System iNetwork

February 2008

February 26, 2008 10:32 AM

A Goodbye from Product Guy

The title sort of says it all. After almost 17 and a half years of covering the AS/400 and its successors, I'm moving on. The time has come for me to take wing and start a little business venture of my own while I still have enough career left to have a chance to make it amount to something.

Product Lines, though, will continue. We're doing a little reorganizing as we launch our new website, and some dear colleagues with whom I've shared many happy experiences will be jointly appearing in this space to keep you updated on what goes on with new products for the System i. Rather than try to take on every product area, as I have, my successors will specialize in different topic categories and trade off speaking when events in their areas justify it. They'll provide some different voices and perspectives, and I hope you will make time in your busy lives to pay them some attention. They will prove as dedicated to providing you with reliable information as I have always tried to be.

I feel very lucky to have had the tremendous run that I have in covering this platform, which qualifies as a truly remarkable phenomenon. Although I've said it before, it bears my saying one final time that for a single computer platform to have lasted as long as it has in this industry is rather amazing. I have thoroughly enjoyed covering it all and watching it evolve, and fortunately for all of us (or perhaps I should instead say "all of you"), it still has plenty of life left despite its already long tenure in the world of business computing.

When I think back on all my years, I find my memories organizing themselves around COMMON, the gatherings where those of us in the System i industry have had our rare chances to meet each other face to face. Anaheim was my 25th, a fitting number on which to conclude. My first COMMON was in Las Vegas, in the spring of '91, where we stayed at the Bally but had sessions across the street at Caesar's Palace. I'd never been to Vegas before, and I was fascinated by the moving walkways that helped people enter Caesar's. (I was also amused by how the walkways went in but none went out. It seemed a little unfair to me that, after having its way with you, that casino didn't at least give you a free ride to the curb.) There wasn't a trade show associated with COMMON then, so my job that first time was to absorb info and count heads at sessions to help us figure out what article topics would be best for us to provide.

Midrange Productions did the trade shows back then before it went under and COMMON started offering them. One of the most memorable of those was in Boston in '93. I was bringing my new wife along for a honeymoon after the show, and I still recall the vendor party on a boat anchored in Boston Harbor and how our booth was next to Ken Akren's and he kept shooting everybody with Silly String when floor traffic got light. (See, Ken, I told you I'd get back at you for that one day.) The other memorable MP show was the one in Edison, New Jersey, in November '92. It was at a hotel so far out in the sticks that even my cab driver didn't know where it was. It was so far between the hotel and the conference hall that you couldn't walk between them in under an hour, and there was absolutely positively nowhere to get a meal except at the hotel's single, sad little restaurant. Lucky for us we don't see shows like that anymore!

Things got better after COMMON unbent a little and let vendors put on a trade show, starting in Atlanta. Was that in '96? But it started out as an ugly stepchild. That first time, the show floor was several blocks from any conference hotels. Many attendees didn't know how to find it and missed the one tiny sign advertising shuttles to it at the headquarters hotel. Although caused by the lateness of the decision to incorporate a show into that COMMON, that distance was more than a little symbollic of the "arm's-length" attitude COMMON took to the vendors then. Some wags (who, me?) might say they've moved all the way up to the sharp elbow these days. But that would be exaggerating.

Some COMMONs are memorable because of their location. San Antonio, for example, is a beautiful city, and I've enjoyed my visits there quite a bit. Nashville, site of this year's COMMON, features the Gaylord Opryland Resort, a botanic garden masquerading as a hotel and conference center, an environment so inclusive some of us still refer to it as "The Habitat." I walked in the door one Saturday afternoon and didn't see the sun for five days. It's a nice place, really, but I expected to see an activity wheel in my room. Since I won't be there this time, someone give the palm trees a pat for me, won't you? I hope that some day COMMON can return to New Orleans. It's a grand American city that deserves better than it's gotten. I still remember the sick feeling I had flying back from COMMON Orlando as my plane had to dodge Hurricane Rita while she finished Katrina's task of turning the proposed COMMON New Orleans that year into COMMON Minneapolis.

Some COMMONs are memorable for silly things that happened: a bunch of editors getting lost in a Tijuana taxicab at COMMON San Diego, me being late to a vendor dinner because the bus from the airport got lost at the last COMMON Orlando. I can't remember at which COMMON it was that I put Garrett Heaberlin into hysterics by positing a Celebrity Death Match between the Linux Penguin and the Help/Systems Robot. (Forgive me, Tom.)

Of course, I have plenty of proud achievements not associated with COMMON: countless articles, columns, and product roundups on topics no one else has offered you; writing a science-fiction serial for e-Pro Magazine, our Notes/Domino publication; working on the AS/400 Sourcebook, which I still miss; 15 April Fools projects; and, of course, Product Guy and this blog.

I have these and so many other great memories that I'll remember for as long as I live. I've met so many great people, too. I hope old friends will stay in touch with me at ghrist@comcast.net.

Before I finish, please bear with me while I thank a few people, Oscar-style. My thanks to Dave Duke for hiring me so many years ago and to Wayne Madden for his leadership in the years since. Thanks to Ronnie Patterson, Trish Faubion, Katie Tipton, Kathy Blomstrom, Kathy Nelson, and Dale Agger for being the best collection of bosses a guy could have. Thanks to all my fellow editors and all our technical editors, for their friendship and guidance. Special thanks to Erin Bradford, who showed me that even after 15 years, I could look at the product editorship with fresh eyes.

For the geek in all of us, just imagine me closing with Bilbo Baggins's final line in The Return of the King. And to all of you, my very best wishes for you in your adventures, too.

Posted by on February 26, 2008 at 10:32 AM | Comments (13)

February 12, 2008 2:19 PM

Some Personal Productivity Tools for System i Remain

I'm a great believer in to-do lists. I come by it naturally, I suppose. My mother was a career woman and actually had to-do lists for the housework because she crammed it all into the weekends. "Here, John," she'd say as she handed me the dust mop on a typical Saturday morning. "Sweep down the stairs," she'd say as she crossed it off her list and moved on to the next item. My to-do lists today tend to have entries like writing articles and memos, and I couldn't do without them as a way of keeping organized.

I'm not alone. According to a survey done by Kelton Research, a marketing research firm, 76 percent of U.S. citizens keep at least one to-do list, and some have more than one. The study, commissioned as a springboard for Microsoft's Windows Mobile Group to promote running to-do lists on mobile phones, points out that to-do lists are a stress-management tool that reportedly has a calming effect on 73 percent of the U.S. respondents who use them. How well to-do lists combat procrastination is a tossup, though, as the U.S. respondents report checking off only 69 percent of the items on their lists in a week, and the average time the longest an item stays on the list is 22 days. (At least the U.K. and Canadian respondents are still ahead of the U.S. folks by keeping items on their lists for up to 26 days.) Other interesting revelations from the study show that women are more likely than men (85 percent to 75 percent) to address the most important items on their lists first, people in Italy are more likely than any other surveyed nationality to tackle the hardest item first, and people in Japan hold themselves to the highest standard in the world, that of having to complete 59 percent of the items on their weekly lists to feel productive.

Reading the results of the survey made me think how rare it has become to see much new information about personal productivity software for the System i. When IBM announced the end of OfficeVision/400 (OV/400) in 1999 (yes, it has been that long, although actual phase-out was delayed a bit longer) as a way of promoting Lotus Notes/Domino, Microsoft's ubiquity in the area of personal productivity software became so predominant that its MS Office products have crowded most of the competition right out of the minds of most business people. However, a little research shows that System i users aren't stuck with Microsoft as the only alternative. There are still some personal productivity solutions available that run on the System i. (Just to be clear, I'm not talking about productivity tools for programmers, system managers, or even IT people in general. I simply mean personal time savers for the end user in all of us.)

Let's start with a couple of general-purpose office products. As far back as the 90s, Seacrest Business Systems, Generic Software , and System Support Products (SSPI) have offered office organizers for the System i and its predecessors. Seacrest's DeskMaster is a "complete office system with Internet-capable e-mail, word processing, calendars, and and personal productivity tools." Its Document Integrator offers text editing, text/data merge, and APIs to add those capabilities to existing apps. (Alas, if you want these products, better hurry. After all these years, Seacrest plans to drop support for them May 1.) Generic Software, despite its merger with WorksRight Software years ago, maintains an independent website on which it offers DeskWorks, a spreadsheet processor, Desk*Top, a personal calendaring and calculator utility, and The Spelling Assistant, a dictionary lookup utility. (I should add, though, that these products haven't been upgraded since the late 90s, by Generic's own admission.) SSPI remains actively in the hunt with OfficeSuite, a collection of OakWord (a word processor), DeskWorks Spreadsheet (an Excel alternative), Desk*Top (Generic's calendaring application), MAIL MANager (an e-mail solution), and Forms Magic, a forms-design product)

Let's move on to some products designed to be OV/400 replacements. Aia Software offers ITP, a document that it still touts as "a complete alternative for OV/400 Data Text Merge" and a migration path for OV/400 documents (for those of who who've let that task slip beyond even the 26th day). Of course, today ITF offers interfaces to MS Office and OpenOffice.org, APIs for integrating with other apps, templates that enable the importing of database data into document fields, eXtensible Markup Language (and numerous file format) outputs, and web services compatibility. Inventive Designers offers DTM, named after Data Text Merge, and which like ITF offers compatibility with Office 2007 and a choice of 15 different output formats to support web, print, fax, e-mail, and archive needs. For those of you who followed IBM's upgrade path to Domino/Notes, SWING Software's InOffice bridges the gap between MS Office and Notes by letting users create Office docs using Notes data, store Office docs in Notes databases, and create group calendar reports and charts, among other abilities. Basic Business Systems offers Office Administration for Lotus Notes Domino, which verges on a human resources app that enables enterprisewide vacation scheduling, timesheet and expense filing, streamlines document creation and associated workflows, and eliminates paper forms. (There are many i5/OS-based document-management solutions too numerous to mention that also fulfill some of these functions, of course, but those are a bit beyond my point.)

Two examples of products that bridge the gap between the System i and MS Word are RJS Software Systems iSeries Office Integrator, which lets users "create letters and mail merges using live System i data and MS Word, call PC commands, launch browser sessions, and copy data to the Windows clipboard," and CPI Software's API Office CPI, which enables the use of the MS Office environment on the System i.

For those remaining on the Lotus train into the Workplace era, Touchtone Corporation offers Wintouch for Workplace, a collaboration enhancer that lets users create and share documents, provides integrated instant messaging, offers access to several major e-mail systems, provides a calendar and address book, and includes role-based team spaces with business templates that users can customize to fill a variety of functions.

You spreadsheet fans have some alternatives, too. In addition to the products already mentioned from Generic and SSPI, Gumbo Software sells Excel-erator, a utility that converts i5/OS database files into spreadsheets in MS Excel format and can deliver them as MIME attachments to e-mail messages. Global Software's Spreadsheet Server provides MS Excel-format spreadsheets for a wide range of ERP and financial applications that run on the System i, including BPCS and products from Infor, Lawson, Oracle/PeopleSoft/JD Edwards, SAP, and others. (I realize I'm glossing over many other products that can download System i spooled data directly into MS Excel. Please see "Solutions That Download iSeries Data to MS Excel," an older but still mostly accurate compilation of those products.)

I don't mean to slight all the report generators, e-mail augmentation products, printing utilities, and other solutions that save end users time and effort and in their own way contribute to end-user productivity. In the final analysis, any software solution does that. However, in the narrow space in which single end users need help organizing their personal data, their personal calendar, and their personal documents, there is still a niche where System i-native solutions that provide these services exist. (And my thanks to our intern Cassie Deemer for her help in researching this topic.)

Posted by on February 12, 2008 at 2:19 PM | Comments (0)

February 5, 2008 11:35 AM

Some Security Concerns Playing Possum

"We have met the enemy and he is us" is a famous quote from a cartoon character, a possum named Pogo penned by Walt Kelly, in a strip which saw its heyday when people named Watson still ran IBM. Pogo lived in a swamp. He and his friends offered many lessons about human foibles, and the strip was in many ways a logical predecessor of today's Dilbert. As is the case with any classic literature, graphic or otherwise, Pogo's opinion is still correct. Particularly, it seems to me, in the area of computer security. (How much of a swamp we all still live in I leave to your judgement.)

As you've probably heard by now, we're all too complacent about security. As System i professionals used to a platform that offers some good protections built right into the operating system, we feel safe. Working on a platform that doesn't have such widespread public use and that doesn't offer so many opportunities for hackers and malware as some Microsoft products do, we feel safer. With a solid cadre of third-party software vendors who offer some really good security and compliance products in our market, we feel practically unassailable.

Most IT people know that this is an illusion, but it's a pleasant one, and it's aided and abetted by the nonchalant attitudes of end users, many of whom seem to trust IT to be their computer moms and dads when it comes to security protection. They're like kids asleep in the back seat of the car on the way home from a visit to grandma. Until the family minivan gets hit head on by a runaway semi, all seems well; but it isn't so.

Evidence of this nonchalance is becoming common. Verizon published a study of 545 U.S. Internet users in December that showed 92 percent felt "safe" or "somewhat safe" from spyware and viruses on their home PCs. The study, meant to promote Verizon's diagnostic freeware, Security Advisor, also featured results of Security Advisor scans of respondents' home setups. Security Advisor's verdict is that 58 percent of the respondents were at risk for spyware, and 45 percent were at risk for virus infection. Not only that, of those users who actually had a firewall, 19 percent had turned it off.

Radiance Technologies, a vendor of delivery systems for "large digital assets" (although not a System i vendor), published "How Conflicts Between Productivity, Security, and Standards Put Companies at Risk," which naturally enough focused on end users who send huge, multigigabyte files over the Internet. This practice is a big security hole somewhat related to using FTP, which I discussed recently, because FTP is a favorite means of doing this. However, it's not the only one. Many corporate networks have restrictions on sending such large files internally, which you might think would be a protection, but not too many of those restrictions apply to sending files via the Internet. Of the more than 300 "knowledge workers" Radiance surveyed, 71 percent said their companies put limitations on the size of e-mail messages and attachments, but 29 percent said they got around such limitations by simply using their personal e-mail or IM accounts to send such files while at work. Sixty-four percent admitted sending files of at least 5 MB daily or several times a week. Of course, that means there's no way to track what was sent or to whom. It might be a video clip, or it might be a company strategy paper. If you don't have a handle on how many of your users do this, could this be a security problem that's "playing possum" on you?

Why are end users so lax about security? Why does it take something bad happening to someone, such identity theft, to make the ordinary people aware that security really does affect them? Well. . . maybe it's not fair to put all the blame on them because unfortunately, sometimes even the IT professionals are starting to think too much like end users.

The best security policy in the world doesn't matter if key people aren't paying attention. The Ponemon Institute, a privacy and information-management research group, and RedCannon Security, a company specializing in secure mobile-access solutions, recently collaborated on a study that shows how poorly some enterprises enforce their own security policies. Derived from a survey of 893 IT professionals, this study released in December reveals that 39 percent of respondents said they've lost a PDA, cell phone, USB memory stick, zip drive, or laptop that contained sensitive information. What's a bit more disturbing is that 56 percent of those "losers" believe their employer would never be able to determine the type of data the lost device holds, and 72 percent admitted that they didn't report the lost or missing device immediately.

That's not all. Fifty-one percent said they've copied confidential information onto a USB memory stick even though 87 percent "believe" their company's policy forbids it. Seventeen percent say they've turned off security settings or firewalls on their workplace computers, and 80 percent are "unsure" if this violated policy. Forty-six percent say they've shared passwords with coworkers even though 67 percent "believe" company policy forbids it. These people are guessing what their enterprise security policy is in these "slam-dunk" areas?

These aren't ordinary end users, they're IT people! The study concludes that there's significant employee naivete towards the problem, with most staff members unaware of the rules in place or uncaring due to a lack of consequences.Think that's a fluke?

Sentrigo, a database security software vendor, has an interesting tattle on database administrators of some Oracle Corporation apps. Sentrigo has been making the rounds of Oracle Users Group meetings across the country since August and has surveyed 305 Oracle product database administrators about security practices. It seems that quarterly, Oracle (and hats off to them for this) sends out what it calls Critical Patch Updates (CPUs), which plug known security holes in Oracle databases. A security conscious DBA would probably apply those right away, wouldn't you hope? Uh-uh. Only 10 percent of the Oracle DBAs said they'd applied the latest CPU, and 67.5 percent said they'd never applied any.

OK, so a few examples don't make this a universal problem, but it's more than a little scary isn't it? If enterprises can't trust their IT people to follow security policies, where does that leave "the kids?" Why should we expect end users to be following the rules? No wonder some aren't doing so with role models like this!

It won't do to hide behind excuses like, "Oh, but none of these studies are of System i shops, and the numbers of people surveyed are statistically insignificant." The weak link in all these instances that I've cited isn't technology, it's people -- people and our love of expediency and the human frailty of following the path of least resistance. That's too common to ignore. If you think security level 40 is saving you, you're simply living on borrowed time.

What to do? I don't know, but I think the answer lies along the lines of "let's shake things up." Let's find ways of bringing home to everyone how laxity is creating some serious vulnerabilities and do it in a somewhat personal way so that there's some emotional impact. Fortunately, someone has come up with a clever idea to do just this in the area of phishing, and it wouldn't take too much imagination to extend it to other places.

Later this month, Intrepidus Group, a consulting company, is launching PhishMe.com, a site that will help enterprise IT departments design fake phishing attacks on their own employees. Intrepidus will send fake phish to employees, track how many people open them, how many try to check them out by pasting the address into their own browsers, and how many attempt to enter sensitive information. Employees won't be allowed to enter actual information, and the service will issue warnings to them as well as generating management reports. Although this sounded horribly Big Brother to me when I first heard about it, it's really pretty slick. It doesn't do any real harm, and it certainly could be a wakeup call for all concerned.

A lot of people seem to need one.

Posted by on February 5, 2008 at 11:35 AM | Comments (0)