Archive for Aug 2003


SchoolForge and GovernmentForge: Open Source Projects for Government

Everyone knows about SourceForge which bills itself as "the world's largest Open Source software development website, with the largest repository of Open Source code and applications available on the Internet." SourceForge.net provides free services to Open Source developers including project tracking and collaborative development tools. Too relatively new sites have sprung up, taking their inspiration from SourceForge, to support open source software development and sharing for schools and governments. SchoolForgeprovides a place where proponents of open source software use in schools can get together and share information and collaborate. From their mission statement: Schoolforge's mission is to unify independent organizations that advocate, use, and develop
Continue reading...


Extreme Mobility

If you haven't yet read Ray Ozzie's essay on Extreme Mobility, you should. In his usually fashion its well written and well thought out. Ray starts off recalling a recent conversation with the CIO of a company with over 1000 employees who's stopped buying laptops. I reported last month that laptop sales had outpace desktop sales for the first time in May. Ray has some thoughtful analysis of what mobility means in various contexts defining "usage mobility," "Infrastructure mobility," and "participant mobility."
Continue reading...


I'm Way Past Caring About That

Tom Yeagar says that he's way past caring about things like legitimate anonymous contact in email as his friends and family get buried under a storm of emails and web sites that scam the technically unsavvy. Sifting the good from the bad is too subtle for most folks---its akin to debugging. As Tom says: As much as the tech elite likes to make fun of average Internet users -- including nontechnical corporate users -- average users don't live in straw huts and communicate with drums. Most have flush toilets, cell phones, satellite TV, and caller ID, and use them
Continue reading...


RSS As an Alternative to Email

An article worth reading on the use of RSS as an alternative to email for newsletter publishers. The author, Steve Outing, talks about how Chris Pirillo's Lockergnome is actively moving people to RSS to avoid the hassles of email. Even though Chris' email newsletters are opt-in, they frequently get caught in spam filters. I know that I have to explicitly add each of the newsletters I subscribe to to my whitelist or SpamAssassin will kill them as Spam. Of course one of the reasons people publish email newsletters is to sell ads in them, so this bring up the
Continue reading...


A Better Apache Than Apache

An article on Server Watch entitled "Making an Open Source Server Enterprise Ready" reviews the Covalent Enterprise Ready Server, which claims to offer increased reliability and security over the stock Apache server. One of the features that interests me is the Covalent Management Portal, a hardened Web-based server configuration tool that can manage from one to "hundreds" of Covalent ERS servers. This includes support for SNMP v1, SNMP v2c and secure SNMP v3. At $1500/CPU its not cheap.
Continue reading...


Western CIO Summit: Data Exchange

Des Vincent, the CIO of Northern Ireland, is the first speaker on the data exchange panel. I'm enjoying listening to him very much. He's discussing the COINS system that linked vehicle information from both public and private sources in NI. Not surprisingly, the politics was the most difficult part. He mentioned that there were over 200 databases in NI that contained names and addresses of citizens. I'm intrigued that, coincidentally, its almost exactly the same number as we founds in Utah. Mark Blatchford, from the Social Security Administration, is presenting information about the eVital project and its predecessor pilot:
Continue reading...


Western CIO Summit: Enterprise Architectures

One of the panels is on Enterprise Architectures. The panel consists of: Curtis Wolf, CIO, North Dakota Val Oveson, CIO, Utah Robb Stoddard, CIO, Alberta Moira Gerety, CIO, new Mexico Bob Haycock, Manager, FEAPMO Curtis is talking about North Dakota's Enterprise architecture program. They have made a lot of progress, although Curtis says its been sidetracked a little by agency angst over a legislatively mandated centralization of many IT functions, including email, database, and server administration. Curtis believes that the EA process would have eventually led to the same conclusions and done so in a way that wasn't so
Continue reading...


Western CIO Summit: eAuthentication Panel

I'm at the Western CIO Summit in Park City. My panel on eAuthentication was the first one this morning. Also on the panel were Glenn Miller of the University of North Dakota's NDGRO program, Steve Timchak, the eAuthentication program manager at the GSA, and Chuck Chamberlain who does business development for the US Postal Service. Steve talked about the eAuthentication initiative and provided some clarifying information about what it is and what it isn't. Essentially, eAuthenticaion is a policy decision point (PDP) for the federal government. Chuck talked about the US Postal Service's In-Person Proofing and Electronic Postmark initiatives.
Continue reading...


Managing Blackberrys and Other PDAs

In a tale that reminds us that IT organizations still haven't come to grips with the management of PDAs and other palm-sized computers, this Wired magazine article reports that the Blackberry of a former Morgan Stanley VP, chuck full of all sorts of corporate information, was recently purchased on eBay for $16. The VP had left the company several months earlier and the IT department failed to wipe it clean. Naturally, they want to make it his fault. Quoting from the article: "We trust employees with a lot of sensitive information; that's why we have these procedures in place.
Continue reading...


Loosely Coupled Conversations

My July column from Connect Magazine has now been published on their web site. Its called Loosely Coupled Conversations. The article starts off: heard science fiction author Greg Bear say recently that sci-fi authors have conversations in slow motion.  One author writes something in his book to which another author responds in his own book and a conversation develops over a period of years.  Weblog authors are doing the same thing with two interesting differences: The cycle times for Weblogs are much shorter because Weblogs are easier to publish. The technology used in Weblogs allows you to discover who's
Continue reading...


Sharing Code and Data

States sometimes share applications and code. Utah, for example, was very aggressive in developing an offender tracking system (called OTRACK) and in getting several other states to sign up to use the system and contribute to its development. An article in the August issue of Governing talks about this practice. Part of the problem with all this talk is that most of it is focusing on 1990's terms and technology. Its all about components and system compatibility. Witness this quote from Charlie Gerhards, Pennsylvania's CIO: The biggest problem, though, is that as much as agencies may want to share
Continue reading...


Distributed Computing Course Topics

I teach a course on distributed computing. In the past, the course has focused heavily on N-tiered architectures. This time, I'm taking a different approach. I'm going to divide the course into three parts: one on 2-tier architectures, one on n-tier architectures, and one on service oriented architectures. I wrote earlier about the texts for the course. Today while I was sitting at a meeting wasting time, I decided to put together a topic outline on the way to creating a syllabus. Here it is: Introduction servers Linux and lab information Part I: 2-Tier Distributed Architectures Architecture: presentation and
Continue reading...


Who's Afraid of Web Services?

Web services can be confusing, maybe even scary. Sometimes it seems that every time you pick up a magazine, there's another Web services protocol to understand. Given the uncertainty in the standards space, perceived security issues, and the complexity of deploying high-reliability Web services, its no wonder that many enterprises are taking a wait and see attitude. Doug Kaye, in his book Loosely Coupled, defines complex Web services projects as those that are based on asynchronous messaging, require high availability, or involve providing service to external partners. Web services projects that don‚t share these attributes are usually easy to
Continue reading...


Modern Day Screen Scaping

Bill Humphries is writing about creating RSS feeds by screen scraping. He's using curl to get the page, tidy to clean up the HTML, and an XSL program to convert the result into RSS. Because the example he's using is making good use of CSS, he can use XPATH to easily grab the right nodes in the HTML doc. Very different from the PERL screen scapers we were writing 4 years ago.
Continue reading...


Business Process Outsourcing

There are a number of companies whose IT shops are providing market competitive, rock solid IT as a shared service within the company. Some of those companies are wondering how they can turn that into a profit center. To quote a recent analysts report from CIO magazine: This prospect is attracting a great deal of enthusiastic market interest. Diverse investors-including venture capitalists, investment banks and Systems Integrators-are placing big bets on the future of business process outsourcing (BPO). The range of strategies they are funding is dizzying, ranging from simple outsourcing to joint ventures to spin-offs, and even the
Continue reading...


Scaling Web Services: The Role of Web Service Intermediaries

I'm going to be speaking at the Enterprise IT Week conference that is part of CDXPO. I'll be in the Web service track. I've proposed the following abstract for the talk: Many Web services projects never make it out of the "pilot" stage. While free tools and direct connections work fine in small implementations, they fail to scale, suffer from reliability problems, and are difficult to secure. Web service intermediaries provide answers to these problem. While Web service intermediaries may not show up in the standard Service Oriented Architecture (SOA) discussions, they're crucial to successfully implementing large scale SOA-based
Continue reading...


Windows Security Exploits

The W32.Blaster worm that struck last week infected millions of computers and caused a lot of IT shops to drop everything to repair the damage. I've talked to the heads of several large IT shops and most of them were affected in significant ways. The ones who weren't had installed the patch from Microsoft before the worm struck. I've written about the problems with too many patches in the past and this just highlights it. An article in ComputerWorld gives a slightly different twist to the problem. One thing companies ought to pay particular attention to in this last
Continue reading...


DNSSEC and Identity

DNS Security Extension, or DNSSEC, is a set of extensions to DNS, which provide end-to-end authenticity and integrity. In an article in the Business Standard, Paul Mockapetris, the inventor of DNS talks about DNSSEC and why he thinks its the answer to many of the identity problems on the Internet. Quoting from the article: Mockapetris argues that a work-in-progress extension to the DNS specification called DNSSEC is what makes the DNS up to the task of solving most of the identity related issues on the Internet. Unfortunately, since DNSSEC isn't bulletproof (and, according to some, could result in other
Continue reading...


Linux Networx's 11 Teraflop Cluster

Linux Networx, who I wrote about last February has closed two deals with Los Alamos to build Linux supercomputer clusters for use in nuclear weapons simulations. The larger cluster will have a theoretical peak performance of 11.26 teraflops per second and use 2,816 Opteron processors. I toured their facility before they moved and thought that it looked like a hardware guru's dream. According to the article in TechNewsWorld, the cluster will be delivered in 2 months---a record delivery time compared to the typical two-year delivery time for a supercomputer. Linux Networx makes news selling these multi-thousand processor clusters, but
Continue reading...


A New Utah Blog

Mike Jones was one of my Master's students and then got his PhD at Utah. now he's back at BYU teaching. Makes me feel old. Mike has started a blog to keep track of his research interests and thoughts about papers he reads. That's a great way to use a blog. I suspect his students will also find this useful. Maybe he'll get his students to write blogs as well.
Continue reading...


Wal-Mart Moving to Internet-based EDI

Via Frank Scavo comes this news about Wal-Mart requiring Internet-based EDI as opposed to older, VAN-based EDI connections to all of its suppliers by October. Wal-Mart, of course, is an 800-pound gorilla and suppliers are falling all over themselves to meet the deadline. From the article: Black & Decker and drugmaker Abbott Laboratories are among a handful of major companies that this week said they have purchased and installed special software to help meet new requirements for doing business with Wal-Mart, the world's largest retail chain, with more than 4,700 stores around the globe. ... Although Wal-Mart declined to
Continue reading...


IT Governance

IT Governance is one of the foundations upon which a good enterprise architecture is built. There's no point trying to build interoperability for systems in a IT environment where you can't even make good decisions about projects and policy. This month's CIO magazine has a good article on IT Governance called "Deciding Factors". The article makes the counterintuitive point that strong IT governance leads to resourcefulness. Most of the time we think of governance as something constrains and indeed, that's the case in the points made by this article. The enterprise is constraining certain activities so that the overall
Continue reading...


Westerm CIO Summit

I'll be attending the Western CIO Summit on August 25 and 26th. I've been asked to participate on the eAuthentication panel. I attended last year and blogged all three days. This is a farily small, close gathering and I enjoyed the interactive nature of the presentations last year. I'm looking forward to seeing some old fiends and talking about identity management in the government space.
Continue reading...


The Essence of XML

Phil Wadler is one of Computer Science's deepest thinkers in the area of programming language theory. I've been a longtime fan of his work. He presented a paper at this year's POPL (Principals of Programming Languages) entitled The Essence of XML. Phil says some controversial things, among them: The essence of XML is this: the problem it solves is not hard, and it does not solve the problem well. Don't let that stop you from reading the article. Phil and his team have developed a formalization of XML Schema which is quite elegant. This formal semantics is part of
Continue reading...


Symbol Grounding and Namespaces

Jon's recent recent discussions on RSS, RDF, XML and symbol grounding remind me of a story. When I was a grad student, I took a model theory class. Model theory is a branch of mathematical logic that deals with the meaning of symbols (in part). There were about a dozen of us in the class and half we CS PhD students and the other half were Math PhD students. The first part of the class was filled with pretty heavy set theory and the CS students were struggling. The next part however, was much easier for the CS students
Continue reading...


LavaRnd: Truly Random Numbers

Truly random numbers are crucial to good encryption. Most people have heard of Silicon Graphic's use of Lava Lamps to generate random numbers. There were some problems: it required special SGI hardware and software along with six lava lamps. SGI developed one of the best FAQs on lava lamps around as a result. What's more, the solution wasn't portable. But the biggest drawback was that SGI patented the idea so it wasn't freely available. Now, some of the scientists behind the SGI random number system have created LavaRnd, an open source project for creating truly random numbers using inexpensive
Continue reading...


Identity Management in a Business Context

Related to my post on business context security yesterday is this excellent whitepaper from PirceWaterhouse and Gartner on identity management. They list the following components to an IM solution: Enterprise information architecture Permission and policy management Enterprise directory services User authentication User provisioning and workflow I'd add a hearty amen. You can't manage the security of your enterprise in a business context without an enterprise architecture, good policies, global namespaces, the ability to authenticate users systematically, and a good way to manage account provisioning and deprovisioning.
Continue reading...


Business Context Security

In a discussion today with Wes Swensen of Forum Systems about XML security appliances, the concept of "business context security" came up. The idea is relatively simple: in the past people have mostly thought of security as an edge game. Given a firewall and access control to the network and publicly viewable machines, I can do a lot to secure my business. Sure, security experts have been telling us for years that this isn't enough, but for the most part it has been good enough. One of the unmistakable trends in IT is the need to integrate systems, not only
Continue reading...


WYSIWYG Editting in Radio

Jake has created a WYSIWYG editor for Radio that runs in Mozilla. One of the things I missed when I switched to OS X was the IE WYSIWYG editor, bad as it was. I'm using it to type this entry. Installation was simple and it seems to work just great in Mozilla 1.3. No support for Safari and Firebird seems to try to work, but then doesn't. I'll be playing around with it in the next few days, but so far, I'm impressed.
Continue reading...


Leavitt to Head EPA

The Whitehouse will announce soon that Governor Mike Leavitt has been picked to replace Christie Todd Whitman as the head of the EPA. Leavitt's moderate brand of environmentalism, known as Enlibra has made both sides of the issue nervous in Utah. I suspect it will do the same nationally. His approach is a practical, middle ground kind of environmentalism the eschews the extremism of both sides of the environmental battles that erupt with some frequency. Now he gets a chance to push this process at the national level. This is a lightening rod job that won't be a walk
Continue reading...


Event-based eGovernment: One Stop Goes Live

While I was gone last week, Utah's One Stop Business Registration service went live. This was one of the projects started last summer as part of the Governor's IT plan. The idea is simple: rather than go to seven different state agencies, the IRS, and a city to start a business, create a single place where people can fill out one set of forms, pay one fee, and take care of it all at once. This kind of service integration is one of the great possibilities of eGovernment. There are dozens of these kind of "life event" services that
Continue reading...


Novell and Open Source

While I was out last week, Novell announced it was buying Ximian. I'm always skeptical when big companies start buying companies based on an open source philosophy like Ximian. Mostly I worry about the innovative products that these companies are working on getting quashed. In this related article, Chris Stone, Vice Chair at Novell, talks about this deal and the SCO lawsuit. Chris says all the right things and I'm sure his heart's in the right place, but other forces will come into play and affect whatever strategy Novell has now. In another article, my friend Mall Asay, Novell's
Continue reading...


More on CIO Certification

I wrote earlier about some Federal CIO certification programs. Today I found out about the Federal CIO Council's CIO University program which includes a consoritum of several universities that are offering a wide variety of coursework in this area. These are all concentrated in the DC area.
Continue reading...


Temporary Flight Restrictions

From time to time, the government issues temporary flight restrictions, or TFRs, which pilots are responsible for knowing and following. In the west we get a lot of them in the summer months because of firefighting operations. When a tanker is coming in to drop fire retardant, they don't really want to worry about what other planes in the area might be doing. Other TFRs deal with sensitive national security areas, stadiums during games, and even the President's ranch. In the past when you wanted to know what current TFRs were in effect, you had to call the regional
Continue reading...


Out for Four Days

I'll be gone for the next four days to Island Park, ID for a little vacation. I'll be back next week.
Continue reading...


John Gotze Visit

I had a great time visiting with John Gotze from the Danish Government last week. We flew up to Driggs ID for breakfast one morning and had a great flight. I'm going to be working with John and the Danish Government on enterprise architecture and service-oriented architectures. I'm looking forward to it.
Continue reading...


The Zachman Framework for Enterprise Architecture

In the 1980s, an IBM researcher named John Zachman wrote a paper entitled "A Framework for Information Systems Architecture" and gave birth to the ideas around Enterprise Architecture. Zachman's framework is a table with columns that relate to the what (data), how (function), where (network), who (people), when (time or schedule) and why (motivation or strategy) aspects of the architecture and rows that walk down the scope continuum: Context (partners), Business Model (owners), System Model (designer), Technology Model (builder) and Detailed Representations (subcontractor). Zachman, along with Samuel Holcman, created that Zachman Institute for Framework Advancement. The institute's web site
Continue reading...


Losing Data

I was watching the news last night and they broadcast a story about an elementary school burglary where a couple of file servers were stolen. The principal, Kim Roper, said: We lost two file servers and it was really more damaging to the school that we lost the date than the computers; all of the school information is gone. All of the work completed by the school staff this summer, including which classes students are going to be in, is gone. The last back-up of the data on the school file servers was done in May. Of course, anyone
Continue reading...


Homeland Security Meets ARPA

Taking a page from the Dept. of Defense, the Dept. of Homeland Security has announced its own version of DARPA: HSARPA. DARPA is a major source of high-dollar research grants in universities and private companies. HSARPA will focus on funding projects related to bio-terrorism, but says any idea related to homeland security is eliglble.
Continue reading...


SOA is Not a Silver Bullet. SOA is a Discipline

A recent CBDi commentary says "SOA is ... not the silver bullet that many are suggesting; it's plain hard work." The article is obviously intended to make people think they need to pay for CBDi research reports before entering the scary world of service oriented architectures, but once you get past that, there's some pretty good information in there regarding what an SOA is and what that definition means to architectural choices about coupling and components. If you're an SOA expert, you can skip it. If you're trying to figure this out and build a mental model of what
Continue reading...