IT Leadership | Sten Vesterli's Blog

Imprecise Language

April 25, 2022IT LeadershipCooperation, Leadership, Metrics

Elon Musk understands the danger of imprecise language. He builds spacecraft, and that is an unforgiving business. NASA does not use precise language, causing them to crash the $125 million Mars Climate Orbiter. SpaceX does use precise language.

Twitter uses imprecise language. You used to get banned for wishing violence on anyone. After the war started, they decided to make an exception for people who wish death on Russians. And then they had to clarify that you were still not allowed to wish death on good Russians, only bad Russians. And Twitter will be the arbiter of who is good and who is bad.

Elon Musk is so unhappy about Twitter’s imprecise language that he is willing to spend 45 billion dollars to buy the whole thing and fix it. His proposed fix: A short, clear list of banned conduct.

Whenever I am called in to do a post-mortem on a failed IT project, the root cause is always imprecise language. The specification calls for something vague like “easy to use.” But it does not provide the precise detail to evaluate if the system meets its goals. Systems must also be “fast,” “mobile-friendly,” and be “visually attractive.” Vagueness allows different people to get different messages from the same document. In diplomacy, agreements are sometimes worded so both sides can read it as a victory for them. That doesn’t work in IT systems. Are you using imprecise language in your communication?

Vulnerability Chains

April 22, 2022IT Leadership, Technology That FitsIoT, Security

Are you sure you own your devices? Or do you just have a temporary ability to use them that could vanish any second?

Smart home enthusiasts taken by Insteon marketing found out the hard way that their devices function at the suffering of the Insteon servers. When the company abruptly shut down, users found none of their devices worked because everything depended on a connection to servers that were no longer there.

This is an example of a vulnerability chain where the Insteaon servers proved the weakest link. Every networked device has a vulnerability chain from the client endpoint through multiple network devices until it reaches the server. Are you aware of the vulnerability chain from the card readers that control access to your building? Don’t be blindsided by a risk you hadn’t even considered.

Optimization to Powerlessness

April 13, 2022IT Leadership, Technology That FitsLeadership, Maintenance, Redundancy

Here in Denmark, we were surprised to find that the Russians have rendered our military combat ineffective. When NATO asks what we can provide, we can offer a hundred special forces soldiers, some past-due-date antitank weapons, and an armored brigade without armor. The reason is not lack of money. We spend many millions. We just don’t spend it on things that matter.

The Russians did not have to attack us kinetically or subject us to a devastating cyber-attack to achieve this. They simply needed to infiltrate the Ministry of Defence with spreadsheet-wielding MBAs supported by a fifth column from McKinsey. We have now optimized our way to warfighting impotence.

Many organizations have similarly found that they have optimized themselves to powerlessness. A ship stuck in the Suez or a war in Ukraine will bring their entire production to a halt.

The only way to resilience, as any capable army knows, is to have extra. You have more supplies on hand than the absolute minimum, and more different suppliers than you need. You have spare warehouses and production capacity. If you let the MBAs with their spreadsheets run the business, you might suddenly find you have no business.

Documentation is Unnecessary Until You Need It

April 11, 2022IT LeadershipProcesses, Risk

If you have a fire in your server room, your insurance pays out. Insurance is expensive, but a necessary part of your risk management strategy. For many risks, there is a way to get almost free insurance. Yet few people take it. I am talking about documentation.

A chocolate factory in Belgium didn’t follow its own processes and did not document its production. When kids started falling sick with salmonella all over Europe, suspicion fell on the Kinder egg factory in Arlon. The authorities asked for the production documentation. Because the factory couldn’t provide it, the whole plant was shut down. If they had had documentation, they would have been insured against this risk. They could have shut down just one production line instead of the whole plant.

So the reason you might not be able to get chocolate eggs this Easter is bad documentation.

Productivity at 10 pm?

April 8, 2022IT LeadershipLeadership, Productivity, Sleep

They call it “productivity” but it’s more likely just busyness. Microsoft research into the use of their Teams product has discovered there are now three peaks in a day. It used to be only mid-morning and early afternoon, but now another peak has appeared at 10 pm. Euphemistically, Microsoft equates keyboard activity with productivity, but keyboard activity at 10 pm is unlikely to add much value for most people.

The workday has expanded by 46 minutes since the start of the pandemic, and most of that has been after normal office hours. It is a leadership task to preserve the health and productivity of your people. Do your employees work at 10 pm? Are you okay with that?

What Can and Cannot Be Said

April 6, 2022IT LeadershipEthics, Leadership

Can you say “pay rise” in your company? At Amazon, that would not be possible. The internal social media app they plan to roll out for warehouse workers will filter out words like “union,” fairness,” and “plantation” (!)

Russian author Fyodor Dostoyevsky said, “The degree of civilization in a society can be judged by entering its prisons.” Similarly, the degree of civilization in an organization can be judged by its internal social media.

What does your internal communication platform and its rules say about your organization?

Are You Monitoring Your Automated Systems?

April 1, 2022IT Leadership, Technology That FitsAI, Processes, Quality, Realism

It is hard to anticipate the real world. I’m sure the wet concrete on the road in Japan looked just like solid ground to the delivery robot. Consequently, it happily trundled into the urban swamp and got stuck. The story does not report whether the delivery company managed to get their robot out before the concrete hardened…

This is why you need careful monitoring of all the fully automated systems you are deploying. The first line of defense is automated metrics and their normal interval. For a delivery robot, the distance covered over a minute should be greater than zero and less than 270 (if you have limited the robot to e.g. 10 mph). The second line of defense consists of humans who will evaluate the alarms and take appropriate action. The third line of defense are developers who will fix the software and the alarms.

Too many automated systems are simply unleashed and depend on customers to detect that something is wrong and complain. You want to figure out you have a problem before the image of your robot encased in concrete starts trending on Twitter.

Do You Let Convenience Trump Security?

March 30, 2022IT Leadership, Technology That FitsSecurity, Trust

Personal data on anyone is available from all the large U.S. social media platforms and ISPs to anyone who cares to ask. The mechanism is an Emergency Data Request (EDR). When law enforcement doesn’t have time to wait for a court order because someone’s life is in imminent danger, they send an EDR. This is simply an email from a law enforcement mail address. To send a fake EDR, you simply purchase a legitimate government email address from a hacker who has breached one of the more than 15,000 police forces in the U.S.

You would never divulge information on your customers based on just a plausible-looking email. But how do you ensure that expediency has not trumped security somewhere in your organization?

What Happens Then?

March 28, 2022IT Leadership, Technology That FitsCompetence, Decisions, Leadership

There is an easy way to avoid making stupid decisions: Asking “what happens then?” A decision is exposed as stupid when it turns out that the decision-maker did not carefully think through the consequences. Bad decisions occur when someone only looks at the immediate result.

New York City dodged a bullet when they started implementing bike lanes in the narrow streets of Manhattan. They could easily have made the stupid decision of simply marking a part of the street as a bike lane. Fortunately, someone clever at City Hall asked herself: What happens then? If you had simply painted bike lanes on streets, thoughtless New Yorkers would have wiped out bicyclists by the thousands with their car doors. So New York decided to paint a separation area between the car parking area and the bike lane. Clever.

Next time you are faced with a decision, try asking “what happens then?” several times. You might find this saves you from doing something stupid.

Don’t be Like FSB and Tesla

March 25, 2022March 27, 2022IT LeadershipBad news

There are two ways to handle product problems: The right way and the Tesla way. A now-ex Tesla employee had the temerity to post videos on YouTube showing their vaunted self-driving feature in action. Unfortunately, one of his videos showed his supposedly self-driving car running down a bollard before he manages to react. He was fired by Tesla immediately after posting the video.

If you have a problem, acknowledge it and fix it. Getting rid of everyone bringing bad news is what made Putin think he could easily conquer Ukraine. Don’t be like FSB and Tesla.