Chris Boos on Automation

UK-based start-up Phorm probably considered its software the hottest stuff in online advertisements since Google adwords. Now, Phorm finds itself at the center of a blamestorm where it gets bashed by EU regulators and web platforms such as Amazon or Wikipedia for violating privacy rights.

So what’s it all about? Phorm intends to cooperate with ISPs to monitor customer web usage. A test trial with BT has already been implemented. Based on the user profiles created, Phorm will display matching advertisements.

A short side note on the technology used: Phorm effectively creates the “mother of all cookies” by placing their cookie containing a unique user identification (UID) on every website you visit. Normally, a website can set cookies only for itself, not for other websites. Here’s the trick: The ISPs reroutes all incoming requests to a Phorm server that pretends to be the desired domain (i.e. www.amazon.com). Using this fake, Phorm is able to set its cookie and reroute again to the real desired web server.

So Phorm manipulates existing web protocols for cookie handling in a fashion that is more than dubious. “Big brother is watching You surfing” comes to mind immediately. Let’s keep bashing them, everyone.

On the other hand we should be aware that tacking users and adapting content to their profiles is nothing new. In fact, it’s a major trend in web 2.0 to create adaptive web sites for unique user experiences. We at syngenio have created EBIT 2.0, which adds user adaptive advertisement to online banking applications (without using cookies and without web tracking users).

Amazon itself constantly profiles its customers. Just the same thing as Phorm does, only limited to the www.amazon.com domain. The data is used to create the famous recommendations. But Amazon has also used it to exclude existing customers from price reductions targeted at attracting new customers. Not so nice.

So Amazon protesting against Phorm has little to do with user privacy. It’s about who owns a customer and the value hidden in customer data. Right now, it’s up to the individual web sites to make the most of it. (And many still have a long way to go … I can tell from my own discussions with the financial industry about their own web sites…) Phorm tries to bring in the ISPs. It’s as simple as that.

Which brings back an old question: Should cookies be considered harmful? It’s been so long since I last discussed that, I can’t even remember what happened to all the cookie paranoia from the early days of the web. I guess we just traded it in for nice features based on cookies. Well, what do you think? Responses welcome …

Turns out, supporting Mozilla’s firefox project wasn’t good enough for Google: they’ve got their own shiny new browser called Chrome now. It was all over the newspaper headlines today. Most commentaries featured it as “The return of the browser wars”. Funny as it seems that Web 2.0 finally brought us browser war 2.0, my prediction is that we will look at it from a different angle in retrospect: It’s another important step to kill our old fashioned notion of an operating system. The interesting thing about Chrome is the new virtual machine included. It’s called V8 and has been developed by guys who already created the the Java virtual machine for SUN.

So don’t compare Chrome to Internet Explorer – compare it to Midori.

Midori is a rumoured strategic project at Microsoft –a serious operating system beyond Windows. It seems to be more than a research study, though there is little official information. SD Times claimed that “Midori will introduce a higher-level application model that abstracts the details of physical machines and processors.” An operating platform rather than operating system, allowing us to make use of all those multicore-processors, multiprocessor-machines and multi-machine computing clouds.

In the old days, there was a single hardware, a single CPU, and a single operating system. On top of that, many applications could be executed. Things started to change with the Java virtual machine (JVM). Now the Java software effectively ran on the JVM, ignoring the underlying OS. Then there was virtualization: today, you can easily run several OS on a single computer using vmware. Sometimes, virtual machines are already used to eliminate unexpected interactions between applications: We got enough computing power to deploy less trusted applications into their own virtual machines – so we do it and eliminate hard to locate side effects. Who knows – we might just as well end up with each application running within its own VM. Now Google gives us V8 – the new operating platform included in their browser. Applications like Google Apps will use it as their operating platform and ignore the underlying OS. Others will continue to develop Flex application running on Adobe’s Flash-plug-in. Different platform, same thing.

And parallel computing on the desktop has just begun. It will add to the trend. In the future, a single hardware will have multiple CPUs with even more cores, and any number of operating platforms layered on top of it. It’s going to solve some compatibility issues and create a number of new ones: keeping all those layers of operating platforms up to date, for example.

Chrome’s V8 will be one of those operating platforms. Thus, Google moves from controlling the entrance to cyberspace to controlling the entrance to the V8 operating platform. It’s the next step beyond cyberspace.

“Burning Chrome” is a collection of short stories by Sci-Fi author William Gibson. It was published following his novel “Neuromancer” in which he coined the term “cyberspace”. So yes, Chrome is the logical next step after cyberspace.

I promised to give some free advice on how to select your Application Management provider. We’re talking about outsourcing maintenance and continuous improvement of custom applications here. Of course, selecting an appropriate provider is crucial if you want to achieve the desired ROI. And unfortunately it will take time to measure the actual improvement. So I tried so compile the known criteria that make a provider a match for you. Meaning: the criteria you can check before you make the deal.

Here’s the list:

• Select an Application Management Provider. Not just any outsourcer or software development supplier. Even if you know them and trust them. The reason: It takes a very specific approach to be successful at Application Management. One that is different from the economies of scale known by typical outsourcers. And it’s different from managing software development projects, too. Go ask for what you need and don’t stop short of it: an Application Management provider.
• Find a provider that understands your business. Of course, that still doesn’t mean the provider knows your application, which is unique. But it will eliminate a considerable amount of communication overhead and possible misunderstandings. After all, the provider will have to make changes to the application as required by your business departments. So he/she’d better known what they business talks about.
• Technology matters as well: there are different technological ecosystems (AJAX/Java/Unix vs. DotNet vs. SAP vs. Host …) and not all providers know how to optimize all kinds of applications. Development tools may be important, too, in some ecosystems where they are not standardized.
• Make sure the provider’s operating processes can be matched to your own. Nowadays, nine times out of ten that comes down to: you both speak and live ITIL. That will help to fit the provider in nicely.
• Check the provider’s methodology for setting up application management for your app. At the very least,  check that there is a methodology. As with any project, the success of application management is determined largely by how it begins.
• Check the contract offered to you:
  • Define the application and its interfaces. It should be obvious that a clear definition of the scope is necessary. However, sometimes boundaries of an application become fuzzy and their definition non-trivial.
  • Define the service levels you need (no less but also not more: high quality service is expensive – buy it only where it is needed)
  • How do you participate in the efficiency gains achieved by your provider? There should be a perspective for reduced costs for you.
• For those of you who still wonder how this blog entry got its headline, here’s the answer: before you outsource an application to an Application Management provider (“marry”), make sure you will always be able to source it back in (“divorce”). That requires an up to date documentation and the use of common development environments. Among other things. Make sure your Application Management provider offers you that – without you having to ask for it. Because if you have to ask for it, it is not common practise with this Application Management provider. And it will not become common practise just because of you. Instead, when you need it, you will find out that it never really worked. Insourcing will still be possible, but tiresome then.

This is my list of general rules for selecting an Application Management provider. Plus, there always are your specific circumstances to take into account.

Got more points to add to the list? Let me know! (info@syngenio.de)

Some of you sent feedback on my latest blog entry about Application Management. Application Management is a specific kind of outsourcing, where you outsource maintenance and continuous improvement of custom applications. Two managers asked the same question: “How can it possibly be more efficient to outsource custom applications than to maintain them in house? The outsourcer has no knowledge of the application’s specifics and economies of scale don’t apply! If the Application Management provider really is more efficient, then the in house crew simply hasn’t been doing their job.”

Good reasoning. But we at syngenio have been doing Application Management for years and there has always been a cost reduction through efficiency improvement. Very rarely it is lower than 10%, sometimes up to 20%. How come?

Believe me, it’s not because your employees are not doing their job. It’s because they are. They are working towards the objectives that have been established. And these objectives need to be relatively short term objectives – because management needs them to monitor progress, because your employees need them as feedback on their personal performance. What we are talking about here is the entire process of building and maintaining custom applications, also known as the “application lifecycle”. That lifecycle can be long, several years at least. So it’s no good to set up the objective “Optimize ROI over the entire application lifecycle.” You couldn’t properly evaluate that criterion before you shut down the application.
Instead, other objectives are being used. Let’s look at the project manager of the project that creates the custom application in the first place. He is responsible for time and budget. Of the project, that is. And the project ends with the custom application going live. That way, any responsible project manager is practically forced to compensate for deviations from the plan by cutting short anything out of scope – such as optimizing the application for efficient maintenance. That is the objective we have set for him.

You may hope that the operations department will counterbalance such strategies by bringing in their own requirements. In fact, they can only do that in a very basic way: They can bring up general requirements, not more. They do not know the specifics of the application yet. It is business and development who discuss and define the application. Again, that is the reasonable way to organize it, because the complexity of applications stems mainly from business needs, not from IT needs. So let’s focus on getting the business part right first.

Later, when everything is up and running, there is a new objective for employees: Efficient day to day maintenance. Whether it is set up officially or not, it is in place de facto: simply because it is the only way to meet up to daily requirements. Urgent tasks get higher priorities than important tasks. In the end, the important task of really understanding that custom application and its potential for improved efficiency never gets done.

By themselves, all those objectives make perfect sense: focus on the success of the development project, focus on business needs, focus on availability and mandatory changes first in operations. But in the end, they prevent us from focussing on the real goal: Optimizing ROI over the entire application lifecycle.

Let’s face it: we are actively organizing inefficiency.

What do we learn from it? There is an old saying: “Quality is free.” Tom de Marco wrote years ago that it should better be spelled “Quality is free for those who are willing to invest into it.” Meaning: It is possible to achieve lower cost full quality application operation – if you make the investment to include that separate phase into your application lifecycle: application management setup. Yes, it needs to be a separate phase in order to have its own objective: understanding the application and its potential for efficiency improvement from an operations point of view. Application Management providers include that phase. They convince you to make the investment and thus you get that 10% plus overall improvement.

My advice: select some of your custom applications and outsource them to an application management provider. This will free some internal resources to work on the necessary improvements on the remaining applications.

 Upcoming blog entries: (a) how to select an application management provider and (b) the mechanics of achieving the efficiency improvements. Stay tuned – or stay in contact at info@syngenio.de

You hear the story over and over again: Business asks IT to design and build yet another custom application. IT resources are limited, so the IT department subcontracts the job to some external software company. Meanwhile, the IT department itself takes care of the existing applications. You think that’s just the way it is? Think again.
What makes the difference between internal and external IT personnel? That your internal staff knows your company better, I’d say. They know more about the way things are run at your place. There are always lots of things that business will forget to write down in the specification – simply because they are taken for granted. Fortunately, your internal IT staff probably considers them as basic standards as well – so they will build them into the application anyway. Not true for external software companies. So take some of your own IT staff, mix them with some externals of the latest technological flavours, stir – and you got yourself a winning team.
Which leaves you with the question how to maintain and improve your existing applications with some internal staff set aside to get that new development project right. Actually, there is an obvious way to do that – just the same way you always did it: subcontract to some external software company. Not any software company, of course. One that specializes in application management. By application management I mean that special flavour of outsourcing, where the outsourcer takes care of a custom application, its maintenance, incident and problem management at a fixed rate. You probably wonder if that’s going to work. After all, your custom applications are not easy to maintain (and no wonder that is – if you let external software companies develop them without internals to guide …). Believe me: It can be done. More than that: you would be surprised how short the time to break even is. Of course, the outsourcer needs to review the application and build up knowledge. And this leads to a fresh view on the software, one focused on maintenance efficiency. Nine times out of ten, this is the first time your application has been scrutinized for maintenance efficiency. Including but not limited to the identification of potentials for automation in incident and problem management. Which is why I am telling you about it in this blog. In my next entry, I will share my thoughts on how to select a matching application management provider. Of course, you can always shortcut the waiting time and contact me at info@syngenio.de

Elmar Borgmeier