Inside the Box

Personal site of Lee Grissom

A Letter to George

Oct 13

Posted by Lee in Uncategorized | No Comments

Hi George,

I wanted to share my thoughts and to invite you to share your thoughts and ideas.  You have a lot of experience and it just makes total sense to get your ideas out to see if they can be leveraged.  As you pointed out, not all ideas are applicable to our culture or projects, but I for one would like to hear and learn what you have to say for my own betterment at the very least, and possibly serve as a champion for the really good stuff.

I come from software development background where I’m accustomed to semi-mature development practices.  We didn’t necessarily follow through with all the industry best practices, but looking back I can now appreciate how mature we were.

On just the few things I’ve worked on here at my new job, it’s evident that there lacks some attention to detail and the discipline that one might expect of mature development practices.  I am the new guy, so I want to be mindful and what I say and to whom I say it to.  Life is about people and how we make each other feel, and I want to be very careful to not offend anyone or over-step my boundaries.  While I have 15 years of experience, I still have a lot to learn, and will always be a student of software and life.  The other half of that equation is that I know where we need to go, and I know what it’s going to be like once we get there… but I’ve never driven, so I am not familiar with the roads.  But with the help of others, I know we can do great things.

Do you ever stop and say to yourself, “Why are we doing things this way?”  Or, “Why aren’t we doing this?”  I am starting to.

For example, tools.  I am used to distributed work environments and doing branching and merging of code bases as a normal course of operation.  I concede that merging is a pain and most people botch it.  That’s a justification for a really good Merge tool.  I personally use “Araxis Merge”.  I’ve been using it for over 10 years and it makes me more productive and helps to ensure better reliability of my code merges.  I’ve heard you mention “Snag-it” a few times, and I concur that it is a fabulous tool and I have it installed too!  Granted, there are alternatives to our favorite tools, and so as the team grows we should make it a point to show and tell about our favorite tools in a manner that everyone on the team can benefit from.  Maybe there’s another merging tool that is more awesome than Araxis.  There will be persons that will appreciate the information, and there will be persons that couldn’t care less.  That’s okay, critical mass is all that’s needed to effect change.

But more broadly, and more importantly I feel like each topic or each new idea needs a proper audience with the thought leaders that are in the trenches.  5 minutes of discussion during a status meeting about an idea isn’t sufficient to explore these things.  Perhaps we should have our own meeting twice a month that is just the team and we discuss the topics that interest or concern us as opposed to management topics?  At Quest, we had several special interest groups (Delphi, .NET, SQL Server) that met during lunch once a month to share ideas.  It was fun and fruitful.  The success of those meetings was solely dependent on the passion and commitment of the employees.  On the other hand, I’m cognizant that too much discussion can be equally ineffective.  I loathe meetings just as much as the next person, so maybe that’s not such a good idea after all.  Just a thought.

The end goal for any team is solidarity. In a perfect world, we should all be in our places at the orchestra, playing our instruments at the same time, in harmony.  The more we collaborate, the more we share, the better our products and services will be.  I’ve seen you and Hugh collaborate daily and I personally think that’s the best development practice ever.  I’m a huge proponent of “pair-programming” (a tenant of Agile methodology btw).  I’m trying to do the same thing with Matt, and he seems to be of the same mindset.

But the really great ideas have all already been thought of.  Whatever problem we’re facing, someone else has already thought of… somewhere out there.  Fortunately, thought leaders and really smart people have written about their experiences and have shared them with the world through blogs and forums.  We don’t need to be smart.  Someone else already is, and we can access that knowledge and apply it to our specific needs.  At least that’s the theory.  That approach has worked pretty well for me, for a long time.  Maybe you or someone else has an even better strategy.

Thanks for reading,

– Lee

Are social media sites a security risk?

Nov 18

Posted by Lee in Uncategorized | No Comments

Raise your hand if you have a Facebook or Myspace account?

Raise your hand if you have an online bank account?

What’s the connection?  Please, chalk this one up as being paranoid, but there is a small point to be made.

When you signed up for your online bank account, most likely you had to specify a username and password.  Right or wrong, that’s typical of most web sites these days.   We all have multiple online accounts of some kind, whether it be iTunes, Banking, Google, MSN, etc.  And it can be pretty easy to forget your password.  So to help address the pandemic of password amnesia that we all suffer from, many web sites have instituted a scheme to make it possible to reset your password in case you have forgotten it.  (Don’t get me started on how much I loathe passwords as a means of authentication!)

During the account creation process, after you’ve chosen a username and password, you are presented with a choice of security questions in which you are to specify an answer that only the real you could possibly know.

For example, on a typical web site, here’s what you might see:

Security Questions

Security Questions

I almost can’t stand to wait any longer to make my primary point here.  My being a general problem solver/identifier, I immediately question the integrity of this security approach.

Here’s how it works:  I choose one of these questions, and I type in the correct answer.  So that in the future, if I should forget my password, I’ll be presented with that question (and some other challenges too), and if I type in the correct answer, the system believes it’s really me and grants me the ability to create a new password of my choice.  Well isn’t that special?

But how helpful is the security question in this process?  The list of questions seem awfully easy for a lot of my friends or family or even remote colleagues to answer correctly.  I mean, everybody knows the name of my junior high school, and I’m sure I’ve told everybody the name of my first girlfriend.  Almost nothing on this list is really secret.  Especially as we divulge more intimate information on our favorite social media websites such as Facebook or Myspace.  Myspace in fact was sharing all of my information with a plethora of other sites.  I had to do a lot of damage control from that discovery.

I won’t walk you through the process of how you can employ social engineering to coax information from unsuspecting victims, but suffice to say, it is possible.  The bottom line here is that there is a good chance that most of your friends on your social network will have the means to answer your security question.  Does that mean we shouldn’t share intimate details of our lives?  I say no. I think that the future of authentication should not rely on these types of security questions.  We should be able to share the details of our lives without worry.  In fact, in an ideal situation, we shouldn’t even need to remember passwords let alone deal with forgetting them.  That is the future.  Let us hope we get there sooner rather than later.

Reality… Expectations

Nov 13

Posted by Lee in Technology | No Comments

I think one of the hardest lessons a child must learn is how to deal with disappointment.  How we feel throughout the day is largely function of how we deal with the difference between reality and expectations.

FrustrationWe can’t change reality, so we only have two variables that can be controlled.  There is nothing wrong with having expectations.  And there is nothing wrong with having ideals.  Those things give us hope!  The first thing is that we can re-frame our expectations to be more realistic.  This is where the power of critical thinking can really help.  I’m not advocating we lower our expectations to a point where we become despondent or apathetic.  Apathy is a dark corner that no one should be forced to find refuge. 

The remaining piece of the triangle that we can do is to manage our disappointment.  This takes practice, and is a life-long endeavor.  Things will always frustrate us!

All software has bugs.  This is true of all of things in life.

It’s aggravating when the software you use and depend on doesn’t work the way you want.  Anyone that’s used a computer probably has countless stories of lost data or crashes, or any number of annoyances.  There’s a large divide between reality and our expectations.  “It should just work”.  I agree.  It should.  But as someone that has spent the past 13 years writing software, I know all too well that writing software that works flawlessly is an unreachable goal. There are just too many agendas and forces that work against that goal.  We can approach it asymptotically, but we will never be able to quite reach it. 

We should always strive for improvement.  Improvement is something that is easily achievable. Each year, cars get better, phones get better, computers get better, etc. 

Do our personalities get better?  Am I wiser and kinder this year?  Have I improved how I manage disappointment?  Has the man inside the box learned the hardest lesson?  :)

Tags: ,

The meaning of your software

Oct 6

Posted by Lee in Technology | No Comments

The true software experience is really about not experiencing it at all. It’s about getting out of the way.

The goal of any application should be as much transparency as possible. This includes things most people don’t think about. If the icons cause the user to pause and think to themselves that the icons don’t look very good, or this icon doesn’t make sense, then the application has stopped being transparent.

The application should strive to behave exactly as the user expects. User interface design usually is not deemed important by an alarming majority of people. In my experience, it’s often viewed as a waste of time. Nothing could be further from the truth.

Example of annoying application

Perception is everything, and your customers judge you by what they see and experience. Little things like good icons, aligned controls, streamlined flow, uniform text, clear messages, fewer options, more courtesy code, seem to be overlooked and ignored. Those things take time to get right, and they take passion and expertise as well.

Generally, anything that causes the user to read less, click less, type less, and still accomplish their work, is good for your product. The less we make users think, the better. They’ve got enough things on their mind.  I invite you to read an excellent post entitled How to design a great user experience.

Why MBO can be bad for business

Sep 21

Posted by Lee in Technology | No Comments

Have you ever worked in an office environment and asked for help from a colleague on a task?

If you work in an environment dominated by MBOs (managed by objectives), then there’s a good chance you didn’t get much help from your co-worker.  They too have tasks that they need to get done, and their performance reviews are based primarily on whether they achieved their objectives or not.  “If I help you, I run the risk of not completing my tasks which is how my value is measured.”

It can potentially lead to a more perverse scenario of cut-throat:  Team members profiting from your failure.  Some might say, “Hey that’s good, competition is the American way, it brings out the best results.”   In my opinion, yes and no.  It works great for about 2 weeks, and then everyone ends up hating it, hating each other, and hating their job, and there’s no quicker path to implosion.

Managers live by the creed, “If it can’t be measured, it can’t be managed.”  Yes, I agree, goals and milestones are a good way to measure the progression of something.

Unfortunately, the corporate darling of this measurement system is MBO.  It’s a primitive and ineffectual motivational scheme.  The idea is that the typical employee will slack off if not monitored.  It’s a pretty condescending way to operate.  It’s equivalent to starting a new relationship with someone and saying, “You’re probably going to cheat on me, so I need to monitor your phone calls and emails.”  It’s not the best way to start.

Just be aware of any collateral damage of your management strategy.  If everyone is being forced to “look out for myself”, then you end up with what I characterize as a corporate traffic jam.  People who need help or input can’t get important tasks done, which could potentially logjam other team members and cause quality issues, problems with customers, lower employee morale (which kills productivity more than anything else), and a list of other issues that aren’t so obvious.

But what if you rewarded your employees for helping other people?  How about going one step further and fostering an environment where working in pairs in not only encouraged, but rewarded?  Most established professions already do it, so when do we start?

Think outside the box.