This blog is now hosted at

Friday, September 28, 2007

Perforce considered harmful

Color me unimpressed with Perforce's keyword expansion.

if ( ( -f $File::Find::name ) && ( $_ =~ /.eml$/i ) ) {


if ( ( -f $File: //messagegate/MAP/tools/ $_ =~ /.eml$/i ) ) {

Since I use File::Find only all the time, no problem. Of course, Perforce's byzantine user interface always helps matters. Read more...

Tuesday, September 25, 2007

The Proof of Concept

Continuing in the theme of pre-sales presentations, I thought I'd spend some time discussing the Proof of Concept (POC). The Proof of Concept is essentially required to bring enterprise sales to closure, but they can be risky.

Here are some pointers on doing a successful POC.

First and foremost, understand that the success or failure of a proof of concept hinges on two things:

  • Technical aptitude and sales ability (skills)
  • Control of Scope (management/risk mitigation)
The area that you can influence the most (aside from keeping your chops current) is risk mitigation. The method to do this is to control scope. You want to do the minimum proof necessary to demonstrate capabilities.

"Well, could you make it do..." is the most dangerous question ever during the middle of a POC.

Some of the questions you need to ask before the POC starts:

  • What is it that we're trying to prove?
    You should have an elevator speech ready, and should repeat it often. This is what we're trying to prove, and this is what we have proven. This should be something definitive or measurable: "We're proving that we can do X transactions per unit time with this test corpus" or "We're proving that we can web-enable this business transaction"
  • What are the standards of success?
  • What are the next steps upon success?
    This is a "give to get" proposition: if we can prove the solution works, what is the next step in the sales process.

Some additional tips:
  • Be visual.
    While at WRQ (Attachmate), I did numerous Proofs of Concept with their integration tool, Verastream. In every case, I highlighted the "behind the scenes" workings by showing the actual mainframe transactions-- this never fails to communicate that the demonstration is real, and integrated.
  • Teach.
    If you can educate your customer about the product or service you're trying to sell, you just won a leg up. Customers buy solutions they understand and can approach.


Saturday, September 22, 2007

More on Technical Presenting

This is a follow-on to a previous post.

If you're doing a Technical Presentation, here are the most important things that you can establish or give to your audience.

  • Education: the audience is there to be taught about your subject
  • Communication: interactivity is the key to moving beyond the brochure into the "I can use this" moment
  • Understanding: How can your audience actually make use of your subject matter?

There is a maxim that I use, "You can't tell anyone anything." By way of definition, think about attempting to "tell" your kids what to do, e.g.: don't play in that mud. What will the child do?

Reminds me of the Bill Cosby Children are Brain Damaged skit, but that's a discussion for another day.

So, to communicate, it is necessary to remain factual, and when you want to convey subjective points, you need to be more subtle. Consider the story of Eve and the serpent:

Gen 3:1 (KJV) Now the serpent was more subtil(emphasis mine) than any beast of the field which the LORD God had made. And he said unto the woman, Yea, hath God said, Ye shall not eat of every tree of the garden?

Now of course, we know that the serpent was trying to deceive, but let's separate that from the fact that he was being subtle. Subtle is asking questions.

By asking questions, you can establish the baseline from which you are working-- where is your audience at?

By asking questions, you can lead the audience to understanding.

By asking questions, you can establish value.

Friday, September 21, 2007

News Flash: Veterans Administration security is shameful.

Film at 11.

Among the great quotes:

As the VA was rolling out the e-mail filtering software, the software caught about 7,000 e-mails containing Social Security numbers in just one month
The VA had only completed two of 22 recommendations from its inspector general following the breach

Here is the full article.

Let me get this right...

The Veterans Administration (I'm a vet, so maybe I'm a little sensitive) has been sending 7,000 emails a month with SSNs?

Pause, drumroll, please--


Notice that that wasn't the number of SSNs, but the number of emails, so an excel spreadsheet with 1000 SSNs counts once.

I don't even want to know what they are doing with my medical records. Maybe they are putting them up on LED readerboards across the nation?


Friday, September 14, 2007

Beware of Security Theater

I've consulted at a lot of Fortune 500 companies, and I'm always amazed at the level of Security Theater that I see. Follow the link for a definition and commentary.

From Wikipedia:

Security theater has been defined as ostensible security measures which have little real influence on security whilst being publicly visible and designed to demonstrate to the lesser-informed that countermeasures have been considered. Security theater has been related to and has some similarities with superstition.

Let me provide a concrete example from a large financial institution:

When logging in to the mainframe, three failed password attempts lock your account.

Since the company can't really afford to have the downtime related to this (since it happens all the time, and there are thousands of accounts), they built an automated phone response system that would allow you to unlock your account with your employee identification number.

See the fallacy? Instead of removing the restriction, or limiting it to something reasonable (20 attempts), they spent--swag numbers--low 6-figures on an automated system.

There is a concern, of course, about brute force attacks on the passwords, but that can be detected at a network layer, or even just through a report on failed attempts with timestamps.

The best part is that the users became so desensitized to password lockouts, they did not consider it to be suspicious in any way, and would merrily dial in, and unlock their account without notifying anyone.

So, the so-called "security measures" actually reduced the overall level of security in the organization. Not good.

This is a specific example, but there are many that I can cite-- I'm sure that your organization has its fair share, too.

Wednesday, September 12, 2007

Robotic Overlord Magic Quadrant

With the announcement that there are between one and ten million computers infected with the Storm Worm (estimated), I thought I would provide a magic quadrant style guide to our eventual domination by, and complete submission to, our new robotic overlords.

Computer Scientist Peter Gutman calculates that the Storm Worm has access to more computing power than the top ten supercomputers in the world, combined. He also estimates that it controls between 1 and 10 petabytes of ram.

Article here.

Iphone unlock available

I'm still sticking with my BlackBerry Pearl (since it has a keyboard, and voice dialing), but it is nice to know that I could use the iPhone now.

Engadget has coverage here.

This is great news-- this is an open source solution, too. Read more...

Thursday, September 6, 2007

Television linked to poor attention

I'm one of those rare people that don't have a television.

A new article on New Scientist confirms my thoughts.

The article links childhood television watching to attention problems. From the article:

...roughly 40% increase in attention problems among "heavy" TV viewers...

Interesting fact for those of you who suspect that your kids watch too much TV.

How to fix the iPhone

Apple announced that it is dropping the price for the 8GB iPhone by $200, and discontinuing the 4GB model.

I think that the iPhone isn't selling quite as well as they thought it would-- make the jump for my analysis.

The main problem with the iPhone is that it isn't open. You're forced to use a particular provider.

It has only barebones bluetooth support-- it will not support a bluetooth keyboard. The touchscreen keyboard isn't the end-all-be-all, and it would be nice to use an external keyboard for composing longer emails.

If the iPhone had been open from the beginning, I think it would have been a much bigger hit. For now, I guess I'll stick with my BlackBerry Pearl.

Wednesday, September 5, 2007

Interesting run-in on Southwest airlines

I'm not all that great in making a clean break from work-- I'm currently on vacation in Las Vegas, but I took a business trip to San Diego.

Normally, I fly Alaska Airlines or United, but the best flight from Vegas was on Southwest. Side commentary: kudos to Southwest for hiring flight attendants that actually seem to like being there.

On the return flight, one of the flight attendants was announced as the mother of Miss Teen USA 2007, South Carolina. It was an interesting brush with current events. Read more...

Minnesota Breathalyzer Case Gets More Complicated

Last month, I wrote about a case where a Minnesota man asked for the source code to the breathalyzer in his DUI case. Things have gotten slightly more complicated-- more after the jump.

Article here.

Best quote from the article:

...the Minnesota Supreme Court in late July concluded that language in the contract between the device's manufacturer, Kentucky-based CMI, and the state indicates the source code belongs by extension to Minnesota. The justices suggested the state must do whatever it takes to enforce that contract, even if it means, for example, suing CMI.
(emphasis mine)