Blogger’s Information Security

Let’s talk a little about my experiences with the first months of this blog. One of the most important reasons to start to use my own domain was to get rid of legacy email-addresses that gather a lot of spam. Changing my email-address everywhere was not as difficult as it sounds, because most of the incoming mail was from mailing lists that I have subscribed and they had means to change that address. Oddly enough, one of large economic magazines, Talouselämä, has a mailing list which has no way to cancel the subscription or I did not find it.

The amount of spam was actually less than what I had thought –  less than spam 10 mails a day. Filters are quite capable of classifying these as spam and the ones that get through are easy to spot visually. Hardest thing is to find people who send me email only few times a year. That requires a good address book and/or good scanning of your email database.

I have registered a lot of software during the last decades and some of them might want to contact me. At least one book store that I used more than 10 years ago, persistently sends their offers to me. These ones are quite close to spam, but there has been a real business relationship.

Starting a blog introduced me to another problem – comment spam.  Akismet spam filter is quite effective and in this blog I am afraid that some real comments gets filtered. I am sorry about that.  But still, a good comment has something to do with the post that you are commenting. Just, “I liked that”, does not.

Because I have had Russian at school, you can’t lure me with Kyrillic letters.I am an advocate of freedom of speech especially in Internet. See more about this topic in EFFI . So, I prefer anonymous comments without any emails and home pages. Links are considered harmful in information security point of view. So, I still welcome comments.

How to grow a good developer

I read Malcolm Gladwell’s book Outliers  It was well worth of its cost – 7 euros, because it is well written an easy to read. The ideas were not actually new, but getting an idea of how successful people are made is made clear.

Bill Gates was one of his examples. First of all you need luck to succeed. For example Bill Gates was one of the lucky few young people who had unlimited access to computer time in 1968.

Second very important thing is 10 000 hours of hard work. Creating a professional skill in any area of life requires 10 years of enthusiastic learning. You have to be lucky to have a good “university” for that. It was Hamburg for the Beatles.

Success is not as much of IQ as employers are used to think. An old study of Lewis Terman, a professor of psychology, has shown that the success of people with high IQ is not as good as we typically believe. The geniuses that he found did not succeed much better than ordinary people. Gladwell conjectures that IQ has a threshold value. Your IQ must be good enough to get in into good universities but above that other things are more important. Creative thinking is more open ended than an ability to solve puzzles that have a single right solution.

Now thinking about growing good software developers. Most important thing is to have that 10 000 hours of work. It is also important to have multifaceted experience. A 10 year career of COBOL-programming in same domain area or even a piece of software is not more than 10 times one years experience. I even wonder what has kept the person in a position where he can’t learn anything new.

I emphasize attitude, the passion to do ones work. It is a known hiring guideline to hire the attitude and train the skill, but this is much easier to say than actually do. The same frustrated looser that you fired may become a passionate star of your competitor. So, it is not so much about selecting people but about creating a corporate culture. An that is really hard, especially when your business environment is difficult.

Agile and lean software development is all about people. It is not about processes and tools as should remember from Agile Manifesto. Nevertheless, the people focus on the Scrum process and kanban in Lean believing that the change of process is the silver bullet. I admit that I have seen remarkable increases in teams’ motivation when they have adopted Scrum, but I assume that the correlation does not mean a causal relationship, especially if we ignore the human part of agility.

In this post I have intentionally ignored what Gladwell said about cultural background. Read that from his book 🙂

Agile acquisition and fixed price

I have been quite busy lately and not been very active with this blog. However, discussion about agile acquisition has become more acute because there are few failed purchases in public discussion. I mean AKE and TEO, who’s purchasing procedures have been questioned by Valtiontalouden tarkastusvirasto. See more (in Finnish)

General public and politicians typically react to problems by requiring more front-end design and rigor to the procedures. This makes the situation worse, because it increases unnecessary costs and bureaucracy.

At first we need to understand that hiring a designer is different than buying something that can be accurately defined before the purchase. When you buy design work minimizing the cost is not the only and not even the most important consideration. There are huge quality differences in the various solutions offered by the vendors. Comparing them is not straightforward and easy. One of them could propose a COTS solution, another something based on SOA and 3rd one a fully tailored solution. Obviously, it is not possible to define exact requirements without any idea of the implementation.

Actually defining the exact requirements is exactly what the development project is supposed to do. If I knew exactly what I want I would not need the designer. The designer is hired for contributing while we work together to create the forthcoming software. Because software development is a common endeavor with the buyer and the vendor, asking a fixed price is somehow skewed. I, as a buyer would probably get the maximum price with all of the risks included in the prise. If the competitive pressure keeps the cost too low, my vendor can very easily compromise the quality.

It is also useful for me that my organization has an interest to lower the costs by removing unnecessary features. Prioritization is rarely happening in fixed price projects. But I still have a budget, idea of return of investment. To keep the costs in bay I need to collaborate with the vendor to spend the money wisely. Monthly deliveries of done increments of functionality are a safe bet. If the vendor can not deliver, I have to stop the project (and have that allowed in the contract) and try something else.

Agile acquisition

I have added a comment to Agile Finland’s forum: Neuvottelumenettely needs promotion

The Finnish law of public acquisition does not require that we do competitive bidding using comprehensive requirement specification. Public buyers does not, however, know the allowed negotiation procedure (Neuvontamenettely) that is more suitable for purchasing software development services. So, agile community should do promotion to improve the situation.

Read more details in the discussion chain. I have corrected the word neuvontamenettely to neuvottelumenettely.