Do you lock the door when you go shopping?

Come in, make yourself at home, help yourself, I’ll be back later

Well do you? I don’t because I leave the door open for the dog to come and go and they are a more effective deterrent than a door-lock.

So why do we leave the door open in our IT departments every day? And why do we open more doors than we close every day? Introducing software into the production environment always comes with risk.

  • Lowest risk – home grown software written by your team and vetted by your QA
  • Low risk – bespoke software created for you (outsourced/offshored) and vetted by you
  • Negligible risk – software from reputable vendors
  • Acceptable risk – open source software from reputable sources backed by vendors
  • Some risk – software from new vendors and startups
  • Unknown risks – open source software downloaded in an uncontrolled manner
  • Serious exposure – software that installs itself unknown to you

Serious IT departments have sophisticated change and configuration management solutions designed to protect production systems from rogue changes but they seem to have a blind spot when it comes to code whose provenance we cannot guarantee.

More and more of our applications contain open source elements, the infrastructure we use is built on more and more open source tools, even the very IDE we are using is likely to be open source. Open source is a wonderful concept but like so many human endeavors, something designed to further humanity can, and all too often does, turn to the dark side.

Develop a risk score card for your next deployment component by component and see where you stand. No artifact in your code base is free from risk, even code written and tested by your team. As we have learned from VW recently, there are surprises lurking in the heart of our code base that can do the business great harm. As Knight Capital showed us, if it is really easy to release good code it is really easy to release bad code too. As Royal Bank of Canada knows, best practices can save embarrassment, ignore them at your peril.

Deploying code requires end to end vigilance. That means scrutiny as code is created, scrutiny as it is changed, scrutiny as it is tested, scrutiny as it is deploy and scrutiny as it is used. We have to have the infrastructure to be our 24×7 scrutineer, to be our guard dogs.

We cannot leave the door open in the world of tech, we have to lock it, bolt it and guard it.

Posted in Business and Technology | Tagged , , | Leave a comment

Sherlock Holmes and the mystery of the VW Emissions Code Cheat

Das Cheater

Detectives, real and fictional, rely upon clues to solve mysteries. Criminals, real and fictional, spend more time concealing their crime than committing. That’s why it is fascinating to see the VW story continue to leak out more and more details as detectives detect and bad guys cover up.

At the heart of the VW issue is something we’ve talked about extensively here on BizTechFuturist before, the importance of software change and configuration management (SCCM). In simple terms SCCM is the process by which changes to software (and hardware) are requested, approved, implemented, tested, approved again, and deployed. This process is usually supported by pretty advanced SCCM solutions that track the status of the thousands of simultaneous changes happening in an enterprise software development group. This process is sometimes called the Software Development Lifecycle (or SDLC) and every organization has one if they are developing software. The SDLC can be Agile or Waterfall, more bureaucratic or more flexible, enforced rigorously or not.

The mystery, according to VW, revolves around not knowing who made these changes, why they made them and under who’s supervision. So that means they have no SCCM solution in place or, if they do, it is not being used effectively. Modern SCCM tools track everything and provide a detailed audit trail of every line of code that is changed, by whom, when, why and who approved the change in first place and who approved the deployment in the last place. Today’s SCCM solutions allow you to simply look at the emission control software, determine the offending lines of code and read the corresponding audit trail and you have your “smoking gun” with fingerprints and time-stamps.

What is really the question here is this: just as the Federal Government mandates seat-belts for passengers inside their vehicles, should the the government mandate software seat-belts (SCCM solutions) inside the automobile manufacturers? With hundreds of million lines of code running our cars these days, our safety has shifted from mechanical engineers to software engineers.

Elementary my dear Watson.

Posted in Business and Technology, Personal experiences | Tagged , , | Leave a comment

Taking the wait out of waiter

A quiet lunch because no one is talking

Just arrived at Newark Liberty Airport en route to Zürich. Time for lunch between flights.

Every seat at every table and every seat at the bar has an iPad on it. The menu is there in glorious technicolor, access to flight information, games and many sources of data.

A wait person comes by to help me make my selection and screens whizz by with options being selected on my behalf without asking. My credit card is processed in a flash and a receipt mailed to me.

It then goes into some automated reel of things for me to spend my money on.

I detach it and place it face down on the table but all around me screens flicker enticing my attention and distracting me from my task at hand.

The interaction between humans is precious: it defines who we are, it is how we learn, it makes each day full of magic. Even though ordering lunch is hardly pivotal in one’s day it is a moment to greet someone new, to exchange ideas and preferences and to discover how the waitperson will satiate my appetite. It is an honorable, centuries old, profession.

As I look around I see a group of women travelers engaged in raucous conversation their eyes glancing down every now and then. A table of colleagues talking to each other but transfixed on the iPad in front of each of them. Two men in suits, sitting just a few feet away from each other, both talking quietly on their phones but both jabbing and swiping nonetheless at the tablet. A family: the adults fussing about tickets and passports, the kids with the iPads in their hands, having already discovered they come out of their cradles, oblivious to suggestions about lunch. A restaurant full of people but not full of faces enjoying lunch: instead a sea of the tops of people’s heads.

We’ve talked about this before: just because you can, it doesn’t mean you should.

Posted in Business and Technology, Personal experiences, Personal growth | Leave a comment

I am a customer – I do not need any other title

Passengers can be messed about but we take care of customers

“This is an important passenger announcement”, “Subscribers can select additional options”, “For guest use only”, “Shoppers may return goods here”, “Residents must keep the gate locked at all times”, “Seats are for patients only” and “Moviegoers must have a ticket to reenter the theater”.

We see these signs and hear these messages thousands of times a day. Some thoughtful marketing person has encouraged the sign-writers and the public broadcast announcers to make the message more personal, more targeted by describing us as what we do rather than what we are.

And, in doing so, we have lost the basic purpose of these messages. This is us communicating with our customer. The customer should be afforded respect and courtesy because they pay our salaries and feed our children. For the customer, we will do anything to keep them loyal, get them to buy more and maintain a long term relationship. Customers are hard to get and easy to lose.

When we talk about “passengers”, “guests”, “subscribers” and all the rest, far from increasing our connection to the customer we distance it. We separate the value the customers give to us (their time and money) from the service they receive from us (our product and service). When we do this we dehumanize customer and this allows us to treat them as our product and not as our primary concern.

We can easily re-book a late arriving passenger on a later flight but would we change the travel plans of a hard won customer without their consent? We can, with a clear conscience, redirect subscribers who want to cancel their subscription to the least well staffed option of our automated phone system but would we treat them that way if they were, instead, seen as unhappy customers looking to get better service? We can leave nameless, faceless patients unattended for 4 hours and bill them whatever we think we can get away with but if we see them as customers in need of care who chose our hospital over another would we treat them differently medically and financially.

While ever a corporation’s first duty is to the stockholders there will always be bad service.

Next time you are described by what you for the corporation remind them that you are simply a customer and that you have choices.

Posted in Business and Technology, Personal experiences, Personal growth | Leave a comment

Gaming the system

Everyone wants to optimize the system. Perhaps to improve throughput, to eliminate waste or to target the message to precisely the right audience. In the push to optimize emphasis is on what is commonest, what can be defined most clearly, results in edge cases falling outside the optimized boundary.

Last night I arrived at my hotel to be told there was no room for me. A room I had secured weeks before at a hotel chain where I have the highest status. It turned out that the hotel had overbooked, a common practice knowing there will be no shows, and that a single corporate client had reserved all the other rooms for the rest of the week for their employee event at a nearby convention center. This put me on the outside of the optimized boundary, only one night, not an employee of the corporate client and not at the convention.

Our optimization of our inventory, resources, time, hotel rooms, requires constant fine tuning to maximize revenue and minimize costs. Along the way we may end up reading commitments made to our customers. The question is what obligation do we have to those commitments? Ethically we should honor the promise of the service we offered but the shareholders demand that every cent of profit be squeezed out.

In the end I shamed the hotel into giving me my room but it left me in a foul mood and a broken relationship with my preferred hotel chain. Perhaps we need the same kind of league tables for corporations we have for airlines on-time departures listing how frequently they keep their promises. An organization with integrity is more likely to get my business than one that will trade my loyalty and customer for a few dollars.

Posted in Business and Technology, Personal experiences, Personal growth | Leave a comment

Apple’s quality is legendary

Not yet a rotten apple

With apple, one is never sure if it is a cool feature too cool to be understood by mortals or just another bug. While the world is distracted by breaches in iOS 9, the rest of us are facing daily disruption from changes that are breaking formerly robust, reliable and familiar capabilities for what seems like no good reason.

Once renowned for the clarity of vision and excellence of quality, Apple seems to be suffering from the same sloppy execution we’ve come to experience from too many other vendors. Once legendary for their execution we now remember those halcyon days only as a legend we tell our children.

What finally made me write is the complete breaking of the Podcast App.

  • The date is wrong on the downloaded podcasts
  • Casts won’t download because they are “unavailable” when they clearly are not
  • Casts pause without reason and restart without prompting
  • Random colors are assigned to the background making it impossible to read (found the option to turn this off eventually)

Come on Apple, you know you can do better than this.

Posted in Business and Technology, Personal experiences | Leave a comment

If you don’t want me to reply do not email me

One of life’s little annoyances are the no-reply email addresses vendors like to use to send their communications. When you are writing to me to ell me about a change you’ve made or about a problem with my order I might want to know more. So why, oh why, do you send me an email from an account that no one is monitoring?

For some, myself amongst them, the act of writing is a sacred privilege granted when one forms a bond with another. That bond is permission to communicate, collaborate and achieve common goals. No-reply email addresses are the corporate equivalent of “talk to the hand”, with the same disrespect and dismissiveness. This takes rude to a new level because it is the act of a mindless system programmed by, one assumes, someone whose grandmother was not consulted on the matter of manners.

If you are responsible for an automated system that sends out no-reply responses, please don’t. If your customers, clients, employees, vendors, partners, friends and neighbors do you the courtesy of replying, don’t you think you should read what they have to say?

Or just talk to your grandma and she what she thinks.

Posted in Business and Technology, Personal experiences, Personal growth | Leave a comment