Bad Software Design Metaphors Part 1

Human beings are animals that love a good metaphor. Maybe penguins love metaphors too, but we haven’t built an MRI small enough yet to know. By viewing one action or object in light of another act or model, we can bring about moments of satori and enlightenment that lead us closer to optimal states. From philosophy (google the Allegory of the Cave, the Leviathan, etc) to business, almost every aspect of human thought involves, to some degree, taking a concept and thinking about it in a different frame.  It’s useful, it’s natural, it’s a requirement.

But there comes a point when metaphors cause more trouble than they are worth.

And I’m here to tell you: Building software is not like building a house.

But I’m jumping ahead – before we get there, a quick note on the most pervasive and horrible software metaphor of all time: the waterfall.

waterfall dev

One of the great ironies of modern software development is that this waterfall is often presented as a viable alternative to Agile practices. In fact, for over 30 years it has been known that waterfall is inherently risky. From Wikipedia:

 “The first formal description of the waterfall model is often cited as a 1970 article by Winston W. Royce,[4][5] although Royce did not use the term “waterfall” in this article. Royce presented this model as an example of a flawed, non-working model.[6]

Waterfall gets the steps right, it just gets the number of times they are taken wrong.  Design and implementation aren’t actions you take once on a quality product– you iterate through them continuously (as you should testing). In other words, waterfall conflates valid aspects of software design with artificially segregated phases of construction, which is where it fails. Stakeholders and software are fickle and unpredictable, because like a quantum subatomic process, the very nature of observing and interacting with a functioning software product collapses its UI state.

See, that was a bad software design metaphor– I was just seeing if you’re paying attention.

So, let’s get back to building a house. Programming jokes aside, software development shares a few things in common with building a house, in that coding is a craft (like carpentry) that can be learned, and that like carpentry, you have masters of the craft. And like building a house, much of the process has been standardized and industrialized in the last 40 years. 

I asked my father-in-law, who has built dozens of houses, about what the biggest change on job sites has been in the last 40 years. Without hesitation he said “the nail gun”. Suddenly building a house took half as long.

Modern frameworks, including software design processes themselves, are the nail guns of our industry.

Notice what I’m talking about is how the people who code are somewhat akin to those who build homes. But the actual object built? That’s where the metaphor poops the metaphorical bed. A house starts with a blueprint that more or less is followed to completion and success is determined by cost and adherence to the blueprint. But building software that adheres to a global, rigid plan that is entirely laid out before interacting with real-world implementations or prototypes of each component part is not only risky– it’s a waste of our time. Building anything non-trivial and unique requires another kind of metaphor, which I’ll be exploring in coming posts.

Part 2 will cover some other problematic software metaphors around dev teams and team management.


The Downtown Alliance Honors Scott Anderson with Exceptional Service Award


New York, NY (May 29, 2014) – On Wednesday morning, at a breakfast at the Downtown Association, the Alliance for Downtown New York honored six remarkable individuals with its annual Exceptional Service Awards. The awards recognize the contributions of people who have gone beyond the call of duty to better the Lower Manhattan community and the City of New York as a whole.

“These are people who do far more than what it is required of them,” said the President of the Alliance for Downtown New York, Jessica Lappin, who presented the awards. “They personify a sense of purpose and a higher civic ideal — a commitment to not only better themselves and their organizations… but to improve the opportunities and quality of life for everyone around them.”

The 2014 Exceptional Service Award recipients are:

  • Maria Termini, the Associate Commissioner for the Bureau of Customer Service and Government Relations at the New York City Department of Sanitation. Maria was honored for her dedication and professionalism and for her efforts to improve sanitation conditions in Lower Manhattan and to educate local businesses and residents about sanitation issues.
  • Catherine McVay Hughes, the Chairperson of Community Board 1. A tough and tireless advocate for downtown residents and businesses, Catherine was recognized for her support of the recovery after Superstorm Sandy and for her efforts to make Lower Manhattan a better home for residents, a more desirable place to grow a business and a welcoming destination for visitors around the world.
  • Matthew Viggiano, the Director of Land Use and Planning at the Office of New York City Council Member Margaret Chin. Matthew was honored for building and fostering strong relationships with a diverse array of constituencies and for helping to lead discussions about future Seaport development and the advancement of the Lower Manhattan community.
  • Scott Anderson, the partner and chief strategy officer for the Control Group, a technology and design company founded in Lower Manhattan in 2001. Scott was honored for his laudable civic and community involvement and for working to nurture the Lower Manhattan tech industry and bolster and catalyze a community of innovators and creators downtown.
  • Lieutenant Michael Dimino, a commanding officer with the NYPD’s Patrol Borough Manhattan South Peddler Unit. An invaluable Downtown Alliance partner, Michael was recognized for assisting the Alliance with illegal vendor issues and general nuisance complaints and for tangibly improving the safety and quality of life for residents, workers and visitors throughout Lower Manhattan.
  • Marco Pasanella, a designer, teacher, writer, local wine shop owner and founder and chair of the Old Seaport Alliance. A co-chair of the Seaport Committee of Community Board 1, Marco was honored for his dedicated contributions to Community Board 1, his involvement with the Seaport Working Group, his efforts to assist small business owners during and after Superstorm Sandy and his visionary work in founding the Old Seaport Alliance.

Control Group To Be Celebrated By Lower Manhattan Cultural Council With First Ever “Downtown Vanguard” Award

NEW YORK (May 12, 2014) – Control Group, a leading New York City-based innovation and customer experience firm, will be celebrated by Lower Manhattan Cultural Council (LMCC) with the inaugural “Downtown Vanguard” Award, bestowed to companies who are leading the way to make Lower Manhattan a hub of innovation and creativity.

“Control Group is an iconic example of a successful New York City innovative enterprise that plays a key role in advancing Lower Manhattan’s creative drive”

Control Group will be commended as part of The Downtown Dinner 2014, a yearly event where prominent leaders from New York’s business, civic, and cultural sectors come together to recognize the artists that help create sustainable and creative communities. The award will be presented to Control Group during the post-dinner Artist After Party, held at the Conrad New York on Monday, May 19, 2014 from 8:30–10:00 pm. Tickets for the After Party are available online. One for $250 or five for $1,000.

“It is a tremendous honor to receive this award from LMCC,” said Scott Anderson, Partner and Chief Strategy Officer at Control Group. “At Control Group, our goal is to transform the world around us. We are proud to play a part in our own neighborhood’s evolution.”

“Control Group is an iconic example of a successful New York City innovative enterprise that plays a key role in advancing Lower Manhattan’s creative drive,” said Sam Miller, President of LMCC. “We are delighted to celebrate Control Group’s leadership as an innovator and influential community member.”

Control Group is a leading innovator in incorporating technology into the creative process, transforming how people experience public space. Their transformational work can be seen all across New York City and beyond, from the iPad ordering system in LaGuardia’s Delta terminal to wayfinding kiosks in the New York City MTA to the workspace of the future at Brookfield Place.

As active members of the Downtown Alliance and supporters of Launch LM, Control Group has also demonstrated their commitment to nurturing a wider community of industry peers newly arriving to Lower Manhattan, which contributes to the broader vibrancy of the neighborhood.

In addition to the Downtown Vanguard Award, LMCC will also present Liberty Awards to recognize extraordinary leaders from the artistic, civic, and corporate communities for their contributions to quality of life in Lower Manhattan and beyond, and President’s Awards to artists who have participated in LMCC’s programs and who have subsequently gone on to have significant career achievements.

In 2014 the following organizations will be honored:

The Trust for Governors Island for transforming Governors Island into an urban oasis and for making LMCC’s work there possible.

Trisha Brown Dance Company, founded by the inimitable choreographer Trisha Brown, for their work in contemporary dance, opera, and visual art and long-standing ties to Downtown.

President’s Awards will be presented to:

Naomi Goldberg Haas (for Performing Arts)

Dread Scott (Michael Richards Award for Visual Arts)

Pia Wilson (Sarah Verdone Writing Award)

Dynamic Pricing Addendum

dynamic e-ink price tags
Price conscious consumers are leading the charge back to in-store retail this Spring, armed with several tools to get the most savings out of their store visits. According to a recent Valassis study, approximately eight out of ten consumers are actively looking for deals while they shop. Dynamic pricing as an in-store tactic seems poised to live up to its promise – with the cost of e-ink shelf labels falling and consumers growing comfortable with the concept of dynamic pricing. More than three quarters of 18-49 year olds expressed interest in flexible pricing according to a dynamic pricing study published by the Curve Report.

Retailers have been testing the waters of dynamic pricing with positive results. Euro-zone retail management company KingFisher has deployed digital price tags and adjusted pricing multiple times a day based on store traffic and consumer loyalty. Their France-based Castorama stores, as well as UK-based B&Q stores, have implemented dynamic pricing with positive responses from consumers.

Beyond the tried and true dynamic pricing based on sales data and buying patterns, other pricing experiments have been cropping up. This past summer 18 of Coca-Cola’s Limon&Nada lemonade vending machines were deployed in Spain with dynamic pricing linked to the summer heat. At ambient temps around 77° the drinks cost 2 euros. As the temp rose between 78-84° the price dropped to 1.40 euros. And when the temp crested above 85°, the price dropped again to half price at just 1 euro.

While dynamic price adjustments can motivate the discount-inspired customer, it can also help preemptively inform showroomers. By rolling out digital labels paired with competitive price analysis tools, retailers can shorten the consumer buy cycle by displaying competitor price comparisons on the shelf. Rather than requiring a shopper to reach for their mobile device, all of their research is done for them.

retailreportsmFor more information on Dynamic Pricing and other retail trends that are changing brick and mortar retail,
check out our Retail Technology whitepaper.

What to do about Heartbleed?

You have probably heard about the Heartbleed bug in OpenSSL reported last week. It’s been described as a critical flaw compromising the security infrastructure of the Internet. This is estimated to have affected over 66% of websites on the public internet, including Yahoo, Google, Facebook, and Instagram.

How does it work?

There are good explanations out there, so we won’t rehash here, but here is a good technical rundown, and here is a good visual explanation.

Effectively, it allows an attacker to request a 64KB chunk of random data from an affected server, and the attacker can request chunks over and over, as fast as their computer can request and the server can respond. This can expose anything that is in the server’s memory, including usernames, passwords, credit card numbers, personal information, etc.

What can you do?

We are reliant upon service providers to patch their systems and update their cryptographic keys (most have already done this), but there are some steps that we can and should take as individuals to ensure that we are protected.

1. Make sure that your browser checks for certificate revocation

To find out if you browser already does, go to Verisign’s certificate revocation test site. If you receive a certificate warning, then your browser is already properly configured. If not follow these instructions for Chrome, Safari, Firefox or IE.

This is important because if a server’s certificates were compromised, an attacker could use the stolen certificate to masquerade as the original site.

2. Change all of your passwords

This exploit has been around for 2 years, and it’s use is undetectable. Therefore, prudence dictates we assume our passwords have been compromised on any affected sites. If you use the same or similar passwords at multiple sites and one of them was compromised, then you must assume that the rest are also compromised.

This sounds daunting, but if you use a password management utility like LastPass, 1Password, KeePass, Password Safe, or Apple’s built-in iCloud keychain, this isn’t very difficult.

If you don’t use one, now would be an excellent time to start.

A good password management utility allows you to easily generate secure passwords, stores them in a secure way, automatically fills in login pages for you and syncs across multiple devices. It will make your online logins more secure yet easier to manage.

3. What sites were affected

Here’s a good list containing popular sites and the fix status.

Here’s a more comprehensive (though less readable), with snapshots taken on 4/8 and 4/12 for comparison.

If you are using LastPass, you can run their security check, which will provide you with a handy list of sites that you use that were affected, and whether it’s time to change your password or wait until they’ve updated their certificates.

If you want to check to see if a site you use is still affected, you can use this site to test individual pages.

4. Enable multifactor authentication

We don’t recommend this just because of Heartbleed, though if you are using multifactor authentication on sites that were compromised, it dramatically decreases the chance that your account may be broken into.

Gmail, LastPass, Twitter and many other sites now offer multifactor authentication. While it seems like a hassle at first, the added security is worth it.

Here’s Everywhere You Should Enable Two-Factor Authentication Right Now


Heartbleed is a real and nasty bug, but you can take steps as an individual to limit your personal exposure.

  • Enable certificate revocation checking in your browser
  • Change all of your passwords
  • Use a password manager
  • Enable multifactor authentication when available

Remember, if you haven’t used a password manager in a past, a good candidate for this situation is LastPass. You can use it to create new passwords for all of you sites, then run the security check feature to learn if there are any sites that you use that are still vulnerable or have yet to issue new certificates (and hence will require another password reset in the future).