Facebook enabled a privacy feature Thursday called Trusted Contacts that allows you to select three to five confidants from your friend list to receive the virtual key to your account. If your Facebook is compromised by hackers or you forget your password, these people can supply the codes to get you back in. 

The feature was first announced as 'Trusted Friends' in October of 2011. "However, we were only testing for the first part of last year [2012], and the feature actually wasn't available for much of 2012," Frederic Wolens of Facebook Policy Communications told ReadWrite in an email. "The bulk of our work was making this more proactive (allowing you to select your friends ahead of time) than reactive (selecting your friends after you couldn't get into your account)," he added. 

The Joy Of Facebook Hacking

While there may be some benefits to this feature, Facebook already has two-step authentication, making Trusted Contacts unnecessary in the likely event you can access your email and just use the normal password recovery option. More to the point, Trusted Contacts also pose a big risk. How much can you really trust those Trusted Contacts not to abuse their power?

Remember, it takes only three of the Trusted Contacts' codes to get into your account. That's good, right?

Right.

Unless the friends you choose have an affinity for the art of the Facebook hack. In my college years, when shared computers were often accessible in dorm rooms and campus hangout spots, Facebook hacking wasn't just a prank, it was an art. The rules were simple: If anyone left their account open on any computer that wasn't their own that person's Facebook account was fair game. (Sometimes, even that simple rule was bent by the less honorable.)

What typically ensued was a chaotic, hilarious and often line-crossing exercise in testing the limits of friendship. The hack quickly transcended crude status updates and moved into true social media sabotage. Facebook hackers would change birthdays, send unwanted friend requests and write embarrassing notes on walls.  

For me, the whole ordeal culminated in a prank where I created a fake profile of my victim, replicated his post history for a week in secret, and then began friending everyone we knew. I mimicked his behavior so well no one figured out it was me for a good day or two. It remains one of my proudest Facebook hacks - and the epitome of my juvenile social media behavior. 

Breaking In

First off, let's run through how a trio of your Trusted Contacts could access your account without you knowing about it. 

After opening Facebook in a different browser or private browsing mode, a Trusted Friend would  click "Forgot your password?" From there, they would identify the victim by name in the Find Your Account field, saying that they no longer have access to the email accounts listed. That lets you put in any email address - and the process moves on without requiring further authentication.

By entering in only one of the Trusted Contacts' names — in the event that you're the one doing the hacking, it can be your own name — you can access the code portion of the page. With three codes collected by visiting Facebook.com/recover and claiming the person has reached you by phone, you're immediately brought to a new password screen where the Trusted Friend can reset the password and gain access to the account. 

Sounds like it would be a lot of work, and it certainly is when I tried it myself on my own account, but you are essentially handing over the ability for three people, or just one who convinces two others to give them the codes, to change your password without any new authentication required on your end. Granted, you can revoke access to a Trusted Contact, but only from your account.  

Who Can You Trust?

Obviously, the best precaution is to pick people you're confident won't prank you. But there are also a certain types of Facebook user who should never get this kind of access. 

For one, don't trust anyone who infrequently uses Facebook or who likes to condemn the social network and those who indulge too much in it. The first sign of a weakness for Facebook hacking is disregard for the damage a "Liking" spree can do, or downplaying the importance of Facebook birthdays. These people find it hilarious when dozens of people begin mistakenly wishing you a Happy Birthday. 

Conversely, people who use Facebook too much may be just itching to pull off the perfect Facebook prank - and they'll know the the best, most believable ways to impersonate you.

One smart approach might be to pick two people that dislike each other, making it unlikely that they'll work together to mess with you. 

The simplest solution: Don't use Trusted Contacts. The feature adds a layer of defense against strangers attacking your account, which could be reasonable considering this year's surge incidents of malicious hacking. But it also seems like a sly attempt to push the boundaries of Facebook's importance in our lives. 

But by "trusting" your friends enough to give them a key to your digital life, you may be taking an even bigger risk of being pranked, if not actually hacked.

News broke earlier this week of a new hack to Nintendo's Wii U that would allow gamers to play unauthorized (read: pirated) games. Nintendo immediately disputed it. But whether it's true or not, the Wii U will most certainly be hacked before long — and that fact tells us a lot about the increasingly tense arms race being waged between console manufacturers and hackers.

Users have been hacking their consoles — in the sense of writing new games and implementing new functions of their operating systems — since the dawn of gaming. But back when the hardware of your 1970s era console only slightly resembled the inside of your computer, it was more of a hobby and less of a widespread movement. 

In fact, you can blame game developers, not ordinary users, for modern anti-hacking measures. The Atari 2600, released in 1977, had no software restrictions at all, and neither did competing consoles. This left developers free to create a flood of terrible and low quality games that overwhelmed consumers and led to the great video game crash of 1983 — the industry’s first major recession. 

Nintendo Clamps Down

That changed with the rise of Nintendo, which sought to reverse Atari’s openness in favor of tight control over console technology and a business model that relied on revenue from licenses sold to game developers. Nintendo sought to ensure high-quality games by retaining the sole right to approve them — and by locking out rivals and hackers who might create their own.

Overnight, the challenge for hackers flipped from exploiting the potential of Atari’s open platform to finding ways to circumvent Nintendo’s lockout chip. It’s a cycle that’s continued to this day. Today, the Internet makes it easier than ever for hackers to collaborate and distribute exploits that allow even average players to bypass the lockdowns on their consoles.

If the Wii U has indeed been hacked, then it will join the ranks of the Playstation 3, Playstation 2, XBox 360, Xbox, Wii, Nintendo DS, and PSP. All of these consoles can be jailbroken like iPhones, ready to run whichever programs their owners choose. That could mean running an operating system like Linux on your XBox, loading homebrew, or original, games on your Wii, or playing pirating copies of commercial games on your PS3. 

Hackers Rev Up The Arms Race...

Obviously I don’t endorse piracy, and even at its most innocuous, console hacking lies in a legal gray area. (The Electronic Frontier Foundation is trying to change that.)

But it’s hard to imagine that hackers will — or can — be stopped. Locking down consoles seems to do little, if anything, to slow down people intent on hacking anyway. The more restrictions console manufacturers apply, the more it appears to spur hackers into trying to remove them. 

Or just enrage them. For instance, Sony's PlayStation Network —its online game service — was hacked shortly after Sony removed support for Linux on the PS3. Sony’s retroactive cutoff of the one place hackers could play around in the console could easily have incited the attacks in response. Of course, the PSN hack was very different from console “jailbreaks,” not least because it may also have resulted in credit-card fraud following the theft of user data.

...And So Do Game Companies

Yet console manufacturers won't give up, either. Their lockdowns are mostly ineffective against hackers, but they do plenty to make it not worth the average player’s time. If there was no lockdown at all, anyone could burn illegal copies of games on CDs to share.

The big console makers also have an incentive to hold onto all the money they can get. Aside from pirates, consoles face a slew of big challenges, not least among them a robust second-hand game market they would dearly love to kill off and a profusion of 99-cent game apps that are frequently just as fun to play as the $60 monsters produced by big game developers.

Of course, this entire mode of thinking could go out the window when the Ouya is out this summer. The world’s first “pre-hacked” console is a throwback to the fully open Atari. The very fact that it earned $8 million while still a concept shows a high demand for a open-source system, but time will tell if it inherits the Atari’s woes or finds a way to make it work.

Photo courtesy of Nintendo

Matt Ammerman is a co-founder and VP of client services for Apprenda.

As an enterprise software developer, I understand where frustrations lie in today's IT organization and different lines of business.

Here are 10 things developers like me want their CIOs to understand:

1. We're the fastest moving part of the company’s IT organization and we want the everyone else to catch up. Under the right conditions, I can develop applications very quickly. Unfortunately, the wrong conditions slow me down. Having to wait for IT to provision dependencies that I might have drastically diminishes my productivity. IT needs to offer services that streamline their processes and let me work at my pace.

2. We can work faster and for less money with the right tools. We can leverage small investments to go a long way. Every developer has a tool belt. I have tools that I prefer to use when developing software. Make an investment in the tools that I use, from text editors to IDEs to platforms and frameworks. I can use these tools to make excellent software that benefits the company.

3. Coordinating disparate teams within IT to roll out a single app is how I spend most of my time. I can typically write an application in 4-6 weeks, sometimes quicker. At that point I should be able to deliver the app to the customer. Unfortunately, I end up spending a great deal more time coordinating the rollout of the application by talking to disparate groups responsible for things like security, networking and servers.

4. Virtualization alone makes IT's life easier, not mine. The software I write is complex. Making infrastructure easier to deploy does not make it easier to write these complex apps, even if the infrastructure is available on demand. That just makes one part of the job go faster. I prefer to tap into existing systems for complex things instead of trying to become an expert in all of them. Providing those systems is how you can make me more productive.

5. I want to know that I am a part of a single organizational vision for software and services. Sometimes I feel like I'm working on apps or pieces of apps that are part of a larger project or vision that I don’t know enough about. If I'm working on a new initiative that is strategically important to the company, let me know that. I want to feel like I’m contributing to something big.

6. Standardization on technologies within our company will make our lives a lot easier. I have my own way of doing things, and each developer here has their own way. This doesn't bode well for our company's software strategy. If we're not all doing things the same way, lots of things are sub-optimized - from testing, to rollout, to overall code quality. If we standardize on systems, we have expectations that are transferrable between our projects.

7. We'd rather be building new apps or modernizing older ones than keeping up legacy apps. I go to user groups and I talk to other developers. They're doing cutting edge things because they have initiatives to build modern apps. For example, I have friends who are building mobile apps. Meanwhile I am maintaining legacy back office software that could be modernized to provide much more value to the company.

8. Our company should be supporting mobile apps. We can build them, but can IT support them? Mobile apps have interesting backend requirements, like scalability and distribution. Any developer can build a single app for a mobile device. It becomes far more complex to build connected apps and the backend services that support them. We need systems in house that make this part easier. With that, we can build mobile apps very quickly.

9. We should run our IT infrastructure the way the best managed service providers in the world do. Our company has more developers and more end users than many companies that develop software for the public. It stands to reason that we would run our datacenters just like, if not better than, the best managed service providers in the world. I should be able to expect this from IT, because I depend on them to host my apps. It should be easier for me to work with our IT than with an external hosting provider.

10. We could build more reliable software if we had the ability to test constantly in a production-like environment. My ability to deliver quality software is only as good as my ability to test that software. I need reliable and accessible infrastructure resources so I can test quickly in order to implement solutions. Introducing differences between my testing environments and the production environments make it more difficult for me to test my software and meet expectations.

Image courtesy of Shutterstock.

Guest author Tyler Jewell is CEO of Codenvy, a cloud development environment.

Over the past decade, cloud computing has disrupted nearly every facet of IT. Sales, marketing, finance and support - all of these applications are being reengineered to take advantage of cloud's instant access, no download and pay-as-you-go attributes. According to Gartner, the cloud is changing the way applications are designed, tested and deployed, resulting in a significant shift in application development priorities. Cost is a major driver, but so are agility, flexibility and speed to deploy new applications. The firm estimates that 90% of large enterprises and government agencies will use some aspect of cloud computing by 2015.

The cloud has also begun to impact the tools and support solutions that drive IT. This includes performance management (New Relic), backup and recovery (Mozy), configuration management (Service Now), helpdesk (Zendesk), datacenter automation (Puppet Labs) and release management. The agility afforded by on-demand services is further penetrating the developer space.

We've seen cloud versions of middleware in the form of Platform-as-a-Service (PaaS), agile solutions (Rally Software), Code Versioning Systems (CVS) (GitHub), continuous integration (CloudBees) and system testing (Soasta). The more than 100 companies in these segments have cumulatively raised more than $500 million in capital.

Yet despite this transformation, there has been little disruption to the integrated development environment (IDE) world. The world's nearly 15 million developers, teams and organizations continue to use desktop IDEs as their workbench of choice. Why hasn’t the development environment moved to the cloud along with just about every other application?

What's Wrong With Desktop Development?

Desktop development environments are becoming outdated, failing more often and causing productivity issues for developers. Here's why:

Complicated configuration management: The substantial configuration management process for a developer's workspace turns developers into part-time system administrators, responsible for their own mini-data center running entirely on the desktop. This is time consuming, error prone and challenging to automate.

Many developers have multiple computers and are forced to repeat these tasks on each machine. There is no way to synchronize the configurations of components across different machines, and each machine requires similar hardware and operating systems to operate the components identically.

Decreased productivity: Many IDEs are memory and disk hogs, with significant boot times. They are so resource-hungry they can starve other applications, such as the Web browser. The net effect is a less productive developer due to a slower machine.

Limited accessibility: Desktop developer workspaces are not accessible via mobile devices. Developers who need remote access have to resort to complex and slow solutions such as GotoMyPC - if their firewall allows it.

Poor collaboration: These days, most developers work as part of a team, so communication and collaboration are critical. But desktop IDEs must outsource collaboration to communication systems outside the developer's workflow, forcing developers to continuously switch between developing within the IDE and communicating with their team via other means.

The Solution: Cloud Development

To solve these problems requires moving the entire development workspace into the cloud. The developer's environment is a combination of the IDE, the local build system, the local runtime (to test and debug the locally edited code), the connections between these components and the their dependencies with tools such as Continuous Integration or central services such as Web Services, specialized data stores, legacy applications or partner-provided services.

The cloud-based workspace is centralized, making it easy to share. Developers can invite others into their workspace to co-edit, co-build, or co-debug. Developers can communicate with one another in the workspace itself - changing the entire nature of pair programming, code reviews and classroom teaching. The cloud can offer improvements in system efficiency & density, giving each individual workspace a configurable slice of the available memory and compute resources.

Of course there is more work to do, and we are far from tapping into the endless possibilities the cloud computing offers developers. But the benefits are already clear.

Image courtesy of Shutterstock.

1. Hire A Good UI Architect – Now 

2. Hand Out A Free Download 

3. Offer A SaaS Option 

4. Get Out Of The Way 

When it comes to user security at Apple, it's one step forward, two steps back.

Yesterday, the company belatedly announced long-needed two-step verification security for Apple IDs, only two years after Google rolled out the protective measure for its users. Today comes word of a massive security flaw that reportedly lets anyone reset your Apple account password if they know your email and your birthday.

(See also: Apple Finally Gets Serious About User Security)

But here's the punch line: While two-step verification would protect Apple users from this exploit, the company has subjected all requests to activate the security measure to a three day delay. Even then, two-step verification is only available to users in the U.S., the UK, Australia, Ireland, and New Zealand.

How To Protect Yourself

A step-by-step guide to exploiting this vulnerability is still available online, although we won't link to it here. Basically, it involves pasting in a modified URL on Apple's iForgot page when prompted to answer the date-of-birth security question to reset your password.

The surest way to protect yourself in the short term — i.e., without two-step verification — is to change your birthday, the Verge's Chris Welch writes. To its credit, Apple has already disabled its password reset page, presumably to disrupt any attempts to hijack user accounts. With any luck it will have the flaw fixed as soon as possible, although the company has yet to make any public statements regarding the flaw.

This turn of events follows by just days an earlier Apple security faux paux. The company released iOS 6.1.3 for the sole purpose of fixing a lock-screen bypass that let users with a knack for expert timing access an iPhone's contacts and photo library. Yet later that day it become clear that the update contained yet another lock-screen bypass flaw.

This password reset hack is considerably more destructive than the lockscreen problem, which essentially only allows a would-be hacker to peek at a stolen iPhone's contacts and photo library. Still, it's certainly been a bad week for Apple in the user-security department.

We've contacted Apple and will update if and when we hear back.

Update: According to the Verge, Apple acknowledges the vulnerability and says it's working on it:

Apple takes customer privacy very seriously. We are aware of this issue, and working on a fix.

In the past few weeks, I have written two stories about the menace the Internet represents, particularly in view of the hacking attacks almost certainly perpetrated by the Chinese Red Army. In particular, my contention that we need to develop a next generation Internet that's more secure and, preferably, walled in, drew a lot of heated commentary.

Here are just a few of the choicest ones:

• This is unmitigated isolationist idiocy.
• Seriously... is this a spoof article?
• This post should not appear in readwriteweb.

(See World War III Is Already Here - And We're Losing and Cyberwar Imperative: We Need A Next-Generation Internet.)

Hacking As Retaliation?

That's great, and maybe there really isn't any problem here. But the fact is that about 10 days after the first story ran - I got hacked.

A coincidence? I think not.

Or maybe it was my own doing, astutely observed one reader: "I asked for it." Now where have I heard that blame game before?

So what happened? Someone hacked my email password and sent thousands for spam messages using my account. I knew something was wrong when I suddenly was inundated with "Mail delivery failed" subject lines. My Twitter account was hacked, too, but that could just be Twitter's lax security measures.

Of course, there's no way to tell if the dirty deed was done by the Chinese, or even whether it was in retaliation for the articles. But the timing certainly seems suspect.

In his State of the Union address, President Obama ranked hackers and cyber attacks among the greatest economic and national U.S. security threats. The President's response was to issue an executive order calling for more sharing of cyber-attack and threat information between private and public sectors. Naturally, civil libertarians object to this executive order due to potential invasions of privacy.

Solution: Fix the Internet Itself

A far more practical idea comes form New England Complex Systems Institute, which is set to publish a report next week that agrees with my stated principles. The NECSI report blames the problem on the Internet itself, and says that the only solution is to redesign it.

"The current design of the Internet is inherently insecure," says NECSI President and co-author Yaneer Bar-Yam in a press release. "Any node can be attacked from any other node, requiring the entire network to be fortified against all possible attacks, an unrealistic goal," adds Bar-Yam.

That would require redesigning the Internet's architecture itself. The report proposes substantial changes to routers in charge of switching data packets between network nodes.

"Collective security-preventing attacks would require that the routers of the Internet themselves would need to have protocols that allow refusal of transmission based upon content or extrinsic information such as point of origin," according to the study's authors.

The study, Principles of Security: Human, Cyber and Biological, was developed at the request of a long-term military planning group, the Strategic Studies Group, which reports to the Chief of Naval Operations. The report is being released for the first time to the public next week.

As for me, I'm glad to see that other people are thinking about realistic solutions to make our Internet less vulnerable to attacks of all kinds.

Image of alleged Chinese hackers compound courtesy of Reuters.

Microsoft ended the week with a pair of black eyes: a failure to secure a security certificate brought its Azure cloud service tumbling down, and the company also confessed to being the latest corporate victim of a high-profile hacking attempt.

The Azure failure also affected Microsoft's Xbox game, Halo 4, Microsoft confirmed.

The highest-profile incident may have had the least effect: "a small number" of Microsoft PCs were penetrated by an unknown intruder. No user data was compromised, Microsoft said in a blog post. 

"Consistent with our security response practices, we chose not to make a statement during the initial information gathering process," Matt Thomlinson, general manager of Microsoft's Trustworthy Computing Security unit, wrote. "During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected and our investigation is ongoing."

The attacks were consistent with other efforts to penetrate computers within Apple and Facebook, Microsoft said. Facebook discovered its attack last week, which followed attacks on the Wall Street Journal and The New York Times via an unpatched exploit within Java, exploited, experts believe, by the Chinese military.

Separately, ZenDesk reported Friday that it too, was hacked, exposing emails that clients Tumblr, Twitter and Pinterest used to communicate it with it for service-related requests. 

Lack Of SSL Certificate Brings Azure Down

At press time Friday night, Microsoft still had not implemented a fix for the Azure issue, caused by a failure to obtain a new SSL certificate. That brought its Azure storage services down across all of its worldwide regions, as well as services that were dependent upon them.

At 9:30 PM UTC (4:30 PM ET), Microsoft discovered that "HTTPS operations (SSL transactions) on Storage accounts worldwide are impacted," the company said.  By 9:45 PM UTC, the the management portal, WindowsAzure.com, and the service bus, plus the websites that Azure serves were also down. By 10:15 PM, the company had begun validating steps to repair the problem, but hadn't formally announced a fix. After users began circulating screenshots of what appeared to be an expired SSL certificate, the company acknowledged its error.

"Windows Azure Storage has been affected by an expired certificate," a spokesman said in an emailed statement. We are working to complete the restoration as quickly as possible. We apologize for any inconvenience this has caused our customers. For more information please go to http://www.windowsazure.com/en-us/support/service-dashboard/." Microsoft also apologized to customers via Twitter.

Microsoft also reported problems with its Compute services, preventing users from creating new virtual machines. That left users who needed to create those virtual machines to host new apps scratching their heads. "Most of our apps are screwed up now!" pinvoke.in, one commenter, complained. "WHATS NEXT? All compute instances die because someone at the data center switched them off?"

Unfortunately for Microsoft, this sort of thing has happened before. At the end of February 2012, Microsoft failed to account for the leap day at the end of the month, Feb. 29. As a result, the Azure services was down for more than 12 hours before Microsoft could issue a fix. Microsoft hasn't said whether or not the recent outage was a result of an oversight, or a more serious technical error.

Oddly enough, Netflix began reporting problems of its own on Friday night, leading to the intriguing possibility that two cloud services may have been failing at the same time. But although Netflix has gone down before when Amazon's AWS service failed, Amazon's own AWS service dashboard didn't indicate any problems.

What better way to celebrate the week hackers ran rampant than with another security breach? Zendesk, a company that offers IT support tools and customer service software, announced on Thursday that it had been hacked. In a blog post, CEO Mikkel Svane stated, "We've become aware that a hacker accessed out system this week," though he did not say by which method or for how long.

What separates this attack from the malicious malware that infected machines at Facebook and Apple is that these hackers managed to compromise a healthy amount of Zendesk's stored user data, putting users of three of the company's big clients - Twitter, Tumblr and Pinterest - at risk for phishing and other attacks.

"Our ongoing investigation indicates that the hacker had access to the support information that three of our customers store on our system," wrote Svane, adding, "We believe that the hacker downloaded email addresses of users who contacted those three customers for support, as well as support email subject lines."

Svane did not specifically cite Tumblr, Twitter and Pinterest, but support emails sent out from the companies informing users of the attack confirms that user data could have been compromised indirectly. While usernames and passwords were not compromised, the threat of individualized attacks aimed at gaining access to accounts and stealing personal information does exist.

Tumblr, for example, sent out emails stating the following: 

"The subject lines of your emails to Tumblr Support may have included the address of your blog which could potentially allow your blog to be unwillingly associated with your email address."

It went on to advise users to review any emails received from support, abuse, dmca, legal, enquiries or lawenforcement with a @tumblr.com tagged on the end. The fear is that hackers, equipped with people's email addresses and the issues they raised with specific departments at a service like Tumblr, could then phish users with a masked version of that same address.

Tumblr's support email ended with a warning along those very lines: "Tumblr will never ask you for your password by email. Emails are easy to fake, and you should be suspicious of unexpected emails you receive."

While it's not exactly comforting to know that you should be suspicious of any and all "unexpected emails," companies like Twitter are taking measures to ensure that the tools are in place to help flag these attacks if they do occur.

In a public announcement yesterday, Twitter said that it has been utilizing DMARC authenticaion technology  to help lessen the risk of users giving away personal information. Using established authentication protocols, DMARC gives email providers a way to block email from forged domains. "While this protocol is young, it has already gained a significant traction in the email community with all four major email providers - AOL, Gmail, Hotmail/Outlook, and Yahoo! Mail - already on board…" the post reads.

While its good to know that Twitter is addressing the hacker threat alongside its fellow social network giants, all these measures are merely reactionary moves following widespread breaches. The Zendesk hack makes it abundantly clear that we need more proactive security measures that include third-parties to keep these attacks from wreaking havoc. Until then, the hackers will keep succeeding, and users will pay the price. 

Guest author Bart Copeland is CEO of ActiveState.

Jetpacks, flying cars, hybrid cloud. Which one will be ubiquitous in two years? Here’s a hint: It’s the one that doesn’t involve personal air travel.

In two years, the cloud-computing-enabled enterprise will have the enviable luxury to take much for granted, including accelerated time to market, seamless deployment, true polyglot coding and agile-as-you-want development.

And the technology that will enable that bright future? Here’s another hint: It starts with “private PaaS” or private Platform- as-a-Service. Think of private PaaS as cloud middleware for the enterprise — Platform-as-a-Service technology for on-premise service delivery behind a firewall, or an operating system for an enterprise private cloud.

Here are six ways private PaaS will change the enterprise cloud space by 2015:

1. Mobile apps will drive enterprise cloud and private PaaS adoption.

Two years from now, the biggest driver for cloud adoption won’t be traditional applications, it’ll be mobile apps. Disparate workforces already make Bring Your Own Device (BYOD) a cost of doing business for the enterprise: More types of enterprise work will require more types of mobile applications. And that will burden IT leaders mandated with managing the cloud. To retain control (and sanity), those IT leaders will embrace private PaaS technologies to provide integrated application management of mobile (and Web and cloud) applications.

2. Private clouds will dominate the enterprise market for now… but hybrids will win in the end.

Marketers spin idealized tales of cross-cloud hybrid love, with capacity-enabling bursts to the public cloud, easy multi-datacenter application administration, better security management, and redundancy/failover operational models abstracted from the developers and employees doing the actual work. It’s a great, achievable vision. But for most enterprises, that hybrid cloud vision is still two years away. Which is why they’re investing in private PaaS architectures now. Today’s enterprise cloud adopters see private cloud — and in particular, private PaaS technology — as the path to tomorrow’s hybrid cloud glory.

3. Smaller "public PaaS" players will dwindle as Infrastructure-as-a-Service (IaaS) subsumes PaaS.

To differentiate themselves against commoditization, IaaS service providers will continue to incorporate PaaS technology into their infrastructure service offerings. Service breadth will expand, prices will fall and small business will embrace the low-cost public cloud. But those competitive pricing scenarios will challenge small standalone public PaaS providers as VC funds dry up and competitors either partner with or get absorbed into larger cloud-services corporations.

4. 2013 PaaS purchase criterion: deployment acceleration. 2015 PaaS purchase criteria: administrative control, true polyglot development, easy extensibility to Big Data.

In the PaaS world, 2013 will be the year of rapid application deployment: Enterprise private PaaS adopters will see their cloud application deployment cycles reduced from weeks or months to just minutes. In two years, cloud adopters will take that speed-to-market for granted. As a result, enterprise cloud adopters will evaluate private PaaS technology not just for how it accelerates workflow, but for how it impacts the bottom line. In 2015, private PaaS technologies will offer even easier administrative control, support for development in any language, seamless integration to corporate applications (particularly big-data databases), and hybrid cloud capabilities.

5. Beyond polyglot, "anyglot"" development will move apps forward in ways we can’t yet imagine.

In today’s cloud technology market, enterprise developers must often choose between their preferred development language and the development language dictated by their IaaS/PaaS solution. When infrastructure services (whether public or private) mandate development environment, it’s the coders who suffer, and they’re the ones who must adapt to the new world order. In some cases, that can mean learning new languages and recoding (or even dumping) legacy applications. But two years from now, we’ll look back on inconveniences like that and laugh. Envision truly polyglot cloud middleware. Applications developed in multiple languages. True cloud application portability. Both developers and cloud managers (DevOps) collaborating. Dogs and cats living together in harmony. Really.

6. Agile development will be so agile we’ll need a new name for it (“SuperAgile?”).

Tomorrow’s agility will make today’s agility look laughably slow. In 2015, we’ll enjoy polyglot application development and dynamic deployment. With those capabilities will come newfound agility… not just accelerated nimbleness for cat-herders, but flexibility: Developers can work in the (fast) way that’s right for them. More apps, better apps, delivered to market faster.

The future looks… um, bright.

Image courtesy of Shutterstock.

Seems you can't turn around without hearing of another big company having its shirt pulled over its head by hackers. The New York Times and the Wall Street Journal both got exploited by Chinese hackers recently, and a Michigan television station put out a zombie-related Emergency Alert message in a clever, though probably momentarily distressing, hack. Just this morning, UBM announced that its website enterpriseefficiency.com was taken down due to a full-scale denial-of-service attack on its networks.

And now Facebook has announced that some of its machines were infected. An announcement on the company's Newsroom blog – posted in the bad-news graveyard of Friday afternoon leading into a long weekend – revealed that the social networking site was targeted by a "sophisticated attack" last month.

When a handful of Facebook employees visited a compromised mobile developer website, a hosted exploit snuck malware onto their devices. Thanks to antivirus software, Facebook discovered the attack and "remediated" the machines – by which we can only hope means they were fantastically destroyed (though probably they were just wiped and restored).

After alerting law enforcement, Facebook says it launched a "significant investigation" that's still underway. The company also claims that no user data was compromised in the attack. Facebok offered a more detailed explanation on its security blog, excerpted below: 

After analyzing the compromised website where the attack originated, we found it was using a "zero-day" (previously unseen) exploit to bypass the Java sandbox (built-in protections) to install the malware. We immediately reported the exploit to Oracle, and they confirmed our findings and provided a patch on February 1, 2013, that addresses this vulnerability.

Facebook was not alone in this attack. It is clear that others were attacked and infiltrated recently as well. As one of the first companies to discover this malware, we immediately took steps to start sharing details about the infiltration with the other companies and entities that were affected. We plan to continue collaborating on this incident through an informal working group and other means.

For all the wonder and convenience of the post-PC era, there's one big disadvantage worth griping about: As we move toward tablets and smartphones, our devices are getting harder to open up and fix ourselves.

It's not just Apple products, either. Sure, Cupertino's wares have become so notoriously hard-to-fix for so long, that a bogus news story about Apple developing a new asymmetric screw spread from like wildfire last year before people figured out it was fake. As it turns out, though, most tablets and smartphones are relatively hard to fix ourselves. The iPad is pretty bad, for example, but the new Microsoft Surface Pro is even worse. 

In a recent teardown by iFixIt, the Surface Pro scored a measly 1 point out of 10 on the site's fixability scale. That's a point lower than the fourth generation iPad and iPad Mini (which were tied at a still-pathetic 2 points).

The Surface Pro has more than 90 tiny screws inside it. Yes, 90 screws. On top of that, many components are glued together using adhesive that makes it difficult for do-it-yourself tinkerers to take the device apart and swap out parts. 

Thankfully, Microsoft does let you (very carefully) remove the battery, which is thankfully not soldered into place. But try removing the LCD screen or solid state drive and you're likely to ruin your brand new tablet/ultrabook hybrid. 

The Kindle Fire HD, Nexus 7 and iPhone 5 are all considerably easier to open up and tinker with. But at 7 points apiece, these devices still aren't as consumer friendly as PCs used to be. It would appear that we're trading our freedom to update, expand and repair our devices for convenience, sleek design and unwieldy gobs of adhesive.

(Of course, It's not just tablets and smartphones. Apple's newest laptop got some very low marks from iFixIt, which called the retina MacBook Pro "the least repairable laptop yet.")

A Crappy Deal For Consumers

These new devices might be slick and trendy, but this trade-off sucks for consumers. Since repairs and hardware upgrades (insofar as they're even possible) are harder to complete at home, fixing a shattered screen, replacing a component or troubleshooting hardware problems requires consumers to pay some high-priced technician or replace the device all together. 

There's an obvious strategic incentive here. Companies like Apple depend on consumers upgrading their devices every year or two in order to keep their sales flowing. Why risk fixing my iPhone myself when I can trade up to a shinier, faster new iPhone 5?

For Microsoft, Apple, Samsung, and other hardware manufacturers, The Age Of Unrepairable Machines is a good thing. For everybody else, it's kind of a bummer. 

Lead image from iFixIt.

Major regulation is pending that could change the future of the mobile ecosystem and the way mobile apps are made, played and paid for. And it's not all good.

The Problem With App Rights

Two weeks ago, Rep. Hank Johnson (D-GA) released the APPS Rights Act, a bill pushing developers to implement self-regulatory practices that would improve the security and transparency of user data in mobile apps. "This bill would require that app developers maintain privacy policies, obtain consent from consumers before collecting data, and securely maintain the data that they collect," Johnson's office writes online.

There's not question that changes are needed. Mobile users must be able to make their information isn't transmitted and sold to third-party vendors. But like similar regulatory efforts, including the recent do-not-track mobile privacy guidelines laid out by the Federal Trade Commission last Friday, and last month's recommendations to the mobile industry from California Attorney General Kamala Harris, there's both good and bad aspects to the specific approach taken by the APPS Rights Act. And unfortunately, there's plenty of bad.

One problem with these guides is that they are penned by people outside of the industry — often in the dark about the best ways to reach their laudable goals. Harris' recommendation and the FTC's suggestions comprised a slew of unenforceable recommendations. The APPS bill, meanwhile, would become a mandate if adopted. A mandate likely to lead to unintended consequences to the mobile marketplace.

Developers Are Worried

Security expert Dan Kaminsky says the slow, muddled, legislative process can create frameworks bearing "no resemblance to the problems that need to be solved." Kaminsky thinks this could lead to applications having to show users exactly what they're doing in a hardware add-on -  akin to web cams having a light that goes on  insuring people are aware of exactly what they're doing.

"What I fear is you won't be able to write code without having to consult a lawyer," he says. And if that happens, Kaminsky adds, developers are likely move away from making mobile apps and return building websites. 

Beyond subjecting users to long, complex terms-of-use agreements, the doesn't do a good specifying what happens to collected data beyond the third parties, says Joe Santilli, the chief executive of the mobile app certification service SafeApp. This gray area is known as data retention. 

"It really doesn't make any provisions whatsoever for how third parties are going to share the data with so-called fourth or fifth parties," Santilli explains. "For example, a marketing partner of an ad network. These people are going to share the data that they cull from these apps... to fourth and fifth parties."

No one knows the length of time personal data will be stored, the rights of users and the process by which they exercise their rights when dealing with third and fourth parties. The APPS bill's withdrawal of consent form is a weak attempt at stemmin the data flow. The Opt Out of App Use function requires developers to delete all data if a user opts out. But that doesn't address the issue of fourth and fifth parties that may already have the data in question:

"By the time the app developer has seen this request from the user, this data has already been shared by the third party (to) the marketing partners, the ad networks, the ad analytics partners," Santilli says. "At this point you can't really put the genie back in the bottle, can you?"

At the same time, having to meet these requirements could kill the drive of young entrepreneurs, says developer Jad Meouchy. "This act will end up creating a barrier for new startups... by doubling development time and creating data management headaches," he predicts. "When you're an indie developer, there are simply not enough resources to address this kind of compliance."

Real-World Example

Benjamin Goering, the technical product manager at Livefyre Labs, manages more than 10 million comment threads and personal user accounts for customers. When those customers upgrade from freemium accounts to enterprise versions, they want their user data and accounts migrated. But if those people have not authorized that data to be shared, Livefyre can't make the transition for them.

But rather than stifle innovation, Goering worries that users won't take the rules seriously if they don't work. "It may be completely ignored if it's out of touch," Goering said. "If it's well legislated, it may be useful to have a framework for safe harbor" where developer can be confident they won't get sued

His team faced that issue when working on a Super Bowl product that aggregates tweets and Instagram photos. This raises the question of whether or not users know shared content is ripe for the plucking. Livefyre bet that users know their shared content may be re-used, and decided not to worry about legal red tape. 

Goering warns that if developers have to wait for lawmakers to resolve everything, "it would be impossible to make week-long projects."

"The nature of the Web is you're requesting a document and receiving it - at some level data is being taken," he says. "Where do you draw that line?"

Photo courtesy of Shutterstock

Crashlytics, the Boston-based crash reporting solution for iOS apps is moving on up - from independent startup to the newest wrench in Twitter's tool box. The announcement was made Monday on Crashlytic's blog and quickly circulated the Web.  

INTERESTING M&A. Twitter buys Crashlytics. This may signal Twitter pushing out its own mobile/devices SDK. techmeme.com/130128/p54#a13…

— Spencer Chen (@spencerchen) January 28, 2013

Was This A Man-quisition?

The service, which debuted in late 2011, has quickly become known as a useful tool for app developers looking for a streamlined method to find the root cause of product bugs. Terms of the deal were not disclosed, but it could represent a major payday for co-founders Jeff Seibert and Wayne Chang. It's not yet clear if Twitter is interested in the Crashlytics product line, or just its engineering talent in an acquihire.

"With us, developers gain instant visibility into the precise line of code that caused a crash, enabling them to more easily fix issues," Seibert and Chang wrote in their announcement Monday. "Since our iOS launch, we’ve had the privilege of working with thousands of incredible app developers, from those building independent passion-projects to many of the top iOS apps available today – Twitter, Vine, Yelp, Kayak, TaskRabbit, and Waze."

Now What?

Coming on the heels of the Vine acquisition, it's likely that this will be the newest addition to the Twitter family continuing to operate as a third-party service, post-purchase.

In their post, Seibert and Chang wrote "much will remain the same. Development of Crashlytics will continue unabated and we remain dedicated to working with all of our customers – current and new, big and small – to deliver the key app performance insights they need."

So why did Twitter make the deal? "It seems like a strategy to grow the mobile team," says Jad Meouchy, a mobile app developer in Los Angeles, and co-founder of Osurv, a custom mobile survey app. "It looks like a straight talent acquisition."  But Meouchy also calls Crashlytics a strong and mature mobile additive that gives Twitter "the people they need to start making their own mobile apps."

Spencer Chen, the senior director of business development at Appcelerator agrees that this is a strategic move by Twitter to expand their offerings. 

"I believe Twitter is going to take the extension of their service onto mobile and devices very seriously by coming out with their version of a mobile SDK (software development kit), which will include key features that every developer wants, crash test reporting via Crashlytics," he said. "Right now Twitter pushes everything out via their APIs, which is all backend services. If they had a real mobile SDK, then they can really optimize development productivity and mobile performance by having certain capabilities into the third mobile (and) device apps itself."

With Vine, Twitter's planted its flag in the ground to announce its plans to conquer mobile social video. Could Monday's Crashlytics move be the beginning of a new era for Twitter mobile app development? And a tool to help address problems with Vine?

We'll know soon enough.

Photo courtesy of Twitter.

When Microsoft gave its first public preview of Windows 8 in 2011, the now-President of Windows Julie Larson-Green sent shockwaves through the Windows development world with just four words: "our new development platform." The reason? That platform was based on HTML5 and Javascript.

To casual observers, that makes sense. HTML5 is roaring to the forefront of development far faster than industry predictions. We even saw some commercial proof of the platform's "Write Once, Run Anywhere" promise in 2012. To seasoned Windows developers, though – particularly those building enterprise apps in dedicated Microsoft shops – it crushed their world. After spending decades learning to use different languages and development environments – most recently Microsoft's proprietary but feature-rich WPF and Silverlight – the thought of jumping ship for HTML5 was devastating.

Microsoft has backpedaled in a number of forums since then, assuring developers that while HTML5 is the new standard for cross-platform apps, other tools will continue to work for Windows-only development. But the writing is on the wall. HTML5 is the future, so if you develop enterprise Windows applications, should you bite the bullet and make the move?

Will HTML5 Save Enterprises Money?

The cost argument will rage for some time. One camp holds that HTML / Javascript developers are cheap and plentiful, so HTML5 is necessarily cheaper. The other side believes that instability of the HTML5 spec (only recently finalized and not scheduled for Recommendation status until 2014) compared to the more mature development environments available for "traditional" Windows development means developers can build complex applications faster, without worrying about tweaking things down the road.

The CTO of one small software vendor saw value in both views: "For our simpler apps, I can hire kids with good Javascript skills and let them learn the Windows specifics on the job. For really complex applications with tens of thousands of lines of code or more, It would be dumb to break what already works." He added that his more experienced Windows developers are mentoring the generally younger HTML developers to cross-pollinate knowledge. "Ultimately, each tool will have a use, for at least the next several years, and I want all of my devs to be able to pick the one that makes sense."

"Serious Coders" vs. "Script Kiddies"

His biggest problem so far is a reluctance to embrace change. "I have a couple 28-year-olds who act like grumpy old men, afraid that the 'script kiddies' without any real computer science knowledge are moving in on their turf. To them, HTML5 cheapens the application, dumbs down their resumes, and opens the door to a whole lot of bad coding from people who know how to make Web pages, but don't have any formal experience with structured coding."

The last point is probably the most valid. Knowing HTML and some Javascript isn't a particularly high bar, so enterprises need to be diligent about hiring and mentoring. If you pull developers off of Craigslist for $15 an hour, you're not going to get quality enterprise work. Even well-established Web developers coming from a LAMP background may not have the right experience. A mentoring program using Agile or another pair-programming methodology – can be a great way to ease Web developers into a more formal programing environment.

What Do Developers Want?

One long-time C++ and (more recently) C# developer wasn't excited about the rise of HTMLt5: "Eh. I get what they're doing. It's all about the portability of UI. They've been on that path for a long time, but whatever. The thing is, developers don't want to learn a new markup when Microsoft has already forced them to learn one recently. WPF / Silverlight is crap, but so was Winforms. If they'd skipped WPF, they'd probably have more success trying to get people to shift to HTML5... I'll go where the money is, though."

That last point is telling. Developers will follow the work, they really don't have a choice. And that it won't be long before everyone will be doing at least some work in HTML5. Smart enterprises will be begin mixing in some of that work now makes sense, but there's not yet good reasons for a complete shift.

Last September, shortly after the attacks on the U.S. diplomatic compound in Benghazi, a company tweeted me that they were going to make our site, SmallBizDaily.com, their “small business resource of the day.” My joy was short-lived when the next morning they tweeted that my site had been hacked.

I quickly checked (it was still early morning on the West Coast, where we’re located) and sure enough, instead of the usual array of small-business content I was greeted by an unfamiliar image of a Middle Eastern-looking man, Arabic lettering and a video about the glories of Allah. I blinked, gulped more caffeine and reloaded the page. No luck — the image was still there. “We’ve been hacked,” I muttered, still not believing what I was seeing.

Weeks Of Agony - Months Of Work

Then followed two weeks of agony and struggle as our Web-hosting company worked to deal with the situation, while also helping their many other small-business clients who had been hacked as well.

It seems someone had placed malicious code on our site that lay dormant for months -- and only popped up that morning. “It was like cancer,” recalls my business partner, who dealt with the situation. “To make sure [the code] was really gone, we had to clean out all of the files we had loaded since the initial hack.”

Months of work was wiped out — and every time we thought it was fixed, the hack popped up again. I was repeatedly embarrassed; it seemed every time I would tell someone (including the company that originally told me about the hack) the site was fine, within minutes the hack would reappear. We then had to delete and reload more files, more times than I care to remember.

We Were Lucky!

Believe it or not, my company was one of the lucky ones. David Maman, founder and CTO of database security company GreenSQL, said our hack was the “old-fashioned” kind.

“Five or 10 years ago, the purpose of hacking was defacement,” explained Maman, an international expert in computer security who has founded seven tech companies. “It was very obvious when you were hacked — a friend would call and say ‘Hey, what’s going on with your website?’ Today, with a successful SQL injection hack, there will be no sign that someone has retrieved your entire database.”

How can you be hacked without knowing it? If it can happen to Sony and LinkedIn, he said, it can certainly happen to your small business.

Tech Startups Especially Vulnerable

Ironically, tech startups — with their low budgets, long hours and cocky techies coding day and night on their personal laptops and mobile devices — may actually be more vulnerable to hacks than less tech-oriented businesses.

Changes in the nature of business have affected how hackers operate, said Maman, “Everything is about online today, and almost every [business] is providing some type of online service or app. As a result, the line between internal and external data is blurred, and all of your information is exposed.”

You might think you have nothing to worry about if you aren’t selling products or collecting card data online. Think again, he says, who explains that most hack attacks today are completely automated. “They don’t even know who you are — they just check websites for vulnerabilities, and if they find them, they will attack.”

In fact, ecommerce companies or other businesses that collect customer credit and payment data may be less at risk of hacking because they must be PCI (Payment Card Industry) compliant. “These regulations are actually beneficial,” said Maman.

What if, like so many small business owners, you simply provide a free app or service? All you’re collecting from customers is their registration information, which could be as simple as their name and email — so what do you care if it’s compromised?

“Data is the new currency,” he warned — and that includes any type of data, not just financial information.

Maman explained that hackers may manipulate customer data to inject malicious code that serves up competitors’ information instead of your own, penetrates the customer’s computer, or worse.

“It’s not about losing information — which may not be worth that much — but about harming your customers, hurting your brand and destroying your reputation.”

If a customer’s computer gets infected after using your service, are they likely to return? Worst of all, you won’t even know your business has been hacked until it slowly withers and dies as customers fade away.

What To Do If It Happens To You?

“If in the past it was a big taboo to let customers know that you’ve been hacked, today it’s not,” he said, citing LinkedIn as an example. “Letting your customers know won’t hurt you — it will show that you’re being responsible.”

Ask them to change their passwords on your site and on any other sites where they use the same password. Apologize; then explain what measures you will take to make sure the hack won’t happen again.

Beef Up Your Defense

Those measures should include three key steps:

1. Secure your coding. “Most of the basic attacks, and even some of the more advanced ones, are due to unprofessional coding,” said Maman. “There’s a lot of information online about how to secure coding.” Educate yourself and take the steps.

2. Harden your computers at the operating-system level, applications level, server level, network-access level and even the individual customer level. Hardening essentially means eliminating unnecessary software, restricting access and otherwise blocking everything that is not essential. “Hardening documentation can be found online,” he said.

3. Use free and open-source software. Security doesn’t have to cost a lot for a small business. “ModSecurity is a free, open-source Web application firewall,” said Maman. “GreenSQL Express is our free database firewall.”

Most of all, pay attention to security. Without the money for a dedicated IT security staffer, your team needs to be even more responsible than big-company employees about what’s running on their devices.

Don't worry; security doesn't have to be a business killer.

“People think of IT security as a hassle, a lot of work and a waste of time,” he said. “That’s not the case. Just one day’s work can increase your security level 100%.”

Image courtesy of Shutterstock.

The world has just gotten a cool new free virtual museum, the one that Google built.  

Aptly named Google’s Cultural Institute, the Internet-based multimedia site showcases first-hand testimonials, photographs, artifacts and manuscripts that until last Wednesday, you had to take a plane trip or at least pay an admission fee to see.

A Museum Milestone

Museum of Polish History called the Cultural Institute “a real revolution." Avner Shalev of Yad Vashem - also a Cultural Institute partner - said of the project, “it might be seen as one of the major milestones in modern history.”  Not only is Google’s Cultural Institute providing public access to documents otherwise previously unavailable for mass consumption, the project is “taking away the notion of physical custody of archival material” noted Razia Saleh of the Nelson Mandela Centre of Memory in a mini-doc about the project.Building on the success of Google’s Art Project launched in February of 2011 in conjunction with now over 150 museums, Google partnered with 17 additional foundations and museums to launch 42 free digital exhibits as part of the Cultural Institute.

Not A Light-Hearted Experience

The 42 exhibits are a solid foundation and focus on World War II, the Holocaust and South African politics. Light-hearted or uplighting fare is few and far between. Google’s Mark Yoshitake has acknowledged the project will expand in the future though.

The exhibits themselves are displayed on a horizontal timeline, with navigation predominantly left and right arrows on both sides of the screen (you scroll across as opposed to scrolling down). This orientation makes sense when thinking about how exhibits are displayed in the real world, and Google has done a good job with its darker color scheme in keeping the site beautiful but solemn.

My Personal Thoughts

Eager to experience this revolutionary and game-changing web project, I spent a couple of hours perusing the site’s offerings. It wasn’t a life-altering experience, but I could immediately see its usefulness, especially if I was researching a moment in history covered by one of the digital exhibits. 

Personal items that you would only see in a museum were also included in the exhibits, including photographs of Frank’s infamous diary in the Anne Frank exhibit, and pictures of locks of hair in the Tragic Love at Auschwitz exhibit. These items were diligently added by curators trying to create in-depth stories about their subjects - and I certainly appreciated them. But I couldn’t help but feel their impact on me was cheapened when viewed through the Internet as opposed to me seeing it in person.

In a good museum, getting lost can be half the fun. Google’s Cultural Institute isn’t built yet for this type of free-form exploration, though I was able to achieve a bit of that same sense of discovery by browsing through the photo collections of LIFE and Getty Images, a search that was surprisingly clunky for a Google product. While browsing, I found this 1985 photo of former Libyan leader Gaddafi and a whole section of photos about the 1956 Hungarian Revolution. As a refugee from a former Soviet Union-occupied country, I was disappointed by the lack of cohesive exhibits about the USSR (or Hungary), but the vast photo collections might one day be organized like the previously mentioned 42 exhibits. (Some additional treats I found: this photo of a gay couple walking by graffiti on the Berlin wall, Boris Yeltsin making a fist while a portrait of Lenin looks on, and an anti-NATO communist propaganda poster from 1981.)

Would I visit the Cultural Institute again? Definitely. But it in no way replaced the experience of an actual museum. If anything, it made me appreciate my local (and physical) institutions a bit more.

When the Web was still text links and tables, Adobe Flash brought us rollovers, interactive games and kitten videos. But a hard stand by Apple was the begining of the end for the groundbreaking technology, and guess what? We'll be OK without it.

The Backstory

The early years of the Web were pretty barren, multimedia-wise. Browser inconsistencies, bandwidth disparities, perpetually evolving standards and the cowboy coding needed to hack everything together made interactivity beyond text forms a mess.

Quality online multimedia experiences were a joke. To fill the holes, ambitious developers released a slew of plug-in applications users could install to augment their experience. Some of these were specific enhancements, like allowing a browser to display a new image format, while others were entirely new environments that ran inside a browser. Over time, the best plug-ins tended to work their way into the browsers or updated HTML specifications, while lesser ones died on the vine as they became irrelevant.

The biggest exception to this rule was Macromedia Flash, a graphics and animation client plugin with its own design environment. Flash, which began as a Mac and Windows application called FutureSplash Animator, made it simple for designers to bring shrinkwrap-quality, graphically rich interactive media to Web users for the first time.

Over the next decade, Flash's powerful, simple authoring environment attracted legions of developers and designers and its user base exploded. Ad agencies and ambitious businesses jumped on the additional interactivity it added to vanilla HTML, and by 2000, Flash was unavoidable, showing up in interactive ads, pop-up menus and online video players. In some cases, it even replaced entire websites. Adobe's 2005 purchase of Macromedia further consolidated the design tool industry and gave Flash even more support.

While pop-ups and online games were the most noticeable example of the platform's dominance, Flash started creeping into traditional business applications, as well. The broad developer base and cross-platform appeal gave rise to Rich Internet Applications (RIA) like Balsamiq Mockups, a prototyping tool of which I'm both a fan and a paid user. RIAs require installation of a client framework (in Adobe's case, the Adobe Integrated Runtime environment), but developers can push out a single application in a very short time that runs on any compatible client, which is also a big plus for mobile workers.

The Problem

In a word: Apple.

Flash's problems run deeper than any one competitor, but Apple brought down the house. When Apple released the iPhone and iPad without support for Flash, it ended a long history of cooperation between the two companies (Apple actually owned a fifth of Adobe early on) and called into question the validity of Flash's cross-platform claims. Sure, Android supported Flash, as did Windows, Linux and Apple's own Mac OS, but iOS was a glaring hole.

There were a host of other problems with Flash, from serious security flaws to performance problems (many of which Steve Jobs called out in his now-famous 2010 post), but in the end, the lack of an iOS client spelled the doom of mobile Flash.

With iOS off the table, Adobe ceded the Android market, as well. That leaves mobile developers with the task of developing redundant native apps or – as Apple and others have long recommended – apps built in HTML 5.

And there's the issue. By giving up the mobile Web, Adobe has effectively abandoned the rest of the Web, too. Why bother writing a desktop-based browser app in Flash when you can just reuse (or at least tweak and repurpose) the code you've written for mobile platforms? It took 10 years longer than usual, but Apple's refusal to support Flash exposed a truth. Technology has caught up, and we no longer need Adobe's plugin–or at least we're close. Microsoft announced a limited role for Flash in Windows 8's Metro browser. It's an acknowledgement that we're not quite Flash-free yet, but the writing is on the wall.

The Prognosis

With tablets and smartphones outselling PCs, the mobile Web is the Web, so Flash isn't an option. Developers can bridge UI differences between devices (e.g., designing for both mouse-driven and touchscreen interfaces) within HTML 5, so Flash in the browser will all but disappear.

Can This Technology Be Saved?

Flash will never return to the prominence it once had, but it will linger on the desktop for as long as there are skilled developers willing to do the work. Adobe offers solid tools that appeal to a lot of non-traditional developers, and the development environment could continue to serve those users as they build apps for other platforms. However, compared to the juggernaut of an ecosystem Flash used to be, that's a niche market, so Adobe could easily decide to bow out or sell off the product.

Previous Technology Deathwatches

In-House Datacenters: No change

Point-and-Shoot Cameras: No change

Video Game Consoles: The utility of bundles apps like Netflix and Vudu seems to be slipping. An NPD Study showed that one in five consumers who view streaming video on their TVs do so without a peripheral device.

Blu-Ray: The same NPD study reveals that "online video is maturing” as users migrate to watching streaming media on their TVs.

QR Codes: It's been a mixed bag. While Bank of America is testing QR codes for mobile payments (good news for the technology), a security researcher demonstrated how a malicious QR code could be used to wipe a Samsung smartphone.

Company Deathwatches

For an update on our baker's dozen of company Deathwatches, check out our updated ReadWriteWeb DeathWatch Update: The Unlucky 13.

Steve Jobs image by Matthew Yohe.

Your next suitcase might follow close at your heels as you make your way through the airport. Tell Roomba to clear out space in the closet.

Built by a member of CargoCollective's creative online community, Hop (think: bellhop) uses three built-in sensors that communicate via Bluetooth with your cellphone. Hop! follows your phone at a set distance with the aid of two simple caterpillar tracks built into the bottom.  

Should Hop get separated from you (or the signal become too weak to receive), the suitcase will lock itself and alert your phone. It’s not clear how you would find the suitcase after it has alerted you to being lost - this is a prototype and the webpage is sparse - but some sort of GPS tracking device is probably in order.  

Hop doesn’t shake, beep and unpack itself yet, but its creator has big dreams, calling it the “next generation of luggage.”  

“If a suitcase can move by itself, besides facilitating the lives of a large number of travellers, families, disabled people, [it] could also spare all the elements that moves externally the baggage (conveyor belts, carts),” writes the unnamed creator on the official Hop website.

Multiple Hops can also be programmed to follow one another - a nifty feature for family-friendly travel.

Just as many companies won't hire the unemployed, new research suggests workers may tend to avoid jobs that have been open too long. A look at high-growth areas like Silicon Valley reveals some big disconnects between the expectations of tech job employers and job seekers - leaving many positions open and many professionals unemployed. 

Finding a tech job these days should be as easy as shooting fish in a barrel, right? Not since the dot.com boom of the late 1990s have so many companies sprouted up with a mission to create software and provide online services to the masses. Heck, even jobs in general seem to be making a comeback. The U.S. Labor Department's national numbers on unemployment claims dropped to 7.8% from 8.1% last week.

That optimism might be overheated, however. Information technology-related jobs (IT jobs) saw reductions of 1,700 workers last month, according to research released this week from Foote Partners Research Group. That's the first monthly drop in IT industry jobs that was not labor related since 2010. Compared to earlier this year, unemployment for IT workers mostly befell Web developers, network architects, computer systems analysts and software developers, according to the Bureau of Labor Statistics.

Not Time To Panic For Tech Workers

While not cause for full-scale panic, the decrease hints at a broader industry problem: Employers can't find enough qualified employees even as job seekers can't find qualified openings.

In a perfect world, every manager fills open positions as quickly as possible. But even as many workers can't find appropriate positions, the market for technology professionals in certain geographies and skill-sets is remarkably tight.

Some 45% of surveyed hiring managers and recruiters told Dice.com it was taking longer to fill positions relative to last year (June 2012 compared to June 2011). The number one reason, according to Alice Hill, managing director of Dice.com: an inability to find qualified professionals. That was followed by hiring managers being more discerning waiting for the perfect match.

The problem is that waiting for the ideal candidate may mean job postings remain open for longer than some job seekers are comfortable with. The longer a job is open, the less likely it will get filled, according to Randstad Technologies a technology recruiter based in the U.K.

Does A Job Posting Have A Shelf Life?

To test its theory that employers should not keep job postings open indefinitely, Randstad contracted a survey of 2,001 people asking, "How many working days does a vacancy for a permanent job have to be open before it starts to look like a bad job that no one wants?"

Technology professionals in the U.K said they thought a post that was vacant an average of 67 days was most likely a job that no one wants. The survey did not indicate what kinds of employers had postings that lasted that long, nor what kinds of jobs could not be filled in more than two months time. Typically, online job posting websites like Dice.com, CareerBuilder.com and SimplyHired.com keep each posting for only a month. Most fill up in two weeks time, according to Dice.com's Hill.

Just as important, there could be many reasons why it’s taking longer to fill a particular position and not necessarily because it’s a “bad” job.

"There are instances where consulting or staffing companies are constantly in need of certain professionals," Hill says. "The job may appear to be the same, but it’s really a unique role with similar qualifications and experience needed."

Testing The Theory In Silicon Valley

Does this theory really hold true - especially in the hyper-competitive market of Silicon Valley? To find out, we took a look at job listings for tech positions listed on four well-known job-search sites for in Cupertino, Calif., the home of Apple.

It seems that some employers do have a hard time filing software developer jobs. A simple search turned up the following un-filled positions posted for more than a month:

Dice.com

• Software Developer & Report Writer - posted September 5
• .Net Software Developer - posted September 7

Careerbuilder.com

• CloudSystem Software Engineer - VI for a high-profile company in Palo Alto - posted 3 weeks ago
• Software Developer at a lesser-known company - posted 3 weeks ago

Simply Hired

• Sr. Software Dev Engineer Wireless at a high profile company in Seattle - posted 29 days ago
• Software Development Engineer in Test Framework at a high-profile company in Seattle - posted 17 days ago

Craigslist

• SW. Developer - Music Apps at an unknown company - posted September 8
• Senior C/C++ Software Developer at an unknown company - posted September 7

Job Postings Are Like Real Estate Listings

"Recruiting for a tech post is like trying to sell your house. Leave it on the market too long and, for whatever reason, people start to think there is something wrong with it," said Mike Beresford, managing director of Randstad. "That leads to fewer applications and increased pressures on the rest of the staff left trying to cover the empty position."

While IT jobs continue to be in high demand, the nature of employees and those looking for work in tech remains a dance between employers looking for skilled workers and skilled workers looking for better opportunities.

It may seem that in this economy, just posting an open position should be enough to get it filled. But as the research shows, it's also important to manage expectations - and to refresh job listings left up too long - if we want to get those positions filled and people back to work.

Images courtesy of Shutterstock.