Background Screens

 ∗ xkcd.com

No way, we gotta rewind and cross-reference this map with the list of coordinates we saw on the other screen. This Greenland thing could be big.

Infocon: green

 ∗ SANS Internet Storm Center, InfoCON: green

Craigslist Outage

Craigslist Outage, (Mon, Nov 24th)

 ∗ SANS Internet Storm Center, InfoCON: green

We were notified this evening by Matt H. that Craigslist is suffering an outage of some sort ...(more)...

ISC StormCast for Monday, November 24th 2014 http://isc.sans.edu/podcastdetail.html?id=4249, (Mon, Nov 24th)

 ∗ SANS Internet Storm Center, InfoCON: green

...(more)...

More Trouble For Hikvision DVRs, (Mon, Nov 24th)

 ∗ SANS Internet Storm Center, InfoCON: green

The Internet of Things is turning against us once more. Rapid 7 is reporting how HikvisionDVRs ar ...(more)...

No Ken Do (Musketeer Barbie Saves the Prince)

 ∗ Jeffrey Zeldman Presents The Daily Report: Web Design News & Insights Since 1995

I WATCHED dozens of Barbie videos hundreds of times when my daughter was three and four years old. I can’t praise their animation, dialog, or other cinematic and literary qualities, but this I can say in their favor: every Barbie video we watched was feminist and empowering in its messaging.

This was not the Barbie my girl cousin grew up with, wondering which outfit she should wear to please Ken. This Barbie kicked ass.

In one video, set in 18th Century France, Barbie and her roommates overcame sexism to become Musketeers. They exposed a conspiracy, beat male villains at swordplay, and more than once saved the life of the kingdom’s rather ineffectual prince. (The downside of the Barbie videos’ crude but seemingly heartfelt feminism was that they tended to portray men as wimps or scumbags. Women are strong in the Barbie videos; good men are not.)

In another video, Barbie was an actor who became a film director when the director of the picture in which she was starring tried to patronize her. In Fairytopia, the first and worst animated of the videos, Barbie went on a Lord-of-the-Rings-style quest and saved an entire kingdom from ruin. In A Fashion Fairytale, she saved her aunt’s business from bankruptcy by an evil (woman) competitor, and then helped that competitor turn from the dark side to the light. In other words, she kicked ass but also nurtured and forgave. Assertive and supportive. A fighter and a hugger.

I watched these videos over and over, because children aged three to four thrive on repetition. I got familiar enough that I could quote the dialog as easily as I quote from Rushmore or North By Northwest. I was relieved when my daughter outgrew Barbie, because my mind craved something a little more grown-up in the film narrative department. But I never once worried that the videos were telling my daughter she could be anything but awesome. I never watched a single Barbie video that told girls life was about finding and pleasing anyone besides yourself.

This was also the time in my daughter’s development when we bought Barbie reading books and Barbie dolls. When I was three, Barbie had a thousand ways to look beautiful. When my daughter was three, Barbie had a thousand ways to earn a living.

You can find fault with Barbie. For one thing, she still promotes a vision of the world in which caucasian features set the beauty standard—a world in which, even if there are variously ethnic friends in the mix, the main character is always white. Then there are her unrealistic physical dimensions, which have been tied to self-loathing and eating disorders in girls and women. (Not that Barbie’s is the only unrealistic physique girls contend with—they’re bombarded with the stuff from birth.) The Barbie stories never question the established social order. They inspire girls to achieve, but obviously they don’t address male/female pay discrepancy or other serious social issues.

Musketeer Barbie saves the prince; she doesn’t ask why do we need a prince? Shouldn’t we invent representative democracy? And how about letting a woman run things?

Barbie won’t save us. But she’s not as bad as all that.

For young girls who have just begun seeing the world through the filter of gender, today’s Barbie does some good. Barbie videos were some of the only stories we watched back then that didn’t require me to immediately explain, apologize for, and caution against believing, one or more horrifying biases. Viewed a classic Disney film lately?

The internet feeds on outrage and cat gifs. And the recent outing of a Barbie story that appears to conform to 1950s-Barbie-thinking made perfect fodder. But it might simply be a book that teaches children how different professionals work together to create the digital games they enjoy playing. A designer is part of the mix; so are developers and other professionals, whose complementary skills support each other. That’s how it works when I design stuff. In my work, almost every day, there are things that go wrong that oblige me to call someone else to fix them. I notice a problem on a server; I reach out to a sysadmin. It isn’t because I’m a boy and boys are dumb. It’s because designers aren’t sysadmins.

All right. Fair enough. It was a terrible error for the illustrator to make all the technical people male. That sends an awful message—one lots of us have been working to fight. It’s disturbing that nobody at the publishing house realized the inferences that could be drawn from this mistake. And if this were my only exposure to Barbie in the past ten years, I’d be drawing those inferences and storming the barricades (i.e. retweeting) with the rest of my peeps.

But honestly? I spent two long years with the Barbie franchise. I think the women running it today are serious about girl power. Maybe the unfortunately timed illustration error reveals a deep sexist conspiracy. Or maybe it’s just one of those things nobody thought about while rushing a cheap book to print.

Link

 ∗ One Big Fluke

And here's even more detail on Facebook's datacenter networking (previously). This is what it takes to compete in infrastructure. I'd rather write code that runs in these environments than build them.

Link

 ∗ One Big Fluke

Some pretty cool developments in JavaScript recently.


I wonder if these approaches could be extended to Python?

Driving Phantom from Grunt

 ∗ A List Apart: The Full Feed

While building websites at Filament Group, there are a couple tools that consistently find their way into our workflow:

Together, these tools allow us to get consistent feedback for our code, by further automating checks that would normally require opening a browser.

For this example, we’re going to build a Grunt task that takes a screen shot of the pages we’re building (similar to Wraith, but far less advanced). There are multiple parts to make this work, so let’s break it down. First, we will write a PhantomJS script that renders each page. Second, we make a NodeJS function that calls this script. Finally, we make a GruntJS task that calls that Node function. Fun!

To get started, we need to make sure that PhantomJS is installed. Since we’re using Phantom from the context of a NodeJS application, a very easy way to install it is by using the NPM PhantomJS installer package. Installing Phantom in this manner allows us to make sure we have easy access to the path for the Phantom command while simultaneously having a local, project-specific version of it installed.

To install locally: npm install phantomjs.

Now, we need to write a script to give to PhantomJS that will render a given page. This script will take two arguments. The first is the URL of the page that needs to be opened. The second is the file name for the output. PhantomJS will open the page, and when the page has opened successfully, it will render the page as a PNG and then exit.

var page = require( "webpage" ).create();
var site = phantom.args[0],
    output = phantom.args[1];

page.open( site, function( status ){
    if( status !== "success" ){
        phantom.exit( 1 );
    }
    page.render( output + ".png" );
    phantom.exit( 0 );
  });

Let’s create a lib directory and save this file in it. We’ll call it screenshotter.js. We can test this quickly by running this command from our command line (in the same directory we installed phantom): ./node_modules/.bin/phantomjs lib/screenshotter.js https://www.google.com google. This should create a file in the same directory named google.png.

Now that we have a PhantomJS script, let’s work on making this run from Node. PhantomJS is a completely different runtime than Node, so we need a way to communicate. Luckily, Node gives us an excellent library named child_process and in particular, a method from that library called execFile.

If we look at the documentation for the execFile method, we can see that it takes up to four arguments. One is mandatory, the other three are optional. The first argument is the file or, in our case, the path to PhantomJS. For the other arguments, we’ll need to pass PhantomJS args (the URL and output from above), and we’ll also want to include our callback function—so we can make sure we grab any output or errors from running Phantom.

var path = require( "path" );
var execFile = require( "child_process" ).execFile;
var phantomPath = require( "phantomjs" ).path;
var phantomscript = path.resolve( path.join( __dirname, "screenshotter.js" ) );

exports.takeShot = function( url, output, cb ){
    execFile( phantomPath, [
            phantomscript,
            url,
            output
    ],
    function( err, stdout, stderr ){
        if( err ){
            throw err;
        }

        if( stderr ){
            console.error( stderr );
        }

        if( stdout ){
            console.log( stdout );
        }
        if( cb ){
            cb();
        }
    });
};

Our example code from above is written as a Node.js module. It has a function that takes three parameters. These parameters are the same parameters that are used in the PhantomJS script from above and a callback function to run when the task has completed. It then calls execFile and passes it three arguments. The first is the path to PhantomJS. The second is an Array with the our passed in parameters. The third is our callback function. This callback function is called with three arguments: err, stdout, and stderr. err is the error thrown by Phantom if something bad happens within that script. stderr and stdout are the standard error and standard output streams. This should give us everything we need to call our script as though it’s a regular NodeJS function, which will make it perfect for a Grunt task. Let’s save it in lib/shot-wrapper.js.

Now, for the Grunt task:

var screenshot = require( "../lib/shot-wrapper" );

grunt.registerMultiTask( 'screenshots', 'Use Grunt and PhantomJS to generate Screenshots of pages', function(){
    var done = this.async();
    // Merge task-specific and/or target-specific options with these defaults.
    var options = this.options({
        url: '',
        output: ''
    });

    screenshot.takeShot( options.url, options.output, function(){
        done();
    });
});

Let’s take a look at this piece by piece. First, we require the shot-wrapper library we built above. Then, we create the task screenshots by using grunt.registerMultiTask. Since the takeShot method is asynchronous, we need to create a done callback function that lets Grunt know when to complete the task. The options object sets defaults for url and output in case they aren’t passed in (in this case, they’re empty strings, which won’t work). Finally, pass the options and the done callback into the takeShot method. Now, when somebody calls this Grunt task, your code will run.

Let’s give it a try. Here’s an excerpt from my Gruntfile:

screenshots: {
  default_options: {
    options: {
      url: 'http://www.alistapart.com/',
      output: 'ala'
    }
  }
}
An animated gif running screenshots tasks

The task has run, so we’ll open the file produced:

open ala.png

And voilà: as you can see from this rather large image, we have a full-page screenshot of A List Apart’s homepage. (Note: you may notice that the web fonts are missing in the rendered image. That’s currently a known issue with PhantomJS.)

Just imagine what you can do with your newfound power. Phantom and Grunt give you ample freedom to explore all sorts of new ways to enhance your development workflow. Go forth and explore!

For more in-depth code and to see the way this works when building a project, check out the repository.

AI-Box Experiment

 ∗ xkcd.com

I'm working to bring about a superintelligent AI that will eternally torment everyone who failed to make fun of the Roko's Basilisk people.

ISC StormCast for Friday, November 21st 2014 http://isc.sans.edu/podcastdetail.html?id=4247, (Fri, Nov 21st)

 ∗ SANS Internet Storm Center, InfoCON: green

...(more)...

Matt Griffin on How We Work: Pricing the Web

 ∗ A List Apart: The Full Feed

I probably don’t have to tell you that pricing is slippery business. It requires a lot of perspective, experience, and luck (read: trial and error). There are a number of ways we can correlate monetary value to what we do, and each has its pros and cons.

It may seem at first glance that pricing models begin and end in the proposal phase of a project. That pricing is simply a business negotiation. But whether we’re talking about design, development, or business methodologies, our processes affect our motivations, and influence outcomes—often throughout the entire project. We’ll be examining both client and agency motivations in our comparisons of pricing models, so you can judge whether those motivations will help you make better work with your clients.

All of these pricing systems operate with the same set of variables: price, time, and scope. In some systems, such as hourly pricing, variables are directly dependent on each other (e.g. if I work an hour, I get paid my hourly rate, and deliver an hour’s worth of work). In others, like fixed price and value pricing, the relationships can be nonlinear (eg. I am paid a sum of money to achieve some set of results, regardless of how much time I spend doing it).

These dependencies tend to define each system’s inherent risk and potential for profit. And all the differences can get pretty bewildering. One person’s experience is hardly enough to understand them all well, so I’ve enlisted some friends from web agencies of various sizes to chime in about how they make things work.

As with most things in life, there’s no perfect solution. But if you want to get paid, you have to do something! Enough gum-flapping, let’s take a look at some of the different ways that people are pricing web projects.

Fixed price

With fixed-price projects, you and the client agree up front on a cost for the entirety of the project. Many folks arrive at this number by estimating how many hours they think it would take them to do the project, and multiplying that by an hourly rate. That cost will be what the client pays, regardless of actual hours spent.

Client motivation

When the price of a project is fixed, the variable tends to become scope of work. This encourages clients to push for the maximum deliverables they can get for that cost. This can be addressed to a degree by agreeing on a time limit for the project, which keeps requests and scope changes from occurring in perpetuity.

Agency motivation

On the agency side, your motivation is to be as efficient as possible to maximize the results while reducing time spent. Less time + more money = greater profit.

Pros

Because you know exactly how much money is coming in, revenue is fairly predictable. And since revenue isn’t tied to the time you spend, profit is potentially greater than with a time-based model—especially when the cost is high and the timeline is short.

Cons

The same factors that provide the possibility of greater profit create the potential for greater loss. Defining exactly what a client will receive for their money becomes a high priority—and defining things well can be harder than it sounds.

Eileen Webb, Director of Strategy and Livestock at webmeadow, provides some insight into how she defines scope with her clients:

I like to define the project boundaries clearly by having a “What’s Not Included” section. This may be a listing of services you don’t offer, like SEO or hosting. It’s also a place to list features that you and the client discussed but decided against for this budget or phase. Defining what falls outside the scope is a good way to help everyone agree on what falls in it.

Now, getting to this definition in the first place is—I probably don’t need to tell you—hard work. And hard work is something you should get paid for. Starting out with an initial discovery engagement is something nearly any project can benefit from, but for fixed-price projects it can be invaluable.

Resourcing for a fixed-price project can also be hard to estimate, since scope is not necessarily easy to equate to effort and person-hours needed.

But the primary difficulty with fixed price may be the innate conflict between a client’s motivation to ask for more, and an agency’s motivation to provide less. For a fixed-price project to be successful, this must be addressed clearly from the beginning. Remember that scope discussions are just that: discussions. More isn’t always better, and it’s our job to help keep everyone on the project focused on successful outcomes, not just greater quantities of deliverables.

Hourly

At its core, hourly pricing is pretty simple: you work an hour, you get paid for an hour. Hourly, like all time-based pricing, suggests that what’s being paid for is less a product than a service. You’re being paid for your time and expertise, rather than a particular deliverable. Rob Harr, Technical Director at Sparkbox, explains how hourly projects tend to work for them:

Since everything we do is hourly, the end of the job is when the client says we are done. This sometimes happens when there is still approved budget left, and other times when the budget is completely gone. Often times our clients come back for additional SOW’s to continue the work on the original project.

Client motivation

With hourly, clients are encouraged only to ask for work when that work appears to be worth the hourly cost. Since there’s no package deal, for each feature request or task they can ask themselves, “Is this worth spending my money on, or would I rather save it for something else?”

Project delays are not a financial concern for the client, as no money is spent during this time.

Agency motivation

The more an agency works, the more they get paid. In its purest form, this leads to the agency simply wanting to work as much as possible. This can be limited by a few factors, including a budget cap, or not-to-exceed, on the project.

Project delays are a major concern for the agency, as they’ll lose revenue during these periods.

Pros

Every hour a team member spends is paid for, so the risk of this model is very low. If a company is struggling with profitability, I’ve personally found that this is a great way to get back on track.

Cons

Unlike fixed-price models, you can only earn as much as you can work. This means that profit maxes out fairly quickly, and can only be increased by increasing hourly rate (which can only go as high as the market will bear), or expanding the team size.

Because the agency is only paid when they work, this also means a big imbalance in how project delays affect both sides. Thus clients that aren’t in a big hurry to complete work—or have inefficient decision-making structures—may not worry about long delays that leave the agency financially vulnerable. This can be addressed somewhat by having conditions about what happens during delays (the client pays some sort of fee, or the project becomes disproportionately delayed so the agency can take on new work to fill the gap in their schedule). Even with these measures, however, delays will cause some kind of financial loss to the agency.

Weekly or monthly

Though similar to hourly in many ways, charging by weekly or monthly blocks has some distinct differences. With these models, the cost assumes that people work a certain number of hours per week or month, and the client is billed for the equivalent number of hours, regardless of whether or not actual hours spent were more or less than assumed.

Trent Walton, founder of Paravel, explains why they like this approach:

Most of our clients operate in two-week or month-long sprints. For many projects, we’ll quote chunks of weeks or months to match. This alignment seems to make sense for both parties, and makes estimating scope and cost much easier.

Client motivation

Clients tend to want the agency to work as much as possible during the time period to get the maximum amount of work or value. This can be curbed by having a maximum number of hours per week that will be spent, or understanding limitations like no nights or weekends. Related to this, it’s in the client’s best interest to not let project work succumb to delays.

Agency motivation

On the agency side, we’re encouraged to be as efficient as possible to maximize results each week, while spending fewer hours accomplishing those tasks. As long as the results are comparable to what’s expected, this motivation tends not to result in conflict.

At Bearded we’ve found that with weekly projects we spend, on average, the number of hours we bill for. Some weeks a little more, some a little less. But it seems to all come out in the wash.

Pros

Knowing that a time period is booked and paid for makes resourcing simple, and keeps the financial risk very low.

Because the agency is paid the same amount every week or month, clients will tend to do whatever’s necessary to avoid any delays that are in their control. This completely removes the risk of the agency losing money when projects are held up, but also requires the agency to use a process that discourages delays. For instance, at Bearded, we’ve moved to a process that uses smaller, more frequent deliverables, so we can continue working while awaiting client feedback.

Cons

Similar to hourly, the agency’s profit is capped at the weekly or monthly rate they charge. To make more revenue they’ll need to charge more for the same amount of work, or hire more people.

Value

Value pricing is a method wherein the cost of the project is derived from the client’s perception of the value of the work. That cost may be a fixed price, or it may be a price that factors in payment based on the effect the work has (something closer to a royalty system).

Dan Mall, founder of SuperFriendly, explains his take on value pricing using a fixed cost:

I use a combination of value pricing with a little of cost-plus. I try my best to search for and talk about value before we get to dollar amounts. When my customers are able to make a fully informed price/value assessment, the need to justify prices has already been done, so I rarely have to defend my prices.

Dan’s approach suggests that if a company stands to gain, say, millions of dollars from the work you do, then it doesn’t make sense for you to merely charge a few thousand. The value of your work to the company needs to be factored in, resulting in a proportionally larger fixed cost.

Other takes on value pricing tie the cost of the project directly to the results of the work. This can be assessed using whatever metrics you agree on, such as changes in revenue, site traffic, or user acquisitions. This sort of value pricing lends itself to being used as an add-on to other systems; it could augment an hourly agreement just as easily as a fixed price one.

It’s worth noting that none of the folks I talked to for this article have done this in practice, but the general approach is outlined in Jason Blumer’s article Pricing Strategy for Creatives.

Client motivation

This depends primarily on the other system that you’re using in conjunction with value pricing. However, if a client recognizes the tangible gain they expect from the outset, this will tend to focus their attention on how the work will influence those outcomes.

Agency motivation

When payment is tied to metrics, the focus for the agency will be on work that they believe will positively affect those metrics. Like client motivations, an agency’s other motivations tend to be the same as the other system this is based on (fixed, hourly, weekly, or monthly).

Pros

Because of the nonlinear relationship between labor and revenue, this approach has the highest potential for profit. And as long as the base pricing is reasonable, it can also have very low financial risk.

Cons

Since value pricing is potentially connected to things outside your control, it’s also potentially complicated and unpredictable. If revenue is based on future performance metrics, then accurately determining what you’re owed requires knowledge of those metrics, and likely a little legwork on your part. There’s also a certain amount of risk in delaying that payment until a future date, and having its existence in question altogether. As long as the base pricing you use is enough to sustain the business on its own, that risk seems less worrisome.

With value pricing, there’s also the need to assess the value of the work before agreeing on a price. Which is why—as with fixed-price projects—value-pricing projects often work well as a followup to an initial discovery engagement.

Patty Toland and Todd Parker, partners and co-founders of Filament Group, explain their approach to an initial engagement:

Most of the projects we engage in with clients involve fairly large-scale system design, much of which will be defined in detail over months. We provide high-level overall estimates of effort, time and cost based on our prior project work so they can get a sense of the overall potential commitment they’re looking at.

If those estimates work with their goals, schedule and budget, we then agree to an initial engagement to set a direction, establish our working relationship, and create some tangible deliverables.

With that initial engagement, we estimate the total amount of time in person-days we plan to spend to get to that (final) deliverable, and calculate the cost based on a standard hourly rate.

It depends

So what’s the best approach for you? Blimey, it depends! I’ve talked with many very smart, successful people that use very different takes on various approaches. Each approach has its benefits and its traps to watch for, and each seems to work better or worse for people depending on their personalities, predilections, and other working processes.

Ultimately it’s up to you. Your hunches, experience, and probably a little experimentation will help you decide which method makes the most sense for you, your team, and your clients. But don’t be surprised if once you find a good system, you end up changing it down the road. As a business grows and evolves, the systems that work for it can, too.

Now that we’ve talked about pricing methods, we’re ready to move on to something everyone’s really bad at: estimating! Stay tuned for that in part three of this series.

Love, Devotion, Surrender

 ∗ Jeffrey Zeldman Presents The Daily Report: Web Design News & Insights Since 1995

5:00 AM at San Francisco Airport, Gate 41. A young mother, whose orange capped son sleeps profoundly across her lap, is not faring well with her mobile phone call. Her voice cuts like a razor through the somnolent silence. Mommy, mommy, mommy, mommy, mommy, mommy, mommy, mommy, she cries. I don’t speak Spanish so it is the only word of her conversation I understand. The rest of the half-asleep passengers pretend not to listen.

Her nails are elaborately pretty. There is a catch in her voice. The phone call ends and she hums to her child. She is so young.

Google Web "Firing Range" Available, (Thu, Nov 20th)

 ∗ SANS Internet Storm Center, InfoCON: green

Google has released a Firing Range for assessing various web application scanners, with what look ...(more)...

Critical WordPress XSS Update, (Thu, Nov 20th)

 ∗ SANS Internet Storm Center, InfoCON: green

Today, Wordpress4.0 ...(more)...

ISC StormCast for Thursday, November 20th 2014 http://isc.sans.edu/podcastdetail.html?id=4245, (Thu, Nov 20th)

 ∗ SANS Internet Storm Center, InfoCON: green

...(more)...

Destroying Your Enemies Through the Magic of Design

 ∗ A List Apart: The Full Feed

A note from the editors: We’re pleased to share an excerpt from Jenny Lam and Hillel Cooperman’s new book Making Things Special, Tech Design Leadership from the Trenches, available now. A List Apart readers can also enter to win a copy of the book.

Hierarchical organizations large and small are rife with politics. In fact, the smaller the stakes, the more vicious they can be. Political organizations are ones where what things look like are just as, or more, important as what you actually do. Dealing with perceptions as well as ego and insecurity is part of dealing with human beings. This is who we are. And as soon as we create situations where there are winners and losers we create politics. And fighting. In some organizations, regardless of how brilliant your design may be, the politics will kill your plans before they have a chance to really blossom. And that’s a shame.

The single most important thing you can understand about navigating the gauntlet of organizational politics is the relative risks of saying no versus yes. Your job, your dream, your passion is to say “yes.” Yes to your product vision. Yes to your design. Yes to delighting customers. But the road is littered with opponents. These are people who will raise concerns about your proposals, reasonable sounding concerns. Concerns that may or may not be genuine. Maybe they’re good thoughts to consider that have been offered in good faith, and maybe they’re just obstacles designed to trip you up and damage you as a competitor in the organization. If you suspect an opponent’s motivations are personal, you’ll never prove it. That only happens in the movies. In effect, their motivations are irrelevant. Genuine or jerky, your only remaining option is to deal with their issues at face value.

But how?

Before we answer, let’s pause for an anecdote.

Years ago we worked on one of two teams in the same company that worked on competing projects. This happens often. The company’s leadership hopes competition fosters innovation, and people bringing forth their best ideas. The other team was huge and had been working on their project for years. There were smart and talented people on that team doing good work. They even had good design talent, but the team wasn’t design driven. They were technology driven. This is not to say that they didn’t think about customers. They did. It’s just that the high order bit was their technology choice, and then they did their best to design around those choices.

Our team was small. We had decent ideas and were design led. Our team fashioned a high-fidelity prototype that illustrated our ideas. It was on rails, a glorified slide show. And it was gorgeous. The other team had code. We had beautiful images that moved.

As things came to a head politically, we finally revealed our design to the other team. After the presentation, they looked like they’d been punched in the stomach. Even though they had code, we just had a better story. We had something inspiring. Their stuff was flat. And boring. Literally and metaphorically. And even though they were creative and smart, the genetics of their team had led them down an uninspiring path. They knew it. And so did the execs who saw both teams’ work.

Within a week those execs tried to merge our teams. And when it was clear that we were culturally incompatible, their project was killed. Was our design work solely responsible for the end of their project? No. Was it one of the things that sent them over the edge? Without a doubt.

Now let’s return to our discussion of how you can deal with the people who oppose your plans in your organization. Your first choice is to use the logic of your arguments, your personal charm, and maybe a little horse trading to get those folks on board. And in many cases that works. It’s always your best option. We’re big fans of working together harmoniously. But the larger the organization (and it doesn’t have to be all that large) the higher the odds that there will be some people where reasoned discussion and collaboration doesn’t work. Ever.

Remember, the political economics of saying “no” in large organizations are so much better than saying “yes.” Saying “no” costs essentially nothing. You don’t need to prove anything. You’ll almost never be proven wrong for saying no. And the optics are great too. The person saying “yes” looks overly enthusiastic, while the person saying “no” in reasonable tones sounds like the grownup. The naysayer just has to raise reasonable doubt to save the company from wasting time and money on some “foolish and poorly thought out initiative.” However, saying “yes” is costly. You’re putting yourself out on a limb. You’re being specific. You’re opening yourself up to attack. You’re trying to do something.

As a user experience design leader you have a secret advantage. It’s the thing that often overcomes every opponent, every craven naysayer. It’s the High Fidelity Visualization.

What is the High Fidelity Visualization? It could be anything from a series of beautiful UI mockups, to a user experience prototype on rails, to a freeform prototype that the audience can try themselves, to a beautifully produced video showing customers using the prototype.

There will always be “no” people. But “no” people rarely have counterproposals. And when they do, they’re usually vague or a set of yawn-inducing PowerPoint bullets. By definition, they don’t want to be out on a limb or they’d be subject to attack. So they keep things light on details. But when you show up with a High Fidelity Visualization, if you’ve done your job, and told a great story, everyone else in the room will fall in love with your plan. Decision makers will get excited. They’ll start defending your ideas against the naysayers. Emotion motivates them to become advocates for your plan, your story. And this is a good thing.

But take note, we liken these visualizations to nuclear weapons. They’re incredibly powerful tools and can cause collateral damage. You’ve got to get the dosage just right. Sometimes you can do such a good job getting your company’s leadership on board with your ideas that now they bother you every week to find out why the product isn’t done yet. After all, that prototype looked essentially ready to ship, and you didn’t spend a lot of time in your pitch meeting talking about the smoke and mirrors you used to put it together.

The point is this: with a beautifully executed High Fidelity Visualization that sets the right tone, you can neutralize the people in your organization who love to say “no.” This is your secret advantage as someone with vision, an ability to visualize your plan and bring it to life in people’s imagination, and the leadership skills to deliver on that vision. Tell the right story with your execution here and anyone who’s getting in your way will fall by the wayside.

And for those of you who feel this is militaristic in tone, you’re right. Hierarchical organizations with more than ten people on the team invariably have a representative population of personality types — including people who will get in your way. If you really want to make something special and deliver it to customers, then you need to get the doubters on board or run them over. Partnering with the doubters is always preferable as long as it’s not at the expense of your ideas. But unfortunately, it’s not always possible. It’s not personal. It’s not about being a jerk. It’s not about beating your chest. It’s about making something great. And if you’re in an organization where people with limited vision and possibly political aims are forever stopping you from delivering something wonderful, you need to arm yourself and fight. Spending your time arguing endlessly with people so you can deliver a watered-down version of the great thing that resides in your head is a waste of your time.

How do you know which feedback is killing your vision and which is making it better? Listen to everyone, open your mind, but trust your instincts. If you stick to your guns and fail, at least you’ll learn something. If you turn your ideas into some sort of compromise mishmash and you fail, you’ll never know exactly what caused the failure and you truly will have wasted your time.

Good luck soldier.

This week's sponsor: Pantheon

 ∗ A List Apart: The Full Feed

Thanks to Pantheon for sponsoring A List Apart this week—check out their free guide for scaling your digital agency.

"Big Data" Needs a Trip to the Security Chiropracter!, (Wed, Nov 19th)

 ∗ SANS Internet Storm Center, InfoCON: green

When the fine folks at Portswigger updated Burp Suite last month to 1.6 ...(more)...

Red Rover

 ∗ xkcd.com

I just learned about the Slide Mountain Ocean, which I like because it's three nouns that sound like they can't possibly all refer to the same thing.

ISC StormCast for Wednesday, November 19th 2014 http://isc.sans.edu/podcastdetail.html?id=4243, (Wed, Nov 19th)

 ∗ SANS Internet Storm Center, InfoCON: green

...(more)...

UX for the Enterprise

 ∗ A List Apart: The Full Feed

Imagine this scenario. You’re hired to design a product that has a guaranteed audience of 50,000 users, right out of the gate. Your clients have a dedicated support staff with a completely predictable technology stack. Best of all, your work directly improves the quality of your users’ lives.

That’s enterprise UX.

Yes, those 50,000 people use your software because they don’t have a choice. And sure, that completely predictable technology stack is ten years out-of-date. But, despite its quirks, doing UX work for enterprise clients is an opportunity to spread good design to the industries that need it most.

Enterprise UX is a catch-all term for work done for internal tools—software that’s used by employees, not consumers. Examples include:

Since switching from working with smaller clients to tackling the problems of the Fortune 500, I’ve fielded a lot of questions from designers mystified by my decision. Why choose to specialize in enterprise design when you could do more interesting work in leaner, more agile, t-shirt-friendly companies? Isn’t big business antithetical to design culture?

The answer is: yes, often. Working with enterprise clients can be an exercise in frustration, filled with endless meetings and labyrinthine bureaucracy. It can also be immensely rewarding, with unique challenges and creatively satisfying work. As designers, we live to solve problems, and few problems are larger than those lurking in the inner depths of a global organization. After all, Fortune 500s tend to have a “just get it done” attitude toward internal tools, resulting in user experiences that aren’t well designed or tested. By giving those tools the same attention to experience that you give consumer-facing products, you can improve the lives of your users and support the organization’s values and brand.

Why bother with enterprise work?

Enterprise UX is often about solving ancillary problems by creating tools that facilitate an organization’s primary goals. These problems are rarely as compelling or visible as the goals they support, but they’re just as necessary to solve. A company might build the best-designed cars in the world, but it won’t matter if its quality-assurance process is hobbled by unusable software. Good design enables enterprises to do the work they were founded to do.

Enterprise employees are also consumers, and they’ve come to expect consumer-level design in all the tools they use. Why shouldn’t a company’s inventory software or HR portal be as polished as Evernote, Pinterest, or Instagram? When a consumer app is poorly designed, the user can delete it. When an enterprise app is poorly designed, its users are stuck with it.

The stakes can be enormously high. The sheer scale of enterprise clients magnifies the effects of good and bad design alike. Small inefficiencies in large organizations result in extra costs that are passed on to the end user in time spent, money lost, and frustration increased. Likewise, when an enterprise prioritizes user experience for its internal tools, it becomes a more effective organization; a recently released business index shows that design-driven companies outperformed the S&P average by 228% over the last ten years.

A perfect example of the business value of enterprise UX is found in the article, “Calculating ROI on UX & Usability Projects”:

…if you optimize the UX on a series of screens so that what was once a 5 minute task is now a 2.5 minute task, then you’ve increased a person’s productivity by 100%. That’s huge. HUGE. If the company has 100 phone agents who have an average salary of $40,000 + benefits (~$8,000) (+ an unknown amount for overhead), you could either release or retask those agents on other activities with a savings of $2,400,000/year. (half of 100 agents x $48,000).

It’s simplified, but the point is dead-on. A company with 100 phone agents could result in millions of dollars of savings. Imagine the impact on a company with thousands of employees? Or tens of thousands?

We have an opportunity to set the tone in some of the largest industries on the planet. Many big organizations have been defined by engineering and business thinking, with any design being either incidental or unintentional. Now, as those companies wake up to the value of solid design, they have to contend with the years of cruft that have obscured their tools and processes. Design is essential to shedding the excess and building better, leaner, and more human organizations.

Working on enterprise projects

There’s no such thing as an average enterprise UX project. The variety of projects within even a single company can be dizzying. I’ve worked on sites with a million visitors in the first week, and apps that fewer than 12 people use in a year.

Projects that would be iterative in the consumer space may be a one-off in the enterprise space, so it’s crucial to get things right the first time around. Further, due to cost, culture, and the immense hassle of rolling out updates to tens of thousands of employees, enterprise clients are often bogged down with wildly out-of-date solutions. We’ve heard of huge companies begging Microsoft to extend the lifespan of Windows XP; that’s the rule, not the exception.

Designing internal tools for a Fortune 500 company requires adaptation, but it isn’t a seismic shift from the world of consumer-facing design. Though a set of universal rules governing enterprise UX might not exist, there are a few principles I wish I’d known when transitioning from working with smaller clients.

Design for the end user, not the client

As with many design jobs, the end users of your software probably aren’t the same people who commissioned it.

In large organizations, the divide between the user and the client can be vast. The director of operations might commission an inventory app for warehouse personnel, or someone from IT might commission a reporting tool for the sales team. In an enterprise-scale bureaucracy, the clients in charge of UX projects are often in higher-level management roles. And while they typically have an invaluable grasp of the big picture, they may not completely realize the everyday needs of the people who will use the software.

Conduct your stakeholder interviews to understand and agree on your client’s business goals, but don’t forget to gather user and empirical data too. Fortunately, that type of research is easier to do in an enterprise setting than in the consumer space. Corporations like to quantify things, so data on productivity and software use may already exist. And, unlike consumers who need an incentive to fill out a survey or participate in an usability study, enterprise users have an inherent investment in the end product—setting aside some time to answer your questions is part of their job.

A successful enterprise UX project considers the users’ needs, the clients’ goals, and the organization’s priorities. The best user experience sits at the intersection of these concerns.

Be an educator and advocate, but above all, be flexible

Being a designer is as much a consultative role as a practical one; to justify our design decisions, we need to explain to clients our guiding principles and teach them the basics of good user experience. Otherwise, we’re nothing more than pixel-pushers.

Most enterprise clients have their own procurement procedures and project management techniques that don’t jive with a healthy UX workflow. Designers often find themselves needing to shoehorn their process into an existing structure, an exercise which can be frustrating if not approached properly.

I was recently involved in redesigning a section of a large corporation’s website. My team was responsible for handling the visual design—the content was set, and a development partner had already been hired.

Ordinarily, we prefer to have plenty of overlap between the design and development phases, to ensure that the live site matches the intentions of the design. However, the tight deadline and the client’s existing workflow made this impossible. Instead, we handed off the final mock-ups to the developers and hoped that everything was implemented without a hitch.

We didn’t see the site again until a week before launch. Predictably, the soon-to-be-live site had numerous inconsistencies. Issues that would have been obvious with a glance from a designer—incorrect fonts, uneven margins, wrong colors—were left until the last minute to fix. The process provided ample room for the developers to do quality control (remember that ancient tech stack?), but not the designers.

We wrote a list of crucial changes, ordered by priority, to bring the site in line with our design and the client’s goals. Many items were fixed before launch, and the client fast-tracked a second iteration to fix the rest. But none of those design issues would have launched in the first place had we insisted on more interaction between the designers and developers. Some good did come out of this challenge: we recommended the client reevaluate their design/development workflow requirements, explaining why the two processes needed to overlap. We also examined our own workflow to figure out how to make it more accommodating to the peculiarities of enterprise work—adding a postmortem phase, for instance, enables us to give feedback to a third-party developer while maintaining a tight timeline. If we were asking our clients to be flexible, we needed to be flexible too. Sure enough, the client offered us a greater opportunity to set the terms of the process on the next project.

Needing to adapt to a new set of restrictions is an opportunity, not a hindrance. One of the most valuable things a designer can offer a large organization is insight into the design process and its importance. Design education and advocacy can extend beyond a single project, giving the client an understanding of how to better accommodate design thinking within the organization.

Learn the culture, speak the language

Designing internal tools for an organization requires an understanding of that organization’s culture, from the basic mindset to the quirks that make it unique.

Corporate clients are often forced into short-term thinking, which can make it difficult to push longer-term design goals. When dealing with enterprise clients, remember their priorities: meeting a quota by the end of the quarter, exhausting a budget so they can secure the same amount next year, or improving a metric to keep the boss happy. Corporate clients are less concerned with design trends or UX best practices—they just want something that works for them. It’s best to frame design decisions around the client’s goals to sell them on your thinking.

Of course, that’s easier said than done. It isn’t always obvious what the client cares about. Plenty of organizations pay lip service to values that haven’t really permeated the culture, making it hard to know what to aim for in the design process. It’s amazing how many enterprises describe themselves as “design-focused” or “innovation-driven” without anyone below the C-suite knowing what those terms mean.

So how do we figure out what an enterprise client is really about?

It takes some time, but one of the best ways is to pay attention to the language your clients use. Different organizations have different vocabularies, which reveal the way they think. You’ll likely encounter jargon, but your job is to listen—and help your clients translate that language into actionable goals. Do employees talk about “circling back” or “talking about this offline”? Structured communication may be important to that company. How about “value-add” or “low-hanging fruit”? Quick wins and return-on-investment are probably cornerstones of that organization’s culture.

No client wants to learn design lingo just to be able to communicate with you, and corporate clients in particular are busy with a million other things. Learn their language so they don’t have to learn yours.

Go ahead

We designers live to solve problems, and enterprise organizations provide fertile ground. They present a different set of constraints than startups and smaller clients, and while some designers balk at the idea of their work being constricted by a bureaucracy, others remember that the best design flourishes within well-defined boundaries.

Working on enterprise projects is something every UX designer should try. Who knows? You may just like it enough to stay.

Cultivating the Next Generation of Web Professionals

 ∗ A List Apart: The Full Feed

I’ve spent most of my career at institutions of higher education, and during that time, I have had the good fortune to work with several incredible students. Former interns are now LinkedIn connections working for television shows, book publishers, major websites, ad agencies, and PR firms, and the list of job titles and employers makes me proud. Along the way, I tried to give them interesting projects (when available), enthusiastic references (when merited), and helpful career advice (when requested).

And despite their success, I feel like I fell short. I could have offered more to them.

Mentoring opportunities, after all, aren’t limited to internships and official programs. There is a lot that we as individuals can do to serve as role models, ambassadors, and teachers to the web professionals of tomorrow.

Skillsets will evolve and technologies will come and go, but we can create the digital experiences of the future today through the values and attitudes we instill in the next generation of web workers.

Finding new layers of learning

The web has matured significantly since it hijacked my career path back in college, and so have our understanding of and attitudes toward it. “Doing it right” calls for strategic skills like testing, measurement, and planning; interpersonal skills like negotiation, leadership, and collaboration; and technical skills in writing, coding, or design.

But has the education of the next generation of web professionals matured accordingly? How much are they learning bricklaying versus architecture? This isn’t meant to be a condemnation of curriculums at colleges and universities, where we are beginning to see more courses, certificates, and even degree programs that reflect this approach. This is more an acknowledgement of the new nature of education nowadays—experiential, fluid, occasionally roundabout, and highly networked.

We often talk about how the success of our work is determined by the strength of our relationships and our ability to work with people. This is what Jonathan Kahn has been talking about and working on with the Dare Conference. We need to extend that way of thinking to the relationships we build with each other, and, in particular, with the future professionals who will one day take our place at the client’s table.

I’ve always cherished the thoughtfulness that our industry regularly displays, and how, despite serious concerns about sexism, diversity, and harassment, there is an overriding sense of justice and support. Within our profession, we have built a special community. Since our future colleagues are among these students, let’s welcome them into it.

Bring your experience back to the classroom

Future web professionals require connections to peers and leaders in the field and to enhanced learning experiences. We can build those connections by meeting students where they are: in their classrooms. What undergraduate or graduate programs offered in your area align with your skillset? Reach out to the relevant faculty—in journalism, public relations, computer science, human-computer interaction, graphic design, technical writing, and other departments—to see if they are looking for guest speakers.

Brand and content strategist Margot Bloomstein has spoken to undergraduate classes about a half-dozen times, and invited top names in the field to speak to her own content strategy class at Columbia University. My Meet Content partner-in-crime, Rick Allen, teaches a course at Emerson College in Boston on electronic publishing, and he’s been kind enough to invite me to speak to his graduate students twice (and sometimes I think the experience is more rewarding for me than for them!).

You can also reach out directly to college career centers. Amanda Costello, a content strategist at the University of Minnesota, has had success with this approach, working with them to organize and promote events where she can talk about her work with students who may have an interest in a web profession.

If you catch the bug after a guest-lecturing stint, reach out to those programs or your local community college to see if they are looking for new adjunct faculty, and teach your own course. It’s a huge time commitment, to be sure, but teaching is a great way to approach your work with fresh eyes and maybe realize a thing or two you didn’t know before—while sharing your knowledge with an eager audience.

Expand learning opportunities off-campus

Invite students to the next local industry event. Hackathon? Content strategy meetup? UX book club? It’s all good. Work with professors teaching relevant courses to see if their students can get extra credit for attending, or maybe host a “student night” of lightning talks where they can talk about their research or perspectives on the field so far. Similar to Costello’s approach, send information about your professional networking event directly to career centers so they can promote it to students who may be interested.

We can also make powerful connections outside the construct of a university setting. Karen McGrane recently wrote about how she pays forward the 30 minutes an academic whose name she can’t even recall gave her that helped steer her toward a graduate program and, eventually, a career.

With that post echoing in my mind, I recently agreed to meet with a young woman who reached out to me via Twitter. She was intrigued by my job title, curious about how I got to where I am, and wondering what her next steps might be. We closed our 30-minute conversation over coffee on an Au Bon Pain patio with me promising to connect her to a former intern of mine, whom I had counseled as she struggled to find her place postgraduation and watched as she emerged confident with a rewarding job in her chosen field.

I don’t know if that connection will help her, or if anything I said in those 30 minutes made sense, but if nothing else, I know that I helped reassure her that there are people in the industry who are willing to meet a complete stranger for 30 minutes on a Tuesday and talk shop. For someone just starting out professionally and looking to find her place, that’s significant.

Make conferences more accessible for young attendees

We are lucky to work in an industry with several opportunities for professional development, events where we can gather in person and learn from each other. We need to work harder to bring college students into this fold. There are two main obstacles: awareness and budget.

Building the pathways to make students aware of conference opportunities (both for presenting and attending) is doable over time, but a tougher problem to solve is budget. The average college junior does not have the resources to pay a conference fee, let alone airfare and hotel. Within a university, a student may receive funding from the provost’s office or a dean’s special-projects fund to attend an academic conference. But what about professional events?

As sponsorship dollars fly fast and furious around various events, let’s consider the possibility of offering scholarships to select student attendees or a discounted student rate, as some conferences (like An Event Apart) already do. In this vein, for two years running, Facebook has sponsored content strategy fellowships that fund three students’ attendance at the annual Confab Central content strategy conference, in addition to extending an opportunity to apply for a content strategy internship with the social-networking giant. Some conferences, like UXPA, organize a student volunteer program that helps staff the conference while providing a free conference experience (complete with networking opportunities) in return. If sponsorships and scholarships aren’t possible, conferences should work with colleges to allow attendance at events relevant to a student’s major to count as course credit.

But what about taking that a step further and creating a professional development experience just for students? Two such initiatives are currently underway. One is the Center Centre at the Unicorn Institute, a user experience design-focused education project spearheaded by Jared Spool and Leslie Jensen-Inman. Also, the HighEdWeb conference has introduced the CrowdSource Summit, a sub-conference geared toward college students with the stated goal of providing them with a multidisciplinary, human perspective on web professions. (Full disclosure: I spoke at CrowdSource Summit in October.)

While attendance is great, presenting is even better. In helping to organize Confab Higher Ed for the past two years, I am particularly proud of the fact that we have included sessions that feature not only student-generated communications efforts, but also teams with student copresenters. And offering those opportunities can yield results. Recently, I learned that one of last year’s student speakers, RIT’s Erin Supinka, landed a job as a social media manager at Dartmouth in part thanks to the recommendation of Dartmouth content strategist Sarah Maxell Crosby, who attended Supinka’s session. I hope to see this trend continue, and be echoed at other conferences.

This increased access for students would have to go hand in hand with making conferences’ social activities less focused around drinking and creating more all-ages social events. A List Apart technical editor and front-end developer Anna Debenham recently wrote about this on the ALA blog, observing that all of the efforts I’ve outlined here would be for naught if we don’t address the social component as well. “The more young people we encourage to join the fold, the more we are excluding from these events,” she observed. (Debenham has even crafted some handy guidelines for event organizers.)

Expand your interns’ horizons

If you have interns at your company, don’t limit their involvement to tasks like research, answering emails, or bug fixes. Get them invested in the culture of your organization by discussing clients, projects, process, deliverables, and industry trends and challenges with them. Let them sit in on a kickoff meeting, client pitch, or deliverables presentation, and encourage them to share their ideas in whatever way is most appropriate. Earlier this year, Jim Ross wrote for UX Matters not only about how interns can get the most out of their opportunity, but also how companies can give interns enlightening, productive work experiences. The Boston-based web design firm Upstatement offers a development apprenticeship that seems like it would be one such position.

The other day, I sat in on a weekly status call with a client. Our project manager called in our co-op student who had worked on a landing page design and asked her to explain to the client the different options and the reasoning behind them. The PM could have easily summarized the work, but instead she asked our co-op to represent her own work—which, I might add, the client liked.

In addition, have interns talk to people in roles that are distinct from their skillset or comfort zone—programmers, project managers, IAs, UX specialists, content strategists, designers, you name it. These mini job-shadowing opportunities will help establish a well-rounded approach to web work.

A couple of years ago, I wrote for Meet Content about how student workers can help support content strategy work (both from the staff perspective as the one managing the students and assigning them work, and from the student perspective of someone thinking about a career path and looking for paid work that will help advance them along). Last year, a design intern at Fastspot wrote glowingly on the company’s blog about how deeply involved she became in the agency’s process while working there. It’s within these purposeful, immersive early work experiences that students discover their true callings as professionals—as well as the things they don’t like, which is important too.

Building the future

In a 2010 HighEdWeb presentation, Dylan Wilbanks (then at the University of Washington) exhorted the audience not to let the politics of higher ed beat them down and make them bitter. “Love the web, love higher ed, love people,” he implored us.

In thinking about the importance of mentorship, I am drawn back to Wilbanks’s words. We may love the work that we do, yes, but we also love our field and the people within it. This love is why I care about what not only the web will look like in five, 10, 20 years, but also our profession and our community.

In an August post on The Pastry Box Project, Brad Frost reminded us of the importance in remaining self-aware as professionals, always asking ourselves why we do what we do and not just getting dragged along by the act of doing. “Understanding why we enjoy doing what we do better prepares us for whatever the future has in store,” he wrote. In short, we need to actively give a damn.

The more we openly communicate about what drives us, the better off we, our colleagues, and our future colleagues will be. We use forums like this to debate and evolve our understanding both of the web and of ourselves as professionals, to everyone’s benefit.

By the same token, because we care so damned much, we should be similarly engaged with the next wave of web professionals. We should work to cultivate their senses of passion and exploration, and their appreciation of a well-rounded approach to web work, so they can take the web places we’ve never dreamed it could go. Now that’s being future friendly.

Microsoft November out-of-cycle patch MS14-068, (Tue, Nov 18th)

 ∗ SANS Internet Storm Center, InfoCON: green

Microsoft November out-of-cycle patch

Note: MS14- ...(more)...

Microsoft Will Release MS14-068 Later Today, (Tue, Nov 18th)

 ∗ SANS Internet Storm Center, InfoCON: green

Today, Microsoft will release MS14-068. This is one of the bulletins that was skipped in November ...(more)...

ISC StormCast for Tuesday, November 18th 2014 http://isc.sans.edu/podcastdetail.html?id=4241, (Tue, Nov 18th)

 ∗ SANS Internet Storm Center, InfoCON: green

...(more)...

Updates for OS X , iOS and Apple TV, (Mon, Nov 17th)

 ∗ SANS Internet Storm Center, InfoCON: green

Apple today released updates for iOS 8 and OS X 10.10 (Yosemite) ...(more)...

Video: Mobile Navigation, Conversion, Input, & More

 ∗ LukeW | Digital Product Design + Strategy

Conversions@Google published a complete video recording of my two and a half hour seminar last month (September 2014 in Dublin) on optimizing mobile experiences for conversion using design.

In part one I walk through the mobile opportunity and outline how to build for it using design considerations. To illustrate this process I detail the good and bad of several mobile navigation solutions including off-canvas layouts and the hamburger menu. Along the way I introduce and explain several important guiding principles in mobile design.

In part two, I dive deep into mobile form design by explaining several techniques that increase form conversion, decrease errors, and improve the user experience overall. From treating drop-down menus as the UI of last resort to single-input payment forms, I provide loads of examples to illustrate each form design technique.

Thanks to the Conversions@Google team for making these sessions available to all.

Question

 ∗ xkcd.com

The universe long dead, IsaAC surveyed the formless chaos. At last, he had arrived at an answer. 'I like you,' he declared to the void, 'but I don't LIKE like you.'

Holiday hardware hacks

 ∗ Labix Blog

Last night I did a trivial yet surprisingly satisfying hardware hack, of the kind that can only be accomplished when the brain is in holiday mode. Our son has that very simple airplane toy, which turned out to become one of his most loved ones, enough to have deserved wheel repairs before. He’s also reportedly a fan of all kinds of light-emitting or reflecting objects (including the sun, and specially the moon). So the idea sparkled: how easily can that airplane get a blinking led?

With an attiny85, a CR2032 battery, a LED, and half an hour of soldering work, this was the result:

The code loaded in the chip is small enough to be listed here, and it gets away with blinking without waking up the main CPU clock:

    ; Set inverse OC1B pin as output for the led.
    sbi _SFR_IO_ADDR(DDRB), 3

    ; Enable timer TC1 with PCK/16k prescaling (attiny85 p.89)
    ldi r18, (1<<CS10)|(1<<CS11)|(1<<CS12)|(1<<CS13)
    out _SFR_IO_ADDR(TCCR1), r18

    ; Set OC1B on compare match (250), clear on 0x00 (attiny85 p.86,90)
    ldi r18, (1<<PWM1B) | (1<<COM1B0)
    out _SFR_IO_ADDR(GTCCR), r18
    ldi r18, 250
    out _SFR_IO_ADDR(OCR1B), r18

    ; Set the sleep mode to idle (attiny85 p.39).
    ldi r18, (1<<SE)
    out _SFR_IO_ADDR(MCUCR), r18

    ; Shutdown unnecessary MCU modules (attiny85 p.38)
    ldi r18, (1<<PRTIM0)|(1<<PRUSI)|(1<<PRADC)
    out _SFR_IO_ADDR(PRR), r18

    sleep
    rjmp .-4

The power consumption in the idle mode plus the blinks should keep the coin battery running for a couple of weeks, at least. A vibration sensor would improve that significantly, by enabling the MCU to go into powerdown mode and be awaken externally, but I don’t have a sensor at hand that is small enough.

This is the assembly, and the final result:

Toy Airplane Hack

He’s enjoying it. :-)

You only get 1,000 lines of code a week

 ∗ One Big Fluke

This week you're going to write a huge amount of code. You're going to get a lot done. You're going to ship something big. If something goes wrong, you'll be there to fix it. You'll root-cause any issue. You'll deploy at midnight to save the day. The only thing holding you back is the problem you're trying to solve.

Such an approach to building and launching works for quite a long time. When you're first starting as a programmer you're tasked with implementations that seem like "a simple matter of typing" in hindsight. Once you hit your stride, it feels like nothing can stand in your way. As time goes on, the complexity of the problems you confront grows exponentially. The balance between time spent thinking vs. implementing shifts towards design. The difficulty of shipping becomes more social than technical.

My advice for senior developers: Spend your time wisely. Imagine you can only write 1,000 lines of code this week. Is what you're doing today the most important thing? Are you the only person who could write the code you're writing? If not, why isn't someone else doing the work? You need to make your 1,000 lines count as much as possible. Your work must have leverage. Your 1,000 lines should be the essential core that enables a team of programmers to write another 10,000 lines effortlessly.

Eventually the same idea applies to everything else. You can only have 4 meetings this week. You can only send 20 emails. Make them count. Maximize the time/impact tradeoff. Let go of the things you know you can do that someone else could do just as well. Choose to do only the things that nobody else can do.

The exception to this is solidarity. Just because your time is valuable doesn't mean you're above it all. You need to carry your own weight just like anyone else. If you don't know the nitty gritty of your team first-hand you're useless.

ISC StormCast for Monday, November 17th 2014 http://isc.sans.edu/podcastdetail.html?id=4239, (Mon, Nov 17th)

 ∗ SANS Internet Storm Center, InfoCON: green

...(more)...

Microsoft Updates MS14-066, (Sun, Nov 16th)

 ∗ SANS Internet Storm Center, InfoCON: green

Microsoft updated MS14-066 to warn users about some problems caused by the additional ciphers add ...(more)...

Link

 ∗ One Big Fluke

The final draft of Effective Python is done. Stay tuned for a sneak peak of the book's contents before publication.

Knowledge vs. Intelligence

 ∗ A List Apart: The Full Feed

About a week ago, I was running into major issues during development of one of my side projects. After a few nights working to resolve whatever was breaking, I was getting frustrated with my lack of progress.

The next night, I was video chatting with Olivier Lacan, and we started discussing the problem. Since he’s a good friend, he suggested sharing my screen and helping me work through it. I was working in Laravel, the new era PHP framework, which Olivier has never worked with (nor does he work with PHP). But he’s intelligent and a great developer, so I quickly took him up on his offer.

We pored through the codebase together—I walked him through the application and the framework, and he asked probing questions about what was happening internally. Since Olivier isn’t deeply familiar with Laravel, he asks different questions than I do, and those questions led us to interesting parts of the framework that I wouldn’t have gotten to alone. After about an hour of debugging, we identified the root issue and fixed it.

I’ve talked about “switch programming” before—trading computers with someone and working through each others’ issues separately—but this is something different. It’s more akin to traditional “rubber ducking,” except with a trusted, intelligent friend.

The difference between knowledge and intelligence is key here. Knowledge is the collection of skills and information a person has acquired through experience. Intelligence is the ability to apply knowledge. Just because someone lacks knowledge of a particular subject doesn’t mean they can’t apply their intelligence to help solve problems.

Knowledge is wonderful, but it fades as techniques and technologies come and go. Intelligence sustains. Its borders extend beyond any technique or technology, and that makes all the difference.

Reliably hosted by WebFaction.com