kaeff's Sitehttp://kaeff.postach.io/feed.xml2023-12-13T10:35:43.790000ZWerkzeugTech Leads: Leadership & Management Aspects you should be aware ofhttps://kaeff.postach.io/post/tech-leads-leadership-management-aspects-you-should-be-aware-of2023-11-07T20:51:29.540000Z2023-11-07T20:32:35Zkaeff<div><br/></div>
<div>Getting started in leadership is daunting for most of us. After years of thinking about all the different ways in which you would do things differently than <i>your</i> manager, now suddenly you have people looking to <i>you</i> as a role model.</div>
<div><br/></div>
<div>Luckily, there is tons of material to get you started. Over the years, I've taken many different courses, trainings, read books or articles. After a while, you will find that content and ideas repeat or surface in different forms and from different angles. </div>
<div><br/></div>
<div>Instead of giving you one single curriculum or set of material, in this post, I want to give you an outline of different topics from the area of leadership and management. As you embark on your journey, use it as map, uncovering topics as you go along.</div><h2>Aspects you should be aware of</h2><div><br/></div><ol><li><div>Self management</div></li><ol><li><div>Personality & Strengths: Myers briggs, strength finder</div></li><li><div>Communication & Listening</div></li><li><div>Time management & priorization</div></li><li><div>Decision making</div></li></ol><li><div>People</div></li><ol><li><div>Delegation</div></li><li><div>Coaching & Mentoring</div></li><ol><li><div>The difference between coach, mentor, trainer, friend</div></li><li><div>Coaching models e.g. GROW</div></li><li><div>Coaching for performance</div></li></ol><li><div>1:1s</div></li><li><div>Feedback</div></li></ol><li><div>Leadership basic: </div></li><ol><li><div>Leadership Styles</div></li><li><div>management vs leadership</div></li><li><div>Integrity & authenticity</div></li></ol><li><div>High performing teams</div></li><ol><li><div>Team Building: Tuckman's Team phases</div></li><li><div>5 dysfunctions of a team: Trust -> Conflict -> commitment - > Accountability -> Results</div></li></ol><li><div>Conflict</div></li><ol><li><div>Kilman Conflict Modes</div></li><li><div>Crucial conversations</div></li></ol><li><div>Motivation, Vision, Inspiration</div></li><ol><li><div>Autonomy, Mastery, Purpose</div></li><li><div>Why, how, what</div></li></ol><li><div>Stakeholder, Influence & Persuasion</div></li><ol><li><div>Influence: Political Savvy, Self promotion, trust building, leveraging networks</div></li><li><div>Persuasion</div></li><ol><li><div>Match style: Asserting (heart, push), Attracting, (Heart, pull), Proposing (Head, push), Briding (Head, Pull)</div></li><ol><li><div>Detractors -> Head, Supporters -> Heart. Active -> Push, Passive -> pull</div></li></ol><li><div>How matters: Reciprocity, Scarcity, Authority, Consistency, Liking, Consensus</div></li></ol></ol></ol>Ask "why" more often than "what" and "how"https://kaeff.postach.io/post/ask-why-more-often-than-what-and-how2023-06-30T05:48:18.267000Z2023-06-30T05:40:57Zkaeff<div><br/></div><img src="https://cdn-images.postach.io/557f5b7e-0f98-47a0-bd04-b399f619ffbf/950bce60-18ce-62ad-ce19-f37b942c6458/93f8deb2-a97b-e114-ce63-0d14ecc7ce05.jpg" style="--en-naturalWidth:1024; --en-naturalHeight:766;"/><div><i><span style="--en-markholder:true;"><br/></span></i></div>
<div>I see Principal Engineers and Engineering Managers struggle with this, mainly when filling in for the lack of a Product Manager on technical initiatives. </div>
<div><br/></div>
<div>In early development phases, it's hard to let go of "we all know what's needed here, we just need to break it down and talk about hard thing X". It's normal, we take pride in our expertise, and we want to bring our specialization to the table. But <b>if everyone's thinking "how", you run the risk of no one thinking "why"</b>. </div>
<div><br/></div>
<div>If you want to build a successful product or technical initiative, <b>you need different thinking modes</b>: Who are we building this for and what are they really struggling with? Is this the best problem to solve right now? How will this add to the company's bottom line? And finally: Is this technically feasible?</div>
<div><br/></div>
<div>Luckily, you can fix that easily by <b>shifting your thinking mode and start wearing a different "hat".</b> In the next workshop, look at the room and ask yourself: Who's having the interest of the user/business/quality/system in mind? Who has explored the problem and challenged the proposed solution already? Spot the gaps and wear that hat.</div>
<div><br/></div>
<div><br/></div>
<div><i>(Image: "Wool hats" by mapbleb4 on <a href="http://flickr.com" rev="en_rl_none">flickr.com</a>)</i></div>
Your Emotions Don't Define You: Use Appraisal Theory to Deal With Stress at Workhttps://kaeff.postach.io/post/your-emotions-don-t-define-you-use-appraisal-theory-to-deal-with-stress-at-work2023-05-24T22:50:29.989000Z2023-05-16T20:53:45Zkaeff<div>In the fast-paced world of modern work environments, stress has become an all-too-familiar companion for many people at work. Juggling deadlines, managing expectations, and striving for success can leave us feeling overwhelmed and emotionally drained. However, understanding and harnessing the power of appraisal theory can provide a valuable toolset to navigate these challenges. In this blog post, we will explore the transactional model of Lazarus, uncover the factors influencing our perception of events, emotions, and stress, and equip you with practical strategies to handle their emotions and cultivate resilience in stressful situations.</div><h2>The Transactional Model of Lazarus</h2><div><br/></div>
<div>At the heart of appraisal theory lies the transactional model of Lazarus, which posits that <b>our emotions and stress responses are shaped by the subjective evaluations we make about events</b>. According to this model, <b>it is not the events themselves but rather how we perceive and interpret them</b> that determine our emotional and physiological reactions.</div><h2>The Factors Influencing Perception of Stress</h2><img src="https://cdn-images.postach.io/557f5b7e-0f98-47a0-bd04-b399f619ffbf/b9573be7-8839-31df-c0cb-f8178bf3482d/8c3258b1-4da9-eaa9-2a5b-fa705822bc09.png" style="--en-naturalWidth:800; --en-naturalHeight:1280;" width="313px"/><div><i>Transactional Model of Stress and Coping of Richard Lazarus. Philipp Guttmann. <a href="https://en.wikipedia.org/wiki/Appraisal_theory#/media/File:Transactional_Model_of_Stress_and_Coping_-_Richard_Lazarus.svg" rev="en_rl_none">Source</a> (CC BY-SA 4.0)</i></div>
<div><br/></div>
<div>We interpret events, i.e. stimuli from the environment that act as a potential stressor, in the following sequence:</div><ol><li><div>Primary Appraisal: This initial evaluation involves assessing the relevance and personal meaning of a situation. Is the event perceived as threatening, challenging, or irrelevant to our goals? </div></li><li><div>Secondary Appraisal: Once a situation is appraised as stressful, we assess our ability to cope with the event. Can we manage the situation effectively, or do we feel helpless? Do we feel that we have resources like skills or social support available to deal with the situation?</div></li><li><div>Personal Factors: Our personality traits, past experiences, and individual differences also influence how we perceive and respond to events. For instance, someone with a high level of self-efficacy may view challenges as opportunities for growth rather than insurmountable obstacles.</div></li></ol><div><br/></div>
<div>Stress arises if we we don't feel resourceful enough to deal with an event that we perceive as dangerous. In this situation, individuals engage in various coping strategies to manage stressors. These coping strategies can be categorized into problem-focused coping and emotion-focused coping.</div><ol><li><div>Problem-focused coping involves taking direct actions to manage or alter the source of stress.</div></li><li><div>Emotion-focused coping involves changing one's emotional response to a stressor.</div></li></ol><div><br/></div>
<div>Finally, Appraisal is an ongoing process, and Individuals may reappraise a situation based on new information or changes in circumstances. </div><h2>Coping with Stress using the Transaction Model</h2><div>Understanding the Transaction Model allows us effectively improve our situation by addressing our Appraisals of it, Personal Factors, Coping Mechanisms and Reappraisal:</div>
<div><br/></div><ol><li><div>Cognitive Restructuring: Challenge negative thoughts and replace them with positive and realistic ones. Recognize that failure is an opportunity for growth, and mistakes are stepping stones to success.</div></li><li><div>Time management: prioritizing tasks, setting realistic goals, rejecting low-value tasks and breaking down complex projects into smaller, manageable steps.</div></li><li><div>Seeking information and resources: If an employee encounters a challenging task, they may proactively seek information, guidance, or additional resources from colleagues, supervisors, or available references to enhance their understanding and problem-solving abilities</div></li><li><div>Seeking social support: Employees may seek emotional support from colleagues, friends, or mentors to discuss their feelings, share their concerns, and gain perspective. This can help alleviate stress and provide a sense of comfort and understanding.</div></li><li><div>Relaxation techniques: Individuals can use relaxation techniques like deep breathing exercises, mindfulness, or meditation during breaks to manage their stress levels and promote a sense of calmness in the workplace. </div></li><li><div>Engaging in physical exercise</div></li><li><div>Reframing and positive self-talk: Employees can engage in reframing their thoughts and engaging in positive self-talk to shift their perspective on stressors. This involves consciously challenging negative thoughts and replacing them with more positive and constructive interpretations. For example, instead of dwelling on a minor setback, an employee might reframe it as an opportunity for growth and learning.</div></li><li><div>Reappraisal: Stay open to new information or alternate explanations to your situation, and continuously reassess the situation</div></li></ol><h2>Empowering Yourself: A Practical Example</h2><div>Let's consider a common work scenario: <b>presenting a project to senior management</b>. This situation often evokes anxiety and stress for many employees. However, by applying appraisal theory and employing practical coping strategies, you can s<b>hift your perspective and empower yourself to handle the situation with confidence</b>.</div><ol><li><div>Primary Appraisal: Recognize that presenting to senior management is an opportunity to showcase your skills and expertise. Instead of viewing it as a threat, reframe it as a chance to shine and make a positive impact.</div></li><li><div>Secondary Appraisal: Assess your resources and preparation. Break down the task into manageable steps, create a detailed plan, and seek support or feedback from colleagues or mentors. This will enhance your sense of control and increase your confidence in handling the presentation.</div></li><li><div>Personal Factors: Tap into your strengths and past successes to boost your self-belief. Remind yourself of previous achievements and affirm your capabilities. Visualize a successful presentation, rehearse it, and practice deep breathing or mindfulness techniques to reduce anxiety.</div></li></ol><h2>Conclusion</h2><div>By understanding and applying appraisal theory, you can gain a fresh perspective on stress-inducing situations and empower themselves to navigate the challenges of the modern work environment. Remember, it is not the events themselves that dictate our emotional responses, but rather our appraisal of them. By adopting practical coping strategies, such as cognitive restructuring, stress management techniques, and seeking social</div>
<div><br/></div>
<div><br/></div>
<div><br/></div>
<div><i>Disclaimer: This text was written by ChatGPT. Through the first prompt, I learned about Appraisal Theory. I used the second prompt to write the post, applying light editing. I fact checked all answers using Wikipedia.</i></div>
<div><i>(1) "Name the most relevant theories that are important in order to understand the role of emotions in written business communications"</i></div>
<div><i>(2) "Write a blog post about appraisal theory. It should be practical, motivational, intended for self-help for young professionals who deal with stress at work. It should explain the transactional model of lazarus, the different factors influencing the human perception of events, emotions and stress. It should give an example from the work context that focuses on empowering the reader with practical advice on how to handle their emotions and come up with actionable coping strategies in stressful situations."</i></div>
If you want a high-performing remote engineering org, you need to invest in social capitalhttps://kaeff.postach.io/post/if-you-want-a-high-performing-remote-engineering-org-you-need-to-invest-in-social-capital2023-05-24T22:47:50.145000Z2022-10-12T12:26:50Zkaeff<div><a href="https://twitter.com/kaeff/status/1580172398611279872" rev="en_rl_none">Based on this twitter thread</a></div>
<div><br /></div>
<div>This recently clicked for me. This article relates findings on how remote work alters the shape and strength of our connections to research on knowledge sharing, innovation and productivity, and proposes ways to strengthen networks at work.</div><h2>The shift to remote weakened our social connections</h2><div><br /></div>
<div><a href="https://hbr.org/2021/03/what-a-year-of-wfh-has-done-to-our-relationships-at-work" rev="en_rl_none">Microsoft's 2021 Work Trend Index</a> reported that remote workers feel more isolation and less connection. The shift to remote work <b>shrunk people’s networks</b>. Interactions within close networks increased, while <b>interactions with distant networks diminished</b>.</div>
<div><br /></div>
<div>Connections aren't optional - they are <a href="https://en.wikipedia.org/wiki/Social_capital" rev="en_rl_none">social capital</a>. People connecting establishes psychological safety, proliferates tacit knowledge and breaks silos. <b>A strong network creates innovation and productivity.</b></div>
<div><br /></div>
<div>But people still have strong connections - just keeping fewer people closer. Why worry? According to the <b>"strength of weak ties"</b> theory, information flows better when the social link is weak. For example, <a href="https://www.science.org/doi/10.1126/science.abl4476" rev="en_rl_none">this study from Linkedin</a> found that users are more likely to find a job not from close connections but more distant ones.</div><h2>Social capital is needed for a high-performing and innovative organization</h2><div><br /></div>
<div><a href="https://hbr.org/2007/07/the-knowledge-creating-company" rev="en_rl_none">The theory of tacit knowledge</a> established that knowledge can be explicit - written down - or tacit - hard to verbalize and write down, and offers different strategies to go between tacit and explicit.</div><img src="https://cdn-images.postach.io/557f5b7e-0f98-47a0-bd04-b399f619ffbf/5c9d1373-10dd-4c30-9ced-06a540edaa6b/7de8dab2-23df-9649-8db7-f552f290fb73.png" style="--en-naturalWidth:474; --en-naturalHeight:296;"/><div>And the vast majority of knowledge is tacit:</div><img src="https://cdn-images.postach.io/557f5b7e-0f98-47a0-bd04-b399f619ffbf/5c9d1373-10dd-4c30-9ced-06a540edaa6b/57a5a86b-8923-0e0b-0ae8-ac9170dcee89.png" style="--en-naturalWidth:2134; --en-naturalHeight:1302;" width="952px"/><div>However, engineering cultures tend to overemphasize explicit knowledge sharing like documentation. <b>We need personal socialization</b> just as much. And thus networks. </div>
<div><br /></div>
<div>As an example, <a href="https://www.oreilly.com/library/view/software-engineering-at/9781492082781/" rev="en_rl_none">Software Engineering at Google</a> (Chapter 3: Knowledge) shows the importance of accompanying tacit-explicit-tacit knowledge sharing like code reviews and documentation with tacit-tacit mechanisms like mentoring. </div>
<div><br /></div>
<div>The <a href="https://cloud.google.com/blog/products/devops-sre/dora-2022-accelerate-state-of-devops-report-now-out" rev="en_rl_none">State of DevOps Report 2022</a> reported decreased top performance, hypothesizing that the shift to remote hampers the ability to share knowledge and practises across teams and organization. <b>With fewer opportunities to gather and know from each other, innovation slows.</b></div><img src="https://cdn-images.postach.io/557f5b7e-0f98-47a0-bd04-b399f619ffbf/5c9d1373-10dd-4c30-9ced-06a540edaa6b/fbecb80f-a07a-18f4-b8f5-16e5e095b716.png" style="--en-naturalWidth:2886; --en-naturalHeight:978;"/><h2>How to increase connectedness</h2><div><br /></div>
<div>On a team level, I think we need to design for more personal communication (yes, synchronous) and collaboration (like pair programming or lunch & learns). That's at least as important as system architecture, scope, capacity and roadmaps. <b>Use DORA's insights and Conway's law.</b></div>
<div><b><span style="--en-markholder:true;"><br /></span></b></div>
<div>On an org level, I think we need to bring <b>more serendipitous interactions</b> - with people outside your day2day, slightly uncomfortable, not worth a zoom but sometimes ignite a spark. I'm betting on virtual offices like Gather Town, Workadventure or maybe even metaverse-like spaces for having a lower bar to connect. </div>
<div><br /></div>
<div>Avoid a tool-centric view and treat your digital communication & collaboration <a href="https://www.thoughtworks.com/insights/blog/leadership/why-is-employee-experience-important">as an experience </a>and space where people go. Like you don't leave your physical office to the construction company but dedicate people & time to making it a stimulating environment that employees like to go to, don't leave this to IT only. <b>Multiple functions need to collaborate to create spaces that employees like to go to and connect</b>, for example HR, Office Management, community ambassadors. Or would you expect that your physical office turns out as a stimulating, attractive environment if you stopped after the construction company is done?</div>
<div><br /></div>
<div>Be aware that social capital and connection building is subject to our biases and systemic inequalities, and access to it is limited by power hierarchies. If you <b>design for diversity and inclusion</b>, you'll get richer, more equitable interactions, boosting innovation.</div>
<div><br /></div>
Conference report: rc3 2021https://kaeff.postach.io/post/conference-report-rc3-20212023-06-30T05:46:30.009000Z2021-12-29T11:32:22Zkaeff<div>This is a summary my experience at 2021's rc3 (remote chaos experience). In the first parts, I'll share takeaways and resources from talks that I've seen. The second part describes how this online conference works, and some of my experiences and highlights outside of the talks. </div><h2>Julian Assange and Wikileaks</h2><div><a href="https://streaming.media.ccc.de/rc3/relive/487" rev="en_rl_none">Relive</a></div>
<div>If you sejust watch one talk, make it this one.</div><h3>When Wikileaks bumped into the CIA: Operation Kudo exposed</h3><div><a href="https://streaming.media.ccc.de/rc3/relive/409" rev="en_rl_none">Relive</a></div>
<div>Andy crticises the good and bad from a recent <a href="https://news.yahoo.com/kidnapping-assassination-and-a-london-shoot-out-inside-the-ci-as-secret-war-plans-against-wiki-leaks-090057786.html" rev="en_rl_none">Yahoo article</a> and reconstructs the surveillance of Assange in London, sharing evidence from ongoing trials.</div><h2>My favourite talks</h2><div>(Roughly ORDER BY date DESC)</div><h3>R3S Infrastructure Review</h3><div><a href="https://streaming.media.ccc.de/rc3/relive/878" rev="en_rl_none">Relive</a></div>
<div>This in not the main infrastructure review, but the one just for the R3S stage. It's impressive to see the efforts involved in running a stage - in this is just 1 of 8!</div><ul><li><div>1.300 hours of work (that's about 1 year for 1 person), 10 people core group + 40 volunteers (angels)</div></li><li><div>28:12h over 37 talks</div></li><ul><li><div>10 Pre-recorded</div></li><li><div>8 live remote</div></li><li><div>19 live in person / on stage</div></li></ul><li><div>Up to 1.400 concurrent views</div></li><li><div>Coding: 34 kLOC config and 25kLOC OBS customization</div></li></ul><h3>Inside Bundestag</h3><div>In German</div>
<div><a href="https://streaming.media.ccc.de/rc3/relive/358" rev="en_rl_none">Relive</a></div>
<div><br/></div>
<div>Anke Domscheid-Berg ist Aktivistin Netzpolitikerin. Sie war Bundestagsabgeordnete für Die LINKE in der Opposition in der vergangenen Legislaturperiode. Im Talk teilt Sie ihre Arbeit im Bereich Digitalisierung des Bundestags und in der Oppositionsarbeit. Außderdem legt sie ihre Transparenzbestrebungen da, und wie sie mit der Zivilgesellschaft und dem CCC zusammenarbeitet. </div>
<div><br/></div>
<div>Ihr Appell: NetpolitikerInnen aller Länder, vereinigt Euch! Die Differenzen zwischen Parteigrenzen seien oft geringer als den Widerstand innerhalb der eigenen Franktion wenn es darum geht, den ParteikollegInnen der Technik, digitalen Arbeitsweise und Tech-Politik-Themen zu vermitteln.</div><h3>Cyberpunk 2022 - wo Brain-Computer-Interfaces auf Grundrechte treffen</h3><div>In German</div>
<div><br/></div>
<div>References</div>
<div><a href="https://media.ccc.de/v/32c3-7273-unpatchable" rev="en_rl_none">Unpatchable: Living with a vulnerable implanted device </a></div>
<div><a href="https://www.youtube.com/watch?v=D0l8Ypu7Wmw" rev="en_rl_none">Black Hat USA 2018 - Understanding and Exploiting Implanted Medical Devices</a></div>
<div><a href="https://www.newyorker.com/magazine/2021/04/26/do-brain-implants-change-your-identity" rev="en_rl_none">Do Brain Implants Change Your Identity?</a></div>
<div><br/></div><h3>KOALitionsvertragsAnalyse: Mit Tools & Methoden dem Ampel-Vertrag auf den Zahn fühlen</h3><div>In German</div>
<div><a href="https://streaming.media.ccc.de/rc3/relive/491" rev="en_rl_none">Relive</a></div>
<div><a href="https://pretalx.c3voc.de/media/rc3-2021-r3s/submissions/PSEWJU/resources/KOALitionsvertragsAnalyse-Slides_sVDKwOR.html" rev="en_rl_none">Slides</a></div>
<div><br/></div>
<div>The speaker applies concept from software design, text mining and software architecture to the analysis of the coalition treaty (Koalitionsvertrag). Insights on the actual content (the coaltion treaty) are more a side note at the end. However, the topic serves more as an opportunity to learn about a wide range of techniques and tools like techniques and visualizations like word clouds, timelines, SMART goals, object modelling, C4 object models and many more. The unique idea here is applying these techniques to a topic where you wouldn't expect them. This shift of mind creates an interesting learning experience, making it a fun and engaging talk to watch.</div>
<div><br/></div>
<div>Simon Brown: <a href="http://www.codingthearchitecture.com/presentations/asas2012-the-conflict-between-agile-and-architecture" rev="en_rl_none">The conflict between agile and architecture - myth or reality?</a></div>
<div>Also on InfoQ: <a href="https://www.infoq.com/news/2016/09/agile-architecture-friends/" rev="en_rl_none">How Agile and Architecture Parted and Finally Became Friends</a></div>
<div><br/></div><h3>What is Algorave?</h3><div><a href="https://fahrplan.events.ccc.de/rc3/2021/Fahrplan/#a6af4208-3458-5795-8dfa-13e72b8daf71" rev="en_rl_none">Fahrplan</a></div>
<div><a href="https://streaming.media.ccc.de/rc3/relive/a6af4208-3458-5795-8dfa-13e72b8daf71" rev="en_rl_none">Relive</a></div>
<div>History and definition of algorave, with many cool samples, from toplap in Berlin.</div>
<div>I've been to algoraves, i.e. live coding music performances, in Barcelona. It was great to see the variety of different styles, music genres, tools and languages in this introductory talk.</div>
<div><br/></div><h3>Tech Dominatrix. Device control as a fetish.</h3><div><a href="https://fahrplan.events.ccc.de/rc3/2021/Fahrplan/#861150d5-5c64-533a-8ae2-5ae030163f4c" rev="en_rl_none">Fahrplan</a></div>
<div><a href="https://streaming.media.ccc.de/rc3/relive/861150d5-5c64-533a-8ae2-5ae030163f4c" rev="en_rl_none">Relive</a></div>
<div>Device control as a fetish. Makes you realize the depth of the internet and society, with niches for every interest. It's human dreams and wishes after all, and technology creates spaces for everyone.</div>
<div><br/></div><h3>Deine Software, die Sicherheitslücken und ich</h3><div>In German</div>
<div><a href="https://streaming.media.ccc.de/rc3/relive/278" rev="en_rl_none">Relive</a></div>
<div>Mit Lillith und Karl von zerforschung und Linus Neumann. </div>
<div>Zerforschung ist ein Kollektiv von jungen HackerInnen, die in 2021 viele Sicherheitslücken aufgedeckt haben. Mediale Aufmerksamkeit haben vor Allem Datenlecks in Corona-Testzentren erhalten. Lillith wurde von der CDU verklagt, nachdem sie im Responsible-Disclosure-Verfahren eine Sicherheitslücke meldete. Nach diesem Einschüchterungsversuch verweigerte der CCC die Zusammenarbeit mit der CDU, und eine Welle von Full-Disclosures (Veröffentlichungen von Sicherheitslücken ohne vorherige Ankündigung) folgten.</div>
<div><br/></div>
<div>Im Talk geht es darum, wie SicherheitsforscherInnen mit gefundenen Schwachstellen umgehen sollten - ethisch korrekt, aber auch zum Selbstschutz. </div>
<div><br/></div>
<div>Der Talk wurde vorproduziert, und hat daher eher den Charakter eines YouTube-Videos: Unterhaltsam, gutes Tempo, klar artikuliert, einfach zu folgen.</div>
<div><br/></div>
<div><a href="https://zerforschung.org/posts/rc3-2021/" rev="en_rl_none">Das komplette Manuskript und alle Links im Blog von Zerforschung</a></div>
<div><br/></div>
<div>Learning: Be careful with public GraphQL endpoints for single-page apps. With <a href="https://zerforschung.org/posts/gorillas-en/" rev="en_rl_none">Gorillas</a> and <a href="https://zerforschung.org/posts/flink/" rev="en_rl_none">Flink (German)</a>, Zerforschung describes two case studies that reveal problematic areas of the data access layer:</div><ol><li><div>Introspection and the self-describing nature of GraphQL might leak insights to attackers, making it easier to discover valuable data to extract </div></li><li><div>API endpoints are publicly available, and access tokens available in the app binary or web app's plain text</div></li></ol><div><br/></div>
<div>Missing authorization and/or gaps in access control lists seem to be the a common weakness, leading to sensitive data becomes available. In the cases presented, researchers were able to extract the following data from the world-readable, public endpoint</div><ol><li><div>Security configuration, e.g. 3rd party API secrets </div></li><li><div>Employee PII</div></li><li><div>PII and transactional data from other customers</div></li></ol><h3>Catching NSO Group's Pegasus spyware</h3><div><a href="https://streaming.media.ccc.de/rc3/relive/410" rev="en_rl_none">Relive</a></div>
<div><br/></div><ul><li><div>MVT: Forensics tool to catch </div></li></ul><div><br/></div><h3>Let's review code together</h3><div>In German</div>
<div><a href="https://media.ccc.de/v/rc3-2021-cwtv-228-lets-review-code-toget" rev="en_rl_none">Recording</a></div>
<div><br/></div>
<div>How to learn and have fun together by running a code reading club</div>
<div><br/></div><h3>ADS-B & AIS - Open Data is in the air</h3><div>Like Flightradar but Open Source: Catches radio signals from airplanes and boats that broadcast their position, and visualizes them on a map.</div>
<div>With multiple base stations, signal can be triangulated to improve results.</div>
<div>Over 6 years in the making.</div>
<div>Other projects like this exist. Volunteers share ADSB data internationally. Interesting use cases on top of this, like a tracker for planes from dictatorships.</div>
<div><br/></div>
<div><a href="https://streaming.media.ccc.de/rc3/relive/114" rev="en_rl_none">Relive</a></div>
<div><a href="https://www.rtl-sdr.com/tag/dump1090/" rev="en_rl_none">More on dump1090</a></div><h1>Attendee experience</h1><div>While not trying to replace an in-person congress, rc3 replicates the experience online as much as possible.</div>
<div><br/></div>
<div>The conference does not happen in a single place but consists of many different streams, platforms and websites:</div><ul><li><div>The main<b> conference program</b> are talks and performances on 8 stages, curated individually but centrally available via the conference program <a href="https://fahrplan.events.ccc.de/rc3/2021/Fahrplan/#_" rev="en_rl_none">fahrplan</a> and the <a href="http://streaming.media.ccc.de" rev="en_rl_none">streaming.media.ccc.de</a> server</div></li><li><div><a href="http://rc3.world" rev="en_rl_none">rc3.world</a> is the main <b>event space</b> to meet other participants and discover self-organized parts of the event: 2D world, assembly directory and (another version of) fahrplan</div></li><li><div><a href="https://eventphone.de/blog/" rev="en_rl_none">Eventphone</a>, a DECT/SIP telephone network </div></li><li><div>Chat and Q&A on IRC and <a href="http://Rocket.Chat" rev="en_rl_none">Rocket.Chat</a>, or using hashtags on Mastodon and Twitter</div></li></ul><div><br/></div>
<div>The ccc events are truly distributed, crowdsourced and in nature and by design. Therefore, it's not easy to keep a tab on everything that's happening or discover everything that's out there. With remote, even more so. The event constantly changes, as the world maps are improved, information material added, new initiatives spawn.</div>
<div><br/></div>
<div>The 2D world is a workadventure instance. Like in a 16bit role-playing game, you chose an avatar and start walking around. </div><img src="https://cdn-images.postach.io/557f5b7e-0f98-47a0-bd04-b399f619ffbf/aa49b2f8-d851-abdc-2ae8-9a60a0100e5f/393ca548-6a44-8327-cd72-102f763c3ab2.png" style="--en-naturalWidth:600; --en-naturalHeight:727;" width="538.101788170564px"/><div>From the main lobby, the Fairy Dusk Bay, you get to different islands that serve as overview maps for assemblies, regional CCCs etc. . The islands can be giant, and there are easily 100+ community-organized rooms, some giant by itself. </div>
<div><br/></div>
<div>You can talk to anyone by just walking up to their avatar. There are also designated areas for group conversations (over jitsi). This makes it easy to meet new people, be it just for a quick chat or +1h of conversation. It's the culture of CCC that everyone is open, friendly, curious and happy to nerd out on any given topic.</div>
<div><br/></div>
<div>It's very easy to get lost or hit a dead end. But many maps are just beautifully designed and carefully crafted. Some elements are recreations of recurring themes from physical congress, others are imagined utopias only possible in this virtual space.</div>
<div><br/></div>
<div>Because all happens in the browser, many places/elements will open a side window. This could be a video or music stream, a jitsi group call, an etherpad/whiteboard or any other content, really.There is so much to discover: Games, museums, music, cinema screenings, fireworks, etc etc. This <a href="https://streaming.media.ccc.de/rc3/relive/225" rev="en_rl_none">walkthrough of the haecksen asssembly</a> gives you an idea.</div>
<div><br/></div>
<div>My highlights (or just noticeable moments):</div><ul><li><div>A Fireside chat at <b>Sendezentrum</b>, chatting about bass guitars, online music peforming, remote podcasting, beer, what makes a good conversation, mate, independence movements, and of course: podcast recommendations - <a href="https://www.youtube.com/channel/UC60odvY3Y2AElj-Dqv2A2XQ/videos" rev="en_rl_none">Bleepy Toys</a>, <a href="https://segfault.fm/" rev="en_rl_none">segfault.fm</a>, <a href="https://blog.binaergewitter.de/" rev="en_rl_none"> Binärgewitter</a> and <a href="https://darknetdiaries.com/" rev="en_rl_none">Darknet Diaries</a></div></li><li><div>I found <b>warpzone</b>, the hackerspace of my hometown that I visited once or twice, around 2011, when it was created. I left quickly, both as I had problems with the jitsi settings, and also as the conversation was around Jira vs Github issues and other work-related topics - way past 2am! I wanted to visit again at another point in time, but couldn't find the assembly anymore</div></li><li><div>Getting stuck in irish assembly. About 40 people got stuck there, because the exit wasn't configured correctly. Being so crowded, it was unavoidable to bump into others.</div></li></ul><div><br/></div><img src="https://cdn-images.postach.io/557f5b7e-0f98-47a0-bd04-b399f619ffbf/aa49b2f8-d851-abdc-2ae8-9a60a0100e5f/d64b5e1f-7195-67b0-a02d-b2d332485b88.png" style="--en-naturalWidth:925; --en-naturalHeight:902;" width="607.0953436807094px"/><div><i>The jurrassic park-inspired gate in one of the overview worlds</i></div><img src="https://cdn-images.postach.io/557f5b7e-0f98-47a0-bd04-b399f619ffbf/aa49b2f8-d851-abdc-2ae8-9a60a0100e5f/484b53e0-f9b4-21b4-0241-7354d5520867.png" style="--en-naturalWidth:1100; --en-naturalHeight:785;"/><div><i>The OpenStreetMap assembly was beautifully styled - as a map, of course</i></div><img src="https://cdn-images.postach.io/557f5b7e-0f98-47a0-bd04-b399f619ffbf/aa49b2f8-d851-abdc-2ae8-9a60a0100e5f/a8df0209-dc49-d0a1-3499-6193309334ff.png" style="--en-naturalWidth:952; --en-naturalHeight:493;" width="867.0344827586207px"/><div><i>In the 2D world, you can talk to anyone by just walking up to their avatar. To avoid too much chaos, the main lobby and islands are "slient zones" otherwise explicitly noted.</i></div><img src="https://cdn-images.postach.io/557f5b7e-0f98-47a0-bd04-b399f619ffbf/aa49b2f8-d851-abdc-2ae8-9a60a0100e5f/4c1d1654-add8-a36d-ef77-42fcc31d702d.png" style="--en-naturalWidth:537; --en-naturalHeight:555;"/><div><i>I had a nice evening at the Sendezentrum campfire </i></div><h2>Other tinkering</h2><div><br/></div>
<div>All the inspiration at rc3 makes you want to build and experiment. Some things I did:</div><ul><li><div>Setting up mastodon. Follow me: <a href="https://mastodon.green/@kaeff" rev="en_rl_none">@kaeff@mastodon.green</a></div></li><li><div>Setting up a new blogging system </div></li></ul>Flexible mission teams: Self-selection reteaming at Zalandohttps://kaeff.postach.io/post/flexible-mission-teams-self-selection-reteaming-at-zalando2023-12-13T10:35:43.790000Z2021-12-28T12:16:18Zkaeff<div><br/></div>
<div>This post is summary of the <a href="https://www.thoughtworks.com/yconf" rev="en_rl_none">YConf 2020</a> talk <b>How to create more business impact with flexible teams</b> by Jan Hegewald (Director of Engineering at Zalando) and Rebekka Beels (Head of Engineering at Zalando)</div>
<div><br/></div>
<div><iframe width="560" height="315" src="https://www.youtube.com/embed/VXHisQYx3OE" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen></iframe></div>
<div><br/></div>
<div><i>Usually, Software Engineering teams are organized around a fixed set of components which they develop further and maintain. Such component teams gain a high level of expert knowledge about their services. However, with agile product development, it often is difficult to implement the most important initiatives with such teams. This leads to a situation where the teams do not work on the most relevant business topics but on those for the respective team. At Zalando, we introduced a new model where we shape teams flexibly around business goals to create the highest impact. How we organize these teams and which challenges especially for the software quality need to be addressed, will be explored in this talk.</i></div><h2>How to create more business impact with flexible teams</h2><div><br/></div>
<div>The summary slides describes the pros and cons of stable and flexible mission teams, Zalando's mission process, pitfalls to watch out for as well as the observed effects in terms of midset shift, results and flexibility:</div><img src="https://cdn-images.postach.io/557f5b7e-0f98-47a0-bd04-b399f619ffbf/32a6265e-7857-98e0-7691-87fef93631e2/b272f1bb-2d2b-3c0b-f99e-cbd12b23dfc4.png" style="--en-naturalWidth:1336; --en-naturalHeight:632;"/><div><br/></div><h2>Stable vs flexible teams</h2><div>Stability allows teams to build up knowledge, specializing in the domain and technology. </div>
<div><br/></div>
<div>However, when multiple teams are involved in big initiatives, <b>stable teams can be a blocker to business impact</b>. The overall work in progress is high but throughput is low: Each team's backlog contains parallel work, contributing to various topics, small tasks block the big things. Another problem is unequal utilization: Some teams aren't busy, while others have too much work and become a bottleneck.</div>
<div><br/></div>
<div>With missions and flexible teams, Zalando achieves</div><ol><ol><li><div>Focus and avoiding distractions</div></li><li><div>Moving the big blocks</div></li><li><div>Overall Utilization</div></li><li><div>Increased Velocity</div></li></ol></ol><h2>The Mission lifecycle</h2><div>Missions have a regular lifecycle of 2 weeks to 4 month and start with Pitch, Sign-up and Kickoff.</div>
<div><br/></div>
<div>In the <b>mission pitch</b>, product managers explain the mission (Goals, Milestones, skills, size) and advertise the missions to the teams. </div>
<div><br/></div>
<div>Colleagues <b>sign up</b> by selecting their preferred missions (#1, #2). Based on this preference, Engineering Managers do the final assignment, because they are responsible for staffing and people development.</div>
<div><br/></div>
<div>The team organizes a <b>mission kickoff</b> to create the roadmap, milestones and backlog. They also decide on ceremonies and ways of working.</div>
<div><br/></div>
<div>At the end of the mission, the team dissolves.</div>
<div><br/></div>
<div>The authors give an example of how multiple mission of varying length and size ran in parallel in the POP department (15-30 engineers) during 2020:</div><img src="https://cdn-images.postach.io/557f5b7e-0f98-47a0-bd04-b399f619ffbf/32a6265e-7857-98e0-7691-87fef93631e2/fffe3ef0-5d48-0042-0e42-3529c3f1d5ea.png" style="--en-naturalWidth:1511; --en-naturalHeight:433;"/><h2>Delivery Models address different types of work & product lifecycle</h2><div>The following graphic explains how different types of missions exist for addressing different types of tasks or to cover different stages of the product lifecycle:</div><img src="https://cdn-images.postach.io/557f5b7e-0f98-47a0-bd04-b399f619ffbf/32a6265e-7857-98e0-7691-87fef93631e2/e2a4ef31-d322-2553-6d4e-448b1d0cf2d7.png" style="--en-naturalWidth:1571; --en-naturalHeight:882;"/><div>Zalando follows a 4-stage approach to product development called <b>4D</b>: Discover, Define, Design, Deliver. Missions can be <b>split across the product development cycle</b> to support needs for each phase:</div><ol><li><div>First, an exploratory missions defines the business goal and customer understanding</div></li><li><div>Implementation follows in a design & deliver mission</div></li></ol><div><br/></div>
<div>Not all work is new feature development and software systems require ongoing care. The mission model accounts for <b>maintenance, operations and improvements</b> in various ways:</div><ol><li><div>Reserved time at the end of each mission</div></li><li><div>Delivery missions with the goal of technical improvement</div></li><li><div>Bob missions for small and operational tasks</div></li></ol><div>Incident Handling and prevention takes precedence over mission tasks</div>
<div><br/></div>
<div>The mission approach also allows <b>working with other departments</b>. <a href="https://opensource.zalando.com/docs/resources/innersource-howto/" rev="en_rl_none">Innersource</a> enable another team to contribute to our services. For closer collaboration, Mixed Delivery Mission allow teams from different departments to go on a mission together.</div><h2>Challenges of mission teams</h2><div><b>Knowledge transfer</b> became a challenge. When reteaming regularly, colleagues require broader knowledge and less specialization.</div>
<div><br/></div>
<div>Jan and Rebekka realized that missions led teams wanting to standardize ways of working -</div>
<div>Lacking ownership and degrading Quality</div><ul><li><div>Addressed through boyscout principle</div></li><li><div>Plan time for cleanup at the end of the mission</div></li></ul><div>Disruptions</div><h2>The outcome: Increased velocity and mindset shift</h2><ul><li><div>Velocity increased</div></li><li><div>Mindset of ownership & engagement</div></li></ul><h2>Our Experience</h2><ul><li><div>like feature teams</div></li><li><div>Mission has a certain scope and feature to enable</div></li><li><div>Other teams are also part of the mission - data consumers and producers</div></li><li><div>Developer anarchy. Devs have freedom and are gelled</div></li><ul><li><div>Devs write stories, create roadmap</div></li></ul><li><div>Design phase </div></li><ul><li><div>outcome solution document</div></li></ul><li><div>mission kickoff -> driven by team</div></li><ul><li><div>roadmap, phases, </div></li><li><div>ceremonies</div></li></ul></ul><h2>Further Resources</h2><ul><li><div>Book: <a href="https://www.goodreads.com/book/show/32853178-dynamic-reteaming" rev="en_rl_none">Dynamic Reteaming</a> by Heidi Helfand</div></li><li><div>Book: <a href="https://www.oreilly.com/library/view/creating-great-teams/9781680501650/" rev="en_rl_none">Creating Great Teams: How Self-Selection Lets People Excel</a> by Sandy Mamoli and David Mole</div></li><li><div>InfoQ: <a href="https://www.infoq.com/articles/self-selection-reteaming-redgate/" rev="en_rl_none">Lessons Learned from Self-Selection Reteaming at Redgate</a></div></li><li><div>Blog: <a href="https://www.agil-gefuehrt.de/mit-flexiblen-teams-agilitaet-skalieren/" rev="en_rl_none">Mit flexiblen Teams Agilität skalieren</a> (Scaling agility with flexible teams) by the speaker of this talk, Jan Hegewald [German]</div></li></ul>