Monday, September 29, 2014

Privacy should be a priority

Ever since Snowden started telling the World about the doings of the NSA and other government agencies, privacy has become much more of a focus area for a lot of people - this includes Tim Bray, who debuted a new talk at GOTO Copenhagen called "Privacy and Security, Policy and Tech".

At GOTO Copenhagen, the room was unfortunately full, and I didn't get to see it, which is why I was quite happy to get a second chance the week after at GOTO Aarhus.

The overall message of Tim Bray's session was that privacy is important, and that we, as developers, should make sure to project the privacy of our users' information as much as we can.

A lot of people have a quite relaxed opinion about privacy and security, though this has started to change after Snowden. As Tim Bray said:

A lot of people has realized that the internet is a bad place, and that their information is hanging out places where it shouldn't be.
Also, people have started to realize that just because they have nothing to hide now, it doesn't mean that they won't have in the future - if nothing else, then when laws change, and formerly perfectly legal things become illegal.

A historical example of that could be membership of certain political organizations in the US, which was prefectly legal, until the red scare and McCarthyism kicked in.

Another, more recent example, is simply being a LGBT activist in Uganda, which carries high risks of prosecution, even if their "kill the Gays" law was Struck Down.

Again, quoting (or rather, paraphrasing) Tim Bray:
Most people at this conference probably live where the government is fairly civilized, and won't get their door kicked in at the middle of the night. But while it is probably true for people at this conference, it is not true for a majority of the World population as a whole.
This is an important point. Even if we have nothing to hide, and don't expect ever to have anything to hide, the same doesn't hold true for most of the World's population, perhaps including a large proportion of your end users.

This should be obvious, but a lot of people tend to forget that, and don't even enforce the most basic of methods for enabling privacy such as HTTPS.

HTTPS was an area that Tim Bray dedicated a lot of time to, exactly since it is such a basic method, and so many systems don't support it.

This has to change.

Using HTTPS is such a low-cost, easy solution that there is absolutely no reason not to use it at all times, no matter whether privacy is needed. And as Tim Bray also pointed out, there is an asymmetrical cost to using vs. not using HTTPS. Using HTTPS costs a little all the time even when it is not needed, but not using HTTPS can come at a huge cost when it was needed. This is an unacceptable risk.

One thing Tim Bray didn't get into, which I also find important, is that if everybody runs HTTPS, and thus encrypts their Communications, it offers a type of herd immunity to those who really need to protect their privacy - their communication doesn't stand out from the rest.

This is the reason why Google encrypts its user's traffic (they were actually inspired by Cory Doctorow's book Little Brother).

So, all in all, the overall message of the session was that we need to think about how we can protect the privacy of the end users, and at the very minimum we need to ensure basic privacy measures like HTTPS.

Sunday, September 28, 2014

Size doesn't matter

Big data.

A couple of years ago, at a GOTO Aarhus conference, I took a break from the sessions, and walked around in the vendor area. Here I was lucky enough to be able to listen in on a conversation between Dave Thomas and Jim Webber, where Dave Thomas was explaining to Jim Webber why graph databases, like neo4j, were not suited for the type of stuff he was doing. Basically, what Dave Thomas did, was to take all global stock data several times a day, and run some analysis on it (I am obviously simplifying it, and probably explaining it wrong).

This is the sort of things I think of when I hear the words "big data".

Since that's the case, I have been somewhat skeptical when people start talking about big data in Denmark, because we have very few domains where there are anything remotely close to such data amounts (health care probably being the one exception).

It turns out that I've basically misunderstood the concept of big data, and that I underestimated the amount of data out there.

At GOTO Copenhagen, I went to a talk with Eva Andreasson, where she gave an overview of the big data landscape, mostly at the vendor level. During this session, she made a number of important points, which made me realize I have to change my view on big data and its usage in Denmark.

First of all, Eva Andreasson made clear that only about 10% of all data out there is what we traditionally would consider data (e.g. data about companies or people). The rest of it is all the trace data that people leave around when they navigate the internet, doing whatever shopping or browsing they want.

Such trace data, put together with traditional data, allows companies to analyze end-user behavior much better than traditional data alone. E.g. while traditional data will tell you what customers bought, trace data will tell you what products customers spent a long time looking at, without buying them at the end - allowing the company to do some further analysis on what it would take to get the customers to buy the product.

Another thing that Eva Andreasson made clear, is that big data isn't just about working on large data amounts. It is also about aggregating new data sources into existing use scenarios of existing data, and about making new use scenarios of the data that you work with, allowing you to look at things in new ways, hopefully gaining new insights.

Based on these two points, it is clear to me that I have to reevaluate my understanding of when big data is relevant. And judging from the conversations I've had with other people about big data, I am not alone in this.

Saturday, September 27, 2014

Aim for the stars

One of the great things at most conferences is the keynote talks, since they are usually picked by the conference organizers in order to expand the mental horizons of the conferences goers.

The organizers behind the GOTO conferences are, in my opinion, particularly good at this.

Every time I've been to a GOTO conference (or a QCon conference where they have been involved), there has been at least one keynote talk, that made me rethink things, and look at the field in new ways.

At GOTO Copenhagen, there were several such talks, but one of them stands out in particular.

On a two-day conference, the least attractive keynote slot must be the early one on the second day (after the conference dinner the evening before), and I am always impressed by the speakers who can go on stage at that slot, and leave an unforgetable impression.

At GOTO Copenhagen it was Russ Olsen who gave his "To the Moon" talk.

I hadn't heard Russ Olsen before, but judging from the keynote talk, he is a great speaker, and I'll definitely check out any talks of his I come across in the future.

So, what was so great about Russ Olsen's talk?

Well, as my tweet embedded above states, it was about the Moon landing and what we, as a field, can learn from it. Most people would probably find this interesting as it is, but my description doesn't do the talk justice at all - Russ Olsen manages to express the feelings of nerverousness and wonder behind the whole process, especially during the last 10 minutes of decent towards the moon.

Russ Olsen also has a great message - quoting Kennedy, he reminds people that they shouldn't do something because it is easy, but because it is hard, and that nothing is impossible.

So, if you're at GOTO Aarhus, I would highly recommend going to Russ Olsen's keynote talk on Tuesday, even if the conference dinner made you get to bed late. But in case you miss it, it can apparently be found online.

Ahead of my time

If you follow me on twitter, you'll undoubtfully have noticed that I've spent the last couple of days at the GOTO Copenhagen conference.

If you look at my last couple of blogposts, that might surprise you, since they were about going to GOTO Aarhus, not GOTO Copenhagen. Well, that's because I am going to GOTO Aarhus in my capacity as a blogger, while I went to GOTO Copenhagen as a "civilian" (i.e. together with some of my colleagues). Since GOTO Copenhagen and GOTO Aarhus have the same sessions, this means that I probably get to see more of the sessions than anyone else, perhaps excluding the speakers themselves.

Even though I didn't go to GOTO Copenhagen as a blogger, it won't keep me from writing a bit about my impressions from the sessions I attended there - this also allows me to make some suggestions for what people should go to at GOTO Aarhus.

Below is my schedule during GOTO Copenhagen:

  • New Linting Rules - Kyle Simpson (Enterprise Architecture)
  • From 'Agile Hangover' to 'Antifragile Organisations' - Russell Miles (People & Process)
  • Fast Delivery - Adrian Cockcroft (People & Process)
  • Deep Dive into the Big Data Landscape - Part I - Eva Andreasson (Enterprise Architecture)
  • Lean Enterprise - Part II - Jez Humble (People & Process)
  • The Future of C# - Mads Torgersen (Enterprise Architecture)
  • What I Learned About Going Fast at eBay and Google - Randy Shoup (People & Process)
  • Responding in a timely manner - Microseconds in HFT or milliseconds in web apps, its all the the same design principles - Martin Thompson (Enterprise Architecture)
  • A retake on the Agile Manifesto Part I - Katherine Kirk/Prag-Dave Thomas/Jez Humble/Tatiana Badiceanu/Martin Fowler (People & Process)
  • A retake on the Agile Manifesto Part II - Katherine Kirk/Prag-Dave Thomas/Jez Humble/Tatiana Badiceanu/Martin Fowler (People & Process)
As with most conferences, there is a rating system, where one can indicate what you feel about a given session. At GOTO it is the classic green-yellow-red system. All of the sessions I attended, with one exception, I gave a green - and the one I gave a yellow, I actually think in hind-sight also deserved a green.
I should probably add that I give a green based on either of two critierias:
  1. Was it interesting/informative/entertaining
  2. Did I get new insights out of it
This means that theoretically a speaker can be less than stellar, but able to give me new insights, and then receive a green vote. In reality, however, this happens very rarely, so green votes are usually given to great speakers, who usually are also able to provide me insights.