I'm working on something else that's sort of related to this subject and noticed that rpaan polished the PHP code for this article on using PHP and iControl. It's nice. Great stuff, rpaan, and THANKS!

Imbibing: Water

This is an interesting article from Network World about how CIOs in Australia and New Zealand perceive security as being easier than reducing costs.

The IDC Annual Forecast for Management report surveyed 363 IT executives from Australia (254 respondents) and New Zealand (109 respondents) across industries including finance, distribution, leisure and the public sector.

CIO Challenges
Application layer threats	36%
Spyware	16%
Information Security	Bottom of the stack

The CIOs top priority for the next 12 months was reducing costs and addressing a lack of resources.

Okay,  here's a RADICAL idea. Let's reduce costs and address a lack of resources while dealing with application layer threats - all at the same time. 

Not kidding. A web application firewall (WAF) can address application layer threats. Because the WAF is performing an ever-vigilant watch over the applications, developers and security professionals can concentrate on other things - freeing up resources and reducing costs.

What's also interesting is that if the WAF is paired with an intelligent application delivery controller, capable of fully inspecting and manipulating requests and responses, you can also address that information security concern with the ability to dynamically adjust security policies when/if necessary to address emerging or newly discovered threats. While the CIO may not be so concerned about information security, I can't imagine that the guys in the trenches would put that concern at the bottom of the stack. They aren't called "Information Security Professionals" for nothing, after all.

Aren't convinced that a WAF is the right way to go? Well, the PCI Security Standards Council believes in WAF capabilities enough to make it one of two options in PCI DSS, specifically requirement 6.6. That's non trivial.

Also consider this analyst report from Stratecast, or this discussion on some of the benefits of centralizing application security.

Imbibing: Mountain Dew

Tech Republic blogger Toni Bowers discusses five high-tech skills that are waning as far as ability to command high salaries according to a recent Network World article. At the top of the list? HTML.

Denise Dubie writes in the Network World article:

As companies embrace Web 2.0 technologies such AJAX, demand for skills in HTML programming are taking a back seat. According to Foote Partners, pay for skills in technologies such as Ajax and XML increased by 12.5% in the last six months of 2007, while IT managers say they don’t see a demand for technology predecessors such as HTML. "I’m not seeing requirements for general Web 1.0 skills -- HTML programming skills," says Debbie Joy, lead solution architect for CSC in Phoenix.

Dude, wait? What?

I hate to be the one to break this news, but HTML is still very necessary in a Web 2.0 world. All the AJAX in the world isn't going to be very useful to clients if it can't be displayed and guess how that happens? Yes, good old HTML.

While it's true that in a Web 2.0 world the HTML is predominantly programmatically generated, but it's still HTML whether it's spit out by a server-side script/application like ASP or PHP or patched together using JavaScript and XML.

Someone still has to understand HTML and generate it and it isn't likely that the use of HTML is going to decline any time in the future. In fact, I wouldn't hire a "web application developer" who didn't know HTML. That'd be full of all kinds of fail. 

Now I've never been a fan of calling HTML "programming", because it's demeaning to code monkeys everywhere. (That's called irony, folks) The ability to write HTML makes you a programmer like banging out "chopsticks" makes you a concert pianist. And I think that the decreasing emphasis on HTML is related directly to the explosion of HTML "programmers" during the dot.com days, when anyone who understood how to write the markup for a table could get a fairly well paying gig doing just that. Today's web is built dynamically, and that requires "real" - or at least more real - programming skills because the languages through which HTML is generated are actual programming languages, requiring a basic understanding of conditional logic, variable manipulation, and parameters. That's not something that the HTML "programmers" of the dot.com era are going to be able to pick up out of an HTML reference guide.

So this article seems to be a bit misleading. HTML skills are - or at least should be - a requirement for web application developers because they are going to need to generate HTML. But the article is right in that the ability to slap together HTML isn't likely to help developers command a high salary, because understanding HTML in a Web 2.0 world is merely tablestakes. Trying to bank on your HTML skills today would be like trying to negotiate a higher salary because you can write a linked list¹. Yeah, go ahead and try it, I dare you.

HTML skillz may no longer be considered 1337, but they are still required and just as important - if not more so - as they have ever been.

Imbibing: Coffee