Surplus words

Always wish I had more time to participate in such activities. Anyone has a chance to try and let me know?

Sent to a [SYNTHETIC-WORLDS] mailing list:

A main goal of the synthetic worlds initiative at Indiana University is to develop large games as research environments. To test some ideas, we have prepared a browser-based game of kingdoms, trade, diplomacy, and warfare in the stone age. The world is called Greenland and it enters open beta today. We invite those interested in such things to help us by testing the environment and contributing reactions and criticism to the forums.

To enter Greenland, go to http://greenlandgame.com/ and choose the Mercator server (the other two servers are closed for internal testing).You will need a code to register for the server; it is GLOPENACCESS.

If you have questions or problems, please contact our community manager Matt Falk at mfalk@umail.iu.edu.

Thank you.

--
Edward Castronova
Associate Professor of Telecommunications
Indiana University

A few years ago I met people behind many-eyes visualization project from IBM. Today, inspired by other things I have seen in the labs I decided to see what their site (http://manyeyes.alphaworks.ibm.com) has been up to. Always consumed by price of housing, I ended up comparing a larger number of cities by size and housing affordability (how many average incomes it takes to buy an average house).

Suddenly, New York looks pretty good.

In case you just want to go straight into the visualization, click here - http://manyeyes.alphaworks.ibm.com/manyeyes/visualizations/house-prices-to-income-ratio

I forgot my admin password on wordpress. I know, it is silly, but I reset it to something and then promptly forgot.What followed, was a sad comedy of errors and a small ode to open source. For long version, see below:

No matter, I thought, surely wordpress uses the database password() function and I could just get a new password hash, insert it into the DB, and be good again. To PhpMyAdmin we go… and Wrong! Wordpress does not use the function, probably with good reason.

Ok… what now? How about I reverse-engineer the hash function, include a call to it in one of theme designs and get a new hash in whatever way the hash is computed. Then, I can insert it into the database… Yeah - in what other ways could I try to scratch my left ear with my right foot?

Finally I remember something painfully obvious - I do not need to hash anything, just return “true” from some function called checkPassword or VerifyPassword - there is always one somewhere. Indeed, CheckPassword() function does this:
function CheckPassword($password, $stored_hash)
{
$hash = $this->crypt_private($password, $stored_hash);
if ($hash[0] == ‘*’)
$hash = crypt($password, $stored_hash);

return $hash == $stored_hash;
}

comment out the last line and replace it with return true;

Now, just save the file, reload the page, and  login with a random password. Change the password to something I think I will remember, and change the code back…

And this is why I host my own instance of wordpress :)

Now that I am a paying customer for highrise (highrisehq.com) I can request features, right? :)

I am trying to figure out how best to use the “deals” feature, and it would be really great if I could surface emails/notes from people involved in the deal without having to make 10 clicks. It was not even obvious to me that I could assign these to deals until I tried to change the email… At the very least, I should be able to drag an email/note to the “deal” that is already shown on the right side of the screen. Ideally, I would like to be able to add notes/emails from inside the deals - also with drag-n-drop…

Offtopic: Interestingly (for me) - I have immediately begun to expect that companies follow twitter and therefore will just pick up the resultant twit and comment on the blog. It’s all the fault of the GetSatisfaction.com team.

Fred Wilson wrote:

It’s gotten to the point that if I can’t interact with content, I don’t want to consume it. When I read books, I underline certain passages so I can blog about them later. If I were reading on a connected device, I’d simply reblog on tumblr and be done. I don’t think I’m unusual in this regard but I do think I’m in the leading edge of behavior and that more and more people will feel this way.A VC, Dec 2008

Ditto. Take a look at books left over from old (100+ years) writers, scientists, people. They are full of notes on the margins. This type of interaction with text only stopped recently, perhaps because a lot of content consumption went one-way — magazines, newspapers, TV. An old notebook of my grandmother’s I recently found has pages written out from books she borrowed and found insightful but did not own to write directly in. My big hope is that next version of Kindle would provide some kind of a solution. It is possible that other readers already provide these capabilities and I am just unaware of them…

I see a lot of people also blogging as they read through a book - something this type of functionality would facilitate. Does the world really need people to post half-formed thoughts the moment they get an urge to share them? Probably not, but we already do (reading this post qualifies), so making this sharing easier is not going to make things worse, but perhaps encourage those for whom current means are too convoluted or complicated to participate in the discussion.

I like the simplicity, and surprising utitliy of LinkedIn applications. I was surprised to see a blog post from one of my connections, and within a few clicks configured LinkedIn to show my own blog posts. I suppose this is really useful for people who market themselves a lot - but also for people who have no other touchpoints with a lot of all of their colleagues and former colleagues.

Finally - I just think it is cool, and is another round of evolution in web mashups and in letting people share their informatin how they want it, where they want it.

I have always been scared to blog under my name. This fear had a few components. I did notice, recently, that most of the blogs I follow are actually not anonymous. I used to read a lot of anonymous blogs, but over time most of those have either revealed their identities or have fallen away from my frequent reading list. I suppose some of it has to do with desire to get credit (obviously, that was my intent), but I think the larger issue is that - ultimately - it is hard to trust an anonymous person. Internet, gives a great deal of anonymity to people, but that also forces us to discount anonymous posters longer than “real” ones. There are many examples and discussions on this topic, and it is not really what I wanted to write about.

No. I wanted to think through, by typing, what it was that has kept me from blogging for a better part of 4 years. It was not lack of source material - certainly these times have an overabundance of that. There is an issue of time, of course. It is pretty obvious that to build a readership, posts need to come with regularity that is well-known to journalists, but not easy to maintain on IT guys’ schedule. It is also recommended to stick to a particular topic or set of topics in which one has expertise or strong convictions. That approach was lacking as well. I like to think by typing, and I am certainly not going to be maintaining 5 different blogs for a carefully segmented presentation of my world views.

What I realized, is that the few people whose blogs I actually read with any regularity where “reasonably smart guys” who put out whatever it was that they wanted to share. That’s it. Some of them I knew personally, some I did not, some I even mostly disagreed with. In all cases; however, it was something for me to think about, to talk to someone else about - and perhaps that’s what matters to me. So, I will make the fool out of myself - writing about things I know little about, as well as risking my professional growth by writing about thing I *should* know about, but perhaps do not.

I might even, seriously now, write a bit about my biggest development challenges - my kids. I am still not sure how far to go there. They will inevitably find this blog in a couple of years and I do not want them to be scarred/horrified/overly pleased.

Anyway, I probably have to write here, since my family and co-workers cannot take any more of my soliloquies.

Preamble: I wrote this a while ago, and moved it to this blog in draft mode. It is being republished because… I do not have time to write anything new. Comments welcome.

—–

Starting point for ruminations was this - IBM Recruiting ISVs, Partners to SAAS:

Viewing the software-as-a-service market as a major new-growth industry, IBM is offering a package of services and incentives to help software companies and channel partners deploy their products as hosted applications.

IBM is looking for a wave to catch to vault it over Sungard and other, smaller, companies specializing in hosting company’s backup servers and data. It is worthwhile, I think, to look at the generalizing principle on software-as-a-service (SAAS). What are its implications from a resiliency and continuity perspective?

For starters, SAAS goes beyond the now well-understood Application Service Provider (ASP) model. ASP implies that an application, usually one which covers at least one complete business process, is hosted by a service company rather than an internal IT department. From a computing perspective there is often little difference. After all, most large and medium-sized companies today have widely distributed IT deployments and most users do not know whether the web application they are using is coming to them from a data center 3 floors above or 3 thousand miles away. So what does it matter whether someone else is running a web server instead of your organization? Better organized resiliency programs certainly take this outsourcing into account when creating plans, treating ASPs as critical vendors as much as someone else supplying financial data or iron ore might be.

SAAS is a slightly different beast. One can think of an ASP provider as an implementation of SAAS, providing that “service” in SAAS in fairly large and monolithic chunks. But it need not remain that way. What if a SAAS provider is someone like former hitbox, providing a very specialized service of web analytics, or qualys continuously searching your network for vulnerabilities. In both cases, data might be downloaded and analyzed by a tool hosted by some other 3rd party, or internally. This software service is now provided as a small part of an overall business process, and may not even be known to the business unit as a component of the process that is provided by an outside vendor. To re-use the examples of services in this paragraph, we can consider the following scenario for web analytics:

IT Department provides traffic report and analysis to all departments in the enterprise. Most likely 90% of the department could not care less about the accuracy and granularity of the results. Marketing; however, is an exception. While it carefully tracks website usage all the time, a day-long outage of analytics would not be a major problem unless it coincides with a test run of a new marketing campaign. At which point and to which internal customers should IT direct an awareness campaign of the outside vendors it is using for the moment? Once a service become part of the enterprise services, their origin becomes largely transparent to the business level consumers of the service. It is worth noting that for most services only a small number of users will have a critical need of it. How should vendors be now evaluated for reliability and contracts structured?

Previously, when a department wanted to use an ASP both that business unit and IT would be involved in the evaluation process. However, SAAS will now allow both IT and business units to go it alone. That’s where things can start falling through the planning cracks since a lot of the services may not be part of the primary impact analysis process. In our scenario Marketing may not be aware that web analytics is separate from web server maintenance, and IT may not know that its outsourced analytics service is critical to some group - in this case Marketing - 3 weeks out of the year.

Similarly to how cheap Windows and Linux servers proliferated in workgroups a few years ago, cheap and transparent services will have a huge impact on how applications and business processes are assembled and executed in the future. Different providers may even be used for similar process steps in various locations or processes across the enterprise. How should customers reconcile their needs for efficient and cost-effective services with an increasingly flexible software services environment? One way, of course, is for an organization to forbid the casual use of outside software services and require than any allowed uses go through a rigorous evaluation process for each service, with clearly identified IT and business level integration points and fully performed cost-benefit analysis. That would work to keep smaller service vendors out, but they are also the most innovative ones.

Another way is for someone like IBM to step in. Salesforce is already doing something similar with its AppExchange, and I think other players are gearing up. IBM has an advantage over Salesforce and others, such as SAP or Oracle in that it has a much more independent platform. IBM can become, effectively, a guarantor of a service, whether it was developed by them or not. By providing the infrastructure, IBM can make sure the basic hosting things go well - such as service uptime, bandwidth, power, etc. Furthermore, IBM can host the same service in different configurations - critical for Marketing and delayed for other department, for example. Its market power would require service vendors to certify their products for stability and scalability, and remove the uncertainty from customers of dealing with a small and unknown entity. Organizations could then provide business rules for department to use, or at least test services, provided they comply with certain requirements - certified by IBM, and are hosted by a reliable vendor - such as IBM. At some point a need to both a certified host and certifying authority will become too strong not to produce a whole sub-industry. Currently, Accentures & Delloite’s of the world have the lead on certifying implementations (information security, for example). However, IBM already has a host of certification programs for its WebSphere Catalogue, as well as Ready for Virtualization and others relevant to organizational resiliency. Moreover, IBM has the ability the Accenture and its ilk lack of becoming insourced not only at the customer level, but vendor level as well. What that means is that vendors could develop services and solutions concentrating on their core competencies, not peripheral requirements of hosting an on-demand software service, for example.

As someone who works for a small vendor, I know that I would not very excited about having to build up a tremendous amount of infrastructure and support capabilities instead of farther developing our product. We did what we needed to do for our customers, but the less we have to do of things we have no competitive advantage in, the more value-added activities we can engage in. I am sure many other vendors feel the same way, and I think a lot of customers would be much happier if they could both easily use innovative services and have world-class hosting support to guarantee the robustness of that service.

I have always been a fan of one-time use credit card numbers. Certainly, for someone who shops on a number of web sites, they are a nice way to not get “too much” information stolen. It is not that I do not trust proprietors of smaller internet ventures, but… Well, I do not necessarily trust their information transmission and retention policies. Recently, I had just the excuse to the use a one-time number myself. I was buying something on a foreign website, hosted in a country known better for gathering information that securing it. “Perfect”, I thought, “I will be safe with my citibank visa!”
And now we can talk about how companies shoot themselves in the foot when their marketing gets ahead of their capabilities. Citibank, for example, runs a series of hilarious commercials warning of the dangers of Identity Theft. Despite the message saturation; however, it is impossible to find out how to generate one-time numbers for citibank issued credit cards from the site. At least my searches revealed no obvious way of doing so. A number of blog entries alluded to the fact that Citigroup (parent company of Citibank, N.A.) indeed provides a generator, but no links were posted. Luckily, I have friends who are much better at web sleuthing, and soon I had in my hands the link. (more…)