Talk to the real customer and listen carefully…

As an architect one has to interact with different stakeholders. An architect interacts with developer, tester, requirement engineer (our internal customer), fellow architect, designer and the real customer. Out of all this interaction, I feel the interaction with the real customer always fascinates me a lot. I will share one such instance here. In the recent times I visit a hospital regularly for my kid’s vaccination. The regular pattern is like we call the hospital and book an appointment. The appointment itself doesn’t contain a time slot or any waiting list number (token number). After this we need to physically visit the hospital, pay the consultation fees and get a waiting list number. Then we wait for our turn. This waiting is a painful one for all the visitors. The hospital has a nice IT system that helps them in patient management, billing, consultant management and employee management. Being a software solution provider I thought this is great opportunity. Add a module that can provide automated online appointment management (web based/mobile based). The visitors need not waste their precious time and still gets to meet the consultant on time.

I got a chance to meet the hospital head and mentioned this solution. Also I elaborated how easy it is to add such a module. He listened carefully and then uttered the following

“I know it is easy to add online appointment management to our system. But in our locality people still judge the popularity of a hospital by the amount of crowd waiting for consultation. If I reduce the crowd by introducing such a system, then it will bring down the popularity of the hospital. So having a manual appointment management system is a conscious business decision.”

I learned the reason and thanked him for the clarification. As I stated in the beginning interacting with a real customer is always fascinating.

Software Architect & Big Picture

In this post I am going to cover an important responsibility of a software architect. A software architect should know and own the big picture. The big picture is a collection of important decisions, if broken has a system wide impact. Often software teams come up with the following arguments for not having an architect

  • Architects don’t code. They are costly resource.
  • We need the architects at the start of the project then we don’t need them.
  • Architect just write power points and don’t understand the details.

But in reality a software architect is not a role with all the details. This role works with all the abstraction of abstractions. A software architect is responsible for ensuring that all the quality attributes are achieved. For a simple small project a software architect may not be needed. But the moment project becomes huge and complex the team needs someone to take up the role of software architect. To do this a software architect needs to know and own the big picture. The component teams often make lot of local design decisions. A software architect should be able to identify decisions that might have an impact on the big picture. And if a local decision will break this big picture then it’s the architect’s job to communicate and do a course correction. Ok enough of abstract talk. Let me give a real world example.

I used to visit one of my friends who run a cell phone repair shop. One day a customer came to the shop with lot of anger. He mentioned that the helper broke his mobile and the camera is not working any more. My friend inspected the phone and found the memory card was filled up. There is no space left for storing a new picture. He explained this to the customer. But the customer mentioned that the camera was working until he gave the phone for servicing. Now my friend enquired the helper regarding the service he performed. The helper mentioned that as a part of service the customer asked for some songs to be loaded to the phone. The helper filled up the memory card with songs. Now my friend said to the helper that the memory card is a shared resource. At least 30% of it should be left empty. This is a basic rule of servicing. The helper freed up this space, learned the lesson and gave the mobile back to the customer. Customer mentioned “I normally don’t give my phone to your helpers directly. Next time I will give my phone for servicing only during your presence”.

In this story the helper was focusing on one aspect “Loading the music to the phone”. He decided to fill the entire memory card with music to delight the customer. But he was not aware of the implication it might have on the other subsystem (camera operations). And he broke the rule of leaving 30% space free. In real life software projects each of the component team is thinking about its component and makes such local design decisions without knowing its implications on the other subsystems. And they may break an architectural decision. Here my friend is like the software architect and the helper is like the component designer. A software architect needs to communicate with his fellow designers on a regular basis and ensure that the architectural decisions are not broken. But during the course of software architecture and design lot of such mistakes are bound to happen. During all these times a software architect should patiently course correct his fellow designers and ensure that his big picture remains valid.

The customer in the end mentioned that he wants someone to own the big picture in a subtle way. In real life software projects too we need someone to know and own the big picture throughout the project.

 

Internet of Things, Black Magic and Humans

In the recent times I read a lot about IoT(internet of things). And the way they are going to improve our lives in so many ways. For example the story goes like

  • By the time you reach home the thermostat will start the AC or the heater and setup a pleasant temperature
  • The new age LED lights are connected to internet and switch on/off based on your location pattern
  • The fridge finds out, there is no milk and adds a to-do entry to your to-do list to get the milk
  • There will be sensors everywhere. Based on the data they will decide and act intelligently

Yes. All of this is well and good. But among all this intelligent set of things there is a dump thing mixed in. It is none other than the HUMAN. At times I feel scary how this billion of IoT is going to handle the human. I will quote one of my own examples here.

  • At our home we have 2 iPods a nano(8GB) and a touch(32 GB)
  • My father used the nano while I used the touch

I load the songs into the iPod using the following routine (Because of the difference in the iPod memory size)

  • Remove all the songs from iTunes
  • Connect the iPod to the PC
  • Add the songs based on the need into iTunes
  • Run the iTunes sync
  • Disconnect the iPod

Sometime back I was travelling to USA for a long term. As a part of the travel preparation I made sure I loaded my entire music library into my iPod touch. One check list item done and ticked. My father requested me to load some of his personal favorites into his iPod nano. I did my regular routine and gave the iPod back to him. He thanked me and verified all his songs were loaded. I felt happy that in between the travel preparation, I could get this small job done.

I packed my bags and reached USA. After a week I thought of listening to some of my favorite music. I took my iPod touch, charged it and connected my headphones to it.

SURPRISE!! SURPRISE!!

I hear some old song that was my father’s favorite. I thought maybe I added that by mistake. I shake the iPod for a shuffle. Again another old song. After lot of shake I found my entire music is missing and is filled with my father’s collection. I am wondering what has happened? I didn’t touch my iPod after the last sync. I clearly loaded all the songs myself. That was the first step in the travel preparation. I was wondering what sort of black magic has happened?

Then I found out, I turned on itunes wifi sync by mistake sometime back. So when I was loading the songs to my father’s iPod, my iPod touch found that out, intelligently wiped all the songs from its library and loaded all my father’s songs into it over wifi automatically. From the iPod touch point of view this is perfectly fine and intelligent doing all this in the background. But the outcome was a disaster from my point of view.

The problem is humans have a tendency to forget things. Until now it was my PC, internet and the so called Smartphone that has to deal with this situation. Now I am not sure how this billion IoT is going to handle this situation.

–Ferose

Subtle things in SCRUM – 2 Burnout

In continuation to my last post, Here is another subtle thing that I learned by practicing scrum.

The success of a SCRUM team depends on the effective sprint execution. Our typical sprint execution is like

  • We have a sprint backlog. This is prepared as a result of sprint planning
  • Each team member takes a task and starts working on it
  • Each day in the daily stand up meeting the team member reports the amount of time needed to complete the task (it is like estimating the task daily based on the latest knowledge)
  • Once completed pickup the next task based on priority

But during the retrospective meetings the team members complained about burn out. The following were the comments

  • This methodology is too taxing
  • I have no time for any other work other than the project
  • In case of waterfall we had pressure at the end but here in scrum we have constant pressure all the time

Over the time the team’s productivity also came down a bit. After some analysis we found the problem. It was “Allocating all our time for the project during sprint planning ( 8hrs/day )”. In addition to that during the planning phase we tried putting in as many hours as possible. And during the sprint we tried to meet those numbers.

The problem was solved in 2 parts. One was from the project management side. The other was from our own.

  • From the project management side they too felt this burnout and made a small change. Instead of planning for 8 hours a day, we were asked to plan only for 6 hours a day. The remaining 2 hours went for all the non project activities.
  • From our side we made sure that the team brings in all time burners to table (training, vacation, holidays, supporting other teams, reading, learning etc.,).

Now the team had a constant load and we started to make predictable deliveries. In addition to this we never got the feeling of being under constant pressure and burnout. Again it’s a small correction but we learned it only during the practice.

–Ferose

Subtle things in SCRUM – 1 Sprint Planning

In the past I was leading a team of 8 developers and a tester. We followed the Scrum method for close to 4 years. In this series of posts, I am planning to write things about Scrum method that I learned by practicing it. It is mostly out of my personal experience.

One of the major tasks in Scrum is sprint planning. Our regular sprint planning happened like the following

  • The product owner comes up with a list of features, bug fixes and refactorings that can be taken up in the sprint
  • I find out the team’s availability. (Actually taking all the planned vacations, trainings & holidays into account)
  • Next we break down the features into smaller work packages
  • We all sit together and estimate the work packages (using planning poker)
  • Then we pick up work packages that is equal to the availability
  • And finally we assign the work packages to the team members

This was working fine. But then over the time I found that we missed our team goal even though majority of the work was done. After some analysis and retrospective I found the problem was the last step.

  • And finally we assign the work packages to the team members

This step of allocating the work packages to the individual team members divided the team into individual members. So if someone completes a work package the next one was chosen from the team member’s pre-allocated subset. Sometimes this created situations where a work package of high importance to the team’s success was stagnant because of an overloaded team member. And another team member is busy burning some less important work package.

So we learned our lesson and stopped allocating the work to individuals upfront. We planned the work packages without assigning a name to it. Now once someone completed a work package the next one was chosen based on the team’s priority. It also made the sprint planning a lighter exercise.

This is a subtle thing which no one taught me in the scrum master training. And I learned it after failing couple of sprints.

–Ferose


 

Using an Elephant for Begging

This is a short post that I wanted to write for a long time. It is based on an example that I mention in majority of my training sessions. Let me get to the point quick. In India there is a common practice. If you roam around in the small towns, villages and in some cities too, you can see elephants in the road accompanied by the mahout. On seeing the huge animal everyone gets excited. Especially the children gets excited and frightened at the same time. And the routine is the same everywhere. The mahout will bring the elephant near each of them and it will bless the person by putting its trunk on top of the head. Then it will beg for money using the same trunk. We pay the elephant some money which it hands over to the mahout.

In India elephant is seen as a representation of the Hindu GOD Ganesh. So people taking blessing from it is fine. But one thing that I always wonder is, the effort the mahout put in training the elephant to beg and using that huge animal only for that purpose. You may be wondering why am I suddenly writing about elephants in India. No I did not quit my software job and started learning about elephants. In the software development industry I have often seen a team asking for a costly tool (Visual Studio 2XXX, Enterprise Architect, Rational Suit etc.,). The company looks at the cost and benefit. Finally it decides to buy the costly tool.

Now once the tool is bought and handed over to the teams, I have seen lot of teams using hardly 5% of the features provided by the tool. For eg

  • Use Visual studio only as a text editor with syntax highlighting.
  • Use the enterprise architect to draw UML diagrams

This is synonymous to using an elephant for begging. One of my major endeavor is to use the elephant for doing things that it is meant for.

Always spend time for learning the tool and use it to its full potential.

Target of vishing and credit card fraud

On Saturday evening 31 Jan 2015, I was the target of a vishing attack. Some smart set of people tried to steal my credit card details. The following things saved me from the fraudsters

  • Knowing some basics of credit card (card#, dates, CVV, 3D secure PIN etc.,)
  • Knowing the basics of telephone SMS
  • All those articles regarding fraud in arstechnica.com
  • Social engineering training from siemens

Here is how the whole thing went through. I am going to list the phone conversation here between myself and the fraudster. I have reduced the transcript here for the sake of brevity. The call went close to 20 mins. All of them were very polite and had nice fluency over English. The accent was north Indian.

(lady 1) Fraud: Hello. Am I speaking to Ferose Khan saab. (in hindi)

Me: Yes

(lady 1) Fraud: We are calling from icici bank credit card section. It seems one of your credit card’s 8000 reward points are expiring.

(This is a coincidence that made me trust her. I have 2 ICICI cards and one expired recently. May be that card’s points are expiring with it. Also I had close to 8000 points.)

Me: Yes. I have an icici platinum credit card. is it related to that card?

(lady 1) Fraud: Yes. We will redeem the points for you and send the coupons to your address and credit 5000 reward points since you are our platinum customer.

Me: Okay. But I have changed my address recently. So I am not sure whether that request went through?

(lady 1) Fraud: I will have to transfer you to another agent who deals with address change also.

Me: Okay.

(lady 2) Fraud: Hello sir. It seems you have requested an address change.

Me: Yes.

(lady 2) Fraud: To check that I need to verify your credentials. Can you tell your card number.

Me: 1234 5678 1234 5678

(lady 2) Fraud: Can you tell me the date of expiry?

Me: 11/11

(lady 2) Fraud: To verify your phone number I am going to send an OTP to your mobile and email. Tell me the OTP.

Me: I get an SMS from VM-ICICB “One time password (OTP) for IVR transaction for your card ending with xxxx xxxx xxxx 1234 is 123456.”

(lady 2) Fraud: Can you tell me the OTP.

Me: Yes its 123456. I am a bit confused. Why are you redeeming the points for me. I will be back tomorrow. I can do this on my own.

(lady 2) Fraud: No sir this has to be done now.

Me: Okay. What are the coupons that you are going to send me?

(lady 2) Fraud: Some travel coupons, gift coupons, a free wrist watch, Belt and a branded shoes.

Me: Don’t send those travel coupons. I am not interested in them. There will be a coupon from shopper stop. Can you look it up. That’s what I order normally.

(lady 2) Fraud: (she fumbles a bit and could not answer). Sir actually I am from the verification department. The other department will handle the gift details.

Me: Okay

(lady 2) Fraud: At the back of your card there will be a 7 digit number starting with 1234. Can you tell that number?

Me: But that is my cvv number. Why do you need that?

(lady 2) Fraud: I need that for verification.

Me: No I am not going to give that over phone.

(lady 2) Fraud: So I will transfer the call to my superior.

Me: Okay

(guy 1) Fraud: Hello sir.

Me: I am really irritated now. If my points are expiring why didn’t you call me last month?

(guy 1) Fraud: I am sorry for the inconvenience caused. we tried calling but couldn’t reach you sir.

Me: Okay

(guy 1) Fraud: Are you interested in this automatic redemption service.

Me: yes. do it.

(guy 1) Fraud: Can you verify the card valid from date

Me: 01/01

(guy 1) Fraud: Can you turn your card back and tell me the 7 digit number.

Me: Yes. There is a 7 digit number. But that is the cvv number. I am not going to give that.

(guy 1) Fraud: Sir I am not asking any confidential details here. As per icici your date of birth, mothers maiden name and 3D secure pin are the confidential details. kindly tell me that number

Me: If I give that number then you can go and make a purchase. Its as good as giving my card to you.

(guy 1) Fraud: But that will require your 3D secure pin sir.

Me: But if the store is from out of india for eg amazon.com. You can make a purchase without that PIN.

(guy 1) Fraud: Sir you received an OTP from VM-ICICB just now right. Are you doubting us?

Me: Anyone can send such a message with “from number” being VM-ICICB

(guy 1) Fraud: No sir its not possible.

Me: It is possible. give me a number I can send a similar message.

(guy 1) Fraud: Sir are you interested in this service from us?

Me: Yes I am interested.

(guy 1) Fraud: Then kindly provide that number. Without that I cannot update the system. I will increase your credit limit to X mount sir.

Me: But my credit limit is already more than X.

(guy 1) Fraud: In that case its okay. To send the free gift kindly tell me the number sir.

Me: No I am not going to give that number to you.

(guy 1) Fraud: Sir you are not listening to me sir. That number is cvv “customer verification value”. It is used to verify the customer. Also when you give the card at any merchant location it is visible to all. You need not worry.

Me: No it is a secure information. In my card I have even scrapped that number. I am not going to give that number over phone. If my points will be lost because of that, then let the reward points go to bin. I will cancel the card this monday.

(guy 1) Fraud: Sir. No sir. please don’t do like this. you are an esteemed customer based on your transaction. Kindly allow us to provide this service. Are you interested in this service?

Me: yes

(guy 1) Fraud: Then let me know the cvv number.

Me: No.

(guy 1) Fraud: Thank you sir. Nice talking to you.

(call disconnected.)

There are couple of things that triggered my doubts.

  • When I was telling the card number. Typically icici would have this so they don’t repeat them. But in this case she was repeating the number orally. And I felt something wrong.
  • Sending an sms from VM-ICICIB can be done very easily with the internet based sms clients. I have done it myself. It doesn’t prove that they are from icici.
  • Typically if I don’t provide an information. Icici customer care will cut the call. But here the guys were persistent.
  • When I asked for the shopper stop coupon. she fumbled. This too made me think about the genuineness of the call.
  • That cvv is not a confidential information.
  • They transfer the call suddenly without any need.
  • The credit limit stated was less than my current limit.

Mistakes that I did

  • I gave the card number to one agent. (they used last four numbers in formatting an OTP)
  • To different agents I gave different information. (credit card #, From, To)
  • I should have told them to send an email and cut the call.
  • I took the call at a wrong time (when we are packing our stuff to return and there are lot of guests returning back). So I was not prepared for it.
  • Whenever I ask them some tough question they transfer the call and start over altogether.This irritated me and also made me loose focus.

Some basics

  • The information that is printed at the back of the card is secure. Once you get the card memorize the cvv and scrap it.
  • In case if someone demands a crucial information over phone. Ask them to send a mail.
  • Ask them some questions like your name, address etc and verify them.
  • Don’t be in answering mode. This is not a quiz rapid fire round. And if someone calls you you need not validate your identity. It is them who has to validate their identity.
  • You won’t know when you will get such a call. Be prepared for it.
  • A bank will never take responsibility for such mistakes from your side.
  • 3D secure PIN is only for india. So any foreign currency purchase can be done without that.
  • cvv is card verification value. This is used to make “card not present” transactions. In places where you cannot enter PIN number this number will be asked for. And the merchant is not suppose to store the cvv number as a part of transaction. That way the card will not be compromised if this data is stolen.
  • Some purchases don’t show up in the statement immediately. Also be cautious and check the alert sms sent by banks.

Wish you all safe banking.

–Ferose