rc3.org

Strong opinions, weakly held

Page 5 of 989

Playing with Vagrant

Vagrant is one of those things I hear people talking about but that I’ve never gotten around to playing with, or hadn’t gotten around to playing with until today. Vagrant is a solution to the problem of setting up a local development environment for Web development. Depending on the platform you use, this can be rather difficult. I don’t even want to think about Windows development, but even in a Unix-like environment (OS X or Linux), you can still run into problems.

Basically, your system probably has some version of the language runtime you’re using that doesn’t match the server’s, and reconciling the difference is painful. I’ve always hated solutions like virtualenv and dvm. Vagrant works by running a full-blown virtual machine somewhat transparently. Helpfully, the virtual machine mounts one of your local directories so that you can edit files in your tool of choice but run your development server on the development machine, which should match your server pretty closely. For example, to experiment with Google App Engine development, I created a Vagrant instance using ubuntu/trusty64 (the latest Ubuntu LTS release), then I provisioned it using the following file:

apt-get update
apt-get install -y unzip
cd /vagrant
curl -s -O https://storage.googleapis.com/appengine-sdks/featured/google_appengine_1.9.15.zip
unzip -n -q google_appengine_1.9.15.zip

When the instance is provisioned, it automatically downloads the Google App Engine SDK and extracts it. Then I can dig in.

This is a super-simple application. Next I want to try setting up a Vagrant instance that’s provisioned using the chef server at work with our production Hadoop configuration so that I can easily launch Hadoop jobs from my laptop rather than logging into a remote machine to do it.

The future prospects of comments

Re/code made news this week by eliminating comments on the site, noting that most of the discussion about their articles was happening elsewhere. In the larger scheme of things, “Don’t read the comments” is widely regarded as universally good advice. This makes me more interested in sites with healthy communities of commenters.

As far as I can tell, comments are as good as the people running sites want them to be. If they invest in building a community, healthy comment sections tend to spring up. If not, they don’t. Fred Wilson makes the same argument in Comments Are Dead, Long Live Comments, and of course his site has one of the most active (and generally constructive) comment sections of any blog you’ll read.

I’ve had comments enabled on rc3.org for a long time, but I police them pretty heavily, both for spam and for idiocy. Lately posts don’t get too many comments, probably because I don’t post as much as I’d like. I’ve always been proud of the comments here, though. They make the site better.

Some thoughts on apps

A couple of interesting pieces about apps today. In the Wall Street Journal, Christopher Mims says that apps are killing the Web. John Gruber responds by saying that apps are part of the Web.

I’m not terribly interested in this argument.

If you care about the longevity of your work, you will publish it on Web pages that can be rendered in a browser. Nobody knows what will happen with apps or app stores in the future. If you publish something and want to make sure people can view it in 10 years, it needs to have a URL that works in a browser. If you want to make your work available to as many people as possible right now, you’ll publish it on a Web page. If you go with apps only, you exclude every desktop user and everyone who won’t bother to install your app. Maybe that’s fine for some companies, but for most it is not. Ignoring Web browser is not a realistic option for most people building on the Internet. That’s not going to change any time soon.

At the same time, if you are trying to build an Internet business, you have to strongly consider writing iOS and Android apps. Web usage is rapidly migrating to tablets and handsets. Often, users are less engaged on these devices, especially handsets. This presents an existential threat to some companies. In the world of analytics, everybody talks about conversion rate. This is basically the percentage of users who perform an action that’s desirable to the business when they visit the site. Mobile users generally convert at a lower rate than desktop users. Businesses are betting that they can raise conversion rate through mobile apps, that’s why so many sites that look just fine in the browser are releasing apps and nagging users to download them.

Neither Web pages nor native apps are going anywhere anytime soon. The content that has traditionally been on the Web will always be on the Web. Lots of companies are going to build native apps in hopes of making their users happy. And, of course, some companies that are building software for mobile devices are going to do so without building Web pages, which is not worrisome.

What I do dislike about native apps is that they are a very real threat to the way we develop software for the Web. The great thing about the Web is that if there’s something wrong with my Web site, I can fix it whenever I like. I can update my Web applications every day, or 100 times a day if it behooves me to do so. It’s easy to launch experiments and turn them off. Thanks to app stores and software distribution challenges in general, native apps are a huge threat to everything we’ve learned about delivering software on the Web. Of course we can put as much of the application on the server side as possible, but even so, we can’t iterate on native apps the way we can on Web applications.

For this reason, in the end, I’m rooting against native apps. I enjoy the benefits of Web development too much to root for an approach to software development and distribution that I find to be backward and frustrating. I love well-made native applications as much as anyone, but I’m hoping that mobile browsers improve enough to make it seem silly for most sites to build native applications.

Where have referrers gone?

This article in Business Insider is the first media mention I’ve seen discussing the disappearance of referrers on inbound traffic to Web sites. For people who work in analytics, especially on sites that make money by selling advertising, this is a really big deal. In many cases, analytics can be invasive from a privacy standpoint, but referrers generally don’t contain any information you’d just as soon not disclose. Hopefully this will spur a wider discussion of this change.

For what it’s worth, the article is wrong about why browsers strip referrers from traffic that originates on HTTPS sites. When you are viewing an encrypted page, browsers want to make sure that none of the encrypted information is sent over a non-encrypted link. So when you click on a link on an encrypted page that points to a non-encrypted page, the browser strips the referrer to avoid sending information that was encrypted over the non-encrypted connection. Referrers are not stripped when you click on a link from one encrypted page to another, even if they’re on different domains. Sites can get potentially get referrers back by switching to HTTPS, but only if people link to the HTTPS URLs. So if I have a site that accepts HTTP and HTTPS, and all of the links indexed by Google are HTTP links, the referrers will be stripped even if the user ultimately lands on a secure page. So in this case, it’s not really a choice on the part of browser vendors to protect user privacy, but rather one to respect the sanctity of encrypting information.

Update: Also, apparently this discussion of traffic has been going on for awhile.

Retailers fight to control customer data

John Gruber has a piece up about retailers disabling NFC at checkout to prevent customers from checking out using Apple Pay. Retailers are intentionally degrading the customer experience in order to retain the ability to collect data about their customers’ habits. This tradeoff is near and dear to me, as analytics is currently a huge part of my job.

What I’d like to know is, what’s the return these companies are getting from tracking the behavior of specific users? For one thing, the work to build systems to exploit this data is resource intensive, and often results in failure. Companies are risking hurting their business by inconveniencing customers in exchange for the opportunity to make more money by exploiting the purchase history of their customers. I’d be really, really surprised if the economics actually work.

Customers, not extortionists

These days, if you want attentive customer service from most companies, the most direct route is to complain about the company on Twitter in such a way that your tweet shows up in the company’s mentions. It doesn’t matter whether your cable is working poorly, you had problems rebooking a flight, or your iPhone app didn’t work as well as you expected, Twitter is the place to seek relief.

This is a problem, mostly for the companies people are complaining about. They’re teaching their customers that the only way to get responsive customer service is to embarrass them publicly. What these companies fear most is that a complaint on Twitter will inspire an avalanche of “me too” retweets and responses that ultimately has a measurable negative impact on their business. That gives every customer who happens to be on Twitter the opportunity to be an amateur extortionist.

Here’s the thing, though. I don’t want to have to threaten a company to get decent customer service. If that’s what it takes, I don’t want to do business with the company at all. This is on my mind, of course, because there’s a company out there that I am having a bad customer service experience with, and I’m frustrated by the fact that griping about it on Twitter would almost certainly make it better.

What I’ve done instead is look at the company’s replies on Twitter to see what they suggest to other people who go to Twitter with their complaints, and follow those instructions. We’ll see how it works out.

We should be allowed to encrypt our data

There’s a debate raging over the news that mobile devices will soon be encrypted using keys that are fully under the owner’s control. The government, of course, hates this idea. Law enforcement feels like they should be able to decrypt anything if they want to. This is not a new debate — there was a huge debate over key escrow in the 90’s.

Here are a few pointers to pieces that explain why it’s important that users should be able to use encryption in the way that they see fit. Tim Bray concisely answers the question Is Encrypting Phones OK? Bruce Schneier explains that any back door put in place for law enforcement will inevitably be exploited by others (and links to a number of other good pieces on this topic). Cryptographer Matthew Green speculates on how Apple’s new security measures work.

Simple advice for men in tech

I’m not usually a big fan of listicles, but I do recommend this one: Top 10 Ways To Be a Male Advocate for Technical Women, from the National Center for Women & Information Technology. What I particularly like about it is that it focuses on things that we can be doing right now to improve the professional prospects of women that we work with.

Kathy Sierra opens up about online harassment

In Trouble at the Koolaid Point Kathy Sierra talks about her experience with online harassment, and more recently, the degree to which people are willing to forgive and forget the past misdeeds of her harassers. She also talks about the wide variety of pernicious lies that have been told about her that have reached such wide circulation that she can’t really shake them, and how those lies have been used to justify her harassment. This stuff happens all the time, to all kinds of people, especially women and other members of underrepresented groups online.

Management is not about sorting apples

Blameless post-mortems are one of the most notable (and perhaps most misunderstood) features of Etsy’s engineering culture. John Allspaw wrote about them on Code as Craft back in May, 2012. In it, he talks about human errors and the “Bad Apple theory,” which is that the best way to eliminate error is to eliminate the “bad apples” who introduce error.

Most of the time, when we talk about blameless post-mortems, it’s in the context of outages. What I think though is that once you accept the reasoning behind building a culture of learning around outages (as opposed to a culture of blame), it also changes, or at least should change, how you think about management in general.

Etsy’s practices around post-mortems are drawn largely from the field of accident investigation. One of the key concepts taken from that field is that of local rationality. You can read about it in this rather dry paper, Perspectives on Human Error: Hindsight Biases and Local Rationality, by David Woods and Richard Cook. To oversimplify, in the moment, people take actions that seem sensible to them in that context. Even when people take what seem to be negligent shortcuts, they do so confident that what they’re doing is going to work —they just happen to be wrong.

The challenge is in building resilient systems that enable the humans interacting with them to exercise local rationality safely. Disasters occur when the expected outcomes of actions differ from the actual outcomes. Maybe I push a code change that is supposed to make error messages more readable, but instead prevents the application from connecting to the database. The systems thinker asks what gave me the confidence to make that change, given the actual results. Did differences between the development and production environments make it impossible to test? Did a long string of successful changes give me the confidence to push the change without testing? Did I successfully test the change, only to find out that the results differed in production? A poor investigation would conclude that I am a bad apple who didn’t test his code properly and stop before asking any of those questions. That’s unlikely to lead to building a safer system in the long run. Only in an organization where I feel safe from reprisal will I answer questions like the ones above honestly enough to create the opportunity to learn.

I mention all of this to provide the background for the real point I want to make, which is that once you start looking at accidents this way, it necessarily changes the way you think of managing other people in general. When it comes to the bad apple theory in accident investigation, the case is closed, it’s a failure. Internalizing this insight has led me to also reject the bad apple theory when it comes to managing people in general.

Poor individual performance is almost always the result of a systems failure that is causing local rationality to break down. All too often the employee who is ostensibly performing poorly doesn’t even know that they’re not meeting the expectations of their manager. In the meantime, they may be working on projects that don’t have clear goals, or that they don’t see as important. They may be confronted with obstacles that are difficult to surmount, often as a result of conflicting incentives.

There are a million things that can lead to poor outcomes, only a few of which are due to the personal failings of any given person working on the project. If you accept that local rationality exists, then you accept that people are doing what they believe is expected of them. If they knew better, they would do better.

All this is not to say that there are never cases where an employment relationship should end. Sometimes people are on the wrong team, or at the wrong company. What I would say though is that the humane manager works to construct a system in which people can thrive, rather than getting rid of people who aren’t succeeding within a system that could quite possibly be unfit for humans. Even in the case where a person simply lacks the skills to succeed at the task at hand, someone else almost certainly assigned them the task or agreed to let them work on it. Their being in the position to fail reflects as poorly on the system as it does on the individual.

These principles are easier to apply within the limited context of investigating an incident than the general context of managing an organization, or the highly personal relationship been a manager and the person who reports to them. Focusing on the system and how to optimize it for the people who are part of it is the bedrock of building a just culture. As managers, it’s up to us to create a safe place for employees to explain the choices they make, and then use what we learn from those explanations to shore up the system overall. Simply tossing out the bad apples is a commitment to building a team that is unable to look back honestly and improve.

« Older posts Newer posts »

© 2024 rc3.org

Theme by Anders NorenUp ↑