Ed Brill

Post a Comment

1. 1  Andrew Price www.healthspace.ca | 7/1/2006 4:07:50 PM

   >>This is the good news/bad news of a development team blogging about a pre-beta product...great way to get feedback, but also a risky way to expose the decision-making process in product development.<<

   Huh? Risky?

   Not sure its risky really. At worst, this process has exposed the team to some different priorities than those they had considered. Whatever path they choose, they will have a much better idea what to expect in reaction from users.

   I don't think they have offended anyone (certainly not me -- I am thrilled that they are listening to my witterings and others' sage comments) and if they find the process uncomfortable, well they'll get over that soon enough.

   In my company we have been using discussion fora extensively (21,000 posts for one client alone) to decide design issues ever since we started, and although it is not a perfect way of designing a system, and has some pitfalls (all of which we discovered the hard way), it has allowed us to build systems consistently where others failed.

   So I applaud MB and crew for their openness and hope they will continue. Remember: "Cowards die many times before their deaths. The valiant never taste of death but once."

1. 2  Andrew Price www.healthspace.ca | 7/1/2006 7:34:08 PM

   eek, reread that again. Thus endeth the sermon. Sry. :(

1. 3  Richard Schwartz http://www.rhs.com/poweroftheschwartz | 7/1/2006 9:06:46 PM

   Regardless of how this plays out, I think it is for the better. Imagine if this same decision were made without discussing it publicly -- which I think it very easily could have been. Then nobody would find out about it until beta. That would be far riskier, IMHO. Right now, the development team has the chance to re-think, and the community has the chance to figure out what to do if the decision stands.

1. 4  Ian Randall http://www.emsoft.com.au | 7/2/2006 6:38:19 PM

   The other benefit of a consultative approach in the pre-development stage is that it avoids expensive development work, if all of the impacts of a change on existing users (simple end users, power users, developers and administrators etc.) are not considered.

   I for one applaud Mary Beth for being so open with the user community, even if it makes her and some others at Lotus a little unconfortable at times.

1. 5  Andrew Price www.healthspace.ca | 7/2/2006 7:21:10 PM

   Since we are now in Q3, how would Lotus feel about releasing the public beta of Hannover very soon? I had the impression that there is another "m" to go before the public one, if so can you go ahead and release anyway? Or are the plans/schedules involved just too complicated?

   There are a couple of pluses:

   1/ it gets feedback from the widest variety of destructive whiney monkeys earliest ;)

   2/ it would help seal the coffin of the 'Notes is dead' meme all the faster

   3/ it follows the OSS dictum 'release early, release often' and make us all feel part of the team

   The idea of beta software has now been around so long that even the computer press know how to write about it. Google has really raised the bar for long betas too.

   Just an idea, I daresay there are downsides I am neglecting

   :)

1. 6  Ed Brill www.edbrill.com | 7/2/2006 7:54:22 PM

   @5 Andrew, M2 -- pre-beta code -- was released to a limited set of "software design partners" last week, as well as a broader internal constituency (including me, though I haven't run install yet). Beta is still slated for this quarter, but more towards the end of the quarter.

   I think there are solid reasons for controlling M2 at this point...but there will be just as many solid reasons for broad distribution of M3.

1. 7  Andrew Price www.healthspace.ca | 7/3/2006 3:44:35 AM

   @6, Ed:>>I think there are solid reasons for controlling M2 at this point...but there will be just as many solid reasons for broad distribution of M3.<<

   Fair enuff!! Looking forward to M3 :) Thx for listening.

   btw Who on earth does the publicity for Good Technology? They sure know how to get a story out!!

1. 8  Nathan T. Freeman  | 7/3/2006 3:52:38 AM

   Well, I guess this will give us the chance to find out just how responsive to customers this team is. :-)

   Stuff like this wouldn't happen if they'd just hire me. :-)

1. 9  Carl http://www.instant-tech.com | 7/3/2006 6:32:42 AM

   @8 I think your head would explode if you worked at IBM and not for good reasons.

1. 10  Axel  | 7/3/2006 8:17:29 AM

   7 years of real life working experience in IT have proved to me that its allways to expose your internal process to the unwashed masses outside.

   Everything else ends up in a unproductive & corrupt thing with nightmarish results.

1. 11  Alan Lepofsky http://www.alanlepofsky.net | 7/3/2006 9:13:58 AM

   @7 - just out of curiosity (as an IBM competitive marketing person), what is causing your impression about "Good"? I'm immersed in IT all day long (web sites, magazines, etc) and don't really hear that much about Good, at least not enough to have the reaction you did. I'm not arguing, quiet the opposite I'd like to know what you are seeing, as I like documenting for IBM the best practices that other IT companies are doing. Feel free to email if you would rather discuss this directly.

1. 12  Richard Schwartz http://www.rhs.com/poweroftheschwartz | 7/3/2006 2:28:01 PM

   @11: Can't speak for Carl, but I've gotten loads of articles referencing their Notes integration in various RSS feeds (direct feeds and search feeds) over the past few weeks.

1. 13  Richard Schwartz http://www.rhs.com/poweroftheschwartz | 7/3/2006 2:28:38 PM

   Oops. Meant I can't speak for Andrew.

1. 14  stephen hood  | 7/3/2006 6:36:34 PM

   I think it was the right decision at this point.

1. 15  Andrew Price www.healthspace.ca | 7/3/2006 9:08:39 PM

   @11, @12: Yes, same for me as for Richard. I have a "Google News" feed set up to send me a summary of "Lotus Notes" stories. The last week or two its been delivering dozens of stories on 'Good' from all over the place. Whatever they are doing, it works! :) HTH Andy

1. 16  Nathan T. Freeman  | 7/4/2006 2:17:35 AM

   @14 There's a very simple reason why this decision is a bad one: { Link }

   Honestly, though, I'm baffled why the security team hasn't already forced a change.

1. 17  Ian Randall http://www.emsoft.com.au | 7/4/2006 2:18:14 AM

   Good appear to use the Horngroup for PR and Communications Services.

   { Link }

1. 18  Flemming Riis  | 7/4/2006 6:42:24 AM

   -@14 There's a very simple reason why this decision is a bad one

   If a admin resets a users password, what prevents them from opening the mailbox with a high priviliges id on notes ? (dont default permissions allow that) or a admin to reset a users internet password and seeing emails from webmail ?

1. 19  Richard Schwartz http://www.rhs.com/poweroftheschwartz | 7/4/2006 8:42:17 AM

   @18: In most large organizations, the Domino admins are separate from the network admins. The Domino admins are

1. 20  Flemming Riis  | 7/4/2006 11:13:39 AM

   -@18: In most large organizations, the Domino admins are separate from the network admins

   Sure but it still leaves ways to get into the system , focusing on the ability to reset a user password that -will- leave a audit trail really dont make any sense from my point of view

1. 21  Nathan T. Freeman  | 7/5/2006 2:27:02 AM

   @20 Then you're missing the point of layered security. Not all security compromises are the same. A compromise that allows someone to print to the executive printer is not the same as a compromise that allows someone to read encrypted correspondance between the CEO and the corporate counsel.

   The OS logoff strategy is basically a forced SSO model from IBM. It essentially REQUIRES all Notes shops to rely on the network operating system for security, because there's no longer a vector within Notes itself to establish independent security.

   Notes ID escrow management allows concepts such as certificate expiration and K of N password access. Does Active Directory offer this? It's possible to get a Notes ID out of escrow, sure. It's also possible to DENY that ability on a case-by-case basis, by, for instance, forcing a password digest check or changing the certified key pair after issuance. There are also companies that simply don't allow escrow of high-privledge IDs.

   The point is that organizations who may have done an enormous amount of work to secure and protect their 2-factor crypto environment will be pushed back into an OS-level user/password database model for daily use. That's fine if you already consider your OS model adequate. But VAST numbers of us don't. My blog post is one illustration of why -- a lot of AD admins don't even realize that kind of reset is possible.

1. 22  Charles Robinson  | 7/5/2006 11:43:27 AM

   @20 - It's the ease with which it can be done that is the concern. And the fact that Notes/Domino has had this level of inherent security since its inception and now it appears that it is being completely discarded, and for no good reason.

   So some users accidentally hit F5 and lock themselves out. Personally I'll take that over allowing any AD administrator to gain full access to anyone's Notes session with the full rights and privileges that user has. Remember, nearly ever government in the world uses Notes. Do you trust national security to Windows security?

1. 23  Flemming Riis  | 7/5/2006 4:15:18 PM

   -and for no good reason.

   sure i think its a good idea to have mutiple layers, and i think its odd to kill a feature before public beta that people like and use.

   single passwords are never good may it be a domino webpassword or a windows ad password , mix everything with secureid tokens or the like and we are a good way on the right track.

   -Do you trust national security to Windows security?

   or a domino admin that kept a copy of the id file when it was created just incase it got lost.