Throw someone a pep rally - Two thumbs up!
202306 - apenwarr - ’If you take a single pull request (PR) that adds a new feature, and launch it without tests or documentation, you will definitely get the benefits of that PR sooner. Every PR you try to write after that, before adding the tests and docs (ie. repaying the debt) will be slower because you risk creating undetected bugs or running into undocumented edge cases. If you take a long time to pay off the debt, the slowdown in future launches will outweigh the speedup from the first launch. This is exactly how CFOs manage corporate financial debt. Debt is a drain on your revenues; the thing you did to incur the debt is a boost to your revenues; if you take too long to pay back the debt, it’s an overall loss.’ Also: “Tech debt, in its simplest form, is the time you didn’t spend making tasks more efficient. When you think of it that way, it’s obvious that zero tech debt is a silly choice."
IT spending soars, generative AI investments barely leave a mark - These forecasts have been confusing in recent years. They’re always increasing, and yet the trends are always cost savings: ‘“Digital business transformations are beginning to morph,” said Lovelock. “IT projects are shifting from a focus on external-facing deliverables such as revenue and customer experience, to more inward facing efforts focused on optimization." The trend is reflected in where spending growth is highest. Gartner expects software, the fastest-growing segment, to achieve a double-digit growth rate of 14% on the year, as organizations reallocate spending to squeezing more value out of ERP and CRM applications, as well as other core platforms that deliver efficiency gains.’ // Also, yeah: with AI it’s way too early in the corporate planning and strategy cycle to be allocating lots of cash to it. It’ll just be small PoCs for at least a year.
No one has an “appetite for risk” - “I think there is a better way to express what we aim to express when we say ‘risk appetite.’ What we are talking about is the organization’s failure tolerance. How often is it okay for the organization to experience security failures? How big can the failures be (impact) and still be tolerable?"
personal organization - “Here’s my one piece of advice about personal organization: (calendars, tasks, planning, tracking): Think hard about your needs, pick a system, and then do not under any circumstances change it until at least one full year has passed."
Checking In on the State of TDD - Great round-up or the current thinking and research! But: Kids these days! “Look at it this way: 19 out of 20 startups fail. That means that odds are that you will never see this code again. You’d be a fool to spend any more time on it than absolutely necessary.” This is the kind of advice that’s fine for failed startups. And maybe even strategic if you’re just looking for a valuations run-up cash-out. But for #20, you’re just building your own legacy trap for you or the company that awaited you. Also, for enterprises, it’s worse: a bank is going to have that code for a decade or more and will be fucked in three to five years if it’s not well tested.
Also, even for the startups you’re just passing that tech debt onto whoever acquired you. “Merry Christmas,” to your new coworkers as you’re sitting in the pool all those TDD-free options bought you, and your new pals are working through the holidays to add some simple code ther should have only taken 15 minutes…if only there was a way to verify that it didn’t break anything.
What the Government Email Account Hack Says About the Future of Cybersecurity - Always be securing all the things.
Security Team Culture Matters - Being in security should be a happy job. // “Security and risk teams are more motivated and purpose-driven than others. As a 25-year cybersecurity veteran, this totally checks out for me. “Almost everyone I know in [IT security] is mission- and purpose-driven. They took on this job to protect others!"
Deploying the Swift Method to Modernize a Singapore Government Legacy System - Good description of what it feels like to be stuck in the legacy trap: “The [Singapore] government agency in this case study faced a similar issue with a legacy system that supported critical business processes, integrated with other business-critical applications, and was developed and maintained by third-party vendors. Over time, the codebase had become highly coupled within different business domains and contexts, making it difficult for developers to work on. This situation led to product development squads being slowed down by dependencies on the support team for this legacy system. The development squads also lacked confidence to make changes to this system themselves—given the low automated test coverage—and faced uncertainty about what they would be able to deliver for their own work streams independently.” You can see the original talk this is based on here.
In the face of volatility, CFOs—and their organizations—adapt - Belt-tightening watch. Lots of micromanagement and management by finance metrics ahead: “In the year ahead, CFOs plan to increase their focus on operational value drivers, management of KPIs, cash management, and capital structure. Other priorities have decreased in importance since Q3 2022."