Monday, November 20, 2006

Hugs & Kisses, Hurts & Curses

Norman Nie of Stanford University says, "You can't get a hug or a kiss over the Internet." (Social Intelligence: The New Science of Human Relationships, p. 9).

Daniel Goleman, the author of the 1995 best-seller Emotional Intelligence, has authored a new book which I hope every IT Manager makes time to read, Social intelligence. The point of the book is that we are all "wired to connect", no matter how much technology is part of our everyday experience. In fact, in the beginning of the book, it is clear that Goleman believes recent technological developments are insulating most of us from that essential human connectivity for which we are biologically wired. From the car, to the cell phone, to the iPod, Goleman argues we are encasing ourselves in technology which isolates us from one another, leading to what he calls social autism.

Stephen Covey made a similar point in his book First Things First (1996) when he said, "You can be efficient with things, but you need to be effective with people, particularly on jugular issues." I've remembered that point over the years, but it bears repetition. With Goleman's new book, not only is the point repeated, it is reinforced with research from the the new discipline of social neuroscience. Our emotions and moods are all about human connectivity and the jugular issues of communication.

In the opening chapters, for instance, he talks metaphorically about the high road and the low road of communication. The high road is all about the frontal lobe of the brain, the location where reflection and rationality intercede, hopefully stopping us from saying something stupid. The low road, on the other hand, is all about the amygdala, almond-shaped groups of neurons buried deep within the temporal lobes of the brain where we sense one another's mood and emotions before we have had time to reflect or rationalize. The salient point is that the low road works far, far faster than the high road.

We experience this whenever we watch a movie or are engaged in a conversation with someone and intuit something going on. Whenever there is a hint of a smile on someone's face and we respond with our own smile or, even in a more subtle fashion, with a minor shift in mood which mirrors that of our conversationalist. All of this happens in an instant and before we are aware of what is going on consciously. This means, of course, that there is far too much information in one-on-one conversation to rely on e-mail, instant messaging, blogs, or other forms of communication which technophiles, like IT managers, use and promote everyday.

We may not hug or kiss one another in such conversations, but the point is still valid. The wiring we use for our technology cannot, and perhaps never will be, as effective in communicating with one another as the face-first conversation.

Sunday, November 19, 2006

Spam, Botnets, Pump-and-Dump, and Armageddon

Spam has become such a common part of life with e-mail these days that even bringing up the topic in casual conversation has become boring. Boring, that is, unless the conversationalist brings something novel and interesting to the dialogue. If that's true for casual conversations, then it's absolutely true for blogs and other forms of monologue.

Maybe considering volume and percentages helps. I estimate that I receive about 120 spam e-mail messages daily on my personal e-mail account. Because my corporate account is pre-laundered by an external service before e-mail arrives in my Inbox, it's a little more difficult to discuss absolute numbers and percentages (we use Postini's Enterprise Email Protection Service). About 52% of our corporate e-mail is either blocked or quarantined for further review.

My experiences reflect the overall historical situation. In 1978, an e-mail spam was sent to 600 addresses. By 1994, the first large-scale e-mail spam was sent to 6000 bulletin boards and eventually reached millions of people. By June 2005, the volume of spam had reached 30 billion per day. By June of 2006, that number had risen to 55 billion spam e-mail messages per day. About 80-85% of all e-mail messages globally are now "abusive" e-mail (see e-mail spam on Wikipedia).

OK, so maybe even talking about absolute numbers and percentages aren't all that interesting. What I do find interesting, though, is that digging a little deeper into the phenomenon of spam demonstrates alarming changes that go well beyond simple numbers. I'm thinking here of botnets, so-called pump-and-dump, international e-mail crime gangs, and the advent of Armageddon.

Here's a recent example. In the past few weeks, there has been a surge of spam for penny stocks and penis enlargement pills. Evidently, the surge has been tracked back to a gang of Russian hackers who have cobbled together a botnet of 70,000 peer-to-peer computers is as many as 160 countries worldwide which uses the SpamThru Trojan to do the dirty work. Botnets are "broadband-enabled PCs, hijacked during virus and worm attacks and seeded with software that connects back to a server to receive communications from a remote attacker" (Is the Botnet Battle Already Lost?, 16-Oct-2006, eWeek). Computers controlled through botnet technology are generally called zombies. They provide the mechanism whereby spam is generated and delivered, bringing back billions of dollars in revenues to the gangsters.

How prevalent and dangerous is the threat? Since January 2005, Microsoft's Malicious Software Removal Tool has removed at least one Trojan or bot from 3.5 million individual computers. When those computers were compromised by the hidden code, they exemplified the first of the 10 Immutable Laws of Security: Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore.

How does the bot herder get you to run his program on your computer? Through either a vulnerability on your computer or through a weak password. As Jesper Johannson says, "The only thing that stands between attackers and the end of the world is a password." (see Assessing Network Security, p. 11).

It may be a little early to tell whether the good guys can fight back and delay the advent of Armageddon. But it is clearly the case that the sophistication of the bad guys is alarming. The SpamThru trojan, for example, is not only being used in a very effective spam campaign, it is also evidence of malware that is as complex and feature-rich as many commercial software programs. This trojan, for example, has its very own anti-virus scanner embedded within its code - a pirated version of the Kaspersky AntiVirus for WinGate. The AV scanner is used by the trojan to eliminate rival malware files that would get in the way of maximizing the volume of spam e-mail sent from the zombie computer. That is very clever and very disturbing.

The SpamThru trojan also uses templates downloaded to the zombie but which uses challenge-and-response authentication methods to prevent other malware software from stealing the templates it uses from the template server. Not only is that clever and disturbing, it might even be worthy of a conversation around the water cooler on Monday.

Friday, November 17, 2006

Multifactor Authentication - It's Coming Sooner Than We Think

It's hard to believe, but it's been 2 years since the Bush administration in the United States issued the Homeland Security Presidential Directive 12. The point of the directive was to enhance security through the reduction of identity fraud. One of the ways the HSPD-12 has affected information technology is by accelerating the adoption of smart cards. In fact, ActivIdentity predicts that between 50 and 100 million smart cards will be in circulation in the United Stated in as little as 10 years.

One of my colleagues just returned from training into FPA-SAFE, a program designed to help the food industry with its audit needs. He confirmed that identity security was an important part of the training materials and concerns. He even shared some humorous stories about the lack of appropriate standards for authentication in the food industry.

This occurred at the end of a meeting in which we discussed our own internal security procedures and standards. I had introduced staff to multifactor authentication, something I had been reading about in Jesper Johannsson and Steve Riley's book Protect Your Windows Network: From Perimeter To Data. The idea behind multifactor authentication is that we can enhance identity security in computer systems by utilizing 2 of 3 classes of authentication factors: something the user is, something the user has, or something the user knows. The first usually involves biometrics, the second something like a security token or smart card, and the third something like a password, pass phrase, or PIN. By using 2 of the 3 factors, we can dramatically improve the security of our systems while making life easier for our users.

Normally, I would have thought that multifactor authentication was simply too advanced and too rich for smaller companies like ours. But international standards organization and compliance regulations are spurring growth of the technology, reducing price points and increasing the likelihood that small- and medium-sized businesses will see the business benefits of the technology.

Saturday, November 11, 2006

IQMS User Group Meeting - Security

The final breakout session of the conference for me was security. The session was presented by Gustavo and Tina Jolicoeur of IQMS.

Without completing redesigning the module, there isn't a lot that can be done to add features. Nonetheless, users were quick to point out areas that needed improvement or than could be enhanced to ease management of users and security roles in Security Inspector.

IQMS has already enabled administrators to kill sessions. They have also added password policies and the ability to lock user accounts out of any IQMS module.

There was some more discussion on an issue which Randy Flamm had already indicated IQMS would not budge on, namely a single logon to the system using the authentication available to system administrators already in Windows Server 2003 through Active Directory and group policies. It is aggravating to our users to have to logon twice, once to the system, then on to EnterpriseIQ. Since we have implemented standard password and other security-related policies, there is nothing that IQMS can add that provides useful password protection that we haven't already implemented. If network administrators are following recommended standard policies, then this will be true universally. Unfortunately, many administrators continue to provide generic accounts to the operating system even though doing so compromises security. Not only that, but there are better ways to provide a mandatory profile and desktop to users than through generic accounts.

One feature that I advocated for, however, was the ability in Security Inspector to find-and-replace roles for individual users. The idea is that whenever we create custom roles to replace the IQMS canned roles, I don't want to have to find each individual user who has that role allocated to their IQMS user account and replace it with the custom-designed role. It would be far easier to find the existing accounts and replace them automatically.

There were a couple of new and old features of security that will help us. One is the ability to automatically log off users from their IQMS accounts whenever they have exceeded a session limit. That already exists, but I was unaware of the feature. A second pre-existing feature of which I was unfamiliar was that of resetting user passwords when they forget their password. Although we cannot do this through the IQMS-provided interface, I can do so through Oracle's Enterprise Manager Console.

The session was a useful way for me to come to the conclusion of this year's user group meeting. It was a very useful conference for all three of the Pano Cap Canada delegates.

IQMS User Group Meeting - Preventative Maintenance

The final day of sessions started with a breakfast meeting in the ballroom with CorVu demonstrating their line of business intelligence products. That was followed by various breakout sessions until lunch, when the conference ended.

The first breakout session for me was Preventative Maintenance with Bob Gee and Danielle Fresca of IQMS. I had already met with Bob the day before in the afternoon at the IQMS Help Desk to review issues related to preventative maintenance, but the session was useful to review what other users were doing with the module and issues they had about required enhancements.

The biggest enhancement noted by the presenters during the sessions was the addition (finally!) of user-defined classes. In all previous versions, the classes of preventative maintenance were hard-coded. Now we'll be able to add our own, thereby facilitating sorting and grouping of tasks and work orders.

On behalf of Pano Cap, my colleague and I reiterated our desire to be able to add miscellaneous costs at the activity level to preventative maintenance work orders. But the greatest amount of user discussion focused on the issue of automatically generating preventative maintenance work orders by the last bill of material tool configuration. Randy Flamm had just joined the discussion. He guaranteed that IQMS would do something along these lines in the next major release.

Friday, November 10, 2006

IQMS User Group Meeting - CRM

Pano Cap has had some success implementing the Customer Relationship Management module from IQMS already. But it was good to sit on this next breakout session and offer some suggestions for improvement. Our sales staff use the module to handle most customer-related issues - calls, tasks, support issues, and meetings. We have designed our own sample request forms and processes, but with recent improvements to the product, I foresee us abandoning those custom applications for the quoting module in CRM. In addition, with the requested changes to CRM, our IT department should be even more successful in adapting the software for its own needs as a help desk module.

IT uses CRM to document support-related issues. We also use the Project Manager module to document IT-related initiatives and strategic plans for a given period. With a few changes to CRM, we should in the future be able to link support activities directly to the project initiatives.

Other users were anxious to get IQMS to improve the Outlook-related features of the CRM module, including ActiveSync'ing with Pocket PCs and Smart Phones. With the 9/15 release we should also get web access through Apache server to the CRM module so that traveling sales people can access their to do lists and other CRM-related notes while using their smart phones or PDAs. In addition, when a call is received by a sales person or someone in IT, and that call is related to a problem with service, the new release promises to allow us to immediately drag-and-drop that call into the support issues queue.

CRM cannot, and may never, offer all the features of a product like Microsoft's Outlook, but the integration with the ERP system makes it a very compelling option, especially if the company can secure unlimited licenses. I don't know if Pano Cap is ready to make the investment in unlimited licenses, but it would be nice ;>)

IQMS User Group Meeting - WMS/RF

The next breakout session I attended was in the ballroom and had a large number of attendees, all eagerly anticipating news on the Warehouse Management System (WMS, RF for Radio Frequency). Diane Ramaglia was the presenter, but it is safe to say that Randy Flamm, the president and founder of IQMS, took the lead in fielding the Q&A session that followed Diane's PowerPoint presentation.

Diane flew through her slide deck, leaving little time to take notes, but suffice to say that the WMS product is designed to provide better accuracy in inventory, to provide a real-time view of that inventory, to reduce costs in managing inventory, to reduce returned product, and to support less time spent on physical inventory counts.

The anticipated next release of WMS will have new features in both the web-based version for PDAs and the text-based version for bar code scanners such we have at Pano Cap. In addition, Randy fielded a lot of suggestions and questions about enhancements.

From the Pano perspective, we were able to get most of our questions about best practices and implementation scenarios answered. The IQMS staff seemed a little nervous about our initiative in getting WMS/RF users together during the lunch session, possibly because they wanted to ensure that any useful suggestions about product enhancements were documented by IQMS staff and implemented in subsequent releases of their software. Even so, we met with other WMS/RF users during the lunch break and got a few more pointers about implementation lessons learned.

IQMS User Group Meeting - Crystal Reports

The morning sessions on Thursday, November 9th, 2006 started with a Microsoft presentation on FRx report writer. Although we use this report writer for financial statements and other financial reports at Pano Cap, the session didn't give us anything new to digest.

The next session was given by Tina Jolicoeur and Danielle Fresca of IQMS and was far more useful. This part year has been a tough one for both IQMS and users of IQMS software products insofar as printing of Crystal Reports is concerned. Incompatibilities with .NET printing, illegal 2-table links, and miscellaneous display problems all surfaced in September 2005 and took until December for IQMS support technicians to put to bed. Most of the problems were with Crystal 8.5 and 9.0, but were left with IQMS technicians to resolve.

Crystal XI had its own set of issues. .NET printing required a reinstallation of each client workstation. There were new parameter settings for LAN administrators to use both at the global and workstation levels in EnterpriseIQ. Crystal report designers were faced with a default setting which turned on smart linking, a ridiculous feature which broke all the carefully designed table links in existing reports. And many other things.

All were addressed in this session by the IQMS presenters.

Moving on to new features related to Crystal reports in the highly anticipated 9/15 release were things like cascading dynamic parameters, a new reports catalog accessible from the main menu and a reports execution log to track which reports have been run by individual users.

We at Pano will have to start planning our move to Crystal XI, since neither 8.5 nor 9.0 are supported any longer by Business Objects. Melissa Johnson of IQMS is designing all new reports using Crystal XI and the future of printing in the IQMS environment (if not everywhere in the enterprise) will involve .NET printing, so it's time to move on, even if that means retiring printers.

Thursday, November 09, 2006

IQMS User Group Meeting - Developments

Wow! I don't know how else to express how impressed I was with Wednesday morning's session with the President of IQMS, Randy Flamm! Randy took almost 2 hours to demonstrate IQMS's continuing passion for product development. In fact, Randy admitted that he is, at least in part, an analyst who works directly with the chief programmers in orchestrating how products are designed and created.

There are simply too many new and exciting product developments to share them all here in this blog post, so I'm going to highlight just a few.

The development of a wireless real-time manufacturing solution stands out for me as something that will reap immediate rewards for both IQMS and its customers. Pano Cap Canada has resisted marketing and sales types from IQMS wanting us to implement real-time before now. And I'm glad we resisted. Next year we will probably take the plunge, but now, instead of wiring our factory floor, machine by machine, we can go a far simpler route of adding small devices to each machine, some antennae, and possibly some light bars at each machine indicating the status of the current process running on that machine. There will be no access points and 2-way communication utilizing something called mesh networking. Way cool!

Another great improvement is the addition of report catalogs and report execution logs. These are a database administrator's dream tools. We will now have an easily-navigated tool to talk to users about each and every report in the sytstem as well as PDF files documenting everything about the report's design, intention, and location. Not only that, but we can use the same tool to document our custom reports. The report execution log allows administrators to see who uses which reports, how long the reports take to run, and where possible bottlenecks are in the operation of reports.

Finally, drag-and-drop email from whatever email client a user happens to be using promises to make life easier.

Randy indicated that over 2400 modifications, enhancements, and new features have been added to IQMS modules since the last user group meeting in April of 2005. That is truly impressive work. Keep it up IQMS!

IQMS User Group Meeting - Introductions

The Wednesday morning sessions started out extremely well, the first session being the obligatory introductions. Liz Alfen, Danielle Fresca, Glenn Nowak, and Diane Ramaglia all had a chance to address the 187 attendees at this year's conference at the Las Vegas Hilton.

There were some noteworthy mentions, one of which will truly help our training efforts at Pano Cap Canada; namely, the introduction in early 2007 of self-help audio/visual training materials. These will be available from the IQMS web site (or the FTP site) and can be located on the customer's network to help in training users. We got to see one of these - a navigational training guide which provided some excellent suggestions for using pick lists and propagating search scopes.

A new marketing campaign was illustrated by Danielle Fresca. Unfortunately, the print media focus on advertising doesn't seem to have been noticed by the attendees yet.

Personally, I think IQMS needs to be far more concerned with the Internet and with Web 2.0 social networking for marketing its products. Where are the corporate IQMS blogs? Where are users of IQMS products blogging about their experiences? Try out Technorati or Google Blog Search, enter IQMS, and you will find very little. This absence of a presence in the new web needs to be addressed - fast!

Sales always has good news to share. Glenn Nowak indicated that growth has been good with 100% growth in warehouse management systems, and 20% growth in CRM sales. In addition, with the introduction of a wireless real-time manufacturing solution, sales in that arena are expected to do very well. IQMS has also been nurturing vendor partnerships, notably with Dell, CorVu, and eSP (eBusiness Solution Pros, Inc.).

One comment which stood out for me in this session was the decision to go with a "single source, single database solution vs best of breed." This has been largely responsible for IQMS success in the marketplace, that plus the attention the company pays to its customers and to hiring the right people.

If the introductions are any indication, the conference will be a smash hit!

Wednesday, November 08, 2006

Getting There - Flight to IQMS User Group Meeting

It was a very early morning, especially by Vegas time - out of bed at 1:00 am. In fact everything was early. The shuttle from Kitchener to the Toronto airport was 20 minutes early. We arrived and got boarding passes and were through customs with 90 minutes before the flight left. And the flight itself arrived in sunny Las Vegas a good 25 minutes early. The flight was without incident, check in was easy, getting settled in our respective rooms for the next few days went without a hitch, and now we're about ready to go over to the Hilton where the IQMS user group meeting will be held from Wednesday to Friday.

My colleague invited IQMS users to respond to a user group email indicating an interest in meeting with the three of us from Pano Cap Canada at Thursday's lunch right after the session on the Warehouse Management System. We got a great response - 20 people plan to get together to review implementation basics and guidelines, hardware woes and commendations, training, and so on. At the next user group meeting in 18 months, we will have to see about scheduling a user-hosted meeting after the lunch on the last day of the conference.

I'm excited about this conference for a variety of reasons. It will be our second visit to the user group meeting representing our company. That means we are more experienced and will know more about both the structure and content of the presentations, the staff from IQMS involved, the users themselves, and how to make a case for the enhancements we want. In addition, we are familiar with the strip in Vegas and the hotels/casinos where we're staying. We have a good sense of where to get decent food and are no longer intimidated by the Vegas "culture". Everything here is extremely expensive, however. We'll have to watch our expense accounts!

Since we arrived so early, there was a good part of the day still available to us. We went to the Las Vegas Hilton to check out the site of the conference and to eat at the famous Benihana Japanese Restaurant, only to find that it wouldn't open till later in the day. So, to pass time, we decided to do some walking.

There's one thing about Vegas that all walkers need to know. Although everything looks close both on the map and visually, it ain't so! We decided to visit Circus Circus, one of the hotels/casinos we hadn't seen last year. The place was a disappointment, but walking there, down the strip a little further, and then back again to the Hilton took a long time.

We got back to Benihana's early, but had a great time over the open grill with another group of 5 people and the entertaining Japanese chef. Great food, good company, but thoroughly exhausted by the end of the meal. We checked back into our rooms at the Stratosphere and I called it a night. After all, tomorrow is the conference.

Monday, November 06, 2006

Hot Swap, How Sweet

Inevitable, isn't it? The day before leaving on a 6-day business trip, one of the hard drives on one of our production servers degrades to the point of failure. In addition, just last week I was boasting to our company President how our servers never break down or need service.

But as we dug a little deeper, we discovered our server was still under warranty, that the vendor would courier a replacement hard drive by tomorrow, that our network consultant would be able to be on-site to install the drive, and that the drive was hot swappable. Now that is truly sweet. The defective drive gets removed and replaced without interrupting production at all. Nobody even knows that we were on thin ice!

It wasn't that long ago that the technology supporting this kind of feature was prohibitively expensive. Today it is virtually commonplace in most servers. So the potential IT nightmare becomes, in reality, a lullaby and sweet dreams.

Sunday, November 05, 2006

Tim Berners-Lee and the "dangers" of blogging

I regularly read Mark Evans' blog through an RSS feed. Yesterday, as I was reading one of his entries, I was intrigued to see two full sentences near the end of a paragraph crossed out. Evidently, Mark had read a Guardian article in which Tim Berners-Lee, the inventor of the World Wide Web, was quoted as decrying the danger to democracy and truth caused by the world of blogging.

According to the Guardian, Berners-Lee is most concerned with "the risks associated with inaccurate, defamatory and uncheckable information." Those who read blogs take what they read on trust, too much trust.

Immediately following the two crossed out sentences, Mark has a mea culpa section in which he apologizes for taking the Guardian article at face value. Berners-Lee's orginal blog post had a far more positive spin on the world of blogging than what the Guardian and the BBC reports.

Berners-Lee actually finds blogs very useful, primarily because of their "gently evolving network of pointers of interest." In fact, the blogosphere might even provide a model for a trust infrastructure, something of possible interest to his proposed Web Science Research Initiative.

I searched Technorati to see if Mark's mistake had been repeated. In fact, many of the blog entries on the subject repeated the same mistake. But what I found most ironic was that it wasn't the BBC or the Guardian or any other print media that corrected the problem. It was other bloggers (here's just one example from a former journalist turned blogger), including Mark Evans.

What do I think? Yes, blogging has the potential of propagating misinformation quickly. Yes, bloggers often fail miserably in providing appropriate links to support their claims. But, the point still remains that the speed with which misinformation spreads is equally matched by the speed with which it is corrected. Unlike print media, where corrections are almost impossible to find and usually far too late to have any impact, blogging's internal corrective mechanism is similar to the Wikipedia model.

It is important to remember that mistakes will be made. What is critical is how those mistakes are corrected and the speed with which the correction occurs.

Wednesday, November 01, 2006

IT Expenditures To Grow

Accenture has recently released an annual survey of IT expenditures in the United States. Over 300 general business and IT managers were asked about expected expenditures for 2007. Sixty percent anticipated increases averaging 5.5% per annum, 13% anticipated decreases. Most executives also thought that IT expenditures were less than they should be.

Growth initiatives seem to be behind the optimistic estimates. Emphasis on maintenance activities obviously means that expenditures should not grow much, if at all. Of those growth scenarios, most had to do with integration efforts related to company acquisition, regulatory compliance issues, and security requirements.

For small/medium-sized businesses not anticipating acquisitions or major growth initiatives, Accenture's survey of big business doesn't mean too much. In fact, although I have no specific studies to support this, I do not anticipate major increases in spending in Canadian SMBs in 2007. Instead, I expect to see more Canadian IT managers concerning themselves with business alignment issues, consolidation through technologies like virtualization, and a continuing effort to secure their IT assets.

eSP and IQMS Partnership

eBusiness Solution Pros (eSP) and IQMS have just today announced a new partnership allowing IQMS to offer Stay-Linked software with their ERP wireless solutions. At Pano Cap, we are currently training staff in the use of bar code hand-held scanners, Stay-Linked, and IQMS's Warehouse Management System.

From an IT perspective, the Stay-Linked software provides a thin-client solution for wireless session persistence, the software running not on the device, but on a host. What this means in practice is that even when someone notices a temporary disruption in device-to-host access, the user will be returned to the same screen and session moments later without any IT help-desk involvement.

In addition, Stay-Linked offers the functionality of transferring control of the host-based screen session to another device should the user's device become disabled.

All of this is good news, something we should hear more about in our sessions at the upcoming IQMS UGM (user-group meeting) next week in Las Vegas.