“Working From Home”

Despite having commented on my continuing lockdown, I have tried extremely hard not to comment too much on the whole WFH debate, at least on the blog. You might have seen me ranting about it a few times over on Twitter though.

First of all, I have to admit I was lucky — when the whole lockdown started, I didn’t have to scramble to find the space to work from home: I already set up a home office, I had a standing desk already, multiple monitors, proper home connection without relying on WiFi, and all the kind of ergonomic setup that many of my teammates had to scramble hard for. I had set this up when I got to London, because I remember how bad it was for me to have a work/life balance separation in Dublin, when I had a desk just sitting next to the sofa, and I would end up working till late instead of just sitting on the sofa to watch TV or play games.

And of course, I’m also counting myself lucky that neither me nor my wife fell ill, form Covid-19 or anything else, that our families – while struggling a bit – had been safe throughout this whole event. And also, since we’re not interested in having kids, that significantly reduced the amount of worry, and of work, needed to switch to the lockdown scenario. I can only imagine how much harder for families it still is and don’t envy them.

But at the same time, I do miss the office, and am hoping not to stay working from home forever. I spent many years working from home, alone and isolated, while I had my own company, back in Italy. And while I can do a significant amount of work individually, I do believe that teamwork brings better results. Thankfully, “telepresence” options such as Portal, Zoom, and Google Meet help significantly to coordinate the work, but they are not quite the same thing. I feel more relaxed working sitting at a desk next to my colleagues than I feel working at my desk with a camera pointed at me while I’m working — it makes me feel self-conscious.

I’m also painfully aware that even with the luck of being able to keep working from home, there’s a lot of things that are left to be desired. For instance, while lots of people are bringing up the fact that you don’t have to pay for commute anymore as a great positive, few go back to point out that you end up paying more for utilities such as electricity, water, and heating. We could see a good 20% increase in electricity usage since I started working from home, and while we’re (again) lucky that this is not a significant difference, I can see how the heating in the winter, for people leaving in cottages, would wipe out any commuting savings for the year.

And while I can definitely find an easier way to get my focus time from home, even taking turns preparing meals with my wife, the amount of time we spend for fixing up two extra meals a day (breakfast and lunch) is noticeable. The whole “free food” perk is not just about not paying for food: it’s about the time it takes to make the food, and the time it takes away from your workday.

There’s a lot more of course, on both side of the equation — and there’s the whole point that we’re in the middle of a pandemic that is literally reshaping the way we live. I’m just looking forward to go back to an office, and to have a commute — not because I want to spend an hour on a crowded Tube train, but because I want a little bit of time to mark the end of a workday, stop worrying about the issues of the day, and turn off my work phone, so I can join my wife at the end of the day in full without splitting my mind with work.

It’s tiring, and it’s getting to me, and I’m sure it’s getting to many. Be looking out to your friends and your colleagues. Cut them a break if they are snappier than usual, particularly if they have complicated home situations – kids, babies, sick family (even extended), risks, moving houses, … – as it’s likely they are not trying to tick you off, and it’s more than likely that you’ll need the same before this is all over.

Ode to the five litres tank

You may remember that last year I wrote about a “plastics free” store, selling spices, oil, and even laundry detergent. I have no idea how they are faring with the current pandemic, but let’s just say that unless they turned into a conventional store, there’s no way that I would be interested in going and buy spices, nuts and pasta from huge containers that are handled by dozens of customers per day — and particularly by kids sticking their grubby fingers into the nuts’ boxes to steal a macadamia.

Even if the concept would have been workable before, I doubt that after this whole experience it’s going to thrive — while I care about the planet, I care about not dying more, and I assume the same is going to be true for the vast majority of the public (but not everyone, I’m sure). So what are the alternative options to buying without plastic containers? I can only think of the idea of buying in bulk.

Back at the start of the lockdown, one of the things that was getting harder to find in the local supermarkets was soap — and if you have read the blog post linked above, you know that I’ve been using refills. In particular at home we have a very nice glass, 1L liquid soap dispenser bottle that came with some decent lavender liquid soap we bought in TkMaxx over a year ago, and we’ve been filling it with different brands’ soap, that are usually available around the £4/L mark. We had a couple of litres stashed away, but eventually they started running low.

So looking around we found a 5L tank of hand wash, targeted as commercial users, but easy to get a hold of in the pandemic. It’s a bit more expensive than what we found before, but we liked it better, particularly given the fact that it has not ruined my hands, despite us washing our hands a lot more than before. And that had me thinking that most most likely the 5L tank can be reused, rather than recycled, much more easily. For instance, you can use it to collect waste oil when deep frying, and then bring it to the correct recycling point for that. Or in any case you can throw it with the recycling.

But it’s not just the plastic involved that makes a difference. Just think of how often you would need to get these delivered in half a litre increment. The 5L tank is due to last us just about five months, so you get around two deliveries a year, instead of about two a months (or once a month if you can just order the refills in pairs). And because we liked the quality of the soap, we ended up ordering the shampoo from the same brand, and fill a plastic bottle instead; at least for my hair it works well, and I’m picky — and it costs nearly half per liter than my usual ones.

There’s more than shampoo and soap that can be bought in 5L tanks. Body wash, fabric softener, vegetable oil, … and liter-for-liter they clearly need less plastics, if that’s the main measure we use for pollution, and they require fewer trips to shops and fewer deliveries. They are a bit awkward to use sometimes (thus why we have a 1L bottle we pour the vegetable we use for cooking), but the main disadvantage is that they take space, and while we’re lucky to have enough space for them in our flat, I don’t think I’d have been able to make the space for them in Dublin (didn’t help that the closet had a ton of stuff left over from the landlord and the previous tenants, including umbrellas, 5cm square framed mirrors, and stuff like that).

And I’m taking the 5L tanks as an example, but they are a metonymy for a number of other bought-in-bulk items, many of which are hard to find here in London. Even toilet paper, another staple of lockdown hoarding: Dublin and London got me used to order it in 16- or 9-roll bags, while in Italy I was used to buying 48/64 rolls at a time. It’s non-perishable, and if you do have the space to just get it and stuff it somewhere until you need it, why increasing the number of times you need to order it?

Funny story here: when I moved to London, and found out that my local Sainsbury’s didn’t have anything over 4 rolls bags, I decided that it would be easier to order 60 rolls from Amazon and have it delivered. The cost was meaningfully lower, and at the time I was not setting up for groceries’ delivery, and rather going to the stores myself to pick up just the stuff I needed for the days — bringing toilet paper on the bus is bulky and uncomfortable. Unfortunately i forgot to check where I asked Amazon to deliver it, and I ended up receiving nearly a cubic meter of toilet paper to my office, and had to find a way to bring it home, considering it took me an hour to go from King’s Cross to home, between Piccadilly and bus. Thankfully, two trips with my Filson duffle bag at a late hour were enough to bring it home. I love that duffle bag.

What I’m suggesting is that city living needs to start adapting to the idea that people need storage space. When looking at apartments, you can’t but wonder what’s the chicken and what’s the egg, between the lack of cupboard storage and the just-in-time supply used by most grocery stores in the big cities. Maybe in five years we will all live in apartments that have enough cupboard storage that you only need to buy non-perishables once a month, and the local stores will be providing fresh food and only urgent needs.

There’s also another clear problem with getting people to use bulk-volume non-perishables: beside Amazon, very few sellers carry those as options, at least in the UK. Yes, there’s Costco here just like in the USA, but that’s not common, and you do need to make sure you account for the £15/yr options. In Italy if you have a VAT ID you often end up shopping at Metro, because that’s an option that opens up to you…

Again, this is the type of thing that needs to be adapted for, after this whole pandemic happened. Reducing the frequency of deliveries by buying in bulk should be favourable for both grocery stores and consumers, given how the panic buying broke most delivery systems. So maybe next year Morrisons will have more 5L tanks of stuff available for delivery, not just the vegetable oil.

The bakery is just someone else’s oven

Most of the readers of this blog are likely aware of the phrase “The Cloud is someone else’s computer” — sometimes with a “just” added to make it even more judgemental. Well, it should surprise nobody (for those who know me) that I’m not a particular fan of either the phrase, or the sentiment within it.

I think that the current Covid-19 caused quarantine is actually providing a good alternative take on it, which is the title of the blog: “The bakery is just someone else’s oven.”

A lot of people during this pandemic-caused lockdown decided that it’s a good time to make bread, whether they tried it before or not. And many had to deal with similar struggles, from being unable to find ingredients, to making mistakes while reading a recipe that lead to terrible results, to following recipes that are just giving wrong instructions because they assume something that is not spelled out explicitly (my favourite being the recipes that assume you have a static oven — turns out that the oven we have at home only has “fan assisted” and “grill” modes.)

Are we all coming out of the current crisis and deciding that home baking is the only true solution, and that using a bakery is fundamentally immoral? I don’t think so. I’m sure that there will be some extremists thinking that, there always are, but for the most part, the reasonable people will go and accept that baking bread is not easy and while freshly baked bread can taste awesome, for most people, making time to do it every day would cut heavily into time that is needed for other things, that may or may not be more important (work, childcaring, wellness, …), so once the option of just buying good (or at least acceptable) bread from someone else becomes practical, lots of us will go back to buying it most of the time, and just occasionally baking.

I think this matches very well the way Cloud and self-hosted solutions relate to each other. You can set up your own infrastructure to host websites, mail servers, containers, Dockers, apps and whatever else. But most of the time this detracts from the time you would spend on something else, or you may need resources, that might not be linear to procure, or you may make mistakes configuring them, or you may just not know what the right tools you need are. While some (most) of these points apply to using Cloud solutions from various providers, they are also of a different level — the same way you may have problems following a recipe that includes bread as an ingredient, rather than being for bread.

So for instance, if you’re a small business, you may be running your own mail server. It’s very possible that you even already have a system administrator, or retain a “MSP” (Managed Service provider), which is effectively a sysadmin-for-hire. But would it make sense for you to do that? You would have to have a server (virtual or physical) to host it, you would have to manage the security, you would have to manage connectivity, spam tracking, logging, … it’s a lot of work! If you’re not in the business of selling email servers, it’s not likely that you’d ever get a good return on that resource investment. Or you could just pay FastMail to run it for you (see my post on why I chose them at the end).

Of course saying something like this will get people to comment on all kind of corner cases, or risks connected with it. So let’s be sure that I’m not suggesting that this is the only solution. There’s cases in which, even though it is not you primary business, running your own email server has significant advantages, including security. There are threat models and threat models. I think this is once again matching the comparison with bakeries — there are people who can’t buy bread, because the risk of whichever bread they buy to have been contaminated with something they are allergic to is not worth it.

If you think about the resource requirements, there’s another similar situation there: getting all the ingredients in normal situation is very easy, so why bother buying bread? Well, it turns out that the way supply works is not obvious, and definitely not linear. At least in the UK, there was an acknowledgement that “only around 4% of UK flour is sold through shops and supermarket”, and that the problem is not just the increase in demand, but also the significant change in usage pattern.

So while it would be “easy” and “cheap” to host your app on your own servers in normal times, there’s situations in which this is either not possible, or significantly inconvenient, or expensive. What happens when your website is flooded by requests, and your mail server sharing the same bandwidth is unreachable? What happens when a common network zero-day is being exploited, and you need to defend against it as quickly as reasonably possible?

Pricing is another aspect that appears to match fairly well between the two concepts: I heard so many complains about Cloud being so expensive that it will bankrupt you — and they are not entirely wrong. It’s very easy to think of your company as so big as to need huge complex solutions, that will cost a lot more than a perfectly fine solution, either on Cloud or self-hosted. But the price difference shouldn’t be accounted for solely by comparing the price paid for the hosting, versus the price paid for the Cloud products — you need to account for a lot more costs, related to management and resources.

Managing servers take time and energy, and it increases risks, which is why a lot of business managers tend to prefer outsourcing that to a cloud provider. It’s pretty much always the case, anyway, that some of the services are outsourced. For instance, even the people insisting on self-hosting solutions don’t usually go as far as “go and rent your own cabinet at a co-location facility!” which would still be a step short of running your own fiber optic straight from the Internet exchange, and… well you get my point. In the same spirit, the price of bread does not only include the price of the ingredients but also the time that is spent to prepare it, knead it, bake it, and so on. And similarly, even the people who I have heard arguing that baking every day is better than buying store bread don’t seem to suggest you should go and mill your own flour.

What about the recipes? Well, I’m sure you can find a lot of recipes in old cookbooks with ingredients that are nowadays understood as unhealthy — and not in the “healthy cooking” kind of way only, either. The same way as you can definitely find old tutorials that provide bad advice, while a professional baker would know how to do this correctly.

At the end of the day, I’m sure I’m not going to change the mind of anyone, but I just wanted to have something to point people at the next time they try the “no cloud” talk on me. And a catchy phrase to answer them by.

Interns in SRE and FLOSS

In addition to the usual disclaimer, that what I’m posting here is my opinions and my opinions only, not those of my employers, teammates, or anyone else, I want to start with an additional disclaimer: I’m neither an intern, a hiring manager, or a business owner. This means that I’m talking from my limited personal experience that might not match someone else’s. I have no definite answers, I just happen to have opinions.

Also, the important acknowledgement: this post comes from a short chat on Twitter with Micah. If you don’t know her, and you’re reading my blog, what are you doing? Go and watcher her videos!

You might remember a long time ago I wrote (complaining) of how people were viewing Google Summer of Code as a way to get cash rather than a way to find and nurture new contributors for the project. As hindsight is 2020 (or at least 2019 soon), I can definitely see how my complaint sounded not just negative, but outright insulting for many. I would probably be more mellow about it nowadays, but from the point of view of an organisation I stand from my original idea.

If anything I have solidified my idea further with the past five and a half years working for a big company with interns around me almost all the time. I even hosted two trainees for the Summer Trainee Engineering Program a few years ago, and I was excitedly impressed with their skill — which admittedly is something they shared with nearly all the interns I’ve ever interacted with.

I have not hosted interns since, but not because of bad experiences. It had more to do with me changing team much more often than the average Google engineer — not always by my request. That’s a topic for another day. Most of the teams I have been in, including now, had at least an intern working for them. For some teams, I’ve been involved in brainstorming to find ideas for interns to work on the next year.

Due to my “team migration”, and the fact that I insist on not moving to the USA, I often end up in those brainstorms with new intern hosts. And because of that I have over time noticed a few trends and patterns.

The one that luckily appears to be actively suppressed by managers and previous hosts is that of thinking of interns as the go-to option to work on tasks that we would define “grungy” — that’s a terrible experience for interns, and it shouldn’t be ever encouraged. Indeed, my first manager made it clear that if you come up with a grungy task to be worked on, what you want is a new hire, not an intern.

Why? There are multiple reasons for that. Start with the limited time an intern has, to complete a project: even if the grungy task is useful to learn how a certain system works, does an intern really need to get comfortable with it that way? For a new hire, instead, time is much less limited, so giving them a bit more boring tasks while they go through whatever other training they need to go through is fine.

But that’s only part of the reason. The _much more important_ part is understanding where the value of an intern is for the organisation. And that is _not_ in their output!

As I said at the start, I’m not a hiring manager and I’m not a business person, but I used to have my own company, and have been working in a big org for long enough that I can tell a few patterns here and there. So for a start, it becomes obvious that an intern’s output (as in the code they write, the services they implement, the designs they write) are not their strongest value proposition, from the organisation point of view: while usually interns are paid less than the full-time engineers, hosting an intern takes _a lot_ of time away from the intern host, which means the _cost_ of the intern is not just how much they get paid, but also a part of what the host get paid (it’s not by chance that Google Summer of Code reimburses the hosting project and not just the student).

Also, given interns need to be trained, and they will likely have less experience in the environment they would be working, it’s usually the case that letting a full-time engineer provide the same output would take significantly less time (and thus, less money).

So no, the output is not the value of an intern. Instead an internship is an opportunity both for the organisation and for the interns themselves. For the organisation, it’s almost like an extended interview: they get to gauge the interns’ abilities over a period of time, and not just with nearly-trick questions that can be learnt by heart — it includes a lot more than just their coding skills, but also their “culture fit” (I don’t like this concept), and their ability to work in a team — and I can tell you that myself, at the age of most of the interns I worked with, I would have been a _terrible_ team player!

And let’s not forget that if the intern is hired afterwards, it’s a streamlined training schedule, since they already know their way around the company.

For the intern, it’s the experience of working in a team, and figuring out if it’s what they want to do. I know of one brilliant intern (who I still miss having around, because they were quite the friendly company to sit behind, as well as a skilled engineer) who decided that Dublin was not for them, after all.

This has another side effect for the hosting teams, that I think really needs to be considered. An internship is a teaching opportunity, so whatever project is provided to an intern should be _meaningful_ to them. It should be realistic, it shouldn’t be just a toy idea. At the same time, there’s usually the intention to have an intern work on something of value for the team. This is great in the general sense, but it goes down to two further problems.

The first is that if you _really_ need something, assigning it as a task to an intern is a big risk: they may not deliver, or underdeliver. If you _need_ something, you should really assign it to an engineer; as I said it would also be cheaper.

The second is that the intern is usually still learning. Their code quality is likely to not be at the level you want your production code to be. And that’s _okay_. Any improvement in the code quality of the intern over their internship is of value for them, so helping them to improve is good… but it might not be the primary target.

Because of that, my usual statement during the brainstorms is “Do you have two weeks to put the finishing polish on your intern’s work, after they are gone?” — because if not, the code is unlikely to be made into production. There are plenty of things that need to be done after a project is “complete” to make it long-lasting, whether they are integration testing and releasing, or “dotting the is and crossing the ts” on the code.

And when you don’t do those things, you end up with “mostly done” code, that feels unowned (because the original author left by that point), and that can’t be easily integrated into production. I have deleted those kind of projects from codebases (not just at Google) too many times already.

So yes, please, if you have a chance, take interns. Mentor them, teach them, show them around on what their opportunities could be. Make sure that they find a connection with the people as well as the code. Make sure that they learn things like “Asking your colleagues when you’re not sure is okay”. But don’t expect that getting an intern to work on something means that they’ll finish off a polished product or service that can be used without a further investment of time. And the same applies to GSoC students.

Ads, spying, and my personal opinion

In the past year or so, I have seen multiple articles, even by authors who I thought would have more rational sense to them, over the impression that people get about being spied upon by technology and technology companies. I never got particularly bothered to talk about them, among other things because the company I work for (Google) is one that is often at the receiving end of those articles, and it would be disingenuous for me to “defend” it, even though I work in Site Realiability, which gives me much less insight in how tracking is done than, say, my friends who work in media at other companies.

But something happened a few weeks ago gave me an insight on one of the possible reasons why people think this, and I thought I would share my opinion on this. Before I start let me make clear that what I’m going to write about is something that is pieced together with public information only. As you’ll see soon, the commentary is not even involving my company’s products, and because of that I had access to no private information whatsoever.

As I said in other previous posts, I have had one huge change in my personal life over the past few months: I’m in a committed relationship. This means that there’s one other person beside me that spends time in the apartment, using the same WiFi. This is going to be an important consideration as we move on later.

Some weeks ago, my girlfriend commented on a recent tourism advertisement campaign by Lithuania (her country) on Facebook. A few hours later, I received that very advertisement on my stream. Was Facebook spying on us? Did they figure out that we have been talking a lot more together and thus thought that I should visit her country?

I didn’t overthink it too much because I know it can be an absolute coincidence.

Then a few weeks later, we were sitting on the sofa watching Hanayamata on Crunchyroll. I took a bathroom break between episodes (because Cruncyroll’s binge mode doesn’t work on Chromecast), and as I came back she showed me that Instagram started showing her Crunchyroll ads — “Why?!” We were using my phone to watch the anime, as I have the account. She’s not particularly into anime, this was almost a first as the material interested her. So why the ads?

I had to think a moment to give her an answer. I had to make a hypothesis because obviously I don’t have access to either Crunchyroll or Instagram ads tracking, but I think I’m likely to have hit close to the bullseye and when I realized what I was thinking of, I considered the implications with the previous Facebook ads, and the whole lot of articles about spying.

One more important aspect that I have not revealed yet, is that I requested my ISP to give me a static, public IPv4 address instead of the default CGNAT one. I fell for the wet dream, despite not really having used the feature since. It’s handy, don’t get me wrong, if I was to use it. But the truth is that I probably could have not done so and I wouldn’t have noticed a difference.

Except for the ads of course. Because here’s how I can imagine these two cases to have happened.

My girlfriend reads Lithuanian news from her phone, which is connected to my WiFi when she’s here. And we both use Facebook on the same network. It’s not terribly far-fetched to expect that some of the trackers on the Lithuanian news sites she visits are causing the apartment’s stable, static, public IP address to be added to a list of people possibly interested in the country.

Similarly, when we were watching Crunchyroll, we were doing so from the same IP address she was checking Instagram. Connect the two dots and now you have the reason why Instagram thought she’d be a good candidate for seeing an advert for Crunchyroll. Which honestly would make more sense if they intended to exclude those who do have an account, in which case I would not have them trying to convince me to… give them the money I already give them.

Why do I expect this to be IP tracking? Because it’s the only thing that makes sense. We haven’t used Facebook or Messenger to chat in months, so they can’t get signal from that. She does not have the Assistant turned on on her phone, and while I do, I’m reasonably sure that even if it was used for advertisement (and as far as I know, it isn’t), it would not be for Facebook and Instagram.

IP-based tracking is the oldest trick in the book. I would argue that it’s the first tracking that was done, and probably one of the least effective. But at the same time it’s mostly a passive tracking system, which means it’s much easier to accomplish under the current limits and regulations, including but not limited to GDPR.

This obviously has side effects that are even more annoying. If the advertisers start to target IP address indiscriminately, it would be impossible for me or my girlfriend to search for surprises for each other. Just to be on the safe side, I ordered flowers for our half-year anniversary from the office, in the off-chance that the site would put me on a targeting list for flower ads and she could guess about it.

This is probably a lot less effective for people who have not set up static IP addresses, since there should be a daily or so rotation of IP addresses that confuses the tracking enough. But I can definitely see how this can also go very wrong when a household dynamic are pathological, if the previous holder of the address managed to get the IP on targeted lists for unexpected announces.

I have to say that in these cases I do prefer when ads are at least correctly targeted. You can check your Ads preferences for Google and Facebook if you want to actually figure out if they know anything about you that you don’t want them to. I have yet to find out how to stop the dozens of “{Buzzword} {Category} Crowdfunding Videos” pages that keep spamming me on Facebook though.

Software systems and institutional xenophobia

I don’t usually write about politics, because there are people with more sophisticated opinions and knowledge out there, compared to me, playing at the easiest level, to quote John Scalzi, and rarely having to fear for my future (except for when it comes to health problems). But today I need to point out something that worries me a lot.

We live in a society that, for good or bad (and I think it’s mostly for good), is more and more tied to computer systems. This makes it very easy for computer experts of one kind or another (like me!) to find a job, particularly a good paying job. But at the same time it should give us responsibilities for what we do with our jobs.

I complained on Twitter how most of the credit card application forms here in the UK are effectively saying «F**k you, immigrant scum» by not allowing you to complete the application process if you have less than three years’ addresses in the UK. In the case of a form I tried today, even though the form allows you to specify an “Overseas address” as previous address, which allows you to select Ireland as a country, it still verifies the provided post code to UK standards, and refuses you to continue the process without it.

This is not the first such form. Indeed, I ended up getting an American Express credit card because they were the only financial institution that could be convinced to take me on as a customer, with just two months living in this country, and a full history of addresses for the previous five years and more. And even for them, it was a bit of an issue to find an online form that did indeed allow me to type that in.

Yet another of the credit card companies rejected my request because “[my] file is too thin” — despite being able to prove to them I’m currently employed full time with a very well paying company, and not expecting to change any time soon. This is nearly as bad as the NatWest employee that wanted my employer’s HR representative to tell them how long they expected me to live in the UK.

But it’s not just financial institutions, it’s just at any place where you provide information, and you may end up putting up limitations that, though obviously fine for your information might not be for someone else. Sign-up forms where putting a space in a name or surname field is an error. Data processing that expects all names to only have 7-bit ASCII encoding. Electoral registries where names are read either as Latin 1 or Latin 2.

All of these might be considered smaller data issues of nearsighted developers, but they also show how these can easily turn into real discrimination.

When systems that have no reason to discard your request on the basis of the previous address have a mistake that causes the postcode validation to trigger on the wrong format, you’re causing a disservice and possible harm to someone who might really just need a credit card to be able to travel safely.

When you force people to discard part of their name, you’re going to cause them disservice and harm when they will need a full history of what they did — I had that problem in Ireland, applying for a driving learner permit, not realising that the bills for Bord Gáis Energy wrote down my name wrong (using Elio as my surname).

The fact that my council appears to think that they need to use Latin-2 to encode names, suggests they may expect that their residents are all either English or Eastern European, which in turn leads to the idea of some level of segregation of them away from Italian, French or Irish, all of which depend on Latin-1 encodings instead.

The “funnies” in Ireland was a certain bank allowing you to sign up online with no problems… as long as you had a PPS (tax ID) issued before 2013 — after that year, a new format for the number was in use, and their website didn’t consider it valid. Of course, it’s effectively only immigrants who, in 2014, would be trying to open a bank account with such codes.

Could all of these situation be considered problems with incompetence? Possibly yes. Lots of people are incompetents, in our field. But it also means that there was no coverage for these not-so-corner cases in the validation. So it’s not just an incompetent programmer, it’s an incompetent programmer paired with an incompetent QA engineer. And an incompetent product manager. And an incompetent UX designer… that’s a lot of incompetence put together for a product.

Or the alternative is that there is a level of institutional xenophobia when it comes to software development. In the UK just as in Ireland, Italy and in the United States. The idea that the only information that are being tested are those that are explicitly known to the person doing the development is so minimalist as to be useless. You may as well not validate anything.

Not having anyone from the stakeholders to the developers and testers consider “Should a person from a different culture with different naming, addressing, or {whatever else} norms be able to use this?” (or worse, consider it and answering themselves “no”), is something I consider xenophobia¹.

I keep hearing calls to pledge ethics in the field of machine learning (“AI”) and data collection. But I have a feeling that those fields have much less impact on the “median” part of the population. Which is not to say you shouldn’t have ethical consideration in them at all. But rather than we should start with teaching ethics in everyday’s data processing too.

And if you’re looking for some harsh laugh after this mood-killing post, I recommend this article from The Register.

¹ Yes I’m explicitly not using the word “racism” here, because then people will focus on that, rather than the problem. A form does not look at the colour of your skin, but does look at whether you comply with its creators idea of what’s “right”.

Two words about my personal policy on GitHub

I was not planning on posting on the blog until next week, trying to stick on a weekly schedule, but today’s announcement of Microsoft acquiring GitHub is forcing my hand a bit.

So, Microsoft is acquiring GitHub, and a number of Open Source developers are losing their mind, in all possible ways. A significant proportion of comments on this that I have seen on my social media is sounding doomsday, as if this spells the end of GitHub, because Microsoft is going to ruin it all for them.

Myself, I think that if it spells the end of anything, is the end of the one-stop-shop to work on any project out there, not because of anything Microsoft did or is going to do, but because a number of developers are now leaving the platform in protest (protest of what? One company buying another?)

Most likely, it’ll be the fundamentalists that will drop their projects away to GitHub. And depending on what they decide to do with their projects, it might even not show on anybody’s radar. A lot of people are pushing for GitLab, which is both an open-core self-hosted platform, and a PaaS offering.

That is not bad. Self-hosted GitLab instances already exist for VideoLAN and GNOME. Big, strong communities are in my opinion in the perfect position to dedicate people to support core infrastructure to make open source software development easier. In particular because it’s easier for a community of dozens, if not hundreds of people, to find dedicated people to work on it. For one-person projects, that’s overhead, distracting, and destructive as well, as fragmenting into micro-instances will cause pain to fork projects — and at the same time, allowing any user who just registered to fork the code in any instance is prone to abuse and a recipe for disaster…

But this is all going to be a topic for another time. Let me try to go back to my personal opinions on the matter (to be perfectly clear that these are not the opinions of my employer and yadda yadda).

As of today, what we know is that Microsoft acquired GitHub, and they are putting Nat Friedman of Xamarin fame (the company that stood behind the Mono project after Novell) in charge of it. This choice makes me particularly optimistic about the future, because Nat’s a good guy and I have the utmost respect for him.

This means I have no intention to move any of my public repositories away from GitHub, except if doing so would bring a substantial advantage. For instance, if there was a strong community built around medical devices software, I would consider moving glucometerutils. But this is not the case right now.

And because I still root most of my projects around my own domain, if I did move that, the canonical URL would still be valid. This is a scheme I devised after getting tired of fixing up where unieject ended up with.

Microsoft has not done anything wrong with GitHub yet. I will give them the benefit of the doubt, and not rush out of the door. It would and will be different if they were to change their policies.

So here's a more serious discussion of what 'GitHub' is, and why Microsoft's acquisition of it is so important: Chi… twitter.com/i/web/status/1…
—
Robᵉʳᵗ Graham 🤔 (@ErrataRob) June 03, 2018

Rob’s point is valid, and it would be a disgrace if various governments would push Microsoft to a corner requiring it to purge content that the smaller, independent GitHub would have left alone. But unless that happens, we’re debating hypothetical at the same level of “If I was elected supreme leader of Italy”.

So, as of today, 2018-06-04, I have no intention of moving any of my repositories to other services. I’ll also use a link to this blog with no accompanying comment to anyone who will suggest I should do so without any benefit for my projects.

The importance of teams, and teamwork

Today, on Twitter, I have received a reply with a phrase that, in its own sake and without connecting back with the original topic of the thread, I found significant of the dread I feel with working as a developer, particularly in many opensource communities nowadays.

Most things don’t work the way I think they work. That’s why I’m a programmer, so I can make them work the way I think they should work.

I’m not going to link back to the tweet, or name the author of the phrase. This is not about them in particular, and more about the feeling expressed in this phrase, which I would have agreed with many years ago, but now feels so much off key.

What I feel now is that programmers don’t make things work the way they think they should. And this is not intended as a nod to the various jokes about how bad programming actually is, given APIs and constraints. This is about something that becomes clear when you spend your time trying to change the world, or make a living alone (by running your own company): everybody needs help, in the form of a team.

A lone programmer may be able to write a whole operating system (cough Emacs), but that does not make it a success in and by itself. If you plan on changing the world, and possibly changing it for the better, you need a team that includes not only programmers, but experts in quite a lot of different things.

Whether it is a Free Software project, or a commercial product, if you want to have users, you need to know what they want — and a programmer is not always the most suitable person to go through user stories. Hands up all of us who have, at one point or another, facepalmed at an acquaintance taking a screenshot of a web page to paste it into Word, and tried to teach them how to print the page to PDF. While changing workflows so that they make sense may sound the easiest solution to most tech people, that’s not what people who are trying to just do their job care about. Particularly not if you’re trying to sell them (literally or figuratively) a new product.

And similarly to what users want to do, you need to know what the users need to do. While effectively all of Free Software comes with no warranty attached, even for it (and most definitely for commercial products), it’s important to consider the legal framework the software has to be used on. Except for the more anarchists of the developers out there, I don’t think anyone would feel particularly interested in breaching laws for the sake of breaching them, for instance by providing a ledger product that allows “black book accounting” as an encrypted parallel file. Or, to reprise my recent example, to provide a software solution that does not comply with GDPR.

This is not just about pure software products. You may remember, from last year, the teardown of Juicero. In this case the problems appeared to step by the lack of control over the BOM. While electronics is by far not my speciality, I have heard more expert friends and colleagues cringe at seeing the spec of projects that tried to actually become mainstream, with a BOM easily twice as expensive as the minimum.

Aside here, before someone starts shouting about that. Minimising the BOM for an electronic project may not always be the main target. If it’s a DIY project, making it easier to assemble could be an objective, so choosing more bulky, more expensive parts might be warranted. Similarly if it’s being done for prototyping, using more expensive but widely available components is generally a win too. I have worked on devices that used multi-GB SSDs for a firmware less than 64MB — but asking for on-board flash for the firmware would have costed more than the extremely overprovisioned SSDs.

And in my opinion, if you want to have your own company, and are in for the long run (i.e. not with startup mentality of getting VC capital and get acquired before even shipping), you definitely need someone to follow up the business plan and the accounting.

So no, I don’t think that any one programmer, or a group of sole programmers, can change the world. There’s a lot more than writing code, to build software. And a lot more than building software, to change society.

Consider this the reason why I will plonk-file any recruitment email that is looking for “rockstars” or “ninjas”. Not that I’m looking for a new gig as I type this, but I would at least give thought if someone was looking for a software mechanic (h/t @sysadmin1138).

Europe and USA: my personal market comparison

While I have already announced I’m moving to London, I don’t want to give the idea that I don’t trust Europe. One of my acquaintances, an eurosceptic, thought it was apt o congratulate me for dropping out of Europe when I announced my move, but that couldn’t be farthest from my intention. As I said already repeatedly now, my decision is all to be found in my lack of a social circle in Dublin, and the feelings of loneliness that really need to be taken care of.

Indeed, I’m more than an Europeist, I’m a Globalist, in so far as I don’t see any reason why we should have borders, or limitations on travel. So my hope is not just for Europe to become a bigger, more common block. Having run a business for a number of years in Italy, where business rules are overly complicated, and the tax system assumes that you’re a cheater by default, and fines you if you don’t invoice enough, I would have seriously loved the option to have an “European business” rather than an “Italian business” — since a good chunk of my customers were based outside of Italy anyway.

This concept of “European business”, unfortunately, does not exist. Even VAT handling in Europe is not unified, and even though we should have at least a common VAT ID registration, back when I set up my business, it required an explicit registration at the Finance Ministry to be able to make use of the ID outside of Italy. At the time, at least, I think Spain also opted out to registering their VAT IDs on the European system by default. Indeed that was the reason why Amazon used to the run separate processes for most European business customers, and for Italian and Spanish customers.

Speaking of Amazon, those of you reading me from outside Europe may be surprised to know that there is no such thing as “Amazon Europe”, – heck, we don’t even have Amazon Ireland! – at least as a consumer website. Each country has its own Amazon website, with similar, but not identical listings, prices and “rules of engagement” (what can be shipped where and for which prices). For the customers this has quite a few detrimental effects: the prices may be lower in a country that they may not usually look at the store of, or they may have to weight the options based on price, shipping restrictions and shipping costs.

Since, as I said, there is no Amazon Ireland, living in Dublin also is an interesting exercise with Amazon: you may want to order things from Amazon UK, either because of language reasons, or simply because it requires a power plug and Ireland has the same British plug as the UK. And most of the shipping costs are lower, either by themselves, or because there are re-mailers from Northern Ireland to Dublin, if you are okay with waiting an extra day. But at the same time, you’re forced to pay in GBP rather than Euro (well, okay not forced, but at least strongly advised to — Amazon currency conversion has a significantly worse exchange rate than any of my cards, especially Revolut) and some of the sellers will actually refuse to send to Ireland, for no specific reason. Sometimes, you can actually buy the same device from Amazon Germany, which will then ship from a UK-based storehouse anyway, despite the item not being available to send to Ireland from Amazon UK. And sometimes Amazon Italy may be a good 15% cheaper (on a multiple-hundreds euro item) than Amazon UK.

So why does Amazon not run a global European website? Or why doesn’t an European-native alternative appears? It looks to me like the European Union and its various bodies and people keep hoping to find European-native alternatives to the big American names all the times, at least on the papers, probably in the hope of not being tied to the destiny of American with what comes down in the future, particularly given how things have gone with the current politics on all sides. But in all their words, there does not appear to be any option of opening up opportunities for creating cross-Europe collaboration on corporations.

The current situation of the countries that make up Europe and the States that make up the USA, is that you are just not allowed to do certain types, or levels of business in all the countries without registering and operating as a company in that country. That is the case for instance of phone operators, that get licenses per country, and so each operates independent units. This becomes sometimes ludicrous because you then have Vodafone providing services in about half of Europe, but with such independent units that their level of competence for instance on security and privacy is extremely variable. In particular it looks like Vodafone Italy still has not learnt how to set up HTTPS correctly, and despite logging you in a TLS-encrypted connection, it does not set the cookie as secure, so a downgrade is enough to steal authentication cookies. In 2017.

If you remember, when I complained about the half-baked roaming directive results, I have suggested that one of my favourite options would be to have a “European number” — just give me a special “country code” that can be replaced by any one member’s code, and the phone number is still valid, and appears local. This is important because, despite the roaming directive allowing me to keep my regular Irish (for now) SIM card on my phone while travelling to either UK or Finland, it prevents me from getting a local phone number. And since signing up for some local services, including sometimes free WiFi hotspots from various cafes and establishment, relies on being able to receive a local SMS, it is sometimes more of an hindrance than a favour.

Both Revolut and Transferwise, as well as other similar “FinTech” companies have started providing users with what they call “borderless” accounts: Euro, Sterling and Dollar accounts all into one system. Unfortunately this is only half of the battle. Indeed, while I welcome in particular Revolut’s option of using a single balance that can provide all the currencies in a single card is a great option. But this only works to a point, because these accounts are “special” — in particular the Revolut Euro account is provided with a Lithuanian IBAN, but a UK BIC code, which makes a few system that still expect both throw up. And this is not even going into how SEPA Direct Debit just does not work: my Italian services can only debit an Italian bank, my Irish services can only charge an Irish bank, and my one French service can only charge a French bank. Using credit cards via VISA has actually better success rate for me, even though at least Vodafone Italy can only charge a specific one of my credit cards, rather than any of them. Oh yeah and let’s not forget the fact that you just can’t get your salary paid into a non-Irish bank account in Ireland.

Banks in Europe end up operating as country-wide silos, to the point that even Ulster Bank Republic of Ireland cannot (at least, can no longer) provide me with an Ulster Bank Northern Ireland bank account — or to be precise, cannot act on my already-existing foreigner bank account that is open in Northern Ireland. And because of all these things happening, the moment I will actually move to London I’ll have to figure out how to get a proper account there. I’m having trouble right now opening an account there already not because I don’t have the local tax ID but because they need proof of employment from a UK company, while I’m still employed by the Irish company. Of the same multinational. Oh my.

You could say that banks and telcos are special cases. They are partial monopolies and there are good reasons why they should be administered on a country-by-country basis. But the reality is that in the United States, these things are mostly solved — plenty of telco stuff is still pretty much local, but that’s because of network access and antitrust requirements, as well, to a point, the need of building and servicing local infrastructure (a solution to this is effectively splitting the operation of the telco from the provider of physical infrastructure, but that comes with its own problems). But at the very least, banking in the US is not something that people have to deal with when changing State, or having to work with companies of other states.

These silos are also visible to consumers in other forms, that may not be quite obvious. TV, movie and similar rights are also a problem the same way. Netflix for instance will only show a subset of the programming they have access to depending on the country you’re currently located in. This is because, except for the content they produce themselves, they have to acquire rights from different companies holding them in different countries, because different TV networks would already have secured rights and not want to let them broadcast in their place.

I brought up this part last, despite being probably the one most consumers know or even care about, because it shows the other problem that companies trying to build up support for Europe, or even to be started as Europe-native companies, have to deal with. TV networks are significantly more fragmented than in the USA. There is no HBO, despite Sky being present in a number of different countries. There is nothing akin to CNN. There are a number of 24-hours news channels that are reachable over more-or-less freeview means, but the truth is that if you want to watch TV in Europe, you need a local company to provide you with it. And the reason is not one that is easy to solve: different countries just speak different languages, sometimes more than once.

It’s not just a matter of providing a second channel in a different language: content needs to be translated, sometimes adapted. This is very clear in video games, where some countries (cough Germany cough) require cutting content explicitly, to avoid upsetting something or someone. Indeed, video games releases for many platforms, in the past at least including PC, but luckily it appears not the case nowadays, end up distributing games only in a subset of European languages at a time. Which is why I loathed playing Skyrim on the PlayStation 3, as the disk only includes Italian, French and German, but no English, which would be my default option (okay, nowadays I would probably play it in French to freshen up my understanding of it).

For American start-ups – but this is true also for open source project, and authors of media such as books, TV series or movies – internationalization or localization are problems that can be easily shelved for the “after we’re famous” pile. First make the fame, or the money, then export and care about other languages. In Europe that cannot possibly be the case. Even for English, that in the computer world is still for now the lingua franca (pun intended), I wouldn’t expect there would be a majority of users happy to use a non-localized software, particularly when you consider as part of that localization the differences in date handling. I mean, I started using “English (UK)” rather than the default American for my Google account years ago because I wanted a sane date format in Gmail!

All of this makes the fragmented European market harder for most projects, companies, and even ideas to move as fast as the American or (I presume, but have not enough detail about it) the Chinese market, in which a much wider audience can be gained without spending so much effort to deal with cross-border bureaucracy and cross-culture porting. But let me be clear, I do not think that the solution is to normalize Europe onto a single language. We can’t even do that for countries, and I don’t think it would be fair to anyone to even consider this. What we need is to remove as many other roadblocks as it’s feasible to remove, and then try to come up with an easier way to fund translation and localization processes, or an easier way to access rights at a Union level rather than on a country-by-country basis.

Unfortunately, I do not expect that this is going to happen in my lifetime. I still wish we’ll end up with a United Federation of Planets, at the end of the day, though.

In defence of ads over subscriptions

This is a third draft trying to focus my opinion on one facet of a very complicated, multi-faceted discussion about Internet, content and monetization. Hopefully, I’ll be able to keep my mind focused enough on the problem I want to talk about to come out with a concise and interesting post.

You may have read my opinion on Internet ads and the more recent commentary on my own “monetization”. If you haven’t, the short version of the story is that I do not think that ads are implicitly evil, but at the same time I don’t think that they are worth the attrition for most sites, particularly if very small. My blog, and Autotools Mythbuster, are not exactly unknown sites, but they are still small enough that dealing with Ads is barely worth it for most people, and clearly not worth it for me.

For big, global and media sites, ads are still (for the most part) the way to get money, and to keep running. And that is true whether those sites started as “blogosphere” Internet-native sites, like Ars Technica, or as online versions of establishment news papers like The New York Times. And particularly as you go big, and you want to have curated content, secure content and (extremely important here!) good and verified content, you have costs that add up and that require some level of income to maintain.

You can see that with LWN.net, whose content is very well curated, and is for the most part paid contributions — I can tell you that the folks over there, starting from Jonathan, would not be able to afford such a great edited content if they had no income on it. It takes time to do so, and you can’t run it as a side project or moonlighting job. Or for a more mainstream example, take what’s happening with Snopes.

One of a common talking point I hear from many companies that are involved in advertising on the Internet, including the company I work for, is that we “enable free content publishing on a global scale”. It may sounds as a platitude written this way, and sound hollow. But once you think it twice or thrice over, it starts to ring true. Because all that content would not be able to pay for the wages of the people involved in charitable donations only. Ads do really help with that.

But then I hear the extremists that decide that all ads are bad, install uBlock, and refuse to even consider that the vast majority of both sites and advertisers are trying to make a honest living, and they are neither clickfarms nor malvertisers, even though these two problems are real. And I’m not fond of SEO tactics either, but that’s also something that is not evil by itself. What is the solution, according to some of those people I engaged with at many times? For some of them the answer is to just not expect money for your online content. This works fine for me, nowadays, but it wouldn’t have worked for me before. Also, the people I heard suggesting this before are usually people who have not tried producing high-quality content before. As I wrote years ago the amount of effort spent writing a blog post is minuscule compared to that needed for me to write a simple article for LWN. And indeed, I got paid for my effort for those — $100 sounds like a lot for writing, but turns out it’s well below minimum wage by the amount of time involved.

The alternative is of course saying that the answer is to sell ad-free subscriptions instead. Which is cool by me in general, but that can only work if those who can’t afford the subscriptions are indeed not using adblockers for everything. But that is clearly not the case, and it can’t be the case as long as malvertising is indeed a risk for most people. And my reason to have this opinion is that by relying on a subscription-only model, you end up either significantly limiting the gamut of content that is available on the Internet, or its availability to the public.

We have for instance all cursed at the bother of paywalls when trying to get to content that may be interesting, or even vital, to us. But the paywall is probably the only way to make sure that the content is paid for, with a subscription. This way you don’t risk the “cheaters” that will not subscribe but also won’t offer their attention so that advertisers can fill in for those subscriptions. Paywalls are nasty and I would not advocate for them. They limit access to information, dividing people into those who can afford to be informed, and those who can’t.

There is the other option of this of course, which is the “tip-jar” option: you provide free access to the information, with no advertisement, but you have a public support campaign that suggests people to provide money for the content, either by direct subscription or by providing fundraising campaigns, such as Patreon. The problem with this system is that it’s skewed towards the content that is of interests to the people with more disposable income. It’s the same problem as the prototypes coming in on Kickstarter and similar sites: since I’m a well-paid tech employee, I can afford to finance hobby projects and content that interests me, which means the creator will try to pander to my taste by providing projects and content that appeal to well paid tech employees. And then there is the occasional situation in which those tech employees grow a heart, a passion, or more properly just want to be some sane, decent, human beings and decide to pay for content, projects, services or charities that they have no stakes in.

But if you write content that is targeted to a group of people with no disposable income, you probably would feel better if you knew that honest companies with an advertising budget underpin your wages, rather than feeling at the mercy of the magnanimity of some people who are not your target audience, and may one day just disagree with you, your message or your method, and just cut your funds. Although of course, this is also a double-edged sword, as we’ve seen that hateful content can be cut from ads revenue but persist through the deep pocket of the people wanting the message to stay out.

Where does this leave us? I’m not sure. I just think that the subscription model is not the nice good solution that I hear some people suggest. I also find it quite ironic that a number of people who suggested this option – and told me explicitly that they think content should either be able to make people pay for their content or not get money out of it – are further to the left of me, and appear disgusted at the suggestion that the free market is here to stay. Well, guess what they just described for content? And yeah it’s not perfect, far from it.

Honestly, I really would like for super-partes agencies to be able to distribute funds, fairly gathered, into diverse content creators. But that is very hard to accomplish. The obvious answer would be to let the government collect taxes and redistribute it in funds for the art. But we also know that providing the government with the task of redistributing money for content leads to the government publishing only content that looks favourable to those in charge. And I’m not really sure there is much of a better option nowadays.

I should probably write another post talking about funding sources like the old Flattr and the Brave browser, but that’s a topic for another time.