After the apparent masacre of 100s (if not thousands) of people (many of them reported to be women and children) in Duekoue in the Ivory Coast; a town protected by a UN peace keeping force, my mind goes back to the awful events at Srebrenica in July 1995, where upto 8000 civilian males (men and boys) were massacred - despite the town being a UN Safe Area and "protected" by a UN peace keeping force.
Sadly it seems that 16 years on the UN still has not learnt the lessons and has not given its Peace keepers the robust rules of engagement that are neccessary for them to keep the peace.
We may as well just call them Massacre Observation patrols and take away their weapons, they seem on the surface incapable of using them to do the job their title suggests.
Monday, 4 April 2011
Double Standards - surely not
It is reasonably clear why the UN passed resolution 1973 in order to prevent the use of indescriminate weaponry (for instance artillery and air power) being used against primarily civillian areas in Libya. You may not agree with the methods being used, or the fact that Nato has taken the lead - personally i would have prefered the Arab League and African Union take the lead - using Nato hardware but under local command, but the aim (to protect civillians) is laudable, and possible sets a model for future interventions.
So who is the next target for a similar type of "civillian protection" resolution ? Which other country routinely shells and uses airborne weaponry to attack mainly civillian areas ? The only one that springs to mind is Israel - with its routine attacks into Gaza - which is by any measure a primarily civillian area.
I appreciate somewhat the bind that Israel is in - afterall they routinely suffer rocket attacks from Gaza, but those rockets rarely do any damage, and i think have resulted in few deaths (if any) and few injuries, where as the IDF retaliation regularly results in many deaths and injuries, and could be easily determined to be disproportionate.
Now - do we expect a "civillian protection" resolution to be enacted by the UN and enforced by Nato against Israel ? No, I thought not - answers on a postcard as to the reasons why not - I am sure we can all think of some.
So who is the next target for a similar type of "civillian protection" resolution ? Which other country routinely shells and uses airborne weaponry to attack mainly civillian areas ? The only one that springs to mind is Israel - with its routine attacks into Gaza - which is by any measure a primarily civillian area.
I appreciate somewhat the bind that Israel is in - afterall they routinely suffer rocket attacks from Gaza, but those rockets rarely do any damage, and i think have resulted in few deaths (if any) and few injuries, where as the IDF retaliation regularly results in many deaths and injuries, and could be easily determined to be disproportionate.
Now - do we expect a "civillian protection" resolution to be enacted by the UN and enforced by Nato against Israel ? No, I thought not - answers on a postcard as to the reasons why not - I am sure we can all think of some.
Tuesday, 8 March 2011
S/W pre-requisites - some thoughts
Security :
There is plenty of evidence that designing a security model as an afterthought and an add on to existing software is a recipe for problems down the road - and the received wisdom is that security should be designed into your systems and application from the start. There is a stark difference between the security models for Windows where it is relatively easy for non-priveleged applications do priveleged things (e.g. install or overwrite other applications) without any further user interaction ; vs the models for Unix and Linux where a priveleged action requires a definitive user interaction and confirmation (and in most cases the admin/root account is disabled). The Security model prevalent under MS Windows is widely regarded as the primary reason why Malicious software is so prevalent on that platform - it is far too easy for an application to get priveleges and get control, and many otherwise well written legitimate software require admin priveleges to be installed and operate correctly. If Windows had a Unix/Linux like security model then the Malware for it would be significantly curtailed - regardless of the market share, as simply put the opportunity to infect a platform would be significantly reduced simply because the act of infection itself would need to have user confirmation.
Ideally your security model for your application should cover the following areas :
Allied to these principles are the topics of confidentiality - making sure data is not shared with people or systems who don't need to know - which is both a people problem and a systems problem), and availability - making sure that the right people or systems have access to the right data when they need it.
Reporting and Data extraction
In business targetted applications there is a strong argument for designing data extraction and reporting capabilities in the first release. There are plenty of cases where by an application is heavily used but where the actual reporting capability is inadequate, leading to potentially a number of different problems :
Key data items get re-keyed into spreadsheets or other applications in order to provide the level of granularity and analysis required by the system users and demanded by their senior managers (normally the same senior managers who mandate the use of the application in the first place - probably in the name of standardisation). This re-keying can lead :
Limited adoption of the main system. Users pay lip service to the system and the work flow it supports, as they know that the "value" of any detail they record is limited as they can't extract, analyse or report on it.
To mitigate against these issues there must be thought and effort given to the production of reporting and extraction capabilities in the very first release. Producing a fully customisable reporting and analysis suite within an application is potentially time consuming and complex activity (especially as it is likely to be unknown what analysis will be needed) but an application should as a minimum support a data extraction tool where by a user with the minimum of training can extract relevant data into a standard format. Not only would this solve the problems of synchronisation (no more re-keying of data), it woud improve the take up of the system as there is now value in keeping all the key data in one place. It also enables users to very quickly generate the anaysis and reports that they need using tool sets they are already familiar with. As an added benefit, there is a level of innovation from these "offline" analysis tools, which can be used to feedback into future requirements in the core systems.
Searching and browsing
Any system which contains a lot of data will need a decent search and data browsing capability, and the need for this should be recognised in the first release, even if those requirements cannot fully realised - or are not cost effective (due to the low initial volumes of data or end users). Design decisions (particularly in the area of data storage) should be taken in the light of the need to provide search capbilities.
Once the volume of data rises beyond more than a few key records per user, if a search capability does not exist then those users will user other tools (spreadsheets, notebooks etc) to keep their own index - leading to similar synchronisation problems explored above.
There is plenty of evidence that designing a security model as an afterthought and an add on to existing software is a recipe for problems down the road - and the received wisdom is that security should be designed into your systems and application from the start. There is a stark difference between the security models for Windows where it is relatively easy for non-priveleged applications do priveleged things (e.g. install or overwrite other applications) without any further user interaction ; vs the models for Unix and Linux where a priveleged action requires a definitive user interaction and confirmation (and in most cases the admin/root account is disabled). The Security model prevalent under MS Windows is widely regarded as the primary reason why Malicious software is so prevalent on that platform - it is far too easy for an application to get priveleges and get control, and many otherwise well written legitimate software require admin priveleges to be installed and operate correctly. If Windows had a Unix/Linux like security model then the Malware for it would be significantly curtailed - regardless of the market share, as simply put the opportunity to infect a platform would be significantly reduced simply because the act of infection itself would need to have user confirmation.
Ideally your security model for your application should cover the following areas :
- Authentication - who is using the application.
- Authority - does the person using the application has the priveleges to do what they are trying to do.
- Audit - Is a record kept of who does what to particular items of data.
- Integrity - is the data kept intact both under normal operations and in the case of errors, faults and crucially upgrades.
Allied to these principles are the topics of confidentiality - making sure data is not shared with people or systems who don't need to know - which is both a people problem and a systems problem), and availability - making sure that the right people or systems have access to the right data when they need it.
Reporting and Data extraction
In business targetted applications there is a strong argument for designing data extraction and reporting capabilities in the first release. There are plenty of cases where by an application is heavily used but where the actual reporting capability is inadequate, leading to potentially a number of different problems :
- A proliferation of different spreadhseet styles, formats and analysis - breaking the golden rule of standardisation.
- Synchronisation issues between the manual data collected and the data collected on the "official" system leading to confusion over the accuracy of the various data sources.
To mitigate against these issues there must be thought and effort given to the production of reporting and extraction capabilities in the very first release. Producing a fully customisable reporting and analysis suite within an application is potentially time consuming and complex activity (especially as it is likely to be unknown what analysis will be needed) but an application should as a minimum support a data extraction tool where by a user with the minimum of training can extract relevant data into a standard format. Not only would this solve the problems of synchronisation (no more re-keying of data), it woud improve the take up of the system as there is now value in keeping all the key data in one place. It also enables users to very quickly generate the anaysis and reports that they need using tool sets they are already familiar with. As an added benefit, there is a level of innovation from these "offline" analysis tools, which can be used to feedback into future requirements in the core systems.
Searching and browsing
Any system which contains a lot of data will need a decent search and data browsing capability, and the need for this should be recognised in the first release, even if those requirements cannot fully realised - or are not cost effective (due to the low initial volumes of data or end users). Design decisions (particularly in the area of data storage) should be taken in the light of the need to provide search capbilities.
Once the volume of data rises beyond more than a few key records per user, if a search capability does not exist then those users will user other tools (spreadsheets, notebooks etc) to keep their own index - leading to similar synchronisation problems explored above.
Monday, 28 February 2011
North Africa - a lesson for the west
While the situation in North Africa and Arabia is in some ways a celebration of people lust for freedom, it is also a very stark history lesson.
The West (Europe and America) and Russia have each conspired with locals and each other to prop-up despotic and tryannical regimes, and have only come to the side of freedom when they realised that continuing to back "their man" would find themselves on the loosing side.
If the major democracies of the planet are to maintain any influence, then it has to be in how we support nascent democracies in other countries. If our politicians can trust citizens of their own countries to make a democratic choice, then we have to trust the citizens of Egypt, Tunisia, Libya and many others to make their democratic choices, and not seek to influence their choices.
We can through talk and dialogue look to influence the policies and implementation of those policies (discouraging conflict, foster peace and tolerance), but never again should we be seen to prop up despots and dictators.
The democratic governments of the world should use this week of upheaval to contact every remaining dictator and tyrrant, and gently encourage them all to embrace democracy.
The West (Europe and America) and Russia have each conspired with locals and each other to prop-up despotic and tryannical regimes, and have only come to the side of freedom when they realised that continuing to back "their man" would find themselves on the loosing side.
If the major democracies of the planet are to maintain any influence, then it has to be in how we support nascent democracies in other countries. If our politicians can trust citizens of their own countries to make a democratic choice, then we have to trust the citizens of Egypt, Tunisia, Libya and many others to make their democratic choices, and not seek to influence their choices.
We can through talk and dialogue look to influence the policies and implementation of those policies (discouraging conflict, foster peace and tolerance), but never again should we be seen to prop up despots and dictators.
The democratic governments of the world should use this week of upheaval to contact every remaining dictator and tyrrant, and gently encourage them all to embrace democracy.
Subscribe to:
Posts (Atom)