Now is the time of year when the editors of BZ Media’s SD Times begin working on our annual awards program, the SD Times 100. That’s where we recognize the greatest innovators and leaders in the software development industry – companies, organizations and individuals.

In the five years that we’ve been conducting the SD Times 100, the awards have become well established and respected by readers and the industry alike. We’ll be publishing the 6th SD Times 100 in our Jun. 1, 2008, issue. Reader nominations will open on Feb. 1, and will stay open through Mar. 1. (I’ll blog when the reader nominations open, and post a link to the online form.)

However, this year – inspired by comments by senior editor Alex Handy – we’re also going to ask readers to nominate the WORST OF 2007. That is, the anti-leaders and anti-innovators that affected the art of software development (and the software development industry) the most in 2007… the companies and organizations whose behavior and products were so bad that they significantly impacted software development, through tools, practices, platforms, policies, whatever.

The nominations for THAT singular dishonor are open NOW, and will remain open through Mar. 1. We welcome everyone and anyone to submit their nominations for the WORST OF 2007. Please link people to this blog post, so they understand the context (instead of just sending them to the nomination form).

To be honest, I’m not sure how we’ll publicize the winners. Maybe it’ll be part of the SD Times 100 report on Jun. 1, maybe it’ll be something different. We’ll figure that out later. Meanwhile, let the anti-nominations commence!

In reviewing my blog traffic logs, it’s clear that a lot of people are researching the Oracle/BEA deal. In particularly, my entry from last October, “BEA, Oracle market share” was off the chart.

So, if you are looking for stats… there they are.

Today’s news: Oracle is eating BEA, while Sun is slurping up MySQL.

The bigger news story is that Oracle, thwarted last October, finally nabbed BEA Systems. The $7.2 billion deal (it looks like $8.5 billion in the announcement, but I’ve subtracted BEA’s cash reserves) is still a hefty chunk of change, even by Oracle’s standards. Still, did anyone doubt that it would happen?

For most of us, this huge acquisition won’t make much difference at all. While some BEA products might be subordinated to their Oracle counterparts, Oracle should be to be a good shepherd of BEA’s technology and customers. If anything, Oracle’s deep pockets might push some of BEA’s many initiatives harder.

What about Sun’s purchase of MySQL for about US$1 billion? That might be cause for worry for advocates of the LAMP stack. LAMP, of course, is Linux, Apache, MySQL and PHP/Perl — and is relied upon by both enterprise and commercial developers who want to avoid the high licensing costs of Oracle DB, DB2 or SQL Server.

Many of the world’s biggest Web applications, using lots of things at Google, Facebook and others, are dependent on MySQL. In many ways, MySQL was the strongest pillar of the LAMP stack.

The question is, how well will MySQL fare in Sun’s hands? While Sun is focused on open source software, it likes to go its own way. Certainly, MySQL will see investment, as well as tighter integration with Java, Solaris and NetBeans. When MySQL stops being an independent software maker, integration with Linux, or with competing platforms, will take a back seat. After all, Sun’s going to have to find a way to make money from MySQL in order to justify the investment.

Sun’s move will drive a wedge between Sun and Oracle. Traditionally allies, they’ve gotten along so well largely because Sun didn’t have an enterprise database of its own.

Because other two databases didn’t like Sun (because IBM competed with Sun’s hardware, and Microsoft competed with everything at Sun), Larry Ellison and Scott McNealy found many great reasons to play well together. That partnership paid off for many, many years.

But that was long ago, and clearly Jonathan Schwartz sees things differently.

I know that many publications in Europe view the separation between editorial and the industry as — shall we say — less stringent than many publications here in the U.S.

While of course there are exceptions on both sides of the Pond, it’s expected for vendors to pick up a European reporter’s expenses for visiting conferences, press events, and other junkets, for example. Just about everyone does it.

That creates problems, of course, for European companies trying to work with North American reporters… or for North American companies trying to figure out why European beat reporters are submitting expenses for payment.

With that said of course, I was surprised by the casual coziness expressed in this e-mail, which I received today, from the editor of a U.K. publication called Design Buy Build, which invites vendors to send information to be run, presumably verbatim, within their editorial content. If you’d like to have the editors print a color picture, there’s a fee for that.

It’s truly a different world.

Coincidentally, it arrived while I was serving as a judge for the Neal Awards, from American Business Media. One of the areas we must evaluate (as best we can) is whether it appears that a magazine or Web site’s editorial content is truly independent of industry or advertising pressures, according to ABM’s code of editorial ethics. Needless to say, Design Buy Build wouldn’t score very highly there.

Here’s the e-mail:

To: Public Relations Manager 16/1/08

We are currently setting our editorial feature pages within our Jan/Feb edition, which will be distributed at the end of January to our Unique circulation of over 50,000 key specifiers & purchasers within the whole building & design industry. Including: Architects – House Builders – Developers – Contractors – Interior Designers – Self Builders – Housing Associations – Purchasers within the Hotel & Leisure Industry, Health care, Local Authorities, Public Sector & Private Practices. 5,000 extra copies of this edition will also be distributed from our stands at Ecobuild, Futurebuild, Cityscape & The Natural Stoneshow.

I am hoping you can provide some of the following information, that we may feature within the editorial matter.

Latest Product Innovations, New Literature, or Case Studies
(Copy consists of either a colour image along with 80-100 words of text)

Supported by over fifty of the most respected building & design associations throughout the UK, including editorial feature articles from the NBAT, the leading technical writers within the industry, the publication also features a comprehensive look at the latest design innovations as well as updates in regulations, health & safety, education and C.P.D. amongst others, providing our readers with a publication that pulls together the many different resources available today, giving them an informative read that promotes the best in our profession. The latest issue can be viewed at www.designbuybuild.co.uk

Please email your latest information to (address removed)

Please also confirm if you would be willing to pay the £85 colour seperation charge to feature the image in colour.

Esther Schindler made me hungry! That’s what happened when I read her latest CIO blog post, “Is there anything developers won’t do for a pizza,” posted last Friday.

“It’s not that I’m shocked that developers appreciate offerings of food. It’s that their desires are satisfied with such a simple answer. A steak dinner? Sure, that’ll get anyone’s attention. Pizza and cheap beer? Why does that work?” she asks.

Do not read her post before lunch.

(Hmm. Perhaps some developers are 20x more productive than others because they get better pizza.)

Mail server blacklists are insidious. Just about anyone can submit your e-mail address, domain or even IP address to a DNS blacklist (DNSBL). Once that happens, the chances of your messages getting through to people become pretty lousy. (A DNS blacklist is also known as a blackhole list.)

While certainly mail servers used by spammers should be on blacklists, how do the rest of us get there?

• Perhaps one of your machines been turned into a spambot zombie.
• Perhaps your mail server is configured as an open relay (bad, bad, bad!).
• Perhaps someone else using your ISP is a spammer.
• Perhaps one of your IP addresses was once assigned to a spammer.

What’s important is for you to find out if you’re on a blacklist. You should do this periodically. If you are on a blacklist, there are various resources available for getting yourself off again. But before you can do that, you need to know if there’s a problem.

Most corporate IT people only know if there’s a blacklist problem when one of their employees complains that his/her e-mail is blocked. However, you should be more proactive. If you host your own e-mail server, one free resource you can use is Blacklist Check, from MXToolbox, which checks your server’s IP address. If you don’t know the IP address for the domain’s MX records, they have a tool for that too, and another one for server diagnostics.

The company sells services to help you deal resolve mail problems. I’m not endorsing them; I’ve never even looked at them. However, their blacklist checker and other free tools are very useful.

I haven’t attended the Consumer Electronics Show in more than a decade… and keep forgotting how silly it can be. Fortunately, other journalists are ready to remind me.

David Colker blogged for the Los Angeles Times about the just-announced Taser MPH – the first combination MP3 player and stun gun. “The Taser MPH is not just a gadget, it’s a fashion statement,” he writes.

The stun gun’s holster, which contains the 1GB music player, comes in a fun leopard print pattern, as well as red-hot red and fashion pink.

If you connect an Apple iPod Touch to your stereo via an Apple Universal Dock, the user interface problems go away.

Not only are you charging the iPod (if you plug it into an AC adapter) and getting better audio using “line out,” but the remote control restores the tactile feel to the device. (I wrote about the lack of tactile feel when playing music.)

The Universal Dock that I have is the MA045G/C, purchased in June 2007, since discontinued. Amazon’s reviews are negative on the Apple docks, but I’ve been pleased. I can’t speak to any third-party docks.

I’m the proud owner of a 16GB Apple iPod Touch, given to me as a Christmas present by a good friend. I’ve been taking many notes about the device – which is an incredible technological marvel – but I can summarize my experiences over the past three weeks as follows:

What it’s great at: Being a WiFi Web browser and movie/video player

What it’s not great at: Being a plain old music player

My biggest beef with the iPod Touch (as a music player) is the lack of tactile response caused by the shift from a control wheel to the large touchscreen:

• With my “regular” iPods, I can change songs, start/stop the music and change volume without looking at the device. That’s great when I’m using it on an airplane or in my car. In my car, for example, my “regular” iPod sits in a cupholder. If I want to change songs or pause the music, I just reach over and push the button without looking.

• With the iPod Touch, you have to be looking at the device in order to manipulate the controls. That’s fine when you’re watching videos or surfing the Web, but it’s really a nuisance when you want to skip to the next song while you’re driving.

I am surprised that the flash storage is so slow. Updating its files (to load music playlists or new videos) is painful. It seems at least 3x slower than a conventional disk-based iPod. I’m also disappointed that the “Enable Disk Use” option is not available. (There are third-party hacks that claim to provide that functionality.)

When using the iPod Touch as a Web browser, the hardest part is typing. My hands and fingers aren’t especially large, but gosh, it’s difficult to work the virtual keyboard. The iPod Touch needs a stylus.

The software on the iPod Touch (I’m running version 1.1.2) is buggy. There seems to be a memory leak that causes album cover displays to occasionally get out of sync with the songs that are being played, and sometimes, the device stops plays songs right after you start playing.

For that issue, the solution seems to be to reboot the iPod Touch. You do so by holding down the Sleep/Wake button (that’s the one on the edge) and the Home button (that’s the one on the front) for at least 10 seconds, until the Apple logo appears. After I do that, the unit seems good for about a week until it needs to be rebooted again.

Overall: The iPod Touch is an incredible device, and I’m delighted with it. But it’s clearly a “version 1.0” product.

According to BZ Research, 42.0% of enterprise Web sites are hosted within their internal data centers, while 40.6% are hosted externally using shared servers owned by the Web hosting company.

Those were by far the dominant findings in our first-ever Web Hosting Study, completed in October.

Those numbers swamped the use of Web servers hosted on departmental servers outside the data center (22.0%), hosted externally using dedicated server owned by the host (20.8%), and those hosted externally using company-owned servers in colocation facilities (13.0%).

The last number was the most surprising to me. Frankly, I expected colo-based Web hosting to be more popular.

The complete study, which digs more deeply into the topic, is available from BZ Research.

Analysts say that Apple has been less than successful with selling video content – including television shows and movies – than it has been with selling music on its iTunes Store. It’s easy to see why (and this is independent of the inability to load the DVDs you already own onto the iPod).

There are three other reasons why music will always be successful on portable players, and video content never will be.

1. Music is a background function, while video requires foreground processing. I can listen to music everywhere, especially when I’m multitasking. In fact, music can help me concentrate on my work, or make a long drive more enjoyable. Video requires focus, and distracts you from your work, from driving, or from other activities.

2. Music is acceptable at work, but movies aren’t. If I see an employee listening to the Lord of the Rings soundtrack while working, that’s great. Howard Shore wrote wonderful instrumental music that’s perfect for background listening. At BZ Media, we have some employees who routinely listen to their iPods or other music players while they’re programming, writing e-mails, editing documents. I do that myself; if I’m not on the phone, music’s playing. But I don’t want to see an employee watching the movie itself when he/she is supposed to be working.

3. Music you listen to over and over again, while movies you watch rarely. Except for kids with their favorite Barney video, when you buy a new movie, you watch it once. Even if you loved it, you’ll then put it on the shelf, perhaps for months. By contrast, when you buy a new album, you listen to it over and over again for the first week or two – and then throw some tracks into a “favorites” list and shuffle them all the time. You get tons more mileage out of music.

Music and personal players were made for each other. Personal movies, well, they’re just not going to have the appeal of music, no matter what Apple or any of its competitors do. When you couple that with the inability to reuse your DVD library, the idea will never expand out of a narrow niche: watching TV episodes that you buy and toss.

Confidential to Ted Bahr: I enjoyed our lunch today at Toast & Co., one of Huntington’s newest restaurants.

However, despite your claims to the contrary, it is not a diner.

One of the best places I’ve ever worked was Miller Freeman. I joined the company in 1990, and left in 1998. The warmth at Miller Freeman – an 90-year-old company – was extraordinary, and that’s where I made some of my dearest friends, including BZ Media co-founder Ted Bahr.

Miller Freeman’s swan song began in mid-1999 when its owner, United News & Media, purchased rival publisher CMP Media. UNM (now called United Business Media) merged the two together, keeping the CMP name – and the CMP management team. By 2000, MFI was gone.

Miller Freeman was gone, but not forgotten. While many MFI employees now work for CMP, most have scattered to the four winds. Some are still in publishing, others have moved on. Some keep together, however, with annual reunions, which were fueled by a mailing list that one former employee kept, and with an “alumni” Web site that I maintained for many years. Of the thousands of people who passed through MFI’s doors, about 200-250 were on our lists.

After our most recent reunion – a holiday cocktail party in San Francisco – I decided to replace the old static “where are they now” Web site with an interactive social network. For a platform, the choice was Ning, a free service. My inspiration, in part, for the “afterMillerFreeman” social network came from similar ones for other major publishers, including two I belong to, “afterIDG” and “afterCMP.” There’s also an “afterZiffDavis,” which I’m not a member of. The credit for suggesting the construction of afterMillerFreeman goes to former MFIer Kathy Bruin, who suggested it to me on Oct. 30, 2007.

The site, which launched on Dec. 2, succeeded far beyond our wildest dreams. After setting up the network and sending invites out to our small mailing list, a few people joined. Then a few more. Then the floodgates opened.

We blew past 100 members in two days, and people were already commenting (on the social network and in bemused emails) that none of the participants were getting any work done. They were busy leaving messages for old friends, uploading photos, sharing stories, setting up special interest groups for various departments and offices — and logging into “afterMillerFreeman” every few minutes to see who else had joined. It was tremendous.

The site really exploded when a group of former senior executives came into the network – as well as a few people who always were social catalysts at Miller Freeman. Within a week, we’d passed 200 members, and to put the icing on the cake, members were inviting other members.

Now, less than three weeks later, at least 10-15 new members sign up each day. The message traffic on the social network is incredible. We have over 350 members, and there are more than 200 invitations pending – invitations that new members were sending alone. As physicists would say, we’ve achieved critical mass.

I belong to quite a few social networks, but none of them has the vibrant energy of “afterMillerFreeman.” That says something about this community and its people, and the fact that an online community works best when it’s based on a real community – not just a few people with a common interest, but people who genuinely like each other, and who want to share their personal stories.

Our next face-to-face reunion is going to be huge, drawing folks that have never attended those events. That will be the best social network success of all.

At the Embedded Software Summit, held in Santa Barbara, Calif., this week, the consensus is that it costs, on average, between $100 and $1000 per line to write truly secure code.

The Embedded Software Summit is an annual press-and-analyst schmoozefest by Green Hills Software, which is based in this beautiful resort town. The company uses the summit to fête press and analysts, while pushing its latest initiatives and trashing its competitors.

For the past couple of years, GHS has been touting that its INTEGRITY separation kernel has been accepted into a EAL6+-level certification program. (The evaluation has been underway since late 2005, and should be completed soon.) By contrast, Windows and Linux are certified no higher than EAL4+. Thus, the summit now focuses on the security of Green Hills’ products, almost to the exclusion of everything else the company offers.

Dan O’Dowd, the competitive-minded founder and CEO of GHS, pointed out that EAL4 is defined as “only appropriate for an assumed non-hostile, well managed user community requiring protection against threats of inadvertent or casual attempts to breach system security.” That level of certification is not appropriate when “protection is required against determined attempts by hostile and well-funded attackers.”

So, during the summit (I stayed for the first day of the 1 1/2-day event), O’Dowd and his colleagues, such as CTO David Kleidermacker, frequently referred to Windows and Linux as “certified hackable.” (“How do you make systems more secure? Stop using Windows and Linux, that’s easy,” Kleidermacker said at one point.)

Indeed, O’Dowd’s kickoff address was very similar to his talk last year, when GHS introduced its platform for secure computing. At that time, O’Dowd (pictured) pointed out several well-publicized security hacks covered by the media. The problem, he said over and over again, is that the hacked systems were running Windows or Linux. (Read my comments about the 2006 Green Hills Software Embedded Software Summit.)

This year, O’Dowd was a bit more creative, and illustrated his talk with video clips from the movie “Live Free or Die Hard” (read my review of the credibility of that movie). For each of the hacks shown in the movie, he also cited a similar real-world hack. The reason for the hack? In each case, because the systems were using the “certified hackable” Window and Linux.

Oh, wait, there was one exception. In Die Hard 4, the bad guys hack into an F-35’s fighter’s communication system to steal its “go codes.” That wouldn’t be possible, O’Dowd bashfully admitted, because the F-35 Joint Strike Fighter uses software from Green Hills.

Two of the highlights of the conference (well, of the first day, at least) were a talk by Rob Dobry from the National Security Agency, and a panel on security moderated by Patriot Scientific’s Jim Turley.

The NSA guy, who was involved with the creation of security standards like Common Criteria and the Orange Book, was an incredible speaker. He didn’t provide much information – as you’d expect – but his anecdotes and off-hand comments about government security initiatives were fascinating. Sadly, I lost much of what he said; Dobry held up something, there was a bright flash, and my notes were gone.

The security panel didn’t reveal a whole lot of new information either until the Q&A portion. One analyst in the audience asked what it costs to write truly secure code – that is, code that’s designed and tested to meet quality standards comparable to what the aviation industry uses when it writes software for, say, the Airbus A380 or the F-35 fighter.

The panelists agreed that secure code is about an order of magnitude more expensive than writing “typical” software. The price tag is several hundreds of dollars per line of code – definitely under $1,000, said panelist Jess Irwin from Northrup Grumman, but definitely more than $100, said Green Hill’s O’Dowd. Everyone nodded. A useful data point indeed.

This year’s big announcement from Green Hills was a “padded cell” secure hypervisor for virtualization. It looks interesting.

It’s amazing to me that cars don’t tell you the inside temperature. Just about every car I drive has an exterior thermometer. But where’s the interior one?

An exterior thermometer appears to be the new standard feature. My Mazda3 hatchback has one, as does my wife’s Acura TSX. My wife’s previous car, a 1999 BMW 528i (aka, “the piece of junk that spent all its time in the shop”) had an exterior thermometer, too.

The BMW would even chime if the outside temperature dropped enough to present a danger of road ice, which was handy if you were driving from San Francisco to Lake Tahoe in the winter.

But no inside thermometer.

Now, the cars know what temperature it is inside. The BMW, the Acura and my little Mazda all have digital climate-control systems, where you set the temperature and the car holds it. The computer has to know the temperature in order for that to work.

The displays will therefore show you two piece of data:

1. What the outdoor temperature is (which the Mazda calls the “ambient temperature”).

2. What temperature you have set the climate control system for.

However, they will not show you the inside temperature. Even the super-sophisticated computer in the Acura TSX won’t divulge this secret, though it tells you just about everything else.

Thus, when you step into the car, you don’t know if the interior is 130 degrees (sitting in the sun with all the windows closed), -10 degrees (sitting all night at Lake Tahoe), or a slightly warm 85 degrees.

Why not? It’s a mystery. (And I know that there are some cars that do tell you the indoor temperature. I’ve rented a few of them. However, the overwhelming majority do not display the interior temperature.)

The solution? Go to the local auto-parts store and pick up a cheap digital or analog thermometer and stick it somewhere on the dashboard where it’s not going to be in direct sunlight most of the time. Pictured is the model that we purchased for each car; it costs nine bucks from Amazon. Isn’t it bizarre that carmakers leave this out?