Gene briefly explores the misunderstanding between “Enterprise IA” and “User Experience IA.” This tension was well characterized by Peter Morville almost 10 years ago (See “Big Architect, Little Architect.” Personally I think it’s clear that content is always in motion, and unsupported efforts to dominate and control it are doomed. People are a critical element of a successful IA project, since those who create and use information are in the best position to judge and improve its quality. Many hands make light work, as the saying goes.
For example, if you want a rich interactive search results page, you need to add some structure to your content. This can happen anytime from before the content is created (using pre-defined templates) to when it is presented to a user on the search results page. Content is different than data, a theme Rob Karel and I explored in our research on Data and Content Classification. For this reason, IA is both a “Back end” and a “Front end” initiative.
Marketers - pay attention. This is an example that seems great in theory, but the "devil is in the details" of the implementation so to speak. This is among the top inquiries I hear from clients, "what do you think about 2D barcodes or QR codes as a means of connecting with customers?" I took this inquiry from a CPG client just a couple of weeks ago. I laid out the challenges. Their response was, "well, we're doing it anyway." Piloting is good - just go into it with your eyes wide open.
Security Researchers in the UK say that the 3-D Secure (3DS) system for credit card authorization, a protocol that was "developed by Visa to improve the security of Internet payments," has significant security weaknesses. It is used by both of the ginormous card brands, known as "Verified by Visa" and "MasterCard SecureCode."
This could be a big deal.
In a recent paper, the researcher calls out 3-D Secure as a security failure that was pushed on consumers by financially incentivized merchants because, "its use is encouraged by contractual terms on liability: merchants who adopt 3DS have reduced liability for disputed transactions. Previous single sign-on schemes lacked liability agreements, which hampered their take-up."
According to the authors:
"3-D Secure has lousy technology, but got the economics right (at least for banks and merchants); it now boasts hundreds of millions of accounts. We suggest a path towards more robust authentication that is technologically sound and where the economics would work for banks, merchants, and customers - given a gentle regulatory nudge."
It was a surprising weekend for those of us who had naively imagined that after crossing the River iPad, we might actually get some Elysian rest. But, alas, the fates conspired against us and handed us the curious case of Amazon vs. Macmillan. Or Macmillan vs. Amazon?
For those who actually took the weekend off, let me summarize what happened. John Sargeant, the CEO of Macmillan Books, gave Amazon a wee-bit of an ultimatum: switch from a wholesale sell-through model, where Amazon buys digital books at a fixed wholesale rate and then can choose to sell those books at whatever price it deems appropriate (even at a loss, as it does with $9.99 bestsellers), to an agency model, where Amazon agrees to sell at a price set by the publisher in exchange for a 30% agency fee. Sargeant explained to Amazon that if it did not agree to the switch, Macmillan Books would make its eBooks subject to significant "windowing" wherein new books are held back from the digital store for some period, say six months, while hardback books are sold in stores and possibly, digital copies are sold through the iPad at $14.99.
This is more detail than we usually know about a negotiation like this because of what happened next. Sargeant got off of a plane on Friday only to discover that Amazon had responded by pulling all Macmillan books from the Kindle store as well as from Amazon.com. He then decided to make it clear to the industry (and his authors) that this drastic action was Amazon's fault, in a paid advertisement in a special Sunday edition of Publishers Lunch.
The first reports on the IT market in Q4 2009 are now in, and they are in line with our prediction that the tech market recession ended in that quarter (see US And Global IT Market Outlook: Q4 2009). Overall, the tech market in Q4 2009 was more or less flat with the same quarter the year before – an improvement from prior quarter when growth was negative, and evidence that the 2010 tech market will post positive growth.
The US economy was stronger than expected, by 5.7% real GDP is an aberration. The US Department of Commerce released preliminary data on Q4 2009 economic growth, and the results was a surprisingly strong 5.7% in real GDP, 6.4% in nominal GDP from the previous quarter (on a seasonally adjusted annualized basis). However, about two percentage points of that growth was due to inventory re-stocking, which will not be repeated in future quarters. And based on prior GDP reports, this growth rate will probably be revised down as new data comes in. (In Q3 2009, the growth rate in real GDP started at 3.5%, but ended up revised down to 2.2%.) Still, this report confirms that the US recession is over, and slower by steady growth is likely for the rest of 2010.
We’ve become curious ever since we interviewed Linda Cureton of NASA a few months ago, when we were a bit surprised to discover that she has an active blog (her Thanksgiving entry implores CIOs to give thanks to their “geeks”). And there’s Rob Carey, CIO of the Navy, who has been blogging for the past two years. So we decided to look around to see other CIOs who are actively blogging. Active implies recent — which takes quite a bit of time and thought, and is probably not for everyone. So who else besides Linda takes the time and thought? Here are a few who do, though not always frequently.
Netbooks are one of the hottest consumer product categories in the consumer technology industry at this moment - at least from an industry perspective. And yesterday, after Apple's iPad announcement, consumer electronics analysts immediately started commenting and sharing their views via blogs, and twitter.
But what I've been missing is the consumer view. Let's take a look at how interested consumers are in small computers like netbooks in general, and how this has changed in the past year.
Note: I realize that the industry may not see the iPad as a netbook but both the netbook and the iPad serve the same consumer need: an easy to carry, multifunctional mobile Internet device. So consumers are likely to compare and contrast them in the product purchase consideration cycle.
What we see is that consumers are mostly interested in netbooks as a second or third PC that they could use while on the go, or that they consider giving one to their children. Netbooks serve a distinct purpose, for more insight please see the report 'Netbooks Are The Third PC Form Factor' by my colleague J.P. Gownder.
Several clients have recently been asking about "Virtual Network Segmentation" products that claim to segment networks to reduce PCI compliance. They may use ARP or VLANs to control access to various network segments. These type of controls work at Layer 2 and the hacker community is well versed at using tools such as Ettercap or Cain & Abel to bypass those controls. We've recently written about Network Segmentation for PCI as part of the PCI X-Ray series.
While rereading the PCI Wireless Guidance document, I came across this nugget that puts a nail in the coffin of using VLANs as a security control:"Relying on Virtual LAN (VLAN) based segmentation alone is not sufficient. For example, having the CDE on one VLAN and the WLAN on a separate VLAN does not adequately segment the WLAN and take it out of PCI DSS scope. VLANs were designed for managing large LANs efficiently. As such, a hacker can hop across VLANs using several known techniques if adequate access controls between VLANs are not in place. As a general rule, any protocol and traffic that is not necessary in the CDE, i.e., not used or needed for credit card transactions, should be blocked. This will result in reduced risk of attack and will create a CDE that has less traffic and is thus easier to monitor."
I've recently had several interesting discussions about one of the assessment criteria in the Forrester Vendor Positioning Review (VPR). A new VPR on IT Management Software Vendors should be out this time next week (it's been stuck in our Editing dept. for several weeks now.)