17
May 14

BMW China CEO on how quality affects sales through word of mouth

“One of the most important ways to sell a car in China is word of mouth. People are listening to their friends, customers want to know what are the experiences of others with a product. So they are listening carefully. If you do not deliver the highest quality all of the time, your customer satisfaction goes down. Dissatisfied customers always talk about that they are not satisfied. So immediately if you don’t deliver, it would affect sales, [and] sales would be going down.” Karsten Engel, CEO of BMW China in a CNBC interview.

Thing is, Engel’s point applies whether you’re talking about BMW automobiles in China, or not. His point is spot on regardless of the product or geography. One of the most important ways to sell a product… any product… is word of mouth from satisfied consumers. The way to kill any product is by letting quality or your user experience suffer. Dissatisfied users share their dissatisfaction, and in doing so and can kill your product, your sales, your company, and your job.


06
May 14

Live in the moment.

The younger you are, the more you wish you were older, so you could do the things you’re not old enough to do yet.

The older you get, the more you wish you were younger, so you could do the things you’re too old to do now.


27
Apr 14

Job titles are free.

“The Sunscreen song”, which is actually named “Everybody’s Free (to Wear Sunscreen)”, by Baz Luhrmann, has been a (potentially odd) source of wisdom for me since it came out in 1998, just a few years after I graduated from college. I listen to the song periodically, and try to share it with my kids who, at 9 and 13, don’t yet “get” it.

The words of the song aren’t those of the artist, and they aren’t Kurt Vonnegut’s either, regardless of what urban legend says. No, the words come from Mary Schmich’s 1997 Chicago Tribune column, “Advice, like youth, probably just wasted on the young.” Much like Desiderata, the article attempted to gently deliver nuggets of wisdom about life to a younger generation – in this case as if Mary were delivering a graduation speech.

For years, I pondered how best to share my thoughts on surviving in the work world. While college prepares us for the world by chucking text at us page by page, it often can’t show us the deeper machinations of how the work world happens.

I present to you a non-conclusive collection of some of my thoughts about making the most of your career.

 

Ladies and gentlemen of the incoming workforce of 2014;
Job titles are free.

It’s true. You’ll bump into all sorts of people in your career, with lots of fancy, frilly titles. Chief of this. Executive of that. Founder of something you’ve never heard of.
Remember that titles cost nothing to hand out, and business cards are cheap to print.

Every time you go in for an interview, remember you’re interviewing the job just as much as the job is interviewing you. These are the people you’ll be working with as well as the job you’ll be working at.

Always ask, “Why did the last person in this position leave?”

Don’t settle.

Salary isn’t everything, but salary isn’t unimportant. Pats on the back won’t pay the electric bill. But if you’re only working somewhere because the pay is great, you’re cheating your colleagues, your employer, and yourself.

Typecasting isn’t just for actors. Don’t sit still. Always be working to improve yourself and your skills.

An employer who doesn’t value you improving your knowledge through training and doesn’t help you grow doesn’t value you. Don’t value them.

Age doesn’t equate to wisdom, and neither do words printed on a piece of paper in a frame on the wall. Wisdom almost exclusively arrives through experience, and experience results in both failures and successes. Humility comes from living through life’s failures, life’s successes, and learning over time that both can deliver valuable lessons.

“It seemed like a good idea at the time.” Whenever you run across the bad decisions of others who preceded you, shake your head, laugh, and repeat this to yourself. Make a plan and move forward. Don’t complain.

Consider yourself lucky if you ever work somewhere that an executive steps down because they, themselves (not the board) realize that someone else could do the job better than they could.

Murder your darlings. Suffer for your art. Take criticism as sunlight and water, and let it help you grow.

Simplify.

Surround yourself with people who make you wish you were smarter. Bolt from jobs where you’re always the smartest person in the room.

Value people who say “I don’t know” and ask “what do you need?”, guard yourself from people who keep secrets and never ask for help when things are going wrong.

Hiring the right people is hard. Hiring the wrong people is harder.

Firing someone, or laying someone off, is never fun.
Getting fired, or getting laid off, is never fun.

If your product or service isn’t selling, it’s probably not the marketing. It’s probably the product.

Perhaps you’ll find yourself at a startup. In such a situation, beware of strangers offering you sweat equity. Usually you’ll sweat, and they’ll get the equity.

There is no silver bullet.

You’ll probably find several stops along the way where “outsourcing” will be tossed out as the solution to a problem. With a perfect definition of the problem, a clear budget, and good management, it can be. Lacking any one of those three steps, you’ve got two problems instead.

Features, quality, or date. Choose any two.

In your career, you will likely have a spectrum of managers. Some will micromanage you, which is usually a result of their fear of failure and your failure to communicate with them enough to make them comfortable. Other managers will be so remote that you may fear failure, and feel like they aren’t communicating with you enough to make you comfortable. Communicate and collaborate, and it’ll all be fine.

When you find problems, point them out. If others around you tell you to keep it quiet, then they’re part of the problem too. If others above you tell you to keep it quiet, then you’ve got a real problem. Matches can become bonfires if you let them burn long enough.

If you make bad decisions, take the blame. If others make bad decisions, don’t feel the need to blame them.

Always be on the lookout for your next move. You may find yourself in a role that fits you from college to retirement. You may move to a new opportunity every few years. The main thing is to be cognizant that nothing is permanent, nothing is forever, and you should know what you would do the next day if your card-key stops working to unlock the door.

Do something you’re passionate about. If you’re not passionate about the thing you’re doing, you’re probably doing the wrong thing.

Meetings. Emails. Letters. Have a point, or there isn’t one.

Brevity.

Throughout your career, you will run into people whose primary skill is peacock language. They’ll tell you about themselves, strut around trying to look important, and talk in perfectly cromulent phrases. Smile to yourself, and remember that job titles are free.

 

An amendment: ˆTwo more sentiments I regret not adding to the above:

  • The unspoken word never needs to be taken back.
  • Burned bridges are hard to walk across when you need them.

I’m kind of surprised I forgot to put the first one one. It’s one of the earliest lessons I learned about work – through my father’s experiences, specifically around things that were said when leaving a job. Hint: If you think you might regret saying something to someone later, don’t. Just a good rule of thumb for life.

 

 

 

 

 

 


13
Apr 14

Complex systems are complex (and fragile)

About every two months, a colleague and I travel to various cities in the US (and sometimes abroad) to teach Microsoft customers how to license their software effectively over a rather intense two-day course.

Almost none of these attendees want to game the system. Instead, most come (often repeatedly, sometimes with more people each time) to simply understand the ever-changing rules, how to apply them correctly, and how to (as I often hear it said) “do the right thing”.

Doing the right thing, whether we’re talking licensing, security, compliance, and beyond, often isn’t cheap. It takes planning, auditing, understanding the entire system, understanding an application lifecycle, and hiring competent developers and testers to help build and verify everything.

In the case of software licensing, we’ve generally found that there is no one single person that knows the breadth of a typical organization’s infrastructure. How can there possibly be? But the problem is if you want to license effectively (or build systems that are secure, compliant, or reliable), an individual or group of individuals must understand the entire integrated application stack – or face the reality that there will be holes. But what about the technology, when issues like Heartbleed come along and expose fundamental flaws across the Internet?

The reality is that complex systems are complex. But it is because of this complexity that these systems must be planned, documented, and clearly understood at some level, or we’re kidding ourselves that we can secure, protect, defend (and properly pay for) these systems, and have them be available with any kind of reliability.

Two friends on Twitter had a dialog the other day about responsibility/culpability when open source components are included in an application/system. One commented, “I never understand why doing it right & not getting sued for doing it wrong aren’t a strong argument.”

I get what she means. But unfortunately having been at a small ISV who wound up suing a much larger retail company because they were pirating our software, “doing the right thing” in business sometimes comes down to “doing the cheap, quick, or lazy thing”. In our case, an underling at the retail company had told us they were pirating our software, and he wanted to rectify it. He wanted to do the right thing. Negotiations occurred to try and come to closure about the piracy, but when it came down to paying the bill for the software that had been used/was being used, a higher up vetoed the payment due to us. Why? Simple risk management. Cheaper was believed to be better than the right thing.This tiny Texas software company couldn’t ever challenge them in court and win (for posterity: we could, and we did).

Unfortunately we hear stories all the time of this sort of thing. It’s a game of chicken. This isn’t unusual – it happens in software all the time.

I wish I could say that I was shocked when I hear of companies taking shortcuts – improperly using open-source (or commercial) software out of the bounds of how it is licensed, deploying complex systems without understanding their security threat model, or continuing to run software after it has left support. But no. Not much really surprises me much anymore.

What does concern me, though, is that the world assumed that OpenSSL was secure, and that it had been reviewed and audited by enough skilled eyes to avoid elementary bugs like the one that created Heartbleed. But no, that’s not the case. Like any complex system, there’s a certain point where an innumerable number of people around the world just assumed that OpenSSL worked, accepted it, and deployed it; yet here it failed at a fundamental level for two years.

In a recent interview, the developer responsible for the flaw behind Heartbleed discussed the issue, stating, “But in this case, it was a simple programming error in a new feature, which unfortunately occurred in a security relevant area.”

I can’t tell you how troubling I find that statement. Long ago, Microsoft had a sea change with regard to how software was developed. Key components of this change involved

  1. Developing threat models in order to be certain we understood the types and angles of approach for any threat vectors we could find
  2. Deeper security foundations across the OS and applications
  3. Finally, a much more comprehensive approach to testing (in large part to try and ensure that “simple programming errors in new features” wouldn’t blow the entire system apart.

No, even Microsoft’s system is not perfect, and flaws still happen, even with new operating systems. But as I noted, I find it remarkably troubling that a flaw as significant as Heartbleed can make it through development, peer review, any bounds-checking testing done in the OpenSSL development process, and into release (where it will generally be accepted as “known good” by the community at large – warranted or not) for two years. It’s also concerning that the statement included that the Heartbleed flaw “unfortunately occurred in a security relevant area“. As I said on Twitter – this is OpenSSL. The entire thing should be considered to be a security relevant area.

The biggest problem with this issue is that there should be ongoing threat modeling and bounds checking amongst users of OpenSSL (or any software – open or commercial), and in this case the OpenSSL development community to ensure that the software is actually secure. But as with any complex system, there’s a uniform expectation that this type of project results in code that could be generally regarded as safe. But most companies will simply assume a project as mature and ubiquitous as OpenSSL is so, and do little to no verification of the software, deploy it, and later hear through others about vulnerabilities in the software.

In the complex stacks of software today, most businesses aren’t qualified to, simply aren’t willing to, or aren’t aware of the need to, perform acceptance checking on third-party software they’re using in their own systems (and likely don’t really have developers on staff that are qualified to review software such as OpenSSL. As a result, a complex and fragile system becomes even more complex. And even more fragile. Even more dangerous, without any level of internal testing, these systems of internal and external components are assumed to be reliable, safe, and secure – until time (and usually a highly technical developer being compensated for finding vulnerabilities) show it to not be the case, and then we find ourselves in goose chase mode, as we are right now.


12
Apr 14

Portraits

“…there is still something to be said for painting portraits of the people we have loved, for trying to express those moments that seem so inexpressibly beautiful, the ones that change us and deepen us.”

Excerpt From: Lamott, Anne. “Bird by Bird.”


09
Apr 14

Measures <> data

“The reason why businesses love measures is because they mistakenly believe that measures are real, hard data.”

Karen Phelan, author of “I’m Sorry I Broke Your Company.


09
Apr 14

Startups and Getting Things Done

A year or so ago, a good friend from Microsoft told me he was leaving the company, and was pondering a few ideas about what do next. His ideas had one common trait, that he wanted to improve how people got things done, a desire I’ve highlighted in some blog posts before.

Working with a partner, he brainstormed a few ideas, and they focused in on the following use case:

When I post a job to a job board, my inbox gets inundated with resumes. The process of reviewing these is manual and painful, and makes me feel like I’m stuck in the 1990’s. Isn’t there any way to simplify this?

Their answer to that question is here at Jobvention.com, and I think it is pretty impressive (personally, I love apps that streamline tasks that are needlessly complex).

Simplistically, Jobvention enables an easy workflow for a hiring manager to process job candidates. It links together the job posting (from sites like Craigslist) and incoming resumes (from Gmail and Google Apps for Business, currently) together within Jobvention. It also enables bulk upload of resumes, to let you easily process them through Jobvention, and bulk download of any resumes stored in the system for later reference.

When email in your Gmail inbox is synchronized with Jobvention, messages matching the posting are processed, the app links each message to the job posting, and processes all of the resumes, displaying them directly as text within the app. As a result, you don’t have to download them and read them on your desktop, (but you can do so).

From there, candidates can be easily categorized as those you want to thank for their resume but decline, hold for later, or follow up with, according to how well they align with the job posting. Jobvention lets hiring managers send custom email out to categorized candidates, whether to thank them or engage them for follow-up, and shows you the email conversation history from directly within Jobvention (but does not store the messages). See below for a screenshot of Jobvention in action.

screenshot_jobvention_pipeline

 

Candidate resumes can also be kept for later reference if they might be a good fit for another posting down the line.

Today, Jobvention provides the key workflow stages needed to rapidly process potential job candidates. The service is currently free, and iterating pretty rapidly as they continue to refine the service. Personally, I wish I’d had Jobvention when I was hiring developers in Austin long ago, and look forward to seeing how the team moves it forward.


07
Apr 14

The end is near here!

Imagine I handed you a Twinkie (or your favorite shelf-stable food item), and asked you to hold on to it for almost 13 years, and then eat it.

Aw, c’mon. Why the revulsion?

It’s been hard for me to watch the excited countdown to the demise of Windows XP. Though I did help ship Windows Server 2003 as well, no one product (or service) that I’ve ever worked on became so popular, for so long – by any stretch of the imagination – as Windows XP did.

Yet, here we are, reading articles discussing the topic of what country or what company is now shelling out $M to get support coverage for Windows XP for the next 1, 2, or 3 years (getting financially more painful as the year count goes up). It’s important to note that this is no “get out of jail free” card. Nope. This is just life support for an OS that has terminal zero-day. These organizations still have to plan and execute a migration to a newer version of Windows that isn’t on borrowed time.

Why didn’t these governments and companies execute an XP evacuation plan? That’s a very good question. Putting aside the full blame for a second, there’s a bigger issue to consider.

Go back and think of that Twinkie. Contrary to popular opinion, Twinkies don’t last forever (most sources say it’s about 25 days). Regardless, you get the idea that for most normal things, even shelf-stable isn’t shelf-stable forever. Heck, even most MRE‘s need to be stored at a reasonable temperature and will taste suboptimal after 5 or more years.

While I can perhaps excuse consumers who decide to hang on to an operating system past it’s expiration date, I have a harder time understanding how organizations and governments with any long-term focus sat by and let XP sour on them. It would be one thing if XP systems were all standalone and not connected to the Internet. Perhaps then we could turn a blind eye to it. But that’s not usually the case; XP systems in business environments, which lack most of the security protections delivered later for Windows Vista, 7, and 8.x, are largely defenseless, and will be standing there waiting to get pwned as the vulnerabilities stack up after tomorrow. In my mind, the most dangerous thing is security vendors claiming to be able to protect the OS after April 8. In most cases, that’s an all but impossible feat, and instills a false sense of confidence in XP users and administrators.

The key concern I have is that people are looking at Windows XP as if software dying is a new thing, or something unusual. It isn’t. In fact, tomorrow, the entire spectrum of Office 2003 software (the Office productivity suite, SharePoint, Exchange, and more) also leave support and could have their own set of security compromises down the road. But as I said, this isn’t the first time software has entered an unsupportable realm, and it won’t be the last. It’s just a unique combination as we get the perfect storm of XP’s pervasiveness, the ubiquity of the Internet, and the increasing willingness of bad people to do bad things to computers for money. Windows Server 2003 (and 2003 R2) are next, coming up in July of 2015.

People across the board seem to have this odd belief that when they buy a perpetual license to software, it can be used forever (versus Office 365, which people more clearly understand as a subscription that expires if not paid in an ongoing manner). But no software, even if “perpetually licensed”, is actually perpetual. Like that Twinkie I’ve mentioned a few times, even good software goes bad. As an industry, we need to start getting customers throughout the world to understand that, and get more organizations to begin planning software deployments as an ongoing lifecycle, rather than a one-time expense that is ignored until it goes terminal.


12
Mar 14

The trouble with DaaS

I recently read a blog post entitled DaaS is a Non-Starter, discussing how Desktop as a Service (DaaS) is, as the title says, a non-starter. I’ll have to admit, I agree. I’m a bit of a naysayer about DaaS, just as I have long been about VDI itself.

In talking with a colleague the other day, as well as customers at a recent licensing boot camp, it sure seems like VDI, like “enterprise social” is a burger with a whole lot of bun, and not as much meat as you might hope for (given your investment). The promise as I believe it to be is that by centralizing your desktops, you get better manageability. To a degree, I believe that to be true. To a huge degree, I don’t. It really comes down to how standardized you make your desktops, how centrally you manage user document storage, and how much sway your users have (are they admin or can they install their own Win32 apps).

With VDI, the problem is, well… money. First you have server hardware and software costs, second, you have the appropriate storage and networking to actually execute a a VDI implementation, and third, you finally have to spend the money to hire people who can glue it all together in an end-user experience that isn’t horrible. It feels to me that a lot of businesses fall in love with VDI (true client OS-based VDI) without taking the complete cost into account.

With DaaS, you pay a certain amount per month, and your users can access a standardized desktop image hosted on a service provider’s server and infrastructure – which is created and managed by them. The OS here is actually usually Windows Server, not a Windows desktop OS – I’ll discuss that in a second. But as far as infrastructure, using DaaS from a service provider means you usually don’t have to invest the cash in corporate standard Windows desktops or laptops (or Windows Server hardware if you’re trying VDI on-premises), or the high-end networking and storage, or the people to glue that architecture together. Your users, in turn, get (theoretically) the benefits of VDI, regardless of what device they come at it with (a personally owned PC, tablet, whatever).

However, as with any *aaS, you’re then at the mercy of your DaaS purveyor. In turn, you’re also at the mercy of their licensing limitations as it regards Windows. This is why  most of them run Windows Server; it’s the only version of Windows that can generally be made available by hosting providers, and Windows desktop OSs can’t be. You also have to live within the constraints of their DaaS implementation (HW/SW availability, infrastructure, performance, and architecture, etc). To date, most DaaS offerings I’ve seen focused on “get up and running fast!”, not “we’ll work with you to make sure your business needs are solved!”.

Andre’s blog post, mentioned at the beginning of my post here, really hit the nail on the head. In particular, he mentioned good points about enterprise applications, access to files and folders the user needs, adequate bandwidth for real-world use, and DaaS vs. VDI.

To me, the main point here is that with a DaaS, your service provider, not you, get to call a lot of the shots here, and not many of them consider the end-to-end user workflow necessary for your business.

Your users need to get tasks done, wherever they are. Fine. Can they get access to their applications that live on premises, through VDI in the cloud, from a tablet at the airport? How about their files? Does your DaaS require a secondary logon, or does it support SSO from their tablet or other non-company owned/managed device? How fat of a pipe is necessary for your users before they get frustrated? How close can your DaaS come to on-premises functionality (as if the user was sitting at an actual PC with an actual keyboard and mouse (or touch)?

On Twitter, I mentioned to Andre that Microsoft’s own entry into the DaaS space would surely change the game. I don’t know anything (officially or unofficially) here, but it has been long suspected that Microsoft has planned their own DaaS offering.

When you combine the technologies available in Windows Server 2012 R2, Windows Azure, and Office 365, the scenario for a Microsoft DaaS actually starts to become pretty amazing. There are implementation costs to get all of this deployed, mind you – including licensing and deployment/migration. That isn’t free. But it might be worth it if DaaS sounds compelling and I’m right about Microsoft’s approach.

Microsoft’s changes to Active Directory in Server 2012 R2 (AD FS, the Web Application Proxy [WAP]) mean that users can get to AD from wherever they are, and Office 365 and third party services (including a Microsoft DaaS) can have seamless SSO.

Workplace Join can provide that SSO experience, even from a Windows 7, iOS, or Samsung Knox device, and the business can control which assets and applications the user can connect to, even if they’re on the inside of the firewall and the user is not (through WAP, mentioned previously), or available through another third party.

Work Folders enables synchronized access to files and folders that are stored on-premises in Windows file shares, to user devices. This could conceptually be extended to work with a Microsoft (or third-party) DaaS as well, and I have to think OneDrive for Business could be made to work as well given the right VDI/DaaS model.

In a DaaS, applications the user needs could be provided through App-V, RemoteApp running from an on-premises Remote Desktop server (a bit of redundancy, I know), or again, published out through WAP so users could connect to them as if the DaaS servers were on-premises.

When you add in Office 365, it continues building out the solution, since users can again be authenticated using their AD credentials, and OneDrive for Business can provide synchronization to their work PCs and DaaS, or access on their personally owned device.

Performance is of course a key bottleneck here, assuming all of the above pieces are in place, and work as advertised (and beyond). Microsoft’s RemoteFX technology has been advancing in terms of offering a desktop-like experience regardless of the device (and is now supported by Microsoft’s recently acquired RDP clients for OS X, iOS, and Android). While Remote Desktop requires a relatively robust connection to the servers, it degrades relatively gracefully, and can be tuned down for connections with bandwidth/latency issues.

All in all, while I’m still a doubter about VDI, and I think there’s a lot of duct tape you’d need to put in place for a DaaS to be the practical solution to user productivity that many vendors are trying to sell it as, there is promise here, and given the right vendor, things could get interesting.


07
Mar 14

Henry Ford on watches

“As a lad he became expert as an amateur watchmaker. Disliking farm work because, “considering the results, there was too much work on the place,” he became an apprentice mechanic in Detroit, and repaired watches in a jewelry shop at night. He flirted with the idea of entering the watch manufacturing business on a large scale, “but I did not because I figured out that watches were not universal necessities.” His apprenticeship over, he served with the local representative of the Westinghouse Company, setting up and repairing their road engines.”

– Excerpt From Automotive Giants of America (iBooks)

Given the constant rumormongering about the iWatch, reading this (from a book written in 1926) amused me.