Category: Opinion

Could a bit of cultural sensitivity help make better tech products?

A post from a person I follow on twitter got me thinking about tech product development…

Dear Word for Mac 2011: No.

This was on a Mac in the UK. With a UK keyboard. With the system locale set to UK. With the system language set to British English.

Yet the software offered an autocomplete using the American styling of “Mom”, seemingly ignoring the locale settings on the machine!

Okay, it’s not escaped me that Word for Mac is a MSFT product. So maybe this is about cultural insensitivity in tech (or maybe all) companies in general, but as this was on a Mac, I’m going to use Apple as an example of what could be done better.

Everyone remembers the Apple Maps launch debacle, right?

So many of the faux-pas could have been avoided if there was a bit of cultural sensitivity and local knowledge applied when sanity checking the mapping data, especially the place-mark data.

Firstly, there’s a GIGO problem at work here. Apple took in some seriously old source data.

For instance, the data was so out-of-date it contained companies long since closed down, gone bust, or merged with competitors. Yet, if there had been a bit of local clue applied, these could have been caught in the sanity checking of the data.

Here’s a few examples still there, which could have been eliminated this way, all in the locality in which I live:

Benjys - a sandwich chain - gone in 2007
Benjys – a sandwich chain – gone bust in 2007
Dewhurst Butchers - into administration in 2005
Dewhurst Butchers – into administration in 2005
Safeway. Might still exist in US. Taken over in UK by Morrisons in 2004l
Safeway. Yes, still exists in US, but this is Petts Wood, Kent. Still a supermarket here, taken over in UK by Morrisons in 2004

I understand that Apple did conduct a beta of Maps, but if they did, they either didn’t have many beta testers in the UK, or the ability to let them correct bad data wasn’t great, or the feedback simply didn’t make it to the released version.

But, that’s okay, now it’s released, it can be corrected by crowd-sourcing – i.e. getting our paying customers to do our jobs for us – right?

Well, there is a “report a problem” option, but that doesn’t seem to be working well, either it’s too hard to report an inaccurate place-mark, there’s a colossal backlog of reports, or they are going straight to the bitbucket.

If only they had bothered to actually get some local knowledge, obvious clangers like these could have been sifted out early in the process.

Why a little thing called BCP38 should be followed

A couple of weeks ago, there was a DDoS attack billed as “the biggest attack to date” which nearly broke the Internet (even if that hasn’t been proved).

If you’ve been holidaying in splendid isolation, an anti-spam group and a Dutch hosting outfit had a fallout, resulting in some cyber-floods, catching hosting provider CloudFlare in the middle.

The mode of the attack was such that it used two vulnerabilities in systems attached to the internet:

  • Open DNS Resolvers – “directory” servers which were poorly managed, and would answer any query directed to it, regardless of it’s origin.
    • Ordinarily, a properly configured DNS resolver will only answer queries for it’s defined subscriber base.
  • The ability of a system to send traffic to the internet with an IP address other than the one configured.
    • Normally, an application will use which ever address is configured on the interface, but it is possible to send with another address – commonly used for testing, research or debugging.

The Open Resolver issue has already been well documented with respect to this particular attack.

However, there’s not been that much noise about spoofed source addresses, and how ISPs could apply a thing called BCP 38 to combat this.

For the attack to work properly, what was needed was an army of “zombie” computers, compromised, and under the control of miscreants, which were able to send traffic onto the Internet with a source address other than it’s own, and the Open Resolvers.

Packets get sent from the compromised “zombie army” to the open resolvers, but not with the real source IP addresses, instead using the source address of the victim(s).

The responses therefore don’t return to the zombies, but all to the victim addresses.

It’s like sending letters with someone else’s address as a reply address. You don’t care that you don’t get the reply, you want the reply to go to the victim.

Filtering according to BCP 38 would stop the “spoofing” – the ability to use a source IP address other than one belonging to the network the computer is actually attached to. BCP 38 indicates the application of IP address filters or a check that an appropriate “reverse path” exists, which only admits traffic from expected source IP addresses.

BCP stands for “Best Current Practice” – so if it’s “Best” and “Current” why are enough ISPs not doing it to allow for an attack as big as this one?

The belief seems to be that applying BCP 38 is “hard” (or potentially too expensive based on actual benefit) for ISPs to do. It certainly might be hard to apply BCP 38 filters in some places, especially as you get closer to the “centre” of the Internet – the lists would be very big, and possibly a challenge to maintain, even with the necessary automation.

However, if that’s where people are looking to apply BCP 38 – at the point where ISPs interconnect, or where ISPs attach multi-homed customers – then they are almost certainly looking in the wrong place. If you filter there, if you’ve any attack traffic from customers in your network, you’ve already carried it across your network. If you’ve got Open Resolvers in your network, you’ve already delivered the attack traffic to the intermediate point in the attack.

The place where BCP 38 type filtering is best implemented is close to the downstream customer edge – in the “stub” networks – such as access networks, hosting networks, etc. This is because the network operator should know exactly which source IP addresses it should be expecting at that level in the network – it doesn’t need to be as granular as per-DSL customer or per-hosting customer, but at least don’t allow traffic to pass from “off net” source addresses.

I actually implement BCP 38 myself on my home DSL router. It’s configured so it will only forward packets to the Internet from the addresses which are downstream of the router. I suspect my own ISP does the “right thing”, and I know that I’ve got servers elsewhere in the world where the hosting company does apply BCP 38, but it can’t be universal. We know that from the “success” of the recent attack.

Right now, the situation is that many networks don’t seem to implement BCP 38. But if enough networks started to implement BCP 38 filtering, the ones who didn’t would be in the minority, and this would allow peer pressure to be brought to bear on them to “do the right thing”.

Sure, it may be a case of the good guys closing one door, only for the bad guys to open another, but any step which increases the difficulty for the bad guys can’t be a bad thing, right?

We should have a discussion on this at UKNOF 25 next week, and I dare say at many other upcoming Internet Operations and Security forums.

The train now standing at platform 2… is going to leave you behind.

We often hear complaints in the media about overcrowding on our railway system here in the UK, normally with reference to peak commutes in and out of our big cities. But this is about a Sunday afternoon…

On the way back from visiting my partner’s family in North London, we changed train at Herne Hill to head home to Bromley.

The train arrived from Victoria, only four coaches long, and looked very busy – lots of people already standing up. As we both had an overnight bag and a couple of other things, we actually ended up split across different coaches in order to board. The train also left two young women behind on the platform, who both had luggage and couldn’t find a doorway that they could get in with their suitcases. The driver closed the doors while they were still looking for space, and set off, leaving them to wait half an hour for the next train.

I doubt the driver deliberately left them, for all he or she knew, the women with the luggage could have just got off the train, but the fact is, it’s going to suck getting left behind and having to wait ages for your next train, especially if you’re coming to the end of a long journey.

But, the driver is under an amount of pressure to depart on time because of the way delays are aggressively accounted for, attributed and traced back to their root cause, on the modern UK rail network. (For those who need some serious bedtime reading, here’s a link to a rather dry 116 page document called the Delay Attribution Guide. It’s purpose being to guide Delay Attributors, yes, there really is such a job, in identifying the source of delays.)

Onboard, the train didn’t have quite as many people as a crush-loaded train typical rush hour, but was just as full in other ways – the space being taken up with pushchairs, bicycles and luggage – people coming back from days out and trips away from home.

The fact is that weekends can now be just as busy as midweek rush-hours, but with a noticeable difference in the type of passenger – not only do they have more and bulkier belongings with them, but they also that some of them don’t make that journey every day. This means they don’t know the drill, and therefore can’t really follow the seemingly unspoken rules of being a commuter that make the system deal with the pressure during the work week.

The design of the train doesn’t particularly help those with prams or bulky luggage either. These surburban trains are designed for their main duty of rush-hour people carriers, and maximise seating and standing areas. They don’t have proper cycle spaces, and only small overhead luggage racks – no good for larger cases, so these tend to block the doorways. Nothing “wrong” per-se given the design decision made, bearing in mind the main purpose of the train, but travel habits have changed since they were designed in the 1990s (e.g. cheap air travel, internet-enabled last minute deals on weekends away, etc.).

Adding to this, engineering work can displace passengers from their normal routes, and events can create spikes in loadings.

The trains on many routes are also more sparse on Sundays, e.g. every 30 minutes instead of every 15, so with rising passenger numbers, and more bulky belongings being carried at the weekends, why are the trains shorter on Sunday than during the week?

If the train operators are running shorter trains “because Sundays are quieter”, this might be a valid statement in terms of total passenger count carried per day, but the passenger count per train can be as high as it is midweek, and if so, can this form a basis to run trains which are the same length as those midweek?

…and you’re not gonna reach my telephone.

Or, when an FTTC install goes bad.

Finally got around to getting FTTC installed to replace my ADSL service which seldom did more than about 3Mb/sec has had it’s fair share of ups and downs in the past. Didn’t want to commit to the 12 month contract term until I knew the owner was willing to extend our lease, but now that’s happened, I ordered the upgrade, sticking with my existing provider, Zen Internet, who I’m actually really happy with (privately held, decent support when you need it, don’t assume you’re a newbie, well run network, etc…).

For the uninitiated, going FTTC requires an engineer to visit your home, and to the cabinet in the street that your line runs through and get busy in a big rats nest of wires. The day of the appointment rolled around, and mid-morning, a van rolls up outside – “Working on behalf of BT Openreach”. “At least they kept the appointment…”, I think to myself

BT doesn’t always send an Openreach employee on these turnups, but they send a third-party contractor, and this was the case for this FTTC turn-up…

Continue reading “…and you’re not gonna reach my telephone.”

First Great Western pledge to cut “tosh” announcements

Hurrah! A victory for common sense and a quiet life on the horizon for First Great Western passengers, as they have promised to review all train announcements and remove as much of the extraneous tosh as possible.

Their research has shown that because so much drivel comes out of the public address systems, the travelling public are conditioning themselves to tune out, because every time the train arrives at a station they are reminded to mind the gap (even when there isn’t much of one), take personal belongings, report anything suspicious, and just in case they’ve forgotten, to remember to breathe.

As for the person (I nearly found myself calling them something far more impolite) from industry watchdog Passenger Focus, who appears to be suggesting that these lengthy hectoring announcements are necessary, I find myself wondering when was the last time he travelled on a train?

Announcements need to be more like tweets… Concise, but able to get all the important information across, and in as few words as possible.

Jessops goes bump

Widely covered in the press today is the another high street retailer going into administration, this time, the photography chain, Jessops.

Jessops was the sort of place you would go to buy camera stuff if you needed it quickly and couldn’t wait for it to be delivered, i.e. you were desperate for a particular widget that they happened to have in stock. The other reason you might visit Jessops is to check something out, and then go and order online for a better price.

For instance, I like photography. Before I headed on holiday at the end of last year, I thought I could do with a good wide-angle lens for my DSLR. Running out of time before the trip, I had looked at the local Jessops. Compared to Jessops’ walk-in price, the lens was over £150 cheaper online and still delivered next working day.

The professional market spurned Jessops for being too consumer oriented (with a limited in-store range and high prices) in favour of independent and online shops (or small, specialist chains like Calumet), and the bottom has fallen out of the consumer point-and-shoot market because almost everyone’s mobile phone has a half-decent point-and-shoot camera packaged in it.

Jessops did have an online store, but the prices weren’t significantly better value than those offered in the high street, and not competitive against other online retailers such as Amazon.

That’s what killed Jessops. They were expensive, failed to move with changing habits, and ended up appealing to a very fickle and limited audience.

Here’s an idea, Richard… #seatslineupwithwindows

The folks over at Virgin Trains are well-chuffed that they are going to continue to run the West Coast Mainline on a “caretaker” franchise until 2014.

The decision, along with the promise of a review of rail franchising in the UK, also seems to have restored RB’s wavering faith in the system, as he is now appealing to the public for ideas to help Virgin win the 2014 competition.

So, I have a suggestion…

I’m really not a fan of poor industrial design, and think the Pendolino contains a number of design faux-pas which negatively affect the passenger experience, which I’ve written about before.

But, the biggest of these has to be that the seats don’t line up with the windows.

Despite this being cracked by railway engineers as long ago as the 1900s, the view from the window seems to have become a forgotten talent when it comes to putting together modern trains such as the Pendolino.

Fixing the existing problem on the Pendolino won’t be easy. It has significantly less window area that it’s predecessors (or the Voyagers that Virgin also use). Maybe a more sympathetic reconfiguration of the interior, such as moving luggage racks to positions which don’t have a window, will make things better for the existing equipment, which will be approaching it’s mid-life at franchise renewal time.

But, it needs to be one of the things built into the specification when ordering new trains in the future. It will improve the passenger experience by making the train seem more spacious, and help combat the travel-sickness some associate with travelling on the Pendolino.

So, a view outside. Maybe that’s the biggest single improvement that Virgin Trains could deliver. Make the #seatslineupwithwindows.

Why it’s crap at Tesco

I was reading this article in the Metro (the free paper you get at railway stations, for the uninitiated) about how the once mighty supermarket Tesco was having a rough year (issuing profits warnings, that sort of thing), generally falling out of favour with the British shopper, who seemed to have been neglected while senior Tesco management were focused on growth at all costs, especially internationally.

I don’t like Tesco, and generally avoid shopping there. Here’s a couple of reasons why:

  • As the article says, it’s a fairly dull and uninspiring experience.
  • The shelf-edges at a Tesco are heavily cluttered with promotional signs (known in the trade as “barkers”) advertising “special offers” – it’s often hard to find what you want in the morass of brightly coloured shelf-edge clutter.
  • Special offers which frequently turn out to be non-offers.
  • When you’re stuck for a quick lunch and the nearest option is a Tesco, the pre-packed sandwiches are dreadful – a bland, rather un-inspiring selection, and what’s more, they tend to use meat from non-UK suppliers – for instance “Bacon from the EU” (could be Brit, I suppose!) or “Chicken imported from Brazil and/or Thailand”, presumably because it’s cheaper than supporting British producers? Given the choice, I’d avoid these.
  • Tesco don’t seem to be focused on doing one thing well. They seem to be trying to be everything to everyone.

There are probably other reasons why I’m not struck on Tesco, but these were the ones which immediately sprang to mind when I read the article.

If you want a no-nonsense, bland shopping experience to pick up your essentials, that’s something Aldi do really well. Tesco don’t appear to have responded enough to the changing market, and seem rather stuck in the 1990s.

#freeandopen – Google on the WCIT

Following on from yesterday’s post on the upcoming ITU-T WCIT conference, and what that might mean for how you can use the Internet, and how much you have to pay to use it, Google have also launched their own #freeandopen campaignwith this video which is their take on what top-down Government regulation could mean for you…

If bureaucratic control over the Internet leaves you cold, make your voice heard.

WCIT – The spinning eye on the middle of the Perfect Storm

With less than two weeks to the WCIT (World Conference on International Telecommunications), and what that means for the internet (see “Is the Internet Facing a Perfect Storm”), the amount of coverage online is increasing rapidly.

Basically in one sentence, some Governments would like to see the ITU (a closed, top-down, Governmental organisation) take the lead in regulating the (open, collaborative, co-operative, bottom-up) Internet.

This video from the folks at accessnow.org explains it pretty well…

Lots of people I know have been working seriously hard in the background to educate those with a vote in the ITU, and keep the Internet based around open standards and collaborative governance.

Let’s face it, if the Internet wasn’t based around open standards, so many of the things which are part of our every day lives could be very different, or simply wouldn’t even exist.

Fortunately, as far as we know in the UK, our Government is still an advocate of the “light touch” and industry self-regulation when it comes to the Internet, but that doesn’t make what’s going to go on behind closed doors in Dubai in a couple of weeks any less of a concern.