In a world dominated by Windows-Centric machines, some may claim that the Apple user is a dedicated one, their devotion to their Macs almost romanticized. Of course if it weren't for Jef Raskin, that 'love story' might never have come to fruition. A computer interface expert, Jef was the thirty-first employee when he was hired in 1978. The following year, Jef began work on what he called a "computer that's priced affordably, targeted at consumers and extremely easy to use." His initial conception and ideas are what gave birth to the Macintosh several years later.

Jef passed away Saturday, February 26th. But his legacy will live on through the love, dedication (and sometimes fanatical obsession) that many people share for his creation.

Earlier this week Sybase announced they would sponsor and lead a proposed Data Tools Project for Eclipse and will exhibit new developer tools for the Eclipse platform at EclipseCon.

Sybase isn't the first, and certainly won't the last, major ISV to support development of Eclipse itself or specific adds on for the open source IDE (Integrated Development Environment). IBM is a huge supporter of Eclipse, as is BEA.

Elicpse is not limited to application development use. It is also the darling of numerous other technology based companies, with the open source IDE providing the framework for a diverse number of management and configuration tools. Many web services security, EAI (Enterprise Application Integration) and BPM (Business Process Management) vendors have chosen to utilize the extensible Eclipse as the basis for their various configuration and modeling tools.

Expect to see Eclipse continue to grow in its popularity as more enterprise class ISVs hop on board to lend support.

Are you using technology like VMware for production systems or maybe to create yourself a great development environment? The promise of better server utilization is there. We all realize how low processor power is really used by many of our enterprise apps. So why not take advantage of this situation?

The current RealityIT article deals with this. Would be good to hear what you all in the world are doing in terms of server consolidation, virtual servers, and related technology.

Give the virus baddies one thing: They keep up with current events. Two viruses making the rounds play off recent news events as part of the ploy to convince users to open the payload.

First, on February 22 the FBI took the unusual step of warning users that the agency does not send unsolicited e-mail to the public, in response to a virus that comes in a message claiming to be from the FBI with a request to answer a survey attached to the e-mail. This one works on making you feel that you've inadvertantly visited an illegal site that's brought you under federal scrutiny--if you don't want to end up in the hoosegow, open the attachment. Needless to say, you shouldn't open the attachment.

Next in our current events report is the ever-popular "See Paris Hilton Nude" ploy, this time working from the recent hacking attack on Ms. Hilton's Blackberry. There are actually two viruses working this angle, a Sober.K variant, and an Ahker.C variety. Both are nasty, and each tempts you to either visit a site or open a file to fill your otherwise drab day with bodacious ta-tas. Needless to say, you shouldn't.

All of these viruses have moved to social engineering (Be Afraid! Be Excited!) to deliver their payload as a way around the generally improving state of virus protection. As always, a solid policy of not opening files if you didn't ask for them is a critical piece of virus protection.

We've all heard about "security through obscurity", but working in labs has taught me that absolute clarity is much more secure than is confusion when it comes to know which devices and segments are connected to the network. With that in mind, I've got nothing but great things to say about the Dymo RhinoPro 5000, a professional labeler that helps keep cables, ports, and devices straight when we're moving too many boxes around in the racks.

I've been spending some time thinking about the whole topic of RFID and privacy, trying to sort out some of the conflicting claims about privacy versus security and institutional convenience. Now, I'm a reasonably serious privacy advocate--I think that we do, in general, have the right to be "left alone to be our potty little selves," as G.K. Chesterton put it. With that said, I had a recent conversation that left me more certain than ever that RFID is here to stay. What makes me say that? A billion dollars a year worth of cordless drills and miter saws.

Part of our "Firewall Blowout" plan includes a thorough test of XML Firewalls. We tested XML/Web Services Security Gateways almost two years ago and the space has changed dramatically in that time. Not only did we see a lot of mergers and acquisitions (Actional & Westbridge Merged Digital Evolution acquired Flamenco Networks Oblix acquired Confluent, HP & CA acquire minor players ) but we've watched the convergence of management and security, the deconstruction of pure firewall functionality into separate product lines and the birth of the XML VPN.

So we're going to test again, this time with a focus on functionality and the accuracy of these products to effectively stop XML based attacks from reaching the Web Services they are designed to protect.

We've got our test gear configured and we're ready to blast myriad attacks at the devices in our Green Bay lab. Products are scheduled for testing starting next week, and we're excited to get our hands on them and start poking at them.

We're in the early stages of preparing for a "BPM Blowout". Our plan is to model a set of processes for NWC Inc. in order to evaluate BPM suites. We've had many discussions on the subject already and will begin testing next month in our Business Application Lab in good old Green Bay, WI.

Our testing scenario is:

NWC Inc. is a mid-size manufacturer of consumer grade “widgets” which are sold through its channel of distributors. VARs utilize NWC Inc.’s web site to place orders for widgets and are invoiced after shipment.

NWC Inc.’s current infrastructure includes:

1. Exchange 2000 server (e-mail)
2. Oracle 9i (v9.2.1) database on Windows 2000
a. Customers and their orders are stored in this database
3. SQL Server 2000 database on Windows 2000
a. Order shipment status is stored in this database
4. Order entry/fulfillment is accomplished via a web interface, implemented in JSP and deployed on Apache/Tomcat, as well as a .NET 1.1 SOAP interface.

We've got a lengthy list of invitees and can't wait to start modeling our processes to see how these products really work. We're still open for input from you, so if you think there's a process we should specifically model or some feature you really believe ought to be examined in depth, all you need to do is shout and we'll take it under consideration.

Forum Systems has launched the first of its kind Web services security alert service. Forum VulCon is an alert service focused on the growing category of XML/Web services threats. This is a FREE subscription that can be accessed via Web Services, of course, as well as an RSS feed.

Forum VulCon (for Web Service Vulnerability Containment) delivers up-to-date notification of XML- and Web services-related threats and includes suggestions for effective countermeasures. VulCon has already aggregated over 100 of these potential exposures to popular systems and applications.

As deployment of Web Services continues to expand from limited internal enterprise use to external services providing B2B integration and as fully functional on-demand composite applications, the risk associated with such services will continue to grow. VulCon is one method of keeping security and web services development personnel up to date and providing them with the information necessary to mitigate risk in a timely fashion.

It seems that at least once a day I receive an e-mail announcement regarding another commercialized open source product. Last Friday it was another on-demand CRM system, today it was a portal.

Seems like the folks over at ObjectWeb are a well kept secret, with a listing of somewhere in the neighborhood of 50 different open source (GPL & LGPL) projects designed for the enterprise.

Application servers, portals, content management, databases and IDE plug-ins are just a few categories amongst the lengthy list of projects you can peruse, download and enjoy.

The problem with such products isn't support or interoperability. The former is offered by many vendors for the commercialized version of their products and the latter is taken care of by the OSS community's dedication to standards. The problem is likely to be support and integration from third party vendors.

This could be an issue for application vendors like those providing CRM and workflow solutions who do not directly support open source platforms such as JOnAS. Consumer focused ISVs have traditionally refused to support customers whose systems do not meet specific requirements, such as OS and browser type, and the same could potentially become an issue for enterprise class vendors.

Thus far it hasn't been issue - ISVs currently provide support for their applications running on Tomcat and JBoss, even though both are OSS and are not generally listed as "supported" platforms. As long as ISVs continue to support OSS, this trend is likely to continue and may begin to impose on the market share traditionally held by ISVs.

Nobody doubts that MIMO (Multiple-Input/Multiple-Output) dramatically increases the speed and range of wireless LANs. That's why WLAN vendors have been rolling out routers and interface cards that include the intelligent antenna technology.

SugarCRM has just released version 2.5 of its open source CRM suite, SugarCRM.

SugarCRM is based on the LAMP (Linux-Apache-MySQL-PHP) architecture and runs on virtually every platform available, though the company prefers to promote Linux as its OS of choice. SugarCRM is freely available and can be downloaded from the company's site. SugarCRM Professional is the company's commercial offering of the suite, which adds functionality supportive of larger enterprises and includes a year of product upgrades as well as technical support (9x5) and the source code.

SugarCRM is also offered as a softpliance, on 1 or 2U form factor hardware running Red Hat Enterprise Linux WS 3.0 and MySQL Pro as well as the CRM software.

If that weren't enough, SugarCRM is also offered on-demand, hosted by SugarCRM as well as a list of partners (available on the corporate web site).

If you're interested, you can try out the open source version and grow into the professional, or if you're a PHP freak you can always modify the heck out of it yourself to fit your organizational needs.

The practice of commercializing open source software is not new. It's what Red Hat made its name from doing and what other a few enterprising vendors such as GlueCode have begun to do, but rarely do we see enterprise applications such as CRM or ERP in the open source arena so when we do, it's something to take note of and check out.

No, its not the name of the next book starring a certain young wizard-in-training. But young Mister Potter now has something in common with Phishing -- he's an unwilling particpant in a new scam.

Potter Author JK Rowling has warned her die-hard fans to watch out for a new phishing ploy in which an email offers to sell electronic copies of her latest book. Naturally, all you have to do is provide some bank and/or credit card info.

Problem is the book hasn't even been released yet -- it's not due until July 16th.

"Please, please protect yourselves, your computers and your credit cards and do not fall for these scams," JK implores.

Sounds to me like Malfoy and those rotten Slytherin kids are up to no good!

Got quite a few emails about my recent article No Profit in a Fast Employee Axe dealing with the situation where we had to eventually fire an IT employee for low performance. As you note from the article subject we want to dig into human elements of our profession at times and not always the tech stuff. This article seemed to hit a chord with many readers. In the extended entry for the blog entry I have some reader comments and some of my responses.

And, bonus prize for the person that can tell me where I came up with the alias of David Lightman. (well, no prize, but I will give you profs here on the blog)

"They'll be trying to get people to say "I MSN Search'ed it'," said Danny Sullivan, an industry expert, referring to the commonly mentioned practice of "Googling" something or someone.