Draconis Software Blog

There’s a good overview of antispam practices at Howto Forge today, detailing the various methods either currently in use (black/gray/white lists, applications, etc), and proposed (DKIM, etc).

In a world where spam is bound to hold such an important position,
methods of preventing it should also be given an increasing importance.
Some of the easiest and most widely used prevention methods are host
control solutions, Antispam applications and user education.

I’m particularly excited about Domain Keys Identified Mail (DKIM), which I wrote about recently. Such a method would be very useful in tracking down spammers and controlling the flood of junk they put out, though, as this article points out, it’s not without it’s limitations. “The main disadvantage of DKIM is that email messages can be significantly modified in certain situations (e.g. when being forwarded by list severs), causing the signature to be invalidated and the message to be rejected. A solution to this issue would be combining DomainKeys with SPF, because SPF is immune to modifications of the email data.”

Check the article out - it’s a good overview of what’s currently going on, and perhaps may inspire you to try a different approach to your current antispam efforts.

I recently saw an article about the DomainKeys Identified Mail (DKIM) draft being accepted by the IETF as an official proposed standard (even though it happened back in February). I really hope the acceptance of this takes off, though the article seemed to show many large companies (who could probably benefit from it) non-committal.

DKIM is a simple means for verifying the origination of an email in an attempt to better track (and fight) spam and phishing messages. The method is simple: the sender encrypts the message body using it’s private key and stores this in the message header (non DKIM receivers, then, can safely ignore it and still deliver the message). A DKIM-enabled receiver looks up the originating domain’s record and extracts the public key. From Wikipedia: “The receiver can then decrypt the hash value in the header field and at the same time recalculate the hash value for the mail body that was received, from the point immediately following the “DomainKey-Signature:” header. If the two values match, this cryptographically proves that the mail did in fact originate at the purported domain, and has not been tampered with in transit.”

(Read the article)

We’ve been looking for a good way to manage the myriad of projects we’ve been working on lately, with efforts spanning several clients, different developers, and all sorts of other complexity, and recently gave activeCollab a spin. If you haven’t seen it yet, it’s a great open source project management tool without a lot of the bloat (plus, it doesn’t have any of the restrictions found in BaseCamp, a tool we were also considering). I’ve been quite happy with it so far, though we’ve only just begun using it.

The idea is to allow access for many of our clients to the activeCollab portal throughout the relationship, making it easier for all of us to communicate progress. Of course, nothing will replace those good ol’ regular status reports, phone conferences, etc, but this gives clients a better understanding (and a more direct line of communication to developers) while working on their project.

My biggest concern going forward is keeping things fresh. We’ve tried using SugarCRM in the past to manage clients, contacts, projects, and other data, but it just wasn’t used as much as it could be (people just didn’t keep it updated or use it on a regular basis, myself included). Part of this could be due to it being a change in a regular routine, but I think there was something else. After all, we implemented a wiki based on MediaWiki after trying Sugar to great success. So I believe the main problem with Sugar was due to it being not quite what we needed. Incidentally, Sugar has an interesting project management module for the Sugar Enterprise product, though we’re not ready to make a purchase for a tool like this yet. Hopefully activeCollab will be a success.

GigaOM is running a great article today about the changing environment faced by network engineers - as high-performance, well-optimized Internet providers are becoming ubiquitous, and access to the Internet has approached commodity status, what is the relevance a network engineer plays in today’s new economy? The article raises the question of a network engineer’s place: is it primarily with the Internet service provider - ensuring service is available and customers have access (think a lineman for the telephone company) - or is there still a place for an experienced network engineer supporting a company’s customer-facing operations? As the article says, service-oriented Internet companies, providing services to millions of users, may no longer need network engineers on their staff to support these operations.

To this CTO, knowing the details of his network and server infrastructure was like knowing the details of the local utility electricity grid – not required. Is this a bad thing, or proof that networking technologies have succeeded?

The question posed is this: do companies building Internet-oriented products, Web 2.0 service companies for instance, need network engineers to keep their systems running? Or does it make more sense to outsource these kinds of operations to a third party (for instance, hosting everything via a virtual server or other hosting provider)?

(Read the article)

Thought I’d follow up to yesterday’s note about organizations shifting to Web 2.0 technologies (often called Enterprise 2.0). As this note so elegantly puts it, it’s not a matter of if, but a matter of when. Eventually, Enterprise 2.0 will be a reality in your organization, and it’s better to start thinking and planning for that than sticking your head in the sand.

I think the biggest obstacle, as I pointed out yesterday, is getting over the fear of wasting time and resources on potentially low-return projects. But on the other hand, it’s possible these projects turn into a major boon for an organization. You never know till you try, and you might as well start trying.

(Read the article)

There’s an interesting post at ZDNet today about how many traditional companies are quickly adopting Web 2.0 concepts on their customer-facing web services, while at the same time, internal services aren’t utilizing these as quickly (if at all):

More organizations shift to Web 2.0 while IT departments remain wary by ZDNet’s Dion Hinchcliffe — A couple of recent announcements from two large, very well-known organizations provides some interesting data points on how Web 2.0 is affecting the product designs and business processes of otherwise very traditional institutions. Both USA Today and the U.S. Patent and Trademark office have recently unveiled strategies for letting their users use two-way Web capabilities to contribute directly to the products and services they offer. And many other mainstream companies, such as Pepsi as well as GM and XM Radio have been exploring externally-facing Web 2.0 concepts in their products for a while now.

Perhaps the biggest issue most IT departments have (and really, the managers who juggle worker productivity concerns), is the worry users will spend too much time contributing to these social services than otherwise being productive. “Thus, the best that Web 2.0 and Enterprise 2.0 applications like blogs and wikis can do it increase the productivity of existing business processes by improving efficiency as well as allowing them to self-improve through emergent structure and behavior.”

(Read the article)

You’ve probably heard of the One Laptop Per Child organization first announced in Davos, Switzerland in 2005, and how the project has made some significant progress towards the $100 per laptop goal, first suggested by Oracle’s Larry Elison. Currently, the organization plans to hit about $140 for the first iteration of the laptop, eventually reaching the $100 mark sometime around 2008. There’s a lot of interesting technology behind the OLPC, with much of the concepts readily applicable to other IT-related industries, which I thought I’d explore today.

(Read the article)

ZDNet’s Dion Hinchcliffe has been discussing Wiki’s, blogs, and Web 2.0 – the read/write web – as the next major applications platform in his article Is the walled garden Web blowing apart? Giving this some thought, I’ve come to the conclusion that this has been an entirely logical extension to current applications development and the route web content creation has taken over the last several years.

Over time, the tools used to create applications have grown increasingly easier to use (though the applications themselves have often grown significantly more complex): witness Visual Basic and Rapid Application Development software that emerged to empower more people to generate their own applications faster. Paralleling this, the web has become even easier and faster to develop content for, with the advent of the community-created website (what better example than Wikipedia), and blogs (where posting messages and comments requires very little effort).

But this isn’t news: what’s interesting is when these two content creation channels converge: applications as content, and the web as an application. Ruby on Rails “doesn’t hurt” to develop sites with, while WordPress and Movable Type have made it easier than ever to setup a blog (to say nothing of LiveJournal and other hosted systems). The web has become an application that anyone – and everyone – can modify, and it’s only getting easier.

The potential in applications delivered via the web is huge: rapid development (especially as mashups become increasingly popular), high-quality software, and on-demand results. As users see the immense potential in the web as a content application, astute executives are beginning to see the profit potential in developing whole new breeds of software using the web as a delivery medium. For instance, the explosion in new Web 2.0 companies lately has been astounding: companies that base their product offering as a web application users can subscribe to (and everyone loves a recurring-revenue business model).

Existing companies – especially those not at the forefront of the Web 2.0 movement – are beginning to appreciate the potential in the web as a software delivery vehicle. With eBay’s new community, large companies that previously focused on a top-down model are embracing the democratization of content creation.

I can only wonder at what the next logical step will be.