Bwooce's Log

...in which I get corporate bullied

2008-05-18T18:25:00.006+12:00

An unsolicited FedEx package was trying to find me on Friday. It finally did at work after they called me. It was addressed to:

Me
Cable Car Lane
Wellington

I think this is because FedEx don't take PO Boxes. Amazing that it arrive did really.

Anyway, back on topic, it turns out that a certain Terry A Overby filed a US patent application No. 11/465,086 on MEID serial number validation and conversion while working at CellStar. CellStar was then purchased by Brightpoint.

The nice little lawyer letter will be posted here in due course. It is actually a reasonably polite warning, but the basis for the pending patent must surely be bullshit. The online version is not available (it is optional to make it available pending approval) but I have part of it included in my, ahem, warning. It is a spreadsheet implementation of a standard, claiming (by my cursory reading) to cover any implementation of MEID to pESN conversion and associated LUHN check digit validation. FFS.

Never mind that this algorithm is trivial (take SHA-1 hash, lose most of it, prepend 0x80 prefix), and must be implemented by any CDMA backend system that needs to cope with MEIDs. It tries to be all encompassing by saying (more or less) "hey, if you do this in a web page, application, remotely over TCP/IP, embedded in your code, or in your dreams it is covered by this patent". Okay I added the dreams bit. It is based on a spreadsheet implementation (!). I say again, FFS!

What makes it worse is that the individual claims to have participated in the CDMA standards/reports process for MEID. I think the CDMA Telco community will take dim view of this.

Outrage aside, I've taken the damn page offline. It is not worth getting stressed over a simple page I created in less than half an hour two years ago. It still grates though, the less sensible part of me does want to poke this dog with a stick.

Grrr.

open-cgf release 0.1

2008-04-30T22:35:00.003+12:00

Well open-cgf doesn't get much attention, which is not that surprising given it's limited market appeal - you really have to own an SGSN or GGSN.

For those that are interested I have created a release tarball v0.1, which you can download from here.

Comments welcome. I need users who can run it against their hardware and report faults (and/or success!).

Hosting close to your customers

2008-04-23T16:14:00.008+12:00

In pre-industrial times, flour mills were placed close to the points of wheat production and consumption. It was hard and expensive to transport the wheat and resulting flour too far. The technology was hard, but not impossible, to replicate.

In industrial revolution times, factories were placed close to the point of raw material sourcing, canning factories beside farms, since transportation wasn't fast enough to transport the material before it went bad. However once processed it could be sent to warehouses anywhere, using economic shipping methods, for later distribution.

Skipping forward, now we're in Web 2.0 land. Our customers are everywhere, but really we will have geographical hotspots. At least if I split the world into broad geographical areas you'll probably have North American, Asia, and European customers (these being the general areas of Internet user concentration presently).

Connectivity

See this map?

See all those cables in the Northern Hemisphere? Abundant connectivity, short direct routes.

So why would you host content that required traffic to route all the way to, for example, New Zealand? Isn't this the equivalent of shipping logs to Japan for processing into paper, something that is possible but inefficient? Akamai know this, and have provided simple content hosting for yonks.

Fast international connectivity is useful to provide access for a broad base of consumers and to provide content providers a way to distribute their content. However I posit that distributing the content means to get it from the point of production to servers close to the point of consumption. It does not mean you need to host it in the content producer's back yard.

If I had content application with a worldwide focus, then I'd host my test and pre-deployment servers next to my company; but the production servers would be designed to be geographically distributed and my first one would be in the USA. The reason is that the USA gets free international bandwidth (pdf) and this flows into hosting deals you simply can't say no to. 2TB a month for US$29 in my case.

Once the US base, with cheap reliable hosting, was covered I would then target the geographical hotspots. The reason for doing this is not cost since the cost is likely to be higher, but latency.

Latency

Latency hurts Web 2.0 content. We have moved beyond simple pages with a few graphics. Applications now have many many server to client roundtrips, a lot of them sequential.

With a simple page loading some images that allows a browser to use multiple parallel connections and pipelining will get content served very quickly.

A SaaS application that uses multiple XML request/responses, for example a search-as-you-type application, can not use any of these. Latency becomes very noticable.

A local example, from my home computer, gives about ~2oms latency to local content. US content is ~200ms. Ten times slower. Human perception of delays starts kicking in at under 400ms (cf. telephony G.114 standard), and at 200ms per roundtrip without any server processing delay that will be exceeded very quickly.

The result is that a locally hosted SaaS application will "pop" onto your screen and should seem as responsive as a thick client. A distantly hosted application will have noticable (and inconsistent: jitter) delays. Your customers will notice this and regard your product as inferior.

Faster Pipes and Servers Don't Matter
Laying more fibre to your centralised data centre will not solve the latency issue. There are some limited benefits you can obtain by organising more direct peering into other hot spots, but there are things as fundamental as the speed of electrons/light working against it. You can't control the rest of the internet routing.

Faster servers can reduce the latency due to processing the request, but these delays are independent of the geographic location of the user and therefore should already be addressed by local performance testing.

What is next?

PaaS providers, like Google, will probably do geographic hosting automatically for you. I've not had a chance to look closer at App Engine yet, but it is rumoured to auto-spread the load through the cloud. Auto-spreading across geography is the next logical step.

Emails from the closet

2008-04-19T18:48:00.005+12:00

I was pretty amazed, and then horrified, by the recent recovery of an Infocomm shared drive backup.

Very interesting reading, especially if you played any of the Infocoom games (Zork, HHGTTG etc). However I know I wouldn't want my corporate emails dug up and displayed nearly 20 years after the event. This is not because they are machiavellian and/or nasty, but just because what I said in private to one person 20 years ago was meant to stay, well, private and 20 years ago.

The original author's have turned up in the comments and are unimpressed.

This sort of stuff is far more dangerous than newsgroup ranting/posting, embarrassing facebook photos, or weird blog postings from your emo/goth/etc phase. That stuff you intended to be public, even if you didn't intend it to be public, backed up, and then displayed as a corporate screensaver 20 years later.

PS No, not that closet. The orange one on the left.
Edit: "not" added. FFS.

Latest Project: open-cgf - a Charging Gateway Function

2008-02-18T11:33:00.007+13:00

This post is heavily 3GPP GPRS core network focussed. You may want to stop reading now.

I was annoyed that it is impossible to even test the CDR logging of GGSN/SGSNs without having a very expensive Charging Gateway Function server in your network. They are all expensive and yet all I wanted was something to terminate the stream of CDRs and write them to disk.

The protocol they use is GTP' (gtp prime), a bastardised version of the GPRS Tunnelling Protocol (GTP) in use between the RNCs, SGSNs and GGSNs. I use the bastardised in italics with good cause; it has all the hallmarks of a "I'll have a hack at it" protocol design, with multiple fixups and legacy mistakes. More later on that, perhaps, if I feel the need to vent.

Anyway, if you need a CGF to log your CDRs to disk, check out open-cgf. It is feature complete and implements all the functionality (up to Release 8) of a CGF. There are a few minor bugs and feature enhancements outstanding that I'm getting to slowly.

It needs some integration testing, and I need to exercise it with a better test framework, but it has served it's purpose as a small project that I can get to completion stage. I'm on call for support, just raise an issue on the site.

It is currently being tested by a 3rd party against a Cisco ITP. Who knew they could log CDRs. Not me, but when in SMSC-bypass mode they can, and must, log them. Via GTP'.

Next stop is the return to the parsing of ASN.1 CDRs, and opencdf, a similar type of server for IMS networks -- this time carried over Diameter.

NZ Passports now the worlds most expensive?

2007-12-15T22:05:00.000+13:00

Finally someone noticed and wrote in the MSM about the Kiwi passport ripoff.

I'm surprised that there are 14,000 fewer passport renewals this year since travel must be on the increase, although I'm not sure if they're considering people who beat the new system and thereby possibly caused a peak last year. I got my 10 year passport just in time, although my son has a nice new 5 year one. Getting a 10 year passport expiry date will be moot however if the US starts to mandate only RFID'd passports for entry though, as they did for machine-readable ones. Only a matter of time I suspect.

The bare fact is that the price of passports quadrupled, since they halved the lifetime of the password while doubling the price. No other country felt the need to quadruple the price to pay for this technology either.

I can actually agree with the concept of refreshing passport technology for security reasons but what they fail to realise is that a passport effectively has a lifetime less than it's expiry date -- most countries want at least 6 months, and thats 6 months past the length of your intended stay. So you're left with a passport that works for ~4 years, minus the time you get it in advance of your first trip on it. What a bloody hassle.

While I'm ranting about the price of these passports, I also have to add that they're rigid and don't feel like they'll take a lot of riding in back pockets. My old one has come out U-shaped on occasion from that. Considering this is one document you like to keep with you (in some countries) they've gone from something that is reasonably robust -- it attracts interest but still works if you soak it in water -- to something that feels like it will break quite easily. Apparently a working RFID chip isn't required for entry as faults are normal and expected; I would assume that you'll get more scrutiny if it does fail though otherwise certain people would just microwave theirs.

Eureka Clothing, part 2

2007-12-05T22:48:00.000+13:00

As posted last, Eureka Clothing, a Wellington-based boys clothing company. They just opened a shop in Vivian Street, and my wife got a chance to visit them last week during their opening celebrations.

I have returned from France to find my two boys clad in a lot of hardwearing Eureka gear. It is good stuff, and the addition of the repair kit really rounds out their story.

I wish them every success.

Holding people to account

2007-11-14T21:17:00.000+13:00

I've recently been thinking of the concept of patronage and satire. The Romans had it right; we should have a crowd of satirists around that we can hire to make fun of individuals in cartoon, verse, or in some other form. It should be their job to make fun of people, they should compete to do it best. My old flatmate Stephen Jenkins introduced me to Catullus a long time ago, he certainly had a way with words. I'm sure a Web 2.0 version of this system would be a hit :-)

There has been a general culture of shirking of responsibility in New Zealand over the past years; "I didn't know", "I don't remember that conversation", and other weak responses are in use from the top of society to the bottom. They are not excuses.

Those at the bottom of society are pretty well held to account for their actions, except when excused on the grounds that society made them do it. I can never see this as an excuse; mitigation for small acts perhaps but we of free will and always make decisions and we should have to live with the consequence of those decisions.

I am more annoyed to see the lack of accountability at the top end of our society. Our figureheads should be more accountable than the average bean, but it seems our politicians (HC, DBP, Trev), bureaucrats (Mr Logan) and some of our business people (Fay/Richwhite) are getting away with a continuous series of responses that would be ignored or ridiculed if any person in the street said them.

I'm thinking that the best way to hold these powerful and sometimes untouchable people to account is to make fun of them. It holds them in the public eye where they feel most uncomfortable, shows our contempt, and is amusing to boot. I still remember the foldup Muldoon poster my brother had from the Christchurch Magic Shop; I don't see anything of that ilk any more. Except perhaps the self-produced Helen Clark poster...

Anyway, who's with me on increasing the satirical content in New Zealand? It should be a NCEA-endorsed career choice...

1place respond

2007-11-14T21:05:00.000+13:00

Martin from 1place has replied to me personally with an apology although little explanation, but subsequently posted a good comment (scroll down).

It is good to have some feedback finally, well done to Martin for being open about it. I will keep watching for a while and see the improvements and see if they restore some confidence. They have implemented some of the things I wanted already, and the data backup feature promises to at least allow a migration strategy.

Remaining to be fixed is their SPF record. I mean

1place.co.nz. 3600 IN TXT "v=spf1 -all"

is supposed to mean they never send email with the consequence their mail only just squeaks through my spam filters. Badly configured SPF is quite a bit worse than no SPF.

Eureka clothes for kids, a great kiwi business

2007-11-14T20:22:00.000+13:00

A little off the tech subject today, as an offer from Eureka clothing arrived in my mailbox. Eureka are a Wellington based clothing company making robust clothes for kids. I'm getting some for my eldest after we discovered all his jeans are ripped through at the knees. Boys being boys, I remember the same happening to me as a child.

I must say they're going all out, no organic growth for these guys. Their catalogues are top notch, great photos and design. Their website isn't bad either.

Anyway, if you have boys between 4-14, or perhaps rough-and-tumble girls, check them out. I have a limited-use code that will give the first five of you who register a free t-shirt worth up to $30. That's what the coupon says anyway

Sign up here with code R_223784 in the "registration code" field - only five uses are possible, and before the 30th November 2007.

disclosure: I get a $20 voucher if you do all sign up, win/win huh?

Queueing and New Zealand Banks

2007-11-11T13:28:00.000+13:00

I am frustrated at the lack of expectation placed on New Zealand banks by their customers. In these days of ubiqituious EFT-POS (NZ's point of sale debit card system) and TradeMe deals causing spikes in NZ Post demands, the one area that is not getting any good attention is the speed of bank transfers.

All of the NZ trading banks only allow transfers overnight (inter-day). And when I say day I mean business, err, banking days. And only before a certain time, 8pm for some banks. The funds don't appear in the account until some point in the morning, and you're typically not awake anyway. I'm using 6am although it can be earlier, shout if you think I'm being unfair.

The batching limitations means that a bank transfer will have an average delay of 7/5 = 1.4 days if entered at the cutoff point. Add to this a half day to account for the entry delay when it is not being actioned, and the average delay is nearly 46 hours. This is only half the story though, the minimum delay is 8pm-6am (10 hours) and the maximum a whopping 8pm Thursday - 6am Tuesday (106 hours = 4 days, 10 hours). It gets a lot worse around long weekends too...

This is classic financial friction. It means businesses need more working capital, and that everything moves m-o-r-e s-l-o-w-l-y than it otherwise could.

I'm annoyed that batch processing is perceived to be good enough, after all if telco's can do real-time billing of millions of transactions a day, then can someone tell the banks that it can be done? This can't be good for their systems; they must be encountering a massive peak of pent up transactions every Monday night. It makes me wonder if this is why the National Bank moved it's cutoff point back to 8pm.

ASB is often held up as a shining example for allowing instant transfers. They are better in that intra-bank transfers are immediate but this is anything but perfect. I think their reputation as the bank of innovation must be slightly tarnished by now -- I've seen nothing of great importance on that front for ages, and Westpac launched the first NZ debit Visa this year.

Kiwibank, who I'd expect to have shiny new systems given their age, does allow instant intra-bank transfers. A good step forward. Their other systems are, to be frank, a bit weird though. I was a foundation customer but due to their rather "secure" password rules I managed to constantly forget mine, and they have quite draconian unused/overdrawn account rules. Ciao Kiwibank. I wonder if the Flight of the Conchords were talking about them.

All of this on top of our banking services being very expensive. I'm not sure what we can do about this, I would have thought that one of the existing transfer mechanisms would be able to fake this (think every transaction done as 2x EFT-POS transactions, one debit and one credit) but I think the banks need to authorise this mode of working. I've not looked at some of the layered systems, but they all seem a bit too complex and typically transferring money in from my bank which doesn't solve this problem. Lance lamented the same thing a while ago.

It would be nice to see the telco's offering a banking service; person to person transfers using prepaid balances would be quite sexy and I believe this is quite common overseas. I must dig out some details.

GoogleBot and AdSense MediaBot are now intertwingled?

2007-10-30T14:15:00.000+13:00

I once made a silly mistake and coded a webpage (new location) to use HTTP GET instead of POST. This was silly for various reasons, and only sensible for two:

Silly

Caused the URL to be ugly
Caused the button id to go into the URI. Sigh. I'm sure I could have avoided that.
Caused Google AdSense to want to check out every page just in case it is different, which can't be avoided like it can with other Google tools (analytics for example)

Sensible

It allows examples to be encoded within links. Useful for wikipedia.
It allows other people to mash-up the tool easily. Although it must be said anyone that can't code a POST but can code the parsing of the HTML would be an oddity, but GET is easier and avoids any state problems.

Suffice it to say the sensible reasons have been found post factum :-) My page now defaults to using POST but still has to support GET.

The point of this post is that Google AdSense used to crawl the GET URI after every use. Recently, and possible related to the Google PageRank changes, is that the plain GoogleBot is now crawling these URLs. About 20-30 in a batch (which may be all of them) between 1-10 seconds apart, very friendly like. The official AdSense MediaBot is still there, but much less frequent.

This makes sense, both were doing largely the same upfront job and linking them together provides a variety of benefits to the search side including knowing the URLs are actually in-use and finding different points of entry into the same site.

My evidence for this assertion is the above referenced change in behaviour, and that the bot used to have an agent of "Mediapartners-Google/2.1" (MediaBot) and now is just the standard "Mozilla/5.0 (compatible; Googlebot/2.1; +http://www.google.com/bot.html)" (GoogleBot). I don't have any proof that the AdSense-induced crawls are being used in the indexing yet, but I can't see a good argument why they wouldn't be grist for that mill.

Anyone else noticed this yet?

Update: I am correct

(back to 1place in a later post, I see Ben has dug out some more info and I'm overdue responding to the comments)

SaaS and trust: a NZ experience

2007-10-24T19:29:00.000+13:00

(or Why I Should Have Used Xero/Cashboard)

I recently discovered 1place, via Ben or David. It was cool, AJAXy, NZ-based, cheap ($10 a month) and almost exactly what my wife needed for her business. The owners were receptive to changes and there was a good probability that changes required for a quote-and-invoice services business, as opposed to a sell-products or bill-by-the-hour business would be implemented. They had screenshots of the changes and everything. A virtuous cycle of suggestions and responses ensued.

They even did GST returns and a cashbook.

I was suitably enthused so I set everything up, trained my wife, and started creating invoices. It worked well even without the changes. It was promising to simplify our accounting and invoicing significantly without any of the internationalisation issues from other products.

Then one day they disappeared. Completely and without warning. We hadn't paid any money yet, but this was clearly in violation of their agreements. SaaS also means that your data is no longer available, and notably there was no easy extraction/backup mechanism from 1place.

They were gone from the internet for about a month (I checked periodically, so give or take a few weeks). We'd only done two invoices and we'd saved the PDFs, so it was a lucky escape. It could have been a lot worse.

1place have now reappeared. They did not respond to my contact form email asking them where they'd been and why I should continue to use them. I was polite but I guess they don't want to answer. I've not bothered calling them, if I didn't have the invoices already I'd be annoying them daily though. Their blog is noticeably silent.

Looking at the companies office details it looks like the guy I was talking to, Bevan, is now no longer a shareholder. That event and the website shutdown would appear to be related, but the lack of consistency, communication, and disclosure mean that I cannot trust them with our data ever again. Nor should you, IMO, without at least a way to get your data out at regular intervals.

I have waited a long time before writing this entry as I really wanted to give this product and company the benefit of the doubt and a chance to succeed; it fills the gap below Xero and is completely NZ focussed, and they were reacting to my requests. But this is a betrayal of trust, and this is something that I will look closely at before using any similar SaaS product (hey: it's a service that's a product) again.

Hopefully they will respond to this public review and you, dear reader, can make up your own mind. If nothing else this is a lesson to be learnt by SaaS providers and users. It can happen with off-the-shelf products too, but at least there is a lower probability that you'll be prevented from accessing your data on your own terms.

Bruce's new list of SaaS requirements:

Decent price
Decent service
Decent uptime
Decent way of getting the hell out of dodge (added).

I am disappointed to be in the position of chopping at a NZ poppy.

Dear Lazyweb...

2007-10-14T18:18:00.001+13:00

(in the style of jwz)

I want a new mouse and keyboard. A wireless mouse would be nice, but I don't want a wireless keyboard as I never move it and changing the batteries would be more of a hassle than the cable. The keyboard should be standard 10x keys, straight, and boring. Preferably quiet. Colour is unimportant.

There does not appear to be a wired keyboard with wireless mouse combo. Why not? They could put the wireless receiver in the keyboard and save space.

Am I the only one who thinks this way? Surely wireless keyboards have a limited market? Is this all a grand conspiracy by the AA battery manufacturers?

Thanks,
Bruce

3GPP CDR processing in Erlang

2007-10-03T20:02:00.000+13:00

So I have made progress since my last post about this. I have a working 3GPP CDR decoder for Circuit Switched, Packet Switched and other miscellaneous CDRs.

In the process I broke my machine in the USA. Oops.

I left it compiling the ASN.1 one day and for some reason my definitions caused the Erlang ASN.1 compiler to loop. I left it like that for several days, and then my windows stopped responding.
It wouldn't remote reboot, respond to ping, or even prayers to . This is the point where I realised I'd not backed up anything on it for several weeks, including the CDR code. I really must subscribe to rsync.net

The story, dear reader, has a happy ending. One support ticket and a day or so later it was back as good as new and no more was said on the matter. I shall not complain that 100% CPU utilisation killed my box, and they did not complain about me breaking my budget server. Still, I should be upset, but for US$29 a month I can't really complain.

Back to 3GPP CDRs. I also have a version of the TAP (Transferred Accounts Procedure) specification. TAP is the CDR format used for international roaming CDR exchange, and is also in ASN.1 from version 3 onwards. There are amusing comments through the documentation about limiting sizes of files to avoid systems blowing up. Natch.

To their credit the GSMA have a specification that compiles cleanly first time, 3GPP could learn from that. The dependency hierarchy of the 3GPP CDR spec is horrifying and extends all the way back (and loops around) the earliest, ugliest, definitions from the ITU-T.

Anyway, I only need to decide what to do now, I'm thinking that this could expand to be a free 3GPP -> TAP service, possibly even including the RAP (Returned Accounts Procedure). At least it would provide an alternative to all the people charging for even a CDR editing tool. Sheesh.

First things first, I'm off to whip up the first page which should allow the upload of a CDR file and the specification of it's type (Circuit/Packet/etc) so it can be decoded. Not exciting but a prerequisite for the next AJAXy page that allows scrolling and drilldown into individual lineitems.

Wish me luck.

Simple stuff: usernames and passwords

2007-10-03T17:38:00.000+13:00

(I can't find any reference to this on the web, but there must be something. Username aka display name aka login aka screen name [yurk])

I recently signed up for (yet another) web forum, went through the dance of getting the temporary password via email, and it noticed it didn't even tell me what my username should be. Very un-Web2.0.

I went back to the login page and it wants me email address; and so this rant begins.

Think of your users. Are they corporate users? Are they private, mostly ISP-based, users? So email address sounds like a reasonable key?

STOP THAT.

Email addresses are useful for sending email to people. Most of the time. Email addresses nominally have the following characteristics:

They uniquely identify a person
They don't change
They can be remembered by the user concerned

Let's pull these apart:
1. "They uniquely identify a person"
Well no they don't. It can be a mailing list, it can be for a family, it might identify a person most of the time but ask yourself if this is sufficient. Even if they do uniquely identify the person, that person might not want their activity to be identified; so you're going to need a username anway.

The other perspective (thanks Jonny) is that you provide your email address on email correspondence and this starts to give information away that provides others access to websites; the access quiz changes from needing to know the username and password to only requiring the password.

2. "They don't change"
Well, yes they do. People want to be able to change ISP. Mergers and acquisitions happen. Domain names get accidentally lost. Most of the people reading this will have a static email address probably because they own their domain, but this does not apply to most of your users.

You can try and mitigate this problem, but the single principle is that you cannot easily prevent a user from claiming to be scott@randomcompanya.com [aside: currently unregistered, I checked!] if randomcompanya.com refuses their email/doesn't exist. So that account is dead, along with all the things that ties that customer to you, and you've just asked them rescan the market to see if they want to reregister...

The inverse of this is when scott leaves randomcompanya and they hire another scott. Hurrah. Lets just leave the key under the mat too shall we?

3. "They can be remember by the person concerned"
This may in fact be true for most people, but I'm betting most sensible people keep their business and personal email separate. Sensible people may figure in the minority. If you have more than one email address, or you own your domain, you have a snowballs chance in hell of remembering which one you used. Better request a new password and check the email headers :-)

So what should you do?

I'm glad you asked. Let me rant a little more.

User-definable usernames
Let the user select their own username. The best websites already do this, and don't constrain people to 8 characters, 12 characters, or anything less than half a page of text.

Do make it case insensitive but don't mash the case - InnOcenT should be permissible (think: Bobby is different from bobby? Do you really want that confusion) and not normalised otherwise they'll get offended that their StudlyCaps are lost.
Don't allow embedded spaces without thinking it through.
Do allow punctuation, at least to a point.
Possibly allow Unicode, but be careful of unnoticeable collisions (a lot of characters end up looking the same, allowing impersonation). This is a key point of i18n, which could well be the difference between you or your competitor getting market share in Asia.

A user might choose to enter their email address as their username, which is fine. To be clear I'm not saying don't collect and use email addresses, especially for lost password/lost username issues.

I recognise that lost username recovery typically does involve emailing the user, but it doesn't have to if you collect sufficient identifying information from the user. You have the flexibility.

I'm also not against allowing the use of email address as a synonym for your username on login forms, although it has some security implications.

OpenID
"OpenID is a decentralized single sign-on system" according to Wikipedia. I'm of two minds on this one, and I'm still chewing on this post. OpenID does allow user-selected usernames, but beyond that it doesn't provide trust, or really authentication (due to all the holes, OpenID 2.0 is better but not necessarily fixed), and I'd debate that you can provide identity without these things.

Okay, I'm finished. I think there are more perspectives on this one and I'm interested in hearing them. Paypal, for example, use email addresses. I think this is because that is where they started from; eBay sensibly changed I think, TradeMe changed post implementation as well.

Just wait until I get to passwords. It will be heretical.

Loss of shared experience

2007-09-22T23:47:00.000+12:00

Growing up I remember a time when I could call my friends and talk to them about the TV program they were watching. It was obviously the same one as I was watching as there were only two channels, so I could even time it for the commercial break. The same thing happened in earlier times with the radio. This situation has obviously changed...I don't even watch TV anymore.

At work some people have an expectation that I've read the news in the newspaper and talk to me about news that was adjacent to the story we are discussing. It is quite jarring to the conversation when I admit to knowing nothing about what they're talking about. I hardly ever buy a 'paper, everytime they give it to us for free I realise that the joy of the accidental discoveries (advertisements, odd news, etc) does not outweigh the wads of paper I end up having to get rid of.

Pondering these two things I wonder if we are experiencing the loss of the shared experience; the iPod generation get to listen to (and now see whatever they want, whenever they want. The opportunity for serendipitous discoveries is lost; we listen to what we have selected and unless we choose to there is no chance of accidentally discovering something new. There is no "I listen to the radio station which I like ~60% of the time and discover a new song/group".

On-demand hosted video (YouTube) goes some way to reverse this trend, but the shared experience is only amongst your peer group; MySpace et al makes this easier but again only within the defined peer group. I am beginning to attribute the popularity of social networking to the ability to perform this sharing; to bridge the islands that we've placed ourselves in and regain the ability to talk about shared experiences even if we didn't share them at the same time or place.

Where will we go from here? Will the gaps between peer groups (grandparents, parents, children, grandchildren) grow greater? Will we find a different way to slice social networks so that you don't shock your parents with your latest drinking antics, but you do share the appropriate things with those groups? How will this happen over timelines to control a situation where grandchildren 20 years hence can join a group and see granddad vomiting on the pavement? As a video?

I can see a time when your social network profile is updated in real-time with your physical location and any and all of the things you are watching, listening to, or generally experiencing. twitter is only the beginning of this. Controlling the release (and archiving) of this information has got to be an eventual concern as it matures.

Food for thought. Sorry if you expected a conclusion.

In my day...

2007-09-13T22:06:00.000+12:00

...we used to decode our ASN.1 PER by hand. In the rain. With no pencils.

I doubt many will get the joke. I had a conversation today about 3GPP CDRs and how icky they are. I said that they are TLV based and I really don't have a problem with them, they're infinitely preferable to XML, but I think my colleague has been sucked in by the "human-readable means it is simple" XML/SIP propaganda. Apparently his hand-crafted ASN.1 BER decoder crashes if it encounters unknown tags, or somesuch, which is precisely what ASN.1 BER was designed to avoid -- it is easily extensible without breaking backward compatibility.

For the record I've decoded a reasonable amount of unaligned ASN.1 PER by hand as H.323 uses it, and I actually appreciate the feelings of the people that said that SIP was easier because it was text. XML and ASN.1 PER are at the opposite ends of the spectrum of verboseness, and they both go too far. The reality is though that the encoding of the messages wasn't what was fundamentally hard about H.323, it was how all the protocol levels fitted together and the inherent complexity of what it was solving. SIP is basically as complicated as H.323 now, and just as fractured.

I actually like ASN.1 BER though, it is mature and extensible and both cheap to parse and reasonably compact. So I think I will build a little decoder for my poor colleagues and demonstrate the power of Erlang, ASN.1, and a bit of gumption. It'll make a good webpage that I'm sure will be of interest to others in the industry, and it'll fit nicely alongside the MEID one. The only problem will be cleaning up all the 3GPP specifications, the typo's are atrocious.

Teeth

2007-09-12T22:48:00.000+12:00

A quick diversion today to recommend a dentist. Cliff Steven from Cliff Steven Dental in Johnsonville, Wellington, New Zealand.

If you live in the vicinity and you need a dentist for your child, go to him. Our 9 year old has been to lots of dentists due to enamel hypoplasia of his milk teeth, and has a strong gag reflex. Not generally an excellent combination for dental visits, especially when mixed with a general intolerance for submitting to discomfort.

Cliff fixed #1 son up smoothly, quickly, and almost painlessly. The x-ray, always a point of much choking, gagging and general failure to cooperate, went without a hitch. #1 was in shock as 15 minutes after arriving he was back in the car sans tooth. He said walking back to the car that doesn't ever want to go to a different dentist.

#1 is now fine, and according to Cliff he looks to have a future without braces or cavities. Yay.

Mobile TV: unicasting, multicasting and broadcasting

2007-09-11T18:07:00.000+12:00

There appear to be many people after our attention. They want us watching their content, no sorry, paying for their content, and watching their advertisements. Even when in the bus.

So we have Mobile TV. I am really not sure if there is a market for it, but that hasn't stopped these ideas being hyped before so I don't think it will stop this one. It seems like a reasonable concept; watch TV anywhere, anytime. People love TV right?. It might even look okay with a iPhone or PSP type screen.

Behind the Mobile TV hype we have standards. MBMS, DVB-H, DMB, MediaFLO, and a few others bit players. All of these standards focus on a broadcast, or (as a concession to bandwidth) multicast model for delivery, and so I think all of them are missing the point.

The future is YouTube. People want to choose what to watch and when they watch it. If they get interrupted they want to pause it. They want to be able to share it with their friends in the same city, the same country, or on the same planet. They've got this freedom now and they won't forget about it, or accept that just because they are mobile they can't get it.

Apple seems to get this with their YouTube partnership, but the engineers in charge of the standards groups do not. I don't think they can see beyond the fact that unicasted content is a hideously inefficient model. It is a bare, naked, fact. Offering unicasted TV over the mobile infrastructure has the potential to suck up all the current mobile capacity serving only a tiny percentage of their customer base. It magnifies all the differences in load throughout the network e.g. CBD cell sites would overload during the day, but be idle at night when the urban cell sites would begin to overload. This kind of infrastructure costs big bucks to expand as you end up needing more physical sites, more antennas, more radio gear, and above all more connectivity from these remote sites to the core network.

Customers don't care. Every aspect of modern life, down to working hours, is becoming on-demand. Generation Y will not accept broadcast TV for much longer; TiVo and it's ilk are only a stepping stone to a full on-demand service. The shared experience of lives being worked around a central TV schedule is over. It's been talked about for years and YouTube accelerated it to fruition, even if it is worse than NTSC or PAL TV on a bad day.

There are other flaws in the standards proposed:

MBMS soaks up huge amounts of capacity for a small number of channels. Think about returning to 3 channels everyone.
DVB-H and MediaFLO require a new radio receiver in your phone, along with discrete chips etc etc. Yeah, like that'll work. I can imagine the small hole in that pitch: "I'll get you a million subscribers, but you'll have to give them all new phones or wait 3 years."

Mobile TV can only ever have niche market if it sticks to a broadcast model. I feel like taking people by the shoulders and shaking them. What part of this is so hard to understand?

SAAS educational software

2007-09-06T20:28:00.001+12:00

Is it just me, or does all educational software suck? I can't work out why either, does "think of the children" mode mean that user testing, esp. user interface testing, is not required? Is the market really so small that no one has the money/motivation? Do kids just cope?

Anyway, I've had a mixed bag signing up my eldest for Mathletics. The product looks quite good, a good concept, and they've had a killer marketing idea by giving free access to primary schools in NZ and Australia for a week or so in order to promote Literacy and Numeracy Week (hey, Australian only?). Basically NZ and Australia fight it out for points (I think) with the individual students battling each other game by game. Neat. And the parents get to see the product en masse and (like me) sign up if they like it.

I'd never seen this product before, although it seems to have a critical mass (and good critical reviews). It does look like it will help and encourage Son #1 with his mental arithmetic and build on his already impressive spelling skills. The games are amusing, the head-to-head nature adds some competition element, and the parents can get week-by-week feedback on progress.

In game progress allows the purchase of add-ons to your avatar, although I must admit to being confused about the difference between points (earned per game, used for totals) and credits (earned per game at a different rate, used for avatar upgrades).

The game is totally flash based, with annoying new windows for login and some weird UI behaviour like no auto-focus on the entry box for some of the maths games. But it does work 99% of the time, and #1 seems to enjoy it.

I had an awful time signing up for a year (NZ$99 for maths and spelling, on special) as I got the dreaded ASP error n when returning from the payment portal (successfully, I might add). On the other hand I got a phone call (!) in response to my email within minutes. I've learned to just bit my tongue when people tell me it is my fault, and I dutifully did it all again with the same result. Then I wrote another email where I was more forceful about suggesting they fix it and not make me enter all the details again and have my CC charged again.

Next morning it was all fixed, so I have to recommend the customer service and the service as a whole. More reports in a month or so when we've had more time to evaluate the long-term effects.

GPS and Photography

2007-08-25T00:49:00.000+12:00

I've been looking for a decent way to geo-locate my photos for a little while. A clip-on unit for my 400D would be perfect, although the firmware doesn't support such a thing (apparently Nikons do?)

The Sony CS1 GPS seems okay, but the performance looks a little poor (low power consumption, but older GPS tech). It also seems a bit naff, and frankly overpriced.

Today I checked back with the excellent guys at SparkFun and found this new GPS logger.
Nice stuff too. Battery life could be better at only 7.5 hours of full on logging, but it is a nice small unit with an excellent GPS chipset (SiRF III), built in charger, choose-your-own-storage and enough reconfigurability to stretch the battery life when you want to.

Iz wan dis too.

Beaten, well and truly, to the punch on the Neo1973

2007-08-23T19:49:00.000+12:00

tonyg has not only bought a FIC Neo1973 but has ported smalltalk to it. Sigh. Well done (again).

Jason is apparently dead set on an iPhone, but I don't think I can rest until I have a phone running my own damn code. With an interface I like. And weird features just for me.

I shall just have to lust a little longer...

A new candidate for Estimating/Quoting/Billing

2007-08-22T23:54:00.001+12:00

I encountered a new candidate to add to my previous list in my RSS travels today, and I'll admit to losing track of where, a link to 1place.

Wow. This looks like it could be a pretty good fit. NZ-based aka no I18n issues, GST-aware, decent pricing and fully customisable. Even loads up bank statements.

More news later after I've had time to investigate and go through a estimate, invoice, payment cycle to see how it hangs together.

Idea of the day: Graffiti

2007-08-19T18:13:00.000+12:00

I like good graffiti. Watching Rome S1 the other day I was inspired to think about how to encourage good, relevant, hell even entertaining graffiti.

I got to thinking that supplying a visible forum for graffiti-ists might
both limit the amount of destructive tagging, which is complete shit that is only a hair's breadth above carving your initials, and encourage people to actually think about saying something relevant and topical.

So, my idea is this. A company with some $$ to spend on a high visibility social campagin buys a few billboard sites. They then set out an area in a town open space (with good lighting and perhaps some food) with a billboard sized canvas/board and some free paint. The sponsoring company could tack their logo on the bottom (later, ahem, rather than be subject to obliteration)

Let people go wild for a week. Or a weekend. It will take a while to work out what length of time is appropriate, and also for both people to notice and then calm down. Expect some excellent work to be overwritten with crap; respect has to be l/earnt.

At the end of a period, which may be determined by the artistic merits, haul the billboard up to a site. Leave it there for a week, then repeat ad infinitum.

An accompanying website log would of course be required, as would a charity auction for the best pieces. Even side-industries like these bags could spring up, although longevity could be limited.

Anway, it is probably better posted on the halfbakery as it isn't completely formed. Feel free to implement :-)

PS Also to come is a post on satirists and patronage.