Mobile mobile everywhere ...not an app to blink.... :-)

Today, I made my Nokia E71 crash or hang. I'm capable of doing this to any phone and I have done this to multiple phones that I owned. Not intentionally. As an ambitious user, I load a lot of widgets and apps on my phone as I have practically given up using my laptop for my daily activities. However most apps don't work on all published features. And most browser based apps don't render properly on the mobile screen because...yes, they have either not been tested for mobile platforms or not been designed for them at all.

That got me thinking. Can you believe that 47% of apps are accessible or available on the mobile as well according to a study by DataCorp? Thats an enormous amount to be left untested or partially tested.

What challenges does mobile (as in cell phone) testing involve?

1. Multiple Operating Systems - Win Mobile, RIM, Symbian...etc

2. Great variety of handheld devises (all of which cannot be practically emulated by testers)

3. Rich UI, rich media such as high res images, video streams, Ajax based animations are not implemented for low memory, low processor systems such as mobile phones

4. Form Factors are different

5. Users can switch languages - for example Japanese use English for business bt switch the skins to Japanese for every thing else.

6. Carrier speed, carrier frameworks vary

If the dataplan does not allow video streaming, then does your software detect that or does it make to and fro requests to the server in an end less loop (aka. hang ;-)

I'm researching to know if mobile test automation (or test automation tools devices for embedded in a broader sense) has matured?

Until then,when in trouble reboot the phone.

Mobile Number Portability coming

It looks like we in India can keep the same mobile number even after changing providers.
Syniverse & Telcordia to Provide Mobile Number Portability in India


After having suffered many times by incorrect billing, I'm anticipating the following:

1. "Sir, we don't know why this charge is added in your bill Sir. Can you contact the other provider?"

2. "Sir, our billing systems are yet to be integrated and upgraded Sir. meanwhile can you please pay the bill to avoid disconnection? "

3. "Sir, We have two database records showing against your number Sir. Can you please send your name proof, address proof and birth certificate so that we can ascertain your identity Sir?"

4. "Sir, this is the right PBX number. However our calling system can transfer your call to only the old provider Sir. ...Sorry sir - we don't know the new provider's phone no Sir"

5. "Sir, we have miscellaneous charges. Your old provider had Other Charges. Now we have clubbed both and added a surcharge to make General Charges Sir".

6. "Sir, we understand your concern. But you downloaded an email from 399 plan on your old package Sir. Now since you have downloaded another email from default program of 899 plan, you are required to subscribe to new plan of 1999 Sir. No Sir, our systems are programmed this way Sir"


Okay, here's the actual news:

from IndianWeb2.com - Web 2.0 and Technology Startup News and Reviews by Vardaan
The India Department of Telecommunications (DoT) has selected Syniverse Technologies and Telcordia Technologies to implement mobile number portability (MNP) services in the country.Noticeably both of the companies are US based.
Syniverse is a business and technology solution for the global telecommunications industry, headquartered in Tampa, Florida, USA the company was awarded a letter of intent to provide India’s telecommunications operators with number portability clearing house and centralized database solutions for the next 10 years.
Telcordia on other hand is the world’s leading provider of MNP services and has solutions deployed across nine countries, including the US, Canada, Egypt, Greece and South Africa.
Because of the project’s enormous scale, the DoT divided the country into two geographic zones for number portability implementation, each of which will be handled by a different MNP provider. Each zone is further broken down into 11 service areas that represent cities within the zone. Zone 1 will cover the northern and western regions of the country, while Zone 2 will include the south and east.
Syniverse was selected to receive the license for Zone 1, which includes the service areas of Delhi, Mumbai, Maharashtra, Gujarat and seven others. The MNP implementation will first focus on the larger metropolitan service areas before moving into the more rural locations.
As an operator-neutral third party, Syniverse will maintain an accurate, rapid and seamless number porting process for both Indian operators and their subscribers, facilitating the transfer of telephone numbers when subscribers wish to keep their numbers when changing from one operator to another.

Storage (Part 2)

You can do even more soul searching by calculating how many real filing cabinets those wooden or steel filing cabinets, cup boards and carpets) are used for storing documents and also calculate time for searching, retrieving, shipping, photocopying etc.

Information Life Management is a key evaluation criteria for data centers and other storage management services. ILM essentially values your data for currentness, accessibility, need for availability and various other parameters and decides if the data can be moved to lesser expensive systems. Most documents, other than those needed for litigations and legal requirements, tend to lose their value over time and can be very well managed to lesser expensive storages such as tapes.

Sample companies that sell ILM solutions are EMC, IBM and Sun Microsystems.


De-Duplication and Compression : De-Dup is a commonly used jargon now and essentially involves using certain data identification and comparison algorithms that will identify all the copies of the same document lying in the data store and create a ‘single instance’ of the document without affecting the accessibility of the document. De-dup is expected to reduce data from 1/10th to 1/100th depending on how granular and identifiable the data itself is. De-Dup also can be deployed on almost any storage type – primary storage, virtual environments, network accessed storage, archives, back ups etc.

Sample companies that sell De-Dup solutions are EMC, Permabit, NetApp and Symantec.

Data Compression has been known from a long time from the simple .zip, .tar to sophisticated techniques that reduce data storage from half to as much as 1/200th.
However there could be performance and operational issues with frequently accessed documents and hence this needs to be balanced with the overall information life cycle policy of the organization.


Thin Provisioning : I call this the just-in-time storage. While logical capacity is allocated to applications upfront, the actual physical storage is allocated on demand. This gave the storage administrator more power to juggle the resources and also increases utilization dramatically. This is still an emergent technology with less than 5% penetration. However with more and more storage devices becoming ‘provisional’ there is hope.


MAID: Massive Array of Idle Disks. The key word here is idle disks. It sounds so synonymous with my maid at home who stashes all the infrequently used stuff up in the attic. It's altogether a different matter that I will never be able to search the attic because I don't have an ILM on top of the attic!

Just like how infrequently accessed documents can be kept ‘away’ for efficiency, MAID is a storage technology that keeps inactive disks from spinning. This results in very good power savings and can add a lot to cost savings if this is configured with low cost SATA drives. Again, an intelligent policy is necessary which otherwise can increase costs due to unintelligent access management and data residing on exactly those disks that are marked for rest.

FCoE: Fiber Channel Over Ethernet is an emerging technology that essentially drives a standard protocol over Ethernet. I don't really know the industry benefits yet. However no need to lose one’s sleep on this now since if this change happens it will be big and wil ensure there is a critical mass to take it forward.

Sample company that is already into this is Cisco.

File Virtualization technologies: This technology ensures that name spaces are created for directories and file servers across network access storages and devices irrespective of operating systems or platforms. The business impact of this is ease of administration, costs saved from management and storage tiering, costs saved from managing multiple environments and many other costs associated with general virtualization technologies. I will talk about security of this separately.

Go-Green: While the first motivation to go digital from hard copies should be the trees we save, we can go a lot more green by employing intelligent storage technologies that can save power consumptions and reduce e-waste. So, Go-Greenest should be the motto!

Storage Devices (part 1)

1. Data that is being created and stored at is progressing at an insane pace every year compared to the previous years. The number of movie DVDs that are produced world wide is in billions. The images captured by world population on their cameras, handy cams, mobile cameras amount to tera bytes of data. The emails received in a day (or sent in a day) runs to 200 billion from about 1.3 billion email users including spam.
   
   Scary? It is easier to imagine this for a digital image consumer. On an average a photograph is seen 0.2 times in a person’s life time from some studies conducted so far. So, if a lay person captures on an average 20,000 photographs in his or her lifetime, he or she will actually view only about 4000 photographs. The rest are just stored and archived and migrated from disk to disk and converted from format to format until it becomes e-waste the next century.
   
   For corporations, it is even worse and a nightmare! While the data retention requirements are growing with so many compliances and regulatory requirements mandating that, the corporation also has to manage the costs associated with it and even bring it down while increasing storage. Nice problem to have, huh?
   
   Storage technologies have progressed greatly and are trying to solve the storage efficiency problem while security companies are getting to solve the issue of data protection, encryption and compliance management and Search Engine Optimization techniques are driving search and hence cost efficiencies.
   
   A simple method of knowing your cost drivers would be to collect survey results with following questions.
   
   How many employees store and retrieve documents over network as well as local disks?
   How many seconds or minutes per day does each employee spend searching for document (not searching for information)?
   How many seconds or minutes per day does each employee spend recreating documents that a quick search did not provide?
   How many seconds or minutes per day does each employee spend recreating documents because the original was deleted or is inaccessible to him or her?
   How many seconds or minutes per day does each employee spend trying to find the latest version of a document stored on local media or networked shares?
   
   
   This is just tip of the iceberg!

Betting on my memory!

Yesterday my bank again asked me to identify myself with the security questions. On answering the three of them correctly (not easy at all which I will tell you in a minute) I was asked to choose a different set of 3 questions from 5. It makes you laugh.What were the questions: Roughly they were
-What was your grandfather's first name
- What was your first bike
- What was your mother's maiden surname
- Which was your first school
etc etc.

What's amusing about these are couple of things. One, the questions themselves are 'spoof'able which means a hacker can create these questions with fair predictability because more security based checks use the same question bank.

Two, most of my close friends or cousins who knew me from the last 25 years will know the answer for all these. So, it is easier to regenerate and hence hack my password than guess/break the password by brute force!

While multiple layered checks are touted as additional security, the layers are as strong as the weakest link.

Some of my other accounts allow me to choose my own questions. Now there are isues there as well. One, I need to choose those questions for which only I know the answer. I need to remember the spacing, the acronym and if the answer is in my native language then remember the phonetics as well. Now this is betting on my memory too much. Given the fact that I hold at least 5 online accounts how many answers can I remember?

And if I forget my password after 3 years, I may not even remember the answers to my self generated questions.

Security and convenience never go hand in hand. Fortunately I'm too small a person for someone to hack.

Personalization of mobile

Guess how many applications I have and regularly use on my Symbian based Nokia phone?

- Outlook synced email service

- Reuters news on Business, Sports, Technology....

- Flurry Mail to get the quick views across my Yahoo mail account, Gmail account etc etc

- Flurry Feeds to get me regular RSS for cricket scores to technology scores

- Gmail for mobile

- Mobi Reader to read documents in mobile format

- Various widgets that gadget freaks ususally have.

Going forward, Personalization of the mobiles is where the money is.  The need would be more on functional parameters rather than heavy graphic based simple applications. For example, research suggest that the mobile market will grow to 4 Billion USD in the next few years.

However there will be a change in the portfolio offerings from mobile providers dictated by consumers.

- Most of us would lose interest in that Britney or Aishwarya Rai wall papers or posters. There is nothing dramatic in wall papers today compared to what it was four years ago. Today one could store any picture, perhaps taken from one's own mobile camera as wall paper.

- Ring Tone.  I do remember, about 4 years back, when I tried to compose my own ring tone. I was fed up with the standard Nokia tunes and my handset had an application that would convert standard frequencies (denoted by keyboard characters) into a tune. Being an Indian classical enthusiast I had composed a tune in standard Mohanam and my husband did an even better job of composing it in Kunthala Varali.  However the purpose of a personalized tune was this - the tune had to be distinct for one to recognize it in a crowd.

Today, any audio file can be converted into a Ring Tone.

- I have heard of Ringback tones and I think this is very attarctive and 'hip' for the next four years.  A Ringback tune/tone is what would be played by the receipient of your call.  Other than the usual touchy-warmy uses of a personalized ringback tune one can also use this for functional purpose I guess.  I would love to call my kids with a ringback tune 'Have you completed your home work' ? I think there is some money here to be made.

- I think the most flexible and useful feature would be SMS for a long time to come. It is non intrusive and very effective. One can use this almost for anything - collaborative applications can use SMS as text interface, document writing, getting scores, voting, applying leave, sending a build for compilation.....it's versatile.

- There will be more interest in Video blogging and video watching via Mobile. However providers (atleast Airtel, BSNL) should provide higher bandwidth for premium subscribers. If infrastructure (read bandwidth) is not improved, no application or feature will work effectively or earn revenue.

So, what are we looking forward to really? A highly personalized phone almost like your pet dog without which you would get withdrawal symptoms :-)

Cloud Computing and My Obsession with it

Cloud Computing and my obsession with it.

Part -1:

I like anything that does not bind you to a certain framework or thinking while you keep evolving your own, configurable set of values deriving from various sources. Most of our lives, just like what Robert Pirsig says in ZMM, is like a Chautauqua.

Cloud Computing is a refreshing bout of fresh air for the bound, hostage, clustered society who want freedom! Okay ‘ll stop my rhetoric and begin with the basics. My obsession with this started a year back and one of my most fundamental questions was ‘How does this differ from Grid Computing and utility computing’? The following paragraphs specify what I have understood so far as the cloud’s evolution and are by no means that of an expert. Only amateurists travel by Chautauquas.

The first thing I identified within cloud computing is that it feeds off virtualization. Now that’s a big difference. Earlier we had cluster computing, similar to what Google did about a decade ago wiring together many small computing platforms and PCs to make ‘one big’ computer. Google has the best of minds working for them and they could aim for such a thing. But companies whose competencies were not from parallel processing or distributed computing had to adjust to buying mammoth super computers or hand over the applications with proprietary OS, applications, configurations to big data centers such as Rackspace in return for a hefty monthly fee. With virtualization around and the Hypervisors and ESx servers in, we are already looking forward to reducing the cost f computing, forty percent of which is power consumption alone not withstanding the associated niceties of freedom from maintenance and freedom from higher costs of ownership.

However I again thought that cloud computing services are largely storage providers. I had questions about how they distributed data management, security management, access provisioning. With memory and hard disk prices coming down at a rate that internet bandwidth is not able to catch up what would happen to massive storages across the world which would effectively hit the bottleneck when the data is transported across the world via cables? Will companies take the risk of cables being cut during a war or a natural catastrophe? The human tendency is to keep your secrets closest to you!

I checked on how services are offered. While I give specific details in my next blog, I roughly found that prices were based on one or more of these combinations.

- Number of database access,

- Network upload and download units,

- No. of instructions, TFLOPS and of course on the

- Disk storage.

A highly evolved provider offers a lot more services on mashup services on top of these to the topmost provider on the other end of the spectrum who provides an entire virtual data center for you which you can drag and drop and edit using a virtual data center editor. Howzzat for technology enthusiasts!.

So what new jobs are emerging now? Well, soon the typical IT administrator will vanish and in his/her place we will have a highly analytical administrator who can calculate whether the applications they want to cloud-source is more DB intensive or disk intensive or I/O intensive J. You always need to know the basic computer architecture and there is no running away from it.

Similarly the best programmers and designers would be those who can write applications or APIs that manages federation, data consistency, access controls, P2P and virtual distributed Ethernet.

In my next post (part-II) I will write about how I see different combinations of providers showing up which also is an indicator of how this technology is emerging.

Virtualization - hyped or for real?

Everybody in the industry is talking about Virtualization and it's somewhat synonymously used along with VMWare perhaps dictated by the huge market share that VMware has over the virtual market. Some of the obvious benefits talked about (and not really proven) are:
- 50-60% of the hardware maintenance costs are from energy costs and cooling. So with virtualization of those big mammoth servers we can save a lot of money. But from WHEN?

- Buy a really expensive VMWare ESx server that will run each as ten to thirty machines and you get a whole lot of savings with minimal administrative tasks, hardware cloning, no need to install and uninstall operating systems, no need to ghost image and everything will work like you have ten machines for each machine you have now.

The questions on a typical CTO/IT admin's mind would be -
- Well what's the cost of the ESX server? Greater than 15K USD?
- Well, what do I do with all the smaller Sun, IBM and HP servers that I have and what about the data center space and maintenance that I pay a fee for? Can I cancel my contract with the data center hosting company and just have one big ESX in my local data center?

- Will ALL my applications run on virtual environments? Very few applications are actually certified on VM and even fewer actually leverage the VM specific APIs.

- There is no miracle cure for performance. With a plethora of Load balancing software being sold for 'Virtual environments' it is obvious that performance will be a trade off unless ofcourse you buy very expensive hardware.

So I think, Virtualization is a very good thing to happen to the industry with it's third level abstraction of operting system layer. However, it is good factor for cost savings if the systems are based on an incremental model and not on a replacement model. If you are planning to setup new labs, new product systems, new network assistance then Virtual systems is the way to do.

Just see the various VM software / Hypervisors bundled with branded hardware now and that will say how much research and optimization is in the works. Even humble desktops are bundled with hypervisors. Intel has VT for its x86 architectured systems, AMD has something similar to Xen, Microsoft has it's own VM server software and I'm sure the HPs and IBMs are doing the same.

Old wine in a new bottle? But if you are planning to buy new wine, better buy the new bottle :-D

My iPod is a parasite

I didn't quite realize that it is three months since I blogged. It's very unusual for me. I got really busy at work with multiple products going into the market and the nitty gritties associated with those.

So, here's my thought for the day, month and the decade that iPod is going to dominate dumb minds. Oh yeah, I got cynical only after using the iPod. I didnt buy the iPod but got the latest generation device gifted by my brother and everyone on seeing that said 'wow'. I will tell you why it doesn't 'wow' me at all.

1. First of all, the iPod is a parasite. It clings on to the laptop/PC or that mother device and feeds off from it. Does anyone know of an iPod that can update itself without those cables?
2. I stopped using the laptop at home, after work, about two years back. I use my mobile for almost everything one would use for after work. Reading and responding to mails, reviewing document and even editing PPTs, setting, accepting or declining meetings, reading various web feeds, stock updates, political or economical updates and read news and sports. I even read all my spiritual stuff via my mobile. So when the mobile is the device of choice for the upwardly mobile and when the laptop is reaching a stage when it's going to be used only for serious, heavy duty work it appears strange to me that Steve Jobs and co. think that everybody would switch on the laptops and connect to the internet for the podcasts to automatically be updated? Integration is key to me and any device I use must be able to communicate with other similar devices that the user with the same profile uses. This profile matching has not happened with iPod. Maybe it's not meant for me but to a larger audience who value simple and traditional ways of updates.
3. The battery - if I forget to charge my iPod for two days, the battery is low. If I have to charge the iPod with power, I need that propreitary cable which means that I carry not only the iPod but also carry the long cables, travel adapters and what not. If only the cable was not propreitary I could have fed power off from any USB port. Devices should be flexible for use and not be monopolistic.

4. Sleekness and aesthetics. Okay, I concede here. However there are other sleek models out there in the market and you get sleek phone cum MP3 players which serve the same purpose of the iPod. Yes, I got the podcast software Juice and that automatically updates podcasts to my Phone or pendrive or any device as long as that is connected to the USB drive. My phone (used as a podcast player) can also update itself via GSM/GPRS. Checkout Nokia's podcast software for example.

Ahem! I'm not young any more and perhaps that has influenced my priorities. However, come on everybody, are iPods for Dumb college goers or for traditional heavy laptop users? I'm ofcourse assuming that iPods are used for podcasts. The case is worsened if it is used just for static music.

Google's mobile phone is coming

I have always been a fan of Google's innovations and I'm very excited to see this news: Google Enters Wireless World.

There's not much information out yet about what's going to be packed in the device. Knowing Google, I would bet that it will be simple, with a simplistic look and feel and packed with lot of functionalities. The news is that it's going to be packed with open source software and I'm sure it will have a great email service (client or hosted?) , great and simple document editors, collaborating tools and anything web 2.0ish.

What Google plans to do with mobile gaming will be interesting to see. According to Gartner reports, Mobile Gaming revenue has grown 50% (!) this year and is at 5 billion USD now. It's growing at an amazing pace and mind you, this revenue is largely out of revenue on product purchases and not around services built with that. Google also has noble policies on adult content and there's huge revenue on that segment which Google may not cover too much.

I hope that Google will displace the bully - Blackberry. I hope the proprietary technology is stashed away with and all office employees can safely, securely use their official email accounts via the Google phone and increase their productivity. And use SAME phone for other tools that they like depending on their personal tastes. (Read Opensource, Free sourced, Free Willed...)

Okay, if everything is open sourced and free, where does the revenue come from? We all know that Google can be innovative from that too :-)

Welcome gPhone .

Micro businesses and Web 2.0 as I see in India

I was looking at the trends of Micro Businesses across the globe (a Micro Business, simple definition is a business consisting of max five employees and largely caters to local market. It is smaller than Home Business), I came across a staggering list of small businesses - perhaps micro startups already leveraging web 2.0 in India. My observation could be slightly skewed as I relied largely on internet and there could be businesses in other geographic regions not linked to internet...but nevertheless....

Let me give you some samples:

1. Event manager on Mobile - nothing new, eh? Well sample this. While the general apps like this cater for events such as Meetups, Class Reunions, Dating etc, this is for largely indian events such as weddings, traditional 1st year birthdays, house warming ceremonies etc. I think innovations like these are very important and caters to the local market and has a great opportunity to grow. Wasn't Bharatmatrimony a big success? These event managers are installable on mobiles (I'm not sure which OS) and cater to address book, invitations, tracking of invitees, specific preferences, profiling, notifications.............etc.

2. The second one I noticed was this one. This was Video resumes on your mobile. Well, lazy (busy?) interviewers like me would love it. All that my recruiter has to do is upload these screened video resumes on to a calendar that I use and that is automatically downloaded onto my mobile using either push or pull mechanism. So, I just play the resume on my way to the interviewing venue and i not only get the usual details in a CV but can notice communication, presentation, body language etc upfront even before I meet the candidate. There is nothing specific here for India but I have a reason for this. 80-90% of hiring happens in India now for atleast IT companies!

3. Public examinations tutorials and quizzes on mobile for GATE, IIT JEE, CAT, UGC... and it's not just the lessons and tests, but these include wikis, chat rooms, social networking...I guess how much you can extend these functionalities is really up to one's imagination. Here was a real need by aspiring students, a real opportunity and a real market since almost every student aspiring for higher studies has a mobile handset.

In some ways, everybody wants to be listened to (translates the need to write a blog), commented upon and get a chance to improve or fine tune. I think Web 2.0 helps this need so much saying 'let's collaborate, your feedback is as important as mine' and this is a way shift from 'I know, I speak, you listen' of the older 'article writing ways'. Asians (Indians and South Koreans) blog the most or contribute to other blogs as per various studies.

I dread the day when pokemon web2.0 sites are installable on mobile and I really dread that day when kids will shift from the humble telephone to the mobile social networking site to discuss which pokemon has a fire attack and which one has a laser attack! Until then...all web 2.0 is welcome :-)

Wondering about Enterprise Mashups

About a year ago I did not know what enterprise mashups mean and I asked a friend. He said that it is mixing and matching different applications. I wasn't impressed because we have all crossed EAI era, now in SOA era and what is this new mashup - sounded like mashing up flour and margarine for the doughnut mix.

Recently I noticed a site that listed enterprise mashup tools. Big companies like IBM and SAP have already released early adopter releases and everyone is catching up on the web 2.0 fever. I read through the tall claims by all these companies and to me it fitted my ideal app pretty well. I wanted a mashup (for now I suppose it can be a portal web based and hosted or a downloaded rich client since I saw both kinds of tools) that includes news from my favourite news sites, information about my projects from within the company intranet (note this), occasional cricket scores, some funny dilbert, yahoo mail and google mail, my company mail and calendar :-)

To me, all the above listed in one mashup will increase my productivity because I don't have to separately logon and browse different web sites.

One of the tools was actually designed to work across multiple data objects across Siebel, SAP etc coupled with web 2.0 sources such as RSS feeds, services based on REST, maps, charts...etc. I'm not an expert and hence I struggled to create my app across different enterprise systems and that too within a firewall. I could not readily see how the mashup tools handles authentication and authorization leave alone later pain points such as compatibility, performance etc.

Another tool I tried just did screen scraping or web scraping. I could mention any web site or any news feed and as long as the content was available, the tool just siphoned that info into a mashup and created a mashup portal for me (WSRP? I don't know).

But the Ajax or Aflax? options that these tools offer are so beautiful. Now these mashups mashing up needs minimal coding but overtime we will have drag and drop and wizard driven mashup tools that will resolve various security, interoperability, scalability issues in the background.

Guess what? For people like who are not serious developers and who just want to do new things using tools which are 'simple yet exciting' these kind of new concepts and new technologies are absolutely great. Mashup for timepass!

Bill Payment Arthritis

I have spent couple of hours today trying to pay a telephone bill via the telephone provider's portal and these are the issues I faced:

- The telephone provider's portal has a prominent login button (with Signup) and signing up here/logging in here does not enable me for all services. For example, I can view the Value added services but not bill payment although 'Bill Payment' is UI-linked very close to the login button.

- Click on actual 'Bill Payment' link and I'm taken to a different site with the standard warning 'You are moving out of the trusted site with secure credentials...etc' and I wonder what has happened since I didn't log out.

- Next, I go to the real bill payment portal and from the URL I can see it is a different hosted site and I register/login once again. The password rules are different here (length of this password has to be 8 characters) while my earlier password to the apparently same portal had different rules with length/alpha numeric constraints. Nothing new here, so I proceed.

- Once I successfully login my Bill Pay portal, the bill is promptly put up (good integration with the database!) and then the next interface takes over. It looks like some kind of web service which displays all the banks that are approved with visa/master/diner card options and I proudly click my NetBanking.

- And now is the finale! I get an exception -" apache error - string out of length-10".
I forgive the site thinking perhaps the session didn't handle it well and again I go all the way back to my first page, login two times with different credentials and wait for the page to come up. With bated breath!

- Now, a different exception comes up - "Fatal error: Allowed memory size of 125829120 bytes exhausted".

- Now my son, aged 12, gives me an idea! Do it really fast - keep clicking all options as fast as you can and beat the time-out error. I laugh at that! What can a user do now other than perhaps dance in front of the computer to keep it in good humour.

I'm not sure if the Bill Payment test engineers tested much, but this is what anyone should test which I christen 'common sense tests'.

1. Estimate the number of users who would hit the site on an average and maximum (bill payment date). If there are 50,000 subscribers who appear in the log for a month, it is safe to assume 70% of the subscribers as maximum. I know that most companies don't have the luxury of affording a commercial testing tool that can simulate thousands of users and using an 'evaluation version' of a load tester does NOT give the actual picture at all. The results of the evaluation versions are not reliable and one has to find ways of simulating the no. of users by other means.

2. No. of users, no. of concurrent users, geographic distributions have to be tested. For example, Asia has about 300,000 million users while it progressively decreases for Europe, North America and becomes miniscule for Africa and Middle East. It is the not the % of Internet users that matter but the actual volume.

Account for latency tests from those demographic regions.

3. While ideally you will get marketing data about user behavior, how long a user's 'eye balls' are stuck to your landing page or how many times the same user might visit a typical category of web site, how many of us can afford the Forrester or Gartner report in terms of money or time? Rely on the good old fashion logs instead. There are open source based OLAP tools where you can create simple dimensions that you want to measure and run the logs through them. You will get a fair indication about user behaviour. If your company has a Tools Team, ask them to analyze for you. Base your tests on the data you get for your portal.

4. More often than not, like my Bill Pay application, each app is integrated (SOA) with another provider either providing a service or consuming or both and there will be standard SLAs for capacity and volume on both sides besides protocols, security measures etc. Check to have tests to see if the SLAs are defined as required by your business. It should have the right capacity planning.

5. Look for those pages or links or queries that are most accessed by users. A 'Search' or 'My Orders' is more critical than 'Customer Case Studies' from a performance point of view. Test and see if all parts of the portal have uniform performance problems or not. In technical papers, an often quoted line is this 'Run a mix of processing patterns and check the limits of infrastructure' :-). How's that for jargonizing!

6. Check for functional reliability - this means whether it is one user or thousand of them they can 'feel' the same for accuracy, security and ease of use and not broken sessions. I saw a hilarious note from a blog ( http://blogs.cio.com/node/228) that specified some rules that could affect functional reliability.

All traffic is encrypted. All fields that display sensitive information are invisible, unless you move the mouse pointer over it, and click (hold the click to see the info). All screen savers are locked on blank screen (no user customizable fancy-dancy screen savers) - and set at 1 Minute, maximum - no user ability to change / reset this. All user systems have USB disabled, no CD-ROM drive and no floppy drive. All passwords must be a minimum of 8 characters long, have at least 2 numerics, 2 symbols, 2 capital letters and 2 lower case letters. Zero repeat characters and no character can be used in the same position more than once in 16 months. Passwords must be reset every 28 days - no exceptions.


7. Last but not the least, examine whatever channels you have access to for 'unintended consequences'.

How a user did use it not to hack the system but to actually use it in some ways. When I got the string length exception in my portal, I wanted to somehow pay my bill. I googled for the error that said it happens with long named attachments. So, I set about looking for clues in the http path to avoid that. I couldn't hack it but what I'm saying is that a tester should observe a hacker/unintended user's behaviour and convert that to a test too.

Now, I sympathize/empathize with my Bill Payment portal. It was very kind to me! Tomorrow I will physically go and pay the bill!

Product Success Metrics

This is a general checklist about what to measure in order for us to say a product, as in a 'software product' succeeds. There could be various assumptions across the industry which finally boils down to these metrics:

Customers new and old

How many new customers are you acquiring per month? How many customers have canceled maintenance or subscriptions per month? This is not a direct metric of the product itself since it has other parameters such as Sales efficiency, Time to market etc. However, measuring this metric is key to product success. Even if customers are still 'in' and do belong to the client list, the degree of engagement is important to be measured.

Quality!

Yes :-) this is an often heard term but product quality means so many things to so many people.

Product quality should be monitored on an ongoing basis to make sure it doesn't become a serious problem. Set up a tracking mechanism with either weekly or monthly statistics with not just the number of defects but quality of the quality process itself. I have seen product heads just track the traceability from requirements to defects and nothing more. A well tracked quality system produces just the right metrics which would exactly show the quality health of the product.

For released products, technical support typically keeps track of open defects. As soon as a product is released, it is common for the number of defects to go up as more people use the product. If the quality is high, it should be a manageable number and should settle down after awhile. For unreleased products, QA and release management should maintain a strict vigilance on the numbers. If the number of open defects is not going down as the release date approaches, the release date is likely to slip. Obviously we want the Severity 1 and Severity 2 defects approaching zero as the release date approaches. Severity four "defects" are typically enhancement requests and are often ignored in terms of product quality. Yet they indicate areas where the product fails to satisfy the customer. Product quality is the best indicator of internal health of the product;

Technical Support

Product Management and Technical Support should work at tandem. Care should be taken that metrics are not tweaked for a lesser benefit. I have seen Customer Support increase no. of calls they attended by logging the same problem in different ways and product management trying to respond to multiple problems with a single statement of direction or FAQ that would portray them as having anticipated that as a known problem.

Technical (or Customer) Support already measures the number of calls per product and the nature of the calls. Product management should analyze these numbers to identify areas of that product that can be improved for a better customer experience. Are there problems with installation of the product? Is the documentation too hard to understand? Is the product too hard to use? By streamlining a process, will you cut down the number of technical calls? Review the number and type of calls for your product to uncover hidden profit leaks.

Product Schedule, scope and slippage

How long does it take from the time you define requirements until you have a finished product in the market? Keep track of the percentage of original requirement specs that get delivered as the final product. How many "out of scope" requirements were included? Do your developers have a clear idea of what problem to solve and for whom? The problem may be poor requirements definition, which you can control, or it may be scope creep which you need to communicate to your management. Report the facts and let management manage.
Pre-Sales and Sales' support

How many non-sales people does it take to support the sales cycle? It would be a great metric to know how much time is being spent by non-sales people on direct sales efforts such as demo support, conference calls with prospective customers, onsite presentations, requirements assessment, and other sales calls. Early in a company's life, people wear many hats and this is a common thing but as a company grows, product selling needs to be 'empowered' with the right sales kits and training. Sales personnel need to continously update themselves as opposed to just having client meetings and playing golf.

When non-sales people participate heavily in the sales process, they are not doing their day job. And the cost is rarely attributed to the sales activity; another hidden profit leak.

Ultimately, we want to build and sell products profitably.

Product revenue/profit

How do you know which products are worth investing in and which should be retired?

Sales should be able to tell you how much revenue is generated per product. In order to calculate profit, each discrete product (not product line) has a profit and loss statement tracked in accounting. Finance usually has these numbers but it is Sales' responsibility to provide the profitablity numbers to the top management.

Market share

What market share you have. By tracking this metric over time (year over year), you can discover whether the market is saturated or ripe for expansion. If the market is growing and yet your market share is shrinking, it indicates that another competitor is growing at a rate faster than you are. Getting this metric is the hardest among all metrics and not all survey agencies who do this provide reliable data for Sales. Many standard business analysts provide reports for the vertical industry itself such as Forrester, Gartner etc but again, each company has to investigate somethng that works best for them. And management must have the guts to accept the facts.
ROI on Marketing

There is a need for a closed loop lead tracking system that allows you to track activity from the marketing program that generated the lead all the way through to a closed deal. Are the right market segments being targeted? Do the positioning and market messages get a buy in with the buyers? Do you have a compelling solution? Is that packaged as a compelling solution?


And finally....

It's not possible to track all metrics at once, but determine the key performance indicators you need to start tracking. Report the baseline, begin tracking on a periodic basis, graph the trends, and drill down to find out what is going on.

Start with the metrics for customers and product quality. These are the first ones to tackle.
Calculate the profitability of your product. If you have a loss leader, can you justify further investments? Do win/loss analysis to find out whether your product is driving business, even though it isn't profitable. If it should be retired, show some leadership and present the facts about why it should be retired and how you would redeploy the resources in a more profitable way. There's noplace for personal attachments here! And no place for vested interests if you know what I mean.

Ensuring product excellence

By 'product' I mean a typical software engineering product within the IT industry. If we look at purely from the experience point of view it is not rocket science to achieve product excellence. However there are many ifs, buts and loose ends to take care of. Where do the loose ends lie?

Usually, there is a 'Vision' team and there is an 'Execution' team. Care should be taken that people with the right skills should be fitted within the right teams. For example, someone with very high qualifications from world's leading technical institutes may not necessarily be part of the vision team. It might be a worthwhile exercise to conduct an aptitude fitment test such as MBTI test. See who qualifies to part of the Vision/Strategy team. If we follow the balanced score card method of evaluation, the score table will point to those people who understand the industry dynamics, who have continuously tried out other products in the same league, understand the strengths and weaknesses of the competitors' products ('know thine enemy') as much as his/her own products and most importantly can provide an unbiased, devils-advocate kind of opinion when it comes to product strategies.

I have seen in well established product companies that the product marketing team is so soaked into their own products that they blindly evangelize it without working on the gaps.

The strategy team should also evaluate positioning, packaging, pricing the product innovatively and this should be backed by a lot, lot of research. Essentially this team is what will make the share holder value increase and if the guard from the hill top does not see the enemy marching through the terrains, the soldiers in the plains will see no attack coming.

Okay, what about the 'execution' lot? It's no inferior position to be in. Since the visionary team is not perfect, the execution team should have people who are pure managers as well as half-leaders and half-managers. The execution team will need pure managers to see if the product design is well done, if reviews are injected at every stage, if the risk is well managed at every stage, if ample automation is planned for building the software as well as for quality assurance. We need a balanced score card here too. Checklists will not work if they only track if a task was completed or not, if a review was completed or not instead they should track if a task or review was 'rightly' done or not.

And if there are hidden strategists within the execution team, they should be allowed free expression of opinions and should not be suppressed under multiple managerial levels. How often have we seen a brilliant idea or prototype by a junior executive, not well understood by his dinosaur manager.

So, essentially, the visionary team and execution team go hand in hand. They both are equally important and no one reserves to be within one team or the other purely by paper qualifications. It should be based upon the fire in the belly and on natural wiring of the individual.

Product excellence is a function of right vision and right execution.

I can't change my hair style! My biometrics will fail!

Alright, this statement is slightly exaggerated but only slightly. We might arrive at this soon.

If you are an avid internet surfer and a member of many web portals, just think about how many times you asked for 'Forgot Password'. It's hard on us. With all due respect to SSO, I need to memorize about 10-15 passwords and use a password manager (it's easier to crack the password manager utility than than password itself) and inspite of all this, I request for the forgotten password. Recently I read that 60-75% of the HelpDesk requests to famous portals are for the forgotten passwords.

Biometrics has made great inroads. Not that all laptops have that facility and it's specially not there with all the sales personnel in the world who travel with unsecured laptops. But if biometrics does become common place and wins the catch up game with the hackers, we might be in for some reprieve.

I'm particularly interested in how the face, finger and voice based biometrics work. Some of them have the multi layered verification system where there's registered finger print, the voice based pass phrase and then the password itself. However, as far as I have seen, you are again tied in or hard coded to the finger touch recognition software's provider.

With the face, it's trickier. There are supposedly technologies that will recognize the face even if the face dimensions change with a smile (don't smile ear to ear), frowning , blinking etc the risks are as much as that associated with regular image mapping techniques.

What if the face is posed at an angle of 15-20 degrees? What if the light is insufficient.

The most important thing to remember is the title of this blog - yes, face biometrics is yet to transcend the changes made by your hair dresser. It's quite possible that the world's leading hair dressers might register themselves in a face-provider registry and discovered by the web service out of face biometrics and your latest face will be sent in for verification.

How about using a string of regular passwords as in older times ;-)

Can 'My PC' be presented to me same everywhere? Trends for Mobile Computing!

It's been funny - the whole change in my gadget setup from the last few months. I took a fancy to those laptop ads on a TV where a funky haired guy sits in a beach and laptops his way to work. I was obsessed about buying a light laptop, the lightest in fact, which I would connect through wireless connectivity from anywhere at home and work from that. It could be from the terrace staring at the moon and stars, or lying down on a heap of pillows with the laptop on me. Yeah, all this worked and how! Until I found this new piece of software (mobipocket) that gets installed on my mobile and does practically everything. Now my whole paradigm of working has changed. I use only my mobile to read news in the morning (downloaded as RSS feeds from the news site)- my family is very happy about this because we don't fight for the early morning newspaper anymore, read the latest technology, business and Scientific American latest posts on it. I also religiously download the technical documents I need to review as part of work - functional specs, technical specs, SOW, contracts ....what not in a mobile optimized format right on my mobile. I review these documents at night with reading lamps off, without disturing anyone....man, what a change! As you have guessed it, I also download fiction, non-fiction works for reading and I can read a whole book at night without switching on reading lamps and being a nuisance to others.

Mobile-ing of documents, mobile-ing of news, mobile-ing RSS aggregation has changed my life.

My wish list would be like this:
- Single Sign On from my mobile to a range of sites, to VPN of my office network
- A more reliable VoIP calling service that I can use for conference calls across the globe (my OS is Symbian and Skype yet doesn't work as expected although Google's gdskype? has something similar)
- Email profiles automatically maintained from my email provider. For.e.g. I want only certain emails to be delivered or I want all emails that meet a criteria to be made color=RED on server side, desktop-client side and mobile
- User profiling and 'My Documents' implemented for 'Me' across any device. For e.g. if a global SAN is maintained for me as an user with my documents (just like email - could be presonal, work, music etc) then I can access 'My Documents' from anywhere via any protocol.
- LDAP - Global address book with appropriate rules for categories and grouping rules
- Imaging or something like imaging. For e.g., if I'm at SFO airport trying to access my mails and documents, can my 'image' of my folder structure, my documents, my profile be automatically configured on the go so that I can work on my environment even from airport terminal.
- Hack proof methods

WDYT?

Data versus Information

I was recently searching for foreign exchange rates on a particular date for the purpose of filing my income tax returns. I searched Google and other search engines for 'currency rate', 'exchange rate', 'currency converter','foreign exchange rate' etc and tried to use all the usual terminologies associated with it. I could not get the result I wanted. I was a dissatisfied customer of search engines. Then, I did the linear search - going through the forex sites, Reserve bank site etc one by one and bingo! I found Reserve Bank's site with exchange rates for every day for the last few years. And I noticed that it was tagged as 'Reference Rate'!

Do you get my problem, rather a search enthusiast's problem? While search is based on the keyword, the keyword itself may vary depending on the searcher's profile such as regional parlance, educational levels, professional levels etc.

While a layman would search for 'salary difference', a HR pro might search for 'salary gap analysis'. Layman- 'How to get modem working', IT pro -'IP configuration'.

So, jst like there's a difference beween what you seek and what yu want, there is a difference between Data versus Information. Data is raw while Information is contextual (apart from being analytical).

While providing information from raw data, it is a good idea to look at following thumb rules:

- User profile, what kind of user is asking for this.
- User Topology and demographic information
- Automatic learning by the information classification system. e.g. collections or business rules should be dynamically changed as the system learns more and more from the information
- The learning itself is automated by a good business intelligence and analytics tool
- User experience management - this is a big discipline. In short, monitor how promotions were effective, how good merchandise interfaces are being used, how relevant offers are based on user identity etc.
- User context is always maintained and continously evolved. One example for this could be that if a user is found to search for certain terms in the legal profession and the same user is searching for certain terms in Advanced Robotics, then the system can 'learn' that the user is a well read person. Similarly if a user is always typing with spelling errors and searching for typical teenage non-intellectual subjects, the user can be put into a collection of casual not very well informed users.
- Similarly Reports that contain information should be based according to context.

It's probably the next 'in' thing within Search and other information retrieval systems for laymen.

The insured testing professional

Have you ever interviewed 'Testing professionals' whose resume has everything under the sun under testing? While there are exceptions, I have most often seen people who appear for a testing job unprepared for a technical interview. They could answer any number of 'process' or theoritical problems such as what is a black box testing, or integration testing, regression testing etc but when you drill deeper into solving a day to day problem they cannot respond very well.

I'm wondering if it is a chicken and egg problem. The process of quality assurance is not the first in the software development cycle. A test spec often always follows a requirements or functional spec and at that very stage, the tester transforms to someone who is supposed to follow or validate what the developer thought of. Is the test spec always limited by the functional spec's scope? Are we creating/developing testers who just need to validate and need not really invest in understanding the latest technology trends, the latest product vulnerabilities?

Let me give couple of examples.
Ask a question about how would the interviewee test a simple web application that submits a form with two simple fields 'name' and 'address' to a repository at server. More often than not, 90% and above, you will get the first response as UI testing. 'Validate the input fields', 'check for input length' 'check for special characters'.... well, any tester is supposed to have already known the kinder garten stuff of testing. Okay, dwelve a little deeper, ask him/her that you want the interviewee to provide functional examples and bang will come the reply 'check the database and see if the input entered via form is updated properly'. Ask him/her 'do you think data can be entered by other means and you should ensure testing for those conditions', again bang comes the reply 'well, the form should have strict validation and from the server side the database administrator should take precautions'.

I'm yet to see testers talk about vulnerabilities in authentication, input filtering, SQL injection, transport security, error handling etc.

I hope I'm proved wrong. I think 90% of testers are people who do what they are asked to do and the functional spec is an insurance for them against customer defects or hacker attacks.

Check it out - ask an interviewee next time 'How can my Forgot Password feature be exploited'?

False Positive Emails

Today I dug out a very important email from my mailbox from the SPAM folder. As I had guessed it, it was 'False Positive Filtering'.

In the simplest terms, False +ve emails are those which should have hit your inbox but the spammer algo with your email provider thought it was a spam. So, how does this work? Usually most sites such as Google, Yahoo etc keep their spammer rules very secretive for security reasons.

Common possibilities are these:
- When the email's HTML contains links to images with names remotely suggestive of porn stuff
- Many spam emails ask user to explicitly click on link 'remove me from this list' only to trap their email and domain names to send more spam. So, sometimes, even genuine emails with 'remove me....' can be considered spam
- If the sender's email domain address does not match the 'From' string. For e.g. if the mail says From: Income Tax Dept' and domain is 'gxbvghh.com' . Sometimes genuine emails, which are sent as mass mails using a 3rd party provider can get flagged as positive.
- Suggestive attachment names

Interestingly there is a metric to measure email deliverability and one of them is to reduce false positive emails. I believe Google has it highest at around 99%.

So, look for those missing emails in your bulk/spam folder.