If you only read one thingāš¤¼ā Fighting With Your Boss (7 minute read) āGreat managers donāt get into sustained conflicts with their direct reports. If theyāre a really great manager, they either avoid the situation, solve the situation, fire the person, or quit.ā Your boss is fighting with you, which means they are not great. But how do you solve this? Excellent article. The one time I really had a sustained conflict with my boss, because he wasnāt on the side of developers but playing political games, I quit. Then six months later, the company let him goātoo late for me. I could find myself in that article. https://staysaasy.com/management/2024/07/15/fighting-with-your-boss.html
Stories Iāve enjoyed this weekš What is Old is New Again (18 minute read) āFor engineering practices, weāll likely see a push to choose āboringā technology, monoliths become more popular, āfullstackā and Typescript gain more momentum, and more responsibilities āshift leftā onto developers.ā All Hurray except Typescript of course. Once a TS evangelical I consider it to complicated. They should have stopped after adding types, like in TypeScript. But monoliths are back and boring technologies. I call this The Productivity Yoyo. Itās the time of the small company, the 100 engineer company (and less), no longer the era of the 10.000 engineer company. Smaller will adapt better to AI. The large ones will mass layoff people (they already begun). https://newsletter.pragmaticengineer.com/p/what-is-old-is-new-again šÆ Story Points are Pointless, Measure Queues (18 minute read) Story points bring lots of problems. If they work for you, keep using them. If not, drop them, there is no shame. Their inventor says āāI like to say that I may have invented story points, and if I did, Iām sorry now.ā On the contrary, optimize for impact. Assume the next iPhone is a great success. Makes billions of dollars. Do you think Tim Cook is unhappy because it wasnāt released one month earlier? Sure he might have wanted it earlier, but earlier and unsuccessful? Impact trumps all. Companies who donāt know what they are doing want estimates. Others just deliver. If you need to estimate things, like for a legal deadline, do so properly. Otherwise donāt. One client told me the company is unhappy because some years ago the velocity of the teams were the same. I was astonished, why would they be unhappy? Very probably 13 story points today are a larger and more complex story than three years ago. Teams learn the domain and get faster. A client was unhappy because one team was āslowerā than the others, it had a lower story point velocity. Perhaps their stories were more complex? The domain more difficult? Story points canāt be compared over time or across teams. But because they are a number without a context, they are compared all the time. And that leads to suffering and misery. If you need to estimate, three sizes: Too small, Right, too large. Thank me later. The article is very thorough with lots of good points. PS: The article thinks you should measure queues. While better, Iām not so sure. Measure impact. https://www.brightball.com/articles/story-points-are-pointless-measure-queues hangout_services/thunk.js (5 minute read) So Google Chrome had a secret extension that would tell *.google.com secret things about your computer, like your CPU load, that other websites could not access, only Google. For a decade. And no-one noticed and Xooglers didnāt tell. What else is in Chrome? Was it spying on competitors, spying on you? I have high hopes for the new Ladybird browser. https://simonwillison.net/2024/Jul/9/hangout_servicesthunkjs/ Diversity is hard (17 minute read) āDiversity is hardā. Could be my words. Homogeneity is easy, everyone with the same background, everyone 25 with a university degree, playing the same games, watching the same things on Netflix, itās cozy. But it is not driving innovation. Innovation is driven by different ideas from different people. āMore diverse teams outperforming homogeneous teams and claims that diversity increases cognitive developmentā So while diversity is sometimes stressful, it brings better results. https://jennymackness.wordpress.com/2017/01/12/diversity-is-hard/ Tesla prioritizes Muskās and other āVIPā driversā data to train self-driving software (5 minute read) So Musk thinks self-driving is better than it is, because Tesla trains the AI on Musks driving. Living in your bubble - it helps to talk to real customers. I once heard from a friend that the board gets a special service when ordering, not the one everyone else gets. And I once worked for a company, where all IT was outsourced, except for the board. I was told I should get in line, IT support isnāt as bad as I was saying (developers were blocked for days), but the board had a completely different IT support. Eat your own dog food Iād say, to all founders. And CTOs. https://www.businessinsider.com/tesla-prioritizes-musk-vip-data-self-driving-2024-7 The developers suing over GitHub Copilot got dealt a major blow in court (20 minute read) This will take some decades to settle down. The current state is āJudge Tigar determined that the code GitHub allegedly copied from developers wasnāt similar enough to their original work.ā Weāll see how long it takes before GitHub trains from private repos. https://www.theverge.com/2024/7/9/24195233/github-ai-copyright-coding-lawsuit-microsoft-openai Team Size Can Be the Key to a Successful Software Project (7 minute read) Personally I think the best team size is three people. A product manager and two developers. If possible, only the two developers. Everything will be faster and people take ownerships. Large teams lead to people not owning things and meetings that are endless - because everyone has an opinion. Myself coding Inkmi, got up 5:30am, wrote a feature, released, had breakfast at 6:00am. Small teams. Ah the article. āFrom the 491 projects that were analyzed we would conclude that a 3-7 person team has the best performance (3-5 would be the best [..])ā. At least 3 overlaps with my intuition. https://www.qsm.com/team-size-can-be-key-successful-software-project Building and scaling Notionās data lake (13 minute read) From one Postgres instance to 32 instances with 15 logical shards each to 96 instances with 5 logical shards each. But the article has much more insights on scaling a data lake. Interesting read with hard facts and experiences. https://www.notion.so/de-de/blog/building-and-scaling-notions-data-lake Leveraging AI for efficient incident response (15 minute read) An AI knows your code base much better than you do. An AI knows your metrics much better than you do. Why not ask an AI for the root cause of an incident? I was dabbling with this some years ago, but we only had stone age AI tools back then. Now Meta does this. An incident has three phases: 1.) Until you detect it 2.) Until you find the cause 3.) Until you release a fix. The impact of an incident can be lowered, by reducing each one of these three time spans. Too often we look at the fixing time, instead of the āfinding-root-causeā time span. An AI will help. If an incident is 10ms, is it an incident at all? Final QuestionsThe final questions are a short interview. This time with Khaled Karim, Cyber AR Co-Founder. In most startupsāand scale-ups! ā CTOs neglect security. There is always business pressure to grow, grow, grow. A professional CTO will not neglect security though. Listen! On to the questions ā¦ When should a startup CTO consider external penetration testing? Khaled: A startup should initiate penetration testing when preparing to present information to investors. Demonstrating robust security can boost investor confidence and lead to better investment opportunities. What is the biggest problem you see when people have their first penetration testing? Khaled: Many people are unaware of the importance of penetration testing for their websites or apps until they face a cyber threat. This often results in a reactive and frantic approach [Editor: YES!] to penetration testing and other cybersecurity best practices after an incident occurs. Whom do I call when I have a security incident (ābeing hackedā)? Khaled: First, report the incident to your local government authorities and file a case. If your company lacks an incident response team or threat hunting services, consider reaching out to a cybersecurity firm. Going forward, conduct regular quarterly penetration testing to identify and address vulnerabilities that attackers could exploit. Can I call you? Khaled: Sure, call me when you have an incident. Before that: In our penetration testing packages, we assign a team of experienced penetration testers to each project, rather than just one expert. This ensures that our customers receive the most valuable and comprehensive findings, and more people already know your systems. Additionally, we offer adjusted prices for startups and a free one-day penetration test to let potential clients experience our services before committing to a partnership. Thank you Khaled. My other work:
Join the CTO newsletter! | |
