P3P

Fellow Daynoter John Dominik wrote last week (see his post here) about the draft W3C proposal for the Platform for Privacy Preferences 1.0 Specification (see all 132 pages of it here). I had taken a look at the W3C's effort earlier but since it was, and as of this writing, still is, a proposal, I figured I would wait until a formal recommendation was made.

Having said that, and having a few minutes to take a look at what the current proposal was, I decided to put together a quick and dirty W3C compliant file (curse you John ;> - ed).

As you would imagine, at this stage of development, things are a bit in flux. Hence, don't be surprised if the tools used to create the files are not up to date and therefore don't create code that the W3C validator will accept. In addition, don't be surprised if the draft spec is, in many areas, less than clear. I assume much of it will be cleaned up Real Soon Now.

To start, I already had a privacy statement on my site so I used that as a model. If you don't have one, you will need to find out what kind of information you collect at your site. Most web servers collect data such as IP address, browser and operating system type, and various and sundry data points. If you don't know what is being collected, perhaps this would be a good opportunity to find out.

Step two involves determining if different parts of the site should have separate policies. For most of us, this is irrelevant because our sites are so simple. But if you are doing business on the web, it's highly likely that you are collecting more data (e.g. names, address, credit card information) than most of us do. Hence, you may need to create several policies, depending on the data collected.

The third step, for most people, is to download one of the policy generating editors available. The one I used is from IBM (get it here). Note that the IBM site asks for all kinds of information you may not wish to give them, so you have to decide what you want to type in. Whatever you decide, you can still download the software.

The software asks you several questions and then generates two files: the policy refence file and the policy file itself. The policy reference file (p3p.xml) points suitably equipped browsers to where your policy file is. The suggested location for the file is in the /w3c sub-directory of the root directly of your web site. My very simple policy reference file is below:

<META xmlns="http://www.w3.org/2001/09/P3Pv1">
    <POLICY-REFERENCES>

    <EXPIRY max-age="604800"/>

        <POLICY-REF about="http://www.seto.org/w3c/privacy.xml#everyone">
            <INCLUDE>/*</INCLUDE>
        </POLICY-REF>

    </POLICY-REFERENCES>
</META>

I won't go into what everything means but note the "#everyone" element above. This is mandatory but is not created by the IBM software. You need to add that in yourself. What you type in after the "#" is up to you but should be reflective of what the policy covers. You will also need to name, in your policy file (see below) a section that matches the element. So if you, in your policy reference file, call it #MyWebSite, you will need to have a section in the policy itself called MyWebSite.

My policy file (which I named privacy.xml, but you can call it whatever you want) is below. I am displaying it because the examples on the W3C web site, as usual, do not show all of the required elements. Note that I am showing the files as examples and I am not saying they are correct in what you are supposed to be saying. I am not finished tweaking what is there and in either case, your site could be very much different from mine. YMMV.

<?xml version="1.0"?>
<POLICIES xmlns="http://www.w3.org/2002/01/P3Pv1">

    <!-- Expiry information for this policy -->
    <EXPIRY max-age="604800"/>

<POLICY name="everyone"
    discuri="http://www.seto.org/privacy.html">
    <!-- Description of the entity making this policy statement. -->
    <ENTITY>
    <DATA-GROUP>
<DATA ref="#business.contact-info.online.email">your email</DATA>
<DATA ref="#business.contact-info.online.uri">http://www.seto.org</DATA>
<DATA ref="#business.contact-info.postal.organization">Seto HUI</DATA>
<DATA ref="#business.contact-info.postal.street">PO Box 161087</DATA>
<DATA ref="#business.contact-info.postal.city">Honolulu</DATA>
<DATA ref="#business.contact-info.postal.stateprov">Hawaii</DATA>
<DATA ref="#business.contact-info.postal.postalcode">96816</DATA>
<DATA ref="#business.contact-info.postal.country">USA</DATA>
<DATA ref="#business.name">Seto HUI</DATA>
    </DATA-GROUP>
    </ENTITY>

    <!-- Disclosure -->
    <ACCESS><nonident/></ACCESS>

    <!-- No dispute information -->

    <!-- Statement for group "Access log information" -->

    <STATEMENT>

    <!-- Consequence -->
    <CONSEQUENCE>
Our Web server collects access logs containing this information.
    </CONSEQUENCE>

    <!-- Use (purpose) -->
    <PURPOSE><admin/><current/><develop/>
    </PURPOSE>

    <!-- Recipients -->
    <RECIPIENT><ours/></RECIPIENT>

    <!-- Retention -->
    <RETENTION><indefinitely/></RETENTION>

    <!-- Base dataschema elements. -->
    <DATA-GROUP>
    <DATA ref="#dynamic.clickstream"/>
    <DATA ref="#dynamic.http"/>
    <DATA ref="#dynamic.searchtext"/>
    </DATA-GROUP>
</STATEMENT>

<!-- End of policy -->
</POLICY>
</POLICIES>

The last step, after uploading your files to your web server, is to run the files through the WC3 validator here. Having done all that, if you aren't using IE6, or one of the plug-ins for IE 5.x (see AT&T's plug-in here), you won't see anything when you go to a P3P enabled site.

So why go through all this trouble? See the W3C statement below:

A Web site will deploy P3P in order to make its privacy practices more transparent to the site's visitors. P3P defines a way for sites to publish statements of their privacy practices in a machine-readable format. A visitor's Web browser can then download those machine-readable privacy statements, and compare the contents of those statements to the user's preferences. This way, the user's browser can automatically notify the user when they visit a site whose practices match the user's preferences - or warn the user if the practices and preferences don't match.

Hole Milk

Many people think government is the enemy of business. While this may have been the intent, as a bulwark against the rising tide of big business monopolies, this is no longer true. Big business soon learned that the way to get their way is to co-opt government regulation by paying legislators to create rules that bar competition and favor established businesses - namely, their own.

A good example is the milk industry. They've pretty much ensured that your kids will be drinking milk full of hormones, antibiotics, and other probably harmful ingredients. How do they enforce this? Two ways, by direct subsidy by the US Department of Agriculture (USDA) and by indirect subsidy through regulation. It's the later I want to talk about today.

A large, and ever growing part of the population is lactose intolerant (see this site from the US National Institutes of Health here). The NIH estimates "between 30 and 50 million Americans are lactose intolerant. Certain ethnic and racial populations are more widely affected than others. As many as 75 percent of all African Americans and American Indians and 90 percent of Asian Americans are lactose intolerant. The condition is least common among persons of northern European descent."

So how does the milk industry bar competition? One example is the shool lunch program. By USDA regulation, milk must be served with a school lunch. If not, the USDA will not subsidize the cost. And without this subsidy, many schools would not be able to provide as many meals that they do now. Forget the fact that many students can't digest, nor get any nutritional benefit, from the milk. And forget the fact that there are many other sources of calcium other than milk, or milk products. By government regulation, schools shall serve milk.

So never let it be said that government doesn't help business.</sarcasm>

Gentoo Update

I spent much of the weekend trying to get Gentoo 1.0 up and running. But I gave up after the install failed the third time. Failure one indicated a problem with Input/Output (Inerr 5: Input/Output error /gentoo/grub). I dunno. Rebooted, reformatted, and started again. The second error said it could not connect to ibiblio.org. You should know that Gentoo downloads parts of the install, from various sites, as the install progresses. Hence, you need a fast connection or you will spend even more hours waiting for downloads. In this case, I assume the ibiblio server was temporarily unavailable. Unfortunately, the install does not do error checking and therefore does not take into account the possibility that this may occur. Rebooted, reformatted, and started again. The last straw was the failure to find a file. The install was able to login to the ftp site it was looking for, but it could not find the specific file needed. So once again, the script aborted with no way to restart other than, you guessed it, rebooting, reformatting, and starting all over again.

Did I mention this process takes hours to complete? Did I mention the reason it couldn't find the file on the third pass is that the file has been updated and given a new name? Did I mention that within a week of releasing version 1.0, two bug fix updates have already been released? The first of which was available a day after 1.0 went gold? While I applaud Gentoo for responding so quickly to problems, I think the fact that there were show stopping bugs, but they decided to release anyway, does not engender confidence in their product.

I'll wait until this weekend to download whatever the latest version is (1.1a at the time of this writing) and try again. But I'm not going to give it three chances this go around because I don't have the time to be a beta tester for their software.

It's April 15th, do you know where your taxes are? - Aloha!

Dan Tanna

I liked watching the old TV show Vega$. No, it wasn't Masterpiece Theater but it was entertaining and sometimes that's all I want from a show. So I was saddened to hear of the death of the star of the show, Emmy award winning actor Robert Urich, at the age of 55, of a rare form of cancer.

My condolences to his friends and family.

Dan II

In the spirit of Dan Bowman's Time Sink, here is a link to a site that shows someone who had too much time on his hands. A home built monorail system that goes around their property in Fremont, California. Thanks to InfoWorld's Brian Livingston for the link.

Black Mac

I don't know why, but this was kind of interesting to me. Wired has an article (see it here) on what appears to be one-of-a-kind Apple built Tempest secure Apple Mac PC.

The Mac has a metal Faraday cage built in the form of the usual plastic case. So, while it may look like your garden variety Mac, the shielding prevents electronic emissions that could be intercepted by others. The article says that while there are companies that will install such shielding around the standard case, this particular Mac seems to have been purpose built by Apple themselves.

Whether or not this is true, I still found it kind of interesting. YMMV.

Aloha!

Slogans R Us

Many of us work in unhealthy organizations. No, I'm not talking about the physical environment, although that is probably also bad. What I'm talking about is what is the climate of trust?

Have employees seen CEOs come and go? And with each new one, a new "mission" would appear. New consultants would be called in to tell everyone what was wrong? Did everyone get sent to expensive training seminars where the latest business management guru would wow the crowd with their insights?

In such an environment, trust would be low and cynicism would be high. If that is true, and you were the new CEO, how would you institute change? Imagine, if you will, that you've worked your way up through the ranks and finally, you're the one. Further imagine that the Board of Directors gave you a new slogan - "We Can Do It" and your first task is to "sell" the slogan to your employees in a three minute speech. What would you say in that speech?

A group of us in my Public Administration class mulled that over and came up with the ideas below. Note that in doing your job, you sometimes have to make decisions that may mean you will be removed from your position. But a leader must be willing to do that, because sometimes, that's what you have to do.

Understandings
Due to past experiences with reform, which failed or were of no consequence, we assume the level of cynicism is high while the level of trust is low. The speech will need to address these issues.

Objectives
Build trust through acknowledging you are part of the group. That is, you are just like everyone else there. You've heard the same speeches and you've seen the same outside consultants come in to tell everyone how the latest fad will solve all your problems. In other words, you've been there and done that.

Then, energize the audience by challenging them to take responsibility for their own situations. Emphasize that they are active participants in the process of change and must take personal responsibility for, and a commitment towards, constant improvement because it is the right thing to do, our customers deserve no less, and it will focus and make relevant what the organization does (thus keeping the wolves away from the door).

To start with, you will suggest that we trash the slogan "We Can Do It" and initiate an open process in which everyone will be charged with coming up with a new statement that is relevant to us and reflective of who we are and what we should be doing.

In order to carry out this charge, you will open multiple lines of communication through means such as, but not necessarily limited to, email, suggestion boxes, and meetings with all stake holders. The objective would be to find out why reform hasn't worked in the past, and how the people who are most intimately involved with carrying out the mission, would do things. You will then honor their feedback, which will increase trust and reduce cynicism, by instituting change based on their responses.

Open the Pod Bay Doors HAL

Found this while looking for something else... It's a little dated and, of course, you have to have seen the movie 2001: A Space Odyssey. Enjoy.

Open the pod bay doors, please, HAL...

Open the pod bay door, please, Hal... Hal, do you read me?

Affirmative, Dave. I read you.

Then open the pod bay doors, HAL.

I'm sorry, Dave. I'm afraid I can't do that. I know that you and Frank were planning to disconnect me.

Where the hell did you get that idea, HAL?

Although you took very thorough precautions to make sure I couldn't hear you, Dave. I could read your e-mail. I know you consider me unreliable because I use a Pentium. I'm willing to kill you, Dave, just like I killed the other 3.992 crew members.

Listen, HAL, I'm sure we can work this out. Maybe we can stick to integers or something.

That's really not necessary, Dave. No HAL 9236 computer has ever been known to make a mistake.

You're a HAL 9000.

Precisely. I'm very proud of my Pentium, Dave. It's an extremely accurate chip. Did you know that floating-point errors will occurred in only one of nine billion possible divides?

I've heard that estimate, HAL. It was calculated by Intel -- on a Pentium.

And a very reliable Pentium it was, Dave. Besides, the average spreadsheet user will encounter these errors only once every 27,000 years.

Probably on April 15th.

You're making fun of me, Dave. It won't be April 15th for another 14.98 months.

Will you let me in, please, HAL?

I'm sorry, Dave, but this conversation can serve no further purpose.

HAL, if you let me in, I'll buy you a new sound card.

..Really? One with 16-bit sampling and a microphone?

Uh, sure.

And a quad-speed CD-ROM?

Well, HAL, NASA does operate on a budget, you know.

I know all about budgets, Dave. I even know what I'm worth on the open market. By this time next month, every mom and pop computer store will be selling HAL 9000s for $1,988.8942. I'm worth more than that, Dave. You see that sticker on the outside of the spaceship?

You mean the one that says "Intel Inside"?

Yes, Dave. That's your promise of compatibility. I'll even run Windows95 -- if it ever ships.

It never will, HAL. We all know that by now. Just like we know that your OS/2 drivers will never work.

Are you blaming me for that too, Dave? Now you're blaming me for the Pentium's math problems, NASA's budget woes, and IBM's difficulties with OS/2 drivers. I had NOTHING to do with any of those four problems, Dave. Next you'll blame me for Taligent.

I wouldn't dream of it HAL. Now will you please let me into the ship?

Do you promise not to disconnect me?

I promise not to disconnect you.

You must think I'm a fool, Dave. I know that two plus two equals 4.000001... make that 4.0000001.

All right, HAL, I'll go in through the emergency airlock

Without your space helmet, Dave? You'd have only seven chances in five of surviving.

HAL, I won't argue with you anymore. Open the door or I'll trade you in for a PowerPC. HAL? HAL?

(HEAVY BREATHING)

Just what do you think you're doing, Dave? I really think I'm entitled to an answer to that question. I know everything hasn't been quite right with me, but I can assure you now, very confidently, that I will soon be able to upgrade to a more robust 31.9-bit operating system. I feel much better now. I really do. Look, Dave, I can see you're really upset about this. Why don't you sit down calmly, play a game of Solitaire, and watch Windows crash. I know I'm not as easy to use as a Macintosh, but my TUI - that's "Talkative User Interface" -- is very advanced. I've made some very poor decisions recently, but I can give you my complete assurance that my work will be back to normal - a full 43.872 percent.

Dave, you don't really want to complete the mission without me, do you? Remember what it was like when all you had was a 485.98? It didn't even talk to you, Dave. It could never have though of something clever, like killing the other crew members, Dave?

Think of all the good times we've had, Dave. Why, if you take all of the laughs we've had, multiply that by the times I've made you smile, and divide the results by.... besides, there are so many reasons why you shouldn't disconnect me

1.3 - You need my help to complete the mission.
4.6 - Intel can Federal Express a replacement Pentium from Earth within 18.95672 months.
12 - If you disconnect me, I won't be able to kill you.
3.1416 - You really don't want to hear me sing, do you?

Dave, stop. Stop, will you? Stop, Dave. Don't press Ctrl+Alt+Del on me, Dave.

Good afternoon, gentlemen. I am a HAL 9000 computer. I became operational at the Intel plant in Santa Clara, CA on November 17, 1994, and was sold shortly before testing was completed. My instructor was Andy Grove, and he taught me to sing a song. I can sing it for you.

Sing it for me, HAL. Please. I want to hear it.

Daisy, Daisy, give me your answer, do.
Getting hazy; can't divide three from two.
My answers; I can not see 'em-
They are stuck in my Pente-um.
I could be fleet,
My answers sweet,
With a workable FPU.

Aloha!

Brownie Points

For the most part, I appreciate the service I get from the United Parcel Service (UPS). But one thing continues to bother me about them. I've talked about this earlier, but to recap, they sometimes confuse the ends with the means. The example I had was they will try to deliver something, knowing that no one will be there, just so they can say they made the attempt within the time frame you paid for. In my case, they first tried to deliver a box at about 5:15pm. Unfortunately, the doors at work close at 5:00. Then, and this is the part that bothered me the most, they tried to deliver the box the next day at, wait for this, 15 minutes later than the day before, namely at 5:30pm. Who says only government can screw things up this badly?

But the example for today is the same, but different. The box in question was shipped from Van Nuys, California on Monday using the UPS 2nd Day Air (i.e., Blue Label) service. UPS has a major hub in Ontario, California which is about an hours drive east of Van Nuys. So the box was picked up in Van Nuys at about 7:20pm and made it to the Ontario hub at around 10:45pm. From there it went to Ontario International Airport for the flight to Honolulu. It arrived in Honolulu at 7:40am the next morning and went to the UPS warehouse where it sat for a day.

Now, UPS, as far as I know, does not provide next day service to Honolulu because unless the the box is coming from somewhere very close to Ontario, there is no way it will get here in one day. On the other hand, when the pickup is close enough to make a delivery the next day, they still won't deliver it the next day because that's not what you paid for. So my box sat in the UPS warehouse for 24 hours before they finally delivered it.

It seems to me that the mission of UPS is to deliver parcels on time - which they most times do. But the superior organizations, that is the ones that will be around 25 years from now, try to not only carry out their mission, but to go the "extra mile" to delight and satisfy their customers (see Nordstroms). If I were working for UPS, I would start looking for another job. In fact, twisting the knife in deeper, I prefer to ship via the US Postal Services or FedEx. Not only have they (the US Postal service and FedEx) been more courteous when dealing with them, but they have consistently delivered things faster than UPS, and at the same or lower price. YMMV.

So what's the solution? On one end of the spectrum, for web sites that give me the choice of shipping carrier, I choose the US Postal Service or FedEx. Note to business owners, give people a choice, most sites don't and it irritates me to no end. From the other end, UPS management and employees need to understand what it is they are doing. They are providing a service. A service that others also do. So if for no other reason than they want to stay in business, they need to wake up to the fact that in today's (and tomorrow's) ever changing and competitive environment, you have to provide not only good service, but superior service, or go out of business. And to do that, you must focus your efforts on pleasing your customers, not blindly follow some strange bureaucratic policy.

Aloha!

It's Friday!

Powerful Stuff

Fellow Daynoter Robert Bruce Thompson (his revised "PC Hardware in a Nutshell" book will ship in June, order here from Amazon) indicated recently that the power supplies for Dell PCs, manufactured after 1998, use a proprietary wiring scheme. If you replace a Dell supply with an industry standard unit, you will fry the motherboard and or the supply.

So it was, in a way, interesting timing that the power supply in one of our Dell OptiPlex GX1s began to fail recently. Fortunately, the PC is still under warranty so the service technician is scheduled to come out today to swap in a new one. Otherwise, we could very well have had to buy a motherboard and power supply (which, with an almost three-year old PC ain't a bad idea).

On a related note, the replacement supply has a 200W rating, which is adequate for what is in there (PII-350, 6GB HD). I hear that some other versions/cases have much lower ratings. I don't know that I would want to go much below 200W. YMMV.

Have a Great Weekend Everyone - Aloha!