Blame it on Cloud Security

It is really an easy one, I suppose … so many business and IT decision makers told me that as the reason of not implementing / migrating their systems to the cloud.

However, truth is that data and systems residing in public or private clouds are as secure as you make them. Typically, cloud-based systems can be more secure than existing internal systems if you do the upfront work required.

For example, I am pretty sure the physical security, patch management and many other security measures are better implemented by Cloud Services Providers than your own IT department.

Check out the Security Guidance from Cloud Security Alliance and COBIT from ISACA for more details and the techniques, and I am sure you can implement a secure cloud system.

Cloud experts, any thoughts ?

linkedin pic 3

Blame it on the ever-changing requirements

Whenever there is a delay in software project delivery, the usual reaction is blaming it on the unclear and ever-changing business requirements.

Edward Berard, author of the Object Oriented Software Engineering, once said “Walking on water and developing software from a specification are easy, if both are frozen.” and clearly it proved that point … or did it ?

We all know in the real world, business changes fast and therefore so are the software requirements. So it’s really no point to insist in freezing requirements before starting the software development, instead we shall consider :

1) How can we cope with changing requirements in our development lifecycle ? (Read : Scrum Development)

2) How can we make our applications more flexible and easier to change without affecting other parts of the system ? (Read : API and Micro-services)

3) How can we migrate / rollback production systems easily ? (Read : DevOps)

4) How can we lower the cost of infrastructure and failure ? (Read : Cloud infrastructure)

So, don’t blame it on the requirement changes, as change is constant. Let’s do a better job in developing the business software.

Development professionals, any thoughts ?

linkedin pic 2

Blame it on technology

It’s really easy to blame everything on technology, whenever there is a project failure, especially new ones with lots of acronyms and buzzwords.

On the other hand, have we trained up the business users to master the technology ? Have we defined the project objectives clearly ? Have we reviewed and revised the business processes to work with the technology ?

People, process, technology … technology actually comes last.

So don’t blame everything on technology, blame the project failure on how we implement a new technology.

Technology professionals, any thoughts ?

linkedin pic 1

Connecting the Dots, Connecting the Blockchain

“Again, you can’t connect the dots looking forward; you can only connect them looking backwards. So you have to trust that the dots will somehow connect in your future. You have to trust in something – your gut, destiny, life, karma, whatever. This approach has never let me down, and it has made all the difference in my life.” – Steve Jobs

Back in 1994, I joined a company who was developing a document service for the trading companies in Hong Kong. The service facilitated the trading companies to send various trading documents to the Hong Kong Government securely and with authenticity.

The technology behind all these was Public Key Infrastructure, or asymmetric cryptography. Even though back then I was the System Architect of such system, the technology was totally new to me – Hashing, Asymmetric Encryption, Digital Signing etc. For some reasons however, I was intrigued by all these fancy technologies.

Fast forward to year 2000, Hong Kong rolled out the Smart IDs for Hong Kong citizens and each of these Smart IDs had a chip embedded that in theory you could store the Private Key inside it and did your own digital signing. And of course, with the receiving party’s Public Key, we could do secure encryption as well.

Eight years later, in October 2008, Satoshi Nakamoto published a paper on The Cryptography Mailing list at metzdowd.com, described the digital currency – BitCoin. And the infrastructure that BitCoin worked above was what we call now – Blockchain (this term is not used at all in the original white-paper).

By now, you all know Blockchain is again based on hashing, cryptography and time-stamping. Did I know what I learnt back in 1994 would become the foundation of the digital currency or even future computing infrastructure ?

No of course, because as Steve Jobs said … we can only connect the dots looking backwards.

I don’t know ten, twenty years later, what dots we all can connect and find something new. However, you may be able to get some insights on the following excellent documentary on Blockchain

New Roles of CTO, CIO, and CEO

Busy Businessman

We all know what CTO, CIO and CEO stand for, but lately I just think all these titles now stand for something else. Something pretty different.

First, as we all know the full name of CTO is Chief Technology Officer. According to Wikipedia, CTO is an executive-level position in a company or other entity whose occupant is focused on scientific and technological issues within an organisation. Of course I guess “technology issues” include what technology to use, to deliver and to maintain. In the security conference SecureHongKong couple of years ago, renowned security expert Dr. Meng-Chow Kang told the audiences that CTO stands for Chief Trust Officer. I agreed with it wholeheartedly. Technology is crucial to most, if not all, corporations nowadays; but what really matter is the trust that we all shall build among the technology and the stakeholders.

Then what about CIO, Chief Information Officer ? That one is rather easy, as many companies already renamed it to Chief Innovation Officer or Chief Integration Officer. Last year, Deloitte pointed out it’s time CIO to evolve to Chief Integration Officer, and CIO is not only the connective tissue but the driving force for intersecting, IT-heavy initiatives. And of course, to many new startups, innovation is really the single most important reason why the company exists at all. The new Chief Innovation Officer (or CINO) shall manage all the processes of innovation in the organization.

Lastly, the Chief Executive Officer – he or she that shall own the company vision, provide proper resources, build the culture, make good decisions and deliver the company’s performance now may has many new roles. In addition, the modern day CEOs shall understand what experiences the company’s products and services are being delivered to the customers as well as stakeholders. Indeed, many companies already established the role of Chief Experience Office (or CXO).

So, are you possessing one of these job titles ? Are you ready to take on the new role(s) ?

F-Stop Guru Camera Backpack

Two things I don’t like much about the Manfrotto / Kata Revolver backpack are first, it’s not designed to hold two camera bodies even with its rather huge body. Second issue is the backpack cannot stand by itself – after all it’s designed like a revolver (such that you can access lens easily).

So, the Revolver is out … and F-Stop Guru is in.

To me, a great camera backpack should has the following features (YMMV though) :

  • It has to be lightweight.
  • It shall look like a typical hiking / day-trip backpack, but not a backpack with camera gear inside.
  • It shall hold two M4/3 camera bodies, a few Olympus Pro zoom lens, one or two fixed lens, and a flash.
  • It shall allow the photographer to access the gears easily, by slinging the bag or access from the side.
  • It shall be able to slot in a 13 inches laptop.
  • It shall include lots of small internal pockets to hold accessories.
  • The shoulder strap shall not be that thick to fit the Capture Pro Camera Clip.
  • It shall has side pocket(s) to hold bottle of water.
  • It shall include rain cover.
  • And of course, It can stand by itself.

Bonus – it can fit in an internal hydration pack.

Well yes, the F-Stop Guru fits the bill.

 

Are QR Codes Dead ?

Newspaper

So you probably know … QR Code was invented in 1994 (yap, 20 years ago) by Denso Wave. Although initially used for tracking parts in vehicle manufacturing, QR codes now are used in a much broader context especially in mobile, for example to add a vCard contact to the user’s device, to open a webpage thru Uniform Resource Identifier (URI), or to compose an e-mail or text message.

However, just a silly question, how many times have you scanned a QR Code ? Say in the last 30 days ? Let me ask again in greater details, how many times have you picked up your phone, started up the phone, run the scanning app, pointed the phone to the QR Code, and scanned it (provided you have the QR Code in focus and in good light) ?

Two and a half years ago, Forbes asked the question “Are QR Codes dead ?”. And this question was raised many times in the past two years (you can Google it), but still there is no firm answer. In fact, the other 2D code technology Microsoft Tag is closing down soon.

So I did a test … I picked up one San Francisco Chronicle (a daily newspaper for the greater San Francisco area), and flipped through all the pages with an aim to find one QR code to scan. And the result – none. Nothing. Yap there is no single QR code in the whole newspaper.

So why are QR Codes so popular in Japan, Korea, China and also picking up speed in Hong Kong, but yet no one is really using it in a high-tech city like San Francisco ? There are many different reasons from IT and marketing experts, but I think the real reason is – the English language.

Imagine your small company (“Company”) is running a promotional campaign and want your target customers to browse your company website like http://www.COMPANY.com, or call the toll free number – 1-800-COMPANY. It may be pretty easy to do it in North America, just print the ad in newspaper with the website address and the phone number.

But what if your target customers are not that fluent in English ? What if it is hard for them to memorise your company name, the website address etc. ? Naturally, I think one solution is to use QR Code and I think that is why it’s popular in non-English speaking countries – Japan, Korea, China, as most (if not all) website addresses are composed in English language characters.

With all that said, still QR Code will give it another try, as the Merchant Customer Exchange in US is rolling out a new payment gateway CurrentC, with an attempt to kill Apple Pay (and also Credit Card fee). The whole idea of the payment gateway is to use QR Code to link the transaction to your bank account.

So, may be, let’s visit this question “Are QR Codes dead ?” again in two years time. Stay tuned.