Monday, December 31, 2007
Thoughts on News Years Eve...
Is Hostility a sign of being incompetent?
Software Vendors and Conference Sponsorship
Many folks will spend 15K or more to get an audience with leading CISOs, CTOs and Enterprise Architects in order to pitch their value proposition. The funny thing is that as an enterprise architect who knows hundreds of others, this feels wasteful at many levels.
I wonder why more vendors haven't already approached me sponsoring the local Hartford Chapter of OWASP who will have planned for the first meeting over 200 attendees.
In looking at the various promotional items, I realized that a budget of $500 can go pretty far. It can purchase 200 Cinnamon Mint Tins, 80 Multi-tools, 100 Coffee Mugs or even 80 Aromatherapy Candles in a mug.
Sponsoring local user groups feels like a better value proposition. What am I missing?
Sunday, December 30, 2007
The 2008 Hartford BarCamp
If you aren't familar with a BarCamp, it is an unconference; it's open and free; it's organized bottoms-up instead of top-down; anybody can organize it and anybody can attend it. Folks on my side of town are so enterprisey where we to busy worrying about perception management that we don't actually talk to each other. I figured that it is long overdue for my industry peers to remove that stick shoved up their butt and learn what it feels like to have an honest conversation.
Unlike most unconferences though, we will not exclusively have newbie speakers and have lined up some pretty cool folks to speak on topics such as Smalltalk, Software Security, Web 2.0, Agile Software Development, SOA, and open source. You will recognize the names of many of the planned speakers. Of course, if you have a topic in which you would like to present, please don't hesitate to drop a suggestion.
Anyway, there are two things that still remain. I have many minor sponsors lined up and need one large software vendor to be the premier sponsor. I will also be pinging the folks at Rensselaer to see if they are willing to donate their facilities.
I am not sure if I am violating some unstated protocol, but I do plan on doing a mashup between the BarCamp, OWASP, COOUG, QAAC and whatever else happens to come to mind.
If you like this idea, please show your support by amplifying this blog entry. In the meantime, I need to get back to OWASP matters. Did I mention that the next OWASP meeting will have Gary McGraw of Cigital along with Chenxi Wang of Forrester? This event will be hot...
Saturday, December 29, 2007
Enterprise Architecture and Jargon Proliferation
One of the most painful things I struggle with in being an Enterprise Architect is in getting folks on the same page and the problem usually is when folks have abused a word and added their own meaning to an otherwise common term. Jargon proliferation will take place when others feel the uncontrollable urge to use the unneeded term for reasons which are not to clear. If enough acceptance and use accrues, the jargon may indeed become needed and perhaps preferred over the old term used to describe the concept. Use does seem to make the transition possible regardless of what some may feel or think about it.
The long term affect of folks within large enterprises allowing this behavior is that it confuses the living crap out of outsiders. Have you ever wondered why it takes so long for Indian outsourcing folks to understand your business? Get a clue and put an end to this insanity...
Friday, December 28, 2007
Legitimate reasons to slack off...
Thursday, December 27, 2007
Links for 2007-12-27
Gartner discusses Impediments and Drivers of Application Security without realizing that the solution may be to get other Gartner analysts such as Nick to cover security aspects along with their specialization.
Many software vendors will try to capitalize on the fact that less vulnerabilities will get reported and say it's result of "more secure software"
I really hate when Gunnar Peterson and other uber-smart security professionals show up with their fancy Apple laptops when I have to deal with the corporate issued locked-down Windows one. I see an opportunity for revenge.
A model for finding vulnerabilities by google.
Wednesday, December 26, 2007
Links for 2007-12-26
If you reside in the CT/MA/NY area and read this blog, you need to get your butt to this event.
Pretty decent list. Check it out...
Only if Enterprise Architects were as good retiring applications as they are in procuring new ones. No wonder business folks don't understand our value proposition.
Intriguing post by Alex Fletcher that others should think deeply about.
Experienced people are not afraid to be wrong and are not easily flustered.
We need to figure out how to write less code. More importantly, we need to figure out how to get commercial software vendors to write less code.
Tuesday, December 25, 2007
The Gifts I didn't receive...
Listed below are the five gifts that I wanted but didn't receive...
- Power Tools: I really would have loved to receive a pin nailer and a 12" sliding miter saw.
- Food: I would have loved for each reader of my blog to have donated $25 to Deepalaya
- Networking: My 100 Enterprise Architects Meme wasn't as successful as it should have been. I fell short by eight folks.
- Piety: So many people have gotten it twisted and allowed Satan to divide the believers in one God. Regardless if you are Christian, Muslim and Jewish, we all need to come together under the believe that there is just but one God and to unite against those who think that there are multiple.
- Poverty: The final touch would have been for everyone on my blogroll to add the one.org banner to their own blog and to help make poverty history...
Monday, December 24, 2007
Ways to fail at outsourcing...
I am always amazed at how many folks complain about the low quality of code produced in India yet haven't done their part by specifying how to measure quality in terms of a deliverable. Likewise, many enterprises are paying for insecure software and aren't bright enough to ensure that their web applications are at least compliant to the OWASP top ten.
One of the things that allows an enterprise to sustain competitive advantage is the savage protection of intellectual property. Did you know that IP rights enforcement is, for example, weak in China and Russia but strong in Ireland? Why do you find out what IP rights enforcement is like in the provider's country. Do you know what it is in India?
Why do projects fail in large enterprises?
Have you heard of an operating system named Linux? Did you ever hear of the thousands of contributors piling into a large meeting room to hear the sage wisdom of a project manager? Is the grand Linux comprehensive documentation stored on a sharepoint? I bet if you ask yourself how come open source projects can deliver high quality on time when folks don't even talk to each other, then the problem may not be communication after all...
The model used by Indian outsourcing firms is all about taking otherwise junior IT folks and making them usable regardless of their actual individual competencies. Outsourcing works because they have convinced others that process can become a substitute for competence while open source communities tend to prefer competence over process and hence can develop higher quality software.
Maybe enterprises should stop thinking about open source as a way to acquire products cheaply and instead think of open source as a methodology for software development. If you look at approaches such as Extreme Programming, you may come to realize that notions such as pair programming were created to fix fundamental deficiences in enterprise behavior by encouraging at least one other person to look at code before moving into production. Reality says that more than one person needs to review code in order for it to be of high quality and if only one does, it is more ceremonial than not.
Likewise, in an open source project, the architect is king and folks follow him not because of abstract authority but because of real leadership while enterprises tend to make project managers king whom manage but cannot lead. Architects via stewardship can ensure conceptual integrity while project managers with budgets and deadlines are handcuffed to delivery of perception management at the expense of high quality software.
Maybe open source projects work better than outsourcing because they have better acceptance criteria. If you consider for a moment all of the wonderful standards I have at work, it is still fundamentally easier for me to put crap code into production at work than it is for me to do the same with almost any open source project such as Liferay Enterprise Portal.
Ask yourself, what is the average years of experience for the offshore team working on your enterprisey software and then compare it to average years of experience for open source. I bet you will note that with experience and a desire to participate in a community comes quality...
Links for 2007-12-24
My take is if you use insulting firms you run this risk.
Pankaj Arora believes that enterprises s need to define Architecture Policies, Standards, Best practices to abolish the pattern of re-inventing the solutions for the recurring problems at Enterprise level which is the essense of enterprise architecture. I suspect what he really is asking for is the notion of open source enterprise architecture as the same practices get reinvented across enterprises as well.
we have the privilege of living in the future and as such thinking wisely about the past.
Good to see these two countries creating synergistic relationships.
Sunday, December 23, 2007
Do Industry Analysts understand the importance of Software Security?
Likewise, I also have attempted to find evidence that industry analysts are participating in security-oriented users groups such as The Open Web Application Security Project (OWASP) and have found folks from Forrester Research, The Burton Group, Yankee Group and The 451 Group but haven't found evidence saying that other analyst firms such as Gartner, RedMonk, ZapThink or Ostermann Research are participating.
I would think that Barbara French of Tekrati and other analyst relations firms would appreciate the importance of not only their customers interacting with analysts, but their potential customers and them interacting together with attendees of these users groups who happen to actually procure the software.
Saturday, December 22, 2007
Why do we hate process so much anyways?
Mike asked the question: why do we hate process so much anyways? which the answer is simple. No one hates process, everyone hates bad processes.
- I was working on small teams and sometimes I was simply the only one on the team. There was no established architecture and no standards. Since this was the norm and nobody cared, why bother me with tons of documentation.
- As I moved through my career I worked on larger projects that spanned multiple user groups and application silos. Suddenly, the lack of process became a recipe for failure.
- or those who don't like process, I can meet you half way. I believe in a lightweight process that supports agile development but not process that creates bureaucracy and results in 12-18 month projects that are doomed for failure.
- In addition we are working towards 12 week deliverables where we work on multiple workflows concurrently that need to plug in together at the end
- The trick is to not create so much process that you stifle creativity and make technical decisions based on process instead of business need
- Outsourcing is a decision our company has made so my job is to make it work regardless of what I think about outsourcing. I can complain about it and allow us to fail or I can make it work.
- One of the most important tools is clear direction and good communication.
Friday, December 21, 2007
Enterprise Architecture and Extreme Frustration Patterns
Nowadays, many enterprise architects aren't struggling with technical problems, but are struggling with social issues. One of the common patterns is the advent of Indian outsourcing. I run across lots of folks who deal with poorly written code so full of bugs that you can't even compile it. In jest, I do ask folks whether they asked for the code to be compilable as a requirement.
Part of the modern career path for those within large enterprises is to find ways to escape heavyweight processes and the tedium of much of the work that is rote which pervades many projects. Nothing destroys morale more than etting off of a project that you didn't much care for to work on something fun, only to be repeatedly dragged back for firefighting problems caused by outsourcing firms.
American IT workers likewise experience the other side of frustration in having to defend code that they didn't actually write. Getting blamed by users for crappy software when you are the single person in an IT department innocent of all blame because you have been advocating refactoring the damn mess for a year.
Outsourcing has brought along some worst practices by allowing process weenies to make decisions they really have no business making. Imagine having all technical decisions made by the least technical person, then being force fed their incompetence, then getting blamed for the resulting poor quality...
Thursday, December 20, 2007
Enterprise Architecture and Giving Advice
The best advice in the world is there is no substitute for experience. The nature of humans is to experiment and experience - even if someone else has done it before and reported back. We want to know what it would be like for us, from our viewpoint. As a species we can not live vicariously. Why is looking at a view so much better when you are then than through a picture? Why does hearing the sound of a real bird feel so much better than listening to a recording? We have to experience to "be" and the more intense the experience the more real we feel.
Within enterprise architecture, sometimes it is important for enterprises to repeat the same mistake of others such as outsourcing to india, focusing on processes such as CMMi instead of people and so on. Someone can tell you how to do something but until you have done it yourself you don't really understand why.
When you are a newly minted developer, you start off with writing hello world. Experiencing the familiar in a strange environment. It helps us relate what has gone before to where we are now. Enterprise architects need to help others have more experiences with hello world...
Wednesday, December 19, 2007
Enterprise Budgeting Antipatterns
Every year about this time, venture capitalists and software vendors alike ping me in order to gain insight into how large enterprises procure software. The intriguing thing is that this remains an enigma for even enterprisey insiders such as myself as there is much repeatable or disciplined about it as it relies heavily on the notion of influence. I wonder if influence is a best practice for enterprise architecture or will be its downfall?
Anyway, here are three antipatterns in terms of enterprise budgeting and software procurement:
- I dont understand and therefore it is not important: Nowadays, budgeting is no longer done locally and many hands touch the budgeting process. A local manager may have clear understanding of the need for a piece of software and has articulated this need up the chain. The problem becomes that if communications are linear yet decision-making isn't, it will result in disconnects. Someone not in the food chain may see the budget line item and not have an understanding of its importance and therefore decide that it is unimportant by removing it from the budget. They may also do so without communicating it to the person who put it into the budget originally.
- Playing with Dead Snakes: Folks continually step in the governance and that even if it made the budget and has been justified, it will be constantly revisited. The same presentation may need to be made several hundred times at stages such as getting the funds released, contract procurement, major milestones and so on. Managers and the vendors they work with both wrongly conclude that one a decision is made that it is somehow conclusive.
- Process over People: The stuff that usually survives the budgeting ceremony is the stuff related to process. While we know that initiatives that Todd Biske discusses such as exposing services to your customers are game changing and more important than internally focused insular initiatives discussed by Robert McIlree, the process weenies continually win. The sad fact is that in order to build SOAs or Portals to solve for customer issues tends to take a lot more effort, involve many more parties than simply proposing process oriented initiatives such as CMMi, ITIL or PMI. Delivering process is more of a matter of plaigarizing someone elses playbook than the innovation required to do SOA correctly and hence will feel like lower risk even though it will not have any real ROI.
If you know of other budgeting antipatterns, please share...
Links for 2007-12-19
Alex Barnett improperly calculates the price of coffee and doesn't factor in labor to clean coffee pots and the soap used at home to wash his cup.
Voting machines in many states ignore good good voting practices
Is there a clear role for a CIO or is it a bad collection of 'all things digital' that really needs rethinking? Are CIOs strategic, tactical or distractical?
An interesting response to James Governor of Redmonk.
Tuesday, December 18, 2007
Links for 2007-12-18
Software companies don’t “own” their customers. In the case of Alfresco, any company may already have Documentum, FileNet, Interwoven or Vignette. The reality is that there is only a 5% to 10% penetration of this software – either on a desktop or on the shelf. What is critical is to focus on people and users in companies and not companies as software fiefdoms.
The next big challenge for the Agile community is to set aside some of its principles for the sake of making a much bigger difference in our development environment
Todd Biske states Reference materials are a tool in the arsenal and the degree to which they are used is dependent on how you architects work with the end consumer of the reference material which is spot on.
Liferay leads the portal marketplace in terms of innovation. Scott Lee discusses how portals should integrate with directory services and how Liferay makes it easy. Imagine if the BPM vendors such as Pega, Lombardi Software and Intalio took the same approach?
Managers of businesses need to understand the fundamental features of cooperation if they are to efficiently analyze and restructure their industrial relationship. One should ask if relationship equals alignment?
It is good to see that there is appreciation for architects focusing on open source. I am curious though if this job pay is low or do architects in Europe generally make lower than their US counterparts taking into consideration exchange rates?
Monday, December 17, 2007
Enterprise Architecture and Paradigm Potpourri
In the same way enterprise architects attempt to govern software development by limiting the piling on of features on top of enterprise applications, we sometimes need to govern ourselves when it comes to paradigm adoption as we diminish the benefits of a pure approach. In software development, each additional feature will give one more options that may simplify certain aspects of the code, but because the different ways to do it grows with each feature, it is increasingly less likely that any new feature will make a significant difference. The same thing can be said about enterprise architecture.
When will we stand up and have enough courage to ask ourselves whether we should be pursuing SOA, BPM, ECM, CMMi, Six Sigma, IT outsourcing, Business Rules, ESB, etc strategies all at the same time? We are delusional to think that we are like the building trades where the focus is on enterprise architects creating building codes and handing out permits as part of governance. Of course, we never think about the fact that the building trade also has the notion of occupancy certificates which many of our systems fail miserably at.
If we are to take on so many initiatives at the same time, don't we need to stop for a moment and consider the learning curve of both producers and consumers of our grand strategies? Like a carpenter or plumber, the bigger your toolbox, the more you have to lug around...
Links for 2007-12-17
Do Enterprise Architects that focus on the human aspects of technology have a more rich, rewarding career than those who focus strictly on process?
This blogger believes that the United States is plunging into a Human Katrina where we have Mexicans colonizing us and millions of the world's poorest immigrating to our shores illegally. Is outsourcing the answer?
It is easy to throw daggers at bloggers who take the time to share their thoughts with others on their own time and without compensation while very few take the time out to say thanks.
Security, in order to be done correctly requires server APIs which run in the address space of Documentum itself
Report: Many U.S. Parents Outsourcing Child Care Overseas
Sunday, December 16, 2007
How come conference attendees aren't more appreciative?
Conference attendees spend lots of money to attend conferences but none of this goes to the folks who give presentations. We spend time sharing our knowledge with others traveling thousands of miles yet rarely receive positive public feedback that our efforts are acknowledged.
What would it take for conference attendees to acknowledge the hard work put in by the speakers? Please note that I am not looking for acknowledgment of my contribution but most certainly would love to see my industry peers who make the effort get more appreciation for their efforts...
Links for 2007-12-16
This blogger doesn't feel that Gartner has a great value proposition. I wonder how widely held this belief is?
Ramit Sethi loves making bets with delusional people
I would like to declare that enterprises do care about user-centric approaches as they change the potential for third-parties to charge exorbitant rates for being an identity provider in a traditional federated approach.
Alfresco is on Forrester's Wave but not Gartner's Magic Quadrant. Nuxeo didn't appear on either. I wonder what this means?
Gartner and IDC are predicting an increase in open source sales which is bad news as enterprises will continue to believe they can have their cake and eat it too when they need to figure out how to participate.
Rashid Rauf, who was arrested on suspected links to plot to blow up airliners flying between the U.S. and Britain, escapes from Pakistani custody.
Today, America bleeds to death by a thousand cuts. We’re bleeding from every sector of our society. At some point, the United States of America cannot and will not survive the bleeding. Why? Take a look.
Gartner have recently released a report, Three Potential Pitfalls of Corporate Social Networking by Brian Prentice, with the tagline "Investing in social networking solutions from enterprise vendors is no guarantee that users will embrace the technology". You will get the opportunity to pay $195 for a four page report. Sounds like great value to me.
I haven't heard about the need for reference architectures between discussed amongst enterprise architects in the blogosphere and wonder what the perspective on them are from noted individuals such as Todd Biske, Nick Malik, Scott Mark and Robert McIlree are? Anyway, here is a good article explaining the concept.
Saturday, December 15, 2007
Student of the Month
Friday, December 14, 2007
Links for 2007-12-14
With Enterprise Architecture on the rocks these days, organizations are looking for a fresh approach to governance. Most folks become frustrated or ambivalent after a few years of being squeezed between centralization and localization.
Technology has caught on a lot faster in the Caribbean than it has in India which by the way makes a better destination for outsourcing.
Joel Spolsky comments that typically a company like Accenture or IBM would charge $300 an hour for the services of some recent Yale PoliSci grad who took a 6 week course in dot net programming, and who is earning $47,000 a year and hoping that it’ll provide enough experience to get into business school—anyway, it costs so much to hire these programmers that you’re not going to allowed to build things with Ruby on Rails no matter how cool Ruby is and no matter how spiffy the Ajax is going to be. I wonder if there are other perspectives?
had created security components that handled the respective requirements adequately but were slightly different in each case. I knew that they all shared the same core idea of access control based on authentication and authorization but just didn’t get to the point of building a generic framework that handle all those cases with little customization. It is curious though why developers are concluding the need for a generic authorization framework but not software vendors such as Microsoft, EMC and others?
Becoming an Enterprise Architect is either really simple or really difficult depending on your background. Most Enterprise Architects have spend sufficient time understanding business challenges while also focusing on technology issues where a consulting background only usually leads to spot skills while missing out on the opportunity to see the big picture. My recommendation for anyone wanting to become an enterprise architect would be to actually join a technology firm such as Microsoft, EMC and Oracle as the need for having an Enterprise Architecture program that is internally focused is starting to appear on the radar as is a lot faster career path than the traditional enterprise.
Several great perspectives about SCRUM, PMBOK and other PM considerations
Todd Biske comments on the role of internal audit. I bet if you had a deep conversation with them, they would you understand otherwise unstated business challenges that aren't being addressed by current enterprise architecture activities. You will also find that internal audit is generally supportive of improving enterprise security and could become a business sponsor for initiatives such as log management, entitlements management (XACML) and data masking. I wonder why Todd didn't mention that for perception management reasons it is also a good idea to network with them as they tend to have the ear of the CFO and CEO...
Thursday, December 13, 2007
Links for 2007-12-13
Eric Norman asks a great question regarding Cardspace and what happens when a relying party changes its public key? I would love for Mike Jones to provide his perspective.
Anil John comments on the need to centralize authorization policies in a non-proprietary manner and references how Mark O'Neill and Vordel support this functionality. The IBM DataPower appliance also has equivalent functionality. The real question that I can't find an answer to is what does it take to get software vendors pay more attention to XACML in a bigger way?
Isn't it interesting that industry conferences still have panels regarding the concerns of CIOs but don't actually have a real-world CIO on it?
I really hate when folks talk about how enterprise architecture as practiced in large enterprises in a negative way. Especially when they are right! First companies need to determine a strategy for keeping up with their vendors. Too often the attitude is why upgrade? You just want me to spend money… In some cases this is true but is also a trap for the company. Ignore the vendor upgrades for too long and you get a heck of a technology gap and no one to blame but yourself.
The architecture of participation is something that needs to be discussed more widely and read by my fellow enterprise architects. When was the last time you had a meaningful conversation with someone outside your four walls?
Wednesday, December 12, 2007
More Links for 2007-12-12
Jackson Shaw talks about the need for having an authorization czar at Microsoft. This question should be extended to Oracle, Sun and EMC as well. From what I can tell, Oracle has informally appointed Mark Wilcox, Sun has John Domeninchini while I have no clue about EMC.
Serge Blais of Sun talks about how JBI could converge with XACML. I would if folks that are working on ServiceMix and MuleESB are also following this important step? Would be curious to understand if Sonic and BEA will take the same approach?
Eric Norman comments that the examples for an identity oracle don't make much business sense and reacts to postings by Bob Blakely and Kim Cameron. Eric is spot on with his closing remarks.
It is intriguing that many folks in the identity community still don't appreciate the value of XACML while the ECM, BPM and CRM vendors continue to ignore the problem space because it is either too difficult to undo their suboptimal product designs and/or they aren't working on it because it isn't a new product offering. Luckily Gunnar Peterson and enterprises are starting to wakeup. For vendors that fell asleep and could have capitalized on it early, don't worry, the open source community will do your job for you.
Links for 2007-12-12
It’s a well known fact that deciding what exactly to build is the hardest part of software development. So how does one deal with complexity and uncertainly? Sanity is retained and complexity managed by maintaining conceptual integrity in your solution. This goes beyond the conceptual integrity of the architecture, but the conceptual integrity of a solution.
Vulnerability to Timing Attacks = Increasing Function of Interactivity
Is data leakage the norm and not the exception?
At the end of the day, it is all about loss. If you don't like experiencing loss then you must do something to avoid, minimize, or control it. Welcome to the world of Security.