blog, forcing me to condense my thoughts into a clearer, simpler form.

32. What’s an obstacle you couldn’t overcome?

I’m terrible at understanding emotions. Working with clients, I can’t tell the cues that help adapt what I’m saying to avoid conflict. I struggle to pitch at the right level of detail. I can communicate a lot clearer than before, but as soon as there’s non-technical issues, I absolutely need an editor. Sometimes that’s a PM, sometimes it’s another technical person. Just another perspective before I put my foot in it.

33. What’s the most unexpected obstacle you’ve had to face?

I’ve done a lot of recruitment over the years, and sometimes I have to reject someone either because someone else was a better fit, or because they failed on some criteria that’s not on the list (such as the guy who, when interviewing with me and 2 female colleagues, only answered questions to me).

Whilst I’ve always been clear that the decision was the right one, explaining that decision is the hardest part about the job. Whilst I want to be direct and honest, I know that my default approach is not appropriate for people who don’t know me well, and so I struggle massively writing, re-editing and phrasing things before talking to the candidate. It’s easily the most stressful thing I have to do.

34. What’s a good thing to be afraid of?

Causing harm.

I’ve worked with a lot of people who are motivated by the knowledge that whatever they build will be used and will make people’s lives that little bit easier. But it’s easy to let oversight or acquiescence let in features or bugs that will cause frustration or actual harm, whether by discrimination or universally.

Never underestimate the power you have to make or ruin someone’s day.

35. What’s been the most exciting point in your career?

Becoming a lead. Because letting go of having to do everything freed me up to think about how to make things better outside of the code I was writing. And suddenly everything was new and there were no easy answers, no red-green-refactor and no acceptance criteria for what makes a team work.

And I’m still learning.

36. Do you find any utility in holding onto regrets?

No. Never.

Regrets imply that you don’t like where you are now. And you have the power to change that.

Are there things I wish I’d done differently? Absolutely. And some of them I can’t even blame hindsight. I knew what would happen and I did it anyway for reasons that I couldn’t even justify at the time.

Know thyself. Learn the lessons. And move on. We all have professional as well as technical debt. Acknowledge it. Work with it.

37. Where do you think you could’ve done better, had you known what you know now?

I would have spent more time exploring at the start of my career. I got lots of opportunities, but the switch I made to a product company, which was also a lot smaller, taught me a lot more about myself. If I’d known how much I didn’t know, I would have jumped sooner.

38. Which values got you to where you are today?

“Don’t be irreplaceable. If you can’t be replaced, you can’t be promoted.”

So I document, I simplify. Any call I get out of hours or on holiday is a failure on my part, a bug in the system. If anyone has trouble following me in a project, I make fixing that bug my top priority. Don’t be a gatekeeper, don’t keep it to yourself, don’t be a bottleneck. Remove yourself from the bus factor.

39. When did you know you’d “made it” and were where you wanted to be?

The first time I got paid for writing software. Everything since has been an iteration on that. Review, reflect, improve.

40. Has your definition of success changed over the years?

It’s simplified. When I’m doing consultancy work, which is what seems to suit me best, success consists of 2 things, in this order :
1. Is the customer happy?
2. Did we make money?

The first is how to keep the lights on next year. The second is how to keep the lights on until then.
Everything else is just a way to break those down into smaller chunks.


Career advice for graduates

I saw this tweet and I’ve been asked this question myself a couple of times so I wanted to highlight this as a reference for others, and collect my thoughts into one place.

Know what you want. E.g. Do you want a startup with scrappy hours but more influence or a big company with more structure but where you have less control?

You don’t have to have a public profile.

If you do have a public profile, make sure it reflects you well.

Doesn’t have to be a blog, but always be thinking about teaching others what you’re currently learning. It really helps you in appraisals, interviews and networking because you’re already reflecting on your skills, and you can more easily help others

Apply even if you don’t meet all the criteria. In most companies “must haves” aren’t. You’ll need to meet some, and be prepared to learn others, but don’t wait until you’re 90% ready.

development leadership

Ask Your Mentor These 40 Questions : introspection (Q21-30)

Lifehacker suggests 40 questions to ask your mentor. So that I don’t have to repeat myself, I’m posting the answers here in 4 chunks.

21. If you were me, what’s the single most important question you would ask you?

Are the experiences I’m talking about typical for all, or do they exhibit a white cis male bias that I need to correct for?

22. If you were me, what’s something you’d aim to change immediately?

It’s never too early to practice your people skills. If you can’t put yourself in someone else’s shoes, you’ll never write the best software for them.

23. How can I tell I’m not cherry-picking which feedback I accept about myself?

In my experience, it tends to be the opposite. People pick out the negatives and ignore the cherries. The best way to keep yourself honest is to set it your own goals, and honestly reflect to yourself how you did, good and bad. Write it down in advance, and as you go, and look for opportunities to improve.

24. Is there a strategy to unlearning behaviors that are holding me back in this field?

Coding challenges are a great playground for behaviours and techniques. If you find a behaviour you want to change (e.g
too procedural, not enough functional), then challenge yourself to solve 5 puzzles without that behaviour, see how the new behaviour feels, and see if the old behaviour is sometimes useful.

25. Do I exhibit any warning signs that indicate this field won’t be right for me in the long run?

If all you care about are the technical aspects, you will limit yourself. Your job is solving problems, software is a tool. You need to know the technical, but you also need to understand elements of psychology, ethics, politics, economics and others. If you’re planning to stay within your bubble, new ready for an escape plan when your skills bedtime obsolete

26. When is it time for me to contemplate changing career paths?

When you stop caring about doing it right. Maybe it’s time to change jobs, but if the whole routine of requirements and coding and testing just grinds you down, get out whilst you still have passion. And follow your passion somewhere else.

27. How do I ensure I’m prioritizing the right things?

Always provide value. Sometimes the value is direct (e.g. a new feature), sometimes it’s indirect (e.g. refactoring before a new phase of work). If you’re not sure, ask. Either ask the team, the product owner, or all your future self what you wished you worked on.

28. Where do you feel I fall short?

That’s for you to answer. Ask for honest feedback and take it in the spirit it is offered. We always reflect on the sprint for ways the team could improve, and always there are things we can do better. There are axes to sharpen, new skills to learn, new people to teach and lead. Pick your favourite retrospective format and apply it to yourself.

29. How am I perceived by those around me?

See my previous answer.

30. What should I do right now to improve myself and my career prospects?

Figure out what your 5 year plan is. Once you know which direction you want to travel, the first step is much easier to decide.


Has blogging changed my career in a positive way?

As part of my mentoring, I was asking a question about this blog, and I thought the answer was worth repeating publicly.

The question was:

I am interested in learning whether blogging changed you career in a positive way?

It’s been helpful to me, and I know it’s been mentioned in a couple of job interviews, but for me the benefit was more about the discipline of writing and using it to clarify concepts that have been bouncing around in my head. I’m not always the best at writing clearly and cleanly, so blogging has been my way of practicing that.

I guess it’s a matter of what you want out of it. I don’t believe you need a blog to get a better job for example, there’s plenty of ways to that goal.

On another note, I’m not following John Sonmez any more after I saw him bullying others on Twitter. That’s something important to remember if you’re blogging – anything you make public you’ll be judged on, so be the best version of yourself when you express yourself.

Good luck,

development leadership

Ask Your Mentor These 40 Questions : success (Q11-20)

Lifehacker suggests 40 questions to ask your mentor. So that I don’t have to repeat myself, I’m posting the answers here in 4 chunks.

11. What decision netted you the most success in your career?

I quit my job. I was unhappy but I didn’t realise it at the time. I had nowhere to go but no-one was being highest with me. So I looked. For about 2 years. I tried to change my role in the company, or look for a promotion, but no-one was ever clear about what the gap was from where I was to the next step up. So I quit, helped build a fantastic team, and saw a great uptick in my salary.

12. Is there a particularly effective strategy for achieving success in this field?

Have broad knowledge. T-shaped, if you like that term. Know enough to understand and explain technical problems to your peers, even if you leave design, architecture and implementation to others. Know what their constraints are because it will make your job a lot easier. More than anything, hone your bullshit meter, because everyone you meet is biased, and chances are a few will be liars and charlatans.

13. Which people do I need to stick around to maximize chances of success in this field?

Anyone outside your group. Find a technical architect or a marketing person you can learn from. Find people who will broaden your horizons.

14. Where should I be networking?

In the TCP stack.

For connecting with people all bets are off in this pandemic, but connect with people the same way you would outside work – find common interests, maybe technical, maybe a hobby. Find people that you have the knowledge or connections to help.

15. Have you ever made a single change that led to tremendous success?

I stopped trying to keep up with every new framework and language. I’m happy to be a leader in different ways.

16. How can I be more strategic in pursuing my career goals?

Know what you want. Do you want t to be a domain expert? Do you want to be an architect? Do you want to lead and mentor? What will make you excited to get up for work.

Pursue that.

17. What traits do I need to exhibit to stay ahead of the curve in this industry?

Understand how to solve problems and the limits of computers. Read Turing.

Understand people. They’re the ones you need to communicate with. Your job is to be an interpreter.

18. At how fast a clip can one reasonably expect to climb the ladder in this field?

It’s faster in a start-up, with a lot more breadth. It’s more structured and supported, but slower, in a bigger company. Which suits you better?

19. What should success look like at this stage in my career?

Are you interested in your work? Are you learning something new?

20. What should I be focused on right now to smoothly transition into the next leg of my career?

Understand the business. Debug how the processes really work and who has the keys to your next job.

View on Trello

code data development

Zettel Lint

title: vision
created: 2020-10-11 21:48

There are many editors and extensions for working with connected markdown files. As I am working on multiple devices, it’s hard to find a single editor that works on all of them, and different editors are optimised for different things. In the spirit of UNIX, therefore, I wanted to write a suite of small programs (here coded as sub-commands) that will allow the connection and management of markdown files via automated processes, such as github actions, so that the knowledge base can be updated from anywhere.

This tool was originally created to manage a zettelkasten based markdown powered git repository.


  • All outputs should use standard formats, mostly markdown, but some usages may need something more specific.
  • All subcommands should be independent so that users can pick and choose whatever suits them.
  • Modifications aligned to particular practices (e.g. GTD, Zettelkasten, bujo) should live in their own subcommands.
  • This tool should not impose structure on the knowledge base.
  • Repeated application of a subcommand should only modify the knowledge base at most once, unless external factors apply
  • External factors include time triggers, update of import files

View on Github

development leadership

Ask Your Mentor These 40 Questions : failure (Q1-10)

Lifehacker suggests 40 questions to ask your mentor. So that I don’t have to repeat myself, I’m posting the answers here in 4 chunks.

1. What’s a big mistake you’ve made that you’d want others to avoid repeating?

Never take responsibility away from a team. Empower them and trust them. If you lead a team, don’t tell them that the buck stops with you, tell them that the buck stops with all of them. You can defend the team from others, and take responsibility for failures externally, but always make sure everyone is accountable for their own work and you all succeed together or not at all.

2. What’s your strategy for overcoming failure?

Move on. Leave the failure in your notebook, or in your action log. Own the failure, understand why it happened and work to avoid that situation in future. Put safeguards in place, rework the environment, but don’t expect future you not to fall into the same trap as current you. Move the trap where you will notice it.

3. What’s an essential lesson you learned as a result of failure?

An untested backup is a wish, not a promise. Test it to make sure its a promise.

4. When should I give up on a pursuit?

When it no longer provides value. Or there is a better way to provide the intended value.

5. Do you believe in the sunk-cost fallacy?

Absolutely. And I have worked on projects that recognised this, restarted from scratch, and delivered for less than the change in estimate to continue the project.

6. How do you assess what feedback is legitimate?

It’s specific, The person giving it has your trust, or the trust of others you respect, It’s given in kindness even if it’s given with force.

7. How do you integrate feedback into your work and lifestyle?

Always listen. Ask for feedback. But most importantly, act on the feedback, and show yourself acting on feedback, because that always encourages more. If feedback is lost, new feedback is never given, because what’s the point?

8. How big of a risk is too big of a risk?

Depends on the project. A team of 1 can handle a much bigger risk than a team of 100. A team with a strong PM who manages risk well, can handle more risk than one with a weak PM.

9. How do you determine which weaknesses can be overcome?

Ask. Whichever weakness you have, someone out there is thriving with it.

10. Can you tell a story of how you recovered from a massive blunder?

[I deleted a database]