Enterprise Time Tracking Software Idiocy

Going between client sites all the time I also get to touch a lot of "enterprise" time tracking software packages. Most of these must be the most retarded (apologies to those with mental disabilities, there is no way you could actually invent something that dumb).

Of course, companies need to know what their employees and consultants are spending their time on. This is not the problem. But ERP systems' (they want to be called this, but they aren't). The problem is, in a word, usability. And this leads back to the classic dichotomy between the two types of software in the world:

Elective Use Software

Compulsory Use Software

Elective Use Software:

By definition, it's what a user elects to use. In order to be elected, this software must provide some sort of value or reward to the user, usually revealed in a day-in-the-life product planning exercise. The test is simple: Does a user's day or particular activity get markedly better with the product vs. without? One can also use the term made famous (but not invented by) Steve Jobs: "suck less"

The hallmarks of software of this sort then, is that provides utility, and so is actually something you can use, and will use because it makes your day better. Not only that, but most software of this nature also has the job of convincing you of the utility it provides quickly, and intuitively.

Compulsory Use Software:

Classic IT software falls very much into this category, as does just about anything labeled "enterprise". Because the person purchasing the software is not the person using it, usability, and by extension, productivity takes a back seat. Really. Look at SAP, look at the time entry systems where you work, and stuff written by your internal IT departments for internal consumptions. Cumbersome user interfaces, unclear instructions, and overall very unintuitive.

The irony. The enterprise planning software and time trackers actually impede productivity as they are designed today. Bravo.

oooh snap! Figures - IBM in talks to buy Sun Microsystems

The Yahoo Story.

Totally stuck up dot-com ridealong company gets bought by suit-and-tie company able to admit that they sometimes don't know what they're doing.

This will end in tears.

Let me see now, I saw a picture last night that reminds me of this situation:
















Credit to the good crew at AR15.com - they make some of the funniest pictures.

How not to make Money, or How Valve's Steam Service Sucks

One of my big pet peeves is when fraud prevention systems become customer prevention systems. I was actually going to comment on how cool the game Portal is, but getting an impulse buy declined always irritates me.

Valve's Steam service takes it to new extremes. Every other month or so (when I am trying to buy a $9.99 add on or something else impulsively), all my credit cards and my paypal account are declined with no further details available. Support always answers with the same response "you were flagged by our fraud prevention system". Once, I could possibly understand if I mis-spelled my address, or was buying from an unverified PayPal account. AVS will flag that.

Right about the sixth time, it gets rather old.

Of course, the fools answering the questions for Valve have no idea how basic credit card fraud prevention is done, and so generally make something up that's easy to call BS on. They're also not interested in fixing it or it would probably not have happened the third time.

Obviously, it flies in the face of instant gratification, and makes you wonder who the dork that failed Comp Sci 101 was that failed the class was that implemented is, and who the 3rd rate MBA/accounting drop-out was to come up with such "restrictive" (as in stupidly anal) requirements instead of actually thinking about the problem.

Valve's Steam has:

• Subscriber name, DOB, address, email
• The Steam fat client has no trouble uniquely identifying a machine (think MS's unique machine identifiers), and the user that's logged in, and any file on the machine (think browser history and cookies)
  
• Credit card history for steam accounts
• Access of PayPal records for purchases made, plus access to PayPal's fraud prevention system
• The ability to verify that all of this stuff matches
  

Effectively, everything about you but a DNA sample. Obviously the privacy implications are scary, and it's safe to say they care more about their bottom line in terms of credit card chargebacks than they do about your privacy. I am willing to bet money that their security scarcely exceeds PCI data security standards, and it's likely that also got "exemptions" for reasons of their "business model."

So, given a perfect match, why say no to money?

All online businesses have more fraud exposure than brick-and-mortar ones. A "card not present" transation is not guaranteed by the card issuers. If you're an online vendor who gets enough disputes to charges filed (called chargebacks) your per-transaction fee goes up, and the amount of scrutiny the credit card companies give you in terms of the PCI security standard. A criminal can walk into a jewelry store and max out your account with a re-printed credit card, and stores don't bother verifying ID or signatures because they're protected from fraud - the onus is on you to prove you didn't buy it.

However, I can buy a $1500 notebook PC from mwave with my credit card, shipping address that has to match my billing address, and the CCV2 code at the back of the card. Somehow being more risk averse than mwave.com for sub-$50 purchases is beyond my ability to rationalize.

In short, Portal is a great game. Good luck buying it, but then, it's just as cheap in the store. So much for passing along savings to the consumer, huh?

Message from Creative: Stop making our products work!

Well, I posted this on Slashdot, as I am sure there were other submissions as well.

Here is the story - a user named "Daniel_K" "modded" (I hate that term) the driver suite that Creative distributes for their sound cards to re-enable some features their driver disables in Windows Vista. Notably, these features work just fine in Windows XP, and Creative seems to be pushing this as a way to make customers upgrade to a new card, the same as the old, but with a driver that works (for now).

Sound fishy? You bet.

To quote their VP (original thread archived here):

Daniel_K:

We are aware that you have been assisting owners of our Creative sound cards for some time now, by providing unofficial driver packages for Vista that deliver more of the original functionality that was found in the equivalent XP packages for those sound cards. In principle we don't have a problem with you helping users in this way, so long as they understand that any driver packages you supply are not supported by Creative. Where we do have a problem is when technology and IP owned by Creative or other companies that Creative has licensed from, are made to run on other products for which they are not intended. We took action to remove your thread because, like you, Creative and its technology partners think it is only fair to be compensated for goods and services. The difference in this case is that we own the rights to the materials that you are distributing. By enabling our technology and IP to run on sound cards for which it was not originally offered or intended, you are in effect, stealing our goods. When you solicit donations for providing packages like this, you are profiting from something that you do not own. If we choose to develop and provide host-based processing features with certain sound cards and not others, that is a business decision that only we have the right to make.

Although you say you have discontinued your practice of distributing unauthorized software packages for Creative sound cards we have seen evidence of them elsewhere along with donation requests from you. We also note in a recent post of yours on these forums, that you appear to be contemplating the release of further packages. To be clear, we are asking you to respect our legal rights in this matter and cease all further unauthorized distribution of our technology and IP. In addition we request that you observe our forum rules and respect our right to enforce those rules. If you are in any doubt as to what we would consider unacceptable then please request clarification through one of our forum moderators before posting.

Phil O'Shaughnessy
VP Corporate Communications
Creative Labs Inc.

Mr. O'Shaugnessy, do the right thing and resign, because you know nothing about how software developers or the market work. You clearly fell off the cluetrain. Go crawl back under the rock you crawled out under from, or maybe some dying music label that sells crappy music but wants to blame the Internet will hire you.

Creative's damage control folks have now deleted this post on their forum, and replaced it with this:

We have read the strong feedback about Creative's forum post regarding driver development by Daniel_k and other outside parties. Creative's message posted on our behalf by our Company spokesperson tried to address our concern about the improper distribution of certain software which is the property of other companies. However, we did not make it as clear as we would have liked that we do support driver development by independent third parties. The huge task of developing driver updates to accommodate the many changes in the Vista operating system and the extensive testing required, including the lengthy Vista certification requirements for audio, makes it very difficult for Creative to develop updates for all past products. Outside developers have been very helpful to Creative and our customers by developing updates for many of our Sound Blaster products, and we do support and appreciate these efforts. This however does not extend to the unauthorized distribution of other companies' property. We hope to work out a mutually agreeable method for working with Daniel_k in supporting his efforts in driver development. Going forward, we are committed to doing a better job of working more closely with third parties to support their development for our products and our customers.

Message Edited by Dale-CL on 04-01-2008 03:49 PM

Sounds like that reverse gear grinding away. In short, Creative's position is:

• The technology daniel_k re-enabled for Vista was only licensed from the original creators for use under Windows XP.
• Daniel_k was wrong to accept money to support is "illegal" habit. (If you're claiming that I only have a license to my hardware, you guys need to get your heads examined. It's like Ford telling you you don't have a license to put Yokohama tires on that car.)
• They're really mad that he made their kind-of-crappy audio processing suite work with cards other than ones made by Creative. Boo-hoo.

Tough cookies, Creative. Makes me glad I passed your products by the last couple of years.

Daniel_k got responded on Wired - good for him to do this in more mainstream press.

PowerPoint(tm): The New Documentation Standard

Well, finally something work related.

So what did I miss? Apparently everyone dumped Visio (tm) and other technical drawing products, and replaced them with PowerPoint. Four years ago I lamented the same thing with a PowerPoint presentation being considered a "Product Plan."

Architecture Consultant: "We need a state diagram and a sequence diagram."

Developer: "Here it is."

AC: "That's a Power Point! The arrows don't line up, and there are no dotted connectors!"

Manager: (Manager overrides) "It's great!"

AC: "It actually does not show how anything interrelates, and how it relates to the software components."

Manager: "Well, you had better be able to fix out outage with this."


Yet, all this focus, and meetings have gotten longer, and the elevator pitch is a lost art.

What gives?

Honesty and Reflection on Company Mistakes

One question I get asked on occasion is how does speaking out about mistakes affect things like a career.

As I have stated before, honest analyses of what went right and what went wrong are hard to come by in any corporate environment. Most peoples' interest is protected by burying mistakes, this is how execs get hired again and again. The problem is this (obviously) does not serve the organization.

Honesty is not rewarded, even if:

• It is to lobby for training (or pointing to the Borders book store across the parking lot when someone complains the 'dir' command does not work on UNIX - maybe that's baby-like; I prefer competence)
  
• If there is an easier way to get something done
• If there is something that affects the company bottom line

So has this affected my work or ability to find it? Undoubtedly, but not in a quantifiable way.

Would you hire someone that will tell you when mistakes are being made?

How about if you do not react and the person gets shrill at times?

Radio Interview w Rich Levin: Last call for sunscreen!

Here it is - I opened my big mouth again, and gave an interview to Rich Levin. Pardon the voice quality - it was over SunRocket. I also got some press coverage locally in Connection Newspapers.

As it turned out, he also interviewed my former boss from SunRocket. Interesting how seven months can change things.

My last points are important: I am as blunt as I am in bringing up mistakes because one needs open discussion to learn from them. Too much energy in corporations is expended hiding mistakes, and so lessons get lost. Think about that before you berate the next guy for telling you the truth.

In other news, Bush said this morning that "you cannot impose freedom." Duh. Or "fundamentational" I guess.

Sunrocket done at COB today

I also got copied on the internal memo stating that they had not found a buyer. More than anything though, it seems pretty clear that people don't quite understand how the porting system works. The last dev remaining sent an IM my way saying that he was turning out the lights. If I had been in town I'd be pulling gear out of the lab right now, they had some really nice kit in there.

Porting a number is "pull" process most of the time. This means that there need not be anyone alive on the other end to release the number. The only system that will still see the number at its original location is the system that you have ported from. In SR's case, they'll be "bricking" or killing their ATA's today sometime, so this won't be a problem. Secondly, SunRocket never bothered going through the registration to get its own numbers for a number of reasons (good for everyone, as it turns out), so proof of number ownership lies with the upstream number providers anyways: Global Crossing, Qwest, Broadwing.

How to Port:

1. IMPORTANT: Print out a SunRocket statement from the web site!
   
2. Open an account with your chosen provider, and tell them you'd like to port the number.
3. Send them a copy of the printed statement (not that it says much).
4. Once inbound calls start working on your new equipment, call SunRocket to cancel your account. Skip that step - they're no longer answering.

--------------- (edited for clarity)
NOT RELATED TO PORTING:

Other cool links:

ATA (Gizmo) Passwords, posted here:
User: admin
Password: 7UprUtew

Another Gizmo site

If the decision (at Sherwood Partners) is not to blow away the actual Gizmo firmware (killing them permanently), one should technically be able to re-use them for whatever service one ports to.

Kicking the Dead Horse: Top 10 Mistakes of Sunrocket

Other than the top-10 list I posted some time ago I suppose now that my stock options are worthless I have no incentive to hold back.

I still dig top-10 lists, so here we go:

10. Failure Framework: Hiring telco execs in CXO positions out of the gate. Who else to piss away money the fastest on "future proofing" while the sysarch has to explain why these "web servers" are necessary?

9. Gotcha: Claiming a "no-gotcha" company while maintaining strict radio silence when things were going wrong.

8. From bad to worse: Hiring the same people responsible of a major loss in shareholder value at AOL to run Sunrocket. Of course, they covered their butts and so this is impossible to prove. I'll mention this: nobody in their 40's "retires" from a VP position. That's jargon for not being able to find a new job before it becomes plain as day you suck at your current one.

7. We tanked like this last time: Telco execs hiring ex-telco NOC staff to run what's essentially a dot-com network hauling primarily UDP traffic. To their credit most came around to running internet systems, but this was much harder than it needed to be. The bitching of the "seasoned Telecom execs" about Linux not being UNIX and then one of their stars tanking a UNIX machine (Solaris... that's UNIX, right?) by typing "hostname help" at the root prompt did little to point out their own irony.

6. Improvement aversion: vertically scaling session border controllers originally purchased as a stop-gap measure while politicking to have a solution with 1/20th the per-subscriber cost in back office equipment (and scales horizontally) taken off the map. Not to mention it provided a gateway to the Jabber protocol's Voip (can you say peering with GoogleTalk?) service. Can't do that - it could make us popular.

5. The Ostrich: One exec signs a deal for a SQL Server-based billing system (read: runs Windows, not UNIX) with no due diligence. Want to know why Sunrocket could not actually make money? They could not bill. The result: Call detail records were present three times in the billing database with the call merging done in-database. A perl script would have been 20 times faster. A funny one was that it was the same exec that called a meeting to explain the "web server line item" asking why this was needed, what this thing called Linux was - and then promptly complained that SQL Server cost money, and nixing the enterprise choice so fail-over could work.

4. The Ostrich 2.0: Deploying (I don't know if it ever went live) the next billing system on servers with no floating point processors (Sun T1000 systems). Now fine, billing systems should count tenths of pennies or so (i.e. not need floating point), but Oracle 10g sure does, and programmers sometimes forget that you're quickly down to two digits of precision when daisy-chaining floating point calculations. Are the T1000's even Oracle certified?

3. The Sheep: Outsourcing development and call center without actually agreeing to a development process in house. And then wondering why things fail, take twice as long, or end up canceled. Repeat after me: The good thing about outsourcing development to India is you get exactly what you specify. The bad thing about outsourcing to India is you get back exactly what you specify. If you're a bank, fine, you probably had 20 years to sort your process and procedure out - doing it as a dot-com is an express ticket to dot-gone. Oh, and the project managers that were not allowed to manage projects... Wait! Innovation was outsourced to ... AOL execs. Yaaay!

2. Security? That's the sysarch's problem: SR could have called itself the official VoIP provider of Al-Quaeda for a while - the session border controllers were so bottlenecked that authentication was effectively off at times, and ATA (the box that gives you dial tone) configs were unencrypted. Of little consolation is that your account password is the same as the account number ... hmmm. Too bad the sysarchs weren't usually allowed on the session border controllers.

1. Penny wise, pound foolish: The whole thing was rolled out seam-of-the-pants style. To the first 7 month team's credit, it all mostly worked (except believing some vendors, like the SBC people, that their capacity assessments were actually accurate). Conveniently, Mr. "what's-this-webserver-thing" canceled the inital lab to diagnose or load-test anything because it would be too expensive, and he did not want to run another 60A of power to the machine room. That was until the building engineer got all huffy showing the circuit distribution box hitting 166F on his thermal cam, so at least the circuits came.

Now fine - I have no trouble admitting my part in this. I never produced a nuclear-sub-grade operations manual for the whole system, with step-by-step procedures for when some green light went red. But then, nuclear subs cost 60 billion each and take three years or more to build. But was fun pointing the network staff at a folder on their network during an outage (I wasn't there anymore, but I also like my phone working...) that outlined troubleshooting and recovery procedures, and lists of every process needed to to support production on every production system and hearing "I never even heard this existed..."

<full_disclosure>
Oh, and I got fired for getting upset that someone with control over the access list at the data center decided to "omit me" the day I was to work on-site with a vendor, and then pointing this out. Plausibly deniable - only other CXO's admitted to hearing the perp admit this was not an accident. But perfect timing, since my mom had just died, and I was somewhat vulnerable as a result. Who says telcos can't innovate?
</full_disclosure>

Arguably, the number one folly at Sunrocket: for a communications company, we all should have been better at communicating. The irony.

I feel better now.

SunRocket turns Scud Missile

Well, the word is in: SunRocket is out for the count.

As the guy who did the wiring diagrams for the place (now you know who I worked for), it's sad to see. Congratulations to the ex-AOL management (you know who you are!) that took over for a new record in running a company into the ground, and congrats to the board of directors for yet another successfully mismanaged venture.

Internally, SunRocket's politics went further and further in preventing effective execution of the technology vision. But can be expected when you mix telecom and dot-com? The dot-com "meltdown" was a drop in the bucket compared to the losses incurred by telecoms companies during the downturn years, and clearly management from the has-beens has not learned from their mistakes. I won't make myself sound like a disgruntled former employee, but anyone who has worked there should not be surprised at the outcome.

All the best to the folks let go today and last month, and I'll get some toilet paper printed in the shape of stock options certificates!