OLPC experience advice for your project

Regular readers of this blog know that I’m a huge fan of the One Laptop Per Child (OLPC) project and the XO laptop. A previous OLPC related post may be found here. As a result I follow the OLPC News blog which recently had this great article by 16-year-old Derek Chan on his experience with a small scale OLPC implementation in Kenya.

My name is Derek Chan, I’m 16 years old, and I was part of Mark Battley’s team of high school students from Upper Canada College that initiated a small scale OLPC implementation at the Ntugi Day Secondary School.
Part of our goal was to provide Ntugi with power for their initial complement of 8 XOs and 2 Cradlepoint PHS300s at a school that had no access to the country’s power grid.

In addition to this being a very well written piece about an extremely fascinating project, Derek enumerates some lessons learned that are directly applicable to any Infrastructure and Integration project. Especially security infrastructure projects like say a Network Access Control (NAC) or Enterprise Single Sign On (SSO) project. Just replace the word “school” with “enterprise” or “business“.

Ultimately, we were successful, but not without missteps and failures along the way. We did lots of things right, but we made a few newbie errors. Here’s what we learned!

  1. Learn as much as you can about your destination school’s physical resources.
  2. Don’t assume that tests in the lab will duplicate conditions in the field.
  3. Read all the relevant blogs, forums and bulletin boards before implementing.
  4. Don’t underestimate the sophistication of local technology and expertise at your destination.


Let’s think about each of these in turn, much as Derek did in his post.

Learn as much as you can about your destination physical resources.
Who hasn’t heard the horror stories from the installation team that just tried to add “one more appliance” to the customer’s data center, only to find out that the power or cooling or rack space just wasn’t there. Always verify ahead of implementation that the destination has all of the physical resources required by your hardware, all of the compute resources required by your software, and all of the network resources, including IP address space, required to connect it all together. An actual visit to the site by your Systems Engineers is a really great idea. Never assume that the destination is a “typical” configuration or that the customer knows the difference.

Don’t assume that tests in the lab will duplicate conditions in the field.
Boy Howdy! This assumption ranks right up there with “no customer would ever do that” as a surefire path to failure. The point is that the lab, by definition, is an artificial environment. Sure our QA engineers do the best job they can to simulate a real world environment, but the key word here is simulate. It’s pretty hard to simulate things like network latencies or ATM noise in the lab. Remember your lab techs are good, not god. What a difference that “o” makes.

Read all the relevant blogs, forums and bulletin boards before implementing.
Not that this has ever happened to me, mind you, but I’ve heard of engineers that actually believe the promo literature and design the system around that, assuming that all the details are handled. I mean how much difference can there be between Server 2K3 and Server 2K3 R2? Yeah. Just do the homework. That’s called “due diligence” in business speak.

Don’t underestimate the sophistication of local technology and expertise at your destination.
As engineers we always like to think we’re way smarter than the mere mortals we tolerate in our presence. But never fool yourself into believing that you can understand the ins and outs of a customer’s infrastructure as well as they do. You may think they are yokels, but they are yokels with way more relevant experience than you. And they are the ones who control your payday. Just suck it up and let them make it easier (or possible) for the project to succeed.

So there you have it. Excellent advice from a 16-year-old who has already learned some important lessons. Well done Derek.

Exposing yourself Web 2.0 style

Everybody knows that social networking sites are notorious for their ill-advised exhibitionism. Folks who are reasonably demure and respectable in person get their freak on when it comes to FaceBook or MySpace. Yep, insert an internet connection between them and the world and the gloves come off. Or rather only the gloves stay on. I’ve written about this phenomenon before and warned of the need to take your online shadow seriously. But increasingly the exposure these social network exhibitionists face is more than simply embarrassment and ridicule on a worldwide scale. Prosecutors  have discovered a veritable treasure trove of unprotected self-incriminating evidence on social networking sites. This entry in the Electronic Discovery Law blog describes just such a case.

Defendant was found guilty of murdering a two year old girl left in his care and was sentenced to life in prison without parole.  On appeal, [he] argued that the trial court improperly admitted evidence from his MySpace account in violation of Ind. R. Evid. 404(b).  Taking up the “novel question” of the propriety of admitting such evidence, the Supreme Court of Indiana ruled that the trial court did not err in admitting the evidence, particularly where [his] own testimony made his character a “central issue” of his defense.  The verdict and sentence were therefore affirmed.

Yikes! Hoist by his own petard as it were. While most Web 2.0 exhibitionists are no doubt posers and certainly not murderers or child abusers, it’s going to be a little embarrassing – not to say legally damaging – if they are ever find themselves a defendant in a criminal or legal proceeding where their chief defense is good character and their FaceBook page proclaims “Gangsta 4Evah!”.

But there are further exposures as well as illustrated in this entry by Christopher Boyd on the SpywareGuide blog.

Yesterday I happened to see a particularly creepy advert containing a number of rotating images claiming to offer “Hacked Facebook and Photobucket accounts” for a price.

Yes, the site is actually called “Hackedsluts.com” and claims to offer up an endless series of images from “hacked” accounts including Myspace, Photobucket and Facebook in return for a monthly fee.

Just when you think they can’t possibly get any creepier or salacious, [they] throw in dubious claims of hacked accounts / stolen images AND [they] lob in a blood splattered “Too extreme” banner supposedly covering up some of the pictures. While this is clearly a piece of Lame Marketing 101, the overall effect of the site is extremely disturbing.

Disturbing indeed. While I agree with Christopher when he concludes that the bulk of the content on “Hackedsluts.com” is made up of stock pornographic content and almost certainly not the result of hacking social networking sites, the fact that there is an actual market for such content is a very distasteful realization. We all know what happens when you mix unsavory and illicit demand with criminal entrepreneurs. Clearly there are people out there who would pay to see you acting the tart. Only you don’t get paid (like a proper tart). That’s being a pro-bono hooker, which is just stupid. And what happens when your future boss turns out to be a Hackedsluts.com aficionado? Good luck with those sexual harassment claims. Or how about when your future ex-spouse sues for custody of your kids?

So the next time you feel like exposing yourself to the world, kick it old school and just get naked, throw on a trench coat and flash the neighbors. The indecent exposure misdemeanor will be way less exposure than an ill-considered photo on MySpace.

Colorado Weirdness

Strange days have found us
Strange days have tracked us down
From “Strange Days” by the Doors

I spend most of my time in the Peoples Republic of Boulder, so I’m pretty blase about strange stuff. I mean this is a place where a candidate for city council can file a campaign finance report with $14.37 to “Only Natural Pet Store” for dinner for his campaign manager, a cat named Sita. And nobody thinks twice about it. Needless to say, my Bizarro-meter is calibrated way higher than most. Nevertheless, events of this last week have pretty much pegged it.

First there was the whole Balloon Boy saga. As if a runaway helium filled mylar flying saucer thought to have a six-year-old stowaway aboard wasn’t bizarre enough, it turns out to be an elaborate hoax for purposes of snagging a reality TV show. Move over John and Kate plus Octomom. This totally raises (or lowers) the weird-stuff-fools-do-to-get-on-TV bar. Here is a timeline of this odd affair.
Oct 20:
FAA investigating Colo. balloon flight
Griego: A better image of parenthood
Hollywood acquaintances say balloon boy’s dad always wanted fame
Oct 19:
Balloon boy saga “absolutely … a hoax,” Larimer sheriff says
Sheriff admits misleading the media to win trust of balloon boy’s family
Oct 18:
Fort Collins parents face felony charges in “balloon boy” case
Balloon escapade a hoax police say
“Balloon boy” responders dealt with roller coaster of emotions
Experts say TV cameras alter family dynamics, like in “balloon boy” case
Sheriff expects charges to be filed against Colorado family in “balloon boy” case
Oct 17:
Charges pending in “balloon boy” saga
Balloon family has pushed for television spotlight
Sheriff has questions, says he believes family
Oct 16:
‘Balloon boy’ found safe at home
Oct 15:
Feared lost in balloon, boy found at home

Yep. It just keeps getting weirder and weirder. Culminating in what will no doubt be the most popular Halloween costume of 2009 and this YouTube spoof Real Men of Genius: Heene. Just think, all this took place in the normal part of Colorado.

And then there was this pair of stories about insurance company craziness. In the first, an infant was denied coverage due to pre-existing condition: “obesity”. In the second a two-year-old was denied coverage due to another pre-existing condition: “underweight”. Yeah, that’s what I thought too. I gotta tell ya, this doesn’t do a lot for the credibility of insurance companies in my mind. Although I have no problem believing that insurance prices will go up if the health care legislation currently being debated in congress is passed. Or not. Whatever happens I’m pretty sure that they’ll find a way to take more of our money and deliver less coverage.

And in the “Best Job Ever” category Westword, a Denver alternative newspaper posted an ad for a reviewer of the state’s marijuana dispensaries and their products. Hey, they don’t call it the Mile High city for nothing!

All this during the week that the Denver Broncos went 6-0 in a seasons where most of us thought they would be lucky to win 6 at all. If this isn’t concrete evidence of the existence of a God who watches over His Broncos I don’t know what is.

Oh, I almost forgot. Microsoft released their long-awaited new OS – Windows 7 which was Amazon UK’s biggest pre-ordered product of all time. Unseating the previous title holder Harry Potter and the Deathly Hallows. Now if businesses will just follow the consumer herd, Microsoft will be golden. And I will totally need to re-calibrate my Bizarro-meter even higher.

No privilege for you!

Everybody knows about the idea of attorney-client privilege. At least in the USA. It’s what keeps lawyers in business and their clients out of jail. In general, any communication between attorney and client is privileged. It’s a secret that no court can compel either party to divulge. Kind of like the privilege between confessor and confessee [priest and sinner in confession]. Only God usually isn’t involved. If the conversation is via telephone? Covered. Postal mail? Ditto. E-mail? Absolutely. Except when it’s not.

You see, privilege hinges on the idea that the conversation is private. Since it’s not possible to “un-hear” a public conversation you don’t get no stinking privilege. Well duh! you might be thinking about now. Of course not. But when a client sends an email directly to an attorney then it’s private. Not so fast there, buckaroo! In this post on the Electronic Discovery Law blog an incident is described wherein that privileged email turns out not to be.

At issue before the court was an email sent from defendant’s counsel to plaintiff’s Vice President and In-House General Counsel regarding a prior conference call attended by [the] defendant, [both counsels] and another lawyer for plaintiff.  At the time of the call, [the] defendant was CEO and Vice-Chairman of the plaintiff corporation.

Evidence was presented that during [the defendant's] employment with plaintiff, [the In-House General Counsel] served as [the defendant's] personal advisor.  Accordingly, [the defendant] claimed the email was a privileged communication between his counsel and his “personal advisor and agent”.  Issues of whether the relationship between [them] was sufficient to establish privilege aside, the court ruled that the email in question “[was] not protected by the attorney-client privilege because [the defendant] had no reasonable expectation of privacy…”

That’s right. Do not pass Go, do not collect $200. This is a point I’ve been trying to drive home since I started blogging lo those many months ago (14 to be exact): when you send and receive email at work you have no reasonable expectation of privacy. Just so there’s no confusion, here are the four factors the court set forth for consideration in determining whether an employee has a reasonable expectation of privacy in computer files or email:

  1. does the corporation maintain a policy banning personal or other objectionable use,
  2. does the company monitor the use of the employee’s computer or email,
  3. do third parties have a right of access to the computer or e-mails, and
  4. did the corporation notify the employee, or was the employee aware, of the use and monitoring policies?

That’s right, you better check the old employee manual to see what your employer’s policy is. Or better yet just pay attention to that disclaimer message that comes up every time you log in to your PC or workstation. You know, that one you always ignore? I willing to bet that it doesn’t say “Use this computer for anything you like. We don’t care and won’t pay any attention to you.

Bottom line is that you have no reasonable expectation of privacy when you email at work. And therefore no privilege. Not with your lawyer. Not with your priest. Even though God might forgive you in the latter case, a judge certainly will not in the former. You’ve been warned. Now go in peace and sin no more.

If we only knew now what Caspar knew then

Superman where are you now?
When everythings gone wrong somehow
The men of steel, the men of power
Are losing control by the hour.
“Land of Confusion” – Genesis

Why, oh why didn’t we listen to Caspar Weinberger? Or more correctly, why didn’t the U.S. government follow the directives and doctrine that “Cap the Knife” proposed and instituted over 30 years ago? And why does it matter now? Glad you asked.

In a recent entry Voltage Superconductor blogger Luther Martin ponders this same question with respect (or lack thereof) to privacy.

The need to protect the sensitive personal information that’s used to commit identity theft has been well known for many years. As far back as 1973 this was know to be a problem. That’s when the report Records, Computers and the Rights of Citizens was written for Caspar Weinberger, who was then Secretary of Health, Education, and Welfare.

This report discussed the problems of privacy and recommended that the following five principles be used to create a “federal code of fair information practice” that would be enforced by one or more federal laws:

  • There must be no personal data record keeping systems whose very existence is secret.
  • There must be a way for an individual to find out what information about him is in a record and how it is used.
  • There must be a way for an individual to prevent information about him that was obtained for one purpose from being used or made available for other purposes without his consent.
  • There must be a way for an individual to correct or amend a record of identifiable information about him.
  • Any organization creating, maintaining, using, or disseminating records of identifiable personal data must assure the reliability of the data for their intended use and must take precautions to prevent misuse of the data.

Yeah, that Caspar Weinberger. The same guy who, during his tenure as Secretary of Defense for President Reagan, proposed the Weinberger Doctrine of six criteria for determining whether – and how – the U.S. should commit U.S. military forces abroad to avoid the “Vietnam syndrome”.

  1. The United States should not commit forces to combat unless the vital national interests of the United States or its allies are involved.
  2. U.S. troops should only be committed wholeheartedly and with the clear intention of winning. Otherwise, troops should not be committed.
  3. U.S. combat troops should be committed only with clearly defined political and military objectives and with the capacity to accomplish those objectives.
  4. The relationship between the objectives and the size and composition of the forces committed should be continually reassessed and adjusted if necessary.
  5. U.S. troops should not be committed to battle without a “reasonable assurance” of the support of U.S. public opinion and Congress.
  6. The commitment of U.S. troops should be considered only as a last resort.

Come on now, folks! It’s not like the Nixon or Reagan administrations were exactly bleeding heart liberal pacifists. Maybe Secretary Weinberger was simply a politician who could (gasp!) foresee the problem with no official protection of personal privacy and (gasp! choke!) learn from historical mistakes. I know it certainly doesn’t sound like any of the pols we’ve come to know and love [loathe]. In any event, it’s pretty obvious that his policies and doctrine have been roundly ignored for far too long.

So here’s an idea: How about the Obama administration try “reaching across the aisle” with a proposal for a “federal code of fair information practice” that originates with a prominent, hardcore, Republican? A guy who was once the chairman of the California Republican Party and served at the cabinet level in two of the most conservative Republican administrations ever. A guy who was publisher of Forbes magazine. It would be a little hard for the “loyal opposition” to question his pedigree. And hey – they could even take credit for the idea [Dude, we thought of that first!]. Whatever. Just pass the legislation already! And it’s a little late now to apply the Weinberger Doctrine.