Saturday, 8 December 2007

Malacious help on Linux - and how to avoid it!

Today, I read this intriguing article on dangerous or malacious code on Ubuntu. The article was quite an revealeation in terms of how someone can ensure that your life with Linux is destroyed!

The post talks about some really malacious commands that were provided as solution to questions on various Ubuntu formums. They were cleaverly disguised as simple steps for solviing dialy computing issue while the ulterrior motive was to simple make life miserable for the poor hapless soul using the forum to seek solutions. The post makes you aware of the danger of seeking online help from unknown entities. Although the help on forms are not as bad as getting infected by virus, it dows play upon one main problem - the issue of trust.

Linux/Unix traditionally has been developed from communities and an open forums. Since no formal service agreements generally exist, help is often sought and obtained from communities. If the some malacious users of the very same communities turn against the users then, it does tend to become an issue. Of course, it is wrong to blame the entire community for a few malacious users but, it does suggest one problem of the Open Source model. The issue being raised is, on an average, you get good solutions but, never trust everyone. An implying issue is - how do you know whom to trust and whom not to.

As the very same post mentions, a simple solution is a wait-and-watch approach - wait for sometime to see anyone else responds with similar help of raises concerns before jumping onto to make the change. Other solutions could be:
1. Wait for some posts to appear on reputed blogs - at least a person who maintains a long time, well visited blog will not post malacious help
2. Try and get help from Linux documentation project () or the web site of your distribution - be it Red Hat, Ubuntu, etc. These guys generally maintain the forums to ensure malacious intent is not spread.
3. Post queries on multiple places and then see if you get similar responses. If something looks suspisiously different, raise a flag.

Of course all of this is time consuming but, being safe is better than losing the entire hard-drive! Maybe this is where an idea can be taken out of Microsoft's MSDN community. If something can be created like this, a really trust-worthy site could be developed where users can be relatively well assured of getting decent help.

Reference:
Ubuntu - Global Announcement: http://ubuntuforums.org/announcement.php?a=54

Why resourcing is difficult for Web Analytics?

Lately, I had to take sessions on Web Analytics to multiple user groups. The types of questions that were asked and the focus from the groups opened my eyes on a problem that we'd never realized till now - identifying the right ‘fit' of people for Web Analytics.

Come to think of it: When you have a Java project, you look for a Java resource. When you have a .Net one - you get a .Net person. But, when you have a Web Analytics implementation project, what do you do? The straight forward answer is - get a person who knows Web Analytics analytics. The question is, what is meant by *knowing* Web Analytics?

Web Analytics - Congruence of Technology and Business
The main problem in narrowing on Web Analytics skill set is that it is inherently different from the traditional technologies or Verticals. To implement an analytics solution, say for a client like Amazon.com, understanding of just Amazon's business model would not be enought. On the other hand, understanding of just the Web Analytics solution is also not enough. A knowledge of any tool will just provide details on how the tool by itself works.

To actually understand and work with Web Analytics, we'd ideally a need a candidate who is:

  1. Good with one of the Web Analytics tools
  2. Has a business tilt of mind, especially in identifying what things if measured add value to a client

The second point is nothing but an ability to uniquely identify the KPIs for the client's business being driven out of the Web Site. The KPIs could be anything from number of people buying a book (Amazon) or number of people signing up for download of a new White Paper (Lead Generation by News Distribution Sites). A person who can match the tools provided by the Analytics vendor with the measurement requirements of the customer is what we should be looking for.

Current issues
The issue we have now with Cognizant is that we have three different sets of people none of whom are really fitting into the role. We have:

  1. Developers who are completely focused on the web analytics tool itself - the way it works and the parmaters it provides
  2. Business Analysts who know the client's business but, are unaware on what the Analytics tools can and cannot do
  3. Architects who lose themselves into the intrcacies of implementation of the tool itself rather than providing customer solutions

(I was bombarded by implementation of Omniture Web Analytics product by architects in one of the session when the session was all about how to use the tool!)

So, the problem that I foresee is that we have people who have a view on just one aspect of the solution and none of whom are able to envisage the complete analytics package providing value to customer. This is the need of the hour and something that needs to be addressed

My Suggestion
To help overcome this issue, my suggestion would be:

  1. Train a batch of freshers and BAs on the Web Analytics products - focus on what the tool can do initially. Then, train the freshers on the implementation aspects.
  2. Try and identify people who envisage solutions and train them on designing Analytics solution. Ideally, these are the hands-on exprienced associates - people who have ideally had a stint at onsite and are in the position of tech lead for the projects. The reason for this category of people is two-fold:
    1. They have seen how customers think and understand how to think along the lines of customer
    2. They are sufficiently hands-on and know what is the problem being solved rather than diluting the problem definition.

Well, I've not got a batch to train as of now in Bangalore but, I do hope to get this type of group whom I can build for future projects!