I was thinking about a question asked on a group on LinkedIn and I thought I would go into some detail here.
The question was about designing a new amusement park rides, or modifying current rides. Well, for me, modifying would be boring, so that was quickly discarded, but new rides have some possibilities, especially if you start with the assumption that everyone has a smartphone, and that could be used in an amusement park.
For example, to help move up faster in line, perhaps have trivia questions about the park, or famous people in the town, and if you get it right, you and two friends can move up to the front, but, each time you get it right, the next question is harder.
Or, have a roller coaster that isn't too scary, but in the center there are remote controlled vehicles (helicopters or boats) that you use to accomplish some task. If you can do that task you win some prize, but use the smartphone to control the vehicle, perhaps having a picture of what is going on on the phone so you don't have to physically see the vehicle, remembering that everyone on the ride may be trying to accomplish the task.
Monday, November 19, 2012
Tuesday, June 19, 2012
Issues/Questions Before Designing A Mobile Application
Before any coding of a mobile application starts, there are issues that should be discussed to limit the chance of having to rewrite an application, or find that a decision may have legal ramifications. For example, as the following article explains, many patient/doctor mobile applications may be violating HIPAA requirements: http://www.americanbar.org/newsletter/publications/aba_health_esource_home/aba_health_law_esource_1110_barrett.html.
This process is an iterative process, so there should be multiple passes through the questions, as the answer to one will influence the answer to another, until answers to one area doesn't lead to confusion with another.
This process is an iterative process, so there should be multiple passes through the questions, as the answer to one will influence the answer to another, until answers to one area doesn't lead to confusion with another.
- How should the application function if there is no Internet connection? This may be tricky as, for example, if the
application had medical information on it, for example, if an insurance company
or doctor’s office provided the application, then it may be used deep in a
hospital where there is no signal, and you should be in airplane mode
anyway. So there are many places where
there is no connection, or it is spotty.
- Should the information be stored on the device or on a server? This is similar to (1), but if the information is to be stored on the device then there will be other questions. And it may be that storing it on the server may be annoying to the user. For example, if you have an application for lawyers or hairstylists for billing, and you are required to use two-factor authentication, so there is a username/password/rsa token to get into the server, then each time a person changes clients or projects they may need to log into the server, which will be bothersome, so they will uninstall the application. Now, if the information is stored on the device, then they just need to upload the information at the end of the day, and the device is basically a scratchpad that may have additional information that is only useful to the user.
- If the information is stored on the device, even if just for a short time, how sensitive is it, and could any national regulations govern how to protect the data?
- For example is two-factor authentication required? Is it possible for one factor to be the device, which would require that it be uniquely identified. If sending a password, is the password actually needed, or is there better solutions?
- If storing sensitive information then strong encryption should be used, so an Export Registration Number is probably needed, even if just using SSL to send data to the servers.
- How will the application be distributed? Is it targeted to just a small group, such as employees
of a company, or will it be open to anyone to download, but only those that can
create an account will actually be able to use it?
- How will the server and mobile device communicate? For example, SOAP and REST are two common approaches.
- A mobile application will put a higher load on a server, as people can use it when they are paused somewhere, as they are no longer limited to their location, so is the server-side prepared for the increased traffic? One solution may be a mixture of relational databases (RDBMS) and NoSQL databases
- If strong encryption is used, should it be available outside the US?
- Due to the indemnification clauses in the developer contracts for iOS or Android, is your company a likely target for patent trolls to aim for you?
Thursday, May 24, 2012
Organizations, social networks and quantum physics
Quantum physics came about not through a sense of logic, but because physicists were having results that they couldn't explain with Newtonian physics, but it was a struggle for them to try to understand what they were seeing.
For example, in an experiment where there are two slats and one photon (particle for light) goes through. If both slats are open it will appear to be a wave, as it goes through both, but if only one slat is open it appears to be a particle. If they have both slats open until just before the photon gets there, and they close one, it seems to know that and becomes a particle.
There is also the idea of what happens when two particles interact, and there is an idea what will happen, but based on the amount of energy present a different particle will come out, and a probability can be used to get an idea which one it may be.
This didn't make sense, but physicists have had decades to struggle with this, and to come to understanding about the fact that how we observe or measure will affect the results.
In organizations there is an idea that there is a rigid hierarchy, and the roles are well-defined, but, if we take some lessons from quantum physics then if we look at relationships between people, we can see that a person can have different roles based on the situation. So, a person may be the leader of a project if she is the best person for that task, and later her role may change.
But, just as observations and measurements affects the reality of quantum particles, how we see or what we measure in an organization can change how people act, or how we see that person. So, if someone is seen as being someone that is a high-flyer any ideas they have may be seen in a better light, and someone that may actually be more competent may have ideas that are excellent, but because of the fact that he has long hair, he is seen differently and so the ideas are not taken seriously.
So, in an organization where people can change roles based on the situation it is important to be certain to not control from the top, but to have more of a participative form of management, where people are free to discuss their ideas. A good chart on dialogue vs debate is: http://ncdd.org/rc/item/5394.
We come down to social networks now, which is really about trying to help people relate to each other, and much as an organization may want to look at relationships between people as more important, and allow the energy of dialogue to help with creative solutions, social networks seem to follow in the idea that there is a rigid sense of how to relate, where everyone in that social network should relate just to others in that network. So, we have multiple networks, and there are concepts, such as OpenSocial (http://en.wikipedia.org/wiki/OpenSocial) that try to help bridge this, but, basically there is a great deal of lost opportunity where social networking groups don't try to find some way to allow these people to interact.
So, just as organizations may need to move to a more participative, social networks should look at trying to help people to find new ways to interact with each other, and stop looking at just trying to keep people just within that particular website.
Thursday, May 17, 2012
Developing an overall vision before requirements or use cases
The big-picture, or vision of where a program is going is vital if the desire is to build something that is going to have much complexity.
By working on a vision it helps to direct a company to see if they may want to adapt due to a developing vision.
So, for example, I am working on a learning management system framework that I have been mulling over for several years. One requirement is that it should be accessible over a webpage, and be highly interactive, and accessible from native applications on mobile phones.
Now, these may be common requirements, but this is a basic sketch, and if you stop here and implement it later it will be realized that there is an architectural problem due to a lack of vision.
I am also working on an issues program that would be helpful with agile development, and fit well with the notion of Kanban, so developers can select features to implement based on time allotted and interests. This will have the same basic requirements as the LMS.
So, I could write each of these, make them available, and they would be competing with many other programs.
But, what if I want to add a feature to the LMS where the program could suggest training or certifications that may be beneficial to the learner. Now, out of the universe of available courses, how could this program know what to suggest.
A simple solution is to be able to tell it where you want to go to, and advisors or managers could also put in guidance as to where they may be going.
So, if you are working in Human Resources, it may be that you want to go into recruiting, but management may see that you should be on the management track, so, it may be that both are entered as goals, and the system may show only the path the learner selected, but it would also look at the goal put in by management.
This would be helpful if there was defined milestones to go from one position to another, so it may be necessary to give some functionality where this could be designed.
Now, this extends the LMS, but there is also the issues program, and this could be useful for management to allow self-organization.
A staffing company decides to provide software development services to, using their connections to independent developers, for the mobile market.
If the companies can describe the project, and put a dollar amount, then developers and designers could look at the wishlists, then pick which one they want to work on, and it could be that people could put their name on the task as being interested, and teams can come together to do this project. So, it may be that two programmers, a UI expert and a technical writer may form a team, and they will create their own private issues setup where they can list the features so the team members can pick which parts they want to work on.
Now, where would this team come together to collaborate? Why not use the LMS?
It has discussion boards and whiteboards, as well as a place to store documents, so, this virtual team could inhabit a virtual classroom to do their designs and show mockups.
There are many features available that can be explored, and the strengths of using mobile apps hasn't even been explored, but, by working on a vision it could be seen that this simple LMS may grow to not only be just a part, but a business may either evolve from this development, or, if a company is able to adapt they may spread themselves into new areas.
So, before starting on any project, ask what the vision is first, and see where this program may want to go.
Wednesday, May 9, 2012
An authentication system for mobile devices.
I was re-reading "Designing an Authentication Systems" (http://web.mit.edu/kerberos/dialogue.html), written in 1988, and though it was a great paper, and has influenced me heavily, there is another paper that had a deeper impact on my thoughts, "Programming Satan's Computer" (http://www.cl.cam.ac.uk/~rja14/Papers/satan.pdf), and, in this age of mobile devices, better authentication systems becomes more important, due to the increase in the number of smartphones.
So, I will be designing out my solution, using ideas from both of these papers, hopefully to show a system that is flexible enough for real use, secure enough for paranoid companies, and yet useful for the end-user.
So, my first thought is that I don't really want a central repository to know my password, so a secure one-way hash of my password is acceptable in this system, but, as we go on even this may become more secure, and it may involve a zero-knowledge password authentication system (http://ojs.pythonpapers.org/index.php/tppm/article/view/155/142), so we can convince a system that we have the password, without actually sharing the password.
So, the situation is that we have a smartphone, and we want to connect with various systems, and each system may have separate security requirements that the device is not aware of, but, the companies that manage the network decided that Eastern European hackers are great sysadmins, and North Korea is where some of the servers are located, so, this could be considered a hostile environment, but in spite of these issues we want our credit card information and passwords protected, and the companies we are using the services of, on the inside of their firewalls, want to ensure that only those that should be authorized can use the services.
I will deal with the problems of doing online voting using smartphones in a separate series of posts, as there are additional requirements and risks that need to be addressed.
So, I will be designing out my solution, using ideas from both of these papers, hopefully to show a system that is flexible enough for real use, secure enough for paranoid companies, and yet useful for the end-user.
So, my first thought is that I don't really want a central repository to know my password, so a secure one-way hash of my password is acceptable in this system, but, as we go on even this may become more secure, and it may involve a zero-knowledge password authentication system (http://ojs.pythonpapers.org/index.php/tppm/article/view/155/142), so we can convince a system that we have the password, without actually sharing the password.
So, the situation is that we have a smartphone, and we want to connect with various systems, and each system may have separate security requirements that the device is not aware of, but, the companies that manage the network decided that Eastern European hackers are great sysadmins, and North Korea is where some of the servers are located, so, this could be considered a hostile environment, but in spite of these issues we want our credit card information and passwords protected, and the companies we are using the services of, on the inside of their firewalls, want to ensure that only those that should be authorized can use the services.
I will deal with the problems of doing online voting using smartphones in a separate series of posts, as there are additional requirements and risks that need to be addressed.
Thursday, April 26, 2012
Why do caged birds sing, or being agile in a waterfall world
I have been doing agile since the late 90's, even though I didn't know it at first, so being customer-centric just comes naturally to me, and trying to work with systems to have systems that promote better software development, rather than hindering development.
Unfortunately, many companies seem to be stuck in a rut of wanting requirements finalized before any changes can be made, and requiring a large amount of paperwork in order to move any software from one environment to another.
I have been in two companies that either had a system in place to help developers get their job done, or I was able to help influence the system, so it was not in the way of getting work done.
Trying to help companies stuck in the waterfall rut change is a struggle, but one that may be worth fighting, as the end result could be a compromise where the system bends a bit in order to help alleviate the effort to do a quality job.
A simple approach is to ensure that unit tests are written, by you if no one else, and to show the benefits of unit testing, in debugging and the quality of code released.
If there are many manual steps in order to move software from one environment to another, work to get permission to write programs to help automate the task. For example, if files must be updated in order to move software, then a program could do the software promotion, and document what was moved, why and when, and if possible, what features were moved.
For example, at one job I wrote an ant script that would compile, test then increment the version number when it built the war file, and zip up the source code that was in that war file, to meet the business needs, otherwise I was having to do these each time. I also had it possible to deploy the code, if I chose, so with once command I could meet all the needs, and this was around year 2000.
For mobile application agile methodologies are the only approach that will work, as, no one can adequately figure out how a UI should look, as, once it gets on a phone there will be comments that UI elements need to be shifted, or, there may be some other functionality that becomes important, so, the best approach is to start with a UI, get it to the testers quickly, and then begin to add functionality, and get the feedback as to the usefulness of the program.
Unfortunately, many companies seem to be stuck in a rut of wanting requirements finalized before any changes can be made, and requiring a large amount of paperwork in order to move any software from one environment to another.
I have been in two companies that either had a system in place to help developers get their job done, or I was able to help influence the system, so it was not in the way of getting work done.
Trying to help companies stuck in the waterfall rut change is a struggle, but one that may be worth fighting, as the end result could be a compromise where the system bends a bit in order to help alleviate the effort to do a quality job.
A simple approach is to ensure that unit tests are written, by you if no one else, and to show the benefits of unit testing, in debugging and the quality of code released.
If there are many manual steps in order to move software from one environment to another, work to get permission to write programs to help automate the task. For example, if files must be updated in order to move software, then a program could do the software promotion, and document what was moved, why and when, and if possible, what features were moved.
For example, at one job I wrote an ant script that would compile, test then increment the version number when it built the war file, and zip up the source code that was in that war file, to meet the business needs, otherwise I was having to do these each time. I also had it possible to deploy the code, if I chose, so with once command I could meet all the needs, and this was around year 2000.
For mobile application agile methodologies are the only approach that will work, as, no one can adequately figure out how a UI should look, as, once it gets on a phone there will be comments that UI elements need to be shifted, or, there may be some other functionality that becomes important, so, the best approach is to start with a UI, get it to the testers quickly, and then begin to add functionality, and get the feedback as to the usefulness of the program.
Tuesday, April 17, 2012
Insurance companies opportunity using mobile apps
A user is looking at buying a new car, and runs an application that will check various insurance companies for the rate, based on current cars, and some demographic information, but not getting too specific about the individual.
How can this help an insurance company to work with other insurance companies to provide this information?
A common thought is that there is no benefit to be so altruistic, but there is information that can be captured that can have more value than expected.
Imagine the value of data that can be used if a company knows in what situation, or the location, where insurance changes can be made, then marketing can be more focused.
For example, if it is determined that in a particular area the main reason people change insurance, or, are open to changing, is because people that are over 23 are going on their parent's insurance. This could mean that people are moving back home, so ads can be better targeted, or, better plans can be customized for this group of people.
This information can also be sold to other companies, to make more money.
By looking at patterns of when people are looking at buying new or used cars, and what types of cars they are considering, it would be possible to better predict which types of vehicles may be bought, before it is common knowledge.
Now, if there can be a premium version that people will want to buy, then you get valuable marketing information, not only for free, but people pay for the opportunity to give them information.
By going down this path, insurance companies can see benefits from writing native mobile applications. The main advantage of a mobile application is that the data can be stored encrypted on the device, for some non-specific demographic information, to make it easier for the user to get information, by limiting how much they need to enter.
Now, one premium addition to a program would be to be able to enter a vehicle vin, and get information on that car, such as whether the car has been flooded before.
Tuesday, April 10, 2012
Native mobile apps dead?
It was mentioned at work again that companies don't like writing native mobile apps, as it is too expensive and too much work.
But, this reminds me of some of the arguments when the world wide web was still relatively new, as companies didn't see how to take advantage of it, but, over time we had more companies learn how to monetize their websites, and they seem to want to just keep that model and move it to mobile devices.
But, just as companies had to adapt before, they need to adapt again.
Unfortunately too many mobile applications are just a repackaging of what could be done on a web page, but, just as Google Earth changed how people see javascript, and the IPad has changed how people see the tablet, there needs to just be some incredible uses that are not game-related to help North Americans see the benefits of their smart phones.
Subscribe to:
Posts (Atom)