This week: two exams, one easy, one difficult. Work has become difficult, and I want to know what to think about that.

MiSc

I sat the third and fourth exam out of the total ten I need to sit to be granted the title of ‘Master of Science’. I passed the first two with 67% and 83% respectively. Of the two exams, I hope on the first I did well enough to clear 60% – and on the second, I will be lucky if I clear 50%. It is the first time in my life that I’ve sat a paper and not had a strong sense of at least having passed. This is naturally weighing heavily on my mind. It disturbs my sleep and makes me snappy and annoy(ing | ed).

With that being said, I have really enjoyed it. I feel like I’ve learned a lot – about how the Internet works, about the many problems with computers, and about the continuous battle between usability and security; between making something that does what it’s told and something that doesn’t do what it’s told when it’s told to do something dangerous. There is a deep and interesting history to computers and trying to secure them: from the contradictory and mathematical models of Biba and Bell-LaPadula to the very secure, very commercially unviable Multics system to the ethical and security implications of deliberately committing bad code to open source projects. And I’m only one-third of the way through! My notes, as ever, remain irreverent and free for anyone to read (though they’re way better if you use Obsidian, because you get pretty graphs).

The next term starts on the 17th, and so I’ve got a little bit of breathing space. I’m going to use it to try deploying some of this work into AWS, because I’ve got enough money to run it for a couple of years and that means I can use it to figure out how to do it really well, with a greenfield project. This is the absolute dream – who doesn’t want to get paid to figure stuff out. Now I just need to figure out which of the 17 ways AWS lets you deploy containers is best for this project…

I’m also starting to sniff around for security-flavoured things to write my MSc project on. So far, I’m thinking about witness protection data in an era of machine learning and building and disseminating secure AWS Constructs that my organisation could use by default. I’m really interested in other ideas. Let me know.

Work

I remain the only developer on my team, but this should only be for the next four weeks. However, while it’s happening, we’re facing up to a really interesting team challenge. Nobody else is qualified to read my code. I may have gone completely rogue overnight, and at the end of the day we’re shipping something pretty important. However, if nobody reviews my code, and I shouldn’t be allowed to just merge it (see: gone rogue), no code is being shipped. Worse, every bit of code that I write is adding to risk: four weeks of code being deployed simultaneously is an agile anti-pattern, because if something breaks we’ve got to dig through all of that material to figure it out.

Unfortunately this leads to the conclusion that I need to take the next four weeks off, and I don’t want to do that. Instead, I’m continuing to figure out code, trying to find crunchy problems, writing design documents, and doing other things – where it’s less of a risk if I am indeed a malicious insider. One of those things is the Fast Stream matching algorithm, which is approaching a version 1.0 release, and the mentor-matching service, which is approaching a beta release. On the Fast Stream matching script, I might have acquired an extra pair of hands for the next six weeks – which will give me a chance to remind myself how to break up work for someone more junior. I’m really looking forward to that.

I am really interested to see if we run into the question of service assessment with these pieces, because in my view they’re just…quite complicated Excel formulae. I mean, yes, alright, very complicated, but I have also seen more complex Excel formulae actually written in Excel. If you’re wondering, it was a colleague in a department who wrote his own rota-scheduling software with macros that he taught himself to write from StackOverflow. Nonetheless, there is still a sense that we programmers are terrifying wizards whose actions must be scrutinised, while Excel is just Excel, and since everyone has access to it, what’s the worst that could happen?

I won’t answer that question, because it’ll make you nervous about how many of your colleagues have access to Excel.

Finally, my organisation is running the annual DDaT assessment: an opportunity for self-reflection and a chance to try to move up to the next rung in the capability ladder. Each role has five points (I call them 1, 2, 3, 4, 5; internally they’re called something else, but 1/2/3/4/5 makes sense to me). In theory this means we have 25 levels for a software developer to move through; practically, you should be able to skip a couple of levels when you achieve promotion. I’m currently at level 4. Level 5 would require evidence that I am exceeding in every possible axis and, given I was recently unsuccesssful at promotion, I’m not completely convinced that I am exceeding along every axis.

If it turns out that I am, I shall be jolly cross: because it begs the question of why I didn’t get that promotion.