Software development involves three important phases or roles.
Program manager: Designs the software
Developer: Writes the software
Tester: Tests the software
It’s interesting that Tester is the only one of those roles that’s name describes its role.
Working for Microsoft, the Program Manager set the schedule. Part of the responsibilty of a PM was to figure out how long it would take to create the software. The PM would also be responsible for deciding what features could be in the software. Every feature had an associated “cost” in time. The PM got to decide which ones made the cut.
Developers, of course, would make their best guess in telling their PM how long creating a particular feature would take to code. Every PM had their own formula for translating “dev estimates” into the schedule. I joked that the formula should be
Double the initial estimate and then move to the next unit of time
If a developer said something was only going to take an hour, figure it would take two days. I was right was more than I was wrong. Anyway, the development process was an ongoing conversation between the PM and the developer as features were added, or more often, cut from the software.
At some point the software was turned over to the testers. The schedule had an allocated amount of time for testing, of course. But, at Microsoft at least, once the testers had the product, the Test Manager owned the schedule. In other words, the product wouldn’t ship until the testing team announced they were done.
To Microsoft’s credit, they were relentless in empowering the testers. It didn’t matter if the entire world was expecting a product to ship at a particular date. If testing said it wasn’t ready, it didn’t ship. Of course, testing did everything they could to make the date. “Death March” is a phrase that often discribed this stage of the development process.
I don’t work in software development any more. But, the process is similar for other “project” based inititives. My current company is setting up a team of people to be our first line of support for outages.
Our current process for our first line of support outages is: Call Rodney. That’s been pointed out as a non-scalable, inefficient process. And Rodney’s wife is getting a little tired of his oncall status.
This new process isn’t anything radical. We just set up an 800 number that rings into a group that is staffed 24×7. Often there are two people on call, but during certain hours there is only one.
This shouldn’t be too different than our current process. After all, I’m just one person. So, how different could it be right?
Yeah, that’s what testing is for. We worked through the process prior to bringing the group online. We’ve been online for a couple of days, and it’s clear that testing prior to launch is not a 100% effective method for predicting what the launch will go like.
It’s not uncommon for me to be on two calls at once. One internal, one with the client. We discovered today that the way we’ve set up our new team only allows them to be on a single call at one time.
That’s okay, I’ll go ahead and run this one and be on both calls.
Occasionally, if we have multiple outages at the same time, I need to be on three calls at the same time. I use Skype for one on a headset that goes over my left ear. I use my cell phone for the second in a heaset that goes over my right ear, and I put the third one on speaker on my deskphone. All three phones have a mute button and so long as everyone doesn’t talk at once, I can make it work.
Yeah, that is way beyond what our new group is set up to handle. They didn’t even know it might required so they didn’t design the system with that in mind.
The advantage I have now is that I’m not running a software project that needs to ship to customers. We can “soft launch” our new support model with me still doing my role. But, I’m just reminded again that no amount of testing catches 100% of your use cases.
So, sure, you can test. Just realise it’s not going to make a difference.
Rodney M Bliss is an author, columnist and IT Consultant. His blog updates every weekday. He lives in Pleasant Grove, UT with his lovely wife, thirteen children and grandchildren.
Follow him on
Twitter (@rodneymbliss)
Facebook (www.facebook.com/rbliss)
LinkedIn (www.LinkedIn.com/in/rbliss)
or email him at rbliss at msn dot com(c) 2020 Rodney M Bliss, all rights reserved
Tell your friends about this!
It’s typically a horror story, right?
Employees forced to train their offshore replacements.
I’m not losing my job. I’m not even changing my job. But, I am getting replaced. And I have to train my replacements. And I’m pretty excited about it.
My job involves a lot of different roles. One of the most time consuming is managing outages. I’m sort of the on-field general who directs the call when something goes wrong.
Hey, it’s an easy gig. . .if nothing goes wrong. And sometimes it will be weeks without an outage. Other times, they come multiple times per day. And they are the most important thing I do. By that I mean they take precedance over any other activity.
So, if I was on a date, or a camping trip, or at a wedding reception, I had to take a call. Courtroom? Yep. Hiking up the side of a mountain at 7,000 feet? Yep. I’ve been doing it for over six years.
And for years I asked for help. And finally, we’re doing putting it in place.
The good news is that management decided it needed 8 people to cover for me. That’s not bad. I mean, if they’d pay me eight times what they are paying me. . .
The team we created, the Diamond Team, was staffed with experienced Incident Managers. But, they weren’t experienced with my account. They didn’t have six years of support and troubleshooting experience. I did.
Rodney, now that the new Diamond Team is active, it shoudl free up a lot of your time, right?
Not really. I used to just manage the calls. Now I have to manage and teach.
Have you ever asked a child to help you with a task? I mean a small child. It’s easier to simply do the work yourself than let a toddler “help.”
Have you ever asked a teenager to help you with a task? I mean one who wasn’t required to help as a small child? It’s easier to simply do the work yourself than try to get an untrained teenager to “help.”
And that’s the irony. Getting help requires more work than simply doing it yourself. But, eventually the payoff comes later. When, you have teenagers who know how to clean up after themselves, cook an edible meal and separate the white clothes from the colors.
I expect my job to get harder not easier over the coming weeks. We took our first outage call today with the new Diamond Team. It took almost twice as long. Before I could make a decision, I had to explain to the Diamond Team member what I was doing and why.
Eventually the outage was resolved and I collected the requisite records. I didn’t have the Dimaond Team go through the data recording process. I was already burying them with a lot of information in a short time.
So, for the next several weeks or months, I’ve taken on an additional task of trainer. But, just like my teenagers who know how to clean a room, eventually, I’ll get to reap the benefits and start leaving my phone at home when I go camping.
Rodney M Bliss is an author, columnist and IT Consultant. His blog updates every weekday. He lives in Pleasant Grove, UT with his lovely wife, thirteen children and grandchildren.
Follow him on
Twitter (@rodneymbliss)
Facebook (www.facebook.com/rbliss)
LinkedIn (www.LinkedIn.com/in/rbliss)
or email him at rbliss at msn dot com(c) 2020 Rodney M Bliss, all rights reserved
Tell your friends about this!
You know those internet memes that say,
This year the month of May has 5 Fridays, 5 Saturdays and 5 Sundays in a month.
This only happens only ever 823 years. the Chinese call it “silver pockets full.”
This doesn’t just happen every eight centuries. It actually happens a lot more often than that. In fact, if you’re curious it will happen again in May 2026. Not as often as February 29th, which also happens this year.
Most things that have to do with calendars follow predictable patterns. Just like Christmas or your birthday is on Wednesday last year. And next year, it will be on Friday. (Due to the leap years.) The next year, 2021, Christmas and your birthday will be on Saturday. Then, Sunday and eventually, it will be back on Wednesday in 2024.
So, just about everything in a calendar is a pattern.
This year, 2020, has a unique pattern that has not occurred for over 100 years. And it won’t have this problem for another 100 years.
I worked for Microsoft in 1999. I can tell you with assurity that Y2K was a real problem. Your digital life didn’t blow up because computer people are really good at what we do. . .sometimes.
Y2K was a problem because early programmers, back in the 1960s and 1970s used two digits for the year. So, instead of recording 1964, they only recorded 64. You might think they were just being lazy, or stupid. But, in the early days of computers, memory was expensive. Like super expensive. Literally you would count the bytes. And no one would “waste” two bytes to keep track of the “19.” It was assumed.
Later, of course, memory got cheaper and those old systems stayed around. And programmers had to go back and fix it. And we did. . .sort of. We started using four digits to record the year.
But, we actually left a bug in the system. In the year 9999 they are going to have to go through the process all over again to fix the Y10K bug.
Computers use four digits for the year, but people don’t. We often are “too busy” to write those extra two letters. So, my twin sons were born in 02. Oh sure, it was really 2002, but you know what I mean.
It’s fine. Everyone understand it. And accepts it. But, this year, there’s an actual bug in the system. Our system. Yours. Mine. Everyone’s.
Never use a two digit year this year.
Like me, your probably write the date like 1/14/20. Unless you’re in Britain or the rest of the world where for some strange reason it’s 14/1/20.
You write that when you date a letter, or a sign a check, or sign a contract. (Actually, who am I kidding? No one uses checks any more.)
Anyway, the danger is that 1/14/20 isn’t a very exact date. You think it’s today? It might be. Of course, if it’s signed on a contract and I have a pen the same color as your pen then
1/14/20 == 1/14/2020 == 1/14/2000 or 1/14/2021
You might think it’s silly. So did the programmers who were told in 1970 that they were designing a bug that would show up in 30 years. That was silly.
But, dates, especially written dates in the internet age are vital.
And be aware, your great grandkids are going to have the same issue come up 101 years from now in 2121.
Rodney M Bliss is an author, columnist and IT Consultant. His blog updates every weekday. He lives in Pleasant Grove, UT with his lovely wife, thirteen children and grandchildren.
Follow him on
Twitter (@rodneymbliss)
Facebook (www.facebook.com/rbliss)
LinkedIn (www.LinkedIn.com/in/rbliss)
or email him at rbliss at msn dot com(c) 2019 Rodney M Bliss, all rights reserved
Tell your friends about this!
Do you know Waterfall or Agile?
Yeah. I have some experience with both.
Any examples?
Well, I work on cars.
Agile and Waterfall are not car repair terms. They are software terms. But, they track pretty well to cars, too.
Waterfall software development is the way software used to always be developed. It’s how programs like Word and Windows and just about any software purchased before the turn of the century was made.
The idea is you design your software and then you build it. You build it from scratch. And then one day you turn it on and it works.
Okay, it doesn’t work. In fact, it probably doesn’t even start up. Instead, you start working on the compile errors. After you’ve fixed all the errors getting it to compile, it will finally start up. At that point, you now need to start fixing the runtime errors. You know, when you are supposed to put in a number and it only accepts letters? So, you fix the runtime errors. Finally, you move on to the logic errors. Those are where your programmer added 2 instead of 1 to a value.
Eventually, you get the logic errors fixed, at least the ones your testers find. And finally, you’re ready to send it out to real users as a Beta test. They will find a whole bunch more bugs for you.
Finally, you’ll get tired of fixing bugs and decide, like the movie guys say, “We’ll fix it in post.” Microsoft never shipped a program with a known bug. Of course, we had to redefine what the definition of a bug was.
Agile programming is a different approach. In Agile, you design your program, but then you figure out the least amount that you can build and make it run. It won’t have all the features, of course, but it will run.
And every couple of weeks you make a new build with a few more features. And it runs. You keep doing that cycle until you have enough features to actually ship your product.
Waterfall was the standard for years. Agile has come into vogue in the recent years. I’m not saying one is better than the other. I have my suspicions that there are some operations that cannot be completed in a 2 week sprint.
I work on cars a lot. Generally in the summer. Living in Utah, Winters are strictly an emergency fixes only time of year. I realized that I’ve done both waterfall car projects and Agile projects.
I owned a 1996 Lexus ES300. When I got it, it didn’t run. There was lots wrong with it. I approached it like a waterfall project. We rebuilt the engine. We worked on the fuel pump. We repaired body work. We had to fix almost every aspect of the car. And just when one thing was fixed, another would break. It was a long project.
I don’t have the Lexus anymore. I have a 1996 Toyota Corolla. It’s actually not that different from the 1996 Lexus. They are both Toyota products.
Anyway, the Toyota is more an Agile product. It ran when I got it, but had a lot of issues. The windshield leaked. The radio was missing. One rim was bent. The seats weren’t bolted down. (But only the passenger one. Found that one out when I was teaching my daughter to drive.
Anyway, every repair on the Toyota has had two goals. One, fix the issue. Two, make sure the car still runs. There are still about a dozen things left to do on the Toyota. But, in the mean time, I’ll keep driving it.
Maybe there are some advantages of Agile over Waterfall after all.
Rodney M Bliss is an author, columnist and IT Consultant. His blog updates every weekday. He lives in Pleasant Grove, UT with his lovely wife, thirteen children and grandchildren.
Follow him on
Twitter (@rodneymbliss)
Facebook (www.facebook.com/rbliss)
LinkedIn (www.LinkedIn.com/in/rbliss)
or email him at rbliss at msn dot com(c) 2019 Rodney M Bliss, all rights reserved
Tell your friends about this!
I flew home from Florida today. I like flying, but it’s also stressful. The flight was pretty turbulant. I had the flight data displayed on the seatback monitors. At times we had a 104 MPH tailwind and then a few minutes later we had a 75 MPH headwind. At 36,003 feet, those winds toss around even the largest plane.
At times, it was almost like a rollercoaster. But, that wasn’t the part that was stressful. The turbulance was a known quantity. I was nervous about the unknown.
I didn’t know if our sites might have an outage while I was on the plane. Starting today, we have a full team backing me up. But, that doesn’t mean my job is any less stressful. In fact, in addition to managing outages, I now am responsible to teach my replacements.
But, if there’s an outage, they’ll manage without me. But, then, I’ll spend days filling out the reports. Their “help” would also mean additional work for me. In fact, more work than if I’d simply managed the outage myself.
It’s mid January and time to put away the Christmas lights on our house. My neighbor and I have coordinated our Christmas lights. It’s one of those where you tune your radio to a local station and the lights are synched to the music.
My neighbor did all the hard work. He did the programming. He told me what to buy and he runs the radio broadcast. I just put up the lights the way he tells me. . .exactly the way he tells me. If I get two of the 30 extension cords swapped, the display won’t look right.
We’ve done the Christmas light display for several years. I am just as careful when putting away the display as when putting it up. Because I know that next November, I’m going to need to put it back up the same way. Exactly the same way.
But, not this year. This year, I had help. While I was enjoying the inside of my windowless call center and the 73 degree weather, my lovely wife and family were removing the Christmas decorations ahead of an approaching snow storm.
So, my garage has my Christmas decorations and lights strewn randomly. Like my outages, it will take longer to put them away than it would have taken me to do the work myself. But, they wanted to help.
And while I dread following up after an outage that I wasn’t able to manage, I can’t help smiling at the thought that my family stepped in to help.
Nope, help and help aren’t the same thing.
Rodney M Bliss is an author, columnist and IT Consultant. His blog updates every weekday. He lives in Pleasant Grove, UT with his lovely wife, thirteen children and grandchildren.
Follow him on
Twitter (@rodneymbliss)
Facebook (www.facebook.com/rbliss)
LinkedIn (www.LinkedIn.com/in/rbliss)
or email him at rbliss at msn dot com(c) 2019 Rodney M Bliss, all rights reserved
Tell your friends about this!
Salad, yogurt, Quaker granola bars, orange juice, sliced watermelon, popcorn and some fresh fruit. Oh, and some plastic silverware.
I’m not really a foodie.
I like salmon, if it’s fresh and hasn’t ever been frozen. I travel with people who are foodies. At one point my friend Marcus called me from a vacation in Seattle. I grew up in the Seattle area about 40 miles south in Olympia, the capital. We fished for salmon in Puget Sound. My dad’s friends used to drop off whole salmon at our house after they’d spent the day fishing. To say it was fresh doesn’t do justice to the word fresh.
We’d broil salmon steaks with lemon juice. We’d mix the salmon up with mayonaise and eat it on fresh baked bread.
I know the difference between fresh salmon and . . .well, anything else.
Anyway, I’d told the story to my friend Marcus. He really was a foodie. He lived in Utah but went on vacation to Seattle. He called me one night,
Rodney, I’m at a place called Anthony’s on the waterfront in Seattle.
Yeah, that’s a nice place.
After all your talk about how fresh salmon tastes so different, I decided to order it.
How was it?
Well, it was good enough that I’m calling you to say, ‘You’re right.’
But, if it’s not fresh salmon, I’m not much of a food guy. If there’s no one to go to dinner with on a trip, I typically don’t want to bother with the hassle. I’d as soon go back to my hotel room and write.
But, I need to eat, of course. And my company reimburses $35 per day for food. My solution is to find a Walmart, or a Kroger’s or a Publix and buy my dinner. The funny thing is that when I buy it at Publix, I typically eat healthier than if I eat at a restaurant, or even at home.
I’ve found I like salads if someone will make them for me. I like fresh fruit. The granola bars I can take on the plane. The yogurt and orange juice are for breakfast the next morning.
I would buy more orange juice or maybe even water except, of course you can’t take that on the plane.
You can get a very nice dinner at most restaurants for $35. Or, you can get several meals worth of salad and fresh fruit at Publix.
Rodney M Bliss is an author, columnist and IT Consultant. His blog updates every weekday. He lives in Pleasant Grove, UT with his lovely wife, thirteen children and grandchildren.
Follow him on
Twitter (@rodneymbliss)
Facebook (www.facebook.com/rbliss)
LinkedIn (www.LinkedIn.com/in/rbliss)
or email him at rbliss at msn dot com(c) 2019 Rodney M Bliss, all rights reserved
Tell your friends about this!
Why, you may take the most gallant sailor, the most intrepid airman or the most audacious soldier, put them at a table together – what do you get? The sum of their fears.”
-Winston Churchill
I went to dinner tonight. It was a place called “The Dolphin Bar” in Jensen Beach, Florida. It’s right on the Atlantic ocean. We didn’t see any dolphins. But, it was on the menu. Seriously, grilled dolphin as $27 plate.
I’ve never been to a place that sold dolphin. Honestly, I wasn’t sure how I felt about it. Dolphin’s are mammals, they are not fish. Now, we eat plenty of mammals, of course; steak, bacon, lamb. I’m not opposed to eating mammals.
One of the people at dinner had been to the Philippines. He and I were asked about eating balut. It’s a delicacy in the Philippines. I wrote about it here (All Food is Gross.) Balut is duck eggs that have been allowed to develop for about 20 days.
The people at the table were disgusted. (Okay, that might be part of the reason my friend and I were talking about it.) We were all involved in travel and security audits. Two of the five of us were new, but the other three had worked together for years.
These audits happen multiple times per year. We meet at various locations around the country, and occasionally the world. Each audit is both the same as the ones before and uniquely different.
The audits can be a little high stress. If we fail an audit, the auditors could conceivably shut down our call center. We rarely fail. In fact, depending on how you count, we’ve either failed once or never. I count it as a fail, the client decided to count it as a mulligan.
Mulligan: a term used when casually playing golf which allows a player to repeat one stroke per game without penalty.
The best part of the audits, at least with James, the lead auditor, is the dinners afterward. They typically last about 3 hours. The last 90 minutes is spent telling stories and sharing the sum of our fears.
That was my thought tonight as we talked through dessert. We told stories. “Remember the time. . .” The stories ranged from India to Tampa. Stories from our distant past, or our recent past. Tales of success and failure. Close calls and the rare “everything went perfect” times.
Eventually the seperate checks came and we all headed back to our hotels. We will no doubt play out the same dinner at another time in another city. Where we will no doubt add the stories from the night at the Dolphin bar.
Oh, and we didn’t actually order the dolphin, but we did ask about it. Turns out it’s illegal to eat dolphin. (That made us all feel a little better.) What they advertized on their menu as grilled dolphin was grilled mahi-mahi. Because, as our waiter explained it, “Mahi-mahi is in the dolphin family.”
We are all IT security guys, but that didn’t sound right. I mean, dolphin is a mammal and mahi-mahi is a fish. Fortunately, we had our phones. Turns out mahi-mahi is a type of fish called a “dolphinfish.” (All one word.) So, sure, mahi-mahi is part of the dolphinfish family.
You know, like, catfish is part of the cat family.
Oh yeah, that story is going to get told again.
Rodney M Bliss is an author, columnist and IT Consultant. His blog updates every weekday. He lives in Pleasant Grove, UT with his lovely wife, thirteen children and grandchildren.
Follow him on
Twitter (@rodneymbliss)
Facebook (www.facebook.com/rbliss)
LinkedIn (www.LinkedIn.com/in/rbliss)
or email him at rbliss at msn dot com(c) 2019 Rodney M Bliss, all rights reserved
Tell your friends about this!
I recently had to factory reset my phone. That means that all my apps were removed and I had to reinstall them. But, sometimes I couldn’t find the original app. For example, I couldn’t find the original weather app. I found a new one. It behaved slightly differently. Instead of waiting for me to open it, the app constantly shows me the current temperature and weather.
My new weather app constantly displays the current weather. And, being security conscious, I didn’t give the weather app access to location services. In fact, I don’t even enable location services. Is Google trying to track me? Yes. Will they use my location data to do anything nefarious? Probably not. Do I even know the definition of nefarious? I’m not sure.
But, I generally also lock my doors while believing a burgler wouldn’t be seriously detered by a lock on my house or car.
Anyway, the point is I told my weather app to show me the weather for Pleasant Grove, UT. And I didn’t give it permission to check my location.
Utah weather in the winter is pretty basic. It’s either cold and clear, or cold and snowy. Oh and it’s often smoggy. Utah has some of the worst winter air quality in the nation. The dangers of living in a high mountain valley.
I’m not in Utah this week. I’m at our call center in Miami. Do you know what brings people to Florida in January? Apparently it’s a destination location. It’s not cold and snowy in Florida in the winter. At least not in Miami.
My hotel is right on the beach. In fact, it’s literally on an island, but you can walk out of the hotel onto the beach. As I was on my way to work this morning, a couple in swimming suits were coming back from the beach. . .in January. Yeah, Florida.
I went skiing a couple of times when I was much younger and first lived in Utah. I wasn’t particularly passionate about it. But, I knew I would live in Utah a long time. And eventually, I would visit locations where people pay thousands of dollars each winter to fly to Utah and go skiing. I didn’t want to tell them I’ve lived in Utah for years and never went skiing.
I didn’t bring a swim suit to Florida.
I’ve flown thousands of miles to Florida in the middle of the winter and probably won’t even put a toe in the water. I will spend a lot of time inside our call center. It used to be a big warehouse store. We’ve carved it up into groups of a few hundred seats in each section.
For whatever reason, the area where my client sits is near some of the industrial sized AC vents. It was a little chilly. In fact, it was downright cold.
Sadly, I’ll spend more time under the overactive AV vents than I will under the sun on the beach. When I get home my lovely wife will ask, “How was Florida?”
Freezing.
Rodney M Bliss is an author, columnist and IT Consultant. His blog updates every weekday. He lives in Pleasant Grove, UT with his lovely wife, thirteen children and grandchildren.
Follow him on
Twitter (@rodneymbliss)
Facebook (www.facebook.com/rbliss)
LinkedIn (www.LinkedIn.com/in/rbliss)
or email him at rbliss at msn dot com(c) 2019 Rodney M Bliss, all rights reserved
Tell your friends about this!
Writing is easy. Your character has a problem. When the problem is solved, the story is over.
– Ben Bova
Ben was a friend and a mentor to me many years ago. He’s a world famous writer. You might not have heard of him if you are not a science fiction fan. He’s brilliant.
Think about your favorite story. Harry Potter, or Percy Jackson. In the Harry Potter series, for example, each book sees Harry, Ron and Hermoine confronted with a new problem. Once the problem is over, so is the book. Of course, JK Rowling also wrapped the entire series into a bigger story. Harry must defeat Voltamort. Once he does, the story is pretty much over.
I don’t write fiction stories. (Well, not that get published.) But, I did spend a good portion of my career writing training courses for Microsoft. As I thought about his simplified version of the basics of a story, I realized his advice didn’t just cover stories. It was a great explanation for training materials.
At one point at Microsoft, we hired a new manager. She came from a traditional corporate background. (Something Microsoft was not known for.) She thought it was a good idea to have our team create a mission statement. I have to say we didn’t take it very seriously. In fact, after an entire hour the best we came up with was,
We’ll learn ya.
To us, our team wasn’t about grand designs, or complex strategies. We were a bunch of instructional designers. We wrote training materials. And we were pretty good at it.
We wrote two types of training. We wrote new-to-product training that had to cover every feature. Have you ever looked at every option in Windows? Or Outlook? The training was affectionately called the Powerpoint slog. At least I think that’s what it was called. I’ve blocked a lot of it out. It was boring to write and boring to teach.
But, there was a second type of training. It was unoriginally called Advanced Topics. And it was written to solve a specific question,
How to read network traces
The course was three days long and focused on how to decypher those 0-9, A-F characters that computers use to talk to each other.
Sounds exciting right?
No, students didn’t think so either. At least not at the start of the class. By the end of the class, they thought it was the greatest course they’d ever been through.
The reason is that the Advanced Topic course had a specific question that it was trying to answer. And when the course was over, the students could answer the question that the course started with.
The best training tells a story and the best stories teach a lesson. My friend Ben taught me that.
Rodney M Bliss is an author, columnist and IT Consultant. His blog updates every weekday. He lives in Pleasant Grove, UT with his lovely wife, thirteen children and grandchildren.
Follow him on
Twitter (@rodneymbliss)
Facebook (www.facebook.com/rbliss)
LinkedIn (www.LinkedIn.com/in/rbliss)
or email him at rbliss at msn dot com(c) 2019 Rodney M Bliss, all rights reserved
Tell your friends about this!
Remember floppy drives? For anyone under the age of. . .old, floppy disks were like small thumb drives. They weren’t super small, in fact they were quite large. They started out as 8″ in diameter and they held about 4K of data. Not 4GB or even 4MB. Instead it was four kilobytes.
As the disks got smaller, their capacity got bigger. The 5 1/4 drives could hold 256k and when they went to 3 1/2″ the capacity jumped to 1.2MB. That was about the largest capacity floppies could get to. The 3 1/2″ floppy is the “save” symbol in most programs.
I remember when computers stopped coming equipped with floppy disks. To this day there are programs, and especially files that I have on floppy disk. But, technology marches on. Floppy drives were replaced with CD drives. And DVD drives, but honestly no one noticed when the CD drive morphed into the DVD drive. Seriously, no one really paid any attention.
Eventually even DVD drives were rendered obsolete. Computers no longer come with DVD drives. It’s all about USB drives now. Except that Apple devices stopped using even USB drives. They switched to the lightening port and now the newest iPhones don’t even have that.
What’s this have to do with passwords?
More than you might think.
When I worked for WordPerfect we had a program as part of our tools suite that was a file manager. This was before the days of Windows and its built-in file manager. The way you accessed files was via what today is called the command prompt. You had to ask the operating system, (called DOS, or disk operating system) each time you wanted to see files in a folder, which were called directories. (Wow, this explanation is taking way longer than I thought it would.) Anyway, or file manager allowed you to visually display what was in a directory. It was still text based, but better than DOS only.
Our programmer decided to add a password feature. You could protect the system from letting people view, or worse delete entire directories. The problem was the programmer made the password field case sensitive. It wasn’t enough to say my password is “fishsticks.” You had to remember that you didn’t capitalize the first letter of “fishsticks.” I worked in support and crazy as this may sound, this was a real issue for people. Seriously. It was so bad that eventually we convinced the programmer to make the password case insensitive. So, FISHSTICKS, fishsticks and fIsHsTiCkS were all the same password.
We were so proud of ourselves. And we were so naive. Just as storage devices experienced a transformation as the IT industry evolved, so did password practices.
Today, most sites encourage, if not require strong passwords. Companies, of course also require strong passwords from their employees. For example, my company requires 14 digit passwords, with a mix of upper, lower and special characters. And we have to change it every 90 days. Oh, and we can’t reuse a password that we’ve used in the past year.
The company could implement even more security. For example, they could forbid dictionary words in a password. When you have to have a 14 digit password, it’s helpful to have a pattern. For example, your password might be a phrase, “Ilikefishsticks.” You need the number and special characters, of course. “Ilike2fishsticks!” That’s a good password phrase because when I have to change it, I can simply advance the number. “Ilike3fishsticks!” “Ilike4fishsticks!” and so on.
If my company forbid dictionary words it would make it much harder to remember a unique 14 characters that changes every 90 days.
Why is it important to be able to sequentially add numbers? So you can remember you passwords. If you recently changed your password and you forget you’ll get an error. If you’re using a sequential pattern, you simply move on to the next number.
There are other restrictions that passwords can be bound by. They can forbid you from using my sequential trick. They can compare your current password to your previous ones and ensure you don’t have too many characters the same.
Why wouldn’t you want to do that? It’s all about security, isn’t it?
I recently had to factory reset my phone. (Android, not iPhone, but doesn’t matter.) I had to reinstall the apps that I use on a daily basis. But, since they are on a secure device, I entered the password once and then told it to not ask for the password again on that device. Many of those apps have strong password policies.
You know what happened, right?
I didn’t remember those passwords. Of course, each one has an option to recover my lost password. Except I couldn’t recover the password. Nope. I could only reset it. And I couldn’t set it to the same password I’d used previously. So, with my sequential trick, I had to move to the next number. Expect for the systems that decided I had too many similar characters.
Like you, I have dozens of accounts, LinkedIn!, Facebook, eMail (5 different accounts), VPN, WordPress, Paypal, Venmo, my bank, and so on. And every one of them has a strong password policy.
Here’s where it gets non-intuitive. The systems with the most restrictive policies are the ones that I struggle with the most, both in setting and remembering the passwords. So, those systems are the most likely to get written down, or turned into something more “hackable.”
My company has a single sign-on policy. It doesn’t matter how many different servers or systems I have to access at work, they all share the same login and password. Is it more secure than having every system with its own separate password? Absolutely. I have to keep track of one password. I’m not likely to lose track of that one password.
The downside, of course, if someone gets that one password they have access to all of my systems. But, it’s a worthwhile compromise. It’s like your house, you lock the front door, but you probably don’t lock every door inside the house. You also most likely do not have multiple locks with different keys on your front door.
IT systems should be the same way. Strong passwords are important. But, if companies go overboard in the restrictiveness of their processes, they are putting at risk the very systems they are trying to protect.
Rodney M Bliss is an author, columnist and IT Consultant. His blog updates every weekday. He lives in Pleasant Grove, UT with his lovely wife, thirteen children and grandchildren.
Follow him on
Twitter (@rodneymbliss)
Facebook (www.facebook.com/rbliss)
LinkedIn (www.LinkedIn.com/in/rbliss)
or email him at rbliss at msn dot com(c) 2019 Rodney M Bliss, all rights reserved