Tuesday, June 28, 2005

"Requirements Specification" is an Oxymoron

I've never liked the term Requirements Specification or Software Requirements Specification even though these are widely used in the industry. There are requirements and there are specifications. The two are always different in my mind. Indeed, Webster's defines them differently.

re-quire-ment: something wanted or needed; something
essential to the existence or occurrence of something

spec-i-fi-ca-tion: detailed precise presentation of
something or of a plan or proposal for something; a
written description of an invention for which a patent
is sought

You can specify designs. You can specify architectures. Blueprints are specifications. Source code is a specification. Pseudo-code, state diagrams, and message sequence charts are specifications.

A statement of need is never precise or detailed. It should be clear, unique, feasible, and testable, but it cannot be precise or detailed.

The user interface shall be responsive, is a requirement. It's a poor requirement, but it's still a statement of need.

Lamp X shall illuminate 100 ms after button Y is pressed, is a specification. It defines a precise description of events. It's not a requirement. No information regarding the stakeholder's need has been conveyed.

I can usually spot a specification when I see one. A good requirement is difficult to identify and even harder to write. Authors naturally tend to slip into writing specifications because they don't know how to express their needs. Requirements are also subjective. Some people might view the statement, the UI shall be responsive as failing to convey need. One can always ask, why must the UI be responsive?

I admit I'm on a holy crusade to eradicate the term Requirements Specification. Let's call it a Requirements Document or a Requirements Database. Let's save the term specification for the Software Specification that will follow the Requirements Document. Typically this is a High Level Design and Low Level Design. Those documents are worthy of the title Specification.

Sunday, June 19, 2005

Yahoo Music Service

I signed up for Yahoo's Music Unlimited service last week. I've found it to be quite nice. I don't often go looking for the deep tracks, so Yahoo's catalog seems pretty big to me. You can't beat the price. $60 for a year of Yahoo is cheaper than 5 CDs! Looking at my collection of 300 disks, I could have bought 60 years of Yahoo music for less!

I don't have an iPod, but I do have an iPAQ with a 1 Gig flash card. I also have an old portable CD player and a CD deck in my car. None of this stuff works with Yahoo's service which relies on the recently created Windows DRM 10 (aka Janus) to protect its music. I don't want to shell out $250 for a new portable music player and I don't want to pay an extra $0.79/song for a burnable copy, so I set off to find a cheaper solution.

Friday, June 10, 2005

Chevrolet is Phishing?

Today I received e-mail from Chevrolet that began like this:

Recently some of our unsubscribe data
was deleted. Please help us update our
records to ensure that we have captured
your preferences correctly.

If you have previously unsubscribed from
Chevy email communications, please
unsubscribe again

I would never respond to such a message because it looks like phishing. There's no valid return address. The website they ask you to respond to is the mysterious imrsvcs.com rather than chevrolet.com. The entire premise of the message seems dubious and there's no way to verify the story.

It looks a spammer trying to verify my e-mail address so they can send me more junk mail. I wouldn't click the link and I'd make the same suggestion to everyone else. I've seen lots of e-mail from people claiming to be eBay asking me to log in to some non-ebay website before they cancel my account. Don't fall for it!

To Chevrolet and any other business that needs to send a message like this, I suggest you always direct recipients to a page at your main website and then redirect them if necessary. There's no other way to verify the authenticity of your e-mails. You should also get an e-mail signing certificate from a recognized authority (like Thawte) and digitally sign your message. I sign (almost) all of my e-mail. Why can't a company like General Motors do the same?

Out of curiosity, I went to whois.net and checked the ownership of imrsvcs.com. It turns out that it belongs to Electronic Data Systems Corporation who I happen to know is a major supplier of data services to GM, so this message is probably legitimate. Ironically, the whois record will take you to markmonitor.com that advertises EDS's Phishing Fraud Protection service of all things! That's pretty sad.