October 2005 Archives

In the interests of helping U.S. companies better compete in the global marketplace, I pass along this valuable ecommerce tip: Many Britons like to get drunk and buy stuff online.

Actually, I do too, but I lack the purchasing power of a modern island nation.

According to this article on the British news site Netimperative, a survey commissioned by consumer behavior consulting firm Conchango reports:

A growing number of Britons are shopping online after one too many drinks, resulting in the spread of a new syndrome called BLOTO (Buying Loads Of Tat Online), according to new research.

Conchango's survey reveals that "7% of Britons know someone who has shopped online while under the influence," Netimperative writes. (I don't about you, but "know someone" to me sounds an awful lot like "I have this friend"...)

It gets better:

The survey also found that 6% of all Britons know someone who has shopped online in a state of undress.

Now that's sassy! (Note: I am fully clad as I write this.)

Here's the article's money quote, from Paul Dawson, head of customer experience at Conchango:

"In the past, experts have said that consumers are often put off shopping online through security fears. But it would appear that all caution is going out of the window following a drunken session."

Truer words were never spoken.

I know outsourcing and offshoring are serious issues for IT workers, especially those who have lost jobs or are worried they will, but here's a humorous Doonesbury cartoon that suggests a clever way to beat the system.

Back when Motorola and Apple were releasing an iTunes phone, I mentioned my belief that the tech industry gets wrapped up in itself with many of the products and services it develops.

The iTunes phone (a.k.a. the ROCKR) was being released with much fanfare despite research that suggested what people really wanted in a phone was simply a phone. And where is the ROCKR now? Probably on a shelf at the nearest Cingular dealer. It's the Edsel of cell phones.

I'm not trying to sell myself as an oracle (note the small "O"), but one of my favorite things about the Internet and blogging is how easy it makes it to find someone who agrees with you. In this case, his name is Matt Asay and he's got a blog that focuses mostly on open source issues. Last week, he wrote a nice little essay called Self Indulgence and Silicon Valley.

Living in Silicon Valley, it's easy to forget this simple fact: no one else cares about technology as much as the Valley's denizens do. No one. Other people make money in other ways, and so technology doesn't live front and center in their lives. It's a complement, at times, but not their lifeblood.

Matt's motivation wasn't the ROCKR, but rather the release of the Flock browser, a Web 2.0 creation chock full of social networking tools.

Silicon Valley lives in a technology cocoon — a bubble that shields it from thinking about the real world, about real customers. Fortunately, the Valley has a few airports which provide the opportunity to take field trips to meet real people, but things like Flock make me think the Valley just doesn't get outside of itself enough.

Matt supports his point by talking about the billboards on Highway 101, the main route through Silicon Valley. They're all advertising tech companies. Meanwhile, the billboards I see on the way to work advertise beer, people that paint houses, and casinos. You know, the stuff the rest of America does when it has some time and money to spend.

Thanks to Carsten Pedersen for the link.

Katherine Spencer Lee, the executive director of Robert Half Technology, stepped up to the plate over at CIO Update last week to write about five types of poor management styles.

The five she lists, and we've all known at least one of them, are:

• The Micromanager
  
• The Best Buddy
  
• The Invisible Boss
  
• The Dreamer
  
• The Read My Mind Boss

I'm sure most of us can add to this list as well.

What most people need, especially if they suffer from one of the aforementioned afflictions, are more tips on being a good manager, and fewer enumerations of what makes a bad manager. So allow me to take a stab at reading between the lines.

The central theme of the five problems Lee lists are related to communication: either too much communication, not enough communication, or not the right kind of communication. If you're an effective communicator, your chances of being a good leader increase significantly.

Well, it's not the death ray I would have preferred, but the Anti-Spyware Coalition has put the finishing touches on tools it hopes will aid in the collective fight against spyware.

The ASC has published a Definition of Terms and a risk-modeling document -- the former to give vendors and users a much-needed common language and the latter to determine if a piece of code is spyware.

In a show of admirable restraint, none of the spyware definitions included expletives.

The ASC also provides some handy tips for fighting spyware, and Intranet Journal offers its own comprehensive spyware guide, which does contain expletives.

It's not the next edition of Geraldo, this one comes from Gartner.

Our own Sharon Gaudin recently spoke with Linda Cohen, a vice president and chief of research at Gartner, about outsourcing. The result is an interesting story on the Datamation site today.

I've seen the outsourcing story done from all the usual angles: whether or not it saves money; whether it's right for your company; and whether the risks are worth it. Those stories have been done over and over. What's new here, to me anyway, is the mention of an outsourcing addiction in which executives seem to be doing it because the cool kids are doing it, and it's not helping their organizations.

"Today, outsourcing is applied to basically be a remedy for cost problems or assumed cost problems," adds Cohen. "The thought is if they outsource this, it will be cheaper. And that's not usually the case. We've gotten to a state of compulsive outsourcing. It's this need to outsource because everybody else is doing it... It's keeping up with the Joneses. If my competition is doing it, then we better do more of it."

If you know an executive trying to fight off an addiction to outsourcing, try to get them to focus on the number three. There are, according to Cohen, three reasons to outsource:

• Cost Improvement
  
• Operations Improvement
  
• Business Performance Improvement
  

It's that first reason that executives fall in love with; then they end up ignoring the other two. The other important three is three years:

And while outsourcing and offshoring might save a company money in the short run, it's often not a lasting result, according to Cohen, who says many companies will save money the first year. If a company was in really bad shape before they outsourced some work, they might save money for two years. However, when the deal hits the third-year mark, things tend to blow up, says Cohen.

Remember, there's help for everyone.

U.S. Census Department statistics on household Internet usage show an online nation divided along economic and educational lines.

The numbers are from an October 2003 survey, the latest figures available from the federal government.

The good news is that, even in the poorest states (with one exception, barely), more than four out of 10 households are connected to the Internet. The bad news is that they're still well behind the more affluent states.

Here are the top five states in terms of percentage of households online, followed in parentheses by the state's ranking in terms of median household income:

Alaska -- 68.5 (4)
New Hampshire -- 65.5 (3)
Colorado -- 63.4 (10)
Connecticut -- 62.9 (5)
Utah -- 62.6 (12)

Now here are the bottom five, along with their median household income ranking in parentheses:

Mississippi -- 39.5 (49)
Arkansas -- 42.3 (48)
Louisiana -- 44.1 (47)
New Mexico -- 44.8 (45)
Alabama -- 45.8 (43)

The PDF file of the Census Department report contains a number of fascinating charts and graphs breaking down Internet by a wide range of demographics. Here are a few items of interest:

The highest level of Internet usage, in any demographic category, is by households with incomes of $100,000 or more: 92.2 percent

People who haven't graduated from high school comprise the lowest level of Internet usage (20.2 percent)

The top region is the West, at 59.2 percent household Internet usage

I was talking to a friend who works in IT a few weeks back. He was visiting a client that's in an industry famous for its tight security measures, which in this case included random password generation. What they found, however, was the passwords were being kept on sticky notes under the keyboards.

There is an informative thread over at AntiOnline that takes a look at what makes a good password. (Scroll down below the initial tongue-lashing.) Chances are the end-users in your organization don't know (or just don't practice it), so here's your chance to pass along some information that will benefit all involved.

These particular examples rely heavily on character substitution.

When determining your new password think of common words phrases you will remember, a method of selecting characters from those phrases, and then your method of character substitution. When it is time to change your password again you can keep the same methods for substitution and selecting characters (obviously do not tell them to anyone else) and just select a new word or phrase.

One of the easier character substitution methods I've heard is to take a dictionary word you'll easily remember then move each letter down one in the alphabet. A becomes B and B becomes C and so on. Then you add a number and special character in there, and you have a password.

Just yesterday Microsoft found itself being admonished in a courtroom for bad behavior. Now it turns out Redmond also has been in court recently on a different matter, but this time as a force for justice.

Microsoft announced Thursday that it filed suit in August against 13 spamming operations that utilize "zombies" -- malware-infected PCs used to send millions of spam emails. The company is working with the Federal Trade Commission to combat spam zombies, whose cursed existence threaten everything that is good about the Internet.

It's not Redmond's first legal offensive against spammers. The company has sued spammers for labeling violations under the Can-Spam Act.

But Microsoft officials are convinced that zombies are responsible for more than half of all email spam. Tim Cranton, Microsoft's director of Internet Safety Enforcement Programs, said:

"We believe there are tens of millions of zombie computers out there."

Is yours one of them?

Consumers have always enjoyed using the Web to browse for things they want and then going to buy them offline. I remember writing about such behavior back when I wrote about Internet market research for CyberAtlas in the late 90s. We may see more of this behavior this holiday season.

Brian Krebs over at the Washington Post's Security Fix blog wrote yesterday about a Consumer Reports study that found 25 percent of Internet users no longer shop online because of fears over identity theft and fraud.

Nearly nine out of ten said they had made changes to their behavior online due to the fear of ID theft, and of those changes, 30 percent said they had reduced their overall use of the Internet. Among those surveyed who said they have shopped online (77 percent), 29 percent said they have cut back on how often they buy things over the Internet.

This is interesting. A lot of the problems with identity theft and online fraud are more perception than reality. And who is doing a lot of the scaring of these consumers? Well, you can blame the media. You can blame the FTC and its misleading numbers on identity theft. But you also have to blame the credit card companies and banks that issue them because their ads for ID theft protection features create a panic.

Those same credit card companies, however, make money when people make transactions. Online shopping, as we all know, is done almost entirely by credit card. Talk about shooting yourself in the foot.

It may not be a huge deal for retailers with an offline presence. (Even though your identity can be stolen offline, consumers feel safer about being there.) But you have to wonder how much this type of consumer behavior comes into play when you see Amazon giving lower fourth quarter guidance.

There was a time I guess, though I don't remember it myself, when an executive who wanted to get a message out to his employees got everyone together in person in what they called a "meeting."

OK, I'm not that young. We had in-person meetings at my first job. But what about geographically dispersed organizations? What about when the boss is on the road and wants to send a message to everyone?

The Evolution of Corporate Communications is a new article by Paul Chin on our Intranet Journal site, and it discusses some of the new ways to spread the word among the rank and file.

Not only do many corporations have intranets, but they're now using tools like RSS feeds and podcasts because e-mail has proven, largely, to be a failure. Even before e-mail was ruined by spam and chain mails, communicating to employees was never easy.

Trying to get a message across to every employee in an organization is a lot like trying to control kids in a school bus: some will listen; some will hear but misunderstand the message; and some will ignore the message altogether and later complain, "But nobody told me."

Who knows? A new way to deliver the message just might give it some attention.

Either there's been a terrible misunderstanding or spam has taken a dangerous new turn.

From our friends at Techdirt comes a bizarre tale of a Swedish programmer who reportedly was arrested in Greece "after some people he met (in person) received some spam -- and accused him of sending it."

As Techdirt accurately notes, "the details are a bit muddled," but the gist of the story -- as told by the programmer's wife -- seems to be that:

Rick (the programmer) met some people, who later all received nearly identical spam. They immediately assumed that since they had met Rick together, and they all received the same spam, it must be his fault.

Talk about an open-and-shut case! Let's hope our Swedish programmer gets a good lawyer. In the meantime, I've got to fend off a spam attack, no doubt perpetrated by the guy I bought coffee from this morning. That bastard!

Microsoft got a little scolding from a federal judge today for seemingly reverting to its bullying behavior of yore, which I wrote about last week.

At a status conference in connection with Microsoft's 2002 anti-trust settlement, U.S. District Judge Colleen Kollar-Kotelly said:

"It seems to me that at this date, you should not be having something like this occur."

The "something like this" was drafting a restrictive marketing agreement with portable music player manufacturers that essentially said: If you want to use Windows Media Player in a software package, you can't use any other media player software.

But after the draft agreement came to the attention of the U.S. Department of Justice, Microsoft quickly backtracked and never sent out that version of the document.

At today's hearing, a Microsoft attorney dismissed concerns about a monopolistic relapse, blaming the mistake on "a low-level business person," a new hire who didn't understand the ramifications of the DoJ settlement.

Brownie?

Keeping employee morale high is an especially daunting challenge in these times of short staffs, long hours and questionable career prospects.

Over at ITtoolkit.com there's a good piece on managing staff burnout. (If you're already a member of the site, you can read it here. Otherwise, you have to join; it's free.)

The article includes a staff burnout "warning sign checklist." Among the things to watch for:

Sudden attendance problems

A decrease in productivity and performance

Withdrawal from co-workers

Open anger and hostility

That's a good list, but I've thought of some other sure signs an IT worker is burned out:

Deterioration in quality of personal blog written on company time

Makes Monster.com home page on office computer

Begins "liquid lunch" at 10 a.m.; not seen again

Refers to IT colleagues as "a bunch of damned geeks"

Claims office "March Madness" pool is "fixed"

"Windows, Linux, what's the difference?"

Then do I have a deal for you. How about a free report from Brenda Michelson, the architect-in-residence for the Patricia Seybold Group?

In her blog this week, Brenda excerpts a new report she wrote on Open Source Considerations. It's not about whether you should use open source, because in some areas — like Apache for Web servers — open source has become a de facto standard and you're probably already using it. The report focuses more on where it makes sense to use open source in your organization.

I believe open source absolutely has a place in the enterprise; and that enterprises have some responsibility to contribute back (resources, code) to the open source community. Of course, on both ends, you need to be smart. Understand the implications of licensing, IP (yours and theirs), support (yours and theirs), code quality, security and stability, project adoption and longevity, and total cost — because nothing is really free.

Some would say that goes for the report too, since you do have to create an account with your information to download it, but there is no charge.

Thanks to Steven O'Grady for the link.

We're not as far removed from first grade as you might believe. There is a premium placed on people who know things. We don't like to share or collaborate. We like to get credit when things go well.

Our organizations need collaboration to thrive, but humans are pretty territorial when it comes to information.

Scott Berkun has a good post today on the right way to develop requirements. He's talking about software and Web development here, but it can be applied to all sorts of stuff in IT.

Requirements should be built in the open, with invitations to designers of all kinds to vet out requirements early on with rough prototypes and mock-ups to prove (or disprove) the assumptions made by the requirements. If quality requirements are the goal, there is every motivation to involve the people who will do the work in the their definition.

Scott also provides an example on how not to collaborate on a requirements project:

One of the things stupid people do is this: Person A (aka Mr. stupid) writes a requirements document. He makes it super detailed and 50 pages long. He then throws it blindly over a wall (thud!) to person B and says "Do this."

Thanks to James Robertson for the link.

Want to ascend to a higher level of digital being? Buy an iPod.

A new survey by market research firm Intelliseek concludes that users of Apple's wildly popular portable device "are a highly influential, wired, content-creating group."

What powers do they wield? According to Intelliseek, iPod users are:

Twice as likely to have authored a blog than consumers who do not own MP3 players

2.5 times as likely to exchange text messages on cellular phones

Three times as likely to take photos with a camera phone

Three times as likely to download video clips and movies to a personal computer

Significantly more likely to own digital video recorders, personal digital assistants, digital cameras, laptop computers and cell phones than non-iPod owners.

So there it is: iPod owners are masters of the digital domain. The rest of us, mere mortals.

Are you wasting valuable work time reading this blog? Of course not!

At least not if you're an IT manager because this, as the orange banner tells us, is an "IT Management Blog." And reading work-related blogs inarguably is a form of professional development.

But according to a survey reported in AdAge (free subscription), most of the blog-crawling done by American workers on the clock is, to use the technical term, "goofing off."

And a lot of goofing off it is. From the AdAge article:

About 35 million workers -- one in four people in the labor force -- visit blogs and on average spend 3.5 hours, or 9%, of the work week engaged with them, according to Advertising Age’s analysis.

Further, the article reports, a rough drill-down of the numbers shows that "just 25% of blog visits directly connect to the job."

Which means that by being here, you're just doing your job. Well done, my industrious friends!

For those at-work readers who aren't IT managers (or even in IT), well, you're goofing off.

(Thanks to Heather Green of BusinessWeek's Blogspotting for the heads-up.)

I've covered content management technologies enough to know that the market seems to always be in some sort of chaos.

The gang over at Jupiter Research said last year that 60 percent of organizations manually update their content manually, despite the presence of a Web content management system. A Forrester survey from January found that many organizations are unhappy with their implementations, and are planning to extend their deployments with a different vendor.

Tony Byrne of CMSWatch, who probably knows more about the Web content management space than anyone, wrote about stating the business case for WCM in the latest issue of AIIM's E-Doc magazine.

In general, the promise of financial benefits of a WCMS is real but must be tempered by the ongoing requirement to pay for maintaining and improving the WCMS itself, as well as the potential for cost overruns if the solution is mismatched to your needs (a woefully common experience).

One of the most popular selling points for WCM, and Tony points it out, is putting control of the content in the hands of the business people. If it's done properly, that's one more menial task that can be taken out of the IT department.

If there's one thing I've learned by blogging on IT management topics, it's that certain topics are constantly getting hammered home — especially when it's an attempt to improve communications between CIOs and CEOs.

Last week, Mark McDonald, Gartner group vice president and analyst, presented Gartner's 2005 CIO Agenda, which is based on surveys and interviews with more than 1,300 CIOs and is an annual practice going back to 1998.

McDonald's take on improving the communication between the CIO and CEO is to keep it simple and remove the tech speak.

"We have one client who cut their order-to-ship time from 13 from three days," McDonald said. "The cost goes down and the customer service improves." That company's CIO, McDonald said, could point to results that any CEO would understand, and appreciate. And it was simple, he said. "First, they deleted old code. And they changed the frequency of batch. Those two changes pulled 10 days out of the cycle."

The point is the CEO probably doesn't care about the code and the batch, but he or she does care about the 10 days being saved in the process.

The CIO Agenda also found that business intelligence and security were the top spending priorities for CIOs in 2005, and it outlined six priorities for the coming year, including (what else) management of the CIO-CEO relationship.

Thanks to Shared Spaces for the link.

To go along with my earlier post about the U.S. government spying on us online...

We have this from SiliconBeat's Matt Marshall about the CIA's (yes, that CIA) venture capital investments and this in the San Jose Mercury News about a federally funded research project at Stanford to dramatically improve the government-created global positioning system (GPS):

The interdisciplinary research center wants to create a navigation system capable of locating objects within one centimeter, or less than half an inch. The center hopes to achieve that goal within the next 20 years.

Is it me, or are these the "takeaways" for today?...

1. The U.S. government wants the ability to secretly monitor anyone online.

2. The CIA is investing in wireless and sensor technology to, as SiliconBeat reported, "aid in urban area military operations -- from Baghdad to Kabul or wherever else the nation's troops are working."

3. Within two decades the government's GPS system will have the ability to pinpoint the location of an object -- or person! -- within a half-inch.

But let's not get carried away. Knowing these things shouldn't make us worry. It's the stuff we don't know about that should.

Sure, they built it and think they have the right to control it. But should the U.S. government be able to force others to spend billions on network upgrades so law enforcement can spy on users?

Sounds like the kind of scenario one reads about when visiting the more paranoid corners of cyberspace. Yet there it is in the regular, non-paranoid news:

The federal government, vastly extending the reach of an 11-year-old law, is requiring hundreds of universities, online communications companies and cities to overhaul their Internet computer networks to make it easier for law enforcement authorities to monitor e-mail and other online communications.

The action, which the government says is intended to help catch terrorists and other criminals, has unleashed protests and the threat of lawsuits from universities, which argue that it will cost them at least $7 billion while doing little to apprehend lawbreakers.

You'd think the government would want to help out cash-strapped universities and municipalities by offering to pay for their own spying program. Oh yes, there's that record deficit thing.

The universities aren't challenging the order on civil-liberties grounds because, thankfully, the U.S. government wouldn't think of beginning surveillance without first getting a court order. Right?

Hmm. Maybe we should be paranoid.

I read the book Freakonomics this weekend, so you'll have to forgive me if I sound like I'm looking for a conspiracy theory here. I'm not. It's just that the numbers we have thrown at us on a daily basis rarely mean what we're told they mean. That's the central theme of Freakonomics, and it's pretty often the case if you look closely.

CNET this morning, as part of a package of stories and features about identity theft, has a story about separating the myth from the reality when it comes to stolen identities. It begins with the tale of a young woman whose information was on a laptop stolen at the University of California.

I can relate to her. I received a letter from my alma mater saying that my personal information (as someone who donated money) had been compromised. But the same thing happened to me that happened to the woman in the story: nothing. In fact, only 2 percent of the information taken in a data compromise is ever used.

All of the noise we hear about identity theft, some of which comes from credit card companies trying to sell identity protection products, obscures a basic fact: identity theft is exceedingly rare. The truth is, consumers are much more likely to fall victim to identity theft offline than they are online.

Moreover, in those cases when online consumers do fall victim to fraud, they find out faster and suffer much lower financial losses than victims who relied on more traditional means of interaction, such as paper statements from banks--an average per incident of $551 as opposed to $4,543, according to the Javelin survey.

An often cited number when it comes to the so-called identity theft epidemic is the FTC's 10 million cases number from 2003. But one-third of those cases are actually credit card fraud — something credit card companies live with, issue refunds for, and view as the cost of doing business.

When I spoke to analysts from TowerGroup last year on this subject, they explained the FTC's numbers this way: If there are 100 million people in the U.S. that have credit (you remove all of the kids and people who don't use credit), and there are 10 million cases of identity theft each year, then within 10 years we shouldn't be able to figure who is who. It's just not the case.

The Mission: To develop ground-breaking information processes or software applications for the healthcare or education fields.

The Caveat: The stuff you create must be based on industry-accepted standards.

Your Assets: Your imagination, your coding ability, and free access to 45,000 IBM patents.

What's In It for You: You help bring education and healthcare technology standards up a notch and create systems and standards that allow interoperability, and IBM won't get in the way by looking for royalties on the patents you use.

What's In It for IBM: Advances in interoperability open the door for IBM to market grid systems, business process consulting, and SOAs to people.

I just learned less than two weeks ago that IBM is the top patent-holder in the U.S. and now they're giving the place away.

Gary Stein over at Jupiter Research links to a video by Microsoft that offers a behind-the-scenes look at the company's We-SYP program.

Standing for We Share Your Pain, it allows users to physically torture Microsoft developers responsible for program errors.

You gotta love British humo(u)r...

You'd think Microsoft would know better, especially now that Google's phenomenal success gives Redmond an excellent opportunity to play the beleaguered underdog.

Yet according to this IDG News Service story, Microsoft just can't shake that bully complex. Recently the company demanded that manufacturers of portable music players who want to include Windows Media Player (WMP) in software bundles use only WMP, none of this RealPlayer or QuickTime nonsense.

The bully backed down after someone told its parole officer -- that is, after an unnamed competitor filed a complaint with the U.S. Department of Justice. The DOJ has been monitoring Microsoft's behavior and issuing compliance reports twice a year since negotiating an anti-trust settlement with the company in 2002.

The DOJ called Microsoft's efforts to muscle portable music player makers "unfortunate," though it declined to take action in the matter. Still, Microsoft would be well-advised to lay off the strong-arm tactics; while the sanctions are scheduled to end in 2007, they can be extended if the court finds reason.

Everyone in IT Management knows disputes between the IT staff and the corporate customers are going to happen. Writing in IT Manager's Journal this week, John Murray suggests appointing an ombudsman to act as an arbitrator in such cases.

Turning to an IT ombudsman to mitigate difficulties between the IT department and its customers can reduce the level of hostility within those groups. The salient question, of course, is "Will it work?" As is true with so much else in the relationships between IT and its customers, much will depend upon the culture of the organization. When those involved, including senior management, recognize the problems and commit to improvement, moving to an ombudsman can produce results.

My first thought is that we're looking for the Tom Smykowski character from Office Space; the one who tells the consultants he deals with the customers for the engineers because he has "people skills." Yeah, he got laid off.

It's possible, I suppose, that an ombudsman might work in some organizations. But we're talking about a problem here that could be handled by managers with strong leadership skills, strong communications skills, and a solid background in requirements gathering and project management.

I've always been big on efficiency myself, so an ombudsman doesn't seem like a great way to solve such problems to me.

It's been a big week for PHP, which is saying a lot because programming languages don't often have big weeks like, say, a baseball team does. The Zend/PHP Conference is wrapping up today, so let's take a second to review some of the news.

First, there was the announcement of the Zend PHP Framework, which fans of the LAMP (Linux, Apache/MySQL/PHP) application stack hope will push PHP into serious competition with .NET and J2EE.

The Zend PHP Framework is an effort to create a body of PHP code that standardizes PHP application development. It's envisioned to provide services as well as structure enabling developers to build and deploy mission critical PHP Web applications.

In a speech at the conference, Marc Andreessen touted PHP and dissed Java, which he said started strong in the 90s because it was optimized for programmers, not machines.

"Java is much more programmer-friendly than C or C++, or was for a few years there until they made just as complicated. It's become arguably even harder to learn than C++," Andreessen said. And the mantle of simplicity is being passed on: "PHP is such is an easier environment to develop in than Java."

Speaking of simplicity, RedMonk's Stephen O'Grady gave a presentation at the conference on the simplicity of PHP, and has made available the brilliantly minimalist slides via his blog. They include a quote from some guy named Gates about using less code.

A lot of IT managers say they are disappointed in their chosen profession and wouldn't recommend it to anyone, not even the geeks they know.

For those IT pros looking to make a change, this is the first in an occasional series exploring jobs in other fields.

I know spam isn't a living, breathing entity, and I'm reasonably certain spammers have no souls, but it occurred to me recently that you could use the existence of spam as a cyber-ontological argument for the theory of evolution, now being challenged in a Pennsylvania courtroom.

For what more is spam than a collective organism able to adapt itself to survive -– indeed, to thrive -– in a rapidly changing, hostile digital environment? Email spam, newsgroup spam, blog spam and, now, splogs -- all are mutations that evolved to ensure continuation of the species.

Yet how could such an insidious scourge so skillfully and consistently defeat our most sophisticated defense mechanisms, if not for the invisible guiding hand of an intelligent force, a creator? In this case, a malevolent, disturbed creator.

OK, so I don't have much to blog about today.

Something new is brewing in the open-source world, and it's making the pages of a lot of technology Web sites and magazines lately.

I'm talking about Alfresco, an open-source content repository that had a preview release back in June and should debut before the end of this year. Content management is hardly the type of application that gets the blood flowing for most, but there are a few things about Alfresco that make it a good story and a product worth watching.

As P.G. Daly pointed out in our story on Intranet Journal, Alfresco was founded by John Newton, co-founder of Documentum, and John Powell, former COO of Business Objects. It has backing from some major VCs as well.

Unlike other open-source content management applications, Alfresco is focused on document management. While it's short on some of the features that a more-established application like FileNet has, it does include workflow, metadata support, hierarchical folder structure, rules-driven processing, content classification, indexing, and retrieval. It looks and acts like a shared drive.

Tony Byrne of CMSWatch told Computerworld that Alfresco "is initially targeting very simple document-collaboration scenarios of the type that SharePoint has addressed so successfully." Sticking with the open source vs. Microsoft theme, InfoWorld asked if Alfresco was the SharePoint killer.

I suppose if Alfresco really takes off, it could become to document management what Apache became to Web servers: the open-source, default option. How large and useful the community that surrounds Alfresco becomes will go a long way to determining how far it goes. Clearly, a lot of people are watching.

I was waiting this week for a security expert like Bruce Schneier to share his thoughts on the recent call for two-factor authentication for U.S. bank Web sites. It didn't take too long.

If you read Schneier's stuff regularly, you won't be surprised that he thinks two-factor authentication will just make criminals change their tactics, and thus accomplish nothing. He's often made the same observation about security at the airports and at public buildings since Sept. 11.

In saying that two-factor authentication won't help the problem in the long-term, Schneier links to two old posts of his. In March, he explained further why it won't work:

Two-factor authentication is not useless. It works for local login, and it works within some corporate networks. But it won't work for remote authentication over the Internet. I predict that banks and other financial institutions will spend millions outfitting their users with two-factor authentication tokens. Early adopters of this technology may very well experience a significant drop in fraud for a while as attackers move to easier targets, but in the end there will be a negligible drop in the amount of fraud and identity theft.

In April, he said that what will help is holding the banks more responsible, much like we do with credit card companies (I fixed a couple of typos in this quote):

Fraudulent transactions have nothing to do with the legitimate account holders. Criminals impersonate legitimate users to financial institutions. That means that any solution can't involve the account holders. That leaves only one reasonable answer: financial institutions need to be liable for fraudulent transactions. They need to be liable for sending erroneous information to credit bureaus based on fraudulent transactions.

Credit card companies have learned to deal with a certain amount of fraud as the cost of doing business. They rarely authenticate anyone, especially since purchases online and over the phone have taken off. By setting transaction limits or giving more time for transactions to clear, Schneier says banks can work the same way.

I would ask how bad the problem has to get before they're willing to make such a move; especially once they invest millions in two-factor authentication.

It's hard not to get the impression that Steve Ballmer would have been successful selling anything besides Microsoft products. A churning urn of combative enthusiasm and hubristic hyperbole, Ballmer is the entertainment high point of many a tech-industry conference.

Here he is delivering the keynote address at this week's annual Gartner Symposium in Orlando:

"We're at the beginning of 12 months of the greatest innovation pipeline that our company has ever had."

And:

"I think Office 12 will be the most exciting Office release we've had since Office 4."

That reference to Office 12 is memorable. In fact, it sounds much like these previous Ballmer quotes about Office versions past:

Oct. 21, 2003: "Today we're launching Microsoft Office System 2003 and I frankly think it is the most significant advance we've made in Microsoft Office in a long, long time."

Nov. 5, 2002: "In the next 12 months we'll ship our Office 11 product, which I think you'll find is really a huge step forward, a huge innovation for the information worker."

June 7, 1999: ..."so with Office 2000 we really do take a quantum leap forward"...

With that wild-eyed stare of his, Ballmer always appears to have just downed his eighth cup of coffee. Now I know why -- adrenaline alone isn't enough to keep up with all those huge leaps and steps.

Earlier in the month a study by AMR Research found the return on investment for RFID technology could be as much as 10 years away for some companies. No retailer has invested as much in RFID as Wal-Mart, which you can be sure didn't like that news.

This week we have a study that Wal-Mart no doubt likes much better. It is, we're told, an independent study, even though it was commissioned by Wal-Mart. It was released by the University of Arkansas, which is the state that Wal-Mart calls home and where Wal-Mart is the state's second largest employer (second only to the State of Arkansas). More specifically, it was done by the RFID Research Center that's part of the Sam M. Walton College of Business.

I'm not saying that the RFID didn't help keep items in Wal-Mart stores from going out-of-stock, which the study claims. And I'm not saying RFID didn't reduce excess inventory, which the study also claimed. I just didn't realize Fox News entered the market research business.

I also found the reaction of Gartner analyst Jeff Woods in the piece a bit odd. Woods said it was "admirable and beyond the call of duty" for Wal-Mart to release so much information about its RFID studies.

Gartner's Woods said that the study has essential implications for manufacturers, suggesting they could sell more in Wal-Mart stores if they have RFID tags on their products. "It also creates incentive for manufacturers to adopt RFID faster than their competitors," he said. "If their products have RFID tags and others don't, they will sell more and increase their brand loyalty."

This was hardly done for posterity. Wal-Mart has been having trouble getting its top 100 suppliers to go along with its RFID plans from day one. They've spent millions already on tags, readers, and software, and will have to spend much more in the future.

Back at the beginning of October, I mentioned that several people were saying the general sentiment at the Web 2.0 Conference out in San Francisco was that another Internet bubble could be forming.

There were plenty of VCs present at Web 2.0, and they spent plenty of time talking to entrepreneurs about "social applications" and next-generation Web thingys that some say lack a business plan. Oh, and Henry Blodget was there, and he said it seemed somewhat bubblish to him. One thinks he would know a bubble if he saw one.

Since some people say there's a bubble forming, and since the last time we saw a bubble form in this sector some people made some pretty risky moves to some pretty risky companies, I thought it would be good to link David Beisel's Genuine VC blog. This week, David provided