The News – 10/30/01

 

In this Issue:	Recommended Reading
Cost of eBusiness Has Dropped	I realize this is the only newsletter you’ll ever need, but if you want more in-depth detail, check out:
Shameless Self Promotion Department
Time to Face Face Recognition Software	Stan Hustad’s The Coaching Connection
Denial of Service Attacks Getting Scary
The Taliban Virus
New Red Hat Linux Release Compromised?
Microsoft Blames the Messengers
Power from Space

 

Cost of eBusiness Has Dropped, and So Have Many Consulting Firms

It wasn’t all that long ago that leading industry analysts like GartnerGroup were quoting million dollar price tags for fully-developed, eCommerce-enabled Web sites. That obviously scared many businesses away. According to BtoB magazine, however, the price never really got that high, topping out at $608,000 last year. The real good news is that the price has dropped significantly in the last year to $250,000 for a large site and only $65,000 for a small site. The main reason for the decline has been the dot-com collapse, according to the magazine. Whereas last year many site builders couldn’t keep up with the demand, this year the lack of dot-coms and the tight purse strings of blue chip firms has driven many development firms to trim staff, cut costs, and even declare bankruptcy. Also contributing to the lowered cost has been the maturation of the tools and techniques consultants use to build sites. At the same time, the arms race of advancements in HTML and other Web technologies has slowed over the past year. This has allowed formerly-premium skillsets to become commoditized, and thus cheaper to obtain.

	Small	Medium	Large
May '01	$65,000	$125,000	$250,000
May '00 *	$113,500	$119,500	$608,000
Sept. '99	$77,500	$170,000	$405,000
Feb. '99	$78,000	$150,000	$440,000
June '98	$44,500	$99,750	$302,975
Oct. '97	$25,000	$83,000	$275,000
April '97	$18,750	$67,500	$330,000
Sept. '96	$26,100	$102,025	$596,073

All this means it’s a buyer’s market for Web technology. In fact, there may never have been a better time to buy Web technology. Unfortunately, customers are staying away in droves.

Things have gotten even worse for Web development houses since May, when the article was published. There have been high-profile flameouts like MARCHfirst, and a raft of industry mergers and acquisitions. Even the Big 5 consulting houses have had to roll back their rates and cut staff. Nonetheless, size has offered some protection in the professional services market, as the little guys are suffering as the big firms start reaching lower in order to find deals.

An innovative way for smaller professional services firms to gain size without consolidating is represented by Catenas, a professional alliance of 10 small to midsize companies with combined sales of $132 million. The members are niche leaders in areas like Web development, relationship marketing, and data mining, and none competes directly with the others. And they’re not all companies you’ve never heard of. The McKenna Group, marketing guru Regis McKenna’s company, is a member. The companies plan on sharing employees, office space, project-management software, mass procurement, banking relationships, and a credit line. Rather than participate in the current industry consolidation, Catenas vows to never roll up its member companies, and owns an equity stake from 10 percent to 49 percent in the member companies. In turn, each of the member companies owns a 5 percent stake in Catenas. Using business alliances as an alternative to mergers and acquisitions is becoming more common phenomenon, often as an outgrowth of grassroots and industry associations.

Businesses in the market for Web solutions should be able to pick and choose from a selection of ardent suitors. These competing professional services firms are using more mature and less expensive toolsets that are more likely to produce the desired result. All that’s the good news. The bad news is, if spending on eBusiness development doesn’t pick up soon, attrition will assure buyers of much less choice in the future. As firms shed high priced, experienced talent in an attempt to compete on price, the quality of solutions could suffer as well. The possible bright spot is the fact that professional services firms, with their 6 to 9 month deal lead times, are a lagging indicator. Once they bottom out, we can be confident the economy is on the rebound.

BtoB

 

Briefly Noted

• Shameless Self-Promotion Dept.:  Look for a new directory, debuting this week: Nanotechnology Resources. Frankly, I was overwhelmed at the amount of information on the Net about this technology and thus didn’t get the directory finished in time for the article in the last SNS. It will feature commercial and academic resources along with pointers to other directories and link pages.
  StratVantage Directories
• Time to Face Face Recognition Software: In the post-WTC world, opposition to the ubiquitous use of face recognition systems has lessened. There was a great hue and cry after it was used at last year’s Super Bowl and by Tampa police in certain problem neighborhoods. GartnerGroup sums it up this way: ”Predictably, many object to using face recognition the way Tampa has, arguing that the technology gives too much power to the state, and that it increases the chance for misidentifications and false arrests. Others contend that the technology provides a relatively nonintrusive means of apprehending known felons and potential terrorists, as opposed to more traditional police practices such as random street searches or roadblocks.” Nonetheless, Gartner thinks face recognition could find uses in screening school employees, day care workers, or bus drivers, in developing child ID programs to help find missing children, and as a general authentication scheme for computer access and voter identification.
  
  Video crimefighting the old fashioned way was given a boost recently when Biscom unveiled Webeyealert, which transmits live video via the Web or mobile devices. The inexpensive, motion-activated product is aimed at keeping tabs on work environments, schools, airports and other venues. One high school in New Hampshire reported that vandalism ceased once Webeyealert was deployed. So one way or another, it’s much more likely someone is watching these days.
  
  For me, the key to acceptance of surveillance systems, face recognition and other biometric systems is how the technology is used. Currently, the Tampa police erase images they obtain if there is no match to a known criminal. Unless this procedure is mandated in law and in software, however, there’s nothing to stop the police’s usage from evolving into surveillance of citizens without probable cause. Before we go to overboard on the use of any biometric technology, we have to be sure the problem we’re solving is worth what we give up. For example, is voter fraud widespread enough to make the creation of a face image database of the entire US voting population worthwhile? The type of power represented by such a step can only be good if we trust our government to always do the right thing. Even Congress doesn’t do that. Witness the four-year time limit it placed on the new law enforcement powers granted in the Mom & Apple Pie, er, Anti-Terrorism bill. Gartner recommends government move slowly on this issue, to ensure privacy concerns are adequately addressed.
  GartnerGroup
   

• Denial of Service Attacks Getting Scary: Carnegie Mellon's CERT Coordination Center warned recently that Windows users and Internet routing equipment are the targets of miscreants who launch denial of service (DoS) attacks online. A denial of service attack enlists dozens or hundreds of machines (colorfully termed zombies) to bombard a Web site with bogus requests, effectively denying service to legitimate users. According to CERT, crackers have begun targeting sections of the Internet that are likely to contain Windows machines. The shift from Unix machines to Windows computers as the preferred DoS hosts began late last year. Crackers are also using routers, which control the flow of information on the Internet, in attacks, preying on machines with weak passwords. Attackers are increasingly using Internet Relay Chat (IRC), a type of Instant Messaging (IM) system, to direct DoS attacks. Most alarming, however, was the contention by many speakers at a recent security conference that things really aren’t that much better, network-wise, than they were in February 2000, when a fifteen-year-old Canadian boy used distributed denial of service tools against sites like eBay, CNN.com and Yahoo!, knocking them offline.
  The Register
• The Taliban Virus:  With all that’s going on in the world, sometimes you just need a good laugh. So here’s the Taliban Virus, presently circulating in the wild:

DEAR RECEIVER,

You have just received a Taliban virus. Since we are not so technologically advanced in Afghanistan, this is a MANUAL virus. Please delete all the files on your hard disk yourself and send this mail to everyone you know.

Thank you very much for helping me.

Abdulla
Talibanian hacker
 

• New Red Hat Linux Release Compromised? Just to try to convince those of you who are sure I’m an anti-Microsoft bigot that I’m not, and in the spirit of a previous SNS, I present this item about the possibility of a breach of security in version 7.2 of Red Hat Linux, released October23rd. A security expert claimed the latest online update of the operating system, code named "Enigma," may have been tampered with by attackers because two distribution files available from some download sites were not digitally signed by Red Hat. I’m immediately suspicious of this claim, however, because it smacks of a publicity stunt. The source of the information is a security expert who just happens to plug his book in the news item. “Either Red Hat did not sign these packages, or someone subverted the distribution process before the files got to various sites,” said the expert, who will remain nameless here to prevent any more free publicity. Without digital signatures, “it becomes trivial for an attacker to replace packages on a distribution site with no one being able to easily verify that they have been subverted.” Red Hat confirmed that the two files lacked signatures, but asserted that there was no security compromise. The company didn’t sign the files because they did not deem it necessary, according to a spokesperson. One of the unsigned files was merely a listing of files in the distribution and the other contained the version number of the release. Red Hat said security-conscious users should obtain the distribution via CD ROM.
  Newsbytes
• Microsoft Blames the Messengers: Scott Culp, manager for Microsoft's security response center, published an essay on the company's site attacking the common practice of releasing sample code that demonstrates a security hole in the company’s software. Calling it “information anarchy,” Culp obviously seeks to draw a line between responsible disclosure and arming people with the tools and software needed to attack computers. You know what? I agree with him, to a point. Many of the people who find and publicize bugs in Microsoft software make no attempt to get the software giant to fix the problems before releasing so-called exploit code. They do this for their own reasons, which may include notoriety and hatred of the software monopoly. I also agree with Culp when he argues that security bugs will never go away. But what I don’t agree with is the rather transparent way that Microsoft is trying to deflect blame from recent debacles like the Code Red worm, which infected more than a million Web servers running Microsoft's Internet Information Server software, and the Nimda worm, which caused havoc by exploiting holes in both servers and desktop computers running Microsoft software. Microsoft needs to address the repeated vulnerabilities of their software first, and blame the messengers later, no matter how inappropriate their message is. C|Net
   
• Power from Space: The science fiction concept of gathering abundant solar power via orbiting satellites and beaming it to earth may be a feasible solution to our energy problems, according to two recent studies. Space Solar Power (SSP) has been discussed since the ‘60s, and reviewed by both NASA and the Department of Energy in the past. In 1995, NASA started its Fresh Look study of the technology, and concluded that it might be a good idea after all, if the high cost of launching to orbit can be brought down. The National Research Council (NRC) recently took a new look at NASA's current SSP efforts in the report: Laying the Foundation for Space Solar Power - An Assessment of NASA's Space Solar Power Investment Strategy. The report notes several advancements that help make SSP more feasible: Improvements in solar cell efficiency and weight; wireless power transmission tests in Japan and Canada; improvements in robot manipulators, machine vision systems, hand-eye coordination, task planning, and reasoning; and wider use of advanced composite materials and digital control systems. The second study was done by energy and environmental policy think tank Resources for the Future (RFF). The study looks at SSP as a means of providing power for in-orbit activities, such as satellites and space stations. One big advantage of such an approach is the ability to leave out heavy power supplies when launching satellites into orbit. Sounds like it may not be too long before Robert Heinlein’s 1942 view of a wireless-powered future becomes reality.
  Space.com