Monday, January 6, 2014

12 Revs of Software

Would you put your gifts under this?A Version from St. Service Bus

’Twas the week O’releasing, and all through the teams,
Not a programmer testing, at least so it seems.
The builds barely holding, the crashes abound,
In hopes that some luck, or a safe place be found...

[Enter the choir. You can sing along. You know you want to…]

The Twelve Revs of Software

BadSoftwareSnakeDMOn the first rev of software, my dev team dropped on me
A piece of software that I can't release.

On the second rev of software, my dev team dropped on me
Two breaking smoke tests,
And a piece of software that I can't release.

On the third rev of software, my dev team dropped on me
Three days till deadline,
Two breaking smoke tests,
And a piece of software that I can't release.

On the fourth rev of software, my dev team dropped on me
Four tests a-failing,
Three days till deadline,
Two breaking smoke tests,
And a piece of software that I can't release.

bug_report-250x250On the fifth rev of software, my dev team dropped on me
Five bugs regressing,
Four tests a-failing,
Three days till deadline,
Two breaking smoke tests,
And a piece of software that I can't release.

On the sixth rev of software, my dev team dropped on me
Six missing specs,
Five bugs regressing,
Four tests a-failing,
Three days till deadline,
Two breaking smoke tests,
And a piece of software that I can't release.

angry-bossOn the seventh rev of software, my dev team dropped on me
Seven bosses angry,
Six missing specs,
Five bugs regressing,
Four tests a-failing,
Three days till deadline,
Two breaking smoke tests,
And a piece of software that I can't release.

On the eighth rev of software, my dev team dropped on me
Eight devs on sick leave,
Seven bosses angry,
Six specs a-missing,
Five bugs regressing,
Four tests a-failing,
Three days till deadline,
Two breaking smoke tests,
And a piece of software that I can't release.

On the ninth rev of software, my dev team dropped on me
Nine queries locking,
Eight devs on sick leave,
Seven bosses angry,
Six specs a-missing,
Five bugs regressing,
Four tests a-failing,
Three days till deadline,
Two breaking smoke tests,
And a piece of software that I can't release.

clip-art-waitingOn the tenth rev of software, my dev team dropped on me
Ten seconds lagging,
Nine queries locking,
Eight devs on sick leave,
Seven bosses angry,
Six specs a-missing,
Five bugs regressing,
Four tests a-failing,
Three days till deadline,
Two breaking smoke tests,
And a piece of software that I can't release.

On the eleventh rev of software, my dev team dropped on me
Eleven builds a-crashing,
Ten seconds lagging,
Nine queries locking,
Eight devs on sick leave,
Seven bosses angry,
Six specs a-missing,
Five bugs regressing,
Four tests a-failing,
Three days till deadline,
Two breaking smoke tests,
And a piece of software that I can't release.

On the twelfth rev of software, my dev team dropped on me
Twelve months were wasted,
Eleven builds a-crashing,
Ten seconds lagging,
Nine queries locking,
Eight devs on sick leave,
Seven bosses angry,
Six specs a-missing,
Five bugs regressing,
Four tests a-failing,
Three days till deadline,
Two breaking smoke tests,
And a piece of software that I can't release...

Youre-Fired1Final Round...

He sent résumés, to his team gave a whistle,
“This product is dead”, he said this Fo’shizzle.
If you do it at all, then perhaps do it right.
Happy coding to all, and to all a good night!






A very special thank you to my good friend Maor, who reviewed, QAed and wrote the first verse of the Version of St. Service Bus.


This post was supposed to go up on Monday, before Christmas Eve. Unfortunately, I, too, missed my deadline.

Happy New Year.

P.S. 2

My New Year’s Resolution is Retina.

Sunday, January 6, 2013

Patterns of Testable Software

Patterns of Testable SoftwareMy love for test driven development started a few years ago, when I first had a taste of it while working on a product in a startup company. I started out using TypeMock, a really wonderful framework that allows you to isolate the code you want to test from its external dependencies, without having to change the way your code is designed. Within a few months, my team and I completed our work, met our deadline, and we were confident in the product, because we had tests to prove that it works.

Writing Unit Tests is Easy! Good Tests… Less so

Writing unit tests is easy. All you have to do is choose a single use-case of a method that you’re going to test, set up its inputs, and measure the output against some expected result. If it matches, then the test passed. If not, it fails. Rinse and repeat.

Our problems started after that. With the next version, we had to modify our code. No problem, we thought. Our code has unit tests. We can refactor without fear, because our tests will tell us if we’re breaking anything. Except it didn’t. Because of the way our software was written, and because of the way we mocked our dependencies, our tests were tied in to the implementation of the code, rather than the end results. This meant that our tests were brittle, and fragile, because the tests broke whenever we changed our internal implementation. Our tests were starting to “cry wolf”. We abandoned them quickly.

As it turns out, it is not enough “just” to write tests. You actually have to write the production code in a way that is easily testable. Your code has to be written in such a way that you can verify the outcome of a method without depending on internal implementation details. As time passed, I became more and more proficient at doing this, while becoming increasingly frustrated at the difficulties that beginners have. I see many good programmers giving up early, because the tests fail them, because it is difficult to get existing (legacy) code under a good test harness, and because they keep hitting a wall with the question of “how do I test this?”.

Patterns of Testable Software

I have recently begun trying to codify recurring patterns of software that is easily testable: Patterns that developers should strive to conform to, or refactor their code to. Patterns that help developers test the state of a module after running it, as well as to test the behavior of the module when running. Patterns that test the outcome without depending on implementation details.

On Thursday, January 24th, 2013, I am going to present some of these patterns for the first time, at the Toronto ALM User Group. At the time of this writing, there are still some open spots. If you’re in the neighborhood, and are interested in Test Driven Development or writing unit tests in general, I think that you’ll find the material quite rewarding. You may register for free at

I hope to see you there and if I do, I hope you’ll enjoy the session.


P.S. Oh, and happy new year!

Tuesday, August 21, 2012

Windows 8 RTM is Available for Evaluation

imageIf you haven’t been living under a rock, then you probably heard of Windows 8. It’s new, it’s different, it moved your cheese to a different time zone.

And it’s freely available for a 90 day evaluation!

You can download the Enterprise edition here.

A few things to note before you try it:

  • This evaluation cannot be upgraded!
  • You will have to install a retail version of Windows when the trial period is over! Don’t say I didn’t warn you…
  • To revert to a previous version of Windows (say, Win-7), you’ll have to do a clean install.

You may wish to try installing it on a virtual machine for evaluation. Personally, I’m partial to Virtual Box, though you can of course create one with any platform.

I’ve already installed it. So far, so good. Everything but my Dell’s fingerprint reader works. Grrrr….

Saturday, June 9, 2012

How Does the LinkedIn Hack Affect Me?

June 10th Update: I added a new GUI tool, to make it easier to check your password’s hash

salted-hash-linkedinIf you have a LinkedIn account, you may be the owner of one of the 6.4 million accounts that have been recently hacked. You should check to be sure. If you have been hacked, your password has been forever compromised in all of your current and future accounts! In this post I will try to help you check whether or not you’re safe, explain what LinkedIn did wrong, and how and why all developers should be more careful.

First Things First: Was I Hacked?

hash-checker-iconI wrote a simple command-line tool that will help you check whether you were hacked or not. What you do is enter your password, and it will check the SHA-1 hash of your password against the published list of hacked hashes, and tell you whether you’re safe or not. Don’t understand what I’m talking about? Never mind. You soon will.

  • Is it safe? Yes. It is an offline tool, and doesn’t connect to the internet in any way – especially not to publish your password, nor is it saved on the disk or added to the list.
  • Don’t believe me? No problem – disconnect your internet connection while using it, then delete the application from your machine, before reconnecting to the internet.
  • Still worried? Still no problem. I’ve published the sources. You can check what I do, and compile the checker yourself.

The hash-checker project is stored at You can get both the binary and the source code there.

The list of compromised hashes can be found here.


To check whether you were affected by the aforementioned LinkedIn attack, download the tool and the published list of stolen hashes. Make sure the text file and executable are in the same location.

  1. Run the tool (Icon added to your desktop – you can’t miss it).
  2. To check against the LinkedIn hacked hash list, just type your password and select the hash list file.
  3. Optionally, you may unhide the characters, decide not to pad, or change the number of characters padded.
  4. Press “Search”, and wait a bit. Hopefully, the result will be in green, like mine…

In case you’re wondering about the padding, the list has the first 5 characters zeroed so as not to expose the hashes completely. Pretty much like with credit-card hacks, they leave out the last 4-6 digits.

Here’s a screen shot of my self-testing:


I sincerely hope you’re in the clear. And that this is the entire list of compromised hashes…

Either way, take a deep breath, and move on. Time to discuss what happened.

What is a Hash, and What Happened to LinkedIn?

Okay, here’s a crash course of password management. First, in order to authenticate users, most sites store the unique user identifier (username, email address, etc.) in a database, with some form of password.

Plain Text Passwords

The most naïve (and dangerous – never do it like that) solution is to store the password in plain-text, i.e. unencrypted. What these sites do, when you log in, is send the user-name and password (often unencrypted) over the internet, to the site, and then compare the given password with the stored one. If they’re the same, the user authenticated.

The problem is, that if someone manages to hack into the site’s database, that person now has your credentials, and can impersonate you on the site.

That might not seem very harmful, especially if it is not an important site, and you didn’t give it any sensitive information like your Social Security Number, or banking credentials. Unfortunately, that is not true! Statistically speaking, most users reuse their usernames and passwords in multiple sites, including ones where sensitive information is stored!

This means that if you register with, with your email address, and password 12345678, it is extremely likely that you used the same password when you registered with the email service, and with, and many other sites as well.

Knowing this, a malicious hacker may crack, and with the credentials he got there, try to log in and impersonate you on! Congratulations – you have now lost money!

Hashes and Hashed Passwords

hero_hash-brownsIn order to protect the passwords, most sites that care about their users (and about malpractice lawsuits), will encrypt their users’ passwords in such a way that it is impossible to derive the password from them. These sites use a form of encryption that is based on a one-way encryption algorithm. Simply put, it is an algorithm that easily and deterministically transforms some plain-text input into an encrypted output, but no algorithm exists that can reverse the operation and derive the input, based on the encrypted output. This encrypted output is called a hash. Two commonly used algorithms are SHA-1 and MD-5. LinkedIn, by the way, use SHA-1.

What these sites do, when you log in, is to encrypt your input, and compare it to the stored encrypted password. If the encrypted input matches the encrypted password, you’ve authenticated.

Problem is, this isn’t good enough.

Rainbow Tables and Rainbow Attacks

imageAs previously mentioned, while it is impossible to reverse a hash, and derive a password, it is easy to generate a hash based on some input. And the same input will always generate the same hash. A hacker will use a rainbow-table, a table that has known passwords and their hashes, to hack a site that stores hashed-passwords.

What the hacker does, is take a hash, look it up in the rainbow table, and if he finds it, he looks up the password that creates it. Congratulations, you’ve now been compromised.

This is what happened with LinkedIn. This is the danger you face.

What Should LinkedIn’s Developers Have Done?

I’ve got no problem with how LinkedIn dealt with the attack, after it happened. My grief is that this fiasco could have been prevented!

What Is a Salted Hash, and How Does it Protect Users?

imageThe problem is that many people reuse passwords, and that many passwords are commonly used by different people: 12345, 1qaz!QAZ, any word in the dictionary, “p@ssw0rd”, and 1337-speak (you pseudo-hacker-cool-boys know who you are). They all appear in every respectable rainbow table.

If a site’s developer would add some random and unique characters to the password, the resulting hash would be vastly different from the hash of the same unsalted password. It would be vastly different from the same password hashed with a different salt.

In short, a salted hash defeats rainbow attacks, because the uniquely salted hash would never appear in it, and no two users would have the same hash, and no user would have the same hash in two different sites.

The great thing is that since the salt cannot be separated from the salted password, the salt doesn’t need to be secret! The site can safely store the salt alongside the salted hash, without fearing for the security.

I repeat – all the site’s developers need to do is create a salt (256 bits of random bytes will suffice) and then hash the password concatenated with the salt:

saltedHash = Algorithm.ComputeHash(password+randomBytes);

Finally, save the salted hash and the salt in the same record in the database.

That is what LinkedIn should have done!

What Can You Do?

Unfortunately, beyond writing your congressman, brow-beating your site’s developers, and boycotting unsafe sites, you can’t do anything about how the passwords are saved. You probably won’t even know how they manage your password until something bad happens and it gets published.

You can, however make sure not to use commonly used passwords, and not make sure that your accounts in sensitive sites have unique, strong passwords, that you don’t reuse.

A password manager tool (I paid for, and love AI RoboForm) can help you keep passwords without having to remember them, and can generate strong random passwords for you.

If this seems like too much work, use levels of security – have one password for unimportant sites, and another safer one for important sites, and a unique one for each extremely sensitive or money-related site (email service, bank, PayPal, etc.).

I hope this helped clear out the air around LinkedIn, hashes, salts, and your own safety.


Tuesday, May 8, 2012

One Team’s First Sprint Planning Session

This post is a bit different than my usual ones. Instead of orating off of my soapbox, I’d like to share a moment of agile bliss that I had today. One of the teams I work with at my customer’s company conducted their first “truly agile” sprint planning session. This post is a recount of the experience.

What Came Before

About a month ago, I began working on agile methodology training for a few teams at my client. The focus of the training was team work-process, mostly using Scrum as a template for how we will do things, with a few Kanban inspired overrides. In my first few sessions, I focused on what a user story is, what a task is, and the concept of focusing the team’s energy on completing user stories as fast as possible.

What I taught them boiled down to a few key take-away points:

  • A user story is an independent increment in functionality that is valuable to a stakeholder, that can be completed by the team in one sprint
  • A task is one developer’s day of work, on one component of the system that is affected by its user story, or work that needs to be done to meet the team’s quality standards.
  • Each team member pulls an unassigned task from the most important, unfinished user story

Initially there were arguments on all points: “Our stories are too big for one sprint”, “What if a task takes more or less than a day?”, “It’s easier to assign a story to a developer”. I had to convince them that these basic ideas are important and valuable, or at least to give them a try.

The Man’s Too Big…

imageWhat we did was take one “too big” user story, and look for some way to break them down in to thinner vertical slices. We ended up with stories that use naïve implementations, or serve a smaller set of clients, or handle a smaller set of scenarios, with further stories that cover the difference in robustness, clients and scenarios.

With regard to the tasks, I suggested that we simply split tasks that feel too big, or join tasks that feel to small, and not to worry about their actual length. We’ll measure the averages and variance after the end of the sprint, and look for better ways to be more predictable as needed. It was more of a let’s simply try it solution.

The Man’s Too Strong!

imageThe longest argument was over whether the first story warranted having multiple developers swarm on the tasks until the story is complete. One developer felt most strongly that it’s a waste of time to have multiple people learn the story, since we’re certain to complete it in time either way. Another developer didn’t want to be pegged in just the server (or client) coding tasks of each story, and felt that owning a whole story gave her more satisfaction. She also expressed concern over the pain of complex merges. Incidentally, it was mostly the QA engineers that immediately accepted the value of working on one story’s tasks in parallel.

Here are the points I made to alleviate their concerns:

  • Having multiple developers learn a story is a great benefit, as it will allow flexibility in task assignment now, and further down the line in future sprints that may have related stories
  • Having more people understand the story will eliminate bottlenecks (and increases the team’s bus factor – a good thing)
  • Regarding the perceived focusing on one component, some other team member chimed in, suggesting that nothing would stop her from taking a client-side task in one story, and a server-related one in the next. I was really happy that other members joined the discussion; it was no longer a teacher-class relationship, but a team of peers
  • I also reminded the team, that since we define a task as the work on one component for a day, and since we focus on completing one story before moving to the next, we are actually reducing the chance of two developers having to manipulate the same object at the same time – which of course reduces the merge conflicts! Further effort can be made to remove the rest of the edge cases almost entirely
  • I further mentioned that there will be at least two members working on each story in any case: one coder, one tester.

Planning the Sprint

imageThe rest went by rather smoothly. The team calculated how many expected work days they have in the sprint. I suggested that we simply add them up, rather than trying to split along the lines of coder / tester days & tasks.

I noticed that the backlog had some free-floating tasks, i.e. not related to any user story. I asked the team about those, stating that unless there is some value to a stakeholder, the task may be a waste of time. The team told me that it was technical debt. After some discussion, we agreed to deduct the tasks from the available work days, rather than creating fake user stories – we have to own up to the fact that we are paying back a debt to the system, not adding value to it.

The team-leader-turned-part-time-product-owner gave a rough stack ranking (there were several items high on the list with the same rank). I suggested that if he doesn’t care which of the same-rank stories we complete first, I’ll set an internal rank by the order that they appeared in the spreadsheet. He accepted.

Next we started explaining and breaking the stories. Traditionally, the PO explains the stories in the planning session’s first half, and the team breaks them down in the second. Since the PO in this case is a team member, and fully savvy of the product and solution, I suggested that we simply run down the list until we have as many tasks as we have work days (see how that works out?).

The first story was easy. We created 4 coding tasks and 2 quality related tasks.

Break it Down!

imageThe second story was a whopper. We knew it would take most of the sprint. One developer suggested that we split the story by data source – one part retrieving one source’s data, the other part retrieving the second source. the team leader shook his head. “The customer needs both”, he said. There is no value in supplying just one. We’ll split it some other way, if we have to”.

You couldn’t erase the smile from my face with truckload of erasers. I knew for sure that he got the idea of what a user story is!

With the second, larger, story, the team leader frowned and looked at the task list. “This doesn’t feel right” he said. When asked what the problem was, he said that one task is too big – it will take longer than a day. The team then split it in two parts, and added a third task.

And we were done estimating and committing. Just like that.

All in all, we spent about an hour of planning, 2-3 minutes of which were spent “estimating”, which is to say deciding how to split that “too big” task.

An Agile Manager in a Brave New World

At the end of the meeting, the team leader expressed his regrets that we don’t have a full-time technical-product-manager (TPM) which is the closest role they have to a Product Owner. The group manager, who was present for the Sprint Planning picked up the impediment and answered “Let’s take it offline; I’ll try to get one to join the team ASAP”.

Yes sir! The manager became the Scrum Master’s Scrum Master, as per my suggestion in my previous post.

Here’s What We Didn’t Do

There are several things the team didn’t do:

  • Defining proper user stories – I didn’t bother following the ceremony of form with the stories, declaring the reasoning and the interested party. I ignored this because I wanted to avoid too much change-shock at once. Next sprint we’ll focus on that. For now, I felt that understanding the concept of value was more – well – valuable
  • Estimate the effort involved in the stories. Personally? I hate estimations. I think they’re useless, most of the time. I noticed that most of the time spent in a sprint planning session is wasted on planning poker, story points and ideal hours, and in the end – they don’t help the project’s predictability in any noticeable way. Instead, we’ll measure, and seek a low-variance way to split the tasks. That will be better. and cheaper

In the End

All in all, it was a great first “agile day” for the team. It was fast, to the point, and everybody participated in every part of the session. Tomorrow I will work with them on building their Scrum-board, and walk them through their first “real” daily meeting. I can’t wait!

So, what do you think? Want to hear more such experiences? Is there anything I did that you like? Something I could have done better? Please drop a comment. Don’t be a stranger!

P.S. A special thank you goes to Mark Knopfler, lead vocals and guitar legend from the Dire Straits, for inspiring the titles of two sections, in his wonderful song.

Saturday, April 28, 2012

How to Manage a Self-Managing Team?

imageAs we all know, there’s no shortage in confusing and counter-intuitive ideas and practices in the Agile world, but the idea of a self-managing team has to be one of the best. Indeed, the idea that a manager can manage a self-managing team sounds oxymoronic at best, and at worst – plain moronic. In this post I will try to clear the air and explain what it means for a team to be self-managing, and what is the role of a manager of such a team.
By the way, this post is the fourth in my series of Demystifying Agile. If you like this one, you may want to read the others.

What Does It Mean to Self-Manage?

imageA self managing team, or as it is sometimes also called, a self-organizing team, is, above all, a mature team. It doesn’t even have follow the percepts of any agile methodology per se, but in fact most do. Probably something to do with maturity.
The first thing such a team does is to take charge of how they do their work, which is to say, they define the tasks they will have to complete in order to deliver the solution (requirement / user story / feature).
They will also be in charge of estimating the cost of their work, decide what work they can complete until the next milestone (or iteration, or sprint), and commit to it.
They will take control over their development process and the responsibility of improving it in order to develop a better product, while reducing the cost, as much as they can.
They will (to some extent) be in charge of identifying anything that may impede their progress, any issue that may stop them from completing a task or meeting a deadline, and either resolve what they can, or report to their superiors what is beyond them to solve.
Depending on whether or not the Product Owner is considered part of the team, they will define what needs to be done: user stories and priorities.
In short, one must merely point them at a goal, and they will do everything needed to achieve it!

So What Do I need a Manager for?

imageAs a manager, you may worry that you have become obsolete. Indeed, all but one manager I’ve worked with, has expressed some form of anxiety over this change and subconsciously hindered my efforts to help the team become self-managing. Incidentally, that one manager simply asked me to tell him what his new role would be in this new agile world. All I had to do was convince him that it will work (if you’re reading this, and you know who you are – thanks for making my job enjoyable!)
At any rate, you are not obsolete – in fact, you are needed more than ever; Your team(s) need you to do those things that nobody else can do:
First off, there’s the whole matter of human resources and financing (some might say it is the same). No agile methodology that I know of, suggests that the team is responsible for the following:
  • Hiring new employees
  • Negotiating compensation and benefits
  • Purchasing equipment, software and other tools
  • Authorizing personal absences (see below however)
  • Anything else that is not directly related to the team’s work
  • Yes - Firing a team member that cannot or will not do his job properly

Regarding the matter of personal absences, a mature team could handle the matter of absences by themselves, accounting for planned absences when planning the iteration, and dealing with the consequences when they are unforeseen. The absences would still be accounted and authorized within what was agreed in the compensation package, but the manager might be relieved of having to deal with the day-to-day issues.
What else? In a traditional hierarchy, a manager is in charge of team leaders, who in turn are in charge of the team. In an agile world, the team leader is often replaced by the Scrum Master (or Agile Coach), who serves the team by removing impediments from its path.
An agile manager could serve as the Scrum Master of Scrum Masters. A scrum master who encounters an impediment that he cannot resolve, needs someone to turn to. Enter the Agile Manager, the servant leader for the teams. With the backing of his position the manager can do more to resolve the issues than the scrum masters might do on their own.

All This Sounds Great, But How Do I Get There?

All of this may sound great in theory, but you know your team; they are simply not ready for all this responsibility. So you may wish to “thank” me for wasting your time, right?
Look back at the list of things that the self managing team does. Now back at your tasks. Now back at the team’s. Looks familiar? They are – or were – your tasks. Now look at it again. It’s their tasks, only you were handling their work for them!
Work with the team, relinquish these tasks, one by one, suggest that they take over them. This can (should) be part of their Kaizen, their continuous improvement.
Sooner or later – sooner, actually – you will find yourself the proud agile manager of self managing teams!
Now you will finally have the time to do all of those things that you never had the time to do.


The Agile Manager is the financer and builder of the self-managing teams he is in charge of. The agile manager is also the scrum master of scrum masters and solves the issues that they cannot resolve on their own.
The path to self management is not a short one, but not a very difficult one. You can get there, one step at a time.
Try it, I believe that you will find it rewarding and liberating.
If you have any experience managing self managing teams, why don’t you leave a comment with a pearl of wisdom of your own? Be a sport.

Thursday, April 19, 2012

How to Reinstall the Fingerprint Reader on a Dell Laptop

dell-fpI love my Dell Mobile Workstation. It’s a Precision M6600. Yeah. The big one. With (almost all) the works (no touch screen or SSD drive). Recently I reformatted it. I don’t mind, really, I was thinking of doing so anyway. A digital spring cleaning if you will. Spring cleaning and Decrapification.

The Story of My Woes

It took me about an hour or so to get Windows 7 up and running, and (most of) the drivers working. Just extracted the big giant drivers’ CAB for my machine, and pointed every unknown driver in the device manager at the root folder, and got it all up and running.

All but the finger print reader.

I couldn’t get it to work. There was no unidentified driver left, but there was no biometric device defined either.

Dell’s support site was no help either; I went through the site, having entered my Service Code, and got a list of drivers and applications for my machine. Nothing there pointed me in the right direction.

After a day or so, I found the finger print reader app from Authentec, and tried to get it to work, but I couldn’t. While I got Windows to identify my finger print reader module, and it read my fingers, I couldn’t get it to “enroll” my finger prints.

And for some reason the interface really didn’t look familiar.

Took another day scouring the web, looking for a solution. I started worrying that I somehow damaged my device. And that really drove me nuts. I love using the FP reader to authenticate.

And then I found -

The Solution

Important note: This download is for the Dell Precision M-series Mobile Workstations for 64 bit Windows. Before installing any driver, firmware or application, verify that your machine make is supported!

In the end, no single blog had the solution for me. I had to mix parts of this and that, but here is the result:

  1. If you’ve already futzed with the FP reader, uninstall ControlVault and and Finger Print related software
  2. Install the Dell Data Protection | Access -- Driver Package. You can get it here.
  3. Install the Dell Data Protection | Access -- Middleware Package. You can get it here.
  4. Install the Dell ControlVault Windows Biometric Framework Integrated. You can get it here.
  5. Install the Dell Data Protection | Access – Application Package. You can get it here.

You will be told to restart once or twice. Make sure you do so! It’s important.

That’s all there is to it. Unfortunately, these apps did not appear in my list of suggested apps. The installation instructions on Dell’s support site are misleading.

I hope you have an easier time of it than I had.