Highlights from Yow! 2014 - Day 2


This is the second half of my Yow! write-up, the first of which can be found here.

'Stop Treading Water: Learning to Learn' - Edward Kmett

I found the day two keynote a bit disappointing, to be honest. One interesting point that Edward had was that it's OK to have several topics that you're learning simultaneously, and to bounce between them, often covering the same ground multiple times, but going a little deeper at each visit. Re-learning the basics consolidates your knowledge, and you can approach the new material with a fresh perspective.

However, that was only 5 or so minutes out of an hour long talk, and the only part that was really about 'learning to learn'. Most of the rest of the talk felt a bit bit self-indulgent, with Edward just covering whatever material was most interesting to him, rather than what might be interesting or useful to the audience.

'The Lean Enterprise' - Jez Humble

Jez does a great job of pinpointing what smaller companies do a lot better than larger ones, and why it doesn't have to be so! He also gave a name to a phenomenon I've encountered before - Water-Scrum-fall. I plan to dedicate a separate blog post to this topic, but it refers to teams that take on 'agile practices' like standup meetings, without changing the waterfall core of their approach to software.

There were a few key points about decision making at software companies:

  • Usually the decision on whether or not to build someone's idea goes to the person with the largest salary. Is that an effective decision-making process?
  • Even assuming that the most qualified person makes the most sensible decision given what they know at the time, no one is very good at predicting the future, because it's hard!
  • The only way to know whether or not an idea will work is to test it out, for real, on actual users or customers.

With those points in mind, the most critical metric for your software development process is how long it takes a product to go from idea to delivery. In order to be successful, you need to be able to experiment with ideas very easily, and throw away bad ones quickly and cheaply.

With that in mind, the real job of a leader is to define goals, and what 'the right thing' is, and to then enable competent teams to work towards those goals, without feeling like they need to ask permission first. Jez shared a story from Amazon where a developer presented an idea to senior management, who shot it down. The developer then implemented it anyway, threw it into production, and was able to show that it did actually increase sales. The result was praise from management, where many other companies would view this is a disciplinary issue!

However, this might not be the right way to run all parts of your business. It does make sense to invest invest in short, medium, and long term projects, and these do deserve different management strategies.

The final piece of advice that I want to repeat here is to do with how IT is viewed as a whole. There is a tendency in many organisations to view IT as a service provider to the more important departments. However, in the 21st century, IT should instead be treated as a key part of your company; one which can drive new ways of doing business, and enable existing ones to be more effective. In this mode of thinking, IT is not a cost to be minimised, it's something to be invested in!

'Hack Yourself First: go on the cyber-offence before online attackers do' - Troy Hunt

Troy's session was very entertaining. There wasn't a host of new security technologies or techniques here, but there was a long list of really basic mistakes that we, as an industry, shouldn't be making anymore. E.g., knowing the difference between hashing and encrypting, salting passwords, encrypting mobile API traffic to hide user data and session tokens... Again, this is all fairly basic, but Troy did a pretty good job of showing just how prevalent a lot of these basic security mistakes are. He also showed some interesting tricks using google to search for things like website config files that are served publicly over the internet, with all sorts of juicy information in them.

The other fascinating topic that he spoke about was security of the internet of things. If people are going to have dozens of objects in their home that are using wifi, bluetooth, the internet, that's a lot more attack vectors! Especially if these are devices that you might have for 10+ years (like a fridge), and which are unlikely to be getting firmware patches when the next heartbleed or shellshock comes along. Concerning.

The ThoughtWorks Booth

If I could just add in one plug, my employer, ThoughtWorks, sponsored the event, and we used our booth not to promote the company directly, but the promote a cause that we are involved in. We had a large banner at our booth that said "Use Your Tech Superpowers for Good", and shirts reading "Defend the Free Internet". With many groups wanting to censor and spy on everything we do online, we think it's important to fight back on this issue not just on the political front, but on the technical front, which is something we are equipped to do as technologists. If you're interested in getting involved, one project that ThoughtWorks is sponsoring is pixelated, an open source email solution with end-to-end encryption built in from the ground up. It's also designed to be run decentralised, on your own servers, so you can be sure that your data and communications are safe. We're always looking for more developers, designers, or anyone else who wants to help out.

That's it (again)!

That's the end of Yow! 2014 for me! This was my first real conference, and overall I had a great time. There were lots of interesting new things, with a varying level of direct relevance to the work I'm currently doing day to day, which is a good thing. Looking forward to my next one!