Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed
Add to Google

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Visit Count

Software

Packages

Topic Guides

Digital ID Policies
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Copyright

Copyright © 2002-2012 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« June 2002 | Main | August 2002 »

July 31, 2002

You Can't Outsource City Hall

In this article in CIO Magazine, Tom Field says:

Outsourcing is a proven business strategy in the private sector, so why can't it work in City Hall?

The article proffers several opinions.  I have my own. 

First, many of the high-profile, failed outsourcing projects I'm aware of tried to outsource the whole thing.   Let's just outsource the whole IT department so we don't have to worry about it.  The problem is that IT is fundamental to business and the vendor may be great at delivering basic services and probably even application development, but they likely won't be great at adding value to agency mission (See my paper on Modular IT Organization).    That has to come from people who are part of the executive team and understand the business.  Sure, a consultant could get there, but not if they're viewed as a mere vendor of services. 

Second, outsourcing works best when its used to augment staff, rather than replace them outright.  I've seen more than one outsourcing contract that was done by people or organizations who really didn't understand the technology and were just praying that something good would happen.  If you've got an tech organization that's healthy, smart, and innovative, then augmenting them with some additional help is great.  If they don't know what's going on, you're just asking for the vendor and the state to be disappointed. 

9:46 PM | Comments () | Recommend This | Print This

CS Lecture Series at UVSC

I've been asked to kick off  the Utah Valley State College Computer Science Department's Invited Lecture Series.    The lecture is at 5pm on August 28th.  I'll probably talk on web services. 

9:34 PM | Comments () | Recommend This | Print This

July 30, 2002

Third Day at the Western CIO Summit

Here is my trip report from my third day at the Western CIO Summit.

The VoiceStream GSM card that I've been testig was a big let down. It dropped connection after about 4 minutes very consistently. At first I though it was the location, but I've tested it in Denver since then with the same result.

11:35 PM | Comments () | Recommend This | Print This

July 29, 2002

Second Day at Western CIO Summit

Here is my trip report from my second day at the Western CIO Summit sponsored by Western Information Technology Council.

11:15 AM | Comments () | Recommend This | Print This

July 28, 2002

First Day at Western CIO Summit

Here is my trip report from my first day at the Western CIO Summit in Breckenridge, CO.

9:58 PM | Comments () | Recommend This | Print This

July 26, 2002

Speaking of Open Source in Utah Government: A New Blog

Joe Leary is a member of our Division of Information Technology Services and he has taken up my challenge and created a blog about his work.  He is one of the poeple who is most involved in the use of open source in Utah state government. 

So far, I'm getting off pretty cheap.  I hope that I have to shell out a little more!  I'd love nothing more than to have 50 to 100 blogs going from the Utah IT community.  Then I'll buy a google appliance and point it at them and see what kind of good stuff we can do. 

1:41 PM | Comments () | Recommend This | Print This

Friday at OSCON

Here is the trip report from my third day at OSCON.  I'll be updating the story from time to time throughout the day. 

10:20 AM | Comments () | Recommend This | Print This

July 25, 2002

Barriers to Open Source in Government

We didn't get a chance to really talk about the barriers to using open source in government at our panel, so I decided at least, I'd post them here for anyone who's interested.  Broadly, they fall into (1) technical issues, (2) perception issues, and (3) cultural issues.  Of the three, the last is the most difficult to overcome.  Here are some specifics:

  1. Sales droids.  I could spend all day every day talking to salespeople from one company or another.  Some of them are quite useful to me from an educational standpoint and some of them aren't.  They all want to be my partner, but being a "partner" with your local sales rep is the way CIO's lose there jobs or, worse, go to jail.  But the point is, there are no open source salespeople.  They don't come knocking on the doors of the many people in my organization the way the salespeople from IBM, Oracle, Sun, and on and on and on do.  Thus, unless you're really trying, open source is not top of mind.
  2. Consultants. Governments don't, as a rule, develop software.  They hire consultants to develop software.  Consultants don't make money selling me open source solutions.  They make money reselling me software and then customizing it.  So, if you want open source in government, you've got to penetrate the consultant camp. 
  3. No OS culture.  As an example, there is at least one IT person in the state who started working for the state of Utah before I was born (and I'm not that young).  There are many more like him with almost the same tenure.  These people are smart and know their stuff.  May of them started out in mainframes and have made the jump to UNIX or something else.  Still, their mindset is to buy from the vendors they know---not go out on google or freshmeat and search for some open source software. 
  4. Risk.  As an example, consider StarOffice.   I've been a StarOffice user for quite a while.  Still, I have to admit its a chore sometimes.  And even if I factor out the parts of the chore that would go away if all my co-workers used StarOffice, its got some bumps.  Changing a software product like the office suite causes lots of grief no matter what.  Using something like StarOffice though would likely unleash a hailstorm of blame on the decision to use something that wasn't mainstream.  No one's going to fire me or anyone else for using Office.  You can only fight so many battles and I've fought my share. 
  5. IT Lobbying (or the lack thereof).  I did mention this one in the panel session.  The fact is, that IT companies as a whole are very naive when it comes to government.  They are not present in proportion to the size of the industry---not even close.  Like it or not, lobbyists serve an important educational role in government.  Legislators identify issues that are worth their time, in some cases, by lobbying action.  They learn the issues and decide to explore further.  Without this, they're unlikely to spend a lot of time.  We will lose every single important congressional and legislative battle unless the IT industry wakes up and recognizes this fact. 

I did get in a few licks for my Principals for Enabling Web Services, which I view as an important mandate for making government system interoperate and making the open, if not built on open source.  The fact is that the best tools for building open system are open source.   I made mention of the article in the Circuits section of the NY Times yesterday on privacy.  This section is particularly interesting and apropos:

Waqaas Fahmawi, 25, used to sign petitions freely when he was in college. "In the past you would physically sign a petition and could confidently know that it would disappear into oblivion," said Mr. Fahmawi, a Palestinian-American who works as an economist for the Commerce Department.

But after he discovered that his signatures from his college years had been archived on the Internet, he became reluctant to sign petitions for fear that potential employers would hold his political views again him.

He feels stifled in his political expression. "The fact I have to think about this," he said, "really does show we live in a system of thought control."

Our government is based on open records.  If these petitions aren't public, how could government work?  This is the very thing that should be public.  I'm afraid that just because someone has the expectation of privacy, we'll have to give it to them whether its right or not.   Freedom of expression is NOT the same as freedom from consequences of that expression. 

9:43 PM | Comments () | Recommend This | Print This

Thursday at OSCON

Here is the trip report from my second day at OSCON.  I'll be updating the story from time to time throughout the day. 

11:13 AM | Comments () | Recommend This | Print This

Wednesday at OSCON

Here is my trip report from my  first day at OSCON

12:52 AM | Comments () | Recommend This | Print This

July 24, 2002

WiFi Frustrations

I finally made it to the OSCON conference in San Diego.  I'm listening to Matt Sergeant talk about "Why SOAP Sucks, Why SOAP Rocks."  A pretty interesting talk.  

Along the way, I've had some WiFi frustrations.  First, I got associated in the Delta Crown Room in Salt Lake City, but couldn't find a DHCP server.  Either it wasn't meant for public use or it was broken.  Next, I couldn't get into a room above the 8th floor at the Sheraton, so no in-room broadband connections.  The final straw was that on the conference floor, I got associated, but my machine (W2K) kept giving me a BSOD saying I had Multiple_IRP_Requests.  

So, how am I connected?  Using a VoiceStream wireless modem.  Always pays to be prepared. 

6:37 PM | Comments () | Recommend This | Print This

True to Ourselves

Dave writes in People with good hearts:

Being kind to each other doesn't have to interfere with being true to ourselves; please let's do the extra work to find out where the anger is coming from, and try not to be angry at someone, esp not me.  [Scripting News]

I'd change his first sentence a little to read: "Being kind to each other is being true to ourselves."  I say that because if you can listen to what you know you should do (i.e. be true to yourself), you'll be kind.  Is easy to take things personal that aren't and that lowers to level of discourse considerably.   

10:35 AM | Comments () | Recommend This | Print This

July 23, 2002

Short notes points out an

Short notes points out an article on XML and Semantic Transparency by Robin Cover that says just what I've been saying on XML and semantics.   Should be required reading for anyone using XML. 

10:14 PM | Comments () | Recommend This | Print This

Comments on Staying Sane

I just read Clemens Vasters Staying sane in an XML Web Services World.  While there are some good things in there that I do agree with (like the immutability of XML Schema) I disagree strongly with his philosophical statements on semantics.  In particular, he says:

Using XML, we express semantics in a well defined way.

and

XML Schema is based on semantics. If the underlying semantics change so that they are largely incompatible with the previous semantics, the Schema changes and becomes a new one, even if it would be technically sufficient to express the new semantics.

This is just not true.  XML has nothing to do with semantics and the semantics could change drastically without any change to the schema.  You can't express semantics using a context free grammar---only syntax.  Certainly most XML (unless its nonsense) has a semantics associated with it, but the semantics is not expressed by the XML or its schema. 

Don't let someone tell you that they're going to express semantics in XML.  It can't be done.  The semantics will live somewhere else.   Here's a simple example from a programming language.  What does the following expression mean?

a + b

You can't tell: it might be simple addition, string concatenation, matrix addition, or even something I just made up.  Its meaning is context sensitive, for starters, since we'd need to know the types of a and b and even then, we can only guess what + means without a definition.  Yet, all of those semantic realities exist on the same piece of syntax: a + b.  The same is true of XML.  The schema, tells you the right form, but it doesn't tell you the meaning. 

This is junior level computer science.  You can express semantics in a number of ways:

  1. Operational semantics
  2. Translational semantics
  3. Denotational semantics
  4. Predicate-based (Hoare) semantics

None of these methods will work with a context free grammar like XML.  You need something at least as powerful as recursive functions (turing machines) to make any of these methods work.    (For a good introduction, you might look at Formal Semantics by Glynn Winskel.  There are lots of other good books on the subject that I'd be happy to point out--I've got a whole bookshelf of them.)

8:58 PM | Comments () | Recommend This | Print This

Wal-Mart CIO Interview

Wal-Mart is the world's largest company and one which has consistently used technology as a competitive advantage.  In this article, their CIO talks about how they manage IT systems.  He lists three key philosophies behind his IT strategy:

  1. The first philosophy is to run a centralized information system for our operations all over the world, and we run that from Arkansas.
  2. The second is to have common systems and common platforms.
  3. The third is to be merchants first and technologists second.

In this day of XML standards, one might question why someone cares about (1) and (2) until you start asking about cost.  I like to say that an engineer is someone who can do for a dollar what any fool can do for two.  I've also learned, the hard way, that XML is great for interoperability when you can't control both ends of the system (or don't expect to in the future).  When you do control all the pieces, however, XML is a whole lot of parsing for nothing. 

Its hard to get people to see the wisdom in the first two philosophies.  There's a natural tendency to autonomy, decentralization, and disparate systems.  Many confuse these statements with geographic or system centralization, which is not the case.  I'm sure, for example, that Wal-Mart has both people and systems spread out around the globe.  What they don't have is fiefdoms.  I've written a white paper on IT organization that speaks to how I'd like to see IT functions organized in Utah. 

4:06 PM | Comments () | Recommend This | Print This

Doonesbury on WiFi

Network StumblerThis Doonesbury strip appeared Sunday.  All you need is an iPAQ (or a laptop, although its hard to walk with) and NetStumbler.  I just went to the NetStumbler site to get the URL to link here and see that they have the same cartoon on their homepage.  As an aside, the NetStumber homepage appears to be a Slash site being operated as a blog. 

1:49 PM | Comments () | Recommend This | Print This

July 22, 2002

O'Reilly Open Source Conference

I'm going to the O'Reilly Open Source convention in San Diego Wednesday through Friday.  I'll be participating on the panel on open source in government (go figure).  Drop me a line if you're in the mood to talk in person.  We'll get together and talk about ID or web services or even WiFi on trains. 

10:21 PM | Comments () | Recommend This | Print This

Single Sign-On at Utah.gov

One of the features we'd like to introduce on www.utah.gov in the near future is personalization.  The issue is a real one because, like a large consumer portal, we have hundreds of services and thousands of constituencies.  There's no way a single front page, no matter how well designed, can serve all of those needs.  What a rancher in Juab county wants from utah.gov is likely very different from the needs of a single mother of two in Murray City. 

The basis for any personalization, form-filling, etc. is ID and user profiles.  A few years ago, that meant designing a profile system and hooking it up.  In today's world, however, you need to support at least three things:

Unfortunately, you still need to roll your own for a couple of reasons.  First, many users won't have a profile at AOL or Microsoft and won't want to build one.  Second, there are profile parameters that won't be in those systems.  What you're really getting when you sign on with Passport or Liberty Alliance is single sign-on and interoperability with their partners, not a solution to your own problems. 

10:02 AM | Comments () | Recommend This | Print This

July 20, 2002

Product Management

Dave McNamee is one of the first Utah IT employees to take me up on my offer get started on weblogs.  Dave is a product manager in the Information Technology Services division. 

One of the first things I did when I took the job as CIO for Utah was to try to introduce the concept of product management.  While it might seem funny to think of government as having "products," the discipline's concepts for developing software and online services to meet business needs are as applicable here as they are anywhere.    

I wrote a white paper on the subject as an introduction to the discipline.  We've also created a product management council for our eGovernment services.  We're going through a rather draining process right now which I think will cement many product management concepts into the way we govern cross-agency development.        

5:26 PM | Comments () | Recommend This | Print This

July 19, 2002

WiFi and Mass Transit

One of the great things about my job is that there are lots of interesting opportunities.  For example, I had a meeting with the Utah Transit Authority today.  We were discussing wide area networks for connecting up busses, police cruisers, and other field workers (of which we have a lot).  This is a challenge when 80% of your land area contains less that 20% of the population.  Still, there's some interesting things happening there.  More on that subject later. 

While we were talking, we got around to WiFi.  UTA has plans to install WiFi access points at the stations along the TRAX (light rail) line.  This is pretty easy to do since they already have network access at each station.  The question remains whether commuters will have access to the network or not.  I'd like to see it taken one step further and have Internet access on the train itself.  That would sure get my attention as a commuter. 

The big question is whether this would be a service offered to promote commuting or as a revenue source.  I know plenty of people who would pay $10/month to have Internet access while they ride the train.  It would be pretty easy to do using a captive portal.  Have users establish an account and then give them a token each time they log in that's good for an hour of access (long enough to go end to end).    We even got in a conversation about warchalking!

5:19 PM | Comments () | Recommend This | Print This

Enterprise Development in Utah

On Wednesday, I spoke to the enterprise development group on my principles for enabling web services.  The enterprise development group, or eDG as they call themselves is a group of specialists from across our IT organizations that meet regularly to share expertise and develop some de facto standards for multi-tiered applications in Utah. 

I'm very supportive of these kinds of groups since I think they represent our best hope at building community in an IT organization that is best described as "sprawling."  We have talented experts buried deep within the organization and, often, the biggest problem we face is being able to get the right people on the job.  When an issue comes up, we likely have someone who knows just want to do, but no way to get that expertise to the job.  Building overlapping communities of specialists and communities of interests seems the best way to attack this problem.  My open offer on blogs is an attempt to jump start some of those communities. 

11:48 AM | Comments () | Recommend This | Print This

July 18, 2002

Amazon Web Services and REST

A few days ago, Amazon announced their web services program.  Unfortunately, I had two days without much time to play.   Tonight I finally had a little time. 

Amazon's progam supports both a SOAP/RPC model and a RESTful model.  Using the RESTful model, I cobbled up the Amazon results box on the right side of this page.  This is the XSL file that I used and this is the URL I called.   A few observations:

  1. My task was made more difficult by the lack of good error messages from Amazon.  Note the the XSL file specifically passes error messages through.  At first, I wasn't even seeing what little Amazon did send and that was murder.
  2. XSL needs some good tools for debugging and testing.  As it happens, XSL is a programming language with few (maybe no) support and debugging tools.  What's worse, its a rule based language, an unfamiliar paradigm for most people.  People used to give me a bad time about Scheme and LISP.  I can't believe they'll use XSL.  See my earlier rant on XML based programming languages if there's some doubt as to how I feel. 
  3. Amazon apparently caches the XSL file that they read from me and so I had to keep renaming it.  There's probably some way to tell it to clear the cache, but hey, what do you expect me to do, actually read the docs? 
  4. The hardest part, by far, was finding the right verb in Frontier to do the HTTP call to Amazon and return the result. 

All in all, a surprisingly easy task.  Someone who knew both Frontier and XSL could have probably done it in under 15 minutes. 

11:51 PM | Comments () | Recommend This | Print This

US House of Representatives and XML

The US House of Representatives has made a significant effort in developing DTDs for describing bills.   My authority as Utah CIO doesn't extend to the Utah Legislature (you can tell from their URL), but I'd still love to see them adopt something like the House standards.  They might be able to just use the House DTDs directly.  A recent article in Government Computer News writes about the House XML efforts.   

4:34 PM | Comments () | Recommend This | Print This

July 16, 2002

Lindon Moves Ahead with UTOPIA

I live in a small city called Lindon with about 6000 residents.  Tonight the City Council had a vote on whether or not to move forward to the second phase (feasibility study) portion of the UTOPIA (broadband) project.  Going into the meeting, word was that the council was going to disapprove it 3-1.  

I'm a fan of the project and said so tonight.  Kelly Phillipps, CTO of Center 7, one of the city's high tech businesses and hopeful network services provider for UTOPIA, also spoke in favor of the city's participation.  In the end, they approved the approximately $40,000 necessary to participate in the feasibility study 3-1.  

Maybe we turned them, maybe they would have voted that way no matter what, but its nice to participate and feel heard.  Technology voices are needed in public policy debates.   

10:51 PM | Comments () | Recommend This | Print This

An Open Offer to Utah State IT Employees

I believe that the 900 or so IT employees of the State of Utah would benefit from speaking and listening to each other more. I think we need groups of specialists inside various departments to communicate with others in their specialty and without.  Consequently, I'd like to see more people writing blogs and communicating their ideas through an open forum like the one blogs engender.  To that end, I'm willing to pay the licensing fee to Userland for the first 100 employees who start a blog.  Here are the conditions:

  1. Download the software and begin using on the 30-day free trial.  I'd like to see you get a start before I pay the fee.  Let me know when you're up and running.
  2. I'm biased toward IT employees, but other are welcome too, particularly if they're interested in eGovernment.
  3. You're responsible for what you post.  If you're going to talk about things that shouldn't be public on Userland and need to be kept behind the state firewall, let me know and we'll set up a place inside the state network for that.  We could even set up an authenticated area, if needed. 

7:03 PM | Comments () | Recommend This | Print This

July 12, 2002

XLANG and WSFL: Syntactic Arsenic

An Infoworld article by Jon Udell says:

XML is a lousy syntax for programming languages, and BizTalk developers have longed for something more programmer-friendly. For XLANG users, help is on the way, according to Dave Wascha, lead product manager for BizTalk at Redmond, Wash.-based Microsoft. XML should be used to specify service choreography, he says, but it need not be used to implement it. A conventional syntax can do this more naturally, as Microsoft has shown in experiments using C#.  

To which I would have to say: "AMEN."  It seems that the world has gone XML crazy lately.  Because of the hype, its not surprising that anything that can be, has been turned into XML.  Still, XML is lousy to read and write.  Programming language people have a term for making the syntax of a language pretty: syntactic sugar.  XML is syntactic arsenic. 

As I said earlier:

  • XML is just a context free grammar
  • A DTD is just a BNF
  • A DOM is just a parse tree
  • An XML parser does the same job as LEX/YACC except that its interpreted.

This last point is what gives XML its power.  Because the parsers are interpreted, they can be handed a schema (read: grammar) on the fly and parse what is thrown at them into a standardized parse tree (DOM).  Its a lot easier to transfer the schema around than compiled parsers for every grammar that someone might define.

Given that, XML ought to be used where this kind of on-the-fly interpreted parsing is useful.  Data is one such place.  On the other hand,  I've never understood the move to "orchestration languages" like XLANG and WSFL for precisely that reason.  After all, how are they different than programming languages?  There are two big points:

  1. They're different because they use XML.  OK, so how much better would Java be if its was parsed in an interpreted fashion using a grammar that was downloaded from Sun (the standard holder)?  Not much as far as I can see. 
  2. People claim that we need a "language independent" way to specify control flow.  Baloney.  There's no such thing since XLANG and WSFL are languages.  We could just as easily translate C# into Java as into XLANG.  I used to have my CS330 students do that sort of thing for a class project. 

Context free grammars are useful for doing lots of things.  I've maintained for years, tongue in cheek, that context free grammars are the only thing in computer science we really understand.  (That's why you had to take a compiler class: its the science part of computer science.)   XML plays to that strength.   Still, XML isn't the only way to do a context free grammar and is one of the worst from a human readability standpoint. 

All these XML standard definitions point out the big flaw in everyone's wishful thinking concerning XML.  To do what people want it to do, XML would have to be able to convey semantics.  Because its just a CFG, it can't.  So, the semantics have to live somewhere else: the standard and what people understand about it.  The problem is that as soon as you have a standard syntax, you've negated much of the benefit of on-the-fly parsing.  Am I happy for the standards? Yes!  Do they need XML? NO!   Free me from XML tyranny!

2:44 PM | Comments () | Recommend This | Print This

NY Times Article on Warchalking

This article by Glenn Fleishmann in the NY Times quotes me on warchalking.   Meanwhile, the wheels of technology rollout in a large organization grind slowly, slowly, slowly.   

9:41 AM | Comments () | Recommend This | Print This

July 11, 2002

Anarchy and Infrastructure

Doc Searls has an absolutely fantastic slide show on his site from his talk at the June JabberConf.  Very compelling...

11:17 PM | Comments () | Recommend This | Print This

Mainframe Linux

Jon Udell writes:

IBM's mainframe Linux hosting service. A few months back I researched and wrote a story on mainframe Linux. ... I continue to find this technology alliance fascinating. Moving parts are the enemy, in my mind. The fewer the better. Provisioning a server farm in software, rather than as a collection of physical blades, seems like a great idea. The mainframe always had the raw virtualization capability, now in Linux it has something that's really worth virtualizing. One outcome, as this story notes, is a new kind of competition for the RackSpaces of the world: ... [Jon's Radio]

We have 4 large mainframes in our primary data center and the disaster recovery site.  Jim Calloway and his team have been playing around with Linux on them for about a year now.  So far, I've yet to see an ROI that makes sense, but then again, I've yet to see an ROI that takes into account total cost of ownership (TCO) including the reliability and availibility costs.  We run a tiered support model to provide reliability and the impact on the tiered support system of using the mainframe to run Linux would be interesting to analyze.  

As an aside to Jon's comments, we do run Oracle on the mainframes. In my previous life, we ran Veritas on paired Sun 4500's to provide the required databse reliability and that was just a flat out pain in the neck.  There's a big question in my mind as to whether Veritas was any help at all.  Often it made simple failures into bigger ones.  Running Oracle on a mainframe is the only way to go, if you can afford the mainframe or happen to have two or four laying around. 

8:51 PM | Comments () | Recommend This | Print This

Google! DayPop! This is my

Google! DayPop! This is my blogchalk: English, United States, Salt Lake, Lindon, Phil, Male, 41-45!

4:32 PM | Comments () | Recommend This | Print This

Darwin John Gets a New Job

The Salt Lake Tribune is reporting that the FBI has hired Darwin John, CIO for the LDS Church, as the new CIO for the FBI.  I think Darwin will do a great job there.  Working for the two organizations will probably be similar in a number of ways.  FBI CIO sounds like a very fun job.  Best of luck Darwin!

Update:  Here's a CNET interview with Darwin.   

10:52 AM | Comments () | Recommend This | Print This

July 10, 2002

GIS to the Rescue

An article in Fortune discusses IT and Homeland Security:

It's a very bad day in Galveston, Texas, home to one of the world's densest concentrations of petrochemical plants. An airborne plume of hydrofluoric acid--stuff so nasty it can dissolve glass--is spreading from a railroad tank car blown up in a terrorist attack. Public-safety officials are in a scramble to understand the scope of the disaster and how to protect the population. Fortunately they've got a geographic information system, or GIS, to get a handle on the crisis and respond to it--fast.

If you're not familiar with GIS software, its used to keep track of almost anything you can put GPS coordinates on.  Needless to say, GIS plays a very important role in state and other government IT systems.   In state government, every data record we have either has a social security number or GPS coordinates.   (Some have both). 

Utah's Automatic Geographic Reference Center is the group that coordinates GIS systems for the state of Utah.  They also created our state portal maps service.  in the same way that the scenario in Fortune has GIS playing an important role in a poisonous gas leak, our AGRC folks have done numerous studies on inundation plains for dam breaks and other natural and man made disasters.  GIS is a great tool to have in homeland security.  Utah's lucky to have a dedicated team of people at the state level and county governments who also understand the importance and cooperate closely with us to create a GIS system that is complete and accurate. 

4:48 PM | Comments () | Recommend This | Print This

SICP Online

Kenneth Hunt informs me that SICP is available online.  Thanks!

3:13 PM | Comments () | Recommend This | Print This

Federal Funding Process

An Information Week article says:


The manner in which the federal government funds some state IT projects is at odds with the way states are implementing common IT architectures back home, state CIOs complained to a congressional panel on Tuesday. Specifically, the IT systems bolster state-run social-service programs, including food stamps, child welfare, child-support enforcement, and Medicaid.

We continually fight this problem.  The ADP process has good intentions: ensure money is spent on what it was appropriated for.  On the other hand, as Aldona says:

"It's clear that the [ADP] process strongly discourages using federal program funds to create common IT infrastructure," Kentucky CIO Aldona Valicenti said in testimony prepared for the House Subcommittee on Technology and Procurement Policy. "Although it frequently costs less to the original program than creating a separate, standalone IT system, it's precisely because it would benefit other programs that it's often termed unallowable."

We fight this by being willing to engage the Federal program officers early and gain permission for what we're doing.  Governor Leavitt sees it as a "federalism" issue and we have a fairly good track record of engaging the Feds on it.  Still it takes time and effort, so you only do it when it really matters.

Another way we combat it is through architecture.  A good example is our eREP project.  We administer billions of dollars of federal benefits every year.  The IT system that manages this is being replaced (old crufty mainframe code).  The system is essentially a CRM system with lots of specialized rules to determine eligibility and calculate specific benefits.  Every federal welfare program is funded separately, so theoretically, we should build 6 or 7 eligibility systems.  Instead, a core CRM system and rules engine will serve them all, with individual modules built for the individual programs.  To satisfy the Feds, we have to be able to track and correctly allocate the costs and get some relief on ADP, but its workable.  For a system that will ultimately cost $50 million or so, its worth it. 

10:44 AM | Comments () | Recommend This | Print This

July 9, 2002

Digital ID World Conference

Digital Identity World 2002 ConferenceI've been invited to speak at the Digital ID World conference in Denver on October 9-11th. 

Identity and identity management is something I've written about before on these pages.  The ironic thing is that state governments issue what is now considered the gold standard of identity for most purposes: the driver's license.  Yet, state's don't consider themselves to be in the identity business.  We have abdicated that responsibility to private companies.  This may be OK, but we should pay attention to what is really happening: we're changing a fundamental model for identity, even if that model has been ad hoc or implicit.

The other side of identity in government is that governments store large amounts of personally identifying information on citizens.  Citizens are schizophrenic about this state of affairs: they demand the services, yet they fear the IT systems required to provide them. 

Come what may, this is a public policy debate, not a technology debate.  The most we can hope to do as technologists is to inform the debate as best we can and provide the best technology we can for what ever decision the public process comes up with. 

9:40 PM | Comments () | Recommend This | Print This

Guardian on Warchalking

This article in the Guardian quotes my weblog.  Interesting all the press that warchalking has generated. 

8:09 PM | Comments () | Recommend This | Print This

Book Review

Structure and Interpretation of Computer Programs - 2nd Edition
by Harold Abelson, Gerald Jay Sussman (Contributor), Julie Sussman (Contributor)

I was just reading Gordon Weakliem's weblog and noticed that he'd gotten interested in Scheme and was reading the Little Schemer.   I've read the Little Schemer and its OK, but Sussman and Abelson's "Structure and Interpretation of Computer Programs" has to be the best.  It was used for years at MIT as the introductory text for computing.  I've used it to teach hundreds of students in introductory computer science and programming language courses and think its the finest computer science text ever written.    The book has very sophisticated prinicipals in it, including a heavy dose of abstraction, and I think it gives an excellent grounding in principles as well as teaching beginning students to write some pretty cool programs.  

10:22 AM | Comments () | Recommend This | Print This

July 8, 2002

eGovernment and Ownership

John Patrick writes:

A trailer for towing motorcycles to and from always seemed like a good idea to me. Getting the trailer was the easy part. Registering it at the Department of Motor Vehicles in Connecticut was the hard part. First I rode to Danbury -- a half hour ride. Then I stood in line for ten minutes to get a form and a ticket with a number on it -- just like at the deli. My number was 462. The wait began.

This is a great eGovernment project.  The reason: its relatively hard.  Gotta love a challenge.  Renewing a registration is easy.  Establishing one is difficult because of a piece of paper called a "title."  How to establish proof of ownership on the web?  Digital signatures (if you can get people to use them--another story) are just part of the answer.  Still if we can do mortgages online, we can do titles.  

What do we need?  A system for generating and exchanging titles securely.  Ways of turning paper titles into electronic ones, ways to turn electronic titles into paper versions, standards to recognize titles from other states, ways to recover lost titles, etc. Trustworthy digital identity is the foundation of this, but only the foundation. 

6:00 PM | Comments () | Recommend This | Print This

Business Week Online on Warchalking

Business Week Online interviewed me last week on the Warchalking craze.  Their article quotes me in one paragraph, or at least semi-quotes me.  By the time a 15 minute conversation makes it down to one paragraph enough detail is lost that it sounds like we'll be installing 2000 WAPs next week.  Our roll-out will be a little more conservative than that.  Call this the "vision." 

5:12 PM | Comments () | Recommend This | Print This

IM and REST: First Class Events?

After posting the previous piece about IM and REST, I happened to see a reference to work DJ Admans is doing with weblog updates and Jabber on Scripting News.  The basic idea, as I understand it, is to use Jabber in lieu of something like MQSeries or JMS to notify people of changes to weblogs.  I see the usefulness of that: remember those discussions in your undergraduate architecture class about polling vs. interrupts?

News aggregators function by polling their RSS feeds.  If everyone on the net used news aggregators and subscribed to hundreds of channels and wanted near realtime notification of changes to resources (not unreasonable if I'm to use it for things like monintoring systems or my airline reservation) the whole thing would drop to its knees.  Interrupts (i.e event notification) are the answer.

Now, the RESTian response, I'm confident, would be HTTPEvents.  Not a bad idea and certainly something I'd like to see developed further.   From a RESTian point of view, using a system like Jabber or JMS to manage events takes them out of the "first class citizen" category (from a programming language theory point of view).  In a programming language, anything that can be manipulated within the programming language itself is a first class citizen.  So, for example, functions are first class citizens in ML, but not in Pascal (don't even think about C--it gets too weird).  In REST, to be first class, you need a URI and (probably) use HTTP. 

So, maybe the question for RESTians is how far to go with the religion and when to get practical (and I'm not saying that they've gone too far yet).  One example of a language where everything is first class is LISP.  An elegant language.  I love it.  Nevertheless, not a winner in the language wars.  If REST wants to "win," RESTians may have to decide when enough is enough. 

3:17 PM | Comments () | Recommend This | Print This

IM and REST

Technology review has a nice introductory article on the problems with IM in the enterprise.  Says the article:

But today that promise is stymied by IM software packages that use their own proprietary protocols. “The whole IM scene is as factionalized as Afghanistan,” says Rob Batchelder, research director at Gartner, a technology research firm in Stamford, CT.

My main concern is how to use IM behind the firewall with security, logging, etc. at a price that gives an ROI I can see without using a microscope.  I've been playing with jabber lately and have been pretty impressed.  I've haven't even started to consider the interoperability issues.  I guess I don't quite see it yet.  For example:

“Imagine,” says Sonu Aggarwal, CEO of Cordant, a Bellvue, WA maker of IM gateway software, “having a contact in your IM buddy list that represents your Delta flight reservation. Rather than having to call an 800-number and digging up your reservation code, that ‘buddy’ is your ticket, constantly communicating the status of the reservation.”

What I don't get is why I need an IM system to do this for me.  If the airline reservation system is well designed and my reservation has a URI, my aggregator can do that same job without interoperability of IM systems, new ports opened on the firewall, etc.  Maybe I'm high, but I don't see it yet. 

12:41 PM | Comments () | Recommend This | Print This

PTO Woes and Government IT

In a Government Computing News article entitled: PTO: No One Should Trust Our Systems, the following appears:

If disaster struck the Patent and Trademark Office’s data center today, the agency would be without access to its records for nearly four years and would have to spend $550 million to regenerate them from tape backups.

I think Utah is better off than that, much better; but the basic issue that leads up to this mess is at the heart of most problems with IT in government: the funding process.  The problem comes down to a sophie's choice:

  1. If you leave IT funding in the various agencies and departments, then they are constantly faced with decisions like: "do I fund the new system X that will update and modernize our IT systems or do I put 10,000 more kids on health insurance next year?"  The way our government works, the latter is likely the right choice. 
  2. If you fund IT out of a separate pot of money, then everytime someone goes looking for money for their special interest (and everything is a special interest) then your pot likely takes a hit.  You can get a vote by taking money away from IT system X and giving it to the homeless, or the environment, or anything else, any day of the week.

Its easy to say that politicians need to have more backbone and stand up to this kind of thing, but having seen this process from the inside now, that's easier said than done (remember the old joke about sausage?).   Anyone can say "I'll stand up to the special interests and bring good management to government." but the reality is that this is built into the way out political process works and what the press (because of its readership) finds interesting.  I can get a rally at the capitol everyday about a lot of things: IT isn't one of them. 

Part of the problem is that mostly IT companies are very politically unaware compared to their cousins in other industries.  Very little lobbying goes on by IT companies.  This means that IT issues are likely to be seen as "unimportant" by the harried legislator who has lots of people vying for his attention.

 

12:00 PM | Comments () | Recommend This | Print This

July 6, 2002

Privacy and Public Policy

The July issue of Communications of the ACM arrived today and as I thumbed through it, I started reading an article about the ever expanding network of local and federal databases.  The article discusses the potential problems with such data linking and retells some sad tales about the abuse of such networks.

This is a tricky issue for me: my job is linking all that information!  The issue of course is not a technology issue, but a public policy issue.  Utah passed legislation last year to protect the privacy of data that we collect for personalization purposes on our web site.  In general, however, public access to government data is at the heart of our democracy and so many are leary of any privacy safeguards for data that government controls.  HIPPA is another overlay on the issue. 

Richard Varn, the CIO of Iowa has thought a lot about this topic and sheds a lot of light on the issues.  Unfortunately, there are no easy answers, so they'll be worked out the way we work out all hard problems in our society: in the many legislatures and courts across the land. 

5:54 PM | Comments () | Recommend This | Print This

July 5, 2002

Blogging and Oliver Sacks

I'm just reading the article in the April 2002 issue of Wired on Oliver Sacks. One part of the article talks about Sacks' communications with a Russine neuropsychologist named Luria via snail mail.  My first thought was how inefficient one to one snail mail correspondence is for advancing knowledge; blogging works much better.  Its hard for me to remember my pre-Internet life (I started using the 'net in 1986) and how utterly disconnected I must have been.  

10:06 AM | Comments () | Recommend This | Print This

July 4, 2002

Blogs as Lab Notebooks

Jim McGee writes:

So, here's a gedanken experiment for you. Setup each incoming Ph.D. or Master's candidate with a weblog at the beginning of their program. Coach them to use the weblog as a lab notebook of their developing intellectual capital. Use your own weblog to comment on their work and their thinking. Where do you think these students will be after several years of sustained and steady writing? How many will have already started to establish reputations as serious thinkers?

I teach a course on enterprise computing.  I used Slash last year on the course homepage and loved it.  I've always required students to keep a bound lab book.  I think we don't teach computer science students enough about keeping a record of what you do. 

As soon as I started blogging, I had the same idea that Jim had: give each student a blog for the course and let that be their lab notebook.  Having each student's lab notebook available for others to read and comment on is a cool thing.  There's also a very good exercise there: have them set up their own ftp server, overlapping their http server (they all manage their own machine as part of the course) and use HTTP authentication to keep all but myself and TA out of one category in their blog where they post completed assignments.  So, would Userland be willing to donate 50 copies of Radio for the duration of the course? 

4:38 PM | Comments () | Recommend This | Print This

Jabber

I got jabber running on my test server.  I've had trouble getting the SSL support going, but its on the way (netstat -ar shows jabberd listening on port 5223 and openssl successfully retrieves the cert from jabberd).  The abundance of clients is good.  With SSL, my security concerns are slackened and it logs on the server and client sides.  Not bad.   This may be the right IM tool for the enterprise

4:29 PM | Comments () | Recommend This | Print This

July 3, 2002

Enabling Web Services

Not surprisingly, the State of Utah has a large amount of data and much of it is public.  Some of the data that holds the most interest to people is already available on our web site for searching.  For example, you can verify the validity of a professional license.  My plan is to enable web services by ensuring that anytime we make data available we do it in a way that produces at least XML and that URIs work for all queries (yes, RESTian principles are at play here). 

Let's face it, if we're going to build an application that lets someone query a database its a shame not to return XML since we can do it for little additional cost and the potential benefits are huge.  With that thought, I've been trying to come up with a set of principles that we can follow in state government to ensure that this happens. 

Without further ado, here is a list of principles I have so far.  What am I missing? 

  1. RSS should be produced, and the presence of an RSS feed clearly indicated, where applicable. For example, RSS feeds should be produced for events, press releases, chronological data such as rulings, judgments, and other decisions, etc.
  2. All queries for data from a web server should produce at least XML. If human readability is required, post process the XML with XSLT.  As an example, if I go to the professional licensing division and query about doctors, the application should, at a minimum, produce XML.
  3. Data queries should be accessible as a URI and a URI should be associated with each resource (a resource includes even a single data element). For example, I should be able to query for a professional license using a URI like: http://www.dopl.utah.gov/llv?last_name=windley (this is not a valid URI.) If this query returns a list of results, each of those results should be available individually as XML using a URI reference. 
  4. The API for this URI query language should be clearly documented using WSDL (?) and its location clearly identified.
  5. Avoid using a POST for queries.
  6. Use standards for XML where available rather than making up your own.  A good example is RSS.  Organizations that you belong to may already be developing XML standards for the type of data you have.  Still, dive in and keep moving; if you miss a standard its not the end of the world because its likely your data can be translated using XSLT into whatever standards come along later.
  7. Document whatever XML format you output using a DTD and ensure that the up to date DTD is available online and referenced in the generated XML.
  8. Consider displaying your data in multiple flavors to serve multiple audiences.  At a minimum, most queries will produce at least one flavor of XML and HTML. Once you’re producing the XML, its easy to display the data in multiple flavors by translating the base XML using XSLT.
  9. Include metadata with your XML. The Dublin Core elements in RDF are endorsed by the state GILS project and the CIO’s office. The GILS project has produced templates and schema specific to the State of Utah for the Dublin Core.
  10. Use WSIL to advertise the availability of your service.   If it becomes viable in the future we will use UDDI, but having everything documented in WSIL will make that step relatively easy. 
  11. Use web authentication and authorization for queries that require it, rather than a homegrown solution, so that single sign on from the statewide directory works and queries can be made using a URI instead of a post.
  12. URIs should be carefully designed (yes, designed) so that they are meaningful and unlikely to change in the future.  The URI is the public interface for your resource and, consequently, deserves great thought.  See "Cool URLs Don't Change" for more information. 

4:12 PM | Comments () | Recommend This | Print This

Content Management

Here is the draft of a paper on content management that will be distributed to all the employees of the state in our monthly electronic newsletter.  The paper discusses content management, RSS, aggregators, metadata, portals and personalization.  One of my first goals is to get the newsletter into our content management system and subscribge to its RSS feed.  Dave Fletcher is in charge of the newsletter and recently started blogging, so there's hope!

3:21 PM | Comments () | Recommend This | Print This

July 2, 2002

Recent Magazine Articles

Oct. 1, 2001 Issue of CIO Magazine: You Can Go Home Again.  An article about CIO's who worked for dot coms. 

May 2002 Issue of Government Technology Magazine: Secrets of a Successful IT Campaign.  An article about leading change in government IT organizations. 

Jan 31, 2002 Issue of VARBusiness Magazine: Getting Wired: Utah CIO Tells How. An interview where they actually quoted me verbatim.  Sometimes that's good.

9:08 PM | Comments () | Recommend This | Print This

REST and Hyperlinks

Back in May, Jon Udell wrote a column in Infoworld called "Hyperlinks Matter."  I was fascinated by the column and that is really what led me to start a BLOG (OK, so I get sidetracked easily). 

I just finished reading the two xml.com articles by Paul Prescod [1] [2] on REST and the light has finally gone on about why I liked the "Hyperlinks Matter" column.  REST proponents make a powerful argument about why the web works and why we shouldn't be so quick to give up on some important concepts (like URIs) that have served so well. 

I think that's why I like WSIL so much compared to UDDI: its in tune with the web.   Its easy to understand, easy to implement, and uses existing tools and techniques.  There's nothing to say that the URI representing the WSIL description couldn't be machine generated.  That's the great thing about a URI. 

I think the other thing I like about REST is the notion that programming on the Internet is fundamentally different than programming on a single machine or even tightly connected collection of machines and we ought to recognize that.  RPC-like mechanisms try to absract the network away. 

5:40 PM | Comments () | Recommend This | Print This

OReilly Open Source Conference

I'll be participating on a panel at the OReilly Open Source conference at the end of the month.  The panel is on open source software in government.  I've always been a big believer in open source and have tied to introduce it in my organization as we can. 

A good example is snort, an intrusion detection tool.  We were going to pay someone a lot of money for something not half as good simply because there was an assumption that the open source software somehow "wasn't acceptable." 

2:45 PM | Comments () | Recommend This | Print This

July 1, 2002

CRLs Matter When Certs Matter

Jon Udell writes:

Mozilla does CRL right. Last night, as an experiment, I revoked one of my Thawte Freemail certificates. Today I sent myself a message signed with that now-bogus cert. Few people have ever used an S/MIME cert. Still fewer, I am sure, have explored how email software deals with a CRL (certificate revocation list). ... [Jon's Radio]

CRLs are something I didn't pay much attention to until we started using digital certificates for things that really mattered (like law enforcement).  This is interesting information and its not surprising, I guess that Mozilla does it right. 

4:48 PM | Comments () | Recommend This | Print This

Fall COMDEX

I've been asked to speak on a panel at COMDEX in the fall.  The topic will be "Evaluating New Tools: How to Tell Which Hot, Breakthrough Products Will Stick" and it will be on Monday November 11th from 2:30-3:45.  I think the short answer is "throw them at the wall." 

Surprisingly, even though I live close to Las Vegas and fly my own plane (so its only a few hours away), I've never made it to COMDEX.  This will give me the excuse I've been looking for. 

10:06 AM | Comments () | Recommend This | Print This