Workflow automation needs to take a more central role in our distributed systems designs

I am always at a loss to understand why workflow automation is not part of the common operations infrastructure of even the smallest software development shop. Few continuous, autonomous processes can operate without them needing to keep humans informed or occasionally ask them for input. These needs are usually solved by it sending an email to a functional address, eg "," containing a short description of the issue and a link to an HTTP enabled form for providing the input. The email is forwarded to the right person, he or she completes it, and the autonomous processes moves forward, sometimes, changing its path. The sent email and the form's use are rarely centrally logged and so the autonomous processes can not be fully audited. Repeat this ad hoc solution for a dozen more conditions and use it a few times per month and you have created post hoc chaos.

We do see some workflow automation tools regularly used in devops groups, but they are specialized. Jenkins, for example, is used to build and distribute applications. Rundeck manages "cron" tasks that need to be executed on all the hosts or services. Even tools like Spiniker is, at heart, a workflow automation. I suspect that all these could be implemented as workflows on top of, for example, Camunda.

Historically, workflow automation has been entwined with ERP and BPM. I don't recall anyone ever saying their company's ERP migration was a pleasure to participate in. (Which reminds me of Douglas Adams's statement that "It can hardly be a coincidence that no language on Earth has ever produced the expression 'as pretty as an airport'.") To discard workflow automation due to the historical horror stories is truly a lost opportunity for the future.

Workflow automation needs to take a more central role in our distributed systems designs. Camunda seems like a good place to begin -- search for talks by Bernd Rücker of Camunda.

Who wants to perpetuate a flawed design when a proper one is just around the corner?

The SimpleDB (SDB) persistence design in Adding persistence to the Incident Response Slack application is poor. The plan was to persist a block of data containing all of a Slack channel's tasks. This SDB item would be named (SDB's primary key) with some combination of Slack channel attributes, such as channel id and enterprise id. I expected to add a version attribute to the SDB item so that I could use SDB's conditional-put to prevent overwriting someone else's changes to the same task list. This all sounds acceptable, but upon further consideration it is not.

Its flaw is that the design focuses on sets of tasks while the UI -- the slash command -- focuses primarily on individual tasks. This flaw led to a design that adds unnecessary contention to task updating. That is, if tasks A and B were being updated at the same time by users X and X, respectively, then it is likely that one of the two updates would fail and have to be retried. Add more concurrency and tasks to the mix then the service will feed unresponsive (pushing users away) and burden the server (increasing operating costs).

The other problem comes from SDB's eventual consistency and how conditional-put will affect throughput. If X and Y are changing tasks then how long will each have to wait on the other before persisting their change? Intuitively, a conditional-put on the version attribute would require that the value be consistent everywhere before a next change. This effectively pipelines all changes to a channel's tasks without any of the advantages a purposefully designed pipeline has.

For this hobby project these flaws are irrelevant. Nevertheless, who wants to perpetuate a flawed design when a proper one is just around the corner?

Internal displacement

When I see these charts I want to know how I can use my skills to help people and not machines.


What does my pile of tech at Crossref look like?

What does my pile of tech at Crossref look like?

Service infrastructure is 29 deployments -- mostly 4 CPUs and 8G RAM -- handling 100M external (unique) queries and 1B internal requests per month.

Server infrastructure is Tomcat, ActiveMQ, MySql, and Oracle.

Service development is primarily in Java w/ Spring. Infrastructure operations aided with Bash and Perl scripts.

Primary datastores are RDBS using MySql and Oracle.

Secondary datastores are NoSQL using Oracle Berkeley DB, Solr, and bespoke solutions.

Full text search uses Solr, and bespoke Lucene solutions.

Data originates primarily in XML, JSON, tabular, and semi-structured text.

Lots of Linux operations experience. Some AWS operations experience.

No server, disk, or network hardware configuration and operations experience.

Source code managed in Subversion, developed in NetBeans, bespoke CI, and bespoke automated deployments.

Oh, and my trusty MacBook Plus.

Equivalence and Equality

There is an interesting debate going on over at The Eternal Issue About Object.hashCode() in Java. The root of the problem in the debate is that the participants are not distinguishing between equivalence and equality (aka identity). In computing we make a distinction between the two. Any two instances are equivalent if their values are the same. Equality is a stronger equivalence. Ie, it is not enough that the values are the same, but the values must be the same instances. Eg, A = "joe", B = "joe", and C = A then A, B, and C  are equivalent while only A and C are equal.

Java has made a mess of this distinction because its Object class 1) implements an equals() method and 2) the implementation is equality. So, by default, no two instance are ever equivalent. Most people would consider "joe" and "joe" to be equal, but not Java. (Java should have defined equals() and hashCode() as abstract or, better yet, define them in an Equatable interface.)

My reading of the Eternal Issue article is that there is a contract that base-class instances would use a value, provided during construction, to distinguish themselves. This is equivalence. Eg
class Baseclass {
   String name;
   Baseclass(String name) { = name; 
   boolean equals(Baseclass that) {; 
The sub-class would depend on this, in part, for its determination of equivalence, eg
class Subclass extends Baseclass {
   int age;
   Subclass(String name, int age) { 
      this.age = age; 
   boolean equals(Subclass that) { 
      super.equals(that) && that.age == that.age; 
Now, what happens when you remove Baseclass's equals() method? Doing that changes Baseclass's distinguishing behavior from equivalence to equality as instances now default to using Object.equals(). This is a extraordinary change to the contract between the classes. Subclass equivalence will immediately start to fail because no two Subclass instances will ever be at the same memory location.

Never mix equivalence and equality and an inheritance hierarchy.

A consequence of the rule is that since you decided not to use name to distinguish Baseclass instances then all instances are equivalent. Ie, they are indistinguishable. The only correct change that adheres to the contract would be not to remove equals() but to to replace it with
boolean equals(Baseclass that) { true; }
Of course, any change to Baseclass is likely a bad idea and I would never recommend that you respond to this change with anything less than tar and feathers. But, at least, make sure the changer of the Baseclass understands what they did vis a vis the contract.

Adding persistence to the Incident Response Slack application

Adding persistence to the Incident Response Slack application is the next feature to implement. For this application change happens at a human pace. That is, even the busiest incidence response is unlikely to have more than a few dozen changes per hour. That is, changes per channel per hour. The application might need to coordinate many thousands of channels of changes per hour. Given this situation, persistence at the channel level can be coarse while persistence at the application level needs to be fine.

For coarse persistence with infrequent access storing the whole model as a chunk of data is usually sufficient. Within a channel our model is a collection of tasks each with a description, assignments, and a status. There might be one or two dozen tasks at any time. With an expectation of, on average, short descriptions, one user assignment, and one status we expect 100 to 200 bytes per task and so some 1200 to 4800 bytes in total, ie, 12 tasks * 100 bytes to 24 tasks * 200 bytes. Reading and writing this amount of data is too small to worry about performance; that is, the storage mechanism's overhead will dominate each operation.

For fine persistence with frequent access persisting must be done at the item level. The storage mechanism must allow for random, individually addressable datum. We don't need the storage mechanism to provide structure within the item. A key-value store will do.

A simple system design would have one application instance running on a host that has RAID or SAN storage. If the application crashes the host will automatically restart it and so only incur a second of downtime. And the likelihood of losing the RAID or SAN is too low to worry about. If your level of service allows for this system design then a useful key-value store is the humble file-system. Unfortunately, this design is also the most expensive choice from cloud providers.

Cloud providers will want you to allow them to manage your compute and storage separately. This enables them to provide your application with the highest level of service to your customers. A consequence of this is that your application needs to be designed to run with multiple, interchangeable instances, remote storage, and network partitioning. Unlike the one host & one disk platform, the cloud platforms are not going to help your application that much. The problems associated with distributed application design — CAP, CQRS, consensus, etc — are still largely the application's to solve.

Incident Response is, fortunately, too simple a tool to warrant sophisticated tooling [1]. If two users update the same task at the same time then one of them will win. We will attempt to tell the user of the collision, but the limits of eventual consistency may preclude that. Every cloud platform has a managed key-value store (with eventual consistency) and managed web applications. Since I know AWS, I plan on using SimpleDB and Elastic Beanstalk for the next implementation.

[1] I really want to explore Apache Geode!

Grumble about the JDK standard libraries

I recently wrote a Slack application and restricted myself to using only the JDK. For some reason, I wanted to reminded myself of how awkward Java programming is for newbies.

No one chooses a Java implementation without the expectation of needing to include a shedload of external libraries. Luckily, Java has the most best of class libraries available, that are easily incorporated with Maven, and that have facilitated the great variety of successful applications being built and maintained every day. The JDK's standard libraries are, however, doddering and incomplete, especially as to building applications for the internet. Scripting languages like Python, PHP, and Ruby do have standard libraries that have evolved to incorporate the internet. And these languages are being successfully used by newbies [1]. Nevertheless, I had my question to answer.

My application uses Slack's outgoing webhooks and so is a specialized HTTP server. The JDK does have an HTTP server, but it is in the com.sun namespace and does not implement the Servlet API. Implementing the Servlet API would give the newbie the experience of using a standard container and, moreover, allow his or her application to be deployed to any number of cloud providers. Implementing an HTTP server is not a quick task and so I choose to use the JDK's.

When Slack sends a webhook request the body content is url form encoded, eg "a=1&b=2&b=3".  (You more often see this used in URL queries.) Apart from an early spat over delimiting with ampersands vs semicolons this encoding[2] has been universally, consistently used for decades. Unfortunately, the JDK does not have a standard means to encode or decode this data. I implemented a decoder.

The response to the webhook is a JSON encoded message. JSON's adoption rate has been breakneck, but standard libraries have caught up. The Java Community Process (JCP) did define a JSON API several years ago, but an implementation is not in the JDK. While outputting JSON is straightforward, ensuring it is syntactically correct calls for having support. I implemented an encoder

Lastly, and most sadly, is the situation with fixed width hex values. Slack wants colors expressed in the RGB hex notation, ie #RRGGBB. JDK has a Color class, but it can't be used to create an RGB hex value. (Its Color.toString() method is practically useless.) To format the value you can use

String.format("%02x%02x%02x", c.getRed(), c.getGreen(), c.getBlue()) 

but, honestly, what newbe is going to know that or have any hope of Googling the answer?

Gumble over. Back to real world Java development.

[1] That academics use Java in introductory programming classes is appalling.

[2] It is not really "encoding" and "decoding," but marshalling and unmarshalling.

I am leaving Crossref

Crossref logoI gave in my notice at work. I will be there until the new year helping them transition. After 9 years at Crossref, there is a fair amount to hand over. The hardest part in any of these long transitions is keeping up the momentum in the face of increasing detachment. Crossref has given me much over the years and so extra perseverance is warranted.

If you would like to talk about coming opportunities then contact me at and we will schedule a time to do so.

Incident Response Slack App

As we learn how to better use Slack we are experimenting with different ways of managing our response to incidents, aka emergencies. One experiment is that when an incident is discovered the existing #incident-response channel is used to send an alert to those on-call. We then immediately create a new channel for only the new incident's staffing and communications. While we rarely have overlapping incidents, having a dedicated channel does prevent the interleaving of messages about other incidents, too many tangents, and only those working the incident are disturbed by @channel or @here messages. When the incident is resolved the channel's messages can be copied into the beginnings of the post-mortem document, and then archived.

During the response, tasks emerge that need to be assigned and tracked. Slack itself is not good at this alone. There are many applications for task management that can be made accessible via Slack slash-commands. For incident response tasks, however, these general purpose applications were too focused on the user and not enough on the channel. When listing tasks we only want to see those for this incident. Their extra features also had a cognitive weight that I brisselled at. Overall, their fit for purpose was poor.

What was needed was a task manager with a scope limited to one channel. The task manager would be installed in the workspace, and so accessible to everyone, everywhere without configuration, but when in use was channel focused. The task manager needed to support these simple the use cases
  • Adding tasks with a description, assignments, and a status.
  • Updating a task’s description, assignments, or status. Only notify the channel when the changes are pertinent to all.
  • Listing the tasks with optional criteria.

These use cases turned into the /ir slash-command
/ir description [ user … ] [ status ]
/ir task-id [ description [ user … ] [ status ]
/ir [ all | finished ] [ user … ] [ status … ]

If you are interested in the implementation then see

Slack messages are rarely ever completed thoughts

Comments on TechCrunch's article "Distributed teams are rewriting the rules of office(less) politics."

I don't think that article quite hit its mark, but it did contain two important bits. Loneliness is an issue for me. I like being among my colleagues. Even if nothing is said all day the presence of others roots us to a common purpose and common comfort. The other is the need to write more and with specificity.

A requirement of asynchronous communications is leaving information for others to respond to later. Ad infinitum. The longer the timespan between communications the more context each information leaving must include. It is a skill to provide brief context in these leavings along with clear answers and, perhaps, further questions. Many characterize asynchronous communications as a conversation. However, conversations are informal. Our communications are more like a dialogue where we explore problems and solutions. Problems and solutions are formal, or rather somewhere between not informal and algorithmic. And they must to be recorded and the records curated. Asynchronous communications requires a diligence that is not provided by simple conversation.

One of my favorite discoveries (unfortunately, shortly after college!) was Thinking on Paper by Howard and Barton. Writing is design thinking. (Coding is design thinking.) Design thinking is iterative and unsteady in its forward motion. Two steps forward, one step backward. Unfortunately, people still think of writing as something that happens after thoughtfulness. This misunderstanding can lead to written mistakes being harder to recover from than said ones. If you take away one bit of advice from here, it would be to assume that Slack messages are rarely ever completed thoughts.

Remote teams and hiring

While I was driving to work this morning I was thinking about an earlier conversation that touched on an earlier blog posting about the difficulty of having too large a skills gap in your team or in your development organization. We agree about the skills gap. Then he said something that gave me pause to totally reconsider my stance on remote development organizations. My stance had been that they don't work as too often during a project you need the high bandwidth available in face to face collaboration. But this stance comes from assuming there is a large gap between staff. What if the gap was small? What if gap was of zero width?

It has been my experience that you can successfully communicate and work remotely together when the gap is small. The eureka moment came when I reconsidered the reputed benefit of remote work that allows you to hire the best from anywhere in the world. It is not a benefit, but a rule. It is not that you can, but that you must hire the best.

Chris Sinjakli's talk "Doing Things the Hard Way"

I am sure you watched James Mickens's talk Q: Why Do Keynote Speakers Keep Suggesting That Improving Security Is Possible? today. It was honest and funny — even my ceramic artist wife laughed at the IoT humor — and contained a great primer on machine learning — my wife skipped that part. As it ended YouTube's autoplay started Chris Sinjakli's talk Doing Things the Hard Way from this years SREcon18 Asia/Australia. From where I sit today his experience, analysis, and advice are spot on. So, if don't have 51 mins to listen to Mickens I high recommend you spend 22 mins listening to Sinjakli. On second thought, listen to both.

X. Kishore Mahbubani and "Has the West Lost It? Can Asia Save It?"

When your country is falling from first place into second place your best course of action is to establish a world order that gives second place countries advantage. Bluntly, multilateralism is far better than isolationism. As China and India continue to rise the USA is destined to be 3rd place, at best; perhaps even 4th place behind Indonesia. I highly recommend this lecture by X. Kishore Mahbubani "Has the West Lost It? Can Asia Save It?"

Grumble about Google Calendar display of vacations

Does anyone else hate the new Google Calendar display of vacations? I only want one weekday column highlighted and that is today. Not P's vacation day on Friday. Not M's midweek vacation next week. G's all-day event block at the top of Friday's column is fine; even better is T's multi-day vacation line at the top of the day columns. Really, Google Calendar UI design team, what were you thinking!?

Ousterhout's "A Philosophy of Software Design"

Greatly enjoyed John Ousterhout's Google talk "A Philosophy of Software Design." It is for the Tcl language and the Tk user interface toolkit that I know him. I was a fan of Tcl back in the day when you didn't add a REST API to your application, instead a you added a scripting language. For that purpose Tcl was a perfect match: easy integration of the interpreter into the application and easy extension of the interpreter with application functionality. Tcl did not make the transition to the Web and so has mostly faded into software development history. If you think DSLs are awesome you wish your language had uplevel and upvar. If you think Docker container images are awesome you will be interested in Tcl's Startkit.

In this talk Ousterhout is chronicling his attempt to teach software design at Stanford University's CS 190: Software Design Studio class. I want to find out if the local universities are trying this and offer to be a teaching assistant.

Technical Junk

Much of what is called "technical debt" is more likely "technical junk." Technical debt has the ring of responsibility around it. As we build new services and maintain the others we tell ourselves that we have made reasoned judgments as to what to ignore for now:

• We don't need to update that library just yet, but we know not that falling too far behind the current version will make updating grueling and so will do it later.

• We don't rewrite a troubled module just yet, but we know the rewrite will relieve us from burdensome support and so will do it later.

• We don't replace the data design implementation just yet, but we know its scope has been exceeded and is now impeding enhancements and so will do it later.

• We don't broaden the testing regime just yet, but we know that doing so critically supports systems changes and so will do it later.

• We don't speed the ever slower, periodic, automated task just yet, but we know that task overlap has dire consequences for downstream processes and so will do it later.

• We don't hire additional staff just yet, but we know that additional staff is critical to efficiency and so will do it later.

Now, this sounds like technical debt and it is when you actually attend to it later. When you don't you have technical junk. The system and its data are patched, brittle, duplicated, lossy, slowing, and only though the sheer force of willpower can it be enhanced and maintained. Still, we continue to tell ourselves and our management a compelling story of progress on the two-fronts of enhancement and maintenance.

Why have group meetings in software development?

Why have group meetings in software development? I think there are only three good reasons.

The first good reason is when several people need to come to a consensus. The outcome of these meetings are decisions. Ideally, everyone comes to the meeting prepared for the discussion. I like for a proposal to be written and distributed before the meeting. This means that at least one person has thought through the decision's context and ramifications, and that the meeting's participants have time to read and ponder it beforehand. Jeff Bezos has an interesting workaround to unprepared participants and that is to have meetings start with several minutes dedicated to reading the prepared materials. That Inc. article has several other good tips. I can't help myself and so must include a reference to Tufte's The Cognitive Style of PowerPoint. Thankfully, slide decks have been mostly absent from my last several years of professional work.

The second good meeting is the daily standup. It is too easy for a developer to not ask for help soon enough, and standups quickly stop that situation from worsening or the developer going dark. My manager at Cadre used a system of green, yellow, and red work status. If the work was going well then it was green. When there were complications the work was yellow. When it was red it was blocked. It is useful to use this system even in a standup. The first part of the standup has all participants give a brief status. The second part deals with yellow statuses with a brief description of problem and assignment of who is best able to help. Red statuses are dealt with outside of the standup. In all cases, however, don't solve problems in the standup. Giving solutions might not derail the standup the first few times, but has been my experience that by not maintaining the standup's principles it will soon devolve into a group chat and finally abandonment.

The third good meeting is for celebration. I am most interested in celebrating the group's achievement as a whole. Generally, everyone contributes as they are asked and as they are able, and so I see no need to single out individual contributions. The one exception is for someone who has shown marked growth. Pizza in the conference room can work, but you will have more success if you take everyone out to lunch.

Update: The TechCrunch article "Distributed teams are rewriting the rules of office(less) politics" had the link to Amazon's "narratively structured six-page memos."

Some more comments about a healthy software development organization

That last posting was a little to high level. Especially for someone like me that likes things to become grounded — at least for one day! Most of my career has been in small companies building small products. Apart from places like Lotus and Geac my employers have had less than 20 developers. This organization size has shaped my expectations of what is useful for a project to succeed.

The first document any project needs the "Product or Feature Digest" A template of which is here. This document organizes the other documents. It is the one place everyone can read and get a grounding on the product and its implementation. If what is being built is very small then it might be the only document. Most sections of the document have an obvious purpose. However, the first two require further explanation.

I have never worked on a product or feature that did not change its goals. I doubt you have either. Most changes are refinements due to a better customer understanding, or due to initially unforeseen constraints, or revisions to feature priorities, or features removed or added, etc. The reason we keep product management's original document is that it was the locus of everything that happened afterwards. The differences between it and the current revision gives the reader an understanding of the maturation of what is being shipped. For senior management, where their attention to the project is periodic, it helps bridge their previous understandings to a current understanding.

I like my projects to have this kind of documented grounding, but this does not make me waterfall methodology advocate. I agree completely with Kent Beck's statements in Extreme Programming that software change is cheap. I like the agile methodologies that stem from this seed. I draw the line, however, that product management and software development is nothing more than reorganizing and implementing the backlog. Developers need to know that what they are doing is coherent and concise. Otherwise the work becomes little more than hacking at the coal face — an endless drudgery.

Within a project I don't care much what tool you use to enumerate the work items and their dependencies. What I do care about is that the discussions related to these work items are located in that tool. If the tool's commenting interface is cumbersome then don't select it. If you do, your staff will not use it. Let me repeat that. Your development staff, as a whole, does not like to write stuff down, and if you make it inconvenient to do so they will attempt to make progress without using it [1]. When this happens the only record you will have of the obstacles found and decisions made will be in heads. When the project ends and the staff disperse you will have little from which to draw on to hold a successful postmortem. Worse, however, is that your development organization is doomed to remain, at best, at Level 2.

Lastly, for now, where do instant messaging tools sit in a software development organization? For me, at the bottom of the communication modes. What message is so urgent that it can't wait until tomorrow morning or some other synchronization time [2]? For smaller organizations where one developer might have multiple roles the interruptions will be harder to control, but they can be controlled. The head of development needs to take control of them.

The other problem with instant messaging is that it becomes the primary mode for discussions and decisions. Instant messaging is technically an asynchronous form of communication, but it is rarely used with that expectation [3]. Instant messaging has become akin to oral communication with all of its concomitant weaknesses. It is too easy for a senior staffer to initiate, for example, a Slack conversation to come to a decision than it is to open an issue and discuss it there or simply wait until a next meeting. Or the developer who interrupts everyone to ask a question that could have been answered elsewhere with a little effort on his or her part.

At this point I am sure you are thinking I am a madman. I have the developers sitting alone at his or her desk coding and communicating only online and only asynchronously. It would be a lifeless place without actual face to face communications. Hallway conversations and meeting are vitally important to a development organization. Important enough to write about separately in another posting.

[1] Jira is a good example of a bad interface. Atlassian has put so much effort into enabling customizability that its has made the hourly effort of interacting with issues & comments to be on a par with the one time effort of creating a set of project "status" tokens.

[2] For example, place all announcements on the kitchen refrigerator or on the bathroom mirrors.

[3] Why We’re Betting Against Real-Time Team Messaging criticism of Slack is spot on.