Category Archives: Work

London, Programming, Web Applications, Work

Halfstack on the Shore(ditch) 2022

This is the first time the conference has been back at Cafe 1001 since the start of the Pandemic and my first HalfStack since 2021’s on the Shore event.

In some ways Halfstack can seem like a bit of an outlandish conference but generally things that are highly experimental or flaky here turn up in refined mainstream forms three to five years later. Part of the point of the event is to question what is possible with the technologies we have and what might be possible with changes that are due in the future. Novelty, niche or pushing the envelope talks are about expanding the conversation about what is possible.

The first standout talk this year was by Stephanie Shaw about Design Systems. It tries to make the absurdist argument that visual memes meet all the criteria to be a design system before looking at what are the properties of a good design system that would disqualify memes. The first major point that resonated with me was that design systems are hot and lots of people say they have them when what they actually have are design principles, a component library or an illustration of UI variant behaviour.

I was also impressed that the talk had a slide dedicated to when a design system would be inappropriate. Context always matters in terms of implementing ideas in organisations and it is important to understand what the organisation needs and capabilities that are required to get value from an idea. Good design systems provide a strong foundation for rapid, consistent development and should demonstrate a clear return on the investment in them.

One of the talks that has stayed with me the longest was one that was about things that can be done now. I’ve seen Chris Heilmann talk about dev tools at previous conferences but this time the frame of the talk was different and was about using dev tools in the browser to make the web sane again. He reminded me that you can use the dev tools to edit the page. Annoying pop-up? Delete it! Right-click hijacked? Go into the handler bindings and unbind the customer listener. Auto-playing video? Change it’s attributes or again just delete the whole thing. He also did explain some new things that I wasn’t aware of such as the ability to take a screenshot of a specific node from within the DOM inspector. I’ve actually used that a few times since in my work.

There was an impromptu talk that was grounded in a context that was a little hard to follow (maintaining peer to peer memes in a centralised internet apocalypse I think) but was about encoding images into QR codes that included an explanation of how QR codes actually work and encode information (something I didn’t know). The speaker took the image data, transformed it into a series of QR codes, then had a website that displayed the QR codes in sequence and a web app that used a phone camera to scan the codes and reassemble the image locally. The scanning app was also able to understand where in the sequence the QR code was which created a kind of scanning line effect as it built up the image which was very cool to watch.

There were three talks that all involved a significant amount of simultaneous interaction and each using slightly different methods but clearly the theme was having many people together on a webpage interacting in near real time.

The first thing to say is that I took a decent but relatively low-powered Pinebook laptop to the conference as I thought I would just need something simple to take notes and look things up on the internet, maybe code along with some Javascript. All of the interactive demos barely worked on it and the time to be active was significantly longer than say the attendees with the latest Macs. I think the issue was a combination of having really substantial downloads (which appeared not to be cached so refreshing the browser was fatal) but also just massive requirements on CPU in the local synchronisation code.

The first was by a pro developer relations person, Jo Franchetti, who works for Ably and who used the Ably API. Predictably this was the best working (and looking) demo with a fun Halloween theme around the idea of an ouija board or, more technically, trying to spell out messages by averaging all the subscribers’ mouse movements to create a single movement over the screen. However even using a commercial API, probably having no more than 25 connections and a single-screen UI my laptop still ground to a halt and had significant lag on the animations. It did look great projected on the big screen though.

Jo’s talk introduced me to an API I hadn’t heard of before scrollTo (part of a family of scrolling APIs). This is an example of how talks about things on the edge of the possible often come back to things that are more practical day to day.

James Allardice and Ross Greenhalf had the least successful take on the multiuser extension and in terms of presentation style seemed to be continuing an offstage squabble in front of everyone. I get the impression that they were very down on what they had been able to achieve and were perhaps hoping for a showcase example to promote their business.

Primarily they didn’t get this because they were bizarrely committed to AWS Lambda as the deployment platform. Their idea was to do a multiplayer version of Pong and it kind of worked, except the performance was terrible (for everyone this time, not just me). This in turn actually created a more fun experience that what they had intended to build as the lag meant you needed to be quite judicious in when you sent your command (up or down) to the server as there was a tendency to overshoot with too many people sending commands as ball approached and then another as they were waiting for the first one to take effect. You needed to slow down your reaction cycle and try and anticipate what other people would be doing.

The game also only lasted for the duration of a Lambda timeout of a single execution run as the whole thing was run in the execution memory of a single Lambda instance. This was a consequence of the flawed design but again it wasn’t hard to imagine how Lambda could be quite effective here as long as you’re not using web sockets for the push channel. It feels like this kind of thing would probably be pretty trivial in something like Elixir in a managed container but was a bit of a uphill battle in a Javascript monolith Function as a Service.

The most creative multi-user demo was by Mynah Marie (aka Earth to Abigail who has been a performer at previous Halfstacks) who used Estuary to create a 15 person online jam session which was surprisingly harmonious for a large group with little in the way of being able to monitor your own sound (I immediately had more empathy for any musician who has asked the desk for less drums in their monitor). However synchronisation was again a big problem, not only did other people paste over my loops but also after leaving the session one of my loops remained stubbornly playing until killed by the admin despite me not being able to access the session again, I was given a new user identity and no-one seemed able to reconnect with the orphan session.

Probably the most mindblowing technical talk was by Ulysses Popple about his tool Nodessey which is both a graph editor or notebook and a way to feed values into nodes that can then visualise the input they are receiving from their parent nodes. It reminded me a bit of PureData. I found following the talk, which was a mixture of notes and live-coded examples, a bit tricky as its an unusual design and trying to follow how the data structure was working while also trying to follow the implementation was tricky for me.

One thing I found personally interesting is that Nodessey is built on top of a minimal framework called Hyperapp which I love but have never seen anyone else use. I now see that I have very much underestimated the power of the framework and I want to start trying to use it more again.

Michele Riva did a talk about the use of English in programming languages which had a helpful introduction to programming languages that had been created in non-English languages. As an English speaker you tend to not need to ever leave the US-led universe of English based languages but it was interesting to see how other language communities had approached making programming accessible for non-English speakers. There was a light touch on non-alphabetic languages and symbolic languages like J (and of course brainfuck).

Perhaps the most practical talk of the conference was by Ante Barić around browser extensions. I’ve found these really valuable for creating internal organisation tooling in a very lightweight way but as Chris Heilmann reminded us in his talk too many extensions end up hammering browser performance as they all attempt to intercept the network requests and render cycle. The talk used a version of Clippy to create annoying commentary on the websites you were visiting but it had some useful insight into what is happening with browser extensions and future plans from both the Google and Mozilla teams as well as practical ways to build and use them.

Ante mentioned a tool that I was previously unaware of called web-ext that is a Mozilla project but which might be able to build out Chrome extensions in the future and gives a simplified framework for putting together extensions.

General notes

Food and drink is available when you want it just by showing the staff your conference lanyard. Personally I think it is great when conferences are able to be so flexible around letting people eat when they want to and avoiding the massive queues for food that typically happen when you try and cram an entire conference into a buffet in 90 minutes. I think it also helps include people who may have particular eating patterns that might not easily fit into scheduled tea and lunch breaks. It also makes it feel less like school.

In terms of COVID risk, the conference was mostly unmasked and since part of the appeal is the food and drink I felt like I wasn’t going to be changing my risk very much by wearing a mask during the talk sections. The ventilation seemed good (the room could be a bit cold if you were sitting in the wrong place) and there was plenty of room so I never had to sit right next to someone. This is probably going to remain a conference that focuses on in-person socialising and therefore isn’t going to appeal to everyone. Having a mask mandate in the current environment would take courage. The open air “beach” version of the conference on the banks of the Thames would probably be more suitable for someone looking to avoid indoor spaces.

Going back?

Halfstack is a lot of fun and I’ve booked my super early-bird for this year I think it offers a different balance of material compared to most web and Javascript conferences. This year I learnt practical things I could bring to my day job and was impressed by what other people have been able to achieve in theirs.

Standard
Programming, Software, Work

Defining the idea of “software engineering”

I have been reading Dave Farley’s Modern Software Engineering. Overall it’s a great read and thoroughly recommended (I’m still reading through it but I’ve read enough to know it is really interesting and a well-considered approach to common problems in development).

One of the challenges Dave tackles is to try and provide a definition of what software engineering actually is. This is actually a pretty profound challenge in my view. I’ve often felt that developers have usurped the title of engineer to provide a patina of respectability to their hacky habits. Even in Dave’s telling of the origin of the term it was used to try and provide parity of esteem with hardware engineers (by no lesser figure than Margaret Hamilton).

In large organisations where they have actual engineers it is often important to avoid confusion between what Dave categorises as Design and Production engineering. Software engineering sits in the world of design engineering. Software is malleable and easy to change unlike a supply chain or a partially completed bridge. Where the end result of the engineering process is an expensive material object Dave points that it is common to spend a lot of time modelling the end result and refining the delivery process for the material output as a result of the predictions of the model. For software to some extent our model is the product and we can often iterate and refine it at very low cost.

Dave proposes the following definition of engineering:

Engineering is the application of an empirical, scientific approach to finding efficient, economical solutions to practical problems.

Dave Farley, Modern Software Engineering

This definition is one I can live with and marries my experience of creating software to the wider principles of engineering. It also bridges across the two realms of engineering, leaving the differences to practices rather than principles.

It is grounded in practicality rather than aloof theories and it emphasises that capacities drive effective solutions as much as needs. This definition is a huge step forward in being able to build consensus around the purpose of a software engineer.

Standard
Blogging, Work

Trivialising stress with “Wellness at Work”

Burnout is a complex topic but employer responses to it are even more complex. Some definitions of burnout make it a direct occupational health hazard and therefore something that all employers need to consider and manage.

But the way that many companies are responding is facile and, as many other people have already pointed out, patronising to employees and minimising the employer’s own responsibilities. Occupational stress is not something that is resolved by reminders of “mindfulness” and the offer or an meditation app and an employee helpline.

Stress at work is probably inevitable for most workers employed by organisations. The friction and pressures of work continually generate stress which needs to be managed through conventional tools like support and leave. An employee does need to be aware of the indicators and behaviours associated with their own stress but this is probably something that requires some individual coaching rather than an app and a video lesson.

By offering inadequate or lackluster support employers seem to put themselves in the worst possible position, acknowledging their responsibility for the occupational nature of the problem and yet not offering a meaningful solution to it. Ultimately some reckoning seems inevitable in this situation.

A deeper review of the origins of stress within the organisation is needed. Things like client interactions, challenging targets, arbitrary deadlines, interpersonal issues may all be deemed a necessary part of an organisation’s management but acknowledging the consequences of these sources of stress and figuring out how the consequences can be managed and ideally neutralised through more positive activities is vital management work.

Commercialised wellness is an almost meaningless marketing concept, mixing it with the realities of workplace stress seems a recipe for disaster rather than the cheap, effortless fix some employers seem to think it is.

Standard
Software, Work

The problem with developer job titles

Job titles are hard. This exchange on Twitter prompted a few thoughts that I couldn’t quite fit into a few smart-arsed twits.

In Chris’s Tweet he mentions that engineer is a co-opted title and that engineering is a discipline in its own right which most software groups don’t subscribe to because they aren’t really trying to do engineering. Not that this is a criticism but there is a massive difference between building a bridge or a road and creating a new web service. For a start there is a lot more established practice, science and understanding in physical engineering and more established and understood formal qualifications.

When I briefly worked in government helping create the Digital Careers framework people who were associated with Defence rightly objected to the confusion between software “engineering” and other engineers within professional frameworks. No-one is going to ask a developer to fix the combat damage on an airfield. I’ve previously joked that if we were honest we’d talk about “software overengineers” given that most developers struggle to find the simplest thing that works.

For the framework we settled on “developer” for people who wrote code and inconsistently used “engineering” for operational roles. I think on the basis that they created “infrastructure” where maybe the analogy makes a sort of sense.

I would also have gotten rid of “architect” if I’d had a chance; for exactly the same confusion but that term was too deeply embedded and still is a badge of prestige within the industry. Even now in the commercial world I have experienced hires wanting to be involved in “architecture” (and sadly not wanting to help me remodel my ground floor).

In Chris’s tweet he asks about what happened to the title “Programmer”. When I started in the industry this was indeed the coveted title and ideally I still think of myself this way even though it’s blatantly not true in the same way now.

However the issue with being a programmer is that jobs that literally involve just programming are few and far between. When I started in the industry the experienced developers were people who were at the tail-end of mainframe programming and a bit of what they were doing was still persuading machines to perform the tasks that were needed. The end was already in sight for pure programming jobs though. Some of my first professional programming work involved networking, a slightly dirty topic for the mainframe types.

Nowadays the emphasis is on understanding the domain space you are working on as well as the technical aspects of programming. I prefer the term “developer” (as others do) with the implication of being someone who develops systems of value via the medium of technology.

However that term also has its problems. When I worked at the Guardian I had a personal SEO battle with the Pune-based property development group for the search term “Guardian developers”. That battle seems to have been won now via sub-domain. This seems to be true more generally and now it is property developers who are having to use the prefix “property” on their job titles.

For a new profession not even past it’s first century, creating our professional lexicon is always going to be hard but in borrowing titles so shamelessly we are always creating problems for ourselves.

Programmer is probably the closest, truest name for what most of us do at the core of our role. For web developers though, assembling the typical bricolage of libraries and tooling is often an exercise in minimal programming and maximum duct taping. Perhaps it fairest to say that we are “software assemblers”, expect that might get confused with, you know, assemblers. Painful.

So in the end most of us are expected to bring capability in programming within teams that are creating technological systems of value. As long as programmers realise that programming is not the activity of value in itself then maybe we don’t need to worry so much about titles.

Standard
Work

Is it worth speaking at conferences?

I have been reading Twitter more often recently due to Brexit and I came across this mini-controversy that resonated with me.

Should you talk at conferences?

No, it’s a lot of effort that could be better spent on achieving your goals.

Yes you should if you’re from an under-represented background you should because it gives you visibility that is useful for developing your career.

Yes because it’s helpful for consolidating your understanding of a topic.

I certainly recognise this one, until you have to explain something its hard to say to prove that you really understand rather than having a strong intuition as to how something works

Yes because otherwise conferences are all-white boozy brofests.

The interesting point here being the idea that inclusion inherently leads to a loss of prestige in an activity because exclusion and prestige are related.

My lived experience

I did do conference talks to help build my “personal brand”. When I worked at ThoughtWorks it did help my career to be able to point that I was involved in community activity. At Wazoku I did talks simply to make people aware of the company.

At the Guardian doing talks was also important for your career because talking about our work was important to the organisation. In my early years there people at recruitment events were surprised to discover the Guardian had a in-house development team. I’m not sure that is was necessarily expected of everyone but at a senior level it was certainly an important part of the job not just to do the technical work but to ensure people outside the building understood what as a group we were doing.

At GDS doing talks was a complete pain because you had to get clearance for everything you were going to say and also there were various rules about the type of events and the representation at the events you could speak at. The level of bureaucracy around something that was already by this point a bit of a chore meant that I did one prior commitment and then basically stopped doing technical talks.

Stepping out of the cycle of trying to create and pitch talks was great. I just bought my ticket to events like a normal person and it was interesting to look at what value conferences were providing to me.

Relapsing

Recently though I did try doing some talks again. One of them about pop psychology concepts that are wrong was a very personal hobby horse. I don’t want to attend another talk where someone talks about various brain types (neuro-diverse, left-right, female-male, emotional intelligence) so I thought I do a talk about what is currently known about the mind and psychology.

Preparing was easy as I just needed to record various interesting bits and pieces as I came across them. Giving the talk was intense though. After a while not doing this kind of thing, getting up in front of people and aiming to entertain and inform them was a crushing pressure. Proper hand-trembling, mouth-dry, stage terror stuff.

The feedback was generally positive and I thought that while it had been a baptism of fire I was going to get back in the swing of things.

The next talk was to help a friend get their conference going in the North of England. It related to work activity so again preparation was not too hard… until the venue organisers said they needed the talk in Powerpoint format, which is not a program I own. They also needed the talk slides a month in advance whereas normally I will only finalise my content a couple of days before I am due to give the talk.

But I went ahead and cut a version of the slide deck via Google Docs. Fortunately I prefer to try and talk around my presentations and not heavily use slides so I just needed to try and sort out my tentpole slides and submit those.

The talk was reasonably well-attended and I was able to get a few questions going rather than presenting slides (a third of the deck ended up not being used). I genuinely prefer the Q&A format to the normal talk format. I was gratified to hear my talk referenced by other speakers later in the conference. However later in a vote on the most popular talk, my talk came last. I’m not sure anyone voted for it. I knew I hadn’t really gone for an entertaining format but I hadn’t thought it was that bad.

Later in the year I gave another version of that same talk. This time cut down to a running time of 20 minutes which required two weeks of practice. I was able to reuse the slides from the abortive earlier version but they still needed heavy restructuring to fit the new shorter format.

The talk got very little feedback on its second outing, no-one walked out though, which is positive. After the event the conference feedback system provided a score of 3.5 out 4, which I feel might be good or at least some proof that some people found value in it or possibly only a handful of people provided feedback.

The talk came at a particularly busy business time of year workwise and I don’t think I’d volunteer to do such a thing again due to the pressure of having to manage both preparation and regular work things.

Is it worth giving talks?

Giving talks for “personal brand” is essentially about making yourself feel like a known quantity to other people in your industry who you want to influence or have good relationships with. That might be clients you want to sell to, people you may wish to hire or employers who might hire you.

The truth is you want to achieve this as simply as you can with as least effort expended on your part. Talks, unless you are good at extemporising off the cuff, are probably more effort than the value they return.

A lightning talk, well-executed, might well have the same effect as a longer, more involved talk.

Giving a talk about something you care about or what to change in your industry is almost certainly worth it. Although it is the same amount of work, putting together your thoughts and arguments has value to you even if no-one ever hears the talk.

Also to some extent I think passion talks are easier to deliver. You are not really trying to entertain the audience beyond establishing enough rapport to get your message heard.

In terms of career development though I don’t think talks and conferences ever really helped because I’m simply not a good enough networker.

Many people have said that they enjoy talking at conferences because the talk serves as an icebreaker for meeting and talking to new people (as long as it is early in the programme). That has definitely been true for me in the past, and I totally recognise how much easier people find it to talk to me when they can hook it onto something that I’ve presented about.

If you are that kind of extroverted introvert then doing talks makes attending the conference more enjoyable and it makes sense to put in the work they require. Although again you want to limit the amount of effort you put in because the outcome you want is facilitated by the talk but the talk is not the point. You are giving the talk to help you to meet new people and find it easier to build a relationship with them; that’s where the effort should be spent.

So should I still be giving talks? Well at this point I think they do consume more effort from me than say, writing this blog post.

In terms of community or career-opportunities getting into roundtable discussions and breakfast meetings with senior technical people has more impact than talking at conferences with a general developer audience.

But talking and engaging audiences is a skill and a hard one to acquire and maintaining it requires practice. Therefore I probably should keep my hand in, but I should try to choose topics that I feel excited about and I should think about the format and make sure the effort involved is proportionate.

I should also think about the nature of the conferences I am pitching to so that I have a decent chance of succeeding in the selection while having the greatest chance of actually enjoying attending the conference and learning something as a result.

It’s also important who else is attending due to the networking effect. Beginner-friendly conferences while valuable are not going to fulfil my needs.

Therefore I think talking at conferences is valuable but you need to understand what you’re trying to get out of it rather than pursuing it as an abstract good in itself.

Standard
Work

Please stop showing me “the data”

This isn’t a reactionary rant against data-driven decision making and it isn’t about nostalgia for gut-driven benevolent dictators.

Instead it is an appeal for reason to play an equal part in decision making.

The seed of this post was planted by a keynote Ines Montani gave at EuroPython. At the time I was more interested in her central argument that paying customers are the most important metric a business can have.

But in part of the talk she talks about the cliche of “show me the data”, a phrase that I think originated at NASA where, in context, it makes a lot of sense but when transplanted to the world of small business quickly becomes expensive, slow and farcical.

In part of her talk Ines mentioned that when making decisions on how to run a small business there shouldn’t be a need to provide data for or against every decision. “Why can’t we use reason?” she asked.

The question had huge resonance for me. The emphasis on data-driven decisions in businesses has not led to improved data or statistical literacy. Instead it has led to the generation of fig-leaf numbers, impenetrable spreadsheets of data as obfuscation and irrelevant but voluminous data collection. I see little evidence that decision-making is better.

It has also exposed the idea that the problem is data collection. The more information we collect then the more it feels like the more any decision can be justified or any course of action advocated or vetoed. Interpretation, selection and analysis of the data is more important than ever, and this at its heart requires reasoning.

Reason is different from “common sense” in that it should be produce self-consistent decision making that can be justified and interrogated. Reasoning is a process applied to instinct, insight, intuition, experience and knowledge.

So please don’t show me your data, explain your decision instead.

 

Standard
Programming, Software, Web Applications, Work

Prettier in anger

I’ve generally found linting to be a pretty horrible experience and Javascript/ES haven’t been any exception to the rule. One thing that I do agree with the Prettier project is that historically linters have tried to perform two tasks to mixed success: formatting code to conventions and performing static analysis.

Really only the latter is useful and the former is mostly wasted cycles except for dealing with language beginners and eccentrics.

Recently at work we adopted Prettier to avoid having to deal with things like line-lengths and space-based tab sizes. Running Prettier over the codebase left us with terrible-looking cramped two-space tabbed code but at least it was consistent.

However having started to live with Prettier I’ve been getting less satisfied with the way it works and Prettier ignore statements have been creeping into my code.

The biggest problem I have is that Prettier has managed its own specific type of scope creep out of the formatting space. It rewrites way too much code based on line-size limits and weird things like precedent rules in boolean statements. So for example if you have a list with only one entry and you want to place the single entry on a separate line to make it clear where you intend developers to extend the list Prettier will put the whole thing on a single line if it fits.

If you bracket a logical expression to help humans parse the meaning of the statements but the precedent rules mean that brackets are superfluous then Prettier removes them.

High-level code is primarily written for humans, I understand that the code is then transformed to make it run efficiently and all kinds of layers of indirection are stripped out at that point. Prettier isn’t a compiler though, it’s a formatter with ideas beyond its station.

Prettier has also benefited from the Facebook/React hype cycle so we, like others I suspect, are using it before it’s really ready. It hides behind the brand of being “opinionated” to avoid giving control over some of its behaviour to the user.

This makes using Prettier a kind of take it or leave it proposition. I’m personally in a leave it place but I don’t feel strongly enough to make an argument to remove from the work codebase. For me currently tell Prettier to ignore code, while an inaccurate expression of what I want it to do, is fine for now while another generation of Javascript tooling is produced.

Standard
Programming, Web Applications, Work

Why can’t Forms PUT?

HTML Forms can declare a method, the HTTP verb that is used when the form is submitted, the value of this method is GET or POST.

The HTML5 spec briefly had PUT and DELETE as valid methods for the form method but has now removed them. Firefox also added support and subsequently removed them.

Recently over the course of Brexit night at The Guardian we got into a discussion about why this was the case and what the “right” way to map a form into a REST-like resource system would be.

The first piece of research was to dig into why the additional methods had been added and then removed. The answer (via Ian Hickson) was simple: PUT and DELETE have implied idempotency, the nature of form submission is that it is inherently uncacheable and therefore cannot be properly mapped onto those verbs.

So, basic problem solved, it also implies the solution for the url design for a form. A form submission represents a user submitting an untrusted data payload to a resource, this resource in turn choose to make PUT or DELETE requests but it would be dangerous to have the form do this directly.

The resource therefore is one that represents the form submission. In terms of modelling the URL I would be tempted to say that it takes the form :entity/form/submission, so for example: contact/form/submission.

There may be an argument that POSTing to the form resource represents submission so the submission part of the structure is unnecessary. In my imagination though the form resource itself represents the metadata of the form while the submission is the resource that essentially models a valid sumbission and the resource that represents the outcome of the submission.

Standard
Web Applications, Work

Why don’t online publishers use https?

Why don’t big publishers use https instead of https? The discussion comes up every three to six months at the Guardian and there seems to be no technical barrier to doing this. There has been a lot of talk about where the secure termination happens and how to get certificates onto the CDN but there seem to be good answers to all the good questions. There doesn’t seem to be any major blockers or even major disadvantages in terms of network resources.

So why doesn’t it happen? Well public content publishers are dependent for the most part on advertising and online advertising is a total mess.

Broken and miss-configured advertising is a major source of issues and the worst aspect of the situation is that you really don’t have much control over what is happening. When you call out to the ad server you essentially yield control to whatever the ad server is going to do.

Now your first-level campaigns, the stuff that are in-house, premium or bespoke campaigns are usually designed to run well on the site and issues with this are often easy to fix because you can talk to your in-house advertising operations team.

However in a high-volume site this is a tiny amount of the advertising you run because you tend to have a much larger inventory (capacity to serve ads) in practice than you can sell. That is generally because supply of online advertising massively outstrips demand.

The way the discrepancy is made good is via ad exchanges which are really clever pieces of technology that try to find the best price for available both publisher and ad buyer. Essentially the ad exchanges try to establish a spot price for an available ad slot amongst all the campaigns the buyers have set up.

However you have virtually no say over what the format of the advert the exchange is going to serve up. The bundle of content that makes up the ad is called the “creative” and might be a simple image but more likely is a script or iframe that is going to load the actual advert, run personalisation and tracking systems.

You have no real control as to what the creatives are and they certainly haven’t been written with your site in mind and most probably security is a very minimal concern compared to gathering marketing information on your view.

So if the creative contains any security breaking rule or any resource that is not also https they you get a security exception on the site. The customer then blames you for being insecure.

One of our consumer products, which do all run under https, ran ads and every other month this issue would come up. In the end we decided that the value of the subscription was more than the value of any advertising that was undermining the image of being secure and reliable so we took the advertising off.

And therefore until agencies and ad exchanges change their policies so that ads are only served off https this situation is unlikely to change. Ironically there is no reason for ads to be served off https since they don’t want to be cached and wants to do lots of transactional stuff with the client anyway.

If the online advertising business went secure-only then online publishers would be able to follow them. Until then public pages are likely to remain on http.

Standard
Work

The gold-plated donkey cart

I'm not sure if he came up with the term but I'm going to credit this idea to James Lewis who used it in relation to a very stuck client we were working on at ThoughtWorks.

The golden donkey cart is a software delivery anti-pattern where a team ceases to make step changes to their product but instead undergoes cycles of redevelopment of the same product making every more complex and rich iterations of the same feature set.

So a team creates a product, the donkey cart, and it's great because you can move big heavy things around in it. After a while though you're used to the donkey cart and you're wondering if things couldn't be better. So the team gets together and realise that they could add suspension so the ride is not so bumpy and you can get some padded seats and maybe the cart could have an awning and some posts with rings and hooks to make it easier to lash on loads. So donkey cart v2 is definitely better and it is easier and more comfortable to use so you wonder, could it be better yet.

So the team gets back together and decides that this time they are going to build the ultimate donkey cart. It's going to be leather and velvet trim, carbon fibre to reduce weight, a modular racking system with extendible plates for cargo. The reins are going to have gold medallions, it's going to be awesome.

But it is still going to be a donkey cart and not the small crappy diesel truck that is going to be the first step on making donkey carts irrelevant.

The gold-plated donkey cart is actually a variant on both the Iron Law of Oligarchy and the Innovator's Dilemma.

The donkey cart is part of the valuable series of incremental improvements that consists of most business as usual. Making a better donkey cart makes real improvements for customers and users.

The donkey cart team is also there to create donkey carts. That's what they think and talk about all the time. It is almost churlish to say that they are really the cargo transport team because probably no-one has ever expressed their purpose or mission in those terms because no-one else has thought of the diesel truck either.

Finally any group of people brought together for a purpose will never voluntarily disband itself. They will instead find new avenues of donkey cart research that they need to pursue and there will be the donkey cart conference circuit to be part of. The need for new donkey cart requirements will be self-evident to the team as well as the need for more people and time to make the next donkey cart breakthrough, before one of their peers does.

Standard