Random thoughts
Wednesday, December 12, 2012
IT security beyond computers and smartphones
IT security is not just about computers and smartphones any more. Your smart TV may be allow attackers to get access to sensitive information and control the device, as security start-up ReVuln demonstrates for Samsung's Smart TV.
Once simple stand-alone receivers, TV sets, set top boxes and digital recorders are full featured computers and connect to home networks for downloading program guides and software updates, sharing pictures and videos and enabling social media integration.
Read more about recently discovered security flaws in home entertainment equipment on The Register.
Labels: security, technology
Thursday, August 9, 2012
Cambodia revisited
One year has passed since I left Phnom Penh after my IBM Corporate Service Corps assignment in Cambodia had ended.
In the following months, I wrote articles about the CSC experience for our local employee magazine and for our corporate social responsibility site. A professional writer covered the story for the THINK! Magazin. Our company internal Global Web Services newsletter featured another article. This one happened to find its way to my client HRINC, where it got published on their company website as well.
In February, another #ibmcsc team visited Cambodia and worked with a different group of clients, mostly educational institutions. During their preparation I had the pleasure to share some of our team’s experiences, including recommendations for sight-seeing, dining and entertainment.
Writing and talking with colleagues, friends and family about the trip always brings back fond memories of the great time spent in Cambodia with the “Tissabamokah” team, our hosts and the various people we met during our stay.
I occasionally hear from my friends at HRINC about life and work, and follow the updates from the Cambodia Retirement Village (CRV) project.
The IBM team has stayed in loose contact also. We didn’t manage to arrange our first annual reunion that we had talked about before we left, and we never completed our team video. Somewhere that raw footage is waiting to be edited and cut, maybe for another anniversary.
If you ever have an opportunity to spend some time on a voluntary assignment, whether as a company sponsored activity or with a volunteer organization like Australian Business Volunteers (ABV), go for it, and if you don’t, try harder to find one.
Looking back a year later, I wouldn’t say that one month abroad made me a completely different person, but I certainly learned a few things about myself too. What made the most lasting impression on me was the Khmer people’s positive and cheerful attitude, which I admire and often miss.
Related links:
Thursday, July 5, 2012
Moving on: new job, same company
Starting new job today, and I am excited about it!
Some fifteen years (or seventy web years) ago I started working on the IBM Web presence as webmaster in Corporate Internet Programs and Enterprise Web Management. During that time, and later as Web effectiveness manager in IBM Inside Sales, I had the pleasure to work with many great people around the world. I learned a lot about business and technology. I had the opportunity to travel to various places and attend and speak at international conferences. It's been a lot of fun and a great learning experience, and I look back fondly on the many things we achieved together.
Now the time has come to move on. Effective immediately, I am joining the IBM Global Business Services organization in Austria, leading the Enterprise Architecture team in Application Innovation Services.
I am very much looking forward to this new opportunity in a different area of the business, in a more technical capacity, working with local customers, and I am honored to join an amazingly skilled and experienced team.
Tuesday, January 31, 2012
Google Browser Size: Is your content visible?
Then take a look at Google Browser Size, an amazingly simple and effective tool for Web designers to see what percentage of users sees which content, like this:
Of course we all know to place important content towards the top, above the fold, we have seen the heatmaps from eye tracking studies, and we all test at different screen sizes, right? Google Browser Size, already launched back in December 2009, just makes the testing easier and
brings this home with shocking immediacy(Mike Moran at Biznology).
The visualization is based on browser window sizes of people who visit Google, not on actual browser window sizes used when accessing a particular site. Depending on how closely your audience matches the average Google visitor, results may vary.
One caveat: As mentioned on the Browser Size website, the tool works best on web pages with a fixed layout aligned to the left. The visualization can be misleading for liquid or reactive pages that adjust to the available screen width, we well as centered pages.
Labels: google, seo, usability, webdevelopment
Wednesday, November 30, 2011
Velocity Europe 2011 conference report
Web companies, big and small, face the same challenges. Our pages must be fast, our infrastructure must scale up (and down) efficiently, and our sites and services must be reliable … without burning out the team.
Velocity Europe conference Website
Three years after its inception in California O’Reilly’s Velocity Web Performance and Operations Conference finally made it to Europe. Some 500 people, web developers, architects, system administrators, hackers, designers, artists, got together at Velocity Europe in Berlin on November 8 and 9 to learn about the latest developments in web performance optimization and managing web infrastructure, exchange ideas and meet vendors in the exhibition hall.
Velocity Europe was well organized and run. There were power strips everywhere and a dedicated wireless network for the participants, although the latter barely handled the load when everyone was hogging for bandwidth. Seeing bytes trickling in slowly at a performance conference was not without irony. Some things never change: Getting connected sometimes requires patience and endurance. Back in the days I was volunteering at the W3C conferences preparation involved running cables and configuring the “Internet access room”, only then contention for network resources meant waiting for an available computer.
As expected for a techie conference, about the only people wearing jackets and ties were the AV operators, food was plentiful and good, and the sponsors handed out T-shirts, caps, and other give-aways. Plenary sessions were recorded and streamed live, and #velocityconf on Twitter also has a good collection of facts and memorable quotes for those who couldn’t attend in person.
Steve Souders and John Allspaw led through two busy days packed with plenary sessions, lighting talks and two parallel tracks on Web performance and Web operations. While bits and bytes certainly mattered to the speakers and the audience, the focus was clearly on improving the Web experience for users and the business aspects of fast and well-managed Web sites.
The conference started with a controversial talk about building a career in Web operations by Theo Schlossnagle, and I couldn’t agree more with many of his observations, from suggesting discipline and patience (and recommending martial arts to develop those virtues), learning from mistakes, developing with operations in mind to seeing security not as a feature but a mentality, a state of mind. Along the same lines, Jon Jenkins later talked about the importance of dev ops velocity, why it’s important to iterate fast, deploy fast, and learn from mistakes quickly, mentioning the OODA loop. Some of the Amazon.com deployment stats are just mind-boggling: 11.6 seconds mean time between deployments, and over 1,000 deployments in a single hour to thousands of hosts.
Joshua Bixby addressed the relationship between faster mobile sites and business KPIs. Details of the tests conducted and the short-term and long-term effects on visitor behaviour are also available in his recent blog post about a controlled performance degradation experiment conducted by Strangeloop. Another interesting observation was the strong preference of customers for the full Web sites over mobile versions and native apps: One retailer in the U. S. found that of the online revenue growth for that company was driven by the full site. 35% of the visitors on their mobile site clicked through to the full site immediately, 24% left on page 1, another 40% left after page 1, and only 1% bought something.
Performance also matters at Betfair, one of the world’s largest betting providers. Doing cool stuff is important too, but according to Tim Morrow’s performance pyramid of needs that’s not where you start:
- It works.
- It’s fast.
- It’s useful. (I personally have a slight preference for useful over fast.)
- It’s cool.
Jeffrey Veen of Hotwired, Adaptive Path, TypeKit fame kicked off the second day with an inspiring talk on designing for disaster, working through crises and doing the impossible. I liked the fancy status boards on the walls, and the “CODE YELLOW” mode, the openness and the clear roles when something bad happens. And something bad will happen, as John Allspaw pointed out: “You will reach the point of compensation exhausted, systems, networks, staff, and budgets.” A helpful technique for planning changes is to write down the assumptions, expectated outcomes and potential failures individually, and then consolide results as a group and look for discrepancies. If things still go wrong, Michael Brunton-Spall and Lisa van Gelder suggested to stay calm, isolate failing components, and reduce functionality to the core. Having mechanisms in place to easily switch on and off optional features is helpful, down to “page pressing” to produce static copies of the most frequently requested content to handle peak loads.
Several talks covered scripting performance and optimization techniques. Javascript is already getting really fast, as David Mandelin pointed out, running everything from physics engines to an H.264 decoder at 30 fps, as long as we avoid sparse arrays and the slow eval statements and with blocks. Using proven libraries is generally a good idea and results in less code and good cross-browser compatibility, but Aaron Peters made the point that using jQuery (or your favorite JavaScript library) for everything may not be best solution, and accessing the DOM directly when it’s simple and straightforward can be a better choice. Besides that, don’t load scripts if the page doesn’t need them – not that anyone would ever do that, right? – and then do waterfall chart analysis, time and again. Mathias Bynens added various techniques for reducing the number of accesses to the DOM, function calls and lookups with ready-to-use code snippets for common tasks.
For better mobile UI performance, Estelle Weyl suggested inlining CSS and JS on the first page, using data: URLs and extracting and saving resources in LocalStorage. Power Saving Mode (PSM) for Wi-fi and Radio Resource Control (RRC) for cellular are intended to increase battery life but have the potential to degrade perceived application performance as subsequent requests will have to wait for the network reconnection. Jon Jenkins explained the split browser architecture of Amazon Silk, which can use proxy servers on Amazon EC2 for compression, caching and predictive loading to overcome some of these performance hogs.
IBM’s Patrick Mueller showed WEINRE (WEb INspector REmote) for mobile testing, a component of the PhoneGap project.
Google has been a strong advocate for a faster Web experience and long offered tools for measuring and improving performance. The Apache module mod_pagespeed will do much of the heavy lifting to optimize web performance, from inlining small CSS files to compressing images and moving metadata to headers. Andrew Oates also revealed Google’s latest enhancements to Page Speed Online, and gave away the secret parameter to access the new Critical Path Explorer component. Day 2 ended with an awesome talk by Bradley Heilbrun about what it takes to run the platform that serves “funny cat videos and dogs on skateboards”. Bradley had been the first ops guy at YouTube, which once started with five Apache boxes hosted at Rackspace. They have a few more boxes now.
With lots of useful information, real world experiences and ideas we can apply to our Websites, three books signed by the authors and conference chairs, High Performance Web Sites and Even Faster Web Sites, and Web Operations: Keeping the Data On Time, stickers, caps and cars for the kids, Velocity Europe worked great for me. The next Velocity will be held in Santa Clara, California in June next year, and hopefully there will be another Velocity Europe again.
Related links
Photo credit: O´Reilly
Labels: events, javascript, metrics, networking, technology, webdevelopment
Monday, October 24, 2011
Google encrypting searches: security, privacy and control
Google recently announced plans to make search more secure.
This effort includes encrypting search queries, which is especially important when using an unsecured Internet connection or accessing the Internet through intermediate devices which have the ability to log requests. Encrypting the search interface will automatically block referrer information for unencrypted sites, and would provide an incentive for companies to join the industry effort to use SSL/TLS encryption more widely.
But Google takes this a step further, hiding query information from encrypted searches. The click-through tracking link for unencrypted search includes the search term parameter “q”, which gets passed to the visited website:
http://www.google.com/url?sa=t&rct=j&q=&esrc=s&frm=1&url=http%3A%2F%2Fexample.com%2F
The link for encrypted search, however, leaves the parameter “q” empty. Interestingly click-throughs for encrypted searches are tracked on an unencrypted connection, thus revealing the visited site address to an eavesdropper:
http://www.google.com/url?sa=t&rct=j&q=example&url=http%3A%2F%2Fexample.com%2F
With this change, the visited website receives no information about the search term. What enhances privacy for searchers holds website owners off important information for optimizing their websites to best serve visitors.
Browsers already provide mechanisms for controlling referrer information, for example the network.http.sendRefererHeader preference setting or the customizable RefControl extension for Firefox. Google’s privacy enhancement takes control away from the users by not passing referring information, period.
Google’s move has the potential to change the search engine marketing (SEM) landscape. Search terms in paid ads will remain trackable unchanged. For organic search, the only way for website owners to get access to, albeit delayed, aggregated and limited to the top 1,000, search terms is through Google webmaster console, a very fine tool but not a replacement for an integrated web analytics solution.
The impact of this change goes beyond web analytics and search engine optimization (SEO): Sites often use the search terms that led visitors to the site for dynamic customization, offering related information and links. With encrypted search, visitors will no longer have access to these enhancements either.
Friday, September 30, 2011
Goodbye, Delicious!
When AVOS took over, they promised Delicious would become “even easier and more fun to save, share, and discover”.
I haven’t quite figured out what the new site is about. All I can tell is that I am not interested in the featured stacks about synths and electronic music, 7 top articles on Michael Jackson, or Beyonce and beyond. I WANT MY BOOKMARKS!
One reason for using an online bookmarking service is the ability to share bookmarks between browsers and computers. Sure enough the site no longer works with Internet Explorer 8 at all and suggests that it might work better on Firefox.
Tag lists were temporarily broken. Search suggests fairly useless related tags (anyone in Vienna looking for dentists in London, Syracuse and Colorado?) Even bookmarking, the raison d'être of this site, doesn’t work well any more.
It’s obviously time to look for another bookmarking service while the Delicious export to save a bookmarks file locally still works.
Goodbye, Delicious!
Labels: technology, web2.0
Tuesday, August 9, 2011
Goodbye, Cambodia!
While others were checking out and heading to the airport, I went for a five hour walk to explore Phnom Penh by foot again. The first sight was the main post office, a recently renovated colonial-era building, with time tables for letter postings and a commemorative stamp counter where the clerk would patiently search through piles of first-day covers and stamp packs to find the desired items. Here I could also finally mail the postcards I had written a fortnight ago; unlike in most other countries stamps are not available from stores and I didn't see letter boxes anywhere in the city either.
The next stop was Wat Phnom, a pagoda on a green hill and a place where people make generous donations of food and money, and only foreigners pay a modest entrance fee.
The railway station looks as if it was still in operation, with nice wooden benches in the waiting area and time tables listing train connections, only no trains have been running for many years and only now there are attempts to start at freight services again.
The Olympic stadium provided protection from a sudden monsoon rain, and the security staff was kind enough to let me take a peek inside where some soccer game was about to start.
The real athletes were outside though, two workers mounting a huge billboard and climbing the scaffold with ease in their flip-flops.
The day ended with a nice dinner with friends of a friend of mine, a couple living in Phnom Penh who invited me to their beautiful colonial style house and afterwards to Rahu, a new and very stylish restaurant at the riverside.
On Sunday morning I began to appreciate everyone's complaints about packing. Although I had resisted the temptations at the various markets and had not bought much, I ended up with a full suitcase, a seriously overweight backpack and a large extra bag of dried fruits from Cambodian Dried Harvest Fruit, one of the companies our team had worked with.
Patricia and her friend left early to catch a bus for a ten hour drive to the north, on-board Karaoke included. Since the weather great I decided to spend my last day visiting a few more sights by car with a wonderful driver, Chin Bond Sreang (his contact information at the time of this writing: phone +855-12855281, e-mail bondservice81@yahoo.com).
The first stop was Phnom Chisor, a temple ruin set on a hill, some 300 steps from the parking area. Arriving in a fancy four-wheel drive on a lazy Sunday has its disadvantages, especially when you are one of the very few tourists in the area, so I had plenty of kids wanting to show me around. After having seen Angkor the temple remains here are not so special, but the view from the top over to Vietnam and Thailand is spectacular.
Next I visited the Phnom Tamao zoo, a sanctuary for birds, lions, tigers, crocodiles, snakes, elephants and monkeys, lots of monkeys. A young and very knowledgeable volunteer guide showed me around and we talked about his plans to finish school and move to Phnom Penh to become a tuk-tuk driver one day. The way he talked about the capital, full of passion and desire, it sounded like a wonderful place far away.
There are many beggars along the road to the park, which is quite popular with locals too, and some special figures too. On the way out when the afternoon rain started I was glad to be in the car, not on a tuk-tuk, as the road was getting quite muddy and all the carefully cleaned motorbikes and their drivers looked much less clean within minutes.
Last was Ta Promh, another temple ruin in a scenic setting, near a pagoda and a lake where people spend their weekends.
Along the way I saw again packed vans with some people sitting on the roof, motorbikes loaded with poultry and pigs, and near a wet area several food stands offering grilled frogs. Before you ask, I was not hungry and didn't try any, although they looked pretty good.
Thus ended my last day here, goodbye Cambodia!
Thank you to everyone who made this trip possible, memorable and enjoyable, first and foremost my family for letting me be away for so long, the “Tissabamokah” team and our colleagues at IBM who helped with enabling this assignment, our organizers and hosts from ABV, our client teams, the wonderful staff at Boddhi Tree hotel, our drivers and tour guides, and all the people we met in Cambodia, សូមអរគុណ!
Post scriptum: The flights from Phnom Penh to Vienna via Bangkok and Frankfurt went well, only I forgot that Thailand is on a different time zone and almost missed my connecting flight to Frankfurt. As I boarded the plane the captain was just announcing that they were waiting for two more passengers, I guess one of them was me, ouch! I left Phnom Penh with temperatures in the thirties at night. Upon arrival on Monday morning, Frankfurt reported rain and a temperature of 12° C, and Vienna wasn't much better. I will miss a thing or two from Cambodia for sure.