Saturday, December 23, 2006

personal John Pierce Askegren


Sad news:

Published obituary:


Thursday, December 21, 2006; B06

John Pierce Askegren, Novelist, Technical Writer

John Pierce Askegren, 51, a freelance writer who authored science-fiction novels and short stories featuring Marvel Comics characters and also worked as a technical writer for government contractors, was found dead Nov. 29 at his home in Annandale. The cause of death was atherosclerotic cardiovascular disease.

Since 1995, Mr. Askegren wrote or co-wrote more than 10 novels and a half-dozen short stories, mostly under the pen name Pierce Askegren.

His early credits included original short story contributions to anthologies featuring the Silver Surfer, Spider-Man and the Hulk.

"He was a huge fan of Marvel Comics and had a really spectacular sense of the history of the characters," said his former editor Keith R.A. DeCandido. "He did a wonderful job of bringing back obscure characters and giving them a twist."

Mr. Askegren was a co-author of the novels "Spider-Man & The Incredible Hulk: Doom's Day Book One: Rampage" (1996), "Spider-Man & Iron Man: Doom's Day Book Two: Sabotage" (1997) and "Spider-Man & Fantastic Four: Doom's Day Book Three: Wreckage" (1997).

In more recent years, he published a trilogy of science-fiction work: "Human Resource," "Fall Girl" and "Exit Strategy." This year, he wrote "After Image," part of the Buffy the Vampire Slayer paperback series.

For most of his career, he worked on his fictional stories in the evenings and on weekends, and by day he wrote educational handbooks and training manuals for government contractors.

He managed Crown Book stores before working for ACS Corp. from 1995 to 1999 and C2 Technologies from 1999 until 2003, when he left to concentrate on his freelance writing.

Mr. Askegren was born in Pittsburgh and grew up in a number of places before his family settled in Sterling in 1970. He graduated from Broad Run High School and James Madison University.

He became hooked on comic books as a youngster recovering from a broken hip.

"It started with two comic books my dad bought him when he had a metal pin in his leg. From that point on, he always had an affinity for it," said his brother James William Askegren of Sterling.

In addition to his brother, survivors include another brother, Robert Steven Askegren of Manassas.


A few additional words of eulogy:

Pierce Askegren was one of the coolest guys I ever met who didn’t realize how cool he was.

I hadn’t seen Pierce since 1998, though we exchanged a few e-mails in 1999. I only knew Pierce for a short time. We were work acquaintances, nothing more. I was a product manager at a wireless test and measurement equipment vendor in Tysons Corner, Virginia. Pierce was a technical-writer contractor that we brought in to do our manuals.

The first thing I noticed about Pierce was the quality of his technical writing. He took complex, boring technical goo and quickly boiled it down to a crystalline substrate of absolute clarity. Straightforward, unambiguous, readable, practical prose. Modest, not showy. Just like the man.

I also noticed that Pierce was an easy, pleasant person to engage in conversation. I’ve never been in the habit of lingering in colleagues’ offices longer than I need to, preferring to respect their work-hour space/time just as I hope they’ll do for me. But I found myself periodically traipsing down the hall to the tucked-away end-office where Pierce was set up. Among other things, he had a nifty little collection, arrayed on his bookcase, of comic-book action figurines.

Yes, this 40-ish man (only 3 years older than me) was a nerd, but not an obsessive fetishist hanger-on type of nerd. Through our conversations I began to determine that not only did he have an encyclopedic grasp of every comic book publisher, publication, issue, character, story arc, and detail going back—it seemed—to the Yellow Kid—but that he himself wrote paperback novels that carried forward the development of some of the most popular comic-book characters: especially, Marvel Comics’ Spider-Man.

Yeah, lotsa fanatics write unpublished/unpublishable novels, short stories, etc all around their venerated comic-book heroes, but Pierce was someone entirely different: a professional published freelance comic-book novelist. He mentioned that he had already authored a few such novels through some big-time publishing house. Though I had long since given up the comic-book habit (a staple my own childhood), and wasn’t much of a reader of any sort of fiction (nerd that I am, I’m much more likely to have a history or other non-fiction work in my hands), I had to see these. So I asked, and he gladly lent me two of his most recent books: one a Spider-Man title, the other (I believe) Fantastic Four.

I read them both quickly and with absolute delight. The man was a terrific novelist, and he clearly applied the same economy of technique to his fiction as to his tech writing. In addition, within the constraints of the comic-book novel, he was quite adept at developing characters, plots, and themes. He also had a real gift at drawing verbal pictures of dynamic action sequences, such as Spider-Man zipping his webline from his wrists, grabbing it and swinging back and forth between tall buildings as he rapidly homed on the baddies, while occasionally freefalling and trying to avoid annihilation. I can still feel and see the dynamic images that Pierce sketched out so brilliantly.

He also had great taste in music, especially classic R&B, soul, and pre-Beatles rock and roll. He lent me a lot of his CDs, and an excellent collection it was. So it was with special sadness that I encountered Pierce’s obituary in the paper version of Washington Post a couple of nights ago. Interestingly (and counter to what the Post normally does in its standard obituary pages), they published a small headshot of the man. This is the only occasion where I’ve clipped an obit and taped it to the wall of my home office.

Loved ya, Pierce.


Thursday, November 16, 2006

poem Once


Old stones settle and
once wars are themselves
laid in place never
to reconnect the
same names in battle.

(inspired yesterday by some mysterious ancient war memorial at the base of Pennsylvania Avenue, catercorner to the Willard, on the Ellipse side of the Treasury Department HQ, and at one end of the ghastly barricaded zone that used to be the pedestrian friendly heart of our nation's government)

Friday, October 06, 2006

fyi Moore's Law is the enemy of privacy and Google launches search engine for finding source code


Found content:,39020375,39283741,00.htm

My take:

In my semi-random morning meanderings through the previous evening’s e-mail, I sometimes stumble into fruitful juxta. Utopias and dystopias ride the same techno-waves. Here are a couple of articles that connected for me.

Esteemed security guru Bruce Schneier warns us of the panopticon, the omnisurveillance environment we’re building on the Internet, the result of ever more muscular CPUs searching through ever juicier piles of data worldwide. "To look at it, Moore's law is actually a friend of intrusive tools," Schneier argued. "As the cost of data storage gets cheaper, as the cost of data collection gets cheaper, more intrusion, more surveillance is possible," he said.

Then Google, the biggest baddest search muscle of the Internet age, announces a specialized search engine designed to find software source code that is publicly available on the Web. “Currently, the general Web search engine can find links to files with source code, but it doesn't index the lines of code in those files, said Tom Stocky, a Google product manager. In those cases, developers need to download the files to their computers and inspect the code. However, the new search engine has been designed to crawl more deeply and return results containing actual snippets of code, which should make the finding process simpler, Stocky said. ‘We find the lines that match your query,’ he said. The search results link to the full file containing the highlighted code, as well as to the software license governing the use of the code, which in most cases will be open-source, he said. Developers can enter keywords or fuller patterns in the search box.”

Of course, you can quickly convert Google’s happy value-prop into its own dystopia: massive software piracy that comes from finding exposed but non-open-source code everywhere on Earth. Or back to utopia: finding all the nasty zombies, rogue scripts, and other malware that has infected systems everywhere, and zapping it before it can do further harm. Or back to dystopia: finding every deployed instance of your competitor’s server software and disabling or crippling it with some new hack attack. And back and forth and back and forth.

The only point I’m trying to make here is that the ebb and flow of the media’s Pollyanna/Cassandra cycle can be injurious to your mental health. And when the media attempts to cover both sides of the equation with equal aplomb, the very velocity of these rebalancings can induce nausea and disorientation. It can simulate bipolar disorder in normally level-headed citizens.

Find your own personal balance. But don’t stop paying attention to the alternating currents of this crazy world. Tricky, I know. I’m still working on my own rhythm for taking these things in stride.

For one thing, I start the day with a good double dose of hot green tea.


Thursday, October 05, 2006

fyi For Cell Phone Etiquette, West is Best; New Survey From Samsung Explores Attitudes of U.S. Cell Phone Users


Found content:
"For Cell Phone Etiquette, West is Best; New Survey From Samsung Explores Attitudes of U.S. Cell Phone Users"

My take:

Much of cellphone etiquette is in the ringer volume/mode. Since we got cellphones, I've been careful to put my phone in "vibrate" mode in most quiet indoor public environments. Then, when it vibrates with an incoming call, quickly glancing at the identity of the caller and making a snap decision to walk outside to take the call immediately (or not).

If I happen to be speaking with someone in person when a call comes in, once again, I quickly excuse myself to glance at the name/number of the incomer. If it's important enough, I excuse myself again and take it. If it's not, I put it back in my pocket and attempt to reconnect with the face-to-face, apologizing for the momentary distraction.

Generally, while taking a call in a public place, I try to turn my back from others and keep my voice reasonably low (I've got a loud voice naturally, so that's not always something I do consistently) to not make it appear like I'm "cellphoning in their faces."

I hate those invisible cellphones that consist of an ear/mouthpiece that allows someone to auto-accept an incoming call just by starting to speak. Those are unnerving if you're someone else trying to carry on a conversation with a person, or simply in the presence of a person, who's using those devices. One minute, they're seemingly talking to you or just remaining quiet. The next second, inexplicably, they start talking to themselves--no physical cellphone in their hand tips you off to the fact that they're on a call. Those devices skirt the boundaries of rudeness, just by their very design.

Cellphones should be semi-conspicuous to others.


imho Fact


Just a quick set of thoughts.

We're surrounded by data all day.

Much of it gets presented as fact, when it's just assertion.

Fact is assertion cleansed of falsity, according to generally accepted cleansing practices.

Science is the process of cleansing from our understandings the muck of hearsay, superstition, and wishful thinking.

Scientific inquiry is good mental housekeeping.


Saturday, August 26, 2006

imho Structure of the Solar System 2


I wrote my previous blogpost before I read that day's paper, in which the astronomers' decision/criteria for demoting Pluto was reported. I think they screwed it all up by positing an idiotic distinction between "planets" and "dwarf planets." What's the point? That's like calling uranium atom a full atom because it has scores of protons, neutrons, and electrons, and a hydrogen atom a "dwarf atom" because it only has a single proton and a single electron. They both embody the core structure of the same class of objects, but differ primarily according to scale (one's much larger than the other, and has the structural differences associated with that larger scale, but they're brethren in the periodic table). Absurd.

The core distinction that the astronomers should have keyed on was the scale of orbs, and the structural properties that come with increasing scale. I touched on that in my blogpost, but I thought of a few additional structural properties of larger orbs. Here they all are:
  • Appear: larger orbs tend to be more visible to our eyes and/or telescopes
  • Clear: larger orbs tend to clear out their orbital paths through centripetal gravitation and collisional deflection
  • Commandeer: larger orbs tend to capture other orbs and lock them as satellite into perpetual slave orbits
  • Sphere: larger orbs tend to take on spherical shape from force of own gravity
  • Atmosphere: larger orbs tend have the gravity necessary to hold any gaseous emissions as perpetual atmospheres
  • Magnetosphere: larger orbs tend to have hotter, more liquid interiors that generate the ongoing magnetic fields that cause such phenomena as atmospheric auroras
I rather like the "phase-change" ring structure I proposed for the solar system as a whole, because it essentially defines "strata" into which orbs have settled due to the dynamics of the whole system's evolution. It occurred to me that there's one critical ring that I left out from my blogpost (apologies to the late Johnny Cash and June Carter Cash on the following):
  • Ring of Fire: one or more fiery orbs (i.e., suns) at the heart of the system; a single fiery orb is essentially a rotating ring around the center of gravity of the system as a whole; this ring structure is more apparent in a binary-star or multi-star system, in which all those orbs orbit around the common center of gravity; it's even more apparent when we look at the billions of fiery orbs that revolve around the center of gravity (i.e., black hole) at the heart of the galaxy
  • Ring of Rock: one or more rocky orbs (with/without their own ice, liquid/ocean and gas/atmosphere overlays and satellites)
  • Ring of Gas: one or more gaseous orbs (with/without their own rock, gas, and/or ice satellites)
  • Ring of Ice: one or more icy orbs (with/without their own rock and/or gas constituents and/or satellites)
There. I'm glad I was able to write that all down in one coherent place. I don't care what these orbs get named, or whether they are ever named. Have we named all the stars in the universe? Why should we? Isn't it better to simply open our minds to understanding them on their own terms?


Friday, August 25, 2006

imho Structure of the Solar System 1


Does anybody else feel that this current controversy over the status of Pluto is a bit silly? Official planets? Give me a break. That's not science.

This is a perfect time for us all to revisit the structure of solar systems. There are of course many types of objects that orbit stars. What we have traditionally called "planets" are just one type.

On the flight home yesterday from a conference, I quickly sketched out my ideas for rethinking the structure of this and other solar systems. We'll get to the status of Pluto in just a bit.

A solar system is simply a collection of objects that orbit one or more stars (yes, there are binary star systems, and I'm holding open the possibility of triple-star quadruple-star, and even more star-packed systems). That being said, the basic entities and relationships in solar systems are as follows:

  • Star(s): the orbital hub(s) of all objects in the system; example, our sun
  • Orb(s): the objects that orbit the star(s) of the system; may be massive or minute; examples, our "planets," comets, asteroids, microscopic particles floating in the void between other orbs
  • Ring(s): the discrete paths of grouped, like orbs in the system; examples, the inner "ring of rock" around our sun (primarily including Mercury, Venus, Earth, Mars, and the asteroids); the "ring of gas" (including Jupiter, Saturn, Uranus, and Neptune); the "ring of ice" (including Pluto, Charon, Xena, the Kuiper Belt, and whatever else lies out beyond)
  • Satellite(s): orbs that orbit other orbs in the system; examples, the moons the various planets; the rocks, dust, and other objects in the rings of various planets

Notice that I've defined "orbs" to include all objects, from microscopic to Jupiter, that directly orbit the sun, or that orbit other orbs. The crux of the debate over Pluto is whether it's too small to qualify as a "planet" in the traditional sense of that word. Well, maybe we shouldn't using that word any more--it's become an arbitrary, non-scientific term that obscures and distorts the actual structure of the solar system.

But before we do that, let's ask why we have historically latched onto this term. What exactly is a planet, in the traditional sense of the word? My sense is that it's an orb that is massive enough to a) appear in telescopes, b) has great enough gravitation to pull its shape into a sphere, and c) has essentially cleared out its own orbital path, through centripetal attraction and collisional deflection, of all other nearby orbs.

"Appearing," "sphering" and "clearing" are the three core criteria for "planets," in the traditional sense of the word. Orbs smaller than a given threshold don't appear, sphere, and clear; rather, they simply jostle with other dark, irregular orbs into their aggregated rings; those aggregated rings and some of their constituent objects (e.g., asteroid belt) may occasionally appear, but they may occasionally clear out their own tiny neighborhoods (after all, these are huge empty neighborhoods, for the most part), but they don't sphere.

So never fear. To sum up: Pluto is the first-discovered orb in the ring of ice that satisfies all three planetary conditions: appear, sphere, and clear. Comets appear and clear, but aren't massive enough to sphere on their own (yes, they occasionally get whittled through solar wind into roughly spherical shapes, but that's a transient condition of the ever-changing ever-changing shape of an ever-diminishing object).

Matter settled.


Friday, August 18, 2006

poem University


Pray for the school year
and the grind may it ground us
in unearthly smarts.

Tuesday, August 01, 2006

self Dec 2005 BCR article on Content-Aware Network Appliances


Created content found on publisher's site for free:

Good piece. Glad I did it.


Monday, July 31, 2006

imho 4GW Fourth Generation Warfare


Found content:">

My take:

I've been mulling the Middle East these days just like everybody else. I don't want to believe that it's an insoluble blood feud, but that's how it definitely appears. Don't you want to believe that there's a peaceful happy solution for every nasty nexus of human conflict?

I meandered to this "4GW" topic after seieng this mysterious new phrase in a Phil Windley post quotin somebody named Tom Barnett. So I Googled it and found a two-year-old definition by a certain John Robb. Now I'm bloggin my impromptu thoughts on it. Just because. Trying to distract my mind from a tech article that I'm committed to write but am just not ready yet to start composing.

First off, I don't buy Robb/Windley/Barnett's notion that so-caled 4GW (fourth-generation warfare) is anything new. Let's go straight to Robb's definition: "Fourth generation--ad hoc warriors and moral conflict." That, of course, defines guerrilla warfare and the associated ideological assault on established power. And those dual techniques have been used for a long time in many conflicts, such as our own American Revolutionary War (ad-hoc warriors: the scraggly amateur-citizen-army-militias that Gen. Washington tried to assemble into a semblance of a professional fighting force; moral conflict: the Declaration of Independence that Mr. Jefferson et al. proclaimed at the same time to justify their right to take up arms to sunder the bond from Great Britain). And plenty of communist revolutoins of the 20th century were assembled from ad-hoc fighters who were schooled to proselytize the moral/ideological cause known as Marxism.

Second, I found the following statement from Barnett (quoted approvingly by Windley) to be chauvinistic and naive: "There is a profound reason why we're rich and powerful and connected and the enemy is none of those things. Terrorism is a strategy of the weak, and it earns them only what the powerful decide they no longer want...[T]here are no lasting 4GW victories. Yes, sometimes conflicts are won, but what is really achieved? Look at Cuba or Nicaragua or Palestine--or best yet--Vietnam or China? All these 4GW 'victors' got was amazing bloody disconnectedness, and--when they got smart--then they came back crawling to the system, the nets, the rules, the 'decadence.'"

All of this is just a rehash of the time-honored nonsense that our enemies are "bums," "losers," and "cowards" if they don't use whatever fighting tactics we would prefer they use (so that we can easily defend against them). so, if I understand correctly, Barnett et al. are arguing that terrorists (i.e., guerrilla warriors) are losers, that they're now and forever disconnected from each other, and that further acts of terrorism simply contribute to their ongoing estrangement and eventual doom.

Oddly, as examples of disconnected losers, they cite Cuba, Vietnam, and China (the current governments of which took power in part through the effectiveness of their guerrilla tactics). It's bizarre to single out those particular countries, considering the strength and stability of each of their governments (whether or not you agree with their forms of government, you have to admit that they are holding power and connecting internally quite effectively).

If terrorism is a strategy of the weak, and, for example, you classify the 1968 Tet Offensive as terrorism, and you note the historical truth that the Tet Offensive broke the American public's will to continue backing the South Vietnamese against the stronger-willed northerners, then doesn't that undermine your argument against the ultimate effectiveness of terrorism? When exactly did we the "powerful" (USA and South Vietnam) decide that "weak" North Vietnam's terrorism had "earn[ed] them only what [we had] decide[d] [we] no longer want[ed]: i.e., unchallenged dominion over the entire northern and southern regions of Vietnam?

Terrorism, clearly, is not necessarily just a strategy of the ineffectual, forever-disconnected weakling. It has often been a recruiting and morale-building (hence, connection-building) strategy under which weaklings demonstrate their boldness, resourcefulness, and determination to their kindred and to their enemies. The terrorists have their networks, and we, their targets, have ours. They'll keep on attacking our nets both to weaken them and to recruit/build/strengthen their own. We, the established powers, have more transparently public networks, so we make easier targets than the terrorists and their invisible nets.

We're talking death and destruction here, let's not kid ourselves. So I'm profoundly uncomfortable with the bloodlust implicit in the following statement of Barnett's, which Windley once again quotes approvingly: "Our nets are our strengths. They will attack and we will grow more resilient. Bush was right: Bring it on. Speed the killing. Flush the losers. Extend the nets. Be resilient."

At worst, that's outright insanity--a prescription for Armageddon and mutually assured destruction. At best, it's chest-beating naive hyper-optimism of the whack-a-mole variety. What do you do if the "losers" are everywhere, attacking a civilian society in which they're intimately embedded? You don't quell an insurgency by daring the insurgents to rip apart the everyday fabric of people's normal lives. That produces pure mortal terror of the most destructive variety, of the sort that the Israelis and Iraqis are facing every day now. A hellish existence where every car or truck that passes on the street might be carrying the bomb that ends it all.

Robb has an interesting comment about how a "4GW" conflict can be "won": "Victory in 4GW warfar is won in the moral sphere. The aim of 4GW is to destroy the moral bonds that allow the organic whole to exist--cohesion."

Cohesion. Cohesive bonds. Cohesive bonds in the organic moral sphere. Excuse e for getting all mushy on you, but that sounds like religion, or, if that's too sensitive a word (given that much of the Middle East nastiness is motivated by dueling notions of whose take on religion is superior), let's just say "spirituality" in general or, getting super-wimpy, ""compassion" and "tolerance." In the immortal words of Nick Lowe, "what's so funny about peace, love, and understanding?"

But that's still religion, when you come right down to it. Unfortunately, in the broader scheme of human relations, religion hasn't always been the cohesive force its promoters want you to believe. It's often an abrasive, sometimes a corrosive, occasionally a toxic, inflammatory, and explosive reagent in a chronically charged environment.

Yeah, I go to church and put money in the collection basket, but I'm not expecting any real return on my investment. I pray too, but I'm not expecting the almighty to hit the "reply" button.

There must be another type of soul force we haven't tried yet.


Saturday, July 29, 2006

note Gomorrah

Every last little
human difference will
be prosecuted
without end. Amen.

note Parade Magazine

this or that born-elsewhere
enjoyed great early success and
once seemingly had

and/or the pop music
by the tail
until the bloom
fell from the rose
they fell from favor and/or
something self-inflicted laid them low
and put them on the brink of
something spiritual
helped them find themselves
inner peace
whatever it was
redeemed them
delivering some recent
unexpected hit
of commercial resurrection
which brought them back into our
collective affections
and captured our interest
in some small way
so that we can now
confidently publish their declaration
of life
in fresh perspective
on the mend
and chastened by adversity
rededicated to some new modicum of
let us here now present
their inspiring story
as told
in their very own words
to our top interviewer
dotson rader
who met them in a restaurant
in lower manhattan and
carefully edited a
long tape-recorded lunch
into an
easy reading
thousand words
fit for calm
perusal over
juice and cheerios

Monday, July 24, 2006

fyi Do politics and identity management mix?


Found content:

My take:

Dave Kearns writes a great column. This one had all the promise of an even greater column than usual, based on that enticing headline. The intersection between IdM and partisan politics? George W. Bush’s position on SAML? Does Bush or anybody else in Washington politics have even the dimmest awareness or concern for such techno-plumbing?

Nope. Just a discussion of the organizational politics that accompanies a federated IdM, in terms of who controls which authoritative repositories of information under which circumstances. Turf wars. Politics in the usual coalition trench warfare of business life.

Nevertheless. This particular column has a critical IdM insight which, though not mind-blowingly original, put me in mind of something else. Says Kearns: “Turf wars are especially abundant when dealing with identity issues. After all, most identity information is simply data. Although it's organized around particular identifiers it's still simply data. The problem is we're trying to present a unified view of that data that crosses departmental, organizational and jurisdictional lines.”

Of course. IdM is a subdiscipline of master data management (MDM). Sez me, per my recent Current Analysis advisory report on SOA and MDM: “Lacking ubiquitous SOA-based MDM, enterprises cannot achieve the vision of a ‘single version of the truth’ that permeates all business transactions. In a well-architected SOA-based MDM environment, users know they can rely on information that is maintained in their company’s reference data stores—no matter how many repositories there are or where they reside. This is because all that precious content has been transported, consolidated, cleansed, and secured in keeping with official corporate policies, and by a common set of official corporate DM services. As long as the MDM infrastructure (and the broader SOA) enforces a common set of policies across the data-governance life cycle, master data can be reused over and over with high assurance that it is current and accurate.”

IdM is MDM in the governance of identity data (and, usually, employee data, to enable authentication, authorization, etc.). MDM comes in many varieties, based on the sorts of master reference data that’s being controlled. Customer data integration (CDI) is one type of MDM. Product information management (PIM) is another. Supplier information management is yet another.

In the world of MDM, there’s the distinction between “physical MDM” (i.e., a “data warehouse” (DW) a single master governance repository of some data set) vs. “virtual MDM” (i.e., enterprise information integration (EII) based on distributed repositories of master reference data and the need for federated governance/query/update across them).

That’s exactly equivalent to the IdM distinction between master directories (i.e., identity warehouses) and multimaster directories (i.e., identity federations).

To sum up: Identity isn’t just data. It’s master reference data. Control over that data, in an identity MDM environment, is inevitably political. In federated MDM, all the ownership turf wars apply full force.

Just wanted to point that out.


Sunday, July 16, 2006

imho The Long Tail


Found content:

My take:

Visually, the “long tail” graph resembles a fading signal, asymptotically tapering into nothingness, but still faintly perceptible against the background din of the cosmos.

Essentially, these articles state that the long tail of niche market segments--aggregated through Amazon, eBay, iTunes, etc.--is wagging the big dog of Internet commerce. Per Wikipedia:

  • The long tail is the colloquial name for a long-known feature of statistical distributions (Zipf, Power laws, Pareto distributions and/or general Lévy distributions ). The feature is also known as ‘heavy tails’, ‘power-law tails’ or ‘Pareto tails’….In these distributions a high-frequency or high-amplitude population is followed by a low-frequency or low-amplitude population which gradually ‘tails off’. In many cases the infrequent or low-amplitude events—the long tail, represented here by the yellow portion of the graph—can cumulatively outnumber or outweigh the initial portion of the graph, such that in aggregate they comprise the majority.”

In economic terms, e-commerce vendors can profit from serving all niche markets if:

  • the aggregate demand for all niche-appeal items is persistent, ubiquitous, and substantial
  • the marginal cost of producing, marketing, stocking, selling, and distributing niche-appeal items is near zero
  • the availability of niche-appeal items is at a par with mass-appeal items, through consolidation into master catalogs, search engines, and so forth

All of which has come to pass through the Web.

From the niche-dwelling consumer’s point of view, it’s all about vendors providing an effectively infinite catalog that ranges across all niches and back to the beginnings of recorded time (or 1995, whichever came first).

From the niche-dwelling producer’s point of view, it’s all about connecting with a market, even if it means doing onesie-twosie, break-even transactions on long-discontinued merchandise. Just to connect. And move product. And persist in somebody’s collection somewhere for some reason. Even if it means that, by settling into the “long tail,” our work shall ever more be tagged as “unpopular” or “not for everybody.”

Though, as the “long tail” illustrates, the “popular” is “not for everybody” either. Most of the popular stuff will eventually slide down the tail toward niche status, sometimes over the course of a generation. Or seemingly overnight (as when an obscenely and expensively promoted bow-wow of a Hollywood sequel blockbuster plunges in the box office in its second and third weeks of exposure).

Slipping ever further toward the indistinguishable media soup of yesterday's product, the heat death of surfeit-swamped oblivion that awaits even the biggest productions.


Wednesday, July 05, 2006

fyi Bill Gates embraces open source process


Found content:

My take:

Huh? “Gates and his wife Melinda talked about bringing scientists together around a table and generating ideas about solving problems, without worries about money or who owns the ideas…Concentrate on the problem, on the solution. Network freely.” And Gates equates that—some vague definition of scientist-driven collaboration—with open source software?

First off, this is a very naïve of concept of the scientific process. Scientists are as competitive as any business people. In fact, sometimes it seems that the only things scientists worry about are “money” (getting grant dollar to underwrite their research) and “who owns the ideas” (getting due credit for being the first to discover and publish some important new finding). Scientists are not egoless altruists.

Second, this is a very biased view of the business process, a process that is usually driven by the need to solve problems and in which people network as freely as the situation demands. The business world is as solution-driven as the academic world—perhaps more so—given the fact that business people can be sacked for failure to produce, whereas many researchers are tenured faculty who can piddle around for years on minutiae without having to produce much in the way of concrete accomplishments.

Third, this is a wonk-driven vision of economic development, as if pure brainpower pooled around virtual and physical conference tables will solve the world’s problems. Lots of smart people everywhere have been worrying and working on these problems for so long. Scientists aren’t necessarily any smarter in matters of economic development, program management, and cross-cultural outreach than anybody else. Same goes for IT folks. These are what will make all the differences in producing actual results that improve people’s lives.

Everybody’s getting so enamored of Bill and Warren’s big beneficent bankroll, as if pure money has some sort of messianic power. It’s one thing to subsidize projects that promise to improve health and education around the planet. It’s quite another to follow through with delivery, implementation, and results. Let’s not think that we can simply parachute in with nifty new thirdworld-targeted technologies and magically improve lives. Will the Gates Foundation maintain a permanent staff of overseers in every nation on earth to make sure that its money is not sunk into wasteful NGOs, siphoned off by corrupt governments, and squandered in ill-conceived projects? How many of Gates’ own projects within Microsoft have failed, or underwhelmed, even when he was closely supervising them?

Precisely how will the Gates Foundation succeed where the IMF, World Bank, UNESCO, Peace Corps, etc have failed to make much of dent in world poverty?

It’s good that deserving health and education projects now have another well-heeled funding source. It’s also good that Bill Gates is devoting his life to managing that source. But he’ll quickly realize he’s dispensing a very limited supply of salve in a world teeming with open sores.


Tuesday, July 04, 2006

Poem Vacation


Try a violent green,
an overgrown isle
in the stream of sand
I’ll dream isn’t there.

Friday, June 30, 2006

fyi Would the bird flu kill the Internet, too?


Found content:

My take:

One of the things I love about a free press is how creative it is in exploring every last sensationalistic ramification of every fearmongering topic.

This headline put me in mind of the immediate weeks after 9/11. Back when the nation’s commercial air system was shut down temporarily, and many of us had little choice but to cancel travel, jump on the trusty Internet, and sit home coddling new visions of postmodern Armageddon. It was then that I realized the Internet is a great societal shock absorber, allowing us to carry on reasonably well in business, entertainment, and life when the analog world goes temporarily loco.

Considering that a pandemic would drive people into their caves indefinitely, the Internet would be their periscope for safely monitoring the emergency and coordinating life in the shadow of universal death. In the found content, one of the core theses is “The idea of everyone working from home appears untenable.” Which is certainly true, unless people redefine “home” to refer to any place that offers food/shelter and currently lacks the physical presence of other human germ-carriers. To the extent that ISP and other data centers everywhere are evacuated of all but the most essential staff, and those people are incentivized to camp out in those locations 24x7 until the pandemic subsides, then the Internet might be kept up and running to a degree.

Another core thesis is: “You can see the Internet as a self-regulating supply-and-demand mechanism….The more people use it, the slower it gets, so the less people use it.” Which is also true. The Internet is a rationing mechanism, like any market. To the extent that, in a pandemic, the Internet is evacuated of all but the most essential traffic (through QoS-driven user self-interested patience, forebearance, and abandonment of the ‘Net), then the Internet will keep running 24x7 to an acceptable degree, from the point of view of the world community as a whole.

The Internet wouldn’t “shut down” entirely, but it would certainly be hammered by universal hysteria. Society wouldn’t collapse, nor would infrastructure, but it would certainly be a nasty spell for all of us trying to hold body and soul together.

I’m fatalistic about all this. Anybody who lost their parents young would understand where I’m coming from.


Thursday, June 29, 2006

fyi Wiki Revolution a New Curve on Information Highway


Found content:

My take:
I recently used Wikipedia for the first time. I mean actually “used” Wikipedia for some substantive research project—not simply browse to and from it briefly. And it was useful, in much the same way as any other encyclopedia—as a reference book of final resort, after I’d extracted everything I need from primary research materials, and when I simply wanted one more relatively high-level take on my topics, so as to close off the research and get down to my own writing. Of an article to appear in August in Business Communications Review on new federation frontiers in IP Multimedia Subsystem (IMS)—I looked up canonical definition/overviews of IMS, SIP, ENUM, and other related topics.

Wikipedia was useful, but not in any qualitatively different sense from any other resource on the Internet. Nothing wrong with wikis, but this “Web 2.0” notion that they—and their prime exponent, Wikipedia--are ushering in some “communal era” on the Internet is balderdash. That era’s been here since the dawn of the Web in the early 90s, and wikis are just another chapter. The Web was the true innovation—more specifically, the URL, HTTP, and HTML standards on which the Web was built. The Web made the world an open book to be populated and refreshed continuously from the edges, centers, wherever. As the found article notes, group authoring/editing sites have been around for quite some time on the Web before the name “wiki” started being applied to them.

This propaganda that “Wikipedia comes close to Britannica in terms of the accuracy of its science entries” is beside the point. What diligent researcher relies on any one reference work, and doesn’t cross-check each work against as many others as can be found? Are the editorial staffs/processes of any one reference work (including Wikipedia) infallible? How can anybody who has ever worked in a fast-moving editorial operation have any confidence in their ability to contribute day in and day out to production of a “single source of truth”? It all gets slapped together in haste by limited, benighted mortals. It’s all a sausage factory (in the words of the article: “an assembly line for knowledge”), and it’s usually no more “communal” or “social” than any other operation whipcracked under editorial overlords (who may be your bosses, in the Brittanica model, or who may, in the Wikipedia, simply be unseen cyber-colleagues with power to efface, erase, and overwrite anything you might post).

The old story from Detroit is that you don’t want to buy a car that was assembled on Monday morning (workers straggling back from the weekend) or Friday afternoon (workers with their minds on their six-packs, barcaloungers, and backyard barbecues). Likewise, you don’t necessary want to “buy”—without extensive cross-checking against other sources—any knowledge that gets assembled in Wikipedia. Especially when the entries there are unsigned by their authors, and there’s no indication of what changes were made by who and when. Research geek that I am, it’s important to me to see who authored a piece and what their qualifications/biases might be, so that I can determine the degree of confidence to place in some post. I’ve been in the IT industry as an analyst/pundit far too long to take anybody else’s “expertise” for granted: everybody’s selling something: everybody’s dissing something/somebody else: everybody imagines that they’re the victor who’s destined to write the official history of whatever.

At least with blogs (and “traditional” websites), there’s often a clear indication of authorship. Hence, of background, bias, and agenda. All of which you can factor into your decision to accept or reject something I’m trying to put across. No, I don’t allow readers to post direct comments to my blog, and I certainly don’t allow readers to overwrite what I post.

I’m simply trying to sell my own ideas. I’m not trying to put forth a be-all repository of unimpeachable human knowledge. And I’m not trying to build an ego-free reference work as a shared communal touchstone. I’m just sharing whatever local knowledge (or tomfoolery) pools between these ears.

Down here in Alexandria.


Wednesday, June 28, 2006

fyi Microsoft Repurposes WinFS for Future Products


Found content:

My take:

Is this Bill Gates’ legacy as outgoing chief software architect at Microsoft?

That they couldn’t manage, year after year, product release cycle after product release cycle, project codename after project codename, to ship a unified file system to give users easy access to structured and unstructured data, wherever it might reside, from within Windows? That they got as far as a beta of the unified file system under Vista and then withdrew the technology prior to general availability? That instead of a unified technology, WinFS has essentially been decomposed into a grab bag of features that may or may not find expression in future products that may or may not ever get delivered? That, by way of “explaining” this retreat, all Microsoft could muster was some lame marketing spin about aligning the technology, in some indefinite future incarnation, with some mysterious “data platform vision"? That the company has offered no new timeline for future availability of what once was known as WinFS? That even if they had offered a timeline, nobody would believe it?

What kind of architect walks away from a project in such disarray? As Mr. Gates retires to his foundation work, is he paying close enough attention to the ongoing health of the place that generated his wealth?


Tuesday, June 27, 2006

fyi Senate Committee Chairman Says 'No' to Net Neutrality


Found content:,1217,a=181757,00.asp

My take:

This headline is misleading. Sen. Ted Stevens, R-Alaska, didn’t say “no” to “net neutrality.” Instead, if you read the article, it’s clear that he said “no” to including any mention of “net neutrality” in a pending bill until somebody defines “net neutrality” to his satisfaction.

"Until somebody tells me what net neutrality means, until they can give me a definition, I don't want it in there," Stevens said to eWEEK on June 22. For the record, Stevens also said "The Internet should be free." Whatever that means.

For what it’s worth, I’ll offer a definition of “net neutrality.” I’ve been keeping myself from responding to this issue until it gets to the point where I care enough. Right now, I’m totally sick of the TV ads for and against “net neutrality” (living in the Washington DC area, I’m one of those privileged few Americans who are exposed to this nonsense, which is actually directed at the 535 Americans, such as Stevens, who live part-year in this area and have offices and staffs up on Capitol Hill).

Essentially, “net neutrality” refers to the need for broadband carriers to be regulated as common carriers. In other words, “net neutrality” is a regulatory regime ensuring that broadband carriers (telcos, cable, wireless, etc.) provide open, nondiscriminatory access, routing, interconnection, and termination services to all end users and application/content providers, including those app/content providers who’ve connected to the ‘Net via other carriers. What “net neutrality” is designed to prevent is a situation where each broadband carrier may provide preferential access, routing, interconnection, and/or termination services (and preferential pricing of those underlying network services) to “walled gardens” of their own, affiliated, and partner app/content providers.

If “net neutrality” isn’t mandated by law and enforced by US regulatory agencies, then broadband providers have every incentive to favor their walled gardens and to penalize providers of unaffiliated app/content providers (hence, penalize their end users) through higher prices, inferior QoS, and so forth. Is anybody, on either side of the dispute, truly denying that that will happen if some form of “net neutrality” is not guaranteed by law? You’ll subscribe to a broadband ISP (be it a telco, cable company, etc.) and will find that your access to unaffiliated sites is rendered less convenient, performant, and pleasant through numerous inconspicuous techno-hobbles that make it seem (to the unwitting end users) as if the unaffiliated ones are just naturally inferior and overpriced.

In a Republican-dominated government, there seems to be an ideological block against expanding the regulatory powers of the FCC. But there seems to be no alternative that will guarantee nondiscriminatory broadband provisioning to all endpoints. The carriers covet the success of high-powered app/content endpoints (e.g, Google et al) in the rapid rampup to broadband media, and they clearly want to siphon off a piece of revenue stream that flows to those properties.

Of course, some broadband ISPs are doing quite well by the Googles of the world, who pay billions of dollars for fast, fat Internet connections. One of the unspoken subtexts in the “net neutrality” debate is that the “have-not” ISPs—in other words, those that didn’t land these plum accounts—simply want to spread the wealth their way. Much the same way that say, owners of baseball teams in subpar regional markets have managed to grab an inordinate share of national TV advertising revenues to compensate for their shortfall in local ticket sales. Franchise subsidies through collective action by all franchisees against a baseball-reliant cash cow (i.e., advertisers and the broadcast TV networks that they sustain).

Is that the right analogy? Yeah….the Googles are sustained by advertising revenues. The Googles rely on bandwidth to push that advertising out to their target customers. The ISPs control that bandwidth: the playing fields where advertisers and their end users connect.

What is a stadium if not the original walled garden? A field of green available only to paying customers.


fyi SOA governance article


Article I just published in Network World providing market overview of SOA governance:

Additional kommentary:
The original title for the piece was "SOA Governance: Reining in the Mess, Reigning O'er the Mesh." Editors invariably change my titles and leads. But the published content on this one is pretty close to what I delivered. Thanks Beth.

I'm working on a piece for Network World, to appear in October, focusing on SOA governance case studies in the real world. If anybody has any good case studies to share--on SOA governance, not simply SOA--please contact me at or 703-340-8134.



Wednesday, June 21, 2006

note RC


A dynamic patchwork of
national, horizontal, and vertical
markets driven by the need for
professional services to audit and
independently verify the validity
of structured reports produced
to vouch for continued compliance
and attest to the efficacy
of automated and manual
operational controls
enforcing policies and processes
relevant to mandates
issued by legislative and regulatory
authorities and enforced
through civil and criminal
penalties imposed on
corporations and their
principal and responsible

Thursday, June 01, 2006

review The Naked Corporation: How the Age of Transparency Will Revolutionize Business, by Don Tapscott and David Ticoll, Authors of Digital Capital


Found content: check the subject line….not found so much as requested as freebie from lady handing out the books at Informatica World 2006 last week in San Francisco….had time on the flight back home to read this one…thank god for air traffic control delays….underlined a lot of stuff…wrote comments in the margin…totally defaced it in the act of commenting on it….something I rarely do with books

My take:

Cut to the chase: I can’t process long texts until I’ve zeroed in on the thesis statement, and then passed once at high speed through the outline, and then through a chapter-by-chapter eyeballing of the pages to see if the author has done at least a perfunctory job of substantiating the thesis.

Tapscott and Ticoll put their thesis statement—actually, a full thesis paragraph—two-thirds of the way into the introduction. Here it is:

“Corporations that are open perform better. Transparency is a new form of power, which pays off when harnessed. Rather than to be feared, transparency is becoming central to business success. Rather than to be unwillingly stripped, smart firms are choosing to be open. Over time, what we call ‘open enterprises’—firms that operate with candor, integrity, and engagement—are most likely to survive and thrive.”

Boil that down to its essence. What the authors set up is the following core argument:

Transparency is directly correlated with performance.

Then the reader has to slog through almost two dozen pages of text to get to the authors’ definition of their core concept:

“Transparency…we define as the accessibility of information to stakeholders of institutions, regarding matters that affect their interests.”

So there you have it. There is no further breakdown of how to operationalize the various metrics of transparency so that organizations can be measured, scored, and rated, in terms of comparative levels of transparency. Instead, the authors reserve the right to use the term as an all-purpose praise word for companies of whose practices they approve.

Now, then, I skittered through the next 300 or so pages to find any primary quantitative research that supports their thesis that increasing stakeholder access to information that affects their interests contributes to superior business performance.

I didn’t find it, and that wasn’t simply from inattention due to lack of sleep. I didn’t even see the most basic research regarding how going public—the most obvious form of “transparency,” as regards regularly divulging reams of financial and operational data to the public—correlates to corporate performance.

Do companies perform better when they transition from private to public, and does their performance deteriorate when they decide to go private again? Sure, there are lots of other ways to operationalize the term “transparency,” but this is the most accessible and easiest to do the number crunch on.

Are the oldest companies (the ones that have “survived and thrived”) also the most transparent? Is their longevity due entirely or in large part to their transparency? No mention of this.

I didn’t even see any basic data on how Sarbanes-Oxley compliance—another loose metric of transparency—contributes to performance. All I see, at various points in the discussion, are tallies of the cost of complying with SarbOx.

What I found was plenty of anecdotal evidence drawn from the authors’ consulting work with large US corporations, primarily in high-tech, and primarily describing the dire legal consequences of public companies not being as transparent as they want you to believe. In other words, the punitive consequences of lying, deception, fraud, stonewalling, manipulation, and bad-faith bargaining. That’s not exactly the positive spin—“transparency is becoming central to business success”—promised in the thesis. Instead, the book is permeated by the “you’ll go to jail” post-Enron hardball lesson.

Part of the problem with the book’s anecdotal evidence is that it’s not in the form of structured case studies. Instead, the authors provide, chapter after chapter, a verbal scattergram of bulletized factoids on particular companies’ transparency successes and failures. This unstructured approach to their topic makes it difficult for the reader to tie these details to any coherent thesis.

Another part of the problem is that the authors use the terms “transparency,” “openness,” “accountability,” “social responsibility,” “corporate ethics,” “corporate integrity,” and “good governance” interchangeably, and blur the distinctions among them. For example, here’s evidence that the authors cite as to the success of British Telecom’s “transparency” commitment: “In the area of the environment, for example, the company has scores of programs that demonstrate its commitment to ecosensitivity, including details such as prohibiting advertising on pay phones that are located in areas of outstanding natural beauty, national parks, open countryside, or World Heritage sites.” Ummm…all of that is well and good, but how does it evidence “accessibility of information to stakeholders of institutions, regarding matters that affect their interests”? And how does it translate into better corporate performance from the standpoint of the most critical stakeholders: shareholders and employees?

And the authors are too quick to buy into the sort of kneejerk “we’re good citizens” public-relations boilerplate that corporations everywhere churn out night and day. Here’s the sentence immediately following the one that I just quoted, re BT: “With respect to supplier relationships, the company pledges to ensure that all dealings with suppliers—from and consultation to recognition and payment—are conducted in accordance with the principles of fair and ethical trading.” I don’t deny that BT is committed to all this, but it would have been more interesting to see if a reputable, qualified third-party had audited and attested to the company’s performance on this and other “good citizenship” metrics.

None of this is truly “transparency” in any meaningful sense of the word. BT is simply pledging not to dirty the environment or lie to its business partners. It would be “transparency” if BT had also pledged to provide stakeholders with ongoing access to a broader, deeper set of financial, operational, engineering, and product data of interest to them. In other words, if BT had pledged to expand stakeholder access to its business intelligence (BI), business activity management (BAM), business performance management (BPM), and other analytics and reporting tools. And if BT had pledged to expanding its B2B collaboration environment and activities with stakeholders, so as to engage them more directly and continuously in operations, at all levels in company.

All of which BT may be doing. But I can’t tell from Tapscott and Ticoll’s book. There are a lot of interesting ideas and discussions in the book, but none that directly and systematically develop the thesis.


Monday, May 29, 2006

poem Worn


The weight of weight worn
whole, heavily, drags
the soul, cruel as wool
that keeps within the
heart wrapped in sin as
wet as pent-up sweat.

Monday, May 22, 2006

imho Arch of Governance part 5 of 5


Found content: “Google’s China Problem (And China’s Google Problem,” Clive Thompson, The New York Times Magazine, April 23, 2006, pp. 64-71, 86, 154-156.

My take:

Governance is self-regulation. Sometimes, it’s the defensive crouch of an industry or community warding off the nasty stick of Big G Government, the ultimate uber-authority, which may step in and assert its sway when it feels the inmates can no longer run the asylum.

Self-regulation often involves self-censorship. Learning the limits of the tolerated is what any speaker, publisher, common carrier, or (in the case of the referenced article) search engine must do to survive in an authoritarian system—in other words, in any system in which speech is only as free as Big G Government wishes it to be.

Here, for example, is the self-censorship (hence, omni-censorship) regime that Google has had to internalize in order to do business in China (I’ve bulletized the text to call out the core thesis of the piece):

  • “American Internet firms typically arrive in China expecting the government to hand them an official blacklist of sites and words they must censor. They quickly discover that no master list exists. Instead, the government simply insists the firms interpret the vague regulations themselves. The companies must do a sort of political mind reading and intuit in advance what the government won’t like….
  • “The penalty for noncompliance with censorship regulations can be serious….’You have to understand, these people are terrified, just terrified. They’re seriously worried about slipping up and going to jail. They think about it every day they go into the office.’ As a result, Internet executives in China most likely censor far more material than they need to.
  • “The Chinese system relies on a classic psychological truth: self-censorship is always far more comprehensive than formal censorship. By having each private company assume responsibility for its corner of the Internet, the government effectively outsources the otherwise unmanageable task of monitoring the billions of e-mail messages, news stories, and chat postings that circulate every day in China.
  • “The government’s preferred method seems to be to leave the companies guessing, then to call up occasionally with angry demands that a Web page be taken down in 24 hours….’There’s a randomness to their enforcement, and that creates a sense that they’re looking at everything.”

Notice the word “noncompliance” in the second bullet. Within that is the word “compliance,” which is a hot theme in the IT world now. Compliance is, of course, a measure of the efficacy of governance. And governance, of course, is driven by Big G Government mandates.

As I noted several months ago in this blog, every mandate is a new source of “thou shalt comply” commandments on enterprises and service providers. There are as many “thou shalt comply” religions as there are governments, agencies, laws, and bosses upon the face of the earth. To the extent that you operate worldwide—or even in a single region—how can you effectively comply with requirements that issue from so many rule-gods, who don’t always talk/agree with each other up in the clouds of Olympus, and who are changing their god-minds independently all the time? To the extent that all these rule-gods “federate” (i.e., agree to respect each others’ jurisdictions, honor each other’s decisions, and harmonize their respective approaches), your job (the haplessly hopelessly pliant and compliant clay/mud at their feet) is easier.

What this article makes clear is that the world’s oldest state, largest nation, and fastest growing economy has no single censorship regime. Instead, it has many government bureaucracies who don’t speak with a single voice or wield a single censor stick. An Olympus of squabbling demi-gods. All of them have access to the police apparatus to enforce their multifarious dictates. All sustain a Confucian culture and ideology that prides itself on the righteousness of authoritarian censorship. All insist on small g governance among their subjects, on self-censorship and self-regulation, as a way of keeping the nasty stick sheathed. So, in that sense, all the authorities in China are “federating” with each other.

Governance. Compliance. These are dominant themes in the post-9/11 world economy, interpreted, applied, and enforced in diverse ways in various nations. Here’s my favorite excerpt from this article: “In contrast to the confusion most Americans experience, Chinese businessmen would often just laugh when I asked whether the government’s censorship regime was hard to navigate. ‘I’ll tell you this, it’s not more hard than dealing with Sarbanes and Oxley,’ said Xin Ye, a founding executive of, one of China’s biggest Yahoo-like portals.”

We often joke that the purpose of SarbOx is to keep your CEO out of prison. That’s our Big G Government holding its nasty stick in abeyance.

Yes, there are bad compliance/governance/regulation regimes and not-so-bad ones. I’d place corporate accountability and financial integrity regulations in the latter category. But truly global businesses can’t pick and choose nations in which to operate. And they can’t impose their home country’s political systems and cultural values on the countries in which they are guests.

Global compliance is founded on global compromise and flexibility, not on ideological crusades. Your internal governance regime(s) must conform to the Big G regimes at whose pleasure you remain within their borders.


Thursday, May 18, 2006

imho Arch of Governance part 4 of n


Found content:,4902,110766,00.html?nlid=APP

My take:

Governance of anything is a workflow, of course. But don’t take the word “workflow” in the limited sense of “sequential process.” I use it in the broader sense of “policy-driven flow of content, context, and control throughout a distributed process.” That definition allows the flow to be sequential, parallel, conditional, etc. Allows the flow to be the collaborative give-and-take of human beings hooking up through e-mail, phone, travel, etc.

But of course I have other definitions of workflow that I whip out when the need arises. Another definition indulges my delight in alliteration, characterizing (oversimplifying?) workflow as a set of roles, routes, and rules (i.e., all of which constitute the envelope of “policies” that govern the driving of the flow, per the above definition).

Notice that I place “role” first in that list. The notion of a “role” is the foundation of any business process. In many workflow models, roles are the (actual or virtual) dots that are connected by the routes, which are in turns qualified by the rules that govern the whole process.

Govern the process. Governance. A few months back in this blog, I characterized role as “identity defined in its full governance context,” qualified by the broad attributes of “place,” “process,” and “permission.”

Re SOA governance, it’s clear that roles—human roles—play a critical (gulp!) role in design-time and run-time. In my upcoming Network World feature article on SOA governance, I make the following point: “One of the most effective approaches for SOA governance is to restrict what sorts of new services may be published to the master registry, by whom, with whose approvals, and under what conditions. Increasingly, registries are integrated with workflow features that govern how services are approved, designed, developed, published, versioned, and retired.”

Most of the registry/repository vendors provide varying degrees of support for configurable design-time administrative/approval workflows, based on clear role definitions among developers, SOA architects, etc.

The referenced found-content provides a good discussion of how SOA governance design-time (and optimize-time) roles are changing. I quote it at length: “Business architect. Process analyst. SOA enterprise architect. These are the job titles various organizations are applying to an emerging role being filled by those well versed in business and technology to oversee service-oriented architecture projects. The holder of the new job will be charged with identifying services that can be reused across an enterprise, finding services in a repository, simulating scenarios for the processes to run and determining metrics to measure the effectiveness of an organization's processes. The position will be part of either central IT or a line of business, depending on the company.”

I had a discussion on this same topic yesterday with Aiaz Kazi of SAP, here at SAPPHIRE ’06 in Orlando. Many of their customers are grappling with the proper definition of the diverse roles in governance of SOA that leverages SAP’s Enterprise Services Architecture (ESA), which is implemented in its NetWeaver platform components, mySAP applications, and diverse composite, vertical, and horizontal apps and business processes.

What Aiaz was describing is a new SOA governance design-time role that sits halfway between the IT process architects and the business process analysts (i.e., the tech and business wonks who use their respective visual development and flowcharting tools to specify SOA-enabled business processes at various levels). This intermediate role essentially catalyzes consensus between the business process analysts and the IT process analysts concerning the eventual process, but doesn’t actually get involved in the fine-grained architecting of the processes.

Instead, this role is more of a “process steward” (my term) who makes sure, whatever new process emerges, that it reuses existing business processes to the maximum extent feasible. The process steward cracks the whip and just says no when IT process architects and business analysts attempt to create new, end-to-end, stovepipe workflows that overlap with existing processes, either in their entirety or in significant roles, routes, and/or rules.

In other words, the process steward role enforces reuse of existing business processes—SOA-style—when developing new processes. The process steward oversees the SOA governance process—the design-time workflow or collaborative process--under which business governance structures—as defined by IT process and business process architects—are crafted, revised, and optimized.


Saturday, May 13, 2006

poem Toast


Through these remarks we
mark this moving moment and
bless the bubbly bliss.

Saturday, April 29, 2006

poem Geo


Face to face behind
pointed pistols we shake and
resume discussions.

Monday, April 24, 2006

imho Arch of Governance pt 3 of n


Found content:

My take:
Here’s where I attempt to discuss governance as it relates to my core coverage domain: data management.

Data governance is a new buzzphrase with legs. I notice that three other industry analysts are posting to a blog sponsored by a data management vendor, and that they’re all tap-dancing around the topic of data governance…none of them has produced (in that blog) a clear definition of the term, though they’ve gone on at some length regarding the value of data governance, the “what’s it’s not” of data governance, the “what it sorta overlaps with” of data governance, and so forth.

I’ll back into my own definition of data governance. First, I’ll revisit my definition of federation, as one broad category of governance structures:
  • “Federation is a governance structure in which autonomous domains choose to honor each other’s decisions and accept each other’s assertions in some realm of human endeavor—such as identity management, data management, or SOA management--subject to business contracts, trust relationships, interoperability agreements, and local policies.”

I implicitly describe “data management” as a “realm of human endeavor” to be governed (i.e., controlled). And I define governance in another post as:

  • “Control structures on human and automated interactions, some of which emerge from the blur of decentralized, autonomous decision agents, and some of which are imposed by centralized authorities.”

Leveraging, converging, and extending these definitions, I define data governance as:

  • A control structure on human and automated interactions within and among data management domains, addressing the full life cycle of functions necessary for comprehensive management of data as a business asset.

I have spun my own alliterative string of verbs to describe the various life cycle functions managed by a data governance environment:

  • Mapping, modeling, and marking up data
  • Moving and migrating data
  • Massaging and manipulating data
  • Massing and mastering data
  • Monitoring and measuring data
  • Mobilizing and extracting meaning from data

And so forth. Mmmmmmmmmmmmmmmmmmnemonics. Governing anything involves getting your head around a single conceptual model of the entire domain. I parse every data management vendor, architecture, approach, product, etc with this ontology in mind. ETL? (that’s primarily moving and migrating data). Data warehousing? (that’s primarily moving and migrating, massaging and manipulating, massing and mastering data). Business intelligence? (that’s primarily mobilizing and extracting meaning from data). DBMSs? (a bit of everything, actually). And so on and so forth.

Data governance is being used in the same breath as master data management (MDM) to describe this entire life cycle of data management functions. Now, repeat the mantra: mdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdmdm.


Tuesday, April 18, 2006

imho Arch of Governance pt 2 of n


Found content:,10801,110436,00.html?source=NLT_APP&nid=110436

My take:
Hard to tell whether we’re twisting the concept of “governance” beyond its natural breaking point…but here I’m testing the tensile strength of the concept in yet another context.

Governance is control, implemented by hook or crook, proactively and/or reactively. The referenced article--“Why achieving SOA quality can be so difficult” by Shridhar Mittal--is an excellent discussion of software QA challenges in the “composite…distributed…heterogeneous….dynamic” SOA world. Here’s the graf that jumped out at me: “Application quality is fast becoming the primary governor for achieving companywide SOA success and deployment. With so many interconnected parts making up applications that can be delivered virtually anywhere, testing no longer becomes a mere matter of finding bugs within the developer's code or problems that occur on a given user interface. Software quality processes must evolve with the architecture to genuinely test a business process and maintain context across the entire workflow.”

Governor…governance….hmmmm. In the previous post, I implicitly defined governance as “different control structures on human interactions, some of which emerge from the confusion of decentralized self-interested interactions … and some of which are imposed by very visible iron hands.” Perhaps I should generalize this discussion to refer to “control structures on human and automated interactions, some of which emerge from the blur of decentralized, autonomous decision agents, and some of which are imposed by centralized authorities.” Yeah…that’s the ticket.

Governance is often event-driven: you see an exception condition (such as a software glitch or DDoS) in development or operations, and you implement a remediation and/or enforcement action to address it. In my discussions with the industry, everybody keeps bringing up the following lifecycle of SOA governance activities: design-time, deploy-time, run-time, change-time (or optimize-time, which is essentially a return to design-time, but incorporating SOA operational metrics from run-time into tweaking the production SOA).

Ideally, QA should be an activity that transcends all of these “times.” You should look for glitches and bugs continually—in development, when the software is being deployed, and in normal operations—and address it continually, sometimes fixing it on the fly, sometimes decommissioning a software component so that it can be fixed “out-of-band” while you implement a workaround. Your SOA governance toolset (i.e., Web services management in operations + visual design and policy administration tools in development shop) should provide you with the ability to test for, detect, and fix these issues at any “time.”

SOA governance involves continuous interaction testing that permeates the entire environment at all “times.” As the article states: “Comprehensive regression testing and runtime monitoring across this distributed environment is critical to maintain the integrity of the application….When teams truly collaborate and continuously automate tests against every layer of the SOA, companies can more reliably wrest value from today's complex, service-oriented business software.”

QA-driven SOA governance, then, is both an automated background activity and a very human collaboration operation that never sleeps.


Monday, April 17, 2006

imho Arch of Governance pt 1 of n


The current meditation started when I accepted the position of principal analyst with Current Analysis.

Surveying the vast domain of my focus area (data management) and just following a long DRM sequence, it occurred to me that DRM is what you might call a use case of “data governance”: “flexible deployment of content-control policy-enforcement logic throughout networks” (hence sort of under my current coverage scope; in fact, you may notice this in the previous post: “governance of … distributed data…in the form of a corporate-standard master data management (MDM) environment”).

But governance sprawls across many coverage areas, including information security (“heavyweight content security, policy, trust, and key management infrastructure that will inevitably be embedded everywhere”), which is the province of my colleagues Andrew Braunberg and Charlotte Dunlap. It also fits squarely into the SOA governance province of my colleague Shawn Willett.

Regardless…no need to feather my overcrowded nest any further…this concept of governance keeps creeping into my thinking on many topics. Federated identity, for example. In a November 22, 2005 post, I list one of the elements of federated IdM patterns as “federation governance,” with the alternatives of “bilateral trust agreements” and “multilateral agreements.” (Yes, I am using my blog as a memory aid).

And on January 27, 2005, I posited the following “laws” (normative) of “identity governance”:

  • Law of identity federation: Domains must be able to establish trust relationships under which they can choose to accept each other’s identity assertions and honor each other’s identity decisions--or reject them--subject to local policies.
  • Law of identity assurance: Entities must be able to unambiguously ascertain, resolve, and verify each other’s identities, and reserve the right to refrain from or repudiate interactions in which such assurance is lacking.
  • Law of identity self-empowerment: Humans must be able to self-assert their identities, and reveal or conceal as much or little of their identity as they wish, at any time, for any reason, from any other party, for any duration, and also to unlaterally defederate from any domain that deliberately or inadvertently compromises or violates these rights.

All of which brings us to the core issue (of this post at least). What exactly is “governance”? And what exactly distinguishes it from “management,” “administration,” “access control,” “federation,” and other related terms of art in this industry? Is “governance” simply another empty fuzzword coined to give the false impression of new substance?

It occurs to me that, in IT contexts, “governance” is usually used in the same breath as “federation.” And both terms are used in contexts in which responsibility for some functions (e.g., authentication, authorization, etc.) is decentralized across two or more autonomous peer sibling domains. In other words, governance as barely controlled anarchy. As an alternative to centralized, command-and-control environments, in which there is a parent/child relationship between domains (in other words, hierarchy, aka big G Government).

But of course, some use “governance” to characterize all options on the spectrum from anarchy to hierarchy. All of it describing the different control structures on human interactions, some of which emerge from the confusion of decentralized self-interested interactions (e.g., Adam Smith’s “invisible hand”) and some of which are imposed by very visible iron hands.

If we take the most global definition of “federation,” we can describe it as one type of governance structure, to wit:

  • “Federation is a governance structure in which autonomous domains choose to honor each other’s decisions and accept each other’s assertions in some realm of human endeavor—such as identity management, data management, or SOA management--subject to business contracts, trust relationships, interoperability agreements, and local policies.”

Or you can characterize federation as governance built up from contracts, and the alternative (hierarchy) as governance handed down from constitutions and covenants. Contracts vs. constitutions: horizontal vs. vertical policy envelopes: negotiated vs. decreed governance environments.

All a part of the art of governance. Or the arch of covenants.


Saturday, April 15, 2006

poem Character


Character is caricature.
It exaggerates, and becomes.
Becoming your blunt summation
in the act of unbecoming.

Saturday, April 01, 2006

fyi German Bank Fights Phishing With Electronic Signatures


Found content:,10801,110054,00.html?source=NLT_SEC&nid=110054

My take:
Fight phishing with common sense, not electronic signatures on e-mails and websites….OK, use the latter as well, if you wish…but if you’re like me, you’ll:
  • Use online banking as little as possible….direct deposits for regular paychecks and direct debits for regular bill payments are totally automated…which eliminates most of the need to visit a physical or online bank
  • Believe no e-mail that purports to come from a financial institution, including those in which you have accounts…and doubt whether there might ever be legitimate circumstances under which a financial institution would ever send you an e-mail to notify you of some account-related event or anomaly….and tell all of your financial institutions in no uncertain terms that monthly statements and all other official communications must come from them via postal mail, printed at their expense, on their letterhead, and on a regular schedule, to your permanent street address.
  • Tell your legitimate financial institutions that, if there’s a serious event-driven issue concerning your account (e.g., overdraft), they will have to contact you via phone…so at least you have some evidence that somebody somewhere spent sufficient resources (to print and mail paper and/or to have a human being call and talk) to discuss something of critical importance to both them and you….even though scams also make use of the phone system on occasion.
Make the scammers really work if they want to separate you from your assets, through online or other approaches.

Asking you to periodically “verify” existing account information online is a crock….you verify it implicitly every day by going about your life as usual and not noticing anything out of the ordinary with your checking or brokerage accounts….accept that you’re responsible for checking your statements every month, and that no legitimate institution will prompt you to exercise that responsibility….banks don’t call you to ask if you received and have reviewed your printed-out monthly statements…or balanced your checkbook register….do they?

Asking you for your password so that they, the “institution” that supposedly manages that account, can manage it is also a crock…if their “employee” or “representative” doesn’t already have full access to your account information, that’s their problem, not yours…they’ll have to prove that they have sufficient information on you already before you even begin to speak to them…if it seems like they know nothing about you, clam up…if they can’t even tell you what your current mailing address is for the purpose of verifying it over the phone, then they have never mailed you a paper statement…which means they have never actually established a real relationship with you…which means they’re a fraud…they don’t have the nucleus of an “identity system of records” on you, or can’t match up the data in their iSoR with the equivalent data that only you have possession of…they’re obviously fishing/phishing for that data…don’t give it to them…close your browser and/or hang up…

Asking you to verify an electronic signature on a financial institution’s e-mail or website strikes me as a bad idea. They're putting the burden on you, the customer, to verify the authenticity of the institution that purports to have sent you a message or operates a website that you’re visiting. You have to do all the work, per the referenced article: “Under the Postbank certification system, users can verify an e-mail by clicking a certification symbol, which, when opened, provides details about the signature. A warning symbol appears if any inconsistencies arise during the signature authentication process.”

When the customer has to do any work at all to verify an electronic signature, you can best believe that most customers will do nothing. Which means that there will still be plenty of scams that use electronic signatures to convey the illusion of legitimacy, and that verify few customers will actively “verify” these signatures. And that few users who do attempt to verify the signatures will know what to do with the information that the signature system presents to them.

The more I stare at the following two statements from the article, the more they bother me:
  • “users can verify an e-mail by clicking a certification symbol, which, when opened, provides details about the signature.”
  • “a warning symbol appears if any inconsistencies arise during the signature authentication process”
What “details” are presented about the signature? Will it tell me that a certain “E_Trade” (scammer) that signed a message or webpage is not the same as the “E*TRADE Securities LLC” that actually manages my accounts? Would I pay attention even if it told me? Who actually keeps track of these typographic differences between alternate possible versions of these concocted corporate names anymore (Yahoo vs. Yahoo!...yeesh)?

What “inconsistencies” might arise during the signature authentication process that would make the recipient have second thoughts about trusting a message? Pharming thrives because people blithely ignore the inconsistencies or discrepancies between an authentic financial institution’s URL and the one that pops up in their browser (to which they’ve been redirected, possibly, by a virus planted on their PC). Might malware also hijack your PC’s electronic signature software and produce bogus “everything’s cool” messages that hide any “inconsistencies” in the signature verification process?

So, in summary: Paper is safer. Letterhead is a better bet. When an institution commits ink to pulp and regularly sends it out, it shows that it holds your master account data. That it’s working hard to hold your confidence and continued patronage. That it isn’t waiting for technologists and lawyers to get the kinks out of electronic signatures.