Skip to main content

Best practice of using “Best Practice”

As a consultant (I in particular) we love throwing the term best practice whenever and wherever it is convenient. And TBH I am not the only one. Many, if not all, of us (consultants) do this on a perhaps hourly basis. Some possibly enjoy this more than others.
There has been times when this has worked for me and times when it worked against me. Really I have mix feeling about it. So, this fine morning I woke up feeling about ranting/venting about it.

Caution: This post is a rant and biased based on my opinions (hint hint: This blog site is called "According To Ali").

So let's begin.

Let's get our definition part sorted. So here's According to Wiki

Wiki says: 

"best practice is a method or technique that has been generally accepted as superior to any alternatives because it produces results that are superior to those achieved by other means or because it has become a standard way of doing things, e.g., a standard way of complying with legal or ethical requirements."

It also says (and this is ignored by many too often for my comfort): 

"Best practice is a form of program evaluation in public policy. It is the process of reviewing policy alternatives that have been effective in addressing similar issues in the past and could be applied to a current problem. Determining best practices to address a particular policy problem is a commonly used but little understood tool of analysis because the concept is vague and should therefore be examined with caution. Vagueness stems from the term "best" which is subjective. While some research and evidence must go into determining a practice the "best" it is more helpful to simply determine if a practice has worked exceptionally well and why. Instead of it being "the best", a practice might simply be a smart practice, a good practice, or a promising practice. This allows for a mix and match approach for making recommendations that might encompass pieces of many good practices."
ref: https://en.wikipedia.org/wiki/Best_practice

Now that we got Wiki, hence "it must be true", definition out of the way.

Lets talk about why, in the first place, am I ranting about it?

The "little understood" part:

If you read the second quoted part twice you will know what I am intending here. When you hear about a "NEW" "best practice" (which is, these days, I hear more times than I see moon in the sky) pause and ponder 

  • "best practice" according to whom
  • how come this was unheard of until now
  • where are the evidences 
  • most importantly does it apply in this context  (chances are it does not if the context is unique)
etc
Remember, a "best practice" needs to be "standard way of solving doing some thing (most likely repetitive) or solving common problem".
Just so someone said "it is best practice" does not necessarily have to become the "best practice".

The "does this apply in this context" part: 

One thing that I am (or at least try to be) open minded about is that in order for adoption it really does not have to be the "best" practice. It just needs to be a "good or smarter way" of doing "this"/solving problem in the given context. 
Really, in my experience, this is a very common thing (or problem/issue) in Tech industry. A best practice is only best unless someone challenges and/or changes it and the "best practice" can become the "dumb practice" very soon. 
So as long as a smart way of doing something applies in the context, in my opinion, that's good enough. Lets not go down into the rabbit hole of best practice. 
In tech, it is veeerryyyy common that the context is unique and changes/mutates in every other project twice in a month (after all it is not law; it is computer science and evolution and change is in its nature). Hence, there can be "standard or traditional practice" of solutioning a "common" problem in broader sense but that may not be the "best practice".

Stop terming everything as "the best practice":

This part is very simple and it is your responsibility. Just because it is convenient stop throwing "best practice" on people's face. It sounds harsh right? I have good reasons (and some bitter experiences) for being harsh.
  • "Best practice" can become a blocker to innovation. Imagine, you invented something revolutionary, like the next "NO SQL" but some dude (smart arse!!) some where said "it is """best practice""" (yeah, double air quote) to use MongoDB" for all unstructured data and leave you in a state of "really man!!". Now you are looking at a reaaallllyyyy long multiple conversation with many to convince (and you may not always succeed). I blame "best practice" for this.
  • Hiding behind "best practice" does not help you or me or the greater good. Remember those "some people" who needs to find "best practice" for everything to get their way. So really in that context the real "best practice" is (or what they are telling you is) "my way or high way". Not cool (that's all I am going to say. Does not help anyone or the greater good). This elite council of "best practice" group will sit somewhere in the organisation will block the next best "smart" or "efficient" solution you could do in more broader sense (like probably solving world hunger using technology, who knows). Sure, it may not be "standard" today but that's why it is "the next best thing", get it!!??
  • "Best practice" is often not agile. In the world where everybody has drank "the agile way" cool-aid (I will rant about it later) "best practice" can mean that a solution is not agile. So be cautious here. Focus on the bigger picture rather than the old trick "best practice" rabbit hole.

So, What can we do?

Be humble: You're (I am) not always right. There's always some one better to set the new standard. So be humble and continue refining the "best practice"s in your org. Or may be not call it "best practice" at all. Call it "traditional way", "usually works way", "this is standard way"; what's wrong with that?

 Be open: If you're in IT/Tech/Innovation, like me, you MUST be open. You can have a cult (no harm forming a cult of language or framework hater or writing rant blogs, that's just being geeky) BUT you CANNOT be a blocker. If you're going to be a blocker using "best practice" go be a lawyer, software-engineering is not for you. 

 Choose what is best for you: A wise man once told me this "Best practice these days have become somewhat a Marketing Term to enhance brand" and I totally agree. Just because bunch of dudes are throwing their own version of "best practice" at you (and really confusing you) does not have to mean you have to adopt it for your organisation. Some of them may be best some may be dumb. As I mentioned before, know the context and pick and choose what's best for you and your org that best fits needs in the given context. You define the "standard" and "acceptable" practice.

 OK. Done. Rant Complete.

 If you agree with any of it good on you. If you don't, well, you read it anyway and it is called "According to Ali" (here's a meme to cheer you up).


Labels:
Location: Sydney NSW, Australia

Popular posts from this blog

Managing devices using Edge Manager

Managing edge devices has been a complex process as traditional IT ops tools fall short in distributed, low-connectivity environment to manage huge quantity of devices.  Red Hat Edge Manager  (Open source project: FlightControl , GA'd by Red Hat on late Jan, 2026) solves these challenges by providing streamlined management of edge devices and applications through a declarative approach . Now, there's a fair bit to unpack here. But for simplicity this is how I am going to map those 3 things here: Management of edge devices: I am mapping this to LCM (including upgrade, patch etc) of the underlying OS (in this case RHEL OS of BootC flavor or at least UBI based RHEL ). Managing applications: Mapping this to deploying applications and LCM of the applications stack on the OS. Declarative approach: This one is super interesting. To me this is very K8s-yy but in the world of edge devices running linux (RHEL OS, as of today). And then this thing also has MCP : This is my next prob...
Post a Comment
Read more

Hall of justice - Authorisation Greeting System

Ever since I watched the Young Justice EP-1 the security system of the Hall Of Justice and Mount Justice wow-ed me. After all it was built by Batman. You see similar AI driven voice guided system in pretty much in all sci-fi series these days. I always dreamed of having something similar of my own. Well, now I have it (sort of). Although we not quite in the flying cars era yet (disappointment) but IOT powered locks are somewhat normal these days. The adoption rate is great.  Some background: What is this Hall Of Justice Authorisation system? This is the security system that Batman built for Hall Of Justice. The movies haven't shown it yet but there're several scenes in the animated series and comic books. Basically, it is a AI powered voice guided intelligent security system that scans bio signatures (like retina, body dimensions, temperature, heart rate) through a scanning device and identifies which member of the justice league it is, logs entry then gr...
Post a Comment
Read more

Story of a Java application in the cloud on Heroku

Starting with a monolith application is not really uncommon. But when the demand arises it is important to have a plan or path to go distributed either a Big Bang change or phased approach. I took the phased approach and the phases sort of happened naturally (without even knowing the right technical terms, BUT the concept and vision was clear). I will try to tell the story in this post. Although I will use "sample app" and the tutorials I prepared for this is a "sample app", I have faced the scenarios in real life few years ago and learned a thing or two. I am using Heroku for this "sample app" but this can also be implemented in AWS or Azure. I am sure there's always a better way of doing it, but this is how I have approached it.   Firstly, let's set some functional specification for our "sample app": The app will take request from the user (there's no restriction on how many users can request the app in a given second.) via browser....
Post a Comment
Read more

Openshift-Powered Homelab | Why, What, How

I wanted to build a Homelab for some time but it was taking a backseat as I always had access to cloud environments (eg: cloud accounts, VMware DC etc) and the use cases I was focusing on didn't really warrant for one. But lately, some new developments and opportunities in the industry triggered the need to explore use cases in a bare-metal server environment, ultimately leading to the built of my own homelab, called MetalSNO. In this post, I will discuss some of my key reasons for building a homelab, the goals I set for it, and the process I followed to building one from scratch. I'll conclude with some reflections on whether it was truly worth it and what I plan to do with it going forward. Compelling reasons (The Why ) My uses cases for a homelab weren't about hosting plex server, home automation etc (I have them on Raspberry PIs for some years now). My Homelab is really about exploring technologies and concepts that are on par with industry trend. Below are some of the ...
Post a Comment
Read more

CastleWindsor issue with MVC Area

I have been stuck with this issue and couldn't take it out of my head. Hence, ended up putting in some heavy hours solving it. But hopefully it is worth it. THE CONTEXT: I am implementing a MVC solution for an existing Sitecore 8.0 implementation which uses Castle Windsor for it's dependency resolver. Let's say a a tiny microsite. I had to implement a SPEAK app as per one of the requirements. Below are the 2 most important things behind why I ran into this issue in the first place: I needed to call a WebApi from my SPEAK app. 2. I decided to take MVC Area approach for my "tiny microsite" on a completely different sets of dlls For example the dlls for my "tiny microsite" are MyTinyApp.Web.dll, MyTinyApp.Business.dll whereas the main website's dlls are BigWebsite.Web.dll, BigWebsite.Business.dll etc.  WHY MVC AREA: The reason I took the MVC Area approach was to completely separate my "tiny microsite" so that I don't ...
Post a Comment
Read more

Passwordless Auth to Azure Key Vault using External Secret and Workload Identity

I want to fetch my secrets from Azure KV and I don't want to use any password for it. Let's see how this can be implemented. This is yet another blog post (YABP) about ESO and Azure Workload Identity. Why Passwordless Auth: It is a common practice to use some sort of "master password" (spn clienid, clientsecret etc) to access Secret Vaults (in this case it is AZ KV) but that master password becomes a headache to manage (rotate, prevent leak etc). So, the passwordless auth to AKV is ideal.  Why ESO: This is discussed and addressed in the conclusion section. Workload Identity (Passwordless Auth): Lets make a backward start (just for a change). I will try to explain how the passwordless auth will work. This will make more sense when you will read through the detailed implementation section. Here's a sequence diagram to explain it: There's no magic here. This is a well documented process by microsoft  here . The below diagram (directly copied from the official doc...
Post a Comment
Read more