Well, I'm preparing my talk for the free Minneapolis BarCamp technology conference tomorrow: Communication For Geeks: How to Influence Your Boss, Your Customers, and Your Team. It will be early in the morning, 9am, so hopefully I'll still have an audience! I'f you're in Minneapolis, please show up!

Coffman Union at the University of Minnesota Campus (Minneapolis)
Address 300 Washington Ave. S.E. Minneapolis, MN 55455-0110 (map and directions)

Ahhh... the U of MN... my old stomping grounds. Almost 400 folks signed up so far, so it should be bigger than the Oregon BarCamp that Jake attended last week... There's also a pre-event mixer at The Bulldog at 8pm tonight... which is the best damn place to get Belgian beer in Minneapolis.

I like presenting first thing in the morning... then I have the rest of the conference to relax. I also enjoy presenting non-tech talks at tech conferences. Last year I talked about marketing with Derrick Shields, which was a blast. This year, I'm talking about conflict resolution with a technology spin.

Personally, I believe communication and conflict resolution are woefully overlooked skills in the technology industry... I mean, a vast vast VAST majority of software projects are complete failures... and if the statistics from the AIIM failure study still ring true, the biggest problem seems to be communication. Its not the technology, its the people. This might be more true in my industry (Enterprise Content Management) than in others (writing device drivers), but its always important.

I figure, these BarCamp folks know plenty about how to make projects successful with technology... but they have no clue how to politely inform their boss that an executive decision is threatening the success of a project. They don't know how to make such a statement, and keep their jobs, and put the project back on track.

Do you?

If not, come see me at 9am this Saturday...

UPDATE: I got some really good feedback about my session... hopefully it helped a few folks out. Ed Kohler has a review, and a fairly unflattering photo of me ;-)

I recently came across the article We Don't Know How We Program. It was a discussion about the gaps between what developers and non-developers think about the process of writing code. It begins:

I was talking to a colleague from another part of the company a couple of weeks ago, and I mentioned the famous ten-to-one productivity variation between the best and worst programmers. He was surprised, so I sketched some graphs and added a few anecdotes. He then proposed a simple solution: "Obviously the programmers at the bottom end are using the wrong process, so send them on a course to teach them the right process." My immediate response, I freely admit, was to open and shut my mouth a couple of times while trying to think of response more diplomatic than "How could anyone be so dumb as to suggest that?"

hehehe... the central premise to the article is that programming is a creative endeavor, which doesn't lend itself well to process... The unfortunate developers subjected to process will only achieve mediocrity... additionally any process that stifles creativity will expunge or crush exceptional programmers, because they need creative space to be ten times as productive.

Does that mean that good programming cannot have a process? Of course not... although as others have noted, things like CMMi should be avoided like the plague. A process needs to be able to empower creativity, but also reign it in when necessary. Programmers -- like artists -- think big, and do wild things that are cool but don't satisfy the needs of the end users. The product doesn't sell, the users rebel, everything goes to hell... the developers know full well of the "failure," so to nurse their bruised egos, they blame the users for being dumb, or the specification for being incomplete. Then they curl up into a ball and call themselves misunderstood.

Yep. Just like Van Gogh.

To reign this in, you need a peer- and customer- driven process to help keep the project down-to-earth... however, done in such a way to not bruise egos or go anywhere near arbitrary rules. The process needs to evolve with the code. You also need something that encourages developers to think of the code as a community project, to reduce a sense of ownership, and thus keep egos intact. Agile focuses a lot on those kinds of processes... although Agile needs some tweaking for very large projects.

In addition, you also need processes that get the creative juices flowing... this doesn't mean brainstorming sessions or hyper expensive collaboration tools. This usually means simple things like physical proximity. Some teams even had great success with an enforced MESSY DESK policy. That's right... clean desks are evil! Messy desks and physical proximity encourage the "drop in, say hi, notice notes strewn about, and comment on them" process... which more than anything else inspires collaboration and fresh ideas.

My gut feeling? Unless you have artists designing your code process, your organization will never create exceptional code.

So keep a close eye on that process weenie with the stopwatch... he's clearly up to no good.

Its even more official... the Oracle purchase of BEA is final.

Most of my thoughts on the subject are in an older post from when Oracle announced their initial offer for BEA.

Its effect on Oracle ECM technology will be minimal... Oracle ECM already integrates quite well with a large number of BEA products, and this doesn't alter the overall ECM strategy much. The Stellent alumni are pleased as punch... Although the price list for Oracle Middleware just got a lot more complex.

Speaking of which, the effects of the BEA purchase on Oracle ECM sales should be very positive... since Oracle sells the best content management app available, and it integrates nicely with lots of BEA goodies, it should be a pretty easy sell to existing BEA customers.

Of course, the devil is in the details... so stay tuned.

UPDATE: Billy Cripe has some info about potential layoffs in Oracle Fusion Middleware. I'd like to link directly to the specific article about layoffs... but when I click on the permalink, it just takes me to Billy's LinkedIn page! Bad Omen?

UPDATE 2: Billy fixed the link...

Finally online... at Blip.tv instead of YouTube:

Its a really great description of what social software is (mostly a pile of failures) and where its going. Hopefully the 3rd or 4rd generation of social software learns from past mistakes, and helps do something with the insane cognitive surplus in the world. I would have just used the phrase "free time" instead of "cognitive surplus," but Shirky is an academic after all... and they love inventing new words.

My favorite quote was when he was chatting with a TV producer about Wikipedia, and how people were obsessing so much about the Pluto page when it was downgraded from a planet... She shook her head and said "where do people find the time?" Naturally, Clay Shirky snapped and said "people who work in TV don't get to ask that question!"

Classic snark...

Its been two years since my inaugural blog post on April 29th, 2006: The Trouble With RSS. Over my site's second year, I wanted to do some long-term analysis on how different web analytics tools track hits, visits, and the like. As expected, they don't agree with each other:

• SiteMeter: 89,800 visits (132,000 hits)
• Google Analytics: 84,000 visits (140,000 hits)
• Webalizer: 431,000 visits (3,660,000 hits)

Curious about why web site statistics differ based on the tool? SiteMeter uses an embedded image (at the bottom of this page), and tracks a hit every time somebody loads the image... so if you block banner ads, your visit might not be recorded. Google Analytics loads some JavaScript, which is useful for tracking more complete data... but if your browser blocks JavaScript (or cross-domain JavaScript), it wont register a hit. I found it odd that SiteMeter tracked more visits, but fewer hits than Google Analytics... curious.

In contrast with the other two, Webalizer uses raw Apache logs to determine hit count, so it tracks every single dang hit... Over 3 million hits in one year??? That's clearly too many... I'm not that interesting... but the visit count might be more accurate. Webalizer is the only analytics tool that tracks folks who view my site with RSS Readers, which may hit my site several times per day... thus the higher visit count. The hit count is hyper inflated because it counts search engine spiders, spammers, and hack attempts (some better than others).

All told, if the majority of folks view my site with RSS, then Webalizer's count is more accurate. If most of them view it the old fashioned way, then the other two are more accurate. I'm probably in the 100,000 - 200,000 visits per year range.

Unfortunately, none of these numbers include the folks who read my site through an online RSS readers, like Google Reader, or Bloglines. These sites hit my RSS feed once, then share it with dozens of folks who subscribe to the feed... To get a better estimate, I could pipe my RSS Feed through something like Feedburner. Feedburner keeps track of how many subscribers you have on the online feed readers, and produces decent stats on it... however, once you move your feed to Feedburner, its almost impossible to move it out... so I'm not happy with that option. Even so, that still wouldn't track those who view my content through RSS aggregators like Central Standard Tech, or Orana, or other sites that run Planet.

Well, what about the data from Alexa? That site ranks web pages based on those who surf the web with a toolbar that tracks their every move. Personally, I think people who surf with that toolbar are opening up a major security hole... so their viewing audience is probably restricted to folks who are kind of tech savvy, but don't take security precautions. In other words, newbie geeks. I've never broken into the top 100,000 sites ranked on Alexa, but I frequently break the top 100,000 sites ranked by Technorati... although Technorati only ranks blogs.

Even if we could accurately count how many people hit the site, we're still at a loss to know who paid attention. Google Analytics tries to measure "time on the page", other metrics include bounce rate, or even the number of comments.

Oh well... A reliable measure of relevance will always be elusive... but at least we have enough estimates to support a cottage industry of people analyzing those metrics to prove anything they are told to prove ;-).

Back to my anniversary... Lots of stuff has changed since my first anniversary post: I've traveled to South Africa, Brazil, and Argentina... I've remodeled my kitchen, I've nearly completed my second book on Oracle enterprise content management, I've given technology presentations at Oracle Open World, AIIM Minnesota, BarCamp Minnesota, and IOUG Collaborate in Denver. I've trained both salespeople and consultants on what Enterprise Content Management actually is, and I helped negotiate a settlement to an 18-month lawsuit against a local non-profit. Oh yeah... I implemented about a dozen ECM solutions as well...

Next year, I hope to have even more goin' on... and a few more web site visits.

Not to be outdone by Garrick's Hefe Weizen, I decided to make a bit of Scottish Ale this month.

There's a place here in Minneapolis called Vine Park Brewery, a decent little microbrewery... but its main income comes from people renting their kettles and making their own beer! They have a bunch of suggested recepies for you, so you pick one, boil it all up in a kettle, then place it in a keg to ferment. In 2 weeks, you come back to bottle it yourself.

Compared to making beer at home, you get better equipment, a brew coach to help you out, and your home won't smell like hyperactive yeast.

My dad and I went there 2 weeks ago to make beer, and split the end product. Last night I came home with three dozen 22-ounce beer bottles. I toyed with several different labels and ego-centric names -- Bexwiser? Bezzo Brau? Special Bexsport? -- but settled on the dignified "Huff Manor Scottish Ale." I printed up some custom labels, and slapped them on the bottles after we filled them up.

Its pretty tasty... and at about $2 per 22-ounce bottle, its a pretty cost-effective way to get my recommended daily allowance of hops and grains... ;-)

When I first heard about Oracle taking a new direction with their old content management product -- meaning the old Content DB, not the newly acquired Stellent stuff -- the first thing I thought was it's about time!

When Oracle claimed it had 2 content management systems, that really confused people... especially considering that Content DB was at best a set of tools to create a content management system, whereas Stellent was a full blown application plus framework. They really weren't like each other at all.

Universal Online Archive (UOA) is Content DB, but now focused on being an archiving platform. On Oracle 11g, it is an extension on the Secure Files feature of the database. If you haven't heard of Secure Files yet, it beats the Linux filesystem on both read and write performance. It also has compression, de-duplication (only storing duplicate files once), and encryption. The encryption is an extension of Oracle Transparent Data Encryption, plus support for encrypting entire tablespaces instead of just individual columns. This means support for foreign keys, as well as indexes beyond the basic b-tree stuff...

Compression reduces the storage needs by 33% on average, according to Oracle. If you then use the statistics from IDC that there are 8 copies for every 1 content item, then de-duplication would bring to total storage down by 87.5%... all while maintaining better-than-filesystem performance, despite the added cost of encryption. See this whitepaper for some tuning statistics and tips.

Secure Files is the next generation of Large Objects for the database... and it's very cool... but what should you run on top of it? For the longest time, the folks at Stellent balked at using the database for file storage. Using the filesystem made much more sense because of performance reasons, which made up for the additional complexity of the architecture. However, if the user has 11g, there really is no better option than storing content items in the database.

NOTE: This rule-of-thumb does not apply for web content -- especially for small images and thumbnails. In those cases, a split approach where public web assets are stored locally would probably be faster. Luckily, a customized FileStoreProvider can help you achieve this.

Also, Oracle Universal Online Archive finally fits in with Oracle's broader strategy for content management. Even though it can store anything, the first release will have connectors to email servers to be a mail archive:

• Microsoft Exchange
• Lotus Notes
• Generic SMTP Server

This fits right in with the Universal Records Management strategy, which is to embed a Records Management Agent in remote repositories, and control their life cycle from the Records Management system.

In other words, your email archiving policy is no longer dictated by IT. Your records managers can say when an item should be archived, and how long it should be retained based on events, instead of simply time and size constraints. For example, emails should be retained 2 years after a project completion, 6 months after employee termination, or 12 months after you lose a specific customer. That will reduce both your email space requirements, and your legal risk.

But it doesn't stop there... the next step is to make connectors to other content management systems, for example, Sharepoint. The idea is to archive content out of systems like Sharepoint, and replace them with a "stub". When a user downloads from Sharepoint, the "stub" is smart enough to redirect the download to the archive, and return it directly.

In other words, you could be using a secure, compressed, de-duplicated, encrypted, archive without ever noticing. Throw in a Records Management Agent, and you'll also invisibly comply with dozens of regulation and laws... no matter where you store your information.

Its a good strategy, and some interesting technology... we'll see how it pans out.

UPDATE: The release was announced, but they don't have a date for when it will be available for download. Here's some more info about the release, and some places to watch for downloads:

• Official Oracle Universal Online Archive Page
• Podcast on UOA
• Press release

Microsoft has been pushing a new XML standard for word processing, OOXML. Its generally regarded as unnecessary, not to mention overly complex and weird... so much so that not even Microsoft Office 2007 passes conformance tests.

Yikes...

Anyway, the world was a bit shocked when Norway voted YES to make it an ISO standard... OOXML looked dead in the water, until this shocker gave it new life... so one guy on the 30-person committee decided to give the inside scoop:

http://topicmaps.wordpress.com/2008/04/18/the-norway-vote-what-really-happened/

...Halfway through the proceedings, a committee member had asked for (and received) assurance that the Chairman would take part in the final decision, as he had for the DIS vote back in August. It now transpired that the BRM participants had also been invited to stay behind. 23 people were therefore dismissed and we were down to seven. In addition to Standard Norway’s three, there were four “experts”: Microsoft Norway’s chief lobbyist, a guy from StatoilHydro (national oil company; big MS Office user), a K185 old-timer, and me. In one fell swoop the balance of forces [about rejecting OOXML] had changed from 80/20 to 50/50 and the remaining experts discussed back and forth for 20 minutes or so without reaching any agreement...

...The VP thereupon declared that there was still no consensus, so the decision would be taken by him. And his decision was to vote Yes. So this one bureaucrat, a man who by his own admission had no understanding of the technical issues, had chosen to ignore the advice of his Chairman, of 80% of his technical experts, and of 100% of the K185 old-timers. For the Chairman, only one course of action was possible.

Sounds like election fraud to me... if true, this could cause a pretti nasti backlash.

File this one under "whoops":

Genetic modification actually cuts the productivity of crops, an authoritative new study shows, undermining repeated claims that a switch to the controversial technology is needed to solve the growing world food crisis. The study – carried out over the past three years at the University of Kansas in the US grain belt – has found that GM soya produces about 10 per cent less food than its conventional equivalent, contradicting assertions by advocates of the technology that it increases yields.

Why the difference? Well, its simple... it takes a REALLY long time to genetically engineer plants. By the time you have one new viable generation of frankenstein foods, traditional breeding techniques could generate dozens of new varieties... in which case, the best traditional crop will almost always outperform the best genetically modified crop. If not now, then probably in a season or two.

I'm not as paranoid about the label "genetic engineering" as some folks -- probably because I did it once in a lab and it wasn't what people think -- but what always bugged me was the woefully unscientific methods that Monsanto used to promote modified crops.

At best, Roundup-Ready crops introduce a new dimension to the arms race between farmers and pests... and one that has much more collateral damage than others. As pests inevitably grow resistant to pesticide, then only the second generation of modified crops and will survive... what then happens to traditional farmers? Or organic farmers?

If they want to use superorganics techniques to grow drought-resistant, flood-resistant, or salt-resistant crops, they have my support... but pesticide-resistant crops make absolutely no sense in the long term. And now it appears that they can't even keep up with the food yields of traditional crops...

Back to the drawing board, I guess.

A usual, the last day of a conference ends on a half day... so I imbibed some Chimay Red with lunch. I was able to get a few others in the crew to follow suit. The usual suspects, indeed...

Michelle won the cookoff to see who had the coolest ECM implementation... woot! The prize was one "silver" ladle, and a $100 gift certificate. Besides Folios, annotations, and the new Site Studio contributor, she showed off Kyle's PicLens integration with Stellent's RSS Feeds, which went over quite well... nice and flashy! The roadmap and ECM focus groups were good as well... although in the future I'd do the cookoff first, then the roadmap, and lastly the focus group. That way, people have their feature lists and questions fresh in their mind.

As usual, a conference this large left me feeling like I missed out on a lot. I networked with a lot of people, and discussed ECM a lot... but I wanted to learn more about identity management, performance tuning, and Hyperion. There were simply too many options, and the handful of non-ECM talks I attended were a tad too high-level for my taste. Maybe I'm too technical, but I don't feel like I learned that much.

Brian Dirking wanted some feedback, so I guess I'd make the following suggestions:

• After people register (and pay) for Collaborate 09, give them access to the presentations from 08. Then we'd better be able to determine who is a good presenter, what topics are too technical, or which ones aren't technical enough.
• Have some level of continuity between years... I've given the "50 ways to integrate with the content server" talk about 4 times, but its always a bit different, and people continue to be surprised at how flexible Stellent is.
• Have some kind of easy trends analysis to help people find "what's hot" in their industry. Ideally this would be community based, to avoid sales pitches and promotions. For example, send out a survey to ask people what their industry is, and what topics they are interested in... perhaps even which technologies or presentations that they might find useful.

I'm used to more focused conferences, like the O'Reilly ones... so this many high-level presentations makes me sad. I personally would like a bit of community feedback to help everybody find which topics are most relevant to their background, goals, and needs.

Not an easy undertaking... but I'd wager a lot of conferences would appreciate something similar.

I hung out at mostly Stellent sessions today. Vijay talked about the FileStoreProvider, Alan had a great presentation on metadata models, and Tom was up on a customer panel. One of the questions on the customer panel was about the strengths and weaknesses of the Stellent UCM product. There were happily few minuses, and everybody on the panel said that ease of use (deployment, management, customization) was the biggest plus.

Some folks from Oracle's "Beehive" project presented "the future of collaboration." The beehive project is the latest iteration of Oracle Collaboration server, which is an email/calendar/task application more akin to Lotus Notes, and quite different from Stellent's document-centric Collaboration Manager. I missed the show, but everybody I talked to about it said it was quite memorable... however, they left out if they meant that as a good thing...

Somebody noticed that IOUG had me down to give my "50 Ways" presentation twice... I was surprised, so I headed down early to scope the room out. Then I spotted the big sign that said it already took place and is therefore canceled. On the way back, I sung by the bookstore, and noticed that they seemed to be running low on my Stellent book. I later bumped into the 2 customers who bought the last 2 copies, so I autographed them.

Its a good feeling for my niche-technology book to sell out half way through the conference... ;-)

I also spent about 2 hours in one-on-one sessions with customers. They were all concerned about how they were supposed to get started with a coherent enterprise-wide content management policy... those interactions drove the point home that there's a real need for the book Andy and I are currently writing.

And oh yeah... it snowed. Tuesday was 83 degrees, and on Wednesday it snowed. Strange... I thought that kind of stuff only happened in Minnesota.

One more half-day, then back home!

I gave my presentation on 50 Ways to Integrate with Oracle Content Management today... it was similar to my one from Crescendo last year, but I updated it a bit with some of Oracle's new connectors (BI Publisher, Secure Enterprise Search, Records Management Agents, etc.).

After that, I had a book signing. On my way over, I realized that I didn't tell anybody I was doing a book signing.... so attendance was kind of thin. Plus I was late. Chaffee showed up with Patrick and Rhonda, and I signed his book with something characteristically glib...

I had lunch with some customers -- finally attempting that business networking thing -- and promised to help a few folks out with their architecture.

In the afternoon, I helped out on Michelle's two hour hands-on lab about Site Studio: Building an Enterprise Web Site From Scratch. Believe it or not, if you know what you're doing, you can get a pretty good handle on an enterprise scalable web site in a few hours with Site Studio... Then it was dinner with some Stellent folks, and drinks while we watched the Wild lose.

Since I'm now done with my official obligations, I'll be spending day three going to sessions and networking...

Hat tip Reddit:

http://www.google.com/search?q=inurl:SELECT+inurl:FROM+inurl:WHERE+intitle:phpmyadmin

Almost 1000 hits... yikes. Trust me, its funny (and sad) if you know SQL injection...

I suppose I should start with day zero, and not day one...

Michelle and I landed, but the hotel didn't have our reservations on file. Great... and on the one day we decided to not print out the confirmation letter. Michelle scoured her web-email using the computers behind the reservation desk... in the meantime a few Oracle employees came in and were initially confused as to why she was working behind the counter... Anyway, the clerk looked through their list of who was checking in that day, just to see if our names were spelled incorrectly.

We were there of course: as Brian and Michelle Hugg. Lovely. Yeah. We'll live that down.

Later I had drinks with some folks I hadn't seen in a while (like Dan Norris and Matt Topper), as well as folks I heard of but never met (like Jake Kuramoto and Paul Pedrazzi). The Oracle ACE Director dinner was good. I love finding out what other ACEs are up to, and what technologies they are interested in. The buzz these days seems to be all about Hyperion... just when I started learning about BI Publisher and Real-Time-Decisions!

Keeping up on enterprise technology is a constant struggle...

The first day of IOUG Collaborate 2008 was pretty good... I hung out at the Enterprise Content Management conference-withing-a-conference a lot to chat with other ECM folks. I gave a well-recieved talk about why ECM projects fail, which was essentially an extension of the AIIM list from last year. It wasn't just a rant, it had some practical advice of what typically goes wrong, and what you can do about it. Cliff Cate and Tom Tonkin presented their war stories and advice as well.

Here's a tip: very few enterprise software failures have much to do with bad software... its almost always poor communication.

I wasn't able to attend many sessions after that... not the exhibit hall, not even the keynotes. I did check out the hands-on lab about Oracle Text, hoping for a deep dive... but it was pretty basic. Attending a conference is more fun when you're not a presenter. I had to go to my hotel early to put the finishing touches on my Tuesday presentation... so I skipped all the festivities.

I have another session on day 2, after which I'll be able to relax, attend more sessions, and network more.

After my security posts last week (here, here, and here), I got an interesting email from an Oracle partner out west (David Roe from Ironworks)... one of his customers put Stellent though a battery of automated security tests, and got some surprising results:

Incidentally one of our clients ran through a couple rounds of automated security testing on their UCM instance. They sort of surprised us with it actually, but when they were done sent back some great feedback about how strong the system was and how it passed every check (apparently an uncommon occurrence). I personally don't put a lot of faith in any automated testing, but it's nice to know Stellent will pass one :)

Like the author, I don't put that much faith in automated tests... but many of these security testing companies are batting 1000: some of these firms brag that they always find security holes, but this time they came up empty. Even on an unannounced, surprise, security audit.

Naturally, neither David no myself will reveal the name of the customer... because bragging about an unbreakable system is the surest way to attract the wrong attention... but if a legitimate analyst or existing Oracle customer would like to chat with these folks, Dave could facilitate a connection.

So, I caught wind of the release of the Google App Engine late last night... which is a web development framework that allows you to run your entire application inside Google's infrastructure!

This is huge... its like saying, "why run your web site on some random hosting company, when you can run it inside frigging Google?" Google manages your uptime, backups, and allows it to scale to Google-sized proportions. Its cloud computing to the max. Not only does it do virtualization of your data storage (like Amazon S3 and SimpleDB), but you can also host your application itself in Google's environment! Your code is virtualized across hundreds of servers. If any one of them crashes, who cares? Your app will keep chugging along.

I got on their waiting list as soon as their site was available at 11pm. A half hour later, I was greeted with a 'welcome' email from Google, but by that time I was a tad sleepy to check it out... I'm lucky, this was a preview release for only the first 10,000 folks. Register now: there still might be time.

Of course, there are a few gotchas:

• It only supports apps written in Python. No Java, no C, no .NET. Although, Python rocks...
• The best web application framework option is Django... which is an awesomely elegant framework, similar in philosophy to Ruby On Rails. Existing Django apps can be ported in minutes.
• You cannot write to the file system, you have to use the Google Datastore API
• If your web request takes more than a few seconds to respond, Google will kill the process, and send back an error... so I don't know how they do batch processes...
• Google owns your ass even more.

I'm happy about this... I think its a huge validation of the direction Oracle is going with their Coherence application & storage virtualization engine (which does work with Java ;). It's also some nice competition to the Amazon S3 and SimpleDB services... not to mention a huge validation of the Python language and Django framework.

I also let out a hearty guffaw at those who mocked me for my insistence that Python and Django was the superior framework... Google will certainly be ramping this up soon, and it certainly will be reasonably priced. If you're starting from zero, I can't think of a better way to go than Python and Django. Forget Ruby, forget Rails, forget PHP, forget .NET, forget Java. Enterprise companies who want control over their data, and already have a large middleware investment should use Oracle Coherence or something similar... and use the web framework just for the front-end.

Unsure what the implications are for SOAs...

The people hardest hit by this will those dedicated to the LAMP stack at cheap web hosting companies. In other words, those folks who set up a Linux, Apache, MySql, and PHP environment, and try to keep the dang thing running... which is a ton of effort, and difficult to scale. Small companies want uptime and scalability as much as the big boys, and virtualization (aka cloud computing) is the way of the future.

Middleware that cannot be easily virtualized will die on the vine...

On April 1st, Google announced that their Google Docs application now works offline.

This is kind of the direction that people have been taking for a while... being able to use Rich Internet Application technology like Adobe AIR to work on web forms, but take them offline for later viewing. However, Google decided to take an oddly different approach.

They decided to use Google Gears, which is a combination of a browser plug-in, a mini web server, and a SQL database. You don't need to use Java or Flash in order to save data to the database, you just use standard JavaScript calls.

Its like AJAX on crack. And if done right, it could break down even more walled gardens than Web 2.0 did.

Currently, Google Gears is only in its 0.2 release: very very very beta. Not like GMail beta, or Google Docs beta... but so beta that maybe they should call it alpha or something. What I found interesting was the possible effect this strategy will have on the rest of Google's applications. Take Spreadsheets offline? How about my Analytics data? Why not GMail? The process would be this:

• Connect to your Google online app.
• Use Gears to synchronize your local database with Google data.
• Take your application offline.
• Run everything you need by connecting to the Gears web server, and getting back chunks of HTML/XML.

Now... What happens when you add Greasemonkey to the mix?

Greasemonkey is a popular little application that allows you to inject custom HTML and JavaScript into other people's web sites. Do you want an extra link on the home page to take you directly to the latest news? No problem. Don't like the way GMail organizes its buttons? Re-arrange them. Hate the look and feel of a site? Use a custom stylesheet.

Don't like how GMail organizes its back-end data store? Well, too bad, you can't use Greasemonkey to force GMail to store or retrieve your data differently... that is, unless Gmail uses Gears!

If so, I could inject custom code to not only synchronize with my online database, but store it however I want. Previously, Greasemonkey could only access existing content -- provided it was available through AJAX or Remote Scripting. But when combined with Gears, Greasemonkey scripts can perform radical analysis of web content, and store the processed information locally! It can also synchronize back to the main site, for proper online storage...

In effect, Greasemonkey allows end users to inject customized code for web page display... but Greasemonkey plus Gears allows you to inject a whole custom web application! So what??? Well, imagine being able to do this:

• Use GMail to store up all the email questions and answers on a community group. Use Greasemonkey to keep a running count of who helps answers questions (gurus), versus who just demands answers (leeches)... then avoid helping the leeches.
• Use a Greasemonkey script to run custom reports based on Google Analytics data, and present it right in the browser.
• Create an offline Google Spreadsheet with Gears. Then, go to any one of the popular online polling apps (Surveymonkey) or web form designers (Wufoo). Use a Greasemonkey script to access the raw data from the reports, process it, and inject it into a Google Spreadsheet. Sync the offline spreadsheet with Google. and now the report is online for all to see!
• Transfer information from one site -- say Facebook -- into any other site -- say LinkedIn -- without having to use their proprietary APIs, or let the sites know the password for the other site! Just use a Greasemonkey spider to grab the information, store it locally, and upload it when appropriate.

Naturally... the security risks are profound... If Gears ever got popular, a little JavaScript on an evil site could read much more than just your cookies... So its important to lock down the ability for one site to read another site's database. However, we should probably relax access for things like cross-site Greasemonkey, otherwise we'll miss out on most of the value of Gears.

Will it bring about the next gen of the web? Web 3.0? Web 4.5? Maybe web candle plus monkey? We'll see what happens in Gears 0.3...

UPDATE: Jake had the suggestion that it might be more useful to use Mozilla Prism with Greasemonkey, as opposed to Google Gears. Lifehacker recently profiled Prism. That depends on how this plays out... Prism would work great for Firefox-based rich internet apps... whereas Adobe AIR and Google Gears would be more cross-platform. If you want iPhone support, you'll need Safari. Although at present Prism is more feature complete than Gears.

Overall, I think Google Gears is going in a better direction than AIR or Prism, because they are following the maxim don't break the web!... but time will tell if they can actually deliver.

An interesting new book by Bill Price -- the former VP of Customer Service at Amazon.com -- as interviewed by Guy Kawasaki:

Customers don't want to call their bank or email their online retailer if something's confusing or if there's an error--instead, everything should work perfectly in the first place. A recent survey cited 75% of CEOs proclaiming that their companies provide above average customer service, yet almost 60% of customers said that they were "somewhat to extremely dissatisfied" with their most recent customer service experience.

Almost a tautology... if everything worked perfectly we wouldn't need customer service... therefore the best option is to never have it... erm... hookay.

Seriously tho, he has a point. If the goal is amazing customer satisfaction, then all departments need to work together to achieve it. From the developer's perspective, we knew very few people read the documentation or run proof-of-concepts, so support calls were inevitable. Unfortunately, we saw this as inevitable, and became cynical...

Customer:  My software doesn't work right after I patched it!
Developer: Did you read the 'readme.txt' for the patch? Its a whole whopping 3 pages long.
Customer:  No...
Developer: Call support.

In retrospect, I now realize that all it would take is a tiny adjustment to massively improve the customer experience: make documentation that is enjoyable to read, or make it brain dead easy to whip out a test box or a proof-of-concept. Naturally, doing either of those had their own internal political implications... so its needs to be a goal that everybody agrees to. Development, documentation, support, consulting, marketing, and sales.

When you think you might be off track, just ask yourself this question: How does this help our customers kick ass? That should set you right again... (Hat tip: Kathy Sierra)

Most companies actually haven't done the math to deliver Best Service because Best Service is always cheaper--or they do the wrong math. It's not just "cost of making bad or confusing product compared to a good product versus associated cost of service." ... Mobile phone companies don't even want you to know what you are really paying and invented new math: "$200 free calls on your $50 a month plan", but it's much more complex even than that when you read the small print. On the other hand, MCI in the old days, and Telstra today, analyze call pattern and then call their customers to recommend a LOWER-rate plan. That's we like: being proactive, a core part of Best Service.

*pffft!* *cough!* Excuse me while I wipe the tea off my monitor...

Holy crap, a cell phone company that helps their customers spend less on their calling plan? At first, this sounds crazy... Like any company that followed it would lose margins and go out of business. But would they? These days cell phone companies are trying desperately to retain customers. A tiny bit of goodwill like this can go a long way towards brand loyalty. Save them $5 per month, and they'll probably stick around for another year.

Similarly, when Amazon is unable to deliver a product when it originally promised, it sends out an "I'm Sorry" email, allowing the customer to cancel their order. They suggest that if the person absolutely needs it right away, they should cancel the order, and buy from someone else. Very few people cancel... but they all became more loyal customers.

Naturally, this book is better for business-to-customer interactions, and probably less for business-to-business... but a compelling read.

James responds... to my latest security rant, with a lot of good points. I think this point here is the best:

Have you ever noodled that as data flows from one system to another within an SOA, but the security model doesn't, that this is another attack vector? For example, what if I have access to data in a policy administration system such that I can figure out if you are insuring an auto that your wife doesn't know about but couldn't do the same in a claims administration system? I bet you can envision scenarios when you integrate a BPM engine with an ECM engine that security becomes weaker.

Absolutely... unfortunately, this is an amazingly difficult problem. Its not really the realm of ECM or BPM to solve it... rather, the best thing that we can do is not get in the way. Let the experts solve that one, and then integrate as well as possible with global policy management systems.

My suggestion is this:

1. Implement a policy-based security model in your application (ECM/BPM).
2. Loosely couple your application with an identity management system, so you can access a global security policy.
3. Place extra hooks -- and allow people to "inject" new hooks -- that allow additional security callbacks to arbitrarily re-validate both credentials and access rights.
4. Optionally, map the global policy and list of access rights to a policy more relevant to your application, and allow access by "local" users not in the global repository.

Most applications in the Oracle ECM stack follow this methodology... but I can't vouch for all Oracle applications. I like it, because its flexible enough to 'slave' yourself to an identity management system, and yet still have some local control over access rights if you want to 'boost' somebody's credentials.

I think it would be great if Oracle chose to augment this model to add support for a policy auditing standard... but I have no idea if anybody is asking for one, and if so, which one? I'm positive James has an opinion... I'm a fan of just using Business Intelligence to do the reporting, since (again) you can "sneak-in" better security along with the latest buzzword ;-)

Sub-optimal? Of course... but anything that makes security look less like a cost-center is good...

I also like the concept of Oracle's magic black box for identity services. That would make it easier for developers to create policy-based security models, that (in theory) would work with old, new, and emerging standards alike (XACML, CardSpace, OpenID, etc.). It's not that I don't like XACML, its simply that there are other horses in this race... and developers do not have the power to dictate architecture. We can suggest what works best, but in the end, the most sellable product will support them all.

I fully agree that #4 is a possible attack vector, which is why good access auditing and rights auditing tools are important... However, users frequently insist on local control of security rights, because there are many legitimate business cases where it isn't feasible to place all users in a global repository with the proper rights. Sometimes -- especially during mergers and acquisitions -- you want to keep the identities and access rights of these folks as secret as possible. Or, if your IT department has a 3-week waiting period for new users, but you need a contractor NOW for a 2 week project, guess what will happen?

I especially like how Oracle ECM implements #3... some of the more interesting aspects of the future of security involve multiple challenges for access. For example, assume a user has access to both mundane and highly restricted content, but her daily work is usually with the mundane. Now, at 7pm, she's suddenly accessing a ton of highly restricted content. Red flag! Even if her security tokens have not yet expired, a good security system would notice that this behavior is strange, and demand further authentication credentials... maybe the name of her first pet, or the manual-override PIN.

Anyway, Oracle ECM doesn't do any integrations like that as of yet, but it has the flexibility to do it... several identity management systems support that approach, and ECM is being positioned more and more as "infrastructure..." so I'd wager its only a matter of time.