Time to think about Energy Consumption

Published on 18 Nov 2008 at 6:06 pm. No Comments.
Filed under Uncategorized.

In these times of need for fiscal prudence there’s always a way to find some savings.  Fuel costs recently jumped to dizzy heights so that’s a good enough place to start.  Besides, we also need to save those cuddly polar bears.

First step: look for the best deal.  Done that (dual fuel, paperless billiing etc.)

Next step: clean up our act.  I’ve ordered a meter that lets you find what’s consuming the most juice and see about switching things off.  May need a time switch or two.  (We already have good insulation and boiler is newish and recently serviced.)

Third step: something more radical that could also be more interesting.  In the UK we don’t immediately think of solar panels as we’ve not enough sun to justify it.  The fab guys at MIT will not replicate photosynthesis any time soon, although Prof Nocera et al are working on it

So what to do? After a little googling around I found several people working on current cost meters and the like both for electricity and gas and hacking software to draw graphs - nice.  Then I thought that, while we want to understand our consumption, it would make it interesting to enter a kind of competition that could be neighbourhood or country-wide to see who can best manage down their consumption.  If this got a little viral it could “make a difference”.

So I’d like to work (preferably with others) on a device that would collect all the consumption data from a home and automatically upload it to a consolidation point.  From there, group statistics and benchmarking could performed and various reports produced.

I envisage this device as a low-power affair that would serve its data onto the Internet.  It would take feeds from any available consumption meters , preferably gas, electric and water.

The hardware for this is available, although some cost reduction would needed to allow a viral effect.  The software would have to be written, although there are existing open source components that would significantly reduce the task.  The whole thing could be open sourced.

Anyone interested in joining a project like this?  Collaborators would need to have hacking expertise in relevant areas of hardware and software.

Published on 8 Sep 2008 at 10:57 am. No Comments.
Filed under Uncategorized.


Database Transition

Published on 8 Sep 2008 at 10:57 am. No Comments.
Filed under Uncategorized.

We’ve been conducting an ongoing survey of associations’ IT issues and priorities and it’s not surprising that database comes out as the number one priority area in need of attention.  This seems to be independent of the state of maturity that each organisation has reached.  In other words, the harder their database is working for them the further they want to go with it.

At the low-maturity end we typically find multiple Access databases - the result of a piecemeal approach, a lack of database design experience and a limited budget.  At the next level of maturity these have been consolidated and rationalised but are still imprisoned within the office.  The next step is to make the data web-accessible and that means moving it to the server configuration (in a data centre).

The generic problem (emphasised by recent research) is that a lot of associations have traditionally run their membership database on Access.  However, they need much of the same data on their website.  Typically this creates a need for synchronisation of multiple DBs and all the pain that involves.

In a recent project we looked at one association’s situation and, ideally, would have liked to wipe the slate clean and start again.  However, we wanted to examine an alternative minimal-change approach that would be less expensive and less disruptive.

We decided to leave Access on the desktop as an administration and reporting tool but remoting the data itself to the (open source) web platform that most associations to use.  This allows the data to be available online (e.g. membership directory, booking, renewals etc).  It also increases security and allows for administration away from the office.

This is made possible by the availability of ODBC drivers for most common SQL databases, coupled with the (good but incomplete) standardisation of SQL.  The connection between the two uses a special internet  port with security provided by means of a password and, optionally, an SSL-encrypted tunnel.

Access includes an export facility.  Once the necessary tables are exported to the remote database (mySQL in the case in hand) there need to be a few adjustments to the field definitions.  For example, an autonumber field in Access must map to a particular set of SQL field properties.

Now the data is on the remote server it should be backed up then deleted from the desktop.  The table can be reconnected to the application using Access’ “link table” feature.

The biggest problem with this is that Access does some automagical stuff when forms use linked tables.  It appears that ordinary queries tend to result in data buffering which sometimes makes searches very slow. There is a capability to use “pass-through” queries but, although these overcome the buffering problem, they are read-only.  We were not able to overcome this although we suspect that a skilled Access hacker could probably script around this.  The easier solution is to redesign the form(s) that do updates to use the linked tables directly.

While looking into this we built web interfaces to the application and this is now the way the organisation use their database.  It’s very fast and works from any location.  We’ve extended it with new functions such as event booking that allow direct member input.  Access is still on hand for ad-hoc reporting as needed.

Finally, there is the matter of data integrity now that the database is multi-user.  This can be achieved via a locking table or columns that signal the applications not to start more than one update on the same record.  This can be approached in a pessimistic or optimistic fashion.

A writeup is available on our website (draft at time of writing).

Losing those broadband blues

Published on 14 Mar 2008 at 6:58 pm. 1 Comment.
Filed under Uncategorized.

Now that we’re all addicted to speed we’re lost without a couple of megs of bandwidth.  It always happens at the worst times: they dig through the cable in the street on just the day when you have a big project to complete.  You try to connect in other ways to get the job done and the air turns blue.

My home office is in a TV cable area but, when you need speed, the service can be patchy.  The obvious thought was to get another broadband connection on copper.  Unlikely that both would fail at once?

Initial adventures with a provider of an attractively-priced bundle were not good.  Just as I was starting to shop around again, preparing to pay more, I realised that I’d be better off upgrading my mobile connection.

A few providers are offering HSDPA which gives good speed if you have coverage.  I’d previously had reasonable service out of my GPRS connection using quite an old Sony-Ericsson phone so I thought I’d see what was now available.  My thought was that there would be a network and a bluetooth phone capable of the speed I needed.  I could use that in the office if the cable broadband went down and also on the road, especially at sites without Wi-Fi.

As a Mac and PC user, bluetooth is great as a method of connection.  I chose another Sony-Ericsson phone, the k850i and, after an unsuccessful evaluation of O2’s customer service (don’t ask), I went with T-Mobile’s web-and-walk plus.  Then the fun started.

As we all know “assume makes and ass out of you and me”.  I thought the configuration process would probably be the same for this setup as I had previously experienced.  However, I had just installed the latest version of the Mac’s OS, Leopard, which is not configured in the same way.  Let the fun commence..

I first tried the various vendor websites and online forums without conclusive results.  Then I tried the phone support lines of the 3 vendors involved.  The circular finger-pointing excelled itself.  Sony Ericsson advised me to get a PC as “Macs are not supported”.  Apple could not help me (this was disappointing as they are usually above average).  Then I tried T-Mobile who thought it was a network problem and could not help.

Fortunately when all else fails there’s always trial and error.  It turns out that on Leopard you configure the connection through bluetooth setup, not as a modem.  This is surprisingly easy although I’m not sure I have it running as fast as the phone can go.  Anyway, I now have my lifeline in place and can get a fast connection most places I go.

PS.  500Kb is not as fast as the phone can go.  I’ll update this when I find how to crank it up to 1.5Mb.

When I stop cussing about “help” lines I may have a go at connecting from a windoze machine. Somewhat academic as I prefer Mac but … 

Another PS. On a recent trip to New York I did a couple of hours email through this mobile connection.  Then my phone was cut off as I had exceeded a credit limit that I knew nothing about.  T-Mobile kindly cancelled this charge (”just this once”) when I told them that I had no idea it would be so expensive.  I understand that all mobile suppliers have this level of charge for “broadband” roaming.  Next time I will get a PAYG card as I understand that that goes a long way to solving the problem and at least I’d notice the cost being incurred.

OpenID - Ready for Prime Time?

Published on 27 Oct 2007 at 8:13 am. No Comments.
Filed under Uncategorized.

This week I attended a conference where a group of IT architects were discussing federated identity.  I led a session on OpenID which was useful in terms of the questions raised and, not the least, as a way of organising my own thoughts as to when and where this technology should be deployed.

The use of OpenID for social networking applications is not in dispute.  However, many of us want to decide how far to take it, given the imperfections that are widely acknowledged.

The “big IT” architects have both the need for high value/ high risk transactions and the budgets to be able to deploy customised integration with their partners.  Even those corporates are looking at sector-wide hubs to reduce the cost of integration with multiple partners’ IT systems such as have been established in the Automotive and Healthcare sectors.  This is probably not a market for OpenID (but see below).

The middle ground is where the interesting debate should be taking place.  Here, organisations have a great need to collaborate and partner.  Their IT systems need to interoperate with those of their partners.  Budgets, however, do not stretch to complex federation schemes.  Can OpenID play a role here?

Examples could include:

  • Extranets that provide priviledged information access to customers and suppliers.
  • Members-only resources for membership organisations
  • Arguably, one-click purchasing sites (discuss!)

The key challenges to OpenID adoption IMHO include:

  • Usability - right now the login process lacks consistency between Relying Parties (RPs)
  • Choosing an OpenID Provider - can be difficult because there is no established basis for trusting them.  This in turn makes it hard for RPs to recommend OPs to OpenID newbies.
  • Market perception -  As there is no mechanism for marketing an open standard like this, it will take a long time for it to be established.

In each of these areas there are various ways to move things forward.

  • Browsers (e.g. Firefox 3?) and plugins will increase consistency, as will best practice usage as the number of RPs increases.
  • Community-based comparison sites are the obvious answer to assisting in choice of OP.  A recent post by Will Norris shows one aspect of this. In addition to this type of functional comparison, the trust issue needs to be addressed, possibly by some form of independent assessment and accreditation.  But by whom - some kind of JD Power or Which? (UK Consumers’ Assoc.)?
  • It’s good that the OpenID site is now much more business-orientated but that’s never going to be a match for commercial “competitors”.  The OpenID Foundation seems unlikely to expand its brief in this direction so some other entity is needed to address this.

The upshot of all this is that OpenID is getting there. I believe that these barriers will be overcome, given time. I will continue to look for applications and encourage adoption.

Going back to the “big IT” applications there’s another opportunity as OpenID takes off, more so if allied to related technologies for user profiling and the so-called “social graph”.  Each new user coming into a closed network needs to be registered.  However exhaustive this needs to be, there is a mundane part up front where information is being collected before it gets to the serious validation stage.  OpenID could help in that initial process, after which more stringent checks could still be applied.

Opening the Social Networks

Published on 5 Oct 2007 at 7:31 am. No Comments.
Filed under Uncategorized.

Things are really hotting up in the world of Business/ Social Networks.  There are quite a few of them (see http://en.wikipedia.org/wiki/List_of_social_networking_websites) and most peoples’ “social graphs” are spread across several of these sites, not to mention their offline address books.  Few people like signing up to more networks and adding more profiles because every site is different. Also, you take time entering your information but in most cases you can’t get it out.  Then there’s the annoying issue of usernames and passwords - again, each site is necessarily different.  IMHO the most annoying aspect of the sites is that most have a closed approach to messaging.  Fortunately, it isn’t necessary to use these facilities as plain old email works just fine thank you.

It’s interesting to speculate as to which SN site(s) are here to stay and which are accidents waiting to happen.  The major sites such as Facebook, Myspace and LinkedIn look like good bets because of the large populations represented there.  However, they are clearly out to eat each other’s lunch so their longevity is not assured.  Recently we heard speculation that LinkedIn is adding Facebook-like features and Facebook is expanding its feature set to better address LinkedIn’s market.

This competition is good, at least in the sense that they will have to compete on quality of service, but it does point to uncertainty about the future of any one network. Perhaps a key feature that could differentiate these and other players in the medium term is their attitute to openness.  Openness could be very valuable to users of these services in that one’s investment in content (especially contact details, profile and social graph) is a good deal safer if it can be exported.  More important still is the ability for one’s information to be available for use in mashups.

We’ll be watching this space: Let’s hope the big players see the light and knock down the walls between their gardens.  We want to see standards-compliant access to social network content.  The probable standards will include microformats, protocols like OpenID and XFN or some alternative to support open social graphs. Even if the SNs have proprietary APIs there’s a possible outcome where SN content aggregators can act as bridges to an open world.

At a recent Mashup*Event we  met an outfit called Meecard http://www.meecard.com that seems to have the right philosopy.  

OpenID vs. Identity Discussion

Published on 25 Apr 2007 at 9:07 am. No Comments.
Filed under Uncategorized.

Great little “mashup*” event last night in London organised by midentity and BT.  The advertised theme: Identity 2.0: my digital identity is an asset, but who owns it?

This is a huge topic so, predictably, the conversation was all over the place.  This is no bad thing as these are issues that need an airing.

The demo of OpenID did not seem to convince the audience, despite Simon Willison’s undoubted command of the topic and the technology.  (Remember not to fall into the same trap with even more sceptical audiences.)  IMHO it could pass the “Mom test”.

I would have liked more discussion about balancing the issues of convenience, risk (privacy etc) and cost as people seem to jump onto one issue and ignore the others.  Maybe a paper is needed to set this out.  This is reminiscent of the early days of SOA (another large topic).

I’d also like to get into more discussion about preventing fradulent OpenIDs by requiring a tighter process around their issue.  I will take this up with one or more of the OpenID Providers who we might want to recommend.

OpenID Continued ..

Published on 21 Apr 2007 at 6:39 am. No Comments.
Filed under Uncategorized.

Now have the first implementation of an OpenID “Relying Party” (application) working on three of our own intranets.  It’s been done in such a way that we can easily roll it out to more sites.  What we learned:

  • The API documentation took a little getting used to.  This was all sorted out easily enough with the help of the code examples (in the Jan Rain libraries) and the mailing list where the doc was unclear.
  • There are two mailing lists and the general one seems best for implementors of Relying Parties (just using library code).
  • There seems to be a recognised need for multiple personnas that release different amounts of information to applications.  In addition, some people want to run multiple identities to hide information about one personna from the others.  I have been persuaded that this may not be just for nefarious purposes. This means that an RP user account should support multiple OpenIDs?   Discuss.
  • Concerns seem to center on Phishing rather than the underlying security of the protocols.  There are numerous proposals to address this but the immediate takeaway is that we need to watch out for spoof ID Providers that might steal our credentials from our real ID provider.  Several solutions have been suggested.
  • Several new opportunities arise from OpenID.  More on those to follow. 

I’m going to Simon Willison’s talk next week and hope to get further up to speed as a result of that. 

Web Application Logins :: OpenID

Published on 16 Apr 2007 at 8:34 am. No Comments.
Filed under Uncategorized.

How many online logins do you have?  I have 100s and until recently have not been overly concerned as many are not too important.  However, there are a few which are essential and where I am not comfortable with the level of security.  Like most people I use a small number of username/ password combinations so I can remember them.  However, whereas I should change all of them frequently I only do that to those of the greatest sensitivity, leaving a residual exposure.  As more and more critical systems are delivered over the web this risk escalates, as does the amount of effort needed to maintain sufficient security.

Possible solutions to this have been much discussed and it’s become clear that the right answer will be some form of user-centric ID system. This would allow me to assert that I am me and have a trusted third party back that up.  Once that is established each application can grant me an appropriate level of access.

There are various technical problems with this but I believe they can and will be solved using cryptography.  Much more important is the question whom do I trust to vouch for me and whom will my application providers trust to confirm my identity.  The OpenID initiative seems to be the first one to address this in a credible way.  Their set of protocols is independent of trust provider, application, implementation and platform.  Implementations are being built and tested according to an open source model that gives the best possible chance of producing robust solutions.

In recent months we have seen some convincing developments in the establishment of these protocols as the defacto standard, namely the takeup by Yahoo, WordPress, Microsoft et al.  There is already a critical mass of ID providers under this scheme.  Trusting these will come with time.

However, the bigger issue is that of migration.  Will the many thousands of applications using their own systems of usernames and passwords be prepared to embrace OpenID?  It will, of course, depend on user demand and the cost of conversion.  Wondering what it would take to do this caused us to think about migrating some of the applications we have created for our clients.  So we are mounting a project with the following objectives to guage feasibility:

  • Easily convert existing web applications using basic authentication to use OpenID
  • Allow users to migrate at their own pace by supporting two alternative forms of authentication simultaneously
  • Retain the facility to jump into protected parts of the application at any URI, including parameters

Watch this space for a report on how this goes.  Initial indications are that this will be straightforward, thanks in no small part to the availability of proven open source libraries on which this project will be based.  An additional module will be created.  This will be designed to plug in with minimal change to any application using username/ password on a LAMP platform.

Project Success (increasing the likelihood)

Published on 29 Mar 2007 at 11:04 am. No Comments.
Filed under Uncategorized.

This seems to be a perennial topic of discussion, fuelled by conflicts between objectives and budgets, especially in high-profile applications like Connecting for Health and London 2012.

On a day-to-day level the budgets are smaller but stakeholder ambitions often still outreach them.  If you ask people what they want out of, for example, their next-generation web project you will usually get a list that exceeds what they can afford.  The standard response is to put one’s head in the sand and hope that all will come out OK.  But this is the stuff of project overruns and it will end in tears.

The practical solution is blindingly obvious:  phase the project and prioritise the elements of value delivered.  If you were building an aircraft you might stop short or delivering half of it on time and to budget.  However, most IT projects can and should be delivered incrementally.  The ”Agile” crowd argue that you would do this anyway as a matter of good practice.  Regardless of your take on that most people would agree that delivering as much as 80% of the benefits in 20% of the total time and budget just has to make business sense.

To do this we can use a simple process.  Tabulate key objectives (horizontal) against desired features (vertical) and score (1-5 scale) at each intersection the extent to which the feature will contribute to the objectives.  Then do the sums to get a net value per feature and sort the list on value.

Now we can see whether we can identify the 20% of features with 80% of the value.  We usually can.  Then build a phased plan that delivers as much as possible within the budget constraint.

A work of warning:  You want to be able to evaluate success several months down the line so make sure your objectives are SMART. 

SMART Objectives at LearnMarketing.net

.. I think they mean Time-bounded.

« Previous Entries