I love working with smart people. I learn a lot and it gives me energy.
I hate working with smart people who aren’t motivated. They’ll either get sloppy, get a new job, or get creative with their code design. The kind of creativity that makes you curse when you’re debugging a production incident at 3am.
The best creativity happens in a constrained environment, which also happens to make the easiest debugging.
Sure, we could let the developers figure out the best way to do something for every component, and there’s sometimes a benefit, but for every hour they’re spending figuring out how to solve a problem that didn’t need to be solved, or figuring out an unusual design, or evaluating a logging package, or writing boilerplate, there’s an hour not delivering value.
When an architecture is designed to put everything right where it should be, where decisions that have already been made are baked into the code and the tools, where a developer doesn’t have to think about how to structure their solution, the code is easier to write, easier to review and easier to debug.
Chefs like to follow mise en place. Everything in its right place. Before preparing a dish, prepare the workspace, the knives, and the food. Everything you need for the task and nothing you don’t. Everything is in a predictable place. Because then you can concentrate on the dish, instead of the kitchen. Good preparation helps every task fall into the pit of success, and makes it easier to recover if something goes wrong.
The more steps you have to complete a subtask, the easier it is to make mistakes. You might forget what the previous step was, you might walk to the fridge and then have to return to your workspace to remember what you need. Multitasking adds friction and adds opportunities for error.
That’s why we want encapsulated classes and single responsibility. One change updates one file, as far as possible. Although one feature may cover many changes in order to make it possible. Isolate your code from the data store, isolate the public API from your code, parse don’t validate.
Keep smart people working on solving new problems, and keep them consistent, because that’s the way to get the best from the team at all times, especially when you have a Priority 1 to update a logging framework at 3am.
The following is a lightly edited conversation I had with a tech-savvy friend who is not in IT. It was about the FBI trying to break the encryption on an iPhone so they could access potential information on criminal activity, but in light of the UK government seeking to add backdoors to all messaging platforms, for much the same reason, I thought it was a good time to revisit the arguments.
My friend’s comments are quoted, and the unquoted text is mine.
Imagine a technology existed that let you send things via post and to you and everyone else it looked like an envelope, but to the NSA it looked like a postcard, and they could read everything.
How does the NSA prove it’s them? How can we trust them? What if the FBI or your local police force can pretend to be the NSA? Couldn’t criminals, or your stalker ex do it too?
Maths doesn’t deal with legal balance. Either you let everyone in, or you let no one in. That’s the political choice. Is getting access to this phone more important than keeping other governments, such as China or North Korea out of phones they are interested in?
I don’t know if it’s an all or nothing situation though… are we saying that the courts shouldn’t be able to force entry into criminals data? Or are we saying that all data should be accessible to all outside existing privacy laws?
Think of the Enigma code. Once it was broken, Bletchley Park knew most of what the military was doing. If the Nazis knew it was broken, they’d have stopped using it, and all the work would have been for nought.
Enigma is a great example of why the code needed to be broken in the first place. That’s a chicken and egg scenario. But also a really interesting point! What if an iPhone is enigma, and say GCHQ cracked it. Would the evidence be allowed in court?
Is it not the case of Apple granting access to specifc phones; not being given the technique to do so?
What I’m worried about is the fact that big companies could hold justice and common law to randsom: that to me is equally as worrying as big brother, if not even more so. We can “elect” governments, and they can pass legislation to create international privacy agreements (as what Snowden’s revelations led to) We can’t elect Apple and I detest how Apple seem to be influencing justice; that is a very very bad sign of things to come.
Don’t even get me started over how data protection doesn’t exist between companies any more. Logon via Facebook anyone?
Is it not the case that Apple can access all this data anyway? So does Apple not have an ethical responsibility to disclose evidence for an individual case that has a court request attached to it? Guess not. Is that an appropriate level of power a company should have? To dictate what can and can’t be shared with courts?
Corporations already have too much power in the world. By not establishing a legal framework of when it is appropriate for a court order to be issued and have access (e.g to break and enter) we are basically letting sometimes serious criminals have a get out of jail free card. And that includes tax dodgers like Apple.
Apple can’t access the data at the moment, that’s the point. It only exists on the phone, encrypted with a key that’s password protected with a password only known to a dead guy.
Interesting. So none of his data was stored on Apples / 3rd party servers and it was all encrypted on the phone? What about all his comms traffic. If I encrypt my (ah hem) Google Android phone, does that mean that my emails can’t be viewed by Google?
A lot of this comes down to trust. I don’t trust our govt nor the govt of others, but equally I don’t trust Google or Apple.
He switched off iCloud sync so it was all on his phone. However, as it was government issue, they could have changed that via policy if the FBI hadn’t tried to change the iCloud password, and hence locked the phone out of the government domain.
So they got locked out. That’s hilarious.
What I tend to do these days is try to remove my mind from the broader political implications and think about things at a ground level then I thought…. what if a phone contained information related to the death of my loved one.. then I realised there should be a controlled process in place to retrieve data legally and transparently.
I think the broader implications are important. If they can do it here, where else would it apply?
We have to think of real world scenarios : a murder in Glasgow, a child missing, that type of thing
Look at councils using anti-terror legislation to catch petty criminals, or DSS using it to follow people on benefits.
Imagine an encrypted padlock to a cabinet containing murder weapons.
Who watches the watchmen?
That’s conspiracy speak Craig. If we don’t trust the courts… then who can we trust?
It’s recorded activity. It’s not conspiracy if it actually happened.
courts are separate from government. They have been in Scotland since 1748.
I trust the courts. The problem is that many of these powers bypass the courts.
DSS is rarely a court matter.
Yes, but they are doing so illegally and that’s why new laws are coming in
And a backdoor for one is a backdoor for all. If the FBI have a post-it note with the pin for that murder weapon safe, it only takes one photo for everyone to have access.
The FBI is not the UK. We cannot control what Israel does but what we can do is create controls for the UK. so… if my loved one is killed, and there are photos on the phone.. then of course the police should have access! It’s a no brainer
True, so why would we want a situation that increases the risk of Israel, or North Korea, having the means to access something that sensitive?
What’s sensitive exactly? They don’t care about normal users!
Even if it means Journalists at News Of The World can also gain access to those photos?
That’s illegal! As is breaking and entering.
It didn’t stop them last time.
Yes.. and look what’s happened.
They renamed it to the Sun on Sunday, and carried on as normal?
Come on…. I’m saying that only the courts can have access.
Being illegal doesn’t stop things from happening. That’s why we lock our doors and fit burglar alarms.
and besides… they cracked the iPhone anyway!
That’s not how maths works.
Life isn’t maths. Life is ethics. Ethics are not maths
Yeah, there’s an Israeli company that will break into iPhones for anyone who pays.
What Israel does is up to them.
No, but encryption is maths.
But retrieving data is an ethical issue. It’s not black and white. It’s about appropriate use of powers
Like knowing when to put someone away for life, or releasing them in 10 years
It would not be acceptable for police to hack my phone without just cause, but it would be acceptable if they suspect me of plotting a terrorist act.
I agree, but when access to the data cannot be done without compromising everyone’s security, we have to ask where to draw the line?
We draw the line through the law.
CCTV inhibits crime in those areas, but we accept that it’s creepy to allow it in bathrooms.
And many offices do not have CCTV inside because the risk of losing sensitive data is higher than the risk of crime.
You can only film in your property. That’s the law. But.. of course there is a difference between private companies and local government. And that’s where PFI come in….
Plenty of public CCTV as well
Not here there isn’t
Depends where you are, agreed.
There’s a camera on the bus.. I think, and at the primary school, maybe one in the shop…. but I don’t think big brother is watching when they can’t find muggings taking place at the Broomielaw!
That’s about effectiveness though.
Google is the one to watch
Yeah… but Facebook has countless terrorist pages funnily enough. So they can’t even monitor effectively. Let alone GCHQ.
Depends who has the most effective Algorithms. We don’t know what GCHQ is capable of. Just ask Snowden.
You know fine well it’s not about monitoring – it’s about textual analysis – patterns – heuristics. GCHQ is trustworthy. I have no problem with them whatsoever.
That’s cos you’re not Harriet Herman, or a union activist.
I really don’t, maybe I am naive, but I’m not scared. If I want to disconnect all I have to do is switch off the router and remove my sim oh and stop using my bank card and then become a missing person…
Does that come as a surprise? They may as well just have attended a meeting.
No. But it shows trusting the courts is naive when it comes to backdoors
Attending a meeting is enough to put you on a watchlist.
This is not the same as getting access to evidence for a crime that has taken place. If you want secrecy, you can meet in the woods. It’s very simple…
Sorry, but I do trust our system of justice.. I don’t necessarily trust the government and I certainly believe that there should be water tight controls that allow for breaking and entering into criminals data. And that includes data from corrupt politicians. It works both ways.
Digital forensics is a thing… with impossible encryption the whole thing falls down
Now… I like encryption… especially for B2B, but Apple are not gods! And private companies should never be above the law. If we let private companies rise above the law, we will be in a much worse situation than we are now… it’s already bad enough with tax avoidance.
It’s not about being above the law. It’s about a clear standard, and if police don’t have evidence to hand, they have to collect it. Sometimes cameras are broken. Sometimes weapons are lost, and sometimes you can’t get access to encrypted data.
They can only legally collect evidence if they have sufficient knowledge of a criminal activity.
And they have ways to set up intercepts in those cases, without physical access to the phone
It is fashionable to hate on JIRA for software developers. Project Management made spaghetti. It has its faults, but the biggest issue is what it allows. It’s not opinionated, so any user can define any process to follow. It’s a perfect machine for generating red tape, or paper clips.
So we get processes upon processes, the simple rhythm of a ticket lifecycle or of a sprint adorned with Deferents and Epicycles as we try and tame ever-increasing complexity with more text boxes and more statuses.
Complexity cannot fix complexity. But who has time for simplicity? This is the fundamental paradox of enterprise that Agile, and every “new big thing” is meant to resolve: complexity is added to reduce risk, but the complexity itself creates risk, and makes the risk harder to name, harder to spot, and harder to recover from if it is realised.
We have the 5 whys, the blameless retrospectives. And whilst the intention is sound – blame the system, not the individual – the solution is often to add new trinkets around the edges of the system. And reinforce that the system is the only way. They mistakenly put process at the centre, and ask the people to support the process, whereas the process should support the people.
But of course, this creates the shadow IT departments and the “non-compliant” centres. One place I worked had a strict policy that no one has admin rights because that fixed a problem lost to the mists of time. I understand the benefit of the policy, but at the time all our developers were working on IIS and couldn’t develop the websites we were paid for without having admin access on our machines. And so we had dispensations and workarounds until ASP.net core fixed the underlying issue of requiring admin access to serve web content.
Some companies stack procedure on top of procedure because the project is the centre of their universe rather than business value. And every company is in danger of falling into that trap as they treat risk management as risk elimination, instead of mitigation or recovery. They condemn every project to the tarpit of success, sinking below the crushing weight of process where sunlight cannot penetrate.
You will never have a process that prevents the next failure. You need a process to detect and recover, and you need to remove 99% of the “just in case” procedures from your process.
You don’t need to double-check the prime DVD copy before sending it for distribution, because no one has a DVD drive on their servers. You don’t need to change the admin passwords when someone leaves because there should not be an admin account that isn’t attached to a user. Eliminate the process, because every process you have is a process someone can forget. The best process is one you don’t need because the risk it mitigates cannot be represented by the system.
Either accept that you are not the centre of the universe and rewrite your rules to understand that you merely orbit the sun like so many others, or live out the fantasy that you are special, that your problems are unique, and add deferents on top of epicycles when the universe tries to disabuse you of that notion.
You can’t control the universe, only how you react to it. So don’t use JIRA to enforce pi to be 3.2.
The history of computing has been an evolution of conversation between us and machines. Single-purpose machines were built to be talked about, not communicated with. Even a hoax like the mechanical Turk.
But then the punched cards of the loom and Ada Lovelace’s ideas of a general-purpose computer started to become real, and we needed a language. At first, it was a language based on mathematics, the language of log tables, the language of angles, and then the language of letter frequencies. But soon we got more advanced, we got to the language of logic. Decision making, and computers, were open to working on anything.
And that’s where software engineers, programmers and developers enter the story. The medium of communication between the world of humans and the world of logic (because there has been no greater fallacy in human endeavour than to assume there is a complete overlap between the two, despite how many Nobel prize winners in economics have tried to prove otherwise).
The story of computers since then has been the story of building layers upon layers on top of machine logic to bring machines closer to humans. The command line, high-level languages (when C was considered a high-level language), graphical user interfaces, and the emerging field of voice and text conversation epitomised by Alexa and but Google and Facebook bots, but also the first line at the call centre, the first responder on live chat.
There has always been a conversation, and there’s always been a mismatch between our words and our intent.
As developers, our job is to derive intent from those words and the actions. Traditionally, offline in workshops and focus groups, but increasingly in real-time, teaching the machines to understand users and adapting conversions, websites, and apps, as we detect errors and confusion, as our data tells us users are unable to complete their goals.
There has always been a conversation. But this new conversation is with the users, and the machines, and the stakeholders, in real-time. With incomplete and biased data.
Be forgiving in your conversations. No one knows what this global conversation is like. But we know from social media and the news that not everyone in the conservation is pursuing truth and simplicity. But that is the only logical route, and behind all the facades is whatever truth you’ve built into the system. Are they the truths you can stand behind? Are those the truths that help and empower people?
Communicate your truths clearly and without favour, because this conversation is never pure or simple, and we have unearned power to control and shape that conversation. I don’t know if anyone would have chosen to give power to the developers and make us responsible for the truth, but in an information economy, that’s where we are. All these conversations are our conversations.
Tech is not neutral.
Speak your truth and recognise your responsibility.
There’s a deadline looming, and your estimates show the project coming in late. Very late.
You need to claw it back. Drop the ballast and become a lean mean coding machine.
You have a plane to catch. You look at your watch and you’re going to be late. Very late.
You need to cut corners. Shave as you shower. No time for shaving foam in the mirror.
The first cut is annoying. Your cheek stings in the heat, but you keep going.
A second cut, right on the chin. That one hurt. And it’s dripping rather than seeping.
But you need to finish. You don’t have time for this. Keep going.
Missed a bit, back under the chin.
4 cuts. 3 seeping and one dripping.
And the heat keeps them open.
So you patch it over with tissue once you’re out of the shower, try and clean it up to see what you’ve missed. And then you have to go back in and finish the job with cold skin, so more nicks, and more time is taken.
Aftershave to help seal and clean. That’s sore. That’ll sting until you get on the plane.
More tissues, and then plasters. Trying to get dressed without getting any blood stains, so that’s slower too.
Every shortcut you take has consequences. Technical debt pays interest, and sometimes it’s eye-watering. The debt exceeds the functionality and the project takes longer, and even longer than that. And so you have to make more cuts and ensure more pain. And still, your clients can see it’s held together with plasters that are already starting to peel.
Don’t be a speed shaver. You don’t have enough time to do it quickly.
Shopping cart (up to the point of collecting payments)
Don’t worry about building something unique. If you’re building something with lots of examples, you’ll have something to refer to when you get stuck.
Find something you know. Something where you can write down 5 requirements now without research because it’s something you use or an itch you have. And then you can work back from those requirements to the features you need to build. That’s the heart of programming. Not writing for the computer, but translating from human to machine, breaking things down and formalising them into simple rules.
And that’s when you realise programming usually doesn’t involve maths. It’s about thinking logically. What are the mechanics of the feature?
It’s not: I want list of tasks. It’s:
When I open my tasks, then I can add a new one or mark an existing one as complete.
When I type in a text box and hit Enter, then a new task is added to the list.
When I click the checkbox next to the task, then the task is removed from the list.
There’s an action and a reaction that the machine understands. There’s choices of actions that the user can make.
Use what you learned in the tutorial to translate those actions into simple functions, and to translate the choices into a user interface, whether web, native, command line or API. Then look at it, and make it easier, faster, more secure, or add more features.
The goal here isn’t to learn a specific language, although it will help you do that, it’s to think about how to take an idea, or a requirement, and translate it into something the computer will understand. I think this is the hardest part of the journey, but it’s the most important. I’d also recommend trying programming challenges such as Advent of Code or Project Euler to get practice of writing and thinking.
Good luck on the next, biggest, step of your programming journey.
The asychronous pattern in C# is great for simplifying the boilerplate of dealing with threads. It makes things look simple, but as with all abstractions, there are leaks.
In most cases, when an async method calls another and there’s no chain (e.g. public method calling a private method directly) return Task is fine, and avoids the overhead of the await state machine for that method.
BUT never do inside a using, or other scoped construct where the object required by the inner call requires context to successfully complete.
In the following example, the first variation, without the await, returns a database call that escapes from the context of the database connection at the end of the method, so when the call is made, the database connection has been closed. You need the await in the second example to postpone the disposal of the database connection until the GetUserAsync call returns.
In this example it’s fairly obvious, but the same pattern can cause threads to unravel far from where this fray was introduced.
public UserDetailsRepository(IDbConnectionFactory dbConnectionFactory)
_dbConnectionFactory = dbConnectionFactory;
public Task<UserDetailsResult> GetUserDetails(string userId, CancellationToken cancellationToken = default)
using (var dbConnection = _dbConnectionFactory.CreateConnection())
return GetUserAsync(userId, dbConnection, cancellationToken);
public async Task<UserDetailsResult> GetUserDetailsAsync(string userId, CancellationToken cancellationToken = default)
using (var dbConnection = _dbConnectionFactory.CreateConnection())
return await GetUserAsync(userId, dbConnection, cancellationToken);
.net is a battleship, and it’s taken a long time to change everything to core, and figure out what the Framework/Core future is. In the meantime, you may have found your project crushed in the path as new APIs change or old technology gets deprecated.
Ask Java developers about where Oracle is taking their language and you’ll hear a similar story. The future is different. Maybe better, but in some places definitely worse.
Change is inevitable. That’s why our industry has embraced agile, so we’re ready to change on weekly or monthly cycles, not yearly ones. The longer it takes to make the decision to change, the more baggage you have, and the harder that change will be. That’s why Jez Humble recommends “if it hurts, do it more often”. That change may come from the business, from the competition, from the platform, or from the environment. How did you deal with Heartbleed, or Spectre? How many of your customers are still vulnerable, and are reducing herd immunity for the rest? Are other companies carrying your baggage without knowing it? Are you the reason that IE6 VMs are still a thing?
The bleeding edge is painful. .net Core broke things, Angular 2 broke things, Python 3 broke things, Edge broke things. But not keeping up breaks more.
When I was a tutor at university I remember one student who I only saw towards the end of the year. I think computer science was their additional course. They came in after apparently spending the best part of a year learning Java, and sat down to complete their assignment.
It didn’t take long before I was called over to help. Their code wouldn’t compile. A fairly standard console application, with some output. And no semicolons.
I was incredulous, and as a young eejit, I’m not sure how well I hid that. I couldn’t believe someone could have completed the lectures, read the books, and completed the previous 29 assignments without using semicolons.
How could they spend a year on a Java course and not learn anything?
Regrettably, I refused to help them and pointed them towards the obvious and clear error messages that they’d obviously been looking at before they called me over.
I wasn’t going to build it for them. I couldn’t teach them 1 year’s coding in 15 minutes.
And yet, they turned up. They asked for help instead of struggling on. Exactly the things I’d wish for in my new starts when I started leading teams and onboarding staff.
They knew the shape of the solution and they knew where their talents were. If I’d been a little more patient, I could have nudged them gently on. But I don’t know if that would have been enough.
If you are mentoring or leading developers, are you stepping in early enough? Are you praising effort and being vulnerable enough to ask for help? Can you see their strengths and weaknesses? Are you giving yourself enough time with them?
Are you being the senior that you wish you’d had when you were a junior?