Thursday, September 2, 2010

How much notice should service providers give their customers when the terms of service change?

One of the cool things about the Twitter service is the fact that they don't send many emails to their subscribers to let them know how wonderful their service is. They have a very unusual attitude in that they expect that the usefulness of their service should be able to speak for itself. Therefore when they sent me an email today entitled "Update: Twitter Apps and you" I decided to actually read the email.

It started out quite well:
Over the coming weeks, we will be making two important updates that will impact how you interact with Twitter applications. We are sending this notice to all Twitter users to make sure you are aware of these changes.
Then I read the next paragraph:
Starting August 31, all applications will be required to use OAuth to access your Twitter account.
At first it sounded reasonable, but then I realised that this email was being sent on 2nd of September!!! I know internet time is different from normal time, but how can they use the phrase "in the coming weeks" to refer to 2 days ago!!

Suddenly the penny dropped and I realised why BlueTwitSidebar stopped working with Twitter yesterday. I pinged the developer of this tool to let him know of the issue, but it turned out that he already knew about it becuase everyone was screaming at him.

Surely this is a very unfair way to treat users by telling them of a significant change in authentication policy after it has already been implemented :-(

Wednesday, September 1, 2010

Report on Blogtalk 2010 conference last week

A number of people asked me to write up a report on the Blogtalk 2010 conference that I attended last week. This was a really interesting conference with lots of interesting topics being discussed, but since most of the people there were really great at using social media tools and they were all posting commentary all the time I don't think I can do really much better than to point you at the very active Twitter feed for the conference using the hashtag #blogtalk2010 or Emer Lawn's excellent summaries of day 1 and day 2.

I will write up a few blog posts later on specific topics that came up during the conference, but my general impression was to be amazed at the amount of buzz and excitement which can be generated when a bunch of like minded geeks get together. I was also delighted to see that my Alma Mater NUI Galway is looking both completely new and modern, while at the same time being reassuringly familiar from 30 years ago (when we used to call it UCG).

You can see the slides for my own talk with Gabriela Avram below. It went down pretty well despite being in a bad slot as the second last presentation of the conference when everyone was tired (including the presenters). A number of the other presentations are also available on SlideShare, but there is no unified feed for them available (yet). I believe that the conference site will be updated shortly with links to all of the presentation and video's of the various presentations (every move was captured on camera).

Tuesday, August 3, 2010

Open source software licenses are irrelevant for cloud based services?

I am a big fan of open source software, butI don't think open source licenses are relevant to the cloud based services that have become popular in recent times. The issue is that people are looking to avoid being tricked into using services with unreasonable rules on intellectual property , but it is possible for a cloud based service that is implemented with open source software to have totally unreasonable rules (and of course it is also possible to develop a service with proprietary software that respects their users' rights in a very enlightened way). Therefore we need to develop a new idea of what are reasonable licenses in an era of cloud based services.

In the  traditional model of computing, the flow of intellectual property is from the software developer to the user. Therefore, an organisation that develops software will distribute it with a license which is a legal definition of the restrictions on what users are allowed to do with the software. However, with cloud based services the transfer of intellectual property is often in the reverse direction. For example, if you are a Facebook user you will be providing valuable content to Facebook every time you upload a photograph or post a status message. Therefore the most important part of the Facebook terms of service is not the rules about what the users are allowed to do, but the rules about what Facebook is allowed to do with this content provided by users.

People rarely read the license that comes with their software, so organisations need to be able to communicate briefly what are the rules about the use of their software. For example, if a company says that their software is "Open Source" users will assume that they will enjoy the four freedoms defined by the Free Software Foundation. In fact most companies publishing open source software won't write their own license, but will use something like the GPL or the Apache license so potential users can know the restrictions without having to read the license at all. In a similar way companies publishing software under a proprietary software will try to summarise the restrictions in a single sentence e.g. "can be used by up to 100 named users" or "can be used for non-commercial purposes only".

What cloud based services need is a similar shorthand way to communicate to potential users of the service what are the terms and conditions associated with using the service (e.g. will your data be shared with 3rd parties looking to target you with advertisements). This is a rapidly evolving area so there is not yet any consensus about what constitutes reasonable restrictions. The best proposal I have seen yet is the Open Cloud Manifesto which was recently launched by a number of important companies active in the cloud services space (including my employer IBM), but this proposal still does not have the backing of several other key players in the industry. This manifesto is geared towards a definition of cloud services where the service provider mainly provides computing power to the users (e.g. the way Amazon or Racksppce do), but different concerns need to be addressed when the service provider is hosting a complete service (e.g. the way Google or Facebook do).

Sunday, August 1, 2010

A temporary gap in weekly reviews

At the start of this year I started publishing regular weekly reviews on my blog each weekend as part of an effort to become better at implementing the GTD methodology for task management. Nobody has been more suprised than me to find that I have perservered with this discipline and only very rarely missed a week.

I do find that the discipline of writing a weekly review has helped me focus on what are the important tasks I want to complete each week. However, there is a lot of work involved and I am wondering if I get adequate return on my investment of effort.

I am about to go off on a few weeks holidays. I don't think I want to manage my holiday time in a GTD way :-) and in any case I possibly won't have adequate internet access to update my blog. Therefore I will take a break from my weekly review for August and then reflect upon whether or not to start up again in September.

Friday, July 30, 2010

Which mobile phone provider is nicest to the Apple fanboys

I think that the iPhone looks like a nice phone, but I am not personally tempted to shell out serious money for a phone which is entirely locked down (and I am very happy with my current Android phone). However, many of my friends are serious apple fanboys and since today is the first day that the new iPhone 4 is being officially sold in Ireland, many have been twittering all day about the relative length of the queues in different shops.

In the USA, many iPhone fans are less than thrilled with the fact that they can only be bought with an expensive AT&T service contract (apparently the service is also not very reliable). In Ireland it is possible to buy iPhones either free of contract or with a contract from any of the service providers. According to Electric News, the different mobile phone service providers had a radically different attitude towards facilitating the Apple fanboys who can't wait to get their hands on the new device:
  • Three Ireland opened its stores in Dublin, Waterford, Limerick, Cork, Galway and Killarney from a minute past midnight.
  • Rival network O2 opened the doors of some stores in Dublin, Drogheda, Tralee, Galway, Cork andLimerick at 8am. However, the mobile operator said it was restricting iPhone 4 sales to existing customers for the initial launch period.
  • Vodafone stores opened at the normal time, but the online store began selling the handset at 7.30am.
There seems to be a serious shortage of stock with all of the outlets reporting that they were sold out by the evening time when I got a chance to check. This is probably a reflection of the huge rise in popularity in all smartphone types. All of the outlets were also reporting that the Android based HTC Desire is also sold out eventhough that has been on the market for a while.

Thursday, July 29, 2010

Is Twitter a conversational mechanism

I hear a lot of people says that Twitter is a great tool for enabling conversations. In my experience Twitter can be used for conversations, but it is far from ideal for this purpose. I think that what people are really saying is that they are surprised how much conversations happen on Twitter given that the platform was designed primarily as a broadcast mechanism (for distributing news about what you are doing).


A conversation takes place when a person reacts to what they hear someone else saying either by responding to the original speaker or by passing in the message they heard to others. In some ways, Twitter is seen as a replacement for email. In order to judge whether Twitter is more likely to be used for conversations than email I decided to compare the what percentage of the contents of my email inbox and my Twitter stream involve conversations. The results are summarised by the following table:

ChannelReTweets or ForwardsRepliesNeither
My Email Inbox
11%22%67%
My Twitter Feed 
11%4%85%

It is clear that I see much fewer conversations happening via Twitter than via email, because although 22% of the emails I receive are replies, only 4% of the Tweets that I read are replies (to my email or someone else's). It seems that both mechanisms are used equally good at spreading news because 11% of the messages on either format are forwarding an email from someone else or re-tweeting a message that someone else twittered.

These results are skewed by the fact that not all emails or Tweets come from normal people. Some of the emails I receive are from automated programs e.g. the automated software build system we use will notify when a new build is available. In a similar way, some of the Tweets appearing in my stream come from semi-automated sources e.g. the Irish Times feed is really just an automated series of links to news stories on their web site. I am not sure I am a totally normal person (if such a concept even exists), but I decided to analyse the statistical profile of what I write:

ChannelReTweets or ForwardsRepliesNeither
My Sent Emails 
14%64%22%
My Tweets39%18%43%

Although the numbers are different here, I still see that I clearly use email more for conversation than I use Twitter - the vast majority (78%) of my emails are either replies or forwards of someone else's message while only 57% of my Tweets involved either replying or forwarding someone else's message. I think that the relatively high percentage (39%) of my Tweets which are re-tweets of someone else message is an indication of the fact that I am not very confident that I know how to use this new medium and so I play it safe by re-tweeting other people's content whenever I find it interesting.

I don't claim to be an expert in advising people about the best way to use Twitter, but it is sometimes easier to identify people using the platform badly. I was amused to see the twitter feed for Poolbeg (an Irish book publisher). The feed was established on 16th of January and started off well with several tweets in the first few days, but at the end of the first week they posted a status message "Evening all - it's been a busy week for Poolbeg. Wine time now though!". Then there are no more tweets in the intervening 6 months. Clearly the person who was responsible for updating their Twitter account thought that drinking wine more interesting than Tweeting :-)

Tuesday, July 20, 2010

Weekly report for the week ending July 18th

Last week I said I would:
  1. Get approval confirmed for open positions in Sametime team (still awaiting approval)
  2. Attend next meeting of the sub-group on IT infrastructure  in Education (meeting was cancelled, but I submitted my input via email)
  3. Get approval for 2010 promotion candidates (several meetings, but still no approval)
  4. Complete draft articles on my blog (done - wrote a long article about history of smasher)


Next Week I will do the following actions:
  1. Get approval confirmed for open positions in Sametime team.
  2. Get approval for 2010 promotion candidates
  3. Write articles on my blog
  4. Decide on next technical project to tackle

Thursday, July 15, 2010

How I became known as Mr Smasher

I have worked on a wide variety of projects with Lotus/IBM during the 15+ years I have been with the company. Smasher was a very short project that I only worked on for a few weeks in my spare time. However, when I meet another IBM employee for the first time, there is a fairly good chance that they will smile and say "are you the guy who wrote smasher?". It is interesting that a project which only involved a very small amount of work had such a huge impact upon my reputation within the company.

Back in 2005 I started to hear a lot of excitement about a new client for the Sametime service known as IBM Community Toolkit (ICT). The interesting thing about this client (which later became the basis for the Sametime v7.5 and subsequent clients) was the fact that developers could easily extend the functionality by means of plug-ins which were only loosely coupled with the core client. A number of interesting extensions were available and proving very popular. At the time there was very little documentation on how to write a plug-in, but many people told me that it was easy to figure out the interface by looking at one of the samples which were circulating on the IBM Intranet. At the time I had been a manager for a few years and I was worried that my programming skills were getting rusty and so I decided to try developing an ICT plug-in as a spare-time to learn more about this new environment.

At the time much of the Lotus development effort was focussed upon the Workplace project (which subsequently became known as the project nobody wanted to mention) and so I decided to develop an ICT plug-in which interfaced to the Workplace server. I spend roughly a half a day a week on this project under an initiative known as "Think Fridays". Unfortunately I found it quite difficult to make progress with this project because the Workplace server was very unstable at the time and the interface was not very well documented. My life was made even more difficult by the fact that the CVS server I was using to save my source code was behind a boundary firewall. Boundary firewalls are network devices used inside IBM to isolate parts of the network and only allow access to packets to/from machines which have been authorised. Unfortunately there was problem with the firewall that I needed to pass through to get to the CVS server. The firewall used to reboot itself frequently which meant that it lost the list of authorised machines. I was often frustrated by the fact that my CVS commits failed and I had to go through the multi-step process required to re-authorise my machine against the firewall.

One Friday I decided to put the original project on hold until a more stable version of the Workplace server was available (which I was assured would only take a few weeks). In order to continue my learning I decided to instead spend my Think Friday time working on a simple utility with would automatically monitor whether my machine was authenticated against the firewall and if not perform an authentication. One thing that made this easy was the fact that the in general the credentials used for authenticating against the firewall are the same as the credentials used for logging into the Sametime server.

It turned out that this was an excellent choice as a plugin for me to write as an educational excercise because it was not too hard to write. I was able to have the bulk of the plugin written in 2 weeks (i.e. half a working day per week implies it was written one full working day). The normal firewall authentication method was via a browser and so my plugin used REST style programming to emulate the same process, which was something I wanted to learn (and was surprisingly easy).

There were a few minor bugs that were tricky for me to solve and so I asked a colleague for advice. Naturally I had to explain to him what it was doing, he was very impressed with the idea and as well ask showing me how to solve the problem he asked me for a copy of the plugin so that he could use it for himself. He in turn mentioned it to a few people and so it began to be circulated within the lab. I never really planned to distribute this plugin, but then again I had no objection to giving it to anyone who asked.

Around this time there were serious problems with the Firewall used in the IBM Dublin lab - it was constantly rebooting and forgetting the list of authenticated users. The local IT support people ordered new hardware to solve the problem, but there were a lot of irate engineers while waiting for the new hardware to arrive. One of the IT support managers asked me if I minded if they recommended the smasher tool to people who were complaining about the firewall issues (if the re-authentications were automated people would not be so upset with the problems). This seriously increased the number of people using the smasher plugin.

Gradually people outside of the Dublin lab became aware of the tool and started using it also. They reported to me that smasher had issues with some of the boundary firewalls used inside IBM which did not use the same authentication UI as the Dublin firewall. It was relatively easy for me to add support for a new login-UI when I was made aware of it, but as smasher grew in popularity the workload of providing support began to grow. Since my job description at IBM does not involve supporting firewall authentication tools, I was looking for a way to drop support for a tool which had already served its purpose for me (I had already learnt all I needed to know about plugin development).

Andy Piper from IBM UK suggested that I should create an IBM internal open source project so that anyone who wanted to add features would be able to do so themselves (this is a project whose source is freely available, but only inside IBM). This sounded like a good idea - there was no point in making it a public open source project since there is no other company I know who ised boundary firewalls like IBM does. Shortly after I created the open source project,  Billy Foss (an engineer from the IBM Raleigh office whom I never even met) kindly offered to take over as the chief maintainer of the smasher plugin.

After 5 years, smasher continues to be very popular despite the fact that there are now a number of excellent alternatives available:
  • BSO Bug me not is a very popular tool developed by Thomas Gumz in the Littleton lab. The only serious limitation with this tool is that it is designed to only work on Windows machines.
  •  My own current favourite is Bugmenot Firefox plugin which was developed by my colleague Stephen Kruger
It appears that my involvement in the smasher project has made my name within IBM. I sometime get asked for advice from other people who are new, but would also like to make their name within IBM. I am not sure I can give good advice since the smasher project happened more by accident than by design, but the lessons I learned from the project are:
  • Scratch your own itch: I didn't spend time wondering what would be useful for many people in IBM, instead I simply focused on what would be useful for me. I suppose I might be more typical than I realise, because it turns out that it was also useful to many other people.
  • Start something completely new: I often see poorly designed tools and feel that I could easier develop a better version. Unfortunately it often turns out that my version is not really better than the existing tool (perhaps better in some ways, but worse in others). I think the key to my success with smasher is the fact that it was a completely new type of tool and therefore there was no existing tool to complete with.
  • Don't aim too big: If you are looking to start a hobby project, I think it makes sense to aim at a small niche. I know that most entrepreneurs aim to find the biggest possible market, but if there is a big market for something then someone will start a formal team to tackle the problem and there is no way that a single hobbyist can compete with a professional team.
  • Be humble: I never tried to convince anyone that smasher was a wonderful tool, if I did I am sure that people would have been only too happy to point out its flaws.
  • Accept help: If you are lucky enough to get offers of help you should accept the offers gratefully. In addition to lightening the load on you, you will probably find that anyone who has helped with the project will become your best advocate.

Sunday, July 11, 2010

Weekly report for the two weeks eneding July 11th

I missed last week's weekly review  due to some

Last week I said I would:
  1. Help with the Sametime 8.5.1 project - especially with Linux client testing and resolving proxy issues (done - this project is not yet gold but the development work is completed)
  2. Get approval confirmed for open positions in Sametime team (not yet)
  3. Give presentations to 2 groups of lab visitors. (done)
  4. Collate results of Profiles usage survey (done - but not sure how/if it is going to be published)
  5. Conclude 2010 promotion review process for the more senior bands (still awaiting to hear if proposed promotions list is approved)
  6. Complete draft articles on my blog(one done more to go)

Next Week I will do the following actions:
  1. Get approval confirmed for open positions in Sametime team.
  2. Attend next meeting of the sub-group on IT infrastructure in Education
  3. Get approval for 2010 promotion candidates
  4. Complete draft articles on my blog

Thursday, July 8, 2010

Applying the network roaming model to electricity

Before the invention of GSM phones it was not possible for people to use their mobile phones outside the area covered by the network operator from whom they had purchased their phone.  People who travelled very frequently to another country might have considered purchasing another phone and getting an additional service contract in the second country, but for the vast majority of users did not consider this worth the cost and hassle. Consumers were thrilled when GSM operators introduced roaming services, now they could have a single account with a phone provider and make and receive calls wherever they were in the world. It was also a boon for phone service providers who were delighted with the additional income from foreign users who were roaming onto their network.

Now that network access has become much more widespread, users are still left with the problem of where they can get access to electrical power to charge up their devices. Many businesses such as cafés are willing to allow customers to plug-in any device they want, but there are situations where the number of customers wanting to take advantage of such a facility forces the business to be more restrictive about who they allow plug in devices and run up their electric bill. For example in Heathrow airport all of the electric sockets in public areas have deliberately been converted to use an unusual plug type to avoid travellers running up a huge electric bill for the airport as they charge up their various devices.

People whose batteries are running low while they are away from home, would be willing to pay a reasonable fee for access to electric power. Unfortunately the small amount of money that is considered reasonable to charge for access to an electric socket means that the cost of collecting the fees would almost outweigh the money taken in and such paid charging stations are still a rarity.

What I think we need is a convenient way of allowing consumers to pay for the electricity they use away from their home by having the charge added to their home electric account in much the same way that the charge for calls made on other networks is added to the bill from their home network (or deducted from their call credit if it is a pre-pay phone). For this to work, we need something equivalent to the SIM card in a GSM phone which identifies which account the phone is associated with. Luckily there is already a mechanism defined by the RightPlug Standard where the plug associated with a device can be uniquely identified to the socket into which the device is plugged in. The RightPlug Alliance which is promoting this standard seems to mainly envisage that the standard would be used for safety monitoring, but I think it could have even more potential if adapted for use in a billing system.

I would love if someone offered such a service and I am sure they could find it quite profitable. I would definitely subscribe to such a service if it existed, but I don't think I personally would be interested in getting into this business.