On Friday I spent the day at the Mind The Product conference in London. This was my fourth year at this very well curated, single-track, one-day conference covering a broad range of product management topics. Below are a few key points I captured. Definitely a WILTW (What I Learned This Week).

Opening

Martin Eriksson opened the stage. He reinforced the key messages from his recently published the Product Leadership book: Product management is all about people. We traverse the product life-cycle as a team.

Product life-cycle:

• Product inquiry
• Product discovery
• Product delivery

This was the first time I noticed the term Product Inquiry and I will pay more attention to this moving forward.

Jake Knapp – Design Sprints

One of the high profile speakers at this year’s MTPcon was Jake Knapp who wrote the book on Design Sprints.

Jake provided a number of very practical examples and summarized the book’s concepts:

• Get all people together
• Work with them on a key moment
• Work alone, together
• Be fast and decisive
• Fake it
• Work with quick & dirty, available data
• Take big risks

Jake mentioned that there will be a new book soon.

Blade Kotelly – Experience Centerlining

Blade opened his talk by asking: Does user experience have a strategic role at your company?

He then followed up with a 10-Step Design Process:

1. Identify needs
2. Gather information
3. Stakholder analyses
4. Operational research (looking at things you could be limited by)
5. Hazard analyses
6. Specification creation (“Specs that are too specific limit innovation, specs at the right level can be inspiring.”)
7. Creative design (“Lots of yellow stickies”)
8. Conceptual design
9. Prototype design
10. Verification (usability testing)

Teresa Torres – Critical Thinking for Product Teams

Based on her experience as Discovery Coach Teresa came on stage presenting the Opportunity Solution Tree:

• Start with a clear desired outcome#
• Map out the opportunity space
• Solutions can and should come from everywhere
• Experiment to evaluate and evolve your solutions

More details can be found on Teresa’s MTPcon microsite.

Jane Austin – Great digital products

Jane‘s key message was to run product teams with consent, not consensus.

In addition she mentioned a number of team and process aspects to build great products:

• Designer as facilitator
• Autonomous cross-functional teams
• Design at every step of the process
• Build the right thing (“Do they want the button”)
• Build the thing right (“Can they see the button”)
• Right people with the right attitude

Scott Berkun

Scott spoke about his latest book The Dance of the Possible. His take on creativity:

• All ideas are made of other ideas: Study the history of a problem to find new ideas for solving it.
• Great ideas often look weird (at first): Allow weird ideas to stay around.
• Our minds are naturally creative: When suitably motivated by a hard problem, creativity is unavoidable.

Amber Case – Calm Technology

The scarce resource in the 21st century will not be technology, it will be attention. Amber presented a number of Design Principles for Calm Technology:

• Technology should require the smallest possible amount of attention
• Technology should inform and create calm
• Technology should make use of the periphery
• Technology should amplify the best of technology and the best of humanity
• Technology can communicate, but doesn’t need to speak
• Technology should work even when it fails
• The right amount of technology is the minimum needed to solve the problem
• Technology should respect social norms

Sarah Nelson – A place of our own

Sarah spoke about (work) spaces’ influence on team culture.

She identified the following habits to build great spaces:

• Say YES! (Allow for participatory, human-centered design)
• Prototype
• Be opportunistic
• Be scrappy (Figure out how to do things on the cheap, see book “make space”)
• Ask for forgiveness

Josh Clark – Design in the era of the algorithm

Josh‘s talk focused on design for Machine Learning (ML) space:

• Embrace uncertainty
• Design systems that are smart enough to know when they are not smart enough
• Signal uncertainty. Ask for help.
• Improve the data
• The machines know only what we feed them (garbage in, garbage out)
• Responsible data gathering
• This is a UX research at massive scale
• Make it easy to contribute (accurate) data

Lea Hickman – Transforming to a Product Culture

Lea highlighted a number of themes establishing great product culture.

A critical shift is from:

• From tasks to goals
• From output to outcome
• Alignment of business and product goals

Barry O’Reilly – Lessons deploying Lean Enterprise at scale

Barry‘s talk was entered around the Lean Enterprise book and some of its key messages.

Software is eating the world (The 5 imperatives of innovation)

1. Technology as a strategic capability
2. Willingness to support experimentation
3. Iterative, adaptive working processes and practices
4. Reduce learning anxiety across organization (i.e. people not be afraid to try new things)
5. Ability to innovate at scale

Success factors to create high performance organizations

• Purpose: clarity of purpose and outcomes
  • Principle of Mission
  • Provide the “what and why”, trust the team to figure out the “how”
• Big changes start small: design behaviors
  • BJ Fogg Behavior Design

ROTI (Return On Time Invested)

This year’s MTPcon gets a ROTI of 4 on a scale of 5. Teresa Torres talk would probably have been the highlight had it not been corrupted by the clicker malfunction. Also, the amount of talks was too much. Ten strong, high-quality talks is a lot after a short night (I usually take the first morning flight from Munich). Last year also had 10 talks but one of them was really weak. The previous two years saw 9 slots for talks which is easier digestible.

Heather Martin: Personalisation, tomorrow

Lauren Currie: Why it’s time for designers to share their power

Neil Colman: So you want to be a Service Designer

• In service design you ask “What should we be making?”.
• A good experience does not necessarily make for good outcome.
• Services are co-created.

• Find out what outcome your users ACTUALLY want
• Think end-to-end: what happens before and after
• Explore experiences of other actors
• Open up your design process to others
• Be curious about what goes on “behind the scenes”

Jeff Gothelf, Josh Seiden: Sense and Respond

The Sense & Respond Core Principles:

• Embrace uncertainty

• Culture of continuous learning: Iterative buildout and continuous learning. Ship, sense, respond.

• Do less, more often: What must we learn? What’s the fastest way? Design experiments around that!
• Organize for collaboration: “To build collaborative teams we need to emphasize on skills, not roles. To build cohesive services, we must emphasize a comprehensive approach, not discipline-specific land grabs.”

Nick Remis: Working with Service Blueprints

Some key messages:

• Blueprinting helps us to shake up business as usual (i.e. Conway’s Law)
• Current-state service blueprints show how a service functions today
• Traits of service blueprints
  • Multi channel
  • 360 degree view
  • Orchestrating (how everything works together)
• Blueprint building blocks
  • Customer actions
  • Touchpoints
  • Staff actions (frontstage): staff the customers see
  • <Line of visibility>
  • Backstage staff
  • Support process
• Check out Adaptive Path’s “Guide to Experience Mapping”
• Service Blueprinting
  • Determine your scale
  • Decide your fidelity
  • Start, stop, continue
  • Orchestrate implantation
  • Make new friends (connections inside an organization)

Conclusion

Last Friday I was lucky enough to spend a day at Ground Control Conference in London. This was a conference for anyone leading digital projects. Talks revolved around project management, product management, Agile and leadership topics.

Coincidentally it was also Turing Day in our team. So this conference’s themes perfectly fit our aim to sharpen the saw and learn new things.

So here are a few of my key insights.

Yvette Pegues: Digital Diversity – Leading multi-sensory & multi-ability audiences

When designing (IT) systems, check their P.O.U.R. criteria:

• Perceivable
• Operable
• Understandable
• Robust (can this be interpreted on a different platform)

If you create content consider these practices:

• Text alternatives
• Search engines
• Labeled images
• Don’t enlargement, color contrast
• Captured video
• Short time-out windows
• Meaningful links

Generally, follow WCAG standards

Sam Barnes: It’s all about the little things

It is our job to look after people, and make them feel valued. It is about the little things. These include:

• Manage your own workload: have your house in order
• Always be present on communication channels
• Get back to people on time
• Unlock radical candor
• Out of hours comms: make sure you are not expecting a timely reply
• Assume people mean well
• Trust is often the issue: Break work into smaller pieces to build up trust
• Use regret to make decisions: “Will I regret it if I say no?”

• Professional doesn’t mean being dull: Accept who you are, be comfortable and be yourself at work
• Be nice, be polite and watch the outcome.

Adrian Howard: Failure Swapshop

Adrian was the guy who made me aware of this conference as we are both members of the BalancedTeam Slack. His workshop focused on failure:

• Failure is hard to hear and hard to say
• If you can’t admit to a failure you are not allowed to learn
• Celebrate failure (don’t be afraid to fail) and you will have a better life

One way out of the not-allowed-to-fail hole is to run a Failure Swapshop:

1. Hi, my name is ___ and I failed
2. EVERYBODY CHEERS
3. Explain your failure
4. Share the lessons learned

Carson Pierce: Your brain hates project management

This was a great session of cognitive biases in project management.

To get past some of these biases:

1. Slow down decision making, explore other ideas, analyze the information we get
2. Unpack it, break the problem down into smaller pieces
3. Go outside, find an external source to help look at things more objectively, reference class forecasting
4. Flip it, consider the opposite of the problem, pre-mortems
5. Be sad, avoid optimism bias
6. Externalize, because memory is so bad, “Never memorize something you can look up. (Albert Einstein)”, meeting minutes, Jira tickets, Google docs, you never have to rely on you own information

Meri Williams: Modern management – Creating space to be awesome

Yet another awesome talk. Meri extends Daniel Pink’s Drive with a dimension on inclusion.

Space to be awesome =
+ Purpose (do I believe in why)
+ Autonomy (do I get a say in what)
+ Mastery (do I choose how)
+ Inclusion (do I belong here)

Cultivate inclusion, show that “someone like me can be successful here”. In order to do so, craft inclusive environments, answering these questions:

1. Am I expected here?
2. Am I respected here?
3. Can I be myself and be successful here?

Michael Lopp: The impossible job

The day was wrapped up by Michael Lopp’s talk on Leadership, the impossible job. Michael presented 16 of his leadership practices/traits/hacks/qualities … Very worth it.

There is never enough time: As a manager you are exposed to more things.

#1 Two minutes early for everything. Show up two minutes early for everything. As a leader we set the tone.

#2 Office hours. As a leader there is more of them than you. It is not effective to meet them all. But you must be available. Schedule “office hours”. This encourages serendipity.

#3 Move the clock towards you. Empathy is a super power. Move the clock towards you to avoid devaluing the moment when looking at the clock.

You are greatly outnumbered by chaotic beautiful snowflakes.

#4 The most important meeting. One on one meetings with all direct reports. 30 minutes, every week, no matter what. If you have to reschedule, tell your people why this happens. Value people’s time.

#5 Learn everyone’s first name. As a leader you acknowledge the connection with other humans.

#6 Three questions before any meeting.  Prepare for any meeting and find three questions. 1:1s and staff meetings are for topics of substance, they are not status meetings. Talk about the things that matter to humans on the team. Value people’s time.

#7 Complement frequently. Compliments are free and amazing leadership coins. Show acknowledgement and talk about the things we are doing well. Give compliments of substance to recognize the value of what others are doing.

There is too much to do and too much to know.

#8 Continually fix small things. Pay down a little bit of debt.  File bugs, pay attention to small things.

#9 Know the most important numbers. What are the three to five most important numbers in your business. Know where they are coming from and why they actually matter.

#10 Share profusely. Share meeting minutes. The more eyeballs see an idea, the better it gets.

Their expectations are unattainable. Their expectation is that you are the best version of them.

#11 Think before you speak. Everything you say as a leader is judged. Speak clearly, speak slowly. Get some speaker training.

#12 Admit and explain failures. Can you admit failure and explain it?

#13 Seek diversity. This is also about social justice. Ideas get better with diverse eyeballs. Pull in diverse ideas to build products for humans. This is really hard, this is a 100 year problem.

#14 Weaponize rumor crushing. As a leader crush rumors. Talk about gossip, rumors and lies in every staff meeting. Put truth/signal back into the system.

#15 Smile as the sky falls. As a leader smile when the sky falls. We want to understand how to fix it. The smile will calm people down so they can fix it. Set a positive tone.

#16 Pick one thing.
For @rands this is to be unfailingly kind.

Conclusion

The ROTI for this conference was a clear 5 (out of 5), i.e. it was an excellent use of time. I already signed up for the 2018 mailing list of Ground Control Conference.

Last week people from various Mozilla teams got together in Berlin for a work week on Identity and Access Management (IAM) as well as Community Support Software (CoSS).

<TL;DR>

Following up on work done throughout 2016, we

• updated project visions,
• populated backlogs,
• resolved technical integration questions,
• created roadmaps,
• and defined integration milestones.

Lastly, we came out of the week with broad and deep shared understanding on these two projects and their envisioned impact on Mozilla’s mission.

Day 1

As people had to travel from many places in Europe and Northern America to the work week we used day one to get to know each other, set expectations and introduce project metaphors.

IAM Metaphor

Access management is strongly related to “levels of trust” of people involved in an initiative. In the past, this was usually modeled by relying on the “onion model” of Mozilla Communities. Moving forward, we believe that trust is better modeled using a Community Garden metaphor.

Some of the base principles driving this metaphor are:

• Each contributor is a plant in the community garden
• Mozilla is the environment providing resources that make plants grow (water, soil, rain)
• The gardeners are the onboarding program members
• Each group has a different level of maturity, like the plants
• Levels of trust are represented by the depth of roots

CoSS Metaphor

Diving into Community Support Software, a Utilities metaphor closely resembles our project goals. Right now various Community Support websites are like cabins in the woods, from the outside they all look a bit different. But at the core, they have a lot of similar needs. Taking a holistic approach to these products will allow us to develop robust technologies to service all. So instead of us living like we are all cabins in the woods. We will set up “public utilities” (sewage pipes, power, heating) that can serve the community. And we’ll make sure all the utilities (identity, event management, content management, etc) can work together, can scale, and support openness.

Participants evaluated the Day 1 Return-On-Time-Invested (ROTI) at 4.7 (on a scale of 1 to 5).

Day 2

During the second day we split in two streams

1. Identity & Access
2. Community Software

The Identity & Access stream created a very rough story map for the work to be done during the coming months. The Community Software stream identified, refined, and shaped a shared language among program managers, product managers and software engineers.

Together we agreed on various communication and collaboration processes and expressed our intent to run the projects in a Scrum-like development approach, allowing us to inspect and adapt as we go. This set us up to co-create a strategic vision for the two projects.

IAM Vision

Mozilla’s Identity and Access Management (IAM) project builds a secure, easy to manage, and appropriate authentication and identification service for all of Mozilla and its community, which enables seamless communication & collaboration between staff and volunteers.

It is an integral element of the Community Support Software project and an essential building block to Mozilla’s goal of making radical participation a strategic advantage.

This will be achieved by

• providing an easy, safe, and consistent user experience

• allowing for services to be expanded and focused based on level of trust or role

• using the same IAM platform and tools

• establishing organization-wide data consistency

• reducing IAM management tasks

In 2017 IAM will expand the unified sign-up/login experience to all users and provide a common platform linking identity & access management for employees and volunteers.

CoSS Vision

The Community Support Software, CoSS for short (previously VMS or MozNet), provides the tools needed for people to contribute to the issues [could be tech or mission] they care about through Mozilla. A simple, transparent, guided and personalized User Experience ensures that work is surfaced, strategic, done with clear accountability. It will have a near seamless experience with other Mozilla communication and collaboration tools.

Additionally, the CoSS facilitates and enhances the staff/volunteer relationship, allowing for staff or Volunteer Leaders to identify, recognize, and support people at a variety of levels and contribution types.

In 2017, we will create the start of a solution through iterative prototyping with local clubs. With the goal to build key functionality to solve programmatic  needs in a way that is scalable for other teams.

Participants evaluated the Day 2 Return-On-Time-Invested (ROTI) at 3.6.

Day 3

By now we switched from “going broad” to “going deep”. This resulted in various break-out sessions, cross-pollination between the  work streams, and continued refinement of the overall picture.

In the early afternoon we spent time on a real-life user experience journey. Showing a Mozilla Club Captain’s journey from a Tweet to the website to his/her email inbox and all the back and forths happening in between. This was a fun and enlightening exercise.

The picture below shows Gene (the Club applicant) talking to Lucy (the website). Not pictured is Julia (the email inbox). The blue flag Alan is holding up signals confusion at this particular interaction step.

Participants evaluated the Day 3 Return-On-Time-Invested (ROTI) at 3.8.

Day 4

Throughout the day we continued to answer the hard questions. This included refinement of story maps, identification of personas, prototyping and stating product assumptions.

We also used the afternoon to check in with some of the core stakeholders: CRM/lifecycle marketing, MoFo leadership, IT leadership, Open Innovation leadership. Future stakeholder meetings are planned with the People team and others.

Participants evaluated the Day 4 Return-On-Time-Invested (ROTI) at 4.0.

Day 5

The final work week day. This is where our roadmaps came together. The pictures below are rough and should provide a high level overview. Work for the coming weeks will be based on these roadmaps.

Concluding the work week we are excited to be at the start of this implementation journey!

IAM Roadmap

CoSS Roadmap

Participants evaluated the full week Return-On-Time-Invested (ROTI) at 4.8.

Closing Remarks

A huge thank you to the work week participants, sponsors and organizing committee. It was great to see that 23 people were able to set aside an entire week of their busy schedules and join us in-person. The many “Aha!”moments and actionable outcome speaks for the week’s success.

Now it’s time to switch into delivery mode and ship value. We aim to get as much done as possible in the remainder of Q1 and until we all meet again at the next All Hands. Onwards!

PS: If you want to continue the conversation, please join us on Discourse at the Participation Systems Program category.

As previously mentioned, Mozilla decommissioned Persona and moved to Auth0 as authentication provider. During the past days, we received reports that users were returned HTTP 400 (Bad Request) upon login. With KaiRo‘s help we tracked down an issue in Auth0‘s plain text URL encoding. Awesome find! Big kudos to KaiRo!

For full details, please read on.

Steps to reproduce

• Open reps.mozilla.org
• In the top right, select Login
• On Mozilla’s Auth0 Log in page, select Log in with Email
• Enter your email address
• Press Send Email
• In your mail open the message from Mozilla SSO and view source
  • In Gmail: Options > Show original
  • In Thunderbird: View > Message Source (or ⌘U)
• Take the login URL from section “Content-Type: text/plain” and paste it into your browser
• A web page displaying “Oops!, something went wrong” is loaded

User-facing error message

Upon clicking the login URL from the text/plain content, the browser:

• Opens a URL starting with https://auth.mozilla.auth0.com/passwordless/verify_redirect
• The web page says “Oops!, something went wrong“
• Clicking on TECHNICAL DETAILS > See details for this error shows: invalid_request: missing client_id parameter

Root cause analysis

The passwordless authentication email full message looks like this (simplified content):

Content-Type: multipart/alternative;
 boundary="----sinikael-?=_1-14816452544280.8165679203812033"
From: Mozilla SSO <noreply@sso.mozilla.com>
Subject: Welcome to reps.mozilla.org
X-Mailer: nodemailer (2.3.0; +http://nodemailer.com/; SES/1.3.0)
Date: Tue, 13 Dec 2016 16:07:34 +0000


------sinikael-?=_1-14816452544280.8165679203812033
Content-Type: text/plain
Content-Transfer-Encoding: quoted-printable

Welcome to reps.mozilla.org!

Click and confirm that you want to sign in to=
 reps.mozilla.org. This link will expire in five minutes:

https://auth.mozilla.auth0.com/passwordless/verify_redirect?=
scope=3Dopenid&amp;response_type=3Dcode&amp;redirect_uri=3Dhttps%3A%2F%2Fre=
ps.mozilla.org%2Foidc%2Fcallback%2F [other parameters removed for privacy]

If you are having any issues with your =
account, please don't hesitate to contact us by replying to this mail.

Thanks!
reps.mozilla.org

------sinikael-?=_1-14816452544280.8165679203812033
Content-Type: text/html
Content-Transfer-Encoding: quoted-printable

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.=
w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns=3D"http://www.w3=
.org/1999/xhtml">

[Content removed for sake of readability.]
</html>
------sinikael-?=_1-14816452544280.8165679203812033--

The relevant part is the text/plain section. The URL parameters are encoded incorrectly. Instead of a simple & (ampersand), the parameters are concatenated via a HTML encoded ampersand (&amp;). This breaks the URL, resulting in the HTTP 400 (Bad Request).

Next steps

We opened a ticked with Auth0 and expect this to be fixed soon.

Credits

Kudos to KaiRo for reporting and tracking this down.

Awesome Mozilla InfoSec team for following up and keeping the energy level high!