Collection of articles on company / product strategy (engineering management focused)

“What’s awful about being a {software engineer, tech lead, manager}?”

“Your development team will never, ever, ever be big enough. So you have to apply The Law of Ruthless Prioritization at every level to focus on the few truly important items.”

“Thoughtful segmentation has to happen before we get too deep into the development cycle, or we’ll build a one-size-fits-none monstrosity.”

“To make sense & survive any of it, you have to have a profoundly change-oriented approach. You have to understand that any process or organization will work for awhile, then it won’t.”

Visual Studio Code


To show all possible properties, methods, keys, etc of any entity, object, class, enum, instance, etc in Visual Studio Code, particularly TypeScript, place your cursor on it and press:


Mark down preview

When viewing a .md file you can preview it using: ⇧⌘V

Refresh when code changes on disk

Add a key binding:

"key": "ctrl+f5",
"command": "workbench.action.reloadWindow",
"when": "editorTextFocus"


Happy coding 🙂

Official key bindings (⌃ is ctrl, ⇧ is shift)

Science progresses one funeral at a time.

Was it coincidence it took almost 50 years to have the paradigm shift in programming to move past the GOTO statement and that 50 years is about the length of some peoples careers…?  In this video by Doug Crockford on “Paradigm Shift” (80 seconds, 12:17 minutes to 13:39 or the longer 10 minute version), he points out:

So why did [the paradigm shift] take so long?  Unless you have experienced that change you can not understand the arguments for why that change may be good or bad.  And we have that happen all the time in human experience and a lot of the misery that we suffer and society is a result of the difficult in making these shifts.

And another except:

Progress does not wait for the next new idea. It waits for consensus on an old idea.

In this video Doug Crockford (a well known programmer) talks about one of the most famous programmers (Edsger Dijkstra) of our time who was pivotal, amongst many other things, in instigating a paradigm shift to remove the GOTO statement. How it took almost 50 years to remove something very simple (but often used in a lazy/bad way) from most modern mainstream programming languages.

It just takes time.  Its emotional even though it shouldn’t be.  It was the moderates who eventually bridged the gap and built the majority supporting the “radicals” who had the evidence and were moving in the correct direction.  The old guard of reactionaries objected on grounds of Pride, Tradition, Majority opinion.  All the classic stuff.

The future GOTOs

Now with an ageing population and rising retirement age, what will happen to our rate of paradigm shifts? Will they slow down?  In an age of rapid innovation, perhaps this is one of the checks and balances.  It might be deleterious in some scenarios but broadly it may keep our society and culture moving in a considered and constructive direction.

What if there is no simple alternative?

In Doug Crockford’s video, he describes how the ELSE and WHILE programming statements were introduced which meant you didn’t need GOTO statements any more.  These are simple alternatives to understand but what if there weren’t any?  What if there was either no alternative or many complex and subtle alternatives with varying levels of evidence to support them.  I think and hope the answer would be that the moderates would still be able to support them but it would just take them a little longer to build the majority around the people challenging the misguided status quo with evidence and truth, the “radicals”.

Domain Name Password Hash

What do you need from a modern password?

  1. Easy to remember
  2. Hard for someone else / a computer to guess
  3. Different for each website (because if you use the same password it’s great for crackers (criminal hackers) but bad for you)
  4. Passes most of the pointless requirements websites make of you

This solution meets all the requirements above but cheats by changing number 1 from “Easy to remember” to “Easy to calculate”

3 setup steps:

  1. Pick 3 different numbers between 1 and 9
  2. Pick a punctuation
  3. A sentence of 9 longish words.  Preferably each with 6 or more characters.  To remember it it helps to weave a story round them

So let’s say we choose:  4  2  1.  A ! for punctuation.  And for the sentence:

brazil forest aeroplane cumulus jupiter descend runway london hackney

These are all you need to remember.  NEVER WRITE THESE DOWN ANYWHERE (except maybe a bit of paper you keep somewhere very secure and then set fire to as soon as you have remember them all).  Now make a google spreadsheet or equivalent, like this example which only records what email address/username you used and for which website.

Calculating your password

Take the domain name of your website.  Say you’re logging in to, the domain is hotmail.  The aim is to first convert hotmail and your 3 numbers into another 3 numbers.

So take your first number 4 and count that many letters into hotmail.  This gives you m which when you look in the alphabet lookup table gives you 5.  Do the same with your next number, 2, this is o in hotmail which is 6, finally 1 is h which is 3.  So you have 523.

Finally 523 is Jupiterforest!3.  You use the first two numbers to take the words from your 9 word sentence, make one letter into a capital, then put on your punctuation, add your number and you have a passwords for all your sites which are:

  1. Easy to remember calculate
  2. Hard for someone else to guess
  3. Different for each website
  4. Passes most of the silly requirements

I can usually do this in my head, without the lookup table in under 30 seconds.  It’s not as fast as some of the other solutions out their like LastPass.  The advantage is I’m relying solely on my brain to remember one easy to remember, long master password rather than putting all my eggs in one basket with another company.  In fact I can write that master password now (not that you’d ever do this…right?…!) after just having made it 10 minutes ago and only seeing it once.  I’d like to go to Brazil to see the forest and when I fly back in an aeroplane through cumulus cloud it’d be great to see jupiter in the sky before I land on the runway in London and go back to Hackney.  Damn missed one word.  Ah forgot descend!  Well you’ll get it pretty quickly.

Mixing it up (aka making it harder for others/computers to guess)

You can choose more than 3 numbers if you want more words in your passwords (great!).

You can put the number, punctuation and capital somewhere else.  I put them in the middle / end because I have found some *very* silly requirements where the password has to start with a letter and nothing else… no idea why.

You can have one or more of the numbers count from the end of the word backwards, so if 321 were all “backward” numbers, then they’d choose ail

You can have more (or less… not recommended) words in your sentence and just change the alphabet lookup.  The most extreme would be 26 letters but that would initially be pretty hard to count through your words in your head.

Edge cases

What if you produce the same number from looking up a letter?  For example if your numbers were 1 2 3 and you had the domain then a, b and c are all 1.  In this case it’s perfectly safe to just write Brazilbrazil!1  Alternatively you can add 1, so 111 becomes 123 (again).  You could of course add or substract.  And you could choose a number other than 1.  If you had  446 and you chose to subtract 5, the second 4 would loop back round the top to become 9, so it’d be 496.

What if you run out of letters in your domain name?  Take again, if you had 124, you can loop the 4 back round to the start i.e. treat the domain name as if it was abcabc… so the 4th letter is a, 5th is b, 6th is c, etc.

What if your password still isn’t being accepted?  Hopefully these will be very much in the minority.  Use the notes column to say: “no capitals allowed”, “no more than 10 letters” or maybe even hint at part of your password “use other punctuation”.  Once I have stored a temporary password in clear text in the spreadsheet but this was only for an account I didn’t care about and wouldn’t pose any risk if someone else had access to it (they couldn’t buy anything or pretend to be me to someone else, etc…).

What happens if you want to/have to change your password?  I have the column saying “password” and if the sentence is the same but my chosen numbers are different then I do 1.b or 1.c to indicate different numbers, you have more to remember but typically I only change one of the numbers.  One trick with some websites that force you to change your password is to change it to something else and then change it back to the first entry (unless of course they’re asking you to change it because they have been broken into… then you might want to actually change it to something different).


Let me know how you get on!  Remember this won’t guarantee you 100% security but it should help you improve it and I hope you find it as useful as I have.  Cheers 🙂


p.s. There was going to be a rant on here where I listed the websites that had ridiculous password requirements but there were so many and which such staggering “bizzarity” that it was longer than the actual article.  I decided to include only the highlights in the hope of shaming these organisations into improving:’s password generator suggestions produces things like: “idIoms bottl3$ merit luCk” and “o7BFBqDAh@w"

UK DVLA actually want you to make easier passwords, for example name9name$ is invalid but removing the number makes it valid?!

United Kingdom government authentication gateway website, which is as important as it sounds, limits your password to no more than 12 characters.  Incredible.

Life can not count

If you have two populations how can you tell which is bigger?  If you can count them all then it is trivial.

red and blue balls

Programmers and mathematicians are used to seeing:

blue_balls = 4
red_balls = 2
if(blue_balls > red_balls): print "We have more blue than red balls"

But the cells and molecules that make up living systems are not afforded the advantage of performing a global count.  So far it seems all computations they can perform at the molecular and cellular level are from random interactions with each other, i.e. when they randomly bump into each other.  And many biological systems rely on this process to figure out which molecule is in excess of another and therefore what to do.

An example comes from a region of DNA in a yeast species called Schizosaccharomyces pombe, where the excess of two proteins versus another two proteins causes certain genes to be switched on or off.

Dodd 2007 Cell - fig 1 gene activation or silencing

The figure above is a bit complicated to explain in detail but the core of what is happening is simple:

  1. If there are more of the black than white proteins present in the cell, the black proteins will convert the white circles on the DNA (acetylated DNA) into black diamonds (methylated DNA).
  2. More black diamonds means the genes for producing the white proteins are silenced (switched off) and the genes for producing the black proteins are activated (switched on).

This is a simple positive feedback loop.  Likewise if there are initially more white than black proteins, the biological algorithm will result in the consensus being reached that white proteins are in the majority and will ensure it remains that way.  Note that both these processes progress via an intermediate step where the DNA is neither methylated (black diamonds) or acetylated (white circles) and this occurs in cases of ambiguity where both black and white entities (proteins and modified DNA) are present.

We can simulate this biological algorithm in code, specifically I have chosen the Approximate Majority (AM) consensus algorithm.  In this system there are 3 actors (instances of Entity), A, B and C.  Two of them, A and B are the starting entities and the biological algorithm’s aim is to determine which one was in the majority at the start.  To accomplish this the biological algorithm uses 3 reactions:

  1. A  +  B  →  2C
  2. A  +  C  →  2A
  3. B  +  C  →  2B

Reaction 1 says that if A and B randomly bump into each other they will react to form two of C. Reaction 2 says if A and C meet they will form 2 of A, and similar for reaction 3 with entities B and C.  In this case A represents both the black diamonds and the two black proteins, with B representing all the white parts.  C represents the unmodified DNA.  The initial question of “which population has more” is now easily answered and the answer is correct most of the time (and to perceive the answer biology only has to connect the presence of protein A or B, and perhaps the absence of C, to some other effect and wait).

Follow this link and press the spacebar key to try out the algorithm. The graphs shows how the average number of the entities A, B and C change at each of the iterations of the Approximate Majority algorithm.  To see how a single reaction progresses graphically change the “Number of runs” to 1 and refresh (press ‘r’ followed by the spacebar) or view it visually progressing.

Note that this is still only an approximate majority.  It will be more likely to make mistakes if there is not a majority of one entity versus the other at the start.  For example if entity A begins with 30, and B with 15 the algorithm will get the correct answer with 3 nines correctness (99.9%).  Increase B to 25 and the correct answer is reached in only 87% of the algorithm runs:

approx majority correctness

Under the hood

If you are curious the reaction dynamics are being run by a “bounded” Gillespie algorithm, where the time until next reaction is bounded to ensure an interesting (fast enough) and comprehensible (not too fast) animation.


The AM algorithm is not exactly the same as biological example above because if all the A and B are consumed leaving only C, the AM algorithm will not resolve to an answer.  In the actual biological system above, this case of stalemate could theoretically arise if all the DNA is left unmodified with neither black proteins or white proteins being produced however biology is messy: it will likely produce a low level of black and white proteins regardless of the state of DNA modification.

Additionally proteins have a life time and are eventually deconstructed and recycled by the cells that contain them, a fact which is also not yet modelled in this system.

Finally the Gillespie algorithm underlying it is using a very simple model of reaction propensities which may only approximate biochemical behaviour.

I was inspired to build this implementation of a biological consensus algorithm by a talk on biological systems, their simulation and application by Andrew Phillips at Microsoft.  Additionally I wanted a project to cut my teeth on some d3 animations and Typescript.  I also saw the 2015 Oxford iGEM team’s tweet on using Gillespie’s algorithm for stochastic modelling and it all came together nicely.

There are plenty more synergistic relationships between biology and computer science that might inspire some more blog posts.

Sneezing. An evolutionary tragedy of the commons?

Many air breathing organisms sneeze as a way of clearing their airways of unwanted material.  When the first bug floated into our primitive ancestors respiratory track and started multiplying more than its host desired it might not have yet had the reflex to sneeze.  Once it did that pathogen would have had a very real evolutionary boost…. now it could spread much further and faster than it could possibly “hope” to do by itself.

For the host, sneezing makes sense.  In one fell sweep it has significantly reduced its pathogenic load, and improved its ability to respire, demonstrating improved evolutionary fitness.  Perhaps even raising its fitness from “death from pathogen” to survival.
For the species then an individual adopting sneezing is not completely disastrous because if without sneezing no organism could survive, there would be no species.  But individual sneezing for the species still seems almost completely disastrous.

Ring-a-ring o’ roses,
A pocket full of posies,
A-tishoo! A-tishoo!
We all fall down.

Now every member needs to have an immune system capable of fighting every pathogen that any member encounters.  Previously if a member encountered a pathogen, this was limited to its own respiratory tract where it alone had to expend the resources to defeat the pathogen.

However would the pathogen have been limited to just its host?  For an asexual and solitary species this could have been true but for herd and social species and or sexual encounters involving intimacy, the pathogen would likely have many opportunities to spread.  Some pathogens are also airborne, detaching in microscopic drops of fluid from the air way of infected organisms as they breath.

If, if, sneezing is not increasing a pathogens ability to spread, an individual organism is just improving its fitness by sneezing and is not driving a tragedy of the commons.  When I sneeze on a packed commuter train though I suspect our ancient ancestors raced each other (unintentionally, through evolution and selection) to the top of the personal – aka selfish – evolutionary ladder but drove the collective species downwards.

The Speed of Life

Dystrophin takes 16 hours to transcribe.  It is 2.3 million bases of DNA being copied into a 2.3 million RNA base molecule.  Not only is that a massive gene (almost 0.08% of your total genomic DNA), it’s also incredible that this gives you a measure for how fast a tiny molecular machine (RNA polymerase) joins even smaller molecules of RNA bases (nucleoside triphosphates) together:  2.4e6 / (16 x 3600) = 42 base pairs per second.


(Here is a nice cartoon simulations of RNA polymerase transcribing a DNA gene into an RNA copy, known as messenger RNA, or mRNA for short:  simple version and the more detailed version ).

The evolutionary advantage of hayfever or disease’s smokescreen?

Spring and summer bring runny noses, sore throats and lost productivity to the many individuals who suffer from pollen allergies.  Perhaps though there is a selective advantage for pollen allergy suffers.  By increasing mucus production for a few months a year, soft tissue surfaces inside the noise and throat might be a more hostile place for entry by viruses and other diseases.

An additional thought I have been pondering is perhaps that diseases which share antigens with readily available airborne substances also increase their chance of evading detection for a longer period of time, establishing a greater foothold in their host and spreading to more hosts than previously possible.  This would render it a selective advantage for these bugs to look, molecularly, like pollen.  Of course once the body has wised up to this ruse and mounted its immune response, it is highly likely it will have also now developed a pronounced immune response to the pollen’s antigens that the original – now long gone – bug was impersonating, or imantigenating / immoleculating (as you wish).