Friday, December 28, 2018

Happy New Year! And Forget Your Resolutions

This year has been full of fruit and frustration. With a new year just days away, I'm going to recap some things that happened this year and refocus some goals for next year.

Resolutions the Continuous Way

For the past two years, I've been doing resolutions a bit differently. I do them the Continuous Improvement way. A whole year to do one thing is a bit much, this is why they usually fail.

Instead, take it one month at a time and do smaller things. For example, I'd like to try CSA (Community Supported Agriculture) this year. I'll keep it in mind and make sure to take that on in some specific month. Other months will be dedicated to some other improvement. The key is to take on one key thing per month. In the past, I've worked on posture, starting grad school, and even kicking off this blog. I'll consider what accomplishments I'd like to make this year just after a quick recap of this year.

This Year In Review

There were ups and downs for this year. The biggest positive is starting graduate school in August. Swinging back the other way, the lowlight is when TagStation closed up shop and left the team of talented folks out of work...and just before the holidays. Between these two extremes, there's been a ton of growth!

I started blogging semi-professionally in May when HitSubscribe put out a call for authors. I've been busy as a beehive writing posts.

This year, I paid off the family car. That's a big deal for anyone who's experienced the joys of concluding monthly car payments!

I finally learned how to make good bread! I've made some baguette style bread and some fantastic whole-wheat loaves this year. The trick is to put a cast iron pan on the bottom rack of the oven and preheat that guy. When you put in your loaves, go ahead and put 1/2 cup water in the pan. Watch out though! It's going to steam up fast. DON'T GET BURNED! That steam causes the bread to form a really nice crust. I cut out the sugar too, I've been putting too much sugar in my breads in the past.

In global news, the stock market took a huge turn for the worst after peaking out. I won't get into politics on this one but it makes a lot of sense why this would happen if you understand a bit about economics.

In tech news, there's always a bunch of cover-fire on this topic. Reddit should have you covered to no end on this topic. I gave a talk this year on how we developers would do well to focus more on business concerns. Sure tech news has some impact on this, but not as much as knowing where the economy will head next year.

Next Year

Speaking of next year...2019 already? I have some goals lined up for next year.

I've already mentioned the CSA. And, my wife got me a home cheese-making kit for Christmas. 

That's a good excuse to try raw milk. In my state, it's now legal to purchase raw milk from a dairy. See, the cheese kit says the best results come from raw milk. I can make fresh Mozzarella or Ricotta. But the former will not work if I use ultra-pasteurized milk. The best results will come from raw milk.

Monthly Actionables

But, I won't be making some fell-resolution to do some grand thing next year. Instead, I'll break down what I really want to do into actionables for each month. January and February are all about career focus. If things go well in that domain, I'll be all set to work on some home improvement goals for later in the year.

Before that, I'm thinking March, April, and May for the CSA resolutions. I'll start this by buying into a month's share of food from a local CSA farm. If it works out, I'll go for broke the next month and buy-in for a year.

Late in the year, I'll be thinking about revisiting some past goals like practicing good posture. I do believe that things change so rapidly that it's going to be tough to call out any resolutions for later in the year. I've been meaning to improve my social media presence. If it fits in later in 2019, that's just one thing I'll get started on.

Lesson Learned

I know as well as you do that documenting and tracking progress is important for goalkeeping. Making the goals SMART is supposed to be a good way to make this happen. However, some things like "apply to grad school" are binary. So...the measurement is just true or false. I'd love to say I tracked my monthly resolves for this year, but I didn't. I was a bit loose with it. Still, I did a whole lot. Unfortunately, I only have my memory to serve these. Had I documented them I'd be able to account for the whole year. Maybe that'll be my new year's resolution...only kidding!

Perhaps that can be something for Jan or Feb.

Wednesday, December 12, 2018

And Now...A Lesson In Accounting: Indirect Method Computing Cash Flows From Operating Activities

A small departure from the usual technical topics. As many of you know, I'm studying business these days. The lesson of the day is about how accountants arrive at the cash flows from operating activities for the cash flow statement.
The statement of cash flows is useful in understanding how cash moves (flows) through a company. You use it to evaluate the company's ability to repay debts. That will determine how much investors and creditors they're willing to invest or lend the company.

Indirect Method For Operating  Cash Flows

If the first section of the statement of cash flows seems odd, the accountant is probably using the indirect method of computing cash flows from operations. See, it's difficult to compute cash flows from operations directly. Instead, they start with your net income and factor out changes in current operating assets and liabilities that are not cash.

For example, let's say your company has a current asset of $100,000 in accounts receivable. In that case, you don't have the $100,000 in cash — at least not yet — so you can't count that as cash inflows. Your accountant subtracts it from your net income to factor it out.

For other types of non-cash accounts that contribute to net income, the balance may be added or subtracted depending on the type of account. Depreciation expense is added to net income. And, any gains on the sale of assets are subtracted from (losses are added to) net income. After all these adjustments are made, the result is the net cash flows from operating activities.

Direct Method for Investing and Financing Cash Flows

After the cash flows from operating activities, you should see the cash flows from investing activities followed by the cash flows from financing activities. These are shown using the direct method. The records for changes in cash due to investing and financing activities are readily available.

The Bottom Line

Once you have an understanding of how the statement of cash flows works, you should find it useful in understanding how a business is receiving (inflows) and using (outflows) cash.

Warren C., Reeve J. M. & Duchac J. (2016). Financial and managerial accounting (14th Ed.). Boston, MA: Cengage Learning.

Tuesday, December 4, 2018

New Page With External Blog Posts

Some folks have requested links to the blog work I've done for clients. I added a new page with some of my work. I'll update it maybe each quarter. In lieu of that, I'm thinking about cross-posting the work I do here as well so look for that in the near future. In the meantime, check out the posts I've added to the new page!

Wednesday, November 28, 2018

OOP Concepts: The Aggregate Class

One fundamental principle in object-oriented programming (OOP) is hiding data. The idea is that you use a class to encapsulate data associated with some entity in the business model. All data access and manipulation should be performed by methods on the class.

This principle also applies to collections. In this post, I'll cover some details of a specific pattern for hiding collections. This pattern is called the aggregate class. An Aggregate Class follows the same principles as any other class: data hiding, separation of concerns, etc. It also has the same benefits: reuse, contained changes, centralized business logic.

The Problem With Functional Style in OO Languages

With so many developers using ORM's and Linq (and other lambda-based operations in other languages besides C#), we see a trend toward functional style programming in OO languages such as C# and Java. We should still be careful to protect the data since OO languages do not work the same way as functional programming languages.

In OO languages, collections such as lists and arrays still allow you to change the state of each element. Even if the collection itself is read-only, it's only a pointer to the underlying objects. You could, perhaps, use structs in C#. But then again, you might not have control, and still, you'd have to go the extra mile to properly handle state changes.

If you're really doing functional programming, you won't mutate the state of a record. Some OO concepts have bled into functional languages like Lisp and F#. Basically, the lines have blurred on both sides. When it comes to OO languages, classes are mutable by default. The whole point is to mutate state within a class instance! So, we need to be careful to protect the state of collections from corruption by external manipulation.

Enter the Aggregate

The Aggregate Class is just the thing to keep our data within collections protected. The aggregate class helps by containing changes to the collection. Also, it gives us a centralized place to organize our collection logic. That's really important too!

As an example, let's consider an application for managing people within a school system. There are several types of people in a school. Major classifications are students, teachers, staff, and administrators. There may be some database table containing basic information of all persons: name, phone number, etc. But, indeed, there will be various information for each type of person. 

Specifically, a teacher may be tenured. Say a teacher earns tenure after five years. You can write a filter using Linq to get all tenured teachers like this:

var tenuredTeachers = persons.Where(
    person => person.Role == "Teacher" && 
    (DateTime.Now - person.StartDate).Days > (365 * 5)

As you can see, it can be a little messy. And of course, this encourages copy-paste coding because you might need the logic elsewhere. How do we fix this?

First of all, we'll make a Teacher class and put an IsTenured property on that to contain the logic.

var tenuredTeachers = persons.Where(
    person => person is Teacher && person.IsTenured

Already looking cleaner!

Next, let's do away with the "person is Teacher" by using OfType<Teacher>:

var tenuredTeachers = persons.OfType<Teacher>().Where(
    person => person.IsTenured

Even better! OfType will filter the collection down to the specified sub-type. But must we repeat this code every time we need teachers? No! We can use the Aggregate Class. Let's make one like this:

class Persons
   public IEnumerable<Teacher> Teachers { get { return _persons.OfType<Teacher>(); } }

And we can use that to get teachers wherever we need them. But we can go a bit further and create a Teachers Aggregate Class too.

class Persons
   public Teachers Teachers { get { return Teachers.Get(_persons); } }

class Teachers
    // factory method
    public static Teachers Get(IEnumerable<Person> persons)
        return new Teachers(persons.OfType<Teacher>());

    private Teachers(IEnumerable<Teacher> teachers)
        _teachers = teachers;

    public Teachers TenuredTeachers { get { return _teachers.Where(t => t.IsTenured); } }

And with that, we can return only the tenured teachers and contain the logic. Now in our business objects, controllers, or wherever we need to get tenured teachers, we can use this Teachers Aggregate.

var tenuredTeachers = persons.Teachers.TenuredTeachers;

And there we have some nice clean code!

Applying Functions to Aggregates

We want to protect the data within the collections. There's a pattern we can use to pass functions to the collections within the Aggregate Class. It's basically the visitor pattern, and it goes a little like this:

persons.Teachers.Apply(t => notification.Notify(t) );

// or

persons.Teachers.Apply( notification.Notify );

In this case, we're passing the "Notify" function to the Teachers Aggregate. The Teachers Aggregate will handle passing it along to all the teachers.

Even with the Apply function, we aren't really protecting the data unless the Teacher class protects its own data. A typical pattern you'll see is that the Teacher or Person class is a POCO—meaning it just has public properties. POCOs are really just DTOs. They're intended for transferring data, but you shouldn't really manipulate the data everywhere in your code. This is where you have a real divergence between the intention of OO and how we often see the languages used in practice.

On the flip-side, we see functional programming operating on records. But when that happens, the default is to create new records as a result of the application of a function. A Map method in a Teachers class would look like this:

public IEnumerable<Teacher> Map( Func<Teacher, Teacher> map )
    return _teachers.Select( t => map( t.Clone() ) );

In this Map method, the elements of the internal collection are copied then passed to the map delegate given to Map. Surely, this is an odd mix of OO concepts and functional principles. The Aggregate Class shouldn't really return a collection of the internal data even if it's a copy. This is really a generic type of method that has use in low levels of your application stack. It isn't beneficial. Think about it this way...what business function does "Map" perform? None. Which brings us to putting business methods in Aggregate Classes, which is the proper way to do things in the OO paradigm.

Business Methods in Aggregate Classes

What do you actually need to do with Teachers? We've already seen a case for "notify tenured teachers." We can expose other useful subsets of teachers like TeachersWithAbsences. But if you really feel the need to present a way to apply arbitrary filtering, the items in the set should prevent modification of internal data AND the set should prevent altering the items in the set. You can run into trouble with filters if they allow the collection the change:

// Dangerous Notify method...
public async IEnumerable<NotifyResult> NotifyAync( Func<Teachers, Teachers> filter )
    foreach( teacher in filter( _teachers ) )
        yield await teacher.NotifyAsync( notification );

// Dangerous call to Dangerous Notify method...

... await teachers.NotifyAsync( teachers => teachers.Where(t => t.IsTenured ? t : null ) );

Here, the programmer is returning null when a teacher isn't tenured. The implementation of NotifyAsync, while intended to be as flexible as possible, invites danger. A better implementation prevents modification to the internal collection as follows:

// Better Notify method...
public async IEnumerable<NotifyResult> NotifyAync( Func<Teacher, bool> filter )
    foreach( teacher in _teachers.Where(filter) )
        yield await teacher.NotifyAsync( notification );

// Dangerous call to Better Notify method...

... await teachers.NotifyAsync( teacher => 
    teacher.Email = null;
    return teacher.IsTenured; 
  } );

Here, the collection can't be changed, so it's better. But still, unless the underlying items are adequately protected, they can even be modified in ways that are dangerous. This example is a bit obvious, but similar trouble can occur when the underlying data is allowed to be manipulated when it should not.

We can go all the way to protect the underlying data by either denying access to the underlying items altogether or by limiting exposure to the underlying items.

// Best Notify method...
public async IEnumerable<NotifyTeacherResult> NotifyAync( NotifyTeachersFilter filter )
    foreach( teacher in filter.GetFiltered(_teachers) )
        yield await teacher.NotifyAsync( notification );

public class NotifyTeachersFilter
    public bool? IsTenured { set; private get; }

    internal IEnumerable<Teacher> GetFiltered( IEnumerable<Teacher> teachers )
        return teachers.Where(t => IsTenured != null && t.IsTenured == this.IsTenured);

With the filter type, we've entirely walled off access to the underlying items in the collection. This is a simple example of how to use filter types with an Aggregate Class. You can go further by passing a collection of filters or even an ordered collection.

Final Thoughts

I want to conclude by saying that using Linq is not precisely the same as Functional Programming. Sure, you can and should bring some of the concepts of FP into an OO language. But, remember that the language itself is built for OO programming. The principles won't translate 100%, and you can end up shooting yourself in the foot quickly by trying to do FP in an OO language. It's better to switch to a functional language like F# so you get the full support and benefits. When using FP concepts in OO languages, keep in mind the OO principles and use the Functional Programming practices with a grain of salt. Keep in mind that they can help but use with caution!

Friday, October 26, 2018

Taming Events: How to Use SoC to Organize Events.

If you're using any kind of eventing system in JavaScript, whether the built-in events or something more, you'll want to give some thought to how you organize the events. In the grain of self-documenting code, SoC, and containing risk I offer some suggestions on how to pull it off without pain.

What's an Eventing System?

Basically, an eventing system is a way to raise an event in one context (such as in a function or class) and listed for events in one or more different contexts. It's a great way to decouple your code, but you should be careful not to paint yourself into a corner. Here's an example of an event and a listener (you've no doubt seen this kind of thing before):

$input.on('change', handleInputChange);

This is an example of a JQuery listener. It listens to DOM events on an input that's represented by the variable `$input`. When the `change` event is raised by the DOM, the `handleInputChange` function is called in response. This is about as basic as it gets. Let's see how to raise an event programmatically.


This is the JQuery way to trigger an event. Any listeners such as `handleInputChange` will be called in order once the event loop comes around to them in turn.
Mozilla lists a boatload of native events on their developer site.
Some eventing systems, such as Backbone Radio (part of Marionette) or Redux, are built for handling custom events. You define the events, raise them in code, and listen to them. For example, Backbone Radio works a bit like this:'my-channel').once('my-event', handleMyEvent);

// elsewhere'my-channel').trigger('my-event', ..args);

And this will work just fine functionally. The event will trigger and the handler will handle it. You'll add more channels and more events. One day, you or a future developer will need to find out what channels are out there. One problem is, you can accidentally duplicate channels and events. Who knows what's listening to all those events. Organization to the rescue!

Organizing Events

In an event-driven system, you've got to be organized or you're system will essentially be running wild. By "organized", I mean three things:

  1. Use well-defined conventions. 
  2. Keep things in logical places. 
  3. Know where and how to find something easily.

Failure to organize will result in great difficulty resolving issues. For example, you might need to hunt and peck your way around the code to find what events are raised in the first place. Or, you may need to run the application in order to figure it out. Worse you might not be able to run the application in its current state. There are ways to solve these problems!

Make Channels/Queues Explicit

You can put all of the channels into one file. Then, simple require or include this file wherever you need to interact with events (trigger or listen to). This advice isn't just for Backbone Radio or even JS frameworks, it's true for any given event-driven system. If you're using a message queue via ruby or python, to name a few, you still want to separate where your queues are connected from where you're using them!

Here's an example using C# for sending messages to a queue:

// somewhere in a method 
 this._messageQueues.UserMessageQueue.QueueEvent('user-update', eventData);

OK, I admit that example is a bit generic. But, you can see how easy it is to raise an event with this system of organization.An instance of the class that holds the message queues is injected into the class through the constructor (not shown). Then the instance is used to get the specific message queue which is used to queue the event. This beats the alternative:

// in the same method
  SomeSpecificMessageQueueClient queue = new SomeSpecificMessageQueueClient('user');
  var topic = queue.GetTopic('user-update');
  topic.SetConfiguration(...)...more boilerplate code...
  ...finally, 30 lines of config code later...


Alright, I concede once again to making this more complicated than necessary. We could have something like Queues.get('user') right? Of course we could! That's less boilerplate which is good. However, the problem still exists that all queues are adhoc in a string. Better to be explicit so that you have self-documenting code!
I still don't really like the fact that we're defining the event keys as strings. I'd like to be more explicit about that too so we know which events are raised throughout our code. In large code-bases this gets to be really important. Smaller code-bases can benefit too. We can make the events explicit too.

Make Events Explicit

By making the events explicit, we can easily see what events are raised and listened to in a system. We might be raising events for no reason, for example. When they're explicit, as in a method or function rather than a string, we can see how they're being listened to. Remember the `once` listener in one of the early examples? That registers the listener to listen one time to the event, then deregisters it after that first time. In this case, we would have an explicit method for the event such as `MyChannel.listenToMyEventOnce(listener)` and no methods on `MyChannel` named `listenToMyEvent`. From the class itself, we can easily see that there are no perpetual listeners to `MyEvent`. Whereas, if we have `once('my-event')` scattered throughout the codebase, we would have to search everywhere to find out. That's a long process. Besides, you might not have all the consumers of your events in the whole codebase when you're using something like a message queue. In fact, that's the whole benefit of message queues in the first place! Here's a more comprehensive code sample of what I'm advising here:

class UserEvents {
  private const BEFORE_SAVE = 'user-before-save';
  private _queue;

    this._queue = new Queue('user');

  raiseBeforeSave(user) {
     this._queue.raise(BEFORE_SAVE, user);
  listenToBeforeSave(callback) {
     this._queue.on(BEFORE_SAVE, callback);

In this class (which is sort of Typemock-ish), I've defined all of the user events for now. The queue type is injected into the class so it can be swapped out for testing (or even adapted to use a different queue system). The consumers of UserEvents has no idea how it implements or even interacts with the queue. We've got all that detail contained within the domain-specific class "UserEvents".


I just want to leave you with a final thought...this is all about self-documentation. It makes for easier programming and issue resolution without having to strap on a debugger or hunt through mounds of code. One addional benefit to containing all the eventing can see how easy it would be to add logging to the Queue right? Just pass in an instance of your custom LoggingQueue class that has the same methods but which logs each event. "raise" would first call the logger, it can easily log the handlers attached. And now you have a nice way to see the chain of asyncronous events that are always so much trouble to understand in an event-driven system! Happy Coding!

Monday, July 16, 2018

C# Logging: Where To Setup The Logger

Applications need logging. In C#, you will typically log various types of events like exceptions, debug, and informational. Your logs will contain valuable information which you'll use to tune your application and understand user behavior.

It's easiest to either pass an enum value to a single Log method or call a specific method to write different types of events. It's typical to write to different logs depending on the context. The problem is, where and how do we access the logging API from our methods?

Dependency Injection

Dependency Injection is one possible approach. If you go this route, you have to pass around a logger to all your classes as a dependency. You can use constructor injection and take the logger in as a constructor parameter. For a User class, you would pass it in along with the UserRepository as follows:

public class User
  private readonly IRepository<UserData> _userRepo;
  private readonly ILogger _logger;

  public User(IRepository<UserData> userRepo, ILogger logger)
    _userRepo = userRepo;
    _logger = logger;

The User class takes in the logger along with any other dependencies.

Via IoC Container

Even if you use an IoC container like Ninject or Unity, you have to add the logging interface to all the constructors and make a class member. With the IoC container approach, you can also ask the container for the implementation.


Results and specific approach may vary according to the container, but this will at least allow you to fetch the logger whenever you need it without having to pass it around.

The .NET Core Way

In .NET Core 2.1, there are two ways to go about it as written by Luke Latham. Luke recommends using the LoggerMessage class over the LoggerExtensions for high-performance applications.

The Problem With DI

But let's suppose that you're not using core and you don't like the idea of adding the logger dependency EVERYWHERE! It isn't a dependency of the class that has anything to do with the business logic of the class. It's an implied dependency of all classes in the application. If you first design the class without the logging dependency, then you have to add it when you need to use logging.

IoC containers make this easier, but what if you have static methods from which you need to log (it happens)? In that case, you don't have constructor variables. You could pass the logger in the method params, but then you're passing around a logger. That's not a particularly elegant pattern! For one thing, you end up with more parameters. Another, you get into the habit of passing things around you may or may not need.

As Global

If it's a dependency everywhere, it's a global dependency. I don't like globals for many things. They are for configuration and that's really about it. It's beneficial to have a global logger too!

I also don't recommend statics for most things. Well, the logger could be a static global so long as it doesn't have mutable state. In other words, so long as you set the logging configuration once and leave it along throughout the entire application lifetime.


And in your implementation of the static method, you can get it from the container or some other global context.

public static void LogError(params object[] logParams)

This is actually a better practice since you only have to change your Log class if you change IoC containers and the interface doesn't match. It's better separation of concerns (SOC). The place to change the logging is in the Log class rather than everywhere else!


Most of the methods discussed here are fine and dandy. I'm just not a huge of fan of having to pass things around in every class. I wouldn't extend this idea to something like a repository though, those are business logic specific dependencies that actually have meaning to the class at hand. A User class taking a UserRepository is meaningful. Every class taking an ILogger has no meaning and actually distracts from the purpose of the classes.

In sum, global is the place for the logger!

Book Review: Astrophysics for People in a Hurry

While I was shopping for a new Chromebook, Amazon recommended some books for me. One of those books was Neil deGrasse Tyson's "Astrophysics for People in a Hurry" (if you're interested, please use this affiliate link or the one at the end to purchase your copy - I'll get a bit of commission at no extra cost to you). My wife got me this book as a gift in 2017 as a matter of fact. I have to say, it was a fun read!

I've read a lot of pop-physics books over the years. I had already been exposed to most of what is in this book. Still, it was a fun read! Neil just has an entertaining personality and it shines through in the book as much as it does over audio or on TV.


Just to give you an idea of what's in this book, some of my favorite topics are:

  • Dark Matter
  • Dark Energy
  • Invisible Light

Neil starts the book at the beginning. THAT beginning. The Big-Bang. He also has a chapter called "On Being Round."

On Being Round

Well, it's not about being overweight so much as it is about being massive. As Neil says, any mass in space will experience surface tensions which force it into a round shape. Spinning objects will have a more-or-less flattened round shape. Pepper that with anecdotes about spherical cereal boxes and a whole wealth of other information and you have a pretty good idea about one of my favorite chapters in the book!

Final Thoughts

I don't want to spoil anything else for you, but let's just say there are some pretty spooky things in this book! One of the latter chapters speaks of things that will leave you awestruck! And this is why we love Neil deGrasse Tyson, isn't it! He can give us the heebie-jeebies and leave us awestruck at the same time!

If you're into this kind of thing and you want a fun, easy read by one of the best minds in the physics world, read Astrophysics for People in a Hurry! That affiliate link will take you right to the order page on Amazon so you can order it now.

Sunday, July 15, 2018

Bought a Netbook

Last night I did some comparison shopping for a new netbook. I posted the details in this blog along with some affiliate links. I figured, since I'm going to buy a netbook anyway, I might as well share the experience.

A Software Developer's Rationale for Affiliating

I'm trying the Amazon Affiliates program for this experience. There's a benefit to both of us. If I'm doing some comparison shopping, we will gain maximum advantage through re-use if you (dear reader) were in the market for a netbook. And in return, you'd be helping me out by buying your netbook through one of my affiliate links. It costs the same for you, and I get a little commish for having posted my experience here.

What I really want is to share some good things with my readers. For example, I applied to be an affiliate for PluralSight. I love their selection of training videos, and I hope that happens because I believe in what they have to offer! But, I digress.

And the Winner Is...

Getting back to the topic. I went with the ASUS Chromebook C202SA-YS04 11.6" (that's the affiliate link in case you'd like to follow suit and get a great little netbook for yourself or a loved one). It seemed like the best deal on the market. With Prime Day coming very soon, you might want to keep an eye out for a good deal on it. It really came down to having the most/best reviews in the price and spec range.

Basic Specs

Here are the primary technical specs for this model.
  1. 4 GB RAM - I'd like more, but I don't know that I would need more.
  2. 11.6-inch anti-glare LED-Lit HD monitor - I'll be using this on the train a lot and sometimes that sun shines right into the windows. Anti-glare is a huge plus!
  3. 32 GB internal storage - I wanted the extra storage, wouldn't hurt whereas running out of space would!
  4. Chrome OS - I'm giving it a try. I use a lot of their apps and services, so why not. If I don't like it at all, I'm going to see about installing a Linux distro on it. Maybe Ubuntu. Ubuntu on a netbook...yeah!
  5. 2.65 pounds - this is the main thing. I needed something lightweight because I'll be slinging it on my back. I have a lot in my pack, and the laptop is just too much to lug around.
  6. Dual processor - A lot of the less expensive netbooks have a single core processor. That means only executing one thread at a time. I prefer to have my processor multi-task so that I can keep working while background processes run. I know it depends on the app and processor architecture, but 2 cores are usually better than 1.
So those are the basic specs. And that's part of why I went with this model.

Primary Deciding Factor

It really came down to the reviews. This one had the specs I liked, and it had the most reviews and a comparable rating to other netbooks in its class. To me, this says that enough people bought it and liked it enough to give a favorable rating. Statistically, a set of over a thousand reviews is more significant than a set of under one hundred. So I went with the popular vote.

I'll post some pics when I open it and do a quick review once I get a feel for Chrome OS. Thanks for hanging with me tonight! Have a happy Prime Day!

Saturday, July 14, 2018

Buying a Chromebook

Ok, so I have a Lenovo Notebook that I use for everything right now. It's decent enough to do what I do. I'm using it right now, in fact. I can use the internet. It works for programming. Sure, it isn't a top-of-the-line model, but it's getting the job done!

Except, when I take it with me on my daily bike or train ride and it's hanging out in my backpack adding 5 or 6 pounds to the load. Then it sucks! I need something lighter. I'm considering a Chromebook but I don't know which one. Maybe it doesn't matter since they're priced so low that it's not like it would be a total loss if it wasn't that great. But then again I don't want to be so annoyed that I can't be productive. I plan to blog a lot on it and need it to be portable.

Here are a few that I have in mind (I really am buying a netbook, but I want to mention that all the links are affiliate links, so if you would like to purchase any of them I get the benefit of a commision at no cost to you...and a big thank you if you do!):


The ASUS Chromebook C202SA-YS02 11.6" has 4GB RAM, 11.6-inch monitor, and only weighs 2.2 lbs! I like the lightweight.

But then again, it's only got a 16 GB hard drive and the next level up has a 32 GB. The ASUS Chromebook C202SA-YS04 11.6" is the same but with the bigger hard drive. Apparently, 16 GB extra of hard drive adds 0.4 lbs.

The only thing is they come in dark blue. I'm not too concerned with color so long as it's not a standout color, but I would prefer something dark-grey or black.


I could go with a Samsung Chromebook 3 XE500C13-K03US. It has a 4-GB RAM and a 32-GB Hard Drive. And, oh look! 2.54 lbs! And what else? A Dual-Core Intel. Hmm...Samsung, should I give you a shot or keep looking? There's only one left, but I am a sucker for familiar brands. I haven't had a Samsung laptop. I know other folks have had some problems with other types of Samsung products. 4 stars for this though. Let's see what else:


This Acer Chromebook 11 is looking mighty nice in Clamshell White. Not really my taste. I would get one for my daughter though. Ok, so it does come in black too.


I do have experience with HP products - mixed but generally good on the hardware side. So there's the newest HP 11.6” HD IPS Touchscreen Chromebook. Touchscreen, eh? I never really worked with a touchscreen before. I might give it a shot! It's pretty lightweight at 2.5 lbs. Says the battery will last 12 hours on average! Most of the others were around 9, so that seems pretty good! 2 processor cores - another plus. The 16 GB hard drive is a bit of a drawback.

Decisions, Decisions...

In the end, I think I'll go with the masses. That second ASUS with the 32 GB has the most reviews and a four-star rating at the moment. Seems like it would be the best all-around. It's just a little more pricey than some of the others, but you get what you pay for right?

Friday, July 13, 2018

Introducing: "SWARMing"

Hello all! I popped into Dan North's blog to see what he's been writing about lately. Dan North introduced BDD (Behavior-Driven Development) to the world which bridged a huge gap between the Customer and the Team.

His latest post "In Praise Of SWARMing" grabbed my attention. I thought it was going to be about "swarming" a problem as in Kanban. But it's actually a different-ish approach to adopting Agile at Scale. SWARMing is Scaling Without A Religious Methodology.

His ideas really hit home with some great points! There are some harsh criticisms of competing methodologies. Those are somewhat tasteful. And I have to warn you, its a bit wordy. At over 4200 words, it's quite a bit more than your average "browsing the internet" post.

Here are some things that really jumped out at me.

The Good Parts

I particularly like the contrast between "moving the work to the people" and "moving the people to the work." This translates to reorganizing. The term "self-organizing teams" comes to mind.

I do prefer the flat structure of "every part of the org is geared in delivering value" vs the slanted structure of "sales makes the money and everyone else spends it." It allows businesses to utilize all their assets in focus of value delivery.

I read once that value is expressed as the benefit for the cost. A "good value" doesn't necessarily mean inexpensive. It means you actually got a return on your investment, monetary or otherwise. I wonder if looking at your organization from a "good value" perspective would make a positive difference.

Speaking if value: There are a couple terms worth following up on. OKRs are a relatively new way to set and measure goals. I learned about Risk-Adjusted Return on Investment, which is your profit plus or minus risk.

The Bad Parts

The post is long. It has quite a few run-on sentences. The upshot is that it's not an easy read. My concerns are that you (dear reader) won't see through to the beneficial parts. Please press on, it's worth it!

You've also got to see past the sales-y aspects. He's pretty tough on competing methods of implementing Agile at scale. He's right with those points, but it drags the article and makes for a slightly bitter taste. Sorry.

I get it, he's selling consulting services and differentiating from his competitors. But that wouldn't really be necessary if the most valuable points were laid out without the cruft. Maybe do those parts in a future post dedicated to a comparison.

The last "bad part" is the focus on hard numbers. These days, organizational psychology says to keep your focus on doing good for your customers. But that depends on perspective I suppose. Those with the pocketbook will care about the revenue aspect, especially when they're being told to rethink how they allocate funds!

The Rest

Somewhere past halfway, Dan iterates over eight points about how to be SWARMing. Some of those go into depth with definitions of types of leaders: servant-leader and leader-leader. This section has some practical advice for hiring services to help with your transformation process. The successful transformation will be a long and investment-intensive road, so buckle up!


I sent Dan an email asking if he had a more concise description of SWARMing. One that, hopefully, lays it out without the heavy padding. Those things are valuable to support the idea, no doubt! But I can't exactly expect busy execs to read such a lengthy argument all at once. Especially when it's a new idea which asks them to rethink their organization from top-to-bottom, front-to-back, and side-to-side.

All in all, I'd say it's worth taking the time to read his post. With the right packaging SWARMing could be a catalyst for much needed change. I hope it gets that with a bow on top.

Thursday, July 5, 2018

Book Review: To Sell is Human, by Daniel Pink

I've never posted a book review on this blog, so here goes!

I've been inspired in the past by Daniel Pink when I read his bestselling book Drive, I subscribe to his newsletter, I've written him a couple emails (to which he responded). You might call me a fan. Maybe I am. I did, after all, read another of his books - To Sell Is Human.

Here are some things you might like about it (I know I did)...

What's It About?

In this book, Daniel Pink points out that we all sell. He makes a distinction between sales and non-sales selling. Sales selling is the traditional kind that makes you think of a used-car salesman from the 70's. Non-sales selling is the kind we all do - all the time!

Daniel takes you on a sales call with Norman Hall, the last remaining Fuller Brush Man. Norman is a "door-to-door" salesman. He is resilient, friendly, and has specific characteristics that make him a perfect seller. We should emulate Norman!

We go on other journeys to find out more about non-sales selling. Daniel takes us along to a training session with VPs, CEOs, and other business folks who are sharpening their selling saws. This book is packed with practical advice and results of studies to substantiate his claims.

So, Why Does Traditional Sales Suck?

The book shows us how we generally think of traditional selling in a negative light. Then it opens our eyes as to why. Spoiler Alert! The sales we think of - used car sales from years ago - is an unbalanced transaction. The sellers have all the power. That power was so often abused that the decent folk got pushed out. Why did they have all the power and what changed?

I'd recommend that you read the book and find out for yourself. But, since there are so many goodies in To Sell Is Human, I don't feel sorry about giving away this bit. The equation changes when buyers are informed. For example, we can find out everything we need to know and more about a used car before we buy. And we're not as limited in our options. We have the internet. The "information superhighway" for those of you old enough to remember the TV commercials.

Traditional sales used to suck, but it doesn't anymore. It's been transformed into more of a partnership. The role is more about discovering problems and applying solutions than it is about tricking uninformed consumers. Sure, those types of salespeople are still around feeding off the bottom. But your real sales jobs are much more elevated. Think about this...who is running the company you work for? Do they know how to sell?

How Do I Sell?

And then there's non-sales selling. You already do this. Whether you sell the dentist to your kids, a vacation to your spouse, or a new procedure to your boss you're selling! Daniel gives us plenty of practical advice we can all use in everyday life to make the sell.

He presents the new ABCs of selling (Attunement, Buoyancy, and Clarity) in an entertaining and digestible way. There's a lot to learn for those of you who have a hard time selling your ideas. There's some for those of you who think you have it all figured out too!

Besides those ABCs of how to be, he shows you what to do. Pitch, Improvise and Serve.

But, I'm an Introvert! I can't Sell...

This may come as a shocker, but extroverts aren't much better at selling than introverts! It turns out that ambiverts, those who are in the middle of the spectrum between intro- and extro-, are the best sellers. And chances are, you're more in the middle than you care to admit!

"vertedness" isn't binary any more than "brainedness" is right or left. Both are a spectrum, and most people are somewhere in the middle. Find your middle ground and become better at selling! Too much extro- leads to pushiness and not listening. Too much intro- leaves you under-assertive and too quick to walk away. Balance is better, despite what folklore says.

What Can I Take With Me?

This book is a perspective changer. It has shocking revelations! It has practical advice! It's fun to read! To use one of the techniques in the book: To Sell Is Human is a great read, you'll be pleased indeed!

Friday, June 8, 2018

The Big Five + Johari Window: Creating the Holy Grail of Personality Tests

As for personality tests, there are many options to choose from but which will guide us to the truth about ourselves? Meyers-Briggs? What kind of Ice-Cream are you?

Grouping and Sorting

We like to group and sort. At a young age, we learn this skill. But it doesn't mean that the world fits the models we create so nicely! And that's just it—we create models as substitutes when reality is beyond our comprehension.

Models help us communicate more easily with others. Imagine explaining a bird, for example, by iterating the entire set of species within the bird family. We didn't really get the classification of planets right until we found such an outlier that we had to redefine what it means to be a planet!

Binary Choices

We seen to like binary choices - 'A' or 'B'. A-B testing is the common paradigm for proofing a new feature design in application development. We default to two political parties in the US almost to a fault! I've noticed that my children respond more readily with binary choices. It's just easier to reason about!

The trouble is, binary choices are mis-leading. If you have two compasses, and they're slightly different, which do you follow? Either you need a third compass to prove out the faulty one, or you need to just pick one and go with God!

Is it accurate? When you move beyond the fervor of political campaigning, can you thoughtfully agree with everything on one platform vs another? Am I an INTP or an ENTJ? I've come out with both! Sometimes I align with E and sometimes I. Sometimes I'm Perceiving other times Judging. Seems logical that I straddle the line on those two factors.

Finally, with Autism they've done away with binaries. It isn't as if one is either autistic or not autistic. It really that we're all autistic to varying degrees. It's just another way of thinking 😔.

Beyond Binary Lies a Continuum

As it is with many things, our personalities lie on a continuum. If we take something like the Big Five, and rate each of the five traits on a continuum we will have a closer model of reality.
There is, however, a specific problem I want to address in how we collect the data. Self-selected ratings are prone to bias. Therefore, those surveys you take for yourself are highly prone to error. They may tell you more about how you perceive yourself or how you'd like to perceive yourself than how you actually are. And what good does that do you? After all you know yourself anyways, right??


Besides the self-affirming nature of those questionnaires, the sample size is way too small—it's one! Thankfully we have social networks of friends who are generally willing to participate in social games. If only we can make it enough of a joy to participate in the game, that they'll readily participate. 50-100 question surveys aren't very rewarding! Enter Johari.

Making it a Game

The Johari Window model is kind of like a game. The subject and his/her friends, relatives, and colleagues choose adjectives that best describe the subject. The intersection of those choices fall into four quadrants: Arena, Façade, Blind Spot, Unknown. They're classified by whether or not the adjectives are chosen by the self and others.

The adjectives in a Johari Window are generally good traits such as "cooperative", "intelligent", and "friendly". There's an inverse called the Nohari Window which uses negative traits like "Stubborn", "Quarrelsome", and "Dense".

Combined, the Johari and Nohari Windows can give you a pretty decent view of how you perceive yourself compared to how others perceive you. The tricky part is to get enough participation to get a well-rounded view.

If you're interested in doing your own Johari Window, this one at is pretty darn straightforward. There are some other fun things at including this personality test.

 #   |.
If I were a NetHack monster, I would be a unicorn. Most people are only after one thing - I try to maintain a quiet and respectful distance until I feel sure that I can trust someone.
Which NetHack Monster Are You?

How about that...I'm a Unicorn after all! And here I was all along thinking I was a Bridge Troll.

And... if you haven't lolled off into Kevan-land by now, I'll be getting to the point soon.


Getting participation for something unfamiliar or that's going too much out of one's way is challenging. As previously mentioned, social media can help with this. It has familiarity, where an unfamiliar and poorly designed website can make others standoffish. You've got to expend some social capital on getting folks to participate.

That's not good. We want to build social capital with these exercises, rather than spend it!

Combining FTW

I'm thinking of combining concepts from the Big Five (or six, or whatever) with concepts from the Johari/Nohari Window.

This will work like this:

  • Use traits from the Big Five or HEXACO or some other number of traits
  • Present adjectives that fit with each trait (positively and negatively correlated)
  • The subject participates and asks for participation from acquaintances
  • From each trait group, participants choose 3 adjectives to describe the subject
  • There are two questions about the participant's relationship with the subject
    1. What type of relationship (choose all that apply): business, friend, family, acquaintance
    2. Scale of 1-10, how well do you know the subject
  • The subject answers the same 2 questions about each participant.

Additional Setup Details

Adjectives in each trait group vary in scale. For example, for the trait "Openness" some adjectives might be as follows:
  • accepting
  • progressive
  • open-minded
  • close-minded
  • conservative
  • curious
  • dull
  • intolerant
  • tolerant
Another option is to use emoji or some other visual indicator which is more culturally neutral to represent the adjectives.


The strength and number of times each adjective is chosen are combined to give the rating scale for each trait. For example, if the traits given for Openness were selected as follows:


The subject would be considered low in Openness (-57.5).

Besides the ratings scale, the quadrants of the Johari Window can be brought into the model to provide more useful information to the subject. The concept of "known to self" and "known to others" is powerful in realizing how well we know ourselves and how we present ourselves to others.

In our example of Openness, we can also see that the subject did not pick any adjectives which are positive indicators of Openness. Therefore, the subject is not blind to this trait. This is the Arena quadrant of the Johari Window.

Anonymity and Sample Size

Two must haves in order for this to achieve useful accuracy are anonymity of the participants and large enough sample size of participants. They support each other. Large sample size secures anonymity. Anonymity allows more people to participate without fear. Additionally anonymity allows one to be more candid with their responses.


A diverse sample is also important to get a more holistic view. The subject will be known in different ways by different people. This is the nature of relationships.


By combining concepts from the Big Five and the Johari Window, a better personality test can be created. What's more, is that this type of test will find more willing participants because of the fun nature of choosing a few adjectives rather than using something like a Likert scale (strongly agree, agree, neutral, etc.). This test is not strictly self-reporting, therefore not as subject to bias.

Wednesday, May 23, 2018

You Need to Know: Shadow IT

Troy Hunt just posted a new free Pluralsight video about "Shadow IT." That term sounds nefarious, but it's actually quite innocent. It's someone creates or uses software or a resource that hasn't been documented in the IT inventory and approved for use inside the organization. Because it hasn't been through the on-boarding process for IT resources, it also hasn't passed security checks.

Some examples include: A Google Drive or a One Drive to store or share files. A share drive with open access. Cloud services on Azure, AWS, Google Could, IBM Bluemix, etc.

What Are the Issues?

It's not that using these resources are an issue in and of itself; it's that they present potential security and management issues.


Because the security of "Shadow IT Resources" are unknown to the organization, they could open security holes. Those security holes can be either external (exposing information outside the organization) or internal (exposing information to unintended people inside). It may not always be a problem per-se, but either scenario could really cause problems for the organization. Those problems can result in loss of business, legal proceedings, and even cause the business to fail.

Web app services on Cloud platforms are designed to be open to the world be default. They can be secured by deploying them inside a VPC (Virtual Private Cloud) which is accessible from within the network only. This same concept applies to many other Cloud services.

Besides Cloud services, there are countless tools, games, and application that are easily accessible to anyone with an internet connection. Security problems unknown, these could contain malicious code which is designed to leak information


Besides the costs of recovering from an information leak, another potential cost concern is an unplanned expenditure. Particularly with cloud services since its relatively easy to create a new resource on a cloud platform. Cloud services are pay as you go so it would be a slow-burn rather than a fast explosion that leaked information would present.

This kind of issue is easier to resolve since all activities are logged and can therefore be monitored easily. Services like Alert Logic and Stackify give you insight into activities on the Cloud.

Scaling is another source of cost. Cloud resources are made to scale -  meaning new servers or service handlers are created to handle increased traffic. Configure scaling appropriately and set limits to ensure that a DDOS (Distributed Denial of Service) attack doesn't end up costing you a fortune overnight. For example: the cost difference between a single small AWS server and many XXXL servers is in orders of magnitude of 100x the cost.


Despite the aforementioned concerns, it's not worthwhile to be too restrictive when it comes to using the tools available. The trick is to find a path that's just right.

The Tale of Goldilocks According to Me

In the classic Goldilocks fable, Goldilocks happens upon a cottage in the woods. The cottage is the residence of three bears (papa, mama, baby). She "innocently" does a B&E (Breaking and Entering). Besides the unauthorized entry into the abode, she eats their food; sampling the porridge of each until she finds the one that's not too hot and not too cold, but just right! After that she samples the chairs. Baby's chair is just the right size, but she breaks it. Then she proceeds upstairs to the bedroom and tries all the beds: papa's is too hard, mama's is too soft, but baby's is just right. She falls asleep only to be awakened by the angry bear family returned from their morning walk ready to maul her. She barely escapes with her life after her little crime spree.


Besides the rampant crime in the story, Goldilocks has to try what's available until she finds what's right for her. Follow this practice, starting with most restrictive. However, do be open about the strategy so that those in the organization aren't taken aback by the sudden lock-down! Some of what exists in Shadow IT-land may be business critical! In that case a total lock-down would cause serious business disruption. Consider that they do lock-downs in prison when a fight breaks out...

Stay Calm and Keep Innovating

Another extremely important factor in applying the right level and doing so with care to respect the autonomy of individuals is the innovation factor. Theodore Henderson of the Forbes Coaches Council notes that "Innovation Is Crucial To Your Organization's Long-Term Success." He cites many success stories of innovative products that have lead to serious growth of organizations. One such example is GMail, which is the fruit of Paul Buchheit's 20% time according to (free time given for the purpose of innovation).

Disallowing the use of applications and services can seriously stifle innovation. It can do so in two ways:

1. Denying access to tools that can make people more productive.
2. Making employees feel less autonomous.

Autonomy is important to innovation which stems from motivation. Going into total lock-down mode can make people like they're under total external control which stifles their innovations and productivity. As a business model, that isn't going to go well unless you're business is 20th century line assembly.


While it may be natural to knee-jerk and enter into total lock-down, it's important to find the right level of control. The right level of control means keeping Shadow IT to a minimum and plugging security holes while keeping all employees on the same side as Info Sec and Governance.

Read Troy Hunt's post here:

Friday, March 9, 2018

Do The Gemba Walk

As a developer or analyst, you should sit in your users' seats so that you fully understand how to meet their needs. Interviewing is merely an introduction to those needs. In Kanban, they do a Gemba walk, which means going to where the work is done. We call it management by walking around. This is fine for management, but for actually creating something that helps the users or the business, one needs to actually do the work to comprehend the actual problems in order to solve them in the best way
While doing so, keep in mind the user's technical skill and framework. You may find that your applications have more than one persona using the application. A persona is different from a role. You can have many personas in each role. Let's say a Legal Assistant is a role. Those users may or may not be tech savvy. Consider that in your UX design!

Wednesday, February 21, 2018

What a Story! An Agile Story

You've heard of this thing called a User Story right? Perhaps you've even seen the template:

"As a <type of user>,
 I want <some feature>
 So that <some goal>."

But perhaps you've wondered how to put a feature like "read the users name from the database and put the value in txtbxUserName" into that format.

Occasionally, I write about Agile on this blog. In that entry, I wrote about a broader view of Agile from a developer perspective. In this one, I made a case for leaving the work up to the pros. This time I'm focusing on something much narrower — the User Story.

The Wrong Way

Perhaps not "wrong" way, just not something that's going to align very well with the benefits of Agile.

"As the one telling you how to do your job, I need you to write code that reads the username from the Users table and put that value in the txtbxUserName field so that it shows up on the page".

Or perhaps "as the project sponsor, I want a check box there so the users have to check the box before they can submit the page."

It can be a bit awkward to put those kinds of instructions into User Story format...especially when the goal is not for the user but for the project sponsor or manager to tell a developer what to do. You can succeed at writing good user stories if you frame them in more general terms — don't think about implementation details. A good test is — if it's awkward it isn't right.

Maybe Better

"As a user with access to multiple user accounts, I want to know who I'm logged in as so I know which account I'm using at any given time."

"As the company's legal counsel, I want the user to accept responsibility for using our services so that we have a leg to stand on if something goes wrong." That's the "I have read and understand the 30,000 words of legalese" checkbox.

Real Life Example

For another look, let's imagine were doing some work for a burger joint where their customers expect one thing — getting their food quickly. They want to order quickly and they want everyone else to do the same so the whole thing can flow like clockwork and they can be on their way to consuming those cals in under 5 minutes.

What does that story look like? Actually it may be helpful to have multiple User Stories since there are multiple user types or personas. Let's see about defining those now:

Regular Customer - knows what they want and orders the same thing all the time.

Infrequent Customer - didn't visit much and needs a minute.

Bulk-Orderer (team mom) - is ordering for the office or a party and has a bunch of items to order.

A story from each persona might look like this:

"As a regular customer, I want to place my usual order and get on my way so that I don't have to hassle with getting my food."

"As an infrequent customer, I want to take my time browsing the menu so that I can figure out what I want to order."

"As a bulk-orderer, I want to place my order without confusion so everyone gets what they wanted."

We're going to need a lot of cheeseburgers to feed that many Air-Force Cadets!
Who ordered no onions?

Next Steps

Now that we see the user stories in a more "user-need-goal" format, we can start to think through different ways to resolve the issue. That part of the process is a conversation. A conversation between the team and the customer.

That's a Wrap...(for now)

In this entry, we've seen how we van write User Stories from the perspective of the users, through different user personas. I haven't captured all of them and that's inevitable. The magic is that as we start rolling out features to support the users based on their stories, related stories will filter in.

You may have heard a little about different roles such as Team Member and Customer — especially about who plays which roles. We'll take a look at how that works in the next entry — there are some things to think about depending on your organization.

Tuesday, February 6, 2018

Web Basics - TLS/SSL https

We've been looking at the basics of the internet. If you've been wondering about how it all works or are interested in web programming, you need to know the things in this series of posts.

Today's topic is TLS - Transport Layer Security. The transport layer is essentially the connection itself. The web can be divided into a model with 4 layers - two of which we've been talking about: application (HTTP) and transport (TCP and UDP). The other two are "network goo" that we really don't interact with directly. They're important, don't get me wrong, just not important to this series.

As we saw in the last post on TCP, your information is flying around the world at light speed. With the right equipment and wrongful intent, someone looking to make a buck could easily tap into your data in transit (that's what we call it when its on the move) and sell your information (usually a big batch of information) to someone who will exploit it to steal money. That is, unless its scrambled before it's sent, then unscrambled on the receiving side. Enter encryption.


The newest big business buzz of currency - crypto-currency -  is all possible because of encryption (that's the crypto- part). It's built on the premise of uniquely encoding a "block-chain" and adding that to the existing chain to make it more valuable.

Encryption took off during WWII because radio transmissions were used by all of the militaries participating in that war. As we know, anyone can tune into radio frequencies and listen in (we can also listen to the radio transmissions of the cosmos - all the way back to the beginning of our universe!). Unless you can send a message in a way that only the receiver knows how to understand, you're toast! Every one of your moves will be known. It would be like playing chess while thinking your whole strategy out loud - you just can't win that way!

So they encoded the messages. With the messages encoded only those listeners with the decoding sequence would be able to understand. The U.S. got really good at cracking the code - which was one of the main reasons why the Allies won. Another was the perseverance and sacrifice of millions of lives of Russian soldiers. And the third was massive industrialization in the U.S. - both automated and manual industry.

History lesson aside, encryption has been used to protect privacy long before the internet. In modern times, it is used to protect data both in transit and at rest (in a database or on a hard-drive). TLS represents encryption in transit. SSL (Secure Sockets Layer) is the outdated predecessor to TLS - it's been deprecated by the authorities on internet security (the IETF*) as of June 2015.

TCP establishes a connection to communicate between two servers. TLS secures that connection by ensuring that all information transmitted through it is encrypted. The mechanisms for applying this encryption involve a certificate.


Certificates operate on a trust basis. There are companies that issue certificates (issuer). Those companies are called certificate authorities (CA) and your computer has their root certificate pre-installed. If you are securing your server, you would purchase a certificate from one of those companies. Your URL would then be registered to that certificate. You install the certificate on your web server. When https requests are made to your server, the requester gets a copy of your certificate. Your certificate is used to establish your authenticity. It's kind of like a driver's license, passport, or other form of id.

If you are the requestor, your browser will check the certificate's signature against the signature you have on the root certificate of the issuer. The domain in the URL also has to match the domain name on the certificate you receive from the server. If there is a match, the server has been Authenticated. Once the Authenticity of the server has been established, your computer and the server will generate an encryption key for the session. All of the information shared between you and server will be encrypted and decrypted on either end using that key.


This site is not https, but it's readonly - you don't exchange any sensitive information. Be careful when you have sites that require sending sensitive info and there is no https or it is mis-configured.
This site is configured for https.

This is how most of your information is secured on the internet today - provided you and the server are using https properly. Often we see misconfigurations on servers or servers that still support unencrypted http connections (http without TLS). There are also different versions of TLS which creates more configuration issues. The best you can do is pay attention to what your browser is telling you and think a bit about what kind of information you are willing to compromise - and remember some hackers are fairly sophisticated and can piece information together from multiple sources if you are a specific target (e.g. have a lot of money or power or work for a target organization/industry).

TLS works well to protect us when configured properly, but we should still remain vigilant. It can be easy to think that https solves all of our internet security problems, but there are other ways that hackers will try to pwn you.

Continued Learning

Encryption is a vast subject in and of itself. It comes in many flavors and varieties. There are one-way and two-way hashing algorithms, asymmetric and symmetric keys, private-private and private-public keys. And it all involves some pretty intense mathematics. Crypto-masters are a rare breed but the work they do is vital to our lifeblood - secure data!

IETF - Internet Task Force

OWASP is the go-to for internet security - they have great info about TLS

Some certificate authorities along with more details are listed on WikiPedia here:

Wikipedia has a lot on the subject of TLS in general: