Here’s a copy of the presentation I’m giving today at Interop. It looks at the perils and best practices of moving an application from internally-run to software-as-a-service.

| View | Upload your own

We’ll be presenting on web monitoring at MeshU.

Mesh is a part of Mesh, Canada’s web conference, which happens in mid-May in Toronto. Given Microsoft’s recent announcement of the Mesh technology to synchronize all your digital content, they can probably make a killing on the URL.

This will be a workshop/tutorial on the state of web monitoring, including web analytics, synthetic testing, and how to build monitor-ability into applications. I’m using lots of monitoring tools on Bitcurrent to collect raw materials for the session.

[Read more]

Playing around with Slideshare as a way of uploading my Pitfalls of SaaS post, I came across this latest from Morgan Stanley. Mary Meeker always has an enlightening view of the world.

| View | Upload your own

At O’Reilly’s conference on emerging web technologies in San Francisco last week, several of the hit topics from last year’s conference have become full-blown tracks this time around, reflecting how quickly a niche topic like the Facebook Query Language or the mobile web become mainstream.

Another key trend is the move away from traditional web-based interfaces to alternate ways of interacting with applications, from SMS or instant messenger to e-mail. Brady Forrest, co-chair of the event for O’Reilly Media, also listed personal analytics as a growing theme at the conference, citing applications like Socialistics that provide “lots of info porn on your network.”

While much of the event’s content revolves around the practice of running sites, there are a growing number of sessions on how to manage user communities, design interfaces, develop SEO-friendly applications, and include gameplay in sites. “We’ve done a really good job of making this a place where people can learn from those who are defining the future of the web,” said Forrest.

It’s a reflection that the job of web operations, which used to involve hardware, is now as much about managing analytics, communities, content, and legality.

OK. Everybody, repeat after me: The Rules of Google Do Not Apply To Me.

(Yes, yes, unless of course you happen to, you know, work for Google.)

I refer to this mistake as The Google Fallacy - namely, that the ins and outs of what makes Google tick can be generalized to every web site if not the Internet as a whole. The problem with this assertion is that Google’s challenges are unique to Google. Unless you to have a few million servers to administer and $4.2B/quarter of revenue coming over your web site with a 45% year-over-year growth, extrapolating their issues to you just doesn’t work.

[Read more]

The Interop track next week is all about cloud computing and software-as-a-service. The two aren’t necessarily related — in fact, there’s considerable confusion about what the difference between grid, cloud, and SaaS computing is, as well as a host of new acronyms: Platform As A Service (like Salesforce.com’s APEX), or Hardware-As A Service (what some folks are using to explain Amazon’s EC2.)

PaaS, HaaS … please, please, someone come up with Application As A Service.

I’m at Web2Expo this week, followed by Interop next week. I’m moderating a discussion between database heavyweights: Brian Aker, Director of Technology for MySQL; Dave Campbell, Microsoft Technical Fellow behind MS SQL Server; and Matt Domo, General Manager of Amazon SimpleDB. My first question should really be, “why isn’t Oracle here?”

But with the exception of that session, everything I’m seeing is virtual. Here’s my list of ten companies with a virtualization theme you should probably know about.

1. Elastra, whose seasoned CEO has them out of the gates in record time with a technology for provisioning whole app clusters across any grid you want.
2. Platespin, who suck physical machines into the virtual world, and just completed acquisition by Novell.
3. Bluelane, focusing on security within the virtual machine — since if someone owns your hypervisor, you’re a whole new kind of crispy toast.
4. Stacksafe, who I interviewed for GigaOm out on the pier. Very interesting use of virtualization to do pre-production testing.
5. 3Tera, who launched a major upgrade to their virtual machine management technology at Web2Expo this week.
6. Rightscale, who make virtual machine management tools. They just closed a round from Benchmark.

But wait, you say, that’s not ten! Yep, there are four in the list that I can’t get into yet. Stay tuned. They’re all twists on essential parts of a modern application, using bits instead of atoms. And that changes everything.

I’m not a huge fan of security and everything that is associated with it. That’s not because I don’t think it’s important; I actually think it’s critical in both networking and application development. But, rather, it’s just not my thing and I’ve usually been in technology areas where security is important, but somewhat peripheral.

That being said, I attended a couple of sessions at Web2Expo today where security issues were a takeaway in both.

First, Jacob West (who’s written a book on security) gave an interesting talk on the “Dark Side of Ajax.” It’s not news that Ajax has some significant security holes that have been exposed already and are somewhat well known. Some examples:

• Cross-site scripting lets malicious users insert bad javascript code into the content of a website and harm future visitors (the famous Myspace worm exploited this).
• Cross-Site Request Forgery (CSRF or XSRF) is nasty and exploits websites that need user authentication (among other things)
• And a new one called javascript hijacking that Jacob has actually written a paper on.

I’ve seen similar presentations at other Ajax/web2.0 events and it’s interesting to me how it’s a lot of talk about how there are problems and very little about what’s being done about them. Mr. West did talk about how some popular Ajax frameworks are addressing the javascript hijacking issue, which is great. But, what happens with the next vulnerability, and the one after that?

[Read more]

I’ve been thinking about polish a lot lately. I started overusing the word as part of my standard investor pitch but lately I’ve found myself thinking about it much more broadly.

Let’s start with a little about me. I’m a geek. I love geeky things. I’m unnaturally comfortable with a UNIX command line prompt and seeing the numbers “20 45″ still make me think “this is the start of an IP header”. To this day, my wife would like it if I could remember trash day and free() the neurons associated with 6502 assembler and the Apple II memory map. You would think that pretty GUIs and end user experience aren’t top of mind issues for me.

But they are. They have been for a long time. I was fortunate enough to land a job as a tech in a medical billing outfit straight out of highschool where I was exposed to very smart people (doctors and nurses) who didn’t give a rat’s ass about electronic medical records, EDI, and managing billing systems that could integrate to electronic billing for insurance providers. They in turn threw my attitute into whack — their primary goal was taking care of patients and as far as they were concerned, the technology would have to come to them on their terms.

[Read more]

Most of the web operators we talk to have some degree of visibility into what goes on within their applications. But many lack a complete picture of their site.

There are hundreds of tools available to show what’s going on with a production website. But the problems arise when people try to use the wrong tool for the job, which often leads to bad conclusions. In my experience, operational questions fall into four major categories:

• What did my users do?
• Could they do it?
• Why did they do it?
• How did they do it?

There are four classes of tool that answer these four questions. But they’re all similar enough to cause confusion. Here’s a clarification.

[Read more]