Customer Experience – all talk?

These days, we hear a lot about organisations ‘getting’ what a good customer experience is all about, and pulling out all stops to provide it via all kinds of means from context-aware communications to rich, interactive web experiences. We read a lot about lead management and nourishment, where every potential prospect is as precious as a small diamond.

And then reality smacks you in the face and shows you that some companies still don’t get it, despite all the talk on Twitter and Facebook. Worse, companies who once got it, can lose it in a big way. We buy quite a bit of PC gear for Technoledge, and the time had come to buy a new laptop. Dell had the most attractive deal on a Vostro 3400, which I configured online and ordered by phone from a sales rep in Malaysia because I also wanted to order a 24” screen which sat in different silo on the website. 

That was the first glitch: If you’re in the small business silo, you can’t add a product from Dell’s consumer line. The next problem was that no order acknowledgement arrived, even though the sales rep had my address. My pleas late that day and the following day (by email and phone) went unanswered, and this got to me after 24 hours.

Anything you order online these days from anywhere produces an instant acknowledgement by email, but not Dell. They have our credit card details, and we have nothing, not even an order number. So when I called Dell to try and track down what is going on, I’m shunted from one phone ‘reception’ to another like an unwelcome visitor. Eventually I end up being pointed back to the same sales rep who refuses to talk to me. Needless to say, she’s on the phone.

There’s no way that I can see of getting through to Dell Australia who claims to have an office at French’s Forest in Sydney, not on the company website and not in the white pages. Every phone number lands you in the far east, where Dell’s agents are very polite but very useless.

In desperation, I find a place on the Dell website where I can report a problem with my order. I do that, and just to add insult to injury, there is no acknowledgement that the submission of my problem report was successful. The screen twitches but doesn’t change.

We have developed conventions after many years of internet use, but it seems Dell has forgotten them along with customer care in the true sense. 

Kim

IT Security – the crooks are still winning

Is it time to make users part of your defence strategy?

The latest weapons: Targeted Persistent Attacks

At Technoledge, we have several security software evendors among our clients and we've seen the security landscape change in the last 5 years. We thought it was time for an update.

 

Highly organised syndicates have replaced the nuisance hackers and virus writers of old. The new gangs are white collar criminals out to steal information, either on contract or to sell it to the highest bidder.

 

In the last 5 years, we’ve seen highly organised syndicates replace the nuisance hackers and virus writers of old. The new gangs are white collar criminals out to steal information, either on contract or to sell it to the highest bidder.

 

They’ve developed sophisticated forms of attacks targetting individual organisations, known as Advanced Persistent Threats, which in most cases succeed and result in proprietary and confidential data being stolen. The White House, Google and security vendor Kaspersky are among recent victims. Experts estimate the cost of industrial espionage to the USA at about $200 billion a year, and to Germany at 50 billion euros.

 

APT attacks tend to follow these steps 

1. Reconnaissance - identifying individuals of interest
2. Intrusion – social engineering combined with spear-phishing emails
3. Establishing a backdoor - and obtaining domain administrative credentials
4. Obtaining user credentials – to broaden access to information
5. Installing stealth utility software to perform system tasks
6. Privilege escalation – to exfiltrate data out of the compromised network
7. Maintain Persistence and access to the network while avoiding detection

Users in the Firing Line

The entry point is a user (one of many targeted) who responds to a carefully crafted spear-phishing emails that appears to be genuine and to offer something of relevance to his interests. Once the door is opened, a custom-built Trojan enters that defies detection by traditional scanners (because it’s zero-day malware) and, from here on, the attack is covertly extended into fully-fledged electronic espionage. Most of the steps outlined above can remain undetected for weeks or even months.

However, organisations LOSE twice as much data as is stolen from them, through carelessness. In the USA, 10,000 laptops are left behind at airports every year, and US drycleaners have picked 9,000 USB sticks from trouser pockets. Carelessness is the biggest threat to data security and, for a variety of reasons, the DLP (Data Leakage Prevention) solutions touted by security vendors are nowhere near as effective as their marketing.

Arm the User

Clearly giving users a better understanding of what confronts them, and better tools to defend themselves, makes enormous sense. Despite two decades of developing smarter firewalls and better malware or intrusion protection, Hackers have always found ways to outsmart security systems. Outsmarting well-trained, alert users is a lot harder.

Not surprisingly, security product vendors say it’s a wate of time. ‘Given a choice between dancing pigs and security,’ Microsoft’s Cormack Herley claims, ‘users will pick dancing pigs every time.’[1] That’s pretty funny, and it’s also a sad reflection of the way security experts look down at users. I was on a panel at a recent conference where the three speakers who preceded me all bemoaned the stupidity of computer users.

 

It was so bad that I changed my pitch on the fly and stood up for the users who’ve suffered all kinds of clunky security software knobbling their PCs and constantly getting in the way, along with the arcane security mumbo-jumbo their vendors carry on with. The software has improved in recent years, but the attitudes of security experts, vendors and IT staff have not.

 

User Training – the right kind

Much of the user training on security sounds like exasperated parents berating stubborn children who refuse to listen. If you treat users like that, they’re unlikely to listen let alone cooperate. Even where the tone is more positive, user education on security tends to be convoluted and is almost exclusively delivered via memos from IT, which is the least effective of all the means available.[2]

 

IT guidelines tend to focus on what users should and shouldn't do and tell them

·    not to open emails from people they don't know

·    not to click on links that promise to show them nude photos of film stars

·    not to give personal information out willy-nilly

·    not to download software and so on

 

Good training focuses on helping recipients understand the subject and the issues to the extent that they become engaged. There’s an old proverb that goes:

Tell me and I’ll forget

Show me and I may remember

Involve me and I will learn

 

That’s the secret to effective user education. Most users are committed and loyal employees who will do the right thing if trained and motivated.

 

Bring People with you

The most effective training is face-to-face with manageable groups, taking them through realistic chains of events, from opening the door an inch right down to the very real consequences for the company. The best way is to work through live examples with them, go to real phishing websites, analyse phishing emails (or send them dummy ones) and show them what happens when an attachment is opened.

 

Different groups in organisations need different levels of training – i.e. frontline staff, sales execs and tech support staff probably have laptops and smart phones which need additional security. Office staff, middle management and senior management have different responsibilities and needs. And the training has to be repeated from time to time as the threats and scams change shape, and as the attackers modify their techniques. Simple guides that resemble cheat sheets will help every user remember the threats and the appropriate response.

 

The training will pay for itself many times over but it will take time. ‘You need to change the culture of the organisation over several years,’ Martin Smith of The Security Company told Secure Computing magazine at Infosec. Smith added: ‘Infosec is focusing frantically on technology, but it doesn't matter what you spend on security unless you bring people with you. If staff could just know some basic stuff, it would all go away.’ [3]

 

Smith makes the point that little is achieved by running ‘a boring course once a year that effectively pushes the problem on to [users] so that the security team's arse isn't on the line … ’ He says letting users know the damage breaches in security can do to their company, and creating a common culture of security is far more effective.

Even Cormack Herley of the dancing pigs agrees. ‘Most in our industry agree that user education is critical,’ he concedes. ‘Users are our biggest liability. However, most of us also recognize that it is not very efficient. I hope more research of this nature will be performed and that we will be able to construct better user education programs.’

 

Make it part of your culture

User education on security is an ongoing program in many organisations, from Cisco to Ricoh, with the full support of all the divisions. It must be relevant and entertaining, it must be regular and reinforcing, and it must have the full support of C-level management, and it needs to be adequately funded.

 

A senior manager must have responsibility for the education program, whether she’s in HR or IT or Facilities management, and should be remunerated on achieving measurable targets. However, the education program can be run by external security contractors working closely with the responsible manager and key departments.

 

Valuable resources here:

http://www.securecomputing.net.au/Feature/102774,emloyee-education-key-to-successful-enterprise-security.aspx

---

[1] So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users

http://research.microsoft.com/en-us/um/people/cormac/papers/2009/SoLongAndNoThanks.pdf

[2] http://www.securecomputing.net.au/Feature/102774,emloyee-education-key-to-successful-enterprise-security.aspx

[3] Ibid

Apple iPAD – Style Let Down by Function

It’s a slick piece of design, with that glossy screen and the touchy-feely-finger-stroking navigation. Brilliant. It’s just gone on sale in Australia starting at around $600 and people are queuing up to buy theirs. 

We suggest you wait. Why? There are half a dozen essentials missing on the current version, that why. Let’s have a closer look at this slick tablet to see if it meets real world needs.

1. There’s no USB port. Not a single one. That means you can’t plug in a keyboard, mouse, digital camera or USB modem. The only peripherals you can use are those which connect through Apple's proprietary dock connector, and that means you’re paying through the nose for everything you attach.
2. MS Office compatibility. Apple made a big deal of their iWork productivity but you can't open Microsoft Office files and that’s just the beginning. Pages can import and export Word's formats but there’s no support for headers and footers, footnotes and other essentials. Spreadsheets using numbers can’t be exported as Microsoft Excel files.
3. Flaky WiFi – problems range from fluctuating signal strength and poor performance to connections dropping out requiring re-entry of WPA credentials to reconnect. The iPad’s download speed is said to be several times slower than that of the iphone.
4. No SD card slot means you can’t just slot in your camera’s flash card to backup photos while travelling. You can of course buy Apple's iPad Camera Connection Kit.
5. No camera for video calling/Skype. Not very slick.
6. No file system access for external storage devices. To copy files to the iPad's Document Manager, the only options are using iTunes or email. You can't even browse network file shares. Not very slick.
7. No printing. The iPad can’t be used on a local network and can't talk to printers. Apple partners have produced printing solutions but they’re another ad-on.
   

What you’re left with is a slick piece of kit that isn’t much more useful than an iPhone. It has a bigger screen but can’t make phone calls. Not very smart really. Not very useful either.

We’re indebted to iTNews for some of this content. Check this link for more details:

http://www.itnews.com.au/News/171557,analysis-a-dozen-reasons-not-to-buy-an-ipad.aspx

Kim

Alternative Energy, A Reality Check

Nuclear resurgence

President Obama’s recent loan guarantees for the construction of two nuclear reactors brought ‘new nuclear’ into sharper focus. For one, it showed that nuclear power is still a losing proposition that no bank will underwrite. The nuclear lobby is a bit coy about the reason so few new plants have gone into production in the USA: The ‘insane economics’ involved - http://www.time.com/time/politics/article/0,8599,1964846,00.html

That’s why the nuclear marketers prefer to focus on the future, where the economics problems will be solved by smarter Gen III+ and Gen IV reactors. Not in the near future, though, by the look of it: one of the first projects to build a Gen III+ nuclear reactor in Finland (a so-called evolutionary pressurized water reactor, or EPR) is already three years behind schedule and around $2 billion over budget.

Nuclear energy is an expensive, taxpayer-funded, long haul solution. Building enough power plants to replace old ones and add significant extra capacity is simply not possible according to Scientific American. Just to maintain current capacity will be a challenge http://www.scientificamerican.com/article.cfm?id=reactivating-nuclear-reactors-to-fight-climate-change&print=true .

 
Other forms of alternative energy

A piece in the Wall Street Journal titled The Long Road to an Alternative-Energy Future provides a short summary of the main alternatives here

http://online.wsj.com/article/SB10001424052748704182004575055910461373220.html

Every section ends with the line: WHY IT'S GOING TO TAKE SO LONG, and a friend made the point that the fastest way to increase available energy is for us to cut down our consumption. Jerry Unruh is much savvier on this subject than I am so I asked him to give us his take in the guest post below.

Jerry is a retired research chemist with most of his professional work in organo-metallic chemistry and homogeneous catalysis. He obtained his B.S. in Chemistry at Colorado State University in 1966 and his Ph.D. in organic chemistry from Oregon State University in 1970. Jerry worked in an R&D function for Celanese Ltd in Corpus Christi, TX from 1970-2000. He reached the rank of Senior Research Associate and has around 10 papers and 25 patents to his credit. 

After taking early retirement in 2000, Jerry and his wife Diana moved back to Colorado and built a passively solar-heated rammed-earth tire house. They obtain about 90% of their heat from the sun and 98+% of their electricity via PV.

Jerry is on a technical advisory group (renewables and demand side management) for Colorado Springs Utilities, and the climate action committee for Manitou Springs, CO. He is also the past president of the Southeastern Colorado Renewable Energy Society (a subgroup of the Colorado Renewable Energy Society).

Alternative energy options, reality check (by Jerry Unruh)
Conservation/Efficiency:  This was not mentioned in the article, but it is so important, I'll lead with it.  The cheapest energy out there is that not used.  This can be as simple as reducing energy use by turning things off, driving less, etc which is free.  However, increasing efficiency generally has at least up front costs.  The Southwestern Energy Efficiency Project (SWEEP) consistently shows electrical efficiency improvements cost about 2-3 cents/kWh saved - much cheaper than anything else.  The "World Energy Outlook 2009" (from the International Energy Agency) calls for 50-70% reduction in consumption via conservation/efficiency to solve the climate crisis.  Likewise the plan by the American Solar Energy Society (ASES) requires roughly the same energy consumption reduction.  The McKinsey & Co report for energy conservation in the U.S. focuses entirely on the subject.   I am surprised that the WSJ article did not, at least mention it.  Conservation/efficiency can rapidly be deployed with paybacks from as little as zero, 6 months to 10 years.

References.

1. SWEEP: http://www.swenergy.org/
2. ASES: http://www.ases.org/ particularly ASES_TCC_Jobs.pdf
3. IEA: http://www.iea.org/ particularly WEO2009_es_english.pdf and IEA world abatement, 450 ppm jpig9-2.jpg

Nuclear:  Over the years, I have bounced back and forth between being a reluctant proponent and reluctant opponent of nuclear energy.  At this time I am a reluctant opponent, but I'm trying to keep and open mind (it is rather hard).  Whatever the case, if nuclear is going to work, in any real fashion, we will need to use breeder reactors because there just isn't enough fuel otherwise.  The trouble with breeders is they are expensive and dangerous (?).  Many years ago (50s or 60s?) there was a breeder reactor in Detroit called the Fermi reactor.  It nearly had a meltdown which would have been disastrous.  There was active breeder research around the world but most were shut down years ago.  That seems to be changing.  For example, I just heard about the "Traveling-Wave Reactor" being developed by Intellectual Ventures that sounds promising. Still, if you read between the lines, it sounds speculative and quite expensive.  An issue not discussed much is decommissioning plants after their useful life.  As I understand it, the entire reactor system is radioactive and I'm not sure whether we know what to do with them.

Despite what some may say, there are substantial subsidies, both direct and indirect.  For example the Price-Anderson Act effectively absolves U.S. energy produces from liability and shifts it to the government (tax payers).  Of course there is also the cost of repositories from spent fuel such as Yucca Mountain that now has been shutdown.  To be fair, breeder reactors should require considerably less storage.  As far as I know, there have been no nuclear reactors build anywhere in the world without government subsidies (does anyone have an example to the contrary?).

References

1. Michio Kaku and Jennifer Trainer, Nuclear Power: Both Sides, Norton & Co., NY, 1982.  An old book, but lays out the fuel problems quite well.
2. Traveling-Wave Reactors: http://www.intellectualventures.com/TerraPower.aspx

Carbon Capture and Storage (CCS):  This emerging technology is the hope of the coal industry to keep coal-fired electrical generation alive.  It is really two technologies - carbon capture at the the generation site and long term storage after it has been captured. Ultimately CO2 capture from natural gas and oil may be required. 

First the storage issue.  Coal produces about twice as much CO2/Btu as natural gas (oil is in between) so it is the worst of the fossil fuels from a CO2 production standpoint as well as other pollution problems.  Depending on rank, coal produces more than 2 to more than 3 kg of CO2/kg of coal burned (pure carbon produces 3.67 kg CO2/kg carbon burned).  So finding safe sequestration sites is a real problem.  There are possibilities.  CO2 has been used for enhanced oil and gas recovery for years and could be stored in depleted fields.  Norway is experimenting with injection into sea floor bed sedimentary rock.  Salt domes have been suggested and are likely fine.  Others have suggested deep sea injection but that really scares me.  So there seems to be possibilities, but the enormous amount of storage required to make a dent in CO2 emissions is daunting.  Remember CO2 must be pressurized to keep it in gaseous or liquid form so transport to storage sites would have to be via pipeline or pressurized vessels. 

Capture is also not easy.  I'll stick to coal-fired power plants since that is the biggest problem.  Conventional electric generation only converts about 1/3 of the energy into electricity whether coal-fired, gas-fired or oil-fired.  The rest is lost as waste heat.  That heat can partially be recovered in combined heat and power plants (CHP) such as district heating, industrial heat, etc.  Unfortunately, in the U.S. there is relatively little CHP - Europe is much better at this.  In the case of natural gas, combined cycle electrical generation can be used to so that efficiency to electricity can be has high as 50-60%, but this is not an option for coal (more later).  In the case of coal-fired power plants, Herzog of MIT seems to show the best results I have seen.  He assumes that if the waste heat from the power plant is used, it would take about 25-30% more energy to capture the CO2 using monoethanol amine (MEA) as the capturing agent (CO2 can be relatively easily recovered from MEA).  That still means that coal-fired electrical generation will decrease to about 25%.  There are also starting to be controversial articles that "peak coal" may be closer than generally thought.

There are possible solutions to coal-fired generation that will make carbon capture easier, but at a cost.  One is to feed pure oxygen to a coal plant to make the concentration of CO2 higher in the flue gas.  This requires a gas separation unit on the front end which is a capital cost and consumes energy.  Another possibility is "integrated gasification combined cycle (IGCC)".  The idea here is to gasify the coal, shift the CO and CO2 formed to hydrogen, burn the hydrogen in a combined cycle system like natural gas and capture the highly concentrated CO2.  There have been experimental plants built, but are generally viewed as too expensive and have not yet demonstrated the presumed overall efficiency gains.

The bottom line may be as stated in Worldwatch's State of the World 2009, pp. 99-102 CCS is unproven and expensive.  If renewable and conservation are aggressively developed, CCS as a bridging technology will not be needed.

Incidentally, you may run into various solutions such as lime or sodium hydroxide capture of CO2.  Neither of these are viable due to energy required to generate them being more than the energy content of the coal.

References

1. Norway CCS: http://www.regjeringen.no/en/dep/oed/Subject/carbon-capture-and-storage/Carbon-Dioxide-Capture-and-Storage-in-No.html?id=451454
2. Don’t have general reference to enhanced oil recovery, but there are many.
3. CCS:  I have copies of the Herzog articles but not the web address.  I imagine you can find them on the MIT Website.  They are: Future of CCS Herzog.pdf and Future of coal CCS Herzog.pdf

Algal Biofuels:  As far as I can tell there is little hope for this technology and it has been greatly oversold.  My friend Robert Rapier writes and energy blog and has discussed this extensively and fairly recently.  Go to R-Squared Energy Blog for information http://i-r-squared.blogspot.com/  

Wind and Solar:  Overall the WSJ got these pretty right.  A few comments.  PV prices appear to be dropping very rapidly, and may be cost competitive with conventional electricity sooner than generally thought.  However, as stated in the WSJ, supply/demand issues may keep prices high.  I am also disappointed that there was so much on large solar farms and less on distributed energy on houses, businesses, etc. since the infrastructure is already there.  This is not the whole answer, but, along with conservation/efficiency, it is a large part of the answer.

In both wind and solar cases, I'm surprised the article didn't mention storage issues which are a big part of full-scale use of wind and solar.  Combined wind and solar as well as widely distributed wind farms reduces storage issues but doesn't eliminate them.

References

1. PV Prices in Solar Today, an ASES publication. http://www.solartoday-digital.org/solartoday/20100102#pg15
2. Don’t have a direct reference to storage issues, but there are many.

Electric Vehicles:  I think the article is pretty good here as well.  Several things not mentioned is that battery research is an active area and there may be better batteries in the future. However, battery improvements are hard.  Also, in the case of lithium batteries, the major sources of lithium are in China and Chile and lithium availability may become a limiting factor.

References

1. Lithium supply: http://minerals.usgs.gov/minerals/pubs/commodity/lithium/ particularly: mcs-2010-lithi.pdf

Possibilities Not Mentioned:  I'm surprised that geothermal energy, wave energy, tidal energy, ocean thermal energy conversion, etc. were not mentioned.  These all hold promise, but I guess there are only so much space available. Note that Robert Rapier’s blog above has very recent info on ocean thermal energy conversion (http://i-r-squared.blogspot.com/ ).

Bidrivals.com – Is It a Scam?

YOU BET!

'Scam - Trick or Swindle.' Oxford Dictionary

 

BidRivalsmust be raking in the money. The driver for people falling for this deception is the same as the one that makes people fall for the Nigerian money scam: Greed. And the lure of astonishing bargains, like a brand new $1,000 Nikon camera for $70.

 

  
  
Sites like these are a new wave called Penny Auctions. Here’s how they work:

Once you become a member,  

1. You place bids by pressing the BID button
2. The latest three bidders are shown, the last bidder is on top
3. The current auction price is shown as well
4. The user with the highest bid when the time reaches zero wins the auction and buys the product for this price
5. Time is counted down towards auction closing. The time is reset with the bid time indicated in the grey field if a new bid is placed

If you lose, the money you’ve spent bidding is left on the table as in a poker game. The difference here is that the winner gets the goods and the house keeps the money all the players have left on the table. You bet! They win. Simple, isn’t it?

How does Bidrivals make money?

Members pay 80c for each bid they place. Each bid raises the auction price by 2c and extends the auction by 15 seconds. If you end up the top bidder when the clock strikes zero, you win the item for the price it has reached and the Nikon is yours for $70.11.

Well not quite, because you’ve most likely placed a number of bids at 80c before you won. Let’s say you placed 50 – that’s $40 you’ve spent, plus the $70 final price. At $110, you're way ahead, right?

Yes you are, but Bidrivals is the winner here. You see, to drive the price up to $70 would’ve taken 3,500 bids at 80c each (2c at a time). Bidrivals would've collected a cool $2,800 from all the bidders. You see what a great system this is?

It is for Bidrivals. They’re quite open about it. You can check auctions that have closed on their website and get all the stats. Here’s an example (date stamp is in US format):

 

There is an OUT from the GOTCHA: you see the ‘Buy Now’ option in the left bottom corner? It lets you buy the item you lost out on by ‘paying the difference between your spent bids and the purchase price. You can do this ... up to 24 hours after the auction closed.’ (http://www.bidrivals.com/au/how_it_works.html )

The old Bait & Switch! Suddenly the online auction site that lured you with a $70 Nikon DSLR or a $122 MacBook Pro turns into a regular online store, where you can buy regular goods at regular prices. If you’ve put $500 on the table and missed out on the MacBook Pro, doesn’t it make sense to spend another $1,400 and buy a MacBook Pro rather than kissing your $500 goodbye?

Is it Legal?

It shouldn’t be but it seems that way. Legally it’s an online auction site, not an online gambling site. Actually it’s an online store masquerading as a bargain auction site. I called the ACCC to check but it can’t name a company a scam merchant until its proven in court. Here’s a link for generic advice and reporting suspected scams:

http://www.scamwatch.gov.au/content/index.phtml/tag/OnlineAuctionShoppingScams

My old friend Nick Ross wrote a piece for the Sydney Morning Herald that raises various concerns about these ‘Penny Auctions’ operating in a greay zone below ‘the radar’ of Consumer Watch Groups http://www.smh.com.au/digital-life/digital-life-news/when-the-bid-becomes-a-bet-20091202-k55a.html .

I also spoke with the good people at Choice, and they couldn’t add much at this point. I checked what people were saying on the internet, and some said funny stuff happened at the last moments in an auction, preventing them from making a final bid.

The reality is that Bidrivals and similar Penny Auction companies operate freely in lots of countries. The first and clearest warning I received was from a very different source, and I received it when I went to the bidrivals.com.au website

   

You see, unlike website link scanners that check for malicious intent, Web Of Trust works by collecting feedback from millions of users. And it seems users have voted, because you’ll get this warning when directing your browser to most of these penny auction places. Check out this brief piece on Safe Online Travel where I’ve reviewed several early warning systems (all free) http://bit.ly/Pljwy

How Microsoft Came to Rule the World

Have you ever wondered how that happened? Did you know that Apple was the biggest force in microcomputers in the beginning? How did Apple allow Bill gates to run away with the race? What did Apple do that almost destroyed the iconic company? What happened to all the other contenders who ceded power to Microsoft, the makers of the world's most cursed software?

 
 
For a light-hearted romp through more than three decades of computing, check out this entertaining account in two installments, both free and easy - History of Silicon - but please don't believe every word of it http://www.technoledge.com.au/pdfs/history_silicon1.pdf