Tuesday, 27 September 2011
Identity and Access Management and the Technology Outlook for UK Tertiary Education 2011-2016 (Part Two)
Recently, the NMC Horizon project published its report, Technology Outlook for UK Tertiary Education 2011-2016: An NMC Horizon Report Regional Analysis, produced in collaboration with CETIS and UKOLN. The last ten years have seen massive changes in the ways in which UK tertiary education institutions handle authentication, identity, and access controls, and I would like to take a look at each of the technologies it mentions and discuss whether their adoption will force or encourage further change.
The report groups technologies into three groups of four, the first group being those which are imminent (time to adoption one year or less), then those which are likely to be adopted in two to three years, and finally those which the contributors to the report expect to be adopted in four to five years. I will devote a single post to each group of four. This is post two of the three; go to post one, post three.
Game Based Learning
This is the first of the second set of technologies, due for adoption in two or three years. As far as access is concerned, there are two points to make. First, since in the tertiary education context, games used for learning will presumably be connected to courses, the access policies will basically match those for existing VLE services. Indeed, it is likely that if adoption is widespread, many institutions will wish to embed games in their VLE, if they use one. So there should be existing processes which determine who has access to a game (at several levels: to play, to access scoring and other records, and to manage it), and there should be existing procedures to implement whatever is required for access for those people who should be permitted it - adding identifiers to an access control list from an student information system database, for example.
The second point is that how access controls are enforced will depend on the game environment and its implementation. The links given in the report are not explicit about how their games are implemented, though one of them is clearly using Flash, and another is embedded into social networking and will presumably also use Flash. Other candidates for game development will include HTML5. It seems likely to me that most of these games will be browser and/or app based, and so will have authentication methods which are of these types, which could utilise existing methods such as Web SSO technology for authentication.
As with the technologies in the first part of the report, there will be privacy requirements which will need to be insisted on in the development of games. In many online games, users are interested in league tables for players; will these be shareable? If games have a collaborative element, how will the information sharing required for this work - and how will it affect assessment? What about the sharing of hints and tips - another activity common in gaming communities?
Learning Analytics
Essentially, this describes the analysis of the large quantities of data generated by student activity on the Internet - including activity not necessarily considered to be part of a course, such as social network activity. Stated like this, as it is in the report, it is immediately clear that there are implications for student privacy in this work. Employees already complain about similar activities (on a smaller scale) by their employer, such as the monitoring of Facebook use (one of the issues on the US-based Privacy Rights Clearinghouse Workplace Privacy worksheet, to pick just one example of a discussion of this practice; one particular service offering to do this for employers is discussed on ReadWriteWeb).
There are other issues, too. As one of the links from the report says, "Both data mining and the use of analytics applications introduce a number of legal and ethical considerations, including privacy, security, and ownership". It then goes on to suggest that these concerns will decrease over time, due to the introduction of new tools and "as institutions are forced to cope with greater financial constraints that will make the careful targeting of available resources increasingly important". I am not sure I agree, particularly outside the US - privacy has long been much more important to legislators in Europe. It will be interesting to see how this develops in the UK, and how students over the next few years feel about it. And learning is not the only field in which analytics of this type could be used: how about research assessment in 2016? Or your annual appraisal in 2015?
New Scholarship
This topic is really about the use of non-traditional means of publishing for research (blogging, podcasting, etc.) basically, rather than (or, more usefully, alongside) peer reviewed academic journals. This is really an extension of traditional methods of exchanging ideas within the academic community (but consuming less coffee). It is actually a change which has been going on for quite a while: when I was a graduate student in the early 1990s, worldwide communication by email for special interest groups was just beginning to be embraced by members of the department.
The interest for IAM is not in the authentication side of things; shared access blogs, authenticated comments, and so on are all commonplace. There are two issues that immediately come to mind Firstly, the question of how controlled such new media are, and how an institution can protect its reputation. The LSE, where I worked until recently, was embroiled in controversy over just this issue earlier in 2011. Of course, universities have been embarrassed by the utterances of their staff for many years; people don't need a blog in order to say controversial things. But it is becoming harder to even keep track of the places where an institution needs to check to find out what those who are affiliated to it are saying in public. After all, a director doesn't want to discover a budding problem only when a tabloid reporter contacts them.
The second issue is one of authenticity. How is it possible to be sure that a blogger is really the person you think he or she is? Linking published journal articles to individuals is hard enough, without having to manage every staff member's personal blog or blogs - hence the ongoing Names project. This is an issue which is only going to become more difficult.
Semantic Applications
This technology is about the intelligent use of material from online sources, usually the open Internet but possibly including protected content, to make connections between items of data automatically, without intervention from human researchers. (This is also, and perhaps better, known as Linked Data.) This may not seem to have any identity component whatsoever, but in fact there are two issues: data provenance (ownership and authenticity), as discussed above, and allowing access for the intelligent applications to closed content. The second of these is a technical issue, and should be readily soluble in the timescale suggested for the adoption of semantic technology, two or three years.
It's fairly clear that many of the promoters of Linked Data are not keen on the use of closed content, but there is no particular reason why (parts of) the data processed need to be accessible to everybody on the Internet; obviously the ability to use it for widespread use will be compromised, but that may well be considered a small price to pay (see also the entry on the topic in the Structured Dynamics Linked Data FAQ).
Thursday, 22 September 2011
Identity and Access Management and the Technology Outlook for UK Tertiary Education 2011-2016 (Part One)
Last week, the NMC Horizon project published its report, Technology Outlook for UK Tertiary Education 2011-2016: An NMC Horizon Report Regional Analysis, produced in collaboration with CETIS and UKOLN. The last ten years have seen massive changes in the ways in which UK tertiary education institutions handle authentication, identity, and access controls, and I would like to take a look at each of the technologies it mentions and discuss whether their adoption will force or encourage further change.
The report groups technologies into three groups of four, the first group being those which are imminent (time to adoption one year or less), then those which are likely to be adopted in two to three years, and finally those which the contributors to the report expect to be adopted in four to five years. I will devote a single post to each group of four. This is post one of the three; go to post two, post three.
Cloud Computing
The report describes this as an almost ubiquitous technology. The main access challenges must therefore have been solved, surely?
However, a quick glance at the project links given in the section to relevant initiatives in the sector shows that access to cloud resources is not as simple as it might be. The Bloomsbury Media Cloud requires an email to request the setting up an account, and considers access to be sufficiently difficult to have created a video in its user guide section to show how to access content (and the video itself is hard to access, giving me a 404 not found error when I tried it). "Investigating and applying authentication methods" is one of the objectives of the project, but I would suggest that more work is needed. But that is better than the second link, to Oxford's Flexible Services for the Support of Research which does not exist at all. They really should have employed a more persistent URL: it has moved from a "current research" directory to a "research" directory, here. This is a far less glossy project, more technical in content, as can be seen from the Installation documentation, which describes access control in the following terms:
"Security Groups: users can define groups with access rules indicating what port can be
accessed from which source IP(s). Multiple Virtual Machines (VMs) can then be instantiated and associated to a defined group. In this way, a security group works analogously to a firewall put in front of one or more VM. Crucially, such a 'firewall' is managed directly by the owner of the VM(s)".
Flexible, but a bit of a challenge for those with little knowledge of virtual machine firewall configuration. The final project link is to HEFCE's funding announcement of shared cloud services for higher education institutions.
So there is still work to be done, in terms of the user experience mainly. Clearly this aspect is of importance to commercial providers of cloud-based services, such as Google docs, and this is inspiring the frequent occurrence of questions on the relevant user mailing lists about the integration of Shibboleth, as a single sign on product used in many tertiary education contexts, with the authentication regimes imposed by these providers.
Mobiles
Again, mobile technology is being adopted rapidly by many institutions. The main IAM related issue is how to ensure security, and it is something which is quite well understood - but that hasn't prevented implementations of other systems having embarrassing security holes which should have been avoided. With mobiles, the issue is more about making sure that known issues are dealt with rather than extensive research to work out what should be done. An introduction to the issues can be found here (among many other places). Since most of the resources being discussed are web based, issues of integration and single sign on are not likely to be important, as they will have been solved for traditional web clients (e.g. by using a standards based SSO solution).
Open Content
In the past, I promoted the idea that even when repositories have open access, there is still a need for authentication and authorisation, unless the repository really allows anyone to anonymously store any item, with no audit trail: a situation which is not likely to happen in the academic community. Similar remarks also hold for open content. The holders of the content will want to retain at least some control over the much of the content being posted. In fact, deposit is likely to be quite restricted, in order to retain a degree of academic respectability and to keep control of intellectual property rights. This is true in the example project links which are given in the report, except for one: P2PU. There, all that is needed to post content, either comments on existing teaching material or a course of your own, is a login. This can be an OpenID identity, or one which is derived from the completion of a registration form.
As is the case with mobile use, there is little new here; developers of open content repositories just need to be sure to apply known security principles correctly to safeguard the holdings that will fill them.
Tablet Computing
Here, the main point is the potential for the use of apps for educational and/or research purposes. This means that the use of apps is the main issue for IAM in this context: how an app (and associated remote data stores if any) handles identity, privacy, security and so on will be the major concern. As with the previous two technologies, it seems that the principal focus for IAM work here will be on developer/deployer education rather than finding something new. Heterogeneity is a potentially serious issue for tablets than less advanced mobiles, because apps can take non-standard approaches to IAM and services provided by institutions will need to be flexible in order to cope: but this should not be at the expense of security and privacy.
Overall, there is an excellent discussion (Part One, Part Two) of what Frank Villavicencio calls the "consumerization of IAM" - the consequences for Identity and Access Management of the explosion in the use of different devices and methods for accessing systems. Although it deals with the commercial market, much of what he says is going to be at least as applicable to FHEIs. With all these new devices and methods for accessing services, a user's multiple roles (as student or employee, as a private individual, as a consumer, etc.) become immensely important, whether they want to merge them or keep them separate. As with much of Identity, the issue is the precise way to manage the trade off between privacy and convenience. The main recommendation of the Identropy discussion is that organisations need to embrace this change, rather than trying to bury their heads in the sand; this is something which applies even more to FHEIs if they want to meet the expectations of their students, who will expect them to live in this decade not the last.
The report groups technologies into three groups of four, the first group being those which are imminent (time to adoption one year or less), then those which are likely to be adopted in two to three years, and finally those which the contributors to the report expect to be adopted in four to five years. I will devote a single post to each group of four. This is post one of the three; go to post two, post three.
Cloud Computing
The report describes this as an almost ubiquitous technology. The main access challenges must therefore have been solved, surely?
However, a quick glance at the project links given in the section to relevant initiatives in the sector shows that access to cloud resources is not as simple as it might be. The Bloomsbury Media Cloud requires an email to request the setting up an account, and considers access to be sufficiently difficult to have created a video in its user guide section to show how to access content (and the video itself is hard to access, giving me a 404 not found error when I tried it). "Investigating and applying authentication methods" is one of the objectives of the project, but I would suggest that more work is needed. But that is better than the second link, to Oxford's Flexible Services for the Support of Research which does not exist at all. They really should have employed a more persistent URL: it has moved from a "current research" directory to a "research" directory, here. This is a far less glossy project, more technical in content, as can be seen from the Installation documentation, which describes access control in the following terms:
"Security Groups: users can define groups with access rules indicating what port can be
accessed from which source IP(s). Multiple Virtual Machines (VMs) can then be instantiated and associated to a defined group. In this way, a security group works analogously to a firewall put in front of one or more VM. Crucially, such a 'firewall' is managed directly by the owner of the VM(s)".
Flexible, but a bit of a challenge for those with little knowledge of virtual machine firewall configuration. The final project link is to HEFCE's funding announcement of shared cloud services for higher education institutions.
So there is still work to be done, in terms of the user experience mainly. Clearly this aspect is of importance to commercial providers of cloud-based services, such as Google docs, and this is inspiring the frequent occurrence of questions on the relevant user mailing lists about the integration of Shibboleth, as a single sign on product used in many tertiary education contexts, with the authentication regimes imposed by these providers.
Mobiles
Again, mobile technology is being adopted rapidly by many institutions. The main IAM related issue is how to ensure security, and it is something which is quite well understood - but that hasn't prevented implementations of other systems having embarrassing security holes which should have been avoided. With mobiles, the issue is more about making sure that known issues are dealt with rather than extensive research to work out what should be done. An introduction to the issues can be found here (among many other places). Since most of the resources being discussed are web based, issues of integration and single sign on are not likely to be important, as they will have been solved for traditional web clients (e.g. by using a standards based SSO solution).
Open Content
In the past, I promoted the idea that even when repositories have open access, there is still a need for authentication and authorisation, unless the repository really allows anyone to anonymously store any item, with no audit trail: a situation which is not likely to happen in the academic community. Similar remarks also hold for open content. The holders of the content will want to retain at least some control over the much of the content being posted. In fact, deposit is likely to be quite restricted, in order to retain a degree of academic respectability and to keep control of intellectual property rights. This is true in the example project links which are given in the report, except for one: P2PU. There, all that is needed to post content, either comments on existing teaching material or a course of your own, is a login. This can be an OpenID identity, or one which is derived from the completion of a registration form.
As is the case with mobile use, there is little new here; developers of open content repositories just need to be sure to apply known security principles correctly to safeguard the holdings that will fill them.
Tablet Computing
Here, the main point is the potential for the use of apps for educational and/or research purposes. This means that the use of apps is the main issue for IAM in this context: how an app (and associated remote data stores if any) handles identity, privacy, security and so on will be the major concern. As with the previous two technologies, it seems that the principal focus for IAM work here will be on developer/deployer education rather than finding something new. Heterogeneity is a potentially serious issue for tablets than less advanced mobiles, because apps can take non-standard approaches to IAM and services provided by institutions will need to be flexible in order to cope: but this should not be at the expense of security and privacy.
Overall, there is an excellent discussion (Part One, Part Two) of what Frank Villavicencio calls the "consumerization of IAM" - the consequences for Identity and Access Management of the explosion in the use of different devices and methods for accessing systems. Although it deals with the commercial market, much of what he says is going to be at least as applicable to FHEIs. With all these new devices and methods for accessing services, a user's multiple roles (as student or employee, as a private individual, as a consumer, etc.) become immensely important, whether they want to merge them or keep them separate. As with much of Identity, the issue is the precise way to manage the trade off between privacy and convenience. The main recommendation of the Identropy discussion is that organisations need to embrace this change, rather than trying to bury their heads in the sand; this is something which applies even more to FHEIs if they want to meet the expectations of their students, who will expect them to live in this decade not the last.
Saturday, 2 April 2011
Installing Debian on MSi CR629 (Novatech I3) laptop
I recently bought a new laptop from Novatech, without any operating system pre installed (it turns out to be labelled an MSi CR629). I would, by the way, recommend Novatech as a supplier, particularly for people who want to buy computers which don't have Windows pre-installed. The directions I give will probably be considered a bit terse by a first time Linux installer, as I mainly want to explore how to obtain a working, Linux installation on this particular hardware, not to replicate other people's documents which describe how to install Linux of various flavours.
This post will describe the steps I went through to get a working Debian Linux stable installation on the laptop, for the guidance of any others who might wish to do the same. I might move to testing at some point, rather than stable; this is something I haven't decided yet.
I spent some time beforehand thinking about the Linux distribution to use. The short-list was Gentoo, Debian, and OpenSuse. I rejected ubuntu, which I have used for a long time on my desktops, because I don't like some of the recent changes and the direction the project seems to be going in, in terms of user interface design and flexibility. I ended up rejecting Gentoo, after actually attempting an installation; I have in the past spent too much time manually configuring Xorg.conf, and I have no desire to do so again. I never got round to trying OpenSuse...
1. Create CD and Install Debian Linux
I did this on one of my existing computers. I downloaded via the Debian website, and burnt a CD using brasero on my existing ubuntu desktop. Then I booted up the laptop, inserted the CD, and rebooted, following the instructions on screen. The network install works fine, though it must be done with a wired internet connection (see below on how to add wireless support).
I chose to partition manually, though there is no particular need to do so. This was mainly so that I could leave some empty space on the disk, possibly for installing Windows later, possibly for exploring other Linux distributions. But I created a small /boot partition, a larger than recommended swap (as I've had problems in the past from too small swap space), and a large / partition (as I have also suffered from using machines which had many partitions which did not work out as the needs of the server did not match the ideas of the installer).
Once the installation process is complete, follow the menu item to restart, remove the CD, and let the machine boot from the hard drive. With the exception of some hardware accessories, this process worked fine.
Some hardware problems will only become apparent over time; there are several pieces of kit integrated into the laptop which I have not used yet, and even some which I am unlikely to ever use (the MMC card reader). A couple of items did immediately need fixing to work with Debian, and this is probably the most technical requirement of the installation.
2. Wireless networking
The laptop comes with RaLink RT3090 wireless hardware, which has known issues with linux drivers. But before we come to that, the device is bizarrely switched off by default. If you press Fn and F8 simultaneously, wireless networking is turned on, and the status light second on the left below the mousepad should become green.
Next, install the basic wireless software. Open a terminal, and as root or using sudo, run
# apt-get install firmware-ralink wireless-tools
(Using synaptic is of course an acceptable alternative.) Enable the drivers by restarting the network manager, either by rebooting or
# /etc/init.d/network-manager restart
The software package named firmware-ralink contains several drivers, some of which will work with the RT3090 hardware, but none of which allow stable wireless connections. They are however needed to establish a connection. For a more stable connection, download the proprietary driver for the RT3090 directly from Ralink's support website. You will need to accept the license, entering name and email, to download. To install, you will need to be root or use sudo.
# unzip 2010_1217_RT3090_LinuxSTA_V2.4.0.4_WiFiBTCombo_DPO.zip
# cd 20101216_RT3090_LinuxSTA_V2.4.0.4_WiFiBTCombo_DPO
# make
# make install
(The original text here included a link to a website where a .deb file could be downloaded; I hadn't taken in that this was ubuntu only and would not work in debian.)
Rebooting is probably the easiest way to see if the driver is picked up. You can see a list of which drivers are loaded using
$ lsmod | grep -e rt2 -e rt3
(you don't need to be root to run this). If rt3090sta is not listed, you need to add it (as root):
# modprobe rt3090sta
This immediately got the wireless working, searching for networks to connect to, and with a reasonably (but not perfectly) stable connection.
To force the driver to be loaded on booting the laptop, run the following command as root:
# echo "rt3090sta" >> /etc/modules
This simply adds the module name for the driver to the list in this file of the kernel modules to load on boot. (N.B. This does not always appear to work, but if not, run the modprobe command again to load the driver manually.)
(These instructions are based on those here, which although they didn't work for me as written, gave enough clues that I could get wireless working.)
3. Integrated card reader
Inserting an SD card into the card reader (second drawer from the front on the left hand side; you need to remove the cover first) does nothing. This is because the driver for the reader is not included as a module for use with the current linux kernel - there is a kernel bug report, but it is complicated and confusing in its advice and in fact easier to follow instructions are available elsewhere. The card reader is a USB device, and can be seen with
$ lsusb
The output should include a line like:
Bus 001 Device 005: ID 0cf2:6250 ENE Technology, Inc.
which indicates the manufacturer of the hardware. These instructions are intended to get card readers made by this manufacturer to work in debian linux: if the hardware for the laptop has changed and a different card reader is included, the method will be different.
You will need to be root to install the driver, which needs to be compiled as a kernel module.
First, download the driver here. The downloaded zip file needs to be unzipped to a particular location:
# unzip -d /usr/src/keucr-0.0.1 R100_02_ene_card_reader.zip
Create a file named /usr/src/keucr-0.0.1/dkms.conf containing:
PACKAGE_NAME="keucr"
PACKAGE_VERSION="0.0.1"
CLEAN="rm -f *.*o"
BUILT_MODULE_NAME[0]="keucr"
MAKE[0]="make -C $kernel_source_dir M=$dkms_tree/$PACKAGE_NAME/$PACKAGE_VERSION/build"
DEST_MODULE_LOCATION[0]="/extra"
AUTOINSTALL="yes"
and then use dkms to build and install the driver:
# dkms add -m keucr -v 0.0.1
# dkms build -m keucr -v 0.0.1
# dkms install -m keucr -v 0.0.1
# echo "keucr" >> /etc/modules
The last line means that the module will be loaded on boot. To load it manually in the current session use:
# modprobe keucr
Test by inserting a card; it should now be recognised and automatically mounted. Whenever a new kernel is built/installed, this driver will break and will need to be re-installed:
# dkms remove -m keucr -v 0.0.1 --all
# dkms add -m keucr -v 0.0.1
# dkms build -m keucr -v 0.0.1
# dkms install -m keucr -v 0.0.1
# modprobe keucr
4. Mousepad tapping
Not everyone likes mousepad tapping (that is, being able to tap on the pad to simulate a mouse button click, rather than using the bar at the bottom of the pad), and it is turned off by default in gnome (the default windowing environment in debian). Enabling is much simpler than the preceding tasks. To enable, simply use the menu at the top of the screen; select System/Preferences/Mouse, go to the Touchpad tab, and click on "Enable mouse clicks with touchpad". This should take effect immediately.
5. Webcam
Like the wireless hardware, this is switched off by default. I spent a while trying to work out what the problem might be, before turning it on, which can be done by pressing Fn and F6 simultaneously. When you do this, you should straightaway find:
$ ls /dev/video*
returns
/dev/video0
and that you can see yourself if you start the application cheese (select Applications/Sound and Video/Cheese Webcam Booth). Additionally, lsusb will now return an additional entry which includes the manufacturer's name: "Acer, Inc".
You can turn the webcam off again with the same key combination.
Update: Fixed some errors in the wireless networking section.
Update 2011-10-13: Updated URL for Ralink Support.
This post will describe the steps I went through to get a working Debian Linux stable installation on the laptop, for the guidance of any others who might wish to do the same. I might move to testing at some point, rather than stable; this is something I haven't decided yet.
I spent some time beforehand thinking about the Linux distribution to use. The short-list was Gentoo, Debian, and OpenSuse. I rejected ubuntu, which I have used for a long time on my desktops, because I don't like some of the recent changes and the direction the project seems to be going in, in terms of user interface design and flexibility. I ended up rejecting Gentoo, after actually attempting an installation; I have in the past spent too much time manually configuring Xorg.conf, and I have no desire to do so again. I never got round to trying OpenSuse...
1. Create CD and Install Debian Linux
I did this on one of my existing computers. I downloaded via the Debian website, and burnt a CD using brasero on my existing ubuntu desktop. Then I booted up the laptop, inserted the CD, and rebooted, following the instructions on screen. The network install works fine, though it must be done with a wired internet connection (see below on how to add wireless support).
I chose to partition manually, though there is no particular need to do so. This was mainly so that I could leave some empty space on the disk, possibly for installing Windows later, possibly for exploring other Linux distributions. But I created a small /boot partition, a larger than recommended swap (as I've had problems in the past from too small swap space), and a large / partition (as I have also suffered from using machines which had many partitions which did not work out as the needs of the server did not match the ideas of the installer).
Once the installation process is complete, follow the menu item to restart, remove the CD, and let the machine boot from the hard drive. With the exception of some hardware accessories, this process worked fine.
Some hardware problems will only become apparent over time; there are several pieces of kit integrated into the laptop which I have not used yet, and even some which I am unlikely to ever use (the MMC card reader). A couple of items did immediately need fixing to work with Debian, and this is probably the most technical requirement of the installation.
2. Wireless networking
The laptop comes with RaLink RT3090 wireless hardware, which has known issues with linux drivers. But before we come to that, the device is bizarrely switched off by default. If you press Fn and F8 simultaneously, wireless networking is turned on, and the status light second on the left below the mousepad should become green.
Next, install the basic wireless software. Open a terminal, and as root or using sudo, run
# apt-get install firmware-ralink wireless-tools
(Using synaptic is of course an acceptable alternative.) Enable the drivers by restarting the network manager, either by rebooting or
# /etc/init.d/network-manager restart
The software package named firmware-ralink contains several drivers, some of which will work with the RT3090 hardware, but none of which allow stable wireless connections. They are however needed to establish a connection. For a more stable connection, download the proprietary driver for the RT3090 directly from Ralink's support website. You will need to accept the license, entering name and email, to download. To install, you will need to be root or use sudo.
# unzip 2010_1217_RT3090_LinuxSTA_V2.4.0.4_WiFiBTCombo_DPO.zip
# cd 20101216_RT3090_LinuxSTA_V2.4.0.4_WiFiBTCombo_DPO
# make
# make install
(The original text here included a link to a website where a .deb file could be downloaded; I hadn't taken in that this was ubuntu only and would not work in debian.)
Rebooting is probably the easiest way to see if the driver is picked up. You can see a list of which drivers are loaded using
$ lsmod | grep -e rt2 -e rt3
(you don't need to be root to run this). If rt3090sta is not listed, you need to add it (as root):
# modprobe rt3090sta
This immediately got the wireless working, searching for networks to connect to, and with a reasonably (but not perfectly) stable connection.
To force the driver to be loaded on booting the laptop, run the following command as root:
# echo "rt3090sta" >> /etc/modules
This simply adds the module name for the driver to the list in this file of the kernel modules to load on boot. (N.B. This does not always appear to work, but if not, run the modprobe command again to load the driver manually.)
(These instructions are based on those here, which although they didn't work for me as written, gave enough clues that I could get wireless working.)
3. Integrated card reader
Inserting an SD card into the card reader (second drawer from the front on the left hand side; you need to remove the cover first) does nothing. This is because the driver for the reader is not included as a module for use with the current linux kernel - there is a kernel bug report, but it is complicated and confusing in its advice and in fact easier to follow instructions are available elsewhere. The card reader is a USB device, and can be seen with
$ lsusb
The output should include a line like:
Bus 001 Device 005: ID 0cf2:6250 ENE Technology, Inc.
which indicates the manufacturer of the hardware. These instructions are intended to get card readers made by this manufacturer to work in debian linux: if the hardware for the laptop has changed and a different card reader is included, the method will be different.
You will need to be root to install the driver, which needs to be compiled as a kernel module.
First, download the driver here. The downloaded zip file needs to be unzipped to a particular location:
# unzip -d /usr/src/keucr-0.0.1 R100_02_ene_card_reader.zip
Create a file named /usr/src/keucr-0.0.1/dkms.conf containing:
PACKAGE_NAME="keucr"
PACKAGE_VERSION="0.0.1"
CLEAN="rm -f *.*o"
BUILT_MODULE_NAME[0]="keucr"
MAKE[0]="make -C $kernel_source_dir M=$dkms_tree/$PACKAGE_NAME/$PACKAGE_VERSION/build"
DEST_MODULE_LOCATION[0]="/extra"
AUTOINSTALL="yes"
and then use dkms to build and install the driver:
# dkms add -m keucr -v 0.0.1
# dkms build -m keucr -v 0.0.1
# dkms install -m keucr -v 0.0.1
# echo "keucr" >> /etc/modules
The last line means that the module will be loaded on boot. To load it manually in the current session use:
# modprobe keucr
Test by inserting a card; it should now be recognised and automatically mounted. Whenever a new kernel is built/installed, this driver will break and will need to be re-installed:
# dkms remove -m keucr -v 0.0.1 --all
# dkms add -m keucr -v 0.0.1
# dkms build -m keucr -v 0.0.1
# dkms install -m keucr -v 0.0.1
# modprobe keucr
4. Mousepad tapping
Not everyone likes mousepad tapping (that is, being able to tap on the pad to simulate a mouse button click, rather than using the bar at the bottom of the pad), and it is turned off by default in gnome (the default windowing environment in debian). Enabling is much simpler than the preceding tasks. To enable, simply use the menu at the top of the screen; select System/Preferences/Mouse, go to the Touchpad tab, and click on "Enable mouse clicks with touchpad". This should take effect immediately.
5. Webcam
Like the wireless hardware, this is switched off by default. I spent a while trying to work out what the problem might be, before turning it on, which can be done by pressing Fn and F6 simultaneously. When you do this, you should straightaway find:
$ ls /dev/video*
returns
/dev/video0
and that you can see yourself if you start the application cheese (select Applications/Sound and Video/Cheese Webcam Booth). Additionally, lsusb will now return an additional entry which includes the manufacturer's name: "Acer, Inc".
You can turn the webcam off again with the same key combination.
Update: Fixed some errors in the wireless networking section.
Update 2011-10-13: Updated URL for Ralink Support.
Friday, 23 July 2010
How to Ask Me For Money
About twenty years ago, my partner and I decided we'd give a proportion of our income to charity. We chose a number of charities which we support, about a dozen in all. These are a mixture of environmental, heritage and social action organisations, from the National Trust to Garden Organic and Friends of the Earth. Generally, the way we do this is pretty simple; we work through the list of charities in turn and give the money more or less monthly. The charities respond to this by sending us quite a lot of literature; newsletters, magazines, appeals, and so on. Most of this has very little effect, because of the way we decided to do our giving, but it means we see the different approaches to asking us for money taken by the charities. If anything, the way that they ask is more likely to put us off giving than to persuade us to give more: we generally react to advertising of all kinds by not buying the product. So perhaps we're not typical: if we were, there would be no advertising.
It's easy to come up with a list of actions which put us off giving to the various charities, less easy to say what constitutes a good way to encourage us. I'll start with some observations on actions which discourage us.
We don't want to be asked too frequently. Or having unnecessary reminders of why I support them in the first place. We make an effort to choose charities which have aims we support and do what we think of as good work, and we generally feel we know what they do well enough not to need constant bombardment with letters and leaflets reminding us of why the charity itself considers its work important. This is aimed most at Friends of the Earth of the charities we have supported. They have started having their appeals on the outside of the envelope as well as inside, which is just silly - if it comes from FOTE, we're not likely to assume it's junk mail to be recycled without opening. Not only that, but the appeals tend to be very lengthy and hysterical in tone: we must have another £500,000 this month, or the world will come to an end! (This is the mailing which prompted this blog post, incidentally.) While agreeing that the environment is something which we need to sort out to continue living on this planet, I am not so convinced that one campaigning group is quite so important in the world, even if they are one of the more militant.
People give money to a charity because they want to help with the front line work they do. Unfortunately, a certain amount of administration is necessary for this work to be possible; it's unglamorous and people generally don't want to fund it, but it has to be done. Sometimes employing a high quality administrator behind the scenes could help the work far more than, say, sending food to a disaster area which doesn't reach the starving because it hasn't had paperwork correctly completed to pass through customs. Think of the recent case of the Baptist aid workers in Haiti after the earthquake at the beginning of 2010, who fell foul of the laws banning child trafficking when seeking to take children to be adopted out of the country (see Wikipedia article). If, as they claim, they were sincere in believing the children to be orphans, there must have been problems which could have been solved by a good administrator: checking the status of the children properly (not easy in a country devastated by an earthquake), arrangement of permits to take the children out of the country, and understanding of the legal position on the movement of children in Haiti. While charities should keep their administration costs to a minimum, we don't actually mind how the charity spends the money we give them. Sometimes, charities asking for money include a "how do you want this money to be spent?" query on their forms, and because we feel that admin can be important, and because we don't want emotional feelings about the latest widely publicised disaster (or initiative, or whatever) to take money away from other important work, we always select "in any suitable manner", which almost certainly means that the money goes on administration.
We're not unhappy about paying for administration, but we do feel it needs to be reasonably efficient. Sometimes a charity's administrative methods are so poor that it inhibits giving to them. Plantlife is a charity we want to support, but became unable to do so because they were so inefficient. Firstly we set up a direct debit, which they failed to collect. So we cancelled the direct debit, and sent them a cheque for annual membership and a donation. But then we started getting monthly letters saying that our subscription had lapsed because they'd been unable to process our payment because the direct debit hadn't been collectable. Of course it wasn't: we'd cancelled it when the cheque was cashed. After a year of emails and phone calls, each of which ended with their administrators saying that they'd sort the problem (after all, sending us monthly letters costs them money) which seemed to have no effect on the processing of the letters, we gave up, and took our money elsewhere. We've had charities failing to cash cheques before they expire, or having online giving pages which aren't at the places which they link to, or which don't use SSL to secure the transactions (how difficult is that going to be to set up in 2010?): none of these administrative issues encourage us to give money. If a charity can't manage their receipt of donations, how can they be trusted to efficiently use the money they do receive?
We don't necessarily want to read too much about the details of the work being done. We chose a charity to support because we have some idea of what we do, but sometimes the work is such that too many details become depressing. We know things are difficult for refugees around the world, but we don't need to know all the details of individual cases of hardship (Refugee Council), we know that human rights are abused by many governments, but we don't want to be depressed by just how difficult it can be to be a dissident even in 2010 (Amnesty), we know that life for those excluded from society even in a relatively rich country in the West is hard, but individual cases can be distressing (Salvation Army). I suppose we have got a duty to ensure our money isn't being misused as much as we can, but that isn't quite what I mean by this. Almost every charity produces some sort of magazine for supporters. Sometimes this has a campaigning brief, like Amnesty's, which is used to inspire the letter writing campaigns which have been so successful for them in the past in raising awareness. We're not really people who do much letter writing, so this kind of campaigning isn't our style, and we're not planning to stop giving any time soon, so we would like to have the option of not receiving the magazine, which costs money to produce and distribute, only for us to skim it and recycle it. A short email newsletter would be better suited to the way we want to interact with these social action charities. We have explained this to the Salvation Army, who took us off their magazine list, and to the Refugee Council, who took us off their list for a time but soon started sending the magazine again (the next time we sent money to support the work).
A lot of charities want to encourage their supporters to become involved in their work. For many people, this can be extremely rewarding: working at a local charity shop, volunteering at a local National Trust property, and so on. I've already mentioned that we aren't really suited to become involved in letter writing campaigns. We also have issues caused by a long term illness which make it virtually impossible to be involved in activities which require meeting other people. As a result of this, I work at home almost all the time, so I don't do much socialising with work colleagues. So we're not likely to become involved in many of these activities, even if it's just selling raffle tickets or running awareness raising events at work. (Other people there hold cake days, or run marathons, to aid their causes.) Because of this, we are perhaps more aware than most of how charities ask people to become involved, and think it wrong to be made to feel guilty for not doing more. In some ways, we feel that giving quite considerable sums of money should be enough! Raffle tickets are a case in point; we get sent these a lot, to sell to our friends, and we would prefer not to be. Even if our lifestyle permitted us to do this easily, it is not something we're comfortable doing.
We don't want to have money wasted on cheap trinkets as rewards for support. A lot of charities include pens with requests for donations, to make it easier to complete the form and return it. The Red Cross has sent me, over the last few years, address labels, pens, notelets, postcards, seeds and tea. While it is nice to be appreciated, we feel that this is a waste of money which could be better spent on the charity's work, especially as we are being sent far more than we can use. There are only so many address labels with pictures of flowers I can/want to use, after all!
On the other hand, charities can lose out by being too lackadaisical. The Musicians' Benevolent Fund is a charity I wanted to give to, to encourage young musicians, but it proved hard to track them down, and when we did, we kept on dropping off their mailing list entirely. They appear to have a policy of only sending out information to people who responded to the previous appeal, and we don't give to an individual charity frequently enough to do that.
Many charities send receipts and thank you letters for donations over a certain amount. It is nice to be appreciated - some of the charities send out Christmas cards to supporters, which is a nice way to show that they matter. But this isn't really necessary: we are quite happy to give money without thanks, feeling that the work is more important than spending money this way. We can make sure the donation has been received from our bank statements, after all. Realising that not all donors want a receipt, some charities include a box on the form to accompany donations to tick if a receipt is not required. However, if we tick the box, then the charity shouldn't send a receipt, and this doesn't always work. This is another administrative failure, and one which is particularly irritating, as we specifically followed a procedure they set only for the charity to get it wrong.
Two of the charities we support are ones which I would like to highlight as ones which get it right, at least as far as we're concerned. The first is the National Trust. They seem to have really good writers of appeals. Their letters are relatively infrequent, and take the tone "We have this wonderful opportunity - do you want to be part of it?" when many charities are asking "Bad things are/could be happening - help us do something them". This is encouraging rather than depressing, especially as they stand out against the crowd as a result. Charities like the Refugee Council should take note: instead of telling us how bad things are for the people they are trying to help, send us stories of how their work has helped someone, and how it could do so again. (To be honest, they may now be doing this: I've stopped reading their letters, just removing the donation forms and recycling the rest because they were so depressing.)
The second good example is the Salvation Army. As mentioned above, they actually stopped sending us their magazine when we asked them to, as it was a waste as we didn't have time to read it. Now we get two or three appeals a year, and are sent nice Easter and Christmas cards as recognition of our support.
So, if you want my money:
It's easy to come up with a list of actions which put us off giving to the various charities, less easy to say what constitutes a good way to encourage us. I'll start with some observations on actions which discourage us.
We don't want to be asked too frequently. Or having unnecessary reminders of why I support them in the first place. We make an effort to choose charities which have aims we support and do what we think of as good work, and we generally feel we know what they do well enough not to need constant bombardment with letters and leaflets reminding us of why the charity itself considers its work important. This is aimed most at Friends of the Earth of the charities we have supported. They have started having their appeals on the outside of the envelope as well as inside, which is just silly - if it comes from FOTE, we're not likely to assume it's junk mail to be recycled without opening. Not only that, but the appeals tend to be very lengthy and hysterical in tone: we must have another £500,000 this month, or the world will come to an end! (This is the mailing which prompted this blog post, incidentally.) While agreeing that the environment is something which we need to sort out to continue living on this planet, I am not so convinced that one campaigning group is quite so important in the world, even if they are one of the more militant.
People give money to a charity because they want to help with the front line work they do. Unfortunately, a certain amount of administration is necessary for this work to be possible; it's unglamorous and people generally don't want to fund it, but it has to be done. Sometimes employing a high quality administrator behind the scenes could help the work far more than, say, sending food to a disaster area which doesn't reach the starving because it hasn't had paperwork correctly completed to pass through customs. Think of the recent case of the Baptist aid workers in Haiti after the earthquake at the beginning of 2010, who fell foul of the laws banning child trafficking when seeking to take children to be adopted out of the country (see Wikipedia article). If, as they claim, they were sincere in believing the children to be orphans, there must have been problems which could have been solved by a good administrator: checking the status of the children properly (not easy in a country devastated by an earthquake), arrangement of permits to take the children out of the country, and understanding of the legal position on the movement of children in Haiti. While charities should keep their administration costs to a minimum, we don't actually mind how the charity spends the money we give them. Sometimes, charities asking for money include a "how do you want this money to be spent?" query on their forms, and because we feel that admin can be important, and because we don't want emotional feelings about the latest widely publicised disaster (or initiative, or whatever) to take money away from other important work, we always select "in any suitable manner", which almost certainly means that the money goes on administration.
We're not unhappy about paying for administration, but we do feel it needs to be reasonably efficient. Sometimes a charity's administrative methods are so poor that it inhibits giving to them. Plantlife is a charity we want to support, but became unable to do so because they were so inefficient. Firstly we set up a direct debit, which they failed to collect. So we cancelled the direct debit, and sent them a cheque for annual membership and a donation. But then we started getting monthly letters saying that our subscription had lapsed because they'd been unable to process our payment because the direct debit hadn't been collectable. Of course it wasn't: we'd cancelled it when the cheque was cashed. After a year of emails and phone calls, each of which ended with their administrators saying that they'd sort the problem (after all, sending us monthly letters costs them money) which seemed to have no effect on the processing of the letters, we gave up, and took our money elsewhere. We've had charities failing to cash cheques before they expire, or having online giving pages which aren't at the places which they link to, or which don't use SSL to secure the transactions (how difficult is that going to be to set up in 2010?): none of these administrative issues encourage us to give money. If a charity can't manage their receipt of donations, how can they be trusted to efficiently use the money they do receive?
We don't necessarily want to read too much about the details of the work being done. We chose a charity to support because we have some idea of what we do, but sometimes the work is such that too many details become depressing. We know things are difficult for refugees around the world, but we don't need to know all the details of individual cases of hardship (Refugee Council), we know that human rights are abused by many governments, but we don't want to be depressed by just how difficult it can be to be a dissident even in 2010 (Amnesty), we know that life for those excluded from society even in a relatively rich country in the West is hard, but individual cases can be distressing (Salvation Army). I suppose we have got a duty to ensure our money isn't being misused as much as we can, but that isn't quite what I mean by this. Almost every charity produces some sort of magazine for supporters. Sometimes this has a campaigning brief, like Amnesty's, which is used to inspire the letter writing campaigns which have been so successful for them in the past in raising awareness. We're not really people who do much letter writing, so this kind of campaigning isn't our style, and we're not planning to stop giving any time soon, so we would like to have the option of not receiving the magazine, which costs money to produce and distribute, only for us to skim it and recycle it. A short email newsletter would be better suited to the way we want to interact with these social action charities. We have explained this to the Salvation Army, who took us off their magazine list, and to the Refugee Council, who took us off their list for a time but soon started sending the magazine again (the next time we sent money to support the work).
A lot of charities want to encourage their supporters to become involved in their work. For many people, this can be extremely rewarding: working at a local charity shop, volunteering at a local National Trust property, and so on. I've already mentioned that we aren't really suited to become involved in letter writing campaigns. We also have issues caused by a long term illness which make it virtually impossible to be involved in activities which require meeting other people. As a result of this, I work at home almost all the time, so I don't do much socialising with work colleagues. So we're not likely to become involved in many of these activities, even if it's just selling raffle tickets or running awareness raising events at work. (Other people there hold cake days, or run marathons, to aid their causes.) Because of this, we are perhaps more aware than most of how charities ask people to become involved, and think it wrong to be made to feel guilty for not doing more. In some ways, we feel that giving quite considerable sums of money should be enough! Raffle tickets are a case in point; we get sent these a lot, to sell to our friends, and we would prefer not to be. Even if our lifestyle permitted us to do this easily, it is not something we're comfortable doing.
We don't want to have money wasted on cheap trinkets as rewards for support. A lot of charities include pens with requests for donations, to make it easier to complete the form and return it. The Red Cross has sent me, over the last few years, address labels, pens, notelets, postcards, seeds and tea. While it is nice to be appreciated, we feel that this is a waste of money which could be better spent on the charity's work, especially as we are being sent far more than we can use. There are only so many address labels with pictures of flowers I can/want to use, after all!
On the other hand, charities can lose out by being too lackadaisical. The Musicians' Benevolent Fund is a charity I wanted to give to, to encourage young musicians, but it proved hard to track them down, and when we did, we kept on dropping off their mailing list entirely. They appear to have a policy of only sending out information to people who responded to the previous appeal, and we don't give to an individual charity frequently enough to do that.
Many charities send receipts and thank you letters for donations over a certain amount. It is nice to be appreciated - some of the charities send out Christmas cards to supporters, which is a nice way to show that they matter. But this isn't really necessary: we are quite happy to give money without thanks, feeling that the work is more important than spending money this way. We can make sure the donation has been received from our bank statements, after all. Realising that not all donors want a receipt, some charities include a box on the form to accompany donations to tick if a receipt is not required. However, if we tick the box, then the charity shouldn't send a receipt, and this doesn't always work. This is another administrative failure, and one which is particularly irritating, as we specifically followed a procedure they set only for the charity to get it wrong.
Two of the charities we support are ones which I would like to highlight as ones which get it right, at least as far as we're concerned. The first is the National Trust. They seem to have really good writers of appeals. Their letters are relatively infrequent, and take the tone "We have this wonderful opportunity - do you want to be part of it?" when many charities are asking "Bad things are/could be happening - help us do something them". This is encouraging rather than depressing, especially as they stand out against the crowd as a result. Charities like the Refugee Council should take note: instead of telling us how bad things are for the people they are trying to help, send us stories of how their work has helped someone, and how it could do so again. (To be honest, they may now be doing this: I've stopped reading their letters, just removing the donation forms and recycling the rest because they were so depressing.)
The second good example is the Salvation Army. As mentioned above, they actually stopped sending us their magazine when we asked them to, as it was a waste as we didn't have time to read it. Now we get two or three appeals a year, and are sent nice Easter and Christmas cards as recognition of our support.
So, if you want my money:
- don't ask me every five minutes
- don't send me large numbers of cheap "gifts"
- don't expect me to act as a fundraising or campaiging volunteer unless I tell you I want to do this
- do be positive about what you are doing with the money
- do administer my giving effectively and efficiently
- do keep in touch
Tuesday, 11 May 2010
Job Hunting in UK Higher Education VII: Online Application Forms
I made a couple of job applications using online web-based software applications (the word being rather overused here, but I think it's clear enough). It was fairly clear that the two applications were in fact the same piece of software, with somewhat different configuration, sharing exact limitations on the two sites. Since using the web for making job applications is likely to be of increasing importance, I think it would be useful to write about some of these limitations and how they should be addressed (from the point of view of the applicant).
Looking back at the sites now in order to obtain screenshots, it is clear that the application has been updated since I used it, and some of the criticisms I am about to make have already been addressed. Once I have completed this set of posts, I will contact the institutions involved (and both the THES and jobs.ac.uk, subjects of earlier posts) for feedback and in the hope that what I say might be useful to them.
The appearance of the web application was extremely old fashioned
While I am of the opinion that form and appearance are less important than content, we are living in 2010 not in 1995. The web has changed a lot since then: backgrounds (the web in 1995 was black text on a grey background as far as browsers were concerned), CSS, and many minor formatting aids in successive updates to HTML have made a huge difference to the experience of browsing the Internet over the last fifteen years. And to design a web application so that it appears to have ignored all these changes makes the institution which hosts such an application appear to be out of date itself: not an image that any university really wants to promote of itself in this day and age. Universities wish to attract good quality staff members, and one of the ways that they can do this is to emphasise how much they are an exciting and innovative place to work; and to give the impression that job applicants are so unimportant that the facilities given them are over a decade out of date is not at all the way to do this.
Additionally, most universities are concerned that their online presence should present a reasonably uniform, branded, experience to browsers, an aim which CSS has made relatively easy to implement, at least in part. So a part of the institutional website which totally ignores any requirement to uniformity must be a nightmare to those concerned with marketing the university's image.
This is one aspect which has been improved drastically since I used the web application, so I am clearly not the only person to have been concerned about this. Since this has changed, I have not included an illustrative screenshot, but some idea of what the site looked like can be seen here (the Mosaic 1.0 screenshot is the right vintage for the web experience I'm talking about), or here.
Help and Guidance Was Lacking
One of the most serious lacks in software generally is decent documentation. With this web application, how to use it gradually became clearer, but was never spelt out in advance. This affects users in two ways.
The application can contain what are called "branching questions", where what the applicant is asked next depends on answers to previous questions. ("Do you have unspent convictions?" would lead to the follow-up "List them" if answered affirmatively, but could skip to a question about ethnic background if answered negatively, for example.) These questions are clearly configurable - they were considerably different at the sites where I have used the application. Apart from questions usually found on an equal opportunities monitoring form, in both cases this section included custom questions - "Why do you wish to work at University X?", for example. In order to sensibly answer such questions, it can be extremely useful to know what all the questions are in advance, a trivial matter with a paper application form. But the applicant only sees the next question when the previous one is answered. Only once something has been entered for every question is is possible to see all the answered questions (i.e. without the branches that were not followed), by clicking on the "Print summary" link, which displays a web page containing the whole of a user's application - useful for printing out a copy to read offline or to store for future reference (e.g. for re-reading on the way to an interview); this is not obvious.
The second question which is hard to answer at the start is how an application is submitted. Submission actually happens as follows. The questions are organised into sections. After the applicant is happy with each section, they can tick a box marking the section complete. (This doesn't prevent them from coming back and changing it again later.) Once every section is complete, a new button appears on the summary page (not the same as the summary displayed by "Print summary" in the previous paragraph, but the one listing the sections) to submit the application. At this point, it is still possible to edit the answers, but it is not clear whether these will be received by the Human Resources department.
While this is a sensible way to organise the form to prevent accidental submission, it would be useful to see the information in the paragraph above beforehand. Otherwise, the obvious supposition is that submission is an automatic process, and will just occur when all the sections are marked completed.
No formatting was available for text input
Many people use formatting - particularly bold and italic - to make it easier to pick salient points out from their CV. I have tables in mine, mainly because I have worked on over a dozen different named projects in my current post, and it's a convenient way to summarise the different projects by name, date and my contribution. So if the word processed CV is replaced by a form, applicants will want to be able to duplicate as much formatting as possible.
Clearly, this ability is possible to implement: I am typing this blog entry in an Javascript editor which allows most of this formatting via familiar icons (to include tables the direct HTML entry option needs to be used). This sort of interface will be familiar to many job applicants in academic circles: it has become commonplace to edit blogs, WIKIs and website CMS systems.
So why is it that the web application requires the entry of data as unformatted text? This makes it easier to store in a database, though reducing it to HTML markup as the blogger editor does will leave it in as good a form for storage as straight text. Other decisions about the design of the application seem to have been made because of the necessity of storing the information in a database (see below), but this is surely unnecessary in 2010: storage space is relatively cheap.
Incidentally, the Javascript editor in blogger is not perfect by any means - the first draft of this post was lost when I used CTL-z to reverse a change, saw the whole post disappear and then immediately become unavailable as the autosave function ran to save these changes! Nevertheless, it is massively easier to use to produce information which matches the job applicant's requirements to present as good a picture of him or herself as possible.
Bizarre Usability Choices
With a job application, large numbers of dates often need to be entered: start and end dates for employment, dates when qualifications were obtained, and so on. With qualifications, it is common to take several at the same time when in school, which effectively means that the same date needs to be entered multiple times. With this in mind, an application for handling job applications needs to be designed to allow dates to be entered easily, preferably by copy and paste from existing documents.
However, that isn't the case - and not just in this specific application. There seems to be something of a fashion for poorly designed date entry controls at the moment, which require the selection of the day of the month, month, and year from three separate drop down menus. While it's usually possible to short cut the tedious process of finding the right value for each (select the first, then type the day, escape, enough letters from the month to uniquely identify it, escape, and the year), it's not as simple as copying a date from another document, especially if it needs to be done several times.
When I made the applications, there was a difference between the two sites, which now seems to have disappeared. That is that one of them actually required the input of the day of the month for dates as well as the month and year, with the rather strange hint that the first should be used for a date where the applicant didn't know the exact day of the month. How many people could actually remember the exact day on which they obtained a qualification twenty years ago: and is it really a defined date - should it match the day of the final exam, the results being published, the graduation ceremony, the arrival of the official certificate?
At Least One Bug in Basic Input Processing
In a job application, there are likely to be a fair number of lengthy textual sections, responses to directions such as "Describe your responsibilities in your current post", "Indicate how you fulfil the person specification for the vacancy", and so on. The web application makes a requirement that these free text submissions are limited in length - I'm not sure why this is necessary, as it's very simple to store effectively unlimited text in a database (certainly to allow more than any legitimate applicant is going to submit except by error). The character limits are clearly configurable per question, which makes sense provided that the configuration is sufficiently imaginative: it would have been nice if it had been borne in mind that a character limit of 4000 for "Describe how you fulfil the person specification for the vacancy" where this lists twenty requirements gives only an average of 200 characters for each requirement: not much longer than a tweet.
Leaving that aside, there also turned out to be a bug affecting how the text limit was applied. The way I went about answering these questions was to use a word processor to develop an answer, because it provides a convenient way to keep track of how many characters have been used. Then I copied and pasted the answer into the web form, and submitted it. This showed that the counting done by the word processor and the form checking code didn't count the characters in the same way, so I needed to cut 50 or so characters to reduce 3980 characters to 4000 (if you see what I mean). While irritating, this is effectively outside the control of the developers. Possible reasons could include UNIX-to-DOS format line ending conversion, which would effectively add an invisible character for each line break in the text.
Note: I was unable to update my existing answers for an application for a post for which the deadline had already passed in a way which would have confirmed the continued existence of this bug or to provide screenshots for this post.
However, worse was to come. Having made the effort to cut the number of characters, and persuaded the web form that the input was really less than 4000 characters, I submitted the answer again. Apparently successfully. But then when I looked at the summary of the job application, I discovered that about 20 characters had been snipped from the end of the answer, presumably meaning that the web application didn't count the characters in the input in the same way that it counted the characters in the submission to the database. Now this, I think, is inexcusable and should have been found in testing.
It made me wonder what other basic issues had been missed from the software: did it have any protection from SQL injection attacks, for example?
Looking back at the sites now in order to obtain screenshots, it is clear that the application has been updated since I used it, and some of the criticisms I am about to make have already been addressed. Once I have completed this set of posts, I will contact the institutions involved (and both the THES and jobs.ac.uk, subjects of earlier posts) for feedback and in the hope that what I say might be useful to them.
The appearance of the web application was extremely old fashioned
While I am of the opinion that form and appearance are less important than content, we are living in 2010 not in 1995. The web has changed a lot since then: backgrounds (the web in 1995 was black text on a grey background as far as browsers were concerned), CSS, and many minor formatting aids in successive updates to HTML have made a huge difference to the experience of browsing the Internet over the last fifteen years. And to design a web application so that it appears to have ignored all these changes makes the institution which hosts such an application appear to be out of date itself: not an image that any university really wants to promote of itself in this day and age. Universities wish to attract good quality staff members, and one of the ways that they can do this is to emphasise how much they are an exciting and innovative place to work; and to give the impression that job applicants are so unimportant that the facilities given them are over a decade out of date is not at all the way to do this.
Additionally, most universities are concerned that their online presence should present a reasonably uniform, branded, experience to browsers, an aim which CSS has made relatively easy to implement, at least in part. So a part of the institutional website which totally ignores any requirement to uniformity must be a nightmare to those concerned with marketing the university's image.
This is one aspect which has been improved drastically since I used the web application, so I am clearly not the only person to have been concerned about this. Since this has changed, I have not included an illustrative screenshot, but some idea of what the site looked like can be seen here (the Mosaic 1.0 screenshot is the right vintage for the web experience I'm talking about), or here.
Help and Guidance Was Lacking
One of the most serious lacks in software generally is decent documentation. With this web application, how to use it gradually became clearer, but was never spelt out in advance. This affects users in two ways.
The application can contain what are called "branching questions", where what the applicant is asked next depends on answers to previous questions. ("Do you have unspent convictions?" would lead to the follow-up "List them" if answered affirmatively, but could skip to a question about ethnic background if answered negatively, for example.) These questions are clearly configurable - they were considerably different at the sites where I have used the application. Apart from questions usually found on an equal opportunities monitoring form, in both cases this section included custom questions - "Why do you wish to work at University X?", for example. In order to sensibly answer such questions, it can be extremely useful to know what all the questions are in advance, a trivial matter with a paper application form. But the applicant only sees the next question when the previous one is answered. Only once something has been entered for every question is is possible to see all the answered questions (i.e. without the branches that were not followed), by clicking on the "Print summary" link, which displays a web page containing the whole of a user's application - useful for printing out a copy to read offline or to store for future reference (e.g. for re-reading on the way to an interview); this is not obvious.
While this is a sensible way to organise the form to prevent accidental submission, it would be useful to see the information in the paragraph above beforehand. Otherwise, the obvious supposition is that submission is an automatic process, and will just occur when all the sections are marked completed.
No formatting was available for text input
Many people use formatting - particularly bold and italic - to make it easier to pick salient points out from their CV. I have tables in mine, mainly because I have worked on over a dozen different named projects in my current post, and it's a convenient way to summarise the different projects by name, date and my contribution. So if the word processed CV is replaced by a form, applicants will want to be able to duplicate as much formatting as possible.
Incidentally, the Javascript editor in blogger is not perfect by any means - the first draft of this post was lost when I used CTL-z to reverse a change, saw the whole post disappear and then immediately become unavailable as the autosave function ran to save these changes! Nevertheless, it is massively easier to use to produce information which matches the job applicant's requirements to present as good a picture of him or herself as possible.
Bizarre Usability Choices
With a job application, large numbers of dates often need to be entered: start and end dates for employment, dates when qualifications were obtained, and so on. With qualifications, it is common to take several at the same time when in school, which effectively means that the same date needs to be entered multiple times. With this in mind, an application for handling job applications needs to be designed to allow dates to be entered easily, preferably by copy and paste from existing documents.
When I made the applications, there was a difference between the two sites, which now seems to have disappeared. That is that one of them actually required the input of the day of the month for dates as well as the month and year, with the rather strange hint that the first should be used for a date where the applicant didn't know the exact day of the month. How many people could actually remember the exact day on which they obtained a qualification twenty years ago: and is it really a defined date - should it match the day of the final exam, the results being published, the graduation ceremony, the arrival of the official certificate?
At Least One Bug in Basic Input Processing
In a job application, there are likely to be a fair number of lengthy textual sections, responses to directions such as "Describe your responsibilities in your current post", "Indicate how you fulfil the person specification for the vacancy", and so on. The web application makes a requirement that these free text submissions are limited in length - I'm not sure why this is necessary, as it's very simple to store effectively unlimited text in a database (certainly to allow more than any legitimate applicant is going to submit except by error). The character limits are clearly configurable per question, which makes sense provided that the configuration is sufficiently imaginative: it would have been nice if it had been borne in mind that a character limit of 4000 for "Describe how you fulfil the person specification for the vacancy" where this lists twenty requirements gives only an average of 200 characters for each requirement: not much longer than a tweet.
Leaving that aside, there also turned out to be a bug affecting how the text limit was applied. The way I went about answering these questions was to use a word processor to develop an answer, because it provides a convenient way to keep track of how many characters have been used. Then I copied and pasted the answer into the web form, and submitted it. This showed that the counting done by the word processor and the form checking code didn't count the characters in the same way, so I needed to cut 50 or so characters to reduce 3980 characters to 4000 (if you see what I mean). While irritating, this is effectively outside the control of the developers. Possible reasons could include UNIX-to-DOS format line ending conversion, which would effectively add an invisible character for each line break in the text.
Note: I was unable to update my existing answers for an application for a post for which the deadline had already passed in a way which would have confirmed the continued existence of this bug or to provide screenshots for this post.
However, worse was to come. Having made the effort to cut the number of characters, and persuaded the web form that the input was really less than 4000 characters, I submitted the answer again. Apparently successfully. But then when I looked at the summary of the job application, I discovered that about 20 characters had been snipped from the end of the answer, presumably meaning that the web application didn't count the characters in the input in the same way that it counted the characters in the submission to the database. Now this, I think, is inexcusable and should have been found in testing.
It made me wonder what other basic issues had been missed from the software: did it have any protection from SQL injection attacks, for example?
Tuesday, 27 April 2010
Job Hunting in UK Higher Education VI: Making an Application
As I have already stated, there were several methods by which applications were made. At each institution, the process required the submission of some of the following:
I'm not going to be discussing what should be in a CV in any detail. There are so many places which discuss it, and it seems pretty arbitrary, as the following anecdote illustrates. I worked for a few months as a temp, between completing my Ph.D. and starting a permanent job. At one point, I removed this from my CV, as it isn't experience which is at all relevant to what I do now and what I want to do in the future, and my CV is long enough already. The next interview I had, I was asked about this gap in my CV, so I then put it back. And then in the following interview, I was asked why I included something completely irrelevant to the post I was applying for. So no advice would have saved me from critical questions in both cases. I've already talked about the requirements made in the person specification, so I'm not going to comment on that here.
What I do want to talk about are the requirements the various applications used to get the information the applicant wishes to convey to the appointment panel, by submitting it to the human resources department.
Word Processor Application Forms
As a long term Linux user, I object quite strenuously to the use of Microsoft Word as a de facto standard as a document format. Interoperability between Word and Openoffice is now pretty good. Where things don't work, it is likely to be due to font issues (many fonts available to Word users on Windows being proprietary and only legally accessible with a Windows license), or, more seriously, to extra complex formatting. Unfortunately, application forms which are to download and complete electronically tend to fall into the latter category.
Even for Word users, some forms I have seen will provide problems. In this case, the problem has been a lack of imagination on the part of the form designer. Examples include using a set number of fields for qualifications which is too low for some applicants: I for example have 12 O-levels, 3 A-levels, a degree and a doctorate - and this can't be unusual in applicants for academic positions. Another problem is setting up the form in such a way that a lengthy answer ruins the formatting; this again affects me because I have been in my current post for over 12 years, have carried out a variety of activities including programming, software design, research and management and have been funded through over a dozen different projects, which means that not only is my current employment complex to describe, but also it is useful to include formatted information - a table listing the projects by name and date, and summarising my involvement. Where it is not possible to be flexible for some reason, it should be possible to allow the submission of additional documents.
Sometimes the form designer has just been too creative with the design. This screenshot shows a (content redacted) version of an equal opportunities form I completed as part of one application. The original form was a Word document, and this is what happened when it was saved (still in Word format) by OpenOffice.
Clearly, this was not the intention of the form designer. I haven't looked in detail at how the form was set up to try and work out why this happened: but it has never happened to me with a table based document before, no matter how complicated. And complexity is surely unnecessary: all the information about the applicant appears either as check boxes or as short snippets of text. The main application form from this institution worked fine; I would have found it very hard to complete a sensible looking application if this had happened to it, but for an equal opportunities form which isn't submitted to the panel, I wasn't too bothered.
- a completed, downloaded, application form in word processor format
- a curriculum vitae
- other relevant files (e.g. a , supporting statement, covering letter, or publications list)
- an online application form completed and submitted by web browser (discussed in the next post)
I'm not going to be discussing what should be in a CV in any detail. There are so many places which discuss it, and it seems pretty arbitrary, as the following anecdote illustrates. I worked for a few months as a temp, between completing my Ph.D. and starting a permanent job. At one point, I removed this from my CV, as it isn't experience which is at all relevant to what I do now and what I want to do in the future, and my CV is long enough already. The next interview I had, I was asked about this gap in my CV, so I then put it back. And then in the following interview, I was asked why I included something completely irrelevant to the post I was applying for. So no advice would have saved me from critical questions in both cases. I've already talked about the requirements made in the person specification, so I'm not going to comment on that here.
What I do want to talk about are the requirements the various applications used to get the information the applicant wishes to convey to the appointment panel, by submitting it to the human resources department.
Word Processor Application Forms
As a long term Linux user, I object quite strenuously to the use of Microsoft Word as a de facto standard as a document format. Interoperability between Word and Openoffice is now pretty good. Where things don't work, it is likely to be due to font issues (many fonts available to Word users on Windows being proprietary and only legally accessible with a Windows license), or, more seriously, to extra complex formatting. Unfortunately, application forms which are to download and complete electronically tend to fall into the latter category.
Even for Word users, some forms I have seen will provide problems. In this case, the problem has been a lack of imagination on the part of the form designer. Examples include using a set number of fields for qualifications which is too low for some applicants: I for example have 12 O-levels, 3 A-levels, a degree and a doctorate - and this can't be unusual in applicants for academic positions. Another problem is setting up the form in such a way that a lengthy answer ruins the formatting; this again affects me because I have been in my current post for over 12 years, have carried out a variety of activities including programming, software design, research and management and have been funded through over a dozen different projects, which means that not only is my current employment complex to describe, but also it is useful to include formatted information - a table listing the projects by name and date, and summarising my involvement. Where it is not possible to be flexible for some reason, it should be possible to allow the submission of additional documents.
Sometimes the form designer has just been too creative with the design. This screenshot shows a (content redacted) version of an equal opportunities form I completed as part of one application. The original form was a Word document, and this is what happened when it was saved (still in Word format) by OpenOffice.
Tuesday, 20 April 2010
Job Hunting in UK Higher Education V: Crafting Job Specifications
As someone who has put together the person specification for a post as well as applied for vacancies, I was worried somewhat by many of the specifications I was expected to show I fulfilled in this round of job searching. The problem is basically this: large numbers of requirements, almost all of which are listed as essential. I don't know if this is a trend, or whether it just affects the more senior roles which I have been looking at.
The information given to prospective applicants usually falls into four parts. There is the administrative information necessary to make the application (closing date, how to apply, contacts for queries, and usually an equal opportunities statement of some kind). There is information about the organisation offering the post, usually fairly directly lifted from the university and departmental web pages in the case of an academic sector post. (It is not usually very informative to the potential applicant, however, as it is like a student prospectus: marketing literature to tell them that the university is a wonderful place to be.) There is the job specification, which is mainly useful to help decide whether the post is really one the applicant would want to hold. And there is the person specification - what the appointment panel will be looking for in the applicants to shortlist and eventually appoint.
Usually, person specifications are divided up in two ways. The criteria are categorised into groups such as "education and qualifications", "experience", "personal qualities"; about four or five of these are quite common. Then each cirtierion is either "essential" or "desirable", to put off applicants who are really unsuitable. In many cases, though, it is possible to have a successful application without satisfying all the essential criteria, depending on how good the other applicants are. In my case, I have no formal computing/IT qualifications: I grew up in the era when a school's computers consisted of four or five BBC Micros in a little room, and there wasn't any opportunity to formally study even in quite a sciences oriented school. But it is possible to argue that my experience is at least equivalent to a graduate level qualification, and probably beyond in some areas. It is of course advisable to check beforehand that an application which doesn't meet the essential criteria will be considered; it is not worth putting in the time to complete one if it will be automatically rejected out of hand. This is where the email address usually given in vacancy details for informal queries is extremely useful.
Now, some of the vacancies I applied for, and others which I considered in detail, had over twenty criteria, and of those only one or two were desirable rather than essential. I have two issues with this: it's a lot of work for an applicant to show that they do indeed satisfy that many essential criteria, and it is questionable whether many of the criteria really are required.
If you are on the panel deciding who to interview, it can be quite difficult to work out whether a candidate satisfies the criteria - usually because a generic CV has been used for the application which doesn't specify the information asked for. But you have to take the attitude that if they don't clearly indicate that they have personal quality or experience which is asked for, then they are not going to be suitable. The flip side of this is that what is asked for should be clear, and it should be relevant to the post.
The most typical unclear requirement for a post is that an applicant should be "able to work as part of a team". That this is almost meaningless is shown by the fact that almost every post advertised has this requirement, meaning that virtually any work experience should be evidence that a candidate can do so. This is despite the fact that I have had to work (on teams) with several people who were absolutely incapable of working as part of a team. This doesn't necessarily make them unemployable, impossible to work with, or actually unsuitable for the work they were asked to do as part of the team: they could do the work, just not really relate to the team. Perhaps potential employers should think a bit harder about precisely what aspects of teamwork are required for a post: ask for someone who is good at relating to people from different backgrounds, or who can be relied on to produce work when asked for it.
Teamwork is a particularly laughable requirement when it is, as is often the case, combined with a requirement that the applicant should be "able to work independently". While not entirely the opposite of being part of a team, it would perhaps be better to indicate that applicants would need to be able to adapt to different working conditions as circumstances dictate (though this is also a pretty meaningless requirement for any post beyond the most mind-numbingly dull, tedious and repetitive).
Other effectively meaningless and unclear requirements include "ability to work under pressure", "ability to meet deadlines", "willingness to travel" and so on. Generally, criteria like these should be reserved for posts where it is particularly of importance, beyond that required for any white collar worker. As an interviewee, one of the questions I have to ask at the end is often about travel, as the personal circumstances make it impossible to be away from home for long periods, or to travel on short notice. However, it turned out that "willingness to travel" just meant being happy to work occasionally at the other campus of the university involved, about 40 miles by road. The requirement in the person specification suggested that it would necessary to make frequent overseas trips to conferences and meetings, and be away for days at a time.
Many applicants put a lot of thought into job applications. It seems only reasonable that those who write the specification should put some effort into doing so too.
The information given to prospective applicants usually falls into four parts. There is the administrative information necessary to make the application (closing date, how to apply, contacts for queries, and usually an equal opportunities statement of some kind). There is information about the organisation offering the post, usually fairly directly lifted from the university and departmental web pages in the case of an academic sector post. (It is not usually very informative to the potential applicant, however, as it is like a student prospectus: marketing literature to tell them that the university is a wonderful place to be.) There is the job specification, which is mainly useful to help decide whether the post is really one the applicant would want to hold. And there is the person specification - what the appointment panel will be looking for in the applicants to shortlist and eventually appoint.
Usually, person specifications are divided up in two ways. The criteria are categorised into groups such as "education and qualifications", "experience", "personal qualities"; about four or five of these are quite common. Then each cirtierion is either "essential" or "desirable", to put off applicants who are really unsuitable. In many cases, though, it is possible to have a successful application without satisfying all the essential criteria, depending on how good the other applicants are. In my case, I have no formal computing/IT qualifications: I grew up in the era when a school's computers consisted of four or five BBC Micros in a little room, and there wasn't any opportunity to formally study even in quite a sciences oriented school. But it is possible to argue that my experience is at least equivalent to a graduate level qualification, and probably beyond in some areas. It is of course advisable to check beforehand that an application which doesn't meet the essential criteria will be considered; it is not worth putting in the time to complete one if it will be automatically rejected out of hand. This is where the email address usually given in vacancy details for informal queries is extremely useful.
Now, some of the vacancies I applied for, and others which I considered in detail, had over twenty criteria, and of those only one or two were desirable rather than essential. I have two issues with this: it's a lot of work for an applicant to show that they do indeed satisfy that many essential criteria, and it is questionable whether many of the criteria really are required.
If you are on the panel deciding who to interview, it can be quite difficult to work out whether a candidate satisfies the criteria - usually because a generic CV has been used for the application which doesn't specify the information asked for. But you have to take the attitude that if they don't clearly indicate that they have personal quality or experience which is asked for, then they are not going to be suitable. The flip side of this is that what is asked for should be clear, and it should be relevant to the post.
The most typical unclear requirement for a post is that an applicant should be "able to work as part of a team". That this is almost meaningless is shown by the fact that almost every post advertised has this requirement, meaning that virtually any work experience should be evidence that a candidate can do so. This is despite the fact that I have had to work (on teams) with several people who were absolutely incapable of working as part of a team. This doesn't necessarily make them unemployable, impossible to work with, or actually unsuitable for the work they were asked to do as part of the team: they could do the work, just not really relate to the team. Perhaps potential employers should think a bit harder about precisely what aspects of teamwork are required for a post: ask for someone who is good at relating to people from different backgrounds, or who can be relied on to produce work when asked for it.
Teamwork is a particularly laughable requirement when it is, as is often the case, combined with a requirement that the applicant should be "able to work independently". While not entirely the opposite of being part of a team, it would perhaps be better to indicate that applicants would need to be able to adapt to different working conditions as circumstances dictate (though this is also a pretty meaningless requirement for any post beyond the most mind-numbingly dull, tedious and repetitive).
Other effectively meaningless and unclear requirements include "ability to work under pressure", "ability to meet deadlines", "willingness to travel" and so on. Generally, criteria like these should be reserved for posts where it is particularly of importance, beyond that required for any white collar worker. As an interviewee, one of the questions I have to ask at the end is often about travel, as the personal circumstances make it impossible to be away from home for long periods, or to travel on short notice. However, it turned out that "willingness to travel" just meant being happy to work occasionally at the other campus of the university involved, about 40 miles by road. The requirement in the person specification suggested that it would necessary to make frequent overseas trips to conferences and meetings, and be away for days at a time.
Many applicants put a lot of thought into job applications. It seems only reasonable that those who write the specification should put some effort into doing so too.
Subscribe to:
Posts (Atom)
Posts
