post

Atlassian Security Breach and Warning. >>> Update: Apology and Disclosure

crikey Well, well, hours after telling you not to change passwords, now I am telling you to change it… but this time with good reason. Minutes ago I’ve received a email from Atlassian:

We are sending you this message because we experienced a security breach and suspect that your Atlassian customer account password details (only) may have been compromised.
It is very unlikely that an unauthorised user has had the opportunity to log in to your account so far and if they have, there is very little in the way of personal information which could have been accessed. However, to minimise any further risk to your Atlassian account being compromised, we strongly recommend that you change your Atlassian account password as soon as possible using the procedure below.
Be aware that this security issue only affects Atlassian customers who created an Atlassian account and purchased one of our products before June 2008. Since then, we have been using a more secure user management system based on Atlassian’s Crowd product. When you change your Atlassian account password using the procedure below, your Atlassian customer account details will be stored in our updated Crowd user management system, which will further minimise the chance of a security breach occurring in future.
Procedure for changing your Atlassian customer account password:
1) Login to http://my.atlassian.com
2) Click “My Profile” (3rd tab)
3) Click “Change Password” (in Contact Information section)
4) Update your password to a new value
Atlassian apologises for the inconvenience caused. However, this is an extremely rare event for us and since we take security issues seriously, we are taking every precaution possible to minimise the effects of this security breach.

Sincerely/Best regards,
Glenn Butcher
Director of IT

Not fun .. and I expect to we’ll hear more from Atlassian soon.  For now they are obviously figthing whatever it is – status update from Twitter:

Atlassian had a security breach. Apologies for the confusion. Our site is experiencing heavy loads. We are working on getting back up ASAP.

Personally I am safe – I don’t have active accounts, just decided to help push Atlassian’s charity towards the finish line by purchasing 10 licences, but if you do, time to change the passwords…

Update:  co-Founder and co-CEO Mike Cannon-Brookes posted the details on the Atlassian blog.

Apparently an old, inactive database table that had already been migrated in July 2008 to the secure Crowd identity management system was not deleted mistakenly.  That indirectly answers the speculation about Atlassian passwords being stored in plain text format.  They are not – anymore, but they used to be, prior to July 2008.

Mike goes on to detail what was / was not compromised:  read for changes, they are resetting potentially compromised account passwords now.

He does not BS, owns up the mistake:

We made a big error. For this we are, of course, extremely sorry. The legacy customer database, with passwords stored in plain text, was a liability. Even though it wasn’t active, it should have been deleted. There’s no logical explanation for why it wasn’t, other than as we moved off one project, and on to the next one, we dropped the ball and screwed up.

They are still investigating what happened and Mike promises full disclosure, coming this week.

It’s been a bad day for Atlassian and some of their customers – but I’m glad they live up to their “Open Company, No Bullshit” slogan, and respond as expected.

(Cross-posted @ CloudAve)

post

Atlassian $timulus Package Inching Towards Finish Line

Quick update on the Atlassian $timulus drive I previously reported about:  at 2pm on the last day of the promotion, they are at $93K – the $100K donation is realistic… but they may need a little push.

So I decided to put my money (well, a little) where my mouth is and have just purchased 10 5-person  licences of Confluence, the market leading enterprise wiki.  Not that I can use them all – so I will find a way to give them away in the future.

If you want to help them donate $100K to Room to Read, you can do your part easily … and just as a reminder, you’re buying a $1,200 licence for $5.   What a bargain to close out the week. 🙂

Update: With 3 hours to go Atlassian is just $2.5K short of reaching the target.  See coverage map at Mike’s blog.

Update #2: Ah, the drama of the last minutes:

$640 short of $100k… with 20 minutes to go, my maths says we’re just going to miss! 🙂
$590 short. Need $30/minute now… at least we did $35 last minute! 🙂
Just tipped $99,510… I wonder if we should just leave it up for 10 minutes extra, or does that seem dodgy?
Well… computer says it’s…over $100k!!
Woo! Woo!!! Dancin’ around the room. Atlassian Stimulus Package 400% of $25k goal. What a week. Simply staggering. THANK YOU EVERYBODY!
Atlassian Stimulus Package (preliminary) final total – $100,350 for Room To Read in 120 hours from 7284 _awesome_ startups and teams!!

post

Atlassian $timulus Package Supports Charity. Two Days Left To Get Your (Almost) Free Confluence or Jira Licence.

This must be do-good-week.  Amongst all the talk about Ashton Kutcher’s challenge to CNN, how the follow-on Oprah show pushed Twitter to never-seen height, little attention was paid to the small fact that this initiative generated over $1 Million donations to Malaria No More.  Ashton started with his $100,000 check and was soon joined by Demi Moore, Ted Turner, Oprah and I don’t even know who else .. I lost count at $1M.   Hype aside, this is a major contribution to a good cause.

This week we’re also seeing a for-profit company, Atlassian drive to raise $100,000K for the benefit of Room to Read, an organization that builds schools, libraries in rural communities in Nepal, Cambodia, Vietnam, Bangladesh, Laos, Zambia …etc.  Doing good is in Atlassian’s DNA, likely coming from the co-Founder, who is a major Kiva Supporter.  His company had set up the Atlassian Foundation which donates basically 1% of everything:

  • 1% of company and employee time to Foundation projects
  • 1% of company equity to the Foundation
  • 1% of our products to non-profit groups

But wait!  This isn’t a post about charity only.  There’s a Deal in it for you!

The Atlassian $timulus package is a 5-day drive, during which you can get either Confluence, the excellent Enterprise Wiki, or Jira, the issue tracker – Atlassian’s first product that’s still an IT favourite  for $5 for 5 users.

Now I hear you ask: is that $5 per person per month?  That would by typical (actually low) pricing for most SaaS offerings.   NO!  It is:

  • A five-user licence (ie. $1 per person)
  • For a full year
  • For the full-featured entrerprise strenght products

My only regret is that it does not involve the hosted versions of these products.   But if it’s the downloadable, installable version, what’s this per year licence?  Most enterprise software is sold with a perpetual licence: you can use it forever.  But then the vendor pushes the (almost) mandatory maintenance fees to the tune of 20-25%, and major new releases every 4-5 years.

Atlassian does not play such games, their philosophy is transparency and simplicity. Software should be easy to learn, easy to use and easy to buy.  Hence the annual licence whish involves support. (Update: I misunderstood this part: the licence is a perpetual one, the additioal annual fees are for maintenance / support, and the are optional.)  And for comparison, the minimum annual licence for both Confluence and Jira is $1,200.

So Atlassian is essentially giving away $1,200 licences for free – but it’s actually a lot more.  This isn’t just your introductory price.  Customers who purchase during the $timulus week (only two days left) are locked in to their $1 per user price for the lifetime of the product, and those fees will be donated as well.   That goes way beyond giving up revenue – they can’t possibly provide support for $1 a year, so Atlassian is reaching into their pockets big time for years to come.

The initiative appears to be more wildly popular than they expected. The initial goal was to raise $25,000 for Room to Read, and they exceeded that target on the first day – hence the new objective of $100,000K.

Early this morning they were at 66% of the increased target:

Now, before someone thinks I am doing a paid commercial here: I am not receiving any form of compensation or incentive from Atlassian.  I simply like what they are doing.  A lot.

But I’m not naive.  This isn’t just charity.  It’s damned good marketing – in more ways then one.  First, as you may suspect is Brand recognition.

The second is perhaps less obvious: Atlassian’s initial product, Jira took several years to take off – the second, Confluence had much faster growth.  Part of their secret sauce has always been relying on a very loyal, very satisfied customer base, mostly IT-types who buy additional products from their trusted vendor.

So yes, Atlassian is seeding their market with thousands of free customers this week.  Which is fine, I’ve said before: you don’t have to be purely altruistic to do good.

Update: The Atlassian $timulus Package is now listed in Consumerist’s Morning Deals, along with Blu-Ray Discs and Casio Cameras 🙂

(Cross-posted from CloudAve. To stay abreast of news, analysis and just plain opinion on Cloud Computing, SaaS, Business grab the CloudAve Feed here.)

post

SocialText Becomes Really Social

Socialtext, the enterprise wiki company is no more… a wiki company, that is.  Not since Socialtext 3.0, the new release announced today.   Founder and Chairman Ross Mayfield calls his new baby a Connected Collaboration Platform, that’s modular, built on a widget framework, and consists of:

A fourth piece, Socialtext Signals is in the works, in private beta testing – I guess we could call it Twitter (Yammer?  ESME?) for the Enterprise.  Actually more, since it involves active microblogging – quick messages – as well as pulling in what users do elsewhere (FriendFeed?)

The platform is flexible, easy to customize via widgets, clearly the vision is that in an enterprise environment actionable information is pulled in from the transactional systems, too – i.e. ERP, CRM.

Knowing Ross as the uber-social guy something tells me this is what he always wanted to to: create Social Software.  But I tend to agree with Jevon MacDonald, who differentiates social software from the wiki, which is primarily a collaboration tool.  So Ross was really in the collaboration business and given his name became synonymous with wiki evangelism, he will no doubt have a hard time changing that image. smile_wink

This is not to say the wiki part, should be neglected… It is the primary collaboration facility for anything not well handled by process-driven, transactional systems, and all this social layer is just the glue that holds it all together.  (Hint: you will hear a lot more about Glue soon).

I had in the past been quite critical of Socialtext’s wiki component, and am looking forward to revisit it, as part of our wiki-series in the coming weeks @ CloudAve.  In the meantime, enjoy this video:

post

Email is Still Not Dead, and Won’t Be For a While

I can’t believe the email is dead theme, popped up again, this time on SocialMediaToday, originally on OnlineMarketerBlog.   I responded in detail on CloudAve.

Image credit: CrunchGear.

post

Email is Not in Danger, Thank You

Yet-another-email-is-dead (OK, just in danger) article, this time by Alex Iskold @ ReadWriteWeb.  Alex adds Twitter‘s increasing popularity to the standard “reusable” arguments: teenagers using IM, or increasingly SMS, and most recently Facebook instead of email which they find cumbersome, slow and unreliable – hence email usage will decline.

I beg to disagree as I did before, and before.  Sure, I also get frustrated by the occasional rapid-fire exchange of one-line emails when by the 15th round we both realize the conversation should have started on IM. Most of teenagers’ interaction is social, immediate, and SMS works perfectly well in those situations. However, we all enter business, get a job..etc sooner or later, like it or not…smile_wink Our communication style changes along with that – often requiring a build-up of logical structure, sequence, or simply a written record of facts, and email is vital for this type of communication.  As much fun Twitter may be, I rarely have (or see) serious ongoing discussions there  – in other words Tweets are in addition, instead of email.

Email in business is being “attacked” from another direction though: for project teams, planning activity, collaboratively designing a document, staging an event… etc email is a real wasteful medium. Or should I say, it’s the perfect place for information to get buried. This type of communication is most effective using a wiki, or an increasing number of online tools supporting native collaboration.  Yesterday I reviewed a startup CEO’s ppt deck, and it took us 4 rounds of emailed versions of the same presentation – it would have been a lot easier to collaborate on just one “master” presentation in Zoho Show.

So yes, I agree with Alex, even in business we’re offloading stuff off email.  But email is far from dead, or even in danger, and it won’t be any time soon. We just have to learn to use the right tool in the right situation. As usual, Rod Boothby says it better in a single chart:

Rod’s chart is almost two years old, but still valid – perhaps I would update it to say “Wiki and collaborative documents”.  My own post here is a slightly updated version of an older one from last year, which in turn was an almost verbatim reprint of another one from July 2006. I rarely re-post old stuff, but in this case I felt it still made a valid point.  Next year, when someone brings up the “is email dead?” question, I’ll dust it off again. smile_tongue

Zemanta Pixie
post

Atlassian Hiring Chief Heineken-taster

Last time I thought VP Marketing @ Atlassian was the Dream Job, but this one is better.  Your job will be to compare beer quality in Amsterdam vs. what they sell at Atlassian’s (almost) in-house pub in Sydney.   According to a commenter you may do some additional market research, too. smile_embaressed

 

Oh, well, here’s what they really want (cool company anyway).

post

Miss Australia for MindTouch

Which one would you pick?

I thought so…

I fully expected to see Miss Australia (my bad!) when Aaron sent me this ink:

http://www.misaustralia.com/viewer.aspx?EDP://20080624000020821190&magsection=spotlight-home&portal=_kb&section=management&title=Wiki+model+virtually+as+easy+as+it+gets&source=/_xmlfeeds/mis/spotlight/feed.xml

And guess what I got: the MIS logo. smile_sad

Oh, well, no babe today, but a good story on MindTouch DekiWiki, nevertheless.

post

Wiki Review or Rant?

I am deeply interested in wikis, and business oriented ones in particular, in fact was considering doing a fairly detailed comparative study, so I got really excited seeing on twitter that Tom Raftery posted an Enterprise wiki review. Too bad it’s not a review; it’s a rant that lacks any methodology or real comparison.

He goes at length describing the installation nightmare:

The setup of the Confluence wiki was far from straightforward. It took two of us the best part of a day to simply install it. Remember that as I was doing this for [email protected], this was not billable time. I was installing it on my own server and because Confluence requires TomCat as its webserver it had to run on a separate port to Apache. This meant several people couldn’t view it in their organisations.

Sounds to me like a case of bad platform choice. Now, I am by far not as technically inclined as Tom is, and am biased: I won’t touch anything that needs to be installed. That’s what Software as a Service is for. Which, incidentally is an available option for Confluence, so how Tom got into comparing “hard-to-install” Confluence with hosted PBwiki and Socialtext is beyond me – it’s an apples-to-oranges comparison. And there’s not much of a comparison either… here’s all he has to say about two other products:

By the way, I did also try out DekiWiki and Twiki but I ruled them out quite early on.

That’s not a very detailed review, if you ask me. DekiWiki is downloaded about 3000 times a day (!), so some people must like it… even though their acquisition of SocialText was just an April 1 joke. smile_regular

Joke apart, a word on picking the right tool for the right job: perhaps you don’t even need an “enterprise class” wiki for a conference. The official Oracle Wiki is based on Wetpaint, a decidedly consumer and community-focused platform.

My personal takeaway from this to me is to look at PBWiki: when I last checked it out, it was a baby-wiki for some reason popular in geek circles; apparently it has grown up. I’m not sure I will get to do the wiki review I’ve been planning, but in the meantime if Tom decides to write a real one, I am looking forward to reading it.

Update: Tom responded in a comment below. The hosted version of Confluence is NOT available under the community license. He ruled out DekiWiki as when he figured he could not to create Groups. There’s more, please read his comment.

post

Enterprise Software: from ERP to BRP

I had already spent half a decade implementing SAP solutions in the 90’s when I finally got enlightened, learning the “proper term” for what I was doing: ERP, as in Enterprise Resource Planning. The term was coined by then Gartner Analyst, now Enterprise Irregular Erik Keller. Now another fellow Enterprise Irregular, Sig Rinde introduces a new interpretation of ERP: Easily Repeatable Process. Of course he contrasts that with his new acronym, BRP (not to be confused with BPR, another 90’s favorite), which means Barely Repeatable Process. BRP is what Thingamy, Sig’s lightweight, extremely adoptable system attempts to address. But it’s a very-very tough sell…

ERP traditionally addresses the core, standard, and as such repeatable business processes. Whatever it can’t handle are the exceptions: processes to be handled by knowledge workers outside the realm of ERP, by traditional means: phone calls, spreadsheets, creative thinking and a lot of emailing back and forth. Exceptions may be a fraction of business volume, but they are what corporate employees spend most of their time resolving. If that’s the case, knowledge workers who come up with innovative solutions may consider it a good practice to document them just in case the “exception” ever occurs again… and if it does a few times, well then it’s no longer an exception, but a (Barely) Repeatable Process.

Wikis in the Enterprise are a simple yet effective solution to manage such BRPs: they facilitate collaboration of all knowledge workers involved, allow some structure (structure is helpful when not pre-imposed but flexibly created) to organize data and finally, as a by-product they serve as documentation of the solution for future re-use.

Neither process-driven heavyweight systems like ERP, nor innovative, lightweight collaboration tools like wikis are the one and only mantra for most businesses (see my previous rant on “you can’t run your supply chain on a wiki“), they have their own place and should complement each other. Standard business processes and exceptions are not black-and-white opposites either: it’s a continuum, and halfway is BRP. If ERP (in the traditional meaning) tries to address to many of theses BRPs, it gets overly complex (it already is!), hard to configure and use.

This is the dilemma Sig’s system, Thingamy addresses. It’s neither free-form collaboration, nor ERP: it’s a business system framework, that allows you to model and define business processes: a tool to create your own custom-made ERP, if you like.

And therein lies the rub. Most business users don’t want to create software. They want to use it. This was the problem that caused the demise of Teqlo: the unfunded, unproven belief, that users actually want to interactively create their tools. No, they want to deal with the urgent business problems (the BRP), using whatever tools are readily available.

Thingamy’s dilemma is finding the customer: it certainly won’t be the business user. A modeling tool, simple it may be has a learning curve, dealing with it is a distraction to say the least. Thingamy’s likely “owner” would be corporate IT which would have to create processes on demand. But we all know what happens if you need to call IT to create a “program” for you.smile_omg Thingamy could possibly be a handy tool for consultants, system integrator firms – but they all have their own army of programmers, toolsets..etc, which makes it an awfully hard sell, IMHO.

Thingamy is no doubt an elegant solution, I just don’t see the mass market need for it, because it does not solve a mass market problem. Or I should say, it does, but there’s a mismatch between whose problems it solves and who can use it. Sig himself defines collaboration as a workaround for the Barely Repeatable Processes in the Enterprise: my bet is that this “workaround” is here to stay for a long time.

Update (3/18): CIO Magazine interviews Ross Mayfield, Founder and Chairman of Socialtext, an enterprise wiki company:

Most employees don’t spend their time executing business process. That’s a myth. They spend most of their time handling exceptions to business process.

… the greatest source of sustainable innovation is how you’re handling these exceptions to business process.

… So I’ve always looked at it as we’re doing the other half of enterprise software: making this unstructured information transparent.