If I were a disgruntled employee

So, you and your employer are not on good terms anymore and you think it is payback time? Here is a beginner's guide to expressing disagreement(Sony VGN-FZ52B battery).

Disclaimer: the article does not focus on the moral and legal side of the issue, the focus is purely technical(Sony VGN-FZ51B battery).

Note: a complementary article for employers will follow shortly, but if you're sharp enough you can derive the protection methods from this information(Sony VGN-FZ50B battery).

The options are different, but if you're in the IT industry, the common choices are:

change all the passwords and do not disclose them;

delete all the data(Sony VGN-FZ340E/B battery);

encrypt all the data;

apply subtle changes to the systems configurations, so that they seem to be working right, but somewhere deep inside a problem is waiting to happen;

share private data with your employer's worst enemy(Sony VGN-FZ38 battery).

Change all the passwords

It is a matter of time before they find a new person who knows how to apply the password reset procedure - most (if not all) systems have one. Sometimes it is as easy as reading the manual (which they should've told you to write in the first place) and following the instructions(Sony VGN-FZ37 battery).

As an IT expert, you are aware of the fact that if someone has full physical access to a system - they can override pretty much every security measure(Sony VGN-FZ35 battery).

Cons:

it is a matter of time before they reclaim access to the resources. Since the bridges are already burnt down - your image suffers badly, your future employment opportunities are quite shady. You gained nothing(Sony VGN-FZ32B battery).

Pros:

easy to implement;

it is more difficult and time consuming to get past this if there are remote resources (ex: servers) controlled by other companies, in other timezones(Sony Vaio VGN-FZ21J battery) ;

once they get everything back and sue you, you can say "I didn't want it to be serious, so I chose this trivial method" [then pray they'll buy that] (Toshiba NB200 battery).

Delete all the data

This is a better approach, because in this case there is nothing to recover. They can have the passwords for every server, the key for every door - but there is nothing to be found behind any of the doors(Toshiba NB100 battery).

Cons:

there are backups, you'll have to delete those too, thus there is more work to be done;

there are data recovery techniques, you'll have to make sure they won't work

destroy the data (crash the hard disks; burn the DVDs, literally) (Sony VGN-FZ62B battery);

wipe the data - wiping is the process of deleting data, then overwriting it with other data, to prevent recovery software from being able to retrieve the original files. In spite of the belief that you need multiple overwrite-passes to make a file impossible to recover - even one pass is good enough(Sony Vaio VGN-FZ31J battery ).

Pros:

the more time passes since the files were deleted, the more difficult it is to recover them. The employer will feel a lot of pressure because they have to do everything fast, or they'll have to disrupt the service for a while(Sony VGN-FZ145E battery). This should make it evident for them that they should've given you the raise you asked for, it would've cost them less(Sony Vaio VGN-FZ31B battery);

if you were unprofessional enough to not make those regular backups, the employer will understand that they made more mistakes than they originally thought, one of them was that of employing you in the first place(Sony VGN-FW11M battery).

Encrypt all the data

This is an extension of the previous method, and it is psychologically more aggressive, because this time they know they have the files, and "all they need" is the password. This gives them the false feeling that they're almost there(Sony Vaio VGN-FZ18S battery).

Cons:

encrypting data takes time, especially if there are large amounts of it;

you may be foolish enough to use an encryption program that has backdoors in it - which makes your effort useless(Sony VGN-FZ230E battery);

the employer may have keyloggers installed on your systems, thus they will be able to find the password - rendering the exercise useless again;

if you use a weak password - they can guess it or brute-force it(Sony Vaio VGN-FZ21S battery).

Pros:

the method is meaner than simply deleting the data;

even if they have full physical access to the system - it does not help them(Sony Vaio VGN-FZ21E battery );

if you are sure that you are using the best encryption program that does not have any backdoors and employs the best encryption algorithm, you're safe;

if you use a smart card to encrypt the data, any brute-force or dictionary attack attempts will be futile(Sony VGN-FZ190 battery).

Apply subtle changes to the systems configurations, etc.

If you need an example of this, remember the movie "Office space" to get an idea about how this is done(Sony VGP-BPS9/B battery).

Cons:

they won't know you've had them, because these backdoors are so subtle - thus you lose some of the moral satisfaction(Sony Vaio VGN-FZ38M battery);

Pros:

when the new guy shows up, it may take a long time until the flaws are revealed (especially if you were insightful and weren't kind enough to document what you were working on, making it difficult to understand the system you left behind) (Sony VGN-FZ29VN battery);

you can exploit these flaws for many years, and perhaps get some benefits out of it. If you're not greedy and keep everything below the radar, you may never get caught(Sony VGP-BPS15 battery).

Share corporate secrets with the competition

If you are not bound by an NDA, they won't be able to use this against you(Sony VGP-BPS18 battery).

Cons:

if you don't keep this low profile, future employers won't be able to trust you, and your career may not get far from where you're standing(Sony VGN-FZ17 battery).

Pros:

if there were no NDAs, technically you succeeded in making them suffer without breaking the law(Sony VGN-FZ11S battery).

Final thoughts

All the methods above have one thing in common - you'll have to pay for it sooner or later, and there is no approach that enables you to get away scot-free(Sony Vaio VGN-FZ18G battery).

I do not encourage employees to cheat their employers (and vice-versa), I consider that a direct dialogue is the best way to solve a problem, as well as to prevent it from happening in the first place. This article must not to be used as legal advice(Sony VGN-FZ180E battery).

If I were a disgruntled employee

So, you and your employer are not on good terms anymore and you think it is payback time? Here is a beginner's guide to expressing disagreement(Sony VGN-FZ140E battery).

Disclaimer: the article does not focus on the moral and legal side of the issue, the focus is purely technical(Sony VGN-FZ62B battery).

Note: a complementary article for employers will follow shortly, but if you're sharp enough you can derive the protection methods from this information(Sony VGN-FZ70B battery).

The options are different, but if you're in the IT industry, the common choices are:

change all the passwords and do not disclose them;

delete all the data;

encrypt all the data(Sony VGN-FZ70B battery);

apply subtle changes to the systems configurations, so that they seem to be working right, but somewhere deep inside a problem is waiting to happen;

share private data with your employer's worst enemy(Sony VGN-FZ71B battery).

Change all the passwords

It is a matter of time before they find a new person who knows how to apply the password reset procedure - most (if not all) systems have one. Sometimes it is as easy as reading the manual (which they should've told you to write in the first place) and following the instructions(Sony VGN-FZ72B battery).

As an IT expert, you are aware of the fact that if someone has full physical access to a system - they can override pretty much every security measure(Sony Vaio VGN-FZ31J battery ).

Cons:

it is a matter of time before they reclaim access to the resources. Since the bridges are already burnt down - your image suffers badly, your future employment opportunities are quite shady. You gained nothing(Sony VGN-FZ145E battery).

Pros:

easy to implement;

it is more difficult and time consuming to get past this if there are remote resources (ex: servers) controlled by other companies, in other timezones(Sony Vaio VGN-FZ31B battery);

once they get everything back and sue you, you can say "I didn't want it to be serious, so I chose this trivial method" [then pray they'll buy that] (Sony VGN-FZ18L battery).

Delete all the data

This is a better approach, because in this case there is nothing to recover. They can have the passwords for every server, the key for every door - but there is nothing to be found behind any of the doors(Sony VGN-FW11M battery).

Cons:

there are backups, you'll have to delete those too, thus there is more work to be done;

there are data recovery techniques, you'll have to make sure they won't work

destroy the data (crash the hard disks; burn the DVDs, literally) (Sony VGN-FW11 battery);

wipe the data - wiping is the process of deleting data, then overwriting it with other data, to prevent recovery software from being able to retrieve the original files. In spite of the belief that you need multiple overwrite-passes to make a file impossible to recover - even one pass is good enough(Sony Vaio VGN-FZ18S battery).

Pros:

the more time passes since the files were deleted, the more difficult it is to recover them. The employer will feel a lot of pressure because they have to do everything fast, or they'll have to disrupt the service for a while. This should make it evident for them that they should've given you the raise you asked for, it would've cost them less(Sony Vaio VGN-FZ18S battery);

if you were unprofessional enough to not make those regular backups, the employer will understand that they made more mistakes than they originally thought, one of them was that of employing you in the first place(Sony Vaio VGN-FZ210CE battery).

Encrypt all the data

This is an extension of the previous method, and it is psychologically more aggressive, because this time they know they have the files, and "all they need" is the password. This gives them the false feeling that they're almost there(Sony VGN-FZ230E battery).

Cons:

encrypting data takes time, especially if there are large amounts of it;

you may be foolish enough to use an encryption program that has backdoors in it - which makes your effort useless(Sony Vaio VGN-FZ21S battery);

the employer may have keyloggers installed on your systems, thus they will be able to find the password - rendering the exercise useless again;

if you use a weak password - they can guess it or brute-force it(Sony VGN-FZ18 battery).

Pros:

the method is meaner than simply deleting the data;

even if they have full physical access to the system - it does not help them(Sony VGN-FZ190 battery);

if you are sure that you are using the best encryption program that does not have any backdoors and employs the best encryption algorithm, you're safe;

if you use a smart card to encrypt the data, any brute-force or dictionary attack attempts will be futile(Sony VGP-BPS9/B battery).

Apply subtle changes to the systems configurations, etc.

If you need an example of this, remember the movie "Office space" to get an idea about how this is done(Sony VGN-FZ15G battery).

Cons:

they won't know you've had them, because these backdoors are so subtle - thus you lose some of the moral satisfaction(Sony VGN-FZ11L battery);

Pros:

when the new guy shows up, it may take a long time until the flaws are revealed (especially if you were insightful and weren't kind enough to document what you were working on, making it difficult to understand the system you left behind) (Sony Vaio VGN-FZ31S battery);

you can exploit these flaws for many years, and perhaps get some benefits out of it. If you're not greedy and keep everything below the radar, you may never get caught(Sony Vaio VGN-FZ38M battery).

Share corporate secrets with the competition

If you are not bound by an NDA, they won't be able to use this against you(Sony VGN-FZ19VN battery).

Cons:

if you don't keep this low profile, future employers won't be able to trust you, and your career may not get far from where you're standing(Sony Vaio VGN-FZ31Z battery).

Pros:

if there were no NDAs, technically you succeeded in making them suffer without breaking the law(Sony Vaio VGN-FZ31M battery).

Final thoughts

All the methods above have one thing in common - you'll have to pay for it sooner or later, and there is no approach that enables you to get away scot-free(Sony VGN-FZ11Z battery).

I do not encourage employees to cheat their employers (and vice-versa), I consider that a direct dialogue is the best way to solve a problem, as well as to prevent it from happening in the first place. This article must not to be used as legal advice(Sony VGN-FZ220E battery).

Protecting from cold reboot attacks on disk encryption

If you watch the evolution of security systems, you are probably aware of the study that explains and demonstrates how private data can be extracted from the system's memory, by forcing a reboot or extracting the RAM modules(Sony VGN-FZ140E battery).

This is an intriguing research, because it shows how far a sophisticated attacker can get. What makes this even more interesting is the fact that there is empirical evidence that shows that it works not only on paper(Sony VGN-FZ62B battery).

Like other encryption programs, Private Disk is permanently decrypting and encrypting some data whenever files on the virtual disk are read or written. Naturally, the keys must be somewhere in the system's memory, therefore our software can become the target of such an attack(Sony VGN-FZ70B battery).

Why should I not worry about this?

Although the attack can have practical results, there are things that can be done about it(Sony VGN-FZ71B battery).

Imagine that you are an attacker that stumbled upon a computer with valuable data protected by Private Disk. If the keys are in memory, it means that the encrypted disk is mounted - and if so, why not just copy the data from it while no one's watching(Sony VGN-FZ72B battery)?

Why is it easier to disassemble a computer in order to make the RAM modules easily accessible, then take the memory out and connect it to another computer? When you're done - you'll put the RAM back but the system will be shut down, so the owner will figure out that something is fishy when they return(Sony Vaio VGN-FZ31J battery ).

Why is it easier to force a system reboot, configure the BIOS to boot from an external device, then dump the contents of the RAM to the external device for future analysis? As in the previous case, the system will be in a different state when the owner returns, so they will realize that an attack has just occurred(Sony VGN-FZ145E battery).

Besides, there are many things that have to be taken into account, and the attacker can only hope that luck will be on their side; for instance(Sony Vaio VGN-FZ31B battery):

is there a guarantee that upon a system reset, there will be no password prompt when entering the BIOS settings(Sony VGN-FZ18L battery)?

what makes the attacker sure that the BIOS is configured to allow booting from any external device(Sony VGN-FW11M battery)?

why would it be easy for someone to disassemble a computer and take the RAM out (or reset the BIOS settings) (Sony Vaio VGN-FZ18S battery)?

Of course, all of these problems have solutions: disassembling a system can be done very quick if you're good at it, and resetting the BIOS settings is a matter of time. But all of this is only useful in one condition - the computer that was left unattended contains a virtual disk in a mountedstate(Sony VGN-FW11 battery).

This is what brings us to the solution, which is just a set of best practices, which are well known for a long time; once you cycle through each item, ask yourself "which of these I hear for the first time?" (Sony Vaio VGN-FZ18S battery).

End users

Password protect the BIOS;

Don't allow the system to be booted up from anything other than the internal drive (no external devices, CDs, or network booting) (Sony Vaio VGN-FZ210CE battery);

Dismount your encrypted disks if they are not in use;

Turn the computer off when it is not in use for a long time (cut your electricity bill, save your planet) (Sony VGN-FZ230E battery).

Company owners, administrators, and leaders of the IT department

Do not allow full physical access to corporate workstations;

Make sure that every employee understands that a stranger walking around with a canister of liquid nitrogen (to cool down the extracted RAM modules to keep their contents intact longer) is not a common phenomenon, and this should be reported immediately(Sony Vaio VGN-FZ21S battery);

Make it impossible for a stranger to enter the office when no one is around;

Use surveillance equipment to monitor remote locations (this implies that the sly attacker managed to get past the guards who found nothing suspicious about a "smoking" canister of liquid nitrogen in the hands of a stranger who visits the office past working hours and ends up doing something in the server room after unlocking multiple doors with the power of thought) (Sony Vaio VGN-FZ21E battery ).

Developers

Do not keep the keys in the memory when you don't need them, overwrite the memory with some other data as soon as the keys are not required(Sony VGN-FZ18 battery).

As you can see, none of the above is new. Of course, this does not mean that the new attack method is useless, but it makes it clear that simple measures can be taken in order to protect your assets(Sony VGN-FZ190E battery). Moreover, all these measures are either free (features such as "disconnect encrypted disks when the system hibernates" in Private Disk, or "Automatic lockdown" in Password Carrier are there for ages), or are already in place (guards, locks, security cameras, etc) (Sony VGN-FZ190 battery).

Finally, I must point out that I can hardly imagine a thief who prefers to try this new high-tech wizardry, when it is known that the encrypted disk is already mounted, so all that has to be done is simply copy the data and walk away (which is obviously the path of least resistance) (Sony VGP-BPS9/B battery).

Summary - the end of the world is postponed yet another time, and you can protect yourself by following a short list of best practices. How is this news(Sony VGN-FZ15G battery)?

Why I don't use an antivirus

Many years ago I decided I was not going to use an antivirus for my computer. My friends and colleagues find this unbelievable, but they are more surprised when I tell them that throughout the years this decision never came back to haunt me(Sony VGN-FZ140E battery).

The #1 reason was to get rid of the performance penalties that are an obvious consequence of an antivirus that runs in the background and checks all the files that are being accessed(Sony VGN-FZ62B battery). The second reason was that [at that time] I did not have a permanent Internet connection, so I was always sure that I never had the most recent updates. In other words, I was aware of the fact that my antivirus would probably miss a threat or two. In those circumstances it was obvious that(Sony VGN-FZ70B battery).

I have to live with permanent performance issues;

And in spite of that, there is a great chance I'll get infected anyway.

Naturally, I decided to remove the antivirus. This sounds like a crazy decision, but it is not, if you analyze the problem. Think about the sources from which viruses come(Sony VGN-FZ71B battery):

Emails with attachments

Things you copy from CDs, DVDs or USB flash drives when you exchange data with friends(Sony VGN-FZ72B battery)

Files downloaded from Internet sites

Source-X (you'll find out below)

Now, let's deal with each item:

Email - this is not a real threat, as long as you follow some basic rules(Sony Vaio VGN-FZ31J battery ):

Don't run programs that came in attachments;

If the attachment comes from a trusted person; either ask them if they really sent that file, or simply ignore the email because (see below) (Sony VGN-FZ145E battery)

Normally people don't send programs (EXE files) via email. Usually we exchange photos, documents, movies... why would we suddenly change the pattern and send a program?

Files copied from various media - the same logic applies(Sony Vaio VGN-FZ31B battery): photos, movies and texts are not executable files, hence they pose no harm. If the CD or DVD is from a store, then we can trust the vendor made sure there are no infected files there. If it comes from an unreliable source, then try to obtain the same file from a trusted one(Sony VGN-FZ18L battery).

Files downloaded from various web-sites are the ones more likely to be harmful, especially if they come from P2P networks like eDonkey or Kazaa. As in the previous case, you are pretty safe if you ignore EXE files and only use the (Sony VGN-FW11M battery).mp3 or .avi ones - they are not executable programs, so they can't cause trouble. (Note, if you're the "download stuff off P2P networks" type, you might find PD FileMove useful) (Sony Vaio VGN-FZ18S battery)

As you can see above, most of the times you can get away by simply taking a look at the type of the file and making sure it is not a EXE. An antivirus is not needed for that, all you need is to think for a second before double-clicking a file(Sony Vaio VGN-FZ210CE battery).

Now, what if you received a file from a friend, and they confirmed they really sent it, so it's supposed to be safe... but your defensive instincts tell you that the file might be harmful, what then(Sony VGN-FZ230E battery)? The solution is to use an antivirus which is not resident, i.e. it does not permanently reside in the computer's memory and you only use it when you think you need it(Sony Vaio VGN-FZ21S battery).

I do have an antivirus on my computer, a free program called ClamWin. If my "psychic virus detection" skills are not convincing enough, I can right-click the suspect file and scan it(Sony Vaio VGN-FZ21E battery ):

Knowing that I can do this, gives me the psychological comfort of feeling protected. But here's the funny thing - in no less than 5 years of not using an antivirus, I used this option no more than 10 times(Sony VGN-FZ18 battery). Each time I used it, the antivirus confirmed that the suspect file was indeed malicious - but I was able to determine that myself just by analyzing the file (its name, extension, size, the date it was created) (Sony VGN-FZ190 battery).

In other words, I have empirical evidence that life without an antivirus is not only possible, but also very successful(Sony VGP-BPS9/B battery). Of course, this requires rather advanced computer-oriented thinking (not everyone can guess that a file is a spyware program just by looking at it), but even this has a simple solution - don't mess with unknown EXEcutable files(Sony VGN-FZ15G battery).

This story would be incomplete, and misleading, if I didn't mention that I am using a firewall, and I am pretty sure that my firewall is the second most important layer of defense (the first one being my intuition; the term 'intuition' is not very good, but discussing its appropriateness is beyond the scope of this story) (Sony VGN-FZ11L battery).

This occurred to me in the days of MSBlast, when many people suddenly found themselves with a "System is shutting down in X seconds" message on the screen. That's when I learned that threats don't necessarily come in the form of a EXE file which I must run; an unprotected system with known vulnerabilities can easily become the target of an attack(Sony Vaio VGN-FZ31S battery). Afterwards files can be run on the system without my permission, so I can get infected. The obvious conclusion is that there is another source of threats - network connections (this is what "Source-X" referred to). And the other obvious conclusion is that I needed a firewall(Sony Vaio VGN-FZ38M battery). Nowadays Windows comes with a built-in firewall, so we've got this attack vector taken care of. Note that this firewall does not monitor outbound connections, and is not very flexible, but choosing a perfect firewall is beyond the scope of this story(Sony Vaio VGN-FZ31Z battery).

Finally, there is another layer of defense, the one which never fails, the one that gives me the greatest psychological comfort (i.e. if everything else lets me down, I can be 100% I am not totally lost). What I'm talking about, is Disk Firewall. The defensive strategy is simple and very easy to implement(Sony Vaio VGN-FZ31M battery):

Separate system files from your personal files (see the 4th message in the forum thread);

Store your personal data in a virtual encrypted disk, restricting access to the data using Disk Firewall and a list of trusted applications(Sony VGN-FZ220E battery).

In this case, even if your system was compromised, you can be sure that your data are absolutely intact. Moreover, if you've implemented the 'separate system from personal data' approach - restoring your system to a stable state is "one-two-threasy" (Sony VGN-FZ11Z battery).

Conclusions

Life without an antivirus is possible;

Most of the security threats can be dealt with by simply being attentive to details;

If you insist on having an antivirus (which you will rarely use), why pay when there is a free alternative(Sony VGN-FZ290 battery)?

If your antivirus program comes with a built-in firewall, perhaps you can make your system faster by leaving only the firewall enabled, disabling the resident scanner and manually scanning files that you think are suspect(Sony VGP-BPL12 battery);

Secondary conclusions

I save money because I don't pay for an antivirus, nor I pay for updates;

I never complain about my system being painfully slow (unlike some of my colleagues, who are so well-protected that they can't even use their computers for any real-world tasks, other than watching progress bars(Sony VGP-BPS15 battery).

How to protect myself from identity theft

A report published recently by IC3 (Internet Crime Complaint Center), provides a lot of insightful tips to those who often engage in Internet commerce. The study was carried out in cooperation with the FBI, the National White Collar Crime Center, and the Bureau of Justice Assistance(Sony Vaio VGN-FZ31B battery).

The study is extremely useful, as modern life is a path that will inevitably intersect with the Internet, whether we want it or not. The web helps us - consumers, do things faster and easier; the problem is that fraudsters get the same benefits(Sony VGN-FZ18L battery). As a result, if you fall for an Internet scam, the damage can be of a greater magnitude, and it can be inflicted upon you so quickly that you won't even notice it happened. Here are some numbers that put things in perspective(Sony VGN-FZ140E battery):

From January 1, 2007 to December 31, 2007, the IC3 website received 206,884 complaint submissions. This is a 0.3% decrease when compared to 2006 when 207,492 complaints were received(Sony VGN-FZ62B battery).

The total dollar loss from all referred cases of fraud was $239.09 million with a median dollar loss of $680.00 per complaint(Sony VGN-FZ70B battery).

This was an increase from $198.44 million in total reported losses in 2006.

Email (73.6%) and web pages (32.7%) were the two primary mechanisms by which the fraudulent contact took place(Sony Vaio VGN-FZ31J battery ).

It is highly recommended that you look through it and study the charts, and the recommendations section, which explains how to deal with such cases, as well as prevent them from happening. The remaining part of this article focuses on the issue of identity theft, which sadly was not given enough attention in the survey(Sony VGN-FZ145E battery).

It is interesting that the study concludes that identity theft is one of the smaller troubles, as shown in the chart below(Sony VGN-FZ230E battery).

Such a state of things is quite strange, because another study (the Computer Security Institute survey for 2007) found identity theft a much more serious problem. Could it be so that the victims of identity theft are not yet aware of their status(Sony Vaio VGN-FZ21S battery)?

Another possible explanation is that the scope of the IC3 report is simply different, it focuses on issues that occur after a transaction is complete (i.e. it is assumed that everything was ok before the final click in the process) (Sony VGN-FZ18 battery), while the truth is that identity theft has much more serious consequences. There is no need to use fake cheques, there is no need to engage in a long conversation with a "Nigerian scammer", nor there is a need to get involved in auction bidding(Sony VGN-FZ190 battery). With your data in their pocket, a fraudster can do anything in a clean way - the sellers will not suspect that something is wrong, because from their point of view, they are dealing with an honest person, and everything is legal(Sony VGP-BPS9/B battery).

Identity theft occurs when someone else uses your personally identifying information without your knowledge or permission, to obtain credit cards, loans and mortgages, buy various products on your behalf, leaving you responsible for the consequences(Sony Vaio VGN-FZ31S battery).

To minimize the risk of identity theft, you have to make sure that all the ways in which an identity can be stolen (attack vectors) are taken care of(Sony Vaio VGN-FZ38M battery).

If you use a public computer for online banking transactions (ex: buy merchandise or purchase tickets for travel, concerts, or other services) (Sony Vaio VGN-FZ31Z battery):

First of all, avoid using public computers, perform all the tasks that involve dealing with sensitive data on your home PC;

If you are forced to use a public computer, you can be the target of a keylogger, or the target of malware running on that workstation(Sony Vaio VGN-FZ31M battery). There is no guarantee that the computer does not have any harmful programs installed there on purpose. You need a tool such as Password Carrier, which will automatically fill in the forms on the web-sites and in Windows programs - thus keyloggers won't capture your passwords and other personal information, because you don't have to type anything by hand(Sony VGN-FZ220E battery).

If you store personal information in your home computer, there is a chance that it will be compromised (ex: if your antivirus or firewall failed), or that someone who uses the computer inadvertently ran an unknown (and malicious) program or an attachment that came with an email(Sony VGP-BPS18 battery).

Make sure that all the sensitive files on the system are stored in encrypted form, so that they cannot be copied by someone who connects to the computer remotely. Use Private Disk to encrypt your files(Sony VGN-FZ17 battery);

Use additional protection offered by Disk Firewall, to ensure that trusted but compromised programs won't allow an attacker to access private data(Sony VGN-FZ11S battery);

As in the previous case, it is a good idea to use Password Carrier, because it takes a lot of expertise to thoroughly study a system and say "this system is 100% clean, no viruses, no spyware, no malware of any kind"(Sony VGN-FZ180E battery). If you are not one of those who can check their own computer and guarantee that it is clean, then Password Carrier will definitely help you(Sony VGN-FZ31E battery).

Social engineering is another instrument an attacker can use to steal your identity. Why install various malicious tools and risk getting caught, when you can just go ahead and directly ask what you want? Due to the way our brains are wired, this approach is very often effective(Sony VGN-FZ61B battery)!

Be careful when someone asks you for personal information; it is good to be suspicious, so do not be afraid to question what they intend to do with this information(Sony Vaio VGN-FZ18M battery);

Always double-check the information you are about to submit, sometimes a detail that seems unimportant can actually make a difference. If you don't know whether some data are sensitive or not, treat them as sensitive and do not disclose them(Sony VGN-FZ150E battery);

Examine the privacy policy of the services that are used, in order to find out how they store and apply your data. In addition, if you are dealing with an intermediate party, they might request other, apparently not important data; if you know which details are needed by the service that does the actual processing, you will be able to find out whether the intermediate party requested data which they don't normally need(Sony VGP-BPS13 battery);

Cautiously share your personal information with your friends and colleagues. You may trust them, but are you sure they won't accidentally (or even intentionally) share your details with other parties? Is your friend aware of the existing threats? If you are not sure, then you should think twice before handing out passport numbers, addresses, phone numbers, etc(Sony VGP-BPS10 battery).

Conclusions

The Internet is a dangerous place, don't forget that.

It is a good thing to be a little bit paranoid, when not sure whether you really understand what is going on, take your time to ask someone in the know, or read the available documentation(Sony VGP-BPL15 battery).

Software can assist you in protecting your privacy, programs such as Private Disk and Password Carrier will make your life safer, and easier.

Keep track of your expenses, to find out if you are already a victim of identity theft before it is too late(Sony VGP-BPL11 battery).

NASA Accused of 'Climategate' Stalling

The man battling NASA for access to potential "Climategate" e-mails says the agency is still withholding documents and that NASA may be trying to stall long enough to avoid hurting an upcoming Senate debate on global warming(Sony Vaio VGN-FZ battery).

Nearly three years after his first Freedom of Information Act request, Christopher C. Horner, senior fellow at the Competitive Enterprise Institute, said he will file a lawsuit Thursday to force NASA to turn over documents the agency has promised but has never delivered(Sony VGP-BPS8 battery).

Mr. Horner said he expects the documents, primarily e-mails from scientists involved with NASA's Goddard Institute for Space Studies (GISS), will be yet another blow to the science behind global warming(Sony VGP-BPL9 battery), which has come under fire in recent months after e-mails from a leading British research unit indicated scientists had manipulated some data.

"What we've got is the third leg of the stool here, which is the U.S.-led, NASA-run effort to defend what proved to be indefensible(Sony Vaio VGN-FZ31J battery ), and that was a manufactured record of aberrant warming," Mr. Horner said. "We assume that we will also see through these e-mails, as we've seen through others, organized efforts to subvert transparency laws like FOIA(Sony VGN-FZ145E battery)."

He said with a global warming debate looming in the Senate, NASA may be trying to avoid having embarrassing documents come out at this time, but eventually the e-mails will be released(Sony Vaio VGN-FZ31B battery).

"They know time is our friend," said Mr. Horner, author of "Power Grab: How Obama's Green Policies Will Steal Your Freedom and Bankrupt America(Sony VGN-FZ18L battery)."

Mark S. Hess, a spokesman for NASA's Goddard Space Flight Center, which overseas the climate program, said the agency is working as fast as it can, and that Mr. Horner should expect some answers any day(Sony VGN-FW11M battery).

"It looks like the response to his appeal is probably going to happen very soon. I can't tell you it's going to be tomorrow or the next day, but it's just a matter of days," Mr. Hess said(Sony Vaio VGN-FZ18S battery) .

He said he hasn't seen the response, and doesn't know whether it will authorize any more information to be released(Sony Vaio VGN-FZ210CE battery).

The science behind global warming has come under question since e-mails leaked from one of the key sources for global temperature data, the Climatic Research Unit in Britain, seemed to show scientists manipulated data. It became known in the press as "Climategate." (Sony VGN-FZ230E battery)

An investigation has cleared the scientists of deliberate malpractice and declared the basic science credible(Sony Vaio VGN-FZ21S battery) .

The British investigation also sympathized with scientists being reluctant to share all of their data, but investigators said the science needed to be above reproach and so the more that is shared, the better(Sony Vaio VGN-FZ21E battery ).

In the case of NASA's FOIA situation, The Washington Times first reported on the agency's delinquency in December. At that time, the agency was more than two years overdue on one request and nearing the two-year mark on another request - far longer than the 20 business days allowed under FOIA law for a first response(Sony VGN-FZ18 battery).

After that report, the agency released about 2,000 pages, many of them heavily redacted, to CEI. Mr. Horner said among those pages was evidence he said proves NASA data is based on the British records that have come under fire(Sony VGP-BPS9/B battery).

But CEI said the agency withheld e-mails NASA scientists sent from nongovernment e-mails, even though they were doing government science work(Sony VGN-FZ15G battery).

Mr. Horner said he has evidence one scientist went back and deleted time stamps on his Internet postings to his private website, which Mr. Horner said shows the scientist was doing that work on government time(Sony VGN-FZ11L battery).

CEI's lawsuit, which is expected to be filed in federal district court in Washington, also says that e-mails leaked from the British research unit include documents that should have been released by NASA, but haven't been(Sony Vaio VGN-FZ31S battery).

Mr. Hess said they are fielding more than just CEI's inquiries, and they are taking them all in order(Sony Vaio VGN-FZ38M battery).

"We all understand the statute is 20 days, and we work really hard to comply with that as much as humanly possible, but for the most part, especially for a request where you may have to search thousands of documents, sometimes 20 days is just a herculean task," he said(Sony Vaio VGN-FZ31Z battery).

Some of the NASA scientists Mr. Horner targeted with requests have spoken out against the recent FOIA inquiries, calling them an effort to try to intimidate scientists into not publishing their work(Sony Vaio VGN-FZ31M battery).

Gavin Schmidt said information requests have ballooned in recent months and that he thinks those making the inquiries are trying "to put a chilling effect on scientists speaking out in public(Sony VGN-FZ11M battery)."

And James E. Hansen, director of GISS, said in a March memo that responding to FOIAs takes away from his time to do research(Sony VGN-FZ11Z battery).

He called it "a waste of taxpayer money" and questioned the motives of those filing FOIA requests(Sony VGN-FZ220E battery).

"It seems that a primary objective of the FOIA requesters and the 'harvesters' is discussions that they can snip and quote out of context," he said, warning that could confuse the public and that might delay the pressure Mr. Hansen said will be needed to force policymakers to combat global warming(Sony VGP-BPS15 battery).

The document fight comes as the Senate is preparing for two global warming debates.

One will be on a Republican move to try to overturn Obama administration rules that would let the Environmental Protection Agency regulate carbon emissions, even without specific new authorization from Congress(Sony VGP-BPS18 battery). The second is expected to be a full-blown debate on Democrats' bill to combat global warming.

On Wednesday, President Obama said he wants to see action(Sony VGN-FZ11S battery).

"I'm going to keep fighting to pass comprehensive energy and climate legislation in Washington," he said at an event in California. "We're going to try to get it done this year, because what we want to do is create incentives that will fully unleash the potential for jobs and growth in this sector(Sony Vaio VGN-FZ18G battery)."

Designing a large scale learning programme

When it comes to designing a large-scale learning programme, the processes you work through are probably not much different to building something just for your team. The difference is that you will need to be much more explicit in your thinking, rather than relying on gut instinct(Sony Vaio VGN-FZ battery).

When I start out with a new learning programme I try to split my work into three core areas:

Learning architecture

Technology infrastructure

People (probably the most important) (Sony VGP-BPS8 battery)

Getting the learning architecture is important, but, if you get the technology or the people aspects wrong then nothing's going to make the learning work(Sony VGP-BPL9 battery)!

Much of the thinking is iterative; as soon as you get one thing sorted you need to go back and work out its impact on the rest of the design(Sony VGP-BPL11 battery).

Throughout the process, the role of the Solutions Architect is to balance the needs of the organisation and the needs of the learner with the resources available (eg. systems, budgets, people) (Sony Vaio VGN-FZ18M battery).

Just like in a real-world building project, getting the architect in early is essential. On large-scale projects there's no point giving the builder their instructions on what to build, and then bringing in an architect to make sure they do it properly. The architect is the link between your organisation's real (rather than perceived) needs and the solution to those needs(Sony VGN-FZ180E battery).

Business need

Before you even start thinking about what the learning programme is going to look like you need to consider the problem that it is meant to solve(Sony VGN-FZ160E battery).

It might be that your client organisation is wanting to explore new approaches to a particular aspect of its work, where the outcome is uncertain(Sony VGN-FZ17L battery).

Or there may be a need to proove that the organisation has complied with particular legal or regulatory requirements. (I'll leave it for others to debate whether that means training is the only solution.) (Sony VGN-FZ17 battery)

Perhaps the organisation needs to ensure that there is a consistent skill base across the whole workforce(Sony VGP-BPS13 battery).

Your client might have decided that people need a raised level of knowledge and understanding of what you do(Sony VGN-FZ220E battery).

Or perhaps there's a strategic need to change behaviours across the organisation.

Whatever the business need, you must understand it. And you must get to the bottom of the reasons behind that business need(Sony Vaio VGN-FZ38M battery). Alongside that you'll need to know very quickly what drives the organisation's culture. Without those two converging streams of understanding, you will find it extremely difficult to create a learning solution that matches the client's needs and expectations(Sony Vaio VGN-FZ31S battery).

There are two tools that really help in this process with clients. One is Cathy Moore's action mapping presentation. This, very clearly, shows the client the importance of focussing on what they want people to do, rather than know(Sony Vaio VGN-FZ21S battery) .

The other tool I use considerably, especially in client workshops, is some sort of visual mapping tool. Options here include(Sony VGN-FZ230E battery):

MindManager - a very powerful mind mapping tool that integrates well with MS Office.

Freemind - an open-source mind-mapping tool. Fast and simple to use.

CmapTools - a free concept-mapping tool(Sony Vaio VGN-FZ18S battery)

These tools are useful to both collect ideas together, and then to re-present those ideas back to the client as your understanding of what they are trying to achieve(Sony VGN-FW11M battery).

Measurement

As an adjunct to understanding the business need, you will also need to understand your client's expectations of what they will measure(Sony VGN-FZ18L battery).

As soon as you put any part of a learning programme online, you run the risk of measuring things just because they are easy to measure, rather than because they are important. Online learning provide huge amounts of data about what learners are doing and when they're doing it(Sony Vaio VGN-FZ31B battery). Much of that data might be useful as aggregated statistics (given a large enough population sample), but it tells you very little about the individual learner(Sony VGN-FZ145E battery).

The challenge is to find the things that you can measure that will give you meaningful information about whether you are achieving your business needs(Sony Vaio VGN-FZ31J battery ).

Consider what it is you want to find out:

Learners' skill levels before and/or after the learning intervention(Dell RM791 battery)?

How your learning intervention is perceived?

How many people took up your offer of the learning intervention, and to what extent

Whether your learning intervention made any difference to learners' behaviour?

You'll also need to consider whether the measurements are "high stakes". In other words, are other actions dependent on the results of the measurements(Dell Latitude E6400 battery).

7 Things You Should Know As a Consultant

IT consulting has become one of the most sought after professions among college students today. It is well paying, lets you meet a lot of people, work with the latest technology and the best people in the business(Sony Vaio VGN-FZ battery). As the year comes to a close, I would like to share my experiences as an IT consultant and the things I have learned over the past one year as an IT consultant. To start with there is more to IT consulting than just technical advise and playing with technology. A lot goes on to make a successful IT consultant(Sony VGP-BPS8 battery). Clients today not only want a IT consultant who is technically sound but one who can understand their issues and provide meaningful solutions to their technology problems. I have jotted down my personal learnings as pointers in the next few paragraphs. These according to me can make the difference between a mediocre consultant and a star consultant(Sony VGP-BPL9 battery).

1. People Skills - The one most important thing that I have learned is IT consulting has more to do with people skills rather than technical knowledge. You may be knowing a technology in and out(Sony VGP-BPL11 battery), but if you don't have the neccesary people skills, you just can't succeed. Clients today look for more than technician in a IT consultant. Maintaining a good client relationship is number one on my list of things an IT consultant should know(Sony VGP-BPL15 battery).

2. Understand the Client - Understanding the client is the next thing I learned. You cannot give good tech advise to a client unless you understand his business. One of the best questions you can ask yourself is "Who is my client?" (Sony VGN-FZ460E battery). Before going into the technicalities, such as what is the technology infrastructure, what applications are used, what process is used, it is important to understand the client business. Understand the client business model(SONY VAIO VGN-FZ4000 Battery). One great place to start is the organizational chart. This can be supplemented with business process diagrams. Remember, having a business perspective is very important(Sony VGP-BPS10 battery).

3. Deliver Value - IT consulting is a costly affair. It's not cheap to just hire a top notch consulting firm. IT advise does not come cheap. One thing which IT consultants need to make thier clients realize is the value they are delivering(Sony VGP-BPS13 battery). It is important to keep the client focused on the value being delivered rather than the cost. Client get bogged down by the costs once the project starts. This can ruin an entire project. Sit with the client and clearly define what you would be delivering and the proce involved is just a fraction of the benefits to accrue(Sony Vaio VGN-FZ21M battery ).

4. Clearly define your role - Clearly define what you will do and what you will not do for the client. I have seen clients who expect everything under the sun from an IT consultant. You have to be clear from the start itself as to what you do and will do for the client(Sony VGN-FZ150E battery). Deliver what you have promised and nothing more or less than that. The client should never determine what the consultant should do. Also define what the client will be expected to do within the boundaries of relationships.This can go a long way in saving yourself of unneccesary client expectations(Sony VGN-FZ15 battery).

5. Management Skills - No IT consultant can be successful unless he has the neccesary management skills. Any IT project inolves time management, project management and human interaction. Getting the project is onle thing and completing it on time is another(Sony Vaio VGN-FZ18M battery). I have seen the best IT consultants with the best technical knowledge but with very little knowledge of how to handle a project and the timelines. Consulting is more than advising, it is about assisting the client to reach a goal. Almost all IT consulting work is taken up as projects(Sony VGN-FZ480E battery). Project management, time management and people management knowledge can go a long way in keeping the client happy.

6. Be Updated - Technology sills becomes obsolete at a blinding pace. I have seen consultants losing their jobs because they could not keep themselves updated about the latest happenings in their area of work(Sony VGN-FZ61B battery). I would advise, subscribe to tech journals, surf the net, attend seminars, enroll yourself for training sessions. These are some of the things that you can do to keep yourself updated in your field of work. This also goes for other current happenings in the industry, technology which can have a significant impact on your career(Sony VGN-FZ31E battery).

7. Client is King - My final learning is that the client is king. As an IT consultant, our job is to advise the client on technology, but it is the clients job to decide on the basis of our advise. In short "You advise, they decide"(Sony Vaio VGN-FZ38M battery). Don't fall in love with a technology, say Linux, SAP, Oracle, Java etc. Let the client decide on the basis of your advise, since he is in a better position to see the practicality of the solution and whether a solution will work for him or not(Sony Vaio VGN-FZ31S battery).

To sum up everything that I have learnt over the last one year, I would put it in these few words. "IT consulting is all about client relationships"(Sony VGN-FZ15G battery).

Flex Builder is now Flash Builder

All the latest Flash platform related news are about Adobe’s rebranding of Flex Builder which is now Flash Builder. You can read more from Serge Jespers, Lee Brimelow, Duane Nickull, Mark Doherty, Tim Buntel or Ryan Stewart and the Lee Brimelow’s FAQ. And I’ve decided to share some thoughts about this decision(Sony VGN-FW11M battery).

As we know Flash was born as animation technology and then become RIA platform with its own scripting language etc. To be precise the RIA definition itself is derived from Flash MX(Sony VGN-FZ17G battery). So we have animation platform with some interactivity (ActionScript) and very great IDE for animation (timelines, tweens etc) but EXTREMELY poor for scripting with very basic code editor and procedure code in frames across application movie(Sony VGN-FZ18E battery).

Time by time the situation is changing. Flex technology with declarative MXML was launched earlier than MS’s WPF with XAML (and MS possibly didn’t think about WPF/E aka Silverlight that times). Flex was right targeted for developers to develop APPLICATIONS (not movies) (Sony Vaio VGN-FZ18S battery) . Right, developers-developers-developers just before MS’s XAML/.NET based family with great designer/developer workflow.

But anyway who knows about Flex? Before >=2 version almost nobody knows. A lot of Flash developers can’t adopt this new technology for number of reasons(Sony Vaio VGN-FZ210CE battery). And the situation was broken after Flex 2 was released. We can call it as the victorious procession of Flash platform for developers. But who knows about this procession outside Flash community? A much less amount of people than we can expect(Sony VGN-FZ230E battery).

The most people just things nothing if I represent myself as a Flex developer. They don’t know about the subject and even don’t care. And if I try to explain my specialization in terms of Flash platform they become excited — oh yes! It is great tool for animations, rich banners, YouTube and promo sites. But what you say(Sony Vaio VGN-FZ21E battery )? You write code? ActionScript code? How very interesting. But ActionScript is very poor programming language, you know? What? It now supports classes? And even some other cool features(Sony VGN-FZ18 battery)? Great! But what about IDE? MS has great Visual Studio for their WPF and Silverlight but Adobe has just Flash IDE with just VERY BASIC code hilighting. It is funny you know? What? You have Flex Builder which is Eclipse based and has some code editor which is not so powerful as JDT but has a couple of features? Really? That’s cool, guy! Sorry, I’m hurry now. See you(Sony VGN-FZ190 battery)!

It takes a long time to divide Flex as developer centric technology from Flash as technology for creative people. Ok. We have Flash platform as an umbrella for all this family. Flash (means timeline and poor code editor)? Platform (WTF?) (Sony VGP-BPS9/B battery)?

In other side everybody knows Visual Studio. And calls it great (I can’t share it — in my opinion VS is not great as code editor but can be with ReSharper for example). And new Silverlight technology (developers, developers, developers!) (Sony VGN-FZ15G battery). Nobody can doubt Silverlight is great for developers. And it has really great designer/developer workflow (which Flex Flash will have only with Flex Flash Catalyst released). Maybe it isn’t great for animations but who cares(Sony Vaio VGN-FZ31S battery)?

Ok. What we have now? We have Flash IDE and Flash Builder IDE (looking forward for questions from customers and colleges about what is difference and why Flash Builder IDE has advanced code editor but can’t compile fla-files and Flash IDE can compile them but useless for serious coding?) (Sony Vaio VGN-FZ38M battery). And we have Flash Catalyst which can use projects imported from Flash Builder IDE but can’t share the same project and can’t edit fla-files. And have one ugly child aka Flex SDK which is what? How to explain colleges and customers why Flash Builder IDE hasn’t timeline and can’t build flas but can use something which called Flex SDK (why Flex? why Flash?) (Sony Vaio VGN-FZ31Z battery). And in other hand Flex SDK can be used to develop only in Flash Builder IDE and Flash Catalyst but not in Flash IDE. And what about beginners? Why Adobe going to drive them mad(Sony Vaio VGN-FZ31M battery)?

Well, Silverlight has ONE brand (which was divided from WPF). Maybe they won’t attract a lot of creative persons aka designers and animators but they have good positioning. So now Adobe tries to do the same using Flash brand. Which become well-established for creative persons but not for software or enterprise developers (sorry for that f-word enterprise word) (Sony VGN-FZ11Z battery). And never will. It is much more effective to use Flex naming for all the Flash platform parts in this situation (hope creative persons won’t bear a grudge for it and won’t become MS persons ). Yes Flash is de-facto standard for web animation and MS is very poor about creativity. So I hope Flex player can be successful(Sony VGN-FZ220E battery).

Or maybe it is better to introduce some new generic brand for Flash, Flex and AIR (the whole platform)? Anyway Flash Builder is way to nowhere(Sony VGN-FZ11S battery).

Anyway it is just only my opinion

Why Web Services Failed at SOA

First, let us review what is the concept behind services, with particular mention of the web services themselves(Sony Vaio VGN-FZ battery).

A service is a business functionality exposed by a simple interface. Note that it is not an object, nor a method, nor a module, not a procedure. It is pure business functionality(Sony VGP-BPS8 battery).

Services are consumed, not called, nor executed nor invoked. We define the service consumption as the interaction between agents, a client and a provider, which will communicate using a messaging system, where the data unit is a document. Consumption may be local or remote (meaning a service may not require remote communication) (Sony VGP-BPL9 battery).

A service may live in the web, where they are modeled as resources, identified by a URI. If not living in web, as suitable endpoint implementation should be provided(Sony VGP-BPL11 battery).

A service is described at business level with a contract, where a glossary of the terms is agreed upon, and the semantics of all business concepts and processes are clearly stated and known by interacting parts (this is important) (Sony VGP-BPL15 battery). The service implementation is defined by the service name, its contract, an endpoint (unique entry point/port) where to send messages, the operations the service offers, the message interaction flow, the message composition (including the document definition) and optionally a binding information(Sony VGN-FZ460E battery).

Nice definition. What is wrong with it?. Not much, actually. Just that when Web Services Architecture group decided to make those concepts into a standard, they did a great job, but also committed a couple of fatal mistakes(SONY VAIO VGN-FZ4000 Battery).

The first one was the actual selection of SOAP as the messaging protocol. Yes, SOAP is a big mistake, not because it is SOAP, but because of what it was created for. You can read here a very complete explanation of the SOAP origins by one of the people that worked on it, Don Box. There, we can understand the main problem to solve was creating a protocol to better support RPC (actually RMI) in a object distributed system(Sony VGP-BPS13 battery).

Yes, SOAP (Simple Object Access Protocol) was not created to support services documents and messaging. It was created to provide a technology neutral data/class definition system, plus supporting remote method access (that actually meant Remote Method Invocation) (Sony Vaio VGN-FZ21M battery ).

So, why is this a mistake? Well, unless your idea of services was, from the beginning, that of distributed objects and the exposition of their methods, SOAP was no fit for a Services architecture. Why is SOAP there, not sure, but my common sense tells me it was not its place(Sony VGN-FZ150E battery). If the idea was to support document oriented messaging, an RPC protocol was the weirdest decision I can think of. You will need to tweak the protocol to support what it was not supporting before. The only reusable aspect is that it was meant for HTTP transportation, which by the way is not a constrain of the WSA (it is the only implementation though) (Sony VGN-FZ15 battery).

History tells that soon after, SOAP was modified to allow document style definition, relaxing the literal RPC format. The SOAP acronym meaning was actually changed! So it is not an object access oriented protocol anymore, but a service oriented one. That should prevent people using it for RPC, was the hope(Sony Vaio VGN-FZ18M battery).

Ok, if that was fixed (SOAP adjusted), we may have no more problems with that, right?

What is the second mistake(Sony VGN-FZ15T battery)?

Well, a subtle one: they kept the RPC idea in SOAP. Backwards compatibility? Not sure, but the RPC literal was there, in SOAP. Worse, the WSDL included that option and WSA did not discouraged the practice! I may think it was because there were tools supporting this and the idea was not banning anyone from using them. So, people started (or continued) using RPC and calling them services(Sony VGN-FZ480E battery)!

Is that wrong? Well, a little:

a. The problem is RPC is not Services,

b. RPC does not share the service metaphor,

c, RPC has different implementation side effects,

d. RPC usually forces fine grain while Services try the contrary(Sony VGN-FZ31E battery)

e. RPC couples (per method name, parameters and interaction)

f. RPC is in the IT domain, while services should be in the business one (this is a big one).

g. RPC usually works in the distributed environment, but services not are always distributed(Sony VGN-FZ180E battery).

h. RPC forces request-response flow, while services may have any combination of flows.

i. RPC is usually blocking, synchronous. Services are asynchronous per messaging basic concepts(Sony VGN-FZ18E battery).

j. RPC parameters usually require serialization of objects (to be passed as parameters). Services do not even know what objects are nor the parameter concept, they deal with plain messages(Sony VGN-FZ15M battery).

k. In HTTP, as a particular implementation, RPCs mapping of concepts adds overhead to the call, while Services uses HTTP just as a transport and should not add more overhead(Sony Vaio VGN-FZ18G battery).

Ok but, what about that? In case the RPC was kept due to tools, the existing tools at that time may be kept as RPC tools, and new tools to work with services and their concepts should had been created. Easy solution(Sony VGN-FZ11S battery)

.

But that didn?t happen.

Actually, the tools took over and started to fight back! There was almost no support for document style. There was an RPC style non encoded. There was no standard way to represent a document (that you can feed the service call with). Yes, the tools claim they supported document style(Sony VGN-FZ17G battery). But when I did some research projects to compare the tools, I found the services created using document styles didn?t work at all! I created a service, then I created a client using the same tool, and the client failed talking to the service! I made it work by manually structuring the XML document to have the first element named as the method that implemented the service! It was RPC all along, and since nobody complained, I assume no one was expecting to work document style. Well, there were a few(Sony VGP-BPS18 battery).

But the worst comes afterward, with the creation of the Wrapped and Bare modifiers. They are no were in the WSDL nor the WSA. The wrapped is a way to use document style, but doing what I did manually in the lines above: formatting the XML to reassemble an RPC format message! You know what, testing the BARE modifier yield what I suspected: didn’t work(Sony VGN-FZ220E battery).

That means the tools and server vendors are still selling RPC, creating RPC ?services? and RPC clients. The ones that supported the document style, did a great job making people stay away from it, like Axis, whose example of RPC is a couple of lines long, but the same example using document style is gross and long, not even I could read(Sony VGN-FZ11Z battery).

Ok, granted, the web services implementation are just RPC in disguise. So what? We?ve been using RPC all our lives and we are happy with it, right(Sony VGN-FZ11M battery)?

Well, SOA is a style that looks forward to have its structure and components made out of business functionality. Under that assumption, we can build lots of additional features, like business composition (business processes), orchestration, governance, etc(Sony Vaio VGN-FZ31M battery). But, for that we need services as business functionality, decoupled by an uniform interface. RPC adds coupling to the mix, since we are adding the object or library concepts (for many, those two are the same!) , the method invocation interaction, the data coupling in the arguments lists, and the stiffness of non-variable method definitions (just change one argument and all breaks!) (Sony Vaio VGN-FZ31Z battery).

Point (f) above is important. All other features of SOA are built on top of the concept of a business functionality exposed as a service. Governance, composability, visualization, all those work with services, not with function calls. So, as mentioned in point f, what surfaces is IT, not business, and thus the features may not work as expected(Sony Vaio VGN-FZ38M battery).

Add to the mix that, to actually create the services, you must be a programmer. Since they reflect the RMI concept, we assume distributions, method and parameter passing knowledge, etc. Even more, the actual code is converted into exposed services, bottom up approach. This will create services shaped as the actual legacy implementation, which may not match the actual business at hand(Sony Vaio VGN-FZ31S battery). The top down approach, which should start with the definition of the service at the business domain level, is discouraged. Tools offer not help there (or very little), and only a few architects follow that path. So, the RPC influence is breaking the possibilities of actually taking advantage of the Services metaphor(Sony VGN-FZ11L battery).

Can I say that the whole failure of SOA as a agent of change, an encourager of business over IT in systems, a provider of business valuable concepts like business processes, governance and product composing, is just the intrusion of RPC in the whole dance? May be, but there are other causes as well. Still, SOA may not raise from he tomb if no paradigm shift is achieved(Sony VGP-BPS9/B battery).

Wait a minute. REST is in the title, it is another problem in your list? Or is it just the enemy of SOA?

Well, not really. REST is another architectural Style. It was made for a very different problem and I can assure you it is not the replacement of SOA(Sony VGN-FZ18 battery).

It is in the title because of two reasons:

1. People think the problem of SOA were the Web Services using SOAP,

2. and also people believe REST is a simple way of creating the next generation of services(Sony Vaio VGN-FZ21E battery ).

So, they are adding another point of failure to the new SOA by trying to construct SOA using what they call ?RESTFull Services?.

Why is it a fail point? I?ve heard REST services rock(Sony Vaio VGN-FZ21S battery) !

Well, first I own REST an apology. You see, actually REST has nothing to do with this. The problem is with the wrongly named REST services, which are no more than an API based on HTTP. Now, there could be REST services, but they are much more complex that the ones most people use. And bigger. So, let?s simply call those ?Not-So-REST Services? as Web API Services, (WAS? Nice acronym, a provider for one of those would be a WASP!) (Sony VGN-FZ230E battery).

Well, our WAS are, as usual, more oriented to functional calls (yes, RPC). There could be a way the WAS achieves a truly service meaning, when using HTTP as the messaging transport, and the Hypermedia as the documents. Yep, it is a nice match. But that requires people thinking on documents and interactions through messages, and they are not doing that. If you check, it is the same old RPC story again(Sony Vaio VGN-FZ210CE battery).

So, what to do then? Are we doomed, I mean, is SOA doomed?

Not really. We need to understand what a service is about, and provide a suitable implementation that allows developers to work with it without mapping. I mean, why does a service need to implemented as an object method call? It breaks the metaphor and thus breaks design and implementation, making it flawed(Sony Vaio VGN-FZ18S battery) .

I?m working on a DOSE (Document Oriented Service Engine) implementation in Java, WAS and WSA oriented (WSDL 2.0, that is), with no RPC. The programming model should be quite different that the proxy and RPC model, plus a set of articles to show how design using document orientation for services should be done(Sony VGN-FW11M battery).