February 17th, 2016


Gotta hand it to the FBI. Take their proposal of a completely custom system build that would circumvent various protections that are designed to keep people away from your information, and consider it on purely technical matters. It’s simple to explain to technical people, and it’s simple to explain to people that are not that well-versed in technology.

But consider this. There is no such thing as a safe-guarded backdoor. Do you really believe that once one government agency gets their hands on such a system build, it will only be used to help the “good guys”? If you are, I’d love to live in the fantasy world you’re inhabiting.

In the real world that the rest of us live in, this will be nothing short of a disaster. This custom build will get shared between various government agencies and branches, with an absolute guarantee of two things happening. First, it will get to an agency that is solely overseen by secret courts that rubberstamp pretty much every request. Second, it will get into the hands of general public, sooner rather than later – through social-engineered hacking or another Snowden-like act of political activism.

And then there’s another absolute guarantee. Let’s for a minute say that if you’re a law-abiding US citizen, then the US government is good guys. Then there are other governments who are our allies, which makes them good guys by proxy, and there are other governments which are our enemies which makes them bad guys.

What is going to stop other governments from demanding access to the same special system build? How many countries can a multi-national corporation withdraw their business from before it has no more places to do business in? How do you as a supporter of lawful information “extraction” decide on which laws you agree with and which step over “the line” that separates the good guys from the bad guys?

There’s not a single line in Tim Cook’s letter that is a gratuitous exaggeration of the dangers that lie ahead. I’ve spent the first twenty years of my life living in the communist USSR, where it was pretty safe to assume that the state had the capabilities and the means to do mass surveillance of anybody and everybody.

How does the self-aggrandizing beacon of democracy turn into the omnipresent surveillance state? Two ways. Gradually, then suddenly (in the mighty words of Ernest Hemingway). Just don’t tell your kids that you didn’t see it coming.

September 28th, 2015

Tech reporting

Two types of tech reporting / analysis out there.

The intellectually honest, hard working one where you look at publicly announced products (and maybe vaguely hinted future plans) and invest effort to make intelligent, thoughtful, researched predictions of how the different players in different interrelated markets will evolve in the next couple of years.

And then there’s “building your reputation” on top of some anonymous source inside the company that feeds you the actual plans and blueprints. The lazy kind where you’re just the conduit of plans and upcoming product announcements, always at the mercy of that source being continuously employed in that position of “close knowledge”. The kind that is disguised as “original content”, and is anything but.

Guess which one is more respectable even if you might make a mistake or two down the road. Play the long game.

June 17th, 2015

Table stakes

A long long time ago I wrote about companies being in control of their own long-term destiny. HP? Seriously? Silly me. And where’s Amazon? Anyways…

Not so long ago it used to be that a platform provider would give you a nice set of core widgets, along with access to the network stack, the local file system and a few lower-level graphics APIs. Good old times of shrink-wrapped software and platform updates that happened once every five years. In a good decade, that is.

Then the Internet happened, and after the dark old times of IE 6 a couple of big companies realized that not only they needed to have a fast and standards compliant browser available on their platforms, but that it’s such a basic block that it can’t be left to other parties. And so browsers developed by the platform providers became a table stake.

Somewhere in between, GPUs became more affordable to be included in the standard consumer-grade computers. Hello Moore’s law. They also happened to become quite powerful. Hello Moore’s law again. And OpenGL happened along the way, paving the road to gradually hardware accelerating all the things that find their way to the pixels. Along the way, local and streaming video became the expected part of a platform offering. Table stakes, if you will.

As a parallel track, platform providers started offering (built internally from scratch or acquired in a mad dash so as not to appear to fall behind) email services, ad platforms, office suite of apps (documents / presentations / spreadsheets) and search engines. Table stakes 2.0.

Then mobile happened. Not the kind focused on texting or plain-text email. Mobile as in having a frigging supercomputer in your pocket.

First came the app stores, along with the whole infrastructure around them such as authentication, serving downloads, replicating across multiple devices, user reviews, and search and recommendation engines. And oh, dipping the toes in the wonderfully macabre world of payments. Table stakes level++.

And you also had the other, more traditional media – books, movies, music and magazines. So the platform providers expanded the store capabilities to serve those, along with the matching applications to consume that content – reading books and magazines, watching movies and listening to music. Along the way came movie streaming, music streaming and music subscription services. You might also throw in the TV media players and TV streaming / casting sticks into the mix. Table stakes again.

The platforms themselves started branching into ever more form factors, from the traditional desktop screens and the just introduced mobile screens (a phone-sized screen and a tablet-sized screen) into a screen continuum. From phablets to TV screens, jumping into the wearable space (watches and glasses) and most recently into the automotive space. Along the way the platform providers started working on seamless integration flows between multiple devices owned by the same user. That included persisting the flow state and replicating it between devices, as well as unifying the user experience between the various “manifestations” of the underlying platform. And as the platform had successively more chunks moving into the cloud, the companies started investing ever more design resources into defining their own interface language and guidelines to help developers create apps that feel part of the platform. Table stakes raised another level.

And indeed the platform became this amorphous thing, with individual devices and screens at the edges and the data storage / sync layer in the middle. Platform providers offer their own storage and syncing solutions, with (mostly) generous free tier, spanning a variety of user-generated content, from documents to spreadsheets to, most recently, comprehensive photo services. And hey, let’s throw a mapping solution into the mix while we’re at it. Hello table stakes 2015.

There are quite a few pieces whose timelines I’ve generously rearranged in this article. There are a few pieces that were left out for brevity. To name just one, how about a bespoke system font that is used throughout the multiple manifestations of the specific platform. While we’re at it, how about the overall typesetting system in the world of high definition screens and the amazing “inventiveness” of various languages, living and dead. But I digress. Oh wait, how about a frigging voice-controlled assistant that predicts what you want even before you know that you want it?

Being a platform provider in 2015 is a big undertaking. And getting into the platform game might never have been as formidable. And when you’re in that game, you better up your game every year on the clock. At your own developer conference. But hey, no pain no gain. And the gains these days are enormous.

June 11th, 2015

Code spiral

Code reviews are good. You should do them. In this post I’d like to expand on one paragraph from that post:

Don’t do gigantic code drops. If it’s a big feature, map out smaller steps towards the final goal. Mark unfinished places with TODOs so that the reviewer knows this is not the final thing. Build trust in each other to understand that sometimes the road to the final feature takes multiple steps. But always keep an eye on those first couple of steps to make sure that the road is taking the right overall direction.

Gigantic code drops happen every once in a while, especially with new people on the team when they start working on their first feature request. People kind of drop off for a few days, and then they come back with this CL with 1000+ lines of code that span over a couple dozen new and existing files. And that’s very unproductive for everybody.

Some feature work is naturally big, and will eventually indeed span that many lines of code and that many files. But you shouldn’t be trying to do it all in one take. When you’re doing too many things at once, you focus on none, and everything suffers equally. You power through everything from beginning til end, from bringing the data to displaying it on the screen to handling rotation to caching things locally to pixel-perfecting the layout to animations and transitions. And then you add your reviewers. Let’s pretend I’m one of those reviewers.

So I get an email saying that there is a new CL for me to review. I click through and I see that it’s a 1000+ line drop. That’s your first barrier right there. It’s just too much stuff for me to look at right now. Maybe later in the day when I have nothing to do? Because I’d need something like half an hour to take a serious look at it. And it’s not like I just have that half an hour kicking around in my day. I can certainly find 5-10 minutes for a 100+ line review, or even 10-15 minutes for a 200+ line review. But a 1000+ line review? That would need to wait.

And then I finally realize that it’s been sitting in my queue for a while now. And I take a look. And it’s just too much. There’s just too much going on at the same time, from network to caching to persistence to pixels to animations to transitions. I wasn’t there in your head as you were writing it. So now I have to unravel the “roadmap” of this code drop, step by step. How many layers does it have? What is the first step in that roadmap? What is the foundation of that roadmap and your overall direction? How do I identify and compartmentalize each individual layer so that I can intelligently comment on it?

And what happens if I see something that should be reworked completely in one of those foundation steps? How is that going to ripple through the rest of your CL? What are the chances that in order to address the comments in just that one layer you now need to effectively rewrite the whole thing from scratch?

And what happens if me and this other reviewer are having a discussion on this one layer, and there’s a parallel discussion happening on another layer? If you have everything in one big code drop, it’s hard to keep track of what is being discussed, what decisions are being made, and how these decisions need to be translated to revising the code.

It’s perfectly fine to break it into steps. You might not be sure what are those few couple of steps to take at the very beginning – without feeling compelled to travel the whole road. That’s when it’s time for a short discussion. If you know who you’re going to be adding as your reviewers, grab them for a few minutes at their desk or over IM. Talk over the feature and what it involves in your opinion. Describe the steps you’re planning to take to get there, with special emphasis on those few first steps. See if those are the right steps to take. You might “waste” a few extra minutes talking it through, but it’s nothing compared to the hours of your teammates’ time being spent on reviewing that gigantic blob, and to the days of your own time being spent on rewriting that gigantic blob. Possibly more than once.

Break it apart. Define your data structures and server endpoints first. If the server side is not ready yet, create some fake data locally, but try to keep it as closely to the eventual communication protocol as possible so that it’ll be easy to swap that out for real data. Then get something on the screen. It doesn’t have to be beautiful. It needs to be functional so that people can get a rough feel how the data flows on the real screens in their hands. Up until now it’s been pretty sequential. Now you can parallelize the work, either as multiple CLs from you, or multiple people pitching in.

Do a separate CL for local data caching. Do another one for data and view persistence and restore as you rotate the screen, interact with the content around your new bits or go out of your app and back in. Do a separate CL for pixel-perfecting the visuals, attaching screenshots and sending local builds to people to take a look how the static mocks done on gigantic desktop screens actually look and feel on smaller mobile screens. Lay down the ground work for adding animations and transitions, and do those in separate CL(s).

I’d say that an ideal CL is not more than 200 lines of code. Some just have to be more and that’s fine. But if you can keep it under 200 lines or so, you’re making it that much easier for everybody to engage in a productive discussion and to move the process forward. And you’re spiraling ever closer to the final state instead of just going in circles. Funny thing about some spirals though. You might be getting closer but you’ll never quite get there. But that’s a whole other topic.

When you break it down into multiple steps where every step needs to be reviewed separately, it might feel that it’ll take much more time compared to just powering through everything and doing one gigantic code drop. Trust me, it doesn’t. And at some point it just becomes a second nature. You start to break everything into small, manageable steps, and focus on each one of them. And before you know it, the feature is done and ready to ship. And that’s when the really scary bugs start happening.