1. The relevance of enterprise architecture
2. The legacy of enterprise IT landscapes
3. The importance of data quality
4. The challenge of defining and aligning on the right requirements
5. The Embedding of IT in the enterprise and IT Strategy

1. The Relevance of Enterprise Architecture

Enterprise architecture, as in: the interaction between various systems, their interfaces and the definition and management of an overarching structure encompassing all systems of an enterprise, has not been covered in my studies. Architecture has been a topic of my studies only in the very concrete sense of individual systems, and in an abstract sense in terms of patterns to define various components and their connections to solve an overarching task. This did not, however, cover some of the challenges imminent to enterprise architecture, such as maintaining interoperability between various systems, standardization across the landscape, processes and tools to define an overarching enterprise application landscape, or the definition of the right interface types and technologies (think batch vs. realtime vs. neartime, pull vs. push, point-to-point vs. publish/subscribe, etc.). Since the enterprise architecture is at the very heart of all enterprise IT operations, I feel that this should be given a higher degree of attention also in university curricula.

2. The Legacy of Enterprise IT Landscapes

Universities very often use the newest technologies and concepts in their teaching: Especially in the area of software development, languages like Java and C# or even more modern ones like Ruby or Scala are used along with concepts such as object-oriented programming, aspect-oriented programming or modern functional programming. Legacy technologies like COBOL or mainframe computers are subject only to the obligatory history lesson in the first semester. This does not, however, reflect their enormous significance in businesses across different industries: in many large companies, mission-critical systems still use these legacy technologies, and they still need to be maintained, enhanced, and have to interact and interface with new pieces of technology. Students of IT-related disciplines should be made aware of these facts, since they pose challenges that are not covered by modern software development.

3. The Importance of Data Quality

Granted, I did learn how to properly validate input data and everything. That alone is probably one of the most important ingredients to ensuring data quality. Almost equally important, however, are the aspects of ensuring consistency across different systems and interfaces and the ever-present issue of how to keep persistent data that is stored over a longer period up to date. Related are the organizational challenges such as data ownership and processes to for change requests to data models. All of these are essential for maintaining and handling the data managed in large organizations. Even the notion how important these issues are, however, was barely ever touched upon during my studies. Since the quality of data is at the heart of all decision-making processes in companies, I think that this topic should be covered more deeply in university studies.

4. The Challenge of Defining and Aligning on the Right Requirements

This is actually one area in which I did learn something in university, thanks to the excellent Andreas Winter (the relevance of whose classes I only came to fully understand once I started working). The class, however, was optional, and given the enormous challenges that I have witnessed in this area in various companies across different industries, I feel that this topic deserves more attention. The issues that I have faced include:

• Requirements are not defined clearly and unambiguously (leading to inevitable trouble during implementation)
• Stakeholders are not properly and comprehensively identified and involved in the definition of requirements
• Different stakeholders have conflicting requirements, and there is nobody with authority and willingness to resolve these conflicts, nor do any processes for conflict-resolution exist
• There is no willingness or process to prioritize requirements, and senior management lacks the commitment to drive a (necessary) prioritization
• There is a general mistrust between business units and IT function, leading them to work against each other instead of collaborating to produce the best solution for the business

None of these issues can be solved by the IT function alone, in fact, some are more business issues with an impact on IT. However, since they are all issues that can in the end cause an IT project to fail, it is in fact IT’s responsibility to highlight the issues and propose solutions. Students should therefore be made aware of the challenges and potential ways to address them.

5.  The Embedding of IT in the enterprise and IT Strategy

As I have written before, the IT function needs to be aware of its role in the enterprise both as a service provider and an enabler of business activities, and form its own strategy in close alignment with the business strategy. Students of Computer Science and related disciplines should be made aware of these strong interdependencies between business strategy and operations and IT strategy and operations. Very often, IT people tend to have a narrow focus on their own domain (in which they are experts) and neglect the impact that their decisions can have on their environments and vice versa. IT experts make decisions that they regard as technologically superior (which they might well be), but that become obsolete in the light of changing business circumstances. Nobody in the business or the IT can predict the future, but they can at least cooperate and align to make sure they are heading in the same direction. Since this foundational interdependency is so strong and can wreak so much havoc if it is neglected, I think it should be highlighted and explained to students.

Summary

Many of the challenges I have described in this article are highly relevant and I have encountered them in companies across different industries. I thus think that students of IT-related disciplines should be made aware of the challenges and potential solutions. Of course, enterprise IT is not the only potential occupation for CS graduates: they might work on standard software, on hardware, on embedded systems, or found their own Internet start-up. Enterprise IT should therefore not be given too much weight in CS curricula. A basic introduction to the challenges specific to enterprise IT, however, should in my opinion be mandatory for every CS student.

In this article, I am going to evaluate a few add-ons for Mozilla Firefox that help maintain control over the data that is being shared, and discuss some of their pros and cons. Similar or the same add-ons might exist for Google Chrome or other browsers as well. The plugins I am going to discuss are the following:

1. Ghostery
2. BetterPrivacy
3. NoScript
4. Beef Taco
5. AdBlock Plus

1. Ghostery

Ghostery is specifically designed to identify and notify the user about hidden or unhidden elements that might be able to track you and send information to third parties. It also allows blocking these elements altogether or selectively. It is by far the most useful privacy add-on available, since it generally works non-intrusively, has a comprehensive list of sites that track users, and it blocks the tracking by removing / not loading the questionable elements in web sites in the first place. In order to constantly improve and keep up-to-date with an ever-growing number of potentially tracking web companies, it features the so-called GhostRank, which allows users to voluntarily participate in collection of data to identify previously unknown tracking code.

For any privacy-concious user, Ghostery is definitely a must-have add-on. It is available for all major desktop browsers (although Chrome support is marked as experimental as of now) as well as for iOS mobile devices.

Pros:

• Non-intrusive
• Comprehensive and thorough blocking of tracking elements
• Automatic update of tracking blacklist

Cons:

• Blacklist functionality means that new companies not yet on the list might go unnoticed

2. BetterPrivacy

BetterPrivacy has a single purpose: Keeping track of, managing and deleting so-called super-cookies. Super-cookies are cookies (little pieces of information stored by websites on the user’s computer) that are stored in other places than the usual Web browser’s cookie storage – most notably using Flash or the newly established DOM storage. Needless to say, any cookie can be used to identify the user and thus pose a potential privacy risk. This potential risk is increased by the fact that these super-cookies may currently not be removed when using browser features such as “delete private data” or “private browsing”. BetterPrivacy allows viewing these super-cookies and deleting them manually or automatically when the browser is closed.

Since the automatic deletion of super-cookies removes a potential privacy risk and does not seem to have any negative effect on major websites (the BetterPrivacy website warns that some games might be an exception), I would definitely recommend using this add-on. It does not, however, offer comprehensive privacy protection. Tracking and collection of information can still be conducted when BetterPrivacy is used in isolation, especially when the same browser is used for e.g. browsing facebook and other pages at the same time.

Pros:

• Single point of management for super-cookies
• Automatic deletion of super-cookies does not seem affect any major web sites negatively

Cons:

• Single-purpose add-on – no comprehensive privacy protection

3. NoScript

NoScript is the weapon of mass destruction among the plugins discussed here. In the recommended mode of operation, it prevents all JavaScript from being executed unless explicitly allowed for a web site. On a typical web site that includes JavaScript code for that site as well as potentially tracking JavaScript from third parties such as Google or facebook, the user can selectively set for which of the originating sites JavaScript code execution should be allowed. This means that all active tracking functionality is sustainably halted.

There are, however, significant drawbacks to this method. Much of today’s web uses JavaScript for totally legitimate purposes, and it can take quite long to allow these script sources for a fresh install of JavaScript (I have dozens of web sites that I visit frequently or less frequently, and I need to allow JavaScript for most of them, and this more often than not involves multiple clicks since they do not only use JavaScript originating from the web site itself, but also third-party JavaScript that is required for them to work properly). Also, some sites provide both tracking and non-tracking utility scripts: a notable example is google.com.  In addition, if you for the first time use a new sites, especially in order to order goods or make other financial transactions (such as for services), these transactions will often require JavaScript to be activated for a number of sites, including the web site itself, the bank involved and so on. This might require several clicks to allow scripts for each individual site, each of them requiring a reload of the current page, potentially breaking the booking process, or, even worse, causing several bookings to go off. Alternatively, the user might temporarily turn off the protection altogether (and maybe forget to turn it on later again).

These drawbacks make NoScript hard to use for the non-expert user. I would thus not recommend using NoScript unless you know what you are doing.

Pros:

• Whitelisting functionality (i.e., execute JavaScript only when explicitly allowed) protects also against new tracking elements
• Blocking of JavaScript

Cons:

• No blocking of non-active tracking functionality, such as one-pixel images etc.
• Blocking of JavaScript impedes/breaks legitimate functionality of web sites as well

4. BeefTaco

BeefTaco might be considered the light, non-invasive method of privacy protction. What it does is send opt-out requests to advertising companies in order to stop them from serving behavior-based adverts. As such, it does not in any way affect the way that websites work and are displayed, but only affects the content of the adverts. Neither, however, does it prevent in a technical way an advertising company from collecting data about you. All it does is ask the companies to refrain.

In summary, the strength of BeefTaco is that it interferes neither with the fuctionality and rendering of a site nor with the legitimate concern of web site operators to make money by showing advertisements. However, if you don’t trust the advertising companies, BeefTaco is nothing for you.

Pros:

• Does not interfere with the web sites’ content

Cons:

• No technical prevention of information collection

5. AdBlock Plus

AdBlock Plus is, as the name suggests, above all, an ad-blocking add-on. It can, however, also block tracking code that is not advertisement-related. Since its most recent version, it also has an option to allow “acceptable”, non-annoying ads, though that behavior is currently limited to a very short list of ads since they have to be manually verified.

Since AdBlock Plus is not primarily a privacy tool, but an ad-blocking tool, I would not recommend it to users that are concerned only about their privacy. Personally, I consider advertising by itself not a bad thing: Apart from its obvious marketing purpose (which is a legitimate purpose in itself), it also serves as a means for web sites to make money (which is also a legitimate purpose). Especially for smaller web sites, which often barely earn enough money to finance their own expenses, let alone contribute to covering to the owner’s cost of living, the availability is often crucial.

Pros:

• Comprehensive ad-blocking functionality
• Recent addition of allowing non-annoying ads

Cons:

• Blocks legitimate, non-privacy critical ads as well

Summary

Some privacy-related measures should be taken by any user that is concerned about their privacy. For non-expert users or those that do not want to spend too much time configuring, Ghostery is definitely the best choice. Experts might be better suited with NoScript. Those who trust the advertising companies but simply do not want behavioral advertising should stick to Beef Taco, while those that want to get rid of ads altogether should go for AdBlock Plus. The super-cookie safeguard BetterPrivacy complements any of the other four options and is worth checking out in any case.

There is, however, one significant drawback to Web-based groupware: It requires the user to have Web access in order to use the software. While offices in most parts of the world today have fast Internet connectivity, there are—even without thinking of less developed parts of the world—situations in which online connectivity is not given. A few examples follow.

Many manufacturing or service companies have sales personnel that visit customers in order to present their companies’ products. Even though their laptops might be equipped with 3G connectivity, their coverage is still not satisfactory even in developed countries, and large amounts of steel-reinforced concrete, as is used in most large buildings, might kill the signal altogether. A similar argument holds for external personnel and consultants that work at a client company’s site: very often, they have no or severely limited access over the client company’s network, and 3G connectivity might be patchy as well.

Another situation in which connectivity is non-present, but people tend to be working is all work-related travel. While getting Internet connectivity on a train might already be difficult, on most airplanes it is still downright impossible. While first airlines are introducing Internet connectivity for intercontinental flights, short-haul flights still remain an Internet-free area.

What is common to all of these situations is that people will want to use groupware: personnel at a customer site will want to access and update contact information as well as have access to their calendars to schedule new appointments, and people travelling will want to plan their days as well as read emails or write them for later sending. As a result, groupware will be useful in these situations only if it allows offline access with later synchronization of changes to a central server—just like the basic mode of operation for Outlook and Lotus Notes provides. Web-based solutions are of little help under these circumstances, since they generally do not allow offline operation.

Given that groupware is only really useful if all employees of a company can use it, in essence any company that has some employees regularly in situations like the ones described above, will want to stick to a groupware suite with the possibility of offline operation. Particularly for larger companies, that is most likely the case, since they will have multiple sites in different cities or even countries, that some staff regularly have to travel between. In turn, wide acceptance of Web-based groupware suites is not likely to happen before these “dead spots” in online connectivity will have been eradicated.

• Martin Fowler argues that around 95% of IT projects are utility projects, and only 5% are to be considered strategic
• Neal Ford states that what is strategic to the business always is tactical to IT

Both articles provide valuable insights on what to consider strategic in IT – yet in a totally different way.

Martin Fowler’s “Utility vs. Strategic Dichotomy”

The first, and more recent, article by Martin Fowler is one that IT staff, especially developers, should really have a look at, since it is spot on: Written by a person with enough techie credibility, it points out exactly how IT is supposed to work: most of the time, in most situations, IT has to just work.  This “utility” IT needs to first and foremost not get in the way of its users. This lesson is quite hard to learn for IT staff: they know that without their services, their business would essentially stop working, and still all their users want is essentially not know they are there. This seems like injustice – but only on first thought: The same holds true for other business support functions such as finance or HR, and even for really basic infrastructure such as electricity, water or logistics.

In contrast, only very few projects are actually strategic in nature, and can really make a difference in the way the business is run. A highly interesting conclusion from that separation is that the two types of projects should be run differently to account for the differences in where their opportunities and risks are.

Neal Ford’s “Tactics vs. Strategy”

Neal Ford’s article, which I found because it is linked from the previously discussed one, is also interesting – but from a totally different perspective, namely because it is a vivid example of the misunderstandings between business and IT. The article centers around the notion that what is strategic to the business, is tactical to IT, because the business can change its direction in a two hour meeting, while IT can’t adapt that fast. This statement, however,  is wrong on multiple levels, which I will discuss in the following.

1. No business can change in a two hour meeting. This is not because strategic business decisions require preparation of more than two hours (which they do, by the way), but because that change has to be implemented throughout the company, with IT being  a part of it. Let’s for example consider the strategic decision to start servicing customers in more than one country: granted, this decision might have a strong impact on the IT landscape because so far customer data was stored without a country. However, it impacts the rest of the company as well: staff in the other country needs to be hired, offices rented, managers installed etc. All of these activities together form the implementation of the strategy.

2. The IT function can (and should) have a strategy too. IT managers too can take two hour long meetings. And not only that, they (hopefully) also can decide on the long term direction of their function. They should of course link their strategy as tightly to the business strategy as possbile, but developing a vision of a future state of the IT landscape and a plan to get there is essential to prevent the IT function from acting just tactically, which will only ensure that the whole IT landscape will get ever messier.

3. Business strategy changes don’t come out of thin air, they are elaborated over a long time. The last point is the most important one, actually, since it highlights the gap between “business” and “IT”. Neal Ford writes:

No matter how much effort you put into a comprehensive, beautiful, well-designed enterprise architecture, it’ll be blown out of the water the first time the business makes a decision unlike the ones that came before.

While this is certainly true, it shows that any strategic decision, be it on the business or on the IT side, should closely involve stakeholders from the respective “other” side. This will make sure that implications of decisions are considered as early in the process as possible. Of course, the fact that the current IT architecture doesn’t fit with a proposed business change probably won’t keep the business from changing (since the world is, anyway!) – but considering potential options and their impact before taking a strategic decisions will make a difference and ensure that IT and business are equally well prepared for their strategic challenge.

• User experience perfectly adapted to the phone (e.g. touchscreen interaction)
• Direct access to device “periphery”, e.g. gyroscopic sensor
• Integration with other software, e.g. messaging, contacts
• Own, colorful app icon

Naturally, most apps do not in fact replace Web applications, they rather augment them with another means of interaction (e.g. think of all the social network apps, news and information apps, etc., that contact their respective “mother sites” using dedicated APIs). Nevertheless, the increasing proliferation of app-enabled smartphones means that apps will increasingly be considered a required means of interaction for Web applications. This will naturally have quite an impact on the mid-term development of the software and software development landscape, particularly with respect to those services that are currently being offered primarily as free (and most probably ad-financed) Web applications. In the remainder of this article, I will discuss some aspects of these changes, and highlight their positive as well as negative potential consequences.

Service monetization

First and foremost, I will discuss one of the most important and positive aspects of apps: Due to the ease of use of the respective app stores, apps have made it easy to monetize services. Most classic Web applications are offered free of charge, and monetize primarily using advertising. This, however, has many drawbacks: Users develop advertisement blindness, block advertising completely, and more often than not advertising also impedes the user experience of Web applications – be it in terms of the visual appereance, or even getting in the way of the user wanting to use the application (think layer apps, or Flash ads with sound effects).

In contrast, lots of apps are offered for a relatively little charge around 1$, which is easily payable by the user through the app store, and because all applications carry a price tag (even if it sometimes says “free”), it makes it more acceptable for the user to pay for receiving a service. Even though today there are means to charge small amounts to users also in more classic Web applications (think premium SMS messages, PayPal, etc.), it simply doesn’t feel natural to pay for something on the Web without getting physical goods in return (of course, I am exaggerating here, and there are numerous examples of virtual services and goods being sold for real money, but they mostly fall outside the basic service category I am looking at here).

Additional effort with limited differentation opportunities

Apps as one means of interaction with Internet based services are going to be increasingly considered a necessary part of the service itself. The more this is the case, the less will the existence of an app to access the service alone be a unique selling proposition (USP) for that service. Of course, an app with a well designed, intuitive interface can be a USP, but the same holds true for a well designed Web interface, so this argument is not app specific.

On the other hand, designing and developing apps to interface with an Internet based service requires additional effort, especially if the apps are to actually take into account the specialties of the device they are targeting (and a good Web developer/designer doesn’t necessarily make for a good app developer/designer). This is especially true if the competition offers their apps free of charge (as it is the case now e.g. for social networks), since then there is no way to generate additional revenue to cover the efforts involved in the app development – except ads, again.

Multitude of platforms

Another challenge that is developing is the increasing number of platforms for which an app concept exists. Apple’s iOS – powering iPhone, iPad and iPod touch – is still the most popular and relevant one, but other smartphone (OS) vendors have adopted their app platforms and stores as well: Google’s Android, Microsoft’s Windows Phone 7, RIM’s BlackBerry platform, Palm’s Web OS, Nokia’s OVI are only the most relevant, and this means a stunning number of six platforms with incompitable programming environments. Some progress has been made in this direction recently, e.g. Palm focusing on making it easy for developers to port their apps to Web OS. On the other hand, there is Apple as the most important player, whose app store terms effectively prohibit any software not originally developed in Apple’s C dialect Objective C, making it virtually impossible to easily port any app to iOS.

A way out of this dilemma would be to increase standardisation of smartphone app development platforms. There are multiple possibilities for developing that kind of platform: One would be Java, which has a track record in both platform interoperability and mobile devices, or web technologies such as XML, HTML, and JavaScript, which are quite well known to a lot of developers and can already be used for app development on a number of platforms. Naturally, a standard smartphone app development platform would still have to be able to adapt to specialties of the device, but abstraction layers to accomplish this could probably be conceived relatively easily.

Author : ctgPi (IP: 79.125.XXX.XXX , ec2-79-125-XXX-XXX.eu-west-1.compute.amazonaws.com)

The IP address belongs to Amazon’s EC2 (elastic compute cloud) service – the textbook example of a cloud service (more specifically, a PaaS or Platform as a Service) — so it seems that the spammer uses Amazon’s cloud to send out spam comments to blogs.

There are “positive” and “negative” sides to this (from the perspective of a spam target, not from the spammer’s perspective):

Positive:

• The spammer is probably identifiable since he/she needs to have an Amazon account and a credit card registered with that account for payment.
• “No computers were harmed in the making of this spam comment” — the spammer is not using a botnet of hacked machines

Negative:

• The advantages of the cloud that apply to anyone using cloud services also apply to the spammer — most notably the ability to scale up and down quickly. In essence this means that a spammer can in a matter of seconds enlarge the fleet of computers (all with different IPs) he/she controls to send out a whole bunch of spam mails/comments/whatever at once.

Those that will probably suffer most from this trend are legitimate users of cloud services such as Amazon’s EC2: They risk getting banned by server operators since the IP space provided by the service also hosts severe spammers. In the long run, this is probably a problem that cloud providers such as Amazon have to tackle in general — which is going to be a challenge, especially doing so without negatively affecting legitimate users.

The new release is available in source or binary form from the Flourish Player project web site or directly from SourceForge.

The Fraunhofer SIT MediaSearch Framework is a loosely coupled, event based software system that searches internet platforms such as BitTorrent, Rapidshare or YouTube for media that match specified search criteria, downloads them and examines them for the presence of digital watermarks. Since the amount of media available on the internet is huge, the system is required to be scalable so that large amounts of data can be processed simultaneously.

The scalability of the MediaSearch Framework faces several possible impediments that we will examine in this thesis. Especially noteworthy are the requirements of high network bandwidth for downloads and large computing resources for the retrieval of watermarks. The required scalability might be achieved by distributing the execution of the system to multiple machines to utilize their aggregate bandwidth and computing power.

In this thesis, we examine possible distributed architectures and their implications on the Framework and its scalability. We also discuss impacts on the reliability of the system as a whole and countermeasures against failures of parts of the system. Finally, we propose an implementation of a distributed architecture for the MediaSearch Framework, evaluate its benefits and shortcomings, and show that it is a feasible operation platform for complementing passive copyright protection using digital watermarks with an active search component.

If you wish to receive a full electronic copy of my master’s thesis, please feel free to contact me via e-mail.

First and foremost: What I tried first was using the @PostConstruct annotation on a method that should be called after deployment – but that doesn’t work, because the EJB is not guaranteed to be instantiated directly after deployment. As a matter of fact, at least the JBoss I was using lazily instantiates the EJB the moment it is first invoked.

After a while, I came across this thread in Sun’s forum, in which a Sun developer states that better support for this use case is planned for a future EJB version, and currently the only way to achieve the desired effect is to rely on a ServletContextListener, which provides a contextInitialized() method that is called as soon as a servlet context is initialized. However, like the “servlet” implies, there needs to be a web application to use this listener – so I ended up adding a web application to my enterprise application with no content besides that context listener that would poke the EJB in order to get started. Now although this method is far from elegant, at least it works reliably and most possibly independent of the container used; at least I can verify its functionality on the JBoss 5 used in my test system.