I took a long weekend, so this was my first chance to post even a re-run.

It’s a bit dated, (it ran in 2002) what with its references to web services, but substitute SOA for web services and it holds up pretty well.

At least, I think it does. But you’ll have to be the judge.

– Bob

# # #

Long before ManagementSpeak graced these pages, Mad Magazine had mastered the art of translation. My favorite:

What they say: It isn’t the money. It’s the principle of the thing.

What they mean: It’s the money.

To run IT, you need both money and principles, of course. Among the core principles for running a typical IT organization:

> Buy when you can, build when you have to.

> Minimize data redundancy.

> Maximize software re-use.

> Pick two.

If you buy when you can and build when you have to, you’ll use applications from more than one software vendor, your databases will be tied to your applications, and you’ll have redundant data. On the other hand, most vendors now write to an n-tier software architecture, which means you can get at the underlying logic, so you achieve software re-use.

Want to minimize data redundancy or maximize software re-use? Build everything yourself, or at least everything you can’t get from your primary ERP vendor. You’ll have full control over your code, too which gives you a fighting chance at re-use. Too bad you can’t afford either the budget or time to choose this option.

Web services promises to eliminate these trade-offs. The use of components instead of full-blown objects means logic is easily accessible while data is still defined separately, and the use of HTTP and XML means vendors can write general-purpose components and make money by renting them out. That means (blare of trumpets!) you’ll easily assemble enterprise applications out of commercially available components from all over the world.

It won’t happen — not because of technological obstacles, but because an enterprise application is more than a collection of general-purpose utility routines.

Software is an opinion about how a business should run. It’s expressed in code rather than English, but its an opinion nonetheless, so when you buy software from multiple vendors you’re buying differing opinions. Interfaces are where they clash. To state the obvious: Technology can’t resolve a difference of opinion.

Imagine you’re a retailer. Web services can solve some irritating problems for you, like managing the sales tax logic in multiple states, so as CTO you decide to adopt the architecture to run your whole business.

That’s when you discover: The different vendors from whom you’re going to rent components disagree on some very fundamental issues, such as how to define “customer.” One considers “customer” to be an individual. For a second it’s a household. A third, oriented toward hardware stores, perhaps, remembers that building contractors buy a lot of stuff and use a definition that includes companies and everyone in the company authorized to make a purchase.

Think you’ll just ship customer data into and out of components from all three vendors with impunity?

Think again.

The grand vision of Web services is that easy integration of independently engineered components will happen by just connecting them together like Tinkertoys. The reality: Integration is hard, even when designed into an application.

It won’t happen by accident, grand visions notwithstanding.

From The Hollow Men:

Our dried voices, when

We whisper together

Are quiet and meaningless

As wind in dry grass

Or rats’ feet over broken glass

In our dry cellar …

This is the way the world ends, not with a bang but a whimper.”

– T.S. Eliot

Assume, for a moment, that the world we want to live in can’t exist without freedoms and democratic institutions that in turn depend on informed citizens.

If you agree this is an essential precondition for a desirable society then you also have to agree we all need trustworthy sources of information.

Not just sources we trust. That comes later. First they have to be trustworthy.

I first wrote about the need for trusted information providers and how the Internet exacerbates the challenge of recognizing them more than two decades ago in InfoWorld (read “Trusted Information Providers,” 3/17/1997, although I didn’t draw the proper distinction between trusted and trustworthy.)

There isn’t yet a Trusted Information Provider seal, but we’ve reached the point where we need one desperately — not only as citizens but in our roles as IT and business managers and professionals. As evidence, I offer “Hoax attempts against Miami Herald augur brewing war over fake, real news,” (Tim Johnson, McClatchy DC Bureau, 2/24/2018).

Briefly, an Internet imposter posed as Alex Harris, a Miami Herald reporter. The imposter issued offensive tweets spoofed so Mr. Harris appeared to be their source. Another imposter, or possibly the same one, created a phony and equally offensive Miami Herald story by Mr. Harris, using screen shots indistinguishable from legitimate Miami Herald articles, and distributed them through Twitter and Snapchat.

I can think of only three reasons someone might do this. (1) They might be taking advantage of our increasing tribalism to discredit those on the other side of the issue being reported on. (2) They might be trying to discredit the mainstream media by making it appear to be disgusting. Or, (3) they might be going a step further, fostering distrust of any information we read because we can never trust that the source is who or what it claims to be.

Their motivations don’t really matter, though. The inevitable outcome is to further increase our tribalism and to contribute to the increasing distrust of the sources of information we’re accustomed to relying on.

When I first wrote about the need for a Trusted Information Provider certification body I was thinking in terms of whether a given information provider adhered to trustworthy information gathering and vetting practices.

The stakes are higher now. We need some means for validating that the information we encounter does come from its purported source.

For general news I can offer a short-term solution: Stop getting any of it from the Internet. It’s easy to fake up a page that looks like the source is CNN, Fox, or any major online newspaper. It’s much harder, not to mention more expensive, to print a fake newspaper and distribute it to hundreds of thousands of doorsteps.

Which in turn isn’t as hard as hijacking a cable channel to send out truly fake news.

But that doesn’t solve the problem. In your professional life you also rely on information providers. Only there’s a very good chance you have no print publications available to you. No matter your field … IT, marketing, finance and accounting, human resources, or what have you, printed magazines are as it were, pretty much yesterday’s news.

And it isn’t just general-purpose trade publications that are at risk. Think about information publishers like Gartner and Forrester. If you receive information from them you receive it electronically.

And if you receive it electronically it can be counterfeited.

We need something that reverses the usual order of things. If you subscribe to, for example, the Washington Post, you occasionally have to log in — to authenticate yourself so as to have access to the information it publishes.

What we need is a reliable mechanism for Trusted Information Providers to authenticate themselves to us.

I once helped a client become PCI compliant. The company was owned and managed by members of a tightly knit community. So when the time came to institute background checks, the CEO was incensed. “Background? I know my employees’ parents and grandparents! I was there when a lot of them were born! I’m a guest at their weddings! Why do I need background checks?”

When we were all truly tribal, proving you were who you said you were took no more effort than showing your face.

Not anymore.

Now, proof of identity just might be the central challenge of our age.