Losing those broadband blues
Published on 14 Mar 2008 at 6:58 pm.
1 Comment.
Filed under Uncategorized.
Now that we’re all addicted to speed we’re lost without a couple of megs of bandwidth. It always happens at the worst times: they dig through the cable in the street on just the day when you have a big project to complete. You try to connect in other ways to get the job done and the air turns blue.
My home office is in a TV cable area but, when you need speed, the service can be patchy. The obvious thought was to get another broadband connection on copper. Unlikely that both would fail at once?
Initial adventures with a provider of an attractively-priced bundle were not good. Just as I was starting to shop around again, preparing to pay more, I realised that I’d be better off upgrading my mobile connection.
A few providers are offering HSDPA which gives good speed if you have coverage. I’d previously had reasonable service out of my GPRS connection using quite an old Sony-Ericsson phone so I thought I’d see what was now available. My thought was that there would be a network and a bluetooth phone capable of the speed I needed. I could use that in the office if the cable broadband went down and also on the road, especially at sites without Wi-Fi.
As a Mac and PC user, bluetooth is great as a method of connection. I chose another Sony-Ericsson phone, the k850i and, after an unsuccessful evaluation of O2’s customer service (don’t ask), I went with T-Mobile’s web-and-walk plus. Then the fun started.
As we all know “assume makes and ass out of you and me”. I thought the configuration process would probably be the same for this setup as I had previously experienced. However, I had just installed the latest version of the Mac’s OS, Leopard, which is not configured in the same way. Let the fun commence..
I first tried the various vendor websites and online forums without conclusive results. Then I tried the phone support lines of the 3 vendors involved. The circular finger-pointing excelled itself. Sony Ericsson advised me to get a PC as “Macs are not supported”. Apple could not help me (this was disappointing as they are usually above average). Then I tried T-Mobile who thought it was a network problem and could not help.
Fortunately when all else fails there’s always trial and error. It turns out that on Leopard you configure the connection through bluetooth setup, not as a modem. This is surprisingly easy although I’m not sure I have it running as fast as the phone can go. Anyway, I now have my lifeline in place and can get a fast connection most places I go.
PS. 500Kb is not as fast as the phone can go. I’ll update this when I find how to crank it up to 1.5Mb.
When I stop cussing about “help” lines I may have a go at connecting from a windoze machine. Somewhat academic as I prefer Mac but …
OpenID - Ready for Prime Time?
Published on 27 Oct 2007 at 8:13 am.
No Comments.
Filed under Uncategorized.
This week I attended a conference where a group of IT architects were discussing federated identity. I led a session on OpenID which was useful in terms of the questions raised and, not the least, as a way of organising my own thoughts as to when and where this technology should be deployed.
The use of OpenID for social networking applications is not in dispute. However, many of us want to decide how far to take it, given the imperfections that are widely acknowledged.
The “big IT” architects have both the need for high value/ high risk transactions and the budgets to be able to deploy customised integration with their partners. Even those corporates are looking at sector-wide hubs to reduce the cost of integration with multiple partners’ IT systems such as have been established in the Automotive and Healthcare sectors. This is probably not a market for OpenID (but see below).
The middle ground is where the interesting debate should be taking place. Here, organisations have a great need to collaborate and partner. Their IT systems need to interoperate with those of their partners. Budgets, however, do not stretch to complex federation schemes. Can OpenID play a role here?
Examples could include:
- Extranets that provide priviledged information access to customers and suppliers.
- Members-only resources for membership organisations
- Arguably, one-click purchasing sites (discuss!)
The key challenges to OpenID adoption IMHO include:
- Usability - right now the login process lacks consistency between Relying Parties (RPs)
- Choosing an OpenID Provider - can be difficult because there is no established basis for trusting them. This in turn makes it hard for RPs to recommend OPs to OpenID newbies.
- Market perception - As there is no mechanism for marketing an open standard like this, it will take a long time for it to be established.
In each of these areas there are various ways to move things forward.
- Browsers (e.g. Firefox 3?) and plugins will increase consistency, as will best practice usage as the number of RPs increases.
- Community-based comparison sites are the obvious answer to assisting in choice of OP. A recent post by Will Norris shows one aspect of this. In addition to this type of functional comparison, the trust issue needs to be addressed, possibly by some form of independent assessment and accreditation. But by whom - some kind of JD Power or Which? (UK Consumers’ Assoc.)?
- It’s good that the OpenID site is now much more business-orientated but that’s never going to be a match for commercial “competitors”. The OpenID Foundation seems unlikely to expand its brief in this direction so some other entity is needed to address this.
The upshot of all this is that OpenID is getting there. I believe that these barriers will be overcome, given time. I will continue to look for applications and encourage adoption.
Going back to the “big IT” applications there’s another opportunity as OpenID takes off, more so if allied to related technologies for user profiling and the so-called “social graph”. Each new user coming into a closed network needs to be registered. However exhaustive this needs to be, there is a mundane part up front where information is being collected before it gets to the serious validation stage. OpenID could help in that initial process, after which more stringent checks could still be applied.
Opening the Social Networks
Published on 5 Oct 2007 at 7:31 am.
No Comments.
Filed under Uncategorized.
Things are really hotting up in the world of Business/ Social Networks. There are quite a few of them (see http://en.wikipedia.org/wiki/List_of_social_networking_websites) and most peoples’ “social graphs” are spread across several of these sites, not to mention their offline address books. Few people like signing up to more networks and adding more profiles because every site is different. Also, you take time entering your information but in most cases you can’t get it out. Then there’s the annoying issue of usernames and passwords - again, each site is necessarily different. IMHO the most annoying aspect of the sites is that most have a closed approach to messaging. Fortunately, it isn’t necessary to use these facilities as plain old email works just fine thank you.
It’s interesting to speculate as to which SN site(s) are here to stay and which are accidents waiting to happen. The major sites such as Facebook, Myspace and LinkedIn look like good bets because of the large populations represented there. However, they are clearly out to eat each other’s lunch so their longevity is not assured. Recently we heard speculation that LinkedIn is adding Facebook-like features and Facebook is expanding its feature set to better address LinkedIn’s market.
This competition is good, at least in the sense that they will have to compete on quality of service, but it does point to uncertainty about the future of any one network. Perhaps a key feature that could differentiate these and other players in the medium term is their attitute to openness. Openness could be very valuable to users of these services in that one’s investment in content (especially contact details, profile and social graph) is a good deal safer if it can be exported. More important still is the ability for one’s information to be available for use in mashups.
We’ll be watching this space: Let’s hope the big players see the light and knock down the walls between their gardens. We want to see standards-compliant access to social network content. The probable standards will include microformats, protocols like OpenID and XFN or some alternative to support open social graphs. Even if the SNs have proprietary APIs there’s a possible outcome where SN content aggregators can act as bridges to an open world.
At a recent Mashup*Event we met an outfit called Meecard http://www.meecard.com that seems to have the right philosopy.
OpenID vs. Identity Discussion
Published on 25 Apr 2007 at 9:07 am.
No Comments.
Filed under Uncategorized.
Great little “mashup*” event last night in London organised by midentity and BT. The advertised theme: Identity 2.0: my digital identity is an asset, but who owns it?
This is a huge topic so, predictably, the conversation was all over the place. This is no bad thing as these are issues that need an airing.
The demo of OpenID did not seem to convince the audience, despite Simon Willison’s undoubted command of the topic and the technology. (Remember not to fall into the same trap with even more sceptical audiences.) IMHO it could pass the “Mom test”.
I would have liked more discussion about balancing the issues of convenience, risk (privacy etc) and cost as people seem to jump onto one issue and ignore the others. Maybe a paper is needed to set this out. This is reminiscent of the early days of SOA (another large topic).
I’d also like to get into more discussion about preventing fradulent OpenIDs by requiring a tighter process around their issue. I will take this up with one or more of the OpenID Providers who we might want to recommend.
OpenID Continued ..
Published on 21 Apr 2007 at 6:39 am.
No Comments.
Filed under Uncategorized.
Now have the first implementation of an OpenID “Relying Party” (application) working on three of our own intranets. It’s been done in such a way that we can easily roll it out to more sites. What we learned:
- The API documentation took a little getting used to. This was all sorted out easily enough with the help of the code examples (in the Jan Rain libraries) and the mailing list where the doc was unclear.
- There are two mailing lists and the general one seems best for implementors of Relying Parties (just using library code).
- There seems to be a recognised need for multiple personnas that release different amounts of information to applications. In addition, some people want to run multiple identities to hide information about one personna from the others. I have been persuaded that this may not be just for nefarious purposes. This means that an RP user account should support multiple OpenIDs? Discuss.
- Concerns seem to center on Phishing rather than the underlying security of the protocols. There are numerous proposals to address this but the immediate takeaway is that we need to watch out for spoof ID Providers that might steal our credentials from our real ID provider. Several solutions have been suggested.
- Several new opportunities arise from OpenID. More on those to follow.
I’m going to Simon Willison’s talk next week and hope to get further up to speed as a result of that.
Web Application Logins :: OpenID
Published on 16 Apr 2007 at 8:34 am.
No Comments.
Filed under Uncategorized.
How many online logins do you have? I have 100s and until recently have not been overly concerned as many are not too important. However, there are a few which are essential and where I am not comfortable with the level of security. Like most people I use a small number of username/ password combinations so I can remember them. However, whereas I should change all of them frequently I only do that to those of the greatest sensitivity, leaving a residual exposure. As more and more critical systems are delivered over the web this risk escalates, as does the amount of effort needed to maintain sufficient security.
Possible solutions to this have been much discussed and it’s become clear that the right answer will be some form of user-centric ID system. This would allow me to assert that I am me and have a trusted third party back that up. Once that is established each application can grant me an appropriate level of access.
There are various technical problems with this but I believe they can and will be solved using cryptography. Much more important is the question whom do I trust to vouch for me and whom will my application providers trust to confirm my identity. The OpenID initiative seems to be the first one to address this in a credible way. Their set of protocols is independent of trust provider, application, implementation and platform. Implementations are being built and tested according to an open source model that gives the best possible chance of producing robust solutions.
In recent months we have seen some convincing developments in the establishment of these protocols as the defacto standard, namely the takeup by Yahoo, WordPress, Microsoft et al. There is already a critical mass of ID providers under this scheme. Trusting these will come with time.
However, the bigger issue is that of migration. Will the many thousands of applications using their own systems of usernames and passwords be prepared to embrace OpenID? It will, of course, depend on user demand and the cost of conversion. Wondering what it would take to do this caused us to think about migrating some of the applications we have created for our clients. So we are mounting a project with the following objectives to guage feasibility:
- Easily convert existing web applications using basic authentication to use OpenID
- Allow users to migrate at their own pace by supporting two alternative forms of authentication simultaneously
- Retain the facility to jump into protected parts of the application at any URI, including parameters
Watch this space for a report on how this goes. Initial indications are that this will be straightforward, thanks in no small part to the availability of proven open source libraries on which this project will be based. An additional module will be created. This will be designed to plug in with minimal change to any application using username/ password on a LAMP platform.
Project Success (increasing the likelihood)
Published on 29 Mar 2007 at 11:04 am.
No Comments.
Filed under Uncategorized.
This seems to be a perennial topic of discussion, fuelled by conflicts between objectives and budgets, especially in high-profile applications like Connecting for Health and London 2012.
On a day-to-day level the budgets are smaller but stakeholder ambitions often still outreach them. If you ask people what they want out of, for example, their next-generation web project you will usually get a list that exceeds what they can afford. The standard response is to put one’s head in the sand and hope that all will come out OK. But this is the stuff of project overruns and it will end in tears.
The practical solution is blindingly obvious: phase the project and prioritise the elements of value delivered. If you were building an aircraft you might stop short or delivering half of it on time and to budget. However, most IT projects can and should be delivered incrementally. The ”Agile” crowd argue that you would do this anyway as a matter of good practice. Regardless of your take on that most people would agree that delivering as much as 80% of the benefits in 20% of the total time and budget just has to make business sense.
To do this we can use a simple process. Tabulate key objectives (horizontal) against desired features (vertical) and score (1-5 scale) at each intersection the extent to which the feature will contribute to the objectives. Then do the sums to get a net value per feature and sort the list on value.
Now we can see whether we can identify the 20% of features with 80% of the value. We usually can. Then build a phased plan that delivers as much as possible within the budget constraint.
A work of warning: You want to be able to evaluate success several months down the line so make sure your objectives are SMART.
.. I think they mean Time-bounded.
LinkedIn and XING (Network Application Connectivity)
Published on 29 Mar 2007 at 10:39 am.
No Comments.
Filed under Uncategorized.
Which online business network to choose - that’s the question. Obvious candidates are LinkedIn, Xing and ecademy, all of which have nice features. LinkedIn has many more of the people I want to connect with and has very low spam levels so it’s the one I naturally favour. I have thought for a while that it could do with IM and presence indicators like Skype but I can live with using the two in tandem - they don’t conflict.
Xing just announced an API - I know little about this yet but it’s a development I’d been watching for. The existence of an API (and therefore a partner network) on Sykpe is a very strong and useful feature. I have tested the assertion that one can easily interface applications to Skype - my only gripe is that the best documented way of doing this is not cross-platform. I did my first tests in VB to get a quick result but the way forward has to be the Java API.
Wouldn’t it be nice if LinkedIn added an API (cross-platform). This would then be one network checking all the boxes of low spam, strong community and having great integration possibilities. I hear they are also doing well business-wise which augurs well for longevity as well. Let’s keep our fingers crossed.
Scheduling Meetings
Published on 18 Mar 2007 at 10:24 pm.
No Comments.
Filed under Uncategorized.
When working in virtual teams (those not physically co-located) it can be difficult to schedule meetings and teleconferences. The temptation is to try to use email and that can sometimes work. However, most of the time this is tortuous. We recently had one of those experiences and wound up excluding people who needed to be involved.
The problem is that, while the initiator is consolidating responses, people’s availability changes. Phoning around is an option but this is timeconsuming, especially for large meetings. We therefore wanted a process that could minimise the cycle:
- Create a message about the meeting and give a range of possible timeslots;
- Send to the group with a response form that allows them to select those times when they expect to be available;
- Automatically present the summarised responses to all involved.
The advantage of this e-enabled process is that there is no separate consolidation step which reduces the cycle time. We’ve built a component for this and are testing it. The whole thing is designed to minimise keying for both initiator and participants.
Government IT - No change there then..
Published on 15 Mar 2007 at 11:48 pm.
No Comments.
Filed under Uncategorized.
I see that the upcoming conference on Government IT has a good lineup. However, there’s no special price for SMEs who might want to contribute. SME vendors have the magic ingredients of expertise and commitment so badly needed in these important projects. However, the way this works is that SMEs can’t play. See David Craig’s great book “Plundering the Public Sector” for more insights into the way it is. Tranquilise yourself and get used to it.