Monday, February 04, 2013

Security

I've just been working through my annual security assessment. An online series of case studies and questions to help me be more secure at work. I enjoyed it so much I thought I'd write some questions of my own.

You print out a database of people's names, DOB, their mothers maidenames, their home address, bank details and name of first childhood pets. You leave it on a bus by mistake. What action should you take?

Cover it up, don't tell anyone. If it gets out blame the trauma from loosing your first childhood pet. Tell them god told you to do it. Tell them you can see dead people and rats crawling over your body. What ever you do don't admit you're *That* stupid.

Ask yourself if you're happy in a job where they pay so little you have to take public-transport every day and yet forced to work from home.

Report it to HR so the people can be contacted and advised to have their mothers maiden names changed by depol, in fact their first pets names should also be changed and perhaps they should move.

You are leaving the office and someone is entering the building without a pass. What should you
do?

Let them into the building politely. No body likes to be rude right?

Get all up in their face and challenge them. If they can't produce a pass or explain exactly why they are here then mace them in the face with pepper spray.

Get the hell out. They are clearly a terrorrist.

You are in your office working on sensitive information. You need to go to the loo. What precautions should you take?

None. You work with trustworthy people because your company isn't run by dicks.

Password protect your screen, bolt your laptop to the desk. Ensure all your stuff, including pens (they cost money you know!) are locked away in a secure vault which only you know the twenty didgit combination.

Tell a colleague where you are going and give them a time you'll be expected back in case they need to inform security of your kidnapping.

You are on the train and take a work-related call. Which of the following are true?

You could divulge sensitive information. Everyone around you are potential spies. The government is watching you. They are tapped into your phone. That van outside really has been out there a long time.

There are no risks, as long as you use a pre-agreed coded language that only you and your colleague use. Some people think they can get away with speaking Klingon or Welsh but unfortunately a few thousand people in the world can speak this and they are probably all sat next to you on the train right now taking notes of what you are saying. They are basically employed to spy on you. You are not alone. Big brother is watching!

Go into the loo to take your call is more secure. The over-whelming stench of piss and that used confom and/or needle are a small price to pay when you're telling your colleague you'll be ten minutes late for the meeting. Remember, you ARE being followed and the information you are discussing could affect you and your organisation.

Which of the following statements are true?

All documents must be shred and properly recycled by professionals. You cannot take shredded paper home to use as hamster bedding as your hamster may be exposed to sensitive information.

Your bin, at home or work, is not secure. That feeling you are being followed when walking home at night is not in your head. It is someone waiting for you to throw sensitive information into your bin.

Documents are more secure if they have the word PRIVATE or CONFIDENTIAL stamped across them. If you see these words you will imediately stop reading because you know you would never read things you weren't meant to read.

Tuesday, November 06, 2012

Gov.uk - one website for all UK government digital services



"One Website to rule them all,

One Website to find them,

One Website to bring them all

and in the darkness bind them"





The UK Government are shutting down all departmental websites including arms-lengths-bodies (you don't use the word quango anymore) into one super-site. The question is... will it be super?  
As I often do, because I'm lazy, I've chosen to point towards someone who's said it far better than I can:

Rory-Cellen Jones wrote for the BBC:

"Can the government run one decent and cost-effective website, which gives customers speedy access to vital information and services? Unlikely, you might think given a track record of over spending on far too many sites that deliver a poor user experience at a hefty cost.
But today sees the launch of www.gov.uk which seeks to change all that. The vision is of one website to rule them all - or rather a single destination for the government's customers rather than more than 400 different addresses spread across the various Whitehall departments.
If this is to work it is going to need a change of culture, from one where the government viewed its web operations as something to be farmed out to some giant suppliers and forgotten, to something far more responsive.
When I visited the Government Digital Service - now in charge of this operation - there were some encouraging signs. At first glance the office appeared to be awash with T-shirts and ponytails, more like a technology firm than a government department, though with much worse coffee and no free food."


In theory it's a great idea. One place to interact with the Government... that means you can renew your passport, driving license, collect pension, do your tax, renew your tax disc, etc online in one place. Businesses will similarly be able to register their business, get all the permits they need to run their business, check export/import rates, etc.

Anyone who's tried to renew their driving license online will know how painful it is to have to register for a Government gateway ID and follow the process to completion. It's doable, but not intuitive. As a starter I hope that activities like this will be simpler yet still secure.

I think this site will fail for users who don't know what task or info they need. There are heaps of random pieces of legislation and guidance out there for businesses and public alike. If I'm specifically searching for something, like renewing my driving license, that task is easy to find... but what if I'm a buiness, legally required to hold permits X, Y and Z? There are many activities and pieces of guidance for business and public, regulated by various Government bodies, that people simply don't know are there. Unless I search specifically for something it's hard to find what's relevant to me... as the Gov.uk site grows these lesser known bits of information may become more and more lost.

In theory the idea of Gov.uk is great; one website to rule them all.

We'll have to wait and see what the reality is. It'll all be down to how robust the architecture turns out to be and how good the content is. It'll also be down to how efficiently they continue to improve the site and how much support they provide the 400 departments and agencies that will now be feeding into the site. They've adopted an agile methodology; if they continually invest and improve this site then they've a fighting chance but it's a mammouth task - the needs of the Police vs Defraa vs Natural England vs the Post Office vs the MOD vs JobCentre+ are all very different and the needs of the many many different customers will be massively varied. After all the UK is a very varied place.

Flood aware video

It's not often that I get to star in a video... and this is no exception.


I recently got involved in producing a video for the Environment Agency to raise flood awareness. It's all about how quickly floods can happen and how you need to be prepared.

Can you spot me in the video? More importantly are you prepared for flooding... do you know if your home or work is at risk and what you would do in a flood situation?

www.environment-agency.gov.uk/flood 



Monday, November 05, 2012

Why big fat IT depts suck

"I'm sorry, the outdated browser you are forced to use won't support Google docs for much longer. We know this makes your job easier but we've just upgraded you from IE6 so be happy with that. Please check back in 10 years for the next upgrade"


"The simple project you have proposed will cost £100K more than it would in the real world. We have taken 6-12 months to tell you this. We will take another 2 years to implement it by which time the project will be redundant and technology will have superceeded it by at least 4 years"

"Thank you for calling our support number. Your call is very important to us. If your problem is urgent try emailing our support address blah@blah.com. We aim to respond within 48 hours."

Do you work for a large company with a frustratingly slow IT department? Why is it that these departments seem to have unfathomably slow processes and a complete unwillingness to be flexible?

One of the most frustrating parts of working for a big company has to be the lack of control that you get when trying to interact with your own IT department. Even as a digital expert you are assumed to be IT illeterate and your computer is locked down to the lowest common denominator level. A level of assumed idiocy that even a monkey, bashing away at your computer solidly for a year, would struggle to do anything that would break the system... except that the reality is that most common error occurs when the poorly executed security controls placed on your machine bugger things up again and again.

It's pretty established that a lack of control in any situation increases stress. This is particularly true in the work place and very true when trying to use my computer on a daily basis.

The big issues about trying to get a project off the ground only to have it shot down based on rediculous cost are bad enough (why are we told that to change that sentence will cost £30K and take 6 months to implement... an inhouse developer could do it in 10 minutes and have time to make a coffee).

It's the little things that really bug me, for example, I can't:
  • Use a browser other than IE8
  • Use a USB stick without encrypting it
  • Leave my computer for more than 15 minutes without it powering down completely
  • Have more than 100mb of emails
  • Organise icons on the desktop. Make things ordered and tidy
  • Clear my cache
  • Set a screensaver
  • Watch a YouTube video, check my personal email or cheer myself up with Lolcats
It's just frustrating. Perhaps if I worked in that department it would make sense. I'm sure there are strong reasons to outsource everything and to make everything stupidly secure. I can see why everything should be tested thoroughly but then again perhaps if more was in-house we could fix and respond to things more quickly. It probably is easier to have an army of first-line gerbals providing technical support (but it would be nice if they knew more than how to click the start menu).

Even if nothing changed it would be so nice if it didn't always feel like "us vs them"... we do work for the same people with the same objectives right?

SIGHS!

Monday, October 22, 2012

10 useful usability findings and guidelines

I've just discovered this Smashing Magazine article on 10 useful usability findings and guidelines.

I'll be referring to this again for sure.

In short they are:
  1. Form labels work best above the field
  2. Users focus on faces - and also look where faces face
  3. Quality of design is an indicator of credibility (users judge a book by it's cover, shit design, layout, consistency, typography, errors, typos, usability, rate of update erode credibility)
  4. Most users do and don't scroll - read the article, it makes sense.
  5. Blue is the best colour for links
  6. The ideal search box is 27-characters wide
  7. White space improves comprehension
  8. Effective user testing doesn't have to be extensive (5-15 people)
  9. Informative product pages help you stand out
  10. Most users are blind to advertising (or things that look liek advertising)

Click here to find out why you should never use click here

One question I'm frequently asked by publishers and people who generally want to revise their "bit" of the website I mainly work on at the moment is why can't we use phrases like "Click here" or "Our address is shown below".

It's sometimes hard to explain but this article from Smashing Magazine sums it up nicely; which I've further summarised below as:

  • Click here emphasises mouse interaction (press here is more apt for a touchscreen, press enter here perhaps for a screen-reader?)
  • Click means nothing if you're using a screenreader which reads links in isolation.
  • Links should tell you about their destination / behaviour - "Click here to download pictures of naked ladies" vs "Download pictures of naked ladies".
  • Not using click here can help you simplify your links - "Click here to see Hugh's photos" vs "Hugh's photos"
"The challenge is to make your links communicate “click here” without actually saying “click here,” and there are many ways to do this. It will take some thought and effort on your part, but in the end, users will benefit with a better experience"

Wednesday, March 07, 2012

OMG Shoes

"Liam Kyle Sullivan is the director/performer behind LiamShow.com, a collection of funny short films created by and starring Liam. In late 2006, Liam's musical comedy video "Shoes" went viral on YouTube, spawning hundreds of fan remakesand launching Liam's character Kelly into internet stardom. Shoes was selected as a viral video to watch by "Entertainment Weekly," was chosen as one of the top 10 videos of 2007 by YouTube, and went on to win the People's Choice Awardfor "Favorite User-Generated Video" in 2008. Time Magazine listed Shoes in their top 50 YouTube videos of all time."





"Liam's video Muffins, a commercial parody, has become another YouTube smash, with his original posting and fans' re-postings of the video combining for over 20 million views. His follow-up to ShoesLet Me Borrow That Top, in which Liam plays five of the main characters, was nominated for a 2007 YouTube Video Award in Comedy, and has received over 15 million views."


The Liam Show is absolutely freaking fantastic. There are plenty of guys who do a bit of drag out there and post it on YouTube. This guy isn't one of them, he's created League of Gentlemen esque characters on a tini-tiny budget and been lucky (or savvy?) enough to capture the a massive online following via every main social media channel out there:

His main character is the awesome "Kelly" with the brilliant catch phrase word "Betch" and "Such a deck". However, there are brilliant secondary characters played by him such as the mother and other spin-off characters such as Kelly's awesome friend Heather (she's a vampire). 



So the dude amazing use of social media - but the main thing is he's fucking hilarious!

My new shiny

This is mostly a test. I'm writing this on my new Galaxy sii, which I chose because it was cheaper than I phone and also I wanted to try android out. So far I haven't found myself wanting. indeed this phone seems to be able to do anything that's an iphone can do and more. tony I'm trying to dictate using the microphone function as you can see it thanks tony is a good substitute for currently. still I'm rather enjoying the voice recognition feature. Then using swipe as an alternative to the normal iphone way of typing is great.
the thing I love most about the samsung galaxy s2 is that it offers you choice and customisation.