I saw something the other day that is unfortunately rare these days, a company HAPPY with IBM/Lotus Notes..

Now roll back the clock 10 years and this was the case all-over, the once proud product that used to be my bread and butter and now only accounts about for about 20%-30% of my work (the rest being taken up by Java and Javascript on Websphere/Jboss/Node with a happy side line customising IBM Connections) was loved by a huge number of its users and they bought it in droves… so what did this this office have that kept them in this happy state?

It turned out to not be what they had but what they DID NOT have, they had no limitations on who could create databases on the servers* also they all had the full Notes client with the designer, so departments created apps just like they did in the old days, they took the standard templates and altered them to fit their needs just like the do with Excel spread sheets, MS Access databases and indeed to some extend Sharepoint,

Notes had not become controlled by the management and techno elite, it was used by everybody, there was no fighting for “engagement” as is the case for modern social platforms, it was achieved organically without the need for HR and marketing to stick their hoof in.

So if you want my opinion about the real reason that notes is not as popular as it used to be, blame IT and management for wanting to control everything, for taking the users that want to be pioneers and making them drones.

*Though there were a few sane guidelines

(If this post sounds a bit world weary its not meant to be)

Sooooo, the ‘last lotusphere’ has come and gone, leaving a warm feeling* and more than a few tears, how did IBM handle the passing of one of their longest running conferences.

It was a far smaller conference (or rather intimate as IBM have stated) but it was sized as such so we were not rattling around in the 11,000 space that we have for previous years, there seemed to be just over 2000 of us with a few space issues, it looks like IBM padded the numbers a little bit too much with their own staff (although with IBM staff no one knew or cared about while denying access to the people the comunity really wanted to see)

Looking at the new offerings it feels like a major change coming from IBM, during the good times IBM products did 80% of what the clients wanted with the parters like LDC filling in the remaining 20%, however in the last few years IBM products have only been providing 50%-60% of what clients wants (compared to the competition) meaning people simply did not buy them and thus the partners got to provide 0%, now IBM seem to be fighting back with their design team leading the charge, however to me they seem to aiming to provide about 95% of what clients want…will the remaining 5% be worth waiting round for? (though it has been pointed out to me that 5% of a much bigger pie would still be a good thing)

To me a lot of what is shown was designed for users not partners, I think that the age of partners is nearly over

IBM Verse

1. On par with GMail (even if there is a lot of mad icon placement)
2. Some unique features such as the mute thread and the waiting for action (ooooh is that going to be abused by managers), xpages intergeneration side verse and running on bluemix.

Connections Next

1. Lots of new features a lot of them aimed at the cloud, I need to have a look at them in detail to pass judgement, but such a sudden jerk away from on premises, runs a bad risk of angering existing customers while not gaining any new ones,

LDC were there in force (or rather LDCVia as we are are now named to match our first product) and nicely on brand even if were cant manage the reputable part yet.

Julian and Ben handled the night time work and the socialising, I seemed to end up talking to partners while wearing smart trousers and a shirt (I’m not sure how this happened), but it was good talking about a real product we have built and how we could glue it to other vendors offerings to build something even better.

Matt was hugely missed but as he and his good lady were getting ready for the arrival of their second born I suppose we can let it slide just this once (but don’t let it happen again)

I did not do hardly any drinking or going out this year mainly due to being shattered at the end of each day and also having work to do, but the turtles ( Gab, Tim and Mike) insisted that I go out for a round Epcot pub crawl (a drink at every country) which turned out to be one of the best nights I have ever had at the conference, why Why WHY had we never done this before

Personally this was the most business orientated conference I have ever done, other than the fact I was in jeans less than half the time, this was the first time I have got to go to the leadership Alliance, that and the champion status let me talk to a lot more people about “stuff” than I ever have before. there was also far less “conferencing” for me, I did not attend the closing sessions or any of the IBM parties but still only managed a few hours sleep a night as there was so much going on (I was also looking for work and that takes up time)

The session of the conference goes to Mark Roden’s and Mark Leusinks excellent “The future of web development write once, run everywhere with angular js and domino” which had everything a good session should have

1. Topical (AngularJS)
2. Relevant to target audience (Domino)
3. Interesting and well presented
4. Something to take home (the app is live)

Happily my own session went over quite well, with a reasonable turn out (my sessions being so fringe are never that well populated) and excellent audience participation. so I’m happy.

Where does this leave next year??, the merging of this conference into the giant IBM one in Vegas makes a lot of sense to a certain marketing point of view, but it would also kill the life and technical content of the conference formally known as lotusphere, leaving only the lugs to go to if you want to learn anything, but as marketing hold the purse strings for this kind of thing I dare say they will have their way (booo)

All in all a great conference and even if it was the last one it was a great send off, roll on [Engage](http://engage.ug/) in march

*Like pissing your self in a dark suit

My self and the rest of LDC went to the MongoDb Coming To You day in London and amongst the many interesting sessions, there was one about MongoDb security, I’m not going to even post a link to the slides as the interesting part was not on them, it was an story about a company going under due to losing control of their AWS (Amazon Web service) access keys, their site was hacked, their servers terminated, their databases deleted and all their backups purged. Everything…. Dead

This gave me quite a shudder, I’m more than a little bit paranoid at the best of times, but it did remind me of off the old phrase to never “put all your eggs in one basket” and that applies as much to cloud platforms as to anything else, however its a tricky trap to escape from as the cloud service providers sell them selves as everything you could ever want and there is no need to have any other vendor, they make it sooo easy to just bolt on services using the same credentials, yes they do provide granularity and yes they provide 2 factor authentication, but they are always a single point of failure and there is no physical security measure if you suffer a major breach (you can’t pound down to the server room and yank the cables out the back of your router or servers) if the bad guys get your security keys then they ARE you.

So what to do?, cloud services are cheap and hideously powerful for their money, not using them robs you and your company of a major advantage in the Internet economy?

Well let’s relate this all back to personal experience and in particular LDCVia, after the conference we sat down and worked out some worst case scenario ( loss of the root account API keys, breach in a primary admins 2 factor authentication or a member of the LDC founders being possessed by a Brain Slug) and figured out how we would deal with them, not what we would do to prevent them, as we had already do everything we can to that end:

1. 2 factor authentication on every account capable of doing anything at an infrastructure or admin level
2. Not using primary accounts or their API keys for day to day activities.
3. Multiple single function accounts and granulated security.
4. Operating level accounts should not have access to database content
5. Proper firewalls.
6. etc. etc. etc.

But how much damage we would be looking at and what the hell we could do to mitigate and recover from it.

For how much damage?, cater to losing all of it, the whole lot lost or compromised 🙁 how are we going to deal with that >:( .

1. Backups should not be on the same security domain as the servers and databases. hell they should not even be on the same cloud service (you create backup accounts with read only access to only databases, with no OS access) and the servers should have no idea the external backup provider exists, don’t forget to limit the source IP address for these accounts or else you are just giving people a nasty back door to your data.
2. App servers and database servers should should be segregated in the same way if possible, now this will often depend on network connection speed as db access though a firewall is really going to slow down your apps, but often cloud providers provide good links between different accounts on their network.
3. Inquire with your cloud provider about a separate authentication method in the case of a breach, a phone number to call and a list of real people and credentials such as you use for phone banking that can shut down all access so you can pick up the pieces,
4. Talk and I do mean actually TALK with your provider to find out what provisions they have for this scenario type. and while you are there find out their notification schedule are you being told about their network changes? also what back door accounts to they insist on adding to your systems, how are they protected? … in short be knowledgeable about your cloud platform.
5. Can you take full images of your machines and store them else where (not just backups), they are a lot faster to recover from
6. Work out your full DR restore strategy, how fast can you get all the servers and database built and back on line, what gets built in what order, what do you tell your clients during that time, what’s the public message you display? get it all written down distributed to the right people and for heavens sake down store it in one place.

I think I need a brown paper bag and a quiet place to calm down (shudder)

It would seem that truth is stranger than fiction and the truth is that I have been made an IBM champion

Now as I understand that you only get to be an IBM champion when you are recommended by people who can provide good reasons for you being one, I reckon I know who sponsored me for it and I would like to thank the 4 criminals that I believe are responsible…. its your fault

So this means a number of things

1. I will be more respectful on my blog …… hahahahahaha!
2. I will have to post more articles…. Groan
3. I will have to post more USEFUL articles…. Groan x 2
4. I have access to the rest of the IBM champions who turn out to be smart arses †

Ignoring that stuff it does mean that if I am luckily enough to work with the turtles again this year, there will be 3 IBM champions on the team ( Gab Davis , Mike Smith and me) which will really rock hard for clients.

† Here is an example of the IBM Champions solving a problem quickly

Mark Myers: here is an oldschool challange for IBM champions: where do you find a complete listing of the notes exceptions, and I don’t just mean the 3XXX and 4XXX ones, I need the 5XXX and 6XXX as well (in particular I want to confirm 6408 and find out what 5631 means)

Julian Robichaux: Mark, are the numbers you’re looking for in decimal or hex format?

Julian Robichaux: if they’re LotusScript, try running this agent and checking the codes in the resultant CSV file: http://www.nsftools.com/tips/ApiErrList.htm

Julian Robichaux: that’ll give you up to 3FFF in hex. In the API headers, that used to be the highest valid return code.

Mark Myers: not sure, just returned as an int, but that is a good point

Julian Robichaux: iirc (and it’s been a while), numbers higher than 3FFF were just bitmasked to indicate where the error came from (client or server, or something like that)

Mark Myers: ok

benedek.menesi: Well 5631 would be 15FF in Hex which is a valid error code and stands for “Cannot handle the import file. Check file name and file password”

Mark Myers: Oooooooooooooooo that would match the problem

Julian Robichaux: and 6408 is Wrong Password

As I said smart arses, shame they are nice as well

Shameless Repost

Mr White has rustled up a nice little bit of code to show you how to integrate Xpages with LDC via

find it on the LDCvia blog –> Integrating LDC Via with XPages