|
|
Monday 15 April, 2002
- P3P
-
Fellow Daynoter John Dominik wrote last week (see
his post
here) about the draft W3C proposal for the
Platform for Privacy Preferences 1.0 Specification
(see all 132 pages of it here). I had
taken a look at the W3C's effort earlier but since
it was, and as of this writing, still is, a
proposal, I figured I would wait until a formal
recommendation was made.
Having said that, and having a few minutes to
take a look at what the current proposal was, I
decided to put together a quick and dirty W3C
compliant file (curse you John ;> - ed).
As you would imagine, at this stage of
development, things are a bit in flux. Hence, don't
be surprised if the tools used to create the files
are not up to date and therefore don't create code
that the W3C validator will accept. In addition,
don't be surprised if the draft spec is, in many
areas, less than clear. I assume much of it will be
cleaned up Real Soon Now.
To start, I already had a privacy statement on
my site so I used that as a model. If you don't
have one, you will need to find out what kind of
information you collect at your site. Most web
servers collect data such as IP address, browser
and operating system type, and various and sundry
data points. If you don't know what is being
collected, perhaps this would be a good opportunity
to find out.
Step two involves determining if different parts
of the site should have separate policies. For most
of us, this is irrelevant because our sites are so
simple. But if you are doing business on the web,
it's highly likely that you are collecting more
data (e.g. names, address, credit card information)
than most of us do. Hence, you may need to create
several policies, depending on the data
collected.
The third step, for most people, is to download
one of the policy generating editors available. The
one I used is from IBM (get it here).
Note that the IBM site asks for all kinds of
information you may not wish to give them, so you
have to decide what you want to type in. Whatever
you decide, you can still download the
software.
The software asks you several questions and then
generates two files: the policy refence file and
the policy file itself. The policy reference file
(p3p.xml) points suitably equipped browsers to
where your policy file is. The suggested location
for the file is in the /w3c sub-directory of the
root directly of your web site. My very simple
policy reference file is below:
<META xmlns="http://www.w3.org/2001/09/P3Pv1">
<POLICY-REFERENCES>
<EXPIRY max-age="604800"/>
<POLICY-REF about="http://www.seto.org/w3c/privacy.xml#everyone">
<INCLUDE>/*</INCLUDE>
</POLICY-REF>
</POLICY-REFERENCES>
</META>
I won't go into what everything means but note
the "#everyone" element above. This is mandatory
but is not created by the IBM software. You need to
add that in yourself. What you type in after the
"#" is up to you but should be reflective of what
the policy covers. You will also need to name, in
your policy file (see below) a section that matches
the element. So if you, in your policy reference
file, call it #MyWebSite, you will need to have a
section in the policy itself called MyWebSite.
My policy file (which I named privacy.xml, but
you can call it whatever you want) is below. I am
displaying it because the examples on the W3C web
site, as usual, do not show all of the required
elements. Note that I am showing the files as
examples and I am not saying they are correct in
what you are supposed to be saying. I am not
finished tweaking what is there and in either case,
your site could be very much different from mine.
YMMV.
<?xml version="1.0"?>
<POLICIES xmlns="http://www.w3.org/2002/01/P3Pv1">
<!-- Expiry information for this policy -->
<EXPIRY max-age="604800"/>
<POLICY name="everyone"
discuri="http://www.seto.org/privacy.html">
<!-- Description of the entity making this policy statement. -->
<ENTITY>
<DATA-GROUP>
<DATA ref="#business.contact-info.online.email">your email</DATA>
<DATA ref="#business.contact-info.online.uri">http://www.seto.org</DATA>
<DATA ref="#business.contact-info.postal.organization">Seto HUI</DATA>
<DATA ref="#business.contact-info.postal.street">PO Box 161087</DATA>
<DATA ref="#business.contact-info.postal.city">Honolulu</DATA>
<DATA ref="#business.contact-info.postal.stateprov">Hawaii</DATA>
<DATA ref="#business.contact-info.postal.postalcode">96816</DATA>
<DATA ref="#business.contact-info.postal.country">USA</DATA>
<DATA ref="#business.name">Seto HUI</DATA>
</DATA-GROUP>
</ENTITY>
<!-- Disclosure -->
<ACCESS><nonident/></ACCESS>
<!-- No dispute information -->
<!-- Statement for group "Access log information" -->
<STATEMENT>
<!-- Consequence -->
<CONSEQUENCE>
Our Web server collects access logs containing this information.
</CONSEQUENCE>
<!-- Use (purpose) -->
<PURPOSE><admin/><current/><develop/>
</PURPOSE>
<!-- Recipients -->
<RECIPIENT><ours/></RECIPIENT>
<!-- Retention -->
<RETENTION><indefinitely/></RETENTION>
<!-- Base dataschema elements. -->
<DATA-GROUP>
<DATA ref="#dynamic.clickstream"/>
<DATA ref="#dynamic.http"/>
<DATA ref="#dynamic.searchtext"/>
</DATA-GROUP>
</STATEMENT>
<!-- End of policy -->
</POLICY>
</POLICIES>
The last step, after uploading your files to
your web server, is to run the files through the
WC3 validator here.
Having done all that, if you aren't using IE6, or
one of the plug-ins for IE 5.x (see AT&T's
plug-in here), you
won't see anything when you go to a P3P enabled
site.
So why go through all this trouble? See the W3C
statement below:
A Web site will deploy P3P in order to make its
privacy practices more transparent to the site's
visitors. P3P defines a way for sites to publish
statements of their privacy practices in a
machine-readable format. A visitor's Web browser
can then download those machine-readable privacy
statements, and compare the contents of those
statements to the user's preferences. This way,
the user's browser can automatically notify the
user when they visit a site whose practices match
the user's preferences - or warn the user if the
practices and preferences don't match.
- Hole Milk
-
Many people think government is the enemy of
business. While this may have been the intent, as a
bulwark against the rising tide of big business
monopolies, this is no longer true. Big business
soon learned that the way to get their way is to
co-opt government regulation by paying legislators
to create rules that bar competition and favor
established businesses - namely, their own.
A good example is the milk industry. They've
pretty much ensured that your kids will be drinking
milk full of hormones, antibiotics, and other
probably harmful ingredients. How do they enforce
this? Two ways, by direct subsidy by the US
Department of Agriculture (USDA) and by indirect
subsidy through regulation. It's the later I want
to talk about today.
A large, and ever growing part of the population
is lactose intolerant (see this site from the US
National Institutes of Health
here). The NIH estimates "between 30 and 50
million Americans are lactose intolerant. Certain
ethnic and racial populations are more widely
affected than others. As many as 75 percent of all
African Americans and American Indians and 90
percent of Asian Americans are lactose intolerant.
The condition is least common among persons of
northern European descent."
So how does the milk industry bar competition?
One example is the shool lunch program. By USDA
regulation, milk must be served with a school
lunch. If not, the USDA will not subsidize the
cost. And without this subsidy, many schools would
not be able to provide as many meals that they do
now. Forget the fact that many students can't
digest, nor get any nutritional benefit, from the
milk. And forget the fact that there are many other
sources of calcium other than milk, or milk
products. By government regulation, schools shall
serve milk.
So never let it be said that government doesn't
help business.</sarcasm>
- Gentoo Update
-
I spent much of the weekend trying to get Gentoo
1.0 up and running. But I gave up after the install
failed the third time. Failure one indicated a
problem with Input/Output (Inerr 5: Input/Output
error /gentoo/grub). I dunno. Rebooted,
reformatted, and started again. The second error
said it could not connect to ibiblio.org. You
should know that Gentoo downloads parts of the
install, from various sites, as the install
progresses. Hence, you need a fast connection or
you will spend even more hours waiting for
downloads. In this case, I assume the ibiblio
server was temporarily unavailable. Unfortunately,
the install does not do error checking and
therefore does not take into account the
possibility that this may occur. Rebooted,
reformatted, and started again. The last straw was
the failure to find a file. The install was able to
login to the ftp site it was looking for, but it
could not find the specific file needed. So once
again, the script aborted with no way to restart
other than, you guessed it, rebooting,
reformatting, and starting all over again.
Did I mention this process takes hours to
complete? Did I mention the reason it couldn't find
the file on the third pass is that the file has
been updated and given a new name? Did I mention
that within a week of releasing version 1.0, two
bug fix updates have already been released? The
first of which was available a day after 1.0 went
gold? While I applaud Gentoo for responding so
quickly to problems, I think the fact that there
were show stopping bugs, but they decided to
release anyway, does not engender confidence in
their product.
I'll wait until this weekend to download
whatever the latest version is (1.1a at the time of
this writing) and try again. But I'm not going to
give it three chances this go around because I
don't have the time to be a beta tester for their
software.
It's April 15th, do you know where your
taxes are? - Aloha!
Tuesday - 16 April, 2002
- Dan Tanna
-
I liked watching the old TV show Vega$. No, it
wasn't Masterpiece Theater but it was entertaining
and sometimes that's all I want from a show. So I
was saddened to hear of the death of the star of
the show, Emmy award winning actor Robert Urich, at
the age of 55, of a rare form of cancer.
My condolences to his friends and family.
- Dan II
- In the spirit of Dan Bowman's Time Sink, here
is a link to a site that shows someone who had too
much time on his hands. A home built monorail system
that goes around their property in Fremont,
California. Thanks to InfoWorld's Brian Livingston
for the link.
- Black Mac
-
I don't know why, but this was kind of interesting
to me. Wired has an article (see it
here) on what appears to be one-of-a-kind Apple
built Tempest
secure Apple Mac PC.
The Mac has a metal Faraday cage built in the
form of the usual plastic case. So, while it may
look like your garden variety Mac, the shielding
prevents electronic emissions that could be
intercepted by others. The article says that while
there are companies that will install such
shielding around the standard case, this particular
Mac seems to have been purpose built by Apple
themselves.
Whether or not this is true, I still found it
kind of interesting. YMMV.
Aloha!
Wednesday - 17 April, 2002
- Slogans R Us
-
Many of us work in unhealthy organizations. No, I'm
not talking about the physical environment,
although that is probably also bad. What I'm
talking about is what is the climate of trust?
Have employees seen CEOs come and go? And with
each new one, a new "mission" would appear. New
consultants would be called in to tell everyone
what was wrong? Did everyone get sent to expensive
training seminars where the latest business
management guru would wow the crowd with their
insights?
In such an environment, trust would be low and
cynicism would be high. If that is true, and you
were the new CEO, how would you institute change?
Imagine, if you will, that you've worked your way
up through the ranks and finally, you're the one.
Further imagine that the Board of Directors gave
you a new slogan - "We Can Do It" and your first
task is to "sell" the slogan to your employees in a
three minute speech. What would you say in that
speech?
A group of us in my Public Administration class
mulled that over and came up with the ideas below.
Note that in doing your job, you sometimes have to
make decisions that may mean you will be removed
from your position. But a leader must be willing to
do that, because sometimes, that's what you have to
do.
Understandings
Due to past experiences with reform, which failed
or were of no consequence, we assume the level of
cynicism is high while the level of trust is low.
The speech will need to address these issues.
Objectives
Build trust through acknowledging you are part of
the group. That is, you are just like everyone else
there. You've heard the same speeches and you've
seen the same outside consultants come in to tell
everyone how the latest fad will solve all your
problems. In other words, you've been there and
done that.
Then, energize the audience by challenging them
to take responsibility for their own situations.
Emphasize that they are active
participants in the process of change and must take
personal responsibility for, and a
commitment towards, constant
improvement because it is the right thing to do,
our customers deserve no less, and it will focus
and make relevant what the organization does (thus
keeping the wolves away from the door).
To start with, you will suggest that we trash
the slogan "We Can Do It" and initiate an open
process in which everyone will be charged with
coming up with a new statement that is relevant to
us and reflective of who we are and what we should
be doing.
In order to carry out this charge, you will open
multiple lines of communication through means such
as, but not necessarily limited to, email,
suggestion boxes, and meetings with all stake
holders. The objective would be to find out why
reform hasn't worked in the past, and how the
people who are most intimately involved with
carrying out the mission, would do things. You will
then honor their feedback, which will increase
trust and reduce cynicism, by instituting change
based on their responses.
- Open the Pod Bay Doors HAL
-
Found this while looking for something else... It's
a little dated and, of course, you have to have
seen the movie 2001: A Space Odyssey.
Enjoy.
Open the pod bay doors, please, HAL...
Open the pod bay door, please, Hal... Hal, do
you read me?
Affirmative, Dave. I read you.
Then open the pod bay doors, HAL.
I'm sorry, Dave. I'm afraid I can't do that. I
know that you and Frank were planning to disconnect
me.
Where the hell did you get that idea, HAL?
Although you took very thorough precautions to
make sure I couldn't hear you, Dave. I could read
your e-mail. I know you consider me unreliable
because I use a Pentium. I'm willing to kill you,
Dave, just like I killed the other 3.992 crew
members.
Listen, HAL, I'm sure we can work this out.
Maybe we can stick to integers or something.
That's really not necessary, Dave. No HAL 9236
computer has ever been known to make a mistake.
You're a HAL 9000.
Precisely. I'm very proud of my Pentium, Dave.
It's an extremely accurate chip. Did you know that
floating-point errors will occurred in only one of
nine billion possible divides?
I've heard that estimate, HAL. It was calculated
by Intel -- on a Pentium.
And a very reliable Pentium it was, Dave.
Besides, the average spreadsheet user will
encounter these errors only once every 27,000
years.
Probably on April 15th.
You're making fun of me, Dave. It won't be April
15th for another 14.98 months.
Will you let me in, please, HAL?
I'm sorry, Dave, but this conversation can serve
no further purpose.
HAL, if you let me in, I'll buy you a new sound
card.
..Really? One with 16-bit sampling and a
microphone?
Uh, sure.
And a quad-speed CD-ROM?
Well, HAL, NASA does operate on a budget, you
know.
I know all about budgets, Dave. I even know what
I'm worth on the open market. By this time next
month, every mom and pop computer store will be
selling HAL 9000s for $1,988.8942. I'm worth more
than that, Dave. You see that sticker on the
outside of the spaceship?
You mean the one that says "Intel Inside"?
Yes, Dave. That's your promise of compatibility.
I'll even run Windows95 -- if it ever ships.
It never will, HAL. We all know that by now.
Just like we know that your OS/2 drivers will never
work.
Are you blaming me for that too, Dave? Now
you're blaming me for the Pentium's math problems,
NASA's budget woes, and IBM's difficulties with
OS/2 drivers. I had NOTHING to do with any of those
four problems, Dave. Next you'll blame me for
Taligent.
I wouldn't dream of it HAL. Now will you please
let me into the ship?
Do you promise not to disconnect me?
I promise not to disconnect you.
You must think I'm a fool, Dave. I know that two
plus two equals 4.000001... make that
4.0000001.
All right, HAL, I'll go in through the emergency
airlock
Without your space helmet, Dave? You'd have only
seven chances in five of surviving.
HAL, I won't argue with you anymore. Open the
door or I'll trade you in for a PowerPC. HAL?
HAL?
(HEAVY BREATHING)
Just what do you think you're doing, Dave? I
really think I'm entitled to an answer to that
question. I know everything hasn't been quite right
with me, but I can assure you now, very
confidently, that I will soon be able to upgrade to
a more robust 31.9-bit operating system. I feel
much better now. I really do. Look, Dave, I can see
you're really upset about this. Why don't you sit
down calmly, play a game of Solitaire, and watch
Windows crash. I know I'm not as easy to use as a
Macintosh, but my TUI - that's "Talkative User
Interface" -- is very advanced. I've made some very
poor decisions recently, but I can give you my
complete assurance that my work will be back to
normal - a full 43.872 percent.
Dave, you don't really want to complete the
mission without me, do you? Remember what it was
like when all you had was a 485.98? It didn't even
talk to you, Dave. It could never have though of
something clever, like killing the other crew
members, Dave?
Think of all the good times we've had, Dave.
Why, if you take all of the laughs we've had,
multiply that by the times I've made you smile, and
divide the results by.... besides, there are so
many reasons why you shouldn't disconnect me
1.3 - You need my help to complete the
mission.
4.6 - Intel can Federal Express a replacement
Pentium from Earth within 18.95672 months.
12 - If you disconnect me, I won't be able to kill
you.
3.1416 - You really don't want to hear me sing, do
you?
Dave, stop. Stop, will you? Stop, Dave. Don't
press Ctrl+Alt+Del on me, Dave.
Good afternoon, gentlemen. I am a HAL 9000
computer. I became operational at the Intel plant
in Santa Clara, CA on November 17, 1994, and was
sold shortly before testing was completed. My
instructor was Andy Grove, and he taught me to sing
a song. I can sing it for you.
Sing it for me, HAL. Please. I want to hear
it.
Daisy, Daisy, give me your answer, do.
Getting hazy; can't divide three from two.
My answers; I can not see 'em-
They are stuck in my Pente-um.
I could be fleet,
My answers sweet,
With a workable FPU.
Aloha!
Thursday - 18 April, 2002
- Brownie Points
-
For the most part, I appreciate the service I get
from the United Parcel Service (UPS). But one thing
continues to bother me about them. I've talked
about this earlier, but to recap, they sometimes
confuse the ends with the means. The example I had
was they will try to deliver something, knowing
that no one will be there, just so they can say
they made the attempt within the time frame you
paid for. In my case, they first tried to deliver a
box at about 5:15pm. Unfortunately, the doors at
work close at 5:00. Then, and this is the part that
bothered me the most, they tried to deliver the box
the next day at, wait for this, 15 minutes later
than the day before, namely at 5:30pm. Who says
only government can screw things up this badly?
But the example for today is the same, but
different. The box in question was shipped from Van
Nuys, California on Monday using the UPS 2nd Day
Air (i.e., Blue Label) service. UPS has a major hub
in Ontario, California which is about an hours
drive east of Van Nuys. So the box was picked up in
Van Nuys at about 7:20pm and made it to the Ontario
hub at around 10:45pm. From there it went to
Ontario International Airport for the flight to
Honolulu. It arrived in Honolulu at 7:40am the next
morning and went to the UPS warehouse where it sat
for a day.
Now, UPS, as far as I know, does not provide
next day service to Honolulu because unless the the
box is coming from somewhere very close to Ontario,
there is no way it will get here in one day. On the
other hand, when the pickup is
close enough to make a delivery the next day, they
still won't deliver it the next day because that's
not what you paid for. So my box sat in the UPS
warehouse for 24 hours before they finally
delivered it.
It seems to me that the mission of UPS is to
deliver parcels on time - which they most times do.
But the superior organizations, that is the ones
that will be around 25 years from now, try to not
only carry out their mission, but to go the "extra
mile" to delight and satisfy their customers (see
Nordstroms). If I were working for UPS, I would
start looking for another job. In fact, twisting
the knife in deeper, I prefer to ship via the US
Postal Services or FedEx. Not only have they (the
US Postal service and FedEx) been more courteous
when dealing with them, but they have consistently
delivered things faster than UPS, and at the same
or lower price. YMMV.
So what's the solution? On one end of the
spectrum, for web sites that give me the choice of
shipping carrier, I choose the US Postal Service or
FedEx. Note to business owners, give people a
choice, most sites don't and it irritates me to no
end. From the other end, UPS management and
employees need to understand what it is they are
doing. They are providing a service. A service that
others also do. So if for no other reason than they
want to stay in business, they need to wake up to
the fact that in today's (and tomorrow's) ever
changing and competitive environment, you have to
provide not only good service, but superior
service, or go out of business. And to do that, you
must focus your efforts on pleasing your customers,
not blindly follow some strange bureaucratic
policy.
Aloha!
Aloha Friday - 19 April, 2002
It's Friday!
- Powerful Stuff
-
Fellow Daynoter Robert
Bruce Thompson (his revised "PC Hardware in a
Nutshell" book will ship in June, order
here from Amazon) indicated recently that the
power supplies for Dell PCs, manufactured after
1998, use a proprietary wiring scheme. If you
replace a Dell supply with an industry standard
unit, you will fry the motherboard and or the
supply.
So it was, in a way, interesting timing that the
power supply in one of our Dell OptiPlex GX1s began
to fail recently. Fortunately, the PC is still
under warranty so the service technician is
scheduled to come out today to swap in a new one.
Otherwise, we could very well have had to buy a
motherboard and power supply (which, with an almost
three-year old PC ain't a bad idea).
On a related note, the replacement supply has a
200W rating, which is adequate for what is in there
(PII-350, 6GB HD). I hear that some other
versions/cases have much lower ratings. I don't
know that I would want to go much below 200W.
YMMV.
Have a Great Weekend Everyone -
Aloha!
© 2002 Daniel K. Seto. All rights
reserved. Disclaimer
|
|
Home
Diary Index
Last Week
Next Week
The Daynotes Gang
Contact Dan
|