Security in Tech and Life

So much has been written lately about security and privacy, particularly because of the Apple vs. FBI feud. It scares me that so many people with the potential to influence the final outcome don't seem to understand the technical issues, nor the long term implications. The same technology that protects my family and me also protects the US President and any Americans overseas in scary countries without many civil liberty protections. 

Blake Ross' excellent wise-guy summary gives some great real world examples of security that everyone can understand, but also does a great job of giving a cliff notes overview of why building secure software is so difficult. Also, I had somehow never known the details of how they secure airplanes now:

 "For as much money and time as we’ve wasted on printer-powered air security, only one innovation has prevented another 9/11: Locked, reinforced cockpit doors. These doors can withstand gunfire and even small grenades.

But sometimes, 6 hours into a Cancun flight, 3 helpings into Delta’s Cargo-Class Seafood, a pilot needs to deposit a few small grenades of his own. So there’s a handshake protocol:

  1. When the pooping pilot wants to reenter the cockpit, he calls the flying pilot on the intercom to buzz him in.
  2. If there’s no answer, the outside pilot enters an emergency keycode. If the flying pilot doesn’t deny the request within 30 seconds, the door unlocks.
  3. The flying pilot can flip a switch to disable the emergency keypad for 5 to 20 minutes (repeatedly)."



First Impressions of Apple Watch Workout App

I finally got my hands on an Apple Watch this weekend!  I've been waiting for this since it was announced, mostly for the promise of the workout features.  My 2+ year old MOTOACTV watch is finally starting to show it's age - although I still feel it's one of the best running watches on the market as it combines GPS, bluetooth, wi-fi syncing, and a color screen all in one.  Oddly, almost no other running watches offer that.

My first run with the Apple Watch was nothing short of a disaster.  Perhaps I have it misconfigured, but the three most common actions for me (starting/stopping at an intersection,  changing audio playback, and seeing my workout metrics) were all HUGE usability nightmares.  More coming soon, but suffice it to say that for a company that prides itself in design and has marketed this watch as a fitness device, my first impressions were very disappointing.  


Be a doer, not a talker

That's #32 on Sam Altman's list of things learned before turning 30. There are many of these lists out there, but this is one of the best ones I've seen in a while.  Here are a few that really resonated with me:

 #4 -  Work very hard—a surprising number of people will be offended that you choose to work hard—but not so hard that the rest of your life passes you by.  Aim to be the best in the world at whatever you do professionally.  Even if you miss, you’ll probably end up in a pretty good place.

#10 - However, as valuable as planning is, if a great opportunity comes along you should take it.  Don’t be afraid to do something slightly reckless.  One of the benefits of working hard is that good opportunities will come along, but it’s still up to you to jump on them when they do.

#17 - If you think you’re going to regret not doing something, you should probably do it.  Regret is the worst, and most people regret far more things they didn’t do than things they did do.  When in doubt, kiss the boy/girl.

#25 - Remember how intensely you loved your boyfriend/girlfriend when you were a teenager?  Love him/her that intensely now.  Remember how excited and happy you got about stuff as a kid?  Get that excited and happy now.  


See the full list here.  

Things I wish I could change in JIRA

I've now setup JIRA to be used in 3 different companies and have I ever learned a lot.  In general, I really like it, but I can see how others can share different opinions.  I do enjoy how Atlasssian has been making some great improvements lately, especially around the "Project Overviews" and Git integrations.  They generally do a great job of walking a really fine line between being completely customizable (and utterly confusing, umm, I'm looking at you IBM Rational Team Concert) and being overly simplistic (Asana? Trello?).  With that said, there are a complaints that I find myself using ugly work arounds for or unfortunately just having to live with:

1. Email Notifications!  JIRA sure is good at sending out emails (or NOT).  Want to make one tiny little change to a non-critical field on an issue?  Sure, but that means the 6 other team members following that issue will all get an email.  Make a typo in that first update and want to fix it 10 seconds later?  That's okay, JIRA will send YET ANOTHER EMAIL.  Why not try something like this:

  • Allow each user to tailor their own email preferences, instead of it being globally set
  • Change the content in some email template to better allow users to setup their own inbox filters so they can see the emails they need to see and allow themselves to systematically exclude themselves from emails they don't.  Github does a good job here - I'm added in the "to" field if I'm tagged in a comment, but other emails I get (such as a new Pull Request that I'm not a reviewer) I'm BCC'd
  • Just as users can decide to send an email or IM, let them decide whether or not the particular change they are making should or should not send an email.  Oddly, Atlasssian does this quite well in Confluence, just not JIRA
  • Bundle up changes made within a few seconds of each other into just one email

2.  Backlog management.  I've tried a million strategies but everything always ends up with ugly work arounds that nobody else understands or can reasonably be expected to maintain.  There must be a better way to manage a product backlog.  The "Plan View" of sprint boards comes close, but what if you want to use a Kanban Board instead?  My current approach is to bastardize the use of "Sprints" in order to be able to find/plan/communicate what work is in progress, up next, or at the top of the backlog.  This is confusing, especially because in doing "planning" I inevitably end up sending a bunch of system generated emails out to users as I make changes, then reassess and update them a 2nd time.  

3. Searching for Children.  In the On-Demand version which doesn't allow plugins, it's impossible to find child items of an Epic based on particular attributes of that Epic (such as Status or Label).  I always find myself wanting to write queries that include searches like this, especially for Epics that cross multiple projects (such as a feature being added to both an Android and iOS app).