(InfoWorld) - The alpha geek consultants at the McKinsey Quarterly are out with an interesting new research paper that says app developers have to get lean – as in, adopt lean manufacturing techniques. That’s right, you know who you are – slim down, toughen up, drop and give me 20!

Of course, these are the same McKinsey folks who routinely helicopter into large corporations and charge millions of dollars to provide the CEO with a list of people to be laid off or “restructured,” as it were. So let’s remember that whenever they propose a strategic, 2-to-3-year organizational transformation of this type, they’d probably also like to get hired to manage it!

That said, the argument they make is provocative: that ADM (application development and maintenance) processes are poorly organized and fraught with waste and rework of the same kind that plagued manufacturing before the Japanese pioneered lean workflows.

Despite massive efforts to cut costs through offshoring, McKinsey notes, ADM (of which labor comprises 80 percent of costs) now accounts for half of IT budgets and continues to climb. Furthermore, there are big differences in app dev productivity among large organizations – for most, applying lean principles to app dev could increase productivity 20 to 40 percent while improving quality and speed.

Getting these benefits, according to the report, means thinking of ADM “as a kind of factory.” And then systematically eliminating sources of waste such as overproduction (unnecessary functionality), rework (requirements changes), “wasted motion” (ineffective prioritization), “wasted intellect” (limited developer cross-training), “wasted time” (idle developers), and inventory waste (maintenance backlogs).

The report runs through traditional “lean” solutions to each of these problems, such as “flow processing,” which “reduces overcapacity by aligning the rhythm of output with the flow of production.” Others include load balancing, greater standardization, segmentation of projects by complexity, and “quality ownership which extends beyond the testing group.”

And of course the consultants note that achieving these efficiencies requires not just process changes but shifts in behavior and new management tools (which they’d be happy to provide, no doubt). And they note that making these changes can be tough, because they have to become embedded in an organization’s culture to work, often “overcoming stubborn resistance” along the way.

Traditional software development methods such as CMM (Capability Maturity Model), function point metrics, and CASE tools fail where lean techniques would succeed, claims McKinsey, because they fail to address organizational and cultural issues such as alignment between business and IT – or the waste that can occur in the early definition and design phases of a project.

Does this mean I’d recommend dropping a couple mil on a McKinsey lean study for your company? Maybe, but first go out and spend $16 on a great book called "The Goal," by Eliyahu M. Goldratt. It’s a fast, fun read (there’s even a romantic subplot), and it gives you a real-world sense of what lean manufacturing principles are like in an actual factory setting (and will stimulate your thinking about how they could be applied to ADM at your company). Maybe buy copies for all your developers and managers. If that fails, you may have to call in the suits.

(InfoWorld) - Yahoo's CTO, Farzad Nazem, is stepping down.

Farzad has been with the company since 1996 and had served as CTO for the past decade, overseeing Yahoo's engineering and product development. He also served as head of Yahoo's Technology Group.

He leaves as the company is struggling to compete with Google, the leader in the Internet advertising and search space.

"After spending the last 26 years in this fast-paced technology industry, I've finally decided it's time to slow down," Nazem wrote Wednesday in a posting to the company's blog.

No replacement for Nazem has been announced, but Yahoo co-founder Jerry Yang "will be acting as the interim executive sponsor of the Technology Group until we identify my permanent replacement," Nazem said.

Nazem's resignation was disclosed in a company filing with the U.S. Securities and Exchange Commission, made Wednesday. His resignation is effective June 8, the filing states.

(InfoWorld) - Makers of some of the most popular extension software used by the Firefox browser are not doing enough to secure their software, a security researcher said Wednesday.

The problem is that many widely used Firefox extensions, including toolbars from Google, Yahoo, and AOL, do not use secure connections to update themselves, according to Christopher Soghoian, a security researcher who blogged about the issue on Wednesday.

Soghoian is best known as the researcher who attracted the attention of the FBI late last year after publishing a tool that could be used to print fake boarding passes.

The Indiana University doctoral student discovered the Firefox issue last month while examining network traffic on his computer. He noticed that many of the most popular Firefox extensions are not hosted on servers that use the SSL Web protocol. SSL Web sites, which begin with "https://," use digital certificates to provide users with some level of assurance that they're not connecting with a fake server.

Although the corporation behind Firefox, Mozilla, hosts the majority of Firefox extensions on its own SSL-enabled Web site, it is common for commercial extension-makers like Google to host their software on an unsecured site, Soghoian said in an interview.

This leaves users vulnerable to a "man-in-the middle" attack, where Firefox could be tricked into downloading malicious software from a site it mistakenly thought was hosting an extension.

It wouldn't be easy for an attacker to pull this off, however. In one scenario, the hacker would set up a malicious wireless access point in a public area where people are using wireless connections. He could then redirect extension update traffic to a malicious computer. "An attacker who sets up a wireless access point can then infect anyone who connects to it," Soghoian said.

The Del.icio.us Extension, Facebook Toolbar, Ask.com Toolbar, LinkedIn Browser Toolbar, Netcraft Anti-Phishing Toolbar, and PhishTank SiteChecker are also vulnerable to this issue, Soghoian said.

Though Soghoian said Firefox users should avoid extensions that are not from the secure Firefox add-ons site, not all security researchers see this as a major issue.

"It's just yet another vulnerable design among billions,"said Gadi Evron, security evangelist for Beyond Security. "I don't see it as that critical. There is no inherent vulnerability, but it does make the over-whole design weaker, and that should probably be addressed"

Evron said it was "silly" that sites weren't using SSL for these extensions.

Soghoian said he notified Google, Yahoo, and Facebook of the issue in mid-April, but nobody had addressed the issue as of Wednesday. Just hours after Soghoian went public with his findings, Google said it would "soon" have a fix for the problem.

It's common for Web developers to ignore security in the rush to push out new and cool features, Soghoian said. "Your average Web 2.0 developer doesn't learn about security," he said. "Google has a spectacular security team ... my suspicion is that one hand wasn't talking to the other."

(InfoWorld) - With the official unveiling of Google Gears set for Thursday at the first ever Google Developer Day, the giant World Wide Web phenom will continue to expand its reach well beyond search. 

The Developer Day will be held simultaneously in 10 countries.

At the simplest level, Google Gears is an open source developer product that will give hosted, Web-based applications a local desktop home. In other words, Gears solves the problem of using a Web application offline.

Its key components include the ability to capture and serve up locally the resources and code that comprise a Web application, such as all the images, the logic, and the look and feel. 

The second major piece of Gears is the ability to create a local database that Web applications can access.

"This is a rich database with full text search and full transactional capabilities," said Linus Upson, director of engineering at Google.

The third feature gives developers the ability to use Gears to run JavaScript in a background task via the multithreading capabilities of multicore processors. With this capability, a developer can create a Web-based application and a desktop version that synchronize one with the other. Without this multithreading capability, if a Web application was synchronizing with the local desktop version, it would freeze the application until the synchronization was complete.

Synchronization is a must-have for any application that lives on two platforms, but any delay would be unacceptable to most users.

Beyond the straightforward product details, however, there are other bigger issues in play.

When Brent Taylor, head of Google development, says that he would like to see "an industry-wide effort to have these capabilities standardized across all browsers," Taylor is also driving Google's stake in the ground as a leader of the software shift to Web 2.0 applications, according to David Mitchell Smith, Gartner analyst.

"Google keeps pushing the envelope with browser-based applications," said Smith. The question is to what extent those Web applications are accepted in the enterprise.

Smith said companies should not overestimate its capabilities.

"What they have is a developer kit," said Smith, and every developer of every Web application will have plenty of work to create a finished product.

At the same time, Google is not the only company looking at ways to extend Web applications to the desktop.

Adobe's Apollo has a similar goal. However, while Apollo lives on the desktop and can access any local file system, Gears can access only the SQL Light database created by the application. However, the Gears API will be available in Apollo, according to Kevin Lynch, senior vice president and chief software architect at Adobe. 

According to Smith, Gears, like AJAX (Asynchronous JavaScript and XML) before it, puts a lot of capabilities into the hands of developers of the Web, and IT needs to track Web application development closely to understand where the next generation of the Web is going. 

Traditional on-premises enterprise ISVs are also tracking Web capabilities intensely to see how they can embrace the new software paradigm. For its part, Microsoft will have to demonstrate the continuing value of rich, client-based desktop applications, said Smith.

As Smith says, Web 2.0 will not grow beyond gadgets and widgets unless it can establish itself as a development platform for serious, enterprise-level applications. That it cannot do unless data can be saved securely behind the firewall, can be synchronized so that only a single version exists, and is accessible offline as well as online. Gears technology appears to be going a long way toward meeting that goal.

Google Gears will be downloadable as of 4 p.m. PST at gears.google.com. Although it is still too early to submit Gears to a standards body, according to Michele Turner, vice president of product management, marketing and developer relations at Adobe said Adobe will be a sponsor.

ADVERTISEMENT

IBM Information On Demand 2006
Industrial Industry Leaders, please join us at IBM's premier information management global event, IBM Information On Demand 2006, October 15-20, Anaheim, CA. More IBM business and technical solutions content in one place than ever before! Select from over 800 sessions. Register today!

(InfoWorld) - In an extension of a cost-cutting program it began in January, Motorola said Wednesday it would lay off 4,000 more workers.

The move will help the company to save $600 million annually starting in 2008, including additional money-saving measures like prioritizing its investments, continuing discretionary-spending controls, cutting general and administrative expenses, and site rationalization.

Although it trails only Nokia in sales of wireless handsets, Motorola has struggled to translate its sales into profits. The company began this restructuring program after watching its profit drop sharply, from $1.2 billion in the fourth quarter of 2005 to $624 million for the fourth quarter of 2006. The results were even worse for the first quarter of 2007, as Motorola posted a loss of $366 million compared to its profit of $849 million for the same period a year ago.

In a search for change, the company replaced its CFO in March. At that time, chief executive Ed Zander blamed the problems on dropping prices for low-end cell phones, and Motorola's decision to give up market share instead of entering a price war with competing vendors.

Also on Wednesday, Motorola said it would finish making the 3,500 job cuts it had previously announced by June 30, contributing to an estimated $400 million in annual savings. The restructuring will also incur its own costs. Motorola will subtract a one-time charge of $300 million from its savings, to pay for severance packages and other costs of the workforce reductions.

"Today's actions are an update to the commitment we made during our first-quarter earnings conference call -- to drive out additional costs -- and a continuation of the plan we announced in January," Motorola's CFO Tom Meredith said in a release.

Meredith promised the cuts would not distract Motorola from keeping its focus on long-term plans in customer service and support, product quality and research and development.