27 April 2008
The three rules of test driven development
A useful first step in proving the functionality of software, websites etc. Now all we need is a link up to ensure that the unit tests ensure what is being tested is actually what the end-user (as opposed to the customer) actually wants to use.
Craig
Craig
Labels: Computing
25 April 2008
Scottish IT consultation with Enterprise minister
At an industry consultation earlier this week, ScotlandIS Members, including myself, met with the Enterprise Minister, Jim Mather. Issues raised included the increasing difficulty in accessing public sector contracts, the contribution the industry can make in helping to grow the economy, and the skills challenges the industry faces.
For more details including the White Paper prepared for the Industry Consultation see the page on the ScotlandIS site.
Craig
For more details including the White Paper prepared for the Industry Consultation see the page on the ScotlandIS site.
Craig
Labels: Business, Computing, Scotland
28 January 2008
PRINCE2 + AGILE = Common sense?
I put "used an Agile/PRINCE2 development strategy" on my CV. It's been quite the conversation starter at interviews. So I thought it would be of interest to blog about it here and gauge the reaction/feedback.
First off PRINCE2 is an acronym for "PRojects IN Controlled Environments" (version 2). PRINCE2 is a generic project management method for exercising control over a project's startup through to closure (SU1 to DP5 for all you who enjoy punch card like references). It's a generic project management method that had its origins in IT but which now makes no reference to IT and could be used from anything from building a ship to planning your summer holiday. Whether you would want to use it on the latter is entirely up to you. The same flexibility of choice is not however accorded to the large number of public (and increasingly private) sector projects that use it since it is seen as the de-facto project management method and its use is frequently mandated, despite there being other methods that may be more relevant for the task in hand. There have also been a large number of complex and extensive government IT project failures recently many of which would have used PRINCE2 and which highlight that even a refined method such as PRINCE2 can run aground on large scale, long running projects that are subject to considerable change.
PRINCE2 is based around project control. Control is clearly a Good Thing, however being a generic method with no reference to IT, the closest IT development method would be the waterfall method, which is very well lampooned on the Waterfall2006 site. It is just these shortcomings of the waterfall method which seem to cause the biggest problems with PRINCE2 projects, especially those which due to their complexity and length of development are prone to large amounts of change. PRINCE2 also does not account for software projects comprising multiple versions and how these are handled, nor for website development and deployment which can be an almost continuous process.
Change is inevitable in projects. In response to this Agile development methods arose to deal with this change more effectively, particularly from a software engineering perspective and unlike PRINCE2, cover in detail the more day to day activities such as sprint planning, daily meeting structure etc. Agile does not have comprehensive cover for project management, however the Agile DSDM development method was developed with PRINCE in mind, as detailed in the paper using DSDM with PRINCE2 [PDF]. Thus the combination of Agile and PRINCE2 is not as contradictory as it might at first seem. One is a development method for managing change, the other is a project management method for exercising control, so the two compliment one another and should result in a management method for control in a changing environment. One can see from this white paper on integrating DSDM into a PRINCE2 environment [PDF] that at the actual delivery level the focus is much more on the agile processes rather than PRINCE2.
Alistair Cockburn (no relation) and others have produced a set of agile management methods however this has grown out of the agile community and consists of a set of principles rather than the sort of detailed how-to that would make it easy to sell to the PRINCE2 diehards.
The most complete agile project management method I have come across is DSDM Atern which is described as follows:
So it seems to me that you could effectively use PRINCE2 for the high level governance of a project, Atern for the structure of how the project development is to be organised and prioritised and scrum for the day to day elements of effectively organising the software engineer's time and daily priorities.
This is just intended as an overview to illustrate that PRINCE2 and Agile are not necessarily contradictory and that is possible to combine elements of both successfully, particularly when it comes to the managing a stage part of PRINCE2 - Agile turns this into many small stages comprising stable components of work suitable for release. However, what remains a mystery to me is why government departments have been so reluctant in the face of the number of IT failures I have blogged about to promote an agile implementation of PRINCE2 and how it can best be delivered for complex IT projects running into billions of pounds.
This whole sense approach to software development from project governance to day to day management would seem to be the holy grail for minimising such failures. Perhaps it is time to encourage those who mandate PRINCE2 to understand this in order to minimise further wastage.
Craig
First off PRINCE2 is an acronym for "PRojects IN Controlled Environments" (version 2). PRINCE2 is a generic project management method for exercising control over a project's startup through to closure (SU1 to DP5 for all you who enjoy punch card like references). It's a generic project management method that had its origins in IT but which now makes no reference to IT and could be used from anything from building a ship to planning your summer holiday. Whether you would want to use it on the latter is entirely up to you. The same flexibility of choice is not however accorded to the large number of public (and increasingly private) sector projects that use it since it is seen as the de-facto project management method and its use is frequently mandated, despite there being other methods that may be more relevant for the task in hand. There have also been a large number of complex and extensive government IT project failures recently many of which would have used PRINCE2 and which highlight that even a refined method such as PRINCE2 can run aground on large scale, long running projects that are subject to considerable change.
On paper, PRINCE2 is logical, reasonable and linear. However, as experience suggests - for example in the long series of failed UK Government IT projects where PRINCE2 is the mandated method - simply being logical, reasonable and linear, is not sufficient. It is not sufficient to make it the effective project management method business and public sector organisations really need."
From PRINCE2 problems by Business Transition Technologies
PRINCE2 is based around project control. Control is clearly a Good Thing, however being a generic method with no reference to IT, the closest IT development method would be the waterfall method, which is very well lampooned on the Waterfall2006 site. It is just these shortcomings of the waterfall method which seem to cause the biggest problems with PRINCE2 projects, especially those which due to their complexity and length of development are prone to large amounts of change. PRINCE2 also does not account for software projects comprising multiple versions and how these are handled, nor for website development and deployment which can be an almost continuous process.
Change is inevitable in projects. In response to this Agile development methods arose to deal with this change more effectively, particularly from a software engineering perspective and unlike PRINCE2, cover in detail the more day to day activities such as sprint planning, daily meeting structure etc. Agile does not have comprehensive cover for project management, however the Agile DSDM development method was developed with PRINCE in mind, as detailed in the paper using DSDM with PRINCE2 [PDF]. Thus the combination of Agile and PRINCE2 is not as contradictory as it might at first seem. One is a development method for managing change, the other is a project management method for exercising control, so the two compliment one another and should result in a management method for control in a changing environment. One can see from this white paper on integrating DSDM into a PRINCE2 environment [PDF] that at the actual delivery level the focus is much more on the agile processes rather than PRINCE2.
Alistair Cockburn (no relation) and others have produced a set of agile management methods however this has grown out of the agile community and consists of a set of principles rather than the sort of detailed how-to that would make it easy to sell to the PRINCE2 diehards.
The most complete agile project management method I have come across is DSDM Atern which is described as follows:
What is DSDM Atern?
Atern is an agile project delivery framework that delivers the right solution at the right time.
Importantly, Atern harnesses the knowledge, experience and creativity of end users. It uses an iterative lifecycle to evolve the most appropriate solution to satisfy project objectives.
Using planned, visible timeboxes with clearly-specified outcomes control is exercised throughout by the project manager and the team members themselves.
Roles are clearly defined and work is divided into timeboxes with immoveable deadlines and agreed outcomes.
Atern Agility
Atern’s agile approach avoids the cumbersome rigidity of ‘big design up-front’ without the inevitable risks of ‘no design up front’.
Since it is worth spending some early time examining the structure of the overall solution before building any components, Atern advocates that projects should do just ‘enough design up front’.
Atern flexibility
Atern can be used to complement other project management disciplines such as PRINCE2TM and PMI without duplication of effort.
So it seems to me that you could effectively use PRINCE2 for the high level governance of a project, Atern for the structure of how the project development is to be organised and prioritised and scrum for the day to day elements of effectively organising the software engineer's time and daily priorities.
This is just intended as an overview to illustrate that PRINCE2 and Agile are not necessarily contradictory and that is possible to combine elements of both successfully, particularly when it comes to the managing a stage part of PRINCE2 - Agile turns this into many small stages comprising stable components of work suitable for release. However, what remains a mystery to me is why government departments have been so reluctant in the face of the number of IT failures I have blogged about to promote an agile implementation of PRINCE2 and how it can best be delivered for complex IT projects running into billions of pounds.
This whole sense approach to software development from project governance to day to day management would seem to be the holy grail for minimising such failures. Perhaps it is time to encourage those who mandate PRINCE2 to understand this in order to minimise further wastage.
Craig
27 January 2008
BarCamp Scotland 2008
BarCamp Scotland is on 1-2 Feb 2008. See the barcamp2008 page for more info or view the event on upcoming.org.
Incidentally, if you are less technically inclined and fancy some music and culture instead, there is the monthly Bothan at the Scottish Storytelling centre at 8:30pm on Friday 1st Feb. £3.
Details:
Bothan meets again this Friday (1st February 2008) at 8.30pm in the Scottish Storytelling Centre, High Street, Edinburgh, when popular singer Mary Macmillan (Uist) who won the Traditional Gold Medal at the Lochaber Mod last year, along with various Bothan instrumentalists, will entertain the company. Please come along and enjoy the music, songs and crack and catch up with news from the Gaelic world. The evening’s entertainment will only cost £3 – a real bargain at today’s prices!
I expect I must be about the only person in Scotland for whom both the above represents a potential diary clash :-)
Incidentally, if you are less technically inclined and fancy some music and culture instead, there is the monthly Bothan at the Scottish Storytelling centre at 8:30pm on Friday 1st Feb. £3.
Details:
Bothan meets again this Friday (1st February 2008) at 8.30pm in the Scottish Storytelling Centre, High Street, Edinburgh, when popular singer Mary Macmillan (Uist) who won the Traditional Gold Medal at the Lochaber Mod last year, along with various Bothan instrumentalists, will entertain the company. Please come along and enjoy the music, songs and crack and catch up with news from the Gaelic world. The evening’s entertainment will only cost £3 – a real bargain at today’s prices!
I expect I must be about the only person in Scotland for whom both the above represents a potential diary clash :-)
03 December 2007
Towards a more flexible e-commerce model
Argos (a top 5 e-commerce site in the UK) reports on its website when you go to buy something:
Glory be and hallelujah.
About the only site I know of that allows people to log in if they want to (potentially saving time in the long term) as well as not logging in (thereby saving time for one off purchases and especially if you have forgotten your password etc)
When I go to shop in a normal high street shop, I am not required to log in. Nor am I required in the main to have their store card and use it allowing every purchase I make to be tracked on every visit. Nor am I required to set up a username before I think about putting stuff in my basket. Nor am I required to give my date of birth before purchasing non-age related goods from them.
Yet on-line retailers indulge in this nefarious data gathering just because they can. Tesco.com requires to have a clubcard before purchasing with them (thereby allowing all your purchases to be tracked). Toysrus.com requires a date of birth when registering, even though the vast bulk of their products are non-age related and even though all they need to know is whether I am over 18 or not, see this analysis of their site in terms of the data protection act.
Argos were reviewed as Pants back in 2003 and still persist with the silly practice of requiring everyone to have a courtesy title even when many prefer not to use one. But nonetheless, credit where it's due for being courageous enough to say no to the marketing department's endless quest for customer data "we take your data because we can" and having a site that gives the customer the option of a quick purchase without having to log in as well as using their account if they have one.
A site that offers true customer choice, how long before others follow this lead?
Craig
Remember, you don't need to register to purchase on this website!
Glory be and hallelujah.
About the only site I know of that allows people to log in if they want to (potentially saving time in the long term) as well as not logging in (thereby saving time for one off purchases and especially if you have forgotten your password etc)
When I go to shop in a normal high street shop, I am not required to log in. Nor am I required in the main to have their store card and use it allowing every purchase I make to be tracked on every visit. Nor am I required to set up a username before I think about putting stuff in my basket. Nor am I required to give my date of birth before purchasing non-age related goods from them.
Yet on-line retailers indulge in this nefarious data gathering just because they can. Tesco.com requires to have a clubcard before purchasing with them (thereby allowing all your purchases to be tracked). Toysrus.com requires a date of birth when registering, even though the vast bulk of their products are non-age related and even though all they need to know is whether I am over 18 or not, see this analysis of their site in terms of the data protection act.
Argos were reviewed as Pants back in 2003 and still persist with the silly practice of requiring everyone to have a courtesy title even when many prefer not to use one. But nonetheless, credit where it's due for being courageous enough to say no to the marketing department's endless quest for customer data "we take your data because we can" and having a site that gives the customer the option of a quick purchase without having to log in as well as using their account if they have one.
A site that offers true customer choice, how long before others follow this lead?
Craig
Labels: Business, Computing, Viewpoint
17 November 2007
Bollocks security
Continuing the theme of e-mail/Internet security.
Tonight I wanted to set up a new bill payment. The bank, in response to customer paranoia about Internet security and phishing attacks now require me to carry my bank cards and their calculator like number generator that I now have to take with me on business if I want to set up a bill payment. No thanks. No, I don't want to trail a variety of calculator like devices around with me one for each account or service I might want to use. I think the encryption offered by the bank site together with the random letters and digits from a security password is secure enough.
However, aside from that, let us now look at the two options the bank presents:
1. Log onto the website, have it over a secure encrypted channel, type in a customer number securely, random digits from two separate passwords securely and use the calculator device to randomly generate a number. Pretty secure huh?
2. Alternatively, use a phone, have the conversation in clear text, have the audible key presses recordable by anyone in earshot with a microphone, no need for the card reader calculator device either. Set up bill payment successfully.
Does the analogy of having 50 billion million trillion zillion locks on your front door and only 1 on your back door apply here?
Which way do you think a burglar would want to break in?
Why do banks and other sites continue to believe that the phone is a secure means of communication?
Tonight I wanted to set up a new bill payment. The bank, in response to customer paranoia about Internet security and phishing attacks now require me to carry my bank cards and their calculator like number generator that I now have to take with me on business if I want to set up a bill payment. No thanks. No, I don't want to trail a variety of calculator like devices around with me one for each account or service I might want to use. I think the encryption offered by the bank site together with the random letters and digits from a security password is secure enough.
However, aside from that, let us now look at the two options the bank presents:
1. Log onto the website, have it over a secure encrypted channel, type in a customer number securely, random digits from two separate passwords securely and use the calculator device to randomly generate a number. Pretty secure huh?
2. Alternatively, use a phone, have the conversation in clear text, have the audible key presses recordable by anyone in earshot with a microphone, no need for the card reader calculator device either. Set up bill payment successfully.
Does the analogy of having 50 billion million trillion zillion locks on your front door and only 1 on your back door apply here?
Which way do you think a burglar would want to break in?
Why do banks and other sites continue to believe that the phone is a secure means of communication?
Labels: Business, Computing, Viewpoint
14 July 2007
Have you had a rude (no reply) email recently?
I hate companies being rude to me. This includes Amazon.com, Dell and other companies that supposedly pride themselves in high quality customer service.
They are rude to me by sending me emails and then denying me the opportunity of replying via the same channel. Obviously they know I have an email address, as they are using it. Obviously they know I have access to the Internet because I can use it to collect said email. They then assume incorrectly from those two assumptions that my preferred means of response is via a secure web form. It isn't.
They write to me via email, they get a reply via email. That's the way it works.
Problem 1.
You are disabled and although some sites might be web accessible it's a slow process navigating round them. Every site is different. Your email client is laid out identically regardless of who you email, it's convenient. Companies that deny you the opportunity to use email waste your time.
Problem 2.
An increasing number of people pick up email on PDAs (Blackberry, Nokia E61 etc). Said people have no problem connecting to pick up email, a few Kb if you have a decent spam filter. Sending a quick reply is less than 1K. Fast and cheap. Bring up a web browser on a small screen and wondering where the relevant link is an then navigating drop list spaghetti to find the right option, and then eventually getting to the right form and typing in all your details whilst staying connected the whole time is extremely wasteful of time and it only takes a few such instances to use up several Mb of bandwidth which isn't much if you are on a fixed package. It's astronomically expensive if you happen to be abroad (or even close to a border as your phone can roam to the foreign network even though you are inside the border). A huge waste of time and money compared to the 1K email. There's a vast difference between broadband access from a fast PC and "dial up" speeds on a PDA in another country. Make no assumptions when dealing on the net where your customers are or how they are accessing the Internet.
Problem 3
The website isn't compatible with your PDA. I can't use Jobserve with my PDA web browser as I get a crippled version that is totally unusable (it is impossible to log in and actually apply for a job without having to write to the job link sent to me in email manually and hoping I have entered it correctly). So much for click and go. I can't access the full site as they have disabled access from PDAs.
Problem 4
The website requires you to log in. Since you access hundreds of websites that require log ins and for security reasons you have a different log in for each site, more time is wasted while you fire up the browsers, access the forgotten password feature, wait for the mail to arrive and then try again.
Problem 5
Amazon gave me this reason
OK, My email is secure. My system has no viruses. I assume that a company the size of Amazon can buy a decent spam filter, virus filter and can assure me that none of its employees will ever introduce a virus directly. However, since Amazon have told me that email isn't secure, why are they sending me correspondence via email? I want a web form right away. I want every company on the planet to have to use my webform to contact me. I want every company to have an annoying random graphic to decipher before they get anywhere near my mailbox, oh and they can have 10 annoying drop lists like ebay to fill in before they get anywhere near the webform. I'll even throw in a useless wizard to hinder and annoy then. Then when they have filled in their details on my secure webform I'll even give them an auto generated response that tells them to get lost if they even think of replying to it. Yeah, that'll do nicely. I'll be secure then. I wonder how bloody inconvenient the companies that send tens of thousands of email each day would find THAT. Then when they reply they might appreciate how valuable MY time is with all this secure webform bollocks nonsense.
I sent my comments to Amazon who then changed their tune somewhat and wrote:
Yeah, right. Like you can't get a decent spam filter? How many billions are you worth? Here's my response if you still have problems, even with a spam filter.
1. Send me an email using a custom reply address with the issue number in it. e.g. amazon-helpdesk-abcd1234@amazon.com
2. Only accept emails to the above address from the email address used to log the particular issue (in this case, my address)
3. If you like, you can expire the above address a few weeks after the issue is closed.
That's it. Didn't take a brain the size of Jeff Bezos' to work out that one. Indeed if they did implement such a system, rather than trying in vain to navigate PDA hostile webforms at great expense, I might actually have more free time when I get back to a real PC and use that time on the Amazon site buying that Harry Potter book etc. that's coming out soon. We all want more free time and certainly I would have more if I didn't have to waste it on webforms when email should be good enough.
I have worked on a large number of help desk systems that deal with responses to emails, filter them correctly and then file them against the relevant issue provided the subject is left intact. It works. Big Rude Companies Please Pay Attention.
I realise it is somewhat ironic having to fill in a webform to reply to this blog, but this blog is a web based medium, so using the web to reply to a web based medium doesn't contradict the above.
Thank you for listening to Rant Of The Day.
They are rude to me by sending me emails and then denying me the opportunity of replying via the same channel. Obviously they know I have an email address, as they are using it. Obviously they know I have access to the Internet because I can use it to collect said email. They then assume incorrectly from those two assumptions that my preferred means of response is via a secure web form. It isn't.
They write to me via email, they get a reply via email. That's the way it works.
Problem 1.
You are disabled and although some sites might be web accessible it's a slow process navigating round them. Every site is different. Your email client is laid out identically regardless of who you email, it's convenient. Companies that deny you the opportunity to use email waste your time.
Problem 2.
An increasing number of people pick up email on PDAs (Blackberry, Nokia E61 etc). Said people have no problem connecting to pick up email, a few Kb if you have a decent spam filter. Sending a quick reply is less than 1K. Fast and cheap. Bring up a web browser on a small screen and wondering where the relevant link is an then navigating drop list spaghetti to find the right option, and then eventually getting to the right form and typing in all your details whilst staying connected the whole time is extremely wasteful of time and it only takes a few such instances to use up several Mb of bandwidth which isn't much if you are on a fixed package. It's astronomically expensive if you happen to be abroad (or even close to a border as your phone can roam to the foreign network even though you are inside the border). A huge waste of time and money compared to the 1K email. There's a vast difference between broadband access from a fast PC and "dial up" speeds on a PDA in another country. Make no assumptions when dealing on the net where your customers are or how they are accessing the Internet.
Problem 3
The website isn't compatible with your PDA. I can't use Jobserve with my PDA web browser as I get a crippled version that is totally unusable (it is impossible to log in and actually apply for a job without having to write to the job link sent to me in email manually and hoping I have entered it correctly). So much for click and go. I can't access the full site as they have disabled access from PDAs.
Problem 4
The website requires you to log in. Since you access hundreds of websites that require log ins and for security reasons you have a different log in for each site, more time is wasted while you fire up the browsers, access the forgotten password feature, wait for the mail to arrive and then try again.
Problem 5
Amazon gave me this reason
The reason that Amazon.co.uk do not provide customers with email addresses to respond directly to us is to prevent spam and viruses from getting onto the Amazon system. This policy also protects the integrity of our customers' accounts, keeping their details secure.
OK, My email is secure. My system has no viruses. I assume that a company the size of Amazon can buy a decent spam filter, virus filter and can assure me that none of its employees will ever introduce a virus directly. However, since Amazon have told me that email isn't secure, why are they sending me correspondence via email? I want a web form right away. I want every company on the planet to have to use my webform to contact me. I want every company to have an annoying random graphic to decipher before they get anywhere near my mailbox, oh and they can have 10 annoying drop lists like ebay to fill in before they get anywhere near the webform. I'll even throw in a useless wizard to hinder and annoy then. Then when they have filled in their details on my secure webform I'll even give them an auto generated response that tells them to get lost if they even think of replying to it. Yeah, that'll do nicely. I'll be secure then. I wonder how bloody inconvenient the companies that send tens of thousands of email each day would find THAT. Then when they reply they might appreciate how valuable MY time is with all this secure webform bollocks nonsense.
I sent my comments to Amazon who then changed their tune somewhat and wrote:
In response to your comments on our email communications system, email is not necessarily a "risky medium". But by not having a direct email address, we can prevent time consuming spam and junk mail that is often automated and sent indiscriminately. By not having a direct address, we avoid this, and spend our time replying to relevant customer queries.
Yeah, right. Like you can't get a decent spam filter? How many billions are you worth? Here's my response if you still have problems, even with a spam filter.
1. Send me an email using a custom reply address with the issue number in it. e.g. amazon-helpdesk-abcd1234@amazon.com
2. Only accept emails to the above address from the email address used to log the particular issue (in this case, my address)
3. If you like, you can expire the above address a few weeks after the issue is closed.
That's it. Didn't take a brain the size of Jeff Bezos' to work out that one. Indeed if they did implement such a system, rather than trying in vain to navigate PDA hostile webforms at great expense, I might actually have more free time when I get back to a real PC and use that time on the Amazon site buying that Harry Potter book etc. that's coming out soon. We all want more free time and certainly I would have more if I didn't have to waste it on webforms when email should be good enough.
I have worked on a large number of help desk systems that deal with responses to emails, filter them correctly and then file them against the relevant issue provided the subject is left intact. It works. Big Rude Companies Please Pay Attention.
I realise it is somewhat ironic having to fill in a webform to reply to this blog, but this blog is a web based medium, so using the web to reply to a web based medium doesn't contradict the above.
Thank you for listening to Rant Of The Day.
Labels: Business, Computing, Viewpoint
23 June 2007
Email security. But it is more secure than the phone
I just got another one of those Very Annoying messages. One where you send an email to the very useful customer service email address for a company and they respond with a stock template
"We are unable to discuss account matters via email, please call our contact centre".
Which is of course another way of saying "we live under the mistaken impression that email is less secure than the phone, so please contact our contact centre, press loads of irritating buttons, pay a premium rate, listen to annoying hold music and adverts and generally waste your time". Especially when I can send email for free then read the response at my leisure but taking up 15 minutes of my time listening to hold music on my mobile is certainly not free.
I wrote about this in 2003 and the arguments are just as valid today.
Since getting email in 1983 and sending on average 30 emails a day (would have been less in 1983, considerably more since 1987 when I've used it on a daily basis for my job) I figure I must have sent around 260,000 mails. In that time, I can't think of a single instance where one has been maliciously intercepted en route.
Consider those odds of 260,000:1 versus the odds of calling from an open plan office or in the street and everyone hearing the login details that you have to speak down the phone or indeed hearing the gist of why you are actually phoning and then using that to commit fraud.
I accept email isn't 100% secure. However, I believe the phone to be less secure than email. So why can't we move on and accept email as a valid communication channel for secure conversations and then build the appropriate support and encryption channels around this rather than sticking our heads in the sand and resorting to plain text expensive 19th century communications technology?
Craig
"We are unable to discuss account matters via email, please call our contact centre".
Which is of course another way of saying "we live under the mistaken impression that email is less secure than the phone, so please contact our contact centre, press loads of irritating buttons, pay a premium rate, listen to annoying hold music and adverts and generally waste your time". Especially when I can send email for free then read the response at my leisure but taking up 15 minutes of my time listening to hold music on my mobile is certainly not free.
I wrote about this in 2003 and the arguments are just as valid today.
Since getting email in 1983 and sending on average 30 emails a day (would have been less in 1983, considerably more since 1987 when I've used it on a daily basis for my job) I figure I must have sent around 260,000 mails. In that time, I can't think of a single instance where one has been maliciously intercepted en route.
Consider those odds of 260,000:1 versus the odds of calling from an open plan office or in the street and everyone hearing the login details that you have to speak down the phone or indeed hearing the gist of why you are actually phoning and then using that to commit fraud.
I accept email isn't 100% secure. However, I believe the phone to be less secure than email. So why can't we move on and accept email as a valid communication channel for secure conversations and then build the appropriate support and encryption channels around this rather than sticking our heads in the sand and resorting to plain text expensive 19th century communications technology?
Craig
25 May 2007
Firefox useragent - changing the string manually
I appreciate there are tools to change the useragent in Firefox, however the plugin needs to be compatible with the version of Firefox you are running and if you have the latest alpha / nightly build etc the plug in might not work.
I had this situation recently where I couldn't get Firefox 2.0.0.3 to run reliably, so I downloaded Firefox 3.0 (Gran Paradiso). All was well, except I was barred from banking sites because my browser ident string wasn't on their authorised list. Silly banks, surely they know that checking the browser user agent via Javascript is more reliable?
Anyway, even if I did have a compatible user agent switcher plug in, very few of them include the latest released version of the browser in the pre-programmed list which again makes it hard to convince the banks that you are running the latest stable software.
So here are the instructions on how to set the user agent string yourself on Firefox
Goto the browser address bar:
Enter
About:config
Right mouse click to get the context menu and choose New->String from the menu.
Enter
As the preference name.
Then enter this as the value
For the average user running Windows XP, this should be fine to get past the pedantic banking sites who don't have a robust way of checking the browser version.
I had this situation recently where I couldn't get Firefox 2.0.0.3 to run reliably, so I downloaded Firefox 3.0 (Gran Paradiso). All was well, except I was barred from banking sites because my browser ident string wasn't on their authorised list. Silly banks, surely they know that checking the browser user agent via Javascript is more reliable?
Anyway, even if I did have a compatible user agent switcher plug in, very few of them include the latest released version of the browser in the pre-programmed list which again makes it hard to convince the banks that you are running the latest stable software.
So here are the instructions on how to set the user agent string yourself on Firefox
Goto the browser address bar:
Enter
About:config
Right mouse click to get the context menu and choose New->String from the menu.
Enter
general.useragent.override
As the preference name.
Then enter this as the value
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-GB; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3
For the average user running Windows XP, this should be fine to get past the pedantic banking sites who don't have a robust way of checking the browser version.
Labels: Computing
24 May 2007
Why it's important to prepare a Digital Will
Many of us can't be bothered to prepare a real Will, with the resultant tax confusion and uncertainty that this causes especially in the event of premature death. However, we live in the first age where our digital possessions matter and important emails, contacts, music collections, online accounts, photos, domain names and online financial details may be difficult or even impossible to obtain after our death especially if they are encrypted.
Living in the age of the birth of the machine, I suggested last August to Cambrian House the idea of how to access files after the owner dies. With a strong interest in genealogy, I imagine a future where the online assets of the people of today will be of interest to the genealogists of tomorrow. My grandfather was born in the 1870s and lived to old age, yet despite living in the era of photography only 2 pictures of him remain. In this modern age where we have thousands of digital pictures, our grandchildren will surely appreciate access to these historic pictures rather than having them wiped out by bureacracy.
Consider this. A close friend dies, but like many people nowadays their contact details for their friends are electronic, many held online. The funeral is in 5 days. You have approximately 3 days to get access to their account and contact people and they need to pick up the e-mail or instant message in time to be able to make travel arrangements for the funeral. In many cases, with the complexity of bureaucracy surrounding getting access to a person's account, faxing death certificates (often sending them overseas) and dealing with ISPs and organisations many of whom might not have an "after death" procedure or policy, you probably wouldn't be able to contact these people in time. As the digital age progresses, our dependency on hard copy letters from friends, address books and so on will diminish and the problem will get worse. Encrypted and password protected data (including accessing paypal balances) is another matter entirely.
Take just one element of this puzzle - accessing the deceased person's webmail to contact people is at the whim of the webmail provider, some might not provide access at all - as was discovered last year in the case of families trying to access the accounts of Iraq war victims, If you're not successful in gaining access, within a few months it will be deleted forever. Law.com covers this story in further detail. On the other hand, trying to cancel an AOL account is difficult enough when you're alive - if someone else tries to do it on behalf of a deceased person it's only going to be much more difficult.
Another popular email provider, Gmail, doesn't publicise their terms, I looked for death in the Gmail help centre and got this:
For the level of complexity regarding access to digital data you need only look at this article which details the Gmail procedure as follows:
It is all very well for online providers to uphold user's privacy, but as detailed in this zdnet article that on death, privacy rights cease yet this is often what is cited when trying to access the deceased's data.
In summary, I would suggest these things.
1. That you list your important accounts in your Will
2. Your Will references a file where the passwords are kept. Don't put the passwords in the Will itself, they change too frequently for this to be practical. The file should be in a location that is secure, but ideally not online.
3. That collectively, online service providers agree a common procedure for dealing with the accounts of deceased people which is secure yet still allows efficient and
straightforward access to the account once a death certificate is produced and allows the account contents to be retrieved and closed under the control of the deceased person's estate in a way which is no more complex than closing their bank accounts.
Please help to promote this important campaign. One day you, or future genealogists, may need it.
Craig
Living in the age of the birth of the machine, I suggested last August to Cambrian House the idea of how to access files after the owner dies. With a strong interest in genealogy, I imagine a future where the online assets of the people of today will be of interest to the genealogists of tomorrow. My grandfather was born in the 1870s and lived to old age, yet despite living in the era of photography only 2 pictures of him remain. In this modern age where we have thousands of digital pictures, our grandchildren will surely appreciate access to these historic pictures rather than having them wiped out by bureacracy.
Consider this. A close friend dies, but like many people nowadays their contact details for their friends are electronic, many held online. The funeral is in 5 days. You have approximately 3 days to get access to their account and contact people and they need to pick up the e-mail or instant message in time to be able to make travel arrangements for the funeral. In many cases, with the complexity of bureaucracy surrounding getting access to a person's account, faxing death certificates (often sending them overseas) and dealing with ISPs and organisations many of whom might not have an "after death" procedure or policy, you probably wouldn't be able to contact these people in time. As the digital age progresses, our dependency on hard copy letters from friends, address books and so on will diminish and the problem will get worse. Encrypted and password protected data (including accessing paypal balances) is another matter entirely.
Take just one element of this puzzle - accessing the deceased person's webmail to contact people is at the whim of the webmail provider, some might not provide access at all - as was discovered last year in the case of families trying to access the accounts of Iraq war victims, If you're not successful in gaining access, within a few months it will be deleted forever. Law.com covers this story in further detail. On the other hand, trying to cancel an AOL account is difficult enough when you're alive - if someone else tries to do it on behalf of a deceased person it's only going to be much more difficult.
Another popular email provider, Gmail, doesn't publicise their terms, I looked for death in the Gmail help centre and got this:
Your search - death - did not match any answers in this Help Center.
For the level of complexity regarding access to digital data you need only look at this article which details the Gmail procedure as follows:
Google needs your full name and contact information, a verifiable email address, the full header and content of an email you have received from this person's account, a copy of the death certificate and a copy of the document that gives you power of attorney over the email account.
"If you are the parent of the Gmail account owner and she or he was under the age of 18, you must submit a copy of the birth certificate as well, and power of attorney is not required," he says. But keep in mind that after nine consecutive months of inactivity, Google is likely to delete the email account.
It is all very well for online providers to uphold user's privacy, but as detailed in this zdnet article that on death, privacy rights cease yet this is often what is cited when trying to access the deceased's data.
In summary, I would suggest these things.
1. That you list your important accounts in your Will
2. Your Will references a file where the passwords are kept. Don't put the passwords in the Will itself, they change too frequently for this to be practical. The file should be in a location that is secure, but ideally not online.
3. That collectively, online service providers agree a common procedure for dealing with the accounts of deceased people which is secure yet still allows efficient and
straightforward access to the account once a death certificate is produced and allows the account contents to be retrieved and closed under the control of the deceased person's estate in a way which is no more complex than closing their bank accounts.
Please help to promote this important campaign. One day you, or future genealogists, may need it.
Craig
Labels: Computing
Free 3D first person shooter in your web browser
Visit Rasterwerks for a great, free, multiplayer, first person shooter game all running in your browser. Amazing!
Labels: Computing
17 May 2007
Shut down vista via the keyboard
In a breathtaking act of complete user ignorance, the so called new user experience of Windows Vista is now significantly harder to shut down via the keyboard than good old Windows XP. Gone is the really useful Windows+U, U, Return. No, in all the extensive development and testing and usability studies it didn't seem to occur to Microsoft that people might find a keyboard shutdown in Windows Vista useful. Never mind disability access issues and people prefering not to use a mouse because of an impairment. Never mind also the logistical difficulty of trying to use a mouse when using the laptop on a train or other moving environment. In all the studies that Microsoft did and the millions of dollars spent did noone point this out?
So here's how you do it without the mouse in Vista. Windows Vista (because we know you like things complicated)
1. Press the Windows button
2. Press the left arrow key
3. Press the right arrow key (bizarrely this does not put you back to step 1!)
4. Press return
Here's a longer alternative:
1. Press Windows+D
2. Press Alt+F4
3. Press down arrow
4. Press down arrow (3 and 4 may be combined depending on your setup depending on the options in the drop list, press down arrow until Shut Down appears).
5. Press return
Why make life so difficult for the user for something they might do several times a day?
So here's how you do it without the mouse in Vista. Windows Vista (because we know you like things complicated)
1. Press the Windows button
2. Press the left arrow key
3. Press the right arrow key (bizarrely this does not put you back to step 1!)
4. Press return
Here's a longer alternative:
1. Press Windows+D
2. Press Alt+F4
3. Press down arrow
4. Press down arrow (3 and 4 may be combined depending on your setup depending on the options in the drop list, press down arrow until Shut Down appears).
5. Press return
Why make life so difficult for the user for something they might do several times a day?
Labels: Computing
16 May 2007
ID card fiasco, yet again
I have blogged in the past about the UK government's appalling record on IT systems yet that earlier article was only about a £141m system going tits up and tax payers' money getting toileted. Today we have the news that the ID system "may" be out of control and that MPs must act on runaway ID project.
What is laughable about this is the government IT systems are run via a project management system called PRINCE2, which was written by the Office of Government Commerce and generally regarded as heavy on the project management side of things is supposed to control this sort of failure. PRINCE stands for Projects in Controlled Environments. When the London School of Economics is calling to see whether the ID system is getting out of control after the costs have risen by nearly 1 BILLION pounds, can I make a few suggestions:
1. You are supposed to be running a controlled project. Where is the control?
2. When a project over runs by nearly a billion pounds, you don't need one of the foremost centres of learning in the world to ask you to see if it might be out of control. It is, deal with it.
3. I posted in June 2006 about wasting money on the ID card system and July 2006 and other IT projects in September 2006. Since these faults with the ID card system were well known nearly a year ago, why has the government apparently done nothing about it?
What is laughable about this is the government IT systems are run via a project management system called PRINCE2, which was written by the Office of Government Commerce and generally regarded as heavy on the project management side of things is supposed to control this sort of failure. PRINCE stands for Projects in Controlled Environments. When the London School of Economics is calling to see whether the ID system is getting out of control after the costs have risen by nearly 1 BILLION pounds, can I make a few suggestions:
1. You are supposed to be running a controlled project. Where is the control?
2. When a project over runs by nearly a billion pounds, you don't need one of the foremost centres of learning in the world to ask you to see if it might be out of control. It is, deal with it.
3. I posted in June 2006 about wasting money on the ID card system and July 2006 and other IT projects in September 2006. Since these faults with the ID card system were well known nearly a year ago, why has the government apparently done nothing about it?
Labels: Computing
BlogThis and the Google Toolbar
For some unknown reason Google has removed the very useful BlogThis feature from the Google toolbar. However if you want the BlogThis functionality you can get BlogThis! instead.
I'm using it to post this. Just install the extension, restart Firefox and then BlogThis is available from the right click context menu.
You'll see a few more posts using BlogThis, just to prove it works!
Craig
I'm using it to post this. Just install the extension, restart Firefox and then BlogThis is available from the right click context menu.
You'll see a few more posts using BlogThis, just to prove it works!
Craig
Labels: Computing
RSS Feed
