Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Understanding RSS
Digital ID Policies
Understanding VoIP
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Friends

Mike Jones
Chuck Knutson
Kristen Knight

Copyright

Copyright © 2002-2006 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« June 2003 | Main | August 2003 »

July 31, 2003

Where's the Service in this SOA?

CBDi has posted a commentary comparing Amazon's Web services and that offered by salesforce.com. The conclusion: While both use the protocols of Web services, Amazon.com's offering is "service oriented" and salesforce.com's offering is merely lipstick on a pig.

10:15 PM | Comments () | Recommend This | Print This

The Power of Web Enabled Data Sources

I ran across a few interesting tidbits about RSS today that illustrate the powert of creating Web enabled data directories. First, Adrian Holovaty has started to offer custom RSS feeds for his blog. The RSS feed is essentially a generator that takes an optional parameter which represents a search term or filter for the RSS feed. Good idea. The second is interesting as well, but also shows the real power of RSS, Web services, and a properly designed, RESTian interface.

Paul Bausch has created a tool for creating custom RSS feeds from Amazon. What's neat however, is that this is just a XSLT stylesheet on the RESTian Amazon Web services interface.

These two posts are actually interesting to compare. In the first, RSS is being created and then filtered (or at least the rss generator program makes it appear that way). In the second, an RSS feed is being created by transforming the output of a much more general program for creating XML data feeds. This is a great example of the power of building web enabled data sources. Amazon didn't set out to create an application for building custom RSS feeds of their data. But exposing a public interface to their data allowed others to do that and hundreds of other things that Amazon would have never thought of.

9:59 PM | Comments () | Recommend This | Print This

July 30, 2003

Eve Maler on Web Services Security

Eve Maler is vice-chair of the WS-I Basic Security Profile Working Group and currently coordinating editor of the SAML (Security Assertion Markup Language) committee. This recent webservices.org interview with Eve on Web services security is worth reading. One thing that comes out loud and clear is that there's not going to be a magic bullet to Web services security issues. We shouldn't expect one. Rather than deter you from starting on Web services, however, this should induce you to not wait for the next standard or specification. There are solutions that work now. Eve says:

Web services are currently being secured in very traditional ways, to the extent that they're being secured at all. Web services on the Internet, as opposed to behind a firewall, might be secured with HTTPS SSL mechanisms, which are quite common in online individual purchase transactions. It does a fairly good job of protecting the contents of the message while in transit. However, in more complex Web services scenarios, this solution won't always be adequate. If many intermediaries are transacting with the messages as they go from initial sender A to ultimate receiver B, the simple SSL solution might not be adequate. The standards are not cooked yet for securing the content of the message and the channel in all the ways that people would want.

I don't disagree, but most people are trying to implement the complex scenarios that require more complicated security standards at present.

9:57 AM | Comments () | Recommend This | Print This

Gartner Survey Shows Web Services Projects Holding

A recent Gartner survey finds that while some businesses have slowed down Web services projects, not many of these projects have been cancelled. Gartner found that 48% of respondents said that the economy had caused them to curtail some spending, but the projects have continued. Nicole Latimer, a Gartner analyst, says:

Only 1% of respondents stated that they stopped all Web services development projects going forward, and only 6% stated that their organization has postponed the majority of Web services development projects for 1 year or more.

9:34 AM | Comments () | Recommend This | Print This

July 29, 2003

Enterprise Architecture Certification

I spent the day with John Gotze from Denmark discussing Denmark's enterprise architecture initiatives. I hope to write some additional thoughts on enterprise architecture later. While we were talking, John mentioned, the Federal Enterprise Architecture Certification Institute which was, coincidentally, related to this morning's post on the NDU CIO certification program. I'd never heard of FEACI before, even though I heard its executive director, Felix Rausch, speak at the Federal CIO conference I spoke at in May.

7:16 PM | Comments () | Recommend This | Print This

Federal CIO Certificate Program

The National Defense University offers several interesting certification programs for federal IT managers in IT management. The CIO Certificate Program requires coursework in eleven areas:

  1. Policy
  2. Information Resources Strategic Planning
  3. Leadership/Management
  4. Process Improvement
  5. Capital Planning and Investment
  6. Performance and Results Based Management
  7. Technology Assessment
  8. Architectures and Infrastructures
  9. Security and Assurance
  10. Acquisition
  11. eGovernment/eBusiness

The eGovernment Certificate Program requires coursework in eight areas:

  1. Policy
  2. Planning and Organization
  3. Change Management
  4. Architecture and Enterprise Integration
  5. Financial Resources
  6. Performance Management
  7. Security and Privacy
  8. Human Capital or Information and Knowledge Resources

These courses are necessarily focused on the needs of the Federal government, but state and local IT managers can sign up on a space available basis.

Don't overlook training and education as a means of changing your organization. If you want to change the culture of your organization, focus on creating training courses for your managers that teach them the principals you want in the new organization. I wish I'd concentrated more on this when I was CIO for Utah. We did some of this by establishing the Product Management Council which has done a great job at educating a whole crew of eGovernment product managers inside Utah state government. We could have done much more, especially on the IT management side. The best way to manage change in an organization is through education.

8:11 AM | Comments () | Recommend This | Print This

Binary XML

In September, the W3C will host a workshop on binary XML formats. Your first reaction may be the same as mine: what the heck is binary XML? Binary XML is an attempt to find a common format for communicating pre-parsed XML trees to reduce bandwidth and the time it takes to parse large XML documents. The audience is primarily embedded and similar applications, but of course, once the genie's out of the bottle, it will be used in all sorts of applications. The announcement lists several advantages:

  • It would not be restricted to a single schema or vocabulary, and hence could be interoperable between vocabularies;
  • It would not be restricted to a single application or hardware device, and hence could be interoperable between implementations;
  • Improved network efficiency and reduced storage needs: compression techniques that make use of domain-specific knowledge often do better than more generic compression;
  • Sending pre-parsed data could reduce the complexity of applications, and may facilitate creation of simpler internal data structures.
  • Web Services may need more efficiency, and a pre-parsed binary transmission format may help people to continue to work with Web Services rather than to explore proprietary interfaces

The biggest disadvantage is that pre-parsed data does not conform to the view source principal that has served the Web so well. In that sense, pre-parsed data doesn't seem Restian.

7:40 AM | Comments () | Recommend This | Print This

July 28, 2003

Digitally Signed Photos on US Passports

This article in New Scientist discusses a plan by the US Passport Service to issue with "smart" passports carrying a digitally signed photograph by late 2004. The new passports will include a smart card that will hold a digitally signed image. Of course, a lot of people are concerned about the potential for abuse. I've never shared those concerns. I think the advantages significantly outweigh the potential problems. Utah went through a period of civic dialogue (meaning people went non-linear) a few years ago when Scott Howell introduced legislation to make the driver's license into a smart card. I thought it would be a great place to keep a digital signature, along with other information. The black helicopter crowd was out in force decrying the loss of civil liberties. The legislation was defeated. Of course, the new driver's licenses have a 2D bard code on them that holds just as much information, its just read-only.

6:45 PM | Comments () | Recommend This | Print This

OSS in Government

Tom Adelstein continues his series on open source software (OSS) use in state and local government today with fourth article that talks about how the procurement process affects OSS. Tom makes some excellent points that jive with my experience. But, there are several insidious dynamics related to OSS that I don't think Tom quite captures.

First, RFPs are not written in a vacuum. RFP authors write it after studying whatever resources are available to them, including vendor web sites, sales material, and, interestingly enough, the salespeople themselves. There's an old saying in Government that if you want to win an RFP, you'd better help write it. OSS doesn't typically have sales people working on its behalf and the collateral material available to help an RFP writer is virtually non-existent.

Even more problematic is that RFP are not usually about just hardware or software, they're about solutions to particular problems, including hardware, software, supports, etc. Most government's don't write much software, they outsource that and the vendor supplies a system to meet a particular need. So, KPMG or Deliotte and Touche submit an RFP for a total solution. Here's the problem: these vendors get a percentage of the software and hardware sales in the RFP. As Tom points out in his article, most RFPs are judged on a lot of criteria other than cost, so is KPMG going to recommend Linux or Solaris? You know the answer.

Overcoming these systematic disadvantages for OSS requires that the RFP writer and the organization that he or she works for has a predisposition to use OSS. The use of OSS where ever possible could be one of the criteria in the RFP, for example. The more likely scenario, however, is that an unfunded project gets started using OSS and grows into a funded project where the OSS foundations forms a bias in favor of OSS for the larger project.

In Utah, we added OSS products to the "approved" software list as a way of just letting people know OSS was OK. Government managers who favor OSS software will need to take such steps to drive OSS usage in their agencies.

8:59 AM | Comments () | Recommend This | Print This

July 26, 2003

I'm Back from Camping

I spent last week with my son and his scout troop at Camp Steiner in the High Uintas. Really spectacular scenery and not a bad camp. I was the scoutmaster of this troop for 6 years, so I still like to tag along sometimes when they'll let me. I took a few photos.

8:46 PM | Comments () | Recommend This | Print This

July 21, 2003

Away for a Few Days

I'm going to be away for the next four days.

6:43 AM | Comments () | Recommend This | Print This

Real-Time Problems for MacDonalds and Innovate

Baseline Magazine in one of my favorite reads (right next to InfoWorld, honest) for information about enterprise computing. Their articles are detailed and usually tell a story in an analytical way. This month's issue has a detailed article, with numerous sidebars, about MacDonald's decision to cancel Innovate its five year, $1B program to build a real-time system for monitoring everything about its 30,000 stores, right down to the temperature in the fry-cooker. They'd already spent $170M which is largely just money down the drain at this point. A few weeks ago I wrote about the real-time enterprise and this is a topic that is near to my heart---a move that I think is inevitable in business. So, what's the deal?

MacDonald's challenges are painfully obvious to anyone who's visited one of their restaurants lately. Many are out of date, the service levels have slipped, and the menu is rapidly falling out of step with what many want to eat. At most you can't even pay by credit card. To add insult to injury, the bathrooms aren't as clean as they used to be. So, how's a $1B real-time digital network going to solve those problems? That's the very question the new CEO asked when he took them helm last year. Consequently, he decided to make investments other places.

I guess I can't really blame him, but you've also got to wonder when the aging IT infrastructure is going to get its due. The Big Mac still does its books on a mainframe-based, custom built general ledger system conceived and built in the 1980s. Company executives, can't really get detailed information about sales in individual stores and what data they can get is usually a week old. This doesn't sound like a system for getting back in touch with your customers either. A couple of interesting quotes from the article:

[I]nstead of investing in Innovate over the next five years, Cantalupo [CEO] says McDonald's will invest in itself through the share repurchases and dividends. These measures might provide temporary relief for the beleaguered stock price but will do little to improve the quality of the food or the speed of service at its locations. But then technology has never fit easily on McDonald's menu. "Culturally, it was always a fight at McDonald's," Dill [the then CIO] says. "My first day on the job I remember meeting with then-CEO Fred Turner and he said 'Carl, I never want to fail to sell a hamburger because a computer is down.' McDonald's just wasn't comfortable with technology."

A few comments:

  • The biggest problem with projects like this is the sheer size. MacDonalds spent $170 without even rolling a single thing out---just on pilots and testing. Eighty percent of big projects go awry. You have to find a way to do these in chunks or you're setting yourself up for failure. Even chunking this in terms of systems (update the general ledger first, work on POS systems next, etc.) would have help, in my opinion.
  • Companies like MacDonalds are trying to solve multiple problems at once. At the same time, their size makes the problems enormous. Most companies don't face these same issues of scale. Smaller companies shouldn't apply MacDonald's lessons to themselves without allowing for scale.
  • Web services provide a means of doing enterprise application integration (lowercase) in an iterative way. Connect up the things that matter most and then start on the next tier, and so on.
  • Iterating to integration doesn't obviate the need for a plan. This is called an enterprise architecture. I'm pretty sure I'll have a lot more to say on enterprise architectures over the coming month.
  • MacDonald's failure notwithstanding, I think that real-time enterprises are inevitable. Why? I call it the Fed-Ex principal. If you're competition is using Fex-Ex to move the mail and you're not, they get documents delivered faster. Soon everyone has to use Fed-Ex and even though no one is advantaged by it, no one can afford to not use Fed-Ex. The same thing will happen with real-time enterprises. Some companies can pull it off (witness Wal-Mart). This means that they are at a significant advantage over their competition. Their competition will either become real-time or die. Eventually everyone will be real-time and there will be no advantage, but no one can go back. This is, in part, the argument that Nicholas Carr was making.

If you care about enterprise systems, this article and the accompanying sidebars deserve careful study.

6:40 AM | Comments () | Recommend This | Print This

Intermoutain Exchange: Call for Participation

The IX1 web site is still accepting proposals. Intermountain eXchange is an annual regional conference focused on next-generation wide-area network issues affecting Utah, Colorado, New Mexico, Wyoming, Montana, Idaho, and Nevada. We're excited to hear about what others in the Intermountain region are doing with wide area and metropolitan area networks. If you're doing something that others should know about, please respond to the CFP.

6:37 AM | Comments () | Recommend This | Print This

July 19, 2003

Untangling Web App Security

With the increased use of Web applications, businesses have had to peel back a layer in their perimeter defenses and give public network traffic access to internal applications. The result is a rise in network security problems, and an increase in the need to audit and thoroughly check publicly facing code for potential security vulnerabilities. Unfortunately, security expertise is in short supply. WebInspect 3.0 from SPI Dynamics aims to fill that gap by automating the tasks necessary to perform security audits. WebInspect is a remote assessment tool, meaning that it performs its audits solely by means of the same HTTP calls to which an attacker would have access. Administrators can add custom checks to find problems that are specific to a particular application. [Full story at InfoWorld...]

This is the review I was doing when I stumbled and caused myself and others some grief. Nice to have that chapter closed.

8:36 AM | Comments () | Recommend This | Print This

July 18, 2003

CNN on Aggregators

Calling them the biggest change to the way we use the Web since Mosaic, CNN has an article on news aggregators. In the typical style of the popular technology press is full of gushing and contains lots of "ooohs" and even a few "aahs". Very interesting to see the mainstream press finally start to talk about aggregators. Reminds me of 1994 when they started talking about browsers. Interestingly enough, there's no link to an RSS feed from CNN, which last time I checked it out was a static document pointing to the main cnn.com site. I can't find it now. I guess they decided that a static RSS document is even worse than a static homepage.

10:31 PM | Comments () | Recommend This | Print This

CS 462 Class Information

I'm starting to get some questions from people who are interested in taking CS462 in the Fall. CS462 is a class on large scale distributed systems that I teach at Brigham Young University. Here's information on when the course meets and the texts I've selected:

When: 5:00-6:15 pm MW
Where: W142 BNSN

The class will have three main sections: one on 2-tier architectures, one on n-tier architectures, and one on Web services. There is, unfortunately, no one text that can cover all of these, so there are three. All are required.

  • coverMySQL and JSP Web Applications by James Turner will be used to study 2-tier architectures. In a perfect world, we'd use PHP instead of JSP for this part, but I want to keep the course about the architectures and not about learning a lot of languages.
  • coverEnterprise JavaBeans (3rd Edition) by Richard Monson-Haefel will be used to study n-tier architectures. The largest project in the course will occur in this section of the course and involve installing and programming a EJB application server and linking it to a JSP-based presentaiton layer to create a significant web application.
  • coverJava and SOAP by Robert Englander will be used to introduce Web services and the concept of "decentralized" as opposed to merely "distributed" architectures.

Please feel free to contact me with any questions.

2:24 PM | Comments () | Recommend This | Print This

Wireless VoIP

An interesting article in Fortune asks whether Wi-FI will revolutionize the phone. In particular, it talks about wireless of hotspots and the real possibility of multi-more phones that will allow you to call over IP when you're inside a hot spot and avoid cell charges. Cisco already has a portable handset for use with Wi-Fi networks. I make calls right now over Wi-Fi since that's the only internet connectivity I have and Vonage is my phone provider. There's no great technology breakthrough required here---just a little integration.

9:41 AM | Comments () | Recommend This | Print This

IT Reloaded: The Other Side of the Fence

According to economist W. Brian Arthur, Citibank professor at the Santa Fe Institute, "This country's one and only economic driver for the next several decades rests solely in the hands of CIOs." That's a bold statement and one that seems to fly right in the face of the IT Doesn't Matter Anymore mindset. In an interview with CIO magazine, Arthur's observation is that digital technologies go beyond automating, and create fundamental changes:

As different industries encounter digital technology, which includes telecommunications and satellites, the pattern seems to be that completely new activities spring to life. It's not about speed and productivity enhancements, better, faster, cheaper. There are actual new tasks being accomplished.

As an example, he uses the biological sciences, where digital technology isn't just automating old processes, but enabling completely new things like gene mapping or DNA fingerprinting. He points to the financial services industry and new products like financial derivatives are possible only through digital technology.

Arthur envisions CIOs in an active, rather than a passive role:

What CIOs need to do is, number one, realize what's going on. Then, they can't just react passively and say, "Yes, the people upstairs have demanded that we be in constant contact with Frankfurt or Boise, Idaho." They must imagine how all of this should happen in a reliable and intelligent way, and initiate it themselves.

This is a huge challenge for CIOs because not only does it require understanding trends and then applying those to the business, but it also requires selling everyone else on that vision. Believe me, most people won't see the vision over a short time frame. To paraphrase Proverbs: Where there is not vision the people and their CIO perish.

In the article, Arthur talks about digital technologies forming the "nervous system" of the enterprise. He's really talking about the real time enterprise where instrumentation and systems combine to give everyone the information they need to make the right decision in real time. Web services provide a means for accomplishing the integration that Arthur envisions piecemeal, without breaking the bank.

8:47 AM | Comments () | Recommend This | Print This

July 17, 2003

Relax NG

I wanted to go to Mike Fitzgerald's talk on Relax NG last week at the OReilly Open Source Convention, but it was opposite Andy McKay's Plone talk and I needed to go to that for other reasons. I did make a note to myself to spend some time looking into it when I got back and this morning I had a few minutes to do that.

The basic syntax for XML is pretty loose, basically requiring only a sea of angle brackets, proper tag nexting, and strict matching of opening and closing tags. Of course, to really make XML useful, we need schemas to further constraint the basic XML syntax. This is the feature that makes XML a meta-markup language. Schema languages can go beyond context free grammars (CFG) to specify some context sensitive constraints, but for the most part you can think of them as context free grammars to fed into a parser. The key difference between XML parsers and parser generators like YACC or Bison is that XML parsers are interpreted---they get their grammar on the fly instead of being hard coded for one specific parsing task.

Relax NG is an alternative schema language for XML. The specs for the language were developed by the RELAX NG technical committee at OASIS between April and December 2001. One of the things I like about it is an optional compact syntax that dispenses with angle brackets for human readability. I've long argued that using XML for XML's sake is silly. Relax NG is a merging of Makato's RELAX and Clark's TREX.

The resources linked in at the end of this article will give you some detailed information, including the slides from Mike's talk, which are excellent, but I wanted to include an example Relax NG Schema to give you a feel for what it looks like. Here's the XML version of a Schema to define a library patron. 

<element name="patron"
         xmnln="http://relaxng.org/ns/structure/1.0">
  <interleave>
    <element name="name"><text/></element>
    <element name="id-num"><text/></element>
    <zeroOrMore>
      <element name="book">
        <choice>
          <attribute name="isbn"/>
          <attribute name="title"/>
        </choice>
      </element>
    </zeroOrMore>
  </interleave>
</element>

This example can almost just be read out loud. A library patron record contains a name, an ID number, and a collection of zero or more books which are identified by a title or an ISBN number. The compact version of this schema is shown below. 

element patron {
  element name { text }   &
  element id-num { text } &
  element book {
    (attribute isbn { text } |
     attribute title { text } )
  }*
}

I think that's even clearer. Almost anyone who's studied BNF could read this and make sense of it. That's a huge improvement over most XML schemas. The compact schema is much more readable. Humans are remarkably good at parsing things and don't typically need all the closing tags and other paraphernalia that make XML such a good language for machine to machine communication.

Relax NG isn't likely to displace the W3C's XML Schema language anytime soon, but given its readability, I think its likely to garner a large group of users. Here are some resources that I found helpful in understanding Relax NG:

11:39 AM | Comments () | Recommend This | Print This

July 16, 2003

Quantum Cryptography

Business Week has an accessible article on quantum cryptography. Quantum cryptography encodes information in the the orientation of photons and relying on Heisenberg's Uncertainty Principle to detect eavesdroppers. If you're looking for more information than what's available in the BW article try the following:

4:11 PM | Comments () | Recommend This | Print This

Jim Gray on Storage

Several days ago Tim Bray pointed to a wonderful interview of Jim Gray by Dave Patterson. Really very good. Be sure to read the piece at the end on intelligent disks. Jim has taken to shipping terabytes of data around via UPS inside computers because its cheaper than the net or even tapes. He says:

The phone bill, at the rate Microsoft pays, is about $1 per gigabyte sent and about $1 per gigabyte received--about $2,000 per terabyte. It's the same hassle for me whether I send it via the Internet or an overnight package with a computer. I have to copy the files to a server in any case. The extra step is putting the SneakerNet in a cardboard box and slapping a UPS label on it. I have gotten fairly good at that.

The main trust of the article is that disk density is increasing ten times faster than access speeds. The end result is that we are very close to having what looks, for all intents and purposes, like infinite storage capacity but not being able to access it fast enough. In fact, the speed to density ratio is approaching that of tape.

After I'd read the article, I had popped over to Jon Udell's blog to see what he was up to and while I was reading his piece on Publishing, Permanence, and Transparency, I was thinking of this Jim Gray interview. Apparently so was Jon.

3:49 PM | Comments () | Recommend This | Print This

July 15, 2003

eGovernment in the Kyrgyz Republic

I had a unique opportunity to meet with Almaz Bakenov, an attache with the Embassy of the Kyrgyz Republic and speak with him about eGovernment. Almaz has a Masters degree in Computer Science and one in Electrical Engineering as well. Our conversation focused on four areas of eGovernment:

  • IT as a driver in economic development - IT can provide an opportunity for economic development in underdeveloped countries. Kyrgyzstan has few natural resources and has to rely on its workforce, which is surprisingly well educated, to drive economic growth.
  • IT as a driver in societal growth and change - IT can provide information and communication more cheaply than many alternatives. For example, wiring schools and libraries is expensive, but it provides access to information and knowledge that changes society (we can debate whether for good or bad).
  • IT as a means of managing society - this is the classic eGovernment angle and focuses on how to use IT to run the government and, in a democracy, let citizens understand what government is doing and impact the way it operates.
  • Infrastructure - the other three depend on this and infrastructure is a classic role for government. When the US was young one of the first public works projects was a turnpike. In the 21st century, networks are as important as roads and in most countries, government is the only one who can afford to build them.

We talked a great deal about economic development since that provides resources for the other initiatives, if its successful. There's a waltz required however, since you can't just do one without also working on the others. I enjoyed my talk with Almaz very much and think he has some interesting challenges ahead as he tries to work through all this.

11:19 AM | Comments () | Recommend This | Print This

Munich Goes with Linux

At OSCON, Mitch Kapor predicted that the public sector would lead the way in moving Linux to the desktop. USA Today has a long article that details some of the behind the scenes movement in Munich's recent decision to put Linux on 14,000 desktops. Its interesting that this wasn't a decision made on cost. Indeed the winning bid, by IBM and SuSE, was almost $12M over the Microsoft bid. This was more about choice, future direction and out-year costs than it was about the immediate price.

8:09 AM | Comments () | Recommend This | Print This

IT Does So Matter!

I recently wrote about a Harvard Business Review article by Nicholas Carr called Why IT Doesn't Matter Anymore. My review focused on the idea that IT commoditization brings with it an increased role for operational excellence on the part of IT staffs. An article on ComputerWorld, entitled "IT Does So Matter!" reports interviews with four CIOs and their responses to Carr's article. The focus of that article is on innovation. I love this quote from Andrew McAfee (also of Harvard Business School):

Andrew McAfee of Harvard Business School McAfee: It's a matter of whether we're talking about IT enhancing productivity or competition. The telephone has made us able to get more done in a day. Has the phone continued to radically affect the competitive balance among companies? No. That's Nick's point. Some kinds of IT fall into that category. For example, e-mail. We all have it; we all use it. But it's not competition-changing, so overinvesting in it is not a great idea. The bases of competition revolve around other things. [But] there are industries where technologies are fundamentally important. Dell has an IT business-process automation infrastructure that really works. If you don't have one of those, do you have a hope of competing in that industry? And even if you want to put one of those in place, there will be a really big difference in how successful you are vs. another company, because it's tough organizational change in a technology wrapper. We're not equally good at doing it. If we find ourselves competing in an industry where these kinds of systems are important, then IT matters like crazy.

Later in the article, Paul Strassmann, acting CIO at NASA, points out that anyone could have bought a Teradata system from NCR years ago at the same time that Wal-Mart did (in fact many probably did). That didn't make them Wal-Mart. My OSCON Wrap-Up makes the point that in a world of commodity software, its what you do with it that counts and that's Strassmann's point as well.

Even though my review focused on the red zone, its important not to overlook the green zone. You'll do yourself and your business a disservice if you just assume the green zone is empty. IT managers and CIO especially have to work closely with business managers to help them see where IT can be used to change the business. That's innovative, green-zone work.

7:51 AM | Comments () | Recommend This | Print This

July 14, 2003

Internet Voting in 2004

This Boston.com article talks about the Secure Electronic Registration and Voting Experiment being run by the Pentagon which will allow thousands of military personnel and overseas civilians to vote in the 2004 election. Certain overseas residents of South Carolina and Hawaii and those in a handful of counties in Arkansas, Florida, Minnesota, North Carolina, Ohio, Pennsylvania, Utah and Washington will be able to participate. Of course, like any issue, this one has its fans and its critics. Critics are mostly concerned about security and that's nothing to treat lightly. I don't understand the specifics enough to pass judgment. The project has a web site if you're interested.

5:16 PM | Comments () | Recommend This | Print This

Harold Carr: PEPt Architecture for RPC Systems

Harold Carr has started a blog. He works for Sun, but lives in Salt Lake, so I've added him to the Utah Blogroll. I met Harold when I was planning on going to Middleware 2003 in Rio. Unfortunately, I was unable to go, but Harold was kind enough to bring me back a copy of the proceedings. He had a paper in the conference on an RPC architecture he developed called PEPt. PEPt stands for presentation, encoding, protocol, and transport. From the abstract:

PEPt is an architecture for implementing RPC systems. Although RPC systems seem quite varied they actually share the same fundamental building blocks: presentation, encoding, protocol and transport (PEPt). Presentation encompasses the data types and APIs available to the programmer. Encoding is the representation of those types on the wire. Protocol frames the encoded data to denote the boundaries and intent of the message. Transport moves the encoding + protocol from one location to another. The PEPt architecture enables a single programming model to adaptively change encodings, protocols and transports.

If you're interested in the implementation side of application servers and other middleware, Harld's blog should be an interesting read.

12:37 PM | Comments () | Recommend This | Print This

July 12, 2003

OSCON Wrap-up: Commodity Software is a Business Opportunity for Service Companies

At the beginning of OSCON in his keynote address, Tim mentioned a difference between software and services that caught my attention: if you buy a piece of software and the company goes out of business, the software still works. On the other hand, if you take the people out of a business like Google, or even your favorite ISP, there's no more service---its just goes away. This isn't a huge revelation, but its an interesting way to think about the service economy being about people rather than things. I had this in the back of my mind as I was listening to Doc yesterday.

Doc was talking about the construction business. He points out that we use construction industry metaphors all the time when we talk about building computer systems. That's an interesting perspective and meshes with Tim's comments. Doc talked about driving through some industrial area somewhere and noticing business after business with huge lots full of pipes, structural steel, and the like. These things are commodities and businesses that sell them make good money (albeit not with the kind of margins that Microsoft and Oracle have promised their shareholders). Moreover, the construction industry is large, profitable, and honorable business. Doc thinks this is a model for where the software industry is headed. I agree.

The construction industry is about service. While we typically don't thing of construction being part of the service economy, I think that view concentrates too much on the things and not enough on the construction itself.

I built a house several years ago and my general contractor definitely spent his time providing a service. Sure, he built things too, but mostly he assembled commodity products to build a custom house for me and that didn't diminish his ability to create value and be compensated for it. The companies who supplied the commodity products made money too.

Tim talked about a paradigm shift in his keynote. As I listened to the talks at OSCON, this thought kept coming back to me over and over again: building service-based businesses on commodity software products isn't just an idea for a business model, its the primary business model of computers in the networked era. Yahoo!, Google, ISPs, and other successful net-businesses are using this model right now and doing quite well at it. What's more, open source software is getting more and more capable all the time. Combine these facts with Tony Perkin's belief that now is the cheapest time ever to start a net-based business and I think you're staring opportunity in the face.

1:23 PM | Comments () | Recommend This | Print This

July 11, 2003

Beyond Struts

I'm in a session by MichaelÊRimov from Centerline Computers and CraigÊMcClanahan from Sun Microsystems, Inc. called "Beyond Struts."

Michael is the lead developer on the Expresso project, an open source framework for building data driven applications on top of Struts. From the web site: Expresso adds capabilities for security, robust object-relational mapping, background job handling and scheduling, self-tests, logging integration, automated table manipulation, database connection pooling, email connectivity, event notification, error handling, caching, internationalization, XML automation, testing, registration objects, configuration management, workflow, automatic database maintenance and JSP tag library etc. Expresso is a significant extension to Struts and demonstrates the ability of Struts to serve as the foundation for other, significant frameworks.

Craig is giving a case study on Struts and XML. While most Struts applications generate HTML, Struts can be used to generate XML. The resulting XML can be used by another machine or translated into HTML or some other mark-up for the client device. There's more information on the Jakarta website on packages for doing this.

JavaServer Faces is a serve-side user interface component framework for Java-based web applications. The goal is to reach out to corporate developers who are more comfortable with VB or other scripting languages and to provide tools for supporting GUI creation. JavaServer faces features an extensible UI component model, a flexible rendering model, and even and listener framework, a validation framework, basic page navigation support, and internationalization and accessibility. JavaServer Faces does a lot of what Struts does, but that doesn't mean that JavaServer Faces will replace Struts. They can be used together. A Struts developer can use Struts and things built on it like Expresso and still take advantage of the rich GUI environment that JavaServer Faces provides.

11:42 AM | Comments () | Recommend This | Print This

Miguel de Icaza: The Mono Project

MiguelÊde Icaza is talking on Beyond .NET: The Mono Project. Mono is a virtual machine, a set of class libraries, and development tools for an open source version of C#. The project is two years old. Miguel is an entertaining speaker.

Dan Olsen and I have had some Java vs. C# discussions. Dan is sold on C#, I've primarily been stopped by two things: (1) I need a bigger difference than the one that exists between java and C# to learn another language and (2) I'm not happy to be locked into a Microsoft environment---in fact I'll avoid it at almost any cost. Miguel says that C# is a decent language. Better than that, Miguel says that the runtime engine (CIL) makes it a language that will last. Even if he wants to change languages later, the runtime engine ensures that the C# he writes now will be useful with anything that runs on that runtime. With an open source runtime, that's a real advantage.

11:03 AM | Comments () | Recommend This | Print This

Von Neumann's Universe: Coding (and Engineering) at the IAS, 1945-1956

George Dyson (Esther's brother) is speaking about Von Neumann's Universe: Coding (and Engineering) at the IAS, 1945-1956. George is a resident scholar at the Institute for Advanced Study (IAS) and go through the archives. His father, Freeman Dyson is an emeritus professor of IAS and a renowned scientist. He's showing documents, pictures and some of the original drawings and schematics. The documents are full of names that are instantly recognizable, Godel, Pauli, Einstein.

EDVAC was the name of the computer designed and built there. The budget for designing the machine was $50,000. George has schematics for and and or gates, adders, and other devices that are still recognizable. Many components and design details that we'd recognize as being part of today's computer designs:

  • central clock
  • modular design
  • "words" representing "order codes" handled in memory just like numbers

The talk is full of interesting and humorous quotes from the documents. For example, James Lighthill, an IAS official said in 1954:

It is time von Neumann revolutionized some other field of study. He has studied automatic computation long enough.

The talk is very appropriate in a conference on OSS because of the way that it was built. As what was largely a large scale university research project, the information was freely disseminated and the documents show NCR, IBM, and other universities checking them out and receiving distributions.

10:29 AM | Comments () | Recommend This | Print This

July 10, 2003

Mike Kruckenberg: Transforming XML for Web and Print

Mike Kruckenberg is from Tufts University. He's talking about how they built a system for managing documents and and displaying them for various media (i.e. content management). Mike, in case you're curious, the brother of Pete, a good friend.

Mike specifically concerned with translating documents for web and print (namely PDF). They created a document standard with a Schema and developed templates for XML authoring application to make creating the documents easy. They created an customized XML authoring environment from an off the shelf tool that was essentially the destination for any conversion process. They also provided an online tool for people who didn't have access to the authoring tool.

Existing HTML documents were cleaned up with Tidy and then a homegrown tool translated the cleaned-up HTML to XML. Once the XML was valid, the XML document was put into the database. For MS WOrd document, they tried a bunch of things, wvWare, saving as HTML, saving as RTF, and third party stand alone tools. They're looking forward to WordML. PowerPoint is a big tool for faculty, so it had to be easy to convert to an XML document. For PowerPoint, they have a service which create an XML document from the text and save JPEGs out and wraps everything up in XML.

Here's some questions about conversion I'd ask if there was time:

  • Did you try reading Office documents into OpenOffice and then transforming the resulting XML?
  • Did you try saving as PDF and then converting that to HTML?
  • Are you supporting emerging standards like SlideML?

The transform is done using the libxml2 and libxslt libraries fro Gnome because the have good performance and command line and Perl interfaces. xmllint validates XML against a DTD. xsltproc renders XML as HTML.

Just rendering HTML isn't the goal however. The goal is to render HTML and PDF for print. Mike and his team used FOP and XSL:FO to create PDF.

Mike gives some lessons that they learned:

  • Ensure XML is well formed and valid
  • Lack of structure in the source document results in meaningless XML
  • Special characters require the use of entity mappings
  • Using the tool must be convenient
  • FO transformations have limitations--read the documentation
  • Fonts in PDF can be problematic and require embedding fonts
  • Image and spacing issues cause problems and users don't understand the limitations
  • The processes can be slow and CPU intensive so PDF documents need to be pre generated, not done in real time.

CIO Magazine published an article about this project.

6:49 PM | Comments () | Recommend This | Print This

Brian Ingerson: Ingy on Kwiki

I'm in Brian Ingerson's talk on Kwiki. Kwiki is the PERL based Wiki software that is running the OSCON Wiki. Brian is the author of numerous Perl modules. One of the chief design goals behind Kwiki was to make it easy to install. Brian demos this by creating a new directory (that can function as a CGI directory), typing "install-kwiki" and there's an instant kwiki. That's a neat feature if you want to tack up and tear down wikis for specific purposes (like using them as an adjunct to a conference call).

Brian points out a few Kwiki sites: Quiltzilla and LondonGeek.org. There are others.

Brian does a demo showing how to overload classes to change the formatting. he does this to show how the show the object oriented design and the overall design. The code is nice and clean and the design simple. Overall, this looks like a good, easy-to-use Wiki tool. I used TWiki for my class this last spring and it worked, but was difficult to configure and set up. This fall, I'll try Kwiki.

4:05 PM | Comments () | Recommend This | Print This

Panel: Open Source Projects in the US Government

Lisa Wolfisch is conducting a panel on Open Source Projects in the US Government. Well, its actually just her and Pat Moran from NASA Ames. The third panelist was supposed to be Terry Bollinger, but he couldn't make it at the last minute. That's too bad, Terry is a MITRE employee who did a study on FOSS (free and open source software) usage in the US government. I heard his speach last January and it was full of interesting things. Lisa said she has his slides, so maybe she'll give us a rundown.

She is going over a summary of Terry's information which showed 110 projects using FOSS in the DoD, with infrastructure and research projects being the most strongly represented. The DoD CIO placed FOSS under the same requirements us commercial software. There are, obviously, requirements for security certifications (like NIAP and Common Criteria). Oracle and IBM are sponsoring versions of Linux for Common Criteria evaluation.

EAMS, the Enterprise Architecture Management Software group, in the federal government is using an OSS model to support shared EA software.

Lisa is now discussing her project which is the State and County Quickfacts at the Census Bureau. The site features thematic maps designed for online viewing. The project was unfunded and took six months from planning to release. The site is built on a LAMP platform for $0 in start-up procurement. The same code drive MapStats which shows state and county profiles on FedStats.gov.

Lisa cites the fact that OSS has no procurement delays as a big factor in choosing it for government projects. Projects often die when there's a funding delay, even if the money shows up eventually. OSS0-based projects have an advantage in that area.

Looking around, the room is full with people sitting on the floor and standing at the back. Its a fairly large room too.

Pat wrote a paper in support of FOSS that includes quotes from the NASA mission statement about providing for the widest and appropriate dissemination of information. Some recent progress at NASA shows the legal office saying that there are no barriers to releasing software as open source from NASA. The next step is to work with the "Software Release Authority" within NASA to develop and OSS process.

3:06 PM | Comments () | Recommend This | Print This

Doc Searls: DIY-IT: How Open Source is Turning IT into a DIY Marketplace

Doc is speaking on DIY-IT, his view of how OSS is turning IT into a do-it-yourself marketplace. This talk was added just today and I'm glad to see Doc on the program. He's always got something interesting to say and further, he says it in an interesting way. Doc's July column for Linux Journal is Linux for Suits: How Linux Makes Companies Smarter and I'm confident that's related to what he's going to say today.

Every story has three parts: a story is about a (1) character with a (2) problem moving toward (3) resolution. Doc says this is why sports is so popular. Good characters thicken their own plots (tell me about it). War metaphors are great for describing problems "MS Preps Assaults on Linux." Doc says that marketing people fail to tell a compelling story when they try to portray the company as perfect (i.e. no problems).

There are two stories about Linux in the enterprise: the outside story about what vendors are doing for the customer and the inside story about what customers are doing for themselves (may or may not involve vendors). The first story is about attractive executives doing battle for their customers. The second story is about poorly dressed geeks. Which is easier to tell?

Doc tells some inside stories. The first is about Roland Smith and LSI Logic. The second is about Leon Chism and Orbitz. The third is Greg Thompson and UCAR (University Corporation for Atmospheric Research). The fourth story is Elliot Noss and Tucows. The fifth story is about Paul Perry and Verizon (who as on my panel at the Weblog Business Strategy Conference). The sixth story is David Pippenge and Yarde Metals.

The outside view is simple: vendor gives goods and services to customer in exchange for money. There are plenty of stories that tell well in that context. The real world is more complex with developer communities surrounding all this that interact on both the vendor and customer side. The use value of IT in this context is much greater than the transactional value of IT in the simple view. Most of what happens in this context doesn't tell well with the usual story metaphors about sports and war. There are stories.

The software industry is still growing up. The software industry is maturing into something like the construction industry. "We work in crews on projects." Do-it-yourself (DIY) is at the heart of getting stuff done. OSS is making DIY-IT possible. Its how the demand side supplies itself without a vendor relationship. That doesn't make vendor relationships bad, but you don't always have to go outside to solve a problem. Commercial vendor tools also drive the DIY-IT.

The construction industry is the oldest industry and is worth $2 trillion worldwide. Sharing know-how is natural in the construction industry. Doc makes a joke about a construction worker claiming his way of hanging a door is protected IP to a big laugh. Commodities are okay in the construction industry and big companies make good money in those commodity businesses. There's room for everyone in the construction industry because people are always trying to get things done and you've got to build things to do that. These are all good metaphors for where the software industry is headed.

1:06 PM | Comments () | Recommend This | Print This

Kevin Falcone: LDAP: Integrating Authentication Across Operating Systems and Applications

Kevin Falcone is speaking on LDAP: Integrating Authentication Across Operating Systems and Applications. This talk is a report on work he did as a student administrator at Northeastern University to create a single authentication authority using LDAP. This is a popular talk. There are people sitting on the floor and standing at the back and out the door.

The old system was based on NIS (Network Information Services or yp). There was no security model, the passwords were passed in the clear, and you have to use the yp tools. On the other hand it worked because its stock on Solaris and can be integrated with Linux, BSD, OS X, and even Windows.

Kevin's goal was to replace NIS with LDAP in order to increase security. LDAP can be used with SASL (Simple Authnticatino and Security Layer) or TLS using SSL certs. Moreover, the password file can be protected. The downside is that LDAP is complex, mirroring and replication are more difficult than in NIS, configuration is complex, and there are few tools for managing data. There's no standard for transfering data between different LDAP tools like OpenLDAP or iPlanet.

Kevin decided to use OpenLDAP even though he had access to a copies of iPlanet (educational institution) and the LDAP server in Lotus Notes (University standard). Of course, if he'd chosen one of those, he wouldn't be presenting here, would he? :-) He also used OpenSSL for the SSL layer (TLS). He chose TLS over SASL because of the simplicity of channel encryption. There were some systems that wouldn't support TLS, so he did use SASL (plaintext, Digest-MD5) in those cases.

There are predefined LDAP schemas for NIS which stores account data, password data, and access data. This, combined with the core schema (personal information) formed the basis for creating the data set. A set of scripts called PADL can create LDAP files from /etc/{passwd,group} and NIS data. It works great the first time, but doesn't go back and forth. Kevin ended up writing his own scripts using Net::LDAP.

Kevin created a testbed consisting of one Solaris 9 machine, multiple Debian Linux machines, an OS X machine, and multiple Windows machines. To make it work on Linux, Kevin used PAM. This talk generates some sigificant comments in geekspeak. Several comments of "did you try...." followed by some detailed discussion.

The Solaris LDAP client works with OpenLDAP and also uses PAM, similar to the way it works in Linux. The client manages the configuration files automatically, but its managing files that can be monitored outside the tool. OpenBSD doesn't come with an LDAP client out of the box, but there's one in the ports tree that works. There's no NSS, so you have to edit the /etc/passwd file to tell the machine that a user is an LDAP user. OS X was trivial. You tell it to connect to a particular LDAP server in the directory access panel and it "just works." Go figure. LDAP can be used with Windows by syncing with the Active Directory server, but leaves a problem of one way data. Again, go figure.

Conclusions:

  • LDAP is difficult to configure and implement
  • The gains in network security are significant
  • OpenLDAP libraries and Net::LDAP work well for integrating one-off applications

12:07 PM | Comments () | Recommend This | Print This

Mitch Kapor: Linux' Journey to the Mainstream Desktop

Mitch Kapor is talking on "Linux' Journey to the Mainstream Desktop." OSAF's larger mission embraces more than just Chandler. Mitch recently initiated a project on behalf of OSAF to "take a careful look at the state of Linux on the desktop, and asked Bart Decrem to spearhead a short-term research project to assess the current situation and trends." You can read that report here (PDF).

Mitch is convinced that Linux will take a significant share of the desktop market. He takes a swipes at SCO as a company that has no business model other than taking the money that other companies have earned through litigation. He didn't actually say "SCO" but everyone knew what he was talking about and applauded. This, he says, is a sign of success for Linux. He cites several trends:

  • PC Commoditization
  • Increasing trouble getting consumer and companies to invest in continued upgrade cycles.
  • Increasing feelings that companies (Microsoft) are using exploitive licensing.

Mitch references massive deployments of Linux desktops, mostly with a public sector angle. The largest one is Thailand's decision to deploy 1 million low cost PCs inside the country.

Transactional workers, people who use computers to perform some specific task, are the next trend in Linux deployment. Call center workers are examples of transactional workers. Knowledge workers use more apps and are more flexible in what they do each day than transactional workers. Getting significant numbers of knowledge workers to use Linux will not happen until at least 2007. The total breadth of applications available under Linux doesn't suit their needs yet.

Mitch gives a report card for Linux on the desktop:

The desktopB
Desktop developer platformC-
Computer hardware supportB-
Peripheral devicesD
ApplicationsC+
Windows connectivityA

You should read the report (linked above) to understand the reasoning behind the grades. Mitch also gives a report card for the OS Desktop ecosystem. The bad grades (D) are in the areas of ISV's and distribution channels.

Much of the remaining work either spans multiple projects, or has fallen through the cracks between them. He provides a technical agenda which breaks down as 50% about office file formats, 30% about strengthening the foundations of the desktop, including a hardware abstraction layer and desktop consistency, and 20% about fit and finish. Remember this is an agenda for gaining wider adoption in the transactional worker market, not knowledge workers.

Predictions

  • MS price cuts
  • From good to gooderer
  • 10% share of desktop globally running Linux in the not-to-distant future
  • Rest of the world leads US as adopter
  • Public sector is a driver in adoption
  • Selective adoption in enterprises
  • No consumer momentum for a while.

OSAF is doing things to attack the problems:

  • Exploring ways to facilitate a desktop foundations layer
  • Funding extensive compatibility tests with respect to Excel
  • Providing fiscal agency services to selected OS projects
  • Giving resources to public sector decision makers at opensector.org
  • Building high quality desktop applications like Chandler.

11:11 AM | Comments () | Recommend This | Print This

Stormy Peters: Open Source at HP

Stormy Peters is the Director of HP's Open Source office, the office that is responsible for HP's use of open source software. She claims $2 billion in Linux related revenue at HP last year. She has a nice slide that shows a hierarchical representation of open source licenses. She characterizes the MIT and W3C licenses as having no restrictions, the BSD and Apache license has having restrictions, but no impact on other code, and all the others as some variant of copyleft.

Stormy talks about Martin Fink's book called The Business and Economics of Linux and Open Source. Martin is the GM for HP's Linux group. I haven't read the book, but I may try to pick a copy up. The book jacket advertises it as a guide for business managers considering using OSS in their business. Disclosure: Martin is Stormy's boss.

She suggests the following business models around open source:

  • Commercial software - Oracle running on Linux is the example she uses.
  • Support and services - This is the professional services model.
  • Aggregation and enhancing - This is Redhat and other Linux vendors.
  • Commercialize with a dual license - "Free for non-commercial use."
  • Enable hardware
  • End of life - What to do with a dog product that isn't selling?
  • Building an ecosystem - Eclipse is the example here.

Why would you want to open source a product?

  • Commoditizes a market you don't control (disruption)
  • Make a technology pervasive
  • Promote a proprietary product you have
  • Lower the overall cost of a project (shared effort)
  • Promote hardware
  • Enable custom solution for customers (let them roll their own)
  • Exit a business
  • Leverage resources from others

When isn't it appropriate? This is bound to be controversial?

  • The product is a control point (Windows)
  • The product is obsolete (Windows---NO she didn't really say that.)
  • The cost doesn't justify the benefit. This is a nod to the fact that open source development isn't free.
  • Misdirection and defocusing of resources
  • Intellectual property risk cannot be justified. Don't open source something you can prove you have the right to. This is important.
  • Don't open source something to compete against the OS community.
  • Just because its cool (I disagree with this---this is a great reason to open source something---ofttimes you don't see the benefit until people play with it and geeks are the ones to do that).

She talks about why and why not to do OSS development in a company. The most interesting one, to me, was time to market. If certain features are critical for what you want to get out of the software and you can't control the release dates (its someone else's OS project) you may want to avoid OSS.

10:35 AM | Comments () | Recommend This | Print This

July 9, 2003

Aleksey Sanin: XMl Security Standards in the Real World

Aleksey Sanin is talking