Tangent Thought Gallery

Remember the PC hardware world back about 10 to 15 years ago? You were continually compelled to buy bigger and better systems to keep pace with your new software’s CPU, peripheral, and memory requirements. Consequently the hardened techies and gamers among us were salivating over every batch of “new and improved” desktops/laptops as they rolled off the line. Thankfully, for the vast majority of home and office PC users, we reached a point of relative sanity some years ago—e.g., Office XP would run on the same system as Office 2000, the latest Sims expansion pack, “The SIMS 2 Running for Re-election”, or “The SIMS 2 Retirement Party”, ran fine without major hardware reinvestment. Now we typically replace systems or components when they’ve stopped working reliably. Much like a washer or dryer, they’re home and office computing appliances.

The question bouncing around in my head this morning is this: Are we approaching a similar point of utility with mobile phones?

Research in Motion just announced their first major product release in about a year, the BlackBerry Bold. Now, I’m a long time BB user. I’m now on my 6th BB (seriously), a Curve model, and I’m starting to suspect I’m joining the jaded group that just isn’t going to jump because a vendor blasts a trumpet. (Are you thinking “Microsoft Vista”?) With my current phone I can take pics, movies, play MP3s, track my calendar, do SMS messaging, GPS/maps integration, play games, set alarms, create/answer email, and, oh yeah, make phone calls. The newest BB will do exactly the same. It does boast a higher resolution screen, but they don’t bother to mention it’s about 1/8 inch shorter. Are we starting to reach that point of “communication appliance” utility?

Sure, there will always be a niche market for those users impassioned about fashion and prestige, but I suspect that market slice will experience either stagnation or continued decline. The novelty of the iPhone interface will become dated someday. The children of the 2020’s will roll their eyes if you mention how cool this was back in 2008. I wonder what RIM and Apple will be doing to try gain market share then. I wonder if they’ll still be in business. I wonder how many BB’s I’ll have burned through by that time.

If you’ve not heard of Trapster.com you may soon. Trapster is the online and mobile phone based application to warn drivers of speed traps (still in beta, according to the Trapster site’s info). It’s the virtual equivalent of flashing your lights as a neighborly warning that “There’s a cop with a Wookie sized radar gun pointed in your direction over the next hill!”

It’s insanely simple and elegant but it does require a few tech pieces to work.

1. A GPS aware mobile phone
2. A Trapster account
3. Other drivers similarly equipped

In theory this should work very well and it also should work, I’m assuming, with a GPS aware laptop. It’s got an API tie in to Google Maps and there’s even a BlackBerry specific version; get the instructions here: http://www.trapster.com/bbinstructions.php.

There’s a lot of blog debate about the viability of the service, particularly if it should become illegal. What? Could this become the first illegal mobile phone application? Perhaps in Canada, which seems to have intensely Draconian views toward traffic violations. But how could anyone technically detect that someone was using the mobile service? Not that this couldn’t happen, but talk about Orwellian visions!

I understand that there will continually be a battle between traffic policing and countermeasures. If the law enforcement community was smart about this, rather than Byzantine or intrusive legislation and straining resources to enforce those questionable laws, wouldn’t it be smarter to swim in the same pool? If I’m running a county traffic program, why don’t I just get numerous Trapster accounts myself, pass these along to my staff, coordinate the “dummy”traps (places where we have *no* intention of actually monitoring traffic), and set up literally dozens upon dozens of false reports? Two things are likely to happen:

1. Trapster’s data integrity would be severely threatened, if done right, so people would be less inclined to trust it and less inclined to use it.

2. There would be so many ‘hot spots’ listed in the Trapster reports, some real and some not, that the county becomes much more placid from a traffic perspective (and this would be the end goal anyway).

Or maybe law agencies outsource this? Hmmm, do I smell a business opportunity here? Not for me, personally; I like to play on the ethical side of games. But it does demonstrate a particularly intriguing maturation and inherent vulnerability in social networking. Value depends on truth.

It’s no surprise that there’s still confusion about Web 2.0, as well as the distinctions between Web 1.0, Web 2.0, and Web 3.0. It’s a bit surprising, however, when firms in the industry don’t get it right (note the email that came in this week from the Web Buyer’s Guide and IBM—I really think they meant it to say “3.0″, not “2.0″). Since there’s still confusion out there, I thought I’d toss out a high level cheat sheet to help slice and dice your way through those distinctions.

Granted, these definitions are subjective. Also, it wasn’t easy to constrain each to 25 words or less, but I believe they’re fairly accurate. If you’ve got something better please let me know.

(Apparently) universal truths
An energetic consultant runs into your office and enthusiastically exclaims “This (web version) will enable you to develop rich user experiences, powerfully engage your customers, and transform your business as never before!”; to which specific web version would she/he be referring? Of course the answer is “all the above”. With the advent of each ‘version’, if you will, industry pundits, analysts, and especially vested software vendors have lauded the concept as finally enabling the use of the net as a platform. This was true back in the 90s and the choir hasn’t changed the tune yet. If there’s a Web 4.0+ to come, you can bank on the fact that the same will apply then as well. However, this does not mean the consultant will be wrong…some incredible things (have and) will be done.

Another item that applies to each version: much can be said about the limits, extensions, and applicability of different technologies and standards to each. Truthfully, much of the inner workings of each use identical technologies. There are a few distinctions but not as many as one might think. This is why I’d contend the differences are more in the functional attributes rather than the underlying technologies. Sure, there are newer technologies, as well as maturation of older, highly reliable tools, but I’d still side with functional elegance as distinctive characteristics.

Fact vs. fiction
Web 1.0 works fine. Much has, and will continue to be, accomplished with these technologies. They will continue to evolve while others will mature. You don’t necessarily need a Web 2.0 site. If all you’re doing is successfully selling T shirts and toe nail clippers online, keep at it. It’s not broken. Can you benefit from 2.0? Quite possibly. But it’s equally possible that if you integrate 2.0 features you could be wasting your time with only a veneer of pay back. Like any feature, there should be solid potential for ROI before you begin writing development bits to disk.

How about 3.0? Here the ink is still too wet on the concepts to cash in. However, my take is there really is tremendous potential for integration with a *mature* semantic web, kind of like RSS on steroids. How long that takes to become a reality, to gain industry and enterprise wide traction, remains today’s exercise in speculation.

This all kind of suggests a question. Were dial-up bulletin boards the advent of Web 2.0 back in the late 80s and we just didn’t realize it? Of course I’m joking, but it just demonstrates that many of the concepts have been around for a while.

Some things just aren’t as easy as you’d think they should be. If you’ve been involved with web hosting much, you know it fits that scenario well. Assuming you’ve gone over the info in part 1 of this series (which is a fairly high level view of things), let’s do a fly over still another upper level issue: “Precisely what type of hosting are you looking for?”

There are essentially three options:

1. Self hosting
2. External hosting
3. Blended (some degree of both)

I believe there are few instances where self hosting makes sense. If you think your business case is one of those unique situations that call for it, you’re probably wrong. Sorry. Please contact me and I’ll be glad to try to dissuade you.

Options with External hosting broaden the choices even further. At the outset, your basic hosting options are:
1. Shared—the hardware is transparent to you; you’re just buying a service level agreement (SLA); your site may be in the same hardware as Sally’s Muffin Boutique & Laundry or less socially innocent entities, however, that shouldn’t be a concern (the servers are probably virtualized at this point anyway—but that’s something you should check out)
2. Dedicated—the hardware is yours (leased) and yours alone; you needn’t be concerned with anyone else being on your hardware-BUT-you need to handle or arrange with your provider for all hardware contingencies such as DR, fail-over, hardware failure, etc.
3. Collocation—this can be interpreted as just space in a rack where part of the SLA is power, environmental (temp, humidity, security), and telco connectivity; it can also be expanded to include cages for your equipment at the hosting site, even rooms full of your equipment if your demands are large enough

The complexities swoop in almost immediately. Trying to make things simpler, however, in the next post of this series I’ll directly dive into the type of hosting in which 80%+ of most business are interested; if you’re looking to simply set up shop on the net with some added content management functionality and you’re looking for only a moderate investment and want to avoid recurring IT costs, stay tuned. I’m hoping to make that simple(r) for those in this camp. Until then, let’s take a peek at just a few (there are a lot more than those shown here!) of the tangent considerations with hosting…

Required service level (e.g., “four 9s”, or 99.99% uptime? More? Less? Perhaps better asked: “How much will that downtime cost my business annually?“)—be sure to read and understand what your hosting provider means in their SLA statement. You don’t want surprises, particularly if your revenue stream is coming through that channel.

Managed Services—this is where you can leverage your provider’s talent pool so you don’t need to staff up. Sure, you’ll want them to handle the hardware on the inside, especially if you’re not doing collocation, but to what extent? Backups, disaster recovery, etc.—to what degree are they involved? How about security patches? If you’re systems get a little trickier, let’s say with clustering and virtualization, what’s their involvement? There’s really a continuum here, from rudimentary hdw/OS admin support to comprehensive application support outsourcing. Get that nailed down clearly in any contract before signing; you don’t want confusion downstream. Also be sure you know how and who to call, along with who is empowered on your side to contact the provider and what type of support to expect.

Facility Access—this should only be a consideration for collocation or, upon rare occasions, dedicated hosting but you’ll want to understand the processes involved as well as which members of your team can get access, how they get access, and when.

Package Options—this can get tricky in its own right but basically, if you’re dealing with managed solutions, you have to determine what you’re leasing, from hardware to application software. It can all be accommodated for a price.

You should note that as the optional hardware, OS, utilities, and application packages mount up, so do associated costs for support. It’s still typically more cost effective than staffing for this yourself.

Almost a given in web hosting is that you’ll change your provider more than once and your model of operation more than twice so all this becomes relevant sooner or later. In the next post well cover shared hosting consideration since it’s probably the most popular.

Web hosting reminds me of home insurance. Everyone knows they need it. If you’re feeling lucky or you enjoy the adrenaline rush of huge risks, you tend to take a minimalist view. If you’re a pessimist or if you just happen to have experienced enough of life’s uncertainties then you get a bit more pragmatic. Our home was destroyed by a tornado several years ago. As you can imagine, even though our family thankfully emerged unscathed, the recovery for us and our entire neighborhood was daunting. Sadly, some of our neighbors found out at that time that their “bargains” on insurance weren’t such a deal after all.

The same applies to hosting. It’s funny that, although the question of “what’s the best host for __x__?” is one of the most frequently asked questions on networking sites, after a thorough answer it’s typically voiced with a subsequent follow up “oh (insert awkward silence here)…well, I really wasn’t meaning to spend that much!” Please understand I’m not advocating coming to your hosting options without concern for costs, but these must be put into perspective: what are you hoping to accomplish and how many headaches do you want to still entertain once online? We are talking about your most ubiquitous customer touch point, right? If you’re engaging in online commerce, we’re talking about revenue streams and customer satisfaction, right?

Since this is actually a large topic, my plan is to summarize top level issues in this post and, if time allows, get more granular in a subsequent post or two.

Decision matrix #1—questions to ask yourself at the outset:
1. Security and reliability—you need to start with these seemingly less exciting points, imo, compared to features, etc. Do you have critical, private data you’ll be storing on a database? (And please don’t tell me you’ll be storing credit card data—ever!) If you’re storing sensitive data, move away from shared hosting, unless, of course, you’re operating on shared servers with independent virtual servers. The related topic of performance, particularly of virtual database servers is important but out of scope for this post. What about DR? How is that handled and what’s the expected worse case scenario for downtime?
2. Features—what components, tools and tangential systems are on my “must have” list vs. those provided or available? Are these extensible? Can these be at all integrated with my back end systems? Are there business user tools available or does all interaction need to come through my internal IT support? Do I need internal IT support or can I better use those resources elsewhere?
3. Support—what is the support structure of the provider? Who do I contact and how? Who within my organization can make support calls? What is the skill set of those on support? How about level 2 & 3 support? What are their expectations of me and my staff? If needed, can I get someone on the phone 24×7 or am I limited to email or online chat support?
4. Qualifications—who are some of your hosting provider’s customers? You may not yet be an IKEA or Barnes & Noble, but your provider should be able to suggest success stories for organizations roughly similar to yours. Additionally, if they’re doing only commerce, they should already have already successfully passed PCI compliance audits, so you may want to ask about that as well.
5. How much involvement can you afford? — Specifically, your own tech resources staffed to maintain the operation. My opinion, you can rarely afford to staff adequately with your own resources so lean heavily on managed service providers. They’re really cheap at the price. Unless you originally got into business with the dream and end goal of running a data center.
6. Along the lines of “why did you get into business in the first place?” and “what are your core-competencies?” do you really want to own any hardware or software? Probably not, so move away from collocation. If you convert these costs (often capitalized) into monthly expenses as part of your lease/managed services agreement, you may find increased appeal on the financial end.

Assumption: most people will find they don’t want to host themselves nor, if they’re sharp, will they want to co-lo (co-lo makes sense if you’ve got some exiting servers but outside of that condition it’s probably not a factor). Additionally, most will be looking for either shared or dedicated hosting.

Now, if you simply Google something like “web host comparison” you’ll often get sites that may look legitimate but under the covers are marketing masquerading as a real site. Just be careful where you step. Here are a couple of lists with less vendor affiliation and more comparison of services:
http://webhost.thelist.com/
http://www.websitehostdirectory.com/

For those looking to host applications, more than sites, and particularly if you’d like to do this at not cost, check out:
http://en.wikipedia.org/wiki/Comparison_of_free_software_hosting_facilities

So much for the high notes. I hope to get a chance to address hosting in a low-end vs. high-end comparison in the future. For now, I hope this helps.

With the latest trends in security vulnerabilities moving from old-school threats (e.g., email payloads) to more recent trends (phishing scams and XSS vulnerabilities), it seems we need to revise the notion of browser security “state”. Specifically, I’ve been thinking this should be tied to non-proprietary databases leveraging social network capabilities. Basically, a certain level of global security approval.

I realize there are risks that need to be mitigated in this—lots of work to be done here—but I’m hoping it will be birthed from a consortium and not one security company.

The result: one way to implement this would be a security toolbar. Of course, displaying this would be optional. This would show the relative sense of security realized from the global community. Somewhat akin to what you find in the Security Task Manager tool from Neuber GmbH, if you’ve ever used that. Essentially, STM users collectively vote on the perceived security level behind Windows processes and drivers. In this case, however, all vote on websites. A tangent to that would be setting acceptable security levels. You might only want to visit sites ranking higher than “6.4″, for example.

Secure Computing Corporation has an implementation of this model. Their “TrustedSource” (which bugs me that they used a “.org” extension when they’re every bit a for-profit entity) is what they call a “global threat correlation engine”. It’s basically an aggregated white list for global sites. Making the list is proprietary to Secure Computing’s interests; this is where I believe a non-partisan social net endorsement would be a better solution. That data needs to be protected, naturally, from external threat. It also needs to be outside the hands of any one entity to be of real value to all.

Don’t know if you’ve read the Microsoft announcement this week about Windows Server 2008. The news came out from Teched in Spain and, distilled down, there will be eight different versions available. Compare that with the three currently available (Standard, Enterprise, and Datacenter) and it doesn’t sound so bad. On the surface anyway.

Can anyone guess at how may SKU’s there will be? Let me make it easier. Can anyone guess how many SKU’s there are today with only three versions? Answer: I don’t know. At least that will be the average answer, I’d venture, even from MSFT employees. Even going off Microsoft.com pages, you’ll get at least 12 versions for Server 2003, although not all can actually be purchased from MSFT. Where it gets more challenging is in the details. How many CAL’s do you need? Got virtual? Are you clustered? Oh, do you need an External Connector with that?

So, in reality, how many SKU’s will there be with the advent of Hyper-V, MSFT’s latest virtualization technology? This is where I begin thinking, “Man, this is ripe for online selection/configuration!” This is partly spurred on by the seeming difficulty in getting quick, qualified sales support from Redmond (actually, this is true of most large vendors, not just MSFT). Now, I’ve had the pleasure of working with their team in the Twin Cities, and they’ve been great, but there have been other times in other places where this has been a struggle.

This fits a classic scenario where selection/configuration pays off big: product complexity and limited sales resources. I want to go in with my project’s full requirements, and pull out some relatively precise budget planning numbers. I don’t have time for a full quote at this point. Well, they’ve got one, two, actually. I have to admit, I was surprised. Unfortunately, they only work for virtualization environments.

Isn’t the whole process a little too complicated to be left to the under-initiated? If only MSFT could work with Tacton, or one of the other leaders in online sales configuration, they could make life so much simpler and easy to understand for their customers. Now, if they could only make it cheaper. Until both happen, LAMP continues to look better and better to a lot of people looking for a way out of the forest.

Let me preface this: You may already be aware of some or all of these security threats but I found the following presentation as a whole both fascinating and alarming. This afternoon Ziff Davis and MessageLabs presented “Today’s Internet Security Landscape: A Closer Look at Evolving Threats” . It’s now available streamed and if you’re at all concerned about email security it’s an hour worth your time.

Did you ever wonder why you get those crazy emails about hot stock tips for some thoroughly obscure ticker symbol? Mark Sunner, Chief Security Analyst at MessageLabs, who gave the presentation, clears that up, explaining why it’s tied to identity theft and money laundering.

Man, I wish I didn’t have to say this but the architectural caliber of the latest malware is near brilliance; they’ve really got grid computing down. The presentation also gives some context as to how these tools of crime are funded, which is also enlightening. From StormWorm and SpamThrough to Russian and Ukrainian boutique spam bots (yes, they’ll craft custom “professional-grade” malware, configured to your specs, for a price) to social engineering preying on the onslaught of social networks, this was alarming. Don’t think I’ve lost this much color during a presentation since hearing about the true value of USD’s since departing from the gold standard.

That last point, the one about social networks, really bears clarification. We all place so much personal info on sites such as MySpace and LinkedIn, it shouldn’t come as an entire surprise that targeted attacks are starting to arise from that info. Specifcially, elements of crime getting at “C” level officers of organizations, or perhaps using that info as they craft new spam attacks. If you saw a message in your inbox that was from your CEO or CTO, and the message header seemed to mimic with near perfect accuracy the name and type of message you’d expect, and then, if within the body it said something like, “click here for project details”, wouldn’t you be inclined to open the message? How about if it was from someone in the upper echelons of your support organization stating “install this upgrade asap”?

That “near” perfection is achievable through data mined from social networking sites. Makes me wonder if I’m over reacting. But it also makes me wonder what sites like LinkedIn will do to protect their users, their sites’ integrity, and their overall business model.