Great example of a simple risk framework in action.

Really great guide. I love the community focus — so many of these security guides are individually-oriented, which limits their applicability to groups, especially volunteer groups.

A pretty good checklist. Some things are tailored for the relatively-higher risk faced by journalists, but with some judicious “not applicable” application could be a good checklist for anyone.

“Ghost is a distributed non-profit foundation which gives away all of its intellectual property under a permissive MIT license. The company has no investors and, in fact, no owners of any kind. I don’t own any part of Ghost, and neither does my co-founder Hannah.

We currently generate around $7.5M in annual revenue, and have been profitable and sustainable for the past 12 years.

“Wait, what?”

I’m glad you asked.”

Round up of research and commentary on phishing sims

I suspect the tone here — largely laudatory, abd looking up to people like Peter Thiel and Paul Graham — will rub most of my readers the wrong way.

Look past that, and pay attention to the notes on what makes Palentir work. I completely agree with a lot of the conclusions about how important being embedded with real customers is. It happens also to be the model that I saw working at 18F and USDS!

Detection Engineering is a concept that has emerged in the detection space. It acknowledges the complexity of a detection stack and the…

I only have 1% of the notability as Scalzi but this still super resonates. People think they know me, and look up to me, but they only know this somewhat-curated facade. Please don’t idolize me, either.

A blog about making culture. Since 1999.

GraphQL is an incredible piece of technology that has captured a lot of mindshare since I first started slinging it in production in 2018. You won’t have to …

Interesting framework for thinking about risk mitigation. Designed for workplace protection, but could be applied to lots of different risk scenarios. Compare with Magoo’s Five Factors, there are some similarities here.

We promote people into management and we just hope that they figure it out. And then we stand, mouth agape, when things go sideways. And this isn’t just a problem for our new managers. We are 40 years into this strategy and now the overwhelming majority of the workforce came up through this same form of occupational hazing. Here’s a new job. It’s very high stakes. It’s totally different from what you’ve done to date. And the skill set isn’t intuitive at all. You’re smart. You’ll figure it out. And if not, you’re fired. Good luck.

I’ve only ever seen NPS used in bad ways, ranging from “silly” to “outright sociopathic”. Thus I’m inclined to try to never have to use NPS ever again. But if I ever have to, here is apparently some tools for using it in non-shitty ways.

An alternate pattern to architecture teams for determining technical direction.

But over time, I’ve come to believe there are some skills at the heart of professionalism that might be worth saving, and as a teacher, I am always trying to balance teaching the way things should be with the way things are. So when I have to teach it, I try to talk about professionalism as a way of caring about others around us. Professionalism, at its best, is as an act of love and belief towards those we work with, rather than a set of behavioral standards that we have to live up to. We review final documents for typos because taking the time to produce high quality, clean, work product shows our clients that they matter to us. We send agendas, and show up on time because we care about those we’re meeting with, and not wasting their time is a way to express that care. And when these norms do not communicate care - when they will not succeed in making our people feel cared for, we can let them go.

“So remember, much like many other management problems, trying to be “nice” where you should be clear is one of the worst things you can do. “

Actual study is here: https://arxiv.org/pdf/2112.07498.pdf

Maybe the best intro to LLMs I’ve seen yet.

So this came up in a slack and then i had a long expansion and someone asked me to make it a post so they could link it to people and well ok fair enough  

It’s gonna be heck…

If you want to design a good interview process, then read this and do precisely the opposite. Good lord….

“Compensation won’t make people happy on its own Compensation alone can make people very upset Compensation helps to create owners”

The origin of the term “soft skills” really highlights the absurdity of what we now call “hard” skills.

Pretty fantastic DEI crash course for companies. Super-tactical, filled with really good specific advice and actions.

This is the definitive “why you shuoldn’t use a VPN” article that I link every time the topic comes up.

Unfortunately, it appears Bitwarden may have coppied some of the pretty unfortunate design decisions from LastPass. I might have to revise my recommendation.

The best piece on Python packaging — why it’s the mess that it is — written yet. Required reading if you want to understand how we got here and maybe how we’ll get out.

Great (as usual from Will) roundup of the kinds of meetings effectve eng orgs have.

My only addition: I find demo days (mentioned breifly) quite useful; they seem to really drive a culture of shipping.

I’ve gone through this myself – unsuccessfully – and wish I’d had this guide. Great information about a confusing and opaque process.

For the past several years, I’ve run a learning circle with engineering executives. The most frequent topic that comes up is career management–what should I do next? The second most frequent topic is measuring engineering teams and organizations–my CEO has asked me to report monthly engineering metrics, what should I actually include in the report? Any discussion about measuring engineering organizations quickly unearths strong opinions. Anything but sprint points! Just use SPACE!

Fucking excellent analysis of both the technical, legal, and policy failures at play here. Required reading.

Build a virtuous loop of progress, which builds so much joy, which, in turn, makes you more productive

Fantastic post about what building an ML system feels like.

My favorite planning exercise

How to plan? How hard could it be? 4k words scribbled down on a sunny October afternoon for people in tech observing the Season’s Traditional Annual Planning Process, inspired by a recent interview question (and 25 years of variously painful planning processes).

Really fantastic crash course in pay systems.

Feeling pretty vindicated about my feeling that study points are bullshit: the dude who invented them agrees.

My latest in Quartz… My partner and I had a hellish move recently. We were lucky in that our landlords are nice, reasonable people, and unlucky in that they were quite disorganized and hadn’t done …

“your job is not to manage people but to manage processes and lead people”

“If you do not realise this, and assume that everyone who says they are working eight hours per day actually is, you are probably going to wreck your mental health trying to keep up with them. Stop it at once.”

I’ve been thinking lately about what “professionalism” means. This is a great part of it.

Great advice on getting better at writing.

“This is the part where I say something about how more diverse teams build better products, and how diversity of backgrounds, identities, and opinions leads to better decisions. That is all true. However, in this organization we value diversity and inclusivity because that is the morally and ethically correct thing to do. That it benefits us, our customers, and the company is nice. We will do it regardless of how true that is. If inclusivity fails to benefit us, our customers, or the company, we will seek to realign that conflict rather than cease being inclusive.” (The whole thing is this good.)

Great Twitter thread with some hard truths about “we need to hire more engineers”