Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed
Add to Google

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Understanding RSS
Digital ID Policies
Understanding VoIP
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Copyright

Copyright © 2002-2006 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« April 2003 | Main | June 2003 »

May 30, 2003

Midterm 2

Midterm 2 will be in the testing center on June 2nd and 3rd. You may not take it early or late. The exam will cover up through Lecture 24. The style will be much like Midterm 1. You are responsible for knowing when the Testing Center is open and making sure you leave yourself enough time to complete the exam. As with Midterm 1, the exam is open book and open notes. You will probably want a copy of the project write-up.

1:15 PM | Comments () | Recommend This | Print This

Online Course Evaluations

You can complete the online course evaluation anytime between June 5 and the last reading day. You do so by signing onto Route Y and searching until you find the right link. :-) Course evaluations are an important form of feedback for faculty and I take them seriously. I've made many modifications to courses based on feedback from evaluations. I encourage you to participate.

11:14 AM | Comments () | Recommend This | Print This

May 29, 2003

Idaho Gem

Scientists at the University of Idaho and Utah State University announced today that they had succeeded in cloning a mule. The clone is named "Idaho Gem." Gordon Woods, one of the chief scientists on the project was my next door neighbor when I taught at the University of Idaho.

As with each new species cloned, Idaho Gem opens another door in the understanding of animal systems. Woods, who calls the mule "a 1,000-pound mouse that kicks," says the cloning may also help in the study of cancer. Key differences between horse and human cells may account for why horses have radically lower cancer rates.

11:06 PM | Comments () | Recommend This | Print This

Final Project

A few items of note for the final project.

  • You should be in the same group you were in for the first project. If that's not possible, let Grant know as soon as possible.
  • By tomorrow evening at midnight you should have emailed your languages preference to Grant. This is simply an ordered list of languages from the list in the report with three others that aren't listed there. There are hundreds of programming languages, so just pick some.
  • You'll need to find a working implementation of the language you're assigned. You may want to consider that before you order your list.
  • You won't be assigned anything that is familiar (like Java or C, so don't bother putting them on your list.
  • The write-up suggests you have a week to find and install an implementation of your language. You don't have anything like that. You've got a few days at the most. Part of this assignment is the finding and installing. If you don't think you can find an implementation of the language assigned to you, I'd better know very early (like Tuesday). Grant can help here as well.
  • Here are a few other language choices: XSLT, SR, MDP, PIC, Euclid, Miranda, Lucid, Juno, Mathematica, Pizza, GJ, etc.
  • If you're going to use Powerpoint for your presentation, You'll need to email it to me by noon the day of your presentation.

Relax and enjoy this. You're not supposed to be comfortable with these languages. That's the whole point. Just do a little research, pick some, and when you get your assignment, dive in.

10:39 PM | Comments () | Recommend This | Print This

Utah Interlinx: Broadband for St. George

This story in Wasatch Digital IQ discusses the utah Interlinx project which hopes to bring better broadband access to St George in Southern Utah. "The first stage includes buildingÊtwo new,Êredundant long-haul fiber opticÊlines into St. George,Ê and the second stage is to build a newÊnext-generation metro area network (MAN) utilizing both SONET and Gigabit Ethernet technologies." The story also talks about building a smart building in St. George. St. George is one of the fastest growing areas in Utah, so its not surprising that this kind of project is interesting to many, but its not clear to me from this article how its being financed or why it makes sense economically.

6:50 PM | Comments () | Recommend This | Print This

More Organizational Blogging Questions

Phil Wolff has posted a list of questions to add to mine. I'm posting them here in their entirety so that I can edit them a little. Here they are:

  • Does IT blogging start at the top? CIO and direct reports? Any holdouts?
  • Some people have deep resistance to writing, let alone writing in public. How do you bring them in to blogging? Is it OK for them to "just read?"
  • How do you accommodate the visually impaired, both in blogging and in reading blogs? Are your blogs accessible?
  • Have you tried any more formal knowledge management systems? How do blogs stack up against these?
  • Are blogs primarily for communicating within your own organization or do your internal customers read your blogs as well? How is it changing your relationships with your stakeholders?
  • How much have you adopted project blogging as a common practice? How is it changing project statusing, problem detection, newbie socialization, and project risk?
  • Are you generating RSS feeds from your ERP, CRM, and project management systems for alerting and prompting?
  • What tools do you use? Are they officially supported by IT? Does IT support blogging for other departments?
  • Have you deployed RSS newsreaders?
  • What blog community servers have you used? For example: weblogs.com ping server (what's new), blogroll service (perhaps linked to enterprise directory service?), RSS aggregation portals, intranet Google/search, DayPop (what's hot on the intranet), geourl service (find blogs physically near me), referral logs (who's sending traffic to me), link analysis (technorati, link cosmos), email-to-blog gateway, blog-to-email gateway, SMS/MMS-to-blog gateway, machine translation. Which of these are useful tools to add to your organization's blogs?
  • How are you managing personnel transitions? Are blogs personal or are they tied to positions? When does the new person take over the old blog and when should they start a new one?
  • Does your IT organization span countries? If so, are you encouraging people to blog in their native language or in an enterprise standard language?
  • Do new hires automatically get a blog along with their badge?

Of course, there's much more here than we can cover in an hour, but just thinking about these ahead of time will help the discussion.

10:14 AM | Comments () | Recommend This | Print This

Language Design isn't Compiler Design

An article in Lambda, the Ultimate, points to a piece by Chris Brumme on memory models in CLR, Microsofts Cimmon Language Runtime. CLR is the virtual machine that C# and other Microsoft languages compile to. Chris says:

So what is a memory model?Ê It?s the abstraction that makes the reality of today?s exotic hardware comprehensible to software developers.

I can remember the days when CPUs weren't so complicated. But what with n-way semetric multi-processing, multi-level caches, and whatnot, its gotten to the point where understanding the CPU design is a job for experts. CLR, JVM, and other VMs allow those experts to create a useful abstraction that the compiler writer to target. Compiler writers, of course, are another class of expert who write translators from the semantics that the language designer specifies to the semantics of the VM.

9:03 AM | Comments () | Recommend This | Print This

May 28, 2003

Using Weblogs to Manage IT Organizations

I've been asked to moderate a panel on using weblogs in IT organizations at the upcoming Weblog Business Strategies conference in Boston (June 9-10). I've been mulling this topic over and trying to come up with questions and discussion topics for the panel members. Here's what I'm thinking so far.

I'd like each panelist to spend no more than five minutes introducing themselves and their organization. No slides necessary (or even wanted). This introduction should contain information about their experience blogging and why they blog. Here are a few questions to think about in preparation:

  • When I took up blogging, I was looking for a way to connect with the people in the State of Utah IT organization which is large and scattered. What do you hope to accomplish within your organization with your blog? What positive and negative experiences have you had?
  • Are you encouraging members of your organization to blog? How? How many bloggers are there in your organization?
  • One of the chief uses of blogs in an IT organization is narrating your work. How valuable is it for you to narrate your work. How valuable is it for you to read what others are writing?
  • One of the people who started blogging in Utah was a technical support technician in Richfield UT, about 100 mile from SLC. I read what he had to say frequently and became aware of part of the IT organization in Utah of which I'd previously had no visibility. How interested are you in reading what the "leaf nodes" in your organization say? Why?
  • I know of one fellow in Utah who made a number of his coworkers angry at him when he wrote in his blog about a mistake he and others had made. In this and other ways, blogs can be threatening to large, risk-averse organizations. How do you cope with the "risk averse" nature of most large organizations?
  • I know of one IT organization that uses a blog format for network outage notification (along with the accompanying RSS feed). What uses do you see for the blog format beyond an individual journal?
  • Blogs are loosely coupled conversations. Can you point to examples in your organization where blogs have helped drive consensus on a controversial issue or where the conversation has led to a desired outcome?
  • One of the things I've noticed is that blogging requires an abundance mentality. I've also noted that blogs encourage a culture of candor. How do you develop a culture that supports sharing? Are the cultural properties that support blogging the same ones that support building a first rate IT organization?
  • An article in Information Week said "The last thing you want are uncontrolled and ever-expanding records of individual activities." Are you afraid of this record of individual activities? Is your General Counsel or HR department?
  • Some organizations have published weblog guidelines. Do you have any? If not, why not? If so, what are they?
  • How can weblogs be used to enhance corporate memory? Do you view blogs as a source of information about the past or a record of important decisions? What's missing in current tools? Are you doing anything to categorize or inventory blog content inside your organization?
  • There are clearly a lot of people in the "I don't get it" camp with respect to blogs. How do you answer them? Is one of them your boss?
  • Do you keep work blogs behind a firewall? Is there anything to be gained when employees know that their thoughts are for the consumption of their coworkers and not the world at large? What is lost?

That's all I can think of right now. If you have other topics that you think are germane and would like to see discussed, let me know. I'll put them on my list.

4:44 PM | Comments () | Recommend This | Print This

Novell Challenges SCO

The SCO vs. Linux contest took on a soap opera-like quality today with Novell issuing a press release that challenges SCO's ownership of UNIX. In the words of Jack Messman, Novell's CEO:

[C]ontrary to SCO's assertions, SCO is not the owner of the UNIX copyrights. Not only would a quick check of U.S. Copyright Office records reveal this fact, but a review of the asset transfer agreement between Novell and SCO confirms it. To Novell's knowledge, the 1995 agreement governing SCO's purchase of UNIX from Novell does not convey to SCO the associated copyrights. We believe it unlikely that SCO can demonstrate that it has any ownership interest whatsoever in those copyrights. Apparently, you share this view, since over the last few months you have repeatedly asked Novell to transfer the copyrights to SCO, requests that Novell has rejected.

The tone of the letter (contained in the press release) has the feeling of a flame war on a newsgroup rather than a letter from one CEO to another.

1:53 PM | Comments () | Recommend This | Print This

Watches and Computers

The other day as I was driving to an appointment I glanced at the clock in my truck to see how I was doing for time. For some reason it struck me that I can remember when the only clocks in cars were wrong. I don't wear a watch usually. I've found that clocks are ubiquitous. I'm almost never somewhere where I can't find a clock. No need really to carry one on my wrist. The reason that people carry watches harks back to a time when clocks were not easy to find and yet time was becoming more and more important. They needed portable time to work in the world in which they lived. I think the analogy to computing is interesting.

While I don't carry a watch, I do almost always have a computer with me of one sort or another. And a personal communications device called a cell phone. This is largely because I can't find these things conveniently (and certainly not with access to my information) as I move about. Perhaps as computers and connectivity become ubiquitous, we'll also find ourselves leaving our laptops at home and relying on the computing devices we find where we are. That's a twist from how I've imagined the future.

9:09 AM | Comments () | Recommend This | Print This

May 27, 2003

RSS -> HTML

From Jon Udell is a nice little piece that describes a great way to create lightweight HTML from an RSS feed using XSLT. Credit for the code should go to Robert Ivanc. This kind of lightweight feed would be better for reading with a phone or PDA, for example. Less HTML overhead. What Jon fails to mention is that its not specific to his site. For example, here is the lightweight HTML for this site. Of course, I may want different colors, etc. and that's easy enough to do, but all I did to create this link was change Jon's URL to mine. What's really important here is how easy this is to do. A few years ago, this sort of thing would have required high priced content management software. Now, its all based on standards and makes a nice lunchtime project.

3:38 PM | Comments () | Recommend This | Print This

URL Design

Designing your URL's in one of the important principals in my list for enabling web services. Its a good idea in any event. This paper from Port 80 Software discusses some strategies for making URL's useful. Most are pretty good and worth implementing. I don't agree with one however. They advocate disguising the query strings in a GET. I think that is a serious mistake. While it might make a URL easier to remember, it potentially makes the application less generally useful and complicates the API description. A consequence would be that other's who wish to write programs to interface with the GET query would have to write cusomt code to interface with your application. My advice: stick with standards here.

3:28 PM | Comments () | Recommend This | Print This

May 26, 2003

DesNews Picks Up the Story

Today, the Deseret News, Utah's second state-wide daily picked up the story of my security inspection. I was wondering whether or not they would. Sometimes when one of them gets scooped by the other, they don't publish anything until there's something more to write. Of course, if there isn't anything more to write, you can make the story more sensational and justify the "different slant" to the editor that way. That was the case here.

  • The DesNews story contains several factual errors. For example, it says I was caught trying to disable to state web site, which I was not. It also claims that WebInspect is designed to "floods [web sites] with information and requests in an attempt to bring them down." This is also factually incorrect, as anyone could tell by reading the SpiDynamics web site.
  • The story references this blog again and quotes from it extensively. I'm not seeing near the referrer traffic today though (ten times less than the Trib story). Maybe because its a holiday. Maybe because of placement.
  • The story insinuates that this is somehow tied to the circumstances of my resignation. This is not true and, lacking any evidence, its easy to imply a connection and let the reader jump to their own conclusions. Long time readers of this blog have probably read enough to know that I resigned because of a conflict between private sector practices and public sector expectations. That conflict led to some severe spats with the Legislature. Legislative audits are not due process-based findings of wrong doing. Audits are a political tool.
  • The story also implies that my statements about this happening while I was testing the WebInspect software is somehow less that genuine by putting \"test\" in "quotes." Readers of this blog will know that I've been reviewing software for InfoWorld for 3 months now. This was just another of the tools I'm reviewing. The review should appear soon.

When I was in the papers a lot before, I chose to not make statements about it on my blog for several reasons. One was that I was in the Governor's office then and they were in control of the story. I had an obligation to the Governor then that I felt overrode my own desires to handle the story the way I wanted. This time, I have no such obligation and so I'm being much more public about my feelings and responses to the news. Is this a mistake? Time will tell, but I believe that being honest and straightforward about it is the only way to make the best of an embarrassing situation.

1:00 PM | Comments () | Recommend This | Print This

May 23, 2003

Press, Blogs, and Security

My apology from earlier this week has landed in the Salt Lake Tribune. The article is entitled "A Hack Attack? Oops!" which is a pretty good headline, but the article characterizes what I did as hacking "into the state Web site." This is, of course, inaccurate, but probably how most non-techies would see it. There was actually no hacking. The tool operates entirely by asking the system to retrieve URLs from the public Web site interface and then noting the response. Weaknesses and vulnerabilities were probed and cataloged. These vulnerabilities were not exploited: no data was changed on the system (other than what normally happens when a user visits the system). The system wasn't broken into. There are a few interesting things about this story related to blogging:

  • This ended up in the paper because I'm a (minor) public figure in Utah. My blog allowed me to talk to people in my own voice independent of the newspaper. That was a big plus.
  • The article quote my blog extensively. My public voice on my blog became my voice in the article. It also saved Rebecca the time of calling and making a lot of notes which, of course, are never complete. This made for more acccurate reporting.
  • The blog doesn't seem the same as a press release (which would have been discounted) because its written for a different purpose and in my own voice. The blog has a readership, press releases don't have readers.

The article says that the State Bureau of Investigation will be reviewing the incident to "see if there are any implications for state policy." I can think of a few, but they're not appropriate to post publicly.

7:39 AM | Comments () | Recommend This | Print This

May 22, 2003

Centralize and Save

The McKinsey Quarterly has an article by Brad Brown entitled Recentralizing IT (note you'll have to register to read more than the abstract). The article makes the following claims:

  • Centralized IT infrastructures cut costs and more reliable.
  • A service-based approach where business units purchase the services they need from the central infrastructure allows them to retain control.
  • The more you consolidate, the more you save.

On the last point, the report shows that consolidating IT management, data centers, and network infrastructure yield savings of 15-18% over a purely decentralized model. Throwing mainframe and mid-range servers and Internet into the consolidation yields savings of 23-24%. Adding application and database services increases the savings to as much as 30%. I can't quite tell from the graph if they include desktops in that or if they're excluding them and leaving them to the business units.

Interestingly, this "ideal model" is what Utah currently has, if somewhat imperfectly realized. IT Services functions as what Utah deems an Internal Service Fund. Under this model, ITS sets prices for their services and agencies buy those services. There are some warts: In particular, the pricing process has left rates muddy and often unrelated to the true cost of service. Many agencies ignore ITS services (sometimes with good reason) and buy somewhere else. The network infrastructure is shared between agencies and ITS.

Even so, I'm convinced that strengthening ITS, fixing the rate transparency problems, and turning ITS into the kind of organization that agency IT shops see as an asset rather than competition is the best hope for Utah to maintain its edge in IT. This is the foundation upon which eGovernment will be built.

The newly formed Utah Technology Commission will apparently be discussing this issue in their June meeting. They ought to each read this McKinsey report and other information carefully before they decide to move away from what is considered by many to be a "best practice." I may try to make the meeting.

8:42 AM | Comments () | Recommend This | Print This

May 21, 2003

Open Source as Competitive Advantage

Ideal Technology was at the Open Source in eGovernment conference that I attended in March. They've now landed a government contract for $65,000 according to GovExec.com and credited open source as a competitive advantage:

Jacobs believes his firm won the contract because of Ideal's expertise with "open source," a type of software that includes code that can be examined, modified and copied without threat of copyright infringement.

8:34 PM | Comments () | Recommend This | Print This

Product Management in eGovernment

This article in Federal Computer Week talks about how various state and federal agencies manage projects. My thoughts on product management are included at the end of the article. I feel very strongly that product management is an important discipline for eGovernment that is separate from project management. Dave Fletcher was also interviewed in the article and wrote about the Utah Product Management Council in his blog.

2:00 PM | Comments () | Recommend This | Print This

OK, I'm an Idiot: A Public Apology

Last week I did something stupid and I think its important to own up to it in public---both as a means of penence and as a way of recording mistakes so that they can be avoided in the future by myself and others.

I was testing a piece of security software called WebInspect from SpiDynamics. WebInspect tests web sites for a large number of known security vulnerabilities. The tool inventories the contents of a site and then checks against a set of known vulnerabilities in Web applications. Its a very interesting application and I'll write more about it later. I played around with WebInspect on my own machines for a bit and got to understand a little (read: not enough) about how it worked. Here's where the stupid part comes in. Wanting something bigger to test and having always had some curiousity about the security of utah.gov while I was CIO, I pointed the tool at utah.gov.

I know what you're thinking. In the stark light of day, it seems pretty stupid, but late last Thursday night it struck me as perfectly reasonable. Given the tool's behavior on my much smaller sites, I figured it would run for an hour or so and give me a nice report that I could share with the State and we'd all get something out of it. I forgot about it until the next day when I realized it was still trying to run. Trying because the folks at Utah Interactive, who run utah.gov, had blocked my IP address. I guess I'm pretty dense because even at that point, I failed to see the seriousness the situation. I figured, I'd been trapped by the intrusion detection software on the State network and I'd send a short note to own up to my mistake and we'd get the IP unblocked.

That's when things went downhill: my Internet service stopped working. I called my ISP and realized that someone was taking this much more seriously than I was. Well, to make a long story short, after thinking about it over the weekend, I called Amy at Utah Interactive yesterday and offered her my apology for being a bonehead and causing her organization trouble. From talking to her, I think some people thought it was a denial of service attack, but that's not what the tool does. After my conversation with Amy, I decided that a public apology was in order.

I had no idea that the tool would be as aggressive as it was, but I should have known better than to use it on a production site in any event. My actions were born of ignorance, not malice. Nevertheless, I caused some people quite a bit of trouble and I want to take responsiblity for that and say "I'm sorry."

8:21 AM | Comments () | Recommend This | Print This

Office Hours Today and Friday

I'll likely be 15-20 minutes late for office hours today. Friday, I will have to miss office hours all together. If you were planning on coming in, please send me an email and we'll find a way to get together.

8:11 AM | Comments () | Recommend This | Print This

May 20, 2003

Public Sectors Still Falling Short on Online Customer Service

KANA has released a study that says that the public sector still falls short in online customer support. The study made use of actual visits to various state Web sites will email queries about renewing driver's licenses and recycling. Here's what they say:

The study of state government Web sites showed that the public sector remains dependent on telephone and in-person customer service, despite the significant costs of this form of customer support. More than two weeks after being queried with questions concerning contacting state representatives, renewing driver?s licenses and recycling, 20 percent of the states have yet to respond. Further, many states that did respond within two weeks simply pushed citizens to costly phone calls, rather than online FAQ?s and Web-based knowledge repositories which could have provided responses at a low cost. One third of the states surveyed did not support any online FAQ?s, resulting in frustrating and time-consuming searches.

Those in charge of state Web sites need to make a conscious effort to increase customer service, not just put up a collection of out of date information. One of the things that is not too costly is simply creating a list of FAQs. To do this effectively , however, you need to have some central location that collects the questions and answers so that you can tell which are the most frequently asked. If every agency puts up one or a dozen email addresses you'll never know what's being asked. This goes back to that enterprise thing again. Just one more reason why eGovernmnent drives cross agency operations.

As an aside, I'm sure that KANA things that they're being clever with their little pop-up windows for displaying press releases, but they're really making it difficult for other's to reference there information. For a whole rant on a related topic, Doc has been writing some very good stuff.

9:40 AM | Comments () | Recommend This | Print This

.NET is IT Asbestos

Craig Conway, CEO of PeopleSoft describes .NET as "IT Asbestos." I'll have to remember not to shred the documentation.

9:25 AM | Comments () | Recommend This | Print This

Perens on SCO vs. Linux

Bruce Perens writes in news.com about Microsoft's entry into the fray by licensing SCO code. I wrote about this a little yesterday. I got the reference to the article from Jeremy Zawodny's blog. I think Perens does a pretty good job of laying out the story from the Open Source perspective---especially the FUD factor. There's some real irony in Microsoft "coming to SCO's aid" and its more than just Microsoft licensing Unix code.

The irony is that SCO is the former Caldera. Caldera is the entity that inherited all of the Novell vs. Microsoft lawsuits from Novell with Noorda's aid and blessing. In fact, that's how they got ahold of SCO. Caldera has made a tidy sum over the years by suing Microsoft. That makes me more than just a little skeptical of Microsoft's motives in licensing code from SCO. This is a little company that has made a living out of suing other companies over IP. SCO vs. Linux is just the latest chapter in an ongoing saga.

8:56 AM | Comments () | Recommend This | Print This

May 19, 2003

CNet News on SCO vs. Linux

I got a quote in this CNET News article on Microsoft licensing SCO code. I think this really muddies the waters for CIOs. Just when Linux (and open source in general) was starting to get some traction among CIOs, this makes them wonder if they're going to be liable for unknown licensing fees. Nothing like the unknown to scare CIOs off. As I said in the article, I don't think it would deter me, but I was an open source user before I was a CIO, not the other way around.

5:40 PM | Comments () | Recommend This | Print This

Declarative AWK

Zia responded to my my article on XSLT and declarative programming languages by pointing out that AWK has some declarative features. This is true. An AWK program is structured as a preamble, followed by a collection of rules, followed by a postamble. The rules use a regular expressions for the pattern and an imperative chunk of code for the action. Functions can be defined separately. AWK executes the preamble and then begins processing the lines of text in a file in turn. If a regexp matches, the imperative chunk of code is executed on the line of text that matched. Yet I suspect that for most programmers if didn't feel declarative. Because AWK works on lines of text, it easy for most programmers to envision an implicit foreach-loop surrounding the rules and each rule as a case in a big case statement. Even so, I'd bet most AWK programs were written with a single rule.

Correction: Sean Nolan wrote to tell me the "were" in the last sentence should be "are." I stand corrected. AWK is by no means dead.

4:21 PM | Comments () | Recommend This | Print This

WASP Gives Web Services Development Some Sting

Although most of the Web services examples in tutorials and books are green-field developments -- that is, started from scratch with little or no concern for legacy systems -- that is not a likely scenario in most enterprises. When large organizations contemplate Web services, they are seeking more efficient interactions with customers or trading partners with whom they already have relationships.

Such relationships are often already cemented into place with some collection of IT resources. As a consequence, real-world Web service deployments can get messy and require a serious development effort. Getting the job done requires development tools, a cluster of run-time servers, and management tools to configure and operate the services once they're deployed. WASP Server and WASP Developer from Systinet do a nice job of providing these professional-grade tools for creating and deploying Web services in both Java and C++. [Full story at InfoWorld...]

I ran WASP inside Eclipse on my Powerbook and it functioned well, but was pretty memory intensive. I've 1G of memory and there was still some sluggishness. As I said in the article the Java based server ran under Java 1.4 on OS X with only a few script changes to account for Apple's non-standard directory structure. This is one complaint I've had with OS X, the special Apple directory names can be a pain for scripts. I use the find command a lot to find where Apple has hidden things.

I spent a fair amount of time going through the tutorials that are available on the Systinet site. WASP Server and WASP Developer are both complex tools with lots of options and features. Consequently, good documentation and tutorials are absolutely necessary for most people to get up to speed using the tools. There are a number of packaged tutorials and a nice collection of sample code on the site. While I appreciated all the documentation, I had a few issues in navigating and making use of it:

  • Systinet has multiple products and they can seem quite similar. We had some trouble separating out which tutorials went with which product.
  • The tutorials are all packaged with Ant build scripts. This makes it nice for running the examples, but to really understand the tutorial and learn how the tools work, you need to dig into the Ant scripts and dissect them. More comments in the build scripts and even alternate, by-hand build instructions would help out.
  • On the other hand, some of the sample code, although quite complex, didn?t have build scripts at all and so was difficult to use. This made experimenting with the sample code a high overhead effort.

In spite of these issues, the documentation and tutorials are comprehensive and serve as a good resource for getting started. There's a RSS aggregator demo on the site that I'd still like to get working at some point, but the lack of a build script made that a time consuming proposition.

As an aside, I was really trying to keep the "sting" pun out of any title on this article, but I guess it was just too tempting.

9:54 AM | Comments () | Recommend This | Print This

May 16, 2003

Due Date Changes

If you weren't in lecture today, you'll want to know about a few changes to the due dates for homework and the project:

  • All homework for the rest of the semester will be due 24 hours after the time in the syllabus (i.e. midnight of the next day). This will allow you some time to think about what we talk about in class and to work with the TA in office hours.
  • Part I of the project is due Tuesday, not Monday. Part II is due on Friday, not Wednesday. This doesn't affect the due dates of anything else.

3:28 PM | Comments () | Recommend This | Print This

XSLT and Programming Rules

Jon Udell's latest column for Infoworld talks about rules engines. I've long thought that we underuse rules in solving programming problems. Later in the article, Jon makes the connection to XSLT. I was mentioning this very thing to my CS330 class just this week: XSLT is probably the first declarative programming language to go mainstream. Prolog and others were fun, but never caught on in the commercial environment. XSLT is a different matter.

Programming in XSLT is so different from traditional programming, that many people don't even think of it as programming. They know its similar, but can't quite get their minds around the idea of a programming language with implicit sequencing. In most popular programming language sequencing is explicit: you put in control statements to change the control flow and in their absence statement execution happens in order. In a declarative programming language, the sequencing is implicit and the order of rules in the program text is (usually) immaterial.

This makes XSLT a challenge for most of us. Switching programming paradigms isn't an easy task. I watch students struggle to fall out of their imperative programming habits and start thinking of problems functionally. One of the things you have to do is learn new patterns. Even more important, and more difficult because it can't learned from a book is creating a new mental model of evaluation. We all develop evaluation models in our heads for any programming language we learn and use these models when we program. As a result, becoming proficient in XSLT will only come about with substantial practice for most of us.

1:57 PM | Comments () | Recommend This | Print This

FOAF and Trust Relationships

Sam Ruby is talking about how to use FOAF to have one web site vouch for another web site in response to a request from Dave on keeping changes.xml pure (a SPAM issue, I believe). Sam describes a great use for FOAF as a system for inferring trust relationships. Of course, FOAF could also be extended to record those trust relationships explicitly for other purposes.

1:24 PM | Comments () | Recommend This | Print This

Organizing Data: Notetaker

In response to my Whence Real Integration article, Dan Goldman sent me a link to a product called Notetaker from Aquaminds. I downloaded it and played with it for a while. Notetaker seems like a good tool for keeping track of notes (more on that in a minute), but it doesn't really do what I was talking about, at least not that I could easily figure out. I can type an appointment in a notebook and store vCard info, but I want single entry. When I create an appointment, I want to have it in my calendar and be able to associate it with another store of information. Change it either place, its changed in both places. Same with email. I don't think the problem is with Notetaker, so much as the fact that appointments and email messages don't have URLs. Until those things are addressable in a common namespace, you can't gather easily accomplish what I want.

Notetaker creates and organizes files called "notebooks." A notebook organizes and displays information as outlines on a page. These outlines can contain URLs, vCard data, plain text, pictures, and other media files. The notebooks are indexed for searching. The application can create multiple notebooks so you can have a different one for different projects, areas of your life, whatever.

I usually keep notes in Emacs or Word. They're not necessarily designed for that but they mostly do the trick. Something like Notetaker might be a good tool. I have one reservation: yet another proprietary file format that I'm giving a part of my life over to. I've resigned myself to having things in Word, but I'm not sure I want another. As far as I can tell, it doesn't support OPML. That would add some interest and turn the tables. Now I'd have a tool that produced a format I can use for other things.

10:52 AM | Comments () | Recommend This | Print This

May 15, 2003

eGovernment Like its 1994

Dave Fletcher also reports that the Utah State Legislature has made district profiles available online. Bless their hearts, they try to get this eGovernment stuff, but they're just not with it enough to do a good job and their too proud to ask for help. So they end up with a site with some great information on it that almost entirely unusable. Why in the world wouldn't you make it easy, inside this application, for someone to identify their legislative district. This also seems like the kind of information that ought to be in HTML, not PDF. I fear that this is one of the huge challenges of eGovernment that is largely ignored: there's not one reason for them to try to build a usable site. They'll never get a product manager or do a focus group. Even reading a book is perhaps too much to ask. As long as they can say in a news blurb "we're doing eGovernment," no one will notice that its ill conceived and poorly designed. You'll notice that they can't even use the utah.gov domain name since that's too closely aligned with the executive branch.

5:17 PM | Comments () | Recommend This | Print This

A Simple Tool for Better eGovernment

Dave Fletcher reports that Ferret, a publication of the Utah State Library, is now available as a weblog. Ferret publishes links and editorial about web sites that may be of interest to Utah State agencies. They're too modest. These web sites are probably of interest to anyone with an interest in government. Two things of note:

  1. As Dave points out, now that its a blog, it will probably be more current.
  2. More importantly, now that its a blog, there's an RSS feed. (check on the right hand column for the link).

I've subscribed to the RSS and look forward to having it show up on my desktop regularly. I'm not sure why its not hosted on a utah.gov domain.

4:59 PM | Comments () | Recommend This | Print This

Language Doesn't Matter: Its All About Design

Grady Booch has been around the programming language scene for a long time (I read some of his papers in grad school). He's now Chief Scientist at Rational Software. Grady was interviewed in February issue of .NET Magazine. There's a number of little gems in the article, but one jumped out at me because I've been contemplating it a lot lately. On page 2, Grady says:

I used to be a language bigot; I thought ADA was the way the world was intended to program. But we're talking a couple of decades ago. It predated even VB I think. Alan Cooper had done his thing around that time. And at the time I really thought that the choice of language was one of the most important decisions you could make on the development team. But then I encountered this wonderful language called Smalltalk, and C with classes which because C++, and then all the scripting languages and eventually Java. As I go around the world working with lots of projects, the choice of language is important because it brings to the table lots of specific skills, lots of specific tools, lots of specific patterns and idioms for use. And there certain things I can do better in some languages than others.
A little later he says:
In the presence of Web services the choice of languages becomes even less important. Because you're going to use little snippets of scripts and lots of different languages on the Web user interface side, such as VB, maybe Java, lots of things. Again, it's raising the level of abstraction. Languages now help us glue those little pieces together and therefore fit in the interstitial spaces of our systems.

This is a fact. I've been playing with a lot of tools for building and serving up Web services and they all make use of a variety of languages to get even simple tasks done. The programmer is forced to map designs not into one concrete syntax, but several---all at once. At times, this cacophony of languages stands in the way of rational thought about the problem. To make matters worse, many of them are not even particularly well designed. As I've said before, most XML-based languages are syntactic arsenic. And if that weren't bad enough, a lot of the programming required to make Web services work isn't even programming with a language, its managing multiple configuration files.

The problem with all of this is fairly straightforward to understand: the nature of programming is building correct dynamic system behavior using static texts (i.e. programs). To do this, programmers have to build mental models of how execution will happen and envision that execution as they program. Mostly, they do this implicitly and, for most, its hard enough to do in one, well thought out language, let alone 5 or 6 bad ones. One last quote from Grady underlines this:

...we're working in a domain where applications are intrinsically concurrent and distributed, and must be secure. That is not a simple domain in and of itself. Not to be disrespectful of the average code warrior, but building distributed concurrent secure apps isn't a core competency of such people. They may make some good local decisions for those three issues; however, building a Web-based system that is extensible, scalable, and secure requires good global policies as well.

In such an environment, the role of the architect becomes even more important. Architects are supposed to be looking out for these global policies and designing the system so that the average code-warrior can make good local decisions producing a global end result that is functional and performs well. Even so, I think we could do a better job of creating languages to help manage these abstractions. Seems that no one even tries anymore. Just slap an XML syntax on a simple workflow semantics and claim you're cutting edge because you've sprinkled angle bracket pixie dust on your incomplete scripting language.

8:56 AM | Comments () | Recommend This | Print This

May 14, 2003

FOAF: Friend of a Friend

While I was at the O'Reilly ET Conference, Jo Walsh mentioned FOAF, or Friend of a Friend, in her talk. FOAF is a project of the RDFWeb initiative. According to their website: "RDFWeb is an experimental linked information system, exploring some interconnected applications of the Semantic Web." I was curious and so, I spent some time looking at it. Here's what I found:

  • FOAF proper is specifically an RDF format for describing people and the links between then. So for example, you can specify your name, email address, physical location, etc. and people you know or meet by linking to their FOAF file.
  • The introduction to FOAF talks about why you might want to do this. Theoretically, if we all had FOAF files, then we could ask questions like "show me the web pages and email addresses of the people I met at ETCon" even though all I have is their FOAF link.
  • Edd Dumbill wrote a good article on it on IBM Developer Works. The article explains the format and the possible usages.
  • One of the offshoots of FOAF that seems to be generating some excitement (at least among the FOAF crowd is codepiction, a technique for using meta-data to catalog photographs that show two or more people together. The meta-data is then used to discover connectedness between people based on codepiction.
  • There is a tool called FOAF-a-matic for creating a FOAF file from a web form. It will get you started, but isn't intended for maintaining FOAF files.
  • There are some tools for viewing someone's FOAF file and then exploring the community of people that they know. Here is what it says about my FOAF file. I added Sam Ruby and Mark Pilgrim to my "knows" list to make it interesting.

So, what do I think of all this? On one hand, I think its a neat idea that would be fun to play around with. On the other hand, I have some sympathy for Dave's argument that the semantic web requires people to change how they write for the Web to be effective. This is much the same. There is one crucial difference: since its like VCARD on steroids, I could theoretically manage my FOAF connections as part of my address book and use an address book like tool to explore FOAF connections. There's some critical mass that seems to be missing. Right now, you can create a FOAF file, but you can do much with it. Maybe a FOAF module for Chandler as its basic contact manager would do the trick.

4:43 PM | Comments () | Recommend This | Print This

Computer Language Family Tree

This site has a chart that originally appeared in Wired magazine that attempts to show the linage of a number of computer languages. Its interesting to look at the "dead" languages and to see that the new language development (last two years) is mostly happening in the OO field. Of course, this chart isn't comprehensive.

8:05 AM | Comments () | Recommend This | Print This

May 13, 2003

Fibernet Smart Building

I had an opportunity to spend an hour with Lane Livingston, CEO of Fibernet, a local ISP. Fibernet has been around for a long time---they were one of the first ISPs in Utah County. I remember when we were both co-located in the Electric Lightwave machine closet in the Triade Center in Salt Lake City in 1995. I've known Lane for almost that long. Fibernet is almost finished with a smart building that includes raised floors throughout the office area, on-site co-location and hosting, conditioned power with back-up, great connectivity to a variety of providers, and IP telephony. This is the first building of this kind in Utah County and maybe the first in the State to combine all these features. The bulding also has a fantastic line-of-sight for delivering wireless Internet almost anywhere in the valley. I spoke on behalf of the Governor at the ground breaking ceremony for this building last year. I'm glad to see Lane and company doing well.

6:23 PM | Comments () | Recommend This | Print This

Lecture 6 Discussion on Wiki

There was some extensive discussion on curried functions on the WiKi. Here's a question for you: Can you write a function called curry that takes any two argument function and returns a function which is that function curried? Can you write uncurry for a two argument curried function? Would this work for variable arity functions?

3:21 PM | Comments () | Recommend This | Print This

May 12, 2003

Equivalence Prediates in Scheme

Lecture 11 contains code which uses the equivalence predicate eqv?. For a discussion of eq?, eqv?, equal? see Section 6.1 of R5RS.

1:16 PM | Comments () | Recommend This | Print This

Midterm 1 Coverage

For midterm 1, you will be responsible for the material up through Lecture 12 and Homework 12. Note that you will not have programmed using abstract syntax by Homework 12, but I will expect you to understand the concepts. You may find Homeworks 13 and 14 helpful as study aids.

The exam will be in the testing center this Thursday and Friday. There is no time limit. You have two days to take the exam. There will be no late exams given. Ensure that you are familiar with the hours of operation, policies, and so on of the testing center. Ignorance will not engender sympathy.

11:39 AM | Comments () | Recommend This | Print This

Are Public CIOs Headed for Extinction?

Government Technology has launched a new magazine called "Public CIO." There's an article in the first issue called On the Verge of Extinction? that asks if enterprise-level CIOs in the public sector will ever catch on. The article quotes me quite extensively. I was interviewed for the article in March and I was feeling pretty strongly about these issues back then---and it shows. I don't necessarily agree that enterprise-wide CIOs are headed for extinction. I think there are some important reasons why enterprise-wide coordination and even consolidation are vital to a proper functioning government in the 21st century. Foremost among them are my views on eGovernment maturity models. Still, as Jerry Mechling from Harvard says at the end of the article:

...when it comes to reforming or changing government itself through technology, the attention of the political culture is more difficult to hold. "One of the problems with e-government is that it's government reform," Mechling said. "For many people, they roll their eyes; they say, 'Government is too complex. It's been with us since Adam, and it won't change.' There's no real politics in that kind of reform. There's no punishment of those who don't do well, and there's no reward for those that do well."

And yet you still get stories like this one from the same magazine where a Governor and his CIO from the private sector set off on a quest to reform IT. In July of 2001, just a few months after I started with Governor Leavitt and had come to an understanding of the magnitude of the challenge, I was sitting on the front porch with my wife and I told her "In a year, we'll have either turned the corner toward real change or I'll be looking for another job." I was almost right. It actually took 18 months for me to decide it was time to move on. I still believe that the service levels and economies that can be achieved through enterprise IT in state government are so compelling that they will eventually happen. A lot more CIOs will have to fall on their sword before it happens however. Those who aren't willing to make that sacrifice will likely have little impact and serve only to delay the benefits to the citizen. Which is essentially just what Jerry's saying in the quote above.

10:05 AM | Comments () | Recommend This | Print This

May 9, 2003

Dynamic Typing

In my CS330 class today, we were discussing dynamic typing and the define-datatype declaration. Most of the students have never worked in a dynamically typed language like Scheme before, so there's plenty of opportunity for this topic to come up. What they're discovering is that as a programmer you have to worry about typing no matter what. A strongly typed language merely creates an environment so that the type-checker can automatically check the type constraints for you at the cost of restricting some genuinely useful things you might want to do. I told them that the debate about dynamically and strongly typed languages had been going on for years and would continue on for years. When I got back to my office, I found a well thought out piece by Tim Bray on that very topic in my news and a comment by Sean McGrath that adds some good information regarding typing and XML.

Tim references the Paul Graham piece that I wrote about earlier and then points to Strong Typing vs. Strong Testing from Bruce Eckel, and Are Dynamic Languages Going to Replace Static Languages? by Robert C. Martin. Both of these have some excellent material in them and the Tim goes on to add his own comments. Nice reading for anyone interested in the future of programming languages.

One of my favorite things about the Concepts of Programming Languages class I'm teaching is that it is an excellent vehicle for expanding the scope of what CS students think is "right" or "good" or "the way you do things." Before they take this class most of them have never programmed in anything but a compiled, statically-typed programming language with roots in the imperative programming paradigm. If all we wanted was to create programmers to write code for corporations, then they wouldn't need to learn anything else. Fortunately, we're trying to teach them to be computer scientists, not programmers. This is the age-old problem of academics. If you try to follow what "industry" wants in graduates, you throw out some of the things that will give them flexibility and the tools for life-long learning. How many graduates of an industry driven CS program could understand the articles I reference above and make informed conclusions from them? Not many, I'm afraid.

The problem is greatly exacerbated in Computer Science because the IT industry is a $2 trillion per year locomotive that doesn't often wait for academics to think things through. It uses a lot of capital and survival of the fittest to foster innovative thinking and the next new thing. The IT industry demands graduates that can go to work when they graduate. This presents a difficult choice for academics. However, I think that it makes the student's choice crystal clear: become a computer scientist, not just a programmer, because if the IT locomotive does decide next year that some new thing is better, you'd better be as adaptable or you'll get left in the dust.

4:42 PM | Comments () | Recommend This | Print This

May 8, 2003

Recursion Patterns

We talked about recursion in Concepts of Programming Languages and I mentioned that Lecture 8 should more properly be entitled "Recursion Design Patterns." I think it would be interesting to write them up using the GoF templates. For reference, here are the patterns we discussed:

  • Simple recursion following the BNF
  • Mutual recursion following the BNF
  • Recursion using auxiliary variables
  • Recursion using an accumulator variable
  • Recursion over two variables following the BNF
  • Tail recursion (covered later)

These patterns provide a suite of tools for solving recursive problems. Remember to define constructors, selectors, and predicate functions to abstract any data type that isn't a straight list. This will make your programs cleaner and also keep you from making dumb mistakes. One other hint that I'm not sure I mentioned enough is to always pay attention to your return type and check your conditional arms to ensure they're all creating the right data type. This will help guide the recursion as well.

You should ensure that you've mastered each of these patterns and can identify when each should be applied. This will definitely be on the midterm.

6:32 PM | Comments () | Recommend This | Print This

RSS and eGovernment

Brian Sweeting runs the Spanish Fork City web portal. He announced today that RSS feeds are available for city news and upcoming events. This is a great application of XML to eGovernment. I don't know of another government using RSS in this way, but its surprising that they all aren't since its so easy to do. Brian used an RSS generator from Stargeek. If you want the whole calendar, I recommend PHPiCalendar since it does the calendar and the RSS feed all in one.

6:06 PM | Comments () | Recommend This | Print This

May 7, 2003

UEN Tech Summit: Weblogs are Loosely Coupled Conversations

As a consequence of being stuck in Atlanta I missed my session at the UEN Technical Summit this morning. I was supposed to modertate a panel on using Weblogs. I was very disappointed to have missed it. I haven't heard how it went. When I realized last night (at 10pm) that I wasn't going to make it, I sent a note off to Barry Bryson and gave him a message to read on my behalf. Here's what I hope was said:

People often ask me how a weblog differs from a normal web page. The answer, in short, is that it really isn't all that different. Weblogs are written in HTML and served using the HTTP protocol, just like web pages. There's nothing special about the servers that make them available on the web. Frankly there's not even anything special about the software that creates weblogs. You can use a text editor if you like, although that would be inconvenient.

What really sets weblogs apart is the way that they are connected to each other. Viewing weblogs as part of a two-way conversation takes some effort. In an email conversation, a chat, a mailing list, or a newsgroup, there is a threaded discussion happening. You see the conversation happening sequentially like you were watching a dialogue between two people. Not so with weblogs.

But conversations do happen in weblogs. While the conversation make include an occasional back-reference to something someone else said on the topic, there is not explicit threading of the conversation. I heard Greg Bear, the author of Darwin's Children and a number of other science fiction books say once that Sci-Fi authors are having a conversation in slow motion. One author writes something and then gets response in the book of another author and in this way a conversation develops. Weblog conversations are like that except for two interesting points:

  1. The cycle times are much shorter because weblogs are easier to publish.
  2. The technology allows you to discover who's responding more easily than in print.

So how does the person writing weblog A know that weblog B has said something about what A wrote? By watching the traffic on their weblog, in particular by paying attention to something called "referrers." Referrers are the back links that are automatically stored in the web servers logs whenever someone retrieves a page on the server. By doing a simple traffic analysis, the owner of a weblog can see that there's a jump in traffic from a particular website. Following the link back, A can determine what B said and then, if they like, respond to it on their weblog. B will see the jump in traffic from A in their referrer logs and do likewise. Tools like technorati.com help make this task easier by showing all the links to a particular site in context.

Now, this may seem like an especially backhanded way to carry on a conversation. If you were setting out to design a communication system, you'd never design it like this. Even so, it is surprisingly effective. Conversations, important ones, happen on weblogs all the time. People feel remarkably empowered by their ability to control the editorial policy and speak in their own voice. This is an excellent example of a keyword I think describes an exciting trend in computing: decentralization.

Another term that has been used in conjunction with decentralization is "loosely coupled." What sets weblogs apart from other ways of having a conversation is this loose coupling. Other conversational forms are tightly coupled by the explicit threading that is part and parcel of their very design. As we've discovered, weblogs lack this explicit threading. This makes them better for some things, and not as good at others. Weblogs would be a poor tool for quickly reaching a consensus on a meeting time for a large group, for example, unless someone in the group has dictatorial powers. They're a great way, on the other hand, to share institutional knowledge.

Weblogs are a effective method for members of an organization to narrate their work, keep track of things they think are important, annotate links to important information, informally describe project plans, and understand what others in their group are working on. I think weblogs could be particularly effective in education as a way for teachers to share primary sources of information with their students, model good writing, and provide deeper commentary on issues being studied. Likewise, weblogs in student hands provide students with a place to practice their writing skills, try on new ideas for size before committing to them, and get a sense of what their peers are thinking on an issue.

For some people, starting a weblog seems natural and for others it takes some getting used to. In the first place, weblogs are about writing. If you don't like to write, a weblog can seem like drudgery, but its an excellent place to hone your writing skills. Writing workshops encourage people to write for 30-45 minutes per day to improve their writing. A weblog is an excellent place to do that.

I often tell people that starting a weblog feels like you're having a conversation with yourself for the first few weeks or months. Eventually, however, you start to see the feedback on other weblogs, get email from folks who read, and even the occasional in-person conversation.

The loosely coupled nature of weblogs makes them a unique conversational space, but one with real rewards. Knowing that you have an outlet can be personally enriching. Producing content that even a small audience finds useful can be deeply satisfying and provide surprising reach for your ideas. Add your voice to the thousands out there and find your audience. Its out there waiting for you to start.

6:36 PM | Comments () | Recommend This | Print This

FCW CIO Summit Wrap-up

I got trapped in Atlanta last night due to thunderstorms and spent today getting home. Overall, the FCW CIO Summit was a fine conference and one I'd recommend highly to state and local CIO's who are looking to connect to their Federal counterparts. The Feds were well represented and there were some high-level executive present as well as some other who are influential in their circles. I always enjoyed attending NASCIO and I think its right that the state CIOs have a conference where they can compare notes, but I think there also needs to be a place to cut across levels of government and this conference seems to be a place where that could happen.

6:16 PM | Comments () | Recommend This | Print This

May 6, 2003

Web Services

I gave my talk this afternoon on Web services. My slides are available online. This was a nice group to give this talk to: a bunch of Federal CIOs with a few people from state and local government thrown in. I shared the podium with Martin Smith, who is the Web Services Program manager at the Dept. of Homeland Security. I spoke first and that was good because mine was the more general, this is what Web services is all about talk and then Martin spoke about some specifics regarding DHS.

2:11 PM | Comments () | Recommend This | Print This

Homeland Security is Local, Local, Local

Hap Cluff is the CIO for the City of Norfolk. Norfolk has established a local disaster preparedness and emergency response plan. Their model for collaboration has gotten some publicity. Hap's primary point: local government and local CIOs are on the front lines in Homeland Security. The problem is bridging data silos, not only inside local government, but with other government agencies at the county, state, and federal level, as well as volunteer organizations like the Red Cross and Salvation Army. Unless you bridge these silos, first responders won't have the resources that they need to do their job.

First responders, data, volunteers, victims, care facilities and infrastructure are all local. The challenge is to develop interconnected and complementary systems. The problem is that all of the data that needs to be shared cannot be shared with the right person at the right time and in the right format.

To be viable, the system needs to be cost-justified on the basis of day-to-day local operations. Further, the infrastructure should be able to handle peaks in demand when a crisis hits. For example, when a crisis hits, how long does it take to create web resources for data dissemination and are those resources up to the task? Do IT workers have the training and knowledge to do it, but more importantly have they drilled with first responders and practiced doing what they will need to do in an actual emergency?

Gartner says that data degrades at the rate of 2% per month. The data needs to be easy to maintain. A process needs to be in place for continually improving the data and maintaining it. The process must instill confidence that the data is up-to-date and correct or it will not be used.

Norfolk is deploying a Ricochet system for mobile data connectivity. They are also using a Utah-based solution for interactive HDTV; USD TV. Norfolk views their citizens as a critical component in homeland security and want them all connected. They want to roll these out to every household. This provides a convenient method for notifying people of emergency information, Amber alerts, and so on as well. You can click-out to related Web information right on the TV.

9:44 AM | Comments () | Recommend This | Print This

Information Dragnets

This morning's opening session is a panel on the DC sniper case. The moderator is Alisoun Moore, the CIO of Montgomery County, MD. The panelists are Michael Bouchard, SAIC of the Baltimore Field Division of ATF, Thomas Didone, Capt. Montgomery County Police, and Judy Wood, CIO for Maryland's Dept. of Public Safety and Corrections. The level of collaboration that happened in this case would have been unthinkable before 9/11. Collaboration is now seen as necessary. The theme that keep coming up over and over is "whatever it takes" to solve this case.

Technology included call centers, GIS, databases, queries of other data sources, setting up over 200 PCs with high speed network links for the task force (in 24 hours), connecting people to a brand-new 800 MHz radio network (the interoperable public safety band). Importantly, these tools were ready to be deployed. There's no time to prepare once the crisis has started. What's more, you need space to deploy them in. This is something governments have to be very disciplined about since its all too easy, for politicians especially, to put off spending to prepare for a crisis that might it come.

Tom Didone makes the point that cooperation was enhanced by a joint operations center. A JOC shifts focus from territory to operations and roles. This was true at the Olympics as well. The Olympic Public Safety Command ran a huge JOC with seats and well-defined roles for everyone.

The task force collected a lot of data on credit card and cell phone usage, all honorable discharges from the military with certain training, all .223 round purchases in Maryland, all hunting license holders, all male drivers in certain age ranges, etc. This data was put into an application called CaseExplorer that served as both a data warehouse and an analysis tool. This data, combined with tips, produced over 700 leads a day that had to be investigated by officers on the street.

Judy Wood says that her organization is not part of Maryland's Homeland Security task force. When people think of first responders, they don't think of the data and IT resources that these first responders use to get the job done. This isn't surprising. In Utah we had to constantly fight to get the cops to think about the technology aspects of Homeland Security. They think of it from an intelligence standpoint, but don't foresee the use in the crisis. This is a challenge for IT providers in government because when the crisis hits, they will be called on and they may not be ready.

6:44 AM | Comments () | Recommend This | Print This

May 5, 2003

50 States of the CIO

I was interviewed for an article in Washingtonpost.com last week. The article appeared today and is entitled 50 States of the CIO. The gist of the article is that state CIOs face tight budgets, barriers within Government to accomplishing their mission, and a steep learning curve. I think the last one is often overlooked. I've written my Public Service Tips tongue in cheek, but these are real lessons that anyone coming to the public sector from the private sector will have to learn. Often you learn them too late.

1:06 PM | Comments () | Recommend This | Print This

Public Network Vulnerabilities

Sean Gorman is with the School of Public Policy at George Mason University. He's speaking of vulnerabilities in the physical layer of networks used by the Federal government. They map logical networks onto physical networks and then perform statistical analyses of which cuts where do the most damage. The results are interesting for anyone planning on using the Internet for public safety and homeland security related efforts. Technological and market forces have reduced the number of redundant paths available on the Internet rather than increased them. This is yet one more reason for local and state governments to promote regional and local peering.

Another topic he mentions is targeted strategies for protecting networks from virus and trojan horse attacks. Their research shows that in a network of 12,000 nodes, you can get effective containment by protecting only the 2.5% most well-connected nodes (largest address books, most email processed, etc.). This is interesting from a cost-effectiveness standpoint. If you can identify these nodes, you could buy about 3% of the virus protection tools you buy now. That's a significant savings for a large organization. Of course, most users are more interested in their files being protected than they are in just containing the attack. More interesting, perhaps is the fact that the failure of your protection mechanism on certain nodes can be intensely damaging to containment efforts. That's where IT management ought to be putting administration effort.

12:01 PM | Comments () | Recommend This | Print This

SBU: Sensitive But Unclassified

The next panel is on "Sensitive but Unclassified (SBU): Agency Network Partnerships" by Miles Matthews (DoJ) and Leonard Starling (DISA). The Global Justice Information Sharing Initiative has buy-in from eight Cabinet members and brings together four separate non-classified information systems using by law enforcement agencies at the Federal, state, and local level. The technology is simple: VPNs and closed networks. The goal is to have single sign-on and a common encryption system. The applications are similarly simple: email, chat, mailing lists, newsgroups (NNTP), and websites. Governance is through a set of cross-certification agreements.

The system connects LEO, RISS.NET, OSIS, and OpenNet along with two other smaller, non-IP networks. LEO (Law Enforcement Online) is the FBI system. RISS.NET is a local and state system. OSIS is the Open Source Information System, an intelligence community VPN. I think "open source" in this context refers to access to unclassified information. OpenNet is a State Department system for SBU information. One of the neat features is a 50 million record database of visa application data. The only requirement for connectivity is Internet connectivity and access to the VPN. The network allows anyone on the network to create newsgroups for specific topics. The groups might be long-lived or event-centered.

In the integrated system. Filing a query to RISS.NET, for example, will return pointers to other resources on all four systems that are relevant. Single sign-on allows the user to use resources on all four system to gather intelligence, communicate with other interested parties, and create special interest groups about an investigation.

This is a great example of how single sign-on can facilitate cooperative data exchange and increase an individual's reach. The primary means of integration in this system was to integrate the user databases for the four system so that the users are linked in email, chat, mailing lists, and newsgroups. The other component was a means of telling users about resources available to them on other systems. This isn't done with a general purpose web page, but in a personalized way as the result set for specific queries.

7:49 AM | Comments () | Recommend This | Print This

Enterprise Architecture

The opening panel this morning is "Getting Buy-In for Enterprise Architecture." The moderator is Melissa Chapman (CIO, HHS). The panelists are Steve Perkins (SVP, Oracle), Felix Rausch (FEAC Institute), Carla von Bernewitz (Dir. of Enterprise Integration Office, US Army), and Barry West (CIO National Wwather Service).

Enterprise architecture is, at its heart about sharing resources, data, etc. Barry says that the first thing to come out of enterprise architecture at NWS is a comprehensive inventory of their IT assets. This has allowed NWS to make better business decisions and not just about IT. Many agencies have concentrated on integrating business systems over the integration of mission or program systems. I think that's because the former is much harder to get done. If you plan right, program system will integrate as they are replaced, but business systems are in a constant state of being replaced, a little at a time. If you don't have a program to integrate business systems, it can't happen through incremental purchasing.

IT Managers seeking to create an enterprise architecture can't succeed unless they have on-going, regular executive involvement. One sign that this is happening is organizational change. If the organization isn't changing then your enterprise architecture isn't taking hold. This creates a challenge for many organizations who are afraid of organizational change. People should be moved into new roles, old roles should be deleted. This implies that training is an important component of and enterprise architecture.

Data standardization, as part of the enterprise architecture, hasn't gotten much traction. Felix says that no one's going to get money to do data architectures so it has to be dressed up in programs. Steve says you have to start with the data (he's from Oracle, what do you expect?). Melissa says the problem is too many data standards. That exactly the point, I think. Data architecture isn't just about creating standards. Data architecture is about data modeling.

Steve Carlton (CIO, GSA) says that enterprise architecture is perceived by the business side as just another planning tool in an environment where there are many planning methods. Carla says that it needs to be integrated into the business side, not just the planning, but the programming and budgeting side as well. If it happens bottom-up, you'll get what you always got. Enterprise architecture needs to be driven top-down. Felix says "if the CIO isn't in bed with the CFO, you're not accomplishing." Taking that further, the entire executive team needs to be aligned. Barry says that NWS took the enterprise architecture process out of the CIO's office and put it in their institutional planning office.

Steve uses GE as an example of driving integration by using a process to choose which system should be shared and standardized and which operational system need to be unique. Of course this can backfire. We had a long series of meetings in Utah in 2001 to try to reach some understanding about this. In the end, the only system people could agree should be consolidated was email and even that failed to happen because in the end people were unwilling to give up even that little bit of control.

6:45 AM | Comments () | Recommend This | Print This

Federal CIO Summit

I'm in Savannah Georgia for the Government CIO Summit, sponsored by FCW Media Group. This conference tends to be more oriented toward Federal CIOs but I've already run into a few old friends from State CIO activities. I'm speaking tomorrow afternoon on using Web services.

6:38 AM | Comments () | Recommend This | Print This

May 1, 2003

UVCN: Keeping Local Traffic Local Since 2003

Yesterday, Governor Leavitt inaugurated the Utah Valley Community Network. There has been a lot of work behind the scenes to get so many cities cooperating with the county and UVSC. The result is a network that not only provides fiber transport across much of the county, but also serves as a local exchange point for a number of networks including those of BYU and Novell. The result is that a broadband user in Provo who connects to Utah.gov or the UVSC network does so without being routed through Denver. I am convinced that local and regional exchange points are necessary for broadband to deliver on its promise. This is a good role for Government because its sometimes difficult to get private entities to cooperate in the public good without incentives. UVCN is a great example of some good public officials cooperating to accomplish something that none of them could have done alone. UVCN is something that I'm proud to have played a role in.

10:28 PM | Comments () | Recommend This | Print This

Course Calendar Available via RSS

There is an RSS feed of the syllabus for the programming language course I'm teaching. You can subscribe to it in your news aggregator and get a daily reminder of that day's lecture and what homework is due. There are also weekly and monthly feeds if you need a longer time horizon. This is all being driven from iCal on my desktop. This is of interest to students in the class, of course. I was mostly interested to see if I could use this to drive event notifications in an RSS feed from the tool that I use to manage events, iCal. The answer is "yes."

6:09 PM | Comments () | Recommend This | Print This

Noise Reduction Headsets

About a year ago, I took a trip to San Jose with the Governor and Chris Johnson from the University of Utah. The Governor flies in a KingAir B200 and it can be a little noisy. Chris pulled out a set of Aiwa noise reduction headphones and popped them on. Pilots have enjoyed noise reduction headsets for some time. I use an expensive model in my own plane, but this was the first time I'd seen a consumer version (without a boom mic). We passed them around and it was amazing how much more clearly you could hear conversation on the plane when you had them on. I bought a pair after I got home and use them whenever I fly commercial. Here's the rundown on the AIWA headset:

  • They're inexpensive. I saw a pair at Radio Shack the other day for about $40.
  • The really great news is you can listen to music or the movie at a reduced volume. For example, when I'm using them and turn noise cancellation off, I can't hear the music anymore because the cabin noise drowns it out. I think you arrive more relaxed because you haven't been in a noisy environment for 2-5 hours.
  • The bad news is that they are not really very comfortable after about an hour.

Now Bose has come out with a set that look like a real step-up. Bose always makes good gear and the engineering is excellent, so I'm anxious to try a pair. The biggest down side is that like anything from Bose, they're expensive: $249. Ouch! Even so, I think they'll make the perfect companion to the new iPod I plan to buy.

2:37 PM | Comments () | Recommend This | Print This