I have another video today.

You've heard of pair programming and you probably think it's bonkers. Not many people benefit from this practice. Here, I go over how teams in the US military have been using pair programming to improve how they do software and spread that change to other teams. Some real DIGITAL TRANSFORMATION!

Check out the blog post I based this on, it has a lot more on how other agile practices are helping out programmers in the DoD. And, as I mention, of course, all them free books you can get.

Relative to your interests

• Passing the anxiety parcel - “And in organisations there’s a phenomenon I sometimes call anxiety pass the parcel… The higher you are up in the hierarchy, the more likely it is that you are going to be indulged by those below you, in trying to pass on to them your anxiety…. You think you are giving clear and direct leadership, but you’re also in a way, on another level, saying to the people below you here, you, you have my anxiety.”

• Chris Elliott’s Friday Night Videos Collection, 1987–88 - This is the kind of thing that I ate a lot of in my media diet as a kid. With decades of perspective, I am intrigued by how this kind of stuff influenced me and my overall style.

• Open Source Congress in Geneva - There’s a lot going on in the open source world at the moment, apart from licensing hijinks. Many more real-world things, e.g.: ’With the war raging in Europe, US/China rivalry heating up and AI promising to completely redefining our way of life, it is of little surprise that Open Source communities have increasingly heard alarm bells go off. As an overarching community, we’ve deal with export controls and suddenly being told to exclude contributors to projects. We’ve seen valuable contributors from certain countries excluded simply because of actions their leaders took that they had absolutely no path to influence. Some even fled their country and moved their entire families and lives. We’ve been asked how to handle contributions of AI generated code by hundreds of maintainers. We’ve had to defend and remind people that OSI is the organization that decides what licenses qualify as “open source” (particularly with SDOs). We’ve even had the perpetual “are you dead yet?” argument thrown around. Even if you consider just the regulatory issues facing open source in 2023 - including the CRA, PLD, AI Act (EU), Securing Open Source Software Act (US) and other examples - it is clear that the least various Open Source organizations can do is to educate the lawmakers on the consequences of their [in]actions and then prepare for the inevitable fallout (if they don’t listen). This includes preparing for things that will, if mandated by law, put an additional burden on all of Open Source organizations…' And, Roman goes on to list some.

• DevRel Management and Leadership: Guidance, Skill Development, and Book Recommendations.

• Banking as a service: The role of banks in powering the fintech industry - It does seem nuts to be a white-label bank, that is, someone else is the front-end and “owns” the customer: ’"As the low-cost provider to somebody else who owns the relationship, you’ve just sold your soul to the devil. … [W]e need to own the customer relationship, and we need to deserve to own the customer relationship through an offering that doesn’t need that fintech platform on the front end."’ // However, this is also the classic setup for disruption. The incumbent can’t go downmarket, follow the new model because it would damage their business, is not profitable compared to other things they could do, and just seems stupid. We’ll see.

Upcoming

Talks I’ll be giving, places I’ll be, things I’ll be doing, etc.

Sep 6th O’Reilly Infrastructure & Ops Superstream: Kubernetes, online, speaking. Sep 6th to 7th DevOpsDays Des Moines, speaking. Sep 13th, stackconf, Berlin. Sep 14th to 15th SREday, London, speaking (get 50% of registration with the code 50-SRE-DAY) Sep 18th to 19th SHIFT in Zadar, speaking. Oct 3rd Enterprise DevOps Techron, Utrecht, speaking. Nov 6th to 9th VMware Explore in Barcelona, speaking.

Logoff

There’ve been some good blog posts on the Tanzu blog recently, but they don’t seem to get many views. So I wanted to see if I could drive some traffic to one of them that I liked.

In the video above, I tried multi-cam editing but by filing one video (on my iPhone) directly into Descript, and another one (with my “real” camera) with QuickTime. Syncing them up in Descript was pretty easy. Detail has a better method for cutting between scenes (a very good, clever method, with key shortcuts, that cuts the video and switches to the other camera at the same time). It’s weird that Descript doesn’t have multi-cam recording, but, whatever.

Software people are bad at estimating

Here are three ways that software people (developers, mostly) are bad at estimating:

1. Estimating the feasibility of writing code for new features, that is, the risk of failure - if the new feature is difficult to impossible to write, or just doesn’t work altogether. Generally, it’s a lot harder than it seems because of all the things apart from the actual feature. What will the new feature conflict with, will it be compliant? Will the code changes mess something up? How about the new edge cases, exceptions, and error handling you’ll need? And, if you’re shipping in multiple countries, you’ll need to worry about regional differences, requirements, and laws.

2. How long writing and shipping new features will take. I’d start by tripling any estimate a developer gives - if their estimate was right, you’ll be happy. Of course, if they can demonstrate that they’ve kept their promises over the years, believe developers a little more. But even then, you’re going to be asking them to do new things, take new risks, so they’ll need to re-calibrate their velocity.

3. The value/impact of new ideas and tech. Developers generally think that new technologies are good and valuable…pretty much simply because they’re new. They’re very influenced by fashion (that’s how us thought leaders keep employed!), and very eager to try new things before they’re tested and proven. Before they’re “boring.” Developers will respond to this passion by wanting to do new things, often just because they’re cool. Sure, they’ll tell you there’s a - if they even use this term! - business reason, but, you know, it’s not like they got a study from Bain on that. Likely, it was just a blog post from someone at Netflix or Spotify. For example, serverless, microservices, kubernetes, etc.

This third is related to “resume driven development,” where developers pick a new technology to use to learn how it works and fancy up their resume. However, it’s not as direct as that: developers are always seeking better tools, methods, and thinking.

These new things may be better, but until they’re proven out, it’s very risky to use them in you’re a large organization. If you already have tools and methods that, basically work, you don’t want to take on the risk of using a potentially GROUND BREAKING new technology that, more than likely, will be less than that, and even slow you down.

In the past few years, many people suffered from this with kubernetes. Their developers said they could build out Kubernetes-based platforms, and many failed. There’s not a lot of conference talks from those people, but when if you’re trying to sell to infrastructure people, you hear those stories a lot.

Webinars are good

(Meta-note: I did this video today to test out Detail some more. I was looking for how quickly I could make a multi-cam video and do the round-trip, idea to publish. Detail still doesn't have non-destructive editing [at least, as far as I can tell you can’t go back to any clip and re-adjust your cuts, you can only got back in the Ctrl-Z undo queue), and I can't zoom the timeline in as much as I'd like. I like adding text to videos [you can see how the text is behind my head in the above thumbnail], but I couldn't figure out how to have the text appear for just a moment, instead for the whole "scene." I usually use Descript [or Lumafusion if I'm feeling "pro-am" or purely on my phone], which I'll stick to. I sure do like the whole vibe and mindset of Detail, though.)

Wastebook

• NPC syndrome - I always feel like I’m a character in someone else’s story. I feel bad for them, defer to them, work on what they need. I feel good about that when it goes well, shamed when it doesn’t, and resentful when I don’t get what I want. (I should think of myself more as the main character?)

• “Dads don’t say ‘rad.’”

• There’s really nothing new to say shout all the Twitter stuff. It just continues to be stupid and driven by a misunderstanding of…real life. Each wave brings some articles trying to analyze it, but the answer is all the same: that dude doesn’t know what he’s doing, and doesn’t know so much that he can’t tell that he doesn’t know. This is something. Also: people who are not “normal” will do weird things given the chance, power/money, and enough years to fart around. This can result in good, abnormal results (getting electric cars, rockets, satellite Internet into the market), but also results in a bunch of bad, abnormal results. Even a broken clock is right twice a day, etc.

Chart Party: CFOs and CEOs Prioritize Growth, While Other Priorities Differ Slightly

Relative to your interests

• “My Bluesky experience so far has been mostly terrible…” - “I really don’t like the website interface – it feels like something I might have put together myself. Notifications fail to clear, and the same posts are always just there for some reason. I don’t follow enough people, is no doubt part of the problem.”

• Does ‘Buy American’ Policy Make Sense? The Answer Is Key for Your AI Portfolio Too - “The bottom line isn’t that the digital revolution has had no impact on productivity, but that the gains from offices and factories introducing enterprise software and smartphones have mostly accrued to the makers of enterprise software and smartphones. American corporations rule the world because they make tech, not because they use it better.”

• AlmaLinux discovers working with Red Hat isn’t easy - Some follow-up, “how it’s going” meme-style stuff from the RHEL open source drama.

• Men are lost. Here’s a map out of the wilderness. - ‘Then there’s the point-by-point advice. If young men are looking for direction, these influencers give them a clear script to follow — hours of video, thousands of book pages, a torrent of social media posts — in a moment when uncertainty abounds. The rules aren’t particularly unique: Get fit, pick up a skill, talk to women instead of watching porn all day. But if instruction is lacking elsewhere, even basic tips (“Clean your room!” Peterson famously advises) feel like a revelation. Plus, the community that comes with joining a fandom can feel like a buffer against an increasingly atomized world.’ // Also, towards the end, the most action packed description of a Zoom call you’ll ever read. // Possible good traits: “Physical strength came up frequently, as did a desire for personal mastery. They cited adventurousness, leadership, problem-solving, dignity and sexual drive. None of these are negative traits, but many men I spoke with felt that these archetypes were unfairly stigmatized: Men were too assertive, too boisterous, too horny.”

• The DoD: A Compelling Case for Extreme Programming - Good overview of why/how the practices in Extreme Programming (XP) help the needs of the military, and fit the constraints and challenges they have. For example, spreading knowledge with paired programming manages high turn over in staff.

• Free Lunch - Some strong Amsterdam type vibes here. // “Free Lunch is an all-caps display font that would look comfortable in a butcher shop window. Or a lunch counter menu in 1955. Or printed on the waxed paper that wraps a half-pound of Swiss cheese from your neighborhood deli. A little playful, great for headlines and logos.”

  

• Workin’ for the Man - This is how most all request driven processes (you have to file a ticket) end up being gamed by users: “So I think the winning technique is simply to flood their input queue with issues and eventually one will find a chink in the armour and reach an intelligent human being who Just Fixes It.”

• Nobody cares about your blog. - The post is pro-blogging, obviously. We should try to bring back blogging (or blogs masquerading as newsletters, whatever). With the collapse of Twitter, there’s lots of text based people who need an outlet.

• Oracle’s revised Java licensing terms 2–5x more expensive - ’a hypothetical organization with 49,500 employees, all of whom are applicable for the “Named User Plus” (NUP) license as per the legacy subscription model. That organization is also running Oracle JDK on 5,000 processors, and as such would pay $742,500 for NUP licenses and $900,000 for processor licenses under the legacy deal. The new Universal Subscription model would cost it about $3,118,500, a 90 percent increase in price.’

• Why they’re smearing Lina Khan - Outcomes based regulation: “There is no measure so small that the corporate world won’t have a conniption over it. Take click to cancel, the FTC’s perfectly reasonable proposal that if you sign up for a recurring payment subscription with a single click, you should be able to cancel it with a single click. The tooth-gnashing and garment-rending and scenery-chewing over this is wild. America’s biggest companies have wheeled out their biggest guns, claiming that if they make it too easy to unsubscribe, they will lose money. In other words, they are currently making money not because people want their products, but because it’s too hard to stop paying for them!”

Upcoming

Talks I’ll be giving, places I’ll be, things I’ll be doing, etc.

Sep 6th O’Reilly Infrastructure & Ops Superstream: Kubernetes, online, speaking. Sep 6th to 7th DevOpsDays Des Moines, speaking. Sep 13th, stackconf, Berlin. Sep 14th to 15th SREday, London, speaking (get 50% of registration with the code 50-SRE-DAY) Sep 18th to 19th SHIFT in Zadar, speaking. Oct 3rd Enterprise DevOps Techron, Utrecht, speaking. Nov 6th to 9th VMware Explore in Barcelona, speaking.

Logoff

After reading an IDC report on Dell acquiring Moogsoft, I wrote a long piece with advice on hardware companies acquiring software companies. Also, a list of other types of acquisitions. I did this kind of work at a previous job (Dell of all places!), so I feel I have some first hand experience. However, since the place I’m working at is in the process of being acquired, it seemed like a bad idea to publish it. Maybe one day! Here’s an older (2016) piece on the topic - it’s not too great. The thing on estimating is from that longer piece.

The changing nature of “open”

In our tech world, the idea of “open” has changed a lot in the past few years. Instead of it meaning “open to everyone,” the classic notion of “open source,” now it more means “open to everyone except our competitors.”

Making money with open source is difficult

Running a high growth business on open source is difficult; you’re giving up on the easiest, most obvious thing to get paid for: the software itself. You can do an open core model where you are selling closed source software that uses/wrap around/ships with/improves/etc. the open source software. You can do the Red Hat thing where you sell support for your compiled open source project (and, I think, some closed-ish source “stuff” around it as well - this has become very confusing). But there’s not too much else. You have to come up with some excuse to charge people money for the free software. Or, the open source software can be part of an overall strategy that drives other revenue: the old razors and razor blades thing.

Once public cloud became mainstream, another model emerged: get paid to run and optimize the open source software. Run your Linux servers in the cloud, run your Postgres and Big Data stuff in the cloud, run your Spring Cloud stuff in the cloud, etc. This model works great for open source: the seller and the buyer get all of the benefits of open source and the seller can actually make money.

Attack of the channel!

The problem is that running a public cloud is expensive. Paying for all that infrastructure is expensive, and paying for the people who keep it up and running is expensive. So if each vendor wants to do it, they’re kind of stuck. They need to enter a new kind of business, being a managed service provider…a public cloud. Many have figured out this out as evidenced by the many SaaSes that are out there. I think most of them just use one of the public clouds and run their stuff on-top of it.

However, you then get into the problem of those public clouds wanting your business. Because you have open source, they could do exactly what you’re doing: sell operating the open source project. One of the first cases of this was Amazon running Elastic search. And there’ve been more, and there will likely be more. If there’s enough demand for running an open source project, the public cloud providers see an easy business model. And compared to their resources, the public cloud companies likely are better positioned.

To prevent this, many open source projects have tinkered with their licensing to basically say “this is totally open, except if you’re Amazon, Azure, or Google Cloud. But totally open and free for other people to use.” There’s all sorts of ways of enforcing this: it’s just fine-print shit, so who cares to catalog it?

Recently, Red Hat did this move as well, except it doesn’t really seem to be about public cloud providers. It was more focused on the classic problem of distributed open source projects, here, Linux. There were several “cloners” who would take the Red Hat Enterprise Linux source code, build it, and then sell it as a cheaper RHEL. Red Hat found a loop-hole (though, you only call it a loop hold if you don’t like it, otherwise, you just call “the license terms”) that would allow them to prevent their competitors from easily getting the source code. A close reading of the GPL license they use says that you only have to give the source code to customers, not everyone. So, Red Hat can decide that its competitors can not be customers, and, therefore, can not get the source code. Well, you can imagine the likes of Oracle, SUSE, and the others quickly figured out some tricks to get around that…sort of mooting the whole move by Red Hat?

Closing Up Open Data and APIs

There’s another type of “open” that’s long been morphing. In the 2000s, the people building the web were very interested in open formats: XML, JSON…things that were basically plain text that you could read. They were also interested in fully open and free to use APIs for everything. Famously, Instagram used this openness to help build its social network. You’d create an Instagram account and you could use the Twitter API to suck in all your friends there. Over thousands and thousands of people, this means Instagram can start to duplicate all of the social networks inside Twitter, for “free.” Twitter no longer allows this, and few other social networks do as well.

And, most recently, Twitter has been just shutting down free API access.

In the post-Twitter world, there’s a lot of talking about ActivityPub (the open protocol used by Mastodon) and whatever alternate thing Bluesky uses. While ActivityPub works for Mastodon - and, like, is Mastodon - so far all the promises of open APIs in the mega post-Twitter Twitters has been just that: talk. Perhaps they’ll come out! When they do, we’ll need to see just how open and flexible they are. Could you write a complete clone of the Threads app with full functionality?

And, of course, Reddit also messed with its free APIs locking out alternate clients.

AI

Most recently, Facebook opened its LLM framework, but if I heard right, only for people that have less than 700,000 active monthly users. This means people like IBM could take it and sell it to even their largest customers: JP Morgan Chase, for example, has “only” around 300,000 employees, which is, [checks math] much less than 700,000. (Well, OK, except for use by every solider in the US military, etc., and you’d have to slice up the US government “customer” into agencies and groups of agencies.) But, tp the public cloud companies and Facebook, it’s much more closed than open.

And when I use ChatGPT, the URL includes the phrase “OpenAI.” But…that’s not the type of “open” I knew in the 2000s. Here, I think “open” more means “has an API that you can pay to use.”

Waiting for the close of open

My sense, then, is that the nature of “open” is changing. There is much resisting from us old guard people, but you can start to see the Planck Principle playing out, perhaps not in a morbid way but more in “how much energy do I have left to give a shit” way:

A new scientific truth does not triumph by convincing its opponents and making them see the light, but rather because its opponents eventually die and a new generation grows up that is familiar with it

Here, there’s not a “scientific truth,” per se, but more a principle of how the web wants to be. Rather, how the people building the web want it to be.

It feels like those people increasingly aren’t really interested in open.

Here’s some long running experiments to test that hunch:

• Will Red Hat revenue from RHEL increase? If so, the users of RHEL care a lot less about “open.”

• What will ActivityPub look like in Threads, Tumblr, and other mega sites? Will it all naturally fit together with Mastodon, or be, like, weird? If it’s weird, both the people building the web and the users will care less about “open.”

• Will there be more cloud providers who have no commercial relationship with open source projects they run? Same.

We’ll see!

On-premises, air-gap Kubernetes Management

We have a great Kubernetes management tool, Tanzu Mission Control. But it’s only been available as a SaaS up to now. In enterprise sales, you always - always - eventually need an on-premises, off the Internet version. Militaries and spies use this, but there’s plenty of people who are heavily on-premises (based on four years of IDC estimates, I’d say that at least 50% of enterprise workloads are on-premises).

Anyhow! The most recent version of Tanzu Mission Control can run on-premises now. Air-gap and all that shit! Here’s an article about it, as well. Check out this interview I did with Corey Dinkens on the release. If you don’t like video, you can listen to the podcast.

Subscribe to this new .NET newsletter

My co-worker Layla started a new .Net newsletter, “Hooked on .NET.”

Subscribe if that’s your thing!

Who’s freaked out about AI, and who’s chill with it?

From Nicole Greene at Gartner: “38% of respondents to that same Gartner Consumer Community survey stated that they are very comfortable or somewhat comfortable, with an additional 27% taking a neutral position on the use of genAI in Marketing. That means 65% of consumers are mostly ok with marketers using genAI, and there are a lot of low risk ways to bring genAI to your marketing team right now.”

Wastebook

• If you listen to the opening of “Breezin'” at half speed there’s some new magical thing that happens. Somehow it did this by accident today, and I thought I’d put on some kind of super high quality setting that let you hear the studio for real. It was a slow waking up of the song, like morning coming up.

• “I mean, even if the Pope uses it, isn’t the purchase a bit expensive?”

• “A gentle breeze blows, Birds singing in harmony, Nature’s symphony. DevOps buzz abounds, But failures linger around, Words won’t fix the sound.” Here.

• Also: “continuously devops microserverless. with software and humans.”

• ‘The lover of life makes the world his family,’ he wrote. ‘He is an “I”, insatiable in his appetite for the “not-I”.’ Here.

Relative to your interests

• Lines of Code - When there’s no perfect and easy measure, you have to (“end up”?) use the ones you have that are good enough.

• 55 - AI-Powered Content Strategy, Claude 2 from Anthropic, and Major Google Bard Updates - A super-packed episode of using AI stuff for marketing.

• CMOs Need to Give Generative AI a Chance, Before it’s Too Late - “In fact, 53% of respondents in a recent Gartner Consumer Community survey stated that they think that genAI will strongly or somewhat negatively impact society.” // But if you break it down by industry, as they do with a nice chart, things are slightly different.

• People are getting fed up with all the useless tech in their cars - “Unsurprisingly, more people are choosing not to use their car’s native infotainment controls. Only 56 percent of owners prefer to use their vehicle’s built-in system to play audio, down from 70 percent in 2020, JD Power found. Less than half of owners said they like using their car’s native controls for navigation, voice recognition, or to make phone calls.” Meanwhile:

• What connected-car services are consumers willing to pay for? - There’s some fun stated-preferences versus revealed preferences in there.

• Change takes a long time - This is my new thing after five years of talking with large companies about digital transformation: it just takes a long time. There’s usually a lack of urgency, but this is a benefit for most of those large companies. The employees, management, and share holders want stability, predictability. Also, they don’t want to spend money unless they really, really…really…have to. Few people like change unless it’s needed.

• How to Write a Book in Three Days: Lessons from Michael Moorcock - “There’s always a sidekick to make the responses the hero isn’t allowed to make: to get frightened; to add a lighter note; to offset the hero’s morbid speeches, and so on.”

• What the Government Email Account Hack Says About the Future of Cybersecurity - Always be securing all the things.

• personal organization - “Here’s my one piece of advice about personal organization: (calendars, tasks, planning, tracking): Think hard about your needs, pick a system, and then do not under any circumstances change it until at least one full year has passed.”

Things I had ChatGPT summarize for me: Identifying Key Industry Analysts; IBM Acquires Apptio for Hybrid Multi-Cloud FinOps; How Five Companies Built to Outcompete; Product and Platform Shift: Five Actions to Get the Transformation Right; Characterizing People as Non-Linear, 1st Order Components in Software Development; IncrementalOps: A New Approach to IT Operations; If Your Innovation Effort Isn't Working, Look at Who's on the Team; The GigaOm Pivot - Rebuilding the Analyst Business for the Digital Enterprise; What’s Wrong With the “What’s Wrong With Men” Discourse; China notes, July '23: on technological momentum; The New Media Goliaths; VMware’s Alex Barbato on How Agencies Could Enable DevSecOps Teams to Advance IT Modernization; VMware Tanzu Mission Control Self-Managed Announcement; Kubernetes: Innovation Enabler Or Implementation Detail?; Infosecurity Europe 2023, Forrester’s Thoughts; Is DevOps Tool Complexity Slowing Down Developer Velocity?; Dell Technologies Announces Intent to Acquire Moogsoft.

Upcoming

Talks I’ll be giving, places I’ll be, things I’ll be doing, etc.

July 19th Improving FinTech with cloud native think, speaking. July 19th Stop Tech Debt and Start Using Faster, More Secure Paths to Production. Sep 6th O’Reilly Infrastructure & Ops Superstream: Kubernetes, online, speaking. Sep 6th to 7th DevOpsDays Des Moines, speaking. Sep 13th, stackconf, Berlin. Sep 14th to 15th SREday, London, speaking Sep 18th to 19th SHIFT in Zadar, speaking. Oct 3rd Enterprise DevOps Techron, Utrecht, speaking.

Logoff

See y’all next time!

Ever wonder why there’s not more t-shirts at tech conferences? Marketing people hate getting t-shirts for booths at conferences. In last week’s Tanzu Talk about platform marketing I went over why:

Tech conference attendees love t-shirts. They’re also good for brand- and idenity-marketing: if you’re wearing the shirt, you’re likely a fan. Or, at least, you tolerate the brand.

You don’t see a lot of t-shirts at tech conferences because marketing people usually hate t-shirts. Here’s why

First, t-shirts are expensive compared to, say, pencils or other weird, branded doo-dads. But, there are even more annoying aspects.

Second, you have to decide what’s on the t-shirt. Even if it’s more than just a simple name, do you put that centered on the front, on the sleeve, the back? Then there’s type: do you have a polo shirt, a t-shirt… will programmers wear a polo shirt? How about ops people? And if you want a new, custom design on your shirt: forget about it. That’s going to be a lot of meetings. It’s a bunch of bike shed meetings.

Third, how many of each sizes and styles do you get? Predicting the right distribution of sizes it tough. You have to anticipate how many of each size (XS, S, M, L, XL, XXL, XXXL, etc.) will be needed. Additionally, geographic factors must be taken into account as American sizing differs from that used in other parts of the world. Predictably, American sizes are larger than European sizes.

The cut of the shirts is a related issue: how many “regular” versus women’s cut do you get?

Back when I helped with the planning and booth staffing for DevOpsDays at Pivotal, I used to be pretty good at predicting the size and cut splits for DevOpsDays. But this was built up over years of experience for a specific conference for a specific type of attendee.

You can imagine picking a t-shirt cut adds another uncomfortable dimension to this planning: you have to think about people in terms of body size and gender, and predict how many will be at the conference. This is something our corporate training (and, you know, the general goal of trying to be a better person) tries to rip out of your brain and corporate decision-making machine. You’ll literally be talking with co-workers saying things like “well, this is the American mid-west, so we better order more XXL’s than we do for Amsterdam” or “well, this is Bologna, so order a lot less women’s cut than we would for San Francisco.” (And by the way, should I even be saying “women’s cut”? I guess “fitted”?)

Forth, shipping these t-shirts introduces even more potential problems. If your conference is outside of your country (or, like, the EU), you’re gambling that customs won’t hold up your shipment. Or, you’ve figured out how to pay customs, adding expense and complication. Also, the shipment might just get lost. I’ve seen both of these happen a lot over the years. In addition to being held up and the additional cost and cognitive load of dealing with customers, what do you do when the box does finally show up, days after the conference? Do you talk with the conference people and somehow ask them to ship it back? Will FedEx/DHL/etc. do that for you? Or just you abandon the t-shirts?

Speaking of, fifth, once the conference is over you, there's often a surplus of leftover t-shirts. These typically fall into the extreme size categories of XS or XXXL, leading to unnecessary waste and inefficiency. And, even if you got past customers, you need to figure out shipping the t-shirts back. This is actually the easiest part, really. Most conferences have a courier come to pick things up, or you can schedule the pick up. Then you just ship a return label with the box, ask the people doing the booth work to tape the label on (make sure to ship some packing tape and scissors in the box!), and make sure the box gets the courier.

T-shirts seem like a really good idea, but they’re super tedious and costly to do at a conference. It’s why you don’t see more of them. It does mean, however, that they’re one of the rarer and more valuable things. Also, the bigger and more mature the company, they more capabilities and knowledge they should have about t-shirts. Big companies should be the ones giving away the most! But, since they’re often so penny-pinching, big companies don’t give t-shirts away too much. Oddly, it’s the smaller companies, the startups. This is likely because they’re being asked to burn money (rather than save it), the marketing people are probably more, like, “go getters,” and they might just be a little naive about how annoying it all is.

I think a vendor should always have t-shirts. It’s worth all the problems to get that brand and “in the club” feel. But, I wouldn’t want to be the one in charge of it.

(I wrote a long post years back on designing tech conference t-shirts. I should find that!)

Relative to your interests

• A4 Issue 1 July 2022 – Notes from the Drawing Board - This kind of thing is fantastic.

• Throw someone a pep rally - Two thumbs up!

• “that’s the American spirit!” - Yes, exactly this: “America’s public culture really does valorize pragmatic problem-solving.” As he writes, for example: “I remember going to Germany in, I think, 2009 with a small group of American journalists. We were in some eastern city in a van driving down a narrow alley when we had to stop because there was a Smart Car incorrectly parked in the alley, leaving us with no space to pass. Our van driver couldn’t back out and he couldn’t go forward, so he said we’d just have to wait. A middle-aged American woman in the group said that was absurd, and that yours truly and a few other younger guys on the trip could just get out, pick up the Smart Car, and move it. The driver said, “no, no, no, it’s not possible.” But she insisted that the four of us get out and move the car, and so we did, kind of like in the Mentos ad. We got back in the van, and she said to the driver very definitively, “that’s the American spirit!” // Now, that said: you have to also remember that after millenniums of war, Europe has been at peace for 78 years. So, things are going well on that front, perhaps the most important of all things.

• 202306 - ’If you take a single pull request (PR) that adds a new feature, and launch it without tests or documentation, you will definitely get the benefits of that PR sooner. Every PR you try to write after that, before adding the tests and docs (ie. repaying the debt) will be slower because you risk creating undetected bugs or running into undocumented edge cases. If you take a long time to pay off the debt, the slowdown in future launches will outweigh the speedup from the first launch. This is exactly how CFOs manage corporate financial debt. Debt is a drain on your revenues; the thing you did to incur the debt is a boost to your revenues; if you take too long to pay back the debt, it’s an overall loss.’ Also: “Tech debt, in its simplest form, is the time you didn’t spend making tasks more efficient. When you think of it that way, it’s obvious that zero tech debt is a silly choice.”

• DevOps and Cloud InfoQ Trends Report – July 2023 - Trends!

• The Rise Of DIY In FinOps - “But some DIY efforts do work. These tools are generally powered by teams of between 15 and 45 engineers acting as a dedicated product and support team that builds new capabilities, maintains and updates the tool as new cloud services emerge, and troubleshoots any existing user issues. The most famous example is Target, which dedicates two teams focused on the data pipeline, data acquisition, dashboards, and engineer persona application and has built everything from the ground up.”

• No one has an “appetite for risk” - “I think there is a better way to express what we aim to express when we say ‘risk appetite.’ What we are talking about is the organization’s failure tolerance. How often is it okay for the organization to experience security failures? How big can the failures be (impact) and still be tolerable?”

• IT spending soars, generative AI investments barely leave a mark - These forecasts have been confusing in recent years. They’re always increasing, and yet the trends are always cost savings: ‘“Digital business transformations are beginning to morph,” said Lovelock. “IT projects are shifting from a focus on external-facing deliverables such as revenue and customer experience, to more inward facing efforts focused on optimization." The trend is reflected in where spending growth is highest. Gartner expects software, the fastest-growing segment, to achieve a double-digit growth rate of 14% on the year, as organizations reallocate spending to squeezing more value out of ERP and CRM applications, as well as other core platforms that deliver efficiency gains.’ // Also, yeah: with AI it’s way too early in the corporate planning and strategy cycle to be allocating lots of cash to it. It’ll just be small PoCs for at least a year.

Upcoming

Talks I’ll be giving, places I’ll be, things I’ll be doing, etc.

July 19th Improving FinTech with cloud native think, speaking. July 19th Stop Tech Debt and Start Using Faster, More Secure Paths to Production. Sep 6th to 7thDevOpsDays Des Moines, speaking. Sep 13th, stackconf, Berlin. Sep 14th to 15thSREday, London, speaking Sep 18th to 19th SHIFT in Zadar, speaking. Oct 3rd Enterprise DevOps Techron, Utrecht, speaking.

Logoff

Tonight, I have my last online talk of the month - for a long time actually. It’s with Alvin from Forrester. They’ve put a lot of thinking into modeling and planning taking care of legacy IT stuff. We have it planned out as, you know, podcast-y discussion. I’m looking forward to learning a lot from him. Check it out!

After that, it’s hopefully time for a lot of content creation. Hopefully, this will mean helping out some of my marketing friends with stuff they need and plans for engagement and that shit. Also, I have a list of tiny videos I want to make. Do they work? WHO KNOWS. But, they’re fun and satisfying to make.

We’re back from a three day weekend in London for our anniversary. I tried very hard to eliminate all “productivity,” so I have very little to say today. I did want to ADVERTISE for a thing I have tomorrow. So I’ve gathered up some waste book for you today.

Wastebook

• We should revise the Peter Principle not to be insulting (reached the level of your incompetence), but burnout driven: reached the level of being able to put up with more bullshit.

• “I know my price. Because I developed my identity outside of work, there’s a cost that comes when work infringes upon it—if it ever costs me a larger part of my identity and my life, I know it’s not worth it.” Here.

• I like systems that can be successfully applied, with only medium effort. It must be executable by many organizations, not just the exceptional ones. This principle weeds out the systems that sound good, but can never be done widely. It can be hard for the genius to come up with the perfect systems, but should be easy for us regular folk to implement it. This applies to individuals as well. Related:

• If you’re so smart, why are we all still so dumb?

• There’s tasks that need to be done by a date. And then there are tasks that have the potential to help me meet goals I don’t even know I have yet.

• In praise of source cream - It is good. Despite growing up eating Tex-Mex, it is something I never really got into until recently.

• Travel hack: you only have to keep the tray table up during landing and take off. So if you’re waiting for the plane to load and take off, you can put it down. I like to hunch over while I’m waiting, you know reading books or news or whatever. So I put the tray table down to lean on it.

• This is a good book, and I enjoyed reading it.

Tomorrow Darran Rice and I are going to be talking about how cloud native apps can make your financial services strategy better. Plus, a little security, legacy software fixes, etc. Watch it live, July 19th at 3pm Amsterdam time, and you can ask questions. Or, just save it to watch later.

Upcoming

Talks I’ll be giving, places I’ll be, things I’ll be doing, etc.

July 19th Improving FinTech with cloud native think, speaking. July 19th Stop Tech Debt and Start Using Faster, More Secure Paths to Production. Sep 6th to 7th DevOpsDays Des Moines, speaking. Sep 13th, stackconf, Berlin. Sep 14th to 15th SREday, London, speaking Sep 18th to 19th SHIFT in Zadar, speaking. Oct 3rd Enterprise DevOps Techron, Utrecht, speaking.

Logoff

See y’all next time!

Beware of High Expectations in Enterprise Tech

Here are three charts.

First, while everyone is freaking out about AI, it’s had little impact thus far:

Second, since 2020, usage of cloud seems to have leveled off at a 50/50 split between on-premises and public cloud:

But don’t worry, everyone is planning to move more to public cloud in the next three years. At least that’s been the case for the past seven years:

There are some rules of thumb for the impact of new enterprise technology here:

1. It will probably take much longer than you think.

2. The business value you achieve will probably be less than you think.

3. There’s not as much urgency to “transform” as us vendors would like you to believe.

The AI craze is an especially interesting case for me. It is clearly a big deal. I never used Docker, but the first usage of ChatGPT is what it must have been like to use Docker. You don’t believe what’s happening, it’s so effortless, and you can immediately start getting value from it.

For enterprises, however, things are more complicated. Just as you wouldn’t want your developers doing whatever they wanted with Docker - especially just downloading images of the Internet and, like, using them to run your paycheck processing, missile guidance, or just where to ship this box of celery systems - you don’t want ChatGPT just running around willynilly inside your enterprise. Even more: it can’t. You can’t just upload everything to ChatGPT and have it do wonderful things. Believe me: I’ve tried!

You can imagine all sorts of stupendous improvements to how a company operates if they unleash AI on everything. But, it will be less stupendous that we think, and take much longer. First, you’ll need to make sure all the governance and (as we’d say in the consumer world) privacy concerns are taken care of. This isn’t just about annoying lawyers and security people being annoying, it’s often to comply with regulations and laws. And it’s often a good idea!

Then, you have to figure out a way to actually load all that data into THE AI MACHINE. Access to all that corporate data across old ERP systems, CRM systems, Salesforce, email, Sharepoint, Google Docs, etc., etc. is already fraught and difficult. We’ve tried “data lakes” and…well? One of the main issues here is paying for all of that.

If you’ve ever tried to do what seems like simply pulling information from Salesforce or other ERP systems, you know what I mean. You rarely can just do what should be simple. First, you need access. And you’re going to have a get budget for that. Second, you need to actually understand the format the data is in. Third, you need the skills to actually find, clean, transform, and build reports out of that data. What this means is that you can’t do it alone: you always need to know “a guy” who can do it on the side for you. (Sidenote: if you’re working in a big company, always be looking out for this “guy.” If you see some really good charts or data in a presentation, ask who put that together and take that person to lunch so that you can ask them for help in the future.)

ChatGPT like systems could make this all much, much better. But it will take time, and it might not just, like happen as fast or as broadly as you think. Compare that to the public cloud usage in the above charts. We all know that using public cloud makes totally sense for any given apps. We all know that there are very few technical reasons to do it. We all know that the costs are, at worst, net-neutral. And yet…it’s going to take us three years to get there, apparently.

Why so slow?

This emerging technology adoption ass-dragging is driven by numerous things. The price to use new technologies and switch over to use them is often too high to easily deal with. If you’re serious about building an app platform on-top of Kubernetes, you’re going to pay a lot more money than you think. For a the smallest enterprises (let’s say, 5,000 to 10,000 people or more), you’re talking about millions of dollars a year. That can be either in staff if you want to DIY, buying vendor/public cloud services, etc. Just paying for the operating systems - a “free,” open source operating systems! - is going to cost millions. I have no idea how RHEL pricing works at this scale, but if you look at Salesforce’s numbers (moving 200,000 servers to RHEL), they feel like what big banks, large retailers, large government agencies, and other enterprises would face. That’s got to be, again, millions of dollars a year.

These costs are often worth it. You need computers and I’ve heard software is eating the world. However, when you introduce a brand new technology with such a steep price, you’re talking 12 to 18 months to get going. Enterprises work on annual budgeting cycles. If they’re using a regular calendar year for their fiscal year, you start “socializing” your budget needs around October, figuring out what you need, making deals with peers, sniffing out what your budget approvers actually value and will approve, getting your PowerPoints all prettied up with arts and crafts. Then you pitch it towards the end of the year. The budget is approved, then everyone disappears for two to three weeks for the December holidays. You come back in January, sort of putter around for a couple of weeks, and then you start finish talking with your vendors and public cloud people (who, hopefully, you started talking with back in October), finally selecting one to go with. Then you need to install the thing. But first you’ll need to talk with he networking and storage admins. The compliance and security people are going to want to see things. Also, you’ll need to update some training in the cloud center of excellence. And before you know it, a quarter has passed. You’ll have to spend a week or so preparing your quarterly review - more arts and crafts - to report on the status of it.

And so forth. (Also, I forget dealing with procurement. It’s hard enough to get an enterprise to pay for a $100/year expense, let alone $1.4 million.)

Then October rolls around again. Us vendors are like, “hey, how’s your consumption of this stuff: I gotta maintain the ARR, do some LTV farming…could you introduce me to that other group? I they’d like some steak dinners….”

Then, all of the sudden, those goofballs in the bond department screwed up their inflation estimates, and next thing you know another bank is buying you. “We’ve got some other things we need to handle now,” you tell your steak dinner friend.

You’ll get the stuff going eventually. You’ll get benefits from the new technology for sure - just ask us vendors to carpet bomb you with case studies! This shit is for real. It’s just that it’s for real once you get it all setup and learn how to do it.

It’ll take a lot longer than you think.

The revelation of reality

The Gartner hype cycle describes another phenomena here: inflated expectations. You’ve heard that AI (or public cloud, or cloud native, or CRM systems) is stupendous, revolutionary. There’s case studies from early adopters. But you haven’t actually used it yet. The hundreds (thousands, even) of people in your organization haven’t used it yet. You customers have not experienced its effects yet, and so forth.

Until you actually get your hands on it, at scale (not just some early PoC’s) you won’t know how stupendous it is in your organization working within your constraints and taking advantage of your capabilities. Getting to that point takes at least a year, often more to get more organization wide usage.

You can certainly get a better and better sense as you go along. You have to build in bureaucratic humbleness that is willing to learn and observe itself in action to get that sense. You have to be careful with your first impressions. What the hype cycle is telling you is that they’ll be inflated.

ChatGPT is a good example here. Once you use it day in and day out for months, you adjust your astonishment at it. It is amazing! But it’s now where near the level of earth shattering that the anti-AI people make it out to be.

Listen, it sounds like I’m being a wet-sandwich here. But it’s the opposite. The hype cycle has another mind-trick in it. After the peak of inflated expectations, everyone gets disappointed and you go into the trough of disillusionment. You get upset! You get letdown! (And when it comes to public cloud, all the on-premses vendors smell the delicious disappointment at migrating to the new and swarm - steak dinners galore!)

If you know that expectations are false, that it will take a long time to get the stupendous returns, you won’t get disillusioned. You’ll be smarter, reality will be revealed.

The rotting core

The other thing you have to keep on eye on is spending too much attention on the stupendous new thing. Meanwhile, you have the existing business to run, the existing systems to operate and optimize. I suspect that most of the benefits you can achieve from IT come just from doing what you’re currently doing better. For example, if you look at how you do software development, you probably call it “agile,” but most people are probably not following the actual practices.

A cool trick is to ask these agile teams how frequently they ship software. If it’s not at least monthly, you can probably do some improvements. And the improvement is probably just putting in some automation, talking with auditors to show them that that automation means they can trust you systems more and, thus, have less meetings about each release. Are you actually doing pair programming? What are your test coverage numbers? Are you actually standing up in your stand-up meetings?

I’ve studied the problem of rotting, neglected systems in large enterprises for the past two years and it is a big, big problem. One of my co-workers said at his previous job, at a big bank, they were spending near 50% of their time just on fire-fighting, upkeep, and dealing with compliance. As he said, time spent on that is time stolen from making the business better. And, also as he said, there’s well known, proven practices and technologies that could improve that 50%…you’d just have to actually decide to do it.

The issue with this rotting core is that (a) it’s boring compared to, like, AI, and, (b) it’s really hard to make a business case for addressing rot in your IT systems and software. It’s not going generate direct revenue, so unless your organization thinks in terms of running more efficiently (speeding the workflows your software does - for example, speeding up approving insurance applications or doing case management) and values agility, the business case is going to be difficult. Corporate strategy is a zero-sum game: those who win take from those who lost. There’s only so much budget and time that a company has. So if you’re pitching “just do what we do now, but better” versus “implement AI to revolutionize our business!”…it’s going to be tough.

The software factory

Most corporate strategy think doesn’t value well maintained software. The people making strategy decisions in enterprises seem to of software as one-off, install it and forget it projects. You have to think about your overall IT estate as a factory. Just as a you would spend a lot of time maintaining and optimizing your factory, you have to do the same with your IT “factory.”

I suspect that many organizations could get huge improvements just by getting better at what they’re currently doing.

That’s seemed to be the case business wise in the past decade. For example, banking startups were supposed to destroy traditional banking. Instead, existing banks just got better…without really changing how their business functions and what they do. And, as the public cloud charts show above. Well. That hasn’t rocked the world (but it will over the next three years!)

Two stupendous beguilement traps you should navigate right now

There’s two things going on right now that you can immediately apply this to.

Kubernetes

First, make sure you get realistic expectations about Kubernetes. The overall ecosystem has hyped the shit out of it, myself included many times. But if you look at actual adoption, it’s incredibly small. There’s probably about 10% of enterprise applications running in containers now, less in Kubernetes. There simply has not been enough use of kubernetes in enterprises to know if it’s a good or bad idea, let alone how much of a good or bad idea it is.

Don’t let Kubernetes migrations become a distraction from just improving how you currently work.

Instead, you need to setup a system - a culture, if you’re a DevOps fan - of learning and experimenting to figure out if Kubernetes will work for you. There’s a huge knowledge and experience vacuum when it comes to Kubernetes, and the strategic engineering move now to is fill that vacuum and then start making big decisions.

Platform engineering

Second, make sure you understand what platform engineering is before you launch big plans to transform how you do everything. Platform engineering is just DevOps under a new name. (At least that’s what I think this week.) At most, platform engineering just adds in internal developer collaboration tools (in the form of IDPs). Platform engineering might include building and running your platform-as-a-service…eventually.

But if you think through all the things in the umbrella of platform engineering, it’s too much. In a large enterprise (or even a small one), one group doesn’t have enough time, enough cognitive load to manage the tools developers use, the runtime environment they use, the middleware they use, and also do all that magic DevSecOps (pardon me, I mean PlatformEngineeringSecOps), and…all the other stuff. If you have a mature, proven platform like the Cloud Foundry ones, sure. There’s all sorts of people building platforms like that on-top of Kubernetes right now - so you can start with one of those instead of building your own. (You could also just short-circuit all of that and hand over the platform building and running to the public cloud - the dream!)

But people in enterprise IT are obsessed with building custom, bespoke platforms. I mean, builders like to build.

Most every enterprise I’ve ever talked with has numerous reasons why they’re different, why they can’t just use an off-the-shelf platform, and, thus, why they need to customize it. For the most part, their reasons are false. And, in most cases, they’re very common reasons that all of their peers and other enterprises have. And, as such, those reasons have been taken care of in the off-the-shelf platforms. Rather than change the unique constraints that drive the need to build their own platforms, these organizations work keep those constraints and are forced to build around it. It’d be like if you had to build a custom bed around an old radiator instead of just removing the radiator.

With the DIY platform mentality, you’re building a complex system, and you’re going to need a complex meatware system to manage it. “Complex systems build complex systems.” You’re probably already in a flywheel of doom made up of two complex systems - your software and your meatware - that’s making things more and more complex as the quarters tick by.

In that kind of system, you’re always going to need separate developer tools groups and separate platform operations groups. You can only break down silos if you put, as we used to say, an opinionated platform in place that standardized and centralizes what you do.

Have you tried actually standing?

So if you’re launching a Kubernetes and/or platform engineering, uh, “strategy” or “program,” figure all that out. Don’t have inflated expectations. It’s probably better to just, like, call in the DevOps Engineering team and the application development team, let’s see, the infrastructure management team, the security team…hell, get all the silos in one room, and ask them “so, tell me some daily tasks that we could be doing better. Are y’all actually standing up in your stand-up meetings?”

IncrementalOps

You’ve got to keep an eye on the new stupendous stuff. You should always be doing several projects to try it out. Not just “pilot” it or do a “PoC,” but to actually do real work and make sure you’re following a process to learn from it. If you think AI is going to be a big deal, spin up three projects that are directly connected to how the business runs and check in every month to learn what works and doesn’t work. You can’t do a business case for that. You just have to do it.

But, at the same time, spend a lot of your time just improving how you’re currently working. Remember, five years ago you did all of that transformation work, right? Maybe it’s time to go back and make sure you’re still following the practices and doing the things. That you haven’t just reverted to the old habits.

You know, instead of sitting, try actually standing up in your next stand-up meeting.

If you’re into the above kind of stuff, you should subscribe to my newsletter. It’s full of topics like these a few times a week, plus links I’ve found and other fun oddities to look at.

Subscribe!

Upcoming

Talks I’ll be giving, places I’ll be, things I’ll be doing, etc.

July 19th Improving FinTech with cloud native think, speaking. July 19th Stop Tech Debt and Start Using Faster, More Secure Paths to Production. August 21st to 24th SpringOne & VMware Explore US, in Las Vegas. Sep 6th to 7th DevOpsDays Des Moines, speaking. Sep 13th, stackconf, Berlin. Sep 14th to 15th SREday, London, speaking Sep 18th to 19th SHIFT in Zadar, speaking. Oct 3rd Enterprise DevOps Techron, Utrecht, speaking.

I’ve got what I hope will be a podcast-y type version of a webinar series I just wrapped up. I don’t know: something like a after show special where we talk about the series?

It’ll be live next week, on July 19th at 3pm Amsterdam time (check you local listings).

We did a good job in the series talking about how cloud native apps and thinking gives banks and other financial organizations new capabilities, how it changes, for the better, how you do security and compliance, and how to start thinking about modernizing all those legacy applications.

Get a reminder to watch it

You can watch it in LinkedIn, or YouTube if you prefer that. Come with some questions! We didn’t get any during the webinar series.

Logoff

I think I accidentally worked out the outline for my keynote at DevOpsDays Des Moines!

Finding an estimate of how many developers there are in the world is difficult. Oh, there’s plenty of people making estimates, but those estimates vary so much that the estimates are suspicious.

For example:

1. Microsoft/GitHub recently said they now have 100 million developers using GitHub.

2. “We estimate that, as of Q1 2023, there are 35.6 million active software developers in the world,” says Slashdata (who the CNCF uses for surveys).

3. Evans Data (by way of Statista) estimated that 25.6 million in 2021 and forecast 27.7 million in 2023.

4. In 2022, IDC said: “worldwide professional developer census, which IDC places at just under 16 million in 2022.” This is up from 11 million in their estimate for 2014.

Those spreads are pretty bonkers, huh!

Out of those, I’d trust IDC the most. This isn’t exactly apple-to-apples: IDC’s numbers are for paid developers, not just “hobbyists.” That’s fine, though, because when I’m interested in this number, I’m usually wearing my “pay the bills” hat and am only interested in professional developers.

If I could find the breakout between pro and hobbyists in the Evans data, I’d probably go with the Evans data. I usually go with IDC on any IT estimates, but Evans specialize in developers and have for years.

If you look back at IDC’s 2014 estimate, as summarized in The Register then you can get a sense for the hobbyiests: “11 million working as software developers and a further 7.5 million ‘hobbyist’ [as] developers.” So if we take those percentages, it’s 40%/60% between hobbyists and pros. Applied to the 2022 estimate, that’d get you, like, 26.6 million developers total. And, then, that lines up well enough with Evans' too.

(You could make an argument that since 2014 interest in programming has risen, access to computers and education has gone up, etc., etc., and say that the hobbyist share has grown, but, whatever: I’m a round numbers, “smells about right” kind of person once things get into the tens of millions.)

So, if I was going to use something, I’d say “around 16 million professional developers, probably something like 26 million total developers if you include people doing unpaid farting around.”

I’ve got what I hope will be a podcast-y type version of a webinar series I just wrapped up. I don’t know: something like a after show special where we talk about the series?

It’ll be live next week, on July 19th at 3pm Amsterdam time (check you local listings).

We did a good job in the series talking about how cloud native apps and thinking gives banks and other financial organizations new capabilities, how it changes, for the better, how you do security and compliance, and how to start thinking about modernizing all those legacy applications.

Get a reminder to watch it

You can watch it in LinkedIn, or YouTube if you prefer that. Come with some questions! We didn’t get any during the webinar series.

Wastebook

Relative to your interests

• Security Team Culture Matters - Being in security should be a happy job. // “Security and risk teams are more motivated and purpose-driven than others. As a 25-year cybersecurity veteran, this totally checks out for me. Almost everyone I know in [IT security] is mission- and purpose-driven. They took on this job to protect others!”

• Deploying the Swift Method to Modernize a Singapore Government Legacy System - Good description of what it feels like to be stuck in the legacy trap: “The [Singapore] government agency in this case study faced a similar issue with a legacy system that supported critical business processes, integrated with other business-critical applications, and was developed and maintained by third-party vendors. Over time, the codebase had become highly coupled within different business domains and contexts, making it difficult for developers to work on. This situation led to product development squads being slowed down by dependencies on the support team for this legacy system. The development squads also lacked confidence to make changes to this system themselves—given the low automated test coverage—and faced uncertainty about what they would be able to deliver for their own work streams independently.” You can see the original talk this is based on here.

More: The importance of on-premises applications and infrastructure; Managing negative emotions and cultivating happiness; VMware Tanzu and VMware Aria adapting to multi-cloud industry trends; Potential discussion on DevOps trends; WE CAN VIRAL IT FOR YOU WHOLESALE.

Upcoming

Talks I’ll be giving, places I’ll be, things I’ll be doing, etc.

July 19th Improving FinTech with cloud native think, speaking. July 19th Stop Tech Debt and Start Using Faster, More Secure Paths to Production. August 21st to 24th SpringOne & VMware Explore US, in Las Vegas. Sep 6th to 7th DevOpsDays Des Moines, speaking. Sep 13th, stackconf, Berlin. Sep 14th to 15th SREday, London, speaking Sep 18th to 19th SHIFT in Zadar, speaking. Oct 3rd Enterprise DevOps Techron, Utrecht, speaking

Logoff

Now that summarizing is working again in ChatGPT, I thought I’d try putting in a list of things I asked it to summerize, but did not bookmark to list an official link. That’s what the “More” paragraph is in the links section above. It’s like that Matt Levine/Harper’s style of mashing it all together. An “official link” means I’ve extracted some quote and/or added a comment of my own, bookmarked it, posted it to my blog and Mastodon, and probably promoted it on some other social holes. These ones are from the cutting room floor.

Only 22% of software developers say they have a clear understanding of what they need to do to comply with security policy, to make sure the applications they're writing for their organization, are good in a security sense.

Now, it'd be easy to say the developers are just dopes and they don't know what they're up to. But I think what this is indicating is that figuring out how to practically do security policy at the software layer is difficult.

And that's where this concept of “shift left” comes in.

The idea of shift left comes the Extreme Programming and agile world where you are bringing unit testing closer to developers, and then from DevOps where you’re doing the same with automation and configuration, and even releasing and managing software.

You're bringing it all of that “left” into the application lifecycle, close to when the app code is being written.

That kind of literally makes sense. But nowadays, when you start hearing about shift left for security, that shouldn’t mean having the developers take on even more responsibilities.

If only 22% of them even know what they should be doing, you should probably not ask them to do security things. My colleague Darran recently called this “shift left and leave.” Instead, I think you need to “shift left and stay.”

What shift left means in a security and compliance context nowadays is moving your security and compliance activities closer to that part of the application lifecycle, where the coding is actually done.

What this often means is automating a lot of the checks, and also enforcing a lot of the compliance you have. You do this by using things like default templates and setting up for your developers to take full advantage of how cloud native architectures let you split up and divide things. Darran and I discussed what that means in our talk today.

There's another thing that Richard Seroter, mentioned recently, which is the idea of “shifting down,” which is to say, if you have the opportunity to just build something like security and compliance into the platform, to just remove it from anyone's concern, you should definitely focus on that. As analogies, you can think about at a very basic layer like file services, networking, even the way that UIs are rendered on screens. All of these have been “shifted down” into the stacks that app developers use. This was not always the case!

So if you're thinking about shifting security left - which people sometimes talk about is “DevSecOps” or even “secure software supply chains” - don't assume that means having your developers do a lot of work. Remember: only about 22% of them really know what that means!

Instead think about how you can go back into the application lifecycle and add security earlier in the application lifecycle. There’s a lot of new capabilities you’ll have if you’re using cloud native architectures, platforms, and thinking.

https://substackcdn.com/image/fetch/w_424,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F85f30641-3576-4bfa-a461-f342f20b2f7c_970x702.png 424w, https://substackcdn.com/image/fetch/w_848,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F85f30641-3576-4bfa-a461-f342f20b2f7c_970x702.png 848w, https://substackcdn.com/image/fetch/w_1272,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F85f30641-3576-4bfa-a461-f342f20b2f7c_970x702.png 1272w, https://substackcdn.com/image/fetch/w_1456,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F85f30641-3576-4bfa-a461-f342f20b2f7c_970x702.png 1456w” sizes=“100vw” loading=“lazy”>

Relative to your interests

• In the face of volatility, CFOs—and their organizations—adapt- Belt-tightening watch. Lots of micromanagement and management by finance metrics ahead: “In the year ahead, CFOs plan to increase their focus on operational value drivers, management of KPIs, cash management, and capital structure. Other priorities have decreased in importance since Q3 2022.”

• IBM takes on AWS, Google, and Microsoft with Watsonx - If it works, and also, it lets enterprises build up huge, custom trained models, and it has enough governance controls, it’d be a big deal for IBM. They key things learned from ChatGPT is that it has to be super easy, frictionless to get started with. That’s difficult for enterprises software makers, and it’s also hindered by governance, access control, and pricing per seat and data access. To be valuable to individuals, a company will need to put as much of their data into their models as possible. If you’re just querying your own email and files, it won’t be impressive enough to show long-term value to individuals. And if you restrict the model to just a handful of people (as is done with most corporate data), then it also will be hard to show long-term value. This will freak out security people and lawyers. Back in the 2000’s when file sharing in enterprises (like SharePoint and intranet search) became popular, there was a wave of people freaking out that previously hidden in plain sight documents were now findable.

• Beware the Digital Whiteboard - The assertion: writing with whiteboarding/Sticky notes is not good, and can lead to leaky abstractions. Seem more like a “right tool for the job” thing, plus the usual garbage in, garbage out, regardless of the tool used to process the garbage.

Upcoming

Talks I’ll be giving, places I’ll be, things I’ll be doing, etc.

July 19th Improving FinTech with cloud native think, speaking. July 19th Stop Tech Debt and Start Using Faster, More Secure Paths to Production. August 21st to 24th SpringOne & VMware Explore US, in Las Vegas. Sep 6th to 7th DevOpsDays Des Moines, speaking. Sep 13th, stackconf, Berlin. Sep 14th to 15th SREday, London, speaking Sep 18th to 19th SHIFT in Zadar, speaking. Oct 3rd Enterprise DevOps Techron, Utrecht, speaking

Logoff

I’m writing the MC script for our upcoming SpringOne conference keynote session, it’s part of VMware Explore this year. And I’ll be co-MC’ing it as well. Writing a script like this is fun, and unique, sort of. You have tiny slices of time between talks where you follow a pretty basic format: (1) wow, how about that!, and, (2) here’s what’s coming next! There’s the opportunity to throw in a couple of fun easter eggs (I snuck two into last year’s SpringOne MC script). And then at the end, of course, you tell people when and where the free drinks and snacks party is.

I don’t write scripts much, at all, so doing that in the past few years has been something new to learn. Also, for the last SpringOne I worked on our CEO’s talk, which was especially educational. It’s interesting to put yourself in the head of someone else by learning their presentation style, mixing it in with what you know they like talking about and that they can talk about well, putting in the company strategy and then adding your own perspective and, like, “spin” on it. Then you see (as with the CEO and the two MCs) them present it, and you close out a very educational feedback loop.

Anyhow! You should come to SpringOne this year to see it all gel together :)

Our final talk in our software stuff for financial organizations is coming up tomorrow. Above is a little anecdote that Darran made to me as we were working on it. If you’re into security, compliance, that kind of thing, check out the third part of our series: “How Cloud Native Improves & Ensures Security, Governance, and Trust in Finance.”

Summarizing Articles with ChatGPT Works Again

Recently, I’ve been complain that I can't use ChatGPT to summarize things anymore because it won't pull from URLs. This was what I ChatGPT for the most when it first came out. It was amazing! It’d good for more than just summarizing. I’d also use it to see if I wanted to spend the time to actually read the article in more detail; the ChatGPT summaries are a little shallow, of course, but they’d be good at telling me if it’d be worth reading more. Second, if you use the same chat session for multiple summarization requisitions, you can keep a log of things you’ve looked at and ask things like “make a list of things I summarized today” or “what are some common themes, etc.”

Anyhow, this stopped working several months ago.

But, now you can do dit again! If you have plugins, enable Link Reader, and then it'll work again.

Instead of creating a new chat window for each article, I create one chat window every day or so where I just keep getting summarys. I'll rename the chat something like "20230710 tl;dr" with the theory that I'll go back and look at these some days.

Here's the prompt I've been starting the chats with: "When I paste a link here, retrieve the text of the article and summarize the article in detail using bullet points. Simplify and clarify the writing. Output in rendered markdown. Start by listing the title of the article and make the title of the article a link to the URL. Then write a paragraph summarizing the most interesting/novel points, and then make a bullet point summary of the article."

With that, I can just copy-paste a URL in there and get summaries.

Garbage Chairs of Amsterdam

Wastebook

• Headstone: “Ran out of Takes.”

• We think of the hype cycle more in terms of time and maturity of new tech. A neglected point of it is that most new technology has unrealistic hopes and dreams, like 20x reality. That is: most new tech will be a lot less group breaking than you think. Thus, when the new tech fails to deliver on its promises, the new tech isn’t so much a “failure” as your early calibration on its outcomes.

Relative to your interests

• Pulling On Threads - I forgot about the “bring your whole self” thing.

• Unleash developer productivity with generative AI, McKinsey survey - Their survey says it’s good in four areas: Expediting manual and repetitive work, Jump-starting the first draft of new code, Accelerating updates to existing code, Increasing developers' ability to tackle new challenges.

• Adopt Platform Engineering to Scale Application Security Practices - “Gartner Survey Data Reveals a Missed Opportunity - Platform teams focus on improving developer experience, developer productivity, software quality and delivery speed. According to Gartner’s 2022 Software Engineering Leaders Role Survey, only 25% of respondents cited “reduced security risks’’ as one of the top three goals for platform engineering and only 6% ranked it as the topmost goal.” // Here we are, about to finally have a moment that’s just focused on making appdev better, and of course security has to come in and try to grab all the attention. This already happened with Kubernetes in the past few years. And: maybe it was a good idea to keep all this stuff separated in its own team so that each team can focus.

• Steve McQueen by, John Dominis - That guy made being cool look easy.

• Island Series: 6 Pack - These look like more amazing notebooks from a boutique shop.

• Threads, The Fastest Growing Product Since ChatGPT - ’Threads, it hit 30 million sign-ups in less than 24 hours, which would be 60x faster than the 60 days it took ChatGPT to hit 30 million (as I hit send, I’m seeing rumors its passed 50 million, but nothing’s been confirmed yet)’ // This characterization is a little unfair. If Threads had just been a feature added to the Instagram app, no one would be calling those sign-ups. A sign-up should imply that people wanted something so bad that they put up with the friction of creating a new account. But, whatever: the point is still valid. // Also, this is a take if Threads with a positive tone instead of the usual shit-all-over-it mission.

• ChatGPT web traffic falls 10%, analytics show - Indeed. I think I’ve found the limitations. The main one is the limit in the text you can feed it. If I could build up my own training data, that’d be something! The Link Reader plugin solves the summarizing web pages problem that I was having. What needs to happen now is just to get it integrated into enterprise software, and all the data ownership privacy stuff that goes with that. That’ll take at least six month, if not a year, to get through the security, legal, etc. people. So, check back in in 2025?

• Scratch Pad: Fireworks, Bootlegs, Spock - “I remain convinced that most categories of online services are akin either to hair salons, to grocery stores, or to movie theaters.”

• Porter’s Five Forces and the social web - There’s something interesting to do here in applying Porter to contemporary tech.

Upcoming

Talks I’ll be giving, places I’ll be, things I’ll be doing, etc.

July 11th How Cloud Native Improves & Ensures Security, Governance, and Trust in Finance, online talk. July 19th Stop Tech Debt and Start Using Faster, More Secure Paths to Production. August 21st to 24th SpringOne & VMware Explore US, in Las Vegas. Sep 6th to 7th DevOpsDays Des Moines, speaking. Sep 13th, stackconf, Berlin. Sep 14th to 15th SREday, London, speaking Sep 18th to 19th SHIFT in Zadar, speaking. Oct 3rd Enterprise DevOps Techron, Utrecht, speaking

Logoff

See y’all next time!

A bonus Sunday episode!

Waking up this morning, my first thought was how different my job is now with less travel. Like many tech companies, we have smaller budgets for travel. The means I can only take three or so trips a quarter unless I get someone else to pay for it, or for customer/sales visits.

I dropped down a level in airline status due to decreased travel over the past year (and the lack of KLM maintaining your status to make up for COVID-times for several years). Yes, yes, “must be nice” and all that. I do a lot more at the desk work: writing, webinars and online talks, plus just general meetings/consulting about stuff.

That mix should have more videos, but as I mentioned awhile ago, after three years I don’t think my topic area works for videos. What do “executives” actually read and act on?

The explosion of social media is a huge blow to the developer advocate and tech marketing world. Surveys asking where developers got their info used to show that Twitter was up there.

Maybe I’m supposed to write more books? Arrange more online chats and panels in, like, LinkedIn? I was invited to an online CTO, like, salon last week. It was late on Friday night for me (living in Amsterdam), so I didn’t attend. That format is interesting…?

Is less travel better for my work, for my career, for my well-being? It must be better for, like, the environment.

Over the years, I’ve seen thought leader types…not so much burn out, as reach an end of their willingness to travel for work, or, maybe at the effectiveness of travel. You sort of run out of things to say at some point; you fill your audience’s idea-bucket. And once you start feeling like you’re repeating yourself, it’s hard to think all the effort you put in it worth it.

I’m not really sure what these grounded thought-leaders shift to doing instead. It used to be that you could just shoot out some clever tweets weekly to keep your thought leadering up, but that’s all dead now.

When I try to work on more content, there’s two problems I encounter.

As mentioned above, I can’t get the kind of eyeballs I would at a conference, just presenting to a room full of people. I spoke at a conference in Utrecht awhile back, and the number of people who followed my CTA and downloaded my book was huge compared to, like, the Internet as an audience on any given day. What do people in my field even read? I have no idea. Talking to people face-to-face is still incredibly effective.

Two, if I work on more official, marketing department run content or pop in other flows, it takes so long to get anything out the door…and then it just encounters the lack of eyeballs problem.

Despite all of that, people seem to think my content flows are fine. One of the more interesting analogies people make is that I’m like my own little company, managing all aspects of content flow and my work. They say this about my co-worker Josh, who is even more so. Another co-worker of mine, Dan, has done an amazing job at this over the past year as well. And Whitney has built one of the most unique concepts I’ve seen in the years.

That analogy is good, and it means I need to build up more “flows” that I “own” rather than having them done by others.

For example, one of the reasons I moved to Europe in 2018 was to do more executive engagement. “Executive engagement” means doing thought leadership with, let’s say, enterprise architects, to VP of operations or applications, to “C-level.” It’s a lot of talking about culture, swapping stories about how larger organizations change how they manage software. And so forth.

I was incredibly lucky that Hinada was running that in marketing when I got here. Even before I moved here, she’d had me do several. Over about four years, including during the pandemic, we did something like 40 of these events. Maybe more. They were great: small rooms of people where one or two resulted in actual business. By the metrics, they worked. Plus, I mean, it was just fun to meet and talk with people. But, as organization and budget shifts happened, as they do in large organizations, and especially when she left, that dried up. What happened is that I did own that flow. I didn’t establish my own ongoing contact with that group of people, a “club.”

That’s what you have to build up as a thought leader: your own “following.” For over a decade, you could more or less rely on Twitter for that. During the pandemic, and maybe a little before, it switched over the YouTube. There’s newsletters now, and all the various post-Twitter things. Those post-Twitter things are way too new, though. We’ll have to wait several years to see which ones work. For me, LinkedIn is where I should be trying to build a following more and more…but even that is…weird. I don’t have enough analytics to know if the following I have is all vendors, or includes enough “customers” to care. If I look at who likes and otherwise engages in my content on LinkedIn, it’s mostly co-workers. This is great, of course, I appreciate it very much. My point is not that that’s “bad,” it’s that I want to make sure I have “customers” in that following as well.

(This leads to an intriguing theory: if my large LinkedIn follower base - at least, the subsection that engages with my stuff there - is vendors, then perhaps I should start thought-leaders for vendors more.)

What I don’t have figured out yet is the medium and the content type that works for me and also for that “executive audience.” I’ve really enjoyed doing this series of financial industry talks with my co-worker Darran. It’s been very satisfying. Maybe I can give that kind of thing fine, and focus a lot of my “own little company” efforts on promoting them.

And, a little side-note on how mercantile my word choice is here: “customers,” “eye-balls,” “promotion.” I mean, yeah, sure - pure as the driven snow and stuff. If I were an independent book author (hopefully, not of the take-down-able airport book variety), perhaps I’d be saying “readers” and “consulting engagements.” A thought-leader mostly exists to drive business of some kind, whatever words or obsequious phrasing you’re using. I prefer to just be plain-spoken and open about it. I work at a company that sells stuff! I’m part of the funnel, and even lead-gen.)

Anyhow, so long as I can use the priority lines at Schiphol when I need to travel, I should be fine.

Speaking of! Upcoming

Talks I’ll be giving, places I’ll be, things I’ll be doing, etc.

July 11th How Cloud Native Improves & Ensures Security, Governance, and Trust in Finance, online talk. August 21st to 24th SpringOne & VMware Explore US, in Las Vegas. Sep 6th to 7th  DevOpsDays Des Moines, speaking. Sep 13th, stackconf, Berlin. Sep 14th to 15th SREday, London, speaking Sep 18th to 19th SHIFT in Zadar, speaking. Oct 3rd Enterprise DevOps Techron, Utrecht, speaking

Logoff

I was going to include this in the regular episode today, but the mix of reviewing a podcast and two cups of coffee into the morning thinking seemed discordant. I’ve been thinking about the above a lot recently: the changing nature of the work I do driven by the constraints I now have. So - there it is!