I think the problem at hand is that, during the lifecycle of any company, a shift must take place where the commitment to product quality and customer satisfaction becomes no longer the emotional product of a few passionate individuals, but becomes part of the fabric of the corporation. This means that process and procedure takes over from actual people who may care about customers.

Said process and procedures bring with them the danger that individuals within the company become disempowered and demotivated. Sadly, it is the only way to scale an operation beyond a few individuals: process and procedures must be put in place to ensure customers have a consistent experience. You can’t put the burden on what few employees you have that happen to be the driven customer satisfaction rock stars. They will burn out and leave, and expose the rotten structure underneath.

There is a fine line between empowering and disempowering your employees. If you do it right, employees remain involved, passionate and motivated. If you do it wrong, the customer experience will be consistent, but it will be crappy. Taken to its logical extreme, the only continuing contribution your employees will make to morale is to post Dilbert cartoons on their cubicles.

I am not sufficiently familiar with the cryptography in use for the EMV protocol, but my first thought is that astute observation by POS personnel should provide substantial defense against this entire class of attack: if someone shows up at your cash register with an EMV card wired to his backpack, something fishy is probably afoot.

My other thought has to do with the notion that banks might attempt to shift the responsibility for fraudulent Chip-and-PIN transaction to the consumer. “Since EMV is so secure,” the reasoning goes, “the PIN authorization is proof positive that the transaction is valid.” Except it has now been shown that PIN authorization can be spoofed.

Security is not black and white: it does not make fraud impossible, but makes it harder and more expensive to commit fraud. The protection level provided by a security feature should be commensurate to the value of the transaction it protects. Too high a protection level is likely to be more cumbersome, or more expensive, than the transaction in question justifies.

This is a quick-and-dirty list of Perl-related packages that need to be installed on a vanilla Ubuntu system in order to run the perl-framework:

My VMWare VM is running Windows 7 on the Boot Camp partition, but I’m waiting for this new version of Boot Camp so I can boot Windows 7 directly on the metal. It’s the end of the year. Where’s my update?

Pre-requisites:

• The Apache Portable Runtime library. I use trunk from http://svn.apache.org/repos/asf/apr/apr/trunk
• The Perl-Compatible Regular Expressions library, either your own build or through your operating system. If you’re on Linux, be sure to install the -dev package as well

Once these are in place, check out the Apache source code from http://svn.apache.org/repos/asf/httpd/httpd/trunk, cd into the checkout and run ./buildconf --with-apr=/path/to/apr/source-code. Then run configure:


./configure \
--prefix=/somewhere/convenient \
--enable-mods-shared=all \
--enable-maintainer-mode \
--with-apr=/where/you/put/it \
--enable-proxy=shared \
--enable-ssl=shared \
--enable-case-filter=shared \
--enable-case-filter-in=shared \
--enable-bucketeer=shared \
--enable-echo=shared \
--enable-mpms-shared=all


make and make install. This module complement is what will be exercised by the test harness. The build system will leave the last ./configure invocation in config.nice, and also install the latter under the build subdirectory when you make install. Isn’t that nice?

To run the test harness, check out http://svn.apache.org/repos/asf/httpd/test/framework/trunk. Underneath the checkout, find in Apache-Test/lib/Bundle/ApacheTest.pm a list of the Perl modules you need. A number of these will already be on your system. Get what you don’t have from CPAN or your package manager. Also, install HTTP::DAV and its dependencies which is not on the list but needed to exercise mod_dav. Then run:

perl Makefile.PL
t/TEST -httpd /somewhere/convenient/bin/httpd -apxs /somewhere/convenient/bin/apxs


Note your skips and failures. Add Apache modules and Perl modules if you find the list above out of date. Then make your changes to Apache, rebuild and run t/TEST again. If your new build is in a different installation root, run make realclean in the framework and set it up again. When your changes to Apache (no longer) cause any tests to fail, propose the change to dev@httpd.apache.org. If you add new functionality, add new tests. That’s all. Easy.

Share this post:

]]> http://www.temme.net/sander/2009/11/03/my-apachecon-us-2009-wishlist/feed/ 0 http://www.temme.net/sander/2009/09/20/cousins-graduation-project-makes-nl-national-paper/ http://www.temme.net/sander/2009/09/20/cousins-graduation-project-makes-nl-national-paper/#comments Mon, 21 Sep 2009 03:25:48 +0000 Sander http://www.temme.net/sander/?p=223 My cousin Bart is quoted extensively on his graduation project resource by the literary supplement to the Dutch national newspaper NRC.

For readers who don’t read Dutch, Bart’s thesis is that literary magazines in The Netherlands have lost their significance as a breeding ground for new talent and as a forum for debate about literature. He substantiates this claim by tallying for two time periods (late seventies vs. mid-naughties) which proportion of debuting authors were first published in literary magazines: the decline is considerable.

For those that do read Dutch, a summary is available at the poetry blog De Contrabas. This site also make the entire thesis document available. You might also Google for ripples in the literary pond.

Great job doctorandus Bart!

Share this post:

]]> http://www.temme.net/sander/2009/09/20/cousins-graduation-project-makes-nl-national-paper/feed/ 0 http://www.temme.net/sander/2009/09/10/a-beni-happy-birthday/ http://www.temme.net/sander/2009/09/10/a-beni-happy-birthday/#comments Fri, 11 Sep 2009 06:38:00 +0000 Sander http://www.temme.net/sander/?p=218 What do you give the spouse who has everything for their birthday? I certainly did not make it easy for La, since I’m a little too young to want a Harley.

So on my birthday, she took me out for “lunch and a surprise”. We drove to the City and ended up in the Japantown mall, so I figured that we might be going to Benihana for said lunch. But, when we got there I was told that Laura had arranged for me to Be The Chef, and cook a Teppanyaki dinner for a party of friends and family two days later! What an amazing idea!

That day itself was the training. They sat us down at a table in the back, and taught me how to prepare Splash & Meadow (steak & shrimp), chicken fried rice and hibachi vegetables. Everyone was getting the same choice, to keep it easy. A real chef was going to take care of the second table of friends and family, so they got their choice of entree and the real show.

Two real Benihana chefs helped with the training. First, they demonstrated the techniques, pointing out the order in which things happened, how long each step (like cooking the steak) was supposed to take, and the specific cuts, chops and slashes. This became Laura’s lunch. Then it was my turn: I got to try the opening utensil juggle, flip the shrimp tail at my coat pocket (and was given to understand that pontifically putting the last one in your pocket with your fork is a face-saving conclusion in case you miss every one), make the fried rice heart and slice and dice the New York Strip.

They had given me a spatula and fork with which to practice the juggling act, so I spent the next afternoon in the back yard with electrical tape on the pointy ends of the utensils, trying out the various flips, tosses and twirls. And areating the lawn in the process. But, in the end I managed to keep from putting anyone’s eye out during the performance.

The evening itself was a great success. The head chef of the restaurant, Anton, talked me through the performance and backed me up on the time critical bits. The training involved cooking one serving, but this table had eight hungry people (and one very small one (hi Emma!)) around it! We would typically split up the large tasks: for instance he finished half the shrimp combos and while I got to start all the steaks, I only got around to finishing three. Yes, a professional chef is much faster at this than a dilettante like myself.

The shrimp appetizer went very well. Since there are only three shrimp per serving, I got to start, flip and cut all of them. And then, the shrimp tail toss trick. I not only got one in my hat (though I maintain a that hat that big is hard to miss), but also one in my pocket! Yes, I totally meant to do that!

Chef Anton demonstrated the scared appetizer shrimp, did a fried rice Mickey Mouse (which I had never seen done before), and I got to do the fried rice heart for Laura. Finally, we did the onion ring volcano. This trick went absolutely flawlessly and you can see the result at the top of this post.

Afterwards, I got to taste some of the food and it was actually pretty good! It was a lot of fun to do, and rewarded by a Japanese Steak Dinner in the end. I am very happy Anton helped me and kept me from ruining the food… the special scraper tool came out only twice to restore the state of the grill. In the end, I was very tired but very happy with this amazing birthday party. I would like to thank everyone for coming; the San Francisco Benihana for allowing me to do this; Anton, Junior and George for looking after me; Carol for making it happen and above all, my dearest spouse Laura for arranging it.

Share this post:

]]> http://www.temme.net/sander/2009/09/10/a-beni-happy-birthday/feed/ 0 http://www.temme.net/sander/2009/09/08/snow-leopard-plunge/ http://www.temme.net/sander/2009/09/08/snow-leopard-plunge/#comments Tue, 08 Sep 2009 16:28:52 +0000 Sander http://www.temme.net/sander/?p=213 Just installed… so far, so good. I took a full Time Machine backup before I started, and ran a disk check (which showed Green) from the install CD.

After the restart, the system asked me for the System Events application, but that was easily found.

I had to reinstall the Cisco VPN Client, because the Snow Leopard install clobbers /System/Library/StartupItems and erases the client’s StartupItem. Aside from StartupItems being highly obsolete, Cisco has no business putting stuff under /System anyway. Otherwise, I am now up and running using the same version (4.9.01 (0100)) I had running under Leopard.

Entourage (EWS) works; Microsoft Document Connection works: that’s about all I’ve used to far. Next time I do an expense report we’ll see if the Brother combo fax can still scan for me. Fingers crossed on that one.

Share this post:

]]> http://www.temme.net/sander/2009/09/08/snow-leopard-plunge/feed/ 0