Wednesday, March 30, 2005


"External access" can be a confusing term. Are you talking about people who aren't physically on site? Are you talking about non-employees? To clarify, I started referring to a project as "non-employee identification and authorization." After banging out that phrase a few times, I realized that I had a ready acronym: NEIDA.

To me, adding NEIDA to the mix is where you really get the value out of Sharepoint (used generically - SPS is an application that rides on top of WSS). Sharepoint is a definite improvement over the cumbersome and kludgey ways we now share data internally, but those ways simply don't work at all with non-employees and remote personnel. For instance, if you want to grant a contractor access to a DFS share, you are forced to add this non-employee to your corporate directory, have him install a VPN client, and then let him run remote desktop. All of this assumes that you happen to have a spare workstation, either physical or virtual, for him to remote into. Very ugly. You are attempting to electronically convert the remote contractor into a physically co-located employee. This is silly and risky. Identity and location must be decoupled.

We've recognized and articulated the need for this capability for about two years now. But in our company (and I suspect in most large corporations), a single business unit with a huge project gets a lot more attention than a thousand voices spread throughout the enterprise. We now have that giant business unit stick, and are moving forward rapidly lest the stick is used to hit us.

Here's what we are doing specifically: We are putting a Microsoft ISA cluster in our DMZ and using it to securely publish Sharepoint, which is located on the corporate network. The ISA and Sharepoint boxes will belong to our separate extranet forest, which has a one-way trust with our corporate forest. Non-employees needing access will be given accounts in the extranet forest, and site administrators will grant those accounts access to specific containers within the extranet forest.

The nice bonus in this approach is that we solve the remote employee problem while addressing the non-employee problem. The more applications we publish, the less our need for remote desktop.

I'd be interested in hearing from anyone who's done anything similar. What gotchas, landmines, etc. await us?

Friday, March 18, 2005

Rich web interfaces

Since Guy brought it up, I'd like to mention Blogger's text entry box. Here's an old post that I just stumbled across that talks about how it's done. Note that while OS might not matter, your particular browser does. I hate not having the hyperlink button in Safari, which is still the default browser on the family Mac.

Blogger slowdown

Blogger and/or Blogspot has become more pokey more often recently. C'mon, folks, we know you can scale.

UPDATE: Phil has the scoop from Biz: Google has plenty of computers. They just need more juice.

Wednesday, March 16, 2005

Image Trolling begs the Question

DriftNet is an amusing tool to tinker with in the public spaces I hang at on weekends. This elevates wardriving to a whole 'nother level, dear friends. Give it a whirl.

Try to match the GIFs and JPEGs that float by - to that goth slacker skulking in the corner over there ..? or do they belong to this overly serious accountant-type pretending to go over his end-of-quarter numbers?

Such capabilities call for a reflection upon the pros & cons of VPNing. Consumer rights advocates desire privacy protection. Us security professionals press for major reductions in the need for un-proxied intranet or host accesses, and the prospect of potential threats obfuscated by encryption.

Two strong arguments. This debate may rage on for quite some time to come.

Tuesday, March 15, 2005

Greater Ajax

This is not a retelling of the siege of Troy. But another epic battle is being fought today, with the futures of great empires again en prise.

I have been saying for over a year now operating systems don't matter anymore. Yes, that is a bit of a Molotov cocktail, but pause to consider and you'll see every day evidence that the future of application design is very thin indeed.

"Ajax" is the popular term (originally assigned by Jesse James Garrett) for the confluence of javascript, XHTTP, XSLT and WC3 DOM.

As WSJ's Lee Gomes made plain in a recent column:

Browsers have been getting and displaying information since the web began. What's new is that Ajax lets them do so in a speedier way. In the past, to change even a small part of a web page required reloading the entire page. But Ajax knows to fetch only the part of the screen that needs changing. Because less information is being sent from the main server, things move more quickly. That takes Ajax applications a big step toward the Holy Grail of having the kinds of speed and responsiveness in web-based programs that's usually associated only with desktop software. Sealing the Ajax deal for many programmers is the fact that everything required for it is standard, generic software that isn't owned by any company and that exists in every browser. The winners here are anyone who wants to build a new generation of Internet programs, especially Google, which hasn't been shy about moving into areas previously connected with Microsoft.

Big changes are afoot, accelerating the pace of creative destruction within the hardware industry, and even reshaping our basic conceptions of how (and where) knowledge work will be done.

As a technology generalist most focused on security solutions, I can tell you confidently this trend bodes well for the good guys. Now is the time for businesses to first consider addressing with application re-writes the many serious security issues that plague IT today. Thus far, most pundits' advice (and commercial product lines) have involved installing a lot of specialized networking gear.

Smart money, and common sense, points in the opposite direction, I believe.

Monday, March 14, 2005

FeedDemon-Bloglines synchronization

There's nothing like a little hands-on testing to blow a theory completely out of the water. For a while now, I've thought that FeedDemon's ability to synchronize with Bloglines would make it a viable candidate for an internal feed reader, because it would let you read both internal and external feeds from your corporate desktop while still letting you read your external feeds from anywhere without duplication. Unfortunately, that's not how it actually works.

The help page says:
Unlike "normal" channels, Bloglines Channels contain only the items you haven't already read through Bloglines. Likewise, items you read in FeedDemon won't appear as new in Bloglines. This enables you to read your subscriptions in either FeedDemon or Bloglines without duplication of items you've already read.

Sounds great, right? The first part works just like advertised. FeedDemon only downloads what I haven't read in Bloglines. For part two, thought, it turns out, that "read" doesn't actually mean read. It means "downloaded into FeedDemon." Yep, that's right. Items I've never read and that are marked as unread in FeedDemon are all marked read in Bloglines. I'm now forced to read those items in FeedDemon (or guess how far back in need to go in Bloglines and deal with duplicates). A rather Clintonesque definition of both "read" and "synchronize" if you ask me.

This is beyond lame. I used to be a fan of FeedDemon, but it now drops to the bottom of my list. I'm also left trying to find a viable alternative. I really need an internal equivalent of Bloglines that will intelligently link with the public Bloglines service.

Tuesday, March 08, 2005

Where are the women?

This is by far the funniest Autolink reaction I've read, at least in part because it's a bit rude. It's clearly all Lawrence Summers' fault!

Pointage by Phil, which prompts me to ask, if he's a digital magpie, who are we?

Sunday, March 06, 2005

About the weather

While there's been a lot of sniping about Google's Autolink, it's completely irrelevant. The age of the Google toolbar has come and gone. Today, dealing with "toolbar spam" from warring toolbars is nightmarish. The answer, of course, is Firefox. Who needs a toolbar when you have Firefox? I only use IE when I absolutely have to, and then only for the page in question. Why Google would waste goodwill attempting to recreate the discredited SmartTags is the real mystery here. Yes, there are key differences which make Autolink better than SmartTags, but the association was inevitable and poisonous.

I'd much rather talk about the weather. Google's new weather feature may not be an earthshaking new development, but as Phil Ringnalda points out, it sucks less then the alternatives. I guess I'd feel sorrier for the weather sites if they weren't all user hostile. Google takes a simple phrase and gives you the weather information you need right at the top of the screen. That doesn't happen on any weather site. Google Maps does the same thing. Pop in a simple query, and it gives directions. It's a lot simpler to type "Birmingham to Pensacola" and press enter than to jump through hoops at Mapquest.

Simplicity is good. As long as Google has superior services and no way to lock you in, the borg comparisons are nonsense.

Friday, March 04, 2005

Shipping software

What does it mean to ship software? And is Microsoft any good at it? Mark Lucovsky, formerly of Microsoft where he played a key role in NT kernel and on Hailstorm now with Google, weighs in. Check out his follow up, too.

Thursday, March 03, 2005

Critical chain project management

I really like this project management approach, which Jack pointed me to. The downside is that you have to get your whole organization to buy in to it, or it won't work. I guess that means I won't ever be using it. Oh, well.

Wednesday, March 02, 2005

Attention and Trust are Sacrosanct

I was riffling through some 3 yr old email today in search of a lost bit of perspective, and unexpectedly came across this old hyperlink, which against all odds still works. There are many great affirmations and quotes in the article, but in short:

#1: The User Is in Charge
Your greatest ROI is a prolific employee or partner.
Period. Control your urge to control even creativity.

#2: The World Is Our R&D Lab
The power of hobbyists/open source.
No more inside/outside dichotomies.
Make, or re-make, and it must work,
across most imaginable combinations.

#3: Failures Are Good.
Good Failures Are Better.

Improvise! Make quantum leaps.
Systems need ductility. Fashion (n.,v.)

#4: Great People Can Manage Themselves
Reed's Law trumps headhunters every time.
Peer review. Heterogeneity of thought.

#5: If Users Come, So Will the Money
Brands differentiate - markets decide.

Tuesday, March 01, 2005

Who bears the burden of high availabity?

Tom Yager ponders:
Will a rack of value servers with the equivalent computing power of a large, multiprocessor monolithic server ever be able to sense and respond to availability problems the way big iron and their OSes can?