Sten Vesterli's Blog

Making IT Live up to its Promise

Why Employee Surveillance Doesn’t Work

IT Leadership, Technology That Fits, ,

Do you know what a “mouse jiggler” is? Your most innovative employees do. It is not a device to shake a rodent in a cage. It is a small USB device that sends random mouse movements to a computer.

Who would want such a thing? Employees subjected to tracking software, that’s who. With the mouse moving, the software will record “productivity.” The pandemic led to a boom in surveillance tech, euphemistically called “employee productivity software.” As workers return to the office, that tech is not removed from corporate laptops. But workers are pushing back, in accordance with Newton’s Third Law of IT systems: Whenever the organization implements a policy, the employees will implement an equal and opposite workaround.

Techno-optimists keep trying to replace humans with technology. There are some places where that works. Replacing human leadership with surveillance technology is one of the places where this strategy doesn’t work.

Security is Somebody Else’s Problem

IT Leadership

There is good reason security is invisible: It is Somebody Else’s Problem (SEP). In his geek classic “The Hitchhiker’s Guide to the Universe,” author Douglas Adams describes how the secret to making something invisible is to surround it with an SEP field.

Security is not actually invisible – I’m at an event in Copenhagen with 3000 security professionals this week. But it is still considered Somebody Else’s Problem by the rest of IT. Except for basic Authentication and Authorization, security is not on the minds of developers and system administrators.

We cannot magically make people care. We already know that to get good testing, we have to add professional testers to each team. To get a good User Experience, we need to add UX professionals to each team. We won’t get improved security until we also add security professionals to each team.

Do You Trust Amazon?

IT Leadership, Technology That Fits,

The default is no trust. You shouldn’t trust a random USB stick you pick up in the parking lot, and your customers and users don’t trust you. If you want trust, you have to be transparent in a way your users understand and appreciate.

Somewhere in the Amazon terms & conditions it probably says in illegible legalese that everything you say to your Alexa smart speaker can and will be used against you. Researchers have shown that your interactions with Alexa are reported to dozens of advertisers, and Amazon says the research is flawed. Who do you believe?

Amazon have hundreds of lawyers and are probably within the law. The problem is that they are not complying with users’ expectations. If you want any kind of goodwill from your users and customers, you have to meet their actual expectations. Hiding behind reams of legalese doesn’t cut it.

Unnecessary Complexity

IT Leadership, Technology That Fits,

Why use a proper screwdriver when you have a multi-tool? It is true that it is a lousy screwdriver, but it can do a dozen other things. That’s the thinking behind using Microsoft Windows for Point-of-Sale terminals. It turns out to be a bad idea. It can take up to 40 minutes for a Windows 11 machine to install the latest update, and in the meantime you are unable to do business.

The problem is not throwing an overpowered machine at the task. A Raspberry Pi works fine for a home weather station even though it is only using 0.01% of its capacity. The problem is adding unnecessary complexity. A Windows 11 workstation is running literally hundreds of services, 98% of which are not necessary for Point-of-Sales functionality. The more components you have, the more potential problems you will have, and the harder it will be to find them when they occur.

You would never allow your IT architects to use over-complicated components with dozens of unnecessary interactions, would you?

Create a Breathing Habit

Spiritual Programmer

How is your breathing? Now you might notice it. But most of the time, your breathing just happens. Try taking a few deep breaths. Notice how you feel calmer.

Breathing is interesting because there is a direct two-way connection between your breathing and your emotional state. Your stress level affects your breathing, but your breathing also affects your stress level.

To make sure you remember to take some time to breathe deeply, connect breathing with something you already do. Find some action you take several times a day, and take a few deep breaths before you do it. For example, whenever you pick up your coffee mug for a refill, hold the mug while you take three deep breaths. Getting some good breathing into your life will reduce stress.

Online Makes Meetings Worse

IT Leadership,

When did you last walk out of a useless meeting? Never, right?

When did you last participate in a meeting where you got no benefit and contributed nothing? Last week, right?

We were slowly learning from trailblazers like Elon Musk to cut down on meetings. Then the pandemic and the associated video meetings teleported us back to the stone age of meetings. We have more meetings than ever, they start late and drag on, and involve too many people. Analyzing the video of online meetings shows that 50% of participants show up late, 40% have low engagement and 24% of participants don’t say a word during the entire meeting.

When something becomes easier, people do more of it. It takes a conscious effort to get back to focused meetings without clear agendas and only the absolutely necessary participants. Are you tracking how many meetings you have in your organization? If you aren’t, you can be sure you have too many.

(image: Kit-Kat ad mockup by Sam Hennig, creative strategist at Something Big)

Experiment on Yourself

Spiritual Programmer

Many self-trackers run science experiments on themselves. You should, too. I don’t recommend injecting yourself with strange drugs from the internet. I am talking about making changes to your diet and tracking the outcome.

Science has shown that improved diet can have as much effect as the latest innovation from the pharmaceutical industry. To improve your life, try an experiment.

Like Newton and Da Vinci, you’ll need a notebook. For one week, write down how you feel. That is your baseline. Then make a simple diet change. You already know what a better diet looks like. For example, you can replace an unhealthy snack with nuts and raisins. Continue writing down how you feel. After a few weeks, examine your notes and see if you feel better than the baseline before you made the change. If you do, great! Keep the change. If you don’t feel any improvement, that doesn’t mean the experiment failed. It means the experiment was successful and you proved that this change was not right for you. Make another change and repeat the experiment.

Use science to improve your life!

Imprecise Language

IT Leadership, ,

Elon Musk understands the danger of imprecise language. He builds spacecraft, and that is an unforgiving business. NASA does not use precise language, causing them to crash the $125 million Mars Climate Orbiter. SpaceX does use precise language.

Twitter uses imprecise language. You used to get banned for wishing violence on anyone. After the war started, they decided to make an exception for people who wish death on Russians. And then they had to clarify that you were still not allowed to wish death on good Russians, only bad Russians. And Twitter will be the arbiter of who is good and who is bad.

Elon Musk is so unhappy about Twitter’s imprecise language that he is willing to spend 45 billion dollars to buy the whole thing and fix it. His proposed fix: A short, clear list of banned conduct.

Whenever I am called in to do a post-mortem on a failed IT project, the root cause is always imprecise language. The specification calls for something vague like “easy to use.” But it does not provide the precise detail to evaluate if the system meets its goals. Systems must also be “fast,” “mobile-friendly,” and be “visually attractive.” Vagueness allows different people to get different messages from the same document. In diplomacy, agreements are sometimes worded so both sides can read it as a victory for them. That doesn’t work in IT systems. Are you using imprecise language in your communication?

Vulnerability Chains

IT Leadership, Technology That Fits,

Are you sure you own your devices? Or do you just have a temporary ability to use them that could vanish any second?

Smart home enthusiasts taken by Insteon marketing found out the hard way that their devices function at the suffering of the Insteon servers. When the company abruptly shut down, users found none of their devices worked because everything depended on a connection to servers that were no longer there.

This is an example of a vulnerability chain where the Insteaon servers proved the weakest link. Every networked device has a vulnerability chain from the client endpoint through multiple network devices until it reaches the server. Are you aware of the vulnerability chain from the card readers that control access to your building? Don’t be blindsided by a risk you hadn’t even considered.

Optimization to Powerlessness

IT Leadership, Technology That Fits, ,

Here in Denmark, we were surprised to find that the Russians have rendered our military combat ineffective. When NATO asks what we can provide, we can offer a hundred special forces soldiers, some past-due-date antitank weapons, and an armored brigade without armor. The reason is not lack of money. We spend many millions. We just don’t spend it on things that matter.

The Russians did not have to attack us kinetically or subject us to a devastating cyber-attack to achieve this. They simply needed to infiltrate the Ministry of Defence with spreadsheet-wielding MBAs supported by a fifth column from McKinsey. We have now optimized our way to warfighting impotence.

Many organizations have similarly found that they have optimized themselves to powerlessness. A ship stuck in the Suez or a war in Ukraine will bring their entire production to a halt.

The only way to resilience, as any capable army knows, is to have extra. You have more supplies on hand than the absolute minimum, and more different suppliers than you need. You have spare warehouses and production capacity. If you let the MBAs with their spreadsheets run the business, you might suddenly find you have no business.