A few days ago, we received some reports from users that all went something like this: “Norton is blocking access to your site. It says the site has a security risk.”
First reaction: Panic! Did our site get taken over by hackers? Not quite… When reading the security report, it turns out that Norton had incorrectly classified a link from one of our receipt emails as a phishing attack. To be clear, the link does nothing else than redirect to the user’s website, i.e. there is no phishing going on, neither on our site nor the user’s site.
We immediately issued a dispute and request for re-evaluation with Norton’s website. And then… nothing really happened. After five days, it seemed that the red warning disappeared, but for the site dispute, the re-evaluation is still “in progress”.
Now, this would not be so bad if it was not for Norton’s massive userbase and the trust that they have. Besides the users that were blocked from using our app, a slightly more serious consequence was the 1-star review on the Shopify app store that popped up on Friday morning with just the text: “My Norton Antivirus software shows this site to have an identity threat.”
Needless to say, being wrongly flagged by Norton can have real consequences for a business.
And that is the main problem here. This whole ordeal reminds of me of some of the many things I hate about big corporations: Stepping on smaller businesses, misusing power and slow processes. I would go so far as to call it Corporate Bullying. Norton makes millions of dollars by tricking people into thinking that they need an expensive security solution (when they probably don’t). They can easily afford to make a few false positives when flagging sites because it has no consequences for them, only for the businesses in the receiving end. And when confronted with the problem, Norton does not care about us and our wrong security rating, nor do they take immediate action to rectify the problem.
The only thing missing here to make the bully analogy complete is if Norton came back to us and said that we need to pay them some “administrative fee” to remove the bad rating. Then they would truly have stolen our lunch money. I would not be surprised if that happened, but I hope that the story ends here.
This post is mostly a status of what I have been up to here at the nearly-almost-half-year mark of 2016.
Introducing Product Search
By the end of 2015, we had already been using Elasticsearch for a while. It was the first part of a long-term strategy of moving data away from Google App Engine. Event data such as page views and clicks as well as order aggregations such as revenue-per-day for our users was being stored and calculated on Elasticsearch. Although Elasticsearch is popular for collecting log data, its main selling point is that it is a very fast full-text search engine.
During the Christmas holidays, I wanted to see how easy it would be to add a search widget, powered by Elasticsearch. After about 3-4 hours, I posted this proof-of-concept video to our Slack channel with the following message:
As it turned out, the product search feature quickly found its way onto the roadmap :-)
It was going to happen at some point, and in early April, we finally removed the listing of Antecons from the Shopify app store. The app continues to run and interestingly, we have some users that are still using it, even though we have contacted everyone and tried to get them to switch over to Receiptful. Loyal customers.
Popular metrics report
By the end of April, we released the report “8% of all product page traffic converts to sales”. For a short while, I think it made a little splash and was read by quite a few people. Although I did not write the article, all the data for the article was gathered by me a few months before. One of those little side tasks that spice up developer life — although doing data analysis is slightly more exciting than data gathering :-)
Go nuts with Golang
Currently, I am in Golang land. I did not think I would end up there, but when tasked with creating a new web app for some simple store metrics, I decided to create it with Go after consulting with the team. After some initial headaches (i.e. getting used to a statically typed, compiled language again), I must say that Go has some good things going for it. My colleagues mock me about using tabs, but that is the Go way.
In the same project, I also said hello to my old friend MapReduce. It is a feature of MongoDB and we use it to create pre-aggregated reports for the project. It might be a short affair though, as I am also considering other options such as Google BigQuery. We will see…
So those are the major headlines (I probably missed something). I have been meaning to write slightly more technical articles, but I do not feel like I am not in the right mindset to do so yet. Those pieces also tend to be much longer and much more difficult to write, so for now, you will have to do with these random rambles.
Unwillingness or resistance to change in the context of organizations, application design and development, when the change is objectively or arguably positive for the organization.
From the David Dictionary :-)
Imagine a house in need of renovation. You can continue to paint the walls over and build new extensions, but at some point, the foundation needs an overhaul or you risk having to tear down the entire house.
Tech debt is like that. As an application grows, some old parts inevitably start to get outdated and in need of repairs. The biggest problem in application development is often not tech debt itself though. A lot of the time, people are the problem, not the code.
I recently had a conversation with a good friend about one of those little conflicts that happens at work sometimes. In this instance, my friend was trying to optimize a process that was rather slow and costly for the company. Apparently, this rubbed a manager the wrong way and they basically told my friend to stop making things more efficient. I only know one side of the story, but the situation sounds familiar. It is a symptom of People Debt.
People Debt is not about competence. It is about unwillingness or resistance to change. “We have always done it this way” is a common quote to hear in an organization with high people debt. Change is difficult to handle, even if the change is objectively for the better, e.g. more happiness, more profits, less complexity etc. When you combine people debt and tech debt, you get a very bad cocktail. This cocktail is often called Corporate Software, but it can also happen in smaller organizations.
I do not know exactly what leads to people debt, but it probably has a lot to do with pride and fear of looking bad in other’s eyes. I can relate to that feeling. It does not feel good when one’s decisions are being challenged and this often leads to defensiveness. Another part of the problem might be a consequence of “normal” power struggles. For example, encroaching on the area of responsibility of someone else.
I think one of the first steps to avoid people debt is to create a company culture where people feel comfortable and secure in their position in the company. Insecurity leads to defensiveness. I also think it is important to encourage open and positive collaboration between different areas of responsibilities. The best results usually come from team efforts and not a “me” effort. Finally, encouraging people to not be complacent and instead challenge the status quo from time to time also helps.
As always, the most difficult change to make is to ourselves. Defensiveness and insecurity are natural feelings to have. But I do believe that we can tame those emotions when it makes sense. When someone tries to help us improve in any way, it is easy to dismiss and defend, and much harder to listen, accept and maybe even learn something new. This goes for everything in life by the way — not just my tech bubble.
It used to be that the TODO app was a common way of demonstrating a specific language, framework or perhaps just as hobby project. Well, it occurred to me that now it seems that the new TODO app is a chat client. There are already many full-fledged “Slack Alternatives” and the hobby projects also seem to be popping up a lot. One of my colleagues was even starting out in Python by writing a chat app.
Ahh, how I enjoy making observations based on anecdotes and gut-feelings :-)