Skip to main content

Fire Alarms and Software


Some years ago, I got into the habit of using fire alarms as a metaphor for continuous integration and automated tests. My take was that organizations were always holding back resources to get servers for continuous integration, especially where project funding was provided by the business side. Simple reason: the management didn't really grasp concepts like automated tests and CI. I know that the metaphor doesn't completely fit in many ways, but it's a nice way to communicate the urgency and importance of having this security around. So I started using terms like "security net" and fire-safety to illustrate our need for a build-server.


It also is a handy metaphor when convincing developers to write tests for their code. Many developers fail to see the immediate benefits of practicing TDD, for example, but everyone has the fear of fire, or letting a bug slip by and into production.

I like comparing the team to the fire squad in a small city. The more fire alarms we've got distributed throughout buildings in the city, the bigger chance there is that we will get there in time to put out the fire and prevent any serious damage. For software, the more unit tests we've got distributed throughout the components in the code base, the bigger the chance that any bug-causing commit will break the build, and we can "move out" out and fix it.

Even though a smoke detector is not a guarantee that fire will be discovered in your apartment, having one in every room will drastically increase the chances that fire is detected. You could say the same for unit tests, and stopping bugs from getting into production.

You can use the metaphor to explain some related (mal)practices as well:
  • Having bad code is like having lots of flammable material lying around.
  • You can passively enforce safety by building fire-resistant material. This could be good code.
  • Your production error logs and exception handling are like fire alarms.
  • I might be stretching it a bit far here, but sprinklers could be like fail-early systems. Components that shut down in case of bugs, preventing any more damaging usage.
  • 30% of smoke detectors are said to be non-operating (faulty, batteries, etc). You could use this to explain that your tests need maintenance as well.
Well, like any metaphor, it can be taken too far, so I'll stop there.

PS: A funny thing about apartments here in Germany is that there aren't so many smoke detectors around. I'm sure that there are plenty of smart people who get these for their own safety, but it's not required by law. In Norway you are required to have at least one smoke detector in every house or apartment.

Comments

  1. Great example of analogy! I really like it!
    Recently I started posting interestnig analogies I found on the web on blog.ygolana.com. I thought it could be a good idea to create a place where people can share useful analogies.

    ReplyDelete

Post a Comment

Popular posts from this blog

Managing dot-files with vcsh and myrepos

Say I want to get my dot-files out on a new computer. Here's what I do:

# install vcsh & myrepos via apt/brew/etc
vcsh clone https://github.com/tfnico/config-mr.git mr
mr update

Done! All dot-files are ready to use and in place. No deploy command, no linking up symlinks to the files. No checking/out in my entire home directory as a Git repository. Yet, all my dot-files are neatly kept in fine-grained repositories, and any changes I make are immediately ready to be committed:

config-atom.git
    -> ~/.atom/*

config-mr.git
    -> ~/.mrconfig
    -> ~/.config/mr/*

config-tmuxinator.git  
    -> ~/.tmuxinator/*

config-vim.git
    -> ~/.vimrc
    -> ~/.vim/*

config-bin.git   
    -> ~/bin/*

config-git.git          
    -> ~/.gitconfig

config-tmux.git  
    -> ~/.tmux.conf    

config-zsh.git
    -> ~/.zshrc

How can this be? The key here is to use vcsh to keep track of your dot-files, and its partner myrepos/mr for operating on many repositories at the same time.

I discovere…

Encrypting and Decrypting with Spring

I was recently working with protecting some sensitive data in a typical Java application with a database underneath. We convert the data on its way out of the application using Spring Security Crypto Utilities. It "was decided" that we'd be doing AES with a key-length of 256, and this just happens to be the kind of encryption Spring crypto does out of the box. Sweet!

The big aber is that whatever JRE is running the application has to be patched with Oracle's JCE in order to do 256 bits. It's a fascinating story, the short version being that U.S. companies are restricted from exporting various encryption algorithms to certain countries, and some countries are restricted from importing them.

Once I had patched my JRE with the JCE, I found it fascinating how straight forward it was to encrypt and decrypt using the Spring Encryptors. So just for fun at the weekend, I threw together a little desktop app that will encrypt and decrypt stuff for the given password and sa…

The End of GitMinutes (my podcast)

I'm just about ship GitMinutes episode 46, which is going to be the final episode. I'll just paste the outro script here, as it sums up the sentimental thoughts pretty well:

I’m happy to have finally finished [publishing the last episodes from Git-Merge 2017], just in time before Git-Merge 2018 takes place in March. I won’t be going there myself, so I’m counting on someone else to pick up the mic there.

It’s sad to be shipping this one as it is probably the last GitMinutes episode ever. To go a bit down memory lane, 6 years ago, my daughter was born, and as I used a little of that paternity leave to set up my podcasting infrastructure and produce the first few episodes. Initially it was just going to be 10 episodes and call the experiment finished. Instead, I got to 46 episodes, the last dozen or so lazily tailing the last few Git-Merge conferences.

To every one of my guests, thank you so much again for coming on to share your passion in this little niche of computer science a…

Joining eyeo: A Year in Review

It's been well over a year since I joined eyeo. And 'tis the season for yearly reviews, so...

It's been pretty wild. So many times I thought "this stuff really deserves a bloggin", but then it was too inviting to grab onto the next thing and get that rolling.

Instead of taking a deep dive into some topic already, I want to scan through that year in review and think for myself, what were the big things, the important things, the things I achieved, and the things I learned. And then later on, if I ever get around to it, grab one of these topics and elaborate in a dedicated blog-post. Like a bucket-list of the blog posts that I should have written. Here goes:
How given no other structures, silos will grow by themselves This was my initial shock after joining the company. Only a few years after taking off as a startup, the hedges began growing, seemingly almost by themselves, and against the will of the founders. I've worked in silos, and in companies without the…

Working in Teams over Working as Individuals

I recentlypostedthis sketch on Twitter:

Thanks to a few mighty retweets, it gathered a lot of views (9000 impressions, whatever that means). While that's fun and all, I still felt a bit sad that such an awfully simple insight can garner much more popularity than a thorough blog post that I put some hours into.

So, rather than let Twitter get away with this, I'll steal my own content back into the blog :)

The thread went like this:

Pondering how to battle individualism in companies. For some, it is counter-intuitive that teams can be more responsive, faster and even more accountable than single individuals.

Having "teams" in place is no guarantee that team work is happening. Be wary of too large teams, "I/me/mine", personal contact details instead of team point of contact. Good team is sailing crew, not galley slaves.

Beware heroes, go-to persons, calling in favors and other shadow handling of work. Real teams make the work explicit, both requests/needs and re…