Japan Update Sunday 28th

We went to the local park - Nagai park which has a couple of large stadiums and was a bit grey because it is winter, apparently it is usually very colourful. Unfortunately the garden was closed because it was Sunday. Loads of people jog here and everyone cycles - young and old - rich and poor - the cyclist is king. The roads are totally cyclist friendly. There are no raised curbs at junctions and people can cycle pretty much anywhere including on the pavements. That is well cool because people want to use their bike all the time. Kids go to school on their bikes with their parents and the city seems almost surreal with so few cars driving around. English cities could do the same with a bit of willing.

Japan - First Impressions

I arrived in Japan this morning at 10:30 having experienced a very short Boxing day (about 16 Hours) and have travelled from Kansai airport to my friends' house in Osaka. My first impressions are:

1. The country is very neat. Even the slums look tidy and the roads are very well kept


2. There are lots of English signs and people who speak English so travelling around on these major routes was pretty easy


3. All of their electricity is carried on overhead wires which make the towns look very messy. They do it because of the earthquakes but I don't know whether they mean that cables would break in earthquakes or that the overhead wires are easier to fix.


4. Lots of the nicer homes have Typhoon windows (steel roller shutters) which are designed to withstand the massive beating they can experience in the storms.


5. You are not allowed to park a car on a public road overnight, you must have access to private parking space.

Pics to follow.

Project Management Debacle

There is a story today about the Department of Transport royally screwing up a project to save the taxpayer money. http://news.bbc.co.uk/1/hi/uk_politics/7784868.stm has the details but in theory the scheme would save £57M (although it doesn't say over what time-frame). In the end, the scheme cost more than double, saved only half of the prospective amount and cost the taxpayer some £81M instead. To say that this is complete incompetence is too harsh to others who have made less ridiculous cock-ups in the past over large scale projects. What annoys me the most is that the lessons are never learned.

For instance, look at the passport computer system, the 2012 Olympics, the Millenium dome, the new Air Traffic Control system. All of them varying degrees of overspend. Of course once the projects start going awry, there is generally no option except to keep spending until completion, you can hardly write-off £50M and end up with nothing can you? I'm sure many articles have stressed the risk of large projects, the importance of breaking projects down into conceivable and manageable sub-projects etc but although this must be standard knowledge, the mistakes continue.

I want to propose something more radical for large scale projects. A large projects requirement specification that would be mandatory for the public sector and advisable or perhaps mandatory for the private sector too (their mistakes can impact the public after all). This requirement would end the days of "the timescales were too unrealistic" and "the budget was far too low". It would require such things as project managers being part of some parent organisation which demonstrates their ability and accountability. It could require that timescales be stated as minimum realistic and likely overrun. It would require that if a cost-saving exercise, costs be produced for the range of outcomes so that it is not given the go-ahead if only the best-case scenario is worth it (since projects rarely end up with the best-case outcome). If it is a money saving scheme then the requirement could say that permission would only be granted if the saving is at least X% of the cost over 75% of the outcomes etc. It could require that a Project manager signs his authority to say that the timescales are achieveable and if they are tight that money exists to ensure they do not slip.

Of course, this is a great idea and of course, it would never be implemented, partly because it is far too simple and partly because people would never agree what numbers would be appropriate for the spec. However, I personally think there are issues much deeper that would need to be addressed. We have a "cheapest price/shortest time" mentality for the most part and we don't trust people to give us honest prices for work. We therefore beat down their margins until they cannot afford to shoulder any contingency if problems arise. We can't accept that projects need to be planned well and might take longer overall but with a saving in cost and a higher confidence in the quality of the outcome. We cannot always plan things so that if the project must be shelved, that we might have at least gained some benefit in the part of the project that has been finished.

The Century of Self

The BBC had a series a few months back called the century of self. I have started watching it on download and have seen 2 of the 4 episodes which so far has covered the turn of the century up until the start of the 1960s. It talks about Public Relations (meaning that a consumer is sold something they want rather than need) and then the effect of psycho-analysis on many areas of life including government trying to repress people's 'irrational' hidden feelings in order to prevent terrible events like Nazi Germany.

One of the most interesting points that has been made is that consumerism is a form of control exerted over the population. By telling people that they want your products, you provide an anaesthetic to life in general. The people feel like their needs are being met so they stay quiet and don't interfere with society (in a negative way). It was seen as essential to democracy although several people pointed out that the opposite is true and it is a form of control to maintain an authoritarian state - even if it has a democratic form. Any distractions the governments of a country can produce help to keep the masses under control.

I then saw today that Sony are releasing Playstation Home, an online multi-player virtual reality where you can create an avatar for yourself (a graphical 3d person) and then interact with other people who are controlled by real people somewhere in the world. Of course this is pure fantasy. How many people who are overweight/underweight or unattractive will simply produce an avatar looking like Tom Cruise or Penelope Cruz and live out a lie online to avoid their real life. How sad it is that the businesses are actively promoting something that like the BBC documentary makes people avoid real issues in life which are 1) dealing with problems you have and 2) doing something positive for others. Consumerism like online role-playing games do neither.

As a Christian, I think that the only way to achieve either to any degree is by letting Jesus deal with your issues either once or ongoing depending on the issue and then for a positive affect, telling others that God wants to help them too. Of course being a Christian is not allowed anymore!!! It is wrong to tell people that Jesus is the only way to get genuine contentment but if what He said in the Bible is true then He is the only way to 100% peace in life. He is the Son of God and told us that He was the only way to God so there isn't really much room for debate there. It often makes me chuckle when a mere human being says that Jesus was wrong or mis-quoted, how terribly unqualified compared to God are we to have any strong opinions! As someone said in a book I read recently, if there is any doubt as to whether something is what we think or what God says, it is much safer to go with God's point of view :)

More data security and ineptitude

Somebody was telling me about the changes that were made on London Underground after the Kings Cross fire which killed 31 people in 1987. Very many changes were made and in total they all but removed the chance of a serious fire incident in sub-surface stations. One of them that interested me was about the fire systems. Back in the day, there were fire systems but they had to be started by a person. What if the person was absent or forgot or was unavailable for whatever reason? Obviously the system wouldn't operate. The Fennell report decided that a fire system can not rely on somebody to start it but should be automatic with the ability to override it if it was not required to go off. This simple but very perceptive statement identified the fact that people are not perfect, even the most able of us. It realised that however much people are trained, they sometimes choose to ignore training or they simply forget. The Kings Cross fire reminded us of that to fatal consequences.

How does this relate to data security? Well, losing thousands of people's data does not usually kill anybody but it would be wrong to say that it is unimportant, at the same time, if somebody loses data, are they realistically going to be put in prison or fined a massive amount. The simple reality is that so many people are working with data and probably either losing it or leaving it unsecured on a day to day basis that we cannot rely on training and processes and guidelines alone for our security. We must make the system robust enough so that security cannot be side-stepped or at least not without a very specific choice to do so which could then be punishable by more strict sanctions. It wouldn't take much (and has possibly already been done) to work out all of the places where data security is an issue and then enforce changes. Examples include mandatory locking screen savers at a desk, mandatory encryption on laptop hard-disks and removable drives. Locking of data so that it cannot be arbitrarily moved to pen drives etc (this can be hard but it is doable) and all of these done in a way that cannot be bypassed. You would then need a robust auditing system so that things done 'outside of the box' are recorded.

The biggest problem with this is really application support. When many people write web sites or databases, particularly for internal use, it is time-consuming and complex to lock data and pages down, to understand the myriad of security levels and protocols to find out what can be circumvented and what cannot. If the tools provided this out of the box (and there are some things along these lines like the owasp esapi) then our job would be much easier. Even on a basic level, the current voices in the media don't seem to realise that a password protected windows hard disk can be read directly from another operating system that does not choose to use the windows security system. If this is really the level we are at then government should bin any more data projects until people learn what they are doing. People might not die but it can be very, very annoying!