Do you Respond to a [Software] Attack with Unarmed Fighter Jets?

You can’t entirely prevent an software attack, but you can be prepared to respond.

In 2015, we learned an interesting fact about how prepared the United States Armed Forces were to respond to an attack. During the attacks on September 11, 2001, after three other airplanes attacked the World Trade Center and Pentagon, all flights were ordered to land immediately. But Flight 93 continued its course towards Washington, D.C.

In response to Flight 93 disobeying the orders to land, the government ordered multiple F-16 fighter jets to scramble and fly towards Flight 93, presumed to have been hijacked due to its refusal to land. What we did not know until 2015 is that the fighter jets were not equipped with munitions to shoot down the plane. Consequently, the only option was for the pilots to ram the jets mid-air to stop them from approaching Washington D.C.

Apparently, the U.S. was more focused on threats farther away and had disarmed their domestic fighter jets. I don’t want to second-guess or comment on their military strategy, but did they ever play the game of Risk?

Prepare to Respond to Attacks in Modern Software Warfare

The September 11, 2001 attacks are similar to and an example of how it is nearly impossible to see and detect every threat. Likewise with software, as programs get more complex, users get more creative, and inter-connectivity increases, it leaves applications vulnerable. Software developers should do everything they can to protect their applications. However, I subscribe to the philosophy that if your applications are popular enough, eventually your systems will get hacked.

When your application is hacked, how you respond to those attacks will be just as important as protecting yourself in the first place. It’s a sad but true reality that we can’t anticipate all threats. But, I do believe that we can be more prepared to respond.

At Event Espresso and Event Smart we have a fairly rapid release process where within a minute or less of fixing a security hole we can release updates to our products. While that won’t stop the attack from happening in the first place, it does allow us to quickly block the attack and move on to damage control.

While an ounce of prevention is worth a pound of cure, as software developers we should have a process in place to manage an attack of various types that was unable to be prevented.

Ultimately, we were fortunate that the passengers of Flight 93 were able to neutralize the plane and do what the U.S. military was not very prepared to do. But we should not find ourselves in such a vulnerable position so that when an attack happens we are not even prepared to respond.

What is your process for responding to an attack on your software, platform or infrastructure?

whole foods peeled oranges

Whole Foods’ Irony is an Example of Making it Easy for Customers

It was a true irony when Whole Foods started selling peeled oranges by replacing the natural peel with a plastic container. For an organic and natural food retailer, this was a cardinal sin.

Whole Foods quickly recognized their mistake and retracted the product.

It should be obvious how critical it is to meet BOTH the tangible needs and core values of your customers. Selling plastic-packaged peeled oranges makes very little sense when you evaluate that product from the point of view of their customer’s core values (generally, they value natural, organic materials and wish to minimize their burden on the environment). At first glance, this seems like an obvious mistake of Whole Foods; a moment of insanity by the produce manager. 😱

But less obvious from Whole Foods’ mistake is a hidden lesson: What can we do to make it as easy as possible for customers to consume our products/services? 💡

At this point in my life, I would never purchase a peeled orange. I don’t want to spend the money on it, plus it doesn’t seem as sanitary, and it does seem wasteful to have to throw away the plastic packaging. However, for a segment of customers with specific needs (use-case) the peeled orange was very helpful. Assuming it’s easier to open these plastic containers, pre-peeled oranges can be a great convenience to people who have limited use of their hands from injury or diseases such as arthritis or rheumatism. And for customers who have a preference for traditional, non-peeled oranges, those are still available for purchase.

The lesson I learn from Whole Foods’ mistake is to make it as easy as possible for customers to access your product. The easier it is to consume the more people will buy AND/OR you’ll attract new customers who will now be able to buy your product.

What do you learn from this?

remote controls commercials and team cadence

What I Learned about Team Cadence When My Wife Had the Remote Control

If you’re a sports fan with DVR, you usually have a queue of recorded sporting events to catch up on before you accidentally come across the scores in the ticker tape, headlines, get a score notification on your mobile device, or a text from a friend ruining the surprise. 😖 And, if you’re going to get through that queue of excitement quickly but without missing the action, you have to be skilled with a remote control to skip the commercials and intermissions.

There is Skill to Using a Remote Control

I have mastered just such a skill.  I have a sense of knowing when to start and how long to 4xfast-forward (>>>>) the recording before I need to push the play button again just as the commercials end and the sporting event resumes. I have the muscle memory for knowing how many taps of the fast-forward button and how long to let it fast-forward before pushing the play button. This muscle memory has developed because the commercial breaks are predictable enough that I can almost anticipate when they start and stop.

It wasn’t until I let my wife hold the remote and be responsible for skipping the commercials did I realize that she was still learning the higher ways of using the remote control. She didn’t fast forward right at the beginning of a commercial break, so we were stuck watching lame commercials for a while. Then, sometimes she fast forwarded too much and we missed part of the game when it came back on. If you’re Type A like I am, it is a little painful to refrain from taking over. 😱

Are You That Familiar with Your Team’s Cadence?

Because of enough experience with television programming, commercials, and the remote control, I can skip commercials with ease. I also have a sense for my team’s cadence of accomplishing tasks. Do you have a sense for how fast your team is moving? Does your team have a rhythm, a fairly consistent burn down rate or velocity? Would you notice when things change? I did.

We have a new project that is running over time and over budget. This new project has been particularly challenging because it has required a new development skill-set, new tools and new service. It’s an important project, but our approach has taken us out of our normal expertise. We had a chance to re-evaluate that project and decided to slow down development on that project and re-focus on our core projects.

Within two days of redirecting our development toward the tasks that we normally work on, I noticed we were completing the development we are more familiar with at a much faster pace and more predictable rate (cadence).

I also noticed a change in the demeanor of those affected. We had added motivation and energy because we were able to get things done.

When I have the remote, we watch fewer commercials and more sports. When my wife has the remote, we watch more commercials and less sports. Likewise, when your team is taking on tasks that they are not familiar with doing, you will get less accomplished and perhaps be frustrated.

My Wife Helped Me Connect the Remote Control and Team Cadence

I’m not throwing my wife under the bus. She is amazing. ❤️ She just wasn’t doing what she does best (baking cinnamon rolls is where she really excels). She was actually trying to help me relax and watch games while my hands were full typing blog posts. But then she also taught me something:

If your burn down rate or development velocity is not what it normally is, then you might reconsider whether what you are doing now is what you are best at doing.