Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed
Add to Google

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Understanding RSS
Digital ID Policies
Understanding VoIP
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Copyright

Copyright © 2002-2006 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« May 2003 | Main | July 2003 »

June 30, 2003

Impatient Web Searchers Measure Web sites' Appeal in Seconds

A recent study by Jim Jansen of Penn State finds that people typically only look at the first three results in a search result and one in five of them spend less than 60 seconds evaluating a web site to determine whether it meets their needs. By the time three minutes have elapsed, 40 percent of searchers will have moved on. Eight out of 10 times, the abstract that appears with the search results dissuades people from going to the site.

3:07 PM | Comments () | Recommend This | Print This

You Can't Handle the Truth!

In "A Few Good Men," Keffe screams "I want the truth!" and Jessep fires back \"You can't handle the truth!\". A front page article in today's Salt Lake Tribune, is headlined "Some question value of state worker blogs," but a better title would be "You can't handle the truth!\" Rebecca Walsh writes:

Reading a Weblog is a lot like reading someone's journal. Someone's highly technical, mind numbingly boring journal. Most of the time. Then there are times when techies slather their innermost thoughts, their childish pranks online. And when the writer is a state employee, blogs can be fascinating reading -- and a source of embarrassment.
Gee thanks Rebecca! I like reading your stuff too!

The article is full of interesting little tidbits, like Rep. Ralph Becker, true to form, calling for more regulation: "We should have some protocol for how we use our increasing use of e-based communication..." and an unnamed state employee saying "The intent of the blogs is to provide information. But what kind of information are they really providing? Who do they think they are?" I think its interesting that Rebecca didn't provide links to the blogs she's questioning so that readers can go decide for themselves. So, I'll provide them: take a look at my blog, Dave Fletcher's, or Dave McNamee's and decide for yourself whether there's any real information there. I think the answer is obvious.

As she was preparing this story, Rebecca sent me an email and asked:

I'm working on a story about blogs. It's my understanding that the state purchased blog software to improve communication. I wondered what your thoughts are on the medium given what happened to you and other state employees who posted comments in their blogs. Do you regret posting your apology? Do you believe blogging helps IT employees?

I responded with the following:

I wrote shortly after I and others in the state started blogging that blogging [requires] a "culture of candor." (See http://www.windley.com/2002/09/06.html#a171). I believe that organizations work best when people are honest and willing to let others be honest. The culture at the state is one of suppressing unpleasant truths and its very defensive. I think that's regrettable and probably one of the reasons I didn't get along too well there. I can think of several instances where people got themselves in trouble with their blogs (like the recent one involving Dave McNamee [that] was in the paper). In another instance, an employee honestly admitted a mistake and his co-workers, who were also involved in the mistake, jumped all over him for airing dirty laundry. I think that to the extent people are willing to be tolerant of honest expressions or letting off steam, the whole organization gains because information flows more freely. This is clearly not the culture that exists at the State.

I'm not sorry I posted my apology. The timing and the fact that it came to light right then probably cost me a job I wanted very much. But the alternative was living with a secret the would have come to light eventually and constantly wondering when that would happen and what the fallout would be. I would have looked like I was trying to hide something, which I wasn't, and my intent would have been questioned. Overall, I'm confident that being honest and forthright about it was the best thing to do. You can tell I'm not much of a politician. :-) It saved me plenty of sleepless nights and led, ultimately, to the best outcome.

I'm more convinced than ever that narrating your work in a blog is a good way to communicate. But, some organizations aren't prepared for open, honest communication and that's a shame.

You might also find these posts helpful in understanding my thoughts on candor, transparency, and using blogs in organizations:

http://www.windley.com/2003/05/28.html#a641
http://www.windley.com/2002/10/18.html
http://www.windley.com/categories/enterpriseComputing/2002/06/20.html#a38

The heart of the article and Becker's comments seems to be the question: "how can we protect state workers from blogs so their feelings don't get hurt." I think if Ralph and others in the State want to solve a real problem, they ought to ask themselves why they have an organization that can't handle the truth.

8:57 AM | Comments () | Recommend This | Print This

Me? A Postmodernist?

In a recent post, AKMA called me "an honorary postmodernist." There are some aspects about postmodernism that make me cringe, but to the extent AKMA meant "a thoughtful study of the limits of scientific inquiry, the origins and perpetuation of unreasonable prejudices, and the ambiguities of language," I'm flattered. I do think that AKMA is doing a great service by serving as the conscience, so to speak, of digital identity and the limits of the technology in solving societal problems.

In the post linked above, for example, AKMA alludes to identity being the sum total of all our experiences. I think that's a good way to think about it. That meshes nicely with my thinking on digital identity as well. My digital identity is a collection of bits that represent things I've done or collected online. The digital identity is a woefully inadequate representation of me, the person, because I have many more experiences and interactions offline than I do online.

The other issue with digital identities is that they're so much easier to fashion than real identities. This is good and bad. Its good because you are free to fashion an identity for yourself online that is different than your real identity---maybe one more closely aligned with your inner self than the public exterior you've presented in the offline world. its more problematic when we want to start using digital identities to control our bank accounts because now we need a link between our digital self and our meat self. Of course, Amazon doesn't care how many identities I have or anything about them as long as they all have a credit card with a positive balance.

8:25 AM | Comments () | Recommend This | Print This

There Ought to be a Club for Former State CIOs

BIl Campbell, the recent former CIO from Wyoming has written an article in the latest CIO Magazine entitled "How to Survive in the Public Sector". He came to see me last November, just after I'd decided to resign, but before it was public, and spent a day with me. I remember telling him I was resigning and his discouraged reaction. I think even then he probably saw the impossibility of his situation. His comments in the article echo some of my own in my Public Service Tips.

7:59 AM | Comments () | Recommend This | Print This

June 28, 2003

Safari Unstable?

Is it just me or has anyone else noticed that Ver 1.0 of Safari is less stable than the last beta? It just dies on me from time to time.

8:59 PM | Comments () | Recommend This | Print This

Phil Windley Speaks!

I've decided to be more overt about speaking, so I've put together a page with samples, recent engagements, rates, resources, and requirements. I enjoy speaking and I'd like to do more of it.

1:14 PM | Comments () | Recommend This | Print This

June 27, 2003

DNS Turns Twenty

Paul Mockapetris invented DNS while working at the University of Southern California 20 years ago in 1983. It took a number of years to catch on. I still remember editing /etc/hosts by hand on every machine I managed in 1988. Most machines didn't have complete host tables. There were a few complete host tables on various machines spread around the net. This led to a process where sending mail to someone meant that you had to pick the route using UUCP-style ! routes in the email address. The trick was to get the message to a machine that knew about the host you were sending mail to. It was a game and we enjoyed being good at it. DNS spoiled the fun, but made the net much more useful. This ComputerWorld article talks about the history of DNS and its invention. In the article Paul says:

I had expected people to think a little about enhancing the infrastructure, but it's still working hard and I don't think there are any obvious stress points where it's going to fall down in the next couple of years.

It is amazing that it continues to work, but that's a testament, I think to the decentralized, albeit hierarchical, architecture of the the DNS system and the overriding simplicity of what it does. It just maps domain names to IP numbers. Contrast that with UDDI which shares a potentially decentralized architecture, but has a much more complicated goal to return services based on more nebulous criteria than a simple, hierarchical domain name.

The article seems to make the invention of domain names and DNS synonymous and I don't think that's right. I believe the notion of hierarchical domain names existed before the DNS mapping system was invented, but I could be wrong. This predates my Internet experience by 3 or 4 years.

2:02 PM | Comments () | Recommend This | Print This

XACML: Extensible Access Control Mark-up Language

Yesterday, I wrote about SPML and a little about SAML. SAML is an XML-based language for exchanging assertions about identity. SPML is an XML-based language for interacting with identity provisioning systems. There's another important piece in the puzzle: a common format for access requests, policies, and responses. XACML provides just that.

XACML is the language of the Policy Decision Point, of PDP. The PDP is the chunk of code that recieves access requests, checks to see whether they should be granted, and returns an appropriate response. The PDP is not necessarily the same as the place where credentials are stored. It merely needs access to that service, ideally via SPML. The PDP could be a module running in the local system or a remote system accessed over the Internet.

There are a number of good resources you should look at on XACML:

9:41 AM | Comments () | Recommend This | Print This

June 26, 2003

Service Provisioning Markup Language (SPML)

The OASIS group will demonstrate the Service Provisioning Markup Language, or SPML at the Burton Group's Catalyst Conference in July. According to OASIS, ten OASIS members will show the stability of the specification and demonstrate interoperability between SPML-conformant products. You might rightly ask: What is SPML?

The Security Assertion Markup Language, or SAML has been around for a while. Its an XML-based markup language for exchanging assertions about authentication and authorization in a federated identity system. There's nothing in SAML about how security credentials get created, managed, or queried.

SPML is the other shoe. Its a markup language for provisioning credentials. Not surprisingly, its methods look just like those of any database: add, update, delete, query. When a SAML request is received from a partner in a federated identity network, the software receiving that request could use SPML to query the identity system for the correct tokens. These tokens would then be returned to the partner using SAML.

SPML is not designed, as far as I can see, for federated security provisioning, but rather easy interoperability between different vendor products. That doesn't mean it can't be used for that, but it would have to be tacked up by the players who would have to take the IT and business concerns into account. SPML will probably find the most use behind the firewall, at least initially.

Here are a few resources on SAML and SPML that you might find interesting.

10:16 PM | Comments () | Recommend This | Print This

VoIP in My House

I just signed up with a new phone company called Vonage. The service is delivered over my Internet connection and lets me use my regular phone. When I here "internet telephony" I picture weird software, boom mikes plugged into the back of my computer and complicated set-up. This was about as far from that as you can get.

I signed up at the Vonage site about a week ago. Today, a box arrived at my house with a Cisco ATA 186, an analog telephone adapter. I plugged the ATA into my network, plugged a regular phone into the back and after a few blinking lights, made a phone call---no other configuration needed. The calls sounds great and seems to maintain in the face of heavy network downloads. I'll let you know later what my long term experience is.

Vonage has two calling plans for homes one with 500 minutes of long distance for $25/month and one with unlimited long distance for $40/month. Business accounts are slightly higher because they can. These plans come with every phone feature you can imagine, including call waiting, voice mail (with an email interface), call forwarding, caller ID, caller ID blocking, repeat dialing, and call transfer. A second line for FAX is an additional $10/month. There's a 911 feature as well--this has been a struggle for IP telephones so its a significant offering.

My account has a dashboard on the web where I can manage my voicemail, view call activity and usage logs (wondering who your teenagers are calling?), see billing information, and other housekeeping chores like managing account information. Here are a few unique features:

  • Your choice of phone numbers from just about anywhere in the US - I chose a Utah number, but I could have gotten an New York number (or one from anywhere Vonage has service) and had it ring in Utah. You can have an existing number transfered or get a new number.
  • Virtual phone number - multiple numbers from multiple locations ring in a single place. Want an office in Miami and LA? Done for $5 each.
  • Disruption call forwarding - forward calls to a number in the event your Internet service is down.
  • Quality degradation for bandwidth savings - you can chose to degrade the voice quality and save bandwidth.

Vonage is using dynamicsoft's Route Engine Platform to provide service out of two data centers in New Jersey. A California data center installation is planned. Interestingly, dynamicsoft is the vendor behind the SIP Protocol which is the basis for the SIMPLE messaging protocol. SIMPLE has vying with XMPP (Jabber) for use as a universal messaging protocol. Microsoft, AOL, and IBM has voiced support for SIMPLE, but XMPP has broad grassroots support. I frankly think that they're different enough that there's room for both. XMPP is a simple XML based messaging and presence protocol whereas SIMPLE is a more complicated P2P protocol capable of carrying multimedia content.

3:44 PM | Comments () | Recommend This | Print This

June 25, 2003

Redesigned utah.gov

The utah.gov web site is sporting a new design. The new design is cleaner and less cluttered. I like it. The downside of a clean look is that there's fewer things on the homepage which means the hierachy got deeper. One of the problems with government web sites is the shear number of things that people want to find. Enforcing the three click rule is hard. That's one of the reasons why personalization is so important.

The new site also features live help and a new business portal that been in the works for months. There's more to come there and I'm anxious to see it.

Of course the problem with a new design is that all of the agency sites are still using the old design. So, all the work people went through to get the entire collection of web sites looking consistent now has to be redone. There's technology that can help with that, of course. Its called content management. Unfortunately the hurdles that have to be cleared to get content management in place are many.

10:27 PM | Comments () | Recommend This | Print This

How Do I Know Who You Are?

One of the biggest challenges in digital identity is authentication, the process of knowing that the person or system presenting credentials is who they say they are. A driver's license has an authentication system built-in: the picture. Humans are really good at looking at pictures and faces, making a comparison and reaching an accurate conclusion about whether there is a match. For digital ID, the problem is more difficult. At the low end, we use usernames and passwords. More sophisticated systems use retinal scanners and other biometric devices. In this interview with the New Scientist, James L. Wayman of San Jose State University, California, expresses his reservations about biometrics.

1:26 PM | Comments () | Recommend This | Print This

Why IT Doesn't Matter Anymore: Living in the Red Zone

A recent Harvard Business School publication is entitled Why IT Doesn't Matter Anymore. The author, Nicholas G. Carr, argues that "the core functions of IT have become available and affordable to all" which reduces the strategic value of IT. He says:

What makes a resource truly strategic-what gives it the capacity to be the basis for a sustained competitive advantage-is not ubiquity but scarcity. You only gain an edge over rivals by having or doing something that they can't have or do. By now, the core functions of IT-data storage, data processing, and data transport-have become available and affordable to all.

This is an important article for any IT manager and especially CIOs to read. There are some excellent points. For example, Carr makes the point that thinking strategically may be more fun than the hard work of operational excellence, but the latter is much more likely to be the cause of problems for a company. He also says that vendor needs, more than company needs frequently drive IT purchases. Still, I think the analysis is perhaps too simplistic to be of much help to CIOs trying to prioritize projects.

The problem is that he's only thinking about the problem in one dimension. The figure to the right shows two dimensions: expense of the IT project on the vertical axis and the resulting increase in competitive advantage along the horizontal axis. Take you projects, get a group of your best managers together and go through an exercise where you rank each project on these two dimensions and then plot them on the chart.

The first step of the analysis is easy. Do everything in the green. You probably don't want to do anything in the white until you've finished everything in the green. Now, you may be thinking: never do anything in the red. These are not likely to improve competitive advantage significantly and they're expensive. Well, unfortunately, its not that easy.

The second step in the analysis is to further classify the projects in the red quadrant into two types. To understand the distinction, let me give you an example. If you're in the hotel business and you classified your expenses on this chart, clean sheets would fall into the red zone. Its expensive to provide your guests with clean sheets and all your competitors do it too, so there's no competitive advantage. Still, you'd be a fool to decide that you ought to slash the laundry budget and let your guests sleep in dirty beds. There are a number of "clean sheets" projects in IT:

  • Reliability
  • Scalability
  • Availability
  • Security
  • Desktops
  • LANs

You can see why these things fall in the red zone: they're expensive and, in theory, anyone can do them. In practice many don't. Finding out best practices in these areas isn't difficult and skilled people who know how to run these kinds of operations are available. I think the problem is often that these issues are "red zone" issues and its easy to get distracted by the fun "strategic" projects and let the "red zone" project languish because they don't provide significant competitive advantage.

That's short sighted because even though red zone projects can be done by anyone in theory, they are rarely executed well and plenty of companies fail for lack of execution even with a strong competitive advantage in some other area. I find that many business school analyses start off with the assumption that everyone will execute well and then focus on competitive advantage. That's not the real world and IT has become one of the most important areas in which to execute well---even if you don't believe its strategic.

I don't agree with everthing Carr has written in this article, in fact I think its tone is likely to cause many to miss the entire point. Even so, CIOs and other IT managers would do well to look at their projects and vigorously pursue any that fall in the green zone, while never losing sight of "clean sheets."

The tough thing about living in the red zone is that its not sexy. Its hard to do and no one's going to come up to you and say "Hey, I noticed the computers didn't go down again! What to go!" Its thankless work and it difficult to convince people to spend much on it. The goal is achieve operational excellence and do it as efficiently (read cheaply) as possible. Focusing on it requires different priorities, a different culture and organizational changes. But "red zone" work is the foundation on which everything else is built and success in other areas of the business is unlikely to come if its ignored.

cover Note: Although not specifically an IT book, my thinking in this area has been influenced by Mike Johnson's book Improving Customer Satisfaction, Loyalty, and Profit. Its application to IT is my own invention. I took a class from Mike at the Univ. of Michigan Business School several years ago and was impressed with his formulamatic approach to customer satisfaction. I think there's much to be done in this area for IT as well---particularly when it comes to satisfying customers.

10:28 AM | Comments () | Recommend This | Print This

June 24, 2003

What Shared Authentication Means to You

Glenbrook Partners has released a report entitled Rethinking Authentication on the impact of single sign-on and the shared authentication infrastructures like the Liberty Alliance. This is not the full report, you have to pay $1000 for that, but the abstract and table of contents are worth looking at in any event and they're free. Carol Benson, the reports author, says:

Like Moliere's character who discovered he had been speaking prose all along, some authenticators will discover they have always been "identity providers"; they just didn't know it.

She cites financial institutions and ISPs/Telcos as the serendipitous winners and sees a possible role for State governments if they choose to play. I've been spending quite a bit of time on Liberty and SSO over the last week. This report caught my eye as being about what shared authentication will mean instead of how it works.

5:19 PM | Comments () | Recommend This | Print This

June 23, 2003

Trust and Identity Management

InfoWorld has a special feature this week on the relationship between identity management and privacy. Large organizations have a lot of relationships with customers, trading partners, and employees. Furthermore, in a service economy, digital identity matters and those relationships take the form of a collection of records in databases. This makes tools for identity management more important than ever. The problem is, that doing it right isn't easy.

This article, entitled Trusting ID management technology talks to some of the privacy issues. Some of the first computers in existence were used by banks and this drive to automate hasn't abated, putting financial institutions at the forefront of this problem. Large numbers of transactions and a natural fit on the web have caused banks to create huge repositories of information about their customers. Unfortunately, this has made the issue of privacy all the more important:

"We see the [privacy] problem getting worse. We see the entire financial industry in the U.S. putting their heads between their knees right now hoping the problem is going to go away," says Jim Hurley, vice president and managing director of information security at Boston-based Aberdeen Group. "These guys better get their heads out of the sand, or they're going to be in trouble."

Another industry in a similar situation and just as much in denial is the health care industry. HIPPA mandates a lot of privacy protection, but there's still a lot of people unsure how to proceed and hoping that it will go away. Good identity management can solve many of the issues HIPPA raises.

Some say that its the large collections of data that are the problem, but I think that's one of those statements that looks right on the surface but is fatally flawed in practice. The fact is that secure, private identity management isn't a problem that can be solved a million times. If every department of a larger corporation is in charge of making their own small collection of data secure and private, none of it will be. What's more, it ignores one of the prime drivers of large collections: customer demand. Customers increasingly want to be treated "in total" by the organizations they deal with. When I call up and request DSL service from Qwest I want the DSL division to know I'm a phone customer, all the relevant data about me, and that I pay my bills on time. Of course, at the same time I expect them to not get any information they don't need---like my waist size.

There's an interesting relationship between identity, privacy, trust, risk, and security. I don't need much trust in you to supply you with my zip code so you can personalize your online service to my location. I don't expect much privacy and if someone steals your cookie database with my zip code in it, I'm not out much, if anything--low risk. On the other hand, when it comes to my bank, they hold a lot of sensitive information about me. For example, they not only know my bank balance, they also hold the bits that represent that balance--high risk. I expect a much greater degree of privacy from them and they have to work harder to gain my trust. That trust is based, in part, on the wholly unsubstantiated belief on my part that they run a secure operation. Because of my history with them, I believe them secure until proven otherwise. That will only work for the banks until they start having problems.

4:30 PM | Comments () | Recommend This | Print This

Bizarre: Now I'm Headless Nick

The Deseret News is running a piece in anticipation of today's release of the follow-up legislative audit which was ordered last November. As usual, its full of half truths, mis-statements, innuendo, and bizarre rumors. The funniest is this one:

"Nobody is going to believe that Windley's influence in state government is not being carried out through his friend, Steve Fulling," one IT employee said. "The guy has been gone for seven months, but his ghost is still there. Everyone is still freaked out about Windley."

This kind of rumor isn't new. I think its funny that these people's world view is so narrow that they actually believe I've got nothing better to do than to continue to run IT in Utah after the State stops paying my salary. Of course, the people feeding these rumors don't really believe I'm still trying to run IT. This is really an attack on Fulling. The more closely Fulling's policies and programs can be tied to me, the more easily they can be discounted without examining their merits. The legislature and the press just play right along.

I do have an interest, as a citizen of the State, in how its run and a special perspective since I see some things as they really are because of my past position. IT in Utah is screwed up and what's screwed up about it is the way a small group of employees manipulate the system to protect their parochial interests. This summer's issues are nothing more than their continued efforts to ensure that they protect their turf and can ride out the rest of their time at the State with their feet up on their desks instead of doing something productive.

Its pathetic that the administration puts up with it, but these guys have been around for 25-35 years and they know the system. The administration is powerless to stop them so everyone just cringes and hopes they won't be the next target. This group knows how to use anonymous letters to the press and the legislature. They know how to stir the employees up with rumors, even ridiculous ones. They smile in your face and tell you they're with you and then go to a meeting with their peers and stab you in the back. They have some powerful allies. All of this protects an IT organization that is about as dysfunctional as any you could find. This is the borg at its finest.

9:40 AM | Comments () | Recommend This | Print This

June 20, 2003

Zope User's Group Meeting

I'm at the Zope User's Group meetingin Las Vegas today. I flew my plane down this morning and planning on flying home this afternoon---its about 2 hours. The flight was a nice (early morning flights always are) and Las Vegas is its usual hectic self. There are about 8 people here including Rob Page, CEO of Zope. There's an information discussion of the newspaper business while we're waiting to get started. The Zope meeting is being held on the heels of the Newspapers Publisher's Expo, so there's a few newspaper people here. Here's a rundown of what the speakers said:

Rob opens up with a discussion of where Zope is going. He makes the point that since Zope has been open source, they've exchanged control of the product for additional developers working on it at little cost to them. Rob doesn't believe that a professional services and support model is sufficient to keep a company going in connection with an Open Source product. Zope's model includes products that can be offered to Zope users. These are not shrink wrapped packages, but rather pieces of intellectual property that Zope uses to add revenue to its professional services work.

Now, Zope hasn't given up compete control of the Zope engine. They are clearly the leader of the Zope open source project. One of the issues they worry about (and deal with via a contributer agreement) is making sure contributed code is clean from an intellectual property standpoint.

Chris Muldrow is the Editor of Fredricksburg.com. He's describing the use of MySQL with Zope and the set up of a Zope cluster. Zope has an internal database, so MySQL is not strictly required. The primary benefit is that data is now in a standard DB and accessible by other programs. Chris recommends a few tools to make this easier:

  • MySQL Front is a tool for manipulating the databases in MySQL. Development on this product appears to have been discontinued, but it can still be downloaded here.
  • The second tool he recommends is ZNolk, a Zope product for connecting to MySQL databases from within Zope. As I understand it, Chris uses ZNolk to create web-based administration tools in Zope for the MySQL tables.
  • ZSearch Interface is a built in tool for building search interfaces on outside database searches.
  • Chart Director is a Python module (apparently not just Python) for building charts.

The application that drove Fredricksburg.com to an external database is their real estate section. They grab data from the local MLS (multiple listing service) every two hours. Getting the data and manipulating it is better done with an external program in Python and MySQL rather than dragging down Zope performance.

From a business perspective, the way that they charge for the service is they sell agents ecards, business cards that show up with listings. An agent's ecard shows up on all their listings and routes email inquiries to them. If they don't buy the ecard, then some other agents ecard shows up in a rotation. There's also a hot properties listing that agents can buy as an upgrade to the basic listing. These are rotated on the home page. The interesting thing is that there are non-technical sales people selling these and entering them in the application using an admin tool that is built in Zope.

Zope Bible I've corresponded with on various issues from time to time with Michael Bernstein, author of the Zope Bible. Its nice to finally meet him. He's speaking next. His talk is a case study on a visual asset repository (digital asset management) system. Images in the system are similar between various customers, but the meta data from client to client varies greatly. Michael created an application that let's the client create multiple, private labeled versions of the asset repository each with its own metadata with no coding.

Sean Upton is from SignOnSanDiego.com, the website for the San Diego Union Tribune. He's talking about using AP (associated press) Digital content in Zope. AP Digital is a division of AP that sells AP content to Internet properties. Standard AP wire stories can't be used raw for various reasons. AP Digital is one solution to that problem. The way AP Digital delivers AP Online data to sites is through NNTP. The data is formatted in an XML-based format called NITF. Sean uses Zope to grab that data out of NNTP, parse the NITF, and present it on their site. The idea is not simply to push the contant online, but let writers and editors work on it and produce localized content.

10:26 AM | Comments () | Recommend This | Print This

June 19, 2003

Digital ID World Conference

This year's Digital ID World conference will be held in Denver, October 15-17. Last year's event (1, 2) was very well attended and full of useful and interesting talks. The thing that made it work was that it wasn't just about one facet of identity, but brought together players from many different arenas and points of view. It was one of my favorite conferences and I'm looking forward to attending this year as well.

5:47 PM | Comments () | Recommend This | Print This

RSS and eGovernment

News releases are perhaps the most obvious example of how RSS can be applied to eGovernment. Government has a peculiar relationship with the news media and, consequently, issues lots of news releases. Utah's Governor's office has officially started to issue news releases in RSS. It looks like RSS 1.0.

Kudos to the Governor's office for doing this and setting an example for the rest of the State. Its surprising how long it takes to get something even this simple happening. I talked to Natalie Gochnour, the Governor's Press Deputy, about RSS over a year ago and Utah Interactive was "very excited" to work on it and it still took a year. I know Dave Fletcher's been pushing this as well.

A few comments:

  • The title ought to identify it as Utah Governor's News, not just Governor's News. Some people may subscribe to news feeds from multiple governor's offices. I know if I were a short features editor at Governing magazine, this is something I'd love.
  • Most of the descriptions are blank right now. It would be nice if they contained the first paragraph of the story so you can read enough to know whether to click out of not.
  • I, for one, would love to hear how they selected the RSS version and why. That would be a good data point and help others with those kinds of decisions. Maybe Dave could blog it.

Now, I'm not sure how this is implemented, but regardless, its a great example of Web services in eGovernment. Some may not think of an RSS feed as Web services, but making data available in a self describing format is one of the key first steps. When I talk to people about Web services, and particularly those working on eGovernment, my message is always the same: "get started." RSS is a great way to get started because its easy and immediately useful.

12:34 PM | Comments () | Recommend This | Print This

June 18, 2003

What is Orrin Smoking?

A story in today's Deseret News says Utah's Orrin Hatch would like to develop technology that would destroy the computers of people who download copyrighted material over the Internet. I say as long as we're going to allow companies to destroy personal property to enforce their rights without any due process, we might as well go all the way. So while we're at it, let's also develop technology that will incinerate the occupants of cars that have aftermarket parts installed. HP should be allowed to burn down your house if you install a non-HP ink cartridge in your printer. Feel free to leave a comment with your own suggestions. Somebody ought to hand Orrin a clue, because its clear he needs one. If you like, send the Senator and email and let him know how you feel on this issue.

Update: Amish Tech Support reports a possible copyright violation on Sen. Hatch's official web site.

6:45 PM | Comments () | Recommend This | Print This

Small Scale and High Tech

I had a great conversation with Mark Jones of Future 2 this morning. We got to talking about infrastructure costs. He quoted the number of subscribers he needs to break ever. I thought he'd left off a zero, so I asked him to repeat it. He gave a number in the hundreds, not the thousands. Now he's got a pretty large coverage area, relative to the break even number. This is a huge win for wireless. Of course, all kinds of things can affect this: what level of support do you provide, how strong is the signal in the marginal areas, etc. This explains why there are so many WISPs (Wireless ISPs): the barriers to entry are low.

This reminds me of the another hot technology that's got people talking right now: blogging. There are people making money with small scale, low cost blogging (or near blogging) operations. Here are a few examples:

The last one isn't exactly a blog, but its a great example of a low-overhead media site. This time reminds me of the early days of the Internet. Ross Jardine and I start iMALL in 1994 with nothing but a $10K lease on an HPUX machine. You don't even need that much anymore. We used public domain and open source technology and I wrote most of the code. We were in the black from day one. Of course, we didn't grow very fast, but we had fun and built something that had real value.

Tony Perkins thinks this is the cheapest time to start an Internet company. I think he right.

2:35 PM | Comments () | Recommend This | Print This

June 17, 2003

PIP Data on Home Broadband Growth

PEW has released a memo on home broadband usage (PDF) from its Internet and American Life project. The results might surprise some people since the common perception that home broadband growth is slow at best. I frequently talk to people who believe that every statistic they ever heard about Internet growth has now reversed. Most people reading this will know that's not true. According to the study:

As of the end of March 2003, 31% of home Internet users had a high-speed connection at home. This is up from 24% in October 2002 and 21% in March 2002. Today, approximately 30 million people ? or 16% of all Americans ? log on at home with a broadband connection. That is double the number who had a high-speed connection at home at the end of 2001 and, as noted, a 50% increase in the past year. In not quite three years, the United States has witnessed a five-fold increase in the number of people who go online with a fast connection at home.

The report contains numbers on what types of users have made the jump, what they use it for, etc.

This is, of course, little thanks to the Qwests and Comcasts of the world who continue to make little or no capital investment in passing new homes. They were big players in the first wave but are now mostly harvesting the potential subscribers in the areas they already serve. In the last year, the percentage of DSL subscribers has declined and the number of cable modem subscribers has risen modestly. Wireless, while small, in overall numbers has doubled. This clearly doesn't herald a huge win for wireless, but its a good data point.

4:05 PM | Comments () | Recommend This | Print This

Thanks and Redhat Install

I've enjoyed the class this semester. Thanks for participating and asking lots of questions. That makes it more enjoyable for me. I hope you got something out of it. Please make sure you complete the online evaluation if you haven't done so already.

I'm looking for someone to install Redhat Linux on 6 machines for me in the 462 lab. I'll pay $100 for the job. If you're an experienced Linux installer and would like to do this, let me know.

3:51 PM | Comments () | Recommend This | Print This

Virtual Databases

One of a CIO's holy grails is integration. The primary driver is business agility. This is related to aligning IT with the business, but there's a speed component. The marketing and manufacturing departments don't need you to be aligned with them next year, they need you aligned today and tomorrow when they change their focus and direction for what seems like the fifth time this year. Integration is one strategy for building an information infrastructure that can handle whatever is thrown at it.

This desire for an integrated infrastructure is behind much of the interest in Web Services and other, more Herculean tasks like Enterprise Application Integration, or EAI. Web Services, can be looked on as the poor man's answer to EAI or, alternately, as an iterative approach to application integration. I like to think of it as the latter. Why try to boil the ocean, when you can connect a few applications together more easily and harvest the low hanging fruit.

But what if you find that just connecting up the applications through their interfaces isn't enough? A middle ground between a lightweight Web services project and a Hoover dam-sized EAI project is something called Enterprise Information Integration, or a virtual database.

A virtual database, or federated database, provides a single, virtual interface to a collection of data sources. These data sources may live in multiple databases from multiple vendors and even be in multiple formats (relational vs hierarchical for example). To make this work, the organization deploying the virtual database creates a data model that contains the needed elements of each of the data sources being integrated and then creates a map from the existing data sources to the new data model. Using this model and map, the virtual database management system processes queries, updates, insertions, and deletions of the integrated data.

I think that data integration is the key to the integration puzzle, whether you're going to use Web services, EII, or EAI. I think we've actually never realized the chief benefit of databases. A database is commonly thought of my lay people as vast collections of valuable data. But we know better. For the most part, we use it as just a persistent portion of the program's variables. I asked these question a few months ago:

  1. How many databases under your control were started as the data foundation to a single application.
  2. How many of those ever get called on by some other application.

I'd bet the answer to these questions is "all" and "a few" in that order. This isn't surprising---most IT is done incrementally, reactively, in response to the problems of the day. Someone starts an Access database to keep track of a few things at work and in a few years the database is mission critical, living on direct attached disks, under someone's desk.

I argue in my Enabling Web Services whitepaper, there's a lot you can do to make data integratable, for very little cost, as you build web applications that use that data. This is not a full scale integration, but it cuts the ties between the database and the single application that uses it and allows other applications to start using that data as well.

The biggest hurdle in an EII project is creating the universal data model. There are two problems:

  • You have to get everyone to agree to share their data and participate in the modeling. Its more work to share than to keep your data to yourself. Its also a source of power. Sometimes, what's in the data is embarrassing.
  • You have to pay for it. As Felix Rausch, in a panel at the CIO Summit this May said: "no one's going to get money to do data architectures so it has to be dressed up in programs."

Two of the players in this field are MetaMatrix and IBM's DataJoiner. I've not used or evaluated either of these products. Other related products include offerings from places like Whamtech which create indexes of data in various data sources.

Further reading:

8:55 AM | Comments () | Recommend This | Print This

June 16, 2003

Steve Gillmor on RSS

Steve Gillmor has three articles on his blog that give some ideas about where he thinks RSS is going. Whether you agree with Steve or not on the specifics, I'm glad to see the speculation because its expands my thinking. I'm also happy to see more and more people recognizing the power of RSS. When I started blogging, RSS was the thing that got me excited.

Steve claims that email is a subset of the RSS space. That's an interesting thought. Many people might have turned that around. I'd like to hear more from Steve on why he thinks this. I see email and RSS being related in the same sense that email and IM are related. There's a relationship, but I don't see it as a subset relationship. RSS is different than both email and USENET news in a significant way: its self describing. This allows it to be treated as a data stream and filtered, sorted, and merged in ways that we can only dream about with email. If you read Steve's third piece, he hints at this.

5:25 PM | Comments () | Recommend This | Print This

Connect Magazine Column: Singularity Hints

I've recently started writing a monthly column for Connect Magazine. Connect is brand-new. Their "About" page says "connect offers an inside look at the regional economic landscape and the people driving its development. connect profiles high-tech, life science, or other innovative companies with ties to the west so you are aware of the major players in the region." I've known some of the guys involved in this venture for a while. They used to be with Digital IQ. They're bright and they've got a lot of pluck. They need it---this is a tough business. I'm impressed with what they've managed to put together in the last 4 months out of sheer willpower.

My June column is entitled Singularity Hints after a previous blog entry of that same name. In it, I talk about some trends in high-tech that I think are exciting. These trends are described by the following set of keywords:

  • Personalized
  • Peer-based
  • Decentralized
  • Collaborative
  • Connected
  • Converged
  • Presence-enabled

My plan is to use these words as guides as a write future columns. July's column is about Loosely Coupled Conversations and August's column, which I turned in today, is about Conversational Synchrony.

1:06 PM | Comments () | Recommend This | Print This

Active Noise Reduction (ANR) Headphones: You Get What You Pay For

In May, I wrote briefly about active noise reduction, ANR headphones. I've used an expensive ($500) aircraft quality ANR headset in my private plane for many years and love them. I've owned a pair of inexpensive Aiwa headphones for several years but found them to be uncomfortable on long commercial flights. So, over the past few weeks, I've conducted a "good, better, best" test of noise reduction headphones to find a pair that I can use on commercial flights in comfort.

Active noise reduction is a technology that employes small microphones and digital signal processing (DSP) technology to cancel out ambient noise. The microphone samples the ambient noise and the DSP chip creates a a sound wave 180 degrees out of phase from the outside sounds. When this sound is played through the headphones it cancels out sounds in low frequency ranges. Noise reduction doesn't cancel out all noises, just low droning ones. So don't buy these thinking you'll be able to work while the kids run around outside your office screaming. You'll still hear them just fine.

Nevertheless, these headsets are perfect for flying. I find that I can play my music or the airpline movie dialogue at a level sufficiently low that I can't hear it when I turn off the active noise reduction. Flying with noise reduction headphones creates a quieter environment that makes flying less stressful.

A short disclaimer: The only time I use headphones is on airplanes. Consequently, noise reduction and comfort are my two big criteria. If you want great sound quality and use your headphones in environments where noise reduction won't make much difference, you can probably find great sounding, even better sounding, headphones for a cheaper price. What you're paying for with these headphones is the noise reduction.

The three headphones I reviewed are shown in the following table:

Manufacturer Model No. Street Price Style Rating
Aiwa HP-CN6 $59 open air Good
Sony MDR-NC20 $179 closed air Better
Bose QuietComfort 2 $279 closed air Best

I used each of these headphones in real-life conditions: each was used exclusively on the outbound and inbound legs of flights between Salt Lake City and cities on the East Coast (about 4.5 hours each way).

Aiwa HP-CN6

As I mentioned, I've owned the Aiwa headphones for several years and have used them on many flights, short and long. The active noise reduction feature of the Aiwa headphones works very well. Turning them on brings an amazing cessation of the low drone of the plane. These headphones are "open air" style, meaning that the headphone piece sits on the ear rather than surrounding it. They come with a carrying bag and an adapter for two-prong airline headphone jacks. These headphones fold for stowing. I have found that the Aiwa headphones are uncomfortable on trips longer than about an hour (which is almost every trip out of Salt Lake). The headphones press against your ears and the headband is unpadded and uncomfortable on the top of the head after a time.


Sony MDR-NC20

I used the Sony headphones on a trip from Salt Lake City to Savannah, GA and back. The Sony headphones are closed air construction (over the ear). The noise reduction feature worked as well as the Aiwa and the sound response was better due to larger, more expensive speakers. Even so, I found the Sony headphones to be uncomfortable after just a few hours. The ear pockets are not deep enough to let your ears remain in their natural position and the headband is not padded. Consequently after a few hours, my ears felt pinched and the top of my head hurt. The Sony headphones fold for stowing and come with a carrying bag and two-pronged airline headphone adapter.


Bose QuietComfort 2

The Bose headphones were the most expensive of the lot, but also the most comfortable and the best sounding headphones. The headphones are constructed to repress noise even when the active noise reduction circuitry is not turned on. They have deep ear pockets and a padded headband. I used them on a 4.5 hour flight to and from Boston and was able to wear them in comfort the entire trip. The sound response from the speakers was excellent. Even though these headphones have the largest earpieces of any in the test, they folded to be the most compact for stowing. The Bose headphones, unlike the other two, do not work as headphones in passive mode (i.e. with the noise reduction turned off), so they're worthless without a battery. They come with a nice zippered carrying case, a two-pronged airline adapter, and a quarter inch headphone adapter for use with a home stereo.

Conclusions

The results of this review aren't too surprising. The Bose headphones cost $220 more than the Aiwa and $100 more than the Sony but have clearly superior performance in comfort and sound quality. All of these headphones deliver good noise reduction, so I think the real loser here are Sony headphones. Their comfort and performance are not sufficiently superior to the Aiwa's to justify a cost differential of $110. My suggestion: buy the Aiwa's and try them. If they aren't too uncomfortable for you, they're an excellent value and you'll get noise reduction at a bargain price. If you can afford it, treat yourself to the Bose headphones. Bose has a reputation for delivering high quality and these headphones are no exception. I plan on keeping my pair.

6:45 AM | Comments () | Recommend This | Print This

June 14, 2003

Zope User's Group Meeting in Las Vegas

Michael Bernstein let me know about a Zope User's Group meeting in Las Vegas this next Friday. I going to try to fly down if the weather's nice. I've been interested in Zope for a while and recently started programming in Python, so this looks like a great opportunity to combine two of my favorite things: flying and computers.

12:45 PM | Comments () | Recommend This | Print This

June 13, 2003

RSS in Ads Revisited

Jenny disagrees with my comments on Ads in RSS. She says:

[I]f you are providing me with the full text of the article in my aggregator, then I'm willingÊ to trade you my eyeballs for an ad. However, if you're just sending me the headline with a one- or two-sentence description, then that's the ad. Your intent is to get me to go to your site to read the full article, at which point I will see the ad (probably lots of ads), and the transaction is complete - I clicked onto your page and became a number you can sell to your advertisers and in exchange you let me view the content.

I agree with Jenny in this distinction. Syndication implies you're giving me the thing, not just a link to it. What actually happening with most RSS feeds is we're pulling down a "teaser" and we'll go read the article on site if its interesting. In that case, the ads can exist on the site and when I read the article, I'll see them. Frankly I mostly only want to see summaries in RSS anyway.

Even so, if InfoWorld or the NY Times, or someone else wants to put ads in my RSS feed, I'll survive. If they're too obnoxious, I'll unsubscribe. I'm just not going to be able to get too worked up about this.

11:27 AM | Comments () | Recommend This | Print This

Investigation Concludes

After my moment of stupidity last month, the state decided to have the Dept. of Public Safety conduct an investigation. They turned their results over to the AG's office which concluded that there was no "evidence that would merit criminal prosecution." There are some times when you're really glad to have someone else agree with you and this is one of them. The article in today's SL Tribune is pretty fair and factual.

The article states that I've agreed to pay restitution and that's something I'm happy to do. I think one could quibble with the amount. There's a claim that they spent 48 hours cleaning up after this and I'm very curious how all those hours were spent. Anyone who'd been on the other side of this knows that these numbers are always shaky at best. At any rate, its nice to have it concluded.

6:50 AM | Comments () | Recommend This | Print This

June 12, 2003

InfoWorld Ads in RSS

As noted by Dave and Sam, InfoWorld announced today that they will introduce ads in their RSS feed. Before I comment, I should disclose that I write for InfoWorld and am on the masthead as a contributing editor. Believe it or not, I thought about this before I knew InfoWorld was going to do it and my thoughts haven't changed.

I view this pragmatically: I'd rather see ads in RSS than not see the RSS at all. I'd rather have InfoWorld and other news sources, including the NY Times show up in my aggregator than have to go to each and every site and search for what interests me. These guys aren't going to just give this content away and as RSS gets more and more popular they might choose not to play. That would be a shame, both for me personally and for RSS as a technology.

One of the words frequently associated with RSS is "syndication." Syndication means that you redistribute content that was created for one venue to others. In the case of most blogs, that is done without restriction or fee. Grab my RSS and go to town. In most other media, syndication comes for a price. If you want to syndicate InfoWorld's content, the price is to look at their ads. Some sites, like Slashdot.org will let you see their site ad free for a fee. Maybe their RSS feed is next?

6:17 PM | Comments () | Recommend This | Print This

Intermountain eXchange: What's New in Networking

A month or so ago, Pete Kruckenberg, Jim Sorenson and I had lunch and discussed the idea of creating a regionally based conference on next generation networks. There's a national conference called Next Generation Networks but we saw a need to sharing between regional players since much of what can and should be done is regionally flavored. From that lunch grew an effort to create and host a conference called Intermountain eXchange or IX. Today was the first meeting of the program committee

The Intermountain region can be loosely defined as the states bordering Utah plus Montana. These states all have common problems in deploying networks. Chief among them is sparse population. Its not hard to imagine broadband networks being built in Denver, Boise, and Salt Lake. But those places are easy. There are things working in rural areas as well.

IX1 will be held in the Fall of 2003 on the University of Utah Campus for 1.5 days. The format would be single-track and a combination of panel discussions, presentations and keynote addresses. The goal is to help attendees exchange information about things that are working on a regional basis. For example:

  • UEN is GigE connectivity for wide area networking fro Salt Lake to the Uinta Basin. Many others probably don't know that possible or that carriers will provide it.
  • The Utah Valley Community Network is connecting municipal networks in Utah County. Their experience is relevant.
  • UTOPIA is creating a 500,000 subscriber government backed wholesale FTTH project in Utah.

These are just Utah examples, but I've heard of other interesting things in Idaho (like Syringa and IdaCom), Colorado, and elsewhere. We'd like those projects and people to be participants as well. The objectives for the conference are:

  • Discuss why broadband matters in the Intermountain Region
  • Educate about regional developments in broadband and wide are networking.
  • Share success stories, case studies, and ideas
  • Develop a common vision and understanding of what is possible.
  • As an outcome, define a path for future regional efforts

We're looking for both attendees and people who'd like to present on interesting networking projects in the Intermountain region.

10:49 AM | Comments () | Recommend This | Print This

OSCON 2003

I'm going to be at OSCON, the OReilly Open Source Convention in July. I'll probably arrive on the 8th and leave Friday afternoon, although I haven't made my flight plans yet. This is a big conference with multiple tracks. Its held concurrently, if that's the right word, with the PERL, Python, and PHP conferences and also covers Apache,ÊApplications, Emerging Topics,ÊJava,ÊMySQL,ÊPostgreSQL,ÊRuby, andÊXML. Last year I have a great time and I'm really looking forward to this one.

9:05 AM | Comments () | Recommend This | Print This

Network World Compendium on Weblog Panel

Network World did a nice job of covering Rock and Paul's comments from my panel at the Weblog Business Strategy conference. Rock and Paul are pioneers in using blogs in large organizations. They're both facing challenges and using blogs to help solve the problems. Their work will be worth following over the next while.

8:48 AM | Comments () | Recommend This | Print This

June 11, 2003

Sonic ESB: Programmable integration

The pressure to integrate disparate systems across the enterprise is steadily increasing, but establishing connections between systems, even those designed for integration, remains a daunting task.

Traditionally, enterprises connected systems using point-to-point links and custom code. More recently, integration brokers--proprietary software for creating connections among multiple systems--emerged as another solution. However, point-to-point connections are expensive to maintain, and integration brokers have been expensive to buy.Ê

Sonic ESB is one of a new set of products billed as enterprise service buses (ESBs), lightweight integration brokers based on standards such as XML and SOAP designed to work in a distributed environment. [Full story at InfoWorld...]

One of the things that really struck me while I was working on this story is that as these systems become increasingly flexible, configuration stops feeling like configuration and starts feeling like programming--in a really bad language. As I point out in the article, this isn't really Sonic Software's fault. Other tools suffer from the same fate. If any of them came out with a proprietary language at their core, they'd be criticized for not being "standards based." Consequently, you end up writing your "program" in snippets of 2 or 3 languages and stitching it all together with a bunch of GUI-based configuration. Some people think things like XLANG and WSFL are the answer to this problem, but I think they're syntactic arsenic. While I would welcome a standards-based work flow language, I don't believe it has to have angle brackets.

What can make this all work in spite of the difficult configuration is an integration architecture. To make use of these tools, you need to understand the tool and its concepts, but you also need a well thought-out plan for what is being integrated and precisely how that's going to work. You probably don't have an integration architect sitting around, so you're going to have to find the person in your organization who can take on this role and create the plan.

All this shouldn't scare you away, however. I encourage people to dig in and start working with these tools. Begin a small pilot project to find out what you need to do to create the integration architecture. For an organization with disconnected legacy systems trying to move toward being a real-time enterprise, the rewards are sufficient to merit the struggle up the learning curve.