Some thoughts on apps
0

Some thoughts on apps

A couple of interesting pieces about apps today. In the Wall Street Journal, Christopher Mims says that apps are killing the Web. John Gruber responds by saying that apps are part of the Web.

I’m not terribly interested in this argument.

If you care about the longevity of your work, you will publish it on Web pages that can be rendered in a browser. Nobody knows what will happen with apps or app stores in the future. If you publish something and want to make sure people can view it in 10 years, it needs to have a URL that works in a browser. If you want to make your work available to as many people as possible right now, you’ll publish it on a Web page. If you go with apps only, you exclude every desktop user and everyone who won’t bother to install your app. Maybe that’s fine for some companies, but for most it is not. Ignoring Web browser is not a realistic option for most people building on the Internet. That’s not going to change any time soon.

At the same time, if you are trying to build an Internet business, you have to strongly consider writing iOS and Android apps. Web usage is rapidly migrating to tablets and handsets. Often, users are less engaged on these devices, especially handsets. This presents an existential threat to some companies. In the world of analytics, everybody talks about conversion rate. This is basically the percentage of users who perform an action that’s desirable to the business when they visit the site. Mobile users generally convert at a lower rate than desktop users. Businesses are betting that they can raise conversion rate through mobile apps, that’s why so many sites that look just fine in the browser are releasing apps and nagging users to download them.

Neither Web pages nor native apps are going anywhere anytime soon. The content that has traditionally been on the Web will always be on the Web. Lots of companies are going to build native apps in hopes of making their users happy. And, of course, some companies that are building software for mobile devices are going to do so without building Web pages, which is not worrisome.

What I do dislike about native apps is that they are a very real threat to the way we develop software for the Web. The great thing about the Web is that if there’s something wrong with my Web site, I can fix it whenever I like. I can update my Web applications every day, or 100 times a day if it behooves me to do so. It’s easy to launch experiments and turn them off. Thanks to app stores and software distribution challenges in general, native apps are a huge threat to everything we’ve learned about delivering software on the Web. Of course we can put as much of the application on the server side as possible, but even so, we can’t iterate on native apps the way we can on Web applications.

For this reason, in the end, I’m rooting against native apps. I enjoy the benefits of Web development too much to root for an approach to software development and distribution that I find to be backward and frustrating. I love well-made native applications as much as anyone, but I’m hoping that mobile browsers improve enough to make it seem silly for most sites to build native applications.

Where have referrers gone?
0

Where have referrers gone?

This article in Business Insider is the first media mention I’ve seen discussing the disappearance of referrers on inbound traffic to Web sites. For people who work in analytics, especially on sites that make money by selling advertising, this is a really big deal. In many cases, analytics can be invasive from a privacy standpoint, but referrers generally don’t contain any information you’d just as soon not disclose. Hopefully this will spur a wider discussion of this change.

For what it’s worth, the article is wrong about why browsers strip referrers from traffic that originates on HTTPS sites. When you are viewing an encrypted page, browsers want to make sure that none of the encrypted information is sent over a non-encrypted link. So when you click on a link on an encrypted page that points to a non-encrypted page, the browser strips the referrer to avoid sending information that was encrypted over the non-encrypted connection. Referrers are not stripped when you click on a link from one encrypted page to another, even if they’re on different domains. Sites can get potentially get referrers back by switching to HTTPS, but only if people link to the HTTPS URLs. So if I have a site that accepts HTTP and HTTPS, and all of the links indexed by Google are HTTP links, the referrers will be stripped even if the user ultimately lands on a secure page. So in this case, it’s not really a choice on the part of browser vendors to protect user privacy, but rather one to respect the sanctity of encrypting information.

Update: Also, apparently this discussion of traffic has been going on for awhile.

Retailers fight to control customer data
0

Retailers fight to control customer data

John Gruber has a piece up about retailers disabling NFC at checkout to prevent customers from checking out using Apple Pay. Retailers are intentionally degrading the customer experience in order to retain the ability to collect data about their customers’ habits. This tradeoff is near and dear to me, as analytics is currently a huge part of my job.

What I’d like to know is, what’s the return these companies are getting from tracking the behavior of specific users? For one thing, the work to build systems to exploit this data is resource intensive, and often results in failure. Companies are risking hurting their business by inconveniencing customers in exchange for the opportunity to make more money by exploiting the purchase history of their customers. I’d be really, really surprised if the economics actually work.

Customers, not extortionists
2

Customers, not extortionists

These days, if you want attentive customer service from most companies, the most direct route is to complain about the company on Twitter in such a way that your tweet shows up in the company’s mentions. It doesn’t matter whether your cable is working poorly, you had problems rebooking a flight, or your iPhone app didn’t work as well as you expected, Twitter is the place to seek relief.

This is a problem, mostly for the companies people are complaining about. They’re teaching their customers that the only way to get responsive customer service is to embarrass them publicly. What these companies fear most is that a complaint on Twitter will inspire an avalanche of “me too” retweets and responses that ultimately has a measurable negative impact on their business. That gives every customer who happens to be on Twitter the opportunity to be an amateur extortionist.

Here’s the thing, though. I don’t want to have to threaten a company to get decent customer service. If that’s what it takes, I don’t want to do business with the company at all. This is on my mind, of course, because there’s a company out there that I am having a bad customer service experience with, and I’m frustrated by the fact that griping about it on Twitter would almost certainly make it better.

What I’ve done instead is look at the company’s replies on Twitter to see what they suggest to other people who go to Twitter with their complaints, and follow those instructions. We’ll see how it works out.

We should be allowed to encrypt our data
0

We should be allowed to encrypt our data

There’s a debate raging over the news that mobile devices will soon be encrypted using keys that are fully under the owner’s control. The government, of course, hates this idea. Law enforcement feels like they should be able to decrypt anything if they want to. This is not a new debate — there was a huge debate over key escrow in the 90’s.

Here are a few pointers to pieces that explain why it’s important that users should be able to use encryption in the way that they see fit. Tim Bray concisely answers the question Is Encrypting Phones OK? Bruce Schneier explains that any back door put in place for law enforcement will inevitably be exploited by others (and links to a number of other good pieces on this topic). Cryptographer Matthew Green speculates on how Apple’s new security measures work.

Kathy Sierra opens up about online harassment
0

Kathy Sierra opens up about online harassment

In Trouble at the Koolaid Point Kathy Sierra talks about her experience with online harassment, and more recently, the degree to which people are willing to forgive and forget the past misdeeds of her harassers. She also talks about the wide variety of pernicious lies that have been told about her that have reached such wide circulation that she can’t really shake them, and how those lies have been used to justify her harassment. This stuff happens all the time, to all kinds of people, especially women and other members of underrepresented groups online.

Management is not about sorting apples
0

Management is not about sorting apples

Blameless post-mortems are one of the most notable (and perhaps most misunderstood) features of Etsy’s engineering culture. John Allspaw wrote about them on Code as Craft back in May, 2012. In it, he talks about human errors and the “Bad Apple theory,” which is that the best way to eliminate error is to eliminate the “bad apples” who introduce error.

Most of the time, when we talk about blameless post-mortems, it’s in the context of outages. What I think though is that once you accept the reasoning behind building a culture of learning around outages (as opposed to a culture of blame), it also changes, or at least should change, how you think about management in general.

Etsy’s practices around post-mortems are drawn largely from the field of accident investigation. One of the key concepts taken from that field is that of local rationality. You can read about it in this rather dry paper, Perspectives on Human Error: Hindsight Biases and Local Rationality, by David Woods and Richard Cook. To oversimplify, in the moment, people take actions that seem sensible to them in that context. Even when people take what seem to be negligent shortcuts, they do so confident that what they’re doing is going to work —they just happen to be wrong.

The challenge is in building resilient systems that enable the humans interacting with them to exercise local rationality safely. Disasters occur when the expected outcomes of actions differ from the actual outcomes. Maybe I push a code change that is supposed to make error messages more readable, but instead prevents the application from connecting to the database. The systems thinker asks what gave me the confidence to make that change, given the actual results. Did differences between the development and production environments make it impossible to test? Did a long string of successful changes give me the confidence to push the change without testing? Did I successfully test the change, only to find out that the results differed in production? A poor investigation would conclude that I am a bad apple who didn’t test his code properly and stop before asking any of those questions. That’s unlikely to lead to building a safer system in the long run. Only in an organization where I feel safe from reprisal will I answer questions like the ones above honestly enough to create the opportunity to learn.

I mention all of this to provide the background for the real point I want to make, which is that once you start looking at accidents this way, it necessarily changes the way you think of managing other people in general. When it comes to the bad apple theory in accident investigation, the case is closed, it’s a failure. Internalizing this insight has led me to also reject the bad apple theory when it comes to managing people in general.

Poor individual performance is almost always the result of a systems failure that is causing local rationality to break down. All too often the employee who is ostensibly performing poorly doesn’t even know that they’re not meeting the expectations of their manager. In the meantime, they may be working on projects that don’t have clear goals, or that they don’t see as important. They may be confronted with obstacles that are difficult to surmount, often as a result of conflicting incentives.

There are a million things that can lead to poor outcomes, only a few of which are due to the personal failings of any given person working on the project. If you accept that local rationality exists, then you accept that people are doing what they believe is expected of them. If they knew better, they would do better.

All this is not to say that there are never cases where an employment relationship should end. Sometimes people are on the wrong team, or at the wrong company. What I would say though is that the humane manager works to construct a system in which people can thrive, rather than getting rid of people who aren’t succeeding within a system that could quite possibly be unfit for humans. Even in the case where a person simply lacks the skills to succeed at the task at hand, someone else almost certainly assigned them the task or agreed to let them work on it. Their being in the position to fail reflects as poorly on the system as it does on the individual.

These principles are easier to apply within the limited context of investigating an incident than the general context of managing an organization, or the highly personal relationship been a manager and the person who reports to them. Focusing on the system and how to optimize it for the people who are part of it is the bedrock of building a just culture. As managers, it’s up to us to create a safe place for employees to explain the choices they make, and then use what we learn from those explanations to shore up the system overall. Simply tossing out the bad apples is a commitment to building a team that is unable to look back honestly and improve.

The strengths of low variance political configurations
0

The strengths of low variance political configurations

Today I got around to listening to the A Not So Simple Majority episode of This American Life. The story is about the school board in East Ramapo in New York, where a group of people who all send their children to private religious schools took over the public school board, and have since been gutting the public school system and funneling the money to their private schools. The religion of the group in question isn’t really important. The story is infuriating on many levels, and at the end it left me thinking about how to prevent this sort of thing from happening. I think that the lesson is in the dangers of small-scale democracy. The school board in East Ramapo has a lot of power, not just to manage schools but also to set local property tax rates, and was subject to capture by a relatively small group of people.

At the other end of the spectrum we have the US Presidency. It’s a nationwide election, and separation of powers insures that the President can’t do that much anyway. The election cycle is long and painful. This all leads to low variance outcomes — President Bush and President Obama may not personally have that much in common, but America has not been a radically different place under one of them than the other. The entire system is built to reduce the variance between Presidents. Generally speaking, the smaller the electorate, the higher the variance. That’s why the House of Representatives features a much broader ideological spectrum than the Senate, for example.

Getting back to East Ramapo, I was reminded of the article about the small municipalities around St. Louis, Missouri that I recently linked to. They’re really too small to be well-governed or even governable. Similarly, there was the recent case of Bell, California, where the elected officials in a town of 38,000 made themselves the highest-paid municipal officials in the country. I wonder whether the problems in East Ramapo School District would never have occurred if the entire county had a single school district, rather than the nine it currently has.

People seem to reflexively romanticize small-scale democracy, but it’s exploitable and breakable in many ways. We should be warier of it.