Saturday, October 19, 2013

Estimating in 3 easy steps!

A conversation at lunch recently revolved around the best way to estimate the length of a task. Lots of folks have developed intricate formulas for this process, but I've found a particular technique to work more often than not.

We're not talking about estimating some humongous project here. That requires, obviously, much more effort. But if you are looking to come up with a "best guess" for some chunk of work you're about to embark on, try this. By the way, this technique works best if you have at least a minimal amount of experience doing tasks of a similar nature.

First, knowing what you know, if absolutely everything went perfectly, how long would it take? No roadblocks, no speed bumps, no waiting on other people, no unusual delays, etc... Take this guess and call it "B" (best case).

Next, if virtually everything that could go wrong did indeed go wrong, what would your estimate be? I'm not talking about a nearby nuclear explosion melting down your city, but if all the REGULAR types of things went wrong, what's your guess? Call that "W" (worst case).

Now, given any previous experience, and your gut feel for what might really go wrong, how long do you HONESTLY think this will take? This would probably be the one guess you'd give your boss if he asked you for an estimate. Call that "L" (likely case).

Now, do this formula to arrive at "E", which is your REAL estimate:

E = (B + 3W + 2L) / 6

In other words, we are weighting your "best case" estimate very lightly, your "worst case" estimate very heavily, and your "gut feel" somewhere in between. Here's an example:

B = everything goes perfectly = 1 month
W = everything goes wrong = 4 months
L = best gut feel = 2 months
E = (1 + 3x4 + 2x2) / 6 = 17/6 = 2.83 months

Face it, things go wrong more than they tend to go right. You might as well build that in when you give your estimates. Better to overestimate a little and be sure to come in on time.

But whenever you actually finish the task, go back and look at your estimates for B, W, and L, and see if you have learned anything new. Did you hit some problem you hadn't ever thought of? Have you simply gotten better at doing these kinds of things? Etc...

Adjust your future estimates accordingly. If you find that your gut estimate (L) tends to be more accurate than the computed value (E), feel free to even change the relative weightings to give it more power. But in many cases, you'll find this to work pretty well.

Monday, October 7, 2013

Change my password?!?! Again?!?!

The following message is directed towards I.T. directors everywhere, and is brought to you by all of the people that you "serve"...

STOP MAKING US CHANGE OUR FREAKING PASSWORDS EVERY 30 DAYS!!!!

First, big-company I.T. groups brought you the "minimum password requirements". This little gem was designed to provide a reasonable helping of security so that folks wouldn't just use their first names as passwords. Next, they implemented a dictionary check to make sure that you weren't using a common word. OK. Then they said you also have to use at least 8 or 10 characters in your password. OK. Then they said you have to add a number to it. Then you had to have a CAPITAL letter, too. Oh yes, and now you have to have a special character (like %, $, or #) to further throw off the password moochers. So now, your password is something that not only can't be easily guessed, but something that's hard for you to remember, too.

No? You've found a way around this??? Cool! What did you do?  Did you capitalize the first letter and add the number "1" to the end? And maybe finish it with a "!"? Guess what? So did everyone else!  So now, the world is full of passwords with leading capital letters and trailing 1's, meaning that the difficulty in stealing them is greatly reduced anyway. Nevertheless, it's still probably pretty hard to compromise.

So, given that, why in the heck do folks need to change them every month or two? Especially with all the complexity of updating not only our laptops, but also changing our phones and tablets, you can lose a couple of hours just messing with your password every month. And then you have to come up with yet another password to remember. What? You found an easy way to deal with this, too???  Did you change that trailing "1" to a "2"? Guess what? So did everyone else! Are you THAT shocked? So if someone just happened to know that your password was Aardvark1, and now it's been changed, do you think they'll just try Aardvark2? I sure would. So a heckuvalotta good that monthly change is doing anyway.

Yet, HERE was the greatest travesty I ever saw. At a recent company, our I.T. group required that our smartphone 4-digit pins be changed every month. Right! Those 4 digits you use to unlock the phone every time you use it. To protect your corporate email, this was enforced by the phone so you had no choice. Also, the time that it took for the phone to lock was only 5 minutes, so almost every time you picked it up, you had to put your pin in, and remember which pin you were currently using.

Think about the insanity here. If some stranger somehow saw you type in your pin, they still didn't have your freaking phone to use it. But just to be sure, it wouldn't matter because you'd be changing that pin anyway in a couple weeks. Going overboard a bit?

Anyway, here's my parting gift to you. If you have an I.T. department that enforces crazy password rules, give yourself a secret thrill every time you login. Change your corporate password to something like "OurITd3ptSux!" or "Ih8ourEffingITgroup!" That'll show 'em!

Oh, and if you are IN the I.T. group, why don't you reconsider some of your nutsy rules?