Share this page!

Jan Schaumann Profile picture
Twitter logo
10 Feb, 19 tweets, 3 min read
10 Software Engineering Laws Everybody Loves to Ignore

A Twitter 🧵
1. Conway's Law

Also known as: "You will ship your org chart."

"Any organization that designs a system will produce a design whose structure is a copy of the organization's communication structure."
You may _think_ you can avoid it via cross-functional standup meetings and stakeholder updates and decision matrices, but eventually and inevitably conflicting or diverging priorities will lead to equally conflicting or divergent processes and outcomes.
2. Brooks's Law

From The Mythical Man-Month:

"Adding manpower to a late software project makes it later."
When you realize you're not making the progress you thought you would and you're management tries to reallocate resources from another part of the org, you'll end up not only delaying the project, but you'll likely ship a more brittle, more complex product.
3. Zawinsky's Law

Adjusted for 2021:

"Every program attempts to expand until it includes a web server. Those programs which cannot so expand are replaced by ones which can."
For web services, Zawinsky's Law becomes "...until it requires a user account and collects all users' data"; for physical devices, "...until it includes an insecure wifi access point with a default password you can't change. And a web server".
4. Parkinson's Law

"Work expands so as to fill the time available for its completion."

If you don't set a deadline, then the project will never be completed. This is why iterating on a minimum viable product within fixed timelines is important.
5. Pareto's Fallacy

Pareto's Principle is easy to misinterpret, especially by management, often leading to Pareto's Fallacy:

"When you're 80% done, you think you only have 20% left."

The critical part that's overlooked here is that those 20% will require 80% of your time.
6. Sturgeon's Revelation

"90% of everything is crud."

Yes, that includes _your_ products.
7. The Peter Principle

"In a hierarchy, every employee tends to rise to their level of incompetence. Thus, in time, every post tends to be occupied by an employee who is incompetent to carry out its duties."

Dunning and Kruger send their regards...
8. Eagleson's Law

"Any code of your own that you haven't looked at for six or more months might as well have been written by someone else."

6 months is rather optimistic.
One caveat to Eagleson's Law is the "Yo Momma Corollary": only the author is allowed to criticize the code; any other negative feedback is dismissed.
9. Greenspun's 10th Rule of Programming

Adjusted for authentication:
This can be generalized to the Universal NIH-Rule: "any custom developed system contains an ad hoc, informally-specified, bug-ridden, slow implementation of half of the industry standard you refused to adopt".
10. The Iceberg Fallacy

"The cost of development of a new software product is the only ~25% of the total cost of ownership management sees and budgets for."

Ops Adage:
11. The LGTM Dilemma

"If you want to quickly ship a 10 line code change, hide it in a 1500 line pull request."

Also known as The Bikeshedders' Blind Spot.

See also:
...and off-by-one errors, of course. 🙃
The End. 🤪

This thread as an single website:
netmeister.org/blog/software-…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Jan Schaumann

Jan Schaumann Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @jschauma

Jan Schaumann Profile picture
6 Aug 20
7 battles #infosec has lost but we keep wasting efforts on trying to fight again and again nonetheless:
1) Users will always click on links in emails.

Stop trying to teach them to distinguish "bad" and "good" links. Instead, focus on ensuring their computer cannot be compromised by visiting a website and phished credentials are time-limited or otherwise useless to the attacker.
2) Users will pick bad passwords that they then reuse.

You can get _some_ users to use a password manager, but you can't enforce good passwords and practices. The only real solution is multi-factor auth, preferably via FIDO U2F and/or biometrics.
Read 10 tweets
Jan Schaumann Profile picture
1 Apr 20
A Few Simple* Rules To Build Scalable Tools

🧵 👇

* "simple", yes, in nature; consistently applying them requires discipline
Don't assume you can write intermediate data to a temporary file. Avoid I/O where possible. Avoid state.

Don't try to read all input into memory. Process as a stream.

When implementing e.g., an HTTP API, don't generate all data in one go. Paginate results.
Don't hardcode assumptions and user- or environment- specific settings. Separate code and config.

Don't leak tokens or passwords. Separate config from secrets.

Don't trust input outside of your control. Assume a hostile environment.
Read 8 tweets
Jan Schaumann Profile picture
11 Mar 20
So You Have A Jira Queue...

A brief Twitter r̶a̶n̶t̶ 🧵 on responsible ticket management, born out of years of frustration:
There's few things as frustrating in a large organization as diligently filing a ticket or reporting a problem only for it to sit there without anybody looking at it until it's closed by some automated job marking it as stale because it hasn't seen any updates in a year.
If you have a product that warrants a ticket queue, then you owe it to your users to manage it just as you owe it to your team to manage their workload.

Proper ticket management helps you set expectations, drive metrics, gain insights, and allow others to rely on you.
Read 19 tweets
Jan Schaumann Profile picture
25 Jan 20
(A few) Ops Lessons We All Learn The Hard Way -- a Twitter 🧵:
1. Email is the worst monitoring and alerting mechanism except for all the others.

2. Absence of a signal is itself a signal.

3. The severity of an incident is measured by the number of rules broken in resolving it.
4. The mobile hotspot you're paying for so you can leave your house while you're oncall only works at home and in the office.

5. The only other person who knows how this works is also on vacation.
Read 51 tweets
Jan Schaumann Profile picture
2 Nov 19
Falsehoods CS Students (Still) Believe Upon Graduating

An incomplete 🧵based on experience and observation:
1. They "know" "C/C++”.

2. Java is a reasonable choice for almost all programming tasks.
3. Programming == Computer Science.

4. People with a CS degree are good programmers.

5. People with a CS degree know how to program.
Read 41 tweets
Jan Schaumann Profile picture
16 Oct 19
Encrypting even only first hop DNS traffic: cool.
Authenticating at least the resolver: cool.
Forcing ISPs to rethink how they use DNS data: very cool.

But still, there's a number of things that bother me about DoH:
(1) DoH only focuses on communications between client and resolver. This only solves a small part of the larger problem and offers no meaningful way to protect the communications between e.g., resolver and authoritatives.
(2) It only focuses on web applications (primarily browsers). No protections are offered to other apps. This divides the host configuration and the client threat model, adds complexity, and reinforces a "the web is the entire internet now" mindset.
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @jschauma has new unrolls!

Check out other threads from @jschauma!

Read all threads by @jschauma