Categories
development leadership

The importance of confidence

Have you ever been given a project to deliver and thought you can’t do it? That you don’t know enough, that the deadlines are too tight?

Ever felt like panicking?

Have you been on that team, and somehow still delivered, with absolute pride in what you’ve delivered, bar a few teething issues?

As a leader, to inspire your team, you need to exude confidence. Confidence in the outcomes, and in the team. You don’t deny problems or paper them over. Hiding is a sign of weakness. But the team needs confidence to deliver and they get that from you.

If you’re not confident, don’t fake it. Revise the outcomes to a scope you’re confident in. Narrow your horizon. Get answers to your doubts, and support to conquer them. When times are tough, it’s your job to set the right expectations that the team can believe in, and deliver on. It’s your job to find a clear path through the chaos. Or it’s your job to help them pick up the pieces and move on.

These are the tests of your leadership. If the team can weather the crisis, if it can keep it’s collective head whilst all about are losing theirs, then you have earned the right to be a leader.

Be confident. But be authentic.

Categories
free speech security

The graveyard of things

Dunnet head stone
End of the road

In the 1970s, UNIX was big, and so were the machines it ran on. The source code was controlled by those who sold the computers, and if you wanted to modify it so that you could fix things, or improve things, you were stuffed.

The tinkerers weren’t happy, so they created a charter, a licence to share, improve and adapt, so that you could create. Free Software was born. Free to be used, changed and distributed. It wasn’t for everyone but tinkered loved it, and it changed the world.

Fast forward to today, and one of the most famous users of open source, and part-time supporter, Google, stirs up trouble in its Nest division, when it announces not only that it will stop supporting an old device, but also that all existing ones will stop working: Nest’s Hub Shutdown Proves You’re Crazy to Buy Into the Internet of Things http://feeds.wired.com/c/35185/f/661370/s/4ebe676d/sc/15/l/0L0Swired0N0C20A160C0A40Cnests0Ehub0Eshutdown0Eproves0Eyoure0Ecrazy0Ebuy0Einternet0Ethings0C/story01.htm

The tinkerers have been duped. They don’t own the devices. They now have expensive hockey pucks.

So what could Google have done?

How about releasing the server code and allowing anyone to patch their device to talk to a local server? It might be less smart now, but it’s still smarter than a hockey puck.

Indeed, in a world where breaches are getting more common, and devices have more and more access into our lives, why isn’t local access an option? Maybe we need new standards, but most of this data has been accessible via usb for years.

This is your data and you should have the option to secure it to your network, and to keep collecting and using it no matter what changes happen to the original manufacturer.

Embrace tinkering. Reject dead man’s switches.

Categories
lifehacks quickfix

Google Inbox and Inbox Zero

With a broken phone and Inbox by Google I went from 5000 unread messages to Inbox Zero in a week with some email bankruptcy and clearing out some tasks.

It’s not about being anal and keeping things neat, it’s about recognising that you’re never going to reply to that email from 2 years ago, but it’s hiding that email you should respond to.

Be ruthless. Archive, delete in bulk. That sale 3 years ago is over, you’re never going to fix that NHibernate bug, and someone else is looking at it, it’s too late to sign the petition to bless the rain down in Africa.

And as I found when my phone broke, and I got thrown back to a version of Gmail without bundles, stop hiding things behind labels. If you’re not going to read it, unsubscribe or filter it into the bin. Lose the haystack, keep the needles.

Categories
development security ux

Losing tokens : 2 factor authentication recovery

Use your palm to sign in
Use your palm to sign in

My phone broke. I lost access to Google Authenticate and the second half of my two factor authentication.

It was a great opportunity to look at how each of the main services deal with recovery. I’m always looking to increase the baseline of security in every new body of work, and 2-Factor authentication is one interesting avenue, but has a big potential failure scenario. I want to look at how the services deal with this to understand the trade offs.

For those of you unfamiliar with the concept, authentication is generally performed by one of 3 factors : something you know (e.g. a password), something you have (e.g. your car key) or something you are (e.g. fingerprints). 2 factor authentication asks you to prove your identity via 2 of these channels, rather than one, and often chooses the something you have and something you know channels because of the difficulty of replacing the something you are channel if the security is compromised.

Most of the services I discuss here use Google Authenticator which uses your phone as the something you have, seeded with a shared secret (usually encoded as a 2d barcode) to generate a new code at regular intervals that should appear random to any observer but always consistent between server and client.

Many of the services use one-time codes to allow you to log in if you lose your device, and some force you to enter one of those codes as part of the verification process. For all those that provide it, print out those codes as soon as you get the option, and keep their printout safe not near your phone.

The services

Google : provides a set of 10 one time codes. An email when any is used. Easy migration process to a new device, automatically disabling the old device.

Github : sends a text to my phone. Not so good for a stolen phone.

WordPress : a set of 10 one time codes, but no email indication, when one is used. Frustratingly I have to disable and re-enable 2FA to move to a new device, rather than WordPress disabling the old device automatically. Although it does have the nice side effect, unlike Google, of emailing me to let me know a new device was added.

Twitter : temporary password, with 1 hour expiry, provided you’re logged in on another device. For most services this should not be a problem, but it’s a good reminder to ensure you always have more than one trusted device for an account so you can create new trust relationships and disable old ones.

Dropbox : can re-enable authenticator via barcode, if logged in on another device. Email is sent.

I like the Google and WordPress approach for simplicity, if you’re organised enough to use paper as you’re backup device, but I’m comfortable with the approach taken by Dropbox and Twitter that use another device for the authentication.

Conclusion

I don’t like the Github approach, because it fails to recognise the use of the phone for multiple purposes, making a phone much more valuable a target. Luckily my phone was bricked, but I continue to monitor my accounts for suspicious activity, just in case it comes back to life now I’ve been sent a replacement.

I like notifications. I get email notifications on multiple devices and as they are timely, I know immediately if there are unexpected changes. Good marks for Google and WordPress here, but I wish Google sent emails for enabling on a new device and WordPress sent emails for use of one time codes.

I prefer the one time code approach for the way I like to work but I can see the benefits of the multiple trusted device approach. I can’t see any benefits to the github recovery approach apart from simplicity.

2 factor authentication is good, but check your recovery strategy now. I only got back into my accounts because I was prepared.

Further reading

★ : Two-Factor Authentication Hacked: Why You Shouldn’t Panic buff.ly/1wukaiE

Be sure you have a backup plan, for Apple and others. I almost lost access to some of my accounts because I misplaced my backup keys, similar to this guy.

If you lose your phone, or are scared you will, have a look at this Lifehacker guide before you enable 2-factor authentication on your accounts.

Categories
google search

The future of Google

Google plus you, personal search. Interesting idea, but I’m already seeing it making a difference, even for people without a Google+ account – and that’s why it’ll be big.

I’ve been playing about with the Kinect SDK with a mate, and now that we’ve got things up and running, we want to do things properly, so we went to grab a copy of NUnit so we can unit test the gesture recognition code (I’ll have another blog on that if there’s interest). So, he searches for NUnit on his machine, and the first result is http://www.nunit.org, as expected. What I didn’t expect, because he doesn’t have a Google+ account, is that my name (and wordpress.com) appeared next to the result, because of this blog post : https://craignicol.wordpress.com/2009/05/14/ddds2-tdd-i-dont-have-time-round-up/

So, the social data is need into the algorithm already, using my Google+ profile to link my to WordPress and his contacts to link him to me.

And that’s something Google has needed for a long time – search that tells me what my friends know, because if they’ve bookmarked Putty, I’ll know I’m downloading from the right site.

Categories
google Hangout programming

Weekly Developer Hangout Revival : Friday 14th October, noon

I’m planning to restart the weekly developer hangouts I was running from my Google+ profile now that invites are no longer required and screen and document sharing have been added.
Next Friday I hope to be talking about iPhone 4s, Nexus Prime, and whether node.js really is a cancer or if node.js is not cancer.

If you’re planning on coming, give me a shout here, or on my Google+ page, and please spread the word.

Categories
Uncategorized

Weekly (Scottish?) Developers Google+ Hangout?

I had an idea for running a book club for Google+ Hangouts, but after David Christiansen turned up, it became a more interesting catch-up, covering HP selling off WebOS, and discussing zaproxy ( http://code.google.com/p/zaproxy/ ) penetration testing tool and JIRA agile project management tool ( http://sandbox.onjira.com/secure/Dashboard.jspa?os_username=jens&os_password=password ).

Some good chat, but we were wondering if other Scottish Developers would be interested in a weekly Friday lunchtime hangout to shoot the breeze on the tech stories, tools and blogs of the week.

If you’re not on Google+ and need an invite, give me a shout and I’ll email one back to you, or click here for an invite : http://goo.gl/P0p2b . If you are interested and on Google+ come and find me at https://plus.google.com/112347442728934313588 and jump on in next time. Web cams and mic optional (if you’re a fast typist), but you will need speakers to listen in.

If there’s more good info, I might even start a weekly blog on it, but we’ll see how much interest there is.

What do the rest of you think?

Craig.

Categories
development programming timeout

Innovation vs Quicksand

Anyone following me on Google+, Facebook or Twitter may have seen me posting quite a lot about the many Intellectual Property cases currently strangling the mobile computing market. A lot of them involve Apple, but it’s not an attack on them. They just happen to be in the dominant mobile position now that Microsoft was in 10 years ago on the desktop, and so they’ve got the most to lose.

Last decade, the stories were of Microsoft using Windows to cripple competing office suites and promote its own, and the big move to unify the desktop, server and mobile Windows experience with XP and .net, and giving us IE6 and anti-trust cases. Now, we have Apple unifying desktop and mobile, and pushing others away with policies on in-app purchases and legal battles blocking competition in the marketplace.

I like competition. Competition makes phones faster, batteries last longer, and keeps everyone on their toes. Without it, innovation stagnates.

I am not a lawyer, so I don’t understand why a sketch that looks like a sat nav can be used by Apple to stop tablets from competitors being sold. It’s not like the Chinese rip-off that fooled even the employees at the fake Apple stores.

There is something rotten in the world of technology. It’s about patents, copyright and other protection, but whereas it works for Dyson, to protect his cyclone, whilst allowing competition from other bagless systems, the same protections are smothering the computing and smartphone market, distracting all companies into defending themselves against others, instead of differentiation through innovation. I don’t to work in an industry that’s moving through quicksand, dragging platforms, tools and devices back. We’re already held back enough trying to build for incompatible browsers without having to rewrite for new platforms just because the ui of one has protected interactions (think touch screen versions of Amazon’s pervasive One-Click patent). Higher costs for developers, higher costs and frustration for end users and the vendors fighting amongst themselves won’t benefit, ripping chunks out of each other and alienating the rest of us.

Samson needs to come and cut some crown jewels in half.

Categories
google

HTC hero / Android review

Last month, I got an HTC hero phone running Android to replace my ancient o2 ice which had started to crash whenever a phone call ended. I decided to ditch o2 as well due to problems with their data network ever since the iPhone came out.

The hero is slightly faster than my old phone, although it is occasionally prone to hanging, mainly during sync to Google by the looks of things. The Google side seems to be the weakest part of the phone. The mail and contacts have stopped syncing with Google, but the HTC email via IMAP, Facebook, Flickr and other sync are still working perfectly.

The camera is good quality (see the attached photo) but without a flash, don’t bother in dark conditions.

I’ve seen reviews that talk about poor battery life, and it can run low fairly quickly under heavy usage, but the stand-by time is fine, now that I’ve turned off always-on mobile internet in favour of WiFi.

There’s a number of good apps in the market, including wpToGo that I’m using to write this, the last.fm app, and the games Abduction and Bonsai Blast.

The soft keyboard works well, and is much easier to use than my wife’s acer aspire one once I learnt to trust the auto-correct, type in landscape and to avoid the settings key which is annoyingly close to the comma.

There are some flaws which would put some people off, and I think they’d kill the experience for me on a stock Android phone. The HTC extensions make for a much nicer experience than the g1 I’ve tried, but the primary problems all seem to be software related, so I’ll have to update my thoughts once the new HTC firmware and Android 1.6 are ready and installed.

For now, it’s worth checking out, but don’t break your contract for one.