Wednesday, November 8, 2017

What to do when you've got a virtual scrum team

Scrum and Agile are suddenly popular in Asia, and because a lot of companies take on outsourced projects, they usually have virtual teams, with members working in Asia, the US, and Europe. In the Agile meetups I've attended so far in this region, one of the most-asked questions is about how to deal with virtual teams. What's a poor Scrum Master to do?

The usual "Scrum answer" is to push for a co-located team and discourage virtual teams. There are many reasons behind this preference, but they are sometimes not obvious. So let's start understanding the problem from the perspective of the Values and Principles in the Agile Manifesto.

The Agile principles recommend:

  1. Customer satisfaction through early and continuous delivery (#1);
  2. Daily interaction between business people and developers (#4); and 
  3. Face to face conversation (#6). 
Note the order of priority, from highest to lowest. Reflect on what gets sacrificed and how customer satisfaction is put to more risk when you have members who are not co-located. Here are some thoughts on this:
  1. Face to face conversation is best because you get shorter feedback loops. Being on the same location allows you to draw collaboratively while talking, use post its or index cards, or see visual cues from people so you could quickly form consensus and decrease misunderstanding. 
  2. There's nothing more efficient and effective than walking to someone and conversing with them to resolve a question. 
  3. Face to face conversation is derived from lean thinking, which recommends it to reduce wait time. If a developer waits for the PO to respond to a request to review the UI of a new web page, that wait time could have been used to work on another task. But working on another task entails switching cost, too. Waiting and switching are waste. 
  4. Lean thinking also views anything that impedes early and continuous delivery as wasteful. In some teams I've worked with, the only useful overlap was a maximum of 2 hours. Their day was ending as ours was just starting. You could take advantage of this situation by handing off tasks to the remote team -- but then again, handoff is waste.
If you're stuck with virtual teams, then the principle of daily interaction must not be violated. I would even recommend that since you cannot have face to face conversation, you must compensate by increasing the frequency of communication. Here are some rules of thumb for communication preferences:
  1. Prefer face to face conversation.
  2. If that's not possible, use Skype or Google Hangouts with video (it's important to receive visual cues, so invest in a good line that allows streaming video).
  3. Compensate for the lack of face to face conversations by over-communicating. 
  4. Discourage instant messengers or email for conversations that need quick feedback. If you use email, use only one thread to avoid multiple messages that are hard to sift through for information.
  5. Compensate for geographic separation by using tools to facilitate virtual teams like Slack, Trello, Skype, Google Hangouts, and Google Docs. Google Docs have neat features that let you collaborate more visually while working concurrently on the same document (I've had a bad experience with Microsoft OneDrive, so I don't recommend it).
  6. Combine the use of these tools so that they make up for each other's limitations. 
  7. Maximize screen-sharing. This helps you to work literally on the same page when reviewing something. 
  8. Trust between the local and remote team members is a key factor. The remoteness and cultural differences provide invisible but critical barriers to smoother collaboration. Bring the remote member to your location so you could work together. This would be great to do for one sprint, or if budget and time are issues, bring the member at sprint review, retro, and planning time. 
If you follow the recommendations above, sooner or later, the team will come into one of these possible conclusions. Either the team will get tired of overcompensating for being fragmented (in which case transition to two separate co-located self-sufficient teams), or they will learn to work remotely with the rest of the team and say the trade-off of over-communicating is worth the benefits of working with the remote members.

Thursday, October 12, 2017

Visualized: Philippine Presidential Elections 2016

Visualizing data helps people to quickly find patterns and trends in the numbers. Here are statistics from the 2016 Presidential Elections.

Monday, October 9, 2017

mBot arduino navigation

The mBot is an Arduino-based rover robot. This video shows how it navigates away from obstacles using the ultrasonic sensors up front. The challenge in programming the obstacle avoidance was to find the a) best distance at which the mBot rover should stop moving and b) by how much it should reverse-drive to change course.

Make (a) too short and it will get trapped in tight spots (there's a point in the video that this happens). Make (a) too long and it will not move at all especially in smaller places. Make (b) too short and it will go nowhere. Make (b) too long and it could back up into other obstacles.

The sensors look like cylindrical eyes. They emit ultrasonic waves that bounce off obstacles. Because of this, the sensors could actually measure distance.

I verified the distance measurements using a tape measure. Not that a tape measure is very accurate, but the distance the ultrasonic sensors reported were actually quite good. I lost my notes on this one, but I will soon reactivate this robot and post the measurement experiments here.

Wednesday, April 5, 2017

Bad UX design could lead to security holes (BPI Express Case)

How bad UX design could lead to security holes (BPI Express Online Case Study)

Like most banks in the Philippines, the Bank of the Philippine Islands (BPI) is a major cause of migraine for customers. Its user experience design (UX) is badly done and the web service is unreliable. Both of these headaches lead to a third, much bigger problem: security holes. This probably explains why some BPI customers recently fell victim to phishing scams where unwitting victims divulged their passwords to a website pretending to be the BPI's online service. 

BPI's UX design problems 

Due to a badly designed user experience, the BPI website creates problems that punish the user. Forgot your password? You would have to call customer service to get a password reset. Maybe they think that this is more secure than doing the password reset online, but really, it's the same thing or even worse -- the human to whom I'm giving my details could jot down my credentials.

Let's discuss the first issue: bad UX. By this I mean not only the clunky design of its user interface that confuses users but also the general lack of empathy with the customer especially in times when the site is down.  

As I write this, the BPI website is, yet again, under maintenance. The screenshot below is the usual message that customers get when that happens (and all too frequently at that, if I may add).

There is no information on how long the maintenance will take. Should I just keep clicking the refresh button?

In the homepage, it turns out that there's an inconspicuous and cryptic message saying "Electronic Channels Upgrade Advisory":

Does the extra click I spend give me more helpful information? Nope. Check out the resulting page:

It's just telling me what I already know. At least tell me how long I should wait or when to try again. The message is as helpful as a flood warning a day after the flood has submerged the town. 

My retries produced a more problematic error message that gives away database details:

Maybe I stumbled upon a critical procedure during the maintenance. But shouldn't the BPI team be cautious about this and prevent this kind of sensitive error message to be published? 

UX design problems create security holes

The examples above are just one aspect of BPI's UX design issue. What's more problematic is that the UX design could lead to major security holes. For example, BPI requires users to change passwords once in every three months. You cannot repeat passwords so you have to create a new one every quarter. 

Can you imagine the burden of remembering a new password every three months, especially since your password cannot be a string of letters? This unreasonable policy forces people to write down their passwords -- which defeats the purpose of a strong password in the first place. 

Another consequence of frequently changing passwords is that people will forget their passwords and would have to call customer service, which leads us to another security hole. BPI does not have an online password reset service. If you forget your password, you have to call a customer representative to reset your password for you. Adding a human introduces a weakness in the security chain. Before the customer representative resets your password, you must answer security questions that force you to divulge private details to a stranger. 

In forcing users to call a human instead of offering an online password reset service, BPI probably thought it was creating tighter security. Yet this did not prevent users from giving away their passwords from a phishing scam, did it? 

Many know that UX design is important to any piece of software to improve usability. But as I explained above, UX can also lead to security problems that could be exploited by online criminals.   

The case I outlined above also shows how corporations build their security measures based on outdated assumptions. But that is for another blog which I will be writing soon. 

Saturday, March 25, 2017

Yummy Filipino Adobo

Filipino Adobo stores well and gets better as you keep it for several days. Store it in the fridge and fry/heat it up as you consume. The recipe/s below combines different recipes I've learned from friends and relatives. If you're new to cooking adobo, try the Basic Prep instructions first.  

The Kapampangan adobo recipe varies from the one I record here. When I get the time, I'll also write that one down. There are many variations of Filipino adobo, as much as there are Filipino families, I bet. The word adobo is Spanish for sauce or marinate, so don't be confuse Filipino adobo with the Mexican version.  

Got some tips? Share them in the comments below. 


Yummy Filipino Adobo


  • 2 lbs - pork (belly and/or ribs is great, but any cut is okay)
  • 1 cup - soy sauce
  • 1 cup - white vinegar (rice vinegar is okay)
  • 4-6 pcs - bay or laurel leaves
  • 1-2 tbsp -  ground/cracked black pepper
  • 1-2 bulbs - of garlic - with cloves crushed, peeled, and sliced (the more garlic, the better)
  • 1 bulb - onion, sliced (optional, see Instructions for Tastier prep, below)

I. Basic prep

  1. Rinse pork and drain away water.
  2. Put pork in a pot and mix in the crushed sliced garlic cloves with the pork.
  3. Pour in soy sauce and vinegar.
    1. Note: If you want the sauce on the saltier side, add more soy sauce.
  4. Add black pepper.
  5. Crumple/crack the laurel/bay leaves and add them to the pot.
  6. Put in stove, bring to a boil, then lower the temp to a slow boil for 1.5 to 2 hours (the longer the cook time, the more tender the pork will be).
  7. Continue the slow boil until the meat is tender, has soaked in the sauce, and the sauce is reduced to a thicker consistency.
  8. Taste and keep cooking until you’re happy with the taste.
  9. Serve with rice.

II. Tastier prep options

Try each of the following options separately, from top to bottom or do them all at the same time. 
  1. Marinate the meat in the soy sauce-vinegar sauce for 1-3 hours before putting on the stove. This will help the meat absorb the sauce even more.
  2. When the meat is tender and has started to absorb the sauce, take it out and fry it. Drizzle some sauce with cooked garlic on the meat while frying. Meanwhile, let the sauce simmer and reduce further in the pot. When the sauce is ready, put the meat back and serve.
  3. Instead of frying the meat, try baking, broiling, or grilling it.
  4. Substitute 1 lb of chicken instead of pork. Note: chicken softens faster than pork, so you can add the chicken later. Marinate the chicken in the sauce so it absorbs the sauce (see II-1). 
  5. Fry some potato wedges (season lightly with salt and pepper) and add them to the pot when the adobo is ready.
  6. Onion - make a bed of sliced onions in the pan before adding the meat. This makes the adobo even tastier, but you’ll need to reduce the sauce even more as the onion waters down the sauce if not cooked well. To fix this, just reduce the sauce some more. The onion will dissolve and thicken the sauce. Try also putting some of the cooked onions with the meat when frying/baking. 
  7. After a few days, fry the meat with some sauce. As you fry it, pull the meat apart. This makes for some great tasting pulled pork/chicken. 

Friday, June 3, 2016

What's a fake news site?

What’s a fake news source? 

This question is important especially in the aftermath of the 2016 elections in the Philippines. What I'll discuss is a very simplistic view, just enough to frame an answer. It will not be sufficient in many ways and is just a tiny tip of the prod-user/prosumer iceberg. 

To me, a fake news site or source is a website or Facebook page -- social media in general -- that is not backed by a real news organization. Here's a simplistic and minimalist checklist, based on a traditional view of media (because this will help us form a simple definition of "fake media source"):
  1. A genuine news organization will have a trained team. 
  2. That team adheres to a vetting process. Trained writers and editors verify the info they receive from interviewees and sources. 
  3. A standard practice for verifying investigative pieces is to cite sources and cross-validate a story using a second, independent source. 
Again, that list is the bare essentials. So, halimbawa -- Get Real Philippines. Two of its biggest claims are that Marcos was the greatest president and that the youth are realizing this. 

Do they cite sources on this? Their claim that the economy was best during Marcos’s time has been debunked by so many independent sources -- by economists, historians, not just from the Philippines but abroad. 

Back to Get Real. Where’s the proof that Marcos was greatest? Get Real's claim about the youth needs statistical support. Nasaan? How do they define "a lot of youth"? Is it 80%? 51% Maybe they interviewed Bongbong Marcos. Or maybe the are citing sources controlled by Marcos in Martial Law, which is like USSR quoting Pravda to talk about their "glory" days. 

When researcher and professor Leloy Claudio asked Get Real operators to cite a peer-reviewed source, here was its response: 
"What I read in my own time is my business. What I publish via  is all u got.” 
In short, benign0 is saying, “Hey, I can’t cite sources because I made it all up." Ergo, fake, unsubstantiated claims. 

Get Real’s response automatically cannot satisfy checklist item 3: citing and using a reputable source to cross-validate a claim. Since they failed on item 3, they most probably do not have a trained team (Item 1) that adheres to a vetting process (Item 2). No reputable news organization will fail this checklist. Otherwise they could get sued and lose credibility. 

Items 1 and 2 on our checklist speak about the credibility of a news organization, which we could also refer to as the gatekeeper function. You have a structure (the team) and a filtering function to sort out what’s true and what’s unfounded (vetting system). 

Let me emphasize again the importance of a trained team in a well-oiled organization. Trained -- because being a reporter and editor is not a joke. In the age of free blogs and Facebook, people think it’s easy to publish a story. That's a disadvantage of the social media explosion. People most of the time cannot distinguish opinion from evidence-based journalism. It's alarming how Filipinos are now using this ignorance to further erode media -- a freedom we won back after we kicked out Marcos. Andrew Keen warned about the rise of amateurs in blogging. I think he was worried about the erosion of the gatekeeper function of media. If you erode this, you erode an important component of the check and balances in society. Again, that's for a different story.

Let's go back to fake news sources. The second part of a credible news source is you have to have a trained team. In a blog, you write something and that’s it. In a credible news organization, you write something, cross-check the story, and submit to the editor. Your editor makes sure the sources are cited and credible, and the claims are backed by research. If you could do all these functions by yourself, it’s still not enough — you may have personal biases coming out. So you still need at least one other person — an editor — to make sure it’s a fair and balanced reportage. 

Back to identity. Name an established news organization now and we know its owners: ABS-CBN, TV5, Inquirer, GMA, Rappler. Even if you did not know them offhand, you could do a bit of digging to find out. The information is available. Knowing the owners helps us understand the limits of the organization and the agenda that we should expect from the business behind the news organization. (Note that I am not even saying that a real news organization should be free from bias. News objectivity has long been debunked even in journ schools. What’s really important is provenance and veracity of the stories you are publishing. But that’s another story.)

When Amazon owner Jeff Bezos bought The Washington Post, his purchase was highly publicized and Bezos took lots of effort to reassure the public and Washington Post staff that he will not intervene with the current editorial policy. This helped the paper maintain its credibility to its readers. 

Now let's ask: who is behind Get Real? It’s pretty hard to find out. The “About Us” page, and I urge you to read it (for one, it uses a blog post from Manolo Quezon as endorsement) -- the "About Us" page says it was founded by benign0 — no real name. The Twitter account’s profile picture is a blurry image of someone who looks like Jimi Hendrix. Some say he came out as some guy from Australia (the domain name is registered to someone in Arizona, USA). But that information is not in its About Us page.  

Anonymity is good if you’re a fictionalist, but not if you claim to be a real source of news. That’s just irresponsibility.

So okay, let's be kind to Get Real and not call them a fake site, despite their name. At best, they have user contributed opinions, managed by an anonymous entity hiding behind a username.

Postscript. Further pursuits:

Again, this is a simplistic view. There are nuances in between that are still being debated by experts (of which I am not one).

  • For example, some will argue that the owners of the media organizations I named above represent the oligarchy. I agree with that view, but that is for another story.
  • Vulnerability of the model I described: in the US, the Koch brothers set up a seemingly legit news agency which started feeding national news releases that were clearly written to protect the interests of their business empire. These news releases eventually found their way in legitimate publications and broadcasting companies. 
  • In the early days of blogging and Wikipedia, news organizations imposed policies not to cite blogs or Wikipedia. As reporters started put up their own blogs, the corporate policies later included some guidelines for their reporters. What emerged was that all official, verifiable information got published, while blogs could contain longer interview transcripts and supplemental material.  
  • Which brings us to a gray area: If a bunch of my friends who used to work for mainstream media decided to put a team blog that also aggregated news from legitimate news sources, are we a genuine news source? Huffington Post started as a commentary blog and news aggregator but seems to be emerging as a recognized news source. 

Thursday, October 22, 2015

Pancake Bot draws stuff using pancake dough, then cooks it

Another popular, fun exhibit at the World Maker Faire 2015 was this robot that draws figures using pancake dough. It's drawing board is a hot surface, ergo, the output is pancakes.

Watch the video below. Listen out for references to MC Escher and tessellated turtles.

#WMF15 #makerfaire

What to do when you've got a virtual scrum team

Scrum and Agile are suddenly popular in Asia, and because a lot of companies take on outsourced projects, they usually have virtual teams, w...