I’ve recently worked on a project where we had to have some documents that needed to be kept reasonably secure, and on the clients computers for our project. We needed our developers to have some access to the documents, to visually inspect them, and to be able to run code on them, but we didn’t want the developers to have copies on their local laptops or computers.

We decided that AWS Workspaces would be a good fit for this usage. For those of you who haven’t used it, AWS Workspaces allows you to create desktop computers in AWS’s data centers…

In a conversation the other day, I was trying to explain why some data couldn’t be collected and processed under “legitimate interests”. I wrote the following to try to outline the different types of legal basis that data can be collected or processed.

I thought these examples might be useful to help you decide how you are collecting and processing data. This is not legal advice, and you should consult professional advice if you have concerns. You should also read the formal guidance for the UK

Also massive props to Sunitha for being my guinea pig for all the examples…

Post brexit, there may or may not be a problem with data being transferred across borders. But all of the guidance and people talking about this seem to have some very confused concepts of terms and the processes involved, making it really hard to get clear guidance for organisations.

An example organisation

To make this clearer, let us think about a simple example of an organisational problem and see what comes out.

Imagine that we are running MBS Ltd, a news company. We scrape the internet for news articles and then put together topic pages with recent articles. As a user, you can…

This seems to have come up again, with discussions about what the purpose of a discovery, alpha beta actually is, and when you should build your MVP.


Discoveries help you identify problems. There are no products, no MVP’s, and almost nothing resembling software development or delivery as typically imagined in this phase.

Once you have a known problem, you need to understand the potential solution space. GDS calls this an Alpha, I prefer to call it prototyping. There are no real products, in fact in many cases, you are rapidly experimenting. Development if it happens at all is rapid hypothesis…

Have you always wanted to program? Have you been interested in the dark and mysterious ways of development? Maybe you’ve done some reading, done a bit of practice, but haven’t been able to find the motivation or the right kind of thing?

For me, development and programming is all about problem solving. I love a good problem, and I like thinking of ways to solve them. One of the reasons that I don’t program enough, apart from being a manager these days, is that finding arbitrary problems to solve isn’t very easy.

That’s why I love Advent of Code. It’s…

If only we could apply patches, then we could do more interesting security work.

I’ve as guilty as the next person of over-simplifying how easy the basics actually are. We exhort and condemn organisations and people for not getting the basics right. “Having a company vision is just table stakes”, but we forget how how hard it can actually be to execute the basics well.

If we take patching, it kind of sounds easy to just apply patches to our software. …

Should you nudge your users into better behaviour, a small microaction at a time or do you need large sweeping changes to change behaviours?

This debate seems to have gone on for decades, in all manners of locations, from healthcare to technical architecture, economics to the adoption of devops.

I tend to favour the former, preferring to use nudge economics to slowly change direction for teams, but recognise the need for the latter sometimes.

But it seems like sometimes people are zealous adherants of a certain method and refuse to acknowledge that the other way might work.

In the conversation…

When I worked at GDS, I worked with a lot of people who got very specific about their language. We talked about users, not customers; user needs not requirements and clear plain english where possible.

I was never very good at this, I have a tendency to use 20 words where one will do, and I’ve never been terribly concise or consistent about my language.

But the language that we use on a daily basis really matters. Why?Because language forms the habitual furrows into which our thoughts get organised.

If I am asked to write a resource utilisation plan for…

Does Google value your privacy? How about Facebook? Your bank cares about you we are told.

We often forget that organisations are not entities in themselves but are a contingent of people acting in broadly the same way.

When I worked for GDS I was often asked what “GDS thought” about a specific topic. What is GDS’s position on serverless? How about single page applications?

GDS as an organisation produced a service manual, which was the result of much internal discussion, but was also in many sentences, the result of a single person expressing their views and waiting for challenge.

You’ve spent days crafting the perfect bit of code, and you are ready to put it in front of real users.

You hit the build button, and some process takes your code and all the tests and makes sure that it works. In the same place, you hit the deploy button and the code is compiled and shipped to a production machine and everything works just fine right?

It’s 2am, and you are on call. Someone is ringing. You pick up and are told that the site search system isn’t working anymore. Nobody has changed this in months, but something…

Michael Brunton-Spall

Nerd, Geek, Father. <insert witticism here>

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store