I’m alarmed by early words about Mac OS X 10.5’s firewall:
• By default, it’s turned off
• When it’s turned on, rules are set by application instead of by service
• Even when explicitly disabled, some ports are advertised on the LAN and can be accessed.
If this is true, it’s bad news.
Is it true? According to a report from Heise Security, Leopard’s firewall is a step backwards from the firewall in the previous version, Mac OS X 10.4 Tiger.
As mentioned earlier, I haven’t yet installed Leopard. I still intend to do so, but on a test system only – which is cocooned safely inside my LAN and guarded by two hardware firewall appliances.
If the firewall is as porous as this early reports says, I won’t be putting Leopard onto my everyday work machine until Apple fixes it. The MacBook Pro travels widely and connects to public WiFi networks. The firewall is critical.
My tentative recommendation is to hold off on any deployments of Leopard until Apple addresses the issue, or until other organizations can verify (or refute) what Heise reports.
If you, dear reader, hear more about this, one way or another, please let me know.
I’m alarmed by early words about Mac OS X 10.5’s firewall:
Posted by Alan Zeichick at 6:25 AM
They’ve been out for a couple of years, but mercifully, I’ve not seen one until recently: a Jaguar X-Type station wagon.
At first, we didn’t believe it, thinking that someone stuck Jaguar letters on a Ford Taurus wagon. But it’s real: In 2005, the Jaguar X-Type became available in a five-door “sportwagon” configuration.
There’s nothing wrong with high-end station wagons. BMW has long offered wagon versions of its 3-series and 5-series sedans, for example. However, at least those cars are BMW through-and-through. That's not true with Jaguar, which has turned into just another Ford nameplate.
It’s sad to watch the formerly prestigious luxury car marque deteriorate into a rebadge of existing Ford cars. In this case, the Jaguar X-Type is a spiffed-up Ford Mondeo, a European model that used to be sold as the Ford Contour and Mercury Mystique for the U.S. market.
What’s next, a Jaguar F-Type pickup truck?
Posted by Alan Zeichick at 4:47 AM
On October 9, 2000, InternetWeek published a review I’d written of TrueTime Inc.’s TimeVault network time appliance. I wanted to link it as a reference to my posting “My BlackBerry is caught by the Daylight Savings Time fiasco.” While slightly dated, it’s still a good overview of network time. Sadly, the InternetWeek archives are long gone. So here the review is again, for your reading pleasure.
Time is the fire in which we burn." So said Dr. Soran, the protagonist in the movie "Star Trek: Generations." Of course, what he meant to say is: "Time is the absolute reference we use to keep all of our servers, applications and transaction logs in sync." On the U.S.S. Enterprise, it's easy to keep systems synchronized, typically by detecting the quantum state of the universe by emitting anti-tachyon beams from the main deflector array. But, back in the 21st century, we have to use more prosaic methods: Time servers.
Why? For one thing, internal consistency: When tracking down a communications problem between two systems, knowing that the clocks are keeping the same time means event logs, ping reports and other time-stamped data can be analyzed with some degree of confidence. It's also important for alignment with the outside world. When recording e-commerce transactions, it's important to note the time of the request — and in some cases, such as when dealing with securities or other financial transactions, recording the accurate time may be mandated by law.
So why not just set the system clocks? Well, it's hard to set them accurately enough using manual methods. But more importantly, PC clocks drift, sometimes by minutes each day. They can also be reset, either accidentally by an errant program or confused user, or even maliciously by someone who wishes to alter the time stamps.
The solution is to configure each server to periodically request the current time from a common trusted source, and adjust its own real-time clocks accordingly.
NTP (IETF RFC 1035) is the old Unix protocol used by computers to receive and respond to requests for the current time. When properly equipped with a client which can send NTP signals, workstations and servers can request the time from any trusted source. One source that many individuals use is the U.S. government's publicly accessible time servers, such as the U.S. Naval Observatory in Washington, D.C., or the National Institute of Standards and Technology in Boulder, Colo.
Although time clients aren't bundled with most operating systems, they're not hard to find. The one we use for Win32 clients and servers is a free Automachron app from One Guy Coding, which can be configured to work with any NTP server. We've configured Automachron to sync the time of each server at startup, as well as once every hour, from the nearest NTP server, which at this review was www.time.nist.gov.
In some cases, however, an Internet-based time server isn't good enough, because of the jitter and uncertainty of packet delivery. It also may be inconvenient to get the time from a distant location or other place where an Internet connection contains considerable delay. When synchronizing multiple sites — across the country or around the world — it may also be important to have a common time standard. That's where TrueTime Inc.'s TimeVault comes in: It's a self-contained NTP server appliance that can acquire extremely accurate time through a variety of sources, including satellites.
It's About Time
TimeVault is a 1U rack-mountable server appliance that acquires accurate time from one of three sources: First, it uses its built-in Global Positioning System to read time being continuously transmitted from a constellation of 29 low-earth-orbit satellites using an external antenna, which ships with the server. When receiving time via GPS, the company claims that the server's clock is accurate to within one microsecond. In that mode, it's known in the industry as a "Stratum 1" time source, the most accurate type of time source on our planet other than labs using atomic clocks.
If a GPS signal isn't available (perhaps the antenna blew down), TimeVault periodically dials NIST's Automated Computer Time Service (ACTS) using its built-in modem and a dedicated phone line. In that case, the system claims to have 2 to 5 microsecond accuracy. If there's no GPS or ACTS signal (maybe the phone line was cut when the antenna fell down), TimeVault attempts to get the time over the Internet from a publicly accessible NTP server. In the meantime, its internal clock keeps time, and provides the time to clients requesting the time via the NTP protocol.
The server itself is extremely simple to install. We plugged in the server, attached the GPS antenna's 25-foot cable to the BNC connector, and leaned the antenna against a window. We also plugged the time server's 10/100 Ethernet port into our LAN. (For best results, the antenna should be situated where it has a complete view of the sky, so that it can "see" at least three GPS satellites; our westward-facing window did the trick, but in a large facility the antenna should go onto the roof.)
After the server booted up, it acquired an IP address from our DHCP server, and the display panel showed its IP address. Since we wanted TimeVault to have a static IP address, we used an array of six push buttons on the server's front to change it. The server then rebooted, and showed the correct address. After about 10 minutes, the server's two-line LED panel lit up with the correct time and date, calibrated against Universal Coordinated Time (UTC), which is the technical name for Greenwich Mean Time.
Clock Me In
At that point, you've got a very expensive two-line clock. In order to use it as a time server, it's necessary to configure devices on the network to interrogate it. Unlike other protocols such as DHCP, time servers do not advertise their services. Clients therefore need to be set up with an NTP client that points to the time server by its IP address or fully qualified name. A DHCP server can also be set up to add the address of the NTP server to its configuration data; in that case, the NTP client must be able to use that information.
Although TimeVault's documentation explains the NTP protocol in excruciating detail, unfortunately it says nothing about how to actually use it. The company's Web site isn't any help, either. Nor does the company provide any NTP client utilities for various operating systems. Fortunately, because we already had been using Automachron on our Windows-based systems, it was easy enough to redirect them from using www.time.nist.gov to www.192.168.0.50, TimeVault's private address on our network. Still, documentation should have been clearly provided, along with links to NTP client software.
Out of the box, TimeVault can only sync time with the GPS system. To configure it to use ACTS or for it to perform a last-resort time sync over the Internet requires access to its management system. The server is very flexible, offering serial-port console, telnet and Web-based administration.
Via Telnet or serial port access, the server requires a cryptic set of "F" commands, such as F03, which returns the current time, or F60, which displays a status report on the GPS satellites. There's no Telnet help function. If you don't have handy either chapter four of the manual or the easily lost quick-reference card, you won't be able to do anything.
Access to the Telnet and serial functions are protected by username and password.
The Web-based interface is much better. Browsing to Time Vault's IP address results in a pleasant-looking time display, which shows the current time (UTC) and the server's operational status — that is, which time source it's using. This is a straight HTML page, so the time display is static; manually refreshing the page updates the time. From there, the server's various settings can be administered, including setting parameters for calling into NIST's ACT server and configuring it to pull the time over the Internet (or the LAN) from another NTP server. In those cases, a Java applet lets the administrator edit text-based configuration files stored on the appliance — a cryptic process, and again, not one that should be attempted without the manual.
TimeVault is also designed to respond to SNMP polling, and the manual contains details about its custom MIBs, which can report back on satellite status as well as overall functioning of the server. A copy of the MIB is available electronically, and the company says it will work with HP OpenView and Sun's X-SNMP package.
TimeVault's developers clearly know their time sources, but have a lot to learn about user-friendly appliance design.
Fortunately, it's probably not a device that needs to be administered frequently.
Does Anyone Really Know What Time It Is?
TimeVault is a very specialized piece of equipment. Although all network servers should be aligned to a common and trusted time source to keep their clocks and logs in sync, few networks will require the Stratum 1 precision that TimeVault offers. If being accurate within a few seconds is good enough, then aligning with www.tycho.usno.navy.mil, www.time.nist.gov or any other publicly accessible time server might be good enough. For large organizations, it might be advisable to set up a single time-server internally, which is synched against one of those services.
But in cases where there's a need for extreme precision and reliability on behalf of the servers — such as when monitoring financial or e-commerce transactions; monitoring service level agreements; or supplying time service to sites with poor Internet access — the Stratum 1-level TimeVault will supply a degree of accuracy unavailable otherwise.
This might also serve businesses in good stead if they need to document the source of their time stamps, to meet regulatory or ISO-9000 requirements. In those cases, TimeVault is a simple solution that can do the job with precision.
Though, frankly, wouldn't you rather squirt some antitachyons from the main deflector array?
Posted by Alan Zeichick at 4:19 AM
Is there anything as senseless as Daylight Savings Time? Perhaps there were historically valid reasons to move clocks back and forth every spring and fall. But there surely isn’t one now, and there are plenty of reasons to stop this rediculous ritual.
One reason, of course, is that it’s a pain in the butt. If the entire world moved together, adjusting clocks at the same time, that might be okay. But the entire world doesn’t move together. Sometimes San Francisco is eight hours away from London. Sometimes it's not.
We’re not even consistent within the United States. Arizona, for example, does not do Daylight Savings Time. So, sometimes San Francisco is one hour away from Phoenix. Sometimes it isn’t.
In this increasingly interconnected world, inconsistent time differentials are stupid. It became stupid long before the Internet, of course. The telephone turned long-distance communications into real time communications for the masses. When telephones became ubiquitous, DST should have gone away. But it’s still not too late to kill it now.
Another reason is that the whole scheme is inconsistent. If the reasons for DST were legitimate, then it would be easy to determine the optimum dates for resetting the clocks. However, the reasons are not legitimate, and so the fall-back and spring-forward dates are arbitrary. That is why participating countries often do so at different dates. That’s why the U.S. government could decide to jigger with DST, as I blogged in February’s "Daylight Savings Time, It Is A-Changing." Stupid, stupid.
A month after that posting, I was caught by three DST-related software issues – see “Three Daylight Savings Time Follies.” That's more trouble than I, personally, had with Y2K. And now, I’ve been caught again.
You see, not everyone picked up on Congress’s change, and so there are many devices programmed to adjust according to the old scheme, which had clocks “fall back” on the last Sunday in October – that’s October 28, 2007. However, this year Congress changed the fall-back date to November 4, 2007. It’s incredible that my new BlackBerry 8700g – purchased in August – didn't know about the DST change.
So, while I’m sitting here in New York (GMT-5), the only way to keep receiving network time sync signals, while displaying the correct time, was to manually adjust the time zone to Caracas (GMT-4). Presumably, next Sunday I’ll have to adjust it again back to Eastern Time. Stupid, stupid.
RIM posted a couple of BlackBerry DST fixes for Internet-only users like me, who don’t use a BlackBerry Enterprise Server. The first recommendation is to manually move the time forward and back during this period.
That might be the most compelling reason to drop DST – because there are more and more servers, desktops and embedded devices that try to encapsulate and comprehend DST, and who need to understand DST in order to process data in logs, check to see which file has been updated more recently, and so-on. Even having a good time standard isn't enough, not when you're not sure exactly what a time-stamp means.
Keeping all those algorithms up to date, when they can be changed arbitrarily by governments, is an impossible task. It’s becoming more impossible all the time. Let’s simply be done with it.
Posted by Alan Zeichick at 4:08 AM
I have my copy of Mac OS X 10.5, and can’t wait to install it. I’m particularly excited about two features of the operating system:
• How it will work on 64-bit-capable Macs, including my MacBook Pro and my son's Mac Mini. Even though the kernel remains 32-bit, there should be some substantive improvements. For the first time, my 64-bit 2.33GHz Core 2 Duo-based MacBook Pro might seem faster than our 32-bit 2.0GHz Core Duo-based iMac.
• Trying Time Machine as an alternative backup scheme to what we do now, which is selective folder backups to a network drive using FoldersSynchronizer.
Sadly, I will have to wait to install Leopard. The software came out just before some really busy travel times for me (I’m writing this from New York, and then next week I'm in northern Virginia for EclipseWorld). That’s not the right time for experimenting with a new OS — let us not forget, this is a significant software change. I probably won't be able to install until mid-November.
I’ve had to console myself with this excellent, meaty review of Leopard from John Siracusa. It’s fascinating reading.
(On my flight to NY, the woman next to me using a nice Dell laptop. When I hauled the MacBook Pro out of my bag, she exclaimed, "Show off!!" We had a good laugh about it.)
Posted by Alan Zeichick at 6:26 AM
It’s not a new album – it came out in 2003 – but “The Men in My Life,” from Jackie Allen, is a real pleasure.
From her mellow version of Paul Simon’s “Still Crazy [After All These Years],” to a sultry rendition of Herb Alpert’s “This Guy’s In Love With You,” to a playful “Mexico” from James Taylor to an upbeat take on Ray Charles’ “One Mint Julep,” this is a disc that pleases, and surprises, in its range and depth.
Posted by Alan Zeichick at 8:06 AM
The battle of the programmable mobile phone is about to begin. And if Steve Jobs isn’t careful, Google will clean Apple’s clock.
Apple makes great platforms. The Mac (with Mac OS X) is a better PC than a Windows Vista box. I haven’t seen a music player that can compete with an iPod for ease of use, though most other vendors make devices that are less expensive, have more features and have more capacity.
By contrast, while the iPhone is an incredibly impressive piece of consumer electronics, it’s not a platform. It’s just a super-cool phone with a browser and music player.
In fact, during the past six months or so, Apple has done everything possible to dissuade developers from even thinking about the iPhone. The only way to develop apps for the device, Apple insists, is to build interactive Web sites that are optimized for the phone’s Safari Web browser.
Sorry, Steve, but that’s the wrong answer. A pint-sized browser does not a platform make.
In fact, we at BZ Media were astonished at how casually we were rebuffed when approaching Apple about producing a developer conference for the iPhone. After many queries, we were finally told by one of their spokespeople, “I've spoken with Developer Relations and this is not an opportunity we're going to pursue.” Our further attempts to even have a telephone conversation with someone on the iPhone team were totally ignored.
Apple doesn’t want you to write software for the iPhone. They don’t want you to support their platform. Just write Web apps. Period.
That, my friends, is not going to drive the iPhone into ubiquity. A decade ago, Windows crushed OS/2 and Mac OS because Microsoft understood that third-party developers are essential to the success of a new platform. Developers of all stripes were invited to write software for Windows 2.x, 3.x, Windows 95 and Windows NT. IBM and Apple shunned third-party developers, except for a small handful of selected partners.
The tidal wave of Windows applications totally blew away its technologically superior, more secure and more stable competitors.
With that background, read Alex Handy’s SDTimes.com story about Google’s mobile phone efforts, “Gphone Rumors Hint at Broad Mobile Strategy.” As Alex explains, third-party developers seem to be front-and-center of Google’s platform strategy. Of course, it’s hard to know for sure what’s happening at the Googleplex; the company is known for its secrecy. Maybe the Gphone won’t even appear. Maybe it will be radically different than Alex’s sources say.
From where I sit, the iPhone is in peril. It’s thriving today because it’s cool, it’s new, it’s from Apple, and there’s no nothing else like it. But it’s also closed, which means that the iPhone is not a true platform. Unless Steve Jobs opens up the iPhone to true native applications — and does it soon — the Gphone is going to blow the iPhone away.
Posted by Alan Zeichick at 2:25 PM
I was astonished today to find this story on SOA World Magazine, an online publication from SYS-CON Media written for IT professionals working with service oriented architectures. Under a “news” banner, the story’s headline is, “Mariana Kosturos of Citigate Cunningham: An Up and Coming High-Tech PR Diva.”
The 425-word story heaps praise upon Citigate Cunningham, one of the many public relations companies that represents companies in the software development market.
The first two paragraphs of the story talks about Mariana, who is described as “one of the most notable new technology communicators in high-tech public relations.”
The third paragraph talks about the PR agency, telling us that, “Citigate Cunningham became a pioneer in high-tech public relations, steeped in the innovative, fast-paced, competitive Silicon Valley tradition and have translated this tradition into a media results-driven culture that combines the depth of a specialty firm with the reach of a global firm.”
The concluding paragraph tells us that, “Mariana is the youngest member of a power house firm in today's high-tech communications, whose name is mentioned together with other notable technology communicators of the year.”
Finally, there’s helpful information in case SYS-CON's readers need more information: “To have your company represented by one of the best high-tech public relations firms, you should contact Mariana Kosturos, Citigate Cunningham, (415) 618-8786, firstname.lastname@example.org”
Who wrote this news story? Here is the author bio published with this story: “Engin Sezici is blogger-at-large at SYS-CON Media where he held corporate positions earlier in his career. Engin likes to travel through Europe and Greek Islands, reports on technology subjects from around the world and lives on a private island in the Bahamas when he is not on the road. You can reach him at engin(at)sys-con.com.”
Thanks, Engin, for sharing this news with us! And congratulations, Mariana, for convincing the editors at SYS-CON Media that you, yourself, are worthy of such a high-profile story written for their audience of software developers. That’s quite a coup for the up-and-coming high-tech PR diva!
>> Update 10/26: You can read Engin's response to my post here. My only comment is that I copied the author bio verbatim from the story.
Posted by Alan Zeichick at 1:30 PM
Join Mike Milinkovich, Executive Director of the Eclipse Foundation, as well as ObjectMentor’s Bob Martin and CodeGear’s David Intersimone for a special interactive keynote panel at EclipseWorld 2007, coming up next month in Reston, Va.
Led by yours truly (I’m the conference chairman of EclipseWorld), this panel will examine the past, present and future of Eclipse – what makes it so successful, where the community and technology are heading, and what’s coming down the road.
Bob Martin, EclipseWorld’s keynote speaker on Wednesday morning, and David Intersimone, the Wednesday afternoon keynote, are renowned experts on software development, and on the efficient functioning of software teams, while Mike Milinkovich (pictured) obviously has a special “insiders” perspective on everything Eclipse.
The Total Eclipse panel is on Tuesday, Nov. 6, from 5:30-6:30pm. It will be followed by our new “Hands-On Tools Showcase,” or HOTS.
I hope you can make it! Here’s where you can find out more.
Another special EclipseWorld 2007 event I need to tell you about is the “Meet the Projects” Party, sponsored by the Eclipse Foundation. It’s on Wednesday night, rom 8:00-10:00pm. Eclipse project leaders and committers will be on hand to demo their projects and answer your questions. Come early to chat and network with some of the leaders of the Eclipse projects.
The Foundation will have a limited number of Eclipse shirts to give out at the party. RSVP to reserve your shirt!
Posted by Alan Zeichick at 7:46 PM
Don’t you just hate device drivers — particularly when major hardware vendors decide to support only certain operating systems, and don't update drivers to support newer operating systems? Thanks to driver issues, I just gave away a perfectly good scanner, and had to buy a new one.
The story starts a few years ago. At the time, I picked up a good-quality scanner: HP ScanJet 6250CSe, a mid-range scanner with document feeder. Nice scanner. I used it for years on Windows XP, but then, my need for a scanner fell. After a while, I put the ScanJet into a closet.
Fast forward to this past weekend. Suddenly, I had a scanning project. So, I grabbed the ScanJet, and connected it via USB cable to my MacBook Pro. None of my software could see it, so I went to Hewlett-Packard’s driver support Web site to grab the Mac TWAIN drivers.
There aren’t any.
As with many HP products, the Mac is not supported.
So, would it work with my Windows PC, which now runs Windows Vista? Nope. If you click the Windows Vista link on the driver download page, you see the message,
We are sorry to inform you that there will be no Windows Vista support available for your HP product. Therefore your product will not work with Windows Vista.
If you are using the Windows Vista operating system on your computer, please consider upgrading to a newer HP product that is supported on Windows Vista. HP has numerous products on the market that support Windows Vista.
In other words, if you use a current operating system, you're hosed. Thanks, HP, for supporting your customers.
To end the story, I gave the HP ScanJet to a friend who runs Windows XP, and he’s happy as a clam. For my project, I bought a nice new scanner: a Canon CanoScan 4400F. It works great. Why Canon? Because I won't reward HP for obsoleting a perfectly good piece of equipment.
Posted by Alan Zeichick at 6:10 PM
American Express says, “Membership has its privileges,” and among of the benefits of having a corporate Amex card are free magazines. Lots of free magazines.
One of the ways that American Express makes money is by providing demographically desirable people to third parties. I can tell, because I receive tons of catalogs, magazines and other things every week, all sent to the particular spelling of my name/address that’s on my Amex account.
My demographic within Amex’s cardholder database must be “wealthy business owner,” which is about half correct. Being part of that demographic means that for the past eight years or so, I’ve been receiving business magazines (some of which I read), golfing magazines (which I throw away), Smithsonian Magazine (which I occasionally read) and Wired. I like that I get Wired. Thanks, Amex.
This week, something new came: the November issue of Flying Magazine, “The World’s Most Widely Read Aviation Magazine.” I actually checked the label, to make sure that it wasn’t misdelivered to the wrong house. Looks like Hachette Filipacchi (which publishes Flying) wasted their money purchasing my name from Amex.
It was fun to flip through the magazine before tossing it into the recycling bucket. There was a hands-on review of the Piper Meridian, a $2 million six-seat single-engine turboprop. There was a story about an emergency out-of-fuel landing on the Pennsylvania Turnpike. There were lots of cool ads for airplane tires, flight insurance plans, automatic throttle systems, FAA exam study guides, lots of airplanes, and of course, information about Heli-Expo 2008 (Feb. 24-26 in Houston).
I was surprised to see that Flying Magazine still uses reader service cards (which the publishing industry refers to as “bingo cards”). If you circle #969 on the post-paid bingo card, for example, Cessna will send you information about its Citation Mustang dual-engine business jet. Most business-to-business titles stopped using reader-service cards many years ago.
Membership has its privileges!
Posted by Alan Zeichick at 5:44 PM
In the Amusing Typo Department: I was reading the draft of a story for SD Times, and saw that a sentence read “Is clunky XML getting you down and hugging all your bandwidth?”
Of course, that should be “hogging,” but the question is a lot more fun with “hugging.”
Posted by Alan Zeichick at 5:41 PM
Several times over the past few days, I’ve been asked, “Do you know the relative market share held by BEA Systems and Oracle for Java application servers?”
And amazing, the answer is yes. BZ Research does a formal study every winter on the Java market. Here are the numbers from our 6th Annual Java Use & Awareness Study, December 2006.
Question: Which Java application servers are currently in use at your company?
Apache Tomcat, 64.3%
IBM WebSphere App Server, 36.9%
JBoss Application Server, 32.0%
BEA WebLogic App Server, 23.7%
Oracle App Server, 22.4%
Sun Java Enterprise System, 19.0%
Apache Geronimo, 11.8%
SAP NetWeaver, 6.0%
All others that we asked came in lower than 5%. These numbers add to more than 100% because many organizations use more than one application server.
The full report contains historical trend data. It can be purchased from BZ Research.
Posted by Alan Zeichick at 2:13 PM
My only question regarding Oracle’s hostile takeover bid for BEA Systems is, “What took them so long?”
It’s always been inevitable that BEA would be snapped up by a bigger company. It’s always seemed that BEA’s data-centric technology is the most synergistic with Oracle’s. It’s always been a question of when, not if.
Oracle’s move, publicly announced last Friday, was an all-cash offer representing a 25% premium over BEA’s previous share price. The timing may have been driven by SAP’s recent grab for Business Objects. BEA and SAP are the two big fish in the ERP/CRM pond, and neither company wants to come in second.
BEA’s letter rebuffing the offer made it clear: more money, honey. BEA’s officers saw what happened when Oracle aggressively pursued its takeover of Peoplesoft, making the offers better and better until, finally, there was no point in holding out any longer. As BEA’s William Klein wrote, “It is apparent to our Board, however, that BEA is worth substantially more to Oracle, to others and, importantly, to our shareholders than the price indicated in your letter.”
Will there be other suitors? SAP, of course, is a possible candidate, though it may not have the resources to match Oracle. IBM is another; many parts of BEA’s WebLogic platform would fit well within IBM’s WebSphere and DB2 product lines… and IBM hasn’t bought anything big for a while. Another potential bidder might be Hewlett-Packard. BEA’s software would be a huge help as HP tries to restart its enterprise software business, and has solid affinities with the Mercury products.
At the end of the day, however, we should expect Oracle to prevail. Larry Ellison has tons of cash, and isn’t afraid to spend it. He holds all the aces. IBM could match spending with Oracle, but probably won’t. HP and SAP couldn’t afford to keep up with Oracle – and even if they could, it’s not in their corporate character to buy size at any cost.
Buying BEA will cost Oracle a lot of money. But with BEA, Oracle stands to make even more money. It’s going to happen. The only losers here will be Oracle’s competitors, who will find Ellison to be an even more formidable foe, and of course, BEA’s customers, not all of whom will want to do business with Oracle.
Posted by Alan Zeichick at 11:19 AM
Last week, a friend of mine told me that one of his Web servers was brought low when Apache Cocoon, an open source document-publishing framework, filled up a disk volume with a log file. At that point, Cocoon — and the Apache Web server that it fed — quietly shut down.
Solving the problem by flushing the log took only a few minutes once the cause was identified. However, the situation brought out the cautionary tale that if we leverage bits we didn't write ourselves, we'll never know everything about how those bits will behave under every circumstance.
That's not an issue exclusive to open source code, of course; it applies to commercial applications and middleware, Web services, hosted SaaS apps, and applications mashed together using SOA.
And there ain't nuthin' you can do about it, other than expect the unexpected all the time.
What about code that your development teams have written? Can you trust that you know everything that it's doing? Of course not. In many cases, you have no idea what's really going on behind the scenes. That's true whenever you use external libraries, or generate code with wizards, or use just about any other feature of today's higher-level languages.
This point was brought home recently in an excellent talk on machine architecture by Herb Sutter, a C++ guru and software architect at Microsoft. (In his spare time, Herb chairs the ISO C++ standards committee.) His two-hour talk, called "Machine Architecture: Things Your Programming Language Never Told You," can be watched on Google Video, and should be required viewing for your architects and senior developers.
Regarding his talk, Herb writes, "Would you be surprised to discover that only about 1% (one percent) of all the transistors on your modern CPU exist to ever compute anything? And that the other 99% (ninety-nine percent) of your CPU's transistors are essentially dedicated to nothing but hiding memory latency? Those are round numbers, of course. But you get the idea…"
Pass this link around your staff. Make some popcorn and set up a group viewing in a conference room. You'll be glad you did.
And what about that Oct. 10th bug? Last week, I heard about a piece of integation glue logic that failed when, for the first time this year, a date field's month/day went to four digits (1010). Since every previous instance had been two or three digits, the design flaw in the new mashup app went undetected. Whoops!
Posted by Alan Zeichick at 11:09 AM
According to the Technobabble 2.0 Web log maintained by Jonny Brentwood, my own blog, Z Trek, is ranked as #53 out of approximately 225 tech analyst blogs.
The ranking, dated Oct. 1, cites research that scores each blog based on a weighted composite of its Google PageRank, the number of Bloglines subscribers, Technorati ranking, Digg points and Technobabble points (a subjective measure by Jonny).
It’s nice to be recognized as one of the top 100. Thanks, Jonny!
Posted by Alan Zeichick at 7:44 AM
It pays to comparison shop!
I tend to buy a lot from Amazon.com. No shipping charges, no sales tax, and generally prices that are either the lowest or just about… it’s hard to get better than that, particularly if you're lazy.
So, it happened that we ran out of cartridges for the office’s Brita water filter pitcher. We love the pitcher. Not only do we use it for room-temperature drinking water, but we also use it to fill the hot-water maker and coffee maker.
Does Amazon have cartridges? You bet. In fact, it has a whole variety of cartridge packs. The fine folks at Brita offer the identical pitcher filter cartridges in 1-packs, 3-packs, 4-packs, 5-packs, 6-packs and 10-packs. That seems like overkill, but if Brita wants to make lots of SKUs, that’s their business.
Now, if you would think that the 10-pack would be the best deal, you would be wrong.
As of today (Oct. 4), here’s the pricing for the filters direct from Amazon:
3-pack: $17.99 = $6.00/each
4-pack: $22.99 = $5.75/each
5-pack: $29.99 = $6.00/each
6-pack: $34.99 = $5.83/each
10-pack: $57.99 = $5.80/each
I ordered three 4-packs, which should last a couple of years, and called it a day. After all, I saved a whole dollar over buying two 6-packs.
Posted by Alan Zeichick at 8:44 AM
Today's vibrant, exciting advances in technology — and in particular, the computer-related careers of many developers in our 40s and 50s — can be directly tied back to an event 50 years ago: the launch of Sputnik 1, the world's first artificial satellite.
It's long forgotten now, but 1957-1958 was the International Geophysical Year. American scientists talked about launching a satellite, but the Soviet Union beat them to the punch.
The surprise launch, on Oct. 4, 1957, threw the U.S. into a tizzy — resulting in the launch of the American Explorer satellite on Jan. 31, 1958, and then the creation of NASA a few months later.
The effect on the American people (as well as others around the world) was also profound for the next couple of decades. Everything was about space, from John Glenn's orbit of the earth (1962) to Neil Armstrong's moon landing (1969). Popular culture was also fixed on space, from the TV show "The Jetsons" (1962-1963), the movie "2001: A Space Odyssey" (1968) and the original "Star Trek" (1966-1969). Who knows how many kids were focused on space thanks to Sputnik?
I certainly was. I wanted to be an astronaut, like so many young people growing up in that era. Early dreams of space led me into a more realistic passion for astronomy, which morphed in college into mathematics, and then computer science. Space, you see, was all about computers, whether it was 2001's HAL or the U.S.S. Enterprise's mainframe.
It would be a mistake to give too much credit to Sputnik — it didn't spark the computer revolution or the art of software development. That was already well under way when the satellite went up—Fortran was designed in 1954, ALGOL was standardized in 1958, and COBOL came out in 1959.
However, I believe it's not a stretch to credit Sputnik for the creation of many of today's computer scientists and software engineers, whose childhood and education were profoundly influenced by the space race.
Another birthday that we should celebrate today: JUnit was launched 10 years ago. The open source Java tool revolutionized software development by driving the concept of unit testing deep into our psyche, and laid the foundation of modern agile processes.
Today, many of us think in test cases, and consider testing to be a critically important aspect of development. We owe a great deal to Erich Gamma and Kent Beck. Good job, guys!
Posted by Alan Zeichick at 7:22 AM
“Beauty IS the Geek” is Marlo Brooke’s term, not mine.
Ms. Brooke is the CEO of a company called Avatar Partners, which does supply chain consulting – RFID, that sort of thing.
Today, Avatar's PR agency, RMS Public Relations, sent out a pitch – including the photograph on this posting – with the subject line, “Story idea: Beauty IS the Geek.” The agency's account executive wrote,
Alan, I thought you might be interested in a story about Marlo Brooke, CEO of Avatar Partners, who breaks the mold in a male-dominated technology industry. In this case BEAUTY IS THE GEEK! (Picture attached)
This is the most obnoxious attempt to get tech coverage based on sex since 1998, when Katrina Garnett plastered ads for her company, CrossWorlds Software – with a juicy picture of herself in a slinky little black dress – all over technology and fashion magazines.
While I’m certain that a decade ago, Ms. Garnett made a whole bunch of lonely programmers’ days, is that really the type of attention that a woman tech-industry entrepreneur believes she must seek out? Is Avatar Partners so desperate for publicity that their public relations agency must tout the attractiveness of the company’s female CEO?
Ms. Brooke may be pretty, but that young lady has some serious self-esteem issues, if she thinks this is the best way to get customers and the press interested in her company.
Posted by Alan Zeichick at 2:32 PM
A few months ago, I wrote a couple of posts about my long-time friend David Intersimone, the developer evangelist at CodeGear (a Borland division).
The June postings showed off a couple of different photos of David, one looking shaggy ("David I Classic") and the other looking somewhat corporate ("New David I").
Now we have a third choice: "David I Nuevo" (pictured). Doesn't he look fetching in his festive sombrero, donned for the forthcoming Delphi Revolution Day, Oct. 16, in Mexico?
David will be a keynote speaker at EclipseWorld, November 6-8 in Reston, Virginia. I hope he wears the sombrero.
Posted by Alan Zeichick at 12:56 PM
Three items. The first came in my e-mail, and stood out because the “from” address was “Service@Amazon.zom.” That’s right, zom. Do these phishers know how unbearably funny they are?
Dear Amazon Member:
Due to recent account takeovers and unauthorized listings, Amazon is introducing a new account verification method. From time to time, randomly selected accounts are subjected to an advanced verification process based on our merchant accounts/bank relations and customer debit card.
Your account is not suspended, but if in 48 hours after you receive this message your account is not confirmed, we reserve the right to suspend you Amazon registration. amazone is committed to assist law enforcement with any inquires related to attempts to misappropiate personal information with the intent to commit fraud or theft.
To confirm your identity with us click here. Please do not respond to this confirmation e-mail.
amazon Online Services
Second is a link posted by on a journalist message board. The conversation in the thread was wandering back and forth from Gilbert & Sullivan to “filks” – that is, some of the humorous poems written by science fiction fans. This one is a true Golden Oldie written by Steven Levine, which starts with
I've built a better model than the one at Data General
For data bases vegetable, animal, and mineral
My OS handles CPUs with multiplexed duality;
My PL/1 compiler shows impressive functionality.
My storage system's better than magnetic core polarity,
You never have to bother checking out a bit for parity;
There isn't any reason to install non-static floor matting;
My disk drive has capacity for variable formatting.
You can find it on many places on the Internet, including this reasonably well-formatted rendition.
The third is this commentary on one of baseball’s greatest teams. While it was written in July, think about tonight’s division-series starter between the Chicago Cubs and the Arizona Diamondbacks.
Posted by Alan Zeichick at 11:28 AM
According to this article by the Evening Times, silver is the most popular color for cars… and it shows a desire to be seen as having wealth and prestige. What does your car color say about you?
My wife and I have only purchased one silver car, a Ford Tempo. At the time, we weren’t seeking to flaunt wealth or prestige. Just the contrary: We were getting a bargain on a left-over.
Our current fleet (pictured) consists of my Titanium Gray Mazda3 hatchback and my wife’s Deep Green Pearl Acura TSX sedan.
According to the story, gray is a sign of stability and reliability. Green is for those who are conscientious and try to smooth over tense situations.
Works for me.
Posted by Alan Zeichick at 12:18 PM
- Alan Zeichick
- Co-founder and editorial director of BZ Media, which publishes SD Times, the leading magazine for the software development industry. Founder of SPTechCon: The SharePoint Technology Conference, AnDevCon: The Android Developer Conference, and Big Data TechCon. Also president and principal analyst of Camden Associates, an IT consulting and analyst firm.