Agile and Scrum – should they die?

If you did not yet read the article “Why Scrum Should Basically Just Die In A Fire” by Giles Bowkett, you should. That is a great discussion of various key points in Scrum methodology and the shortcomings in nearly all of its implementations in real world. I have been meaning to write up a bit of my own criticism of Agile and Scrum the way it is usually implemented today but this guy pretty much nails it down.

I don’t know personally the guys who actually put together the first definition of Agile, but I think they did not mean it to be the spectacular failure it is in too many companies today. They certainly meant to concentrate on getting working software faster and with less distraction from endless meetings that bogged down software development in the nineties. They did not mean to make management lose the long-term perspective and focus on the immediate short-term “productivity” at all times.

The mechanistic approach that is now given to us under the name of “Agile” and “Scrum” does not benefit the software development. All these story points, stand-ups, short runs – they do not promote the important part of software …
Read the full article ->

Computing in the Cloud – is it like banking?

I hear often comparison of IT and computing in the cloud with other “commodities”. Some people say, well, we do get the water and electricity centrally, why would we not get the computing centrally as well? There could be suppliers of computing power that one could use over the network and then one would not need to actually invest into own computing infrastructure. You would just send the data and the required operations into the cloud and get back results.

This is very much how the mainframes worked in the old days, you know? You would have a large computer somewhere in a computer room and you would connect to it from a terminal and submit tasks. The mainframe would compute your tasks and provide the answers. It seems pretty much the same familiar concept now all over again. But, wait, is it? In the old days, your mainframe would be inside the organization, it would still be under your control completely, the data would never leave the building, so to say. Yes, it could be physically in a different location but it would remain within the same company, university or whatever organization actually owned the mainframe. That is not …
Read the full article ->

Risk mitigation: a myth of infinite cost and finite risk

You are all familiar with a typical presentation on risk management where we see the same old graph that depicts the risk as finite on one side and the costs of mitigation as infinite on the other side and attempts to show us a balance between the two where the costs are minimal. Well, the idea is correct but guess what? The graph is wrong. The graph is wrong and it gives you a wrong idea of cost distribution which in turn causes you to bias towards more risk. That graph actually makes you and your business less risk-averse. How?

You see, the idea that the risk is finite while the risk mitigation cost is infinite is a myth.

Risk mitigation cost is only infinite when your resources are lower than those required for mitigation. So, yes, this is possible but unlikely. There are limits to our technology and there are limits to the investment effectiveness but there is a limit to the numbers of risks and mitigation techniques that a business can apply. So the risk mitigation costs may be very high and you may be unwilling to pay them but they are not infinite. You may have a …
Read the full article ->

Position Power vs. Personal Relationship Power

The recent years saw the quick raise of the so-called “Personal Relationship Power” into prominence to the point where some people preach that it is the only thing that matters. I heard some American and Japanese colleagues actually teach the young and hopeful managers that the personal relationships are the only thing that works and that any manager worth his salt will be able to do whatever he needs with just that – the power of personal relationships – without the need to rely on position power.

As is often the case, this is not entirely untrue, so it sounds believable. On the other hand, it is not entirely true either, so it sounds suspicious if you stop to think about it. What is the deal here? The statement contains part truth and part lie, so in essence, it is false in its entirety but it contains enough truth in it to sound true.

Personal relations cannot replace position power, that is a simple fact. Try imagining that your manager does not have any power whatsoever over you but has to convince you to do your job as a favor to him every single day. Yes, you would probably like …
Read the full article ->

Insourcing – a new fashion trend

There is a new trend, a new fashion in the high-tech industry. They already coined the most natural term for it and it is called “insourcing”. A recent article was called “Insourcing QA to gain more control over the resources”. Yes, indeed, so outsourcing has outlived its hype by far and we need a new something for the managers to get bonuses about.

Not surprisingly, the new trend is a direct reversal of the previous trend. So, there is nothing new there really. In a decade or so we will be high on outsourcing again, so the Indians and others should just hang in there for a while and we’ll be back.

Reality is that neither outsourcing nor insourcing are the ultimate answer to anything. No magic bullet is going to cure an ineffectively managed business. The best one can do is ignore these fashions completely. Unless you are a consultant of outsourcing, of course, because now you will be consulting with equal vigour on insourcing.

 …
Read the full article ->

Negotiations and Expectations

Some negotiations are like sailing in and out. Others – not quite. Why do so many negotiations fail and other, while successful, still present a thorny winding road to the participants? Why should people suffer through negotiations instead of just talking?

While there may be many reasons for not actually getting what you wanted in the first place in the negotiations and feeling frustrated about the results, should we actually make our lives harder than needed? What is the reason that many people think negotiations are a hard job? Why do they get drained out in a course of a short two hour business meeting that happens to be labeled “negotiation”?

I have a theory. It all has to do with expectations. Should you come to the meeting without particular expectations, you would be fairly objective and could actually follow the logic of the arguments on both sides, see compromises, do your job. But what happens when you come to such a meeting carrying expectations?

Expectations can never be met. It’s a rule and it is dead simple. We are all different people and different organizations. It is extremely unlikely that we think in entirely similar ways and will form …
Read the full article ->

Mitigating risks … is a waste of money?

There was an interesting talk at one of the panels at the RSA Conference, where SilverSky and Adobe claimed that investing in security is a waste of money. Their message is simple and compelling:

“For most companies it’s going to be far cheaper and serve their customers a lot better if they don’t do anything [about security bugs] until something happens. You’re better off waiting for the market to pressure on you to do it.”

Although they say that this was all in pretense, we all know it was not, companies large and small try to avoid fixing problems as long as they can, waiting for customers to complain loud before ever doing anything. Basically, this is a risk that companies rate as unimportant because of its low perceived rate of occurrence.

The problem with this kind of risks that they cannot be properly rated. The probability of these risks is hard to rate because the data is basically unavailable. And the impact of the risk is underrated because of low perceived probability. People tend to ignore such risks.

But the companies, can they also afford to ignore such risks? What has to be considered is that a …
Read the full article ->

Everything is a hammer…

It looks like for Stephen Elop, the Microsoft  manager in charge of Nokia, everything looks like a Windows computer. What is all this nonsense about Nokia delivering cheap smartphones in developing countries? That market is already taken, first by LG and Samsung and then a couple times over by Chinese manufacturers. He ran the most successful mobile company in the world into the ground and he should be proud of that achievement. I am sure he is. Can you imagine what it takes, what kind of dedication, to actually take the market leader and run it into the ground, destroy everything very quickly and systematically? It is a mind-boggling achievement. We will be watching Stephen for his next career move to see what company will be brought to its knees next.


Read the full article ->

Software Security Philosophy

What is “security”? Well, not in broad sense, that is, but in software security? What does it mean: to develop secure software? What do we understand to fall into the realm of software security?

I tell you what I mean when I say “software security”. For me, the software security means to bring the intent of the original designer to the customer.

This is very simple. The designer had some idea in mind when designing the software. He had some intention for the software to function in a particular way. That mental picture is translated into design, brought over into development, translated into source code, translated into binary, delivered, installed and configured at the csutomer’s site. And our task is to ensure that what operates now at the customer’s site reflects exactly what developer had in mind. If it does not – we have a breach of security.

I know that this is a very broad definition and it encompasses many areas traditionally thought to be outside the realm of security. Some people do not like that. But in my view, this is much simpler to act on than to try and define the precise separation of realms.

Take …
Read the full article ->

The Future of NFC Payments

Someone asked me to provide feedback on an article regarding The Future of NFC Payments (yes, capitalized, like in “Big Future”). I do not cherish the idea of giving up my contact details for a brochure download, so I did not read the actual paper. I cannot imagine why people would not want their ideas to be widespread. I think it is silly to force people to register when you want them to read your articles, for they will simply read it elsewhere.

Anyhow, back to the subject of mobile payments with NFC – that’s what the paper claims to be about. I do not really know what they said inside but seeing “NFC was hailed as one of the biggest trends for mobile operators for 2011” in the blurb is enough to get an idea of what might be on the inside.

Now, let’s be clear that mobile payments are a fighting ground for two large forces: the banking industry and the mobile service industry. Both of them deal with a lot of customers and a lot of cash. And none of them would willingly give up the payment transactions stream to another. One, the banking industry, owns the …
Read the full article ->