Sunday, August 31, 2008


Open Source Public Relations?

I know of many public relations professionals but none who contribute their knowledge to charitable causes. I wonder what you would get if you combined open source with public relations?

I have realized that my futile attempts of encouraging industry analysts to provide deeper coverage on open source will go nowhere. The challenge is that analysts have substituted spoonfeeding for actual research where open source projects will almost always lose against their closed source counterparts.

So, instead of fighting the analyst game where the only way to get coverage is to reach deep into your pockets and pull out lots of lint, that open source projects instead consider the notion of open source public relations.

Open source projects shouldn't get in line to issue press releases but instead should always result in leveraging the answer that is most open. In analyzing other methods that were viral such as the 2,000 Bloggers project, why can't others within the community leverage the same tactic?

For example, OWASP has several thousand attendees throughout the planet. Imagine if a simple message went out asking all attendees to post one and only one blog entry that contains links to each other. Everyone who cares about Web Application Security and their blog ranks would rise immediately.

Popularity in the blogosphere is driven by links and we all know that hyperlinks subvert hierarchy. So why aren't you already linking to OWASP...

| | View blog reactions


Links for 2008-08-31

  • No user-centric or enterprise-centric identity
    I wonder why Dave Kearns and others aren't acknowledging the fact that while these should be thought of as personas and distinct in trivial ways that software vendors that provide solutions for identity have to twist them in order to sell products. The only way these concepts can converge is to ignore proprietary messages and the vendors who spoonfeed industry analysts and for the voice of open source to rise above the rest.

  • Who wants to be @OWASP on Twitter?
    I believe that Bex Huff should keep this credential for himself. Of course, if he decides to use it for open mockery of hacked applications, I will most certainly smile. Maybe, now that he has this credential, Craig Randall may solicit opinion from him on how to make DFS secure.

  • Bursting the CMM hype
    I wonder when Indian outsourcing firms will abandon CMMi and propose something with a little bit more integrity?

  • Social Networking 2.0
    An enterprise scale approach to social networking.

  • Why Always having a Plan B matters
    Robert McIlree shares lessons learned regarding a recent experience. My take is that he did the same mistakes I made earlier in my career which was to focus on conceptual integrity over gaining buy-in. Nowadays, in order to be a successful architect, you are not required but almost mandated to take portions of folks ideas no matter how freakin stupid they may be. The notion of buy-in and perception management is causing bad decisions to be made repeatedly in many enterprises. I wonder though why it would come as a surprise to him that others believes he practices analysis paralysis.

  • | | View blog reactions


    Today was an interesting day...

    As I walked out the door this morning, I looked up and saw a 747 really, really, really low over my house with its landing gear down. It was interesting to see such a large plane flying so low and slow, it almost looked like a really big toy suspended in the air.

    As I headed out the door to Home Depot to search for the most perfect Mugo Pine to add to my Bonsai collection, I glanced to my left and watched one car run into another. It wasn't too bad and I continued along.

    As I turned into Home Depot, a Black SUV came barreling out of the lot and ran into a middle aged lady. The driver kept on going with his front fender literally swinging to the right. Other drivers had stopped to check on the lady and I decided to follow the vehicle. I noticed up the street not one but two police cars parked in front of the local strip club (Newington) and I decided to turn in. The police cars had tinted windows and I pulled up to the car and there were no officers in the vehicles. I drove around the lot hoping to find them but had no luck.

    I drove back to Home Depot and checked on the lady and it took over five minutes for the police to show up (Berlin). They took the information and indicated that the guy was speeding away had just snatched a ladies purse in BJ's Wholesale Club. She was insured by AIG so I hope that the claims department there takes good care of her.

    Anyway, I drove and finally parked and was walking to the garden section when some irate guy bumped into me while arguing with his wife in a very physical way. I gave him the look and he knew then that an apology wasn't optional.

    On the way back, I passed the strip club and as I was driving by noticed that the two officers were now breaking up a fight between two women. All of this was before lunch.

    Anyway, I did find the perfect tree...

    | | View blog reactions

    Saturday, August 30, 2008


    McCain vs Obama: Straight Talk

    | | View blog reactions

    Friday, August 29, 2008


    Do IBM employees understand web application security?

    Has anyone noticed that the largest IT employer on the planet almost never talks about web application security? There employees never blog about it, they never do seminars on this topic and their employees almost never attend user groups such as OWASP at a ratio of smaller organizations.

    On the surface, one could simply say that IBM has a vast internal community but according to many IBM insiders when challenged to identify which IBM community takes on this topic, none have been able to provide an answer. Should the marketplace expect more leadership from IBM in this regard or are we content by having Microsoft and Oracle lead the way...

    | | View blog reactions


    Enterprise 2.0

    Shouldn't enterprise 2.0 have a stronger notion of community? Should it contain a way for enterprises to not only focus on business drivers but the greater good of society? Shouldn't enterprise 2.0 have methods for folks in one enterprise to collaborate with folks in another?

    How do I link my work persona with my personal life? How do I let folks in other enterprises in my local area learn about an upcoming OWASP Chapter Meeting?

    So many questions, not enough answers...

    | | View blog reactions

    Thursday, August 28, 2008


    Social Networking 2.0

    Here is my profile on Kiva. Consider getting your own...

    | | View blog reactions


    Are more CIOs getting fired?

    Abbie Lundberg, editor in chief of CIO magazine wrote on this topic but left out some important insights...

    How many CIOs do you know that attempt to treat IT as business as usual where every problem gets rephrased as a challenge that is immediately confronted by a thinly veiled chock-a-block eye candy Powerpoint presentation that lacks substance or becomes an opportunity to see buy a product on the magic quadrant to fill a niche when they should have instead focused on a longer term view by encouraging their existing vendors to do help them enable the strategic intent. Being a CIO requires more than handwaving.

    Back up the school bus and bring in your favorite insulting firm to help you with strategy without realizing that this isn't just about them pulling something out of their knowledge management systems and charging you six figures to do search and replace with a little bit of ceremony piled on top. While this is a different circus, using the same clowns won't get you that far.

    As a profession, we need to stop bullshitting as we are more reactive now than in any other time in history. There is nothing truly strategic that IT does. OK, I know that your incestual habit of word overloading is going to cloud your thinking, but stick with this thought for a moment and acknowledge that crisis is what gets most projects funded and being proactive rarely works. Let's skip the whole perception thing and look at reality by figuring out how long it takes for your enterprise to roll out upgrades to new products that will obviously provide more features that can be leveraged as the litmus test.

    Nowadays, it is rare to see a CIO stay in the same position for more than five years. If everyone knows this dirty little secret, then can we really expect someone in that role to truly think strategic? I would wager that turnover within IT organizations only serves to benefit those who are turning over and in the long haul hurts the business. The mindset of show me the money now is more important than loyalty, stewardship or even fiscal responsibility. It is no longer about making business better, it is though all about what you can sell within a specific time horizon.

    Let's throw the baby out with the bath water. Did your enterprise just get a new CIO? I bet he/she walked in the door thinking that whatever the last person did wasn't right and know that they were brought in to do things differently. So, doing things differently will most certainly address perception management but different doesn't mean better, it simply means different.

    CIOs you have been wildly successful in outsourcing all the folks who otherwise would have sucked up to you and have been successful in reducing expenses by outsourcing to India. What's next? Oops, you have no clue as you may be a one-hit wonder.

    Within my own network of enterprise architects, I rarely run across any of them that aspire to become a CIO no matter how well positioned they may be. The funny thing is that most enterprise architects have an understanding of cause and effect and therefore understand that doing things differently may not always be the right answer. Yes, change is needed within most IT shops but it is more than just rolling out a brand new shiny process. It is also more than just selling the notion of governance as most folks really don't want to step in it. Change has to be targeted at winning the hearts and minds of those within IT such that change is something that isn't sold but something folks truly want to do for themselves.

    Which does your CIO care more about? The morale of the troops or the perceptions of their boss? Of course both are important, but which is more important? Leadership requires followership and you can't be simply appointed a leader. Leadership and management are not interchangeable words. For CIOs that haven't figured out this dirty little secret, maybe you have already noodled that the acronym for CIO may stand for Career Is Over...

    | | View blog reactions

    Wednesday, August 27, 2008


    Why more IT professionals prefer consulting...

    Many folks are aware that Industry Analyst Brenda Michelson of Elemental Links was recently seeking to create a panel at an upcoming conference on SOA practitioners who also understand enterprise security considerations but fell short.

    Sadly, in my own network I too fell short in finding folks who understood both. The funny thing is that both of us could find folks who understood both but worked for consulting firms but neither of us could find folks who understood both but were employed by large enterprises.

    My general reaction to this is that is the start of a trend that could potentially be the anti-thesis to business/IT alignment. When a growing number of IT professionals are favoring contract work over permanent employment because of the better pay on offer, it says that no one that is qualified may be looking out for the best interests of the enterprise and the enterprise architecture may suffer.

    Another take on this problem space says that HR isn't doing their job in that they don't allow for much flexibility in terms of compensation for salaried employed but can be very flexible since HR usually isn't involved with contractors that they are ultimately devaluing their own role.

    Anyway, using consultants for your enterprise architecture initiatives is somewhat dangerous and if you are thinking long-term, then you should have HR policies that allow this to be accomplished. Maybe, we need to discuss IT/HR alignment?

    | | View blog reactions


    Robert McIlree debating with James Robertson

    | | View blog reactions


    Thoughts on Discrimination

    While in Trinidad, I observed how many job opening signs there were in business. Many of them were politically incorrect according to US standards. One sign specifically asked for males while another asked for nice looking Indian females.

    At some level, discrimination occurs in every culture whether it be race, religion, gender, sexual orientation, whether you are a process weenie or prefer lighter-weight approaches and so on. The conversation that has never occured in America is how is this best addressed.

    Many within corporate environments have simply changed their terminology and may reject candidates for other stated reasons while much of the practice still is status quo.

    I wonder if it is actually better for society if we were to not mislead folks into applying for positions that they cannot be possibly even considered for? While aspiring for growth and other positions is healthy, encouraging otherwise wasted efforts surely has an effect on productivity.

    Besides, wouldn't it be more beneficial to humans to know that you didn't get hired because you look like Lurch from the Adams family than to get a generic response stating that you weren't the right fit?

    I guess I have lots of opinion and no opinion on this topic at the same time. Anyway, it is fascinating to observe other cultures and think for a moment that at least in this regard, Trinidad is not following the worst practices of the United States and our approach to human resources. For the record, I am savage believer in equal opportunity, so don't get it twisted...

    | | View blog reactions

    Tuesday, August 26, 2008


    Alternative careers for displaced IT workers

    There are lots of articles in the media regarding the declining trend as to why young folks eschew IT as a profession. Many folks including myself attribute much of the dislike towards outsourcing but I suspect that this isn't the whole truth.

    The funny thing is that I know more folk who have either retired early or left IT because of incompetent managers who pushed them over the edge with bureaucracy than I do who have left because they were displaced by their jobs being taken by Indian outsourcing firms.

    Sadly, industry analyst firms such as Gartner and Forrester can't really survey their clients for this type of data to get at the root cause as it would be politically incorrect for even HR to capture this aspect as part of an exit interview. I wonder though if folks feel I am at least partially right?

    | | View blog reactions


    Links for 2008-08-26

  • Sanity check: Five things that suck about working in IT
    Jason Hiner pretty much sums up why IT is no longer a profession many desire to be in

  • Tulsa Techfest 2008
    The Tulsa Techfest is a two day conference where you not only get to hear from the best and brightest in IT, but also take care of charity at the same time.

  • Work Life BalanceWhen was the last time you saw somebody acheiving work-life balance?

  • ITIL and SOA
    Todd Biske provides insight into how ITIL can benefit SOA but misses an opportunity to provide even more value. While it is somewhat cliche to talk about continual process improvement, it would be highly valuable to outline what types of feedback do operations types observe that could benefit the software development side of the house.

  • Should you put age or marital status on your Israeli resume?
    I thought this blog posting was intriguing from a variety of perspectives. First, the ability to understand how resumes vary amongst different parts of the planet is something I never really thought about. More fascinating though is whether one should mention marital status which I say is a good thing. As an enterprise architect, If you can't sustain your own marriage, why would a business customer want to have a business relationship with you either. I believe marriage or lack of speaks miles about candidates.

  • Johannes Ernst talks about the OpenID RP Problem
    I wonder if Nishant Kaushik will acknowledge that one of the reasons why there are so few relying parties is the simple fact that Web Access Management vendors such as Oblix, CA Siteminder and so on simply haven't updated their software to support! Of course, when they finally get around to it, they will of course allow their marketing weenies to declare that it is not on the upgrade path but an entirely different SKU ultimately elongating the problem.

  • When the enterprisey battle
    James Robertson, seller of products that the marketplace no longer desires has noted a debate between myself and Robert McIlree. I wonder why he always notes debates but never actually participates in coming up with solutions such as making sure that the OWASP Enterprise Security API also has a Smalltalk equivalent...

  • | | View blog reactions

    Monday, August 25, 2008


    Has America ruined yet another nation...

    A part of me believes that American's who lose jobs as part of outsourcing is punishment for us exercising our right to remain silent when it comes to the wrath we inflict upon other countries...

    I speak infrequently about cultures I admire and figured I would take the opportunity to give praise to several nations and things that I like. Let's start with India. While the country is poor in financial terms, it is culturaly rich. Imagine a place where regardless of whether you are Hindu, Christian or Muslim, you can openly acknowledge your religion and others will respect it. Imagine a place where you can have your children watch Channel Zero on TV and not be worried that nudity, violence or other immorality will confront your four year old. Imagine a place where you can watch movies as a family and don't have to always worry about the rating of a movie or certain forms of gratitious sex.

    Welcome to India and Trinidad. Two great nations who are becoming less of third world countries and more equal participants in a global economy. Yet, the question remains as to how these nations can grow and thrive without becoming a clone of America. As these two nations do more trade with the United States, they aren't just creating jobs but are also trading immorality with the US. As more countries interact with the United States, they also tend to pick up ideas of our criminal enterprise as they learn a lot by watching TV. Murder rates are increasing, teen pregnancy is increasing, divorce rates are increasing and the sanctity of marriage and a culture of values is being traded for a culture of the dollar.

    During my honeymoon eleven years ago, I got to see wonderful movies such as Yes Boss. On my most recent visit, I learned that all the movie theaters that used to show Indian movies are now closed. Bollywood has been replaced by Hollywood. As a nation becomes more industrial, it also loses its underlying culture. Imagine being on a Caribbean island where fruits such as Mangoes, Oranges, Breadfruit and Banana's grow in abundance but you have absolutly no access to them. When it becomes easier to eat fast food such as KFC than it is to eat healthy, it hints that America has been successful in destroying another country.

    I remember eleven years ago, when I wanted to call a relative, I used to call the payphone and someone would run and get them. Today, everyone has a cell phone that are in many ways better than what we have. While this is considered progress, sometimes you have to acknowledge at what expense this comes at. If you think American's have a problem with debt, then you haven't talked to the average Trinidadian. The economic model of extending credit in the era of Ronald Reagan and free spending has been applied in third world countries. Sadly, having an economy based on this model will surely collapse.

    What is great is that my family has managed to profit from the exploitation of others. One family member is a manager for Coca-Cola and has increased the amount of soda consumption by kids several fold. Other relative is a manager for an appliance chain and has doubled store sales simply by talking about easy credit terms. Some will view my commentary as a success story in that they are doing well in providing for their families while others will see the morale implications of their actions. I wonder what side of the fence do you sit?

    | | View blog reactions

    Sunday, August 24, 2008


    Thoughts on Spanish and remaining ignorant...

    While English is the official language of the United States, Americans roll out the red carpet for those who only speak Spanish allowing folks with this mental disorder to remain ignorant...

    Have you ever heard the phrase: when in Rome? I guess this applies to most demographics except for those who speak Spanish. While I tend to poke at Indian Outsourcing, I do have the utmost respect for folks from India. People of India make a strong effort to learn not just English but the American form of English. They also manage to keep their own culture but do not require others to adapt to it.

    While on vacation in Trinidad, I had the opportunity to talk with my nephew (Hi Robby) who is a firefighter. The previous day, he and his team had rescued a family in a burning building. Depending on one's perspective, his bravery or stupidity caused him to run into a burning building to save a family who only spoke Spanish. While this type of thing is very common in the US, this is the first time he ran across this in Trinidad as folks traditionally from neighboring countries such as Venezuela have adapted.

    For those who will get it twisted, my nephew's last name is Salazar so get busy reading into it. The government of Trinidad is now paying him to learn Spanish. While this is a logical reaction, is this really the right thing?

    If Trinidad is to survive as a nation, it needs to not repeat the mistakes made by other nations such as the United States...

    | | View blog reactions


    Do Indian Outsourcing Firms understand Web Application Security

    Has anyone noticed that the vast majority of Indian outsourcing firms have no clue when it comes to web application security? Other than having a few guides on their intranet site that nobody actually reads, are US customers acting irresponsibly by allowing folks to write web applications offshore making themselves insecure if the proper knowledge base doesn't exist?

    The folks over at Cognizant are the only consistent exception I have been able to observe. They actively encourage their employees not only learn about web application security but to also attend local OWASP chapter meetings regardless of whether they are in India or the United States. They even sponsor the OWASP chapter in Chennai.

    It is curious to me that Cognizant understands the value proposition of encouraging their employees to participate in OWASP, but other firms such as Infosys, Satyam, TCS and others are still missing in action...

    | | View blog reactions

    Saturday, August 23, 2008


    Indian Outsourcing Firms

    I have always been curious as to why folks in India aren't spending time learning about application security. I wonder if companies such as Wipro, Cognizant, TCS, Infosys and Satyam have ever considered encouraging their US employees to attend OWASP user group meetings?

    The ability to establish a dominant position in application security is still up for grabs and can be had by simply sponsoring local user group meetings to gain mindshare. Any predictions as to who will be first?

    | | View blog reactions

    Friday, August 22, 2008


    Thoughts on why recruiters fail at finding top talent?

    The Agile Elephant acknowledges that there is no talent shortage, yet hasn't provided guidance on best practices in finding it, so I guess it is up to me to uncover some bad recruiting patterns...

    One interesting observation is that the recruiters within many large enterprises think that recruiting occurs solely during core working hours. As a chapter leader for OWASP I know that a lot of top talent shows up at the user groups I run yet there are few if any recruiters in attendance actually networking with folks in attendance.

    During my last user group meeting, I actually presented a listing of job opportunities that were IT security focused and not run of the mill and will continue to help recruiters find highly qualified candidates. The only thing in exchange that I ask of them is to help spread the word that we need to make application security visible.

    I have probably failed the recruiting community because I am encouraging them to do something other than lurk at my user group meetings. Many recruiters get it twisted and think that a security-oriented user group will only attract IT security professionals. OWASP doesn't exist to teach security professionals why software developers write horrific code but does exist to teach developers and architects how to write better code.

    Wouldn't it be intriguing if a recruiter decided to sponsor Pizza for our next meeting or were to spend fifteen minutes on the podium talking about the state of the IT industry and raffled off a Microsoft Zune Player to the person who asked the best question...

    | | View blog reactions

    Thursday, August 21, 2008


    Why Web 2.0 is something that enterprise architects should avoid...

    What happens in Vegas, stays in Vegas...

    Many enterprise architects frequent industry conferences where there is a healthy mix of learning and relaxation. Being out of the office afforded one lots of time to focus on the human aspects of technology and more importantly the eye candy especially when you are in Vegas, Miami or similar destinations. Sadly, Web 2.0 is ruining this practice.

    What happens in Vegas, stays in Vegas is a phrase I wouldn't put much faith any longer. With blogs, Camera phones that upload to Flickr and now Twitter, the ability to be caught in suboptimal positions that will be shared with others is something to ponder....

    | | View blog reactions

    Wednesday, August 20, 2008


    Enterprise Architecture: The end of work/life balance...

    When was the last time you have observed anyone achieving work/life balance?

    | | View blog reactions

    Tuesday, August 19, 2008


    Project Managers who pretend they are Enterprise Architects

    It is fascinating when folks who share their opinion in the blogosphere when they don't know what they're talking about...

    In order for a discussion to go anywhere, it requires not just pontification of opinion but some facts as well. Robert McIdiot posted Suggestions for the OWASP maturity model which factually proves that he should more frequently exercise his right to remain silent. Anyway, let's dissect his confusion to see if there is any insight.

    I wonder what his definition of new is? OWASP is internationally recognized and has chapters in at least 125 different parts of the planet. I guess he could have simply visited the web page to figure out the locations along with figuring out the logo. I wonder if he is aware that the folks who created the capability maturity model also aren't from a standards body. They are from a University! Maybe he isn't aware that folks from the community at large also participate in improving CMMi? Maybe, researching something isn't he ever does and instead expects others to spoonfeed him.

    The work of OWASP is 100% open source and anyone is free to join. While none of the participants on this project currently reside in either India or Eastern Europe, they are more than welcome to participate. If you know of folks from Wipro, Cognizant, TCS, Satyam, Infosys or other firms that are willing to participate, I will welcome them with open arms.

    Ahh, creative accounting. Robert, there are many statistics that indicate that the number of IT jobs in America is declining by 3% a year. If lots of folks leave the profession at a rate higher than openings, your numbers hold true but are otherwise dishonest. Robert, I bet you don't have any statistics on IT employees who got displaced by outsourcing as to the percentage that managed to get a pay increase vs those who took a pay cut?

    Now I am certain that he wants me to spoonfeed him like a big baby. A simple visit to the site and he would have actually seen an early draft and been able to form an intelligent opinion.

    I know in is ingrained into your persona to sit on the sidelines instead of jumping in and playing the game with the big boys. If you think you can do a better job of creating a maturity model around security, then be my guest. In order to create a maturity model, you at some level must be mature...

    I know you aspire to be a credible enterprise architect, but you really need to stick to project management. Oops, a competent project manager would understand that heroics isn't the answer but teamwork is. By assembling the best and brightest from all over the planet, OWASP will produce a competent security maturity model. I am not alone in this undertaking and any deficiencies I have, will be more than made up by the truly high caliber individuals I am working with on this project.

    If you want to make bets, I bet that you couldn't competently run an open source project because you can only succeed based on command and control. I bet you don't even comprehend the value proposition of open source nor the community model at large. I would bet though that you will either post a stupid response regarding open source or simply practice remaining silent.

    Anyway, I hope that the organizations that Robert Mcilree consults for truly get what they pay for...

    Robert McIlree on his honeymoon with James Robertson

    | | View blog reactions


    Vacationing in Trinidad

    I am now at the airport getting ready to board the plane headed towards Trinidad. The ability to vacation in a place where folks say good morning when you pass by brings joy to my heart.

    I hope that my co-workers are jealous thinking about how much fun I will have on the beach while they crank out even more sterile Powerpoints...

    | | View blog reactions

    Monday, August 18, 2008


    Indian Outsourcing and how Inexperience Generates Failure

    Many of the consultants I respect are often hired to consult on projects when they are already in trouble. The common story is how little experience most folks nowadays have...

    When you study the code, it seems like many within India are learning from books and web sites which are weak proxies for actually learning how to design software. If no one on the project knows what good code looks like, you get (guess what) code that doesn't look good.

    The interesting thing is that India hasn't yet taken advantage of the love of Agile methods. Consider, the ability to write suboptimal code where you can immediately declare that you were focused on business value as first priority. Your followup statement can be about the need to mercilessly refactor code at a later date. In the end, you have a nice set of Martin Fowler approved excuses for failure.

    What is more interesting is the findings of an upcoming industry analyst firm who will be releasing a report on the ability of Satyam, Infosys and others to write code that doesn't have any of the OWASP Top Ten vulnerabilities. It shouldn't come to a surprise to anyone that the result isn't kind. The analyst writing the report also noted that India has lots of opportunities on learning how to write secure code but due to cultural reasons, few take advantage of user groups such as OWASP.

    The only way for code to improve is for folks writing it to learn from others who are superior to them and are willing to publicly acknowledge such fact. Maybe it is a good thing that India has mastered the Peter Principle by promoting those who can't code into managers...

    | | View blog reactions


    Free Legal Advice

    I am not a lawyer, but I pretend to know what I am talking about in the blogosphere...

    Read this and make a copy for your files in case you need to refer to it someday. Maybe we should all take some of his advice!

    A corporate attorney sent the following out to the employees in his company.

    1. The next time you order checks have only your initials (instead of first name) and last name put on them. If someone takes your checkbook, they will not know if you sign your checks with just your initials or your first name, but your bank will know how you sign your checks.

    2. Do not sign the back of your credit cards. Instead, put “PHOTO ID REQUIRED”.

    3. When you are writing checks to pay on your credit card accounts, DO NOT put the complete account number on the “For” line. Instead, just put the last four numbers. The credit card company knows the rest of the numbers, and anyone who might be handling your check as it passes through all the check processing channels won’t have access to it.

    4. Put your work phone # on your checks instead of your home phone. If you have a P.O Box, use that instead of your home address. If you do not have a P.O. Box, use your work address. Never have your SS# printed on your checks. (DUH!) You can add it if it is necessary. But if you have it printed, anyone can get it.

    5. Place the contents of your wallet on a photocopy machine. Do both sides of each license, credit card, etc. You will know what you had in your wallet and all of the account numbers and phone numbers to call and cancel Keep the photocopy in a safe place. I also carry a photocopy of my passport when travel either here or abroad. We’ve all heard horror stories about fraud that’s committed on us in stealing a name, address, Social Security number, credit cards.

    | | View blog reactions

    Sunday, August 17, 2008


    Thoughts on Richard Stallman and Free Software

    I wonder why Richard Stallman and the GNU folks never talk about the economics of software development. Maybe, they need some sage wisdom from some enterprise architects...

    There is lots of software which serves the general interest without serving any one person or company sufficiently that they would signle handedly pay upfront for its development. Patronage simply is anti-innovation and relying on this model is a bad idea. Can we acknowledge that patrons are rarely forward thinking? Can we also acknowledge that complex, well-designed software is likely to result from patronage.

    How ethical is free software? If you deliberately seek to destroy thousands of folks way of earning money, then ethics demands that you at least try to find an alternative for them. Richard, the answer isn't to immediately give up all your worldly possessions and beg for grants as this model worked for you but otherwise doesn't scale.

    For the record, there are some models close to patronage such as how OWASP develops its software, but you might have noticed that there is a preference for licenses other than your personal favorite. More importantly Richard, you have forced lots of enterprises to waste money that could have been used to forward the cause of open source software but instead you made them give it to lawyers. Does this feel good?

    | | View blog reactions


    Youngest Victim of Offshoring

    The tragic story of Aditya Mohan...

    No words can justify the loss of a child. When reading the blog of Mohan Babu K. I actually cried. This individual is someone whom I have exchanged emails over the Internet on a few occasions. While we have never met nor heard the human voice, I feel like I know him.

    For those who read my blog, I encourage you to review and sign this petition asking authorities and the airlines to investigate. The details of the event are here.

    As for you Mohan, seek out our creator, the one God to whom all praise is due. In the meantime, I will pray and ask that you find the path to a better place...

    | | View blog reactions

    Saturday, August 16, 2008


    Is your CIO committing Management Malpractice?

    Have you ever considered the fact that your CIO will outsource work to India but employees can't work from home...

    Before we get started, I think that much of the problems aren't directly related to IT and are caused by general human resource professionals and their non-forward thinking way of viewing the world. Consider that HR isn't involved in outsourcing and at some level, this is what allows it to be mediocrity successful.

    Many of the today´s human resources professionals have struggled in appreciating the value proposition of working from home, when they have developed for so many years a mentality where managing payrolls, exerting control through rigid policies and being an administrative organization with poor emphasis in people issues has determined that flexible work schedules as a mean to provide a right balance between life and work to busy, valued and stressed employees is not one of the top concerns from a merely transactional HR management.

    A conservative corporate culture usually is adverse to assume a high risk profile and are characteristically reluctant to provide to its employes the time and the authorization to work at home as part of a talent policy to deliver true employee satisfaction from the perspective of providing a flexible work schedule as part of a corporate program designed to deliver means to reach a healthy balance between life and work.

    This reluctance in providing flexible schedules to work from home are accentuated through of managerial malpractices like micromanagement where the activities developed by manager´s subordinates are obsessively overviewed; the possibility of innovate is systematically denied and the communication among co-workers is systematically censured.

    Based in the premise that employees are the most valuable asset in current organizations, most of the Fortune 500 companies are developing programs with diverse recreational activities and flexible job schedules where working at home is a possibility to help to their employees in reaching a healthy balance between life and profession, and by this way minimize the risks of having employees suffering from professional burnout.

    Having said that, is straightforward the appreciation that for these companies their employees are considered as an valued asset because they have the unique opportunity of enjoying of a supportive workplace environment where their professional development will be systematically encouraged, their expectations will be fulfilled in a supportive workplace environment and additionally, they enjoy the privilege of working in a company, which culture is appreciative to recognize, reward and celebrate timely, the extra-value that a responsible and competent professional may offer to his/her organization.

    | | View blog reactions

    Friday, August 15, 2008


    Ways to ignore airline baggage limits...

    Many of the airlines have placed weight restrictions on baggage. I figured I would share a tip that allows you to beat the 50 pound baggage limit...

    I dropped the family off at the airport this week and noticed several couples waiting inline. They were traveling to Puerto Rico when the counter agent told them there would be an additional fee for overweight baggage. Another person standing in line heard this conversation and took some items out of their bag and put them into the backpack they were carrying.

    This next couple made it to the counter and placed their bags on the scale where the counter agent preceeded to put the baggage tape/sticker on the back and handed it back to the couple to carry over to the TSA baggage folks. Of course, the counter agent moved along to the next customer when this couple decided to simply take stuff out of their backpack and place right back into their luggage.

    Of course, TSA is solely responsible for checking bags and doesn't really care if someone either adds or removes stuff prior to it being handed to them. In many airports, especially when crowded you could do this without a TSA agent nor counter agent seeing it.

    In other words, you are an idiot if you pay for exceeding baggage limits...

    | | View blog reactions

    Thursday, August 14, 2008


    Enterprise Architecture: Does CMMi encourage worst practices?

    Have you ever noticed that the only places that are current CMMI Level 5 are places where programmers get paid peanuts! Maybe underpayment of staff is required to afford the overhead of CMMi...

    It is important that Architects stop embracing hybrid thinking as this is a mental disorder. While the primary purpose of the quest for process quality is product quality, the theory that the quality of a product is dependent on the quality of the process used to produce it is flawed. Of course, if you look hard enough, you can find relationships between any two observations. For example, did you know that the price of tea in China correlates well with the quality (or lack of) of code written by Indian outsourcing firms?

    There is a distinction between product quality and process quality. Process quality focuses on the ability of an organization to meet budget and schedule commitments. Having documented, repeatable, measurable processes helps with estimation. Software quality is not really the focus, except that an organization must be able to predict when the product will have a sufficiently high level of quality to be considered "finished" and an organization that makes good estimates won't find itself in a position where it has to change plans and trade quality for time or money.

    Ever been to McDonalds? Bet you didn't know that they are CMM Level five? Does anyone think that McDonalds product quality is high? I wonder what the relationship is between flipping burgers at McDonalds and the quality of code produced in India?

    | | View blog reactions


    Six Year Old Kids in Trinidad are Trembling

    My two sons are headed towards Trinidad and will be visiting various martial arts dojos. My older son is now a green belt in Jujitsu while the younger one just started to practice Tai Chi. Kids in Trinidad are shaking in their boots as they fear the wrath of the McGovern Brothers...

    | | View blog reactions

    Wednesday, August 13, 2008


    The secret relationship between martial arts and enterprise architecture

    I mentioned in the past that Villari's Martial Arts is Garbage which has gone unchallenged. Today, we will outline the secret relationship between low-quality martial arts such as Shaolin Kempo Karate and Tae Kwon Do to enterprise architecture...

    Ever wonder why Taekwondo is an olympic sport and other styles aren't? Does it have to do with actual fighting ability or instead is chosen solely because of its popularity? Most folks don't understand that Taekwondo is a sport and not a martial art!

    Martial arts aren't learned for fitness, they are learned to protect yourself. In a confrontation, the dumbest thing you could do is to attempt to kick someone in the head as you could get sweeped very easily. Unlike Taekwondo or other sports, Jujitsu sole purpose is to bring pain to folks.

    Ever notice that pretty much no one that does extreme fighting ever has a background in either Kempo Karate or Taekwondo but they all have some form of Jujitsu. What works as a sport doesn't work in self-defense and vice versa.

    So, what does this have to do with enterprise architecture? Is enterprise architecture and its goal to be more aligned with business goals driven by popularity or by the ability to win? The former is all about perception management while the later is all about reality.

    Sadly, IT nowadays is all about perception management yet the business that it is supposed to align with is all about reality. There is no perception that we are now in a global economy and that your competitors are aiming to place an armbar on your enterprise.

    Should enterprises be focused on flashy but otherwise useless kicks or should they instead be focused on the more practical...

    | | View blog reactions


    Does Sun understand software security?

    You will find employees of Microsoft, Oracle, EMC, HP and CA deeply participating in OWASP with their employees talking about what they do internally to make sure that the products they develop are not plagued with security vulnerabilities yet the world hasn't heard a single tweet from anyone from Sun in this regard.

    Most recently, it was announced that Sun also produced an insecure version of OpenID. Does Sun just care about security features or do they also care if their security features are secure?

    | | View blog reactions

    This page is powered by Blogger. Isn't yours?