March 23, 2006
Are fingerprint scanners better for security? Better not have Silly Putty around
From Coding Horror, Jeff talks about a problem we all have ... what is my login name and/or password. If I had a dollar for every time I had to request/reset a password on a system and two for the number of times I needed the username too ... I'd be a wealthy guy. Right now people are talking about (including IBM/Lenovo with some new ThinkPads) using fingerprint scanners. Carry your password with you they say ... sounds great but ...
One particular pitfall is the idea that your fingerprint is a secure substitute for your password. This review of a typical USB fingerprint reader illustrates just how foolish that misconception is:
The jelly fingertip peeled off the putty very easily, as you'd expect - clean, cold Silly Putty doesn't stick very well to anything but itself. The gelatine was full of bubbles from my stirring, but the jelly thumb nonetheless had a pretty good complement of print-ridges on it.
Ugly and bubble-y the jelly thumb was, but the scanner loved it. It thought the jelly finger was a real one more than 50% of the time. And since you can attempt recognition about once a second, that means it'd be trivially easy to log in with a thing like this, even with people watching. Trim the jelly so it fits over the end of your real finger, and some very rudimentary prestidigitation will keep your fakery from the attention of onlookers.
I also found it was possible to enroll the jelly thumb as a new finger. It took me four attempts to do it, and its recognition rate wasn't any better than when I was trying to match it to my real finger. But that's still quite good enough to be useable in an, um, covert situation.
Oops. Jeff hopes new InfoCard solutions will help. I hope so, because my piece of paper is getting might crowded.
Tags: passwords, security, InfoCard
Posted by Tris Hussey on March 23, 2006 | Permalink
| Comments (0)
March 22, 2006
What do you think ... can Six Sigma fix bad management?
From the Agile Management Blog:
The speaker Greg Boal of ServiceMaster has just suggested that Six Sigma won't fix bad management. It will fix a lot of bad shopfloor and service delivery problems but bad management is not something it addresses. At first this seemed a profound observation that ought to be common sense but on reflection after a few minutes, this seems a curious observation.
Not having much experience with Six Sigma except for hearing my production colleagues while in Pharma talking about implementing it, what do you think ... Can Six Sigma fix management problems? My guess is no. If you're a lousy manager, no business process improvement can fix that.
Tags: Six Sigma, ERP, BPM
Posted by Tris Hussey on March 22, 2006 | Permalink
| Comments (0)
February 06, 2006
.Net and QA are the hot jobs right now ...
From CNN Money:
Two tech jobs in high demand these days are .NET developers and quality assurance analysts.
Developers who are expert users of Microsoft's software programming language .NET can make between $75,000 and $85,000 a year in major cities. (See correction.) If they pursue a job at a company that seeks someone with a background in a given field (say, a firm looking for a .NET developer experienced in using software related to derivatives) they might snag a salary hike of 15 percent or more when they switch jobs.
Those who work in software quality management, meanwhile, might make $65,000 to $75,000 a year and be able to negotiate a 10 percent to 15 percent jump in pay if they switch jobs.
Break out the resumes ... if you are a .NET whiz or a QA master (dare I think about if you're both!) according to CNN Money they are the two hottest areas in tech right now.
But ... from my experience as a manager during the DotCom boom ... jumping ship just to get more cash isn't always the best course. One of my best programmers jumped ship to a little start up and wound up working in an environment where they hired 12 people for about 6 slots ... you had to program great stuff to keep your job, and you knew people where going to be let go. So ... caution is always the best course in times like these.
Tags: tech jobs, .Net, QA
Posted by Tris Hussey on February 6, 2006 | Permalink
| Comments (0)
November 30, 2005
Failed IT Projects Cost Billions: Train wreck in slow motion
Regardless of whether you are developing a new application, website, or implementing a new software system, failures and setbacks occur. It happens. It's inevitable. It costs. Billions. This article from the Globe & Mail (Canada) talks in depth about the scale of IT failures and some of the potential "whys"
Let's lay some groundwork here:
The UK public sector alone spends circa 22.6-billion pounds each year on IT, and some reports suggest that 1.5 billion-pounds have been wasted on failed IT projects since 1997. A 2004 report from the UK Royal Academy of Engineers and the British Computer Society estimated that only 16 per cent of these projects succeed, and confirmed that billions of pounds each year are wasted on them — throughout the EU.
Indeed, statistics suggest that 50 per cent of all IT projects fail, while 40 per cent are late and/or over budget, and ultimately delivered with reduced functionality.
These various controversies have led to a major reform of how the Government in the UK and Ireland handles large scale IT projects, but the jury is definitely out, and public trust in elected officials has visibly eroded.
But lest we get smug here in North America, it is abundantly clear that such wanton waste is not just an EU concern. It is a global pandemic that needs urgent attention. And Canadians have plenty of home- spun examples to call upon.
In the US, the FBI recently disclosed that a post-911 IT project that has cost $170-million (U.S.) to date has been an abject failure, and that they will have to start again. Sen. Patrick Leahy of Vermont, the senior Democrat on the Senate Judiciary Committee, was quoted in Wired magazine as describing the whole fiasco as "a train wreck in slow motion."
You're not going to read any smug "it's never happened to me" lines here. There are still a few projects I'm sure we all wish we had never started. Several projects that, although they were eventually completed, were over-budget or somehow short of expectations. So the question remains, why.
Posted by Tris Hussey on November 30, 2005 | Permalink
| Comments (0)
November 15, 2005
Keeping the lights on ... how to keep programmers happy
No matter what sector of IT you're in you are going to deal with programmers and developers at some point. Even if you're "just" a business person, you will likely work with a development team at some point. Dealing with programmers isn't a black art, but it can be tricky.
Programmers are a interesting breed. Focus, attention to detail, creativity, these are some of the core traits of programmers, especially good programmers. Often though, programmers get a bad wrap. Let's put inherent geekiness aside, things like being petulant, prima donnas, and more than a little abrasive with users who "don't get it". Scoble notes a very key point
that I personally know helps keep programmers—heck everyone for that matter—happy:
The guys who stare at a blank black or white screen and start typing and start creating the things we all find magical just want us to see their work in our hands. Is it more complicated than that?
We all like to see our work as being valued. We like to see the fruits of our labor enjoyed by an audience. Come on, you've just cooked something really awesome (grilling steaks counts) and doesn't it feel great when people's eyes light up at the first bite? Programmers are no different. They want to work on cool stuff that makes it to users. There is nothing more frustrating to a programmer when project after project that they have been working on gets killed or cut. Talk about feeling under appreciated! Sure it happens. If you've been in business long enough you know this. You might not like it, but you know it. Maybe the lesson to learn is that when you do have to cut a project, make it about the project, not the work. If it is about the work, well that's a different discussion altogether.
Maybe these thoughts will help us keep our developers happy.
Posted by Tris Hussey on November 15, 2005 | Permalink
| Comments (0)
November 10, 2005
Can IM help with software support and rollouts?
My techie roots are really in tech support. Ever since my college days I've been the guy who fixes computers and teaches newbies some of the tricks of the trade. One of the problems, of course, is that sometimes problems crop up when you can't get there (for me it seems to be when dinner is on the stove). I also work from home and from an island so helping my friends at the spur of the moment, could be challenging ... but it isn't. Why? How? My secret? Instant messaging (IM). Yep. Simple, easy, free.
I don't think IM is used enough in the software development, rollout, and support process. In the development process, just think ... push over a screenshot to confirm a layout ... the client has a question ... the install crew runs into a problem. Personally I like Skype
because the IM and file transfer is secure. Also you can switch to voice with a click (very, very handy believe me). Now if your clients and friends are spread out on all the available platforms ... try a multi-network client like Trillian
(free, open source), or (my fav) Gaim
(free, open source).
Downside? Yeah. Sometimes you don't want to be (or can't be) disturbed. I make use of Skype's do not disturb setting (DND) and the Jyve
plugin for Skype to control this. Also don't feel that you have
to answer IM at 9 at night if you're not really
working. A nice, polite ..."Could you talk about this in the morning?" or "I'm sorry I'm taking a break from work right now." lets people know while you are there and are listening to them, you actually have a life too.
Think about it. Add IM to your mix.
Go ahead ... download Skype and ping me!
See if I'm online:
Posted by Tris Hussey on November 10, 2005 | Permalink
| Comments (1)
November 09, 2005
When the Titanic turns ...
So, what's the fuss about? Essentially Microsoft is embracing "Web 2.0" and it seems like the age of giant super apps is drawing to a close. Ray Ozzie recognizes that the small, light app is key. That extensible applications like Skype and Google Earth and Flickr are winning the day. Why? Because they are agile. Rapidly deployed. Slick. Ray even said that the days of the complex app are over. They suck up too much dev time.
I think this is truly the watershed moment of 2005. I think this is similar to the announcement of IE getting serious attention. Netscape ruled the day. No one thought the first versions of IE were anything but dreck. Now. Now IE is top of the heap. It's taken years for Netscape to come back to a point where they aren't Netwho? But Microsoft saw the writing on the walls with Firefox. Small, light, extensible app. Doesn't try to do everything. Let individuals and other companies go beyond the core functions.
Clearly Microsoft is betting on the .Net and related technologies horse. AJAX and browser-based applications are going to be more and more common. How about a "light" version of Word that does pretty much just the core stuff, but you can add on other functions like outlining or something?
Yeah, we're going to look back at this next year and think that this was a big moment. Either that or we're going to think we were all nuts.
Posted by Tris Hussey on November 9, 2005 | Permalink
| Comments (0)