Opinion: Shout out to TechSmith for Snagit

I don't normally do blog posts to just promote products from companies, but two weeks ago I was asked about tools that I use on a daily basis and that I really wouldn't want to do without. Normally with a question like that, I have to think for a while. But this one's easy: It's SnagIt from TechSmith.

It's the one tool that I use in nearly every part of my work. I use it all day long. If I didn't have it, it would harm my productivity in a significant way.

I was using it at a client site the other day, and the client commented on how easily I could do things using it, compared to the way that he did screen captures, etc.

I'm always amazed at how people at various companies will go to extraordinary lengths to avoid paying small amounts for tools that change their productivity. It see people trying to use free snipping tools, etc. and it's all so clumsy.

Don't be that person.

Be prepared to pay a small amount for tools that can change your personal productivity.

Note: TechSmith now give me a free license for this tool but I was buying it long, long before they did so, and I would continue to do so if they stopped providing me with one.

Like with anything you've used over a long time, you can have a love-hate relationship at times. And there have been some very recent updates to the 2018 version where I've had performance issues, but I've just installed the 2019 version and everything seems to be sunshine and unicorns again performance-wise.

Is there anything I wish was better? Yes. A few versions back, they changed how the capture part works, and it's now slower for me to use, in terms of the UI. I takes an extra screen click to achieve what I want. It's hard to describe how little things like that make it feel like you're working slower. I really wish I could just hit PrintScreen, drag and click to capture, and have it already in my clipboard, without needing to go into the editing screen. I don't think there's any way to do that now. When I'm taking a lot of screen captures for recording a step by step process, that would speed things up. But we're talking about pretty minor stuff.

If you haven't tried this tool, just download it and try it. I suspect you won't want to ever then give it up.

 

 

Opinion: Why penguins don't explode and the need for basic research

When government funding is tight, it gets harder and harder to get grants to perform fundamental research. The government always wants to see outcomes, and this means that the grants committees need to show outcomes. In turn, this often leads to research funding bodies doing one of three things:

  • Only funding research that's nearly complete
  • Only funding well-known researchers with a track record of outcomes
  • Only funding research in areas that are already showing promise

Now while at first glance, that might sound a reasonable way to proceed, it's not.

If you only fund research that's nearly complete, you are more likely to get an outcome, but what you are funding is development, not research.

If you are only funding researchers with a track record of outcomes, and in areas already showing promise, you will struggle to get great outcomes.

The best outcomes in science have always come out of left-field. As an example, you might assume that MRIs were developed by medical technologists. However, the work on those came from work by chemists and physicists, based on earlier work by other physicists and an astronomer. None of these people were working on medical technology at the time.

As for fundamental research, one of the best thesis titles I ever saw was "Why Penguins Don't Explode".

Famous image from the wonderful Monty Python's Flying Circus
Famous image from the wonderful Monty Python's Flying Circus

Now before you scoff at anyone proposing a topic like that, it was accepted knowledge for a long time that penguins must only dive down about 20 or 30 metres. But this guy tracked them and found they dived up to 500 metres. He was fascinated by how anything living can dive down 500 metres and not implode, and conversely, how does it come screaming up to the top of the water and not explode. Penguins also don't get the bends.

So how does that work?

We need people noticing these things and researching them. We might have to fund a thousand of these projects to get anything concrete back. But whole new industries can come from the handful that get an outcome.

BTW: I went looking for the final thesis but can't find it at present. My guess is that the academic fraternity made him "tone down" the title of the work.

 

Opinion: Passwords are a completely broken concept

For a long time, passwords have troubled me conceptually. I now believe that, as a concept, they are beyond broken. As an industry, we need to do better.

I might well need to do with more identities, passwords, multi-factor authentication options, etc. than the average consumer but I know it's beyond me to get this right, at least in the way that vendors, financial institutions, and source providers expect me to.

Let's look at at the "simple" requirements that we now ask people to comply with:

  • Use a complex password
  • Don't write it down or record it anywhere
  • Change it regularly
  • Use different passwords for every site that you deal with

Is that even humanly possible?

Is requiring someone to do something that almost no human could do, even legal?

I'd love to see it tested.

Then let's compound this with completely different complexity rules for almost every site. You can't have any sort of mental pattern of how to do this either. Some sites won't allow special characters, some won't allow more than a small number of characters, some want only alphabetic characters, some want numbers only, some want alphabetic characters and numbers mixed, some want upper and lower case combinations, etc. etc. etc.

Password Managers

And yes, I hear some say, everyone just needs to use a password manager. But while they can help, are they all really safe? What do you know about who wrote them? Is putting all your credentials into a single spot really a brilliant idea?

Password Rules

Many of the ridiculous rules that we confront users with on a daily basis are justified on the basis of "security", but how does a user challenge the validity of the requirements?

For example, forced password expiry has been shown time and again (by detailed research) to actual reduce security overall, yet how many organizations still force people to do this.

We need to do better

As an industry, we should be ashamed of what we've created.

Opinion: Start and finish meetings on time – don't wait for stragglers

It's bad enough today that 90% of all online meetings seem to start with endless "can you all hear me?", "can you see this?", "I can hear you but I can't see it", "John's trying to connect but can't", etc. etc.

But the one that annoys me most is:

Let's give it a few more minutes for stragglers to connect in

Why exactly?

This often happened with in-person meetings too but it seems even more prevalent now with online meetings. In both cases, it's inappropriate.

What this actually says is "I know you all connected in at the time we said the meeting would start, but I don't care enough about your time to keep to the agreed schedule. I'm more concerned about the people who didn't connect at the right time."

I used to coach youth baseball teams, softball teams, and soccer teams. I felt the same way with those. Most parents made sure their kids were there on time. A few didn't. But why should I waste the time of those that did, for those that didn't?

People who are late will understand that they're late and they might have missed something. But guess what? They'll also be more inclined to get there on time next time. (Or at least most will).

A similar issue happens when meetings drag on without a conclusion at the agreed time.

Don't do this either

If you didn't schedule enough time, learn to schedule more. If you didn't manage the meeting properly, learn to manage it better next time. But respect the time and other commitments of attendees.

Also, try whenever you can to avoid the meeting in the first place, if there's a better way to resolve whatever needs to be discussed.

Finally, if your meetings are endlessly starting late because of connection issues, fix them too.

 

Opinion: Don't chastise people for not doing a bot's work

I spend a lot of time consulting across a variety of companies. Often I'm there doing what we consider "mentoring" and that means I'm there on and off for longer periods. Because of that, I often have to do the same compliance "training" that their own employees do.

The first thing I'd comment on is that unfortunately this sort of compliance ends up being counted against the company's training budgets. Let's be clear:

That's not training

Most of the staff in the organizations see it as falling somewhere between an annoyance and a joke. The company makes the staff do these "courses" to keep the company out of trouble, not so that the staff actually learn anything. Worse, it's often so the company can blame the staff when they do the wrong thing. The company really doesn't think the staff don't understand conflicts of interest, or email policies. They just want to be able to avoid staff later saying that they didn't know they were doing the wrong thing.

One set of annoying courses forces staff to follow security policies like frequent password resets, etc. "to keep the company secure". Yet time and again, cyber security research has shown that forcing password resets frequently actually reduces security. (See the current NIST guidelines for details on passwords. Here's an article as an introduction). So the company is actually forcing people to take actions to reduce the company's security.

But the ones that annoy me the most are the ones were staff are asked to do things that the company's systems should be doing instead of the staff. Here's a hint:

If you need to run a course to tell people not to follow links in emails where the link address doesn't match the displayed URL, why not get an email system that does that instead?  If it's easy to teach people to do it, then teach a machine to do it instead.

Don't blame people for doing something wrong that a system or a bot should be doing in the first place!

 

 

Opinion: Don't buy hardware before a Proof of Concept

Just a short post today to call out something that I'm seeing again and again. It's where organizations purchase all their hardware and software platforms before they start to carry out a proof of concept. This is a very poor option.

I was reading the data strategy for a global company that I was doing consulting work for. They were proudly introducing the new strategy yet I was sitting looking at it, trying to work out what they were thinking. The first step of their plan was to buy everything they needed. The second step was to carry out a proof of concept to see how it would all work (presuming it would work suitably at all).

This is ridiculous.

In that case, I think what's happening is that the IT management wants to seem proactive, buying hardware and software platforms is what they are experienced at, and they want to look like they are "doing something".

Image by RawPixel
Image by RawPixel

Yet, invariably, this locks them into decisions that aren't in the best interests of the organization. Instead of making sensible decisions, they end up making decisions, based on what they have already committed to. And the more expensive that purchase was, the more they will try for years to justify the expenditure decision that they made. Every choice will later be taken, based upon how well it fits with their existing purchase.

Don't do this.

Do everything you can to carry out the proof of concept without buying anything that locks you into a decision path.

Opinion: Take career risks while you can

In the 1980's and 1990's, part of my time was spent as a lecturer and tech services manager at a university. I particularly loved working with final year students and their project work. At our regular meetings though, I also often got into discussion with the students about their career plans, as they were about to graduate. What amazed me was how many super-bright students were looking to take incredibly boring jobs working on ancient technologies, in what were basically programmer graveyards, and when I asked them why they were intending to go there, invariably they'd tell me that they thought those jobs would be long term and low risk.

So a bright twenty-one year old student with no kids, no mortgage or other real commitments, and nothing much in the way of ties, was selling their soul for a low risk job.

Don't do this !

Take career risks while you can!

I understand that once you have a partner, kids, mortgage, etc., you don't have the freedom to try things. I've seen people I work with who are so tied to receiving a pay every fortnight that they can't make good decisions about their careers.

Image by Kevin Delvecchio
Image by Kevin Delvecchio

But if that's not you, don't sell yourself and your future short.

If you're worried about taking a risk, ask yourself what is the worst possible thing you can imagine happening, and then ask yourself if there is any way you could survive it, even if it's painful. And if you could survive it, don't hesitate to try. Anything that happens probably won't be as bad as you've imagined anyway. More importantly, you might just fly.

Image by The Nigmatic
Image by The Nigmatic

No-one flies day one, not even birds. While you can, just try things.

One of the saddest things I hear from older people is regret for the things they felt they could have done but didn't try.

Image by Ozan Safak
Image by Ozan Safak

Don't let it be you with the regrets.

Opinion: Avoid annual subscription surprises for your customers

Yet again, a few days back, I received two invoices that showed I'd just paid (via PayPal fortunately) a pair of annual subscriptions. These are subscriptions that I thought were already cancelled, and we'd stopped using the products many months back.

The problem is that I've now spent quite a bit of my time, and quite a bit of the vendor's time trying to work out how to cancel and reverse them. For days now we've had emails going backwards and forwards between ourselves and the 3rd party that they use for provisioning/charging.

That's a serious waste of time for all three organizations, and it means that I now feel worse towards a product (and the company) that I've already stopped using. That makes it even less likely (not more) that I won't use it or them again.

Annual subscriptions and pre-approved payments are becoming somewhat of a cancer in our industry. I get the point of them when I'm signing up for something ongoing. But I do not get the point of pre-approved future payments when I'm buying something one-off.

Why do so many companies do this? And why do so many set auto-renewals without asking you? On many sites, it's almost (if not) impossible to buy something one off without having to go back into the account after the sale and nuke all the pre-approval and auto-renewal stuff.

Here's a hint: All of these actions come across to the customer as dodgy.

Surely you want your customers to want to deal with you and want to pay you, not to be feeling tricked into ongoing things, many of which are quite hard to reverse. Are the companies simply hoping for customer apathy?

At least if I pay for these things with something like PayPal, I could set myself a monthly reminder to go into my account and nuke anything that I don't want to be pre-authorizing. But I shouldn't need to do this.

Probably the biggest thing that suppliers with annual subscriptions could do is to send you a reminder that you are about to be billed, a few days before you are actually billed.

It's hard to believe that we've become so "pro-consent" about email addresses and haven't done that for payments. And the IT industry is one of the worst offenders.

It's time for this all to become much, much cleaner and simpler for the customer.

 

Opinion: DIY security is not security

I spend a lot of time working in software houses. One of the nastiest things that I see again and again and again, is developers attempting to roll their own security and authentication mechanisms.

Spend a moment and think about how many security incidents the big companies (Google, Apple, Microsoft, etc.) have had over the years. Now think about how much effort they've put into doing it right, yet they still have issues at times.

The scary part about trying to do this yourself is that you often don't even know how scary what you are doing is.

Apart from the ones who do a reasonable job of password hashing, etc. I also see a surprising number who still store plain text passwords, or think that applying some "special algorithm that they wrote" to "encrypt" passwords or other private information is acceptable.

It's not.

I cringe every time I see someone who's written a algorithm that does obfuscation on a value before storing it. Worse is when they refer to it as "encryption" within the organization.

So my post today is just a simple plea:

Please don't do this.

The minute you find yourself writing "encryption algorithms" or authentication code, just stop. Just because you think you've got away with it for years, don't tell yourself that you don't have an issue.

I've seen the outcome at sites where this all goes wrong, and it's not pretty. You do not want to be anywhere near it when the finger-pointing starts. It all ends in tears.

Image by Tom Pumford
Image by Tom Pumford

 

 

Opinion: Design your own job

One of the software houses that I've done some work for over the years has had a number of unexpected issues with their clients and had to shed quite a lot of their staff. This is always a concerning time and I'm seeing a lot of worried and unhappy people. Either they don't think  their jobs will last, or they are upset at having been moved to roles that they don't want.

Many see no option but to try to stick it out, even if they hate what they're doing.

When I was young, the perceived wisdom was that it was best to get a job with a large company, as they have the stability for long term employment. I saw friends heading into banks, government departments, and Fortune 500 companies.

Image by Jordan Andrews
Image by Jordan Andrews

I'm sure there was a time long ago where this worked but I think the concept of stable employment at large companies is almost illusory nowadays. In so many organizations that I deal with, I see pretty regular churn, and whole teams of good people discarded, almost at a whim.

By comparison, my friends that have created their own jobs have had by far the most stable and  satisfying careers. Many have built something up and are still doing it, even if the specifics have evolved over time. The other argument for larger companies has been that higher income can be achieved, yet many who have created their own jobs have now earned far more than if they'd joined a large company.

One of the beauties of being in these companies only on a part-time contract basis, is not being concerned when these seismic changes occur with organizations.

The way that I see the world evolving, I think it will be more important than ever to be in control of your own destiny. While it can be useful to get a good grounding in a business area from a larger company (to perhaps get a better understanding of the norms and professional standards of your industry), your future is likely to be brighter if you take care of it yourself, rather than outsourcing it to the whims of some company that you don't control.

You need to be prepared to also take on the responsibility of your own career development ie: get yourself trained on useful areas, keep across new technologies, learn new skills. Be prepared to invest in yourself, not be someone who is whinging because your company isn't developing your career the way you'd like.

And while you're at it, find something that you love to do.

Over time, I can see there being far less traditional 9-5 full-time job roles available, particularly at the lower-skilled end of the market. Don't be one of the "oh woe is me – who will give me a job now?" people.

Design your own job; take the initiative to make it happen. It may take a while but start today; invest in yourself, and take control of your own future.