There was a time when I used to scan in a lot of documents. You’d go to an event or conference and people would give you handouts. If they were any use, you might scan in the text so you had it easily available. These days, there’s less and less need for that because people don’t print off 50 copies of a document, they give you a link to an online PDF. So if you do have scanning software, you want it to be pretty amazing.
Of course, HP sells lots of ‘all-in-one’ scanner/copier/printer units to the home market. So those people are going to want OCR (Optical Character Recognition) software to convert scanned documents to something that is useful. I’m sure many parents can help their children with homework by scanning in text and images and reproducing that in a different format for school’s consumption.
So, let’s suppose you go out and purchase the latest version of Nuance’s OmniPage Ultimate, what do you get? Well, to start with you get an installation that irritatingly launches Google Chrome in an attempt to register the software. By the time I’d cancelled that and put the address into Firefox, my software had given up registering and said it would try again in 7 days. Not an auspicious start.
I then launched the software expecting some user-friendly front end that would talk me through what I wanted to do. ’Fraid not. I connected the software to my scanner easily enough. I clicked around a lot expecting to find some way to scan in a document. After 10 minutes I just gave up – it didn’t seem to want to do that. In fact, it isn’t designed to do that. So I scanned in a document in my usual way and saved it as a JPG. I then opened that in OmniPage. It was a mixture of text and images. And the OCR was perfect. OK it wasn’t the hardest document to read, but it was still perfect – down to the last semi-colon. I then tried the speech output – trying out the different voices available – and that was well done. It read the text nicely. I could listen on any mobile device (tablet or smartphone) to it reading – so long as the device supported mp3 files. I later converted a long PDF document, I’d been sent, to mp3 and listened to it on my tablet – brilliant.
A program that comes with OmniPage Ultimate is Launchpad. This looks a bit Windows 8ish and uses tiled action buttons to speed up the process of converting documents and sending them to any destination. This is obviously an attempt to freshen up the user interface – and it works.
What makes Ultimate more than just an OCR engine is that it can convert PDFs and digital photos of text into files that users can edit/search/share. Plus, it can convert those into mp3 speech audio files that can stored on mobile devices (as I mentioned above). It means that you can listen to a document on the go, rather than trying to read it. File types it can save as includes: Microsoft Word, Excel, and PowerPoint 2007, PDF, HTML, and Corel WordPerfect.
One clever new feature is that users can convert documents so they can be read with eBook applications on the Android tablets, Microsoft Surface, iPad,Nook Simple Touch, Nook Tablet, Sony Reader PRS-350/PRS-650/PRS-950, Kobo eReader, Kobo Touch and Kobo Arc.
The press release also point out that Ultimate can convert “documents stored in Windows Live SkyDrive, GoogleDocs, Evernote, Box, Dropbox, and many more when integrated with Nuance Cloud Connector. OmniPage connects with Microsoft SharePoint and DMS, and features new support for Open Text Hummingbird Connector, and Autonomy-Interwoven iManage Connector”.
Also of interest to some people will be the fact that Ultimate is accessible in “more than 100 languages. OmniPage Ultimate includes the recognition of languages based on the Latin, Greek, and Cyrillic alphabets as well as Chinese, Japanese and Korean, languages enabling users from around the world to access, edit and manage documents”.
So, apart from the registration annoyance and the old-fashioned user interface (although Launchpad helps modernize things), it is a very powerful piece of software with very good character recognition success (I tested a fair few scans and PDFs before I wrote this) that makes documents available for editing and sharing. The OmniPage file can be exported as mp3 as well as HTML and the usual Office programs. I must admit, the product grew on me, the more I used it and the more familiar I became with it.
You can find out more at www.nuance.com/for-business/by-product/omnipage/ultimate/index.htm.
Sunday, 26 May 2013
Sunday, 19 May 2013
Carrots, sticks, and managing mainframe staff
So, how do you ensure that your staff work to the best of their ability? Because, no matter how fast your mainframe is, if your expert staff aren’t motivated and engaged, then things will move forward slowly. Upgrades, fixes, ZAPs, etc will be reluctantly and perhaps inappropriately applied. And performance generally will be poor.
Research has generally shown that ‘carrots’ are better motivators in terms of encouraging good behaviour from staff, and ‘sticks’ are not so good at motivating staff. So praising good work by staff seems to be a better way of getting them to do what you want than criticism of their work or blaming them for failures. But simply saying “well done” may have its pitfalls!
Management mostly use the operant conditioning model of learning. In this, reinforcement encourages a particular behaviour and punishment discourages the behaviour. Simple! From that you’d assume that incentives or rewards and praise in the workplace would be successful in getting the best results from staff. However, research indicates that rewards are effective at producing only temporary compliance – they don’t seem to produce lasting change in attitudes or behaviour. And research shows that people who expect to receive a reward don’t perform as well as those who expect nothing! So people expecting praise for doing their job, will, in the fullness of time, do it less well!
One technique that many classroom teachers use to ensure their children behave correctly is assertive discipline. With this technique, clear rules are laid out, and then children are rewarded (praised) for following the rules. For example, one group of children are sitting quietly waiting for the teacher while another group are chatting. Rather than telling the noisy group to settle down, the teacher will say something like: “Look how well these children are sitting”. The inappropriately behaving group learn that to get attention and approval they need to follow the rules.
From that, we might learn that in the work place, bosses should recognize and comment on desirable behaviour from their staff. Basically, they should be offering praise for people doing the right thing.
Attachment parenting takes a different view of praise – and, although it’s obviously aimed at young children, it has an application with staff. So, rather than saying “good boy”, you say what you can see and feel. So, you might say, “you sorted out your pencils and crayons and put them in separate boxes. That’s impressive organization”. The idea behind it is that the praise of “good boy” could easily be taken away by saying “naughty boy” at a different time. Descriptive praise can’t be taken away. So, practice saying things like: “I see you made the IMS system perform more efficiently. That takes determination.”
But what makes a person behave in a particular way? What makes them stay late until piece of work is completed, or go above and beyond their usual role? It seems there are intrinsic motivators and extrinsic motivators. Extrinsic motivation comes because you expect a reward when the task is complete. Intrinsic motivation comes because the task itself is motivating. Intrinsic motivation is really all about autonomy. You control what you do and when you do it. But, once you start rewarding people who are intrinsically motivated, it demotivates them! There is, apparently, a way round this, you can randomly reward them. So again, praising people seems to have a surprising and opposite effect to what you’d expect.
Mark Tyrrell in his blog “Why telling people how wonderful they are isn’t always a good idea” at http://www.unk.com/blog/dangers-of-excessive-praise/?utm_source=clearthinking&utm_medium=email&utm_content=171&utm_campaign=Clear%2BThinking%2Bnewsletter looks further at why saying, “well done” isn’t such a good idea.
He reminds us of a study, published in 1998 in the Journal of Personality and Social Psychology, in which children were rewarded for simply ‘doing their own thing’ – drawing, playing, and so on. But when the rewards were discontinued, the children tended to lose interest in their preferred activity.
His conclusions were:
“The right kind of praise at the right time and in the right quantity can help you develop the habit of excellence, but a diet of uncontrolled praise won’t do you or anyone else any favours.”
It’s interesting to think how this can be applied to staff working on the mainframe, network, and distributed platforms to get the best out of them.
Research has generally shown that ‘carrots’ are better motivators in terms of encouraging good behaviour from staff, and ‘sticks’ are not so good at motivating staff. So praising good work by staff seems to be a better way of getting them to do what you want than criticism of their work or blaming them for failures. But simply saying “well done” may have its pitfalls!
Management mostly use the operant conditioning model of learning. In this, reinforcement encourages a particular behaviour and punishment discourages the behaviour. Simple! From that you’d assume that incentives or rewards and praise in the workplace would be successful in getting the best results from staff. However, research indicates that rewards are effective at producing only temporary compliance – they don’t seem to produce lasting change in attitudes or behaviour. And research shows that people who expect to receive a reward don’t perform as well as those who expect nothing! So people expecting praise for doing their job, will, in the fullness of time, do it less well!
One technique that many classroom teachers use to ensure their children behave correctly is assertive discipline. With this technique, clear rules are laid out, and then children are rewarded (praised) for following the rules. For example, one group of children are sitting quietly waiting for the teacher while another group are chatting. Rather than telling the noisy group to settle down, the teacher will say something like: “Look how well these children are sitting”. The inappropriately behaving group learn that to get attention and approval they need to follow the rules.
From that, we might learn that in the work place, bosses should recognize and comment on desirable behaviour from their staff. Basically, they should be offering praise for people doing the right thing.
Attachment parenting takes a different view of praise – and, although it’s obviously aimed at young children, it has an application with staff. So, rather than saying “good boy”, you say what you can see and feel. So, you might say, “you sorted out your pencils and crayons and put them in separate boxes. That’s impressive organization”. The idea behind it is that the praise of “good boy” could easily be taken away by saying “naughty boy” at a different time. Descriptive praise can’t be taken away. So, practice saying things like: “I see you made the IMS system perform more efficiently. That takes determination.”
But what makes a person behave in a particular way? What makes them stay late until piece of work is completed, or go above and beyond their usual role? It seems there are intrinsic motivators and extrinsic motivators. Extrinsic motivation comes because you expect a reward when the task is complete. Intrinsic motivation comes because the task itself is motivating. Intrinsic motivation is really all about autonomy. You control what you do and when you do it. But, once you start rewarding people who are intrinsically motivated, it demotivates them! There is, apparently, a way round this, you can randomly reward them. So again, praising people seems to have a surprising and opposite effect to what you’d expect.
Mark Tyrrell in his blog “Why telling people how wonderful they are isn’t always a good idea” at http://www.unk.com/blog/dangers-of-excessive-praise/?utm_source=clearthinking&utm_medium=email&utm_content=171&utm_campaign=Clear%2BThinking%2Bnewsletter looks further at why saying, “well done” isn’t such a good idea.
He reminds us of a study, published in 1998 in the Journal of Personality and Social Psychology, in which children were rewarded for simply ‘doing their own thing’ – drawing, playing, and so on. But when the rewards were discontinued, the children tended to lose interest in their preferred activity.
His conclusions were:
- Don’t over-praise people (or yourself) for doing stuff they should be doing anyway. Sure, it’s good I don’t go around stealing from people, but it should also be my normal behaviour. So be discerning and selective with praise. Ask yourself: “Am I being praised (or praising someone else) for normal human behaviour?”
- Focus on the normality of the desirable behaviour rather than implying that it’s exceptional and therefore not something that can happen often.
- Don’t expect praise for everything and don’t always praise others, or you’ll be fostering praise dependency and an inability to pursue excellence for its own sake. If you don’t praise all the time, the praise you do offer has more potency.
- Focus on what is actually within a person’s control (like hard work) rather on nebulous and essentially meaningless characteristics. “You have worked really hard!” implies that success was something they could consciously influence. Telling someone they are “fabulous” for completing something gives them no meaningful information about their input.
“The right kind of praise at the right time and in the right quantity can help you develop the habit of excellence, but a diet of uncontrolled praise won’t do you or anyone else any favours.”
It’s interesting to think how this can be applied to staff working on the mainframe, network, and distributed platforms to get the best out of them.
Sunday, 12 May 2013
Welcome to the red team!
You may not know that ‘red teaming’ refers to the practice of “viewing a problem from an adversary or competitor’s perspective. The goal of most red teams is to enhance decision making, either by specifying the adversary’s preferences and strategies or by simply acting as a devil’s advocate. Red teaming may be more or less structured, and a wide range of approaches exists. In the past several years, red teaming has been applied increasingly to issues of security, although the practice is potentially much broader. Business strategists, for example, can benefit from weighing possible courses of action from a competitor’s point of view.” That definition comes from the Red Team Journal at http://redteamjournal.com/about/red-teaming-and-alternative-analysis/.
One thing that red teams are often asked to do these days is test IT security. The red team will try to infiltrate a company’s IT system in order to identify any previously unknown vulnerabilities. It seems that one of the best ways to get into a system is to be the first to find a new vulnerability in the software that no-one else has spotted. This ‘zero day’ vulnerability can be used to get malware of some kind into an organization, and, from then on, the red team own the IT system. And that’s why it’s a good idea to pay a team of experts rather than wake up one day and find the bad guys have found their way into your IT infrastructure.
Basically, that small piece of malware can be used by the red team to gain access to the network. And from there they can gain access to any documents or databases and download whatever information they want. If you’re company is a bank, they could find a way to steal money. And a lot of the time, no-one would know it was happening until it’s too late.
Internet Explorer has been in the press over the years for the number of vulnerabilities that it once had, but nowadays, Java is a prime target for red teams because Java is meant to run on 3 million devices – providing what’s called a large ‘attack surface’. Stack walking refers to the way that the different components of an IT platform exchange information about security privileges. This makes it an ideal target.
Attacking the software is getting harder these days, but there’s one component of an organization’s computer system that is always potentially vulnerable – and that’s the people who use the computers. In the past there were stories of dumpster diving – where people would look through dumpsters and rubbish bins for information on paper that was thrown away. Nowadays, most companies collect and destroy paper, so that can’t happen. Even so, walking around a building a visitor can still find passwords on Post-It notes stuck to screens. There’s also a technique called spearphishing that can be used. In this, a seemingly legitimate e-mail contains a malicious link or attachment. Once a person clicks on the link or opens the attachment, the malware is on the system. Another technique is to send infected memory sticks to staff, who often plug them in to see what’s on them, and, again, the malware strikes!
Red team members can now use social media to find the names of staff as well as details of their experience, so that e-mails and phone calls from the red team can sound quite legitimate. Part of the answer is SIEM (Security Information and Event Management) solutions. These provide real-time analysis of security alerts generated by network hardware and applications. SIEM solutions come as software, appliances, or managed services, and are also used to log security data and generate reports for compliance purposes.
The other part of the solution is education of staff so that they don’t insert memory sticks or click on attachments from unknown sources. But often, the best way to get access to corporate data is to find a disgruntled employee. So maybe another part of the solution is to ensure that staff are happy – that terms and conditions are going to avoid people feeling disgruntled. And if they are, then policies and procedures must be in place to manage that situation. And that’s not so easy with a large organization.
Mainframes are mostly used by large organizations – which obviously puts them at risk from unhappy employees. The risk is increased because most mainframe sites also use other platforms – PCs etc. And there is a new and huge security risk with BYOD. The red team could, perhaps, get a piece of malware onto someone’s tablet, which then gets connected to network, which then starts opening security doors all the way to the mainframe.
You may feel your data isn’t important enough to warrant the employment of a red team to test out any exposure to vulnerabilities you might have. But most organizations can learn from the types of vulnerability red teams exploit, and take steps to ensure that they are not at risk from them.
One thing that red teams are often asked to do these days is test IT security. The red team will try to infiltrate a company’s IT system in order to identify any previously unknown vulnerabilities. It seems that one of the best ways to get into a system is to be the first to find a new vulnerability in the software that no-one else has spotted. This ‘zero day’ vulnerability can be used to get malware of some kind into an organization, and, from then on, the red team own the IT system. And that’s why it’s a good idea to pay a team of experts rather than wake up one day and find the bad guys have found their way into your IT infrastructure.
Basically, that small piece of malware can be used by the red team to gain access to the network. And from there they can gain access to any documents or databases and download whatever information they want. If you’re company is a bank, they could find a way to steal money. And a lot of the time, no-one would know it was happening until it’s too late.
Internet Explorer has been in the press over the years for the number of vulnerabilities that it once had, but nowadays, Java is a prime target for red teams because Java is meant to run on 3 million devices – providing what’s called a large ‘attack surface’. Stack walking refers to the way that the different components of an IT platform exchange information about security privileges. This makes it an ideal target.
Attacking the software is getting harder these days, but there’s one component of an organization’s computer system that is always potentially vulnerable – and that’s the people who use the computers. In the past there were stories of dumpster diving – where people would look through dumpsters and rubbish bins for information on paper that was thrown away. Nowadays, most companies collect and destroy paper, so that can’t happen. Even so, walking around a building a visitor can still find passwords on Post-It notes stuck to screens. There’s also a technique called spearphishing that can be used. In this, a seemingly legitimate e-mail contains a malicious link or attachment. Once a person clicks on the link or opens the attachment, the malware is on the system. Another technique is to send infected memory sticks to staff, who often plug them in to see what’s on them, and, again, the malware strikes!
Red team members can now use social media to find the names of staff as well as details of their experience, so that e-mails and phone calls from the red team can sound quite legitimate. Part of the answer is SIEM (Security Information and Event Management) solutions. These provide real-time analysis of security alerts generated by network hardware and applications. SIEM solutions come as software, appliances, or managed services, and are also used to log security data and generate reports for compliance purposes.
The other part of the solution is education of staff so that they don’t insert memory sticks or click on attachments from unknown sources. But often, the best way to get access to corporate data is to find a disgruntled employee. So maybe another part of the solution is to ensure that staff are happy – that terms and conditions are going to avoid people feeling disgruntled. And if they are, then policies and procedures must be in place to manage that situation. And that’s not so easy with a large organization.
Mainframes are mostly used by large organizations – which obviously puts them at risk from unhappy employees. The risk is increased because most mainframe sites also use other platforms – PCs etc. And there is a new and huge security risk with BYOD. The red team could, perhaps, get a piece of malware onto someone’s tablet, which then gets connected to network, which then starts opening security doors all the way to the mainframe.
You may feel your data isn’t important enough to warrant the employment of a red team to test out any exposure to vulnerabilities you might have. But most organizations can learn from the types of vulnerability red teams exploit, and take steps to ensure that they are not at risk from them.
Labels:
attack surface,
blog,
Eddolls,
Event,
Information,
malware,
management,
red,
security,
SIEM,
spearphishing,
team,
teaming,
vulnerabilities,
vunerability,
zero day
Sunday, 5 May 2013
Using social media - Badminton
Badminton horse trials are taking place over the bank holiday weekend from Thursday 2 May to Monday 6 May this year. Badminton is one of those big events that horse lovers from all over the world like to attend – and so do I. And this week, I thought it would be interesting to have a look at how it does its IT. Bear in mind that it has lots of scores coming from different sources, as well as lots of photographs and film, that all need to be collated and shared with the fans who are onsite and off.
Badminton takes place in the park of Badminton House, in Gloucestershire GL9 1DF, England. The house and grounds are owned by the Duke of Beaufort. Badminton has been going since 1949 and is one of the top three four-star rated events (along with Burghley Horse Trials and Rolex Kentucky Three Day). It’s also one of only six annual Concours Complet International (CCI) Four Star events. Three-day eventing involves dressage, cross country, and show jumping.
I spoke to Dominic Sancto who gave me an overview of how things are set up at Badminton – as far IT is concerned.
This year, scores are entered into PCs and these results are wifi’ed across to Windows servers, where a bespoke database collects them all. From there, the results are written out to flat files and distributed accordingly. That means that the flat files are used to update the Web site and result screens, as well as the Badminton app.
There are three versions of the Badminton app, one for Android devices, one for iPhones, and one for iPads. The app gives details of the timetable and start times, as well as results. It also gives news and social information, video and audio, a photo gallery, the course, the riders, visitor information, and ‘grassroots’ – the BE 90 Class riders (that’s a lower group than the rest of the competitors, but everyone’s got to start somewhere!).
As well as the phone app and the Web site, Badminton’s social media has a Facebook page, Twitter, an RSS feed, Picasa, and YouTube. The Web site at www.badminton-horse.co.uk/
has all the information that appears on the app and more. There’s information, tickets/hospitality, horses & riders, news, shopping village, gallery, and an archive. There is just so much information – it’s excellent.
When it comes to Twitter, there are seven members of the Badminton crew tweeting information, news , and comments about what’s going. You can find them at twitter.com/bht_office/badminton-crew. On Facebook, they’re at www.facebook.com/BadmintonHorseTrials. There were plenty of photos and comments before the event even started, and nearly 47,000 likes by last Monday. Not surprisingly, there are even more photos (including from previous years) on Picasa at picasaweb.google.com/baddershorsetrials. Like most organizations, Badminton IT has moved its movies to YouTube to avoid their own servers being overloaded. You can see plenty of videos at www.youtube.com/baddershorsetrials.
There’s also Radio Badminton on 106.1 FM – and you can buy ear-size radios so you can listen to everything that’s going on in the arena as you walk round the massive shopping village or follow the cross country course.
The whole of the IT is very well suited to the needs of the thousands of people who will be visiting Badminton this weekend. See you there!
Badminton takes place in the park of Badminton House, in Gloucestershire GL9 1DF, England. The house and grounds are owned by the Duke of Beaufort. Badminton has been going since 1949 and is one of the top three four-star rated events (along with Burghley Horse Trials and Rolex Kentucky Three Day). It’s also one of only six annual Concours Complet International (CCI) Four Star events. Three-day eventing involves dressage, cross country, and show jumping.
I spoke to Dominic Sancto who gave me an overview of how things are set up at Badminton – as far IT is concerned.
This year, scores are entered into PCs and these results are wifi’ed across to Windows servers, where a bespoke database collects them all. From there, the results are written out to flat files and distributed accordingly. That means that the flat files are used to update the Web site and result screens, as well as the Badminton app.
There are three versions of the Badminton app, one for Android devices, one for iPhones, and one for iPads. The app gives details of the timetable and start times, as well as results. It also gives news and social information, video and audio, a photo gallery, the course, the riders, visitor information, and ‘grassroots’ – the BE 90 Class riders (that’s a lower group than the rest of the competitors, but everyone’s got to start somewhere!).
As well as the phone app and the Web site, Badminton’s social media has a Facebook page, Twitter, an RSS feed, Picasa, and YouTube. The Web site at www.badminton-horse.co.uk/
has all the information that appears on the app and more. There’s information, tickets/hospitality, horses & riders, news, shopping village, gallery, and an archive. There is just so much information – it’s excellent.
When it comes to Twitter, there are seven members of the Badminton crew tweeting information, news , and comments about what’s going. You can find them at twitter.com/bht_office/badminton-crew. On Facebook, they’re at www.facebook.com/BadmintonHorseTrials. There were plenty of photos and comments before the event even started, and nearly 47,000 likes by last Monday. Not surprisingly, there are even more photos (including from previous years) on Picasa at picasaweb.google.com/baddershorsetrials. Like most organizations, Badminton IT has moved its movies to YouTube to avoid their own servers being overloaded. You can see plenty of videos at www.youtube.com/baddershorsetrials.
There’s also Radio Badminton on 106.1 FM – and you can buy ear-size radios so you can listen to everything that’s going on in the arena as you walk round the massive shopping village or follow the cross country course.
The whole of the IT is very well suited to the needs of the thousands of people who will be visiting Badminton this weekend. See you there!
Subscribe to:
Posts (Atom)