Fix The Incongruency - Consider Blogging for Your Company for Fun & Profit

Today I was perusing a marketing book by Chris Baggott et al. (that I haven't actually read yet in full)...and I came across the below passage in the first chapter. I thought it summed up pretty well one of strong arguments for considering having someone within your organization blogging (among other means of connecting with your customers and other constituents such as newsletters, etc.). Give it a whirl around your brain and send me your comments -- if you have any:

What's really funny to me is the fact that when you talk to organizations about what makes them different (worthy, if you will), this answers always lands somewhere in the top three: our people.

So why do you hide your people behind the facade of a brand or an institution? At the end of the day, people associate themselves with other people that they like. Your constituents want to like you and have a relationship with you.

-jr

IPv6 Hyperbole & Opportunities

A oft touted phrase for IPv6 is something to the effect of "an address for every grain of sand"[1]. I have a problem with this statement. It's one of those statements that is technically true but, in fact, untrue -- when used as the answer to the question which it is implied to be answering.

If IP addresses were simply assigned to devices and backbone routers were made aware of every single one it might be true. It's not. It's important to view IPv6 address space size in the right light because otherwise we can end up in some of the same troubles as the current IPv4 Internet. These troubles include not only overall available IP addresses but also routing of these IP addresses across network operator boundaries. After all, what's an IP address without global reach ability? :-)

The way that IP addressing works, there is a hierarchy. This hierarchy is used to group individual IP addresses into larger IP address blocks (known as "prefixes" and sometimes "subnets"). In the early days of IPv4 that was the Class A, B, and C system. While it was replaced with CIDR, the new system still maintained a hierarchy based on network size -- it was simply less rigid. This is still necessary in an IPv6 world.

The size of the protocol's address space -- and how it is broken up -- is of the utmost importance to routing. One of the greatest ironies of IPv4 address consumption is that multi-homing -- the connection to more than one upstream Internet provider for performance, cost, and reliability reasons -- requires an IP block of a particular size. Anything smaller than that accepted by the community (through rough consensus and subject to stragglers, mavericks, and router capacity improvements) and you can't multi-home.

In the IPv4 world this has resulted in waste of IP addresses -- which are never actually assigned to end-user devices -- so that someone can multi-home. It's also made it more difficult for smaller networks that want redundancy. Even if they end up with sufficient IP space, it is likely from one of their ISPs and not portable. If they were truly bigger (as in, if they actually were going to use all of those IP addresses) they'd be able to bypass their ISPs, getting IP space from one of the geographically appropriate pseudo-NGOs that allocate IP address space to larger IP address consumers.

Why all the fuss? Why not just allow anyone and everyone to inject any size block into the Internet routing tables? Because routers have finite resources. The larger the routing tables the more memory and CPU used for every packet pushed through the router. At some point a line is drawn where it is no longer generally accepted to be economically viable. This is where the generally accepted "smallest prefix we'll accept into our routing tables" policies come from. (generally the smallest acceptable block is an /24 in the present IPv4 world, approximately 254 assignable IP addresses for end-user devices).

One of the still active debates in IPv6 is how multi-homing will be performed in the long run. Will the current IPv4 model work? Or does the current model artificially restrict how many folks would actually multi-home if they could? Does the current system encourage too much address waste -- and is that even still a concern? How rapidly would the routing tables grow if a different approach were taken? How will we handle the additional resource burden of the continued co-existence of both IPv4 _and_ IPv6 routing tables for quite some time? etc

IP address portability is (indirectly) addressed in IPv6. That remains to be seen though. Under this model, smaller sites still won't necessarily have their own permanent globally routable IP address blocks. They'll have plenty of real global IP addresses assigned by their ISP now -- without any fuss -- but those IPs will still be controlled by their ISP (i.e. if they opt to change ISPs they will have to return 'em and get new ones from their new ISP). Switching IP address blocks is made (supposedly) easier though. The idea is that deeper auto-configuration is adopted with something akin to current DHCP on steroids used pretty much across the board along with very tight integration with DNS -- and somehow overcoming DNS caching.

I am not advocating against IPv6. On the contrary, for its successful widespread adoption I think that expectations must be set appropriately. And, any open for debate areas -- which don't have to hold back its adoption necessarily -- need to continue to be widely discussed. The more awareness the less that a new adopter is blindsided -- and thus the happier they'll be with the outcome after they proceed with their adoption efforts. And, more importantly, the faster that some more definite solutions / best practices can be better understood and disseminated.

As always, I welcome comments, including contesting any of my conclusions and assumptions above. Discussion and debate is how nearly all progress is made, whether it is with ones self or with others. :-)

[1] “One of the major advantages of the new Internet protocol (IPv6) is that it overcomes the growth problems of the Internet caused by the current limitations in the number of IP addresses needed for every computer or other device in order to access the Internet. The new protocol allows for a virtually unlimited number of (2^128) addresses – enough to assign an address to every grain of sand on all the world’s beaches.”

--“European Commission hosts inaugural event to celebrate the launch of the world's first all IPv6 research network,” Brussels, 14th January 2004

If Only Our Bookshelves Were Social...

Some number of months back I ran across LibraryThing. It allows you to catalog the books you've read or have on your bookshelf or wish to read all online. The social networking and recommendations aspect comes into play when it comes to connecting with other folks that have the same books in their catalog that you do -- since they may have books in their own catalog that would be of interest to you. Part of the idea is also that you can keep an eye on what your friends are reading, instead of simply forgetting the book they recommended last week. I actually wanted an online catalog for other purposes as well:

• Knowing what books I've already bought and have in a pile somewhere but just haven't gotten around to reading....so I don't buy it again
• Being able to let friends browse my catalog and ask to borrow books
  
• Tracking what I'm reading so that it can automatically be tracked on my blog for folks that are interested in what I'm reading (I'm usually reading 3-5 books at a time, at the rate of between 2-4 a month or so typically is my best guess).
  

So I started out poking around at LibraryThing. It has an active community. The good/bad thing is that yesterday I discovered there are two other similar sites. The bad part is that now I'll have to check them out. The good part is that a bit of friendly competition ought to bode well for those of us that like the idea and find benefits to having our personal book collections cataloged on-line.

There seem to be three sites that serve this niche:

• LibraryThing
• Goodreads
• Shelfari
  

-jr

Focusing In Tight Times....and in Good

Barry VanderKelen, who heads up the San Luis Obispo County Community Foundation, has a column entitled Nonprofit Strategies that appears from time to time in the SLO Tribune. I often catch it on-line when it appears. Today's is entitled Stay Focused in tight times. In it he asks Israel Dominguez, who became the new director of Cuesta College's Small Business Development Center in November, "how does a nonprofit organization navigate tough economic times?"

What I liked was the advice given by Mr. Dominguez is good for non-profit....and for profit enterprises alike. And not only in bad times -- but good ones too.

You may want to read the article yourself (link again) then come back here. Anyhow, I'm not known for lacking in opinions so I had a bit to add which is below:

For directors (and business owners), it shouldn't be a matter of thinking in terms of good times versus bad times but a matter of thinking: Who really are my customers? What do they truly want right now? How might I give it to them? And, critically, how do I communicate to them in a compelling way that is compatible with their current mindset?

Good times just means we get to be a bit more lazy in our planning and implementation of all of the above while still drifting by. :-) True success -- the kind that is sustainable anyway -- takes deliberate analysis of the marketplace. Once you're in that position you stop worrying about the ups and downs of the economy other than as variables to incorporate into your analysis about what needs and desires you should be meeting for your customers and making sure your marketing is appealing to them in the new context.

Ironically, with a bit of creativity and persistence, economic downturns can actually be incorporated into ones product/service development and marketing messages. All changes and cycles present opportunities for the astute director/manager/owner.

"You only find out who is swimming naked when the tide goes out." -- Warren Buffet

Understanding MPLS VPNs

If you are an enterprise user of carrier WAN offerings, it is likely you've been offered MPLS as a solution. Most carriers are encouraging customers to consider MPLS based services over traditional Frame Relay, ATM and even Point-to-Point transport.

One misconception is that consumers of MPLS carrier services must "run MPLS" within their own networks or at least on the edge device(s) connected to the carrier's MPLS service. This is not the case (unless you are doing something pretty unusual). Standard routers -- and even bridges -- are used on the customer-side. The configurations may be a bit different than you're used to but they're still relatively straightforward (and cookie cutter once you do one).

Your layer 1 and layer 2 skills will still come in handy. The underlying transport is still going to be TDM (DS1, OC-3c, etc). You may end up running a dynamic routing protocol (BGP, OSPF) with the carrier's network. If that's new territory, don't worry. This BGP configuration is far less elaborate than that needed to (prudently) bring up BGP for Internet multi-homing.

So even though the MPLS component will be outsourced to your carrier, to be an informed buyer and troubleshooter when shit-hits-the-fan, you'll want to understand the different ways that MPLS can be delivered and used by carriers to provide your service. When the carrier asks you to make some choices or you're evaluating a prospective solution, you're more likely to get what you need (and hopefully less of what you don't).

Jeff Doyle, the author of Routing TCP/IP Volume I and II (both 900+ pages each), has two quick articles about MPLS. In Part I, he covers the basics relevant to any MPLS user as to the different types of MPLS network options and in Part II he covers some of the nitty gritty relevant to service providers and those with an interest in what goes on behind the scenes.

P.S. I have some experience with WANs. Feel free to ask me questions. You can post a comment here or drop me an e-mail.


-jr

Finally Was Time To Hire An Assistant

Well, I finally broke down. I hired Sandy and the fact that I can call her anytime with my speed dial is amazing, though it's still taking some adjustment to get used to not having to do it all by myself. She makes sure I don't forget to do things, reminds me about appointments, looks up information for me, calls ahead to let folks know I'm on my way or running late, and jots down thoughts and ideas that occur to me while I'm out and about away from my computer. Oh, and because she gets along well with others, there are endless possibilities to improve how I work. If this trial continues to be so promising, and thus I decide to keep her around, I just hope I can continue to afford her along with the tools she needs to do her job.

-jr

Asterisk Mashes Up Politics

I ran across this application today, called CommitteeCaller.com, which makes it easier for (U.S.) folks to contact their representatives. It's a nifty example of the type of applications that become possible when some imagination gets combined with lowered barriers to entry. This is what mashups are all about. Taking information that is out there on the Internet and combining it in ways that make it more useful, accessible, relevant, visible, etc.

This particular one uses Asterisk for the telephony, a database built from information on the Internet, and a custom AGI to interact with the user input, look up things in the database, make the calls, and get post-call rating feedback. AGIs are the equivalent of HTTP world CGIs (yes, the Asterisk world is progressing quite fast but the Web did get a big head start on it so it's still a little behind; CGIs, or AGIs, are pretty 1997 but you have to start somewhere).

Just wait until all the old school web developers that are used to coding in PHP, Ruby (Adhearsion), C, Perl (Asterisk::AGI), etc. discover they can write Asterisk telephony applications just as easily and in the same languages. (The Adhearsion page, even if you're not a Ruby programmer, has a good overview and example applications if you're curious).

CommitteeCaller.com is a site that allows one person to target an entire congressional committee over the phone. The web application utilizes the open source Asterisk PBX system to connect you to every senator or house member on a particular committee. No more digging around the 'net entering zip-codes to retrieve phone numbers of representatives. CommitteeCaller.com automates the tedium of finding and dialing your favorite politicians.

Select a committee, enter in your phone number and click "Put me in touch with democracy!" and you'll be called by our system and sequentially patched through to the front office of each member on that committee. You can even rate how each call went; information that will enable us to rank representatives on how accountable and responsive they are to their constituents.
[...]
Once connected Committee Caller will tell you which representive you are calling, who their legislative director or chief of staff is, and what district they represent. At any point you can use the * to hang up the call and move on to the next one. Remember not to hang up after each call as you will have the opportunity to rate how your call went.

-jr

My New Home Asterisk PBX Embedded Box

[ The first two are photos of the actual unit, pulled from the eBay auction. The last two photos are not mine but stolen from a friendly Flickr source. Hoping Santa will bring the family a new camera.. ;-) ]

On Friday my HP Thin Client arrived. Only I'm not going to use it as a thin client. Instead I'm going to install Linux (or FreeBSD, see below) along with Asterisk, the open source telephony platform, onto it. This particular unit is an HP T5700.

It cost me <$100 on eBay. Low power <20w, class="blsp-spelling-error" id="SPELLING_ERROR_1">Ghz (Transmeta Crusoe) based with 256MB RAM, and 256MB Flash. I may add a 2.5 laptop drive (has IDE and USB too).

The lack of noise and the tiny form factor is a huge driver since this is going into our apartment and the low power is for our savings accounts and the environment. :) The flexibility and ease of use gained by keeping it x86 based is a big plus for saving time (no cross compiling, no searching out funky code patches for less mainstream architectures) and maintaining compatibility with the maximum amount of things I may want to do with it.

I nearly bought an IP04, or one the variations based on it like uCpbx. These are Blackfin based embedded systems designed to run Asterisk, specifically the Astin distro. These are very cost effective looking solutions for SMB type environments. They are also very very similar to Digium's Asterisk Appliance 50 (AA50), which is also Blackfin based. In fact, they are nearly the same thing if you don't count formal Digium backing and support. (I recently got some experience in with an AA50, in an installation for a client with Snom 320 phones and intend to post some about that at a future date).

I'm looking forward to getting this box on-line as our full-time home phone system. If all goes well I'll probably pick up another one (or several) for lab use. This should free up some space in the apartment and not require me to keep shutting my dev box down to eliminate ambient noise and power consumption. Now if only the power supply would get here quick. :)

Typically I install Debian or Ubuntu then plop in Asterisk. This time, this is meant to be more of a true "appliance" than a server. So I'm going to evaluate some other options before I settle on anything. This will give me the opportunity to get experience with and thus cross out some items on my "To Evaluate/Learn" list.

I'm going to try out Askozia which looks promising. It'll be a new one for me and it's actually FreeBSD, rather then Linux based (it's based on m0n0wall). Askozia also has a built-in web GUI which I'm looking forward to contrasting with Digium's own GUI (which is in AsteriskNOW). AstLinux is another option I'll check out. Unfortunately out-of-the-box it's Asterisk 1.2.x not 1.4.x based (though there's a dev version that is 1.4.x).

I do miss having a lot of tools anytime I've worked with embedded distros. And I like having extensive logging available -- even if the device is supposedly an "appliance" that just sits there. Tough to troubleshoot an appliance when there ain't no logs. :-)

Ultimately I may roll my own stripped down something or other. Or, grab a more generic already stripped down distro and put Asterisk plus the Digium Asterisk GUI on top. Having the option to add a laptop drive gives me comfort I can go with this route, even as far as installing Debian or Ubuntu stock if need be, while remaining low-power.

I also intend to experiment with the various Bluetooth integration options for Asterisk. Namely chan_mobile for headset and cell phone integration.

We'll see what else. :) The nice thing is that, besides really enjoying Asterisk, I can justify more than one solution, since whatever I don't actually use as the house system will still be rewarding in the lab for self-education and evaluating the options out there for my clients.

-jr

VOIP Troubleshooting With (the free) Wireshark Packet Analyzer

Wireshark is a network protocol analyzer. Some may recognize it by its former name, Ethereal. It's free (and open source), runs on multiple platforms (including Windows and Linux), and actively developed. For those doing VOIP installations or troubleshooting existing installations, the latest release has some very handy VOIP specific support.

It will create visuals representing captured SIP and associated RTP connections. You can drill down by clicking on specific spots on the graph to pull up the associated packet(s). You can generate reports (as well as graph) jitter, bandwidth usage, etc. Various ways of displaying the data to get a better idea of what's really going on.

The screen captures at the beginning of this post are from Wireshark. They show a graph of a VOIP (SIP) call (and a half) between two Snom SIP phones attached to an Asterisk-based PBX (the green/blue/purple image). And an analysis of the associated RTP session (including packet loss, jitter, delay). WS can even playback captured VOIP calls (at least if using PCM/G.711/ulaw).

-jr

PCI: It's Alright to Question the Auditors

"It's alright to question your PCI auditor. This isn't about getting out of doing things that really should be done. It's about making sure you aren't unnecessarily wasting money, period. Ask them to justify their findings and recommendations. And seek a second opinion (from another auditor or a security expert) if need be."

A bit back a (then prospective) client came to me while going through a PCI audit. They'd been informed by their auditor (VeriSign in this case) that they needed to segregate off a group of servers. Fair enough. The catch was they were also being told that this needed to be done using a second firewall, in order to be compliant, even though their existing firewall had more than enough interfaces to configure additional distinct security zones. The proposed second firewall would be under the same administrative control and offer no greater granularity in security policy enforcement. In short, it wasn't a terrible idea but it didn't seem very value enhancing either.

The client had an inkling that this shouldn't be necessary. They had further discussions with the auditor to no avail. In the interest of time and manpower, they went ahead and bought another firewall. I was called in later to integrate this and some other changes into their network. One of my first questions was "Why are we doing this?". After hearing a bit more of the background I still felt firm in my conviction that either (a) we weren't getting the entire story and thus even with a second firewall I wasn't sure we were meeting the requirements or (b) there really wasn't sufficient grounds to add a second firewall when the isolation could be done completely adequately on their existing firewall by shifting around the topology a bit to utilize available interfaces and adding some new access rules.

My view was that the assessor had a specific ideal model in mind and wasn't really listening to the arguments given thus far. This was even though those arguments weren't against the server isolation being suggested. The only disagreement was over how to get the end result.

In the interest of time I proceeded with preliminary integration plan development that included the second firewall while recommending a continued push that the auditor needed to justify their recommendation more specifically. Over the course of the next several days, after the client had gotten input from myself including points to bring up and gained additional confidence in their original inkling that the extra firewall was unnecessary, the auditor shifted gears and said implementing the requested isolation on a single firewall was acceptable.

At this point I'd only spent several hours on this project. There was no longer justification for the purchase of a second firewall and the changes required to isolate the servers were far simpler. Even though my client had already purchased the second firewall prior to my involvement, they could now return it, sell it off, re-deploy it elsewhere, use it as a spare, etc.. The expense of engineering and labor for a more complex integration effort was avoided (plus, the long-term costs of having another piece of equipment to maintain, an added failure point, and a more complex topology to troubleshoot).

There are something like one hundred or so assessors that work with the PCI Council to do audits. Each has their own strengths, weaknesses, and agendas. Some are relatively pure-play professional services providers while others sell their own security software and hardware (and, yes, often related to assisting you in gaining PCI compliance). Assessors are allowed to recommend their own services and products as solutions to problems that come up during audits (though they are not supposed to require their use in order to pass). The PCI DSS standard isn't specific -- which is actually a good thing since every environment is different -- so there's much open to interpretation at both the end-user and the auditor level. Finally, all auditors are human and make mistakes as well.

Bottom line: it's alright to question your PCI auditor. This isn't about getting out of doing things that really should be done. It's about making sure you aren't unnecessarily wasting money, period. Ask them to justify their findings and recommendations. And seek a second opinion (from another auditor or a security expert) if need be.

-jr

(Better) Invoicing & Time Tracking for Contractors/Consultants

When I set out on my own again, especially once the consulting gigs started to really pick up, I needed a solution to handle invoicing, time tracking, and accounts receivable management. In the past, I'd known myself to procrastinate (gasp!) generating invoices.

The procrastination was really the symptom of something else: I'd never really taken the time to automate the process. I'd started off on the wrong foot to begin with. I was tracking minutes in text files, adding them up manually, etc. Further, even if I'd used a fancy system to track and generate the invoices, I have this apparent aversion to addressing, stamping, and walking to the mailbox. Guess I'm just lazy.

So, a bit back, I spent a few hours seeing what was out there these days. Ultimately I settled on three (hosted Web 2.0-ish, if you will) solutions as the major candidates that met my needs:

• FreshBooks
• Blinksale
• Cashboard
  

After getting test accounts with each of them I ultimately went with FreshBooks. The main thing that did it for me was that FreshBooks allowed me to send paper invoices without actually touching a stamp, envelope, or printing anything. Yep, they mail it for me and even include the return envelope with my address!

I do actually send all of my clients e-mail invoices -- since that has become much more acceptable these days -- avoiding hard copy whenever possible. However I like having the option and it can also be handy when someone is taking their time paying..

Technically, FreshBooks doesn't e-mail the invoices but sends out an e-mail with a URL that contains the invoice. While others include the invoice in the actual e-mail, I have found it nifty that FreshBooks' approach allows me to see who has viewed their invoice (and they even provide an RSS activity feed to track client invoice reads!).

Since going with FreshBooks, all three billing solutions have added plenty of functionality. And Cashboard, which was in beta when I first looked at it, is now out of beta. I may re-look at each of them at a later date, but I really am pretty satisfied with FreshBooks for the moment.

If you suspect you spend too much time on invoicing, take a look at what's out there these days!

-jr

Relationship Management for Non-Profits (Software)

This software package, CiviCRM, looks promising. It is an implementation of a "Customer Relationship Management" solution, but for organizations that don't really have customers in a commercial sense but still have plenty of relationships to manage. It's a bit like SugarCRM or Salesforce.com but designed for not-for-profit type entities.

If you are involved in a non-profit agency that takes donations or has volunteers, this software may help you optimize your relationships, boost your effectiveness, and provide some dashboard like functionality for managing your organization. Well, that's the theory anyhow. :-)

It appears to have an active community and developers. And a good amount of documentation, a FAQ, a blog, and user forums. All signs that bode well for a sustainable open source project, since many applications die off without achieving critical mass.

I have not used it. I ran across it while researching some other software. Since I know folks involved in managing several non-profits, I wanted give them a heads up to explore further. If anyone takes a closer look please let me know how it goes!

http://civicrm.org/aboutcivicrm

CiviCRM: A Free and Open Source eCRM Solution

CiviCRM is the first open source and freely downloadable constituent relationship management solution. CiviCRM is web-based, open source, internationalized, and designed specifically to meet the needs of advocacy, non-profit and non-governmental groups.

CiviCRM is a powerful contact, fundraising and eCRM system that allows you to record and manage information about your various constituents including volunteers, activists, donors, employees, clients, vendors, etc. Track and execute donations, transactions, conversations, events or any type of correspondence with each constituent and store it all in one, easily accessible and manageable source.

CiviCRM is created by an open source community coordinated by CiviCRM LLC, and the 501c3 non-profit Social Source Foundation.

There is a (amateur but it'll give you an idea) Introduction to CiviCRM video and some others here.

Digium (Asterisk) Is Sending Busy Signals

Digium, the commercial company behind the open-source Asterisk IP PBX, has been ultra busy of late. They came out with a self-contained hardware based Asterisk appliance targeted at developers, telephony carriers, etc. to build custom IP PBXes for their customer bases. They followed this with a full blown out-of-the-box installable hardware IP PBX appliance (the AA50) intended for the mass market. They bought SwitchVox, a leading IP PBX appliance vendor with some nice innovative user interface and functionality features, then announced a deal with 3Com who will be OEM'ing their appliance as the foundation of their IP PBX offering.

Digium, has been selling components, such as as cards to interface between the traditional phone network, development and support services for Asterisk, and commercial licenses for vendors OEM'ing Asterisk code into their own PBXes and other telephony applications for several years now. Now, it's time to get serious I guess.

Further Notable Links:

• http://www.disruptivetelephony.com/2007/09/digium-buys-swi.html
• http://www.voip-news.com/feature/digium-3com-deal-100107/
• http://blogs.digium.com/
• http://seekingalpha.com/article/48678-3com-corporation-forget-cisco-think-open-source
• http://www.digium.com/en/mediacenter/news/
• http://www.digium.com/en/mediacenter/news/viewpress.php?id=3com-and-digium-partner-to-deliver-3com-asterisk

A Promising New Book: The Pragmatic CSO (Chief Security Officer)

Last week I ran across a book I had not seen before. From the looks of things it reasonably could have been entitled "The Pragmatic CIO/CTO/IT Director/IT Engineer/IT Consultant". It is actually called The Pragmatic CSO. CSO stands for Chief Security Officer. Even if your organization doesn't actually have a CSO, there is a de facto one -- whomever is in charge of IT.

Since anyone within the IT group involved in spec'ing solutions needs to have a connection to the underlying business drivers in order to get buy-in from management for their project to proceed, this book ought to be useful to IT manager and geek alike. At least those that want to see their budget requests approved. :-)

This appears to be a promising resource with some good food for thought and practical approaches all collected together in one place. And, to boot, the approaches that look to be discussed should be readily applicable beyond IT security, to any IT project. No IT project proposal will get very far without a business case.

The book's web site is http://www.pragmaticcso.com. It is available as a regular book or electronically. You can get a sample section e-mailed to you from the web site. Or you can d/l the introduction chapter directly here:

http://www.pragmaticcso.com/Pragmatic-CSO_introduction.pdf

I have only read through the Table of Contents and Introduction and poked around at a few reviews at security blogs I monitor. If anyone else gets a copy and reads through more of it before me, please share your comments.

-jr

Who Surveys the Surveyors?

(Questions That Every Survey Should Ask)

Four out five times I'll just toss out those surveys that get printed on the receipts from retailers, restaurants, coffeehouses, etc. If I'm looking for a distraction (or remember that I stashed one in my wallet the next time I'm there while I'm standing around in line anyhow) and the freebie I get for doing it entices me, I'll do one.

It's pretty frustrating to be willing to provide feedback only to discover the survey is your main gripe about the establishment. Based on my survey experiences, one of the following queries should be appended to every survey any company ever does. They basically all boil down to: "Did this survey suck?"

Q: On a scale of 1 to 5, how would you rate the friendliness of this survey?

Q: On a scale of 1 to 5, how would you rate the length of this survey?

Q: On a scale of 1 to 5, how would you rate the clarity of this survey?

Q: On a scale of 1 to 5, would you be likely to take a survey like this every again under the same pretenses?

If it's a written, online, or in-person survey (difficult to do with an automated phone survey) they might even ask something like: Do you have any ideas about how we might make this survey better?

If I had a great experience otherwise, well, we can all spell i-r-o-n-y, right?

-jr

I Don't Know. Really.

Sometimes we don't really know the answer but pretend we do. In fact, sometimes may be an understatement. Not knowing the answers -- or having enough data to have an informed opinion -- but pretending we do is not the foundation upon which to have a discussion to help yourself or someone else arrive at a more informed opinion.

This is particularly important with complex worldly issues (say, geopolitical problems that have the potential to create wars). Few of these types of issues have truly black and white answers. The "truth", such as it is in these cases, often lies within carefully selected -- yet still meaningful -- nuances that can only be honed after significant study and analysis.

Best case, we come off silly. Worst case, we, well, kill a few people. Thankfully we're all adaptable and like to better ourselves. So we can get better at all of this.

Get out there and vote but become truly informed first -- don't just sound informed to those that already agree with you. Be able to have an honest opinionated discussion with folks that don't agree with you and still walk away with an understanding of where they are coming from. If you can't do that, you probably don't know what you're talking about -- and should get back to reading, researching, and thinking before opening your mouth.

Anyhow, the excerpt (along with watching lots of West Wing episodes) that inspired this post (even though it was talking about managing software projects) is below:

True Factors

Next time someone tries to pin you down for an exact answer to an unknowable question — whether it's for a deadline date, a final project cost, or the volume of milk that would fit in the Grand Canyon — just start by taking the air out of the room: say "I don't know."

Far from damaging your credibility, this demonstrates the care you bring to your decision-making. You're not going to just say words to sound smart. It also levels the playing field by reframing the question as a collaborative conversation. By learning how exact your estimate needs to be (and why), you can work together to develop a shared understanding about the true factors behind the numbers.

—Merlin Mann, creator and editor of 43folders.com

Thinking Differently About Problem Solving

We are obsessed with coming up with solutions but rarely do we step back to truly consider the most effective process for generating optimal solutions consistently. And we're quite reliant on mental heuristics, which are certainly helpful in our day to day lives, that deceive us into making intuitive but sub-optimal decisions in ways we are unaware of. And, finally, we're influenced by conventional wisdom which may not be so, well, wise.

A nifty (only 19-page) essay on the topic of generating optimal solutions more consistently that I ran across today on ChangeThis.com:

Mind of the Innovator: Taming the Traps of Traditional Thinking
By Matthew E. May

Matthew May [...] brings our attention to the ‘Seven Sins of Solutions’, the traditional ways of thinking that prevent us from divining the most accurate—and elegant—of solutions to any problem solving situation. Using accessible examples, you’ll find yourself saying “Yes! That happens to me!” as you read. Lucky for us, May also provides methods to avoid those deadly sins and train our brains to think differently, allowing our inner innovator to flourish.

http://changethis.com/37.01.MindInnovator
http://changethis.com/pdf/37.01.MindInnovator.pdf