[dt3ft]

We can’t even push to a git repo unless it has a linked work item/story/task/bug.

So, in order to say, upgrade packages or refactor difficult to read code, the work item needs to be approved by a non-tech PO.

Guess how much gets done outside of planned/micromanaged? Answer: next to nothing.

[rootusrootus]

That definitely sounds broken. I have a hard rule with my PO: 30% of the sprint is mine (read: the team's). He only gets to schedule 70% of the stories according to his priorities. I use that 30% for tech debt, primarily, but sometimes for spike projects and other things that interest us.

[Guid_NewGuid]

It sounds like SOC2 compliance requirements unfortunately. Plus process overhead on who can raise tickets.

I've found compliance makes it harder to write good code. If you get a PR approval with optional suggestions you're heavily disincentivised from actually addressing those comments since if you push those changes you now need to wait for review again.

Like everything process and compliance it's designed by low-confidence managers with an inate distrust of their teams.

[sirsinsalot]

I fundamentally disagree with this.

In our product, a change has the potential to cost businesses lots of money and also bring our customers into legal trouble, potentially making us liable too.

That's why we have heavy-handed change control, code vetting and so on. Yes it makes things slower, but due to the risks involved.

I've also worked on embedded projects where field updates are HARD and costly. We had heavy-handed change control then.

When I put those controls/processes in place, it wasn't due to low confidence, it was due to confidence in two things: (a) even the best SWE makes mistakes and (b) work to control change risk pays off

Sure, it isn't appropriate in many chases, but to write-off process as being designed by "low-confidence managers" because you don't see the point, is a bit myopic.

Any SWE who thinks that a codebase doesn't benefit from review before merging is driving on ego.

[Guid_NewGuid]

I see your point, I think this is the crux of the matter though:

> Sure, it isn't appropriate in many cases

I think where low-confidence management comes in is the application of the process without reference to whether the process is appropriate. It's easier to require all changes to be reviewed, every change to have a ticket and all post-approval changes to require re-approval even if the thing being edited is CSS for an internal tool than it is to build out process that accounts for the field and risk.

It feels like many places/management teams take an "off-the-shelf" compliance approach rather than constructing a process that works for the team.

[sirsinsalot]

The same rigid application of process is often done in the name of Agile, when it is in fact the opposite

[spc476]

On my team, we had a process (for nearly a decade) that lead to us being done on time, on budget, and a very low bug count that didn't involve a lot of overhead (not everything required a ticket, we did code reviews only when we thought of doing so, etc.).

New management took over (they finally realized they bought us out a few years ago), shoving "Agile" down our throats, we've missed multiple deadlines, every deployment has been a disaster, and there are still outstanding bugs that won't be fixed Any Time Soon because they're not on the release schedule.

Oh, and the new mandatory code reviews before checking in code hasn't helped since bugs still got through (and I've lost code because it wasn't checked in---it's not helping matters that we're still stuck on SVN, and half the team can't access the master SVN server).

Yeah, the overhead sure is doing great for us.

Edit: fixed typo.

[hilbertseries]

My company is soc2 compliant and we don’t need work items to push code. Certain changes need to be approved, but they can be approved by a software engineer on one of the approving teams for the repository.

[teucris]

As a product manager I appreciate this take. Lots of bureaucracy is caused by a few base requirements for compliance/governance required by laws or customer need. It’s a huge time suck for PM and engineering, but I don’t know if this is avoidable. Maybe more automated verification systems?

[solatic]

> Lots of bureaucracy is caused by a few base requirements for compliance/governance required by laws or customer need.

Read the underlying compliance requirements carefully. In the case of e.g. SOC2, the regulation requires visibility but does not say who may open tickets or who needs to approve them. You can do a lot by making processes more open, and so long as they are still visible, you can still pass.

If specific customers tell you how to run your business, either write process that isolates their requirements to a bare corner of the business (e.g. a completely separate environment for FedRAMP) or consider firing those customers.

[chociej]

I like this in a certain light. It's not so much a problem that PRs should be associated with tickets, it just sounds like the gatekeeping involved in getting tickets into an iteration is horribly overbearing. There _should_ be work happening that is driven by technical wants and needs, and the PO should be amenable to that.

[ozim]

Yeah - team members are also stakeholders and improving dev experience by allowing refactoring is something that needs to be taken into account.

Unless company does not want to have any devs working on that project in the future. But it would be just like not wanting customers to use that project.

[onion2k]

Guess how much would get done if you learned to explain why that work is important to a non-technical colleague? Lots. People don't always understand code, but they do understand problems, and why those problems are important to keep on top of.

If your PO is sensible then a couple of paragraphs explaining why refactoring is important with a closing line that says spending a week catching up on refactoring now will save 4 sprints of work in a year's time will get you the time. People aren't stupid. Once they understand why something is necessary they've very receptive.

Also, add refactoring time in to your estimates in the future and you won't end up in this situation, plus the code that's committed will be better.

[plasticchris]

Do your non tech colleagues need to have approval before saving a spreadsheet or writing a doc? Do they need to plan it out in tickets weeks ahead of time and get sign off before starting their work? Then report status daily on their progress?

One of my friends is a technical writer and she is amazed we put up with this on the engineering side. No one would ask it of other professionals.

[BlargMcLarg]

>Guess how much would get done if you learned to explain why that work is important to a non-technical colleague? Lots.

From my experience, this is more a cop-out than anything else. At some point I'd expect you understand children with a track record of doing as they are told and informing you of important details do not need to be strictly parented around every corner. To expect that very thing from adults with way bigger incentives to behave feels off.

[plutonorm]

This is like needing to ask to go to the toilet. It's degrading. Utterly disrespectful. You expect people to stick around?

[onion2k]

Updating a dependency, refactoring some code, or just making a 'simple' change sets off a chain of events that affect other people. The other devs need to review the code, the QA team need to test it, and then regression test the rest of the app, the devops team need to deploy it, the legal team need to update the legal documentation that lists the licenses for the dependencies the code has, the technical writers need to change the docs if the update has a visible impact for users, and so on, all across your org.

What looks like a small change to a developer is never actually a small change.

I really hope there aren't that many people impacted when you go for a piss.

[plutonorm]

Once you have technical decisions being taken by non technical managers you are sunk. It's hugely insulting to experienced engineers and it's a major reason that people leave. People crave respect and if they perceive that they aren't getting it, they will do what they can to get out. You cannot micromanage engineers in this fashion and expect to have good retention.

[ornornor]

Well said.

[Chris2048]

> making a 'simple' change sets off a chain of events that affect other people

Not every change affect other people, but isn't that my call to decide? Also "simple" in quotes implies it isn't i.e. you aren't trusting what you are told.

> What looks like a small change to a developer is never actually a small change.

Not true, this is hyperbole. If the lawyers need to be consulted to change dependencies this is something a developer should know and account for. Why keep devs out of the loop?

I consult with other devs, QAs (if needed) & external teams, perhaps with a ticket if deemed necessary, other times just a PR. I run the (CI) regression, I schedule/announce and perform deployment (we have platform team, not "devops" which is generally done by the app devs), I write the app docs, we have no legal documentation that lists the licenses for the dependencies.

I do this as a dev - why should I not be able to recognise if a change is small or not? let alone never being able to.

[jnash]

You are right if you work in an organization that is overly bureaucratic and incompetent. For the rest of us not so much.

[dt3ft]

Explaining why maintenance is necessary time and time again (tech evolves fast) is soul-crushing and quite frankly rather demeaning. I need x amount of hours for maintenance work every sprint, or the codebase will slowly become outdated and undesirable to work with. Again, tech evolves and changes rapidly, open source packages die quite often. Maintainers abandon their packages (my PO likely has no idea that we rely on free open source software to ship features), there are security issues with using abandoned packages… To sum up: when I see issues, I want to fix them. If I have to go through a corp process and ask for time to fix the issues… I sort of tend to lose the apetite/mood. This right here is the core issue.

[ornornor]

> spending a week catching up on refactoring now will save 4 sprints of work in a year's time will get you the time.

In my experience that’s very rarely if ever the case. Managers will always favor features over fixes in the kind of company that ends up with a crippling tech debt problem. They got there by not listening to engineers and having salesmen managers. These companies never change and no manager wants to be the one who’s fixing things for the next manager after they get promoted. People are idiots (maybe) but they respond to incentives. And very often the incentive is that problems that may arise in a year or two are someone else’s problems so not worth fixing now.

[fmakunbound]

> We can’t even push to a git repo unless it has a linked work item/story/task/bug

Exactly the same where I work. The pace of getting things done is absolutely glacial compared to what you know you could achieve if you had any agency. I think the only reason this organization I'm temporarily a part of can even compete is that all its competitors must be equally inefficient.

[sirsinsalot]

But when something major breaks, and the answer to the question of "why?" is ... "well, I just thought i'd make that change, but nobody asked for it" what happens then?

I wouldn't want to be accountable in that situation.

Every change carries risk.

[Frost1x]

And what if the same major thing breaks but you were asked to do it? Your necks on the line and you did something wrong that you were asked to do correctly. The problem is that part of current micromanagement environments isn't just about micromanagement but also passing down risk and responsibility to developers.

You can do the change work in a feature branch and propose the idea after the fact. If there's interest "I've already done it." Stakeholders get a bit of instant gratification like their request just materialized into thin air. If they're not interested, don't mention it and let the work go unused, rack it up as professional development time and work.

I do this fairly often. If a decision has a bunch of real risk associated with it I make sure to get sign off and create an appropriate evidence trail to pass risk back up when it's passed down. Much of work is just passing risk and liability around to PYA.

[sirsinsalot]

Because if you're asked to do something, someone has presumably thought it through and accepted the risk to the business/client.

I'm not sure I'd keep someone on the team who did a branch AWOL and proposed the idea after the fact. Doesn't show much respect for the team, that time could've been spent working towards goals agreed by the whole team.

If you don't have a lead or management environment with ears open to exploratory change, tech debt payoff or "do it better" tasks or whatever... and you have to manage up so much... that sounds like an issue to me.

[Frost1x]

If you consider such behavior 'AWOL' then you've bought into modern development micromanagement and may be part of the issue. That perspective doesn't believe any degree of autonomy and desires drone teams who just crank out on orders. I would never work in such a role or environment, but to each their own I suppose.

There's also an assumption buried in there that any time spent working is somehow owned by you, your leadership, or the organization and not your team or teammates time. I've personally spent plenty of hours "off the clock" investing in directions I think are correct in an IC environment and it's paid off many times (I've also wasted my time on occasion but it's my own time and my choice). If you have slack in your schedule or want to push something out by taking initiative, then the type of management philosophy describe loathes initiative, creativity, and innovation in engineering. It's a great way to drive those abilities out of your teams and organizations.

It's good to foster teamwork and target goals but you also have to give your teams some degree of autonomy, otherwise just as the article describes, they will leave from the drudgery. The allure of technology is the tangibility of innovation. If you rip that off development, for many, the work becomes unenjoyable, tedious, repetitive, etc.

[sirsinsalot]

> Part of the issue

What issue? My projects are delivered on time, on budget and to the customers expectations without undue risk or unpredictability. That's my job.

Nobody on my teams would say I micromanage them, everyone has a large degree of autonomy within a framework of shared goals and shared values that keeps efforts working towards cohesive results.

With autonomy comes responsibility to the team, business, customer and every stakeholder ... so yes, i'd consider it AWOL to undertake work that doesn't respect the input of everyone else by getting agreement beforehand.

[Chris2048]

Why is it any better if someone further removed from the change is accountable instead? Major breaks shouldn't be avoided by avoiding change, They should be avoided by having strong QA process & support - it shouldn't be a single-person accountability.

[Chio]

I don't believe this is how it is actually implemented in _most_ companies. Where I work every PR must have a linked story / bug / etc but anyone has the rights to create a story so it acts more as a way to track what changes actually goes into a release for x-teams to review and see if they need to document it, etc.

In regard to refactors, people tend to just squash them into another change they are making. This makes the git log a bit harder to follow at times, but people did this back when we just used to push to trunk too so I don't think the story is the deciding factor.

[throwaway2037]

You wrote: <<I don't believe this is how it is actually implemented in _most_ companies.>>

I would say for non-tech companies with a strict set of IT guidelines, this is mostly true. Please ignore non-tech companies with weak or zero IT culture. It will be the 'Wild West' at those places! Nothing will be maintainable beyond a certain size because there will be so much key person dependency.

For pure tech or tech heavy (banking, insurance, oil & gas, etc.), there is frequently more flexiblity, including "dummy Jiras" just to track a non-QA'able code change like upgrade C++ / DotNet / Java / Python library, or refactor some code. In my experience, 'Jira-per-commit' rule isn't awful, as long as tech debt does not require non-tech approval, and the ticket is just a tracking device. (A few different vendors offer very nice total integration between issue ticket, bug ticket, pull request, code review, etc.) Just a one liner in the Jira should be enough. In my experience, the best teams try hard to "do what works for us", instead of be a slave to the Jira process. Yes, I realise this is highly dependent upon team and corporate culture!

Finally, I would be curious to hear from people who work in embedded programming -- like automotive, aeronautical, other transport, and consumer electronics. I have no experience in those areas, but there is a huge number of embedded programmers in the world! Do you also have a very strict 'Jira-per-commit' rule?

[sirsinsalot]

I get why bureaucracy is a total pain, getting work approved by stakeholders constantly ...

But the actual ticketing/PR system? Change requires control.

The actual issue is not _using_ that control tool to get the right things done. If basic technical debt issues are not an easy sell in your org, that's the real problem and one that should be handled by senior/dev manager.

A big red flag for me is any org that doesn't recognise and service technical debt and empower engineers to make a win.

I also wouldn't say tech debt pay-off should be without its justification in some cases. If an engineer can't measure the positive impact of doing something, it can make it a hard sell. Why should an engineer spend 2 weeks doing something if we can't describe the payoff?

[kansface]

> But the actual ticketing/PR system? Change requires control.

The ticket system isn't for engineers. If it were for the engineers, they wouldn't be continually forced to use it. The ticket system is for the legibility of management or sometimes compliance (other flavors of management). This visibility is at the expense of the productivity of the engineers themselves.

> Change requires control

No, fundamentally, change is gated by control. The more control, the less the change, with sufficient levels of "control" leading to no change.

[finnh]

Requiring a "non-tech PO" to upgrade a package is just broken, though. PMs are good at some things, but giving them power over every minute of an engineer's day is a recipe for badness.

[sirsinsalot]

Agreed. I'm not sure I'd let anyone who wasn't from a hands-on SWE background decide the priority of technical work.

Of course, in some cases, it is right to say "Here's the problem, and what could go wrong if we don't fix it. You need to accept the risk".

It's a sad fact of life that technical problems need to be sold to non-technical people as they're often the ones shouldering the risk.

Part of my day-to-day is selling tech debt pay-off work to clients who have to pay for it. They rightly ask "why should we pay for this?".

I think in 99% of cases (like your package upgrade example) the systemic failure is elsewhere and the approval is often meaningless and inefficient.

[michaelt]

> Change requires control.

But code, unit tests, git commit messages and merge requests are already providing 4x documentation of code changes. Adding Jira tickets and production deployment documentation gets you to 6x documentation.

In my experience, if your company's problems weren't solved with 4x documentation, they won't be solved by going to 6x documentation.

[sirsinsalot]

I'm not sure that's a like-for-like comparison and if those things overlap like that, it sounds wrong:

- Ticket: Description of the requirement

- Code: How it was done

- Review: Peer-learning, change evolution

- Unit test: Testing of implementation as understood by SWE

- QA: Did the change match the requirement, did the SWE understand it? Is the outcome the right one?

Each "item" should serve a distinct purpose, have distinct value and be justified. If they seem like duplicates, then that probably points at issues elsewhere.

[michaelt]

- Ticket: AB-123 Increase the API maximum page size from 500 to 1000

- Code change: MAXIMUM_PAGE_SIZE -500 +1000

- Unit test: assert len(request[0:2000]) == 1000

- Commit message: Increase the API maximum page size from 500 to 1000

- Merge request: Increase the API maximum page size from 500 to 1000. For AB-123

- Daily scrum update: I've increased the API maximum page size from 500 to 1000, if someone could have a look at my merge request.

- Deployment request: Increase the API maximum page size from 500 to 1000, for AB-123

- Post-deployment test plan: AB-123, ensure maximum API page size is now 1000

- Stakeholder demo: When an API request is made, the page size is now 1000.

[politician]

- Incident report: Regression. When running on AWS, page size of 1000 causes the process to crash intermittently with data loss. Recommendation: reduce the max size to 500.

[treis]

It's amusing to me that in none of these did you say why you were increasing the page size.

[olvy0]

I know what you mean, but to be a bit of the devil's advocate here (only half kidding):

As a reviewer of such a pull request, I'd go over all the places in the code where this page size constant is used.

I'd also like to see a rough assessment of the impact of this change. Does it affect a lot of code? Some code? What percentage of users are to be affected by this change?

Also, who asked for it? It's ok if no user asked for it and it's your own initiative. But if users did ask for it (or rather complained something like "the app rejects our API requests" or "the app is effin slow, please fix"), then it'd be nice to connect to their tickets / mails / chat logs. This could serve as a proof to management if someone decides to question this change.

Deployment: If this change is in an API called by many functions (so, big impact), but it can bring with it a big benefit to many users, I'd like to see a rollout plan - as simple as putting it into a beta version, or (if we have them) using feature flags to enable it, and a plan (can be an automated script) that tracks crashes during this rollout. If the change doesn't have a big impact then that's not necessary.

Ideally I'd like to see coverage results that proves that all those functions which use this constant and all code paths leading to them have coverage. It's perfectly ok if they don't, perfect is the enemy of the good, but at least the major ones. I would also go over carefully at least over some of the code which uses this constant directly and indirectly to ensure no funny business like too many threads allocating this bigger buffer, no funny out of bounds issues due to code assuming size is of a certain length (if it's C/C++/C#) etc.

So really, what is the user-visible impact of this change? If it has no user-visible impact, then why was it made? The ticket as it was specified here doesn't answer this question and therefore reflects a somewhat broken organization/team, where engineers are disconnected from their users and/or lack the eloquence or willingness or time to explain their changes. I bet the person who wrote this doesn't even bother writing comments about non-obvious changes (such as this one!), making their code harder to maintain.

[singlow]

Requiring it to be documented and approved is just responsible from a change-management perspective. At my company we have similar requirements and it is basically required to do that in order to meet security audit expecations. The problem is when they managers don't let you have a say in what gets done.

If a developer on our team things something should be done and can do it quickly, they are encouraged to create a ticket and do it. It gets code-reviewed and accepted. If it is not a quick change, they need to bring up the ticket at a planning meeting to make sure it is balanced against other priorities.

[dubswithus]

What happens if you do it anyway and don't put it on the board?

[voxic11]

In my company it depends on the repo but worst case is you get arrested for making unapproved changes to regulated sports betting systems.

[nso]

This made me laugh out loud because it was so unexpected but also makes perfect sense.

[Chris2048]

In the unlikely event that such a repo gets deployed to prod without any oversight?

[dfsegoat]

Ouch. Out of curiosity, are those local or federal regulations?

[voxic11]

Mostly state level here in the US. The feds just don't allow any type of gambling across state lines but otherwise leave it up to the states to regulate. Its actually a huge pain in the ass to deal with since there has been very little standardization of state regulations so far.

[bendbro]

You wasted time on something that doesn't get you out of PIP, into promotion, or a higher salary. At companies that micromanage, I would imagine your direct manager is the sole owner of your performance rating.

[dubswithus]

I'm not trying to get a higher salary or promotion. I make enough money. I can't say for certain since it has never happened but I would probably quit on the spot if PIP'd.

[tut-urut-utut]

Why would you do that?

Worst case, you get criticized for doing unauthorized work.

Best case, you spend your time on a task that gets unnoticed, and now you have to do overtime to do stuff that you are assigned to and actually supposed to do.

[dubswithus]

I don't mind criticism. I've been chewed out before. I refuse to work overtime and if push comes to shove I'll find a new job.

Why would I do it? Bit of a rebel I guess.