Random Thoughts – Randocity!

Stupid Security Measures: autocomplete=off – How To Turn Off or Disable

Posted in banking, security, technologies by commorancy on April 16, 2012

While I’m all for some browser related security, this one feature is completely asinine because it’s so unpredictable, uncontrollable and stupidly implemented. This is the complete opposite anyone should expect from a quality user experience. Let’s explore.

What is auto-completion?

Most browsers today will automatically fill forms and password fields from locally saved browser login and password information (usually the field is yellow when automatically filled). This is called autofill or autocompletion. While I admit that storing passwords inside a browser is not the smartest of ideas, specifically if it happens to be connected to your bank account. With that said, it is my choice. Let me emphasize this again loudly. Saving passwords IS MY CHOICE! Sorry for yelling, but some people just don’t listen or get this… hello Chrome, Firefox and IE, you guys (especially Chrome) need to take notes here.

So what’s this autocomplete=off business?

As a result of autocompletion, the browser creators have decided to give web site creators the ability to disable this mechanism from within their own web pages. So, when they create forms, they can add the tag “autocomplete=off” to the form which prevents the browser from storing (or offering to store) passwords or other sensitive information. This is fine if the browser would give the user the choice still. It doesn’t.

I’m fine with browsers trying to prevent stupid behavior from users, but always provide an override. Never implement features like this, however, at the expense of a frustrating and inconsistent browser experience. This is exactly what autocomplete=off does. Why? The browser doesn’t give the user control over this web page mechanism nor does it even warn of it. If the site sets this flag on their form, the browser won’t offer to store anything dealing with this form. That’s fine IF I can disable this behavior in the browser. I can’t. As I so loudly said above, this is MY choice. Make this a preference. If I want to store logins and passwords for any site on the Internet, it’s my choice. This is not Chrome’s choice or Wells Fargo’s choice or any other site’s choice. If you offer to store and save passwords, you need to let me do it under all conditions or don’t offer to do it at all. Don’t selectively do it based on some random flag that’s set without any warning to the user.

Inconsistent Browser Experience

When autocomplete=off is set on a form, there is no warning to the user that this value is set. The browser just doesn’t save the password. You have no idea why, you don’t know what’s going on. You expect the browser to offer to save and it doesn’t. This just makes the browser look broken. And, frankly, it is. If the browser can’t warn that autocomplete=off is set by the site through changing the color of the bar, flashing, an icon or some other warning mechanism (like the lock when https is in use) the user experience has been compromised and the browser is broken. This affects not only Chrome, but IE, Safari and Firefox. Yes, and this is extremely bad browser behavior. It’s also taking a step back in time before web 2.0 when the browser experience became more positive than negative. We’re heading back into negative territory here.

Browser Developers Hear Me

Not warning the user that the experience is about to change substantially is not wanted behavior. For auto-completion, we already have mechanisms to shut it off entirely. We have mechanisms to exclude sites from saving credentials. Why do we need to change the browser experience just to satisfy Wells Fargo or some other site? I’m all for letting these sites set this flag, but just like overriding bad certificates at https sites, users should be able to override autocomplete=off. There is no need to break the browser experience because you want to allow sites stop saving of passwords. No, again, hear me, it’s MY CHOICE. It’s not your choice as a developer. It’s not Wells Fargo’s choice. It’s not PayPal’s choice. It’s MY CHOICE. If I want to save passwords into my browser, allow me t0 always override this setting.

Hacks Galore

Yes, there are browser hacks available as browser extensions (Chrome or Firefox) to disable autocomplete=off on forms on sites. While these hacks work, they require updating, can break on browser updates and can be generally problematic under some conditions. No, this is an issue that firmly needs to be addressed in the core browser, not through clever browser add-on hacks. Let the sites set autocomplete=off, that’s fine. But, warn me that it’s turned on and let me override it. I shouldn’t need a hack to fix a bug in the browser.

Always Warn of Browser Experience Changes

Why am I going down on this issue so hard? Because this is a completely crappy implementation of this feature. Why? Because it breaks the user’s browsing experience without any warning. If this the page is attempting to prevent me from saving credentials, then this information should be marked clearly in the browser somewhere. Perhaps by adding a special icon to the address bar indicating that credential saving is not allowed on this site. Then, when I click that small icon, I should be able to override this behavior immediately. Again, this is my choice to store or not store passwords to the browser. There should never be any defacto security mechanisms which cannot be overridden by a user control. Never!

If the user chooses to do something stupid, that’s the user’s choice. No, it’s not a bank’s, chrome’s or any other company’s responsibility to ensure the safety of user data. It’s entirely the user’s responsibility and those choices should be completely left up to the user to decide, for better or worse.

[Update] Safari is now warning when autocomplete=off is set on a page. Safari now tells you that the site you are visiting doesn’t allow saving of passwords. Bravo to at least Apple for getting this one right.

I have also found that Firefox with the Greasemonkey plugin and this Greasemonkey script works best for completely disabling all pieces of autocomplete=off.  While the above plugins do at least allow saving passwords, the plugins don’t always allow autocomplete to work.  This means that if you want to see your credentials autopopulate into the fields on page load, you may have to use Greasemonkey instead. I have found that the Greasemonkey solution is the most complete at disabling autocomplete=off.  The reason this works is that Greasemonkey actually removes this autocomplete=off pieces from the page before Firefox renders it. The other plugins just tweak the browser to ignore the setting for password saving, but it still exists in the page source and, thus, the pieces that manage the autocomplete parts are left unhandled.  So, these pieces still don’t populate the fields.

Analyzing the bad Mass Effect 3 ending

Posted in science fiction by commorancy on April 12, 2012

So, when you next head over to Amazon, but not right now, you will find a bunch of very negative reviews of Mass Effect 3.  Apparently, there’s somewhat of a backlash going based the last 10 minutes of Mass Effect 3.  It seems, though, that most gamers including myself have found the lead up to the ending reasonably enjoyable if not overly short. As I said in my previous article on this subject, it wasn’t until the very end where it all fell apart.  So, I’m going to analyze why this ending sucked so much.  Again, spoilers ahead so stop reading now if you want to play..

My Analysis of the Backlash

When you create a multi-part game, you have to keep in mind the goal and outcome for the final character.  Players have invested substantial time into not only the story, but in building out their own character in that universe.  At the same time, the story being built needs to slowly introduce new concepts along the way so we’re not surprised at the end by something unexpected. Unexpected is what we got from Mass Effect 3.  Unfortunately too, it was the result of an Ex Deus Machina late addition to the story at the final few minutes of the game.  In fact, the character that was introduced seemed added as afterthought, but at the same time didn’t fit at all within the concept of the game.

The Citadel Entity

This character was introduced in the final 10 minutes of the game.  I’m actually fine with introducing characters, but not immortal, unkillable, omnipotent characters.  Unfortunately, this is what we got from the entity on the Citadel.  Why is this a problem?  Omnipotent characters (characters with unlimited and extraordinary powers) can almost certainly not be defeated by an ordinary human.  However, assuming that Shepard was rebuilt from both machine and man, he might have been able to overcome his human side and fulfill that destiny.  Unfortunately, though, the game designers also decided to make this character as a spirit and immortal.  How do we know he’s immortal?  He clearly explains that he has gone through this cycle multiple times in the galaxy.  That is, wiping organics out and letting them flourish back.  How do we know he’s omnipotent?  He also admitted that he’s the one who builds the reapers… from humans! Basically, he subjugates the humans into becoming reapers to do his bidding. So, unless there’s a reaper factory out there turning humans into reapers, he’s got some severely fantastical powers.

The entity also states he’s living ‘in’ the Citadel, for whatever that means.  There’s nothing that says he can’t live somewhere else, though.  So, even if the Citadel structure may be destroyed, that doesn’t mean the entity will be destroyed also.

The Real Enemy

Actually, this wasn’t even discussed and should have been.  Once Shepard reaches the Citadel and begins getting the full story from the entity, it should have been clear as glass.  The reaper threat paled next to the threat that this entity poses.  If this entity is truly at the bottom of the whole reaper invasion and if he can make them at will and do it time and time again throughout eons, then nothing that Shepard can do with the Crucible will have any effect on that entity. Basically, killing the reapers was completely and utterly futile.  The entity can wait an infinite amount of time to start his task over again.  He simply needs to wait past everyone who remembers the Shepard era, rebuild the reapers (perhaps even ironically out of Shepard, Chakwas and other crew members) and have these new reapers start the cycle over.

That the writers completely failed to see the danger that this entity poses and, worse that they failed to let Shepard recognize it is a serious lack of judgement.  Any person who is military trained would have clearly spotted the danger that this entity poses, specifically after hearing this entity’s explanation.  Of course, if this entity is truly omnipotent, he could have been playing with Shepard’s mind and making him believe and do as he wished.  So, Shepard may not have been able to control his own actions against this entity.  And that’s the number one problem with using an immortal omnipotent being in any story.

This is a total cop-out method for story closure.  It means that the writers did not have enough confidence in their own abilities to write a satisfying conclusion and instead had to rely on a ‘trick’ to pull off the end.  That ‘trick’ cost them their review status on Amazon and severely damaged this franchise’s reputation, probably permanently.  EA/Bioware will be lucky if they can salvage this franchise for any use after this.

Can this be fixed?

That’s debatable.  Possibly.  However, it will take the writers to venture again into Ex Deus Machina territory to explain off the previous ending as nothing more than a mirage, illusion, dream sequence or other type of fantasy.  The one way I can even hope to see it work at all is by using the time when Shepard goes unconscious just after the ground reaper attack, but before he crawls to the portal.  That’s the time right before meeting the omnipotent immortal entity.  This could be explained off as simply as Shepard was fished from the surface of the planet in a coma and allowed to wake up.  Basically, the entire ending was simply a coma dream.  He simply fantasized it all because he wanted it to be over.

This would allow three things.  One, it will completely get rid of the immortal omnipotent entity from the story line (a totally unnecessary Ex Deus Machina character introduced way too late and without any previous setup).  Two, it allows the writers to completely regroup and come up with an actual ending that works.  It also allows EA/Bioware to continue this entire story into Mass Effect 4.  Three, even though using a ‘dream sequence’ is about as Ex Deus Machina as you can get, it does fit with ME3’s setup just enough that it could work.  The entire game kept revolving around Shepard’s dreams of chasing a boy.  So, the boy omnipotent entity could have simply been an extension of those dreams during his coma.

The trouble is, you can’t do this setup in ME3 at all.  It has to be done in ME4.  So, this will leave the fans hanging on this bad ending quite for some time before ME4 comes into existence. So, the problem is solved and Mass Effect 4 can continue.  But, how to undo the reputation issues quickly?  EA/Bioware will need to leak details of ME4 very very soon. Specifically, a video trailer to YouTube that shows Shepard waking up from his Coma, then some short dialog about what happened and an even shorter explanation that he never made it into the Citadel that gets immediately cut off by an explosion rocking the Normandy and off to work they go.

Of course, the reapers still need to be stopped as the relays are still active.  This could also lead into a very active opening for Mass Effect 4 and would allow Shepard to jump immediately into action to stop the heavy reaper invasion already in play.  So, he can’t remain in a coma very long or the Galaxy would be consumed by the huge reaper attack. They’ll need Chakwas to find a way to snap him out of it really fast. Note that this also means that the Elusive Man is still alive.

Tagged with: , , , , , , ,

How not to run a business (Part 1) — Don’ts

Posted in best practices, business by commorancy on April 4, 2012

While there are tons of articles out there describing exactly what you need to do to start and operate a business, here are tips on what not to do when operating your business. I come from a background of years working in IT and, thus, this article is born from that perspective. Please view the index page to view all parts in this series.

Don’t treat your customers as burdens

So many businesses see only dollar signs next to a customer’s account. They’re more than dollars, they are your livelihood. Without them, you don’t have a business. Always treat your customers with respect and never as a burden. With that said, some people are difficult to manage in their mannerisms, manners, speech or phone etiquette. These types of people can be difficult. If you know that you cannot work with a given customer or client based on their behaviors, you may have to let them go as a customer. There is nothing that says you have to continue to do business with everyone that comes to you for services. If the client cannot show your business and your staff the same level of courtesy, respect and professionalism that you show them, then they don’t deserve to use your products or services.

On the other hand, your staff should always remain professional, courteous and friendly at all times. Word gets around quickly when your people are rude, improper or treat customers disrespectfully. Don’t do it and make sure your employees don’t.

Don’t burn your employees out

It’s very easy to lose sight of what your employees are doing day to day. If all you are seeing is the work being done, but you aren’t understanding how that work is getting done or by whom, you need to stop and smell the roses. In other words, find out what they are doing. Don’t assume that you have enough employees simply because the work is getting done. What you may not see is that your employees could be working after hours and on weekends to get the work done that couldn’t be done on shift. This is both unfair to your employees and causes burnout. Eventually, the employee will leave and you’ll be forced to hire and train someone new.

You’ll also find that after hiring someone new, the work output dramatically drops because the new person won’t carry the same work load as the person who left. Don’t blame the new hire, don’t chastise them and don’t expect the same level of work. You’ll only end up with a revolving door. If your ex-employee was doing the work of two, you need to find that out and hire the appropriate amount of staff to cover the expected workload. You should never expect the same level of work output from a new hire, especially if the person who left was using their own time to finish the work.

Treating your employees fairly and understanding their workload is how you get better productivity. Cracking the whip and expecting immediate results only pushes other work aside for your fire drill. As more and more fire drills result, the less and less other work gets done. This then means the employee is backlogged with some work that will never get done. If getting all work done is important, make sure that you understand the ramifications of a fire drill before you start it.

Additionally, you may have spent a fair amount of time recruiting the talent to your business. If you’ve got talented employees doing a bang-up job, but they are way over worked, they’re eventually going to leave. You don’t want to have to replace that brain trust. It’s expensive, time consuming and can leave your business vulnerable until you find someone and get them trained. It’s cheaper to keep your existing talent by treating them right the first time out. Keeping track of and managing your employees’ burn level goes a long way towards employee retention.

Do not categorize every customer issue as a fire drill

This goes back to the point above. Every customer issue isn’t a fire drill. Be professional, be courteous, but most of all, be realistic with your customers. Don’t promise immediate results when it’s not possible. Doing so throws employees into fire drill mode and other work gets pushed aside. Fire drills result in much lost productivity. Learn to triage and manage these customer situations appropriately.

Don’t expect professional results from fire drill mode

When employees go into ‘fire drill’ mode, all productivity stops. That is, all productivity stops for each employee consumed by the fire drill. The only thing that a fire drill employee is focused on is in fixing what caused the fire drill whether or not they have the tools to do so. Worse, as employees jump into fire drill mode, they also enter the get-it-done-as-fast-as-possible mode. This mode is problematic on many levels. It can leave the issue only partially resolved or temporarily resolved. This means that someone will have to go back later and fix the problem properly and permanently.

Moving too fast can cause mistakes or lead to even bigger problems later. Moving too fast can bypass rational and critical thinking. Moving too fast can halt logic thought processes and prevent people from seeing the bigger picture. These are all important aspects to realize of fire drills. For example, is the problem just for a single customer or is it impacting all customers? Is the problem something that the product or service caused, is it caused by the customer interaction or is it something introduced by a third party vendor? Getting thrown into fire drill mode keeps some of these thought processes from materializing and, instead, employees tend to put blinders on instead of rationally thinking through the entire issue from top to bottom.

Fire drills burn people out rapidly. Eventually, employees get fed up with the fire drill mode and they leave the company. Don’t expect to keep employees for longer than a year or two if your entire business runs on fire drills daily. Note, successful businesses do not operate in fire drill mode all of the time. Yes, fire drills happen, but not all of the time. Treating every issue as a fire drill leads employees to feel unproductive and eventually they burn out and leave.

Don’t expect perfection from employees

We are all human and we are all fallible. Running a business, you have to expect occasional mishaps. That’s not to say that you can’t strive for your employees to reduce mistakes. But, it does mean that you need to set your expectations accordingly to avoid thinking that perfection is the way the company should run.

On the flip side, do treat your employees with proper and necessary fringe benefits. For your business to be considered on Forbes top 100 best places to work, you need to offer a whole lot of perks to your employees. Perks can be costly, but happy employees keep the productivity flowing. Unhappy and dissatisfied employees do the minimum and go home. Employees that are happy to work for your company will turn in a lot more carefully completed work than employees who are dissatisfied or are getting burned out.

Don’t play games with your website

If you intend to do business on the Internet (and who doesn’t at this point?), your web site is the new storefront. It shows off your business and how it works. It is the single most important portal for both your customers and prospects. Without a solid well designed web site, don’t expect high quality traffic or even the right traffic. This means, let professional design firms design your site tuned to the correct keywords. Don’t build the web site yourself from scratch (unless you happen to also be a well known web designer). Let professionals do this work and provide your site with a fresh look. Additionally, trust your web designer. Don’t think you know better than your web designers (unless you happen to have a degree in commercial art). Yes, flaws in the way something works on the site, these need to be corrected. For the look and feel, trust that they know what they are doing. If you are uncertain of a certain image, flow or feature on your web site, do an A/B test (your idea vs the designers’s idea) to find out which one your visitors like better. Visitors always speak loader than you. Treat your visitors with the respect they deserve. Don’t assume that because it’s how you want it that it’s the correct move. Note that that goes for everything in your business, not just websites.

Additionally, once you establish a web site with reasonbly high ranking in Google, don’t up and change it just because ‘it’s old’. Don’t do this unless you are absolutely certain you know what you are doing. If you roll the site out incorrectly, you can easily lose all page rankings you have in Google. If your intent is to target new keywords, then maybe that’s what you want. But, if you had a page 1 or page 2 ranking, by changing key words and content incorrectly, you can expect to drop down to the 20-50 page area (or lower). This is immediately damaging to any business. Note, page rankings move down far faster than move up. So, you’ll pretty much lose your rankings overnight, but your new keywords might take a year or longer to get even close to page 4. You’ve lost a lot of ground and you’ve lost a lot of visitors because your new site is now ranked very low. You can always pay for AdWords to help your business, but pay-per-click is very costly and may not help your page rankings in any substantial way.

Don’t use content management systems for your web site

I know, I know. A lot of people are using WordPress for their home pages. This is way overkill for a home site. Why? First, your content doesn’t change that often on your home site. It’s mostly static. WordPress and other content management systems are designed for adding new content often and rapidly (just like this very blog article you are reading). Corporate web sites don’t change frequently enough to justify all that’s necessary to run a CMS (i.e., Linux, Apache, MySQL and PHP for starters). On top of that, WordPress requires you to build the graphics inside of a specially designed theme which requires specialized coding knowledge. Additionally, for Linux, Apache, MySQL and PHP, someone will also need to understand all of these technologies for when things break and when redundancy is required. This means hiring someone knowledgeable to manage the CMS site, not to mention someone who’s knowledgable with WordPress management.

Second, there’s page delivery speed. For each additional technology layer you add, there’s a performance hit to deliver that page to the browser. The slower the page load, the lower the Google page ranking. Statically designed web sites are the fastest to load. Why? No databases to pull data from, no PHP to interpret and process commands, no extra layers of networks to pull data through, etc. The pages and content are immediately there to download rapidly. Ultimately, a CMS is simply delivering an HTML page to the browser. So does a static web site. The less layers involved, the faster a page can deliver. The faster the delivery, the higher the page ranking. Of course, you can also throw super fast hardware and caching mechanisms in front of your CMS to help speed up delivery, but that can cause other issues for some types of content and, at the same time, cost you more money. The only downside to static web sites is management and deployment. However, tools like Dreamweaver can solve some of these deployment issues. It’s also far easier to hire someone knowledgeable about HTML and Apache alone than it is to find someone who additionally understands PHP and MySQL databases and permissions, let alone WordPress.

Don’t send mixed messages to your customers and prospects

The worst thing you can do is have a muddy browsing and sales experience. Customers want to know what things cost and what they will get in return for that money they spend with you. If you don’t have a clear and concise list of your products or services, then define them before ever allowing a salesperson on the phone. Mixed messages are the quickest way to lose prospects before getting to stage one in the sales process. Clearly define what you offer before getting any prospect on the phone. Additionally, mixed messages can come from different sales people also. For example, based on commission rates, one sales person might offer once price while another offers another. Keep your sales people consistent on pricing. If a prospect calls and is given pricing, make sure that pricing is documented in a quote somewhere. If the prospect calls back, even a different representative who answers the phone can find the pricing they were given.

Don’t overhire

This is a huge problem in Startups. Startup companies tend to overhire in places like sales and under hire in critical technical positions needed to support those sales properly. So, you might have 50 sales people all closing deals, but you have one or two operations people to enable and train those 50 (or more) new customers each month. This goes back to, don’t burn your employees out. Lopsided hiring is a phenomena that upper management rarely sees or chooses to ignore, but continues to be a problem in nearly every startup I’ve seen.

Don’t pay out commissions before receiving customer payment

We all know that closing a deal is great. However, the trap that many startups fall into is paying out commissions on the close of the deal rather than after the customer’s check has cleared. This is a problem for so many reasons. First, it allows your sales staff to game your commission system by finding any deal to close and closing it even if it never has hope of actual payment. This means they will always get their commission, but new the customer never actually makes any payment. Second, you’ve paid out commission to the salesperson, but you’ve never collected a dime from the customer. Don’t do this. Always pay out commissions only after the customer’s check has cleared the bank and only based on the length of the term only after the payment is received. If it’s a 12 month deal paid monthly, pay the employee commissions after receipt of payment by the customer and only pay the sales person on what the customer has paid. If it’s a 10% commission, they will get their 10% of that monthly check after the check has arrived and cleared. Never pay any commissions before the check clears. Never pay out the full commission payment on the deal until all customer monies on that contract have been collected.

Paying commissions in this way does several things at once. It forces the salesperson to make sure the payment is properly received, it forces the salesperson to accurately document the contract to get the correct payment amount from the customer, it prevents paying out commissions without receiving payment by the customer first (which means you aren’t dipping into cash reserves to make payroll), it reduces the amount of work necessary by your receivables person, it prevents claw backs through salary reduction of future pay checks from sales persons if deals fall through after-the-fact, and it just plain makes good business sense. Running your sales department’s commission program based solely on when deal closes is just ripe for major cash flow problems.

You know, you’d think this specific Don’t would be a no-brainer in the business world. In fact, it isn’t and I don’t know why that is. I’ve worked for multiple startups that have chosen this money-burning commission approach. I know, some people have said, “Other startups do it this way”. This is a non-argument and offers no justification for this stupid practice. This rationalization also doesn’t make it sane for your business or the bottom line. It just means the insanity runs deep in other companies. Because another business chooses a high cash burn approach to their sales operations doesn’t mean you need to follow that same cash burn approach. Instead, save that money and invest it places that bring money in rather than lose it. Your sales people don’t need to become millionaires off of bad commission practices. Sure, you can use claw backs to get the money back, but only if the sales person is still working for you. It doesn’t work if the employee has quit and left with money in hand.

Don’t let your sales people promise things that cannot be delivered

Your sales people are primarily working for their commissions. That’s why they are sales people. Once you acknowledge this fact, you can do the things to protect your business from dire sales mistakes. Basically, your sales people are looking for 10% of that million dollar deal. They are not concerned whether your product or service actually is capable of doing what they have sold. Overselling is one of the biggest problems that any organization faces, especially growing startups that have little experience. It takes work, training and proper management to keep this problem in check. Don’t turn a blind eye to this part of your business. Yes, your sales people do bring in the business, but they need to bring in the business based on what is currently offered, not what can be built. This goes back to fire drills. If your sales people are constantly selling vapor products, your business will always be in fire drill mode trying to build something a sales person has promised. Don’t get into this mode or you’ll never get out of it.

When a sales person sells something that doesn’t exist, their commissions should be eliminated for that sale. This immediately deters sales persons from selling non-existent features (even if it’s part of a larger deal). If even part of the product doesn’t exist, neither does their commission on that sale. Commissions are like rewards. Don’t reward your sales people for promising things that are not possible and then rushing to try and fulfill that promise by building something really fast ‘to cover the promise’. This is a bad bad business practice to fall into.

Don’t play games with the books

With Sarbanes-Oxley in play, it’s rather difficult to do… especially in public companies. However, in private companies, all bets are off. If you (or any of your staff) play games with the books, you may never be able to recover from this if you intend to IPO. The quickest way to tank your company is by playing games with the books. It’s pretty simple, hire an accountant, a CPA or someone who’s honest and is willing to do the right thing. At the same time, keep close tabs on your books (payments in, out and general ledger). If you are a C-level exec, don’t use the company coffers as your own personal bank account. While this is extremely tempting, unless you intend for the company to close its doors at some point, don’t do this.

Don’t hop around trying to find the next big idea

It’s great to explore new things, but don’t abandon your tried and true services thinking you have the next big thing. If you have something that’s selling well, keep it in play. Don’t get rid of it simply because you think you have a new idea that is better. Make sure you market test all new ideas before you dump services in replacement for that new idea. You may have dumped your bread and butter for an idea that doesn’t work. Your customers will tell you that really quick.

Don’t rely on self-service business models to sustain a large corporation

Self-service is an adjunct to your business and is not intended to be used to sustain the business itself. If you plan to be in business and sell business-to-business services, don’t expect self-service pay-by-credit-card services to win over large corporations. First, most corporations don’t (and can’t) pay by credit cards and, instead, they prefer net 30, 45, 60 or 90 day terms. Credit cards are almost always intended for small transactions, usually under $1000. Although, some consumer cards allow charges up to $3-4k. Some business cards can go even higher. Yes, some cards like the government P-cards have high limits, but most cards don’t. For the most part, though, credit cards are intended primarily for small transactions. If you are looking for $30k-$1mil contracts, cards are not really the place for this size of transaction. You will need salespeople, you need to extend credit and set up payment terms and you need to hire a finance team to send invoices and collect and book payments.

Second, big corporations expect some level of spoon feeding with regards to the sales and support processes. Expect to assign salespeople to corporations as single points of contact. Corporations expect to talk to the same salesperson each and every time they call. If your sales people change constantly, be sure to do proper turnover and have your new sales people contact those corporations explaining the transition. If you prefer not to assign salespeople to accounts, you may do more harm than good for your business, so don’t do this. Corporations want to feel like their accounts are being handled properly. For the amount of money that a corporation is spending on their contract to your business, this is the least you can do to secure their peace of mind. This goes back to treating businesses and people with respect and courtesy.

Don’t think email invoices alone suffice as for notification of outstanding debt

Email invoices, while convenient, are not always admissible in court. Always send a paper bill for second notices to pay. Yes, this means printing and mailing paper invoices, but that’s just one cost of doing business. Expect to incur this cost.

Don’t think your employees know how to act

Write an employee handbook. Not only is this book a great reference for how to act, how to dress, how to conduct business and simple business etiquette information, it is also a good place to set expectations so when you do have to let someone go, you have a document that states unacceptable conduct. You can also state things such as ‘at will’ terms so that employees know exactly where they stand with their employment with you. Employee handbooks are good places to keep all kinds of information not otherwise easily documented. Sure, you can use a Wiki or other digital media (PDF) for this information, but printing this document to paper and placing it on every employee’s desk with a page to ‘read and sign’ means that at least they cracked open the book enough to read and sign the signature page. Digital documents are not always enough for this. This is a way to protect your business from employee issues when you need to let someone go for inappropriate behavior or when performance issues are at work.

Don’t become fascist about the use of electronic devices

Employees carry iPhones, iPads and portable electronic devices. They’re going to carry them whether you like it or not. It’s a way of life today. You’re not going to change that behavior by mandating a no-cellphone policy in the office. People rely on cell phones for critical personal communications. Don’t expect that you can take away cell phone privileges from them and they’ll be happy working for you. This goes back to perks. Let that be a perk for your employees. You can mandate in the employee handbook (discussed just above) about over usage of devices. Basically, let employees exercise common sense on usage (for example, on breaks, at lunch time, etc). But, if it consumes their day and they’re not productive, that’s a problem that needs to be discussed and addressed.

Some employees also like to listen to music while working, so allowing this is also a perk. If an employee is more productive while listening to music, let them listen. If it allows them to tune out other office noises such as other phone conversations, ringing phones, typing, printer noises and other distracting office sounds, all the better. Of course, if the person happens to be the receptionist, use of headphones may not be an option. Note that anything that calms an employee, let’s them remain happy at work and helps them to concentrate is never a bad thing.

Don’t expect people to give up their weekends for your business

This goes back to burning employees out. If you have so much work that one person cannot get the job done or it requires weekend work to get things done, expect to offer extra salary or comp time. Comp time costs you nothing additional. It’s a straight trade. One weekend day for one weekday off. Don’t expect your employees to work 6-7 days on a 5 day a week salary. Eventually, you may find yourself in a lawsuit for backpay. Don’t do it.

Don’t expect technology to solve every problem

Technology is made by humans. It is, therefore, fallible. It has bugs, it crashes, it doesn’t always work as expected. It doesn’t matter if the software is from your developers or from Apple. Nothing is perfect, expect that it will become a problem at some point. This goes back to fire drills above. Take failure in stride and work through it. Don’t pressure your employees for 5 minute fixes when things go wrong. Let the employees work through the issue properly. The question is, do you want it done right or do you want it done fast? Fast may get you a fix, but it may not be a fix that you’ll ultimately like several days later. Giving enough breathing room to let the technical employees work through a proper fix is critical to ensure proper resolution to problems. Expecting fast fixes only leads to more problems later. This even goes for writing code. Pressing to get software releases out the door ‘fast’, especially if you are a software company, is the only real way to tank your business. If you’re a software business, your brand is built on quality, not quantity. You want your software to work as expected. Rushing to get software out the door, more often than not, leads to failure somewhere along the way for someone. It means your developers have missed critical edge cases that can make the difference between being known for mediocre software and being known for high quality software.

If you think that there’s a way to write speedy software that’s high quality, you’ve deluded yourself. Quality software comes only from producing code that covers 98-99% of every edge case out there and that simply takes time to produce. Basically, this requires bulletproofing the software so that no matter how a user may use the software that it always does what’s expected. Increasing speed of software delivery reduces the ability to test edge cases leaving dangling code that doesn’t always do the correct thing under error conditions. This means the code could run wild, do the wrong thing or, worst case, corrupt data irrevocably. This situation puts technical staff in fire drill mode. Again, you cannot run your business in constant fire drill mode. You hired your technical staff to write high quality code, let them. Yes, by all means set delivery dates, but if a feature is too complex for a release, pull it and release it later. Don’t rush them to get that feature into any specific release.

Don’t let the sales team drive your business

Your sales department is your front end the public. It’s how you sell and do business. But, it is not what drives your business ahead. Your products and services drive your business. The solutions that you create are what become the face of what your business is and does. As an entrepreneur, you may have forgotten that the reason you went into business is to solve a problem. You wrote a piece of software or designed a product to solve a business problem, perhaps even for yourself. Then, you realized you could sell that solution to many different people. It’s the solution that drives the business, not your sales team. Basically, your technical team’s ability to deliver a functioning solution is what matters. The sales team is irrelevant in this equation other than the fact that they answer the phone, make the sale and take payment. Far too many businesses rely on the sales department to drive their business forward. This is the wrong approach and uses wrong thinking. Sure, the sales team is the one reaching out to prospects and locating interested new parties. That’s the sales team’s job. But, when sales begins selling a square peg to fit a round hole that’s where problems begin. This goes back to overselling. The solution is what sells, not the sales team. The sales team is the mouthpiece for the solution, not the other way around. So, the sales team must be trained to sell what is there, not what isn’t. It is not the sales team’s job to make up new features or imply that a feature a customer may be looking for exists. It’s the sales team’s job to understand the solution offered and find prospects where that solution fits their problem.

In this goal, always have a technical person who knows the limits of the solution on every sales call. They are the voice of clarity to keep the sales team from overselling. The technical person can step in and say, “That’s not exactly correct, our product doesn’t do X yet”. This sets customer expectations. However, if X feature is important, it should be added to the list of new features to be added into a future release.

Your business and you

As the owner and/or CEO of your business, you are the champion of your business. Only you can do the right thing for your business. Stop, think and use common sense. Rushing employees to get things done fast is not the answer. Slow down the pace. Let the employees catch up and catch their breath. Let them finish critical projects. If you’re consistently compressing time lines, some tasks will never get done. Compressed time lines are usually driven by customers and this, in turn, is usually driven by a salesperson over promising. These are all practices that must be tempered. Setting the correct pace for your business is the only way your business will succeed. Too fast a pace and your business will never be known for quality. Too slow and the competition will outdo you. Critical, of course, to your business is having creative thinkers on your team. You need a constant flow of new ideas to keep the business fresh and keep your products and services new and innovative. Without critical thinkers producing new fresh ideas, your business will keep wrapping pretty new bows on old ideas. Keep your old ideas the way they are. Don’t wrap pretty new bows into them. Your customers will appreciate that you respect them. Wrapping pretty new bows on old ideas can be insulting to old customers if you’re trying to play it off as a new service. This is the quickest way to lose customers. Keep your existing customers happy and don’t insult them by playing off something old as something new.

Start | Chapter Index | Part 2

Tagged with: , , , , , ,

Google Android: How to fix Speech to Text “Couldn’t Connect” error

Posted in Android by commorancy on April 3, 2012

[UPDATE: 2019-06-25]: Google seems to have retired its legacy speech-to-text (S2T) services for older Android versions including Gingerbread (2.4) and below. If you have Gingerbread and S2T is no longer functioning for you, this is likely the cause. This service retirement likely impacts some newer Android versions, which also rely on this older service. Because Google has retired the service, it will no longer function ever. If you need this feature, you’ll need to upgrade to a device that can run a newer version of Android which supports the “Ok, Google” assistant. It seems that Google is moving forward by replacing this older S2T functionality with its newer “Ok, Google” voice assistant. If you have a Samsung, you may be able to use Bixby. This is Samsung’s own voice assistant. On with the article…

While this isn’t an overly common problem that I’ve found with Android, it is a problem that I have run into that has entirely baffled me.. until now. Note, I am running Android 6.0.1 on my Samsung S5. Even on my S5, the keyboard microphone button links to and uses the “Ok, Google” engine, not the legacy service. Note that this article was written in 2012. Some of the below, particularly as it pertains to downloading keyboard packages likely won’t help older devices. However, the portion discussing why this feature doesn’t work (i.e., Internet) is still valid. If you have an older device, you may find this functionality no longer works even if you DO have Internet available. This is because Google seems to have retired its legacy Android S2T service as of spring 2019.

To use the speech to text functionality (specifically voice search or voice keyboard input), you are required to download a package onto Android initially. After downloading, I thought that I would be able to use this functionality all of the time. Let’s explore why this isn’t true.

Text to Speech Input Troubles

On the Android Keyboard (that is, the non-Swype keyboard input), there is a small microphone symbol. Why this isn’t on the Swype keyboard is anyone’s guess? If you click the little microphone, the microphone feature activates and allows you to speak your text. The phone is then supposed to convert your speech into text. This is particularly handy while driving. Unfortunately, most of the time I always seemed to see the error ‘Couldn’t Connect’ when attempting using this functionality. After all, I had downloaded the necessary packages. At first I thought it had something to do with the microphone. So, I plugged in different headsets and different bluetooth devices, but it still only randomly works. Sometimes it works perfectly and other times not. I also tried restarting my phone thinking there was some kind of service that was not working properly. No luck with any of this. For a while, I had given up on even using it. However, I finally decided to get to the bottom of this issue.

This would seem to be a very handy feature while in the car. And, it is, when it works. In my car, however, most of the time it doesn’t work. I couldn’t figure this one out at all. I kept thinking how lame it is that the one feature you absolutely need while driving is Speech to Text. Yet, it is the single feature that is the most unreliable. However, today I have finally realized why this functionality only intermittently works. It requires the Internet to function.

The Internet?

Why would this service need the internet? Apparently, whatever data was downloaded only enables the feature, but it doesn’t actually do the speech to text conversion in the phone. Apparently, the audio input is sent off to one of Google’s servers on the Internet (can you say, “Privacy Issue”) to be processed and the text sent back to the phone after conversion. The phone doesn’t actually do the conversion.

My Rant

While I understand the audio processing needed to decode an audio file may not be capable within the phone (although, Siri seems to do a great job offline in the iPhone), the phone should at least have some offline capabilities. However, the error message here is just absolutely stupid. It doesn’t explain anything. If the Internet is not available and this service requires it, the phone should pop up a message that either explains that no Internet is available or it should simply remove that functionality from the keyboard (grey it out) until the Internet is available. Why try to allow use of this functionality when the Internet is not available? This is both a confusing and stupid design. Google, you need to fix this design fast.

So, you’re probably asking why it periodically worked in my car? First, my phone is not Internet enabled. Second, I refuse to pay $80 a month for a 3G data plan that’s half the speed of my cable service and offers half or less the amount of data at twice the price. Instead, I pay for an ‘unlimited’ MiFi device that I don’t always turn on in my car. Sometimes it’s on, sometimes it isn’t. That explains why this functionality sometimes works and sometimes not.

I use the MiFi specifically because it works with all of my devices and is not locked to only one device. It allows for more data throughput, due to the plan rate. It is also a non-contract prepaid service, so I don’t have to worry about being stuck in a hugely long contract. If something better comes along, I just stop payment and walk away with no penalties. Specifically, I use Virgin Mobile’s MiFi that is actually using the Sprint 3G Network. I digress.

How To Fix

If you’ve been searching all over the Internet trying to figure out why this functionality only sparsely works and how to fix it, this feature requires the Internet. If your phone is not 24/7 Internet capable and you use WiFi for connectivity in select places, like myself, you will run into this problem when trying to use ‘Speech to Text’ from the Android keyboard while there is no Internet connectivity. To fix this issue, you either need to subscribe to a phone dataplan so you have ‘Always On’ Internet service or carry a MiFi device around with you and turn it on when you want to use Speech to Text. A hassle yes, but complain to Google as they are the ones that designed it to require the use of a Google server to decode the audio.

So, there you have it. Problem solved, mostly. At least, it’s solved for Android 2.2. If your have a later version of Android, your mileage may vary.

[UPDATE: 2012-05-04]

My bad. It appears that Siri does, in fact, require the Internet for Speech to Text conversion just like Android. This also goes for Alexa, Bixby, Cortana and even “Ok, Google”. So, I guess this article applies to the iPhone and all other voice assistant devices as well.

Security tip: Don’t sign-up for sites without ‘delete account’ function

Posted in data security, security by commorancy on April 2, 2012

As security of data becomes more and more important and as security breaches become more and more frequent, the ‘delete account’ link becomes very important.  So many sites today allow you to import information such as credit cards, birth dates and other sensitive information, but many times they don’t allow you to delete that information (or your account) easily.  In some cases, you can’t delete your data at all.  It’s important to understand why it’s critical to have the option to delete your account (and all data associated with it). Let’s explore.

Account Security

Few people consider account security when signing up for an internet service like Facebook, Twitter, MySpace or even Yahoo or Google.  As more and more sites become victims of security breaches, without deletion of old dormant accounts, your data is sitting out there ripe for the picking.  In some cases, these accounts may have stored credit card, social security or other potentially sensitive or revealing data.  So, when you begin that sign-up process, it’s a good idea to check the help pages on how to delete your account information before you sign up.

Old Dormant Accounts

We all have them.  We signed up for a site 4 years ago and then either never used it or used it only a few times. Don’t leave old dormant accounts sitting unattended.  Delete them.  You don’t need some random hacker gaining access to the account or, worse, obtaining the password through a break-in to that site.  If they obtain an old password, it’s possible that they may now have access to all of your accounts all over the net (assuming you happen to use a single password at all sites).

If you are using a single password, change them to all be unique.  If you can’t do this, then find the delete button on all these old accounts.  If you can’t remember what you’ve signed up for, then that’s beyond the scope of this article.  Still, deletion is the best option at avoiding unintended intrusion into other important accounts, so delete old accounts.

No Delete Function?

Two ways to handle this one.

  1. Delete all data that you can from the account, then find a random password generator and change the password to a randomly generated password.  Do not keep a copy of the password and never use it again.  Basically, you have locked the account yourself.  If someone does access the account through the web, they won’t get anything.  If they break into the site and gain access to the passwords, they will get a randomly generated password that leads them nowhere.
  2. Contact the site administrator and ask to have the account completely deleted without a trace.  Sometimes they can, sometimes they can’t.  Depends on how the site was designed.  It’s always worth asking.

New Accounts at New Sites

When signing up with new accounts, if you cannot find a way to delete the account, then contact the administrator and explain that you would join the site, but you cannot find a way to delete the account when you no longer wish to have one.  If they state that there isn’t a deletion function, explain to them that until they implement this function, you can’t use the site.. and walk way.  Note that there is nothing more important than your own personal data security and you have to be the champion of that security because no one else will.  If sites refuse to implement deletion functionality, then don’t use the site.  There is no site functionality that is more important than your data security.

No Reason for Lack of Delete Function

In fact, there is absolutely no reason, other than sheer laziness, to not implement a delete function in any internet web site.  If it can be added, it can be deleted.  It’s very simple.  I know, some developers are going to say, “Well, it’s not that easy”.   That’s a total crock.  It is that easy.  If you have developed software that is incapable of deleting user account information, then you are either seriously inept as a programmer or you simply don’t understand what you are doing.  There is no excuse at all for not adding a delete function to any site (including deletion of a user account).  To my knowledge, there is no operating system or database that does not have the ability to delete data.  Not adding this feature is just not acceptable.  Always demand this feature if you cannot find it.

Pre-existing Site Accounts

I know that some of you may have joined sites ages ago when data security breaches were less common than today.  Back then, account delete functions may not have been available.  This may have been carried forward and these sites may still not have delete functions.  Demand that the developers add this functionality.  If you are an avid user, you should always demand this functionality.  You never know when something may change that may require you to delete your account at that site… like a data breach.  Security is important and your personal ability to delete your account is your right and should not be undermined.  Again, always demand this feature from the sites you frequent if it is not present.

I challenge you to visit all of the sites you regularly use and locate the delete account function.  I’ll bet that more than 50% of the time, it’s not there.  Demand that this feature be implemented if, for nothing else, than your own personal peace of mind in case you need it.  It’s like that insurance policy you buy, this is the same.  The delete account feature is your insurance policy to prevent unauthorized access whenever you need to exercise this option.  However, you cannot delete your data if the functionality is not there, so always make sure the delete feature exists before you sign-up.

%d bloggers like this: