COTS versus FOSS

COTS, FOSS or FOSS+Support. Which one should you choose.

The answer: it depends. (Surprise)

Just because various software vendors don't invest in cross-platform software development doesn't mean you can't migrate to a new platform. COTS doesn't necessary mean vendor-locking, FOSS doesn't necessarily mean vendor independence and open standards.

This is the nature of competition between Free Open Source Software (FOSS) initiatives and established Commercial Off-The Shelf (COTS) Software manufacturers. Executives are faced with immeasurable intangibles and difficult decisions for IT investment. There are many ways to crack the puzzle.  Here are 5 important things to ask yourself:

Ease of Integration: Open Standards - do you need the solution to be flexible and have ease of integration?
Flexibility and extension: Do you predict a need to extend internal components or extend the core product?
Supportability - do you have internal IT operations that need to support the solution ? Do you have skills in-house to support and diagnose?
Cost - does it make sense to buy a product versus the support costs of FOSS?

These are a few factors that need to be evaluated. Solution architecture evaluations require a deep dive into specifics. ATAM(tm) is a framework for architecture evaluations that I have used, I plan to get certified and use it officially in engagements in the future.  It is a valuable guide to generate a Utility Tree and evaluate Quality Attributes. More to come ....

Alignment, Motivation, Change & Commitment

If you have a large new strategic initiative, how do you get buy-in, commitment, alignment, motivation and change management communicated. According to research led by Jim Collins in his book “Good to Great”. You don’t.

In a large company like Kroger, the Level 5 CEO did not spend too much time to align 50,000 employees to the new strategy.
Level 5 leaders simply don’t worry about that upfront, rather they depend on turning, what Collins calls the “Flywheel”: let the flywheel do the ‘talking’. Executing and then repeating success of a strategy and communicating that allows people to extrapolate – people want to be part of a winning team.
Alignment, motivation, change and commitment takes care of itself. In my professional life, I have seen that happen – your strategy becomes everyone’s strategy! Everyone takes ownership and enjoy a shared success. It is possible, I have been part of it and recognize the ‘chemistry’.

Intellectual Property: Current Trends and Issues in I.T.

Introduction

Open source software, out-sourcing software development and contract programmers pose intellectual property theft exposure for companies today.

More brick-and-mortar corporations are investing heavily in I.T. In-house software development teams come with additional responsibility and risk for the leaders. As more and more software products use component-based technologies there is an increased chance of using open-source products without understanding their licenses.

Consultants and contract workers are hired for software development projects in addition to permanent employees to reduce time to market. Software development work is outsourced to other countries to cut I.T. spending. All these strategies have once common negative aspect – violation of intellectual property rights and subsequent legal action.

In this paper, I explore these three strategies in brief detail and determine the risk and exposure relative to intellectual property violations.

Intellectual Property Issues in the I.T. Department

According to independent research conducted by Forrester, CIOs of $ 1 billion-plus companies cite “Intellectual Property Theft” as the type of IT security incident that poses “the most threat” to their company’s business (see Figure 1). Four out of ten CIOs don’t think they spend enough on the most important security threat. Although malicious code and intellectual property theft pose 60% of all risk, and 70% of CIO’s approve IT budgets – yet 40% think not enough is spent on security.

Most often the core differentiator of companies is its business processes, strategic information systems, and technology. Outsourcing forces the company to reveal its internal business processes to vendors. Certain companies do not have strict intellectual property laws. Forrester’s Stephanie warns “North American and European companies should not consider China a viable location for software development and maintenance support. The market is too immature, and the problems associated with this immaturity - a lack of English language skills, the legal and regulatory environment and lack of intellectual property laws - make China too risky today.”

Often open source software is used by IT teams to build software products. Several software frameworks are available to be downloaded for free. What several companies, architects, developers and programmers fail to comprehend is that open source is not the same as “free”. Open source software is licensed. However, most open source license types like Berkeley Software Distribution, Free Software Foundation, or General Public Licenses lack indemnification.

The “as-is” aspect of open source software is risky. There is a possibility that part of open source software “copied code” from some other licensed product. It is very difficult for the companies to identify or compare open source with licensed software products to identify theft. This exposes the company using open source software to lawsuits from companies claiming that the open source software violates their intellectual property rights.

(Figure 1)

Contract workers often are hired for short stints to work on software development and testing. This type of work needs full developer-access privileges on the source code. The obvious risk is to the code being stolen or exposed to others.

Three Regimes that protect IP

Trade secret classification, copyright and patents serve to protect intellectual property under law. In addition, compliance requirements of law such as Sarbanes-Oxley, Gramm-Leach-Bliley and HIPAA are driving software development shops to protect intellectual property, ensure privacy, and aim for correctness in development products and practices.

With time, Trade Secret laws are being tightened. Trade secret plaintiffs sometimes would couch their claims under other, alternative titles, such as "common law misappropriation," "unfair competition," or "breach of confidence." The tactic was often a deliberate ploy to avoid complying with state Uniform Trade Secrets Act [UTSA] statutes. California is the first state that pre-empts such attempts. As more states follow suits, trade secrets laws will be more and more effective.

1998 Digital Millennium Copyright Act that amended the copy-right statute, defeating any technological control that controls access to a computer program in order to make even a legitimate backup copy is infringement. Computer games almost always have copy protection built in, and defeating the controls would be infringement. DVDs are encrypted, another type of technological control.

Challenges to Intellectual Property by the Internet and Technology

Technology is an enabler for both innovation and crime. Companies spend millions in research, design and development. All this information is stored digitally in software files. These portable electronic files make theft easy. Software files can be copied to Floppy disks, CD-RW disks, memory sticks, or other digital RW media and sneaked out of facilities.

Files can be uploaded to web-sites or e-mails from a secure machine to the Internet. Worse, it is possible to install “spy-ware” that can regularly scan machines and upload files automatically.

Websites can screen-scrape or use portal technologies to “grab” published web-pages from other websites and present them as their own. Website mirrors can be created which give access to content of other protected websites.

Hardware theft can result in the same effect. A knowledge worker’s laptop containing critical engineering designs can be invaluable to the knowledge thief. CEOs have the greatest fear of loosing their PDA or laptops.

Conclusion

Although protection of intellectual property is a key issue in the United States, a challenge in the future will be to ensure the same standards across nations. The Patent Cooperation Treaty is a first step in that direction, while it is gaining support in developing nations, like Oman, it is yet to be seen as an effective measure against software piracy and intellectual property theft.

While laws and precaution protect intellectual property, the threat of exposure will continue to increase with technological advances. The proper use of technology is closely related to the ethical and social constituent of nations. At the core of the problem are people and their honesty and integrity. As long as money governs societal well-being, human greed for money will bulldoze over anything that comes in its way – including intellectual property rights.

Reference:

1. Moore, Stephanie: Planning Assumption IT Trends 2004: Offshore Outsourcing. Forrester Research Report. (December 2003)

2. Laura Koetzle with Charles Rutstein, Angela Tseng, Robert Whiteley. How Much Security Is Enough? Forrester Research Report.(August 2003)

3. Nikos Drakos, Alexa Bona. Questions and Answers on Open-Source Licensing. Gartner Research. (October 2002)

4. Vijayan, Jaikumar. Security Expectations, Response Rise in India. Computer World, Vol 38, No. 5. (August 30, 2004).

5. Graves, Tait. A Trade Secret By Any Other Name is Still a Trade Secret The Intellectual Property Strategist. April 7, 2004, NEWS; Vol. 10; No. 7; Pg. 3

6. National Commission on New Technological Uses of Copyrighted Works. Making backup copies violates law. Information Outlook, July 2004 v8 i7 p32(2)

7. Business News Publishing. Patent Cooperation Treaty Oman joins the treaty. (2001)

Error Handling on your Web Presence is Important

InoxMovies.com

showed me the following error message

Server Error in '/' Application.

---

Server was unable to process request. --> Object reference not set to an instance of an object.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Web.Services.Protocols.SoapException: Server was unable to process request. --> Object reference not set to an instance of an object.
Source Error:

An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

Stack Trace:

[SoapException: Server was unable to process request. --> Object reference not set to an instance of an object.]
   System.Web.Services.Protocols.SoapHttpClientProtocol.ReadResponse(SoapClientMessage message, WebResponse response, Stream responseStream, Boolean asyncCall) +431766
   System.Web.Services.Protocols.SoapHttpClientProtocol.Invoke(String methodName, Object[] parameters) +204
   WebReference.SeatBook.ShowSeats(Int64 TheatreId, Int64 BookingId, String ShowClass, Int64 NoOfTickets, String PartnerId, String PartnerPwd) +195
   seatlayout.Seat_Layout() +743
   seatlayout.Page_Load(Object sender, EventArgs e) +3161
   System.Web.Util.CalliHelper.EventArgFunctionCaller(IntPtr fp, Object o, Object t, EventArgs e) +14
   System.Web.Util.CalliEventHandlerDelegateProxy.Callback(Object sender, EventArgs e) +35
   System.Web.UI.Control.OnLoad(EventArgs e) +99
   System.Web.UI.Control.LoadRecursive() +50
   System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +627

---

Version Information: Microsoft .NET Framework Version:2.0.50727.3603; ASP.NET Version:2.0.50727.3082

This is an example of what not handling Exceptions does to the user experience.

Google’s Big Data Stats

YouTube: 60 hours of video uploaded every 60 seconds.
Google Search Index Size: 100,000,000 GB (and growing)
GMail Active Users: 350,000,000 (and growing)
Search Response Time: 0.25 seconds

These numbers are astonishing. Reliability, Available, Scalable & Performance are Google’s primary quality attributes.
Data – core business asset and few low hanging fruit, growth is faster than the ability to understand it, data capture is slower than the data getting generated, traditional BI tools can’t scale to capture it.
Google has innovated Map Reduce, HDFS, HBase are used by Google to solve for these requirements.

7 Habits of Ineffective People–an inverse corollary

Once of my favorite non-fiction books is The Seven Habits of Highly Effective People by Steven Covey. Sometimes it’s helpful to apply an inverse angle to see if it sticks. And it’s fun.

So here’s my inverse corollary:
#1. Procrastinate until it’s urgent & important.
#2. Plan as you go
#3. Let tasks to automatically prioritize themselves
#4. Try to win at all costs
#5. Ensure others understand what you’re saying first
#6. Work alone and be a hero
#7. Learn just-in-time and on the spur
Of course this is not what’s in the book – it’s pretty much a contrast of it. Often times we read books/articles that list what one must do, and to make this post a bit more interesting & fun it tells you what not to do. Additionally It may be more instructive to learn from other’s experiences and try to avoid pitfalls and bad habits.
 

My response to an expertise request

Solution Key Components:
* Ability to ingest upto 3,000 messages per second from external domain
* Messages can be in XML, EDI, etc format. ~20 kb each.
* Transform into canonical format
* Perform authorization & authentication
* Break message into multiple messages (achieve parallelism)
* Route based on load, content to message queues (JMS, etc)
Function 1:
* Message queue clusters bucket and shoot to Rules engine
* Rules engine devises appropriate action, forwards to event handlers
* Event handler integrates with e-mail service to send an e-mail
Function 2:
* Message hits Data Access layer for storage
* Looking to store Transaction-type data (1bn records per month)
* Need quick retrieval techniques. Ensure Data consistency/quality
* CRUD operation time should be under 0.1 seconds
Web Component:
* Request comes in from an external site for a iFrame request
* Request needs to be authenticated/authorized/load-balanced
* User information should be cached right @ log-in, so cache can retrieve data we expect the user to view, so we don't retrieve when the user starts navigating
* Planning to have an Active/Active multi-site design
* Don't want to do sticky sessions
* Should we have a distributed cache with regions replicated across sites to avoid sticky sessions?
* Web layer needs to handle 500 concurrent requests minimum
* Overall solution primarily designed on-premise (Virtualized environment) with DR-site on public cloud

Solution Architecture
After thinking about the limited problem statement, it seems that security, scalability, data transformation, messaging, declarative rules, HA and persistence are key.  A good architecture style for the solution design would be SEDA See this for reference: http://www.eecs.harvard.edu/~mdw/proj/seda/
The solution should be broken down into a set of stages where a component or a set of components interacts with the data and performs logic. Each stage is connected by queues. An orchestration layer can govern the path depending on the routing logic.
Layer 1: Rules Engine. Fronted with incoming and outgoing queues.
Layer 2: Routing Engine: Choreographs the processes.
Layer 3: Executing Engine: Contains logic and data access.
Layer 4: Presentation: Web Server/App server with logic.
0.1 seconds for data retrieval is enough latency to avoid the complexity of managing a distributed cache. Content caching and Akamai edge cache can be useful instead.
Technologies: Use IBM’s MQ Series to define the queues, clusters etc based on logical names. Install Mule ESB to implement SEDA and routes. Bring in iLog or Aion for the declarative rules engine. Host on internal cloud or EC2.
 

How would you solve for these requirements?

Sometimes I get expertise requests, and here is a challenge.

Solution Key Components:
* Ability to ingest upto 3,000 messages per second from external domain
* Messages can be in XML, EDI, etc format. ~20 kb each.
* Transform into canonical format
* Perform authorization & authentication
* Break message into multiple messages (achieve parallelism)
* Route based on load, content to message queues (JMS, etc)
Function 1:
* Message queue clusters bucket and shoot to Rules engine
* Rules engine devises appropriate action, forwards to event handlers
* Event handler integrates with e-mail service to send an e-mail
Function 2:
* Message hits Data Access layer for storage
* Looking to store Transaction-type data (1bn records per month)
* Need quick retrieval techniques. Ensure Data consistency/quality
* CRUD operation time should be under 0.1 seconds
Web Component:
* Request comes in from an external site for a iFrame request
* Request needs to be authenticated/authorized/load-balanced
* User information should be cached right @ log-in, so cache can retrieve data we expect the user to view, so we don't retrieve when the user starts navigating
* Planning to have an Active/Active multi-site design
* Don't want to do sticky sessions
* Should we have a distributed cache with regions replicated across sites to avoid sticky sessions?
* Web layer needs to handle 500 concurrent requests minimum
* Overall solution primarily designed on-premise (Virtualized environment) with DR-site on public cloud

I will post my take based on these needs. Also, it will be fun to look back at it after a while as new technologies & solution options evolve.

A Culture of Discipline

Those who try to manage change, motivate employees and work to create alignment are negatively correlated with companies that move from good to great. To get a company to top gear – a culture of discipline is critical.

Think about it – a CULTURE of DISCIPLINE. This means that everyone does what they are supposed to without stepping on toes, do what they do best and are diligent about the task at hand. No one has to remind them and they produce excellence for the team. And then you get a team of teams, a culture that pervades the organization. This is what is required for an organization that transforms itself.

I am re-reading this book “Good to Great” by Jim Collins. It’s a classic. I really like books that dwell on evidence and then synthesize that into evidence-based recommendations. I have taken a few of those recommendations and internalized them into traits, I present a few in “Traffic Signals” here.

So here are a few traits of Great companies -

Red: Negative Correlation (with Good to Great)

Green: Positive Correlation

Black: No difference.

The culture is an enabler to excellence. It is the HOW.

The 3 circles need to intersect to understand the WHAT.

The hedgehog concept revolves around , in my mind 3 questions

Do you love what you’re doing?

Do you excel at what you’re doing?

Does it pay ?

If the answer is true – the you’re excelling and if its true for the organization – it is poised to be great in the future.

A good pre-read is 7 Habits…because it can link the individual habits of successful individuals to the culture required for greatness in an organization.

Trade offs

In the 70s scientists noted that people who had hookworms did not have allergies and asthma. Yuck – who wants hookworms? Well do you want asthma instead ? Nature is all about trade offs. The obvious symbiosis is the result of intricate trade offs at every level. This logic applies in various domains including Software Architecture. An analysis of the architecturally significant trade offs is essential to objectively understanding any complex system relative to risk themes.

Comprehensively analyzing software architectures can be simplified by working along significant attributes. ATAM (Architecture Trade off and Analysis Method) from SEI was developed by Carnegie Mellon University. Between 2006-2009 I visited Carnegie Mellon and took several courses and got myself certified as a Software Architect.  The primary benefit was to gain an appreciation of trade-off analysis based on specific attributes across facets of architecture.

It is another tool in the strategic and objective thinking toolbox that every enterprise architect needs. For more information: http://www.sei.cmu.edu/architecture/tools/evaluate/atam.cfm