The IT Strategy Letter
Doug Kaye, RDS Strategies LLC
October 9, 2003 (Subscribe)

It's been a while since the last IT Strategy Letter, so there's a lot to catch up on.

IT Conversation: Rick Chapman's "In Search of Stupidity". In 1982 Tom Peters and Robert Waterman kicked off the modern business-book era with In Search of Excellence. Their book was a runaway best-seller. But now 21 years later, many of the companies they profiled (Atari, Data General, DEC, Lanier, NCR, and Wang) are only memories. The reasons? In some cases: stupid marketing tricks.

Rick Chapman (with "the resume from hell") has the dubious distinction of having worked for some of the most infamous flameouts of the '80s and '90s: MicroPro, Ashton-Tate, IBM, Microsoft, Novell, Sun Microsystems, and many others. And he's decided to tell all. Name names and no holds barred.

A common mistake Rick documents is releasing competing products. Remember MicroPro's WordStar and WordStar 2000? How about NetWare and UnixWare, both from Novell? Even Microsoft made this blooper when Windows 95 and NT were simultaneously pitched as the latest and greatest operating systems.

With his unique sense of humor, Rick shares some of the lessons from his new book including Data General's DG One, the first laptop computer complete with "an amazing screen that was so shiny you could comb your hair in it."

He also describes some of the train wrecks about to happen: Microsoft's Software Assurance Program and high prices that open the door for Linux. Software pricing hasn't followed the rapidly declining cost of hardware. Customers and box-makers aren't happy that the OS and basic apps are now such a high percentage of the cost of a new system. And all of this makes the SCO vs. IBM lawsuit over Linux and Unix System V all the more interesting.

[I apologize that the audio quality of this IT Conversation isn't great. I'm still debugging the new studio hardware. The good news is that I've just found a big part of the problem. The bad news is that I didn't find it before recording Rick's interview.]

Schneier: Beyond Fear. Security guru Bruce Schneier didn't accept my invitation for an interview on IT Conversations (he's aiming for the mass market, not IT professionals), but since I'd already read his new book, I thought I would at least post a review. Beyond Fear--Thinking Sensibly About Security in an Uncertain World has the potential to become an important book if it can get the attention it deserves. The title is accurate: The book is about fear and (un)certaintly.

Bruce has been thinking about what security really means in virtually every aspect of our lives--not just in the IT world from which he comes, but in airports, digital identity, our homes, banks, cars, and for our states and nations.

What impressed me most was the range, depth, and sheer quantity of examples Bruce has found to support his ideas. I don't know if these are little factoids and anecdotes he's collected over the course of his distinguished career, or whether they're nuggets he uncovered just for the book, but I would guess the former. The book's real value is in the richness of these examples. Here are a few text-bytes I highlighted in preparation for the prospective interview:

  • Objectives. "If the goal of security is to protect against yesterday's attacks, we're really good at it."
  • Tradeoffs. One of Bruce's previously used examples is of the produce vendor who displays fruits and vegetables on a stand in front of his store. The risk that some will be stolen is mitigated by the additional business they attract.
  • Reality. "More people are killed every year by pigs than by sharks, which shows you how good we are at evaluating risk."
  • Agendas. "Did you ever wonder why tweezers were confiscated at security checkpoints, but matches and cigarette lighters--actual combustible materials--were not?...If the tweezers lobby had more power, I'm sure they would have been allowed on board as well."
  • Freedom. "The world's liberal democracies are the safest societies on the planet."
  • Insurance. "It allows the store to convert a variable-cost risk into a fixed-cost expense." [That was an Aha! for me. Bruce doesn't buy theft insurance, BTW.]
  • Civil Liberties. "When the U.S. Government says that security against terrorism is worth curtailing individual civil liberties, it's because the cost of that decision is not borne by those making it."
  • Fear. "...people make bad security trade-offs when they're scared."
  • Transitive Trust. "If you trust Alice, and Alice trusts Bob, that does not automatically mean that you trust Bob...When trust must be transitive, it creates brittleness." [Think about those SAML-based apps, eh?]
  • Complexity. Complex systems have even more security problems when they are nonsequential and tightly coupled.
  • Weakest Links. "The system didn't fail in the way the designers expected."
If, like me, you nod in agreement as you read the above, then buy and read Beyond Fear. You'll enjoy it.
Posted Tuesday, September 30, 2003 11:22:44 PM

Information Week: Web Services Drivers. As part of their annual survey, Information Week asked executives of the IW 500 about web-services drivers:

[Source: September 22, 2003 issue of Information Week]
Posted Thursday, October 02, 2003 10:35:03 PM

Yendluri: Web Services Reliable Messaging. Prasad Yendluri, principal architect at webMethods, has written this good look at the issues surrounding reliable-messaging protocols. He begins with the objectives and explains why, in a multi-hop architecture such as will be typical for web services, we need protocols that operate at a level above the hop-to-hop transports. He then describes the prior art of RosettaNet, BizTalk, and ebXML.

The meat of the paper is a good and detailed presentation of WS-Reliability, of which webMethods is a co-sponsor to OASIS. Finally, Yendluri explains the differences between that protocol and WS-Reliable Messaging, proposed by IBM, Microsoft, and BEA. He says it's "a hurried response to the WS-Reliability specification...[one for which] the authors of the specification reserve all intellectual property rights...[and that it contains] dependencies on other proprietary specifications such as WS-Policy...Despite any potential merits and new concepts introduced by WS-Reliable Messaging, the specification is plagued by intellectual-property issues associated with the specification."

The paper contains valuable explanations and examples, but consider the source with regard to the politics. [Source:]
Posted Tuesday, September 30, 2003 9:04:39 AM

Siebel: Software-as-Service = Failure? Tom Siebel, CEO of Siebel Systems " being forced to eat some more humble pie. The company plans to announce today that it has entered a partnership with IBM to offer its software over the Internet as a low-cost monthly service. The move comes barely two years after the company abandoned a previous attempt to do the same thing amid statements by Mr. Siebel that generally dismissed the concept."

"'Three years ago there was very little market for this,' Mr. Siebel says in an interview. Now, though, he says changes in technology and in corporate buying patterns mean 'this is the way software is going to be delivered in the future.'"

"' is eating their lunch at the bottom and even the middle of the market,' says Amy Wohl."

This is a watershed event. When the big-name naysayers admit they're wrong, you know web services have turned a corner. [Source: Last Thursday's Wall Street Journal (print edition)]
Posted Friday, October 03, 2003 8:31:53 AM

PC Magazine on Web Services. If you doubt that web services have hit the mainstream, consider that the venerable PC Magazine's October 1, 2003 issue contains a full 10 print pages on the topic. And that's out of an issue that's only 150 pages total.
Posted Thursday, October 02, 2003 10:42:55 PM

Kaye: Web-Services Security. We (vendors and users) have focused our efforts on web-services security around the protocols, application firewalls, etc. But as we deploy external web services--in which we share information with parties not under our control--the real issue becomes one of trust. How (if at all) can you be sure that an external party will treat your information with the degree of confidentiality you require? Even if it's agreed to contractually, how can you enforce it, and how can you be confident your data is safe? I don't have the answers (sorry) but I believe this is the real issue that's been largely ignored. Using the world's latest and greatest encryption and security-assertion technologies doesn't mean a thing if the party on the other end doesn't play by your rules.
Posted Thursday, October 02, 2003 1:08:56 PM

Cutler: Web-Services Standards Status. On the W3C's Web-Services Architecture mailing list, Roger Cutler posted this status report of most of the web-services protocols. In case you're curious where we stand as of 1 October 2003.
Posted Wednesday, October 01, 2003 9:51:05 PM

Kaye: A Continuum of Services. I've been thinking about this scale of service architectures:

  • Wrappers
  • URI-based GET/POST interfaces (e.g., REST)
  • SOAs
  • Orchestration

What are the properties that place these concepts on a continuum? For one, this is the sequence in which most IT shops are implementing web services. It also tracks the scales of tight-to-loose coupling and the availability of supporting technologies.
Posted Tuesday, September 30, 2003 11:35:42 PM

Baker: SOAs are more loosely coupled than REST? Mark didn't let me down. I was confident I'd hear from him regarding the above Continuum of Services post on my weblog.

Mark and I have had an ongoing discussion about the looseness of REST. I say it's somewhat tightly coupled--certainly more tightly coupled than SOAs. Mark believes the opposite. When last we left this debate, Mark referred to DNS as (one of) the mechanisms by which REST uses delayed binding to keep coupling loose. In response, I explain (perhaps not as clearly as I should) how the very idea that information is tied to a single location--even if that location can change--is already a tightly coupled concept.

In a loosely coupled SOA, information passes from one service location to another. The information is contained within documents, which may not have a permanent home. REST requires that information be located at one unambiguous location. The physical location may change, but the address (specified by URI) may not. I believe that's too inflexible and tightly coupled a model to support loosely coupled processes.
Posted Wednesday, October 01, 2003 3:25:02 PM

Loosely Coupled--Now Available as a PDF (at a 63% Discount)


  • Entire book: US$14.95
  • Major parts (4 total): US$5.95 each
  • Individual chapters (21 total): US$1.95 each

As an alternative to the hardcopy edition, you can now download my latest book in PDF format at a substantial discount using PayPal or BitPass. From the time you purchase the eBook version, you have 7 days during which you can download the content up to 10 times. The PDF files can be printed, but the text cannot be copied or modified. Review of the Week:

"This book provides an excellent explanation of why companies should be looking at Web services. It approaches the topic with an honest and straightforward description of the problem space Web services are targeted to address and the characteristics/short comings of those technologies as they exist today and as they are expected to evolve. Perfect for IT decision makers who are evaluating how/where Web services fit in their corporate IT strategy."

--James Snell, IBM, author Programming Web Services with SOAP
(Read more reviews.)

Lin: Web Server Performance Myths. Regarding this 32-page PDF paper written by Peter Lin, Don Park wrote, "Here is a recent semi-public paper on web server performance mentioned in a message to Tomcat developer mailing list.  Download and read the PDF file inside the zip file.  It has some interesting discussion about web server performance myths.  Here is an choice excerpt:

[...] yahoo gets 1.5 billion pageviews a day. [...]

Yahoo uses 4,500 server to serve up 1.5 billion pageviews each day. If we divide that by the number of seconds in a day, we get 17,361 pageviews per second. Assuming the load is distributed evenly across the servers, each server handles 3-4 pageviews per second per system.

"One of the key points the paper stresses is the performance/value offered by hardware XML accelerators for XML-happy web applications.  There are other choice bits in the paper, so check it out before the authors take it offline." [Source: Don Park's Daily Habit]

Posted Wednesday, October 01, 2003 8:43:22 AM

Bloggers: The Metadata Debate. Lots of bloggers (e.g., Joi Ito and Tim Oren are discussing metadata this week. I went back to my archives and found my postings (1, 2, 3, 4) from two years ago. Bottom line: metadata doesn't work. I've been involved with far too many projects that depended on user-supplied metadata as the basis for the organization of information. All ended in failure. And it's not just me!
Posted Wednesday, October 01, 2003 7:44:37 PM

Allaire: RSS-DATA. Jeremy Allaire has posted his thoughts for expanding the role of RSS into data-oriented applications. I particularly like this idea because of its support of unintended consequences. Just like's and Google's web-services interfaces, I can imagine publishing all sorts of data-based RSS feeds for others to take and run with.

However as folks deploy feeds of a similar nature, it will highlight the need for standardized semantic models. Right now, RSS works in part because of its relatively consistent semantics. An RSS-DATA spec leaves that issue open, but that's okay for now. Others will address application-specific semantics.
Posted Wednesday, October 01, 2003 8:36:28 AM

Kaye: Protecting Against Spam for Web-Hosting Vendors. "Spam annoys us all, but it threatens the very survival of Web hosting companies. Hosting a spammer can affect the performance of your infrastructure and your other customers. Even worse, it can put your block of IP addresses on the known-spammer lists, which in turn could shut down your entire operation by causing you to unwittingly violate your own hosting service or ISP's Acceptable Use Policy (AUP)." [My latest column for The Web Host Industry Review.]
Posted Wednesday, October 08, 2003 4:59:55 PM

Presentations, Conferences, and Webcasts

Digital ID World (Conference) October 15-17, 2003, Denver, Colorado. I'm moderating a panel entitled, The Role of Identity in Securing Web Services Panel members include Tony Scott (CTO, General Motors), Mark O'Neill (CTO, Vordel), John McDowall (CTO, Grand Central Communications), Jamie Lewis (CEO, The Burton Group), and Atul Tulshibagwale (CEO, Trustgenix).


ISPCon (Conference) October 20-22, 2003, Santa Clara, California. Web Services Opportunities in the Data Center. Web Services are one of the hottest topics in IT, but what does it mean for outsourcers? In this session, I'll explain the web-services infrastructure opportunities, and provides a roadmap for outsourcing vendors. Tuesday, October 21, 2003, 3:00pm - 4:00pm.


East Bay IT Group (Presentation) October 22, 2003, Pleasanton, California. The Missing Pieces of Web Services. Not all of the legitimate promises of web services can be fulfilled today. I'll explore the dark side: security, transactions, reliable asynchronous messaging, orchestration and choreography, QoS, contracts and other business issues, infrastructure, and the big one: industry-specific semantics. I'll also show you how to plan the timing of your complex web-services projects. Tuesday, October 22, 2003, 6:30pm.


ISP Exchange (Conference) October 28-29, 2003, Las Vegas. What's Next for Web Services? Web Services are an interesting proposition for organizations and service providers. They have been labeled as the technology that will revolutionize enterprise applications. Enterprises are increasingly exploring web services to integrate business applications. I'll give my views on web services, and the available business opportunities for service providers. Wednesday, October 29, 2003, 8:00 - 9:00 a.m.


Loosely Coupled: Interoperability for Business Agility. (Webcast) Recorded 4/30/03 with John McDowall, CTO of Grand Central Communications. Archive.


Web Services Project Strategies. (Webcast) Recorded 4/21/03 with Brent Sheets at Archive.

Subscription and Contact Info

The IT Strategy Letter is published weekly by RDS Strategies LLC. Much -- but not all -- of the content is published earlier in Doug Kaye's weblogs.


View or search newsletter archives
Email Doug or visit his site at

©2003 Doug Kaye and RDS Strategies LLC.   ( )  
This newsletter is governed by a Creative Commons License.


"...essential reading for anyone seeking to deploy this technology."

--John Hagel, III,
management consultant
and author of
"Out of the Box"


Read More Reviews of Loosely Coupled