Monday, April 30, 2007
Links for 2007-04-30
I always find folks from Sun intriguing as they do a great job of speaking at large conferences but don't do anything at the grassroots level like visiting all of their customers one-by-one and advocating more personal. Anyway, Robin has some great banners that are charitable...
To date the conversation around identity has either been consumerish in nature or all about enterprises and their legacy issues. Good to see that folks are thinking about folks who also need to participate but may not have deep pockets
Whenever you integrate two systems, you not only have to think about the semantics around message passing but also need to reconsile disparate security models. Good to see that folks at Microsoft are showing some leadership. I wonder if folks from ServiceMix, Sonic, Sun, MuleSource and Iona have thought about Identity Services within their ESB?
Security folks know that the notion of a perimeter is fast disappearing. Now, this blogger shows that history also proved the same thing.
Reverend Bayes did more for IT architectures than folks realize
It would be intriguing for a developer savvy industry analyst to provide commentary on whether they believe that Struts is no longer relevant as a Java framework and that folks should migrate to Spring?
Is Bell Curve Compensation an Anti-Pattern?
Problem: Distributing rewards fairly.
Context: A community of developers, architects,etc meeting tight schedules in a high-payoff market.
Forces: Managers love their employees, but some must be loved more than others. Everybody can't be excellent.
Supposed Solution: The entire team (social unit) should be ranked for Quality, those rankings should be fitted to a bell curve, and compensation should be awarded according to percentile.
Resulting Context: Managers who create uniformly excellent teams are punished, since some members must be rated as sub-par to maintain the bell curve. Developers seek out managers with sub-par teams, in order to ensure their place in the top percentile.
Design Rationale: Somebody failed elementary statistics; while competence over a large corporation may indeed fit a bell curve, small sets (such as project teams) are very unlikely to do so. Indeed, in an organization that does not follow this Anti Pattern, a successful project team will tilt farther and farther toward the high end of the curve, as excellent developers are attracted by the opportunity to work with their peers. It is possible to have a uniformly excellent team; managers who build such teams should be rewarded, not punished...
Sunday, April 29, 2007
Inexperienced IT Executives cause IT Outsourcing Failure
Lots of bloggers comment on enterprisey behavior so a body of knowledge does exist at some level as to stupid things done repeatedly. Why is this feedback process of bad management decisions not changing things?
Of course, one needs to assume that those in enterprises understand enterprisey behavior and that such feedback exists, and works fast enough. How long does it take for such projects to fail (months? years?), and after how many such failures do upper management finally realize the problem exists and that they can't manage it because they are the problem?
Is it really due to inexperience? Will more experienced managers understand that hiring an inexperienced team will lead to project failure instead of cost savings? Nowadays, it's rare (an impossible when you bring outsourcing into the equation) to have the luxury of an entire team with decades of experience each. And not always desirable - there's usually some work that can be better done by less experienced people. Experienced people don't like stuff that's mundane to them and you have the problem space of getting people to be experienced for future projects.
While Outsourcing folks in India are dangerous to long-term health, inexperienced IT executives are more damaging. Acknowledge that IT executives have more authority than any outsourcing firm could ever hope for. Usually there is one IT executive for a given outsourcing relationship, while you will have a team of multiple developers in outsourcing and can only get an inexperienced team if every developer in the team is inexperienced (Of course there is a high probability of this occuring, but that is the subject of another blog entry).
One can ask themselves how failure in outsourcing could actually be good for an enterprise. I have concluded that good decisions come from experience. Experience comes from making bad decisions. As long as folks make sure the 'bad decisions' are small ones - non fatal; work at managing smaller, lower pressure projects then regardless of whether outsourcing is successful or a big fat failure, the enterprise benefits...
| | View blog reactionsOf course, one needs to assume that those in enterprises understand enterprisey behavior and that such feedback exists, and works fast enough. How long does it take for such projects to fail (months? years?), and after how many such failures do upper management finally realize the problem exists and that they can't manage it because they are the problem?
Is it really due to inexperience? Will more experienced managers understand that hiring an inexperienced team will lead to project failure instead of cost savings? Nowadays, it's rare (an impossible when you bring outsourcing into the equation) to have the luxury of an entire team with decades of experience each. And not always desirable - there's usually some work that can be better done by less experienced people. Experienced people don't like stuff that's mundane to them and you have the problem space of getting people to be experienced for future projects.
While Outsourcing folks in India are dangerous to long-term health, inexperienced IT executives are more damaging. Acknowledge that IT executives have more authority than any outsourcing firm could ever hope for. Usually there is one IT executive for a given outsourcing relationship, while you will have a team of multiple developers in outsourcing and can only get an inexperienced team if every developer in the team is inexperienced (Of course there is a high probability of this occuring, but that is the subject of another blog entry).
One can ask themselves how failure in outsourcing could actually be good for an enterprise. I have concluded that good decisions come from experience. Experience comes from making bad decisions. As long as folks make sure the 'bad decisions' are small ones - non fatal; work at managing smaller, lower pressure projects then regardless of whether outsourcing is successful or a big fat failure, the enterprise benefits...
Links for 2007-04-29
Backsourcing is the process of an enterprise retaking responsibility for previously outsourced IT functions, and bringing these functions back inhouse. Enterprise Architects should always plan for outsourcing failure.
If you have ever noodled starting your own software company and desire VC funding then start here
I wonder if Kim Cameron and others have thoughts
May I add that I believe folks will not only use it, but it will also in the near future align with IT security standards
I suspect folks like Akash Bhatia, Anita Ballaney or Mohan Babu K. will exercise their right to remain silent on this one as they are only capable to attack but not thoughtful analysis
A thoughtful analysis of why government enterprise architecture is a big fat joke
Folks always seem to forget the characteristic of strong technical leadership and being Keeper of the Flame
Heat Pumps and Energy Conservation
I am one of a 100 customers of the local electrical utility taking part in a pilot of heat pumps. On Friday, I got a $10K heat pump installed absolutely free which is supposed to reduce energy usage by 40% or greater. Heat pumps unlike central air conditioning can be used for both heating and cooling.
If the pilot is successful and our energy usage drops more than other participants, I will then be selected to participate in upcoming advertising campaigns. Imagine turning on the TV on Sunday morning and seeing James McGovern in living color...
| | View blog reactionsIf the pilot is successful and our energy usage drops more than other participants, I will then be selected to participate in upcoming advertising campaigns. Imagine turning on the TV on Sunday morning and seeing James McGovern in living color...
India Outsourcing and why Inexperienced Teams are Rampant
Perhaps it would be useful to talk about what is meant by inexperience...
People who are inexperienced in general have always been with us, in every field, and there is usually some kind of apprenticeship period (possibly academic) during which their skills are honed. I think the difference now is in how rapidly the entire software development landscape changes.
There are four main classes of project in my experience:
those outsourcing firms that engage outside help from the start. This requires outsourcing firms to acknowledge their own limitations and declare that they aren't an expert at everything to their client.
those projects that are considered successful or low risk enough not to require outside help such as mundane tasks like Y2K
those projects that are in trouble and managers have the security, wisdom, humility, guts and budget to admit that they need help and bring in one or more outsiders whom may even be from the client themselves
those that are in trouble, often deep trouble, but one or more of the five necessary ingredients in previous bullet are missing.
It may be a hangover from the eighties, but corporations are very quick to expel perceived dissent and therefore if inexperience is discussed, it is usually quickly buried. Outsourcing firms have not only managed to shutdown perceived dissent but have matured this as a practice.
One of the types of experience is working together. Seven new and four experienced developers plus a manager or two working on a project have just met each other on the first day of the project. The initial assignments will be wrong and given to the wrong people. The wrong people will be given the job of design, and so the design will not be good. Take those same dozen people a year or two later and put them on another project together. The initial, crucial decisions will be much better. The improvement will be much larger than the simple one or two years of experience would seem to indicate. The estimates will be more accurate. All this is very hard for corporations to do. People get promoted, quit and have babies. Teams with good self-knowledge can put the weaker members on jobs they can do usefully.
| | View blog reactionsPeople who are inexperienced in general have always been with us, in every field, and there is usually some kind of apprenticeship period (possibly academic) during which their skills are honed. I think the difference now is in how rapidly the entire software development landscape changes.
There are four main classes of project in my experience:
It may be a hangover from the eighties, but corporations are very quick to expel perceived dissent and therefore if inexperience is discussed, it is usually quickly buried. Outsourcing firms have not only managed to shutdown perceived dissent but have matured this as a practice.
One of the types of experience is working together. Seven new and four experienced developers plus a manager or two working on a project have just met each other on the first day of the project. The initial assignments will be wrong and given to the wrong people. The wrong people will be given the job of design, and so the design will not be good. Take those same dozen people a year or two later and put them on another project together. The initial, crucial decisions will be much better. The improvement will be much larger than the simple one or two years of experience would seem to indicate. The estimates will be more accurate. All this is very hard for corporations to do. People get promoted, quit and have babies. Teams with good self-knowledge can put the weaker members on jobs they can do usefully.
Saturday, April 28, 2007
Links for 2007-04-28
I suspect that most folks don't understand the fact that business folks don't really want to understand SOA. They do expect IT folks to understand the best way to build software
How come industry analysts aren't noodling the disconnect between hardware folks pumping out multi-core processors and software developers who don't understand either multithreading and/or concurrency?
Folks in the ECM world need to read multiple times the words of wisdom from John Newton
An incredibly thoughtful posting by Gunnar Peterson on User Centric Identity, CardSpace, OpenID and Enterprise Security
Want to work in Hong Kong?
Glad to see Alfresco in the Number One spot
Should Microsoft, IBM, HP, CA, Sun produce tools in this space? I believe not!
Out of the Fortune 500, I suspect only Sun doesn't have a production instance so they can ignore. The rest of the world should read
I wonder if the topic of why enterprises prefer compiled languages over scripting languages will come up? More importantly, can folks conclude something more logical than we are simply enterprisey?
Secure Coding Standards
If you are the CTO of an ECM, BPM, ESB, CRM, ERP or ABC software vendor, then please check out CERT Secure Coding Standards web site. You may notice industry analysts asking lots of questions in upcoming briefings in this regard and if you have the wrong answer, you may no longer appear in the Gartner leaders quadrant and/or the Forrester wave...
| | View blog reactionsFriday, April 27, 2007
Why Linux is better than Solaris...
Ever been to Linux ISO? Notice how you can download both CD and DVD versions? Notice how you don't have to register in advance nor login? With Solaris you do...
| | View blog reactionsYet another outsourcing failure...
Infosys has a blogging site where only carefully picked employees can provide commentary to the outside world. I wonder what it would take for outsourcing firms to create a platform similar to Sun?
Vinne Michandani appropriately commented on TCS, the largest Indian vendor who plans on hiring 30,000 associates a year and refers to this as the Day Care Model that everyone should consider.
Likewise, many India based bloggers have been notoriously silent on the notion of backsourcing which is when IT functions are brought back in-house after they have been outsourced. Many folks should consider the fact that the best time to backsource an IT function is before you outsource it. Are there any folks in India that would be willing to blog their thoughts on best practices or will they simply resort to keeping their head in the sand and not acknowledge any form of failure rate?
I know they will attack my thought process without actually answering the question. I am willing to contribute $500 to a mutually agreeable charity if any Infosys blogger posts metrics on infosysblogs.com as to how they practice diversity using EEOC definitions...
| | View blog reactionsVinne Michandani appropriately commented on TCS, the largest Indian vendor who plans on hiring 30,000 associates a year and refers to this as the Day Care Model that everyone should consider.
Likewise, many India based bloggers have been notoriously silent on the notion of backsourcing which is when IT functions are brought back in-house after they have been outsourced. Many folks should consider the fact that the best time to backsource an IT function is before you outsource it. Are there any folks in India that would be willing to blog their thoughts on best practices or will they simply resort to keeping their head in the sand and not acknowledge any form of failure rate?
I know they will attack my thought process without actually answering the question. I am willing to contribute $500 to a mutually agreeable charity if any Infosys blogger posts metrics on infosysblogs.com as to how they practice diversity using EEOC definitions...
Links for 2007-04-27
While Process is important, many
Agilists aren't trying to change folks minds but are trying to get folks to think about what they are doing and not just blindly accept what the latest consultant or industry analyst is saying
One person still attempting to understand enterprise architecture. Tell's me that us authors are failing
Are there lots of folks in the blogosphere attempting to sell methodologies without knowing what they are talking about?
On one hand this individual talks about risks but somehow AIIM doesn't think that security or lack of within ECM products is one of them
Folks should be fearful of adding in security after the fact. I wonder if folks understand that security features may not be security
Great guidance that folks should read. Of course they left off the abuse of words such as diversity which doesn't align to EEOC
Freely available report by several industry thought leaders
Folks refuse to ask the hard questions
I bet the vast majority of enterprise architects have no notion of canonical form in their thinking
Thursday, April 26, 2007
Enterprise Architecture and the legalization of Marijuana
Many folks are advocates of the legalization of marijuana for medicinal purposes. I wonder what the conversation would sound like in the workplace if folks started smoking...
It would be interesting to understand HR policies around firing someone for doing something that became legal and otherwise is deemed an medical event. While safety is always a consideration, especially in manufacturing, it probably matters much less since much of this doesn't occur within the United States anymore.
I bet lots of folks would argue about decreased productivity without figuring out whether it may actually increase productivity. Imagine all the time savings that enterprise folks spend in useless meetings getting on the same page where they are asked to keep their presentations at a high-level and instead could share deeper details on IT solutions and it would be better received.
The one question I have always asked myself is who are the buyers of drugs? Economics would indicate that it isn't folks who work at McDonalds flipping burgers. I suspect there is a lot more drug usage in large enterprises (off premises) than folks would want to talk about publicly. Maybe legalization will be a form of emanicipation?
| | View blog reactionsIt would be interesting to understand HR policies around firing someone for doing something that became legal and otherwise is deemed an medical event. While safety is always a consideration, especially in manufacturing, it probably matters much less since much of this doesn't occur within the United States anymore.
I bet lots of folks would argue about decreased productivity without figuring out whether it may actually increase productivity. Imagine all the time savings that enterprise folks spend in useless meetings getting on the same page where they are asked to keep their presentations at a high-level and instead could share deeper details on IT solutions and it would be better received.
The one question I have always asked myself is who are the buyers of drugs? Economics would indicate that it isn't folks who work at McDonalds flipping burgers. I suspect there is a lot more drug usage in large enterprises (off premises) than folks would want to talk about publicly. Maybe legalization will be a form of emanicipation?
Links for 2007-04-26
Good to see that Gartner is calling out the current state of IT leadership and how we should all avoid stepping in it
Good to see analyst firms pursuing the Asian market. I suspect that they will make more money servicing China than India as once outsourcing finally fails, India's economic model is less sustainable
Glad to see others acknowledging how folks in enterprise spend way too much time on current state analysis
I wonder when Industry Analysts such as Gartner will not only start talking about CardSpace within their research but more importantly compare/contrast OpenSSO to offerings from Oracle, IBM and CA
Good to see others talk about the greater Internet Fuckwad Theory
Wednesday, April 25, 2007
CardSpace and Enablement of an existing Site
I have been busy coming up to speed on CardSpace and Enablement of an existing site and have ran into the following issues:
1. As I understand, it is up to the relying party to determine which claims they require from a card and will use this to match an internal user store. If the card contained an email address, one could write code to match as follows:
This code tells me that you first have to trust that Cardspace software from MS or Java equivalents such as WSO2 have first validated the token's signature and validated it from a cryptographic perspective. What I don't understand is how many fields one should match on as a practical consideration?
2. It seems as if CardSpace can support claims-based security checks which is a little different than role-based security checks. Are there thoughts from the security community such as Gunnar Peterson on this?
3. Should Cardspace support roaming scenarios? For example I may want to take my card and use it at an upcoming conference in a one-time usage scenario at the conference provided computers.
4. Should Cardspace 2.0 somehow support the notion of a Turing test to prove that a user is a human? Was thinking about Dick Hardt example of going to a bar and knowing whether the person on the other end is really a person?
5. I would like to request Multivalued Attributes from my site as a claim where I specify specific values in terms of a list but can't figure out how to do this.
| | View blog reactions1. As I understand, it is up to the relying party to determine which claims they require from a card and will use this to match an internal user store. If the card contained an email address, one could write code to match as follows:
MembershipUser user = Membership.GetUser(this.User.Identity.Name);
if (user.Email == emailaddressClaim) {
user.Comment = ppidClaim;
Membership.UpdateUser(user);
}
This code tells me that you first have to trust that Cardspace software from MS or Java equivalents such as WSO2 have first validated the token's signature and validated it from a cryptographic perspective. What I don't understand is how many fields one should match on as a practical consideration?
2. It seems as if CardSpace can support claims-based security checks which is a little different than role-based security checks. Are there thoughts from the security community such as Gunnar Peterson on this?
3. Should Cardspace support roaming scenarios? For example I may want to take my card and use it at an upcoming conference in a one-time usage scenario at the conference provided computers.
4. Should Cardspace 2.0 somehow support the notion of a Turing test to prove that a user is a human? Was thinking about Dick Hardt example of going to a bar and knowing whether the person on the other end is really a person?
5. I would like to request Multivalued Attributes from my site as a claim where I specify specific values in terms of a list but can't figure out how to do this.
Tuesday, April 24, 2007
Industry Analysts and Storage Area Networks
How come industry analysts aren't asking storage area network (SAN) vendors why they aren't building compression functionality into their products?
Yes, I understand it is not in the best interest for storage area network vendors to help enterprises efficiently utilize their technology and that by building in support for compression, it may result in either cutting potential sales by half or even may cause enterprises to buy even more storage since they can use it even more inefficiently.
I also understand that there are third party products such as StoreWiz that will do this independent of the SAN vendor but that doesn't change the fact that it really should be built in and not a separate product.
I understand that many vendors have done file-level deduplication but in all reality, we need more capability than simply calculating a hash to determine duplicates. What would it take to deduplicate within a file or across files. For example, if you consider the average utility who stores statements they send to their customers using various ECM products where much of the information contained on the statement is unique to all folks who receive them feels like a big opportunity to add value.
Maybe I got it twisted and industry analysts don't believe that storage vendors should play a part here and this particular example is more of a thing that should be solved by ECM vendors. It would be interesting to hear the perspective of both parties.
I know folks from Sun may have even different perspectives as Solaris supports compression at the file system level. Actually Windows NTFS does the same thing. Does anyone know which is more efficient in terms of compression?
| | View blog reactionsYes, I understand it is not in the best interest for storage area network vendors to help enterprises efficiently utilize their technology and that by building in support for compression, it may result in either cutting potential sales by half or even may cause enterprises to buy even more storage since they can use it even more inefficiently.
I also understand that there are third party products such as StoreWiz that will do this independent of the SAN vendor but that doesn't change the fact that it really should be built in and not a separate product.
I understand that many vendors have done file-level deduplication but in all reality, we need more capability than simply calculating a hash to determine duplicates. What would it take to deduplicate within a file or across files. For example, if you consider the average utility who stores statements they send to their customers using various ECM products where much of the information contained on the statement is unique to all folks who receive them feels like a big opportunity to add value.
Maybe I got it twisted and industry analysts don't believe that storage vendors should play a part here and this particular example is more of a thing that should be solved by ECM vendors. It would be interesting to hear the perspective of both parties.
I know folks from Sun may have even different perspectives as Solaris supports compression at the file system level. Actually Windows NTFS does the same thing. Does anyone know which is more efficient in terms of compression?
Voluntary Human Extinction Movement
Have you heard of the Voluntary Human Extinction Movement? They are seeking volunteers from the following demographics:
Enterprise Architects who are afraid to champion open source
Those who program in Smalltalk and other second-class languages
CTO's of BPM, ECM, ERP, CRM and ESB vendors who haven't yet stepped up to incorporating SAML and XACML support in their product
Six Sigma folks who believe that process is a substitute for competence
Enterprises who allow non-technical IT folks to become CIOs
Those who practice management by magazine but are afraid to admit it
Those who supported Kathy Sierra but didn't call her out on the fact that convicting folks in the court of public opinion is wrong
Those who can't understand the difference between management and leadership
Folks who think agile is a word they should use to describe their otherwise monolithic architectures
Industry analysts who won't put open source projects in the same research reports as commercial closed source offerings
Those who think that innovation is happening within their shop when status quo is pervasive
Folks who voted for George Bush
| | View blog reactionsMonday, April 23, 2007
Outsourcing and the Emancipation of the Enterprise Architect
I have surveyed six different enterprise architects in my local area and even one I met while on vacation at the Culinary Institute on the topic of outsourcing and they all had a lot to say...
I asked each of these individuals whether their employer was currently outsourcing work to India. I then asked them do they believe that outsourcing will fail in their enterprise within the next three to five years with the response being varied from an emphatic yes to a more tempered response indicating failure but otherwise putting a spin on it in terms of achieving mediocrity.
My last question to these individuals was once outsourcing to India fails, would you within your own mind, smile? I suspect that the masses already know the answer to this question which is intriguing at some level. This is the first time in history where folks genuinely desire an initiative that their employer is undertaking to either fail or at least be marginal. I wonder if the masses within large enterprises want an initiative to fail, will it happen no matter how diligent folks in India are or will it fail simply because of junior skillsets that India currently has so much of?
The interesting thing is that wise enterprises such as Google have already figured out that outsourcing in terms of cost savings and rate arbitrage is doomed to mediocrity and have established a model that CIOs should stand up and pay attention to. If you aren't familiar with Google's Summer of Code, they offered $4500 to folks worldwide. The key thing to pay attention to is that there wasn't a different rate for folks in the United States vs Brazil vs India as the focus moved away from rate arbitrage towards something more important which is the relentless pursuit of top talent no matter where they may reside.
If employers in the United States where to borrow this same concept from the Google playbook, would they be more successful? I believe so and here are the reasons why! Much of the rants regarding outsourcing in the blogosphere are all about folks who have lost their jobs to junior folks in India but these rants disappear over time when they find that they were able to not only get a better job but one that pays much more than they were making. I have two theories on why outsourcing fails which isn't really talked about.
My first theory is that outsourcing will always fail even in situations where no one loses their job. American's, at least those who were born here tend to be very patriotic and outsourcing doesn't really address this deeper emotion. It is human nature to care more for your neighbor than someone down the street and even more for the person down the street than someone in another country. Getting the masses to ignore engrained feelings is difficult at best.
Of course, part of the strategy is to leverage folks who may be American in terms of citizenship but otherwise don't have a single iota of patriotism in their bodies to rollout outsourcing initiatives. This will bring failure to the level of mediocrity. The second theory I have is that outsourcing fails because folks really have no interest in working with junior folks. Let's pretend that Martin Fowler, Kent Beck, Brenda Michelson, Grady Booch, Joel Spolsky, James Robertson, James Tarbell, Robert McIlree and other top talent in the blogosphere were all offshore working in Bangladesh. I believe folks would not only be more participatory in terms of making outsourcing a success, they would actually volunteer to make it happen so as to work with these individuals. If there is a way to eliminate all the lower-talent folks in India (approx 97.4% of the IT population) then outsourcing would not only have a better chance of success but enterprise architects would be emancipated...
| | View blog reactionsI asked each of these individuals whether their employer was currently outsourcing work to India. I then asked them do they believe that outsourcing will fail in their enterprise within the next three to five years with the response being varied from an emphatic yes to a more tempered response indicating failure but otherwise putting a spin on it in terms of achieving mediocrity.
My last question to these individuals was once outsourcing to India fails, would you within your own mind, smile? I suspect that the masses already know the answer to this question which is intriguing at some level. This is the first time in history where folks genuinely desire an initiative that their employer is undertaking to either fail or at least be marginal. I wonder if the masses within large enterprises want an initiative to fail, will it happen no matter how diligent folks in India are or will it fail simply because of junior skillsets that India currently has so much of?
The interesting thing is that wise enterprises such as Google have already figured out that outsourcing in terms of cost savings and rate arbitrage is doomed to mediocrity and have established a model that CIOs should stand up and pay attention to. If you aren't familiar with Google's Summer of Code, they offered $4500 to folks worldwide. The key thing to pay attention to is that there wasn't a different rate for folks in the United States vs Brazil vs India as the focus moved away from rate arbitrage towards something more important which is the relentless pursuit of top talent no matter where they may reside.
If employers in the United States where to borrow this same concept from the Google playbook, would they be more successful? I believe so and here are the reasons why! Much of the rants regarding outsourcing in the blogosphere are all about folks who have lost their jobs to junior folks in India but these rants disappear over time when they find that they were able to not only get a better job but one that pays much more than they were making. I have two theories on why outsourcing fails which isn't really talked about.
My first theory is that outsourcing will always fail even in situations where no one loses their job. American's, at least those who were born here tend to be very patriotic and outsourcing doesn't really address this deeper emotion. It is human nature to care more for your neighbor than someone down the street and even more for the person down the street than someone in another country. Getting the masses to ignore engrained feelings is difficult at best.
Of course, part of the strategy is to leverage folks who may be American in terms of citizenship but otherwise don't have a single iota of patriotism in their bodies to rollout outsourcing initiatives. This will bring failure to the level of mediocrity. The second theory I have is that outsourcing fails because folks really have no interest in working with junior folks. Let's pretend that Martin Fowler, Kent Beck, Brenda Michelson, Grady Booch, Joel Spolsky, James Robertson, James Tarbell, Robert McIlree and other top talent in the blogosphere were all offshore working in Bangladesh. I believe folks would not only be more participatory in terms of making outsourcing a success, they would actually volunteer to make it happen so as to work with these individuals. If there is a way to eliminate all the lower-talent folks in India (approx 97.4% of the IT population) then outsourcing would not only have a better chance of success but enterprise architects would be emancipated...
Sunday, April 22, 2007
Enterprise Portal Smackdown
If you haven't already heard the news, The annual AIIM Expo held an Enterprise Portal Smackdown where BEA, IBM and Liferay all competed toe-to-toe. Liferay Enterprise Portal which is 100% unrestricted open source won hands down over its commercial competition...
| | View blog reactionsLies told by BPM Vendors
Enterprises embarking on the path of BPM need to figure out what BPM vendors aren't telling you...
There are a variety of bloggers discussing how their products are standards compliant with BPMN, BPEL and BPEL4People where others are discussing Do BPM before BAM yet there is not a single conversation around the need to think about security upfront.
Wouldn't it be intriguing if your BPM vendor told you how their product could participate in single signon (SSO) via industry standards such as SAML and/or WS-Federation? Wouldn't it be equally interesting to hear from your vendor regarding support for identity standards such as OpenID and/or CardSpace? I bet if you asked your favorite BPM vendor about adding in support for XACML they will avoid the question as the architecture of many of these BPM products would require rewriting from scratch, the ability to externalize entitlements.
I wonder if Ishmael Ghalimi, Phil Gilbert, Bruce Silver and others in this space would entertain a public conversation on the notion of the weaknesses of BPMN. For example, it is intriguing that we can have a decision shape that looks pretty on the diagram but no one ever really talks about the behavior of a decision and how each and every single product implements it differently. I bet a deeper look into this space would uncover that 95% of all the work in BPMN is not portable between one vendor and another.
I can take a J2EE application originally targeted to run on JBoss and easily move it to BEA Weblogic but I can't take an application written for Intalio and move it easily to Lombardi. Do BPM vendors care about this type of portability to the level where they will take actions to actually have conversations across companies?
| | View blog reactionsThere are a variety of bloggers discussing how their products are standards compliant with BPMN, BPEL and BPEL4People where others are discussing Do BPM before BAM yet there is not a single conversation around the need to think about security upfront.
Wouldn't it be intriguing if your BPM vendor told you how their product could participate in single signon (SSO) via industry standards such as SAML and/or WS-Federation? Wouldn't it be equally interesting to hear from your vendor regarding support for identity standards such as OpenID and/or CardSpace? I bet if you asked your favorite BPM vendor about adding in support for XACML they will avoid the question as the architecture of many of these BPM products would require rewriting from scratch, the ability to externalize entitlements.
I wonder if Ishmael Ghalimi, Phil Gilbert, Bruce Silver and others in this space would entertain a public conversation on the notion of the weaknesses of BPMN. For example, it is intriguing that we can have a decision shape that looks pretty on the diagram but no one ever really talks about the behavior of a decision and how each and every single product implements it differently. I bet a deeper look into this space would uncover that 95% of all the work in BPMN is not portable between one vendor and another.
I can take a J2EE application originally targeted to run on JBoss and easily move it to BEA Weblogic but I can't take an application written for Intalio and move it easily to Lombardi. Do BPM vendors care about this type of portability to the level where they will take actions to actually have conversations across companies?
eDiscovery, Industry Analysts and IT Security Professionals
Industry analysts and IT security professionals have been notoriously silent on the latest changes to the Federal Rules of Civil Procedure (FRCP) that deman an exhaustive search of all electronically stored information including email, voice and video content for disclosure within 99 days. Most enterprises will struggle to make this happen...
This would be an interesting space for James Governor and Michael Cote of Redmonk to cover as this pretty much demands a different architecture than what enterprises have been doing for the last 30 or so years.
Minimally, I see the need for Enterprise Architects who understand that IT alignment with the business is important that they have an equal fidicuary need to serve their invisible customer known as lawyers who want to rape your enterprise when it comes to data leakage and other IT-oriented threats that the business doesn't yet understand. Some of the components that enterprise architects will need to ponder include:
Convergence of Voice/Video with traditional IT technologies
Pattern Matching of Data within IT data stores
Search technologies so that you can find it all
Terabyte scalability
Automated compliance to retention policies
Meta-Data: An abused but otherwise important concept
Language Independence: Doesn't matter if your architecture is based on Java or a second-class language such as SmallTalk
The funny thing is that I suspect those industries who have been affected by Eliot Spitzer, NY Attorney General and now Governor have the hindsight to have retrofitted many of their IT systems to make them more subpeona-oriented. Generally speaking though, the learning of folks in NY especially the ones on Wall Street haven't yet been codified into something consumable by other industry verticals...
| | View blog reactionsThis would be an interesting space for James Governor and Michael Cote of Redmonk to cover as this pretty much demands a different architecture than what enterprises have been doing for the last 30 or so years.
Minimally, I see the need for Enterprise Architects who understand that IT alignment with the business is important that they have an equal fidicuary need to serve their invisible customer known as lawyers who want to rape your enterprise when it comes to data leakage and other IT-oriented threats that the business doesn't yet understand. Some of the components that enterprise architects will need to ponder include:
The funny thing is that I suspect those industries who have been affected by Eliot Spitzer, NY Attorney General and now Governor have the hindsight to have retrofitted many of their IT systems to make them more subpeona-oriented. Generally speaking though, the learning of folks in NY especially the ones on Wall Street haven't yet been codified into something consumable by other industry verticals...
Take AIIM on Security
Out of all the ECM vendors in existence, Alfresco seems to not only have the most integrity but are most tuned into the needs of their customers...
John Newton appropriately noted that the folks at AIIM are negligent in that they haven't figured out how enterprise security concerns should converge with ECM standards. He also noted that ECM vendors consider security as a second-class consideration. Hopefully, over time when industry analysts such as Alan Pelz-Sharpe of CMSWatch, Barry Murphy of Forrester, Nick Patience of the 451 Group and Karen Shegda of Gartner start covering security standards that are applicable to the ECM space within upcoming research reports.
Anyway, I figured I would comment on some wonderful things said by John:
Interoperability is key which includes thinking about security considerations. ECM is no longer a standalone play and is starting to become integrated into enterprise applications. I suspect that Salesforce.com will deeply integrate ECM into CRM such that the user believes they are working with one tool and not two.
In terms of politics, I would love to understand whether this can be solved by having more enterprises participate in standards creation? Is it that the agenda is too driven by software vendors who have their own insular issues to deal with? Maybe instead of complaining, I should actively participate? John, could you put me in contact with the speaker coordinator for this event so I can personally address this issue?
In terms of whether it should be ACL, role-based or policy-based, I have the following thoughts. First, I believe that customers should think of which model best suites them by having the ability to configure which model works best. Second, I would also say that the better model supports an open SDK where customers if they aren't happy, can write their own.
It seems as if many vendors in this space can leverage external authentication services but yet require their own identity services which is interesting at some level and flawed at another. Whether you choose OpenID because you want a vendor-neutral way of identifying users or something more proprietary such as CardSpace doesn't really matter much to me as long as you choose one and solve for this problem-space quickly. In terms of difficulty in implementation, it isn't that much code to actually support both at the same time.
If the industry embraces XACML, the enforcement could occur based on inspecting meta-data which does require enterprises to pay attention to controls on the content. I suspect that you are fearful in proposing this since many customers don't really have a sound, thoughtful metadata strategy and therefore it may fail for other reasons.
May I say that pass-through authentication approaches are also inadequate in that it sometimes becomes important to understand the credentials especially once we move away from username/password like constructs?
Should search leverage the same entitlements model? If search engines also supported XACML then having a layer that externalizes so as to make consistent would be a good thing.
John, I can tell you that enterprises such as AIG, Home Depot, Merck, J&J, Boeing, Washington Mutual, Bank of America, GE, Schwab and Merrill Lynch have all started to have this conversation in a public way and have started to engage the discussion at many industry analyst driven conferences as a first step. I can also say that if vendors would like for me to share additional insights, all they have to do is ask...
| | View blog reactionsJohn Newton appropriately noted that the folks at AIIM are negligent in that they haven't figured out how enterprise security concerns should converge with ECM standards. He also noted that ECM vendors consider security as a second-class consideration. Hopefully, over time when industry analysts such as Alan Pelz-Sharpe of CMSWatch, Barry Murphy of Forrester, Nick Patience of the 451 Group and Karen Shegda of Gartner start covering security standards that are applicable to the ECM space within upcoming research reports.
Anyway, I figured I would comment on some wonderful things said by John:
- Trying to address security in some of the standards groups such as AIIM’s iECM initiative and JSR-283, the successor to JSR-170, has been politically tricky. It is difficult to figure out what a common view of security is given all of the different models of security such as Access Control List, Role-based Security and Policy-based Security used in Records Management, let alone all the different vendors’ implementations of each. However, looking at this problem going forward, without addressing and standardizing security, we are creating huge barriers to interoperability and not meeting the requirements of new models of interaction on the internet.
Interoperability is key which includes thinking about security considerations. ECM is no longer a standalone play and is starting to become integrated into enterprise applications. I suspect that Salesforce.com will deeply integrate ECM into CRM such that the user believes they are working with one tool and not two.
In terms of politics, I would love to understand whether this can be solved by having more enterprises participate in standards creation? Is it that the agenda is too driven by software vendors who have their own insular issues to deal with? Maybe instead of complaining, I should actively participate? John, could you put me in contact with the speaker coordinator for this event so I can personally address this issue?
In terms of whether it should be ACL, role-based or policy-based, I have the following thoughts. First, I believe that customers should think of which model best suites them by having the ability to configure which model works best. Second, I would also say that the better model supports an open SDK where customers if they aren't happy, can write their own.
- There needs to be a common way of addressing identity between different services whether those services are in the enterprise or outside. As we start to bring customers and partners into the process of serving themselves or helping us design new products and services, we can’t just rely on internal directory services. OpenID is the only standard that I am aware of that provides a neutral way of identifying users and is not dependent on any single vendor.
It seems as if many vendors in this space can leverage external authentication services but yet require their own identity services which is interesting at some level and flawed at another. Whether you choose OpenID because you want a vendor-neutral way of identifying users or something more proprietary such as CardSpace doesn't really matter much to me as long as you choose one and solve for this problem-space quickly. In terms of difficulty in implementation, it isn't that much code to actually support both at the same time.
- The big, looming problem in content is the fact that huge numbers of users are adding, accessing or updating an even larger number of pieces of content. This calls for a model that controls content through definition of context such as time, location, metadata or role. XACML could very well fit this model. However, users need to understand this model as they set up the controls on the content.
If the industry embraces XACML, the enforcement could occur based on inspecting meta-data which does require enterprises to pay attention to controls on the content. I suspect that you are fearful in proposing this since many customers don't really have a sound, thoughtful metadata strategy and therefore it may fail for other reasons.
- Identity is not sufficient for determining roles or entitlements. There needs to be a more open way of integrating multiple directories without revealing sensitive information. This is the same problem we are trying to solve for content and directories need the same mechanism to define access.
May I say that pass-through authentication approaches are also inadequate in that it sometimes becomes important to understand the credentials especially once we move away from username/password like constructs?
- As search becomes increasingly federated, such as through the OpenSearch API, managing identity and entitlements on content becomes very problematic. The search sources should filter out any content to which the user doesn’t have access. However, that requires some cooperation with the software that is doing the aggregating and the content sources. ECM systems will probably control the most sensitive information, but this will need to be aggregated with public sources as well to create effective search applications for the enterprise.
Should search leverage the same entitlements model? If search engines also supported XACML then having a layer that externalizes so as to make consistent would be a good thing.
- If you are at AIIM, bring the issue in relevant sessions. I don’t have all the answers nor does any vendor. People in the middle of this problem like James can help by bringing up their use cases. If we start asking the questions, then perhaps we can collaboratively answer the questions and solve this problem. If you think standardizing this is hard, try imagining building next generation systems without standardizing these security needs.
John, I can tell you that enterprises such as AIG, Home Depot, Merck, J&J, Boeing, Washington Mutual, Bank of America, GE, Schwab and Merrill Lynch have all started to have this conversation in a public way and have started to engage the discussion at many industry analyst driven conferences as a first step. I can also say that if vendors would like for me to share additional insights, all they have to do is ask...
Links for 2007-04-22
No love from the A-List bloggers...
What are disadvantages/challenges in web services
I would argue that if you have a web service management platform that transaction support is a bigger challenge than security as many of these vendors in their next release will support SAML and XACML
Identity Predictions for 2007
I wonder if this author is brilliant or got it twisted?
WSO2 Commons Admin UI Framework
User Interfaces for administration of applications isn't talked about much.
DirectBuy
If you heard about DirectBuy on TV or Radio advertising, please check out this site first
The MIT License
Thoughtful analysis by Raven Zachary
Paradigm Shift: Busyness to Burstyness
Former RedNun Anne 2.0 describes how I feel on a daily basis
Hackers invited to crack Internet voting
I wonder if this should be the norm for all voting machine software? Maybe folks from Diebold could comment?
Identity Zeitgeist
How do you know when you have been in the Identity community too long?
An architects natural mode of thinking is lateral
A good architect will engage in a thinking process that generates creative synergies, brilliant shortcuts and identifies the serious issues well ahead of time.
Take AIIM on Security
Will AIIM start paying attention to security or simply bury the issue?
| | View blog reactionsI would argue that if you have a web service management platform that transaction support is a bigger challenge than security as many of these vendors in their next release will support SAML and XACML
I wonder if this author is brilliant or got it twisted?
User Interfaces for administration of applications isn't talked about much.
If you heard about DirectBuy on TV or Radio advertising, please check out this site first
Thoughtful analysis by Raven Zachary
Former RedNun Anne 2.0 describes how I feel on a daily basis
I wonder if this should be the norm for all voting machine software? Maybe folks from Diebold could comment?
How do you know when you have been in the Identity community too long?
A good architect will engage in a thinking process that generates creative synergies, brilliant shortcuts and identifies the serious issues well ahead of time.
Will AIIM start paying attention to security or simply bury the issue?
Saturday, April 21, 2007
Achieving Dominance in the Blogosphere...
I have taken the best practices of enterprise architecture as practiced in non-agile organizations, combined with modern process-orientation and spiced it up with pinch of buzzwords to create the ultimate strategy to be the number one blogger in the blogosphere...
I will first synergize my blog reader's core competencies through reimplementing and repurposing mission-critical proactive benchmarks for improved TCO combined with our best-in-class knowledge base of best practices that aligns outside the box empowered win-win scenarios that touch based while providing increased optimization.
To operationalize this strategy, I will need for you to:
| | View blog reactionsI will first synergize my blog reader's core competencies through reimplementing and repurposing mission-critical proactive benchmarks for improved TCO combined with our best-in-class knowledge base of best practices that aligns outside the box empowered win-win scenarios that touch based while providing increased optimization.
To operationalize this strategy, I will need for you to:
- Empower and align enterprise core competencies, with the evolving globalization of the strategic marketplace for customers and resources.
- Leverage state of the art strategic practices internally as part of the blogosphere ecosystem
- Embrace change as this is the only thing that is guaranteed
Friday, April 20, 2007
Identity Predictions for 2007
The notion of identity as the next killer application has some merit and is worthy of exploration. The problem is that folks within enterprises have very different perspectives than those in the software vendor and venture capital community...
Here are my ten predictions for the remainder of 2007:
1. The ability to externalize identity away from enterprise applications in the BPM, ESB, CRM, ERP, ECM and SOA space will start to take hold. Vendors such as Alfresco, Intalio, ServiceMix, PingIdentity, SXIP and Microsoft will start having more open conversations about its merits and additional standards will emerge.
2. Venture capital will continue to fund federated identity players while funding will slow for more traditional identity management vendors. Venture capitalists likewise will encourage their software vendors to create opportunities by unifiying those within high-profile industry verticals and not simply sitting on the sidelines waiting for it to happen.
3. URL-based identity will move past consumerish web sites and in the Q4 timeframe start to show up in production on investment-oriented sites and even several B2B-oriented sites as well.
4. Either EMC, Sun or Oracle will make attempts to acquire PingIdentity because of the unique value proposition they provide.
5. The enterprise will begin exploring how to use CardSpace in enterprise deployments.
6. Kim Cameron will realize that CardSpace is not only bigger than Microsoft and applications written using Microsoft languages and will step up and help other software vendors who don't write in Microsoft to Cardspace enable their applications.
7. Pat Patterson will lead an internal charge to Cardspace enable J2EE PetStore.
8. Liberty Alliance will become relevant again by focusing on the need to move past discussions on basic identity and start a conversation regarding the need to also talk about authorization.
9. Web Access Management vendors will provide support for both OpenID and Cardspace as a free Service Pack to their offerings before year end.
10. The vast majority of enterprises will remain confused about user-centric approaches to identity and will stick to what they know best, building site-centric identity providers. This trend will occur for at least another five years...
| | View blog reactionsHere are my ten predictions for the remainder of 2007:
1. The ability to externalize identity away from enterprise applications in the BPM, ESB, CRM, ERP, ECM and SOA space will start to take hold. Vendors such as Alfresco, Intalio, ServiceMix, PingIdentity, SXIP and Microsoft will start having more open conversations about its merits and additional standards will emerge.
2. Venture capital will continue to fund federated identity players while funding will slow for more traditional identity management vendors. Venture capitalists likewise will encourage their software vendors to create opportunities by unifiying those within high-profile industry verticals and not simply sitting on the sidelines waiting for it to happen.
3. URL-based identity will move past consumerish web sites and in the Q4 timeframe start to show up in production on investment-oriented sites and even several B2B-oriented sites as well.
4. Either EMC, Sun or Oracle will make attempts to acquire PingIdentity because of the unique value proposition they provide.
5. The enterprise will begin exploring how to use CardSpace in enterprise deployments.
6. Kim Cameron will realize that CardSpace is not only bigger than Microsoft and applications written using Microsoft languages and will step up and help other software vendors who don't write in Microsoft to Cardspace enable their applications.
7. Pat Patterson will lead an internal charge to Cardspace enable J2EE PetStore.
8. Liberty Alliance will become relevant again by focusing on the need to move past discussions on basic identity and start a conversation regarding the need to also talk about authorization.
9. Web Access Management vendors will provide support for both OpenID and Cardspace as a free Service Pack to their offerings before year end.
10. The vast majority of enterprises will remain confused about user-centric approaches to identity and will stick to what they know best, building site-centric identity providers. This trend will occur for at least another five years...
Open Source Needs Lobbyists
Another example of how folks in the media refuse to step up...
Dana Blankenhorn talks about how Open Source Needs Lobbyists yet doesn't acknowledge how he is part of the problem. If he works for a publication such as Ziff-Davis yet doesn't ask himself why they can't simply provide more coverage, then his comments aren't sincere. Maybe what he is asking for is to get some other body to spend lots of advertising dollars while not acknowledging that open source doesn't really need traditional media to be successful.
Throughout his column he always talks about open source but never seems to segment thoughts on commercial open source such as Alfresco, Intalio, MySQL, etc from non-commercial open source such as Apache. Why not ask the question of media and its ability to simply be charitable in terms of advertising space?
He is also overly cordial to industry analysts in this space who have an equal fidicuary duty to provide unbiased coverage to the clients who pay for their services (end-customers not software vendors) yet he refuses to acknowledge this aspect as a problem that also needs to be worked. I am one who puts my money where my mouth is and would donate sums to a worthy charity if anyone from Ziff Davis has the courage to dedicate an entire issue to non-commercial open source. The ball is in Dana's court to make it happen...
| | View blog reactionsDana Blankenhorn talks about how Open Source Needs Lobbyists yet doesn't acknowledge how he is part of the problem. If he works for a publication such as Ziff-Davis yet doesn't ask himself why they can't simply provide more coverage, then his comments aren't sincere. Maybe what he is asking for is to get some other body to spend lots of advertising dollars while not acknowledging that open source doesn't really need traditional media to be successful.
Throughout his column he always talks about open source but never seems to segment thoughts on commercial open source such as Alfresco, Intalio, MySQL, etc from non-commercial open source such as Apache. Why not ask the question of media and its ability to simply be charitable in terms of advertising space?
He is also overly cordial to industry analysts in this space who have an equal fidicuary duty to provide unbiased coverage to the clients who pay for their services (end-customers not software vendors) yet he refuses to acknowledge this aspect as a problem that also needs to be worked. I am one who puts my money where my mouth is and would donate sums to a worthy charity if anyone from Ziff Davis has the courage to dedicate an entire issue to non-commercial open source. The ball is in Dana's court to make it happen...
Thursday, April 19, 2007
PingIdentity, OpenID, Cardspace and Usability
I smiled when I saw a comment in my blog from Ashish Jain acknowledging that CardSpace is not only more secure but also does better in terms of usability when compared to OpenID. Hopefully other bloggers will start making similar comments...
Don't get it twisted as I am not attacking OpenID. On the contrary, I would love to see OpenID become wildly successful. The issue at hand is that Kim Cameron has set a pretty high bar and the only way OpenID could take the lead is if they incorporate the notion of relationship, attestation and authorization into the protocol before the next release.
One of the things that I am struggling with in this space is the lack of industry analyst coverage. I would have expected folks such as Michael Cote, James Governor, Gerry Gebel and others to have asked the question regarding how current web access management products such as Netegrity Siteminder, Oblix CoreID, Tivoli Access Manager , Yale CAS and others will support (or not) both Cardspace and OpenID. Hopefully they are aware that not all folks develop web sites where authentication is built into the application like all those web 2.0 Ruby on Rails sites.
I have noticed that PingIdentity has managed to bridge all of these protocols via their solutions but the usability question still remains. If I currently have a web access managment product, for example Siteminder and I have a current login page (fcc) how do I put a standard login, a Cardspace login as well as an OpenID login all on the same page? Surely, it would result in less usability if folks had to chase down where to login...
| | View blog reactionsDon't get it twisted as I am not attacking OpenID. On the contrary, I would love to see OpenID become wildly successful. The issue at hand is that Kim Cameron has set a pretty high bar and the only way OpenID could take the lead is if they incorporate the notion of relationship, attestation and authorization into the protocol before the next release.
One of the things that I am struggling with in this space is the lack of industry analyst coverage. I would have expected folks such as Michael Cote, James Governor, Gerry Gebel and others to have asked the question regarding how current web access management products such as Netegrity Siteminder, Oblix CoreID, Tivoli Access Manager , Yale CAS and others will support (or not) both Cardspace and OpenID. Hopefully they are aware that not all folks develop web sites where authentication is built into the application like all those web 2.0 Ruby on Rails sites.
I have noticed that PingIdentity has managed to bridge all of these protocols via their solutions but the usability question still remains. If I currently have a web access managment product, for example Siteminder and I have a current login page (fcc) how do I put a standard login, a Cardspace login as well as an OpenID login all on the same page? Surely, it would result in less usability if folks had to chase down where to login...
Wednesday, April 18, 2007
Management Should Push Folks Until They Push Back
Pushing folks until they push back is a technique used by managers in an attempt to maximize the productivity of their subordinates. A manager intentionally assigns too much work or moves up deadlines until a subordinate either (a) refuses to accept the assignment, or (b) fails to complete the assignment on time...
Using this technique, a manager hopes to discover the following:
Subordinates generally don't like this technique, especially when they learn that it is a technique. Many people, especially inexperienced people, feel a duty to accept whatever a manager dishes out. But managers respect those who know their limits and are willing to admit them.
As a subordinate, the best way to deal with a manager who uses this technique is to keep careful track of all the commitments being made, and when they approach the "undoability" level, talk about them with the manager. Don't get upset, don't try to do everything being asked, and don't quit without first trying to negotiate a reasonable amount of work.
Whether this technique is a good one is debatable. It is tough on subordinates who don't know how to deal with it. It is manipulative. But it can help managers determine what their subordinates are capable of, and to what extent they can manage themselves.
| | View blog reactionsUsing this technique, a manager hopes to discover the following:
- How much work the subordinate can handle
- How well the subordinate handles pressure from above
- Whether the subordinate can be trusted to manage his/her own workload
- Whether the subordinate has the courage to say "No, I can't do that"
Subordinates generally don't like this technique, especially when they learn that it is a technique. Many people, especially inexperienced people, feel a duty to accept whatever a manager dishes out. But managers respect those who know their limits and are willing to admit them.
As a subordinate, the best way to deal with a manager who uses this technique is to keep careful track of all the commitments being made, and when they approach the "undoability" level, talk about them with the manager. Don't get upset, don't try to do everything being asked, and don't quit without first trying to negotiate a reasonable amount of work.
Whether this technique is a good one is debatable. It is tough on subordinates who don't know how to deal with it. It is manipulative. But it can help managers determine what their subordinates are capable of, and to what extent they can manage themselves.
Tuesday, April 17, 2007
Open Letter to A-List Bloggers
Dear A-List Bloggers (including, but not limited to, Atrios, Joshua Micah Marshall, Jane Hamsher, Arianna Huffington, John Amato, Glenn Greenwald and John Aravosis please let me know why you will feel sympathy for Kathy Sierra but yet won't talk publicly about the need for charity to prevent abuse of women within your blogs?
The A-List bloggers also didn't have enough courage to talk about how wrong it is to convict folks in the court of public opinion. Maybe I could get you to dedicate just one day to talk about philanthopy instead mindless idiots such as Paris Hilton, Anna Nichole Smith or Don Imus.
Maybe you could consider amplifying an interesting article that appeared in the Wall Street Journal entitled: The Charity Gap (April 4th, 2007) where Sheryl Sandberg findings stood over against what most of us believe about American charitable commitments and concerns. Sandberg's report cites a study underwritten by Google.org that reveals less than one-third of the money individuals gave to nonprofits in 2005 went to help the economically disadvantaged.
The analysis, carried out by the Center on Philanthropy at Indiana University, concluded that only 8% of donations provide food, shelter or other basic necessities. At most, an additional 23% is directed to the poor -- either providing other direct benefits (such as medical treatment and scholarships) or through initiatives creating opportunity and empowerment (such as literacy and job training programs).
When folks drop big checks into the offering plate on Sunday morning, I bet they have in mind my congregation's outreach to the homeless, but the fact is less than 20% (in most churches far less) of every dollar given in church benefits the poor in the United States or anywhere in the world. For individuals and families earning below $100,000, church giving accounts for the majority of gifts offered up.
Really wealthy donors target education and health care in their giving. Sadly, less than 9% of these dollars go for scholarships to low-income students and only about 10% supports health care initiatives for the poor. If you truly care about not only Kathy Sierra but those unknown abused women who will never have a platform where their pain and sorrows will be heard, you will make a honest, swift, deliberate effort to get others to talk about charity. Maybe you may even consider making a small donation to Rainn which is a charity that aligns nicely with fighting abuse. I am sure that the first contributors will be folks such as James Robertson and Tim O'Reilly...
| | View blog reactionsThe A-List bloggers also didn't have enough courage to talk about how wrong it is to convict folks in the court of public opinion. Maybe I could get you to dedicate just one day to talk about philanthopy instead mindless idiots such as Paris Hilton, Anna Nichole Smith or Don Imus.
Maybe you could consider amplifying an interesting article that appeared in the Wall Street Journal entitled: The Charity Gap (April 4th, 2007) where Sheryl Sandberg findings stood over against what most of us believe about American charitable commitments and concerns. Sandberg's report cites a study underwritten by Google.org that reveals less than one-third of the money individuals gave to nonprofits in 2005 went to help the economically disadvantaged.
The analysis, carried out by the Center on Philanthropy at Indiana University, concluded that only 8% of donations provide food, shelter or other basic necessities. At most, an additional 23% is directed to the poor -- either providing other direct benefits (such as medical treatment and scholarships) or through initiatives creating opportunity and empowerment (such as literacy and job training programs).
When folks drop big checks into the offering plate on Sunday morning, I bet they have in mind my congregation's outreach to the homeless, but the fact is less than 20% (in most churches far less) of every dollar given in church benefits the poor in the United States or anywhere in the world. For individuals and families earning below $100,000, church giving accounts for the majority of gifts offered up.
Really wealthy donors target education and health care in their giving. Sadly, less than 9% of these dollars go for scholarships to low-income students and only about 10% supports health care initiatives for the poor. If you truly care about not only Kathy Sierra but those unknown abused women who will never have a platform where their pain and sorrows will be heard, you will make a honest, swift, deliberate effort to get others to talk about charity. Maybe you may even consider making a small donation to Rainn which is a charity that aligns nicely with fighting abuse. I am sure that the first contributors will be folks such as James Robertson and Tim O'Reilly...
