Good things
- Kids got along well while I was solo parenting
- K is on good form across the board
- Nice to hang out with R on Saturday
- Litter pick
- Get back on a health tip
- New games: Scout & MazEscape
- Some good sleep
- Lots of good ideas and confidence for work
Work
A positive thing at work is that last sprint's release is out and seems to be working as intended. We're now onto the the big rebranding execise and I've making my way through the site updating colors. It's a fairly well-defined, sedate exercise and I'm hoping that it will go smoothly.
A negative thing is that the last release did not go smoothly: home page content did not display in prod, search results went bad because forms pages get a noindex
tag, and now we were mixing forms with regular content.
The backend engineer managing the release seemed well on top of things and the issue was resolved in a timely manner, from my perspective at least.
My hackles were slightly up over some messaging around "lessons to be learned" from the experience. I've just re-read them and they're so mildly stated that I now suspect I'm over-reacting. BUT I will be on alert to push back on any narrative that implies the team is somehow at fault, or that fails to recognise the root cause of this is
- too much work
- too risky work
- hard deadline.
I have this half-arsed hypothetical that is not perfect but holds some water, I think:
If we had somehow been able to know that there would be problems with the release as a result of too much, too risky work ahead of a hard deadline, what would have done?
Cut the scope of the work and use an existing full-page form?
Push the current release forward another week to allow more time for testing? (It turns out we had a week in hand, so we could have done just that!.)
I'm not sure that any delay to the content, or any risk of the subsequent sprint being delayed would have been politically acceptable.
Firing on all cylinders
I've said to a couple of people this week that I'm really feeling capable and valuable as a result of all this work. The constributions I'm making are so strong as to overpower my imposter syndrome and give me confidence to tackle things that I felt unsure about before.
My desire to find problems and fix them is also being driven by my frustration about the ways in which the organisation seems… unserious? I'm not sure how to explain that — I'm certainly not going to imply that private sector orgs are more efficient or effective than my current employer — but I'm definitely shocked at how loose of a grip we have on certain things, especially to do with procedure and accountablity.
I've asked for an org chart, since I can't find a recent one. I want to make a suggestion about departmental interfaces, but recent conversations have also made me wonder who is the Data Protection Officer, if indeed we have one.
Work / life cocktail
Some of the rigteous indignation I've been channeling recently has given me some ideas for side projects that I could apply at work, even if I can't justify developing them in office hours. They're all pretty much aimed at understanding the threat model for webforms, so it's not super exciting.
There seems to be a perception that the internet is awash with form-spamming bots and the only way to evade this menace is via the silver bullet of google recaptcha.
In the service of bringing some nuance to that narrative, here are some things I want to experiment with:
- submitting forms from the command line, or some other tool - Postman? Jmeter? -- in-house forms -- thrd party integrations
- manually circumventing recaptcha in dev tools
- using a bookmarklet or something to automate bypassing it with a click
- stress / load testing the forms to find their operational limits
- identify concurrent submission constraints on different form types
- honeypot fields
- homebrewed humanity checks, like "Five plus three is: [numeric input field]"
- progressive enhancement of these features, eg using them on JS free versions of a form, but supersede them with recaptcha if JS is available
You get the idea.
END