Perspective: User Requirements for Technology Projects

I was asked to talk about the handling of user requirements, how to link them to implementation within technology projects, by The Medical Concierge Group (TMCG) a digital ehealth service provider.

The key principles are being able to respond to change (agile), keep learning, and how to capture business/customer outcomes as well as improving communication across different departments and external stakeholders.

TechTip: Secure Access to S3 Folder

This is more a reminder to myself, so that I do not always have to struggle. Amazon S3 is probably the cheapest cloud storage service, that exists, and in these days of multi-tenant architecutures, provides a great way of accessing data from multiple instances.

However in some cases, you need to store files in S3 that are not viewable to anyone in the world, only to your app. I am hoping that this guide will help with that, and I will keep improving it with feedback and additional learning

The steps are as follows:

  1. Optional: Create an IAM group for users to help in user management
  2. Create an IAM user for each app environment with programmatic access to provide isolation from all other users who share the AWS account, I recommend creating separate users for dev, qa and production environment
  3. Generate access keys for each user which will be used to configure the app
  4. Create an access policy for each environment to restrict access to a bucket or a collection of buckets like below for restricting access to only the dev bucket
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Sid": "VisualEditor1",
          "Effect": "Allow",
          "Action": [
            "s3:ListBucket"
          ],
          "Resource": [
            "arn:aws:s3:::project-dev"
          ]
        },
        {
          "Sid": "VisualEditor0",
          "Effect": "Allow",
          "Action": "s3:*",
          "Resource": [
            "arn:aws:s3:::project-dev/*"
          ]
        }
      ]
    }
  5. Create S3 buckets with no public access, but with the names matching what is defined in the policies
  6. Test adding files to S3 using the credentials to confirm access (I tend to use the AWS cli with profiles for this case)
    
    

    aws s3 ls s3://project-dev –profile project-dev

UPDATE 1 – February 24, 2019: Added a poilicy for being able to read the bucket which is different from the bucket contents, see Sid: VisualEditor1.

Agile Software Development for Ugandan Context 2019 Edition

Excited to share my thoughts and experiences in agile software delivery for use within Uganda at the Google Dev Fest in Kampala, on October 26, 2019

 

 

My OpenSource Journey

I am having a great time sharing my experiences with new developers as part of giving back to the community hoping to encourage them on their own journeys…

Application and Data Security in the Software Development Lifecycle

This is presentation to Computer Engineering 4th year undergraduate students at Makerere University, Faculty of Technology, College of Design, Art and Technology to introduce them to concepts and approaches for application and data security in the software development process.

Looking for ideas on what I may have missed or omitted to help make this presentation more useful for others

Life in the Tech Lane

I was recently asked to talk to a group of young technologists touching on career, health, finances and family. Using my own journey I am happy to share life in the Tech Lane

I am happy to talk to your teams on similar topics, or even software delivery related topics, so do get in touch

A Frugal Innovation Approach to Simcard Verification 2019 Edition – Design & High-level Architecture

Happy Easter Monday to you all, and I hope that the rains on Sunday night completed the cleansing process from the festivities, the resurrection of the Lord Jesus Christ and from the feast of the Goddess Ester (depending on which side you lean)… I am one who embraces all religious doctrines an faiths.

So over the last few days I have started receiving a message from MTN Uganda, to physcially visit a service center to verify my sim card registration, well this is only the 3rd cycle for selected customers whose details were screwed up during cycle 2, and I guess I am one of the lucky few with time to waste.

This is a followup to the 2013 recommendations for Simcard Registration https://ssmusoke.com/2013/03/12/uganda-simcard-registration-alternate-approach/ which apparently were not providing sufficient value 😉

Anyway after having to make 10 calls this morning, the reminder message, a hardcoded IVR message, has left me frustrated, but also wondering, why do I have to physically visit the service center, it is 2019!

Rather than complain all the time, I focused my anger with support from my trusted colleagues at Styx Technology Group (http://styxte.ch) we got to protoyping a quick and dirty solution to this mess. What MTN and the regulator need are my National ID details, since they will scan the ID or take a photo of it, take a photo of me then I will have to wait 2-3 days,

A frugal innovation can be:

  1. Mobile App front end to capture data that is needed
  2. A backend system – doesn’t matter what it is – can even reuse the exisiting simcard registration database they have with processes to complete the verification flow, and link into the audit process that triggered this verification
  3. A verification process, which can be done by the app automatically, or using a backup USSD channel. This follows 2FA (two factor authentication to prevent mis-use)
  4. A notification that the verificatio process has been completed and *197# can be leveraged to check status.

This method is not for everyone, but provides a solution for those of us who may not be able to line up and waste 2-3 hours in line to do just this…

Some mobile screenshots from the design team

 

NIN Details

National ID Details

Phone Numbers

Phone Numbers

Confirmation

Confirmation

Thoughts and additions are welcome!!!

UPDATE 1: One of the team members asked me, so does this solve your problem? How do you know which numbers are listed on your NIN that has been provided? Leading to iteration 2 of the Phone Numbers screen allowing the display of existing numbers with functionality to remove currently registered numbers…

Phone Numbers - v2

%d bloggers like this: