7 posts • joined Thursday 29th May 2008 20:58 GMT
I've seen this fail
I was in a coffee shop with two people in front on me. The guy second in line leaned over, wallet in hand, to get a serviette. The machine beeped. The guy at the front asked how much and the person at the till said " you've already paid with your Barcleycard". He said "I don't have a Barcleycard".. The guy second in line said "I do". He had paid with out knowing. Try challenging that when the bill comes through. My Barcleycard went straight in the shreader
I couldn't agree more about the client certs. Something I've been shouting about for a long while. It just makes so much sense to validate both sides of the transaction.
I'm always shocked at how "ordinary users" can get caught out by misunderstandings. I had a friend complain to me that the virus checker I had installed for them had prevented them opening an email attachment. They said they had to unistall the virus checker before they could open the attachment.<gasp>
Ah, but what you are missing is 1) the people who are going to the site for the first time and are about to hand over all the details required to set up online accounts, and 2) the people who, on seeing a popup saying "the certificate has changed and maybe owned by alien beings and agreeing to this will mean that you give away your first born", will just click "ok" anyway because they don't know any better. This adds up to a significant number of people at risk from this.
It's why SSL/TLS on its own is not really good enough for online banking.
I've noticed that most of the people who have succeeded say they were notified by email, which I think means they are new customers, as I was notified by text to my iphone. Does that mean that most of the stocks/web resources were allocated to new customers, not upgraders?
Hmm, way to keep people loyal o2.
Yeh, I tried
for an hour. What a horribly complex process. I login, then I have to type my phone number ( I just logged in, its on the screen!!) and then it texts me a code ( except it didn't the first dozen times) and reloading gave a remedial screen which asked for credit card details before crashing. It also warns that it will need my account number ( I JUST LOGGED IN. YOU KNOW IT ALREADY). And then it broke completely. I wasn't even offered a phone number. Why not click "Yes I want it and put it on my next bill?", Or stagger then texts they sent out this morning?
Its only complex if
you try and integrate it with all the propriatry stuff that all the is already there. If you try and do that then I'm afraid £12.7 billion won't do it. In fact I can't imagine it being possible as each interface will have to be reworked or a translation package written and maintained. All that is required ( as others have said) is something to ship the info to the right people and there are so many simple ways of doing that which work. So which do you go for. The impossible or the achievable? Hmm, tough choice huh?
@ Anonymous coward, I have worked on large scale projects and integration stuff. If the scope of the project is spec'ed as " We want it all and we want it now", its always doomed to failure. Occams razor and the old KISS ( keep it simple stupid) never let you down. My experience of NHS IT projects are all of disjointed, over ambitious projects that normally end up expensive and unused.
Whats the problem?
Its a simple database server with a simple user interface, that requires security so tight it squeaks. £12.7 billion????? I'll do it for a pie and a pint.
So is the managers that have spec'ed it as a mammoth project, or the contractors who have sucked their teeth like some Del Boy mechanic and said "thats gonna cost ya". £12.7 billion buys an awful lot of hip replacements. Simple problem, simple solution, screwed up by money grabbing bastards