The content on this site is my own and does not necessarily represent my employer’s positions, strategies or opinions.
- I’ve been playing around with Swift, the new programming language from Apple, for a few days and I’ve been quite …
- The Supermoon over Cranberry Lake, New York, in the New York Adirondack Mountains on 11 July, 2014.
- Yesterday IBM and Apple made an important announcement about partnering to significantly growth the use of mobile via Apple devices …
Several weeks ago I was on the panel “Privacy and Innovation in the Age of Big Data” at the International Association of Privacy Professionals in Washington, DC USA. My role was to present the attraction and value of data but not to constantly interrupt myself with “but, but, but” for policy and privacy issues. That is, I was the set up for ‘s Chief Privacy Officer Christina Peters and Marty Abrams, Executive Director and Chief Strategist, Information Accountability Foundation, to talk policy. The audience was mainly privacy experts and attorneys.
I presented four slides and I previously posted those via SlideShare. Here and in three other posts I go through the bullets, providing more detail and points for discussion.
- What is Big Data?
- Why do data scientists want more data, rather than less?
- What issues can analytics present?
- Approach to policy can determine outcomes
Approach to policy can determine outcomes
Reductions in the amount and kinds of data can produce diminished or inaccurate results
I think this is obvious: if crucial data that could help define the context is missing, then the model will probably be incomplete. Therefore, it will be hard for you to produce results that have a high confidence level, or you will be missing factors that are needed for better prediction or optimization.
Think of all the data that is necessary to predict how a particular farm field of tomatoes will do during this next summer season. Geography with elevation, expected sun and rain amounts, wind, soil conditions, planned fertilization, and natural or irrigated water supply all have an effect on what will actually happen. If your model is missing these, your prediction or your ability to tweak the factors to maximize yield will be compromised.
Policy must take into account the value received by individuals for the use of their personal data
You as a consumer may happily give a coffee shop information about your location in order to get a discount on your next beverage. This is not exactly being “off the grid.”
Increasingly people are willing to give up personal information in exchange for discounts, higher quality, and position within social networks. Formal policy must take into account that privacy is not a fixed idea and will vary over time from person to person as more lucrative items can be traded for it.
Enforced data localization may decrease analytical completeness unless we can move intermediate results or the site of computation
If I am forced to keep all my data, metadata, and derived results within some geographical boundaries, my ability to combine these with information elsewhere will be curtailed. Can we move those other results to the constrained site for more extensive computation? Indeed, can we move the computation to the data instead of the other way around?
These are issues of both policy and cloud technology. What we do and where we do it is limited by both, but as technology often seems to advance far faster than policy, there will be a mismatch between what we can (and should) do with what we are allowed to do.
Big Data is not just about the data. It is about the intended use and the location of that use. Privacy, security, and data ownership are all important considerations that must be factored in before we do the “science” with the data.
Previous: What issues can analytics present?
I’m a bit under the weather today, so I’ve been sitting on the couch fiddling with this website, a my previous blog and launched this one.blog. Its most recent large overhaul happened over the Christmas holidays at the end of 2009 when I archived
The theme I had been using until then was heavily customized and had not kept up with the various improvements made in WordPress for the layout, widgets, and other features of themes. So I switched to the new and official Twenty Ten theme, did some customizations within the user interface for such, and then added some code to rotate the header images among my photos in an uploaded directory. (This last feature is more or less built in now, but my code is working so I’m keeping it.) I made these customizations in a child theme of Twenty Ten that I called Minerva after one of our cats, now unfortunately and prematurely departed.
Before I settled on Twenty Ten, I looked at dozens of candidate themes and I investigated usingfor the blog. Ultimately I ruled out the other themes because they didn’t have the look I wanted and I liked the idea of the WordPress team itself supporting my base theme. While Drupal was and is wonderful software, I stayed with WordPress because I wanted to preserve the links to all my old blog entries and have consistent formatting between the current and archived blogs.
Through the years I’ve added and subtracted plugins and widgets as they were updated or I found new ones that had functionality I wanted. The social buttons you see under this post are one example of using a plugin that did not exist in 2009.
I’ve been keeping WordPress itself, the plugins, and the themes up to date on a regular basis. Aside from improved or fixed functionality, this at least helps keep the security up on the site.
So today I started out by looking at the other official WordPress themes that came after Twenty Ten. These are called (wait for it): Twenty Eleven, Twenty Twelve, and Twenty Thirteen. I didn’t think any of them look better than what I have.
Then I looked at some others that are high in popularity among the thousands of WordPress themes. I downloaded and installed several of them and ultimately decided that I would stay with what I had. They either didn’t impress me visually or they would have required more customization than I’m in the mood for today.
I deleted the FaceBook plugin because it was superfluous with the new social buttons. I then started playing with the “Recent Posts” widget that is in the right column. Since I’ve been writing blog entries less frequently than I did a few years ago, many of the entries that do appear are of the “What I’m Reading” variety that are automatically generated from my use of Diigo.
The Recent Posts area was dominated by these postings of links and I wanted to exclude them. Unfortunately the built-in widget did not seem to work correctly when I adjusted the visibility of the posts to display.
It took only a few minutes to find a much improved widget called “Recent Posts Widget Extended” (catchy name). This not only allowed me to block the posts I did not want appearing but also let me include excerpts. I think it is an improvement and you can see a screen shot on the left.
So that’s it for now. I’ll still keep looking for new themes, plugins and widgets, but I’ve reached the point of diminishing returns for the moment.
In May of 2013 I was asked to contribute an article to ProVISION, an magazine published in Japan for current and potential customers and clients. That piece was translated into Japanese and published at the end of July. Below is the original article I wrote in English describing some of the work we do in my group by the scientists, software engineers, postdocs and other staff in IBM’s Research labs around the world. It was not meant to inclusive of all analytics work done in Research but was instead intended to give an idea of what a modern commercial research organization that focuses on analytics and optimization innovations does for the company and its customers.
When you look in the business media, the word analytics appears repeatedly. It is used in a vaguely mathematical, vaguely statistical, vaguely data intensive sense, but often is not precisely defined. This causes difficulties when you are trying to identify the problems to which analytics can be applied and even more when you are trying to decide if you have the appropriate people to work on a problem.
I’m going to look at analytics and the related areas to help you understand where the state of the art research is and what kind of person you need to work with you. I’ll start by separating out big data from analytics, look at some of the areas of research within my own area in IBM Research, and then focus on some new applications to human resources, an area we call Smarter Workforce.
This is the most inclusive term in use today but, because of that generality, it can be the most confusing. Let’s start by saying that there is a large amount of data out there, there are many different kinds of data, it is being created quickly, and it can be hard to separate the important and correct information from that which you can ignore. That is, there are big data considerations for Volume, Variety, Velocity, and Veracity, the so-called “Four Vs.”
I think these four dimensions of big data give you a good idea of what you need to consider when you process the information. The data may come from databases that you currently own or may be able to access, perhaps for a price. In large organizations, information is often distributed across different departments and while, in theory, it all belongs to you, you may not have permission to use it or know how to do so. It may not be possible to easily integrate these different sources of information to use them optimally.
For example, is the “Robert Sutor who has an insurance policy for his automobile” the same person as the “Robert Sutor who has a mortgage for his home” in your financial services company? If not, you are probably not getting the maximum advantage from the data you have and, in this case, not delivering the best customer service.
Data is also being created by social networks and increasingly from devices. You would expect that your smart phone or tablet is generating information about where you are and what you are doing, but so too are larger devices like cars and trucks. Cameras are creating data for safety and security but also for medical and retail applications.
What do you do with all this information? Do you look at it in real time or do you save it for processing later? How much of it do you save? If you delete some of it now, how do you know those parts won’t be valuable when we have better technologies in a year or two?
When you have so much data, how do you process it quickly enough to make sense of it? Technologists have created various schemes to solve this. Hadoop and related software divides up the processing into smaller pieces, distributes them across multiple machines, and then recombines the individual results into a whole.
Streams processing looks at data as it is created or received, decides what is important or not, and then takes action on the significant information. It may do this by combining it with existing static data such as a customer’s purchase history or dynamic data like comments.
So far I’ve said that there is a large amount of data currently stored and being newly created, and there are some sophisticated techniques for processing it. I’ve said almost nothing about what you are doing with that data.
In the popular media, big data is everything: the information and all potential uses. Among technologists we often restrict “big data” to just what I’ve said above: the information and the basic processing techniques. Analytics is a layer on top of that to make sense of what the information is telling you.
The Wikipedia entry for analytics currently says:
Analytics is the discovery and communication of meaningful patterns in data. Especially valuable in areas rich with recorded information, analytics relies on the simultaneous application of statistics, computer programming and operations research to quantify performance. Analytics often favors data visualization to communicate insight.
Let’s look at what this is saying.
The first sentence has the key words and phrases “discovery,” “communication,” and “meaningful patterns.” If I were to give you several gigabytes, terabytes, or petabytes of data, what would you do with it to understand what it could tell you?
Suppose this data is all the surveys about how happy your customers are with your new help desk service. Could you automatically find the topics about which your customers are the most and least happy? Could you connect those to specific retailers from which your products were bought?
At what times of the day are customers most or least satisfied with your help desk and what are the characteristics of your best help desk workers? How could this information be expressed in written or visual forms so that you could understand what it is saying, how strongly the data suggests those results, and what actions you should take, if any?
Once you have the data you want to use, you filter out the unnecessary parts and clean up what remains. For example, you may not care whether I am male or female and so can delete that information, but you probably want to have a single spelling for my surname across all your records. This kind of work can be very time consuming and can be largely automated, but usually does not require an advanced degree in mathematics, statistics, or computer science.
Once you have good data, you need to produce a mathematical model of it. With this you can understand what you have, predict what might happen in the future if current trends continue or some changes are made, and optimize your results for what you hope to achieve. For our help desk example, a straightforward optimization might suggest you need to add 20% more workers at particular skill levels to deliver a 95% customer satisfaction rate. You might also insist that helpful responses be given to customers in 10 minutes or less at least 90% of the time.
A more sophisticated optimization might look at how you can improve the channels through which your products are purchased, eliminating those that cause the most customer problems and deliver the least profit to you.
For the basic modeling, prediction, and optimization work, one or more people with undergraduate or masters graduate degrees in statistics, operations research, data mining/machine learning, or applied mathematics may be able to do the work for you if it is fairly standard and based on common models.
For more sophisticated work involving new algorithms, models, techniques, or probabilistic or statistical methods, someone with a Ph.D. is most likely needed. This is especially true if multiple data sources are combined and analyzed using multiple models and techniques. Analytics teams usually have several people with different areas of expertise. It is not uncommon to see one third of a team with doctorates and the rest with undergraduate or masters degrees.
Our work at
I lead the largest worldwide commercial mathematics department in the industry, with researchers and software engineers spread out over twelve labs in Japan, the United States, China, India, Australia, Brazil, Israel, Ireland, and Switzerland.
While the department is called “Business Analytics and Mathematical Sciences,” we are not the only ones in IBM Research who do either analytics or mathematics. We are the largest concentration of scientists working on the core mathematical disciplines, which we then apply to problems in many industries, often in partnership with our Research colleagues and those in IBM’s services business divisions.
We divide our work in what we call strategic initiatives, several of which I’ll describe here. In each of these areas we write papers, deliver talks at academic and industry conferences, get patents, help IBM’s internal operations, augment our products, and deliver value to clients directly through services engagements.
One of the topics in IBM’s 2013 edition of the Global Technology Outlook is Visual Analytics. This differs from visualization in that it provides an interactive way to see, understand, and manipulate the underlying model and data sources in an analytics application. Visual analytics often compresses several dimensions of geographic, operational, financial, and statistical data into an easy to use form on a laptop or a tablet.
Visual Analytics combines a rich interactive visual experience with sophisticated analytics on the data, and I describe many of the analytics areas in which we work in the sections below. Our research involves visual representations and integration with the underlying data and model, client-server architectures for storing and processing information efficiently on the backend or a mobile device, and enhancing user experiences for spatio-temporal analytics, described next.
This is a particularly sophisticated name for looking at data that changes over time and is associated with particular areas or locations. This is especially important now because of mobile devices. Information about what someone is doing, when they are doing it, and where they are doing it may be available for analysis. Other example applications include the spread of diseases; impact of pollution; weather; geographic aspects of social network effects on purchases; and sales pipeline, closings, and forecasting.
The space considered may be either two- or three-dimensional, with the latter becoming more important in, for example, analysis of sales over time in a department store with multiple floors. Research includes how to better model the data, make accurate predictions using it, and using new visual analytics techniques to understand, explore, and communicate insights gained from it.
Event Monitoring, Detection, and Control
In this area, many events are happening quickly and you need to make sense of what is normal and what is anomalous behavior. For example, given a sequence of many financial transactions, can you detect when fraud is occurring?
Similarly, video cameras in train stations produce data from many different locations. This data can be interpreted to understand what are the normal passenger and staff actions at different times of the day and on different days, and what actions may indicate theft, violent behavior, or more even more serious activities.
Analysis of Interacting Complex Systems
The world is a complicated place, as is a city or even the transportation network within that city. While you may be able to create partial models for a city’s power grid, the various kinds of transportation, water usage, emergency healthcare and personnel, it is extremely difficult to mathematically model all these together. They are each complicated and changes in one can result in changes in another that are very hard to predict. There are many other examples of complex systems with parts that interact.
Simulation is a common technique to optimize such systems. The methods of machine learning can help determine how to realistically simulate the components of the system. Mathematical techniques to work backwards from the observed data to the models can help increase the prediction accuracy of the analytics.
Decision Making under Uncertainty
Very little in real life is done in conditions of absolute certainty. If you run a power plant, do you know exactly how much energy should be produced to meet an uncertain demand? How will weather in a growing season affect the yield from agriculture? How will your product fare in the marketplace if your competitor introduces something similar? How will that vary by when the competitive product is introduced?
If you factor in uncertainty from the beginning, you can better hedge your options to maximize metrics such as profit and efficiency. There are many ways to quantify uncertainty and incorporate it into analytical models for optimization. The exact techniques used will depend on the number and complexity of the events that represent the uncertainty.
Revenue and Price Optimization
The decisions you make around the price you charge for your products or services, and therefore the hoped-for revenue, are increasingly being affected by what happens on the demand side of your business. For example, comments spread through social media can significantly increase or decrease the demand for your products. Aggressive low pricing given to social media influencers can increase the “buzz” around your product in the community, thereby increasing the number of units sold. If you can give personalized pricing to consumers that is influenced by their past purchase behavior, you can affect how likely they are to buy from you again.
Demand shaping can help match what you have in inventory to what you can convince people to buy. This focus area therefore affects inventory and manufacturing, and so the entire supply chain.
Condition Based Predictive Asset Management
When will a machine in your factory fail, a part in your truck break, or a water pipe in your city spring a leak? If we can predict these events, we can better schedule maintenance before the breakages occur, keeping your business up and running.
We can get the parts we need and the people who will do the work lined up and doing the work in a timely way. Since there are multiple assets that may fail, we can help prioritize which work should be done earlier to keep the whole system operating, even given the process dependencies.
Integrated Enterprise Operations
You can think of this focus area as a specific application of the Analysis of Interacting Complex Systems work described above to the process areas within an organization or company. For example, a steel company receives orders from many customers requesting different products made from several quality grades. These must be manufactured and delivered in a way that optimizes use of the stock material available, configures and schedules tooling machines, minimizes energy usage, and maintains the necessary quality levels.
While each component process can be optimized, the research element of this concerns how to do the best possible job for all the related tasks together.
I think of this as the analytical tools necessary for the Chief Financial Officer of the future. It integrates both operational and financial data to optimize the overall financial posture of an organization, including risk and compliance activities.
Another element of Smarter Finance includes applications to banking. These include optimization of branch locations and optimal use of third party agencies for credit default collections.
A particularly large strategic focus area in which we are working is the application of analytics to human resources, which we call Smarter Workforce. We’ve been involved with this internally with IBM’s own employees for almost ten years, and we recently announced that we would make two aspects of our work, Retention Analytics and Survey Analytics, available to customers.
Retention analytics provides answers to the following questions: Which of my employees are most likely to leave? What characterizes those employees in terms of role, geography, and recent evaluations and promotions? What will it cost to replace an employee who leaves? How should I best distribute salary increases to the employees I most want to stay in order to minimize overall attrition?
Beyond this, we are doing related research to link the workforce analytics to the operational and financial analytics for the rest of an organization. For example, what will be the affect on this quarter’s revenue if 10% of my sales force in Tokyo leaves in the next two weeks?
Survey analytics measures the positive and negative sentiment within an organization. While analytics will not replace a manager knowing and understanding his or her employees, survey analytics takes employee input and uncovers information that might otherwise be hard to see. Earlier I discussed a customer help desk. What if that help desk was for your employees? How could you best understand what features your employees most liked or disliked, and their suggestions for improvement?
This is one example of using social data to augment traditional analytics on your organization’s information. Many of our focus areas now incorporate social media data analytics, and that itself is a rich area of research to understand how to do it correctly to get useful results and insight.
Analytics has very broad applications and is based on decades of work in statistics, applied mathematics, operations research, and computer science. It complements the information management aspects of big data. As the availability of more and different kinds of data increases, we in IBM Research continue to work at the leading edge to create new algorithms, models and techniques to make sense of that data. This will lead, we believe, to more efficient operations and financial performance for our customers and ourselves.
In various Impact conference at the end of April, we’ve been using a slide that looks like this:presentations about mobile starting at the
I’m going to give a quick introduction to some of the terms on the slide and what we mean by them.
Client Mobile Initiatives
From IBM’s perspective, what is the client trying to do with mobile and why might they want to talk to IBM about it? In an earlier draft of this we used the phrase “client mobile entry points.” This wasn’t always clear to people, but it did convey the idea that a customer is starting from one very specific aspect of mobile and wants to have a discussion about that. The three areas on the slide intersect all parts of the mobile lifecycle.
Now let’s start in the upper right corner and move clockwise.
Build and Connect
It is often the development or IT staff that begins here.
Where do mobile apps come from? What is necessary to construct the part of the app that lives on the device, smartphone or tablet, and the part that lives on the server on the backend? What tools are available for the developer for the full application lifecycle? How about testing for all the mobile operating systems and devices? For the device, what framework will allow you to have exactly the right balance of native code and HTML5 to give you the functionality, performance, and portability you need? How will you handle having apps for at least iOS and ? On the server side, can you use Java to create the code to support whatever you mobile app is supposed to do?
Regarding connectivity, this includes from the device to the backend and then also among the backend systems, applications, and databases to which you need to communicate. Having a system that can talk primarily to only one kind of backend system might seem expedient today but will possibly not support everything you want to do with future mobile apps. Having a mobile server that sits in the corner and has only weak integration with your services, messaging systems, and enterprise services busses is not really being enterprise-ready.
Manage and Secure
It is often the operational IT staff or CIO’s office that begins here.
It can be very hard at times to separate all the capabilities needed for security, application management, and device management. I think it is a very smart career move to become highly proficient in all the elements of mobile security.
Almost everything you can use for security for the web, you can use for mobile. You need to manage security at the device level, at the individual app level, over the network, and within the enterprise infrastructure. Since mobile devices will increasingly be used for portions of sophisticated attacks from many directions and sources, you’ll need security intelligence based on analytics that can correlate, detect, and shutdown such attacks.
The area of data separation is getting a lot of attention these days through techniques like partitioning, containerization, and virtualization. We’ve seen many ways of doing this, especially for Android, and I’m waiting to see what Apple might do in this area.
It’s best to catch security problems before your app goes out the door.
At Impact I heard an estimate that there were close to 100 Mobile Device Management vendors out there. Choose carefully for the long term, especially if this is your most important and earliest mobile project.
Extend and Transform
This is place where the business side usually starts. Geolocation from the mobile device is frequently necessary for these apps to differentiate themselves from laptop alternatives.
Many customers are extending existing applications or channels to mobile. Have an online retail website? Create, or have someone else create, a dedicated and branded mobile app that allows catalog browsing and purchases.
If you are a bank, similarly create a mobile app but decide what functionality should be in there. I might apply for a mortgage from within my laptop’s browser but I won’t be doing it from my smartphone.
So extend means to take what you’ve got and add a mobile dimension. This is increasingly becoming table stakes, or required, for B2C enterprises. Many companies are focusing on doing this and many people are getting paid to help them do it.
For me, “transform” is the really interesting one of these two, however essential “extend” is. This means combining multiple services to create significant added value. Put another way,
a transformational mobile app is one that significantly improves the quality of your personal or business life, allowing you to do things you have never done before, and permitting you to be more effective and productive in an especially seamless way.
Transformational apps often pull in social and commerce aspects, backed by analytics. They may involve partnering between players in difference industries such as financial services, hospitality, retail, healthcare, government, and travel and transportation.
In this post I talk aboutmobile products and what happened at a large IBM conference. As a result, it is more specific to IBM’s offerings than some of my other blog entries.
This week I’ve been in Las Vegas at the IBM Impact conference. The days have been a blur of meetings with partners, customers, and colleagues from around the world. We’ve talked about the new PureApplication System and updates across the software portfolio for connectivity, integration, business process and decision management, and application integration.
The Liberty Profile in the new WebSphere Application Server version 8.5 has been an especially hot topic. Conversations about that often go something like “It takes up less than 50Mb. Wow! It loads in 5 seconds. Show me! You can develop with it on your Mac. IBM did that?”
We’ve also had quite a few conversations about mobile and I’ve learned a lot.
Now I’m one of the executive leaders for mobile at IBM and I discussed it (briefly) on the main stage on Tuesday, gave an hour+ talk on “Top 11 Trends for Mobile Enterprise,” did press interviews and a panel with journalists, and challenged and was challenged by industry analysts on the topic. So I had a lot to say about mobile. But more than whatever I said, I learned an incredible amount of what our customers and partners are doing with mobile today. We also discussed how IBM’s new mobile products, IBM Worklight 5.0 and the IBM Mobile Foundation, could be essential to them over the next few years.
Here’s a bit of what I learned.
System integrators are looking to pick the one or two best mobile platforms on which to focus their efforts. The hybrid mobile app development model in IBM Worklight is very appealing because of its open standards and technology approach, and because it allows the creation of everything from pure native apps to those that are mostly HTML5 content.
Security and app management are critically important. Both IBM Worklight and Endpoint Manager for Mobile Devices, included in the IBM Mobile Foundation, have capabilities that address this. In some organizations, the BYOD, or Bring Your Own Device, movement is accelerating their concerns but also their need to react quickly. My suggestion is to consider security and device management as extensions of what you already do for your website, web applications, and hardware like laptops and servers. Don’t think of mobile as this odd new thing, consider it as adding on to what you do already.
Partners have started building mobile apps on Worklight, often without any initial guidance from IBM. This is wonderful. It reaffirms what we knew when we acquired the company earlier this year: Worklight is an elegant product that you can use to create mobile apps for multiple device types, connecting them securely to your backend infrastructure.
Mobile apps are not islands. That is, don’t think of a mobile app server as something that sits in the corner by itself while the rest of your infrastructure is elsewhere. We included IBM WebSphere Cast Iron in the IBM Mobile Foundation because we knew that customers and clients needed to have apps talk to enterprise applications like SAP but also services that run on clouds.
Infrastructure support for a mobile app could be very little or might need to be very large. IBM Worklight 5.0 will ship the Liberty Profile of WebSphere Application Server in the box. So you get small and fast. If you have an existing WebSphere Application Server ND deployment, you can put IBM Worklight right on top of that. This includes WebSphere running on System z mainframes usingEnterprise Linux.
Mobile can extend your business. If you have a web presence for retail, mobile can extend that. If you are a bank and have ATMs, mobile can extend some of those functions to mobile devices. If you have automotive repair shops, mobile can increase customer trust and loyalty.
Mobile can transform your business. Your first mobile apps will enable some core functionality, but later apps and versions may bring in social, analytics, commerce, and industry-specific elements. Don’t think of just an air travel app, think of one that helps me use my time in airports productively and eat healthily.
So to sum it up: mobile is surging for good reasons, customers and partners are asking the right questions, IBM Worklight is appealing to them as platform on which to build multiple mobile apps, we think the IBM Mobile Foundation is a solid base on which construct your mobile enterprise, and I’m looking forward to showcasing the many, many mobile apps created by and for our customers and partners at Impact 2013.
The hybrid approach to developing mobile apps offers advantages for those wishing to produce pure native apps or those that have HTML5 content.
Earlier in 2012, on January 31, acquisition of Worklight, a provider of a mobile application development platform. Several weeks later the deal closed. There’s a lot of discussion of Worklight and IBM’s Mobile Enterprise strategy here at the IBM Impact Conference in Las Vegas this week.announced its planned
Worklight’s components include a Java-based server that can run on the WebSphere Application Server, developer tools that can integrate with app lifecycle products from IBM Rational, a runtime monitoring and application management console, and multi-device runtime support. For this last part, Worklight uses a hybrid approach based on PhoneGap (now incubating in the Software Foundation as the Cordova project).
A hybrid approach like this is an elegant way of using open technologies and standards to span the full spectrum of mobile application development.
If you can build your app entirely using HTML5, do it. You can place it on the web or your intranet and your users can access it anytime they want. You can also update it when you wish. You can also skip the whole app store experience. This approach is based on open standards, the best way we have found to handle interoperability.
At the other end, we have Native. This uses the low level APIs and programming languages for specific devices. For example, for Apple iPhones and iPads you would usually code your app in Objective-C and link in any other libraries you need. The full power of the SDK and device is available to you.
It is also completely non-portable, albeit powerful. When you need to produce an Android version, be prepared to code the app all over again. Each version will look completely native to the device, and this is an advantage to multiplatform approaches that force apps to have a common but non-native look everywhere. (“Our app works the same and looks ugly everywhere.”)
Here’s something important that a lot of people miss about the hybrid approach. If you use no HTML5 content whatsoever, you still get the app manageability, push notification framework, and security from Worklight. So you get a pure native app that is nevertheless in the same “family” as your mobile apps that do include HTML5.
At the other other extreme, even if you use no special native features and try to have your app being almost completely HTML5, you get to put your app in an app store, and you, once again, get the app manageability, push notification framework, and security from Worklight.
So Worklight and its hybrid approach covers almost the entire range from pure HTML5 to pure Native.
This also means that your developers’ web programming skills are usable when building Worklight hybrid mobile apps. If you are a software developer, this is a very effective way to quickly add mobile app development to your portfolio of skills.
Some apps will use a lot of HTML5, some will use very little. With Worklight’s hybrid approach, your skills are applicable across many different kinds of mobile apps. This is important, trust me, because you won’t be building just one mobile app in the future.
I’m one of the people interviewed in this video from EE Times done at Mobile World Congress 2012 in Barcelona. Next time I’ll try to not move my hands quite so much.
I’ve been giving many talks lately to customers and partners about Worklight acquisition and the presentation I gave at Mobile World Congress 2012. Here are some more detail on one of the slides, the mobile lifecycle.‘s mobile strategy and recent moves in our product portfolios. See, for example, the news of the
Let’s go through the bullets one by one.
Strong demand by LoB
Mobile is personal: people have and use smartphones and tablets in their everyday lives. It makes it much easier for business people to imagine how mobile apps can affect and improve their effectiveness, customer loyalty, and revenue. This then drives the CIO, CTO, and the IT staff to decide how to create and distribute the apps. Their decisions include choosing a platform on which they can can consistently build the 5, 10 or more apps they will create in the next 3 to 5 years.
Higher expectations of user experience with mobile apps
Since people have so much experience with personal use of mobile apps, even games, they expect very high quality user experiences from apps provided by enterprises such as banks, insurance companies, healthcare providers, and governments. They have similar high expectations for any apps they use to get their jobs done, such as business analytics, workflow, supply chain, commerce, and social business.
Lack of best practices guidance on how to deliver mobile applications
There’s been a lot of mobile app building experimentation by businesses in the last two years. Many of the apps were outsourced and, while they may look good, came in much more expensively than expected. Some of the apps were native, some were HTML5, and some were done in “interesting” ways. Businesses need to control the costs in building and maintaining the apps, while getting maximal reuse of current staff technical knowledge. This means you take what you know and apply it to creating your first mobile app, but also use the same information and technologies to build many mobile apps after that.
More direct involvement from users/stakeholders in design
It’s not up to the IT team to figure out all the technology to build, run, connect, manage, and secure mobile apps as well as to define the user experience. People who will be using the apps want to influence the interface design, and in many cases insist upon it.
Native programming models are not portable across devices
You can create amazing beautiful and functional apps using pure native methods with theiOS and SDKs. Whichever one you pick, you can then do it all over again for the other one. This may be what you have to do, but recognize the difficulty and the expense. While some companies offer on-device environments to try to make apps work and look the same across devices, I think a much better approach is to maximize the use of open standards like HTML5. You also need to balance optimizing for a particular device, maximizing cross-platform code, and not having your app behave in a “least common denominator” manner.
Highly fragmented set of mobile devices and platforms
Raise your hand if you think we won’t see any more mobile operating systems in the next five years. Anybody? Nobody? Apple is different from Android which is different from BlackBerry which is different from Windows Phone. Android? Which version of Android? You need a mobile development and management platform that can handle mobile devices that exist today and will be introduced in the next few years.
Very large number of configurations of devices, platforms, carriers, etc. to test
Not only do we have many mobile operating systems, we have many handset providers and they may tweak the operating system and the applications available on it. The same goes for telcos. So you need a testing strategy that helps you cover the range of platforms you want to support. By the way, it is ok to say that you won’t cover all possible combinations. Pick the ones you absolutely must support and choose a mobile development and management platform that can handle those and the ones on your immediate roadmap.
Mobile landscape evolves at a much faster pace
New handsets come out every year, as well as major versions of mobile operating systems. Point releases of the operating systems come out every few months. For smartphones and tablets, many parts of the world are shifting from 3G to 4G. If you take too long to develop your mobile application or solution, you will be a generation or two behind by the time it gets to market.
More frequent releases and updates for apps with more urgent time-to-market demands
Not only do you have to get your app to market to match the hardware and software used by your consumers, you have to update and distribute your app as frequently as necessary to address bug and security fixes and competitive feature additions. Backward compatibility is important, but you need to evolve your app as fast as necessary to deliver what your users need to be productive and to stay your users.
The February issue of the IBM Smart SOA & BPM Newsletter has an interview with me titled “Delivering value with mobile enterprise technologies.” From the introduction:
We asked the Vice President ofMobile and member of the IBM Academy of Technology to discuss the trends in mobile computing and the advantages of these trends to businesses today. Sutor talks about the biggest challenges that organizations face when building a mobile enterprise, and how they can get started on the right path, including using security controls and standards, to achieve business value from mobile enterprise technologies.
I answered the questions:
- What trends do you see in regard to mobile technologies and use of these technologies?
- What advantages do these trends bring to organizations?
- What are the biggest challenges organizations are facing in integrating mobile technology into their businesses?
- What can businesses to do maintain security controls?
- What role do standards play in building a mobile enterprise?
- How can a business get started with mobile technologies?
Yesterday mycolleagues Caleb Barlow, Vijay Dheap, Naveed Makhani and I recorded a podcast called “Enterprise Mobile Management and Security.” In it we discussed BYOD (Bring Your Own Device), mobile management, mobile security, why mobile is posing new opportunities and challenges for IT departments, what’s new about mobile, and IBM’s announced acquisition plans around Worklight.
You can listen to it several ways:
- Main site: http://www.blogtalkradio.com/itsecurity
- iTunes: http://itunes.apple.com/podcast/information-security-blog/id384369562
- Set top box (Roku, Boxee, etc.): http://www.techpodcasts.com/unifiedcommunications/
On Monday, February 6, at 4 pm et, I’ll join my IBM’s planned acquisition of mobile application vendor Worklight.colleagues Caleb Barlow, Vijay Dheap and Naveed Makhani to discuss “Enterprise Mobile Management and Security”. As you might expect, I’ll also talk about
Visit the podcast website for more information about listening in. Here’s the excerpt for the session:
Mobile devices are rapidly becoming the end-point that drives business results. With the increasing trends in “bring your own device” and mobile threats doubling in 2011 how do you responsibly embrace mobile while protecting your security and IT infrastructure? In this podcast Caleb is joined by Bob Sutor, Vijay Dheap and Naveed Makhani to discuss the trends in mobile along with IBM’s intention to acquire Worklight.
Todayannounced some important enhancements to its Mobile strategy for supporting customers looking to grow and transform their businesses, whether they are B2C, B2B, or B2E.
IBM Advances Mobile Capabilities with Acquisition of Worklight
From the press release:
In a move that will help expand the enterprise mobile capabilities it offers to clients, IBM today announced a definitive agreement to acquire Worklight, a privately held Israeli-based provider of mobile software for smartphones and tablets. Financial terms were not disclosed.
With this acquisition, IBM’s mobile offerings will span mobile application development, integration, security and management. Worklight will become an important piece of IBM’s mobility strategy, offering clients an open platform that helps speed the delivery of existing and new mobile applications to multiple devices. It also helps enable secure connections between smartphone and tablet applications with enterprise IT systems.
IBM Announces New Software to Manage and Secure the Influx of Mobile Devices to the Workplace
From the press release:
IBM today introduced new software to help organizations better manage and secure the explosion of smartphones and tablets in the workplace, while also managing laptops, desktops and servers.
IBM Endpoint Manager for Mobile Devices helps organizations support and protect the growing mobile workforce. Through this software, firms can use a single solution to secure and manage smartphones and tablets, as well as laptops, desktop PCs, and servers. It managesiOS, , Nokia Symbian, and Windows Mobile and Windows Phone devices.
The software extends security intelligence to deal with the growing threats from mainstream adoption of the BYOD trend. Organizations can install the IBM software in hours, remotely set policies, identify potential data compromises and wipe data off the devices if they are lost or stolen. The software helps configure and enforce passcode policies, encryption and virtual private network settings.
Why I think this is important
After spending the last several months speaking with customers, I’ve concluded that 2012 will be a very significant year for Mobile in the enterprise. I think this is the year when customers will decide on the mobile platforms and tools that will carry them into the middle of the decade, and begin to discard earlier experiments.
The old category of MAP or MEAP (Mobile Application Platform or Mobile Enterprise Application Platform) is not sufficient anymore. Customers need everything to build, run, connect, manage, and secure mobile applications. Remember that we’re not just talking about the apps on the devices (and there are many devices), but also the backend server infrastructure necessary, and this needs to be enterprise-ready. By this I mean that it needs to scale and you must be able to integrate it with the services, applications, processes and data that are essential to your organization.
Therefore the modern Mobile platform needs device-side and server-side application development and lifecycle tools; support for multiple devices and mobile operating systems; mobile application an device management; security capabilities from the devices all the way to the back-end; and scalable, transaction-capable connections to the IT systems on which your organization depends for its business. This is what IBM is demonstrating today in these strategic announcements in addition to its existing products and solutions.
Join me today in Tweetchats
I’ll be using Twiiter today for 2 one hour sessions to discuss these announcements with Scott Hebner, VP of Marketing and Channel Management for IBM Tivoli.
The first session is planned for 10:30 to 11:30 AM ET and the second for 1:00 to 2:00 PM ET.
Both sessions will use the hashtag #ibmmobile. Myname is @bob_sutor and Scott’s is @SLHebner.
You can follow us via your usual Twitter client or else use the Tweetchat tool at http://tweetchat.com/room/ibmmobile.
Also see these blog entries
- Thoughts on mobile management
- Mobile BYOD is not unbounded
- 10 predictions for enterprise mobile for 2012
- Employee mobile device + work = potential security problem
What does it mean to manage a mobile device, say a smartphone like aniPhone or one with ‘s operating system?
At the lowest level, the device level, you might want to
- establish a policy for length and structure of passwords
- set or reset a password
- detect whether the phone had been jail-broken or rooted
- configure device-wide VPN
- set power management policies
- manage the low level security of the filesystem or other local storage
- wipe the device entirely or reset it to factory settings
Above that, at the application level, you might want to
- inventory the device for installed applications
- install or update applications
- set security policies for use of the applications, their data, and their network connections
- selectively remove an application or its data
- configure application-specific VPN
- manage anti-virus and other security tools for browsers and other applications that access the web
- manage installation and use of an enterprise application store behind a firewall, private hosted outside, or via external sites like the Apple iTunes Store or the Android Marketplace
The first list of items, with additional functions, is part of Mobile Device Management, or MDM. Note that people do sometimes confuse “MDM” in this context with “Master Data Management.”
The second collection is part of Mobile Application Management, sometimes shortened to MAM.
The first thing to notice is that what I deemed “management” often has a lot to do with security, especially when the phone is used to access enterprise data and systems.
Second, in practice, those who provide MDM functionality often provide some MAM functionality, and vice-versa. That is, a vendor might say “I can give you an enterprise app store but can also wipe devices.”
BYOD, or “bring your own device” complicates things because I probably do not want the organization for which I work to impose overbearing policies that affect my personal use of my phone. I certainly don’t want them to wipe my entire device if I leave the organization juto remove all traces of enterprise data or network access.
So the line is blurry between MDM and MAM, and I think we should get rid of the distinction altogether. That is, let’s just talk about Mobile Management and combine the two categories above. It will simplify things, remove the imprecision of the definitions, and bring better clarity to what vendors do and do not offer.
So if we can agree that Mobile Management consists of 27 common capabilities (for example), a vendor that offers 5 of them can be more fairly compared with one that offers 25.
No doubt that vendor proving minimum capability will embellish the description by adding “but we do it from the cloud!” (grin)
BYOD, or “bring your own device,” is an important topic in today’s discussion of mobile in the enterprise. Employees buy their own smartphones or tablets, love them, then bring them to work and want to use them to access company data, systems, and applications.
For the CIO, this represents an opportunity to save money by not having to pay for and provide devices, but opens up many questions about how to allow secure access and management of the enterprise portions of those devices. I’m here at the Lotusphere conference in Orlando, so it shouldn’t surprise you when I say that many of Lotus Traveler for secure access to email, calendar, and contacts on mobile devices, for example.‘s customers are looking at
BYOD does not mean that any employee can bring any device to the office and demand that it be allowed access to the company’s digital infrastructure. That said, if the CEO brings in his or her sexy new smartphone, the CIO may feel more inclined to make that work.
In practice, CIOs will say that certain devices running specific mobile operating system versions, augmented by security and management software and policies will be allowed access to the company’s network. That is, “bring your own device” really means “bring your own device as long as it is one of the following.”
Many enterprises already support Blackberrys, so that will be relatively easy. There’s not too much variation amongiPhones and iPads beyond the major version numbers. So while a 3g phone might work, I think many enterprises will insist on a 4 or 4s phone, probably running the latest version of iOS.
is more problematic because there are many handset providers and many versions of the operating system. Expect individual handset vendors to negotiate directly with CIOs to allow use of their devices in the CIOs’ companies, even if those devices are bought by the employees.
The wildcard here will be Windows Phone and the devices that support it. While Apple iOS and Android are very different, both technically and culturally, Windows Phone is different yet. While Mango is quite nice looking, as I saw from the Nokia team at Lotusphere, will individual purchasers and CIOs wait until Windows Phone 8? Will the rate of adoption allow it to be accepted into the enterprise any time in 2012 or might it even be 2014 before the demand is sufficient for supporting it inside companies?
My advice to CIOs is this: if you support Blackberrys, you will need to support them for the foreseeable future. The newer iPhone and iPads will need to be given enterprise access because of their marketshare and the demands of senior management. For Android, pick a couple of handset vendors, perhaps based on a survey of your current employee users, and settle on the level of the operating system you will support. Educate yourself about Windows Phone, but the above combinations are probably of more immediate and higher priority.
This release includes updates to the mobile application manager with social feedback, SMS support, tools, and, perhaps most important, support for‘s iOS mobile operating system. The first two releases supported only.
This drop also includes the latest version of the Liberty Profile for the WebSphere Application Server. It’s a great example of how we think customers will use the Liberty Profile and OSGI in action.
The Mobile Tech Preview is our way of giving you a glimpse of what is going on in the IBM labs around the area of mobile application development, tooling, security, and management.
From March 4 through 7, Mobility and Endpoint Management track, and I’ll be a member of the keynote panel kicking off the discussions.will be holding its Pulse 2012 conference at the MGM Grand in Las Vegas. One of the main streams of the event will be the
With the ever-increasing number of endpoints organizations must manage – physical and virtual servers, desktops, laptops, point of sale and mobile devices – it is imperative to gain visibility, control and automation. These devices simultaneously represent security risks, employee productivity, and new business opportunities. Join us at Pulse 2012 to hear from your peers and IBM experts on how to minimize risks, increase productivity, and increase innovation.
Mobile devices in particular have a very large impact throughout the organization today. Their rapid adoption over the last several years has significantly increased the “consumerization of IT” and forced IT departments to adopt Bring Your Own Device (BYOD) policies. At IBM we understand this goes well beyond the devices themselves though – it impacts network traffic, internal software development and custom applications, employee collaboration and use of social media, and much more. We are enabling businesses to build mobile applications, run and connect them to backend systems, manage their devices and applications, and secure their businesses on mobile – all to help our customers create new business opportunities and extend existing business capabilities.
You can register today for the conference and don’t forget to mention Mobile as one of your main interests in attending.
Next week is IBM’s Lotusphere conference in sunny and, I hope, warm Orlando, Florida. For those of you attending, I’ll be giving a talk called “Harnessing the Power of Enterprise Mobility” on Monday, January 16, from 11 to 12 AM. The session number is 1582A and the room is Swan – SW 7 – 8. The abstract is
It’s hard not to talk to an enterprise customer these days without getting into a discussion about Mobile. By 2012, the shipment of smartphones and tablets is expected to exceed that of traditional personal computers, including laptops. Enterprise CIOs want to use these personal mobile devices to give better access to their internal data and processes for employees, as well as enabling better purchasing and support services for their customers. Complicating this is the variety of devices used, employees who wish to use their own devices at work, application level and device management, cost controls, and security concerns. In this session, Bob Sutor will discuss his views on the foundational needs of enterprises for a mobile application platform, mobile device management, and security along with comments on howcan help you become a social business that leverages experts wherever they are working.
I’ll also be hanging out at the Enterprise Mobile booth from time to time, talking about the IBM Mobile Technology Preview. Stop by and say hello!
Yes, it’s that time of year of for predictions for what we might see in the next twelve months. Being in the IT business and in a company like, I’m somewhat hamstrung in what I can say regarding the future because of confidentiality, but here’s my attempt at some prognostications that won’t be giving away anything secret.
These are my personal predictions and not those of IBM.
- There will be a huge rush to fill the developing void being left by RIM and Blackberry, and smart enterprise CIOs will focus on security and management issues first.
- Although there seem to be 1 or 2 new entrants in the mobile device management area every week, potential customers will learn that it takes more than being able to call an API to wipe a device to give you enterprise credibility.
- The differences between mobile application management and mobile device management will become clear.
- Companies that develop multiple applications will understand that some will be web/HTML5 based, some will be native, and some will be hybrid. You don’t need to support just one kind and your application platform vendors shouldn’t force you to do so.
- CIOs will realize that the connection between mobile and cloud is overhyped. CIOs will realize that the connection between mobile and cloud is underhyped. That is, your use of cloud for mobile applications may not be in the way you expect today.
- Traditional networks that support web applications will need to be reconfigured and re-optimized to support an increasing amount of traffic from mobile devices. The number of interactions will dramatically increase, their length will be shorter, and significantly more asynchronous notifications from the server side will all drive a lot of R&D.
- While fans continue to claim world domination and keeps selling more and more iPhones and iPads, look for ‘s relative marketshare to start inching up.
- WebOS is done, but look for a new smartphone/tablet operating system to arise by late 2012 that will start to challenge RIM and Microsoft for the number 3 and 4 market positions.
- will have a serious tablet in the market by mid-2012 that will start to get some enterprise interest. The connection between that and the Amazon cloud will become clearer. The device may not be running Android.
- Apple will make changes to iOS to make it easier to support both personal and enterprise secure personalities on the same device. Yes, I know you can do this on Android today, but we weren’t talking about Android, were we?
Bonus: I will give up my Blackberry and get an Android smartphone for the first time (to complement my personal iPhone and).
Over the last 15 years of my career, I’ve seen several ideas or technology trends capture a significant amount of customer, press, and analyst attention. There was Java, XML, web services, SOA, and cloud. In and around all those were standards and open source. To me, the unquestionably hot technology today is mobile.
To be clear, I’m not talking about what happens in cell phone towers or the so called machine-to-machine communication. I mean smartphones and tablets. Those other areas are important as well, but devices are so front of mind because so many people have them.
is obviously playing a big role with its iPhone and , not to mention the half million apps in their App Store. and the ecosystem have produced even more smartphones and a whole lot of apps as well. Then there’s been the drama around HP and webOS, plus RIM and the PlayBook and outages. So we’ve got competition, winners and losers, closed ecosystems, and sometimes open ones. What’s not to love about mobile?
It can get confusing, especially for people trying to figure out their enterprise mobile strategy. They are looking for strong statements, for “points of view,” that will help them take advantage of mobile quickly but also aid them in avoiding the biggest risks. This is made even more interesting by employees bringing their own devices to work, the “BYOD” movement.
Not every employee is issued an official company smartphone and the devices they buy themselves are often better than what the company might provide. So they are saying “I’ll pay for my phone and my contract, let me have access to work systems so I can do my job better.” The recent ComputerWorld article “IBM opens up smartphone, tablet support for its workers” discusses some of what’s happening in this space at , my employer.
Next there is the whole web vs. hybrid vs. native discussion regarding how to build apps on the device itself. Should you write it to the core SDK on the device (native), stick to developing standards for continuity and interoperability reasons (web), or something in between (hybrid)? Which is faster and for what kinds of apps? Does the app cause a lot of network traffic or does it require great graphics? Are you willing to bet that HTML5 will get better and better? I’ve started discussing this in a series of blog entries called “Mobile app development: Native vs. hybrid vs. HTML5″ (part 1 and part 2). Your choice will involve tradeoffs among expense, time to market, reuse of web skills, portability, and maintainability.
What about management? If I bring my own device to work, how do the company’s apps get onto it in the first place and then get updated? Is there an enterprise app store? If I leave the company, do they zap my whole phone or just the apps they put on it? There are differences between Mobile Application Management (MAM?) and Mobile Device Management (MDM) that you need to understand.
Let’s not forget security, as if we could. A colleague of mine, Nataraj Nagaratnam, CTO of IBM Security Systems, told me the way to start thinking about that for mobile is that “a secure device is a managed device.” That doesn’t mean that all security falls under management, but rather you need to have device management to have a complete mobile security strategy. You also need to be handle identity management, authorization and authentication, single sign-on across apps, data loss protection, and all the things you need to worry about with the web today such as phishing, viruses, worms, social networking, VPN, etc. Security must be there but it also needs to be unobtrusive. Most mobile users will not know what a certificate is nor whether they should accept it.
Fundamental to managing and securing mobile devices compared to laptops is that people tend to lose their phones a lot more often than they lose their laptops. That’s a good starting point for thinking about the differences.
The Mobile Technology Preview encapsulates several technologies we’ve been working on in the labs. We’re making it available for you to experiment with it, comment on it, share your requirements for your mobile platform, discuss the pros and cons of different approaches to mobile app development on both the device and server side, and join the community to make it better.
We plan to update the Technology Preview as we add or change the feature set, ideally because of your stated requirements. In this release we’ve included
- an application server runtime that uses the WebSphere Liberty Profile of the WebSphere Application Server 8.5 Alpha (runs on Linux, Mac, and Windows)
- a notification framework
- basic management functions
- location-based security
- several samples featuring notifications, Dojo, PhoneGap, and a starter insurance app for handling car accidents.
The Mobile Technology Preview is available for Android devices.
I plan to use the tech preview from time to time to illustrate some of my discussions of mobile in my blog. I encourage you to try it out, track its progress, and influence its roadmap.
Employee: “I lost my.”
Corporate security: “Why are you telling me?”
“I had company documents on it.”
“But you had the mobile security package installed, right?”
“I would have thought the company president would have known better …”
With the BYOD, or Bring Your Own Device to work, movement rapidly picking up steam, more and more employees are taking their smartphones and tablets to the office. This can be a boon to the CIO’s office if it no longer needs to foot the bill for those fancy new devices, but opens up all sorts of security problems.
The great thing about the current generation of phones and tablets is that they are so usable. Even forgetting apps, having mobile browser access wherever you are gives you access to information and processes that can help you do your work more efficiently and in a more time sensitive way.
Of course, being so convenient and light, it is also easy to lose them. This is why you can’t just tell your people to use their phones for work. You need to manage the access and resources they have, and be able to shut it down or delete them if the case arises. This could because because of a lost or stolen phone, but also because the employee should no longer be able to get to company data. There are levels of security access and people who are former employees should have no access at all.
All of this is on top of the security problems we already recognize and handle on laptops, such as phishing, viruses, and data loss protection.
And now a word from my sponsor …
announcing the Hosted Mobile Device Security Management service. Capabilities in the new mobile security service include:is today
- Configuring employee devices to comply with security policies and actively monitoring to help ensure compliance over time
- Securing data in the event that a device is lost or stolen
- Helping to find a lost or stolen device – wherever it is
- Protecting against spyware and viruses
- Detecting and removing malicious and unapproved applications
- Monitoring and tracking user activity
- Enabling more secure connectivity
And now back to me …
Seriously, this is a big but I believe containable problem if you take the necessary steps to understand the security exposures of employee devices in the enterprise and take steps now to provide the necessary security. Many people are familiar with the security and management capabilities of RIM and Blackberries, and they are now asking for the same level of comfort for iPhones, iPads, anddevices.
If you don’t have a security policy in place for mobile devices in your company, you should start putting one together and implementing it now. Think about how many devices will need to be supported, what kinds, to what they will need access in terms of processes and data, and what you need to do when something goes wrong.
An employee need to understand that if he or she wants to use that cool new tablet for company work then he or she will need to live by the rules and policies set down to protect the organization’s assets. There’s a spectrum of possibilities between “you can’t use your own to device” to “you can do whatever you want.”
As an industry we’re trying to help companies move from the first situation to something in the balanced middle that provides the right level of security while maintaining the convenience, usability, and power of the devices.
- Press release: “IBM Unveils Mobile Security Service to Protect Sensitive Corporate Data”
- Press release: “IBM X-Force Report Reveals Mobile Security Exploits to Double in 2011″
- All Things Digital: “IBM Launches Service to Secure Smart Phones at the Office”
- TechCrunch: “IBM Debuts Mobile Security Service For Smartphone And Tablet Use In The Enterprise”
- InformationWeek: “IBM Launches ‘Bring Your Own Device’ Security”
This morning I’m returning to the US after several days in the UK, specifically‘s Hursley Labs near Winchester. It’s been a good trip but as it wound to a close I began to turn my attention, and my anxiety, to the flights home.
I’m not afraid of flying, that’s not the source of stress. Rather, I hate dealing with long lines at the airport and the people ahead of me who are seemingly rebooking travel for 50 of their relatives. Because of this, I like to get to the airport early.
My first flight today leaves out of Heathrow Terminal 3 and goes to Chicago. When I can, I try to stay near Heathrow the night before flying so I don’t have to worry about travel problems on the roads or trains due to accidents or strikes. So last evening I checked into a new-to-me hotel, the Heathrow Hilton, near Terminal 4. This is a very nice, very modern hotel, though I was shocked that they still allow smoking in some of the rooms. My room was designated as non-smoking, but that familiar acrid and nasty smell wafted down the hallway as I got to the door.
The Chinese restaurant in the lobby was quite good and I turned in relatively early after doing some email and reading (Mercury Falls by Robert Kroese). My flight leaves at 1:15 pm so I left the hotel a few minutes after 9. In the past, I’ve taken the Hotel Hopper from my hotel to the terminal, but there was a walkway from the Hilton directly to Terminal 4. So I walked, and I walked, and I walked. The walkway is an enclosed elevated tunnel with occasional windows that give you a peek at all the traffic below you.
I arrived at Terminal 4, got on the elevator to take me down to the train that would take me to Terminal 3 (or on into London had I not been paying attention). I got off, realized I was on the wrong floor, smelled yet more cigarettes, and finally made it to Floor -1.
I then started moving swiftly toward the trains since the next one was to leave in 4 minutes. Perhaps I was too swift, because I got caught up somehow in the luggage barriers about 40 feet from the train. I went splat on all fours, banging my knees on the ground. After thinking “ouch” my next thought was how I was going to maintain some level of dignity as I got myself up, dusted off, and onto the train. Some very helpful security guards asked if I was ok, which I was, if a bit sore, and I got myself to Terminal 3.
In the old days I was Executive Platinum on American Airlines which gave me all sorts of perqs including being able to check in at the Business and First Class counter. Alas, I am only a lowly Gold member now having not travelled enough in the last year. So it was with great pleasure that I saw that I could check in at a kiosk and skip the long line with the 50 relatives who needed rebooking. That took two minutes.
Then it was on to security which used up 10 more minutes. So all in all, it took me less that 45 minutes to get from my hotel to where I am now, having breakfast in a restaurant (Eggs Benedict, Diet Coke) inside the terminal. Perhaps my anxiety was misplaced, though my back does feel a bit sore from my spill.
However, I’ve travelled enough to know that each positive experience only partially offsets the negative ones. So my fingers are crossed that the remainder of the trip goes reasonably well and I get home safely around 1 am.
While this post definitely falls into the category of “a word from my sponsor,” I hope you’ll take a look at the software being discussed if you have at all been involved with Java and web application servers.
One of the most fun parts of being in the software world is being able to get your code into the hands of developers. While you can have great big product releases with much fanfare, other times there are smaller alpha and beta drops that can surprise you if you take the time to look at them. This is one of those latter instances.
If I’m developing code, I’m not going to get it right the first time. I’ll need to fix bugs but I’ll also need to progressively add features. This means that I’ll be editing, starting up the environment, testing, tweaking, debugging, over and over again. My environment and tools need to make this fast and easy for me. When I’m done coding and testing, I need to know that what I produce will run in a production quality environment with the right security, performance, availability and other qualities of service. I need a web application environment, both runtime and tools, that gives me all this.
WebSphere Application Server V8.5 Alpha. First of all, this is a shiny new thing that developers, particularly Java developers should check out. Within this is something new and different tha we’re calling the Liberty Profile. The website describes what you get with this:has just released the
The WebSphere Application Server V8.5 Alpha delivers a simplified and lightweight runtime for web applications. Incredibly fast restart times coupled with its small size and ease of use make V8.5 a great option for Developers building web applications that don’t require the full JEE environment of traditional enterprise application server profiles. Highlights of the WebSphere Application Server V8.5 Alpha include:
- Free and frictionless download for development purposes
- Ultra lightweight modular runtime with an install size of under 50 MB
- Incredibly fast startup times of under 5 seconds
- Simplified configuration for quick time to productivity
- WebSphere Developer Tools available as Eclipse plug-ins
To get started, download the server and/or the tools.
You can learn more via articles, videos, podcasts, and samples.
Finally, and this one is really important, join the community and participate in the discussions.
Sometimes products are just small evolutionary changes from what was there before. This represents something profoundly different. In my opinion, and I am far from partial, it is worth a look.
I’ve seen and heard a lot of discussion about how people build applications for mobile devices. While there are literally hundreds of thousands of apps out there for, , Blackberry and other smartphones, I can’t help but think the majority of these are one-off efforts. In this series in the blog, I’m going to tackle some of the issues with developing mobile apps, especially for enterprise use, and along the way propose some ideas for making the process easier and more repeatable.
In the last entry I spoke about the attraction of writing pure Native applications for mobile devices. They’re fast, have full access to all the device features, and can be made as beautiful and functional as your software development skill allows. They’re also non-portable and can take more people, time, and money to develop.
Wouldn’t it be nice to be able to develop applications using open industry standards that run in many different environments? You know, applications that allow text content, great formatting, images, video, forms, and interaction with backend systems?
While there have been many motivations for developing HTML5 given the experience of people creating billions of web pages, I think it’s safe to say that creating a standards-based cross-platform environment for mobile devices was an important reason. That is, don’t think of a web page as just something you read, but rather consider it an application with which you are interacting.
I won’t go into all the features of HTML5 but there are several good references on the web in addition to the spec to which I linked above. In particular:
- IBM developerWorks HTML5 Fundamentals
- Wikipedia HTML entry
- Apple’s HTM5 page (very glitzy)
- HTML5 Rocks
Generally, HTML5 allows much better and more consistent ways of embedding multimedia in web pages. It also adds new elements to help you structure the document. The Document Object Model, something I worked on in ancient history, is now considered core to the specification and the programming model.
These are nice things for web pages, but does HTML5 give you anything new that makes its especially attractive for mobile devices? One of these is the geolocation application programming interface. In short, this allows you to programmatically determine your location, and then do something with it. That “something” might be to pinpoint your location on a map, provide a starting point for map directions, determine what weather forecast to show you, or display ads for local businesses, for example.
You can also store information locally on your device, though that opens up the question of security if you happen to lose it or you somehow get hacked.
What about access to other core features on your device? Using pure HTML5, can you snap a picture? How about use the compass or receive a notification? You can’t, but remember that you can still do all the interactions that you’ve been doing for years in your browser. You can read all sorts of information, do searches, buy things, access FaceBook, and so forth.
So HTML5 provides a richer interactive environment than we’ve had before and is starting to allow programmatic access to some device features.
If HTML5 does everything you need for your planned application, then use it.
HTML5 is still under development and you are seeing support for it from the big industry names that supply browsers or content, companies like, Apple, , and FaceBook. , of course, has been and continues to be a huge supporter of open Internet and Web standards.
You do need to understand which HTML5 features are considered solid and which are experimental. You should also experiment with formatting on multiple devices to make sure that your app looks right (not too skinny, not too wide, just right) on the smartphones or tablets that are important to you.
Note that an HTML5 app is really just a web page, so you don’t need anyone’s permission to put it into an app store. For many people, that is more than enough reason to try really hard to make HTML5 work.
Also, even if you are developing some native applications, you might decide to do some HTML5 ones as well. The more experience you get in creating apps with different capabilities, the better you will get at economically providing apps faster to your consumers, customers, or employees.
So Native gives you everything, but is non-portable. HTML5 is portable and standards-based, though it is still under development and does not give you full access to the device. What do you do if you want the best of both worlds?
Hybrid is this weird middle ground between Native and HTML5. Over time, this gap between them will get smaller. There are several approaches for both development and runtime of Hybrid apps, and I’ll discuss them next.
I’ve been back in a software product area since the beginning of June, and I’ve been spending a lot of time looking at product descriptions and literature. Not just‘s, mind you, but those of our competitors as well. This includes traditional, commercial “proprietary” software and commercial open source software.
Some of the descriptions of products in the industry are quite good, but many are pretty bad. They seem to range from “this is so high level that you have no idea what the product does” to “this has a long list of technical details that we hope impresses you even though you might not know how they could possibly help your business.”
I know, I know, different descriptions for different audiences. What you say to someone in development or the CTO should probably be different from what you say to the CIO and almost certainly different from what you say to the CFO. However, when there is only one, everyone suffers.
You need to know who your audience is (“segmentation”) and then shape what you say. Explicitly address your different audiences. It’s ok to say right at the beginning of each paragraph to whom you are speaking.
Here are a few suggestions, written from the perspective of a customer.
- First and foremost, the goal in acquiring software is to accomplish something. Tell me if your product will help me do that. This might be a simple yes or no.
- If I am a developer, tell me how easily your product will let me do what I wish and how it will make my life simpler and more productive. This new ease is in comparison to the previous version of your product as well as offerings from your competitors. Don’t overdo it on cute statements like “we make developers happy.”
- Match new or improved technical features to business value. “By doubling the amount of memory your application can use, you can now serve 25% more customers in the same amount of time and increase your revenue.”
- Regarding business value, stating how your software can help increase revenue (as above), improve security, increase availability, improve customer loyalty, decrease maintenance costs, and simplify integration with other parts of the business are all good things. If your software will help do none of these, why would I possibly install it?
- Don’t be overly simplistic about TCO (total cost of ownership) and TCA (total cost of acquisition). I can add up transactional, service, and support costs over 5 years as well as you can.
- Do, however, give me a way to compute the real return on investment from your software. Even if your TCA is $0, I may need to pay my people, your people, or a services integrator money to make it work for me. Give me examples based on real customers if possible.
- If I read your website and after 5 minutes I still don’t have the vaguest idea what your product does or why I might want to install it, you’ve failed. Start over.
- Separate promises of future functionality and value from what you can do right now. I’m interested in your roadmap, but I have problems to solve right now. Do not imply you can do more today than you can.
- Use graphics well to convey what your software does and the value it gives me. Don’t think that adding more tiny boxes with tinier print in them improves things. You are educating me about your offerings so I can make an intelligent and well informed decision. You are helping me make the case for acquiring your software within my organization.
- For emphasis: tell me how your software will make my organization better, more efficient, and more profitable, and how I can serve my customers better. If it will lead to great personal success for me, so much the better!
Today a whole lot of companies, including BMC Software, Open Virtualization Alliance.Systems, HP, , Intel, , Inc. and SUSE, announced the creation of the
From the press release:
… today announced the formation of the Open Virtualization Alliance, a consortium committed to fostering the adoption of open virtualization technologies including Kernel-based Virtual Machine (KVM). The consortium will promote examples of customer successes, encourage interoperability and accelerate the expansion of the ecosystem of third party solutions around KVM, providing businesses improved choice, performance and price for virtualization.
The Open Virtualization Alliance will provide education, best practices and technical advice to help businesses understand and evaluate their virtualization options. The consortium complements the existing open source communities managing the development of the KVM hypervisor and associated management capabilities, which are rapidly driving technology innovations for customers virtualizing both Linux and Windows® applications.
KVM virtualization provides compelling performance, scalability and security for today’s applications, smoothing the path from single system deployments to large-scale cloud computing. As a core component in the Linux kernel, KVM leverages hardware virtualization support built into Intel and AMD processors, providing a robust, efficient environment for hosting Linux and Windows virtual machines. KVM naturally leverages the rapid innovation of the Linux kernel (to virtualize both Linux and Windows guests), automatically benefiting from scheduler, memory management, power management, device driver and other features being produced by the thousands of developers in the Linux community.
This is a not a story about leaving the City for a fun-filled winter vacation. Rather, it details how I managed to get home ahead of the sixth big snowstorm to hit the area this season.
This last week I was in New York City to speak on a panel at the SIIA Information Industry Summit. I flew down from Rochester, NY, on Tuesday and although there was a two hour delay on my flight, I got to my hotel in Times Square with no major problems.
New York City and many of the towns and cities along the US northeastern seaboard have been hard hit with snow storms this winter. These have caused quite a bit of travel disruption and loss of school for children in the Mid-Atlantic and New England States.
In contrast, where I live in northwest New York state, my son has not had any snow days off this winter, though some schools did take a day off when the temperature was below -10 F last week. This surprises some people, I believe, because they think Rochester, Syracuse, and Buffalo are just slightly below the Arctic Circle. (I jest.)
My panel was late in the morning on Wednesday. When I awoke in the hotel it was clear that it was already snowing. Due to some confusion on my part, I had several long blocks to walk to the conference site, as my hotel was on West 42nd Street and the conference was at Cipriani on East 42nd Street, across from Grand Central Station.
It wasn’t worth trying to find a taxi during the morning rush hour and I figured it would be quicker to walk than getting stuck in the slow traffic. I still thought this was true even though I had a rollerboard suitcase and my backpack.
I got down to the street and immediately noticed that it was indeed snowing quite heavily. But, wait, look at all those silly people with umbrellas! Where I live, in the northern snow belt, real men and women don’t use umbrellas in the winter. So I walked half a block and got pretty much coated with wet sticky snow. I stopped under a store awning and pulled out and raised my umbrella.
It was a slippery walk for 15 minutes, made worse by my wearing dress shoes. I got to Cipriani without falling, gratefully checked by bag and coat, and settled in to the conference. The meeting was focused on the publishing industry and my panel dealt with some of the issues in moving to digital publishing for mobile devices. John Patrick put up a good summary over in his blog.
The panel ended around lunch and I called my assistant for the second or third time that morning to see what the travel situation was. I was due to fly out of La Guardia airport around 5:30 that afternoon. One of my options was to stay another night in New York and fly out the next morning when, presumably, travel would be less affected by the snow. There were already several canceled flights on Wednesday morning.
We decided that it would make sense for me to head out to La Guardia airport, so I grabbed a taxi out front of Cipriani, once again managing not to fall on my butt in the slippery snow. It was a slushy but easy ride out to the airport in Queens, helped a bit by our going through the Midtown Tunnel and so avoiding some of the snow on the road.
La Guardia was oddly unbusy since many people had checked on their flights, realized they were were canceled, and stayed away. Security was a breeze and I was through it in about 15 minutes.
It was then around 1:00 and there was a delayed flight to Rochester leaving at 1:20. My flight at 5:30 still showed up as on time, but that really only meant that it was too far in the future to show an accurate schedule. At least it had not been canceled, yet.
To me it is oddly excited to get to an airport and find out that you might be able to take an earlier flight, especially if you are homeward bound. I went to the gate for the 1:20 and learned that the plane was going to be coming from Portland, Maine, but it had not yet left. There were, however, plenty of empty seats and the gate attendant put me on that flight in addition to the one at 5:30.
Time went by and the gate attendant to whom I had spoken left when her shift ended around 3:00. I decided to doublecheck on my dual seat reservations and so went back up to the desk. It turned out that I had not been put on the correct earlier flight at all.
The gate person offered to move me to that flight but warned that I might be bumped if they had weight restrictions. This happens in bad weather when the planes have to put on extra fuel to allow for takeoff or landing delays, or if their flight paths are changed.
If I did shift to the earlier flight, maybe I could get back on the 5:30 if I was bumped. I asked how it was that I had gone from having two seats to possibly having none, but she just shrugged. So my choice was to wait and see if I could grab a seat on the late 1:20 or, failing that, just take the 5:30 home. Meanwhile, it was still snowing.
A third option then presented itself. A flight to Buffalo started boarding from that same gate. I asked if I could have a seat on that, and I snagged one. I ran back, got all my bags and coat, and got on the plane. My seat was 13A, that coveted last row window seat opposite the bathroom, but it was a seat!
We went through normal de-icing, took off after a little delay, and landed in Buffalo 5o minutes later. By 5:00 I was driving out of the airport in a rental car. At 6:15 I was returning the rental car and getting my car from the parking lot. By 7:00 I was home, earlier than I would have been if I had taken that 5:30 plane.
Well, much earlier, it turns out. The 5:30 was canceled as the weather got worse. The delayed 1:20 did eventually fly but I have no idea if I would have had a seat on it. At that point, I didn’t care. I was home.
The snow picked up in New York City and along the northeastern seaboard overnight and many places had 10 to 20 inches of snow by Thursday morning. Almost all flights out of La Guardia were canceled until Thursday afternoon. Had I waited, I would have been in far worse shape than if I were aggressive to find some way to get close to home on Wednesday evening. It worked out this time, but that wasn’t completely an accident.
I should know better than try to travel in November.
This last Saturday I was scheduled to travel to Europe for a business meeting. It was the Saturday of Thanksgiving weekend, so I wasn’t surprised when I got to the airport to find the parking garage nearly empty. Most everyone was probably where they were supposed to be, though I knew the next day, Sunday, would be travel hell as people tried to return home or go back to school after the four day break.
Things were looking good as I got through security and headed to my gate. I grabbed lunch and still had two hours to spare before my flight.
It was a sunny cold day though rather windy, but flights seemed to be coming and going as scheduled. There was this one AirTran flight that was delayed and they reminded us every five minutes of that situation via the public address system. Then one of the announcements was a little different, it was for the 3:21 flight to Newark, and that was where I was going to connect.
I went up to the counter and learned that there was a little mechanical problem with the plane while it was still in Newark. Evidently they had knocked off or damaged some rubber pieces on the plane while the were deicing it. We were to sit tight and wait 25 minutes.
In less time than that, the gate attendant made an announcement that anyone with a connection time before 6:30 should come up. Mine was 6:50, but I figured that since international flights board earlier, I should check out the situation.
When I got to the desk, there was a teenage girl crying and the attendant was trying to find out what was wrong.
“Are you upset because you won’t get to Cincinnati today?”
“Then why are you crying?”
“Because I don’t want to leave.”
“So you want to stay here in Rochester?”
So they agreed that she could leave the airport and grab a flight the next day.
I got to up to the gate, promised the man that I wasn’t going to cry no matter what he told me, and found out that I would definitely miss my connection. Moreover, even though there was a later flight to Frankfurt, I might miss that as well. Rescheduling for the next day was hopeless. So I decided, reluctantly, to cancel my flight and went home. I called the travel agent and got my hotel reservation canceled, and sent email apologies to my colleagues in Europe.
This is the third time this has happened to me in the last 10 years, missing a flight to Europe because of mechanical or weather problems. I always feel very bad and guilty about it, though I know the situation is out of my control. I even tried to allow an extra day in this case.
I had other work to do on a work project and spent most of Sunday and a good deal of Monday handling it because of a tight deadline.
On Monday afternoon I got a call from a friend and coworker in Europe:
“Do you know that person you were supposed to meet?”
“She never made it here, she got stuck in snow at the airport in Frankfurt.”
So it’s good I didn’t go. I missed two cross-Atlantic flights and had more time to work on my project. I suspect we’ll try again in January, but ultimately things worked out for the best in terms of my not travelling. It would have been good to have that meeting, but we’ll get around to that.
‘s changes to the iOS Developer Program License Agreement resolve some issues but still contain confusing elements for those who might want to develop sophisticated apps such as those for mathematical computation.
As I first discovered this morning in a blog post by Hank Williams, Apple has changed their iOS Developer Program License Agreement to be less restrictive on the tools used to create apps for iOS for the iPos Touch, iPhone, and .
Apple’s press release states:
We are continually trying to make the App Store even better. We have listened to our developers and taken much of their feedback to heart. Based on their input, today we are making some important changes to our iOS Developer Program license in sections 3.3.1, 3.3.2 and 3.3.9 to relax some restrictions we put in place earlier this year.
In particular, we are relaxing all restrictions on the development tools used to create iOS apps, as long as the resulting apps do not download any code. This should give developers the flexibility they want, while preserving the security we need.
Those relevant sections in the license agreement are:
3.3.1 Applications may only use Documented APIs in the manner prescribed by Apple and must not use or call any private APIs.
3.3.2 An Application may not download or install executable code. Interpreted code may only be used in an Application if all scripts, code and interpreters are packaged in the Application and not downloaded. The only exception to the foregoing is scripts and code downloaded and run by Apple’s built-in WebKit framework.
3.3.9 You and Your Applications may not collect user or device data without prior user consent, and then only to provide a service or function that is directly relevant to the use of the Application, or to serve advertising. You may not use analytics software in Your Application to collect and send device data to a third party.
In April I looked at the previous restrictions in the license and concluded that it would be very difficult to to implement a full featured mathematics application on the iPad.
Nota Bene: I am not an attorney and the following does not represent a legal opinion and certainly not an officialpoint of view.
The changes to sections 3.3.1 and 3.3.s improve things somewhat today:
- Evidently you can now have an interpreter on the device. This means that you could run or a Java virtual machine on an iPad.
- From 3.3.2, prepackaged scripts are allowed, so interpreted Python code is allowed if that code comes with the app.
- You cannot download code to be interpreted.
- I am not sure if you are allowed to type in code on the iPad and then have it interpreted. I suspect not, because that code is not prepackaged with the app, even though it is not downloaded.
From the perspective of building a math app with Python or another interpreted language, I interpret this as strictly meaning that the app and libraries are fine now, but users cannot write new functions if the math app provides an interpreted language such asand do.
This is problematic. If, say, the library does not provide a factorial function, am I not allowed to write one?
I suspect that one of the things that Apple wants to avoid are system calls into the iOS operating system by random downloaded scripts. I hope it is not just a question of performance. Some computations take a very long time.
I really can’t see how this type of interpreted script for math computations should cause any problem for the iPad device, for Apple, or the users. This form of code interpretation is how things get done in these kinds of apps.
Indeed, if I have a word processing document it contains markup to indicate paragraphs, fonts, colors, and so forth. A work processing app interprets that information, which could be said to be a descriptive script. Or is ok to interpret such things? Do I need permission from Apple to do this?
I don’t think this is the last we will hear from Apple in this area. Their statement is now shorter, but it is not complete enough regarding the kinds of code that might be interpreted. I think another round is necessary to clarify matters.
On the other hand, perhaps all this is below Apple’s radar or level of caring. While that might be true, it might be better to ask permission first rather than asking forgiveness later when you submit your app for publication.
Eyjafjoell, let me go home.
I’ve been in Europe this past week on business and was scheduled to return home to the United States yesterday. I’m still here though I hope to get out later today.
My Saturday morning flight from Munich went without any problems. Because I have elite status on the airline on which I was to travel home, I got to sit in the lounge before my cross-Atlantic flight from Frankfurt to Chicago. I was warned when I got there that my flight was 2 hours late and when I got online, I learned that the incoming flight was four hours late, having been held up in Chicago because of some mechanical problem.
As the afternoon went on though, murmurs about more ash from the Icelandic volcano began to spread. The current cloud is evidently fairly narrow, but is extending very far south and up as high as 35,000 feet. Therefore cross-Atlantic flights have to go way north or way south to avoid the cloud completely. This adds several hundred miles to the flight with associated additional time required.
Then my flight got canceled. When they announced it, I rushed to the front desk in order to get rebooked and maybe get a hotel room. I didn’t get the former immediately because they just weren’t sure about which flight they could put me on. I did get a voucher for the hotel at the airport. They had made me check my luggage in Munich, so they were going to take all the luggage from the now canceled flight and put it in baggage claim.
However, I knew that could take a while. I instead rushed right over to my hotel to get the room. Just as I was walking away with room key in hand, I heard a supervisor say to the reception staff that they were accepting no more room vouchers. So I was lucky and I got a free room. The hotel was not full, but the airline decided that it did not need to pay for delays because of the ash. I was lucky because I was early. In any case, I would have paid for the room. While it was important for last night, it would have been especially important if the delay extended for days.
I then went back across the street, figured out how to get into baggage claim, and retrieved my one piece of luggage. I made several more ventures out, primarily to get more Euros from the ATM in case the delay extended to several days and some food for the evening.
Though I had been given a dinner voucher, the hotel staff told me that it was no longer valid since the airline stopped paying passengers for their inconvenience. I didn’t have a problem with this, especially because I had a room. I didn’t want to eat in the hotel, so I just walked back to the airport and found a restaurant where I could get some “take-away” food.
The airline lounge opened at 7 AM this morning and I must admit I was there ten minutes early. Though they had originally planned to move me to a slightly earlier flight on another airline, I wanted to stay on this one. Essentially, I did not want to get lost in the system of the other airline if there were further problems.
So I’m now scheduled to fly out in a couple of hours, though my making the connection in Chicago is not likely. I’ll worry about that if it is an issue. Though it is a long way, I do drive between home and Chicago several times a year. What is mor probable, if I miss tonight’s plane I will hop on a very early one in the morning.
In any case, I know I can drive home from Chicago. I cannot do that from Frankfurt.
Update for Sunday, 14:00 CET: Flight just got delayed 3 hours because of ash drifting into some of the available tracks across the Atlantic. Will need to go back through passport control and security.
Update for Sunday, 16:20 CET: We got a track an hour earlier than we thought, so we’re going now.
Update for Sunday, 18:50 CDT: Landed in Chicago.
Update for Monday, 01:00 EDT: Just got home, 47 1/2 hours after I originally left the hotel in Munich.
Flickr. Diigo. Evernote.
Everybody wants me to work on my machine but then synchronize my data to their site for safekeeping and social functions. I can understand this for situations where I want others to see my photos or my links, but what happens when I have ten or twenty of these services, all of which have separate interfaces, separate logins, separate passwords, and separate liklihoods to still be around in 5 years?
Unless I explicitly want to use their sites as places that others will visit to see my information, I want to store that data on my own site. That will still allow it to be accessed from anywhere when I have Internet connectivity, but I don’t need to worry about the services themselves just vanishing.
Yes, perhaps those sites have backups, but I can deal with a single backup for my one site. Also, I want the information available in a standard format. If one is not available, at least use XML.
I understand this might cause some business model issues with advertising or premium services. Indeed, if I use their software but use my site as the repository, it opens up security risks as well. Nevertheless, my controlling my data and having it available in standard formats will make me sleep better at night.
What do you think?
A couple of days ago I posted a link to a video I made with ‘s Tom Crabb about appliances and the role of Linux in them. Here are a few additional comments.
In your kitchen you have special appliances that, presumably, do individual things well. Your refrigerator keeps things cold, your oven makes them hot, and your blender purees and liquifies them. There is room in a kitchen for each of these. They work individually but when you are making a meal they each have a role to play in creating the whole.
You could go out and buy the metal, glass, wires, electrical gadgets, and so on that you would need to make each appliance but it is is faster, cheaper, and undoubtably safer to buy them already manufactured. For each device you have a choice of providers and you can pay more for additional features and quality.
In the IT world it is far more common to buy the bits and pieces that make up a final solution. That is, you might separately order the hardware components, the operating system, and the applications, and then have someone put them all together for you. If you have an existing configuration you might add more blades or more storage devices.
You don’t have to do this, however, in every situation. Just from a hardware perspective, you can buy a ready-made machine just waiting for the on switch to be flicked and the software installed. Conversely, you might get a pre-made software image with operating system and applications in place, ready to be provisioned to your choice of hardware. We can get even fancier in that the software image might be deployable onto a virtual machine and so be a ready made solution runnable on a cloud.
Thus in the IT world we can talk about hardware-only appliances, software-only appliances (often called virtual software appliances), and complete hardware and software combinations. The last is most comparable to that refrigerator or oven in your kitchen.
Appliances in the IT world are not new. Datapower, for example, goes back almost a decade with XML processing. There have also been appliances for security, search, spam detection and elimination, and many other specific applications. So we’re well past the pioneer stage, and now we’re focused on ease of creation, deployment, and value.
Let’s focus on the virtual software appliances. Since the image is created to solve one class of problem, it really shouldn’t contain every possible feature in the operating system or possibly even in the applications that run on top of it. It should be just the right size and tuned for just the right use. This makes a simpler environment that takes up less room, is easier to maintain, and might be faster or more efficient.
That means that if you had the ability to package just the parts of the operating system that you needed and dropped the rest, your custom appliance will fit your job better without extra stuff thrown in. Getting back to my kitchen analogy, if all you are going to do is make scrambled eggs, that $300 stove will work as well as the $5000 one. Why pay for or install the high end model if you aren’t going to use all the features?
This is where Linux really shines when making virtual software appliances. Linux is composed of hundreds of packages and you can pick and choose among them to create just the base operating system you need. Now many of them are related, so you do need an understanding of which groups of packages you need to install to get the functionality you need. This can be done manually or more easily via a tool like Novell’s SUSE Studio. Either way, Linux gives you as little or as much as what you want to get the job done.
Beyond the operating system, the applications deliver and define the appliance. IBM’s Lotus Foundations puts together functions like email, calendars, contacts, file sharing, and backup into one appliance. Moreover, since the whole idea of appliances is to give you just what you need, you can create and use a basic model today and perhaps later grow up to another more advanced version with more functions or capabilities for more users.
An appliance might have one main application on top of the operating system or it may have several. If there is more than one, they need to work together and they need to interoperate with other software the user has on other machines. Open standards are therefore very important and should be on your appliance checklist when vetting your choices. Note that some people may start with appliances and then “grow up” into larger installations or, I expect, move to the cloud.
Ultimately your datacenter may have several appliances in addition to more general purpose hardware and software. Think of your kitchen: it has a range of specialized devices as well as multifunction ones. Your needs and budget determine the mix, the quality, and the quantity.
Pick and choose your appliances carefully. Focus on Linux as the operating system in the appliances because of its range of configurations, flexibility, security, performance, scalability, and general quality of service. Then worry about the applications, how they work together, and how well they employ open industry standards to plug into the rest of your critical infrastructure.
Several weeks ago at OSBC I posed a serious of “hard questions” about open source software. They weren’t meant to demean it, of course, but were really to say that software for the enterprise needs to be held to very high standards, whether it open source or traditional.
One of the sections was this:
Who will maintain your installation of the software?
- If you are planning for your IT staff to install and maintain your software, make sure it doesn’t get orphaned when you have personnel turnover.
- When software updates come along, you will need a plan to decide which ones to install and when, especially if major releases come along every six months or so.
- If you customize open source code for your organization, are you prepared to propagate those changes into newer versions of the code?
Today I saw the story “You may want to avoid hacking your open-source CMS” which discussed The Onion’s experience hacking an old version of . To give you an idea, version 7 of Drupal is about to come out and the latest official version is 6.16. The Onion highly customized version 4.7. That alone should make you nervous since clearly the software has moved far beyond the point where it was forked.
The original article referenced discussed how The Onion moved from Drupal, a application platform, to Django, a framework.
The problems with highly hacking code is that it is very hard to maintain it for functional and security fixes, you don’t easily get improvements to the code base, and you may be doing similar work to what is happening in the community, and maybe not as well.
This reminds me of a blog entry I did in December called “Open source software: modify, extend, or leave it alone?”. There I concluded:
There can be innovation in the core application, but that same application can become a platform for innovation if it has a good extension mechanism. Choose good applications that can be improved or configured outside the core software, and you’ll save a lot of trouble and gain some real advantages. This is true for open or closed source software.
Postscript: As Jonathan Bennett pointed out to me on, I failed to mention a very important aspect when you do make changes to open source code: offer your modifications back to the community and your code may make it into the main trunk of the project. That is, since you are doing some coding, become a contributor as well. This may not always be possible, but consider it.