Wednesday 28 October 2015


The TalkTalk Hack saga is a sad affair. Watching the Chief Executive Dido Harding struggling to explain the situation on television was painful. We're now seeing reports of a 15 year old hacker in Northern Ireland under arrest in connection with the events.

Have TalkTalk under invested in computer security? Were their applications written and tested to be secure? It is reported in the Daily Telegraph that TalkTalk with in the process of reducing spending on IT by 25%. Was that a sensible use of resources? 

You have to ask about the risk of an organisation's executive team where technology skills are under represented. This will lead to false economies on IT spending.  For a technology company such as Talk Talk it is unforgivable.  It seems the trend in the Telecoms Industry to focus more on marketing skills as an essential qualification for recruitment into the Executive Team.

Friday 25 September 2015

USA pricing in the UK

We've been trialling some Software as a Service for the purposes of providing remote training sessions. After running trials of several products we decided on using GoToTraining. It has good features and the way it is implemented reduces the strain on our currently limited Internet data link.

While we are in the UK we managed to contract to receive the service at USA prices. More later....

Monday 14 September 2015

UK Telecommunications User Group

I've been giving the UKTUG a hand in formulating a response to the European Union consultation on digital communications in the European Union. Most of the questions were slanted towards the EU team having already decided what it wants to report. Many important topics like IPv6 were ignored. Regardless it is important that members of SME businesses put forward their views. It might affect future legislation.

Monday 7 September 2015

Can't give them away...

Our domain registrar/hosting company Easyspace have emailed us an offer of a "free"  Lumia 640 LTE Smartphone worth £130 if we sign-up for Office 365.

Either Office 365 is overpriced or Microsoft has loads of Lumia phones it can't sell.

Friday 14 August 2015

Taking cards

Edit 10th May 2017: We no longer recommend PayPal.  See new post.

We occasionally need to add a fee for our holiday home guests which is outside of the primary rental handled by our agents (Sykes Cottages). An example of this is a deposit fee for the use of the in-house telephone system, or perhaps accepting the outstanding balance of call costs. The benefit to our guests is the don't have to use cash. If they are from another country the currency conversion is automatic on their credit/debit card account.

I've just been trying out Paypal's new reader. It handles CHIP and PIN, magnetic strip swipe and also touch payment. The reader links by BlueTooth wireless to your iPad/iPhone or Android Tablet/Phone. You have to download the appropriate PayPal/Here App from Google Play or from Apple as appropriate. After minimal configuration the device is up and working.for the first time in a few minutes. Subsequently it doesn't take long to get it operational again.

You need to have:

  • A PayPal Business Account
  • A Wifi or 3G/4G signal to allow you phone/tablet to connect to the Internet.
The handling fee is about 2.75% per transaction.

Operating a configured device is quite easy. First start the PayPal Here App on your tablet/Phone. Get things going by typing in your PaylPal password on your tablet/phone, Then switch on the bluetooth card reader. You enter details of the transaction on your/tablet/phone to get a total fee. You then hand the card reader to your client. It shows the amount you intend to charge. Ask them to either touch,insert, or swipe the magnetic strip of their card. For the latter two they will be asked to enter their card PIN. Your client can then approve the transaction.

Once the payment has been approved you can print a receipt or email a copy to them. The App will display some limited statistics such as transactions and totals. Unlike the iZettle approach you cannot do "Card Not Present" payments, you'd need a different Paypal service to handle those, it costs £20 a month to do that. 

There's no obvious way of replacing the battery when renewal is required. The iZettle has an exchangeable battery.

My initial impression is that it works well, ideal for a small business which needs to take an occasional card payment face to face. 

Monday 27 July 2015

Choosing a VOIP Service

Choosing a VOIP service is not always down to finding the lowest price. Cheap is not the same as inexpensive. You'll need to think about what features you need to support your organisation both now and in the future.

Telephone services vendors are Grand Masters when it comes down to sneaking in additional costs/fees to the customer's bill. The headline price figure displayed prominently on a web site is rarely what you end up paying.

You'll need to consider what access you have to technical support for computers and networks. Once a VOIP service is working they generally work well. However there is often an initial need to tinker with network settings to get everything working properly. You might need to make some improvements to your data network to ensure good data security and a good quality voice on your phones. You should also have access to a technician during the operation of your service for when problems arise. Such problems are infrequent, but baffling for the lay-person. The level of data network support provided by the VOIP service vendor can vary considerably. Their support often stops at the point where the telecom data service enters your building.

If you are using VOIP phones they are generally just plug in and go provided they've been properly configured. Just as with your desk top PC the software hidden in the phones will need an occasional update for fixes, improvements and security patches. You may need technical support to ensure this update process takes place. Some VOIP vendors will do this remotely, others may give you no assistance on this matter.

Before committing to any particular VOIP service supplier be sure to try it out to check the voice quality to several remote destinations. There are different methods of voice encoding used in VOIP which can affect the quality of the voice transmission. I'll repeat it, "Make sure you check the quality of voice received at the other end." It is usually not too difficult to persuade someone at a remote location to asses the quality of the calls. Don't rely solely on what you hear at your end of the call. What might sound good to you can be horrible at the remote end.

You should also carefully check the contract period and how it is handled at renewal. You might pay monthly but still be enrolling in a three year contract with expensive exit charges should you need to change your mind. Make sure you have an exit should the vendor be unable to get your system working. Watch out for extra costs such as telephone number rental.

In assessing a contract make sure you know:
  • Implementation Costs
  • Expected cost
  • Contractually committed cost
  • "Out of plan" cost projections

When comparing phone call tariffs work out how many minutes you'll need per use per month then check what the costs will be if you exceed the plan. Some call plans tie the "minutes" to users with no transfer between user plans. Watch out for how call times are measured. Is it to the nearest minute, or are call times rounded up to the next whole minute. Call Set up fees can vary considerably between vendors; the financial impact depends on the call usage pattern of your business. You may find some vendors particularly BT round up the individual call costs to the next pence amount. If your business makes a lot of short outgoing calls the impact of call set up fees and cost rounding can be significant.

Despite all the considerations mentioned above you will almost inevitably save a lot of money on telecoms costs by moving to VOIP. You also gain considerably in business flexibility. However don't ditch your existing phone system until you've used the VOIP for a while and be sure to retain at least one incoming number on a traditional land line.

Saturday 25 July 2015

Save money on your phone system.

There have been many advances in Cloud Computing. Now any organisation who has dispersed employees or groups of employees with access to the Internet can provide them with the facilities of a PABX telephone system at a very low set up cost. The use of a hosted Voice Over Internet Protocol (VOIP) telephone system can provide the facilities previously only available to larger enterprises.

  • Members/employees can be allocated internal phone extension numbers regardless of where they are in the world;
  • The organisation can gain access to low cost telephone tariffs, a fraction of the main public telephone companies with no noticeable loss in quality. Itemised call billing costs are traceable back to individual users. You will save money!
  • Expensive destinations can be blocked;
  • Members can be assigned to one or more incoming phone lines or share lines.
  • Calls can follow people from their office to their mobile phone or home lines.
  • Call recording, voice mail, SMS messaging and Fax can be quickly added;
  • Receptionist, conferencing, call transfer and call rollover are part of the package;
  • No real technical skills are required to operate the system. The hosting company takes care of the technicalities;
  • You can set up a new desk/role/location with a working phone facility in a couple of minutes or tear it down equally quickly. It is a matter of opening the box containing the phone handset, plug it in and you are ready to go in a few minutes.

You might save a substantial sum: 

  1. The BT standard land line call cost (ex VAT) in the UK, outside of a prepaid plan, is £0.17 per minute and a £0.19 call set up charge.  SIPGate charge just £0.01 per minute and no set up charge.  
  2. A 10 minute call to South Africa would cost £18.50 with BT business land line, the same call via SIPGate would be £0.59
  3. On VOIP systems calls between phone extensions are free, regardless of the geographic location of the participants.

Here are some systems you might like to consider:

We will post some more information on this blog over the next few days.We've set one up recently. 

Edit: 27th July 2015 The day after creating the posting, I received an email from BT announcing a price increase in September 2015. For residential services the price increase is 7% on average, which is way above the annual rate of inflation. Here's a link to a copy of partial details.

Wednesday 15 July 2015

Has the UK run out of power?

Reports in the media point to a statement by the UK National Grid that the margin between on-line electricity generating capacity and demand in the winter of 2015 will be 1.2%. The National Grid are paying power generation companies to keep mothballed plants available and also some large power consumers to "switch off" at times of high demand. The additional measures will give a 5.1% capacity margin. If all goes well it should be sufficient, but there are many risk factors that could cause an overload of that margin. It could be a power station failure, or a grid failure, an interruption to the Natural Gas supply. If this happened on a calm day we might lose the input from wind turbine power. An exceptionally cold winter may cause demand in excess of Government expectations.  There's more information on the National Grid's reserves here.

If you constantly run a complex mechanical system, maintained at the lowest possible cost, within 2% of its maximum capacity you cannot expect 100% availability. UK businesses should be blowing the dust off their contingency plans to see what they intend to do in the event of regional power outages this winter. These outages may be pre-announced or occur without warning.

  • You should run standby power system tests now to give your organisation time to fix any problems found. 
  • The tests should assume extended regional power outages. 
  • You might need to plan for load shifting to other regions/countries in the event of an outage. 
  • You should review arrangements for the supply of alternative fuels such as standby generator diesel. 
  • What will happen to fuel deliveries if a regional outage causes sudden demand on resupply logistics;
  • Who will receive priority in fuel delivery?
  • How will you make media announcements concerning your organisation's plan to your workers, customers, suppliers in the event of a regional power outage?

If your organisation uses home/remote working as part of its contingency planning, are there arrangements to provide standby power in those remote locations? Do your Key Home Workers have safe access to inverter power generators (and fuel) to run their home computers and network?  Will fuel be available for transport of workers? Are your workers aware of what they should do in the event of a local/regional power outage?

You may need to check the preparedness of your major suppliers for regional power outages.. 

Friday 26 June 2015

Suppliers at risk from their couriers

Our offices are located in a busy part of town which happens to be part of a UNESCO World Heritage Site. The place is in the bottom of charming countryside river valley with hills either side. There's a mix of businesses and homes surrounding us. It is a very friendly sort of place and people leave their building's back doors unlocked, the front doors are locked to keep the tourists out. As with most businesses we have courier delivery and collection of various packages. If anyone is not at home/office one of the neighbours will always take in a parcel. Pretty much all of the couriers cope with this environment extremely well.

The better couriers will send an SMS text message to accurately predict when when they anticipate delivery. Others will attempt to deliver with no notification. If no one is available to receive the package, the driver will leave a note and either return the package to base or lodge it with a neighbour. In the case of the return to base, they'll attempt redelivery at a later date. This system works.

However our experience with UPS couriers is rather different. They don't advise in advance of a delivery. They make one attempt to deliver a package. If that doesn't work, they don't attempt to leave it with a neighbour nor do they return it to base. No, UPS take it upon themselves to deposit the parcel some hours later at a "nearby" collection point and leave a note through your door to that effect. The onus is then on the addressee to go an collect the parcel. It would be helpful if the delivery attempt note gave an address where you should go collect. In our case it was the name of a newspaper shop we'd never seen before. We had to use Google to track it down. The collection point was over 2.1 Kilometres away up the hillside approximately 200 metres higher. A good job we have a car to travel to it. It is not an easy walk. Disabled, or elderly people might find that a bit inconvenient to reach.

Someone in UPS seems to think they can save money by only attempting just one delivery before forcing the customer to collect from another location. It is a small wonder for us to discover their CEO's annual "compensation" doubled in 2014 to $8.4 Million. Perhaps funded by halving service levels?

The downside for our suppliers is that if they use UPS as a "logistics partner" we regard them as having an unreliable supply chain. Consequently that supplier is then blacklisted as a "only use in last resort." If they re-think their choice of courier then we might continue to do business with them, but meanwhile the business relationship is damaged.

In our case we contacted our supplier (Epson) to see if they could assist. The message was "you are on your own we won't help". Of course any phone calls to request assistance attract a premium rate call charge.

On a lighter vein, this Youtube video made me smile.

Of course it is easy to find other people with bad feelings about UPS. Here's one, but perhaps reading this in the USA and here in the UK I should count myself lucky.

Edit: 30/6/2015 I've just received a call from Estonia (about 2800KM distant).. It was the UPS Customer Services. The gentleman was polite, had good English but he had a noticeable heavy Russian/Eastern European accent. He wanted to discuss what had happened. The direction of the conversation was that the delivery problem was down to the delivery service specified by Epson. Let's just say it set my BS antennae quivering. He could offer no real reason for the unsatisfactory delivery, but said my views would be noted and brought to the attention of management. Having had the responsibility of managing several international help desk teams, I realise it means nothing will happen and the issue will be lost in a pile of statistics. So far as I'm concerned it was no answer to my complaint.

Saturday 20 June 2015

Wall reinforcement - Intrusion protection

One more interesting find at the IFSEC 2015 was Avertic Armour. They provide a high strength woven mesh which helps protect against power drill attacks and cutting disk attacks. You embed the mesh in the walls of the object to wish to protect. The strands of the mesh rapidly clog any cutting tool which is used to attempt to break through the wall.

This armour technology has its origins in the protective clothing worn by forestry workers to protect their bodies from chain saw injuries. If the moving saw chain comes in contact with the protective clothing the strong threads are not cut but entangle the saw mechanism causing the motor to stall.

If you wished to protect the doors and/or walls of a data centre you'd probably use this material in conjunction with other security strengthening measures such as expanded steel mesh, perhaps a ballistic layer, and a vibration sensor for an alarm system. The lightweight Avertic Armour in one or more layers would greatly delay intruders wishing to break through by denying the use of powered cutting disks to cut through other reinforcements such as steel.

A Data Centre without fire risk?

An interesting system at IFSEC 2015 was Wagner's Oxyreduct system. This system can be used to protect Data Centre rooms, vaults, document storage rooms from fire. It works by increasing the proportion of nitrogen in the atmosphere until the oxygen proportion is 15% rather than the normal 20%.  At the 15% level there's insufficient oxygen to support normal combustion. They are classed as Hypoxic Air Fire Prevention systems. In classic fire risk training you learn about the Fire Triangle; you need all three sides Oxygen, Fuel, Heat to sustain combustion. Remove one of the sides and fire will not take hold. This technique takes out the oxygen side of the triangle.

I was invited into a demonstration room by the salesman where the Oxyreduct system was controlling the atmosphere. In a classic sales type of demonstration he handed me a cigarette lighter then asked me to try to set fire to his jacket. I couldn't get a flame from the lighter, even though it had worked just fine outside the room. 

Fundamental to the system is a nitrogen concentrator unit which extracts nitrogen from the atmosphere. This nitrogen is then pumped into the room to be protected and the oxygen level monitored to be maintained at the magical 15% level. You don't need to hold compressed nitrogen in cylinders or store liquid nitrogen.

Obviously the cost of installation and operation needs to be considered but I can see this could be a highly effective system in a data centre environment. Most fire suppression system react after a fire has started. Those types of systems can cause the shut down of a room and may cause some damage themselves. Oxyreduct is definitely worth a look! 

You'd need to be sure the room to be protected is effectively gas tight and good air movement within the room to help maintain the oxygen/nitrogen balance. You'd need to ensure the gas porosity of the building structure such as walls does not exceed the capability of the system unit to provide nitrogen. If people routinely work in the room you'd need provision to replenish oxygen depleted by their breathing. 

Perhaps a simple blood oxygen saturation monitor (Oximeter) might be needed to reassure workers, particularly any person who has a compromised respiratory system. Here's some Health and Safety guidance and Wikipedia information here. In any event it might be wise to limit staff exposure to 2 hours in the reduced oxygen environment. Normally the 15% oxygen is fine for healthy workers, but some countries such as the USA OSHA Regs might prevent the use of such a system providing less than 19.5% Oxygen. Some other standards which apply are VdS 3527en and BSI: PAS 95:2011

I'd consider deploying this as a primary system with an alternate backup fire suppression system, such as high pressure water mist as a backup, but that it all depends on the safety/risk benefit cost equation. If someone wedges a door open or otherwise defeats the gas tightness of the protected area the Oxyreduct system, as with any other gas based system, would become ineffective.

Here's a video:

There's some general information on these hypoxic systems here.

Friday 19 June 2015

Hilti Firestop range of products - filling the gap

I regularly visit the annual security exhibition IFSEC based in the UK. It is one of the few I consider worth investing a day's time plus the travel expense. Much of it is endless rows of CCTV cameras and door locks, but there are some gems of information. One of those nuggets of information was the Hilti range of fire stop products. They were actually part of the associated FIREX exhibition in the  same Excel hall.

The Firestop system is a range of putties, mastic, blocks which can be used to build intumescent seals for the wall penetrations of power cables, data cables and pipes. If a fire occurs outside of a data centre room the compounds swell into a smoke, fire and heat resistant foam. If the system is used around a pipe as a fire collar it will swell and seal the pipe preventing access by the fire. There's a pdf copy of the technical manual here.

The Firestop putty-like block systems are easily re-penetrable. This allows you to run extra data/power cables through the fire barrier after the original construction without compromising the fire protection. When we audit data centres we often find the fire protection has been compromised during operational life by subsequent installations and upgrades. The Hilti system would appear to facilitate later installations.

Here's a Youtube video showing installation.

If you have 10 minutes to spare here's a video which demonstrates the need to use appropriate fire stop measures.

Saturday 23 May 2015

BT Dark Fibre

It is interesting to note that Ofcom, the UK telecoms regulator, is opening discussion/consultation with a view to opening British Telecoms (BT) fibre network to competitors for business network links. Essentially Ofcom is tired of the excuses from BT OpenReach and its failure to deliver installs in a timely manner.

This could see some real competition in the business telecoms industry. It will be a bit like the shake up of telecoms in the City of London back in the mid 1980s. It is a £2 Billion market at risk.

The consultation closes 31st July 2015.

Sunday 17 May 2015

Project Milestone Deliverables and Due Dates have not been documented - Early warning Signs of Project Failure

It is possible to plan a project and its project activities in detail without setting Milestone points in the plan. Provided that all of the activities are completed on time and to requirement it is possible to complete the project successfully on time, with full functionality and to budget.

However, most projects are so complex or undefined in the early stages it is not possible to rely on a finely detailed plan. The beast is too complex and people outside of the project office, such as the stakeholders can find it difficult to accurately understand the real level of progress. A mix of problems and delays can lead to serious project damage before anyone in power has realised there's a problem.

One effective way of dealing with complexities is to group important items at set a marker date or "Milestone" by which the group of activities must be completed. You also need to define in advance some "deliverables" for each milestone so you can assess whether or not the Milestone date has been met. Without a list of deliverable features/actions it is not possible to challenge the assertion by the project team that a Milestone has been met.

When you define a milestone you are declaring an easily understood and obvious measure of progress. The milestones are generally those which a business manager would understand. The deliverables need to be tangible items/services/facilities which can be independently verified as "delivered". When a Milestone has been reached, the project team and stakeholders can decided whether sufficient progress has been made or whether some variation is necessary for the project. If a Milestone  and its deliverables move past the due date it is cause for concern.The most difficult case is to realise that the organisation needs to abandon the project or consider some other serious variation to the project plan of resources.

If the project team does not have documented clear milestones which are subject to review it is probably a sign that there is insufficient control and the project may drift off course.

Friday 15 May 2015

Project Stakeholders not interviewed for requirements - Early warning signs of project failure

When checking the health of a project you need to establish that all stakeholders have been interviewed to establish their requirements of the project. If these interviews have not taken place it is an indicator of potential project failure. It can lead to incomplete functionality and function creep.

The interview results should be documented and signed off by the Project Manager and the Stockholder.  The process should ensure "informed consent" so the Stakeholder understands the process and the implications of the information he/she is providing. The interview process should provide iterative feedback where the analyst double-checks the information gathered.

It is helpful to have a structured process for the interview to establish full information and also the level of confidence in the data provided.

The documented requirements should be cross referenced to the proposed functionality, projected delivery time-scale, performance and reliability projections to enable the Stakeholder's   understanding of whether what is proposed will meet his/her requirements.

The project team should also document any requirements expressed by the Stakeholder which will not be met by the project. These gaps should be discussed with and signed off by the stakeholder.

Wednesday 13 May 2015

Dusty builders in your technology room

We've been involved in many projects where a data centre room is built from scratch in a bare concrete building skeleton. There are many challenges involved in such projects, but the most insidious problem is dust created during the construction process. It gets everywhere; on floor slabs, ceiling voids, ducting, even installed cabinets. You need to have a clean room environment before the installation of servers and network equipment. It can contaminate fan bearings, printed circuit board surfaces If you install in an environment containing dust you risk premature equipment failure and malfunction.  It clogs filters in air conditioning units.

Once you get the room dust free through specialist cleaning of floors, voids, walls and ceilings it is difficult to keep it clean. Ideally you need to ban tradesmen/craftsmen from working in or entering the clean room once it has been fully cleansed. In practice however there will always be something delayed or forgotten which creates extra construction work in your precious "finished" room. If it is essential the contractors undertake any dust creating work you'll need to consider dust control tents, with dust extraction air handling, to enclose their work area. Their method statement documents should always detail how they'll control dust. Before releasing the work area you'll need to ensure appropriate cleansing to ensure the effected area is dust free. 

People carry dust on their clothes and shoes from the environment outside of the clean room. This is particularly the case if they've been involved in or working close to dust creating activities. You can use tack-mats inside the entrance doorway to trap dust from shoes. The mats need to be checked/renewed daily to ensure they're functioning properly. You also need to police the use of the tack-mats to make sure people are using them.

Disposable coveralls and booties for shoes will help to contain contamination dust, but tend to be unpopular with tradesmen if they need to frequently enter/leave the clean room. You'll also need facilities for people to change into and dispose of the cover clothing.  There are costs of these disposable items.

After some experimentation we devised a temporary two door air lock solution. The floor of the air-lock contains dust removal measures such as bristle mats mounted on a grounded metallic vacuum plenum matrix. The air lock chamber is temporarily assembled inside the main entrance to the clean room . As people enter the room, air knives blast air from their clothing and shoes. The bristles brush their shoes as they walk across and the underlying vacuum floor sucks away dust laden air through the bristle mat.

We treat the air by passing it through a dust vortex chamber and then on to a MERV 11 HEPA filter chamber to clean the air before returning it to the clean room. This arrangement does not alter the air pressurisation of the clean room. The vortex chamber extracts 99% of dust leaving the finer residue for the HEPA filter but it drastically reduces the maintenance needed to support the HEPA filter (extends life). The dust captured by the vortex chamber is dumped in a sealed container for easy removal by low skilled workers. The filtration unit requires about one kW of power to operate and cleans about 1500 cu metres (53000 cu ft) of air per hour within the airlock. It is possible to buy particle counters from upwards of £300, but typically circa £2000, to validate how effective the control measures have been.

The temporary airlock also helps to control dust which can enter when the external doors are opened. We have experimented with providing a vacuum table station where items/clothing being carried into the room can be cleaned. The vacuum tube is serviced by the main airlock filtration system. In operation we found this approach effective but needs policing to ensure workers use it. Providing a small translucent vortex unit and dust container at the vacuum station gives a low cost overt demonstration to both workers and management.

When the construction activities are complete we can knock down and remove the airlock, or if desired incorporate it as a permanent feature of the room. The construction of the unit has to be robust to support the weight of heavy equipment which may be wheeled over it. The air handling of the temporary airlock is self contained, avoiding the need to modify the permanent air handling and avoiding making any new holes in the fire resistant wall.

For those who want to experiment with this technology, here's one low cost approach using a kit:

 In the USA you might want to look at the Oneida range of vortex units, for example the Dust Deputy. We used vortex devices made from steel to be able to withstand the rough environment on a construction site. They are more expensive, but do a good job. When using this technology around servers or network equipment be sure to use anti-static counter-measures and good electrical grounding. The swirling dust in the air flows can create a hefty level of static electricity.

Tuesday 12 May 2015

Poor Change Control - Project Failure Early Warning Signs

Few organisations have the resources to mount projects which have no change control process. Unauthorised changes could affect the budget, delivery time scale, resources, performance, functionality and operational costs of a project. In some cases there are legal, compliance, audit and regulatory constraints which have to be planned and controlled and delivered as part of the project change. Without project controls, proper cost benefit analysis of changes, prioritisation of development and release efforts for changes it is very easy for projects to go astray, bust their budget, have late delivery and limited/excessive functionality.

There may be complaints from developers, business users/clients that the change control process reduces flexibility in a project. Usually the risks of project failure from the lack of robust project control massively outweigh any gains from "flexibility".

The control process also helps to track the associated costs of any change. Such costs can be obvious, as in "x" man hours of additional development/testing effort, but they can be more subtle such as:

  • the impact on system performance requiring an upgrade or alteration of system infrastructure;
  • changes to support software licensing and maintenance costs;
  • costs of consequent delays to system functions/services; 
  • or maybe there is a long term impact on operational costs;
  • the costs associated with releasing the change to a stable environment;
  • training costs to allow personnel to accommodate the change;
  • knock on changes to archive/retrieval systems to meet compliance needs;
  • modification of data migration planning;
  • changes in one part of a system might necessitate changes to another system.

The control system should provide a documented authorisation pathway showing who has assessed the impacts, who has authorised the work and who will pick up the immediate and long term costs of the changes. It is all too easy for a business user to go "transparent" and say: "I said it would be nice if.... but I didn't agree to these extra costs/delays arising from the changes".

The authorisation of changes, the impact assessment, the implementation planning and progress of changes should all be tracked. Where the work is performed by external contractors it is essential to track/control the changes in order to be in the position to challenge bills presented by the contractors for "variations" at the end of project or the next round of billing.

Weak Project Manager - Early Warning Signs of Project Failure

When a project team has a weak project manager who cannot effectively lead the team or is poor at communication with the clients/business management it is a strong early warning sign of IT project failure. 

Early in my career as a technology development manager I used to dislike several project managers. They were bossy, abrasive, pointed out my faults and seemed to spend ages just chatting with business management. These people seemed to flout the established departmental rules. What I came to realise was that these people were in fact great project managers who delivered projects on time, on budget and good functionality.  They had good communications with business management and made sure the technology aligned with business needs. In managing the teams they were intolerant of excuses or lack of clarity. These project managers wanted to know about genuine problems so they could martial appropriate resources to handle the issues, they were supportive when things go wrong. They provided leadership while possessing sufficient technical skill/experience to manage and motivate a multi-discipline team of engineers.

I am often called in to rescue projects that have gone wrong. They are late, over budget and or the team is poorly motivated. The business management executives may have lost confidence in the team. One of the first things I examine is the Project Manager. Does this person demonstrate the skills necessary to lead the team and communicate well with the client? Does he/she maintain team discipline and have a tight grasp on progress? Is he/she too tolerant of excuses for failure to meet delivery? Does the PM control the scope of the project and the budget?  Without a good leader it is inevitable the project will drift off course.

I've seen situations where the project manager has excellent academic qualifications in project management techniques but just lacks the necessary leadership, communication and control skills. They've often been relieved when I take action to remove them from the leadership role. I'll usually try to rescue such people and give them opportunity to develop their skills as a supporting team member. It's (usually) not their own fault they were given a role beyond their capabilities. 

A different problem can arise when the Project Manager lacks the necessary technical skill. They may be a great leader, but lack the knowledge to question the progress reports provided by technical team members. In these cases team morale can be destroyed as progress is falsely reported or resources are poorly allocated. I saw a case recently where repeated failures to meet application program delivery dates were not challenged by the Project Manager, the team just rescheduled, shuffled priorities and added more contract staff. The underlying performance issues were not addressed. The project ran over a year overdue, had reduced functionality and was massively over budget.

Monday 11 May 2015

Requirements and scope not documented - Early Warning Signs of IT Project failure

It is important to to define in writing in the initial stages the expected functionality arising from an IT Project. While this definition might not be fully detailed at this point, until the analysis/design process has been completed, the requirements should be sufficiently descriptive that any non-IT manager can understand what is proposed. The initial documentation should describe the scope of the project. It should also describe any important business features not included at this point. 

In today's environment of 24/7 on-line, web based and social media applications the requirements should specify the performance and reliability expected of the system.  I've seen several projects where the leaders can produce massive dense documentation on the functionality of the system, yet no real detail on the expected performance of the system. It is crucial to understand the costs of appropriate performance levels and reliability right from the start of a project. It can be very difficult to retrofit performance/reliability into a system if this has not been considered from the outset.

One of the many budgets used to control a project might well include a performance budget where the resources and infrastructure required to meet the projected processing and response times of each major component are monitored.

It is important the business signs off those functionality/ scope/ performance/ reliability requirements at the early stages of the project. It is important that this is "informed consent". One of the responsibilities of the Project Manager/Director is to ensure business executives understand what they are signing off and have the time to question what is proposed. Real signatures should be on a document recording that agreement. 

Sunday 10 May 2015

Early Warning Signs of project failure - Lack of Senior Management Support

Throughout my career I've had to help on projects giving technical advice. You can soon notice some early warning signs of an IT project running into trouble. If his/her brief allows, the consultant can assist the client by alerting to them to early warning signs of problems.

One of the most serious is a lack of top management support or commitment to a project. Typical signs of this is the absence of senior managers at key steering group meetings, or a failure of the senior managers actively tracking progress of the project. If the managers are content to "leave the project to the experts" it is a recipe for disaster.  During the life of a project challenges will arise which need the active involvement of the business for business decisions and possibly resource allocation. If the senior managers merely passively receive progress reports from project managers it may be a sign of problems.

The senior management involvement should be there right from the start of the project. This will help to ensure the alignment with the planned direction of the business. The executive can help to champion the project at Board level when resources are required. 

Thursday 26 February 2015

I hate Adobe Society

Over the years I've had a  problematic relationship with Adobe products. They are generally good products, but then the Adobe Management will make some dumb decision which really turns me against their organisation. It is as if their corporate policy is we are so big, it doesn't matter if we annoy the customers. I'd like to purchase more Adobe products but I loathe letting them have my business. 

The latest is a long saga is their approach to the licensing implementation for Dreamweaver. We have a legitimate copy of Version 7. When we upgraded the hard disk of the PC we found that our Dreamweaver no longer works and cannot be re-installed because Adobe no longer run the activation server for that product. It seems a purchase is not a lifetime affair with Adobe, they like to expire products and force you to buy new when it breaks. Personally I'd describe that as long term rental, not a purchase.

I've contacted the Adobe Help Desk, but they were unable to help. So now  Adobe goes back on our blacklist and we negatively recommend it to our clients. There are alternatives which are effective and more economic. Adobe loses again.

If Adobe manufactured motor vehicles they'd expect you to scrap your automobile after 7 year's use and have a remote control switch to enforce it.

Friday 16 January 2015

Increased Terrorist attack risk - precautions

The asymmetric war approach of ISIL and Al Qaeda  will inevitably mean attacks within Western World countries. Many of these will be detected and aborted by security forces, but some will take place. Some attacks will be retaliatory as a consequence of terrorist attacks. The incidents may even take the form of rioting. What is different at the moment is that many more hot heads and fanatics will gain access and exposure to battle conditions. They will also gain access to military weapons and explosives. In some cases terrorists will be assigned targets and resources to carry out attacks.

In reality these attacks are quite rare. Some organisations are at greater risk than others as a consequence of their operations, such as the Charlie Hebdo offices or the kosher Jewish supermarket, but sometimes the attacks are random. Consider for example the print works in Dammartin-en-Goele France where the terrorists took refuge and a hostage while on the run.

Your premises might be located adjacent to another organisations whose building is at risk.

There is also the risk of rioting and other action as people protest about the growing disparity between to elite 1% and the 99% general public. Some companies may be targeted if they are seen to be taking advantage of the poor. This type of action is not far from the surface. In the UK there were widespread localised riots in 2011 triggered by the shooting of Mark Duggan.

Employers have a duty of care for their employees. It also makes good business sense to also protect their company assets. Employers should each geographic location of their organisation:
  • Assess the risk of terrorist actions;
  • Plan for action in the event of an attack or hostage situation;
  • Document the plan;
  • Train and inform their employees;
  • Improve security;
  • Install measures to mitigate the consequences of an attack;
  • Protect sensitive information;
  • Plan evacuation and/or refuge;
  • Install methods to alert the authorities and senior management/owners;
  • Integrate with the company business continuity planning.
Action should take place now. Waiting until the attack takes place is not helpful.

We'll be producing a series of articles discussing the above list of points and they'll be published soon. If any of our readers like to see these articles, please add a comment or send us an email expressing interest

Friday 9 January 2015

Helping out - Google first page

We were able to give someone a nice Christmas Present. We helped them position their business on the Page 1 response for both Google Search and Bing. It is a small driving school which started business a few months ago. The proprietor is a friend of my partner. The proprietor was bemoaning the fact their business didn't show up in search results. 

Performing as an SEO (Search Engine Optimiser) is not our normal line of business. We are into IT Infrastructure and security, but we are aware of the principles involved in getting a good rating. We said we'd help this small business free of charge.

We showed them how to create a search engine friendly web site and how to lead the web spiders to crawl over their new site. We didn't perform any of the HMTL work, but showed them how to achieve the result themselves for just a few pounds expenditure. On Christmas Eve I was able to email them a pdf file showing a nicely positioned localised Page 1 response including them showing up on the map.

Their business can be found at  They've noticed an increase in enquiries. We're glad to of be assistance.

Update 12/Mar/2015: The business reports they are getting enquiries and business because of their top of page one position on Google. We're glad to have been of assistance.

DHL Courier lies

We had someone assigned and waiting in the office today for a parcel delivery by DHL. It didn't turn up so we checked their tracking site. The courier claimed "attempted delivery no one at home". Unfortunately for this driver, at the time, we had someone overlooking the doorway where the attempted delivery would have taken place. No one turned up. We checked our surveillance video; no sign of an attempted delivery. The intercom/door bell works, we'd checked it.

Sorry DHL, you don't get the prize this time! In fact one of the the items in the package was a birthday present for a member of the House of Lords in the UK Government. Not only did you fail to deliver, but you attempted to lie about it.

As always we always punish corporate misdoings, but losing the support of a member of the Government is even more unwise.

Update:  Mon 12th Jan 

- Despite our Company Secretary spending about 20 minutes on the phone to DHL, on Friday explaining that their driver hadn't called at our place, they still haven't corrected the status on their tracking website. The lie persists. It is still shown with a status at 14.32 as: 

Waybill 1851252760 "Delivery attempted; recipient not home"

This means the failure to deliver is not recorded in their system. I wonder if they have any systems in place to identify drivers who may have consistent failures?

Apparently the package will be delivered some time today, but they cannot predict when!  So we have to have someone waiting around all day on the off-chance that DHL might deliver.  I wonder why they are unable to predict within an hour that a delivery will take place? I know their competitors can provide such service.

Update: Tue 13th Jan

A response received from DHL customer services to the effect they are unable to correct their records in respect of the misrepresentation by their driver. They clearly have no intention of creating correct records of their (poor) service.