Slow Down

We’re back for another year of The Crux!

I hope you’ve all had a relaxing break over the holiday period and feel refreshed. I tried to lead by example and took a full two weeks off and mostly stayed away from computers except for fun things.

For this first issue we have a bunch of data breaches because computers still exist, but if you use Lastpass I strongly urge you to move to a different password manager ASAP.

Some research I did with Anu Sharma from Statsig has been published and its has a bunch of references that are well worth checking out.

AI/ML that makes stuff up continues to be quite popular, no matter how much it breaks things.

The English continue to exert an enormous influence on the world, this time just with the language itself.

And I extol the virtues of systems that can be easily maintained in my first column for the year.

Happy 2023!

Things to note

A research paper by Anu Sharma and myself, How to Build a Growth Engine with Product Experimentation was published. We looked at how big tech orgs (Amazon, Microsoft, Facebook, and others) developed more scientific approaches to product development instead of just doing stuff and hoping for the best. I learned quite a lot about the history of software development and organisational change at these companies. Like all good research, I’m left with more questions than I started with and would have liked to write a lot more. The research was sponsored by Statsig. I recommend checking out the references.

A very interesting take on using erasure coding to address tail latency. I’m pretty familiar with erasure coding for data protection reasons (just don’t ask me to explain the maths) but using it to deal with intermittently slow or failed network services is surprising to me and seems really nifty.

You know all those tech industry layoffs we’ve been seeing? It’s probably just execs blindly copying each other rather than for any fundamental business reason, according to Stanford Graduate School of Business Professor Jeffrey Pfeffer. I’m sure there are plenty of post-decision rationalisations, though. Humans are good at those.

Open source developer Thomas Depierre asserts that they are not a supplier. I tend to agree. I’d suggest that dependency tree is a more useful metaphor than supply chain, anyway. The beauty of open source software is that if it breaks, you get to keep both halves.

Speaking of supply chains, a Roomba took pictures of a woman on the toilet and they ended up on Facebook. Privacy laws are coming and US tech firms are woefully underprepared.

The US is looking at more cyber regulation, particularly in ‘critical’ industries. I wonder if shifting liability “onto those entities that fail to take reasonable precautions to secure their software” will mean the proprietary software vendors like Microsoft, Oracle, SAP, etc. that create the vulnerabilities, or if the onus will continue to fall on their customers? My money is on the latter.

Slack’s private GitHub repos got hacked.

CircleCI also got hacked. If you use it, you should already have rotated all your creds.

Lastpass also got hacked, again, and this one is a big deal because the attacker got hold of customer vaults. Lastpass were really coy about the details but it’s emerged that Lastpass vaults aren’t fully encrypted, only some fields, which is just mind-boggling. Yes, use a password manager, but avoid Lastpass. I use both Bitwarden and 1Password so switch immediately if you’re still on Lastpass. I switched some years ago and it was relatively painless.

AI assistants help developers write insecure code. I remain unconvinced that making things worse while knowing less about why counts as progress.

Stochastic parrots are all the rage with investors, though. USD 1.37 billion was invested in them in 2022, apparently, “almost as much as the past five years combined”. I wonder what ChatGPT will say if you ask it to define an investment bubble?

Microsoft is planning to insert all this generative silliness into Office. Powerpoint won’t stop generating pitch decks for a Tay bot app that only sends a racial slur instead of Yo!

Just something neat I read over the break: The glass frog hides its blood while it sleeps so it’s even harder to see.

Longer reads

An interesting paper on how language shapes thought and that an over-reliance on English in research on cognition is biasing results.

Most people on Earth don’t speak or write English, so generalising from research done on English speakers by English speakers leads us astray.

I also recommend checking out [Evidence-Based Software Engineering: Based On The Publicly Available Data](Evidence-Based Software Engineering: Based On The Publicly Available Data) by Derek M. Jones, cited in the product experimentation research I linked to above. It has lots of citations itself, so beware this way lead you down a deep rabbit hole!

Weekly tip: Slowing down to do things well

Over the holiday break I did a bunch of maintenance of various household things. For the well-designed and well-built things, this was easy. For others, it was not.

Some things were difficult or impossible to repair or maintain. Cheap gloves. Cheap tools. They were disposable items, to be used briefly and then thrown away and replaced entirely.

The well-designed things clearly anticipated that maintenance would happen. They were (relatively) easy to take apart and re-assemble, using standard tools. They made it easy to access the parts that wear out (O-rings, lubricants, blades, etc.). They were designed so the parts that fail most often were cheap and easy to replace. This all took thought and planning by someone who knew what they were doing.

The thing is, replacing the disposable things takes time and effort. Either I have to maintain an inventory of spares or I go without a thing I need until I can find time to shop for a replacement. For a one-off thing, maybe that’s fine, but having to postpone a task because the tool I need isn’t working kinda sucks. Especially if the task is to get something I need back into production.

You see, successful things will be in production for a long time. That’s pretty much what successful means. Ideally, things that fail get removed or replaced.

And while it may be a poor craftsperson that blames their tools, a good craftsperson doesn’t tolerate dirty or blunt tools. Broken tools make your job harder.

Boots theory also suggests that sticking with disposable things for important jobs costs more in the long run, and the long run is what success implies.

Accidental success can see a prototype get into production. We’ve all seen it. They don’t have the features of something that was designed to be maintained. If the thing is going to last, sooner or later someone will need to replace it with something better.

I have found, through bitter experience, that spending a bit of time improving an important system to make it easier to maintain is cheaper overall. Both in terms of money, but also in time, which is probably more important. I spend less time maintaining or replacing things, which is often tedious and boring, and more time using them to do whatever it is they’re actually for.

That’s where my focus is going to be at the beginning of this new year, for a little while at least: tweaking my stuff to be easier to maintain. And every time I catch myself doing a bit of easy maintenance when I’d normally have a frustrating replacement task, I will give past-me a little pat on the back for slowing down and doing things well.