Sunday, October 7, 2018

The Nightmare Before Product Launch

If you haven't seen the Nightmare Before Christmas, you'll find this blog post has lots of spoilers.  If you're fine with that, or if you're familiar with the story, read on.

My wife loves Halloween.  Being scary and dressing up in costumes, lurking in the dark, she loves that kind of stuff.  Getting scared is fun too.  ...and we're one of those houses that gets all covered with lights and spooky decor every October 31, so it's no surprise that our kids started watching the Nightmare Before Christmas today, getting ready for Halloween.

Watching it this time through, I realized just how much Jack's dilemma matches that of many Product Managers. 

The story told from a product management point of view is essentially this: 

Our hero Jack, from Halloween Town, has always run the Halloween holiday, in much the same way that you would think of the North Pole as the year-round town of Christmas, always preparing for the next year's December 25 with Santa Claus heading up the fun, though in Halloween Town, it's Jack that runs the place.  Jack loves scary things, scary things are fun in his culture, the scarier the better, and everyone around him, the vampires, monsters, and skeletons all love it too. 

After yet another successful Halloween holiday, Jack finds that it's the same old thing every year, and decides to spice things up.  While taking his ghost-dog for a walk, he stumbles on a completely different culture, Christmas Town.  Here everyone is happy and jolly, singing songs of joy.  He notices there's no death here, no ghouls, no monsters.and they have completely different customs from the world he's used to.

Jack returns home with the idea that this year, Halloween Town could run Christmas, and they could make it even better.  Essentially, he wants to beat his competitor and delight his customers by introducing something new into the mix that Christmas has been missing -- it would be far more fun if Christmas was scary.

He's the one that's been in the field, so it's challenging to communicate what he's learned to someone who doesn't understand this completely different environment.  Much like a product manager would, Jack developed a vision for what this could be, and then supervises the work to create this new Christmas.  The whole team worked hard to create their version of Christmas, making Jack-o-lantern jack-in-the-box toys, wreaths that frighten, dolls that spring to life and scare children, and assuming the persona of Santa Claus, he leaves large serpents around the Christmas trees instead of toy trains, etc. 

He assumed his customer would be delighted with the change, and didn't test the market at all before "launching" his "product." 

In short, Jack's version of a "better" Christmas was not welcomed by the children of the world.  It proved to be a disaster. 

I think we can all relate.

What we can learn from this as product managers is that you should test the market regularly throughout development to make sure you're on the right track.  Jack's fundamental mistake was assuming that customers would enjoy his vision of a "better" product. 

Have you ever struggled to communicate your customer's use case and culture to your colleagues?  Have you ever launched the wrong product because you didn't properly test the market? 

Test early, test often, and build the product that will delight!

Monday, February 22, 2016

Why every software product needs quality assurance engineers

I've come across a fair number of people recently claiming that having a team of quality assurance engineers is superfluous, and that if the engineers were more careful, it wouldn't be necessary for test engineers.

Furthermore, the argument is that product managers need to specify how the product is both expected and not expected to work because software engineers will make mistakes if they don't understand the product they are solving for.

While that might be true for very simple code, it's unrealistic for more complicated products.

Recently, a car manufacturer recalled many of their cars because the hood latch can come loose while the car is in motion. So let's put this to the test, assume a test engineer would have caught it, and look at what happens when the product isn't tested properly.

Product manager:  the car shall have primary and secondary latches to keep the hood closed.  The primary latch will be operated from the inside, and the secondary will be a failsafe and strong enough to ensure that if the primary is accidentally engaged or fails, the hood will not open and blind the driver while the vehicle is in use. It can be opened from outside the vehicle after the primary is disengaged.

Latch developer:  I'll build two latches of strong material. It should be enough.

Test engineer:  I will test the prototype under the most extreme, windy conditions I can think of. Based on how the latches were engineered, I think it is most likely to fail if jarred, if there is sufficient wind putting stress on the latches, or the owner may believe the hood is closed when it actually is not completely closed.  I will use wind tunnel, off road simulations, and hood drop tests to simulate primary and secondary latch failures.

Product Manager, User Acceptance Testing:  As the business stakeholder, I'll make sure that the product does what is expected, enough that the product solves the business need (eg resulting in purchase).

However without the test engineer in the picture this becomes a blame game when customers thought they closed the hood but didn't close it all the way, especially if the average reasonable person thinks the hood "appears to be" closed.

This degrades into a blame game.  The latch developer is blamed for creating a latch that may not always close properly.  The product manager is blamed for not specifying how the customer would operate the latch, and says the developer should have picked a design that would account for something obvious like being able to easily operate the latch. And so the next time the product manager tries to be much more specific, defining not the problem to be solved but how the solution should be built, restricting the developer from choosing a better solution, and things just get worse from there.  Product managers writing functional stress tests instead of focusing on user acceptance, "will the customer buy/use it" tests.  Developers prioritizing scope over product quality. No one takes ownership of the quality, so the quality degrades without the proper expertise to examine and test the solution in the context of how this specific solution will really be used.

A simple part becomes a recall, costing millions of dollars to repair.

I'm not saying that's what happened for the car recently mentioned in the news, but if you followed my example, you'll realize that the product manager and the latch developer both did their job. The product manager defined the problem to be solved, and the developer created a solution. 

Without someone responsible for quality control, no one will realize there is a problem with the solution that was chosen. The product manager isn't technical enough to know how this implementation could fail, and the latch developer isn't aware that when the latch is attached to a hood, the "hood with latch" might not work as intended.

So yes, quality assurance engineers and test engineers, we need you. We might take you for granted at times, but bad things happen without you - that's when we realize your value.

Friday, February 19, 2016

Phones can't multitask

More megahertz, bigger batteries, better screen, ok that's nice but it doesn't really give me the features I need!

The smartphone industry (hardware and software) have made huge technological leaps over the past 5 years in terms of battery solutions, screen quality, and the sheer usefulness of the apps. I can now go anywhere and get the local news, find my lost keys, check for food allergies on any product with a bar code, get notified about events that might interest me the moment they're scheduled, track the location of my cat or kid, listen to music, allow a cashier to laser scan a bar code on my phone, and get notified about a kidnapped child in my area,... so long as I don't want to do all of those things at the same time!

Current phones have amazing capabilities but also severe restrictions for multitasking.  Most people either wipe their phone out periodically and start over or but a new phone (which effectively doors the same thing). This is what could be improved to make multitasking better.

RAM:  everybody has an app.  Whether you're searching for your next home, a deal at your favorite restaurant, or your missing wallet, our phones connect us to the whole world through apps, but if you have more than about 8 apps looking for information on your behalf your phone isn't able to run all of those programs at once just because of memory restrictions. You'll phone will suck your battery dry trying to juggle them in and out of memory. What do the phone specs give you when you look for that next gigabyte of RAM?  Storage space. "Memory" is storage space according to the major cell phone providers. If I just had more RAM, I wouldn't need an expensive battery or external emergency battery.

Cores:  cores are basically how many things can your phone do at the same time. I think most smartphones are quad core, so the operating system schedules 4 items to be processed at any given instant, giving the illusion that the phone can do hundreds things at once by juggling them around, but really it's just 4. If the OS didn't have to juggle the RAM quite so much it would free up one of those cores, but even then, with all the apps we want to run at once there needs to be either more cores, or more efficient scheduling to run them all. Most apps are just monitoring data feeds for something new to notify us about, but seem to be idle until an event happens. No, they're not idle, just quietly checking for data to send your way.

Antennas:  wifi, GPS, telephone service, mobile data, and Bluetooth - all of these things use an antenna. Most of these are shared single connections that the phone manages, but not Bluetooth. I have a Bluetooth headset, a Bluetooth crash monitor in my car that will call for help in an emergency, and about 6 TrackR Bluetooth devices that monitor the location of my things so that I don't accidentally leave my keys, wallet, etc. behind (I would connect 10 if I could).  If my phone successfully maintains all of the Bluetooth connections, I lose GPS. With so many connections, it's no surprise that I have connectivity problems, either because the phone has insufficient resources to manage everything that's happening (see RAM, cores above) or because there aren't enough antennae to manage it all, but that's a guess.  At the very least someone needs to come up with a better way to manage connections to local gadgets, either an improvement to Bluetooth or a replacement for it akin to TCP/IP on wifi.

What's planned?  Well, I just checked the rumors for the Samsung Galaxy S7 expected to release this Sunday to see if any of these things will be addressed, sounds like more screen improvements. :-/  not a word about the stuff I care about.

I can't be the only one. Is anyone else running into this? 

Monday, September 21, 2015

How Do You Want To Pay For That?

Magnetic stripe cards, touchless cards, chip cards, what does it all mean?  Read this to use the payment methods that will keep you safe from fraud.

I'll also talk about the opportunity toward the end in the "Business Opportunity" section.


Introducing The Credit Card
First of all, a review of traditional cards:  Your card has a short, 15-16 digit account number printed on it.  You can use this number wherever you can't find a card machine, such as when you buy things online or over the phone, and it's raised so that the next time you step into a taxi without an electronic card reader, they can easily get the card number with their machine that inks the bumps on the card.  The trouble with that is it's really short and easy to steal, so the card manufacturers came out with magnetic card reader machines in the 1980s to make it more difficult to copy.

The CVV code is written on the card and is never raised like the account number is.  Payment Card Industry requirements dictate that the CVV should never be stored, though it may be used to reassure the card processor that the user had the card in hand at the time the account number was stored.

Single Use Card Numbers
If you have authenticated yourself at your cardholder's site (or another site you trust), the card provider trusts your active session more than any payment made with a 15 or 16-digit account number entered on another web site or over the phone.  Several of the cardholder sites offer a single-use alternative account number you can use to charge things to your regular account.  Simply login, generate the card number, copy it to your computer's clipboard, and paste it into the vendor's web site.

Single use card numbers can be used for a single transaction or a single vendor.  They are quite secure, cheap to issue, and though not as easy to use as a plastic card, they can be entered via any machine and provide reasonably good security, rivaling magnetic card security.

Despite their advantages, customers aren't using them, and many card issuers have discontinued this technology packaged in this form, but as you'll see below, the technology is available in similar formats that are more convenient.

Magnetic Cards
Your credit card has a magnetic strip on it.  Overall, the technology is similar to a cassette tape, using magnetized parts of the strip to store the information, which is easily scanned by the machine.  Besides including the account number and name you see on the face of your card, the magnetic strip provides additional information you can't see on the outside of the card.  This extra set of numbers is like a really long password, designed to tell the machine that the genuine card is present at the transaction, and provides some degree of assurance to the card processor that the consumer is probably there, and that this is not a scam.

When the card is swiped, a pulse of on and off signals are read using the magnetic reader in the device as the card moves through the slot.

However it's becoming increasingly easy to add additional tiny card readers to the magnetic stripe reader slot so that it's read twice (once by the machine and once by an imposter, and someone comes by later to collect their own device), or to add a device to record the signals over the wires between the magnetic reader and the rest of the machine.  Like a password, once recorded it can be copied to another payment device, such as another card, and then if used again the mag stripe machine can't tell the difference between a copy and the genuine card.

Sometimes the magnetic strip of a counterfeit card doesn't match what's printed on the card, which is why some machines ask the cashier to confirm the last 4 digits written on the card.

As of 4 years ago, illegally copied magnetic strip cards could be purchased for as little as $0.25 each (or so I've read).  The price is likely lower than that now.

Some of the new popular everything-in-one cards like "Coin" offer a magnetic stripe that changes to match a card.  They have the same benefits and drawbacks as regular magnetic cards.  However the newest of these also offer additional, secure ways to pay that incorporate the features below.  Seek these out!  You'll understand why in a minute.

NFC, "Touchless" Cards, Apple Pay, and Android Pay (formerly Google Wallet)
Near Field Communication (NFC) or "touchless" payment methods (except Samsung Pay) all work based on short range (within inches) radio waves.  The general idea of each of these is that the credit card machine can have a "conversation" about the transaction, and that some of the information is different with every transaction.  So your card's "password" that makes it unique changes constantly, and isn't easily copied.

These work on the premise that the card and the payment processor know a "secret" that is never transmitted over the air.  Copying this payment method is harder, but if you had a device to have this "conversation" with a card that is in your wallet, you could have the card authorize a payment without your knowledge.  I haven't actually heard of this being done, but it's made people nervous enough to start an explosion of wallets and pockets that advertise they can block signals to keep your cards safe.

Touchless cards also have a magnetic stripe for magnetic readers that don't support the touchless payment option, but the magnetic stripe is no better than any ordinary magnetic card.  Unlike the touchless radio responder built into the card (or phone), the information on the magnetic stripe never changes.

Apple Pay and Android Pay are more secure because both use a form of authentication on your phone to authorize the payment.  Your PIN is never transmitted over the air, but your phone won't authorize the touchless payment without it.

Samsung Pay will act like Apple Pay and Android Pay, but the value Samsung Pay adds beyond Android Pay (which is available on every Samsung device) is outside this category, and I'll cover that later.

EMV "Chip" Cards
Retailers and card manufacturers particularly like the chip cards because they use a randomized password similar to the NFC "Touchless" cards, Apple Pay, and Android Pay, but cannot be accessed without removing it from a jacket pocket or wallet.

Contrary to common belief, the chip on the card has nothing to do with the magnetic stripe on the card, and just like Touchless cards, the magnetic stripe is provided as a backup for when the more secure payment option is not available.  The chip is not accessed when the card is swiped.

Unlike touchless cards, chip cards require the machine makes physical contact with the chip.  If you've been to one of the many Wal-Mart stores now equipped (as of Summer 2015) with these readers you have probably seen the slot at the bottom of the card reader.  The card is inserted into the reader, and left there until the transaction has been processed.

These also have the advantage over Apple Pay, Android Pay, and even Samsung Pay of being able to securely pay at a restaurant without giving up your phone to the waiter or waitress that will scan the card somewhere out of sight.

Most card issuers are sending free replacement EMV cards to their customers already.

Samsung Pay
Android Pay is now available for all Android-based Samsung devices, so if you have a Samsung device you already have Android Pay.  The newest Samsung devices will offer Samsung Pay.

Samsung Pay operates in two modes:

  • It can offer the same touchless payment experience Android Pay offers (which is why they don't bother to make it available for older phones that can already use Android Pay)
  • It can use a special antenna on these newest devices to send out a series of magnetic pulses, mimicking the presence of a magnetic card
Nothing I've found really explains Samsung Pay's security features, but they advertise they're more secure than a physical card.  

If I were Samsung, I would use a single use, extended length card number in that transaction, and transmit it directly from the phone through the card reader.  This would provide the same degree of security found in touchless and EMV card account numbers, and if the card number were captured by an illegal magnetic card reader, it would be invalid because it's single use.

Changes Effective October 1, 2015

Effective October 1, if you (as a vendor) use a magnetic card reader to process a transaction, you will be liable for any fraud related to illegal cards copied from an EMV or NFC capable original card.

Samsung Pay transactions through a magnetic card reader should be exempt based on my understanding of the technology, but it's unclear whether card processors will be able to tell the difference between a secure Samsung Pay transaction and a magnetic card.

Business Opportunity

The business opportunity here is in the sale or lease of secure equipment to retailers that are still using magnetic reader equipment.  The motivation for them to buy is in what merchants won't have to cover in credit card fraud.  In addition, merchants will be able to protect their customers by allowing and promoting secure forms of payment, and won't be held liable if a customer uses an illegally copied magnetic strip card.  

Online transactions shouldn't be affected, but retailers should still always ask for the CVV code as that's harder to copy, and reduces transaction fees.

Because the retailer almost always pays the processing fees (and not the card holder), most card holders are unaware and unmotivated to do anything that would improve the security of their transactions.  

For Consumers

Credit card companies and vendors with old equipment will cover the cost of fraud, but it's a lot of hassle to straighten out your account and replace your card when fraud happens.  So protect yourself and get a secure way to pay.  It's free.

Sunday, July 26, 2015

Why you should take your sleep apnea diagnosis seriously

I (somewhat erratically) maintain this blog to talk about topics that people don't seem to think about.  Usually I do it from a business perspective, but now I want to talk to all of you who (like me) have a diagnosis of sleep apnea.

First of all, who are you?  You are not necessarily middle-aged, male, and have a waist size of 38" or more, though those are 3 of the most common things.  If you feel tired often, but have figured it's because you're getting a little older, you probably should go get checked.  I am male and don't have either of the other two risk factors, but I have sleep apnea.  I was tired a lot, but I figured it was because of my lifestyle -- staying up late with the kids, and then leaving very early for a long commute to the office.

The doctors say I have a large tongue but a small lower jaw, and that's what is causing my sleep apnea -- losing weight won't really help me, it's the way God designed me.

The "gold standard" treatment for sleep apnea is the CPAP machine.  You have to wear something on your face to give you air when your body can't breathe in.  This treatment has a near-100%* success rate, but no one wants to wear a mask on their face -- besides unattractive look of it, it's uncomfortable, it's a hassle to keep clean, and finding the mask that fits properly can take over a year (remembering why you took off that mask can be more difficult than remembering your dream last night!).  ...and it can have an impact on the family too -- my full face mask startled my young children until I told them the doctors said I have to wear an "elephant nose" at night, and it though my wife is understanding, it has affected life activities in the bedroom too.

What are the alternatives?  Well yes, there are some, and they have varying degrees of effectiveness, but none of them are as effective as the CPAP machine.

  1. CPAP -- included for completeness, already discussed above, effective for 90%* of sleep apnea patients
  2. Lose weight.  This is probably the most effective alternative "cure" but you have to keep it up, and requires you have significant weight to lose - effective for 40%* of sleep apnea patients
  3. Dental device -- if, like me, you have a smaller lower jaw, sometimes this is effective.  Wasn't for me, though, and your jaw will be sore every morning for the first few weeks.  Effective for 25%* of sleep apnea patients
  4. Surgery -- if you've already had your tonsils removed, this probably won't do anything for you, but there are more things they can do than just remove the tonsils.  Varies based on the type of surgery, 15-35%* of sleep apea patients benefit.
  5. Pacemaker -- there is a "pacemaker for the tongue" to keep it out of your airways, but it's a very new treatment.  You have to maintain the device just like a pacemaker (batteries, etc.), and I have no idea what the side-effects are (does it impact your ability to talk?  no idea) -- insufficient data.
  6. "I'll just sleep on my side." -- usually not effective, but I'll give it a generous 5%* estimate
Is it really that big of a deal?

Yes.  It is.  Your heart can do its job to wake up the body enough for you to catch your breath a few times a night, that's no problem.  Sleep apnea patients wake up 25-50 times a night, but usually don't remember it.  That's a lot of wear and tear on your heart.

Also, general fatigue can lead to:
  • Car accidents
  • Poor attention span
  • Poor posture, and therefore back and other health problems
  • Poor judgement at work
  • Emotional health problems (which impact relationships at home and at work)

But I've lived like this for years!

This is the often overlooked piece of the puzzle.  According to a presentation I saw at Stanford's Sleep Clinic, you can live up to about 10 years like this before you start having noticeable health problems.  

You can also drive over 100 miles with a screw in your tire* without air leaking out, but chances are you would rather change the tire as soon as you notice it, because you don't want the risk of a blowout on the freeway.  So why would you take that risk with your body?

Ok, I've tried it, I don't like it.  I give up.

You owe it to your family, friends, and coworkers to keep trying.  Every night you don't, you shorten your life a bit.  

My story...

Three years after my diagnosis I'm still trying with my Variable BiPAP machine (similar to CPAP) -- the masks I've tried don't fit quite right for me.  The other options have already been ruled out for me (except the pacemaker option... not much is known about that one as of mid-2015).  However even though I'm not entirely successful, I've noticed a huge difference in my energy level, and my general health once I got above 4 hours of use per night.  ...and as I continue to get better at it, my energy level and health has continued to improve.

It's been worth the effort, and I wish I could just take a pill for it every day, but CPAP is the best solution for now.  My efforts paid off, yours will too.

Factors to play with

If you're having trouble and think you've tried it all, here are some factors to consider:

  • Type of mask
  • Tightness of straps
  • Is the mask seal clean?
  • Do you wash your face before you go to sleep?
  • Temperature of the humidifier
  • Your pillow (does it bump the mask off at night)?
  • Ramp-up settings of the breathing machine
  • Your doctor's settings on the machine
  • The air filter on the machine
  • Do you change your mask seal at least monthly, as designed?
  • Your mattress!  (if you've been tossing and turning thinking it was your breathing machine, but it was really your mattress, changing your mattress can help a lot! -- the Personal Comfort Bed is a great alternative to the Sleep Number Bed -- tell them referred you for $50 off)
...and if you're looking for tips, the CPAP Forum is a great place to get advice from breathing machine users who are just like you, but may have more experience.

* - this "research" should be treated as "what your friend thinks he remembers reading somewhere" at best, and if you want to know the truth, go research it yourself.  I am not a doctor, nor am writing this as a formal research paper.  I don't have sources, nor do I plan to add any.  

Friday, November 21, 2014

It's yours now - here's my laptop, my keys, and my VistaPrint designs

With Millennials (defined as people born between 1980 and 1999) changing companies often, many service-based organizations find it's better to build a relationship with the individual than the company.  Every time I call Discover Card, for example, they thank me for being a member since 1997.

Businesses find that by establishing relationships with the individual, they earn a recommendation when that individual changes companies and their new employer has a business need.

VistaPrint, the online service that caters to the small businesses' and individuals' needs, has followed suit, establishing the relationship with an individual.  But there's a use case they didn't cover.

I'm leaving my primary employer soon, and I'm making preparations.  I'm also a volunteer for a small club of an international nonprofit organization called Toastmasters International that's connected to that employer.  When we needed to be more competitive with other Toastmasters clubs in the area, I developed some evaluation forms and secret ballot forms to use in our weekly meetings to evaluate the speakers.  I had used VistaPrint for my needs before, so I already had an account, and I was collecting bids.  The only way I could get a bid from VistaPrint was to walk through it, so on my personal account I drafted what I thought the form should look like.

The draft became a proof.

The proof was shopped around to other local printing companies that couldn't beat VistaPrint's rates, at least for a small "trial run" order.  The club liked it and started using them every meeting.

I started ordering those products regularly.  Prices may have gone up since I did the original bid, but I don't really pay attention to the price.  At least I don't have to recreate the design.

Remember how I said marketing to the individual means that individual will recommend them to their next employer?  Good.  What happens, though, to that individual's past designs?  Well, VistaPrint has informed me that those stay with the individual.  What if I want to leave those behind with Toastmasters so they can continue giving VistaPrint business?  Well, Shantel at VistaPrint customer service said I can do this one of three ways:
  • I can transfer my whole account, personal and business designs, over to my successor, giving them my password, and delete my personal information from the account.  ...but I would lose access to the personal business cards I created.  This also defeats the purpose of marketing to the individuals of an organization, since now I would have to create a new login for my personal orders and upload those somewhere else.
  • I can authorize my successor to phone in an order for my design, and give them my design number.  VistaPrint would then charge my account (which sounds like it's my credit card number -- I love Toastmasters but I'd prefer they use their own money, not mine).
  • I can recreate all of my designs in a brand new account that will belong to my Toastmasters club.
Okay VistaPrint product managers, think about this.  Think carefully.  If the design has to be recreated, you lose your "stickiness."  They can't reorder more of the same design number, so my organization will need to recreate the design, and if they do that, they might as well shop it around to find a better deal based on the quantities they now need.  Is that what you want?

My advice for any SaaS product manager is to consider this when building business relationships based on individual contact points.  It's an easy use case to miss, but also an easy one to fix, and very lucrative.  As I said at the beginning, we Millennials tend to move around a lot, and with our move, we carry our endorsements.

Wednesday, August 29, 2012

"HELLO, MY NAME IS" (Caller ID, and From: email_address@...)

When you go to a social gathering where everyone is wearing handwritten name tags, has it ever occurred to you that the name on their badge might not actually be theirs?  You probably have considered that, for example, the person wearing a badge that says "HELLO MY NAME IS... Acme Corp" probably doesn't have that name on their birth certificate, but if it says "HELLO MY NAME IS... Stef Hopkins" you should treat it with the same amount of skepticism.  Their name might actually be Stephanie, or something completely different like Priscilla Smith.

The same is true for other technologies that we sometimes trust to give us information.  Just because technology has told us who the message or incoming call is from doesn't mean that the technology is accurate.  It's displaying the name tag it has been given.

Why you can't trust Caller ID

Most phones default to showing their actual phone number in the Caller ID field on mobile phones and phones with displays, but the number can be changed.  That's for two legitimate reasons:
  1. Sometimes companies or individuals want their calls to be returned to another number (such as a company main number or switchboard)
  2. Some phones aren't phones at all, but a set of headphones connected to the internet, or one of many phones on a switchboard.  Therefore it may not have a callback phone number.  Just because it doesn't have a source phone number doesn't mean your phone company won't put the call through.
Though this is allowed because there are legitimate reasons to do this, it's an opportunity for malicious or at least decivious people to change the phone number displayed.  For that reason, Caller ID should never be used as evidence in a court of law that the phone number came from a certain location, and you should always treat Caller ID as a hint about who the caller is rather than as a telephone trace. 

Caller ID is easily fooled, with just a little more knowledge than it takes to handwrite a name tag.

Why you can't trust the From field on email

During the setup of your email program, you are prompted to enter a username, a password, an email address, and your full name.  Most people never give this a second thought, but if you're providing a username and password, why couldn't the email address and full user name be grabbed from the account?  That's because just like Caller ID, there are legitimate reasons for the displayed email address and name to be different from the real source email address:
  1. The account may not have an email address, or be sending an email from a web form tool, so the preferred From address would be a customer service alias or the email address of the tool's developer.
  2. The sender may prefer that all email comes from a company alias and not expose their direct address.
Friends and family sometimes tell me someone must have broken into their email account because someone else received a message from them that they never sent.  The reality is that since the From field of an email can be filled in with almost anything, there are many tools to grab random names and addresses so that decivious or malicious people can send messages without revealing their true name. 

Just because someone received a virus or a scam email from your email address does not necessarily mean that the virus has ever been able to send from your computer or your account. 

Someone your nametag on the floor and decided to put it on.