Articles in “October 2005” from Datamation Blog

In the interests of helping U.S. companies better compete in the global marketplace, I pass along this valuable ecommerce tip: Many Britons like to get drunk and buy stuff online. Actually, I do too, but I lack the purchasing power of a modern island nation. According to this article on the British news site Netimperative, a survey commissioned by consumer behavior consulting firm Conchango reports:

A growing number of Britons are shopping online after one too many drinks, resulting in the spread of a new syndrome called BLOTO (Buying Loads Of Tat Online), according to new research.

Conchango's survey reveals that "7% of Britons know someone who has shopped online while under the influence," Netimperative writes. (I don't about you, but "know someone" to me sounds an awful lot like "I have this friend"...) It gets better:

The survey also found that 6% of all Britons know someone who has shopped online in a state of undress.

Now that's sassy! (Note: I am fully clad as I write this.) Here's the article's money quote, from Paul Dawson, head of customer experience at Conchango:

"In the past, experts have said that consumers are often put off shopping online through security fears. But it would appear that all caution is going out of the window following a drunken session."

Truer words were never spoken.

I know outsourcing and offshoring are serious issues for IT workers, especially those who have lost jobs or are worried they will, but here's a humorous Doonesbury cartoon that suggests a clever way to beat the system.

Back when Motorola and Apple were releasing an iTunes phone, I mentioned my belief that the tech industry gets wrapped up in itself with many of the products and services it develops. The iTunes phone (a.k.a. the ROCKR) was being released with much fanfare despite research that suggested what people really wanted in a phone was simply a phone. And where is the ROCKR now? Probably on a shelf at the nearest Cingular dealer. It's the Edsel of cell phones. I'm not trying to sell myself as an oracle (note the small "O"), but one of my favorite things about the Internet and blogging is how easy it makes it to find someone who agrees with you. In this case, his name is Matt Asay and he's got a blog that focuses mostly on open source issues. Last week, he wrote a nice little essay called Self Indulgence and Silicon Valley.

Living in Silicon Valley, it's easy to forget this simple fact: no one else cares about technology as much as the Valley's denizens do. No one. Other people make money in other ways, and so technology doesn't live front and center in their lives. It's a complement, at times, but not their lifeblood.

Matt's motivation wasn't the ROCKR, but rather the release of the Flock browser, a Web 2.0 creation chock full of social networking tools.

Silicon Valley lives in a technology cocoon — a bubble that shields it from thinking about the real world, about real customers. Fortunately, the Valley has a few airports which provide the opportunity to take field trips to meet real people, but things like Flock make me think the Valley just doesn't get outside of itself enough.

Matt supports his point by talking about the billboards on Highway 101, the main route through Silicon Valley. They're all advertising tech companies. Meanwhile, the billboards I see on the way to work advertise beer, people that paint houses, and casinos. You know, the stuff the rest of America does when it has some time and money to spend. Thanks to Carsten Pedersen for the link.

Katherine Spencer Lee, the executive director of Robert Half Technology, stepped up to the plate over at CIO Update last week to write about five types of poor management styles. The five she lists, and we've all known at least one of them, are:

• The Micromanager
• The Best Buddy
• The Invisible Boss
• The Dreamer
• The Read My Mind Boss

I'm sure most of us can add to this list as well. What most people need, especially if they suffer from one of the aforementioned afflictions, are more tips on being a good manager, and fewer enumerations of what makes a bad manager. So allow me to take a stab at reading between the lines. The central theme of the five problems Lee lists are related to communication: either too much communication, not enough communication, or not the right kind of communication. If you're an effective communicator, your chances of being a good leader increase significantly.

Well, it's not the death ray I would have preferred, but the Anti-Spyware Coalition has put the finishing touches on tools it hopes will aid in the collective fight against spyware. The ASC has published a Definition of Terms and a risk-modeling document -- the former to give vendors and users a much-needed common language and the latter to determine if a piece of code is spyware. In a show of admirable restraint, none of the spyware definitions included expletives. The ASC also provides some handy tips for fighting spyware, and Intranet Journal offers its own comprehensive spyware guide, which does contain expletives.

It's not the next edition of Geraldo, this one comes from Gartner. Our own Sharon Gaudin recently spoke with Linda Cohen, a vice president and chief of research at Gartner, about outsourcing. The result is an interesting story on the Datamation site today. I've seen the outsourcing story done from all the usual angles: whether or not it saves money; whether it's right for your company; and whether the risks are worth it. Those stories have been done over and over. What's new here, to me anyway, is the mention of an outsourcing addiction in which executives seem to be doing it because the cool kids are doing it, and it's not helping their organizations.

"Today, outsourcing is applied to basically be a remedy for cost problems or assumed cost problems," adds Cohen. "The thought is if they outsource this, it will be cheaper. And that's not usually the case. We've gotten to a state of compulsive outsourcing. It's this need to outsource because everybody else is doing it... It's keeping up with the Joneses. If my competition is doing it, then we better do more of it."

If you know an executive trying to fight off an addiction to outsourcing, try to get them to focus on the number three. There are, according to Cohen, three reasons to outsource:

• Cost Improvement
• Operations Improvement
• Business Performance Improvement

It's that first reason that executives fall in love with; then they end up ignoring the other two. The other important three is three years:

And while outsourcing and offshoring might save a company money in the short run, it's often not a lasting result, according to Cohen, who says many companies will save money the first year. If a company was in really bad shape before they outsourced some work, they might save money for two years. However, when the deal hits the third-year mark, things tend to blow up, says Cohen.

Remember, there's help for everyone.

U.S. Census Department statistics on household Internet usage show an online nation divided along economic and educational lines. The numbers are from an October 2003 survey, the latest figures available from the federal government. The good news is that, even in the poorest states (with one exception, barely), more than four out of 10 households are connected to the Internet. The bad news is that they're still well behind the more affluent states. Here are the top five states in terms of percentage of households online, followed in parentheses by the state's ranking in terms of median household income: Alaska -- 68.5 (4) New Hampshire -- 65.5 (3) Colorado -- 63.4 (10) Connecticut -- 62.9 (5) Utah -- 62.6 (12) Now here are the bottom five, along with their median household income ranking in parentheses: Mississippi -- 39.5 (49) Arkansas -- 42.3 (48) Louisiana -- 44.1 (47) New Mexico -- 44.8 (45) Alabama -- 45.8 (43) The PDF file of the Census Department report contains a number of fascinating charts and graphs breaking down Internet by a wide range of demographics. Here are a few items of interest:

The highest level of Internet usage, in any demographic category, is by households with incomes of $100,000 or more: 92.2 percent People who haven't graduated from high school comprise the lowest level of Internet usage (20.2 percent) The top region is the West, at 59.2 percent household Internet usage

I was talking to a friend who works in IT a few weeks back. He was visiting a client that's in an industry famous for its tight security measures, which in this case included random password generation. What they found, however, was the passwords were being kept on sticky notes under the keyboards. There is an informative thread over at AntiOnline that takes a look at what makes a good password. (Scroll down below the initial tongue-lashing.) Chances are the end-users in your organization don't know (or just don't practice it), so here's your chance to pass along some information that will benefit all involved. These particular examples rely heavily on character substitution.

When determining your new password think of common words phrases you will remember, a method of selecting characters from those phrases, and then your method of character substitution. When it is time to change your password again you can keep the same methods for substitution and selecting characters (obviously do not tell them to anyone else) and just select a new word or phrase.

One of the easier character substitution methods I've heard is to take a dictionary word you'll easily remember then move each letter down one in the alphabet. A becomes B and B becomes C and so on. Then you add a number and special character in there, and you have a password.

Just yesterday Microsoft found itself being admonished in a courtroom for bad behavior. Now it turns out Redmond also has been in court recently on a different matter, but this time as a force for justice. Microsoft announced Thursday that it filed suit in August against 13 spamming operations that utilize "zombies" -- malware-infected PCs used to send millions of spam emails. The company is working with the Federal Trade Commission to combat spam zombies, whose cursed existence threaten everything that is good about the Internet. It's not Redmond's first legal offensive against spammers. The company has sued spammers for labeling violations under the Can-Spam Act. But Microsoft officials are convinced that zombies are responsible for more than half of all email spam. Tim Cranton, Microsoft's director of Internet Safety Enforcement Programs, said:

"We believe there are tens of millions of zombie computers out there."

Is yours one of them?

Consumers have always enjoyed using the Web to browse for things they want and then going to buy them offline. I remember writing about such behavior back when I wrote about Internet market research for CyberAtlas in the late 90s. We may see more of this behavior this holiday season. Brian Krebs over at the Washington Post's Security Fix blog wrote yesterday about a Consumer Reports study that found 25 percent of Internet users no longer shop online because of fears over identity theft and fraud.

Nearly nine out of ten said they had made changes to their behavior online due to the fear of ID theft, and of those changes, 30 percent said they had reduced their overall use of the Internet. Among those surveyed who said they have shopped online (77 percent), 29 percent said they have cut back on how often they buy things over the Internet.

This is interesting. A lot of the problems with identity theft and online fraud are more perception than reality. And who is doing a lot of the scaring of these consumers? Well, you can blame the media. You can blame the FTC and its misleading numbers on identity theft. But you also have to blame the credit card companies and banks that issue them because their ads for ID theft protection features create a panic. Those same credit card companies, however, make money when people make transactions. Online shopping, as we all know, is done almost entirely by credit card. Talk about shooting yourself in the foot. It may not be a huge deal for retailers with an offline presence. (Even though your identity can be stolen offline, consumers feel safer about being there.) But you have to wonder how much this type of consumer behavior comes into play when you see Amazon giving lower fourth quarter guidance.

There was a time I guess, though I don't remember it myself, when an executive who wanted to get a message out to his employees got everyone together in person in what they called a "meeting." OK, I'm not that young. We had in-person meetings at my first job. But what about geographically dispersed organizations? What about when the boss is on the road and wants to send a message to everyone? The Evolution of Corporate Communications is a new article by Paul Chin on our Intranet Journal site, and it discusses some of the new ways to spread the word among the rank and file. Not only do many corporations have intranets, but they're now using tools like RSS feeds and podcasts because e-mail has proven, largely, to be a failure. Even before e-mail was ruined by spam and chain mails, communicating to employees was never easy.

Trying to get a message across to every employee in an organization is a lot like trying to control kids in a school bus: some will listen; some will hear but misunderstand the message; and some will ignore the message altogether and later complain, "But nobody told me."

Who knows? A new way to deliver the message just might give it some attention.

Either there's been a terrible misunderstanding or spam has taken a dangerous new turn. From our friends at Techdirt comes a bizarre tale of a Swedish programmer who reportedly was arrested in Greece "after some people he met (in person) received some spam -- and accused him of sending it." As Techdirt accurately notes, "the details are a bit muddled," but the gist of the story -- as told by the programmer's wife -- seems to be that:

Rick (the programmer) met some people, who later all received nearly identical spam. They immediately assumed that since they had met Rick together, and they all received the same spam, it must be his fault.

Talk about an open-and-shut case! Let's hope our Swedish programmer gets a good lawyer. In the meantime, I've got to fend off a spam attack, no doubt perpetrated by the guy I bought coffee from this morning. That bastard!

Microsoft got a little scolding from a federal judge today for seemingly reverting to its bullying behavior of yore, which I wrote about last week. At a status conference in connection with Microsoft's 2002 anti-trust settlement, U.S. District Judge Colleen Kollar-Kotelly said:

"It seems to me that at this date, you should not be having something like this occur."

The "something like this" was drafting a restrictive marketing agreement with portable music player manufacturers that essentially said: If you want to use Windows Media Player in a software package, you can't use any other media player software. But after the draft agreement came to the attention of the U.S. Department of Justice, Microsoft quickly backtracked and never sent out that version of the document. At today's hearing, a Microsoft attorney dismissed concerns about a monopolistic relapse, blaming the mistake on "a low-level business person," a new hire who didn't understand the ramifications of the DoJ settlement. Brownie?

Keeping employee morale high is an especially daunting challenge in these times of short staffs, long hours and questionable career prospects. Over at ITtoolkit.com there's a good piece on managing staff burnout. (If you're already a member of the site, you can read it here. Otherwise, you have to join; it's free.) The article includes a staff burnout "warning sign checklist." Among the things to watch for:

Sudden attendance problems A decrease in productivity and performance Withdrawal from co-workers Open anger and hostility

That's a good list, but I've thought of some other sure signs an IT worker is burned out:

Deterioration in quality of personal blog written on company time Makes Monster.com home page on office computer Begins "liquid lunch" at 10 a.m.; not seen again Refers to IT colleagues as "a bunch of damned geeks" Claims office "March Madness" pool is "fixed" "Windows, Linux, what's the difference?"

Then do I have a deal for you. How about a free report from Brenda Michelson, the architect-in-residence for the Patricia Seybold Group? In her blog this week, Brenda excerpts a new report she wrote on Open Source Considerations. It's not about whether you should use open source, because in some areas — like Apache for Web servers — open source has become a de facto standard and you're probably already using it. The report focuses more on where it makes sense to use open source in your organization.

I believe open source absolutely has a place in the enterprise; and that enterprises have some responsibility to contribute back (resources, code) to the open source community. Of course, on both ends, you need to be smart. Understand the implications of licensing, IP (yours and theirs), support (yours and theirs), code quality, security and stability, project adoption and longevity, and total cost — because nothing is really free.

Some would say that goes for the report too, since you do have to create an account with your information to download it, but there is no charge. Thanks to Steven O'Grady for the link.

We're not as far removed from first grade as you might believe. There is a premium placed on people who know things. We don't like to share or collaborate. We like to get credit when things go well. Our organizations need collaboration to thrive, but humans are pretty territorial when it comes to information. Scott Berkun has a good post today on the right way to develop requirements. He's talking about software and Web development here, but it can be applied to all sorts of stuff in IT.

Requirements should be built in the open, with invitations to designers of all kinds to vet out requirements early on with rough prototypes and mock-ups to prove (or disprove) the assumptions made by the requirements. If quality requirements are the goal, there is every motivation to involve the people who will do the work in the their definition.

Scott also provides an example on how not to collaborate on a requirements project:

One of the things stupid people do is this: Person A (aka Mr. stupid) writes a requirements document. He makes it super detailed and 50 pages long. He then throws it blindly over a wall (thud!) to person B and says "Do this."

Thanks to James Robertson for the link.

Want to ascend to a higher level of digital being? Buy an iPod. A new survey by market research firm Intelliseek concludes that users of Apple's wildly popular portable device "are a highly influential, wired, content-creating group." What powers do they wield? According to Intelliseek, iPod users are:

Twice as likely to have authored a blog than consumers who do not own MP3 players 2.5 times as likely to exchange text messages on cellular phones Three times as likely to take photos with a camera phone Three times as likely to download video clips and movies to a personal computer Significantly more likely to own digital video recorders, personal digital assistants, digital cameras, laptop computers and cell phones than non-iPod owners.

So there it is: iPod owners are masters of the digital domain. The rest of us, mere mortals.

Are you wasting valuable work time reading this blog? Of course not! At least not if you're an IT manager because this, as the orange banner tells us, is an "IT Management Blog." And reading work-related blogs inarguably is a form of professional development. But according to a survey reported in AdAge (free subscription), most of the blog-crawling done by American workers on the clock is, to use the technical term, "goofing off." And a lot of goofing off it is. From the AdAge article:

About 35 million workers -- one in four people in the labor force -- visit blogs and on average spend 3.5 hours, or 9%, of the work week engaged with them, according to Advertising Ages analysis.

Further, the article reports, a rough drill-down of the numbers shows that "just 25% of blog visits directly connect to the job." Which means that by being here, you're just doing your job. Well done, my industrious friends! For those at-work readers who aren't IT managers (or even in IT), well, you're goofing off. (Thanks to Heather Green of BusinessWeek's Blogspotting for the heads-up.)

I've covered content management technologies enough to know that the market seems to always be in some sort of chaos. The gang over at Jupiter Research said last year that 60 percent of organizations manually update their content manually, despite the presence of a Web content management system. A Forrester survey from January found that many organizations are unhappy with their implementations, and are planning to extend their deployments with a different vendor. Tony Byrne of CMSWatch, who probably knows more about the Web content management space than anyone, wrote about stating the business case for WCM in the latest issue of AIIM's E-Doc magazine.

In general, the promise of financial benefits of a WCMS is real but must be tempered by the ongoing requirement to pay for maintaining and improving the WCMS itself, as well as the potential for cost overruns if the solution is mismatched to your needs (a woefully common experience).

One of the most popular selling points for WCM, and Tony points it out, is putting control of the content in the hands of the business people. If it's done properly, that's one more menial task that can be taken out of the IT department.

If there's one thing I've learned by blogging on IT management topics, it's that certain topics are constantly getting hammered home — especially when it's an attempt to improve communications between CIOs and CEOs. Last week, Mark McDonald, Gartner group vice president and analyst, presented Gartner's 2005 CIO Agenda, which is based on surveys and interviews with more than 1,300 CIOs and is an annual practice going back to 1998. McDonald's take on improving the communication between the CIO and CEO is to keep it simple and remove the tech speak.

"We have one client who cut their order-to-ship time from 13 from three days," McDonald said. "The cost goes down and the customer service improves." That company's CIO, McDonald said, could point to results that any CEO would understand, and appreciate. And it was simple, he said. "First, they deleted old code. And they changed the frequency of batch. Those two changes pulled 10 days out of the cycle."

The point is the CEO probably doesn't care about the code and the batch, but he or she does care about the 10 days being saved in the process. The CIO Agenda also found that business intelligence and security were the top spending priorities for CIOs in 2005, and it outlined six priorities for the coming year, including (what else) management of the CIO-CEO relationship. Thanks to Shared Spaces for the link.

To go along with my earlier post about the U.S. government spying on us online... We have this from SiliconBeat's Matt Marshall about the CIA's (yes, that CIA) venture capital investments and this in the San Jose Mercury News about a federally funded research project at Stanford to dramatically improve the government-created global positioning system (GPS):

The interdisciplinary research center wants to create a navigation system capable of locating objects within one centimeter, or less than half an inch. The center hopes to achieve that goal within the next 20 years.

Is it me, or are these the "takeaways" for today?...

1. The U.S. government wants the ability to secretly monitor anyone online. 2. The CIA is investing in wireless and sensor technology to, as SiliconBeat reported, "aid in urban area military operations -- from Baghdad to Kabul or wherever else the nation's troops are working." 3. Within two decades the government's GPS system will have the ability to pinpoint the location of an object -- or person! -- within a half-inch.

But let's not get carried away. Knowing these things shouldn't make us worry. It's the stuff we don't know about that should.

Sure, they built it and think they have the right to control it. But should the U.S. government be able to force others to spend billions on network upgrades so law enforcement can spy on users? Sounds like the kind of scenario one reads about when visiting the more paranoid corners of cyberspace. Yet there it is in the regular, non-paranoid news:

The federal government, vastly extending the reach of an 11-year-old law, is requiring hundreds of universities, online communications companies and cities to overhaul their Internet computer networks to make it easier for law enforcement authorities to monitor e-mail and other online communications. The action, which the government says is intended to help catch terrorists and other criminals, has unleashed protests and the threat of lawsuits from universities, which argue that it will cost them at least $7 billion while doing little to apprehend lawbreakers.

You'd think the government would want to help out cash-strapped universities and municipalities by offering to pay for their own spying program. Oh yes, there's that record deficit thing. The universities aren't challenging the order on civil-liberties grounds because, thankfully, the U.S. government wouldn't think of beginning surveillance without first getting a court order. Right? Hmm. Maybe we should be paranoid.

I read the book Freakonomics this weekend, so you'll have to forgive me if I sound like I'm looking for a conspiracy theory here. I'm not. It's just that the numbers we have thrown at us on a daily basis rarely mean what we're told they mean. That's the central theme of Freakonomics, and it's pretty often the case if you look closely. CNET this morning, as part of a package of stories and features about identity theft, has a story about separating the myth from the reality when it comes to stolen identities. It begins with the tale of a young woman whose information was on a laptop stolen at the University of California. I can relate to her. I received a letter from my alma mater saying that my personal information (as someone who donated money) had been compromised. But the same thing happened to me that happened to the woman in the story: nothing. In fact, only 2 percent of the information taken in a data compromise is ever used. All of the noise we hear about identity theft, some of which comes from credit card companies trying to sell identity protection products, obscures a basic fact: identity theft is exceedingly rare. The truth is, consumers are much more likely to fall victim to identity theft offline than they are online.

Moreover, in those cases when online consumers do fall victim to fraud, they find out faster and suffer much lower financial losses than victims who relied on more traditional means of interaction, such as paper statements from banks--an average per incident of $551 as opposed to $4,543, according to the Javelin survey.

An often cited number when it comes to the so-called identity theft epidemic is the FTC's 10 million cases number from 2003. But one-third of those cases are actually credit card fraud — something credit card companies live with, issue refunds for, and view as the cost of doing business. When I spoke to analysts from TowerGroup last year on this subject, they explained the FTC's numbers this way: If there are 100 million people in the U.S. that have credit (you remove all of the kids and people who don't use credit), and there are 10 million cases of identity theft each year, then within 10 years we shouldn't be able to figure who is who. It's just not the case.

The Mission: To develop ground-breaking information processes or software applications for the healthcare or education fields. The Caveat: The stuff you create must be based on industry-accepted standards. Your Assets: Your imagination, your coding ability, and free access to 45,000 IBM patents. What's In It for You: You help bring education and healthcare technology standards up a notch and create systems and standards that allow interoperability, and IBM won't get in the way by looking for royalties on the patents you use. What's In It for IBM: Advances in interoperability open the door for IBM to market grid systems, business process consulting, and SOAs to people. I just learned less than two weeks ago that IBM is the top patent-holder in the U.S. and now they're giving the place away.

Gary Stein over at Jupiter Research links to a video by Microsoft that offers a behind-the-scenes look at the company's We-SYP program. Standing for We Share Your Pain, it allows users to physically torture Microsoft developers responsible for program errors. You gotta love British humo(u)r...

You'd think Microsoft would know better, especially now that Google's phenomenal success gives Redmond an excellent opportunity to play the beleaguered underdog. Yet according to this IDG News Service story, Microsoft just can't shake that bully complex. Recently the company demanded that manufacturers of portable music players who want to include Windows Media Player (WMP) in software bundles use only WMP, none of this RealPlayer or QuickTime nonsense. The bully backed down after someone told its parole officer -- that is, after an unnamed competitor filed a complaint with the U.S. Department of Justice. The DOJ has been monitoring Microsoft's behavior and issuing compliance reports twice a year since negotiating an anti-trust settlement with the company in 2002. The DOJ called Microsoft's efforts to muscle portable music player makers "unfortunate," though it declined to take action in the matter. Still, Microsoft would be well-advised to lay off the strong-arm tactics; while the sanctions are scheduled to end in 2007, they can be extended if the court finds reason.

Everyone in IT Management knows disputes between the IT staff and the corporate customers are going to happen. Writing in IT Manager's Journal this week, John Murray suggests appointing an ombudsman to act as an arbitrator in such cases.

Turning to an IT ombudsman to mitigate difficulties between the IT department and its customers can reduce the level of hostility within those groups. The salient question, of course, is "Will it work?" As is true with so much else in the relationships between IT and its customers, much will depend upon the culture of the organization. When those involved, including senior management, recognize the problems and commit to improvement, moving to an ombudsman can produce results.

My first thought is that we're looking for the Tom Smykowski character from Office Space; the one who tells the consultants he deals with the customers for the engineers because he has "people skills." Yeah, he got laid off. It's possible, I suppose, that an ombudsman might work in some organizations. But we're talking about a problem here that could be handled by managers with strong leadership skills, strong communications skills, and a solid background in requirements gathering and project management. I've always been big on efficiency myself, so an ombudsman doesn't seem like a great way to solve such problems to me.

It's been a big week for PHP, which is saying a lot because programming languages don't often have big weeks like, say, a baseball team does. The Zend/PHP Conference is wrapping up today, so let's take a second to review some of the news. First, there was the announcement of the Zend PHP Framework, which fans of the LAMP (Linux, Apache/MySQL/PHP) application stack hope will push PHP into serious competition with .NET and J2EE.

The Zend PHP Framework is an effort to create a body of PHP code that standardizes PHP application development. It's envisioned to provide services as well as structure enabling developers to build and deploy mission critical PHP Web applications.

In a speech at the conference, Marc Andreessen touted PHP and dissed Java, which he said started strong in the 90s because it was optimized for programmers, not machines.

"Java is much more programmer-friendly than C or C++, or was for a few years there until they made just as complicated. It's become arguably even harder to learn than C++," Andreessen said. And the mantle of simplicity is being passed on: "PHP is such is an easier environment to develop in than Java."

Speaking of simplicity, RedMonk's Stephen O'Grady gave a presentation at the conference on the simplicity of PHP, and has made available the brilliantly minimalist slides via his blog. They include a quote from some guy named Gates about using less code.

A lot of IT managers say they are disappointed in their chosen profession and wouldn't recommend it to anyone, not even the geeks they know. For those IT pros looking to make a change, this is the first in an occasional series exploring jobs in other fields.

I know spam isn't a living, breathing entity, and I'm reasonably certain spammers have no souls, but it occurred to me recently that you could use the existence of spam as a cyber-ontological argument for the theory of evolution, now being challenged in a Pennsylvania courtroom. For what more is spam than a collective organism able to adapt itself to survive - indeed, to thrive - in a rapidly changing, hostile digital environment? Email spam, newsgroup spam, blog spam and, now, splogs -- all are mutations that evolved to ensure continuation of the species. Yet how could such an insidious scourge so skillfully and consistently defeat our most sophisticated defense mechanisms, if not for the invisible guiding hand of an intelligent force, a creator? In this case, a malevolent, disturbed creator. OK, so I don't have much to blog about today.

Something new is brewing in the open-source world, and it's making the pages of a lot of technology Web sites and magazines lately. I'm talking about Alfresco, an open-source content repository that had a preview release back in June and should debut before the end of this year. Content management is hardly the type of application that gets the blood flowing for most, but there are a few things about Alfresco that make it a good story and a product worth watching. As P.G. Daly pointed out in our story on Intranet Journal, Alfresco was founded by John Newton, co-founder of Documentum, and John Powell, former COO of Business Objects. It has backing from some major VCs as well. Unlike other open-source content management applications, Alfresco is focused on document management. While it's short on some of the features that a more-established application like FileNet has, it does include workflow, metadata support, hierarchical folder structure, rules-driven processing, content classification, indexing, and retrieval. It looks and acts like a shared drive. Tony Byrne of CMSWatch told Computerworld that Alfresco "is initially targeting very simple document-collaboration scenarios of the type that SharePoint has addressed so successfully." Sticking with the open source vs. Microsoft theme, InfoWorld asked if Alfresco was the SharePoint killer. I suppose if Alfresco really takes off, it could become to document management what Apache became to Web servers: the open-source, default option. How large and useful the community that surrounds Alfresco becomes will go a long way to determining how far it goes. Clearly, a lot of people are watching.

I was waiting this week for a security expert like Bruce Schneier to share his thoughts on the recent call for two-factor authentication for U.S. bank Web sites. It didn't take too long. If you read Schneier's stuff regularly, you won't be surprised that he thinks two-factor authentication will just make criminals change their tactics, and thus accomplish nothing. He's often made the same observation about security at the airports and at public buildings since Sept. 11. In saying that two-factor authentication won't help the problem in the long-term, Schneier links to two old posts of his. In March, he explained further why it won't work:

Two-factor authentication is not useless. It works for local login, and it works within some corporate networks. But it won't work for remote authentication over the Internet. I predict that banks and other financial institutions will spend millions outfitting their users with two-factor authentication tokens. Early adopters of this technology may very well experience a significant drop in fraud for a while as attackers move to easier targets, but in the end there will be a negligible drop in the amount of fraud and identity theft.

In April, he said that what will help is holding the banks more responsible, much like we do with credit card companies (I fixed a couple of typos in this quote):

Fraudulent transactions have nothing to do with the legitimate account holders. Criminals impersonate legitimate users to financial institutions. That means that any solution can't involve the account holders. That leaves only one reasonable answer: financial institutions need to be liable for fraudulent transactions. They need to be liable for sending erroneous information to credit bureaus based on fraudulent transactions.

Credit card companies have learned to deal with a certain amount of fraud as the cost of doing business. They rarely authenticate anyone, especially since purchases online and over the phone have taken off. By setting transaction limits or giving more time for transactions to clear, Schneier says banks can work the same way. I would ask how bad the problem has to get before they're willing to make such a move; especially once they invest millions in two-factor authentication.

It's hard not to get the impression that Steve Ballmer would have been successful selling anything besides Microsoft products. A churning urn of combative enthusiasm and hubristic hyperbole, Ballmer is the entertainment high point of many a tech-industry conference. Here he is delivering the keynote address at this week's annual Gartner Symposium in Orlando:

"We're at the beginning of 12 months of the greatest innovation pipeline that our company has ever had."

And:

"I think Office 12 will be the most exciting Office release we've had since Office 4."

That reference to Office 12 is memorable. In fact, it sounds much like these previous Ballmer quotes about Office versions past:

Oct. 21, 2003: "Today we're launching Microsoft Office System 2003 and I frankly think it is the most significant advance we've made in Microsoft Office in a long, long time." Nov. 5, 2002: "In the next 12 months we'll ship our Office 11 product, which I think you'll find is really a huge step forward, a huge innovation for the information worker." June 7, 1999: ..."so with Office 2000 we really do take a quantum leap forward"...

With that wild-eyed stare of his, Ballmer always appears to have just downed his eighth cup of coffee. Now I know why -- adrenaline alone isn't enough to keep up with all those huge leaps and steps.

Earlier in the month a study by AMR Research found the return on investment for RFID technology could be as much as 10 years away for some companies. No retailer has invested as much in RFID as Wal-Mart, which you can be sure didn't like that news. This week we have a study that Wal-Mart no doubt likes much better. It is, we're told, an independent study, even though it was commissioned by Wal-Mart. It was released by the University of Arkansas, which is the state that Wal-Mart calls home and where Wal-Mart is the state's second largest employer (second only to the State of Arkansas). More specifically, it was done by the RFID Research Center that's part of the Sam M. Walton College of Business. I'm not saying that the RFID didn't help keep items in Wal-Mart stores from going out-of-stock, which the study claims. And I'm not saying RFID didn't reduce excess inventory, which the study also claimed. I just didn't realize Fox News entered the market research business. I also found the reaction of Gartner analyst Jeff Woods in the piece a bit odd. Woods said it was "admirable and beyond the call of duty" for Wal-Mart to release so much information about its RFID studies.

Gartner's Woods said that the study has essential implications for manufacturers, suggesting they could sell more in Wal-Mart stores if they have RFID tags on their products. "It also creates incentive for manufacturers to adopt RFID faster than their competitors," he said. "If their products have RFID tags and others don't, they will sell more and increase their brand loyalty."

This was hardly done for posterity. Wal-Mart has been having trouble getting its top 100 suppliers to go along with its RFID plans from day one. They've spent millions already on tags, readers, and software, and will have to spend much more in the future.

Back at the beginning of October, I mentioned that several people were saying the general sentiment at the Web 2.0 Conference out in San Francisco was that another Internet bubble could be forming. There were plenty of VCs present at Web 2.0, and they spent plenty of time talking to entrepreneurs about "social applications" and next-generation Web thingys that some say lack a business plan. Oh, and Henry Blodget was there, and he said it seemed somewhat bubblish to him. One thinks he would know a bubble if he saw one. Since some people say there's a bubble forming, and since the last time we saw a bubble form in this sector some people made some pretty risky moves to some pretty risky companies, I thought it would be good to link David Beisel's Genuine VC blog. This week, David provided seven questions prospective employees should ask before joining a start-up.

There are many benefits associated with joining a startup as an employee at any level (energized work atmosphere, little bureaucracy, upside), but there are many significant risks coupled with them as well. Of course, a prospective employee should ask numerous questions of both his/her role and the company before joining any firm, but there is a set of questions specific to joining a startup that people should pose.

Most of the questions are related to company finances and leadership changes, as you might imagine. There are also other suggestions from readers in the comments to his post. Now that you've been warned, feel free to take the leap.

When printing out Danny Sheridan's odds from USA Today before every NFL weekend becomes a crime, my HP Color LaserJet 2600n will help convict me. (Well, that plus this published admission of guilt.) My 2600n is one of many color laser printers covertly rigged by the U.S. Secret Service -- in cooperation with several printer manufacturers -- with a set of codes that can trace a page to a specific machine. The code, tiny yellow dots invisible to the naked eye, reveals when a page was printed, along with the machine's serial number. Here's a list of the models and manufacturers, which include Canon, Dell, HP and Xerox. Our friendly feds apparently told the Electronic Frontier Foundation, which recently cracked the code, that the program was developed to help prevent counterfeiting. That's great, but the real issue isn't how spy or tracking technology is being used, it's how it could be used. Here's what EFF Staff Attorney Lee Tien said:

"It shows how the government and private industry make backroom deals to weaken our privacy by compromising everyday equipment like printers. The logical next question is: What other deals have been or are being made to ensure that our technology rats on us?"

Good question.

About a year ago I did an interview with Edward Yourdon, a member of the Computer Hall of Fame and author of two dozen books, including 1992's Decline and Fall of the American Programmer and last year's Outsource: Competing in the Global Productivity Race. One of the themes in Outsource, and in the story I wrote following the interview, is that American programmers and technology professionals should have a specialization that makes them valuable to employers — too valuable to ship their job overseas. Yourdon recommended combining a computer science degree with law or biology, for example. Olga Kharif over at BusinessWeek offered up more evidence that combining a CS degree with law might make for a pretty secure future when she wrote yesterday about a survey by international law firm Fulbright & Jaworski.

An average U.S. technology company currently faces 42 lawsuits vs. 37 lawsuit for an average company. The tech industry places third, after healthcare and energy companies, in the number of lawsuits it deals with. It's ahead of the insurance industry, for Pete's sake!

Tech companies also have more attorneys handling litigation in-house than most companies, averaging nine attorneys for tech companies compared to 3.7 for other companies. I joked last week that because tech companies are spending more on lawsuits than they are on R&D that maybe everyone was going to law school instead of getting into engineering. Now I don't blame them.

For investors unsure which way tech industry stocks are headed, this week's quarterly financial reports from IBM and Yahoo are reassuring. Yahoo announced after Tuesday's final trading bell a Q3 profit of 17 cents a share on $1.3 billion in revenue, easily topping street forecasts for both. On Monday, IBM reported Q3 net profit (excluding one-time items) of $1.26 per share, well above the $1.13 per share consensus prediction from analysts. The market's initial reaction to both quarterly reports was positive, with shares of IBM climbing 89 cents today to $83.48 and Yahoo's stock up slightly in after-hours trading. But I think the key here is the long-term message, that major technology players -- in this case the world's largest computer company and one of the stars of the Internet era -- are finding ways to adjust and even flourish during an economic recovery that seems excruciatingly gradual, if not downright illusory. While I'm not as exuberantly optimistic as this CIO Update columnist ("It's not a bubble, there are no sock puppets, this is real.") that we're in the midst, or even on the verge, of another technology industry boom, there are good signs here, here and here.

One of the most common challenges facing IT professionals is how to communicate with those who are not technologically inclined. But since computer technology is becoming a part of almost every aspect of business, dealing with non-techies not only is unavoidable, it's a critical -- if not maddening -- part of an IT pro's job, whether you're lobbying the CFO for a new server or just trying to educate the troops on how to connect to your network from the road. A site called ITtoolbox has a bunch of blogs offering all kinds of advice to IT workers. One of the newer blogs contains some tips on how to effectively reach those who think "USB" is "bus" misspelled. The key, according to management consultant Lee Hopkins, is to recognize different personality types and appeal to the specific needs of each. Hopkins identifies four types: Extrovert, Amiable, Analytical and Pragmatic. (Perhaps he omitted "Clueless" for brevity's sake.) You can win them all over, Hopkins says, by "making sure that your communication has a reasonably equal amount of the following:"

Facts and figures to appeal to the Analytical and Pragmatic
Enthusiasm and excitement to appeal to the Extrovert
Testimonials to appeal to the Amiable

As for the Clueless, you're on your own.

Brian Krebs over at the Washington Post's Security Fix blog took a tour with Limewire, an online peer-to-peer file-sharing network, this weekend. And what a tour it was. In their rush to find and distribute free music or movies and all that stuff that makes entertainment moguls hate them, many a P2P user leaves their entire hard drive exposed to the network.

I quickly found what I was looking for, and then some: dozens of entries for tax and payroll records, medical records, bank statements, and what appeared to be company books.

Krebs also found many computers that had keyloggers installed to gather keystokes from infected computers and relay sensitive information. Peer-to-peer networks are to spyware what swamps are to mosquitos. This is all stuff we covered in the extensive Spyware Guide we published on Intranet Journal. I'm probably going to be involved with more spyware-related projects in the near future, and I'll keep readers posted.

Financial organizations are finally putting pressure on banks to use two-factor authentication to help stem the tide of fraud that the old user name and password system is unable to stop. The Federal Financial Institutions Examination Council sent a letter to banks recently that said the banks are expected to adopt some form of two-factor authentication by the end of 2006. The good news is that two-factor authentication will make phishing attacks that much harder to pull off. The bad news is implementing two-factor authentication is going to be costly, and could spread beyond bank Web sites. That's the concern of Ray Everett-Church over at eSecurityPlanet.

Assuming a company decides to take the plunge and deploy one of the many proprietary authentication solutions out on the market, if the FFIEC has its way come 2006, it's conceivable that every credit card, checking account, debit card, and brokerage account, will come with its own authentication gizmo.

Everett-Church pictures a nightmare scenario in which the person in front of you at Starbucks has to run out to their car to get an authentication device. Consumers, he says, will become frustrated with numerous key chain devices and suffer "token fatigue," which we all know will lead to the technology not being used at all.

Indeed, the real "Catch-22" of authentication is that banks and merchants must deploy stronger authentication technologies to a mass audience in order to make the world safer. But in doing so, if those businesses demand compliance from the very consumers who have grown accustomed to lackadaisical security procedures, they risk a huge backlash that could set back the cause of stronger authentication for a decade.

First of all, no one is talking about deploying two-factor authentication for every credit and debit card in consumers' wallets. This is for bank Web sites. Optional security features for credit cards have always been just that: optional. But Everett-Church does bring up a good point. Consumers have gotten used to lackadaisical, non-intusive security. And that is the fault of the banks who didn't take enough steps to educate customers about what type of e-mail they should expect to receive from their bank and how to spot phishing scams. Now we all have to pay.

Last week I spoke to a company called Marqui for an article we published on Intranet Journal today. Marqui has a hosted content management system for marketers that allows them to easily publish their marketing message in several forms: e-mail, Web site, press release, etc. The occasion of our conversation was Marqui's release of a blogging module for its software. It's aimed at corporate bloggers, which Marqui's President and CEO Stephen King sees as a group with entirely different needs than, for example, your average political blogger. Marqui's blogging module offers workflow so that posts can be approved or edited before they are published. Images can be chosen from a pre-approved gallery. According to a report over at InternetNews this morning, the BlogOn 2005 Social Media Adoption Survey of corporate marketing and communications professionals found that 55 percent of corporations are blogging, with 91.4 percent of those using them for internal communications and 96.6 percent for external outreach. More than half had launched their blogs within the last year. Marqui's King is right. Corporate blogs have a different set of rules. Their aim is to create a dialogue; not over Supreme Court nominees like a political blog, but to create a dialogue that, at best, leads to a sales relationship, or at least creates a favorable image of your organization. Some tips I've come across recently that bear mentioning:

• The first rule of corporate blogging should be to have a plan and strategy in place. P.G. Daly discussed this earlier in the year on Intranet Journal.
• Usability expert Jakob Nielsen published a list of blog usability guidelines this week that offers several useful tips for bloggers, especially corporate bloggers. It covers topics like headlines, links, and categories.
• Nielsen also has advice on using the Web for PR.
• Several Jupiter Research analysts (who also blog) did a 30-minute podcast on the topic of blogs and business.

I would add also to the tips, partly from my experience with this blog, that you stay on top of the search engine optimization. Depending on your blog software and Web team, you may have to tweak some tags to get the best performance. Your blog is useless if no one can find it.

Smell...something...burning. ...Must...finish...post...

The New York Times Magazine devoted six pages on Sunday to a piece about the science of interruption and multitasking. Most of the article centers around human-computer interactions, and how the increasing amount of information we receive from any number of sources taxes our brains and our ability to concentrate. One study of office workers found the following:

Each employee spent only 11 minutes on any given project before being interrupted and whisked off to do something else. What's more, each 11-minute project was itself fragmented into even shorter three-minute tasks, like answering e-mail messages, reading a Web page or working on a spreadsheet. And each time a worker was distracted from a task, it would take, on average, 25 minutes to return to that task.

One of the more interesting parts of the article examined whether larger monitors or more monitors helped employees become more productive or maintain their focus. Microsoft's Mary Czerwinski studied how workers performed on a screen as big as a 42-inch television.

On the bigger screen, people completed the tasks at least 10 percent more quickly — and some as much as 44 percent more quickly. They were also more likely to remember the seven-digit number, which showed that the multitasking was clearly less taxing on their brains. Some of the volunteers were so enthralled with the huge screen that they begged to take it home. In two decades of research, Czerwinski had never seen a single tweak to a computer system so significantly improve a user's productivity.

If issuing everyone huge monitors or multiple screens isn't practical for your organization, Paul Chin touched on some of the same issues in his article on Intranet Journal last week, "Unplugged: Information Overload Requires a Human Solution."

In a weak moment have you ever thought, "Maybe I could make a killing on this 'hot stock' I keep reading about in my daily spam"? If the answer is "yes," I am sorry for the sad turn your life has taken. But before you go ahead and take the plunge (literally), I urge you to visit an interesting site called Spam Stock Tracker. It's the brainchild of a software developer named Joshua Cyr, who earlier this year decided to ... well, I'll let him explain:

On May 5th, 2005, I set out to determine just how much money I could lose by trusting SPAM. What if I purchased 1000 shares of stock from EVERY stock tip mentioned in a SPAM email? Could we all really be missing out on a great opportunity?

Cyr quickly found out that the answer is "no." As of Oct. 15, he has seen his total investment of $17,405 fall to $9,896.10, a loss of 43 percent. Fortunately, these were "pretend" investments, theoretical bets made merely to keep track of financial performance. Cyr never would invest his own money on "spam" stocks. And neither should you. Thanks to Good Morning Silicon Valley.

Bloggers around the globe are upset this morning at Google (they are so the new Microsoft) because a hacker, or group thereof, launched a massive blog spam campaign using Google's Blogger and Blogspot services over the weekend. Some of the most prominent bloggers around, including Mark Cuban and Tim Bray, published posts about the problem. Blog spammers wrote a script that created hundreds of blogs and comments, which then screws up everyone's blog search results and keyword tracking via services like Technorati. Google's Blogger has no authentication system to create a new blog entry, so this type of thing can proliferate quickly when it's automated. Chris Pirillo is calling on Google to kill Blogspot. Other bloggers are waxing more philosophically, like Ray Barrington's comment on Cuban's blog:

No means of communication has ever existed that has not been tweaked, co-opted and sometimes just plain run over by the scammer, the con artist, the moneygrubber or the sleaze merchant. I'm sure five minutes after Gutenberg printed his first Bible, some scammer was tweaking a printing press to do chain letters.

More than one blogger has reported hearing back from Google about the problem, but there's no information on Google's blog, which was one of the first places I turned to see if they had a comment.

I live in an area that has a good bit of farm land. Unfortunately, many retiring farmers want to sell the family acreage to companies like Wal-Mart. Why? Because they can save $1.50 on a case of paper towels! Just kidding. They're selling because their children have had a good look at the farming life and said, "No thanks," opting instead for careers in dermatology and reality television. InformationWeek has been banging the IT careers drum quite a bit recently, exhorting IT managers to recruit for their chosen profession before it's too late. But reader response generally has been less than enthusiastic, with many writing in to admit that they wouldn't wish an IT career on their worst enemy, never mind their worst children. A sampling of reader-response headlines:

STAY AWAY
Forget IT
Should have been an accountant
You Must Be Joking
Agriculture Rocks!

The reader responses are spread around a few blogs. Some are in the first link above, and there are more here.

In yet another ominous sign that U.S. technological supremacy is on the wane, a new report suggests that America's role as the world's top spammer is in jeopardy. An analysis by security vendor Sophos shows that the U.S. generated only 26.4 percent of global spam from April through September, a precipitous drop from the 41.5 percent figure from the year-ago period. Closing the gap quickly on the U.S. is South Korea, whose contribution to global spam jumped to 19.7 percent this year from 11.6 percent last year. Also making a strong move is third-place China, up to 15.7 percent from 8.9 percent last year. Sophos cites several reasons for the sudden weakness in U.S. spam output, including increased cooperation among ISPs, Windows XP SP2's improved security, and enforcement of the CAN-SPAM legislation. See what happens when the government interferes with the free market?

It's been raining here in EarthWebville for something like eight or nine straight days. To be honest, at some point last week I saw an entire extended forecast full of rain and just resigned myself to carrying an umbrella. I have no idea when that was. I haven't seen the sun since, but they tell me we're going to fall short of the record of 40 days and 40 nights. Work has also picked up. In addition to keeping our blog readers entertained and informed, vendors are pushing products out the door in the ever-shrinking time between summer and the holidays, i.e., the two months or so when someone might pay attention. But busy days and a lack of sunlight has yet to make me as introspective as IBMer Alan Lepofsky, who took some time during religious observances this week to reflect on the state of the IT industry. In a post called The IT Industry Needs A Slap, Alan says there's too much bickering and too many battles in IT: Microsoft vs. Google; .NET vs. J2EE; Windows vs. Linux; and so on.

We allow bad news to generate all the attention. We like to tell anyone with a different opinion how wrong they are. Guess what, in the grand scheme of things it does not matter what type of laptop you have, what OS you use, what client you read your email with, or what development platform and language you choose (but yes Notes/Domino rocks!). What matters is the type of person you are.

I have to admit, Alan sounds a bit like Jerry Maguire, who when last seen still had only one client, but did have Renée Zellweger (I call that a push).

As individuals, we can also help improve the "IT atmosphere" by each taking small positive actions. Next time you start to get angry about something "IT related" react by doing something like answering a few questions in a technical forum, teach a coworker a new trick about Notes, or just send your mom an email. Trust me, it will make you feel better than the flame you were about to send.

Good advice, Alan. And cheer up, the sun will come out tomorrow; or so they keep telling me. Thanks to Ed Brill for the link.

If you got into IT to avoid the disingenuous aura of the sales and marketing world, or because you'd much rather spend your day with computers that do what you tell them rather than people that rarely do, I have bad news for you. As you may have noticed, IT has an image problem. When something goes wrong, IT tends to get a lot of blame. When things go well, no one seems to notice. It's sort of like working at the CIA. The good folks at the Cutter Consortium are happy to play the role of image consultant, however.

While the root cause of most IT image problems is the endemic introverted personality of IT, the symptoms can be treated. What's needed is the design, development, internalization, and delivery of clear, compelling, consistent messages about IT's direction, purpose, and accomplishments. This is not the platitude-laden, elevator speech about IT, but rather a series of specific stories about what is planned, underway, or, most importantly, recently accomplished by IT.

Otherwise known as sound bites. Cutter Consortium Senior Consultant Kenneth Rau says that IT executives should have success stories less than one minute in length ready to go at a moment's notice, so you can rattle them off at meetings, in front of execs at the water cooler, or at happy hour on Friday when people whine about their week. This also means you may have to save those stories about optimistic concurrency violations for another time. Thanks to Computerworld for the link.

Are you a victim of Steve Jobs and his fiendish reality-distortion field? Jack Shafer over at Slate thinks plenty of journalists are little more than overeager Apple polishers who:

..."salute every shiny gadget the company parades through downtown Cupertino as if they were members of the Supreme Soviet viewing the latest ICBMs at the May Day parade."

Shafer is annoyed by the glowing stories written about Apple's unveiling Wednesday of three new products, most notably a video iPod. He cites several headlines that contain more gush than any of the mashy Hallmark notes from Supreme Court nominee Harriett Miers to "the best governor ever." (OT: hilarious spoof blog here.) While Shafer makes some good points in his piece, he strays a bit below the belt (and gives me a good headline) with this:

"Although staffed by dorks and drizzlerods, Apple projects itself and its products as the embodiment of style and cool."

Maybe the video iPod will lead to something better, but right now it's an expensive ($299 to $399) and impractical geek toy. I just don't see how compelling it is to watch a television show on a 2.5-inch screen, not in an age of large-screen HDTV and muscular home entertainment systems. But I can guarantee one thing, based on experience: Shafer's piece will be extremely well-read, because when you criticize Apple -- even accurately and objectively -- your blasphemy is linked, cloned and condemned on every Apple discussion group and blog in the world, where you are labeled 1) ignorant, 2) a corporate whore, or 3) an ignorant, corporate whore. While their words can sometimes sting, you gotta love that passion.

Just a follow-up to my earlier post about the lack of engineers in the United States. IBM has about 1,400 engineers researching and developing all sorts of things for next-generation computing technology, aerospace, and medicine. Their research is funded to the tune of $6 billion a year, and IBM is the top patent holder in the nation. Three years ago, IBM started its Engineering and Technical Services (E&TS) unit, which makes its engineers available to consult on R&D projects for customers. This year they're going bring in about $1 billion in contracts for IBM. That's not much considering IBM has around $93 billion in revenue, but IBM executives are trying to up the profile of its E&TS group because the company's stock is sagging. (And I'm obviously helping them achieve this goal.) Among the collaborations IBM has taken part in: military technology work with Raytheon, telecom research with Nortel, and lots and lots of work on chips for things like next-generation gaming consoles. Such projects are not without risks:

Outsourcing or partnering on R&D can be risky. If companies pass off too much design work, they could lose internal expertise and control. And the arrangements require careful discussion about who owns any jointly developed intellectual property.

Howard Schmidt, former cybersecurity advisor to the White House, by all accounts is an intelligent man, an expert in his field. So why is he voicing the half-baked notion that individual programmers should be held personally responsible for any security flaws in the code they write? Schmidt's comments, made during a speech at this week's Secure London 2005 conference, have roiled developer blogs and discussion groups. As often happens on the Internet, arguments are erupting over differing interprations of what Schmidt proposed. I wasn't there, but the relevant quote I've seen is:

"In software development, we need to have personal quality assurances from developers that the code they write is secure."

This has been misconstrued in some 'Net circles to mean developers should be held personally liable for any security flaws in their work. But Schmidt, now CEO of R&H Security Consulting, spoke only of "personal quality assurances." Of course, who the hell knows what that means? Is it personal liability? And doesn't what Schmidt propose already exist, in an implied sense? I mean, isn't there an unspoken agreement that an employee (developer) will try to do a good job? Isn't that a personal quality assurance? The real problem with Schmidt's proposal is it leaves open questions about the responsibility of the software manufacturers. Maybe the developer is working at a Silicon Valley sweatshop that shovels product out the door and goes light on testing. Schmidt himself cited a recent Microsoft survey in which 64 percent of developers said they weren't confident they could write secure code. Isn't a software company ultimately responsible for ensuring its developers have the necessary skills and training to produce quality code? There's plenty of reasoning, rants and inane digressions from the topic online today. Read a sampling here, here and here.

Ever since I wrote last month about IBM's program to encourage employees to enter the teaching ranks, I've been keeping an eye on stories about math and science education. The news is rarely good. This week's warning came from a committee of the National Academy of Sciences, which made four recommendations for helping with the problem, mostly in the form of new scholarships.

For example, 70,000 engineers were graduated in the United States last year, compared to 350,000 in India and 600,000 in China, the committee said in a new report. And in 2001, U.S. industry spent more on liability lawsuits than on research and development.

From the technology we use everyday for work and entertainment, to larger issues like levees failing in New Orleans and buildings crumbling during earthquakes, there's enough science and engineering around to stimulate some interest, or so you'd think. Maybe Americans have become accustomed to consuming technology rather than building it. Or maybe everyone is going to law school. What's also interesting is that science and engineering jobs pay fairly well. The problem in journalism, as you can probably tell from watching what passes for the news on television these days, is that students are passing on the traditionally low-paying newspaper jobs where many start, for jobs in advertising and public relations, where they can keep the baby-boomer lifestyle they had growing up. For the record, this journalist is the son of an engineer; and the brother of a lawyer.

Often reviled by geeks, almost thrown out of the house by Time Warner, ISP to the woman in Arkansas selling Beanie Babies on eBay, and now suddenly it's the hottest Internet property since... itself eight years ago. I can only be speaking of America Online, which continues to lose dial-up subscribers the way the Atlanta Braves lose playoff series, but now has an open content network and a 45 percent increase in advertising revenue from last year. Now, everyone wants a piece of the ISP/content network. First it was Microsoft in talks, now it's Comcast and Google. A couple of thoughts on this: First, You can can't help but think of all the content plays who were waiting for online advertising to takeoff that didn't make it to 2001. Looks like online advertising is having its day. Second, a recent discussion on Slashdot about why people block online ads and which ads they find annoying was interesting. Those looking to buy a chunk of AOL better hope ad blocking doesn't get too mainstream. As for what a piece of AOL does for Microsoft, Google, or Comcast, there's a decent analysis over on Henry Blodget's blog. Further proof that everything comes full circle.

OK, so maybe Apple didn't unveil a time machine today, as my inside source had led me to believe. But when that day comes, the well-equipped chrononaut will be able to impress his new friends in the Dark Ages with a video iPod playing the latest episode of "Desperate Housewives." (And then he will be burned as a witch.) Apple used today's big media event in San Jose, Calif., to show off its video iPod, as well as a new iMac and the latest version of iTunes. The video iPod comes at a top price of $399 (or three goats in Dark Ages currency). It can store as many as 15,000 songs, 25,000 photos or more than 150 hours of video, according to Apple. The iTunes 6, released just five weeks after iTunes 5 was debuted, will allow subscribers to purchase and download music videos for $1.99, along with some ABC shows one day after their initial broadcast, also for $1.99 each.

The Firefox revolution is over. I say this reluctantly, but the numbers don't lie. The latest quarterly browser market-share stats from management consultant firm Janco Associates show that Firefox is beginning to max out around 10 percent. Which was the market-share goal set by the browser's creators at the Mozilla Foundation for the end of this year. Back in May I had argued that it was important for Firefox to hit that number:

..."just as any public company can be punished on Wall Street for missing financial targets, it's possible that a flurry of 'Firefox Misses Market Share Goal' headlines could create a deadly psychological barrier in the browser market."

Now I realize what a naive fool I was. In September, Microsoft's Internet Explorer owned 85.09 percent of the browser market, according to Janco, with Firefox in second place at 9.52 percent (barely up from 8.83 percent in June). If Firefox ekes out another half-percent gain by December, is that going to cause IE to crumble? Of course not! The reality is that Firefox is among the also-rans, much closer to the bottom of the pack than the leader. If this were a political primary, Firefox would be thanking its supporters and bowing out of the race. Here are the cold, hard percentages:

Microsoft -- 85.09
Firefox -- 9.52
Mozilla -- 2.68
AOL -- 1.36
MSN -- 0.59
Opera -- 0.23
Netscape -- 0.15
Lyndon LaRouche -- 0.12

I hope Mozilla continues improving Firefox, which I use and like. But the vast majority of Internet users will browse on with Internet Explorer. Who knows, maybe the daily security patches make them feel a personal connection to Microsoft. At least Firefox is there for the rest of us.

I was scouring the Web yesterday for new blogs to add to my RSS list, and I came across an interesting post courtesy of David Gee, the head of worldwide marketing for HP's management software business. Gee wrote the post "Why should India care about compliance" back in August (these IT executives aren't paid to blog like some of us), but it makes you think.

You sit at home in almost any country, and call your airline, bank, insurance company, software and hardware support or local utility company — chances are the call will be handled in India. Now, here's where compliance becomes mission critical. Your personal information — address, phone number, medical history, credit history and so on is visible and accessible to the call center employee. Attrition rates in these centers tend to be as high as 80% per year.

Given how most corporations are sensitive to disclosing the location of their call centers, you can imagine the uproar if word got out about the turnover rates in faraway lands. Gee correctly points out that software to help with compliance issues, including identity management and provisioning technology, is becoming more widely adopted, and he's also correct when he says that enterprises who address the issue will do much better than those that don't.

Writing in ComputerWorld, Paul Glen, the author of Leading Geeks: How to Manage and Lead the People Who Deliver Technology, asks if managers who are constantly tied to their e-mail or mobile device are staying connected or are addicted to being in touch. There are several reasons that managers become fixated on being in touch, Glen says, among them: mistrust of staff, sense of importance, and ego. But another reason Glen suggests is that managers have lost track of what it means to manage; specifically, what it means to manage in today's tech world.

Too many managers have adopted the mentality of the preindustrial foreman. They think that the role of the manager in the age of knowledge work is the same as that of the overseer on the plantation: to stand watch over the workers and make sure that they're productive.

And that's bad for the manager, the staff, and the organization. Thanks to Shared Spaces for the link.

There's a good discussion going on over at techdirt about whether spam and malware are best dealt with on the network level or at the desktop. It would be great if most of the malware and spam I receive instead were intercepted en route to my computer, but Mike at techdirt makes some good points about the downside of relying on your ISP to protect you, especially if you travel a lot:

I'm currently on a different ISP than usual, and I just tried to send an email to a colleague, but it was rejected because this ISP says it had characteristics of a spam message.

I've had that kind of thing happen on the road, and I've also been unable to access some newsgroups while traveling. In an ideal world, bad stuff never would reach our workstations. But since we inhabit this world, I agree with some of the techdirt posters who would prefer to be given effective weapons to fight malware and spam themselves.

While I doubt it ever will make Jakob Nielsen do cartwheels, The Register is one of my favorite Web sites for tech news. Design-indifferent though it may be, the site offers lots of interesting news along with a generous dose of wit and attitude. But I don't know how much longer I or any other Web surfer in America will be able to visit the site, which is based in the United Kingdom and soon may be based on the other side of the great Internet Divide. For there has been no progress in international efforts to persuade the U.S. to relinquish control over the Internet's addressing system since I first blogged about it almost two weeks ago. In fact, things have become even more polarized. Read about it here (while you can). As it stands now, most countries are against continued U.S. control of domain names and IP addresses. Backing the U.S. are Australia, Argentina, Chile and the U.K. But the European Union, along with China, Iran and Russia, want authority over the 'Net to be shared via the United Nations. Yes, the U.K. is siding with America for the moment, but EU pressure could change that. And if the Internet is balkanized, all bets are off. Next month's World Summit on the Information Society in Tunisia is sure to be contentious. For the future of a truly global Internet, there's also the very real chance that it could be disastrous.

Regular readers know that I manage EarthWeb's Intranet Journal Web site and have been writing quite a bit about collaboration tools lately. I'm not alone, by the way. In case you missed it, The New York Times' Circuits section last week focused on how collaboration technology is being used. Collaboration vendors have been taking aim at project managers for years. But until recently, I haven't seem them put a lot of effort into selling their wares as business continuity tools. That seems to have changed in the wake of Katrina. In New York, technology consultants Making Ideas Work built a site using Microsoft's SharePoint for Sunrise Homes, a real estate development and construction firm in Slidell, La. In addition to sharing documents, the online forums of Sunrise's site allowed employees to update their co-workers on their post-hurricane situation and location. HyperOffice, which offers a hosted intranet solution that includes group calendars, document management, discussion forums, and the kitchen sink, sent out a release last week about how a company called 365 Connect is using its tools because its office was on the 28th floor of a building in New Orleans. Not that the floodwaters reached that high, but 365 Connect's people ended up scattered all over the place. Now they have their contacts and documents in a place where they can find them. Small companies like HyperOffice that help small businesses collaborate are increasingly finding their services in demand by the big fish. Look at Intranets.com, which offered a very similar product suite to HyperOffice, and today was integrated into Web conferencing giant WebEx. A nice payoff for all involved.

A Wall Street Journal column (one that's available for free for now) from this week examines the idea of the Open Inbox. That's what you get when you take something like an open-door policy that makes executives accessible to employees and apply it to today's world. CEOs who practice such a policy say they will read every e-mail from employees and respond when appropriate. Like most so-called "trend pieces" published these days, there is little evidence that the Open Inbox is a popular idea.

Open inboxes appear to be more the rule than the exception at many major corporations. In a survey for The Wall Street Journal conducted last month by the Business Roundtable, a Washington group representing heads of big businesses, 39 out of 44 companies responding said their CEOs personally answer staffers' emails.

Interestingly, one CEO quoted in the piece who is against the Open Inbox policy was worried about shareholders, not employees.

Skeptics say the practice distracts CEOs from more-pressing work — and extends already long workdays. "I can't fathom how investors would accept that as a [good] way to spend your time," says David D'Alessandro, who ran John Hancock Financial Services Inc. until shortly after its 2004 acquisition by Manulife Financial Corp.

And for those who are wondering, yes, our CEO here responds to our e-mails. Thanks to James Robertson, intranet blogger from Down Under, for the link.

It occurred to me today while reading Newsweek that the continuing saga over who leaked the identity of a CIA agent during the run-up to the war in Iraq has several lessons about information storage and retrieval that apply to enterprises, not just the White House. In true Washington fashion, the basics of the case, which I'm sure you all know by now lest you've taken up residence under a large rock, have been obscured by, among other things: a New York Times reporter going to jail rather than discuss an anonymous source and repeated fingerpointing at presidential mudslinger Karl Rove. Now there's an e-mail trail involving Rove and the reporters and Scooter Libby, the Vice President's chief of staff. (Note to self for future blog post: e-mails are to 21st century politics what tapes were to the Nixon years.) Even though the case has been under investigation for years now, e-mails that appear central to the case are just being found.

Why didn't the Rove e-mail surface earlier? The lawyer says it's because an electronic search conducted by the White House missed it because the right "search words" weren't used.

Try using that one at a public company when the feds come calling.

You probably have read about the operator of a Web site based in Amsterdam who was offering free pornographic pictures to U.S. soldiers in Iraq in exchange for their photos of war atrocities, which the site owner would post. Now the site owner is in jail, charged with more than 300 obscenity counts in a case that reeks of political retaliation. Christopher Michael Wilson was arrested in Florida, where he lives, and is being held on $151,000 bail. According to Polk County sheriff Grady Judd, "In my 33 years of law enforcement experience, this is one of the most horrific examples of filthy, obscene materials we have ever seized." This is the kind of hyperbole that should raise red flags. Apparently Mr. Judd had never been online until recently because anyone with an Internet connection and a browser can quickly find all kinds of hardcore porn. Like it or not, that's just the truth. I went to the site in question (which you can find if you do some Googling) this morning -- and yes, it was my first visit. To even access any of the porn requires paying a small amount of money. Thousands of other porn sites provide plenty of free sample pictures that you (or your children) could easily see. I also looked at one war atrocity photo. That was enough for me. The Porn County -- I'm sorry, Polk County -- police insist the arrest had nothing to do with the war photos, which generated controversy and sparked a military investigation. But Wilson's lawyer, in an almost comic bit of understatement, said, "There's a reasonable suspicion it's political." I hope his defense in the courtroom is a little more forceful than that.

That's the question users and fans on the MySQL database are asking themselves after Friday's acquisition of Innobase Oy by Oracle. Innobase bills itself as the developer of the discrete transactional database technology InnoDB, which is distributed under an open source license. Jeremy Zawodny has the most insight into the acquisition, and what InnoDB means to MySQL:

It's the de-facto choice for developers who need high concurrency, row-level locking, and transactions in MySQL. For many years now, MySQL AB and Innobase Oy (founded by Heikki Tuuri) have worked closely together to make that technology a seamless part of MySQL.

The main players in the acquisition moved quickly to assuage fears, which are a natural byproduct of a huge software company buying a small but important piece of the open-source world. MySQL says there's nothing to fear. The company will work with Oracle as a normal business partner. Oracle says it will continue to develop the InnoDB software; and they already developed and released a Linux file system, so they're down with the open-source thing. But next year, the contract between InnoDB and MySQL comes up for renewal, and that's when things could get interesting. Comments in Jeremy's blog run the gamut in predictions: everything from Oracle wants to break into the small business market that MySQL holds, to Oracle wants to consume MySQL and crush it, and this move is just the beginning. Thanks to TechDirt for the link.

All bloggers rejoice: A ham-fisted attempt to rob you of your First Amendment rights was squelched this week by the Delaware Supreme Court. My proposed new slogan for the state license plate: Delaware, The First State...to Protect the Rights of Bloggers! The court overturned a lower-court ruling in favor of a Smyrna city councilman who sued to force an ISP to reveal the identity of a blogger who, well, blogged about him in a decidedly negative fashion. Known online as "Proud Citizen," the blogger said in one post last September that:

Anyone who has spent any amount of time with (the councilman) would be keenly aware of such character flaws, not to mention an obvious mental deterioration.

Sure, that "mental deterioration" dig might stick a bit in my craw, but I certainly wouldn't go running to the courts for legal redress. No, these days there is only one way to settle this kind of dispute: Blogging back. Which basically is what the Delaware judges advised in their ruling:

"The plaintiff can thereby easily correct any misstatements or falsehoods, respond to character attacks (Editor's note: or launch their own!) and generally set the record straight.

While no one likes to be publicly attacked and ridiculed online, the court understood the danger of litigating the blogosphere:

The possibility of losing anonymity in a future lawsuit could intimidate anonymous posters into self-censoring their comments or simply not commenting at all."

I seriously doubt anyone really wants that to happen. Blog on, "Proud Citizen."

If you're a parent with a child just approaching his or her teens, scroll down and read something else. You were warned. So it's like totally raining here in EarthWebville today, and it's, like, Friday and I saw this story. It's by Dawn Chmielewski of the Mercury News, and it's like totally about this study done for the Consumer Electronics Association by KDA Research about teen and pre-teen cell phone usage. Oh. My. God. The kids had to, like, keep a journal of their phone usage over a seven-day period and go one day without their phone. One whole day. Oh. My. God. Can you imagine? Totally bogus. Oh, and get this: in the story, she like says that cell phone companies are like tobacco companies. As if. In places like New York, Connecticut, and California, I can like use my phone in a restaurant, but I can't light up. So anyway... It says that 70 percent of all 13 and 14-year-olds have cell phones, and among high school seniors, that number approaches 90 percent. Well, duh. Tell me something I don't know. And the writer, she like has this friend with a girl who's like 13. And she wants a phone. The kid does. And she gets all like "Hello? What if there's, like, an emergency?" And her mom is all like "Your friends all have phones... use one of theirs." Can you imagine? I would so die. So there's this one girl in the story. She's like 17 and an honors student. And she's like really smart and stuff. You won't believe what happened on the day she had to give up her phone. I am so not kidding.

We had this stupid assembly and I couldn't find my friends... so I wound up sitting with someone I didn't really like," she wrote in her online journal. "I had to actually take time out to physically communicate with them."

Oh. My. God. That poor girl. Did they, like, expect her to make new friends or something?

Tell me if this happens to you & You've just dialed someone's office line, you get their voice mail but, hey, wait a minute they've left their cell phone number on their message. Cool. You call their cell phone. They answer. Great. You start talking and they cut you off mid-sentence to say they are in a meeting and can't talk right now. Why, then, did they answer the phone in the first place? It's rude to the caller (in this case, me) and equally rude to the people sitting across from them. So from now on, how about we all agree: if you can't talk, don't answer your phone just to tell the caller you can't talk right now. Thanks.

Henry Blodget is blogging. Blodget, of course, is the former Wall Street Internet stock analyst who was eventually barred from the securities industry after an SEC investigation into the interaction between the research and investment banking functions at brokerage firms. He's also blogging this week from the Web 2.0 conference in San Francisco, where, as I pointed out earlier this week, fears of another bubble are growing.

...the most common observation in the hallways — made with tremble of panic — is that it's deja vu all over again (and not just because I'm here). The workshops are jammed, the coffee-pots drained, and the massive central auditorium turning mobs away at the doors.

Reaction to Blodget's blog in general has been mixed. He tells his own story of rise and fall in one post that's worth a read. That is, what he can say of the story; most of it is off limits because of a settlement.

Everyone who listened to me in my Wall Street years deserves forthright answers to many perfectly reasonable questions, and someday soon, I hope to be able to provide them (preferably this century, preferably pre-humously).

Sounds like a book in the making if he can wade through the legal issues. And I wouldn't mind reading it. Blodget did an admirable job covering the Martha Stewart case for Slate, and, as he puts on display in his blog, he's a fine and interesting writer. I added his feed to my list.

Lately it seems that all we read about is Microsoft's ongoing battle with Google. As a refreshing change, today I will focus instead on Yahoo's ongoing battle with Google. There was a little smack-talk from Yahoo CEO Terry Semel this week about Google's strategy -- or, as Semel wickedly implied, lack of strategy! From this story:

"So far they don't seem to have a plan, but maybe they do," Semel said Thursday during a question-and-answer session at an Internet conference. "Maybe magic will happen tomorrow."

The sarcasm, it cuts like a knife! It also conveys two clear, if not explicit, messages: 1) Google is one-dimensional (search) and therefore not a "real" company like Yahoo, and 2) Yahoo is threatened by Google. The first message, while intentional, is inaccurate. Google indeed is a real, if currently overvalued, Internet company. Like any smart competitor, Google wants to diversify its revenue stream, as have Amazon, eBay and many other successful Internet companies. (Isn't Yahoo doing the same? The irony, it cuts like a knife!) Semel's second message was unintentional and thus more revealing. After all, what does it usually mean when an entrenched company starts dismissively badmouthing an upstart competitor, one whose entrepreneurial culture is favorably compared to your more corporate environment? I'd say somebody is getting under somebody's skin.

Sure, we may never see the day when the Internet is free of viruses and worms. But at least some anti-virus vendors finally are joining together to do something that is long overdue: Trying to avoid the common practice of vendors giving different names to the same malware. As one vendor executive says:

"It's hard to get information on Mytob-FC when other people are calling it Mytob-JT."

My point exactly. The trouble is, when a virus or worm is wreaking havoc in cyberspace, the vendors are scrambling to write code and get it out to customers. Coordinating names has to be an afterthought. I know there are too many viruses every day for this to work, but it's too bad the vendors can't set up a system similar to that developed by the National Weather Service for pre-naming hurricanes. Boy, that one should get me some think-tank offers.

BusinessWeek's Olga Kharif got an early look at a study by AMR Research on the return on investment offered by RFID. It seems the CIO bright enough to implement RFID has to find way to stay in his or her job for about 10 years to see the ROI.

AMR researchers modeled a company-wide roll-out of RFID, used to track cases and pallets of goods throughout the supply chain, at a hypothetical, $5 billion retailer. What they found: In the best-case scenario, RFID investments pay off in nine to 10 years. That's an awfully long time to wait.

I'll say. Ten years ago, I was... well, nevermind. There is a way to get that wait for ROI down to under a decade, AMR said. And it's one that should make the tinfoil hat crew, which believes that RFID tags on everything are a tool of Big Brother, somewhat happy. The key is not to tag everything.

Essentially, Langdoc believes that RFID only makes financial sense when used for tracking certain individual items, such as DVDs. Expand your deployment to track everything from paper towels to canned soup, and watch your Return on Investment (ROI) time lengthen into the new millenium.

If these are the kind of scenarios we're going to see, the RFID revolution might be more like an RFID rebellion.

I hate it when Apple's cheap theatrics work on me. But now I too am caught up in the mystery of next week's big announcement. What will it be this time? Most speculation has focused on a video iPod, but I think that's too easy, too predictable. Fortunately, a well-placed source at Apple -- my spy, really -- has provided me with a short list of what might be unveiled at next Wednesday's special event:

1. New Power Mac G5
2. Lawsuit against "greedy" record companies
3. Time machine

Or it could be a video iPod.

Or at least, there could be. Ryan Naraine, who once graced the pages of our InternetNews.com operation, has a story in eWeek today about the possibility of making good worms to protect networks. Dave Aitel, vulnerability researcher at New York-based Immunity Inc., has built a framework to build good worms, which he calls Nematode. A nematode is a real-life beneficial worm, commonly called a roundworm.

For years, security experts have debated the concept of using good worms to seek and destroy malicious worms. Some believe that it's time to use the worms' tactics against them and build good worms that fix problems but the chaos and confusion associated with self-propelled replicating programs have left others unconvinced.

Among the problems: worms are hard to write, hard to control, and they suck up bandwidth like a monster. But the idea has some promise because CIOs think they are paying way too much to secure their networks, and an automated technique like good worms might save them some coin.