Tuesday, February 19, 2013

Is it time for more transparency in primary produce?

The Coles and Woolies milk battles are again in the media, with The Age reporting that the supermarket chains are putting them out of business, and the ABC reporting that there is something we can do. I agree with the ABC, and in effect it is us, the consumers, that must decide whether we want to pay for people (in this case, farmers) to get a "fair return" or not.  However, there's a key piece of the puzzle missing here - information.

Market theory rests on a number of assumptions.  One of these assumptions is that the consumer has access to all the information they need.  In today's world of complex supply chains, and questionable marketing, this assumption rarely holds true.  So whilst its all good and well for the ABC to argue (and for me to agree) that we need to be prepared to pay for what we want, it simply isn't feasible unless the information is available.

So what should we do?  I know, I know - lets regulate more, and make those evil companies tell us the right information, yes - that'll do the job.  No, we as consumers should vote with our pockets, and buy from companies that do supply the level of detail we want.  Many people are happy to be swayed by promises by coffee companies to pay a certain amount to the producer of the coffee, why are we not interested in the same question when it comes to our own farmers?  After all - when they suffer, its us as the tax payer who subsidizes them.

Let me give  couple of examples that if you've read this much, you're probably interested in:

1. Eggs
Time and time again the discussion of what constitutes free range eggs arises.  There is currently an industry managed standard that says 20,000 hens per hectare constitutes free range, like many others I think this is taking the piss, but the real objection I have here is that rather than looking for a label of "free range" we should be looking for a number, and making a decision ourselves.  Imagine filling up with petrol and finding the price on the bowser saying "cheap", only to find out when you pay that "cheap" actually means $1.90 per litre.

2. Milk
In the current debate, it would be great if on the bottle of milk, it said how much the producer was paid for the milk.  I have no idea how much this is, but if it were visible then I could make an informed decision as to whether I was prepared to pay an extra $1 per litre knowing that the producer gets half of it (for example).

The key point here is not that you must want free range eggs, or milk that doesn't force farmers to cut costs.  The point is that you are making an informed decision.  So - go away, find the brand you buy from, and send them an email requesting they put the information you want on the label.  More importantly, even if you're not happy with the answers to your questions, buy the brand that takes the time to answer them.

Wednesday, February 13, 2013

The Olympic business

I'm prompted to write this piece after reading that wrestling will not be in the 2020 Olympic Games. I should start by saying that I wouldn't be surprised if some of the views I hold are not actually based on fact, but instead on some myths I have formed in my head.  Myths or not, they are my beliefs, and I think they have merit.

The reason for removing wrestling is pure and simple - popularity (read money).  The Olympic Games, once the bastion of athletic ideals - Faster, Higher, Stronger, are now the bastion of capitalism - More, More, More.  Wrestling is one of the original events from the modern Olympic Games, so one might ask why the need for change.  The answer is to make room for other sports - lets take a look at a few of the sports that have been added recently, see if you can pick a theme: tennis, rugby, football (soccer), golf, basketball.  These are all professional sports with high TV ratings, they are being added so the Olympic Games can be more "successful" (ie bigger, more TV, more money).

In my view, events in the Olympic Games should meet the following criteria:

  1. They should be amateur in nature. I don't mean that athletes shouldn't be sponsored or endorsed, but they shouldn't have contract with their club that pays them to compete.
  2. The Olympic Games should be the pinnacle of the sport. This immediately rules out my hitlist of tennis, rugby, football (soccer), golf and basketball. I would add that road cycling should be removed - the Tour de France is clearly its pinnacle, however track cycling should stay.

The sad thing about all this is it appears to be irreversible.  I would love to read something that made me think a change could be made, and sport could again be sport.

Tuesday, February 12, 2013

Dropbox and security?

A friend of mine tweeted about Sam Glover's article about Dropbox security, which I responded to with a tweet saying that "The technology behind dropbox is just fine. The weakness is people - convenience vs security."  Of course there are other views being presented as well, and as you can only fit so much of an argument in 140 characters, I thought this was worth some more in-depth discussion.

Firstly, let's define what we mean by "secure". In the context of Dropbox I'll define this to mean that no one gets access to files you store with Dropbox, other than the files you explicitly want them to have access to. Secondly, with a definition agreed, let's outline the threats to Dropbox security (note some of this is already covered in Sam Glover's article):

Threat 1: The Dropbox T&Cs allow Dropbox to access your data, or provide access to your data to the US government.

I'm going to ignore this threat, as I see it no differently to any other IT situation.  There is always someone somewhere who has "god access" to the system.  This applies to your on-site file share, your email (regardless of who is is managed by), and any other IT systems you use.

Threat 2: How secure is your Dropbox password?

People are lazy. I include myself in this, please don't take it as an accusation.  I have a bunch of different passwords, but for things that I don't consider critical, I have one password that I use over and over again.  This is not secure - if one of the sites I use that password for is hacked, and they happen to be foolish enough to be storing my password in an insecure way, then the hacker most likely will have my email address and my password.  They will then look at other sites (Facebook, Google, Microsoft (Live/Hotmail), Yahoo, Dropbox, LinkedIn, etc etc) - in many cases a user will have used the same password across many of them.

If you use the same password for Dropbox as you do for other systems, then you are relying not only on the security of Dropbox, but also the security of the other system.  If you are using Dropbox for sensitive information then I highly suggest you use a password for Dropbox that you don't use anywhere else.  Can't remember your password?  Simple - download the free KeyPass application (or similar) to store your passwords in.  Don't forget that this then becomes another risk, you need to ensure your passwords are safe, just because an application says they're safe, they may not be (I can vouch for KeyPass).

Note that any IT system will be exposed to this threat, however IT systems that can be accessed from the Internet (ie most cloud systems, or any system you host yourself but have decided to expose to the internet) are more vulnerable to this due to the ease with which a hacker can re-use a stolen password.

Threat 3: How secure is your email?

Moving on from the above, even if you do as I say and have a separate password, if your email is not secure, then neither is any system that has a "reset your password" link.  Dropbox, as with many other systems, allows you to reset your password via email.  If I can hack into your email, then I can simply go to Dropbox, click the reset password button, and voila, I now have access to your Dropbox account.  A well known IT journo Mat Honan was victim to this style of attack last year.

Threat 4: Do you share Dropbox files with other people?

Dropbox is great, you can easily upload a file and send a link to someone else so they can see that file - this gives you the option to tweet, email, facebook, or send the link through whichever channel you might want to  - very valuable given that some of these channels don't support attachments.  However, there's a downside to this.  There is the possibility that you might share more of your Dropbox account than intended, and in doing so give people access not only to the file you intended to share, but also to other files that you don't want to share.  If you think this is unlikely, pause to consider that a significant proportion of security vulnerabilities are not due to highly technical hacking technique, but instead due to a system administrator misconfiguring something.  If an IT professional can get it wrong, so can you.

Threat 5: Do you grant other applications access to your Dropbox account?

If you use an smartphone or tablet, the chances are that you have an application installed that has the ability to store or share content with Dropbox. This is great from a convenience point of view, but opens up more points at which someone can get access to your account.  If there's a bug in that application, or a malicious person has access to that application, the integration with Dropbox is suddenly not only convenient for you, but also for a hacker.

What should I do?

So, what is my advice? Unless you have a dedicated IT Security function, Dropbox will probably do you just fine, provided you follow some basic tips:

  1. Acknowledge that there is a system administrator somewhere who can look at your data.
  2. Use a unique strong password.  Don't write it down - instead use KeyPass or similar if you want to store it.
  3. Treat your email as a highly important secure system.  Use two-factor authentication if it is offered by your email provider (Google and Yahoo provide this, Microsoft do not)
  4. If you use Dropbox to share files, use a different account to do so, or make sure you know what you're doing.
  5. Be wary of applications that require access to your Dropbox account.
Finally - I'm sure that experienced Information Security Professionals could elaborate on the above, I don't consider myself to be all-knowing with regard to Information Security, but I think the above covers the key points.

Tuesday, February 5, 2013

Does the absence of a helmet on a cyclist suggest they are drunk?

An article published yesterday stated that cyclists with no helmets more likely to ride drunk. As a keen cyclist, one of the many who obey our of traffic rules, I read this with interest.

The article itself blurs two points that anyone with common sense would not need research to believe:
  1. Wearing a helmet protects your head if you're unfortunate enough to fall off.
  2. People who break rules are likely to not just break one rule, but be more willing to break rules in general.
Whilst the research itself draws a number of conclusions based on statistical analysis of the data, the article reporting the research chooses a sensational and non-core finding from the research to suggest that "those cyclists without helmets are probably drunk and riding through red lights".

It is a shame to see a The Conversation's standard diminished by such sensationalist headlining of this article. The real finding of the research (completely ignored by the article) is that the current argument about helmets not being important on bike paths is false (based on their analysis).  Unfortunately the research doesn't address the question of whether this cost would be offset by the benefit of assumed increased participation rates that would come if people weren't forced to wear helmets.

Sunday, February 3, 2013

Parents can relate to Roxon's decision

In today's The Age Amy McNeilage writes about Nicola Roxon's decision to quit politics as something specific to mothers. As a father with young children I would like someone to explain why mothers have a god-given right to be to the primary parent, but then want equality in other areas when convenient. Why does the article not talk about the fathers with young children in parliament, such as Jamie Briggs or David Bradbury, and the parenting they are sacrificing? Is fatherhood less important than motherhood?

It is time that proponents of equality realise that equality is not about furthering the interests of women, but about righting the balance in a whole range of areas from the family court to the workplace.

Saturday, June 16, 2012

A new model for bike shops?

It's hardly a surprise to anyone in cycling to see that bike shops are closing, and that links are being drawn between the price difference between shopping online vs in store.  However unlike the Borders & Dymocks vs Amazon and Book Depository, the argument is about more than price.

Where most people who used to shop and Borders and now shop at Amazon had no relationship with the people in their Borders shop, the bike shop situation is different. Those who use the acronym LBS do so with passion, LBS stands for Local Bike Shop but means the relationship you have with the people who give you advice, and the loyalty you give them in return.  Cycling forums are full of warnings about buying online and going into a bike shop to ask for help with something that didn't quite go to plan.  This seems pretty obvious, so why is there a problem?

Firstly, this isn't as much a problem in the difference between retail and online, the problem is elsewhere.  Want evidence?  Compare the Cell Bikes, once of Australia's leading online stores, price for a Shimano Ultegra cassette $165 with the equivalent offering from Wiggle of $75.  Sure, Wiggle is much bigger than Cell so has the economies of scale, but that doesn't explain a price that is twice as expensive.  The answer to this is the distributors; I've been told by numerous people that Australian companies (shops and online sales alike) pay more to the wholesaler than the likes of Wiggle sell for.  In order words, Cell Bikes are probably paying $100 to start with for the above cassette - no wonder they can't compete.

Taking the above into consideration, is it any wonder that cycling enthusiasts abandon the LBS and purchase online, buying the tools they need to do their own maintenance at the same time?  So what does the future of the Australian bike shop look like?  Something needs to change, and I think it's the business model.

My suggestion is that bike shops augment their current revenue stream with a paid for subscription service.  As a subscriber, I would be entitled to chew the fat with the bike shop mechanic, ask for his/her opinion on something I was looking at online, and even bring my part into the shop to ask for advice.  If I wanted them to work on my bike, I'd still pay for the labour, as I do now - but without the stigma of asking them to work on something I didn't buy from them.  I'd picture a subscription range from $10, $25, and $50 per month, with a minimum commitment of 12 to 24 months.  The difference in value would be represented by whether this enabled you to talk to the person on the shop floor, or all the way back to the mechanic in the shop, and of course how much you spoke to them.  If I chose to, I could buy from one of the many online shops, or even from eBay, and have the part (or bike) delivered directly to my LBS.

Distributors of course would be horrified at the above, and so they should.  However as a consumer, I am already horrified at the way the market operates.

Sunday, October 9, 2011

Please confirm your email/phone/other visible field

Am I the only one who is frustrated by the idiots who think that asking people to enter their email address twice will improve the quality of the data in their databases?  The "re-enter your password" pattern exists because when people enter their password, its not visible, so you have no way of knowing if you've made a typo or not.  Applying this pattern to email address, or vehicle registration numbers as Citylink do, makes absolutely no sense!

Rant over.