, , , , , ,

Happy Thanksgiving

Tomorrow Americans will celebrate Thanksgiving. This is an odd holiday. It’s partly religious, but also partly secular, dating back to the English colonization of eastern North America. A recent tradition is for people to share what they are thankful for. In a lighthearted way, let me share some of my tech-related joys.

• I am thankful for PDF files. Websites that share documents in other formats (such as Microsoft Word) are kludgy, and document never looks quite right.

• I am thankful for native non-PDF files. Extracting content from PDF files to use in other applications is a time-consuming process that often requires significant post-processing.

• I am thankful that Hewlett-Packard is still in business – for now at least. It’s astonishing how HP bungles acquisition after acquisition after acquisition.

• I am thankful for consistent language specifications, such as C++, Java, HTML4 and JavaScript, which give us a fighting chance at cross-platform compatibility. A world with only proprietary languages would be horrible.

• I am thankful for HTML5 and CSS3, which solve many important problems for application development and deployment.

• I am thankful that most modern operating systems and applications can be updated via the Internet. No more floppies, CDs or DVDs.

• I am thankful that floppies are dead, dead, dead, dead, dead.

• I am thankful that Apple and Microsoft don’t force consumers to purchase applications for their latest desktop operating systems from their app stores. It’s my computer, and I should be able to run any bits that I want.

• I am thankful for Hadoop and its companion Apache projects like Avro, Cassandra, HBase and Pig, which in a only a couple of years became the de facto platform for Big Data and a must-know technology for developers.

• I am thankful that Linux exists as a compelling server operating system, as the foundation of Android, and as a driver of innovation.

• I am thankful for RAW photo image files and for Adobe Lightroom to process those RAW files.

• I am thankful for the Microsoft Surface, which is the most exciting new hardware platform since the Apple’s iPad and MacBook Air.

• I am thankful to still get a laugh by making the comment, “There’s an app for that!” in random non-tech-related conversations.

• I am thankful for the agile software movement, which has refocused our attention to efficiently creating excellent software, and which has created a new vocabulary for sharing best practices.

• I am thankful for RFID technology, especially as implemented in the East Coast’s E-Zpass and California’s FasTrak toll readers.

• I am thankful that despite the proliferation of e-book readers, technology books are still published on paper. E-books are great for novels and documents meant to be read linearly, but are not so great for learning a new language or studying a platform.

• I am thankful that nobody has figured out how to remotely hack into my car’s telematics systems yet – as far as I know.

• I am thankful for XKCD.

• I am thankful that Oracle seems to be committed to evolving Java and keeping it open.

• I am thankful for the wonderful work done by open-source communities like Apache, Eclipse and Mozilla.

• I am thankful that my Android phone uses an industry-standard Micro-USB connector.

• I am thankful for readers like you, who have made SD Times the leading news source in the software development community.

Happy Thanksgiving to you and yours.

, , ,

Echoing the echosystem

echoEchosystem. What a marvelous typo! An email from an analyst firm referred several times to a particular software development ecosystem, but in one of the instances, she misspelled “ecosystem” as “echosystem.” As a technology writer and analyst myself, that misspelling immediately set my mind racing. Echosystem. I love it.

An echosystem would be a type of meme. Not the silly graphics that show up on Twitter and Facebook, but more the type of meme envisioned by Richard Dawkins in his book, The Selfish Gene, where an idea or concept takes on a life of its own. In this case, the echosystem is where a meme is simply echoed, and is believed to be true simply because it is repeated so often. In particular, the echosystem would apply to ideas that are repeated around by analysts, technology writers and journalists, influential bloggers, and so-on.

In another time and place, what I’m now calling the echosystem would be called the bandwagon. I like the idea of a mashup between the bandwagon and the echo chamber being the echosystem.

We have lots of memes in the software development echosystem. For example, that the RIM BlackBerry is toast. Is the platform doomed? Maybe. But it’s become so casual, so matter-of-fact, for writers and analysts to refer to the BlackBerry as toast that repetition is creating its own truthiness (as Stephen Colbert would say).

Another is echosystem chatter that skeuomorphs are bad, and that Apple is behind the times (and falling behind Android and Windows 8) because its applications have fake leather textures and fake wooden bookshelves. Heck, I only learned about the term recently but repeating the chatter, wrote my own column about it last month, “Fake leather textures on your mobile apps: Good or bad?” True analysis? Maybe. Echoing the echosystem? Definitely

The echosystem anoints technologies or approaches, and then tears them down again. 

HTML5? The echosystem decided that this draft protocol was the ultimate portable platform, but then pounced when Facebook’s Mark Zuckerberg dissed his company’s efforts.

SOAP? The echosystem loved, loved, loved, loved, loved Simple Object Access Protocol and the WS* methods of implementing Web services, until the new narrative became that RESTful Web services were better. The SOAP bubble popped almost instantly when the meme “WS* is too complicated” spread everywhere.

Echoes in the echosystem pronounced judgment on Windows 8 long before it came out. Echoes weighed in on the future of Java before Oracle’s acquisition of Sun even closed and have chosen JavaScript as the ultimate programming language.

There is a lot of intelligence in the echosystem. Smart people hear what’s being said and repeat it and amplify it and repeat it some more. Sometimes pundits put a lot of thought into their echoes of popular. Sometimes pundits are merely hopping onto the bandwagon. The trick is to tell the differences.

, , , ,

Hurricane Sandy can’t stop the tech from Microsoft and Google

windows-phone-8It take a lot to push the U.S. elections off the television screen, but Hurricane Sandy managed the trick. We would like to express our sympathies to those affected by the storm – too many lives were lost, homes and property destroyed, businesses closed.

Microsoft and Google had scheduled tech events for the week of Oct. 29. Build took place as scheduled on the Microsoft campus in Redmond, Wash. Google cancelled its New York City launch event and offered its products rollouts via blog.

The big Microsoft news was the release of Windows Phone 8, with handsets from HTC, Nokia and Samsung set to go on sale starting in November. This follows, of course, the rollout of Windows 8 and the Surface with Windows RT ARM-based notebook/tablet device on Oct. 26.

Everyone that I know who has talked to who has used a prerelease Windows Phone 8 has been impressed. (I have a Windows Phone 7.5 device and find the Live Tile apps to be quite usable and exciting. I look forward to installing Windows Phone 7.8 on that device.) Through a strong program of incentives for app developers, there are many flagship apps for the phone already.

There are three compelling messages Windows Phone developers:

  • You can use Visual Studio and familiar tools to build apps for Windows Phone 8.
  • Windows Phone 8 is almost identical to Windows 8, so there’s minimal learning curve.
  • Windows Phone 8 is a reboot of the platform, which means you’ll face few competitors in the app store, called Windows Phone Store.

Of course, the downside is:

  • The installed base of Windows Phone 8 is nonexistent, compared to gazillions of iOS, Android and even BlackBerry OS.

If I were an entrepreneurial mobile app developer, I’d give Windows Phone 8 a try.

Google’s news was much more incremental: More hardware and a minor rev of Android.

The new hardware, announced in the Google Official Blog, is a new phone called the Nexus 4 and a 10-inch tablet called the Nexus 10. The big tablet has 2560×1600 display – that’s the same resolution as many 27-inch desktop monitors, and I’d love to see one.

Google’s seven-inch tablet announced during the summer, the Nexus 7, came only with 16GB of RAM and WiFi. Now you can get it with 32GB RAM or GSM-based cellular connections using the HSPA+ mobile standard. These are good hardware upgrades, but aren’t “stop the presses” material in the weeks surrounding the launch of Windows Phone, Windows Phone 8, Surface and Apple’s iPad Mini. Heck, the tablet doesn’t even have 4G.

The operating system update is Android 4.2, which is still called Jelly Bean. There are plenty of consumer features, such as a spherical panoramic camera mode, and a smarter predictive keyboard. The ability to support many users is a good feature, and one frankly that is long overdue for these expensive tablets.

Expect to see more about Android 4.2 at AnDevCon IV, coming up Dec. 4-7, 2012. Maybe someone will bring one of those 10-inch tablets so we can see the screen.

, , ,

Skeuomorph: Fake leather textures on your mobile apps – good or bad?

Skeuomorph. I learned this word a few weeks ago, after a flurry of stories broke on various mass-media websites about an apparent kerfuffle within Apple about user interface design.

A skeuomorph is a design element that looks functional, but is actually purely ornamental. The automotive world is rife with skeuomorphs. Fake hood scoops on sports cars, plastic tire covers that imitate wire wheels, plastic that’s textured and painted to look like wood.

Check out the Wikipedia page and you’ll see several examples, including the program that sparked a number of articles. That’s Apple’s iCal calendaring application on the company’s iPhone and iPad devices, or Calendar on a Mac.

Look at the calener on an iPad. See how the app is designed to resemble an old printed calendar, and the top of the app looks like embossed leather, complete with stitching? See how there’s even a little graphic detail that make it look like pages have been torn out.

Some find that kitschy or distracting. Some find it cute. Some people, like me, never particularly noticed those elements. Some people, apparently like the late Steve Job, believe that faux-reality designs like the leather calendar, or like the wooden bookshelves in iBooks, enhance the experience. Some people, apparently, are infuriated by the notion of foisting an outdated analog user-interface model on a digital device.

A number of those infuriated people are quoted in a story in Fast Company, “Will Apple’s Tacky Software-Design Philosophy Cause a Revolt?”

Some of these designs may be nostalgic to older customers, but may be increasingly meaningless to most consumers of digital products. I’ve seen phone-dialer apps that look like the old rotary telephone dial – and they’re stupid, in my humble opinion. So are address-book apps that look like an old Rolodex, or calendar programs that resemble the Pocket Day-Timer I carried around in the 1980s and 1990s.

If you (or your young coworkers) never used a rotary phone, or owned a Rolodex, or carried a Day-Timer, those user interface metaphors make little sense. They don’t enhance productivity, they detract from it.

Worse, the strictures of the old UI metaphors may constrain the creativity of both developers and end users. If you want to innovate and reinvent productivity tools or business applications, you may not want to force your visual design or workflow to conform to old analog models. Microsoft’s Windows 8, in fact, is being held up as the new paradigm – simple colorful squares, no drop shadows or eye candy, and no skeuomorph. See another article from Fast Company, “Windows 8: The Boldest, Biggest Redesign in Microsoft’s History.”

, , , ,

Apple’s victory over Samsung should drive innovation

The jury is in: Samsung was found to have infringed upon Apple’s numerous mobile patents. The jury’s verdict form, handed down in the United States District Court in San Jose, Calif., found that in many cases that the “Samsung entity has diluted any Apple trade dress(es).” What’s more, Apple proved “by a preponderance of the evidence that the Samsung entity’s direction was willful.”

Ouch. This is the worst case scenario for Samsung. Forget about the US$1.049 billion in damages that Samsung is supposed to pay Apple. What this means is that the jury agreed with what everyone knew simply by looking at the hardware and playing with the software: the Samsung Galaxy Tab 10.1 is just like the iPad.

On the short term, this ruling is going have a chilling effect not only on Apple, but on every maker of Android devices. The more similar the devices are to Apple’s iOS phones and tablets, the more scared the hardware manufacturers are going to be. (That is, if the verdict stands and isn’t overturned on appeal.)

We can expect to see a lot of introspection within the Android ecosystem. Google, Samsung and the other device manufacturers will look close, really close, to make sure they stay away from the specific patents cited in this case.

We can expect to see software updates and hardware guidelines that will take Android devices farther from Apple’s devices.

On the short term – this will depress sales of Android devices. On the longer term, we will see a ton of innovation that will truly differentiate Android from iOS.

For too long, Android handset- and tablet-makers have been trying to get as close to the iPhone and iPad design as possible. It’s not laziness or a lack of technical savvy, in my opinion. It’s just that Apple has done such a good job of defining the smartphone and tablet that consumers expect that, well, that’s just how the platforms should work.

Salespeople want to sell Android devices that are identical to Apple devices, only less expensive.

Consumers who choose Android are sometimes making those selections based on technical merit, but are sometimes looking for something that’s just like an iPhone/iPad, only different. Perhaps they want more memory, perhaps a bigger phone screen, perhaps a smaller tablet screen, perhaps a slide-out keyboard, sometimes a removable battery, sometimes simply a brand that isn’t spelled “Apple.”

Of course, with rumors that Apple is about to release a 7-inch iPad, the job of Android tablet companies is only going to get harder. In my own informal polling, folks who have purchased 7-inch tablets have done so mainly because Apple doesn’t sell one.

For the next year or so, Samsung and the whole Android community will fall back and retrench. That will involve unleashing innovation that may have been stifled, as they preferred to imitate the iOS designs instead of pushing their own ideas.

Imitation may be the most sincere form of flattery – but in the smartphone and tablet markets, imitation is off the table. For good.

, , ,

Preying on human weakness with well-designed faux emails

This past week, I’ve started receiving messages from eFax telling me that I’ve received a fax, and to click on a link to download my document. As a heavy eFax user, this seemed perfectly normal… until I clicked one of the links. It took me to a malware site. Fortunately, the site was designed to target Windows computers, and simply froze my Mac’s browser.
The faux eFax messages were well designed. They had clean headers and made it through my email service provider’s malware filters.
Since then, six of those malicious messages have appeared. I have to look carefully at the embedded link to distinguish those from genuine eFax messages with links to genuine faxes.
The cybercrime wars continue unabated, with no end in sight. I’ve also received fake emails from UPS, asking me to print out a shipping label… which of course leads me to a phishing site.
Malicious email – whether it’s phishing, a “419”-style confidence scam, or an attempt to add your computers to someone’s botnet – is only one type of cybercrime. Most of the time, as software developers, we’re not focusing on bad emails, unless we’re trying to protect our own email account, or worrying about the design of emails sent into automated systems. SQL Injection delivered by email? That’s nothing I want to see.
Most of the attacks that we have to content with are more directly against our software – or the platforms that they are built upon. Some of those attacks come from outside; some from inside.
Some attacks are successful because of our carelessness in coding, testing, installing or configuring our systems. Other attacks succeed despite everything we try to do, because there are vulnerabilities we don’t know about, or don’t know how to defend against. And sometimes we don’t even know that a successful attack occurred, and that data or intellectual property has been stolen.
We need to think longer and harder about software security. SD Times has run numerous articles about the need to train developers and tester to learn secure coding techniques. We’ve written about tools that provided automated scanning of both source code and binaries. We’re talked about fuzz testers, penetration tests, you name it.
What we generally don’t talk about is the backstory – the who and the why. Frankly, we generally don’t care why someone is trying to hack our systems; it’s our job to protect our systems, not sleuth out perpetrators.
We are all soldiers in the cybercrime war – whether we like it or not. Please read a story by SD Times editor Suzanne Kattau, “Cybercrime: How organizations can protect themselves,” where she interviewed Steve Durbin, for the Information Security Forum. It’s interesting to see this perspective on the broader problem.
, , , ,

The handheld and the tablet, circa 1976

Let’s talk about the HP-67 and HP-97 programmable calculators.

Introduced in 1976, both those models hold place of pride in my collection of vintage computation devices – which consists of a tremendous number of older Hewlett-Packard and Texas Instruments calculators, as well as dozens of slide rules going back to the late 1800s.

The four-function pocket calculator was the feature phone of its era. Arriving in the early 1970s, they swiftly replaced adding machines. The HP-35 calculator (1972) with its trig, log and exponential functions, singlehandedly killed the slide rule industry.

Programmable calculators with persistent removable storage – specifically Hewlett-Packard’s HP-65 (1974) and Texas Instruments’ SR-52 (1975) – were the equivalent of the first smartphones. Why? Because you could store and load programs on little magnetic cards. You could buy pre-written packs of programs on those cards from HP and TI. There were user groups where calculator programs could publish and share programs. And there were even a few commercial developers who sold programs on cards as well.

Some of my earliest published programs were written for HP and TI calculators in the mid-1970s. A foundational part of my own history as a computer scientist was learning how to do some pretty sophisticated work with only a few hundred bytes of addressable memory. Not megabyes. Not kilobytes. Bytes.

In modern terms, we would call calculator programs distributed on mag cards “apps.” The HP-65 Users Library and the TI PPX-52 (Personal Program Exchange) were among the first app stores.

This brings me to the HP-67 and HP-97, which were introduced simultaneously at prices of US$450 and $750, respectively. They were essentially the same device – except that the HP-67 was a 0.7-pound pocket calculator and the HP-97 was a 2.5-pound battery-powered desktop model with a built-in thermal printer.

“Calculator” is probably the wrong word for these devices. They were portable computers – in fact, they were truly personal computers, albeit with a custom microprocessor, one-line numeric display and only 224 bytes of programmable memory.

Although the form factors and key placement were different – and the HP-97 had the printer – both used the same programming language. Both models had a mag-card reader – and a program written on one could be used on the other without modification. This was unique.

In modern terms, the HP-67 and HP-97 were like handhelds and tablets sharing the same apps, like the iPhone and iPad, or Android phones and tablets.

No matter how far we’ve come, we’ve been here before.

, , ,

Fight back against the ugly ‘brogrammer’ trend

I don’t like the trend toward ‘brogrammers’ – that is, a very chauvinistic, juvenile attitude that seems to be creating a male-centric, female-exclusionary culture in software development departments – and across IT. It’s time to put an end to the put-downs, pin-ups, constant sports in-jokes and warfare metaphors, management by belittlement, and insulting locker-room attitude.

When I was a student studying math and computer science, nearly all of my fellow students, and nearly all of the faculty, were male. Although my idol was Admiral Grace Hopper, there were few Grace Hoppers in our profession to serve as role models for young women — or men.

Change came slowly. In the 1980s, nearly all writers of technical articles in computer magazines were male. Nearly all readers were mail. Nearly all attendees of technology conferences were male; the females at the show were almost exclusively marketers or booth babes.

Much has changed in the past few decades. For example, while the demographic research shows that most SD Times readers are male, the percentage of female readers is rising. The same is true of the technical conferences that our company produces. While female faces are still a minority, that is becoming less true every year, thanks in part to organizations like the Anita Borg Foundation.

That’s a good thing. A very good thing. Our fast-growing, demanding profession needs all the brainpower we can get. Women, we need you. Having female programmers on your team doesn’t mean that you need to buy pink mice and purple IDEs. It means that you have more top-notch architects, coders and testers, and you will create better software faster.

That’s why the so-called brogrammer trend is so infuriating. Why don’t managers and executives understand?

A few days ago, a female techie friend wrote to me in anger about a new website called Hot Tech Today which features short technology stories allegedly written by attractive young women posing in bikinis.

Disgusting.

We are better than this. We must be better than this.

Let’s put our resources into changing the brogrammer culture. Let’s make our profession not only safe for females, but also inviting and friendly. That means ditching the inappropriate language, curbing the stupid jokes, stopping the subtle put-downs of the women in your organization, and having a zero-tolerance rule to anyone who creates a hostile work environment for anyone, regardless of gender, race, national origin or anything.

Brogrammers. Just say no.

For more on this nasty trend, see:

The Rise of the Brogrammer, by SD Times’ Victoria Reitano

Oh Hai Sexism, by Charles Arthur

In tech, some bemoan the rise of the ‘brogrammer’ culture, by Doug Gross

In war for talent, ‘brogrammers’ will be losers, by Gina Trapani

, , , ,

Fast cars! Fast phones! And a new developer conference!

Toys, toys, toys. I love to read about new toys, especially sleek sports cars and nifty computerized gadgets. This week has been a bonanza – from two different directions.
You might think my focus would be on the big annual Consumer Electronics Show in Las Vegas. Actually, I’ve been more keenly following the happenings at the North American International Auto Show, which kicked off January 9.
Dozens of exciting cars and concept vehicles were introduced at the NAIAS, which is also known as the Detroit Auto Show. They include a smokin’ hot Acura NSX super car (pictured), the futuristic Lexus LF-LC, a new Mini Roadster, the four-door Porsche Panamera Turbo R, the fast-looking Mercedes SL550, the BMW i8 electric car… the list goes on and on.
A big part of the news from Detroit overlapped what was also talked about at the Consumer Electronics Show. Sure, CES features lot of “ultrabook” lightweight notebook computers, incredibly thin televisions, high-definition digital cameras, three-dimensional printers, even electric razors. But automotive computers were very much front and center.
There’s a lot more to computerized cars than iPod jacks or even streaming Pandora on a 28-speaker Bose sound system. Companies like BMW, Ford and Mercedes-Benz are integrating phone applications with vehicles’ onboard computers. The smartphone sends the car email and text messages. The car sends back real-time diagnostics. I’m told you can even make phone calls!
Soon, you will update your car’s firmware as often as you update your smartphone’s apps.
To change the subject only slightly: Let’s talk about developing smartphone software. You know that BZ Media – the company behind SD Times and News on Monday – produces developer conferences for Android and iPhone/iPad developers. We are proud to announce support for another platform at WPDevCon: The Windows Phone Developer Conference.
WPDevCon is coming to the San Francisco Bay Area from Oct. 22-24, 2012. We are currently assembling a full slate of workshops and technical classes, and the program will be ready in early March. However, we invite you to check out the website, www.wpdevcon.net, and of course, mark your calendar if you or your colleagues are interested in attending.
Want to propose a class? See the Call for Speakers and then drop me a line. Interested in exhibiting? Contact my colleague email hidden; JavaScript is required.
Which is more interesting to you, the latest cars at the Detroit Auto Show or the snazzy gadgets at the Consumer Electronics Show?
, ,

Celestial navigation, driving by GPS and agile development

Going agile makes sense. Navigating with traditional methodologies doesn’t make sense. I don’t know about you, but nothing sucks the life out of a software development project faster having to fully flesh out all the requirements before starting to build the solution.

Perhaps it’s a failure of imagination. Perhaps it’s incomplete vision. But as both a business owner and as an IT professional, it’s rare that a successfully completed application-development project comes even close to matching our original ideas.

Forget about cosmetic issues like the user interface, or unforeseen technical hurtles that must be overcome. No, I’m talking about the reality that my business – and yours, perhaps – moves fast and changes fast. We perceive the needs for new applications or for feature changes long before we understand all the details, dependencies and ramifications.

But we know enough to get started on our journey. We know enough to see whether our first steps are in the first direction. We know enough to steer us back onto the correct heading when we wander off course. Perhaps agile is the modern equivalent of celestial navigation, where we keep tacking closer and closer to our destination. In the words of John Masefield, “Give me a tall ship and a star to steer her by.”

Contrast that to the classic method of determining a complete set of requirements up front. That’s when teams create project plans that are followed meticulously until someone stands up and says, “Hey, the requirements changed!” At that point, you stop, revise the requirements, update the project plan and redo work that must be redone.

Of course, if the cost of creating and revising the requirements and project plan are low, sure, go for it. My automobile GPS does exactly that. If I tell it that I want to drive from San Francisco to New York City (my requirements), it will compute the entire 2,907-mile journey (my project plan) with incredible accuracy, from highway to byway, from interchange to intersection. Of course, every time the GPS detects that I missed an exit or pulled off the highway to get fuel, the device calculates the entire journey again. But that’s okay, as the cost of having the device recreate the project plan when it detects a requirements change is trivial.

In the world of software development, the costs of determining, documenting and getting approvals for a project’s requirements and project plans are extremely expensive, both in terms of time and money. Worse, there are no automated ways of knowing when business needs have changed, and therefore the project plan must change also. Thus, we can spend a lot of time sailing in the wrong direction. That’s where agile makes a difference – be design, it can detect when something going wrong faster than classic methodologies.

In a perfect world, if it were easy to create requirements and project plans, there would be no substantive difference between agile and classic methodologies. But in the messy, every-changing real world of software development that I live in, though, agile is the navigation methodology for me.

,

Can you trust the integrity of your chips?

A few weeks ago, in “Can you trust the integrity of your data,” I wrote about the potential for shenanigans with a new computer-controlled watt-hour meter that a local electric utility installed at my home. The worry: My bill might go up.

That, my friends, may only be the tip of the iceberg.

We’ve all heard about backdoors installed into software – secret root passwords, or overrides installed into payroll software. Many of those backdoors are urban legends, but I’ve encountered such things in real life. You probably have too.

What if backdoors are being installed into your nation’s defense systems at the hardware level – secretly – by your enemies? While that sounds like the topic of a good science-fiction movie, it’s not a far-fetched scenario at all.

On Oct. 26, John Markoff of the New York Times wrote a cyberwar story called “Old Trick Threatens the Newest Weapons.” He wrote that only about 2% of the chips used in American military equipment are manufactured in secure facilities, and that the other 98% might hide kill switches or backdoor access points.

“As advanced systems like aircraft, missiles and radars have become dependent on their computing capabilities, the specter of subversion causing weapons to fail in times of crisis, or secretly corrupting crucial data, has come to haunt military planners. The problem has grown more severe as most American semiconductor manufacturing plants have moved offshore.”

Could attempts to subvert those chips be detected? Not a chance. Markoff wrote chillingly,

“Cyberwarfare analysts argue that while most computer security efforts have until now been focused on software, tampering with hardware circuitry may ultimately be an equally dangerous threat. That is because modern computer chips routinely comprise hundreds of millions, or even billions, of transistors. The increasing complexity means that subtle modifications in manufacturing or in the design of chips will be virtually impossible to detect.”

The thought that an enemy of your country could shut down – or take over – one of your nation’s weapon systems is terrible to contemplate. The threat, however, isn’t merely to defense systems or military equipment. What would be the economic implications of secret kill switches built into business-grade network servers or network routers? How about remote subversion of consumer-grade mobile phones, laptop computers or automobile chips?

And to think I was worried about my electricity bills.

, ,

Oracle, Sun, Winners, Losers

It looks like Oracle is going to buy Sun Microsystems for $5.6 billion (net of Sun’s cash cache). Maybe the deal won’t happen. Maybe IBM will swing in with a counter offer. At this point, though, the odds are good that Oracle’s going to end up owning Java and all the other Sun technologies.

Oracle is getting a lot of very nice intellectual property. Whether that IP — as well as Sun’s product lines, maintenance agreements, licenses, consulting gigs and sales contracts — are worth $5.6 billion, that’s hard to say.

Overall, though, Oracle is clearly the biggest winner in this deal. It’s getting core technology that will cement its position in the application server market, and also give it obvious control over key industry specifications like the Java language, the enterprise Java EE platform, and the very important Java ME platform. Expect Oracle to exercise that control.

Let’s see who else wins and loses.

Loser: IBM. For years, I’ve speculated that IBM would purchase Sun just to secure a tight control over Java – which is a core technology that IBM depends upon. Now, that technology, as well as the Java Community Process, is going to fall into enemy hands. Bummer, Big Blue.

Winner: Java. Java is very important to Sun. Expect a lot of investment — in the areas that are important to Oracle.

Loser: The Java Community Process. Oracle is not known for openness. Oracle is not known for embracing competitors, or for collaborating with them to create markets. Instead, Oracle is known to play hardball to dominate its markets.

Winner: Customers that pay for Sun’s enterprise software. Oracle will take good care of them, though naturally there will be some product consolidation. Software customers may like being taken of by a company that’s focused on software, not hardware.

Loser. Customers that use open-source or community-supported versions of Sun’s software. Oracle is not in the free software business, except when that free software supports its paid software business. Don’t expect that to change.

Winner: Enterprise Linux vendors. Red Hat and other enterprise Linux distros will be dancing if Oracle decides that it doesn’t want to be in the Solaris business. On the other hand, this purchase makes it less likely that Oracle will spend big dollars to buy Red Hat in the near future.

Loser: MySQL customers. If Oracle keeps MySQL, expect it to be at the bottom of the heap as a lead-in for upgrades to Oracle’s big-gun database products. If Oracle decides not to kill or spin off MySQL, that’s going to mean disruption for the community.

Winner: Eclipse Foundation. Buh-bye, NetBeans! Oracle is heavily invested in Eclipse, and would be unlikely to continue investing in NetBeans. It’s hard to imagine that anyone would buy it, and the community probably couldn’t thrive if Oracle set it free.

Loser: Sun’s hardware customers. If Oracle stays in the hardware business, expect those Sun boxes to be only a bit player in Oracle’s product portfolio. If Oracle sells it, whoever buys it will probably milk it. How does “IBM System s (SPARC)” sound to you? Not very attractive.

Biggest Winner: Sun’s shareholders, including employees with options. After watching their shares plummet in value, and after getting a scare from IBM’s paltry offer, they must be counting their blessings right now.

, , ,

When the cloud was good, it was very very good. But when it was bad, it was horrid

Cloud computing took a big hit this week amid two significant service outages.

The biggest one, at least as it affects enterprise computing, is the eight-hour failure of Amazon’s Simple Storage Service. Check out the Amazon Web Services service health dashboard, and then select Amazon S3 in the United States for July 20. You’ll see that problems began at 9:05 am Pacific Time with “elevated error rates,” and that service wasn’t reported as being fully restored until 5:00 pm.

About the error, Amazon said,

We wanted to share a brief note about what we observed during yesterday’s event and where we are at this stage. As a distributed system, the different components of Amazon S3 need to be aware of the state of each other. For example, this awareness makes it possible for the system to decide to which redundant physical storage server to route a request. In order to share this state information across the system, we use a gossip protocol. Yesterday, we experienced a problem related to gossiping our internal state information, leaving the system components unable to interact properly and causing customers’ requests to Amazon S3 to fail. After exploring several alternatives, we determined that we had to temporarily take the service offline so that we could clear all gossipped state and restart gossip to rebuild the state.

These are sophisticated systems and it generally takes a while to get to root cause in such a situation. We’re working very hard to do this and will be providing more information here when we’ve fully investigated the incident. We also wanted to let you know that for this particular event, we’ll be waiving our standard SLA process and applying the appropriate service credit to all affected customers for the July billing period. Customers will not need to send us an e-mail to request their credits, as these will be automatically applied. This transaction will be reflected in our customers’ August billing statements.

Kudos to Amazon for issuing a billing adjustment. However, as we all know, the business cost of a service failure like this vastly exceeds the cost you pay for the service. If your applications were offline for eight hours because Amazon S3 was malfunctioning, that really hurts your bottom line. This wasn’t their first service failure, either: Amazon S3 went down in February as well.

Less significant to enterprises, but just as annoying to those concerned, involved hosted e-mail accounts hosted on Apple’s MobileMe service. MobileMe is the new name of the .Mac service, and the service was updated in mid-July along with the launch of the iPhone 3G. Unfortunately, not everything worked right. As you can see from Apple’s dashboard, some subscribers can’t access their email. Currently, this is affects about 1% of their subscribers — but it’s been like that since last Friday.

According to Apple,

We understand this is a serious issue and apologize for this service interruption. We are working hard to restore your service.

This reminds me of the poem from that great Maine writer, Henry Wadsworth Longfellow:

There was a little girl
Who had a little curl
Right in the middle of her forehead;
And when she was good
She was very, very good,
But when she was bad she was horrid.

, , ,

No operating system just for the little ladies

I echo the comments by Tina Gasperson, in her post, “Linux distro for women? Thanks, but no thanks.” It reminds me of the tool kits for women you see in all the department stores, with pink-handled screwdrivers “just for her.”

What, my wife can’t use our Craftsman screwdrivers or Black & Decker drills? We’re supposed to have two sets of tools, one for me and our son, one for my wife? Are we supposed to buy some Craftswoman tools, or get her gear from Pink & Decker? How condescending.

Software, including operating systems, should be written for people. Not for men, not for women, not for girls, not for boys. People.

I never knew that the Red Hat and SUSE were “for boys,” and that my wife is supposed to run a different server operating system than the males in the household.

How stupid is that?

, ,

Turing Award for Grace Hopper: The ACM responds

On March 1, a blog reader responded to the news about the 2006 ACM A.M. Turing Award — which recognized Fran Allen as the first female recipient of this honor — asking a pointed question:

I guess the Lady Admiral who wrote Fortran wasn’t very important… So I won’t bother to even name her. After all, she only worked for the U.S. Government and not a large conglomerate like IBM…

I asked the Association for Computing Machinery if the Turing Award committee had a response to this question. Here’s what they told me this morning.

“Good morning Alan, and thanks for your patience. We appreciate your interest in ACM’s Turing Award, and the issue it raises about women and technology. So let me explain how the process works.

“ACM’s A.M. Turing Award recipient is selected by a committee of prominent computer scientists and engineers. The selection process is confidential, and no single person knows the history of all the deliberations over the years.

“ACM has recognized Grace Hopper with the Grace Murray Hopper Award which originated in 1971. It is presented to the outstanding young computer professional of the year. In addition, ACM is a co-sponsor of the Grace Hopper Celebration of Women in Computing which is now an annual event. It is designed to bring the research and career interests of women in computing to the forefront.

“As the demand for talented computing professionals grows, it is increasingly imperative that women and other underrepresented groups be encouraged to pursue this career path. The recognition provided by ACM’s Turing Award this year has already raised awareness of the achievements of women in the field. We hope this news will motivate girls and women to see the growing opportunities for exciting careers, and to get the recognition they have earned as critical contributors to technology and innovation.”

While I’m delighted that the ACM focuses on the issues of women and technology (which it does in a very prominent way), and that Adm. Hopper was given many other honors, it’s a shame that she was not given their highest honor.

, ,

Congratulations, Fran Allen!

The 2006 recipient of the ACM Turing Award is Frances E. Allen, a retired researcher from IBM. To quote from the ACM’s announcement,

Allen, an IBM Fellow Emerita at the T.J. Watson Research Center, made fundamental contributions to the theory and practice of program optimization, which translates the users’ problem-solving language statements into more efficient sequences of computer instructions. Her contributions also greatly extended earlier work in automatic program parallelization, which enables programs to use multiple processors simultaneously in order to obtain faster results. These techniques have made it possible to achieve high performance from computers while programming them in languages suitable to applications. They have contributed to advances in the use of high performance computers for solving problems such as weather forecasting, DNA matching, and national security functions.

You can learn a lot more about Ms. Allen (pictured) at the IBM Archives. It’s noteworthy that Ms. Allen is the first woman to be honored with the ACM Turing Award, and has indeed been heaped with many professional “firsts,” including being the first woman named an IBM Fellow.

Ms. Allen even has an IBM award named after her, the “Frances E. Allen Women in Technology Mentoring Award,” of which she was the first recipient. She also received the first Anita Borg Award for Technical Leadership in 2004. Technologically, her groundbreaking work was in compiler optimization and in cryptography.

Ms. Allen retired from IBM in 2002.

The ACM Turing Award has been presented since 1966, and according to the ACM, it’s “given to an individual selected for contributions of a technical nature made to the computing community. The contributions should be of lasting and major technical importance to the computer field.” I

t’s a shame that it’s taken 40 years to recognize the first woman for the most prestigious award in computing, but historically there have been few women at the highest levels of our profession. Not only was Fran Allen the right person to win the ACM Turing Award, but perhaps this honor will inspire more young women to enter the fields of computer science and software engineering. Their talents, like Allen’s, are both needed and appreciated.

, , , ,

Greetings, Earthlings and Script Kiddies

cobra wheelWelcome to my blog. It has to start somewhere, and this is where it starts. And the trek had to start sometime; it should have started a long time ago, but it didn’t, so here we are.

This blog will be a spot to discuss topics of professional and personal interest to me, mainly focused on the realm of information technology, focusing on software development, security, enterprise computing, and the like.

Let me start with a story software hacking that begins, oddly enough, with an automotive service experience.

Earlier this week, I took my beloved 1993 Mustang GT to the Ford dealer for a routine maintenance, which includes a tire rotation. At about 11:00 am, I got a call from the service advisor: “Mr. Zeichick, I can’t find the key for your wheel locks. Where is it?”

I drove back to the shop, we searched high and we searched low. We couldn’t find the special key, so we skipped that part of the service.

But now I’ve got my mighty steed parked in the driveway, with a missing wheel lock key. What if I get a flat? I need to get those locks off pronto!

Wheel locks are a nuisance. However, I have expensive Ford Cobra rims, the dealer advised that their TTL (time to live) without locks would be less than a week. Ever since, I assumed that the wheel locks would do a decent job protecting the vehicle. How can I get them off without damaging the wheels? Gosh, this is going to be hard.

Time to ask an expert. I went to my local Sears hardware store with a spare lug nut, and asked my favorite salesman if he knew how to jury-rig sockets, wrenches, pry bars and other implements to get the wheel locks off. “Relax,” he laughed, and referred me to the “SK 2-Piece 1/2-Inch Drive Wheel Removal Kit” designed expressly for removing damaged lug nuts and wheel locks.

Five minutes after getting home, the lock nuts were removed, without damaging the wheels or bolts. And three of those five minutes were spent finding the half-inch socket set.

My confidence in Sears went up – while my confidence in wheels locks went down. If I could buy this tool “over the counter” at my local hardware store, then presumably anyone who wanted to lift wheels would already have one. Bottom line: those wheel locks wouldn’t have even slowed a thief down. Ignorance was bliss. My ignorance could have cost me, big-time, especially if those had been really expensive rims, or if the car was routinely parked on the street, instead of in my garage.

When it comes to people who want to break into your system, there are two types: technical experts, who will use their superior knowledge and experience to find and exploit your Web site or application vulnerabilities – and “script kiddies,” who will simply apply pre-existing hack techniques and use tools created by other people. Just like any petty thief could buy the wheel-lock removal kit at Sears, so any script kiddie can download hacking tools for free.

Now I’m hunting for a better grade of wheel lock… and you should be making sure that your own app-security measures won’t fall to the first script kiddie who decides to target your applications and data with an over-the-counter tool.