On “Entrepreneur in the digital world”, Ruud Veltenaar started off the morning session with an intriguing statement, “Consumer is NOT king”. For a long time, businesses live by the opposite statement. However, he stressed that in this digital era, “Consumer is a dictator”. In his observation, consumers dictates what s/he wants, how s/he wants it, and how much s/he is willing to pay for it. Loyalty is meaningless when there is no real added-value to the product/service.

Two very important practise that any business need to focus on, according to Veltenaar, are 1) the consumers, i.e. your target market and 2) your competitors. He gave some astounding rise and fall case studies, Compaq vs Dell, ABN Amro, KLM (and other airlines) vs EasyJet (and other low-cost airlines). He has strongly emphasised that the current market is changing very rapidly, much faster than we can expect. Within years, a company can fall without knowing what the consumers want and keeping up with your competitors. For instance, he cautioned that Farecast is making drastic changes to the airline industry, whereby it allows consumers to fly at the cheapest rate available. Not to even mention about the drastic changes within months in the music industry!

Consumer behaviour has changed, and it will continue to change. But will large companies be able to keep up with the changes? I’m putting my money on M&As.

Finale
Besides the first morning sessions, the 34th ICT Symposium was mostly crap. Now that I know, it makes me wonder whether I should go for next year, or any others…

At least it provides me with an up-to-date happenings, socialise around, and get inspirations.

The two-day 34th ICT Symposium held at Tour & Taxis (Brussels) started this morning.

The first captivating talk was given by Patrick Dixon on “Take Hold of the Future”. He relayed the notion of “Emotion” as key to the success of any business. The concept revolves around 3 different entities, 1) Consumer, 2) Communities, and 3) Company. Simply put, the consumer must be happy with your product, i.e. what is the user experience? How does the general public react towards your product? And what is the working attitude behaviour of your employees? Overall, it’s just common sense. This is something we, MuSMo, is to build from day one. It’s not easy to achieve all these. One must have a set of common good values and principles, common visions and mindset, and the right people on board.

Application Security by Sebastien Deleersnyder
Highlighting what Cross-Site-Scripting (XSS) is all about, and how it is vital to combat against it to protect the integrity, confidentiality and availability of the web application. I’ve noted some websites that’d be interesting to check out…

• XSSed provides archive news information regarding vulnerabilities of websites.
• 0×000000 is a Hacker’s Webzine collects information regarding vulnerabilities in web technologies.
• Open Web Application Security Project is a community dedicated in providing insights to improve the security of software application.
• XSS Cheat Sheet provides a quick outlook on various attacking techniques to quickly determine the integrity of the code.

3 main tips that I took back with me.

1. Blacklisting filter scripts are performance hitters. Avoid it when possible. This is particularly true for TWiki’s BlackListPlugin. Of couse you can throw in more hardware, but that’s not really the best solution.
2. Input validation scripts goes a long way, e.g. truncate inputs and define regular expressions.
3. Use strictly HTML codes

Unfortunately, he didn’t propose any existing application/plugin solutions around XSS.

ICT Security in 2007: Trends and Issues by Jean-Luc Delvaux
Continual rise of attacks is inevitable according to their studies. But again, no real solution around the problem raised.

Does that mean companies have to de-perimeterise, re-perimeterise, macro-perimeterise, and/or micro-perimeterise?

One thing I’m sure, storing sensitive user information is an added security risk that may seem simple in the beginning, but with much thought it’s actually not an easy task. I would expect more and more companies using VASCO-type security implementations for the sake of internet security.

Critical Applications Performance by Jean-François Rousseau
Professionally crafted marketing for Ipanema’s solution in providing dynamic bandwidth allocation per user session in a WAN. At such, critical applications that utilitise enormous bandwidth will be given priority over non-criticals. What Ipanema provides is an easy and automated out-of-the-box solution. Great, but maybe not?

An alternative in the Linux world, though it requires certain expertise, is Linux itself with iproute2 for routing, filtering and traffic shaping. It can be complicated for novice.

Also note that compression and caching can go a long way. Though, that’d mean the stress and cost is shifted to the server itself.

Pay As You Grow Model for Managed Storage and Servers by Dirk Beynaerts
Acerta presented their case of moving from a colocation and own data centre to a managed service by Belgacom.

We have actually calculated the cost for colocation, and it runs high, especially when you need to hire the right people to manage the network infrastructure. It is only natural to let a company that knows the job best to do your job.

With hardware and bandwidth costs driving down, periodic review of pricing is important to ensure that the cost is kept at a reasonable rate. Also ensure that the SLA is kept by monitoring its health; both MRTG and Zenoss came into my mind.

Two important tips I took back were…

1. Check for compliancy and compatibility of both software and hardware
2. Capacity management. Will your provider be able to scale for you within days or weeks?

Mobile Service Oriented Architecture (SOA) by Fries Lefevere and Johan van Froyenhoven
Sybase’s Afaria was introduced as a software that enables quick mobile software development.

Particularly for websites, I don’t think it is necessary. Though it’s very important to know what the user will really want to see on the mobile device rather than a full scale webpage. Simplicity, where less is more.

Demystifying de-duplication by Patrick De Meyer
Quantum’s DXi Series was introduced as the next generation backup solution. What it does is backing up on the block level (whatever that really means), and not storing duplicates. It is handled by a central database index. It’s possible that if that crashes, everything else is gone.

It’s actually quite easy to create incremental backups on Linux. Simply, execute find /path/to -daystart -mtime 0 | cpio -dump /path/to/store/backup on a cronjob, which will find all the changes made today and dump it into a location, or change accordingly.

Depending on the need, am sure there are low-cost effective methods around this. For instance, if one is concern about downtime (and performance), one should replicate and stripe the entire server across using GlusterFS. Or real backups can be made via a simple script to tapes or anything else. Or create offsite cold spare periodically.

Either way, it is best to know what is really required to employ a particular backup solution.

Final thoughts
Overall it’s good. On some, I find it a bit professionally crafted marketing scheme to use their products. I understand where they are coming from and to whom it may target towards. However, with the right person employed in the company, ICT costs can be driven lower than expected without actually using such commercial products. Open source is the future with the right expertise, (un)fortunately.