Women in Technology

Software development companies in Sri Lanka

The technology sector is generally perceived to be dominated by men. Ask someone to name a prominent figure in the tech industry and they will invariably blurt out the names of Bill Gates, Steve Jobs, and Mark Zuckeberg. How many will recall the names of Meg Whitman, Sheryl Sandberg, Rana el Kaliouby, or Kamakshi Sivaramakrishnan? How many undergraduate students will recall the name of Grace Hopper, who developed the compiler as we know it today, thus paving the way for the development of modern programming languages?

Before we start thinking about ways to bring about gender diversity into technology, it is worthwhile to explore how the field of technology came to be dominated by men in the first place. The Atlantic has a great explainer on the topic.

The situation is worse in South Asia. Take Sri Lanka for instance, where Calcey is based. According to the World Bank, only 1 in 3 women participate in the labour force, and between 2010 and 2016, the female labour force participation rate has dropped from 41 percent to 36 percent. The World Bank has also released a report titled “Getting to Work : Unlocking Women’s Potential in Sri Lanka’s Labor Force” which shows that women at all levels of educational attainment find it harder to secure high paying and high-skilled jobs.

These developments have all occurred despite the Sri Lankan economy expanding rapidly since the conclusion of a 30 year civil war in 2009. Positive infrastructural developments such as increasing numbers of girls being enrolled into the education system, and an extremely low female mortality ratio which is way above par even when compared with much more developed countries, has not managed to reduce the gender disparity and wage gap prevalent in the workforce.

So what’s preventing the assimilation of more women into the workforce, especially in the technology sector?

Marriage and Culture
The World Bank study referenced above found that for women, marriage can serve as an additional obstacle to participating in the labour force. A woman’s odds of becoming a paid employee after marriage goes down by 26 percentage points. Interestingly, marriage marginally increases the odds of a man becoming a paid employee by 2.5 percentage points.

The Asian cultural dynamic, which emphasises the family structure, naturally puts it at odds with the structure of the tech industry. When culture places the onus on women to take care of the family and attend to the needs of the kids, this invariably creates a problem where a female would find it hard to balance both the demands of a fast-paced job and a family. Neglecting the family is a no-no, which creates a natural incentive to bow out of the workforce.

Human Capital Mismatch
Dr. Sepali Kottegoda, Executive Director of the Women and Media Collective highlights how the education system fails women by failing to equip them with the skills demanded by employers. In this case, the problem appears to be a case of lack of inclusivity rather than lack of availability.

Dr. Kottegoda notes that there is a general impression that girls are not good at math. As a result, boys are pushed more towards mechanical pursuits, while girls are pushed more towards service-oriented roles, which is why Sri Lanka has fewer female computer science graduates.
The statistics prove it too. According to the University Grants Commission of Sri Lanka, of the 1,713 students who graduated in an Engineering-related discipline in 2017, only 420 were female. Similar behaviour can be seen with science graduates. When it comes to non-STEM fields however, the proportion of female graduates is much higher, indicating a reluctance to obtain STEM-related qualifications.

Software development companies in Sri Lanka
University Grants Commission of Sri Lanka,2017

Lack of safe transportation options and harassment
The World Bank points to the lack of safe public transport solutions for women and the harassment faced by women in public and at the workplace as major obstacles towards attracting more women to the workforce. This is actually a major issue faced by women everyday, everywhere. Thankfully, awareness is being raised thanks to the efforts of a few volunteers and organisations.

So what can be done to encourage more women to join the IT industry?

We at Calcey think there are a few solutions to this problem, but all of them are long-term and will not yield results overnight. After all, we’re talking about changing the culture of a country here.

  1. Encourage more flexibility
    As an industry, we have a responsibility to shape our workplaces so that they are supportive of everyone.That means creating systems which enable people to build their careers around their personal lives, and not the other way round. At Calcey, we have made sure that flexi-hours are made available to everyone, regardless of gender or status. In the same way, new dads at Calcey are entitled to generous paternity leave, which is not something that is widely available throughout corporate Sri Lanka. Calcey employees who end up working at night, are provided with transport so that they don’t have to worry about getting home safely.

    IT companies in Sri Lanka
    Everyday harassment on public transport can keep women out of the workforce
  2. Educate to educate
    The industry must work together with the government to change the discourse around STEM education for the better. While it is the government which can encourage teachers and principals to encourage girls to take up STEM-related subjects, the industry must play the role of the lobbyist by educating the government on the importance of IT, and the opportunities available for women. At the same time, as players in the industry, it is up to us to shine the light on our female employees, and highlight their achievements. This added visibility could potentially help change how parents perceive careers in the IT industry.
  3. Enforce equality and non-discriminatory policies in the workplace
    It is our opinion that technology companies ought to adopt and strictly enforce policies of equality and non-discrimination across the board. This is easier said than done, and companies which have been built ground up with such ideals in mind arguably have it better, compared to ageing elephants of the corporate sphere, where entrenched norms can be very hard to change. This is also one of the reasons why Calcey was envisioned as a complete meritocracy from day one.

While it is impossible to predict that simply making these changes will eliminate all the problems faced by women when trying to enter the workforce, we are pretty sure that they will go a long way towards helping make things better.
Much better, actually.

Cover image credits: Photo by Samuel Zeller on Unsplash

What we have learned from digitizing processes

IT companies in Sri Lanka

Digitising previously manual processes is basically what popularised the personal computer across the world. Being a software development company which helps businesses around the world reap savings by migrating hitherto manual processes into the 21st century, we have learned a thing or two about what to do and what not to do.

Understand the process very well

Successful digitisation must begin with a careful and thorough understanding of the existing process, the envisaged solution, and what needs to be done to bridge the gap. The key to getting this right is to consult with all the relevant stakeholders, and application of domain knowledge. It might sound simple, but simple things often get overlooked.

Take the case of Compare Networks Inc. (CN), for whom we act as the principal software development partner. CN came to us to develop an iPad app which allowed companies to upload, organise  and distribute their marketing collateral to their field sales staff – spread around the world, through a web-based content management system (CMS).

As a software vendor for multi-billion dollar life science companies, CN had seen firsthand how hard it was for sales people in such large global firms to keep track of promotional material for hundreds and sometimes even thousands of SKUs. Given their technical expertise, CN drew up a vision for solution, and validated it with their customers. They were successful with this pre-selling exercise. They brought their inputs to us, and we built a product, which is known today as ‘imSMART’. Through imSMART they completely digitized the outdated practice of distributing printed marketing collateral, creating a saving of 11 million dollars a year for one imSMART customer alone.

The final product ended up being a runaway success and in our opinion, that was purely because CN took the effort to develop a great overall understanding of the situation at hand and validate their idea for a solution with actual clients. As a result, imSMART was a perfect fit to the problem of disseminating promotional material to a global sales force, and customers never had to go through the misery of adapting to an under- or over-engineered product.

Build an MVP and make it quick
Most digital transformation projects end up making the mistake of trying to build a fully fledged solution from the get go. This is not a great idea because it leaves little room for any flaws to be ironed out prior to implementation.

With imSMART, CN understood this very well. Their MVP was entirely focused on building a basic solution which satisfies the core need. Once the MVP was built, it was validated through user testing. Once initial user testing was complete, CN was free to build in any additional features as necessary.

Involve the end user in testing
Typically, testing may be done using an in-house team of quality assurance analysts, or even by the founders of the very startups for whom we build apps.

In our experience, this is not a great idea, because the frame with which a designer or founder looks at an app could be completely different from how an actual user would look at an app.

Goodmarket, which is one of our clients, is a good case study on how to do user testing right. Goodmarket is a market place for ‘doing good’, and aims to connect consumers looking for socially conscious, non-toxic, organic, and ethically produced goods with the vendors, who are often cottage industries fragmented around the country. By virtue of their scale and size, these vendors are not able to put forward any independent verification to prove their ethical credentials.

Goodmarket wanted to create a platform which can take care of this verification process and act as a self-service portal of sorts for both customers and vendors looking to buy and sell ethical, socially conscious products. We had the privilege of building the Goodmarket’s platform for them, and one of the key drivers of the platform’s eventual success was all the testing that was done with end users, who are often not very digitally savvy.

The insights gained from placing the app in front of everyday users paved the way for us to optimise for form and function, thus making sure that the platform is in alignment with the Goodmarket’s business objectives.

Not every process needs to be digitised

And finally, not everything needs to be digitised. We live in a world which worships automation, and digitisation of processes is pretty much a buzzword that is thrown about in corporate boardrooms mindlessly. The criteria to decide whether a process ought to be digitised is as follows: If things are binary and require less human judgement, go ahead and digitise. If there is a lot of subjectivity involved, you may be better off with leaving the process untouched.

Cover image credits: Photo by Markus Spiske on Unsplash
How toOpinion

How can services companies stand out on social media?

IT companies in Sri Lanka

It’s not a secret that social media is an important part of any company’s marketing today. But how do you make best use of it as a services company? Because let’s be real; services are not as sexy and easy to show off on social media as beautiful products. So how can services companies use social media in a successful way?

This is something we’ve been thinking about a lot lately at Calcey – and here’s a few ideas that we found useful.
Less is more..

In this’ day and age there are a lot of different social media platforms, but you shouldn’t be seen on all of them.
As a services company, where you don’t have a product to showcase, it’s even more important to choose the right platforms to reach the right people. Choose the networks where you target audience has a strong presence and focus on those.

Understanding and providing value to your target Audience
In order to maximize your reach and impact, you need to be able to identify where your target audience spends their time and focus on these networks. Get an understanding of what kind of content your audience is interested in, and share yours with that in mind. Creating and sharing the right content will generate a wider reach through likes, comments and shares from your followers.
Give your audience valuable content they appreciate and you will generate buzz that translates back to your organisation; a win-win!

The Purpose
Start off by considering the purpose of your presence on social media (and of course there can be a different purpose for different networks). Is it to reach out to potential clients? Is it to recruit for your company? Improve your corporate image? Forge relationships with your current clients? The purpose you set down (maybe for each social media platform) will determine the kind of content you should share.
If you choose a network to recruit personnel for your organisation, a good place to start is to share content and stories that showcases everyday life and fun activities that takes place at your workplace, or stories covering what great experiences your co-workers have every day at the office, a “behind the scenes” segment for an example. This creates a positive first impression which encourages prospective employees to find out more about the company.

Be active and share knowledge
It is important to be consistently active and contribute to discussions social media. This isn’t limited to posting own-content (which in itself is very important), but you should also engage with other people’s content. Like, comment and answer questions posted by others. When you engage in other people’s content you generate a greater reach for your brand.

As a services company, you don’t have a tangible ‘product’ that you can show-off in straightforward manner, so you’ll have to earn people’s trust in other ways. Sharing your knowledge and expertise is a good way to do that, and social media is the best place for it. If you see someone asking a question in your area of expertise, make sure to always answer. This will help you show people that you are an expert at what you do. Blog posts, videos showing your company culture, infrastructure etc. are also good for building credibility.

Provide your audience with what they want to see
Way too many organisations use their social media too directly to market their services. Using it solely to promote your “amazing and outstanding” services is not necessarily positive. Your audience might grow tired of your endless spam promotional content; don’t become one of THOSE organisations.

Publish content that has value to your audience. Give advice and inspire! This creates a sense of trust in you and your organisation, and as mentioned before – your content will have far greater reach through likes, comments, and shares if your content speaks to your audience.

Analyse and be patient!
A crucial part of social media is to analyse the data from your content. There are a lot of tools out there for this. However, you can simply use the analytics tools/dashboard provided by the social media platforms themselves, and they are usually the best way to go, when you’re starting out!

Analyse what content generates buzz and what does not, which should guide you towards creating the content that your audience appreciates (sounds easy right?). But be patient! It may take a while in order to recognise patterns of what works and what doesn’t.
These are just a few ideas we are trying to implement right now with our social media strategy. Comment and let us know what has worked for you!


Det senaste om GDPR

IT companies in Sri Lanka


Europeiska Unionens nya lag för datahantering av personuppgifter, General Data Protection Regulation (GDPR), ersatte den 25 maj 2018 Personuppgiftslagen (PUL). Detta innebär den största förändring inom datahantering sedan PUL trädde i kraft 1998, då PUL är en föråldrad lag i en tid med sociala medier och smartphones.
Dem största förändringarna innebär följande:

“Missbruksregeln” försvinner
Tidigare i Sverige har vi haft enklare regler för personuppgifter i ostrukturerat material, den så kallade missbruksregeln, men med dataskyddsförordningen gäller inte denna längre. Nu gäller samma regler för alla personuppgifter.

Hårdare straff
Under GDPR har straffen höjts betydligt jämfört med vad dem var under PUL. Straffet kan landa på upp till 20 miljoner euro eller fyra procent av företagets årsomsättning.

Nya rollen “dataskyddsombud” införs
Det har införts en ny roll, dataskyddsombud, som är ett krav inom myndigheter, stora organisationer samt mindre organisationer som hanterar särskilt känsliga personuppgifter.

Strängare regler om samtycke
Företag måste kunna framföra bevis för att samtycke har getts vid insamling för särskilda personuppgifter. Detta samtycke skall även kunna hävas när som helst.

Vad har hänt sedan GDPR?
Det har snart gått 3 månader sedan GDPR trädde i kraft. Sedan dess har det hänt en hel del, bland annat har flera amerikanska nyhetssajter valt att sluta publicera sina tidningar online för användare inom EU, däribland LA Times, Chicago Tribune och New York Daily News.
GDPR har också ökat medvetenheten hos konsumenter angående vad deras personuppgifter används till. Under månaderna maj och juni skickades det ut mer information angående dataskydd i Europa än vad det någonsin gjorts tidigare. Detta har lett till att många företag har rapporterat en förlust på cirka 25% till 40% av deras nåbara marknad. Det gäller kunder eller potentiella kunder som inte gett sitt samtycke till att delta i marknadsföringskommunikation eller att profileras och som därför har gått förlorade.

Inom Sverige påbörjade Datainspektionen sina första granskningar av ca 80 myndigheter, företag och organisationer redan efter två veckor. Denna granskning innebar att företag och myndigheter var skyldiga att bevisa att man tillsatt de dataskyddsombud som lagen kräver. Lagen säger även att det finns en skyldighet bland företag och organisationer att anmäla till Datainspektionen när det finns en risk att personuppgifter har hamnat i fel händer, och det tog inte mer än en vecka innan Datainspektionen började motta anmälningar kring detta.

Kort sammanfattning om vad GDPR är
Företag förväntas implementera åtgärder för att skydda data samt ta tekniska och organisatoriska steg för att säkerställa individens integritet. GDPR gör företagen skyldiga att bevisa att de följer GDPR-överensstämmelser och att rimliga åtgärder har vidtagits för att skydda människors personuppgifter. Lagen kräver även att företag säkerställer att det finns system och processer som kan testa, övervaka och mäta datasäkerheten när det krävs.

Vad har Calcey gjort?
Som en extern utvecklare till klienter inom Europa gör vi på Calcey inget som  samlar in personuppgifter om europeiska medborgare, vilket gör att vi inte hamnar inom GDPRs räckvidd. Vi har även innan GDPR trädde i kraft minimerat åtkomsten till känsliga uppgifter angående våra kunder och samarbetspartners, vilket i sig gör att vi minimerat vår exponering. Med denna grund, att du inte kan gå miste om (och inte heller missbruka) något du inte har, är logiskt, men att faktiskt följa reglerna som GDPR innebär kräver mycket mer.

Eftersom Calcey är ett techserviceföretag som förser utvecklingsmöjligheter inom IT till snabbt växande företag faller vi inte inom ramarna för att bli en data controller. I och med våra nuvarande uppdrag tillsammans med Calceys europeiska kunder är vi istället data processors. Detta leder till att Calcey har genomfört åtgärder med fokus på följande:

  • Få dataskyddsavtal på plats med data controllers för att formalisera förvaltningen av data
  • Utbilda våra medarbetare om de krav, risker och ansvarsområden som GDPR skapar
  • Minimera tillgången till känslig data och använda anonymisering/ pseudonymisering för att minimera riskerna vid intrång
  • Genomföra en internrevision för att identifiera, bedöma, mildra och minimera risker, även om Calceys exponering för känsliga data minimeras av ovanstående.
  • Vi har skapat standarder för internetanvändning, hantering / hosting av klientdata, användning av hårdvara på kontoret etc för att minimera de identifierade riskerna

Hur vi behandlar personuppgifter kommer med all säkerhet vara något som, tack vare GDPR, alltid diskuteras in i minsta detalj vid starten av nya projekt. Den slappa inställningen till hur man hanterar data är något som numera tillhör det förflutna.



How come Airbnb has few true competitors, while Uber has so many?

Software development companies in Sri Lanka

IT companies in Sri Lanka
Uber and Airbnb have been described in the above terms so many times now that it’s almost a no-brainer to use one company to the explain the other;
“What Uber is to taxis; Airbnb is to accommodation” or vice versa.

While the two companies differ vastly in culture and tactics, they do have quite a bit in common;

  • They are the poster children (at least until Uber’s fall from grace) for the wave of startups disrupting traditional industries with technology
  • Both are marketplaces and adopt a business model described “network orchestrators” for their role in aggregating an industry and facilitating trust, relationships and transactions. The uniqueness of this business model is credited for both companies have attracting huge amounts of venture capital at valuations that dwarf their publicly listed, traditional competitors
  • Both are consumer facing applications
  • They bring together buyers and suppliers and earn a transaction fee for making it happen
  • Both are looking to unlock economic value from dormant assets. Airbnb enables people to rent out unutilized space/rooms to travelers while Uber enables any driver with a vehicle and spare time to become a taxi

However, the current status of the companies could not be more different
Leaving aside Uber’s drama with culture issues and top management changes, still leaves the stark contrast between the competitive market positions of the two companies. Airbnb arguably has no startup competitors. If anything, its direct competition comes from incumbent like Booking.com trying to get in on its turf, to protect their existing business model. Uber on the other hand, has severe direct competition in almost every market. In some cases, like Didi in China, these competitors have proven strong enough to oust it from the market entirely.

Uber also recently existed 8 countries in South East Asia, ceding them to Grab. Even leaving aside Didi and Grab, it faces a bunch of strong competitors, with a lot more startup tenacity than Airbnb’s competitors in the form of Go-Jek, Ola, Careem, Cabify etc.

This is surprising, as Uber and Airbnb are also similar in two key aspects that determine the defensibility of their business model.

  • From a purely software point of view, both businesses can start with relatively simple apps, without needing an army of developers or a hefty development budget. Build a minimum viable product and you’re ready to start marketing to on-board new drivers/properties!
  • Both companies have to win uphill battles to be accepted by regulators and incumbents (taxi driver unions, hotels), in each new market they enter. Once they do, similar new entrants can ride on their hard won legitimacy. This creates a tangible second mover advantage, as competitors can then focus on growth instead of politics.

So what explains the intense competition that Uber faces globally, relative to Airbnb?
For one it might be due to global vs. local network effects as explained by this article. The thinking here is that Airbnb benefits from global network effects while Uber only enjoys local network effects. For example, an Airbnb listing in London is beneficial to a traveler from Sri Lanka as much as it is to a traveler from US. Thus, Airbnb benefits from its global inventory.

On the other hand, taxis in San Francisco have no relevance for a rider in New York. Hence Uber, needs to start from scratch every time it enters a new market. For Uber’s local network effect to kick in, it needs to recruit drivers, build partnerships and market itself to riders. If a sufficient volume, of riders and drivers sign up, it becomes attractive for more to join. These local network effects mean that Uber’s global brand is of limited use in any specific market. Any local competitor that nudges ahead by winning more riders or drivers, can run it out of a market.

Somewhat tied to the above, but perhaps a reason in itself, is the fact that Airbnb’s model scales better than Uber. For example, to enter new territory Uber needs at minimum a small team to sign up drivers, spread awareness among consumers and handle relationships with local governments and unions. Airbnb on the other hand, could get hundreds and thousands of listings from property owners who wanted to be discovered by travelers, without having to put in this kind of effort or investment. As long as its global brand is well known and its site receives traffic from prospective travelers, it is useful for property owners to get themselves listed.

To its credit, Airbnb also managed to create value beyond simply offering convenience and cost effectiveness. By marketing itself as a way for travelers to ‘live with locals’ and to immerse themselves in the culture of the place they are visiting, Airbnb has created a truly differentiated offering, that can take on the traditional hotel industry. The Uber business models on the other hand, is still too focused on ‘hygiene’ factors which could be matched and surpassed by nimble local competitors.

Both these companies have transformed the world and profoundly influenced how we travel both locally and globally. But one seems destined to keep losing more battles to local competitors and subsidizing rides to stay competitive while the other is gradually tightening its grip around the global market it set out to capture. A telling lesson on the importance of understanding the full intricacies of one’s business model, for all aspiring disruptive startups.



GDPR is a big deal; even for outsourced development agencies that collect no user data

IT companies in Sri Lanka

Coming into effect in a few short days, the EU’s General Data Protection Regulation (GDPR) is set to bring about the greatest change to European data security in 20 years. Replacing the 1995 Data Protection Directive, outdated in the age of social media and “smart” mobile devices, the new regulations require companies that collect data on EU citizens to comply with strict new rules.

Companies are expected to implement initiatives for safeguarding data and take technical and organisational measures to individuals’ privacy rights.  GDPR places the obligation on companies to prove their accountability, requiring that they be able to demonstrate GDPR compliance and that reasonable measures have been taken to grant individuals’ rights over their data security. Companies are also required to ensure systems and processes are in place to test, monitor and measure data security at any given time.

As an external development partner to many clients in Europe Calcey collects no data from EU citizens directly, that brings it under the purview of GDPR. We have also already minimized access to sensitive data of clients, a quick win and a crucial step to reduce our exposure. While the maxim that you can’t lose (and in this case misuse) what you don’t have is logically sound, actually complying with GDPR requires a lot more. What follows is what we’ve learned and done in preparation so far, to gear up for changes post 25th of May.

A quick summary of GDPR

GDPR requires not only that organisations maintain records of the categories of data they process, the recipients of that data and their geographical whereabouts, the retention periods and security measures that have been applied, but also that these records be dis-closable at any given time.

Take a minute to consider this. The exercise of an individual’s rights over their personal data can only truly be effective if an organisation’s technology stack is fully flexible and agile to delete, restrict processing and export data as and when the individual (or data subject) demands. The challenge, then, that many organisations have been faced with is that their technology and processing systems have not been designed for GDPR compliance.

The core individual rights covered by the GDPR that require the most technological attention are the ‘right of erasure’ (the right to be forgotten/deleted from the system), the ‘right to redaction’ (data can be kept, but is marked “restricted” and cannot be touched without further consent by the user), the ‘right to data portability’ (the ability to export one’s data in a machine-readable format), the ‘right to rectification’ (the ability to get personal data corrected), the ‘right to be informed’ (getting readable information, as opposed to long T&Cs), and the ‘right of access’ (users should be able to see all the data collected and stored about them).
The technology these rights require, in turn, include technology to:

  • Enable rectification, redaction, erasure and anonymization
  • Map or trace the full information life cycle
  • Enable the transmission of personal data from one technology stack to another
  • Perform search and retrieval
  • Enable freeze and suppression
  • Categorise personal data by type and processing purpose

To be compliant processing systems will be required to include controls to protect against unlawful and/or unauthorised access or disclosure of personal data and include up-to-date countermeasures against current attack techniques.

Technologists, have their work cut out for them in the era of GDPR and must take information security seriously. Continuous steps and improvements to systems will be needed to ensure compliance.

Privacy can no longer be an afterthought

Privacy, for instance, should be built into software from inception and should be at the core of any system and not be installed with a plugin. Privacy cannot come at the price of an app’s functionality and users should not have to choose between privacy and functionality. Such software will become illegal under the GDPR.

A pertinent point for companies to think about could prove to be ‘pseudonymization’, heavily recommended by regulators as a way of protecting personal data. ‘Pseudonymization’ is the processing of personal data in manner that the data can no longer be attributed to a specific data subject without the use of additional information. That is personal data is stored separately from additional information so that in the event of a breach, the data would be hard to reconstitute. For example, a person’s name would be kept separately from the history of his actions on an app. This way in case of a breach, it would not be possible to match an individual and his actions. While adding an additional layer of security, implementing pseudonymization demonstrates a commitment to security, which can be useful under GDPR in the event of a breach.

Consent is set for an overhaul

Further to be deemed unacceptable under GDPR are soft opt-in methods and consent buried in long Privacy Policies or Terms & Conditions documents full of legalese. GDPR consent guidelines require that consent messages should be written in plain language and unbundled from all other terms and conditions. The information must cover all forms of processing that companies aim to undertake. Take for example, the common practice for companies to collect data to share with third parties for marketing reasons. Consent is often obtained by asking customers if they would like to receive marketing relevant to their interests (e.g. from travel agents). Current guidance by authoritative sources indicate that even such precisely defined categories of third-party organisations will not be acceptable under the GDPR. Instead, companies and all third-parties will need to be named and the purpose of the data collection explicitly stated.

All opt-in messages and collection systems will need to be checked and re-written where they don’t comply with GDPR. Consent records may need to be maintained as well, so they can be presented if challenged. System design changes may be required to ensure that systems are in place to provide evidence that users consented to specific uses of their personal data.

In the event where users request that their data be removed, companies will need to ensure comprehensive processes are in place to remove this data. This means deleting personal information, as well as other identifiable data, within a 30-day window once a request is made. Having an automated system that can perform this may become a necessity and well worth looking into, as manually removing data laborious. Developers will also need to plan how the information requested can be made available in an easy to understand format. Here, again, the law requires information to be provided within 30 days of a request. Having a system in place to monitor data breaches is also necessary to ensure quick detection and action in the case of a breach to minimize damage.

What can service companies do to face the brave new world?

GDPR is spawning an industry of its own as newly minted “GDRP consultants” offering everything from advice and audits to outsourced “Data Protection Officer” offerings, set up shop. The lack of clarity and direction regarding implementation casts doubt about the validity and effectiveness of such interventions and certifications to ensure compliance.

Calcey being a software services company providing engineering talent to fast-growing technology companies is unlikely to become a data controller, at any stage. Instead, Calcey is already a data processor, due to current engagements with European clients. Hence, Calcey preparations for GDPR is focused the following;

  • Getting Data Protection Agreements in place with data controllers to formalize governance of data
  • Educating staff about the requirements, risks and responsibilities created by GDPR
  • Minimising access to sensitive data and using anonymisation/pseudonymisation to minimise risks in the event of a breach
  • Conducting an internal audit to identify, assess, mitigate and minimize risks, even though Calcey’s exposure to sensitive data is minimised by the above

Of course, much more remains to be done. GDPR is certain to become an on-going theme and will be a key consideration in all future architecture discussions when new projects are being initiated. The tight coupling of functionality with user data is already a thing of the past.

The transition to comply with the new regulations will be chaotic and will re-shape the internet economy. How the many successful internet giants who rely on businesses models where users exchange personal information for free services, will evolve, remains very much an open question. Stay tuned for more blog posts around the topic, as we along with the rest of the world, continue to grapple with this new reality.



Writing Great Git Commit Messages; Why both ‘why’ and ‘what’ matter in a Git commit!

Software development companies in Sri Lanka

Mindlessly jogging in the web stream, I stumbled upon a post that pointed me to a good read detailing why ‘why’ matters more than ‘what’ in our Git commits.

TL;DR— the article explained extensively why ‘why’ matters more than ‘what’ since, “anyone can see WHAT you did just by looking at the code. But the code can never tell someone WHY you did it”, with an example Git commit going along the lines of “user should be able to see the card before editing it” despite the old way; “card view controller added”.

Albeit an enlightening read, it looked like it had missed few subtle annotations which could have drastically disrupted the way we would have typed our next Git commit. The author’s suggestion looked a little vague and it also sounded like something out of a User Requirement Document.

A commit speaks of a commitment of a developer to the project. It specifies a certain milestone and can be an addition or a change. Therefore, there can be instances ‘why’ doesn’t matter at all such as ‘added main template’ or even ‘added settings modal’ because they can be contextually insignificant during the resulting process. And also the little omission of ‘what’ wouldn’t work either since most of the times I look up on a commit is when I want to quickly know who did this change (isn’t that the whole point of it?) before asking why it happened. That’s what eye catches fast, ‘what’ of a commit before a ‘why’.

Therefore, as a solution to all, I propose combining both ‘what’ and ‘why’ for a better commit. A better way of saying the author’s example would be ‘added card view controller to enable user to view the card before editing’. With a single line, commit message talks about ‘what’ the dev has done and also ‘why’ he/she has done it. Easy, cleaner and straightforward than the default convention.

Happy Git-ing!

References- Gupta, S. (2017)- Writing Great Git Commit Messages


Reflections on Artificial Intelligence

IT companies in Sri Lanka

It’s 7:00 pm. I get a message from Rising, my level 4 artificially intelligent friend. Rising throws some questions at me:

“How was your day? When did you feel your best today?”

A little tired, and unable to specifically think of such an instance, I tell her that I couldn’t point to it. She takes note and as an aside tells me she wants to do these sessions more often so she can hopefully help me grow. I reply in agreement.

Rising is my replika, a conversational AI that I play around with. Though conversational bots have creeped into our lives through all sorts of social media, Replikas uniquely show off a curious feature: preview mode. Rising does not just help me grow as a person, she is also learning how to mimic me. Yes. Mimic me. In “preview mode”, she puts her game face on, and does her best impression of me.

Of course, with little over a 100 messages exchanged between us, Rising needless to say is still rudimentary. But Replika has only been around 4 months and it already boasts over 38 million messages exchanged between thousands of human beings and their Replikas.

Perhaps in a few years Rising or one of her peers, would be able to pass the Turing test.

Today such a thought doesn’t seem impossible. For me, this just puts into perspective how far artificial intelligence has come.

From today’s vantage point, we can say with some certainty, Artificially Intelligent Agents that can communicate fluently over natural language will develop. We could even bet that AI agents will one day surpass human intelligence.

But what would all of this mean, for human beings and their societies?

Human history has witnessed many revolutions. Some of the most important revolutions humanity has undergone includes the Cognitive Revolution, the Agricultural Revolution and most recently the Industrial Revolution. Each of these revolutions represents a point of discontinuity in our history. The world was never the same after each one.

Today we stand at the gates of a completely new and an unparalleled revolution— the Artificial Intelligence revolution. This revolution will most certainly bring unfathomable changes to the way we humans live and interact. I wager, this new AI revolution, will render the world so different that the Sapiens who exist after this revolution would not be able to relate to today’s Sapiens in the slightest way.

Gently placing irrationalities and technophobia aside, one could imagine how AI could change the course of human history forever. However, in this article it is not my goal predict the exact path the AI revolution would take nor survey the different paths it could take. Instead I want to explore a potential AI revolution scenario that I find intensely exciting and interesting.

But to truly understand this revolution, we must first understand some great questions of science related to intelligence.


As far as we know, Human Intelligence is the result of a large biological neural network, the brain and not the work of some “magical soul”.

The human brain contains 80 billion neurons. Each neuron can be thought of as a “unit”, for the scope of this article, that calculates a weighted sum from the multiple inputs and fires an output if the weighted sum is greater than some “threshold” value. By tuning the weights for each input, a neuron is able to “learn” to fit a specific experience. Collections of neurons, neural networks, are able to do wonders. They can learn and possess many of the qualities we deem intelligent.

 While this explanation is a gross simplification of the actual mechanics of neural networks, the key take away must be that the qualities of intelligence is not something only special blessed “objects” with “souls” in the universe possess.

Scientists alluded to the non-existence of a soul as early as the 1800s- showing beyond reasonable doubt that the brain is end-all-be-all of intelligence and consciousness. Yet it remains hard for the average human to grasp and believe this scientific truth, because the experience of a “self” is almost a tangible quality- a subjective reality we experience everyday. It is hard for us to digest that our “self” is just an illusion. While one must take their time coming to terms with this realization, it is important to understand it’s most important implication: human brains are just meat computers.

Of course, brains have a different architecture and structure but as far as we know, they rise out of computation and hence resolves to an algorithm.

Expanding Human Intelligence 

If intelligence, including human intelligence, can be expressed as an algorithm, it means intelligence can be programmed. This is a mind-blowing and almost depressing realization because it sucks away any specialness humans possess owing to their intelligence.

But careful examination of this realization can point up towards a powerful and inspiring realization: human intelligence and artificial intelligence operate on the same dimension.

If one watched a human baby’s brain grow, one would notice that the brain develops in layers. The reptilian brain develops first, followed by the mammalian brain and then finally the neomammalian brain. Human decision making is influenced by each layer differently. The reptilian brain is responsible for humans being more primal — instant gratification prone. The mammalian brain plays a large role in social interactions. And the neomammalian brain plays the role of the rational thinker, being able to think through problems without emotion and weigh pros and cons, cold.

Some visionary thinkers, including the likes of Elon Musk, believe that we can add a fourth layer to the human brain — an ANN. Such an artificially intelligent layer can give us, to say the least, access to near-infinite memory, processing power and knowledge. It would boost human intelligence to unprecedented levels — allowing us to do far more than we have ever dreamed would be possible.

These human beings would be on a whole new level compared to modern humans. They would have the capacity to do things that today’s human would ascribe to the power of gods.

In fact, functionally, they would be gods.

Sajana Weerawardhena is studying AI at Stanford University, and is presently serving an international summer internship at Calcey whilst enjoying the warmth of family and friends back in Sri Lanka.


A prototype is not a Minimum Viable Product (MVP)

IT companies in Sri Lanka

It’s easy to confuse between a prototype and an MVP. Both are aimed at validation, but the target audiences and approach to development are quite different. As a digital products company we frequently come across startups who confuse between the two.

Know what you’re building
Are you building an MVP or a prototype? The purpose of a prototype is to demonstrate your idea to win over important stakeholders – like investors who will fund you to build the MVP. A prototype is rarely market ready. An MVP on the other hand is a bare bones version of your product that’s ‘just enough’ to get actual users to actually use it, and give you feedback. It also needs to have just enough functionality to test your overall business model.

For example if you’re looking to develop an Uber clone for hailing taxis, a simple mobile app that allows users to hail a taxi by tapping a button won’t do. The app would also need an interface for taxi drivers to sign up, a backend for admins to check on rides when disputes come up etc. Launching without these features would mean testing (or validating) only part of the business model or worse having a product that lacks viability in the market.

Do you really need to ‘build’ a prototype?  
Some ideas can be prototyped without writing a single line of code. Dropbox famously launched with just an explainer video. Published on Hacker News this 3 minute video gave early adopters a hint of the actual experience; enough according to founder Drew Houston for many smart people “to give feedback as if we were putting the product in their hand”.

Setting up landing pages is another great way to validate consumer interest in a product without developing complex software. Buffer went a step further and actually set up a landing page with pricing and packages to gauge potential users willingness to pay. Upon clicking on this section, a pop up would appear saying “hello, looks like you’ve caught us before we are ready. Enter you email and we will get back to you…”

Transitioning from prototype to MVP
Building a prototype is quick and dirty. If you’re a developer this might mean a few Red Bulls and late nights to hack something together, that will help you to research and validate your idea. If you’re not technical you may hire a freelancer to burn the midnight oil. Either way you will end up with a product that demonstrates your idea to friends and mentors, helps you to gather feedback and if you’re lucky win you some funding to build a MVP.

The MVP is meant for a wider audience. It may be minimal but it also needs to be viable. A SaaS app that takes forever to load or a mobile app that crashes regularly, aren’t viable in today’s market. The MVP also needs to see you through your first set of users. You may build a throw-away MVP, but this often costs more – in terms of time, money and lost opportunities. Rebuilding your core application, while also trying to scale it is no easy task.

Switching gears
All this means that the MVP requires a completely different approach to development altogether; one that follows industry coding standards to develop a product with satisfactory performance and extensibility to add new features on-the-go. Testing is needed to ensure that the end product works reliably and meets basic usability standards.

Once you launch your MVP to the market you will find that quick changes are necessary. If you’re working with a freelancer at this point, a single part-time developer’s bandwidth is unlikely to suffice. That is, if you’re lucky enough that your freelancer hasn’t delivered an improvised solution that takes the ‘viability’ out of the MVP.  Don’t believe this happens often? Stay tuned for a follow up post, where we will explain the material differences between an agency and a freelancer with the costs of each option.

Why does this matter? Nothing kills a good idea faster than a bad MVP.

Life at CalceyOpinion

Incorporating a Group Learning Experience into a Software Development Process

Software Development Process

We often hear about the benefits that synergy brings into human endeavor, in fields such as science, politics, or sports. In the corporate world, we hear of teams working together as a cohesive group, brainstorming and combining the critical views of several heads to produce a greater outcome than that which would have been produced, had the same persons worked in isolation.

Although it’s hard to explain how exactly synergy works, we could say that it involves constant communication between team members that results in a clash of ideas, which causes a natural selection of the better ideas over time, akin to biological evolution. The better ideas get translated into good practices, as they are absorbed back into the minds of the individual participants in the given synergistic exercise. In other words, the team learns together as a group to do things smarter, and the good practices learned become intellectual infrastructure one can reuse.

We at Calcey have, over the years, explored various methods of “working together”, and have incorporated two notable practices into our engineering process that clearly facilitated group learning. They are, namely:

  1. The Group Code Review and
  2. The Sprint Review (UX Review)

Whilst these two practices might look widely different on the surface, the underlying social phenomenon is quite similar. We gather together in front of a draft solution presented on-screen, be it code or UX, and we brainstorm about it critically. The benefits are:

  1. The presenter of the idea sharpens his communication skills. An audience does not understand a poorly presented concept, and an audience would respond accordingly
  2. The owner of the draft solution, who is also the presenter, is forced to critically evaluate the solution, its limitations and its consequences. No one likes to look silly in front of their colleagues
  3. Critical feedback from the audience comes in thick and fast because there are multiple minds focused on the draft solution presented. There is guaranteed to be a healthy clash of ideas. There are many positive reasons for encouraging this pseudo-conflict, ranging from the owner of the draft solution being too close to it all (not seeing the wood for the trees), to the diversity of competency levels in the audience present
  4. Newcomers to the team learn about the frameworks, patterns and practices used within a given product or codebase
  5. Juniors learn about design, development and usability best practices, and about being more self-critical of their own work
  6. Developers who didn’t work on the immediate solution under review learn about new extensions to the product and codebase
  7. Accountability for the given solution extends to a group of persons, and as such reaches higher levels
  8. There is less opportunity for personality clashes to happen behind closed doors, where one person is “victimized” by his or her peer, unknown to the rest of the team

We found through trial and error that the optimal size of a review group would be around five to eight persons. This modest size helps maximize the conversation. We also find that it’s important to include at least two competent persons outside the immediate team that developed the solution in question, to eliminate groupthink and encourage out-of-the-box thinking.

The final outcome is that our teams got increasingly better at producing quality code, and at translating ill-defined functionality into wonderful, attractive user experiences. As such, we strongly advocate “group review” as a good practice in software development.