Phil Windley's Technometria

« October 2003 | Main | December 2003 »

November 28, 2003

Hilbert No. 16 Partially Solved

In 1900, Professor David Hilbert gave a talk entitled "The Future of Mathematics" before the Second International Congress of Mathematicians in Paris (See Bulliten of the American Mathematical Society, vol. 8, 1902). In his talk Hilbert listed 23 problems that showed the breadth and depth of mathematics and represented challenges for mathematicians in the 20th century. Only three remain unsolved 6, 8, and 16. A Norwegian newspaper is reporting that 21-year old Elin Oxenhielm has solved the second part of problem 16 having to do with boundary cycles for polynomial differential equations.

Hilbert is of historic importance to Computer Scientists. Hilbert believed, as did many mathematicians of his day that (a) you could build a complete system of mathematics, capable of describing every problem, (b) that a valid sequence of steps in that system could never give an inconsistent answer (i.e. 2+2=5) and (c) that in that system, mechanical proof would be sufficient to discover every theorem (decidability). (Note that by "mechanical," Hilbert wasn't talking of machines or computers, but the rote application of rules.) Hilbert did not believe in unsolvable problems.

If you remember your computability theory correctly, Kurt Godel showed that (a) and (b) were not true---no system can be complete and consistent (known as Godel's Incompleteness Theorem). Godel's work did not show, however that there was no way to distinguish the provable from the unprovable. In other words (c) might still be true inside a incomplete, but consistent set of rules like the mathematics we use everyday. Every Computer Scientist knows of the halting problem wherein Alan Turing showed that (c) was not true either.

Interestingly, Turing's approach to solving the problem was to envision a machine, the Turing machine, and then show there were problems such a machine could not solve. Another mathematician, Alonzo Church, working on the same decidability question, took another approach and the result was Lambda Calculus, the basis for much of the formal work in programming languages and the inspiration for LISP. Turing very nearly did not get the credit he deserved for proving undecidability because Church published his results first. This wasn't the first such scrape for Turning. His PhD dissertation had been to show the Central Limit Theorem of statistics, not realizing that it was already solved. Only after his committee was convinced that he had worked in complete ignorance of the other work was he awarded his degree.

If you're interested in these things and like biographies, I can recommend several books.

• Hilbert-Courant by Constance Reid is a dual biography of Hilbert and Courant---two great mathematicians of the early 20th century. The biography is quite readable and understandable by anyone with an interest in mathematics.
• Alan Turing: The Enigma by Andrew Hodges is a book every computer scientist ought to read. The book does an excellent job of covering Turing's important and tragic life.

Its fascinating to me to know how broad the interests of men like Hilbert and Turing were. In Hilbert's day there was no such thing as applied mathematics. All mathematics was applied and it was not unusual for mathematicians and physicists to be interchangeable. I often wonder what the future holds for Computer Science. What are the links between the science and the $2 trillion per year IT industry. Does CS matter anymore? I believe the answer is yes, but I think computer scientists do a poor job of creating relevance. We've become less and less applied to the real problems of the day and seem to take a certain pride in that.

10:34 AM | Comments () | Recommend This | Print This

November 26, 2003

Testing Web Apps with HTTPUnit

JUnit provides a framework for building test of Java applications. JUnit is designed, however for testing standalone Java applications and is consequently difficult to use for Java-based Web applications. HTTPUnit solves this problem providing what amounts to a programmable Web client. HTTPUnit can be used in conjunction with JUnit to take advantage of JUnit's reporting and regression features. DevX.com published the first of a two part tutorial on using HTTPUnit

12:03 PM | Comments () | Recommend This | Print This

November 25, 2003

Republican Hackers

Doc's put out a call for Republican hackers for a story he's doing for Linux Journal. He's actually a bit more particular than just wanting people who program and belong to the Grand Old Party---he's looking for anyone working on the Bush campaign who'll talk to him about what they're doing technology-wise.

We're seeing a lot more innovation from the Democratic candidates in their use of the Web this political season than from the Republican side. I suspect that that has to do with the fact that there's going to be a hard-fought primary on the Democratic side. Incumbents are typically more conservative in their strategy because they can afford to be. Still, I'd love to hear of innovative uses of technology that candidates of any stripe are employing this season.

As long as we're on the subject, I'm anxious to not sit on the sidelines through the 2004 election. I'm happy to serve as a consultant to campaigns looking for ways to use technology to connect with voters.

8:47 PM | Comments () | Recommend This | Print This

Open Government Interoperability Project

Tom Adelstein has written a great series of articles on the use of open source software (OSS) in state and local governments.

Tom is helping to head a project called the Open Government Interoperability Project whose stated purpose is to provide "a blueprint for government software interoperability, exchange and data access." The project has compiled a list of over 185 local government applications that could be built as open source.

The project's position statement ought to be read by every government worker in the US. Note that I didn't say "IT worker." Don't make the mistake of thinking this is something that just the techies need to know. Most of them probably already know it at some level. Its the business managers that need to understand why interoperability is crucial to their future and how OSS can play a role.

The project will provide a framework, common database vocabulary, a toolkit and other support necessary to carry off their vision. I hope the database vocabulary include support for developing common data models and XML vocabularies as well.

11:39 AM | Comments () | Recommend This | Print This

Bookmarklet: See CSS Changes in Real Time

If you ever do any site design and play with CSS stylesheets, you know what a pain it can be to make a change, save it, reload the browser, and repeat until you get the look you want. I found a nifty little bookmarklet that shows CSS stylesheet changes in real time as you make them. It only works in Mozilla and Netscape but its very handy. There are several other Web Development bookmarklets over at squarefree.com that look worthwhile as well.

8:46 AM | Comments () | Recommend This | Print This

November 24, 2003

Business Driven Identity Management

My November column for Connect is on Business Driven Identity Management. Its nothing I haven't said here many times.

I recently had the opportunity to sit with a group of CIOs and others involved in managing information technology and discuss digital identity.Ê What struck me was how much of the conversation was about security and liability rather than identity and opportunity.

From Connect :: Resource/Article :: November Columnist - Phil Windley
Referenced Mon Nov 24 2003 10:25:59 GMT-0700

I'm surprised how little information CIOs and IT managers get on how identity can help their business. Go to the bookstore and look for a book on identity management. Pretty slim pickins. There's plenty of books on security with their traditional "keep the bad guys out" mentality. This is important, but any CIO knows that if they listened to their security guys all the time, they'd just as well shut down the business.

When integration is driven by business, rather than IT needs, security policies need to talk about documents, data, actions, people and corporations instead of machines and networks.Ê This security model is infinitely more complex than the old "secure perimeter" model.Ê But even if you define your policy, how do you ensure that it is properly implemented across dozens or even hundreds of systems and at the same time control access to fields of a database or paragraphs of a document?

From Connect :: Resource/Article :: November Columnist - Phil Windley
Referenced Mon Nov 24 2003 10:22:09 GMT-0700

We need to start looking at corporate identity infrastructures as an asset that plays a important role in securing the business, but the main function of which is to enable flexible interoperability with partners and suppliers. Digital identity is not something you buy from a vendor. Digital identity requires an enterprise architecture and a well developed IT governance procedure that's sensitive to business drivers.

10:34 AM | Comments () | Recommend This | Print This

November 21, 2003

Stop Scaring the DOG!

One of the joys of working a lot from home is getting to see your children at their absolute best. This morning, my 4 year daughter came running in my office screaming at the top of her lungs. When I asked what was going on, she said "JoJo's going to put a snake on me!" I asked her: "Did you see the snake?" "No." "Then why are you screaming?" "He said he had one!" I told her that JoJo didn't have a snake and to stop screaming because it was scaring me and the dog.

After spending the last week basking in the glow of the absolute rage of Linux users toward SCO, I can't help but think of my daughter and the unseen snake. Darl McBride and SCO keep trotting out unsupported claim after unsupported claim in news conference after news conference and each time the Linux community goes wild and runs around screaming.

Now, recognizing that what I'm about to say is against human nature, I have to wonder: what would have happened if when SCO had first came out with their claims, we'd all just shrugged our collective shoulders and said "so what?" I guarantee that the press wouldn't be paying so much attention to the story. What if next week we just stopped paying attention? Do you really want this at the top of the tech headlines from now until the trial?

Someone said in a comment on my blog: "I can't believe their stock price keeps going up!" I know exactly why its going up: the Linux community is giving SCO so much free publicity that their stock can't help but go up. Right now, if you believe the markets, there's lots of people betting that SCO will win and the more air time SCO's arguments and claims get, the greater the number of people who will make that bet.

If all the noise were doing some good, I could understand it, but there's only one thing that's going to settle this now: the outcome of the litigation. That outcome is not likely to be very much affected by ranting and raving on Slashdot. IBM has a big pile of attorneys and if I were going to bet, I'd bet on IBM coming out on top. At one point they might have settled, but SCO's rubbed their noses in it too much. I can't do too much to affect that one way or the other.

The problem with all the screaming is that it scares the dog. All that the free publicity that the Linux community has given SCO has accomplished is to scare the pants off any CIO who had reservations about open source software. Many CIOs had been moving past their fear of using open source software in the last several years, but they've now got a very big reason to wait. At this point, the only thing that's going to reassure them is a positive outcome to the litigation. All the ranting and raving is accomplishing is to scare them more. And believe me, the bile has an even worse effect.

Maybe I'm wrong. Feel free to leave a comment and tell me why you think anything other than the litigation will leave open source software on solid footing. Feel free to tell me how all the bile will make a difference too. I'm all ears.

3:03 PM | Comments () | Recommend This | Print This

Connected Democracy is Philosophically Blind

With respect to the use of technology by the Dean campaign, Tom Mangan writes:

I just finished Ed Cone's piece, which seems to be missing one critical point: anything perceived good guy Howard Dean can do with technology can be replicated by his enemies (it's possible I glazed over this part, it's long article). Team Bush has $200 million and six months to play catch-up. It also has talk radio, the Fox Network and all the warbloggers on its side, plus the population's inherent tendency to side with the current prez during wartime. The Web knows no politics, it just offers politicians another way to get people to the polls. All Dean's "he gets it!" cheerleaders are gonna have some crow to digest if somebody really repellant uses all these tools to get elected in the future

From Prints the chaff
Referenced Fri Nov 21 2003 14:07:01 GMT-0700

Tom's right. There's no trade secret in what Dean's doing and indeed, to be effective, it would be hard to keep it a secret. Campaigns don't really work so much on secret information as much as they do on effective operations. I think this is how we want it. We want the playing field to be as even as possible so that the message and the ability to execute are what takes center stage. This hasn't always been the case with broadcast style democracy, maybe with connected democracy we will move more in this direction.

I disagree with Tom on his last point. I don't think someone odious will get elected because of some technology spin. They'll get elected because their message resonates with people and people vote for them. Happens all the time. Course my definition of "odious" may differ considerably from yours. :-)

2:22 PM | Comments () | Recommend This | Print This

November 20, 2003

Virtual Convergence

My October column for Connect Magazine has been put online. The column is entltled Convergence and is about how Bluetooth has allowed me to use my T68i phone as a communications hub among other things. I start by discussing the problems with a wireless laptop solution I'd used:

First, I had another PC card, another service provider and another bill. Second, I sometimes wanted to use the card in my iPAQ when I didn't have it with me. Also, putting a full form factor PC Card in an iPAQ requires a bulky add-on holster. The whole set up is just clunky and, thus, discourages its use. The final straw was that the wireless card was a power hog. I could almost see the battery meter move on my laptop when I was using it.ÊÊÊ

I solved these problems with a nifty little Bluetooth enabled phone from Sony Ericsson (the T68i if you're curious). My hope was that my phone could also serve my data needs without any bulky wires, holsters, or antennae. The Bluetooth phone succeeded beyond my wildest dreams.

From Connect :: Resource/Article :: October Columnist - Phillip J. Windley
Referenced Thu Nov 20 2003 12:00:11 GMT-0700

I think the idea of convergence is often understood. One thing people think of when they hear "convergence" is all in one devices like the Handspring Treo 600 that is a mobile phone, a PIM (personal information manager), web browser, and so on. Interestingly enough, according to Jupiter Research Analyst Michael Gartenberg most people don't want these things. I heard him at CDXPO this week and here's a few interesting things he said:

• Most people, contrary to popular opinion are willing to carry more than one device.
• When asked if they'd rather have a free phone without any fancy features, or one of these swiss army knife like devices, the majority of people pick the free phone even at price points as low as $49. These features aren't even worth $50 to them!
• Satisfaction rates with these devices drops off the longer the owner has it which is contrast to most devices that stay steady or even improve.

Personally, I don't like having to carry my Palm with me when I only need a phone. When I'm headed into Home Depot to get a load of plywood, I'm in a t-shirt and jeans, and there's no place to store a bulky device.

I think that Bluetooth solves these problems by creating what I'm coining as "virtual convergence." I want WAN connectivity in my Palm and my TiBook, but I don't want battery draining radios in each device. With Bluetooth, I get a phone when all I want is a phone. I get a WAN-enabled Palm when that's what I need. I get a WAN-enabled laptop when I need it. In short, its the same benfits you get from components in consumer electronics. What's more, its wireless and all on one account.

This is convergence, but its of a different sort. What's converged are the radios and the functionality, not the devices themselves.

12:19 PM | Comments () | Recommend This | Print This

November 19, 2003

CDXPO Wrap-Up

I'm headed home from CDXPO. I think Jupiter Media had high hopes for this conference. As is usual with a Jupiter Media event, the venue, support, and speakers were first rate. I enjoyed every presentation I went to and learned many new things. One of the best parts of the conference was one track of nothing but Jupiter Research analysts presenting results of their research in various areas. This alone was well worth the price of admission.

I hate Las Vegas, but it was nice to be here with many other conferences going on. Monday, I was able to have dinner with Doug Kaye, Doc Searls, Chris Pirillo, and also meet some new friends. Unfortunately, CDXPO was not well attended and I found myself lonely at times---not what one expects at a conference. I think CDXPO has a future given the quality of the content, but it will take some work to build the audience. I'll be interested to see what Jupiter decides to do with it.

2:57 PM | Comments () | Recommend This | Print This

CDXPO Presentation on Web Services Intermediaries

I gave my presentation (slides here) this morning to a smaller than I'd expected, but still very interactive crowd. The discussion was about what Web Services Intermediaries are and why they're important to business hoping to scale SOA-based applications. I based most of what I said on things I've written for InfoWorld over the last year. I touched in one slide on a cross-section of vendors in this space and what their strengths are. Its clear that you can't pick a WSI vendor based on feature set. They differ much more clearly in the metaphor they use than the raw feature set. I've got an article coming out in InfoWorld about that.

2:43 PM | Comments () | Recommend This | Print This

Sympathy for Darl

I've gotten some email from people and some comments on the Darl McBride story I wrote who obviously misunderstood my position. They mistook my sympathy for Darl as a person for sympathy for SCO's claims and asked me to somehow back them up.

Let me be clear. I am not sympathetic to SCO'S claims. I find them terribly inconvenient for a number of things I'm trying to do and feel that the SCO suit doing a real disservice to open source software (OSS). Anyone who reads this blog regularly knows I'm a big supporter of OSS.

When I say this is a real issue, its not because I think that SCO's claims have merit. I says its a real issue because I think sooner or later, some company was bound to make an infringement claim against an open source product that challenges the very notion of OSS. When that happens, there's two ways to solve the problem: legislation or court. In short, I think this kind of show down was inevitable. Its going to be painful, but if OSS is to really take off in the enterprise, these questions will have to be answered in a clear way.

It would be a worse outcome, in my opinion, if SCO were to go away, leaving this whole thing unsettled. Some other company would inherit SCO's licenses and claims and the battle would need to be joined again at a later date, leaving uncertainty and doubt in the void.

I say I have some sympathy for Darl because I've been the officer of a corporation and would hate to be a in a position where I feel like my duty is to do something that will make thousands of people hate me. I don't actually know Darl and I've got no sympathy for the SCO claims, but listening to him, I did get the feeling that he believes what he's saying. That doesn't make him right, but it makes him less evil. If you have to believe he's evil to fight your fight, then I can understand it. Personally, I don't have to hate the man to disagree with him.

12:32 PM | Comments () | Recommend This | Print This

November 18, 2003

Darl McBride: Linux Won't Remain Free

The evening keynote at CDXPO is by Darl McBride. On the way in they handed out a pamphlet from WIPO entitled "Intellectual Property: A Power Tool for Economic Growth." I'm not sure who decided to hand it out, but I think its a little silly.

Darl McBride of SCO speaks at CDXPO.

Darl starts out with a history of SCO. He says "SCO = UNIX." (Note: in the interest of my fingers, I'm going to stop typing "he says" and just type the essence of his speech. If I add commentary of my own, I'll note that.) A year ago, the answer to the question "who owns UNIX?" would have gotten a variety of responses. While there are many branches of UNIX, they all tie into the same tree trunk. AIX, HPUX, and others are licensed products of SCO. There are more than 6000 licensees with access to UNIX source code. Now he world knows that SCO owns those licenses.

When Darl joined SCO, its market cap had gone from a billion dollars to 6 million and had about 6 months of operating funds in the bank. When he looked at the assets, he saw $60 million in revenue, a channel of resellers, and intellectual property. He didn't think the company was getting the most from its IP assets and saw IP infringements from "the upstart Linux."

He was told when he examined this space that going after Linux infringements would bring down the wrath of the Linux community on the company. He didn't see the Linux community as one of his assets. His constituents are his shareholders and customers.

SCO set up a licensing program to put UNIX libraries on Linux. IBM threatened that they would not support SCO on their products if they didn't retract their licensing program. 20% of SCO's operating systems ship on IBM hardware. IBM thought the program would imply licensing issues with Linux. IBM was talking about taking major parts of AIX and moving it into Linux. Since IBM makes a large portion of its revenue from its IP, SCO thought this was unfair.

SCO got to the point where they had one option left: litigation. That set in place a chain of events that led to the last six months. What is not in dispute:

• SCO owns all UNIX System V source code
• SCO owns agreements to all UNIX vendors
• SCO owns all UNIX System V copyrights
• SCO owns all claims for violation of UNIX licenses.
• SCO controls UNIX System V derivative works.

SCO doesn't own the derivative, but they have rights to confidentiality that are the same as for the original work.

The Linux infringements include literal copying, obfuscated copying, derivative works, and non-literal transfers.

Darl takes on what he calls urban myths surrounding SCO.

• I am not a Penguin Slayer or a Suit-Happy Cowboy.
• SCO does not want to destroy open source or Linux. With the appropriate checks and balances, open source has merit.
• End users are not safe in taking a wait and see position. SCO is contacting customers and asking them to take a license of litigate position.
• Linux infringements cannot be fixed by simply removing or changing it.
• The GPL is at risk, but IBM put it on the table, not SCO as part of the litigation.

Some other points:

• There's no free lunch or free Linux. The value proposition of Linux is UNIX for free. Free models such as free music, free Internet, free bandwidth, and free love haven't worked.
• Giving away a UNIX-like OS for free isn't a problem. What is a problem is giving away UNIX or pieces of it when you don't own it.
• Free software removes the incentive for innovation. There will lost jobs and lack of competition. SCO is in a tug-of-war between those who want software to be free and those who support proprietary software. SCO is a bellwether for this giant tug-of-war.
• This country was built on the notion of property ownership and being about to protect one's property. What's left in this company are concepts and ideas. If you take away the ability to protect that, we're reduced out ability to compete as a country (cue the break out the flag, someone).

Predictions:

• GPL will not survive. Open source will survive, but the GPL will have to be reworked in a way that is more pro-business.
• Linux will not be free.
• UNIX on Intel will continue to drive mission critical applications.
• SCO will prevail in its legal battle. SCO is now worth $200 million and has $60 million in the bank. SCO is committed to seeing this through.

Darl McBride of SCO points to the telling clause in the GPL during the press briefing.

SCO would like this to end up with SCO and Linux peacefully coexisting and competing.

I attended the press conference that Darl held right after his talk for "accredited members of the media." I figured I was accredited as much as the next guy since I publish a blog. There are about 40 people in the room. Here's some of the questions and my paraphrase of the answer.

• What about SCO's pattern of non-enforcement? It depends on the topic we're speaking of. The problem that gets most problematic are trade secrets. Out strongest claims are not on the trade secrets side--they are on the copyright side. There was no significant violations in the Linux code base. The infringements show up after 2001.
• Critics have said SCO previously participated in open source. Did SCO give its own code away? From a legal standpoint, this is not an issue, but its a PR issue.
• Did some of the cash ($60 million) come from Microsoft? Microsoft took out a license. Sun took out a license and the next version of Solaris will have a better range of drivers.
• Do you have claims against BSD or BSD derivative works? In the settlement agreement of 1994, there were about 100 files that were protected. We have found files inside Linux that come from BSD that don't have proper copyright notifications. We haven't done a code review of BSD.
• What would you say to customers who say "we didn't know we were infringing?" The only people we will sue are people who were notified six months ago that there were copyright infringements inside of Linux. Clauses 11 and 12 of the GPL say there is no warranty. The quid pro quo of the GPL is that you get it for free, but the end user takes on the liability. IBM says that since IBM doesn't do distributions, they can't be sued. All we want is justice. The GPL is in violent collision with the DMCA. That's why Linux guys are opposed to the DMCA. Something has got to give.
• What percentage of Linux is infringing? Roughly one million lines of code. 20% of the Linux kernel. BSD is in a clear legal environment. There are dozens of protected BSD files that have made there way into Linux.
• In your presentation you contrasted proprietary and free software. CIOs aren't attracted to free so much as the ability to work with the source code and cooperate with other organization in software that doesn't differentiate their business. Why didn't you mention this model? That may be true. So, should we ask all the database companies to give away their IP to raise the overall functionality of databases. These people are demolishing the value of my company. Just because my stuff isn't differentiating for the customer, doesn't mean its not a valuable asset for SCO.
• Who was notified of infringement? The Fortune 1000 and the Global 500.
• Won't shareholders lose in the end from the bad publiciity? For every person who illegally contributed code to the Linux code base, there are 20 who followed the rules. Its understandable that they'll be angry. Even so, our customers are happy that we're able to continue to deliver services for them.
• Will you do an analysis of BSD source tree and all derivative works. How much time will that take? We know for a fact that there are copyright violations going on in the Linux code base. We have enough sorted out to pursue our course in the next 90 days. The more you pull on this yarn, the more come out. We need to get our arms around the BSD front. We can only focus so much with our limited energies. Right now, we're focusing on Linux. We'll get to BSD next year.
• What do you think of HP's indemnification of Linux users? in HP's case we had a lot of discussions regarding getting them clean. To do that, we had to get to the point where they would come in and pay for the versions of Linux their customers are using. It would have cost them hundreds of millions of dollars. They probably figured they could pay for a lot fo indemnification before they paid out that money. The challenge with HP's situation is that if SCO goes out and starts issuing invoices to their customers, HP has to keep paying. HP will have a tough time turning this around. The alternative is for them to ask their customers to ask SCO to sue them and HP will indemnify them against suit. Other vendors might be more interested in working a deal with SCO upfront since they don't have as deep of pockets.
• Does Microsoft have an direct or indirect claims on your equity? No. Originally they did based on the Xenix purchase from Microsoft, but that went away in 1999.
• What kinds of "checks and balances" were you talking about in your earlier talk? Linus, for as big a cultural leader that he is, put blinders on with respect to IP entanglements. Why didn't GNU grow up to be the big overpowering OS? They never got the kernel right since they were very concerned about IP infringement. With IBM's help the Linux kernel has become viable. OSDL and other efforts are taking the right steps to set up an environment that respect IP.

My thoughts as I listened:

• Some of this seems like an apology or at least an explanation. "Don't hate me," he seems to be saying. "I did what I did for the shareholders."
• I think the continued reference to intellectual property, with the emphasis on property, does a disservice to real property rights. IP is different, constitutionally, from real property.
• I think Darl's overall position is that he's protecting the shareholders and feels that's what he has to do.
• The point that Darl made clearly several times, is that Linux couldn't be viable without UNIX code. Somehow that code solves problems (as does Windows) that other people can't figure out on their own. I'm afraid that a trail won't shed much more light opn this, but it seems to be the heart of the matter. Is there something so special about UNIX code that Linux couldn't have grown up without it, or if, in fact, there is UNIX code in Linux, is it something that is not critical or could be easily replaced.

I have some sympathy for Darl's position. I don't think that Darl could have done his job and ignored what he felt were real infringements. Nevertheless, I hate what its doing to the momentum that has been building behind open source. The answer won't be as simple as SCO just going away as much as we might like that. I guess the best way to look at this is that this issue is real and it needs to be cleared up sooner or later. I firmly hope that the end result is in favor of open source software.

7:21 PM | Comments () | Recommend This | Print This

The Rise of Connected Democracy

If the last 50 years can be called the era of broadcast democracy, fans of the Internet should rightly be asking "when will the era of connected democracy begin?" We've seen eBay bring a new way to scale garage sales and flea markets using the connectedness of the Web. How does the eBay experience inform our views about democracy?

The Dean campaign may be the first and best example of how the Web can be used to change the nature of politics. In stark contrast to the standard

1. Raise money
2. Broadcast
3. Vote
4. Rinse and repeat

formula of the last 50 years, Howard Dean's campaign has been using simple, Internet based tools to connect to the grassroots and mobilize them for everything from letter writing to raising funds. Most campaigns don't want volunteers because they're too hard to manage, but the Dean campaign has figured out how to used principles of decentralization familiar to any open source developer to let volunteers act. This is a huge leap of faith because it requires letting go of the central command and control (C&C) structures that are the hallmark of modern campaigns.

In an article in Baseline, Ed Cone writes in great detail about what makes the Dean campaign different. One of the big differences is the use of the MeetUp service to get volunteers together. Ed writes:

The Dean campaign has used the Meetup service on the Web to get local volunteers together. Campaign staffers set a meeting date and publicize it through email, list serves, and on the campaign's weblog, called Blog for America.

Supporters then go to the Meetup page from a Dean web site and take matters into their own hands. Once they register, the volunteers choose a meeting location. They gather at the appointed time and place, with no Dean staff participation needed. Together they perform tasks suggested by headquarters, watch videos of the candidate sent by the campaign, and plot local tactics and strategy.

At one Nov. 4 Meetup event at the Green Bean coffee shop in Greensboro, NC, volunteer coordinator Abigail Seymour printed out Dean position statements from the Web and put them on tables at the back of the cafe. When volunteers showed up, they could easily review Dean's latest policy stands as they went about the day's work: writing personal letters to undecided voters in Iowa.

The Meetup software provided a rough headcount of expected attendees, so the Dean staff sent Seymour enough letter-writing kits to hand out as each volunteer arrived. The kits include stamps, sample letters and the name and address of an undecided Iowan that the Dean campaign hopes to sway. The campaign even sends along a box of ballpoint pens.

This is precisely the kind of grassroots event that traditional campaigns have eschewed in recent years because it was too hard to manage, but MeetUp makes it manageable. Of course, a good C&C style manager wouldn't like the idea of letting unvetted volunteers write letters on behalf of the campaign, but that's only the start. For a real taste of letting go, you have to explore Blog for America, Dean's decentralized blogging software.

Blog for America is run on a platform called DeanSpace, an open source blogging tool developed in PHP by over 180 volunteers for the Dean campaign. (source code here) DeanSpace uses XML to export Web content from one site so that it can be used on another, interesting content can be promoted from an individual's site to a regional or national page. RSS is widely used for events and content change notification. A user registry keeps track of the volunteers who are writing, makes it easy to send email, and even let's users create buddy lists. In true Internet fashion, this isn't a single application running at headquarters, but is hosted at dozens of sites around the country by volunteers. This has the added advantage of making the blogs "unofficial" web sites. Ed writes:

Making these tools widely available via the Internet, rather than husbanding them at campaign headquarters, means Dean's marketers give up a fair amount of control of messages made on behalf of their candidate.

Volunteers create their own weblogs, and say what they will. None have to submit their words to editors or campaign staffers, before posting. The same goes for staffers like Rospars, who writes for Blog for America. "Nobody reads my stuff before it goes. I just hit publish," says Rospars, 22, who was teaching English in Stockholm, Sweden before joining the campaign last spring. "The blog is about humanizing campaign, not just Dean but the staff and supporters."

The campaign also uses Blog for America as a fund raising tool, taking thousands of small donations from people all over the country, all collected online. In an unusual move, the campaign also posts the total on the homepage. Ed talks about this as well:

The campaign culture was changing, too. As the second quarter drew to an end in June, Dean was startled to see the amount of money that the campaign had raised online posted clearly on Blog for America. Campaigns usually guard such information, the better to spin it when announcing the total. The candidate called Trippi, saying the site had been hacked. But Trippi had OK'd the unconventional tactic, and donors responded by pumping about $1.5 million into the campaign in the last few days of the quarter, pushing the total to $7.5 million.

Still the issue is more than money. Listen to Joe Trippi, Dean's campaign manager:

"The pundits still don't get it. They see your incredible fundraising numbers - and that's all they understand. But our campaign was not built just by money - it was built by the full participation of you and thousands of others who believe that each of us has the power and the duty to participate in our democracy."

I think this is all just the beginning of a brand-new way for citizens to be involved in the electoral process. The goal of any campaign is to engender action. Modern broadcast methods have distilled that to its purest form: the modern campaign wants just two kinds of action: check writing and voting. What makes Dean's version of democracy is that its using the tools of the Internet to engender other kinds of action, the blogging, meeting, writing letters, and citizen to citizen advocacy. Dean has shown that these actions lead to check writing. The bet is that these actions will lead to the kind that matters most on election day. As Zephyr Teachout, Dean's director of online organizing says: "I'm obsessed with offline."

11:08 AM | Comments () | Recommend This | Print This

November 17, 2003

Michael Gartenberg on Digital Ubiquity

Windows 95 as a watershed event. Before that we worried about people taking enterprise software home and messing up licensing agreements. Now we worry about people bringing in their software from home and messing up out licensing agreements. People now frequently have better computers at home than they have at work. (What they don't have is better connectivity in general.)

IT departments are strapped installing security patches. Meanwhile users are out exploring the future of IT.

• Information co-mingling requires optimized synchronization. The IT universe is not prepared for this data co-mingling.
• Users cope multiple access venues. Home and office: home base. Libraries, hotels, and airports: steady relationships, kiosks, malls, etc.: fleeting connections. IT department need to consider providing mobile data services to users to help employees maintain connectivity focus.
• Wireless data service charges (which are hard to keep track of) are a huge hurdle to the growth of digital ubiquity. This is true for me. AT&T charges me an arm and a leg for a limited connection and I rarely use it since I'm afraid of going over.
• The trend to wireless networks in homes will put increasing pressure on IT departments to provide similar services at work. 2004 is the tipping point for wireless home networks. This causes networking to expand rapidly since wireless makes network deployment trivial for the home user.
• PC throughout the home are changing the nature of the PC and how we work. I think this raises the question of what new products will consumers want as this trend continues. Multiple devices will create a need for bridges to ensure interoperability. Linking this all up is hard and the majority of users won't get it. Michael says that there's one person in his neighborhood who makes his living setting up universal remote controls for people.

3:19 PM | Comments () | Recommend This | Print This

NY Times on Utopia

Today's NY Times contains an article on Utopia, Utah's extensive, government-backed broadband project. Here's some interesting quotes from the article:

But private sector competitors and taxpayer groups assert that the cities and their residents face a high level of financial risk for a network that may far exceed their needs. Telephone and cable companies nationwide are scrambling to build networks relying on less expensive, less advanced technology that they argue will be perfectly adequate for many years to come.

Jerry Fenn, the president of the Utah division of Qwest, the regional telephone company here that provides its own high-speed Internet access, said there were few uses yet for the network Utopia plans to deliver. The speeds to be provided "are way more than what most consumers need in their home," Mr. Fenn said, adding, "Why provide a Rolls-Royce when a Chevrolet will do?"

From In Utah, Public Works Project in Digital
Referenced Mon Nov 17 2003 13:56:42 GMT-0700

My experience is that you have to take what Jerry says with a grain of salt. He knows his job: he's an advocate. Before he was regional President at Qwest, he was the lawyer for the Rural Telecom Assoc. In that capacity he was frequently at odds with Qwest. Right now, his job is to make sure Qwest's interests in Utah are protected and that doesn't include Utopia.

"This is a very powerful test case," said Sharon Gillett, a research associate at M.I.T.'s center for technology, policy and industrial development. "If Utopia succeeds, it will be the first really large-scale deployment of fiber to the home in the United States."

From In Utah, Public Works Project in Digital
Referenced Mon Nov 17 2003 13:56:42 GMT-0700

Of course, the biggest question about success is "can they get funding?" That's always been the question.

Mr. Morris said Utopia was arranging financing from a New York investment bank. He said that the cities would be asked to guarantee a portion of the loan Utopia acquires from the investment bank, but that the amount was still being negotiated. Such a guarantee, while not providing a subsidy in the form of tax-exempt financing, substantially increases the creditworthiness of Utopia, dropping the interest rate to the 6 percent range from as high as 12 percent, Mr. Morris said. But it also puts those cities at risk should the project fail to meet expectations.

Mr. Morris said he expected to secure the financial commitment this month, paving the way for construction to begin next spring or summer.

From In Utah, Public Works Project in Digital
Referenced Mon Nov 17 2003 13:56:42 GMT-0700

Such a guarantee is not a foregone conclusion. They haven't gone back to the 17 cities that comprise Utopia and gotten agreement to do the guarantee. I suspect some of them will drop out if that is part of the deal. There will also be some significant opposition at that stage from Qwest, AT&T, and the Utah Taxpayer's Assoc. Don't be surprised to see the Utah Legislature step into this mess. In fact, if I know Jerry Fenn, he's already got several legislator's lined up to introduce the bills and the boxcars (emplty placeholder bills) are probably already in place. Should be an interesting few months.

2:07 PM | Comments () | Recommend This | Print This

Morning Keynote: Gail Whipple on Digital Media

The morning's keynote is Gail Whipple, VP of Digital Media for IBM Global Services speaking on Digital Media: Cool to Core. Digital media is unstructured content not stored in traditional databases. Gail see three key trends:

• Rapid increase in content moving from analog to digital as are devices
• Increased broadband penetration
• Lowering of price points, especially in storage (1 minute of digital video is 375MB).

By 2005 global digital media spend is $33 billion without including the devices for input and output.

On demand is the logical extension of today's business processes growing more mature over time. Demands a shift in how companies think about allocation resources. Four critical components to on demand environment

• Integrated - Devices, people, etc.
• Virtualized - grid computing providing utility computing
• Open - open standards, open source,
• Autonomic - self-configuring, self-healing, self-optimizing, self-protecting

Some examples from IBM Global Services clients:

The National Geographic Society has over 10,000 available images with 3000 images added each year. NGS now has a searchable catalog with 24/7 availability including online licensing and payment. NGS photo sales revenue tripled with reduced handling costs. Grew revenue without a staff increase

Coca-Cola built a system for the preservation and retrieval of 100 years of value brand assets. They built a comprehensive library available to 30,000 images which is used in marketing and orientation. The project saves money by retrieving existing images rather than recreating them.

Digital media application on homedepot.com for customers to view kitchen layouts. Number one destination for homedepot.com customers and customers spend 22 minutes at the site. Customers can reconfigure, visualize, and when finished order the supplies online or bring the print-out into their local store for purchase.

MacDonalds implementing a dynamic digital merchandising system allowing individual stores manage their own messaging via digital kiosks, flat panel displays, and so on. Sales in stores that implement it are up 33%. Increase in sales can be directly tied to featured products on panels.

IBM has been awarded 22,000 patents over the last 10 years and this portfolio has resulted in $10B additional revenue to IBM's bottom line. This experience drives IBM's approach to digital rights management. I'm not sure I caught the entire point of this, but it was clear that she was trying to point to some middle ground that respects IP without restricting it. She offered no information about how this might actually be done.

1:30 PM | Comments () | Recommend This | Print This

Who Set's Web Site Strategy?

One of the tracks is individual Jupiter Research analysts discussing issues they've been tracking. I'm attending on on optimizing staffing, spending and technology selection in the Web enterprise. I'm not sure what a "Web enterprise" is. I gather its an organization that depends on a Web presence to do their business. The analyst is David Schatsky.

An important first question: Who manages your organization's web site? Your IT department (most companies) or your marketing department? The issue is one of overall Web site governance as well as who's making the final decisions. The problem is that there are often competing interests and optimizing one business line at the expense of another or just leaving them to fight it out may suboptimize the overall enterprise strategy.

One of the key topics is Web site metrics and analytics. Metrics must balance customer and business view. Examples of business metrics include conversion rate, average order size, etc. Examples of customer metrics include satisfaction rate, traffics, etc. Clearly the former is more closely aligned with what most organizations want from the Web site, but you can't get there without the latter. The question is do you track them both and manage them both?

When asked "Why do you conduct usability testing?" 43% of respondents said to "ensure best possible experience" and 24% said "make sure we're considering customer needs," while only 16% said "drive metrics like conversion rate."

Furthermore, most companies are not just making the wrong decisions, they're making it from the wrong data. 59% of respondents make usability decisions from surveys and 44% from interviews, but only 14% made these decisions from revenue metrics and 12% didn't collect any usability data at all.

The truth is, its easier to gather technical metrics over business metrics such as page views, hits, and other visitor technographics and harder to figure customer profiles, registration conversion, realization of marketing goals, etc. Fewer than 25% of companies use click-stream data, recency of purchase, open-rates and click-thrus for email, or other data to drive Web site decisions. 63% of companies do not have a full time employee whose job is to analyze Web site behavior.

So, what to do? First, David recommends that you put a firm governance structure in place. Decide who's in charge of these steps:

1. Define business goals
2. Establish success metrics
3. Identity levers, behavioral inputs
4. Prioritize investments
5. Manage, exploit usability

Second, hire an analyst whose job is to turn technographic data in to actionable reports for sales, marketing, and production.

David wraps up with these conclusions:

• Web operations spending is healthy and rational
• Complex governance structures can undermine Web effectiveness
• Identify and track metrics relevant to business success
• Tune organizational structures to unlock technology value

1:25 PM | Comments () | Recommend This | Print This

CDXPO: Enterprise IT Week

I'm at Jupiter Media's Enterprise IT Week this week in Las Vegas. I didn't fly my plane since it was snowing in Salt Lake. Delta got me there nicely without the weather headaches. CDXPO is Alan Meckler's answer to COMDEX and we'll see how it goes. I suspect it will be slow the first year, even so the program looks pretty good.

1:21 PM | Comments () | Recommend This | Print This

November 15, 2003

Motorola MPx200 and SmartPhone 2002 Review

My beloved T68i was broken and I ended up sending it in for a replacement (which was very smooth, by the way). I wasn't sure how I'd manage without a phone for a week, but then a friend offered a solution--borrow a spare phone he had laying around. Since GSM network-based phones use a SIM chip (really a punch out from a smart card), I could insert my SIM into his AT&T WS phone and it should work. It did.

The phone he had "laying around" happened to be a brand-spanking new Motorola MPx200 phone running the new Microsoft SmartPhone 2002 OS. If you haven't seen it, the phone is gorgeous and SmartPhone, at least in theory, is pretty neat too.

Motorola's MPx200 running SmartPhone 2002

Motorola has always made great equipment. I used a StarTac for years and loved it. The MPx200 follows in that tradition.

• The phone is a flip phone with a big, bright color screen.
• The phone is solid, if a little heavy, and feels like it would take years of abuse.
• The case is shiny black so it looks nice when its clean.
• The buttons are pretty standard except for the addition of a "home" button and a "back" button which make working with SmartPhone 2002 easier.
• The unit has polyphonic sound and can play MP3s.
• The side has a slot for a SD/MMC card for expanding the memory.
• There's a side thumb-wheel which wasn't used to great advantage by SmartPhone 2002. I had one of these on a Sony phone a few years back and it was very handy for selecting menu items one-handed.
• In a major deal breaker for me, the MPx200 doesn't have Bluetooth. So, you've got to haul out wire whenever you want to connect up the phone to sync or use its as an Internet gateway.

SmartPhone 2002 is familiar right off the bat with standard Windows icons for the browser, email client, calendar program and so on. The overall feel of SmartPhone 2002 was good and I didn't have too many troubles just using it without reading the manual. I'm not an Outlook user, but I suspect that if you were, this phone would be a great tool and would serve the functions many people want from a PDA on the road. Of course, you could get a PDA with a phone built-in, but then you'd have to be willing to hold a brick to your head whenever you want to talk on the phone. If you don't need to enter a lot of data, this phone is a fantastic PDA replacement.

In theory, I liked SmartPhone 2002. I like the idea of not having to learn a new GUI every time I get a new phone. Most cell phone GUIs are extremely primitive because each company starts from scratch each time. The state of cell phone GUI's today reminds me of operating systems before Windows. Every computer had their own and most of them were primitive. There's no reason that cell phone shouldn't run a third party OS.

SmartPhone 2002 is among the most capable cell phone GUI's I've used. My beef with it is that its from Microsoft. This is not just a knee-jerk anti-Microsoft rant. I'm seriously concerned about cell phones becoming semi-useless lumps unless I agree to use Microsoft Outlook on Microsoft Windows with a Microsoft PDA and Microsoft Exchange, and so on. What's next? I can't use the gas pump unless I have a Microsoft built OS running on my Car? Don't laugh---its not that far-fetched.

Apple and Linux have shown us how having a choice fosters innovation. I'm genuinely afraid we're headed to a world where there isn't any choice. The problem isn't that SmartPhone 2002 is bad. The problem is that its good and that I can see how useful the MPx200 would be in an Outlook/Exchange environment. I see little chance that an OS X or Linux user to get similar functionality from any phone, anytime soon.

3:48 PM | Comments () | Recommend This | Print This

November 14, 2003

Utah Cares: The First Fruits of eREP

Governor Walker launched the Utah Cares portal today. Utah Cares is the first fruits of a multi-agency cooperative effort to rebuild Utah's twenty year old eligibility system. This multi-million dollar IT effort goes by the name eREP. Utah administers about a billion dollars of Federal welfare benefits each year. Part of that process is the determination of recipient eligibility. Over the next few months, successive launches of eREP components will make it easier for State benefits administrators to make better, more consistent eligibility determinations.

eREP is a great example of how IT is changing the rules of the game and requiring better cooperation from the business side of the house. The system is essentially a CRM system with lots of specialized rules to determine eligibility and calculate specific benefits.Ê Since every federal welfare program is funded separately, in the past Utah would have built 6 or 7 separate eligibility systems.Ê Instead, Utah is building, through the cooperation of three large State agencies, a core CRM system and rules engine that will serve them all. Individual modules will be built on top of that system for the individual programs.Ê To satisfy the Feds, Utah has to be able to track and correctly allocateÊthe costs and get some relief on ADP, but its workable.Ê For a system that will ultimately cost $50 million or so, its worth it---doing them separately would have cost much more and delivered less service.

This is also a great example of the next level of eGovernment. Beyond one-off applications for registering a car or buying a fishing license is a whole host of eGovernment applications that will not just make the current services more convenient, but create brand new services that couldn't be done any other way. This next level of eGovernment requires tying together existing applications and data across agency boundaries and funding streams. That last one is tough. Legislatures are jealous of their funding authority, as they ought to be. Even so, I think finding ways to fund and support cooperative efforts like eREP will be one of the greatest challenges to the progress of eGovernment in the next decade and lead to significant changes in how legislatures do their bookkeeping.

3:51 PM | Comments () | Recommend This | Print This

The Personal Server

At the Intel Developer Forum in September (yeah, I'm late), Intel Researchers demonstrated a working model of their personal server. What's a personal server? Essentially its an iPOD with Bluetooth and Wi-Fi. OK, its a little more than that. It also has the smarts to let other devices hook up to it in meaningful ways. I've always viewed by Bluetooth-enabled T68i as a communications hub and wished I could marry it to an iPOD.

Note that this is different from a PDA. In some ways, its less, in some ways, its more. A personal server doesn't necessarily have a large, touch-sensitive screen or a PIM (personal information manager) installed on it. Bring it next to a PDA, though and all the data on it becomes available for use on the PDA. Walk into your office and the data on the PS becomes available there. More importantly, walk up to any terminal and your data is available. There are some security issues, to be sure, but its an interesting scenario.

Since I pretty much take my laptop with me where ever I go, I have a personal server right now--its just much larger than an iPOD. If I could assume that there'd be a display and keyboard wherever I went, I would need a laptop, just the data. The vision assumes a world where high speed access to the network is spotty and that's probably going to be true in most places for a long time.

This reminds me of an interview of Jim Gray (storage guru) I read recent. In the interview he talks about attaching processors to disks and creating smart disks. He's taken to shipping whole computers around to get that effect because its cheaper than sending the data (multiple terabytes) over the net and simpler than shipping IDE drives and having to install them when they show up.

This raises the question: what do you do with an iPOD that carries 20 terabytes instead of merely 20Gb? Certainly, you start carrying you movies around on it. What else?

9:29 AM | Comments () | Recommend This | Print This

November 13, 2003

Why the Bells Should Be Very Scared

A recent article in Business Week discusses the impact of VoIP on the RBOCs. The article highlights IBM's recent announcement to move to a VoIP network:

When IBM talks, Corporate America listens. So Big Blue created quite a stir on Nov. 7 when a top exec told a tech conference in Atlanta that it hopes to move 80% of its 300,000 employees to voice-over-IP phone systems by 2008. ... When the largest tech company on the planet announces it no longer needs the phone company to manage its calls, you can bet the communications landscape has fundamentally changed.

From BW Online | Why the Bells Should Be Very Scared
Referenced Thu Nov 13 2003 13:46:52 GMT-0700

I've been experimenting quite a bit with VoIP. I've got 200 VoIP phones going in a project that I'm working on and I'm learning a lot about the technologies and the vendors. The bottom line is that the technology is easier than many believe. Once IT departments figure out how flexible and simple this stuff is, there will be no holding them back.

1:55 PM | Comments () | Recommend This | Print This

The Technology Behind the Segway Human Transporter

I attended the BYU CS Department Colloquium today. The speaker was David Robinson from Seqway LLC. David is a BYU grad who got a PhD from MIT and then went to work on the Ginger project which eventually lad to the development of the Segway Human Transporter. David's in the Core Technology Group. The talk is about the technology behind the Segway HT.

Balance is the easy part. The Segway is an inverted pendulum which is a classic problem appearing in Chapter 1 of most control textbooks. The motors not only provide the motive force, but also the torque necessary to balance the machine. The problem is that there is a speed where the motor has no torque left and looses it balance. The trick is to figure out how to limit the torque-speed curve so that users don't fall down.

The battery provides sufficient power for the Segway to climb fairly steep ramps. more interesting, the Segway regenerates power to the batteries when the machine goes downhill. This is good on two fronts. First, you get longer battery life. Second, generating power causes a braking effect, when needed.

An interesting aspect of the design was creating the gear train in such a way that it sounded quite. Part of making the acoustics right was picking gear ratios to that the noise that the machine makes is "in tune." That is, the two primary sounds that the gear train makes are two octaves apart. David says that getting it wrong really sounds bad.

The processor is a TI2406 with 32K of memory and fixed point math.

The battery last about 12 miles depending on terrain. There have been some issues with batteries causing system failure (i.e. people fell down). The recent recall fixes the problem. David reemphasizes that this is a machine, not a magic carpet and it does have limitations.

David spent a fair amount of time talking about Segway's cultural principles. I thought they were good advice for an engineering team.

• Go fast. Mario Andretti said "If you feel like you're in control, you're not going fast enough."
• Expect conflict. The only way to truly tolerate design failure is to do it fast and early.
• Expect to fail. Be tough on issues, easy on people. Cross-functional conflict must happen early to work out the right ideas.
• Have fun.
• Let people be different. Ideation people vs. execution people. (Innovation vs. delivery)
• Hire the best. Jeff Bezo's said "A's hire A's; B's hire C's; C's hire D's"
• Be humble as an individual; be proud as a team.

Innovation is hard. You spend a lot of time out of your comfort zone.

11:48 AM | Comments () | Recommend This | Print This

Phase 2 of Liberty Alliance Specification

The Liberty Alliance released phase 2 of their work on identity federation. The latest installment is called the Web services framework, ID-WSF (complete list of documents). ID-WSF provides a framework for identity-based Web services in a federated environment. There will likely be some conflict on this between the work of the Liberty Alliance and the WS-I framework proposed by Microsoft, IBM, and others. Liberty adopted the WS-Security specification after it was turned over to OASIS (although there's reason to argue that even that isn't enough). Liberty hasn't adopted WS-Federation, however and last month, published a white paper comparing their approach with WS-Federation. Liberty refuses to adopt standards like WS-Federation unless they're turned over to a standard's body. I think that's wise.

10:08 AM | Comments () | Recommend This | Print This

Open Source Meme Map

Open Source Meme Map (Click to enlarge)

O'Reilly's P2P forum has an Open Source meme map that I saw yesterday for the first time and didn't want to loose track of it, so I post it here, as much for my memory as for anything else. This was part of an article by Tim called Remaking the Peer to Peer Meme. There's some interesting ideas here and while none of it is exactly news in 2003, its interesting to see it all in one place and related in this way.

Clearly the map is not exhaustive, but meant to be representative, particularly for the green "example" bubbles. One thing I'd add, that I think is important is that many (most?) Open Source Software (OSS) projects fail---and that's OK.

One of the things I'd like to understand is how this map changes for internal projects built on an open source model. There are a number of companies, like HP, using open source development ideas and tools for internal development teams that are distributed. Clearly some things change. I think the strategic positioning is the same, but the user positioning is clearly different. Likewise, the core competencies are still important. This raises the question of how much of this is specific to open source and how much is Internet-era, distributed development methodology and whether that ought not to be studied in its own right as a necessary, but not sufficient component of the OSS movement.

8:21 AM | Comments () | Recommend This | Print This

November 12, 2003

All Headline News: RSS Feeds from Search

All Headline News is a Web site that aggregates news stories from multiple sources. From their Web site: "All Headline News offers live updated news headlines in more than 300 categories collected from more than 3500 sources. Also offers a free news feed service for websites." The first cool thing about All Headline News is that I can get an RSS feed for any of their categories. The second cool thing is that these RSS feeds can be generated from a search. For example, here's an RSS feed that contains news items related to Mike Leavitt.

There are other people doing this on a smaller scale and Yahoo! has searchable News feeds, but this is largest effort I'm aware of.

Producing RSS from search results reminds me of something I read on Jon Udell's blog the other day:

Of course, the trend even within Microsoft Office is away from micromanaging storage by "dragging and dropping." Witness the search folders in Outlook 2003, which are intended to create virtual views along multiple dimensions so you don't have to manually build containment structures. The Outlook 2003 product manager, in fact, told me that he managed the whole product cycle in an undifferentiated inbox, creating no folders and moving no messages.

The search-based RSS feeds on this site are virtual views of the news headlines. I think there's more to this idea of not trying to categorize things, but simply create views into the data, files, emails, whatever. Its more flexible than hard coded categories and search has clearly won out on the Internet over categorization for this very reason. As the amount of stuff on my hard drive grows, why not apply the same principal there as well? From the RESTian standpoint, this is an example of Web services, and example of how standards enable intermediaries.

8:37 AM | Comments () | Recommend This | Print This

November 11, 2003

Disposable Email Addresses

There are times when I want to give someone my email address, but worry about where it might end up and whether it will become another source of SPAM. In the past, I've created my own disposable email addresses by simply creating an alias specific to the purpose, knowing I can delete it if it ever becomes a problem. People without access to the email alias file on their mail host use Yahoo! mail and Hotmail for the same reason. A large percentage of the email addresses on my newsletter are Yahoo! or Hotmail addresses. I recently discovered a more convenient way to create disposable email addresses.

Take a look at SPAM Gourmet. They have a free disposable email service and a convenient way to create email addresses without even visiting the site. Once you've signed up and gotten a username, you can create email addresses with the format:

randomword.#.username@spamgourmet.com

The random word is anything you choose. The number is the number of times this email address should remain usable. The username is the username you created on SPAM Gourmet. You simply make these up at whatever site happens to be asking for your email and the first time someone sends email to it, the email address will be created and the email will be forwarded to your real address. After the number of emails you specify have been forwarded, the account is redirected to the bit bucket and any email sent to it is thrown away.

This is very convenient and useful. There are a number of other features such as being able to set whitelists for addresses, reply address masking, and the ability to see statistics on the email addresses you've created. Of course, if everyone used the same system, the spammers could just start creating their own email addresses to reach you. The service let's you set keywords that must be contained in the random words to help thwart this.

I wonder why more enterprises don't set up a disposable email service for their employees. If it were convenient to use, employees could generate disposable email addresses whenever the need arose and the enterprise could throw away any email sent to them after their usage period expired. I don't know how effective it would be, but its so cheap and easy to do, that its almost a no brainer.

Another idea would be add code to Mozilla so that whenever a user types #random# into a field, the browser automatically goes out to a service, retrieves a generated disposable email, and substitutes it in the field where #random# was. This would make it trivial for browser users to use disposable email addresses.

11:35 AM | Comments () | Recommend This | Print This

SprintPCS Coverage Maps

I asked for coverage maps and I got them, at least in part. This page from Sprint shows the locations of their towers across the country. You can drill down right into your neighborhood.

The problem is that the maps don't show signal strength in various areas, just tower locations. You might still get surprised by dead zones. The friend who sent me the map noted that even though there's a tower close to his office, he still doesn't get great reception. I'd also like to be able to overlay one service provider's map on top of another's. Of course, to do that, it would have to be done by a third party.

8:15 AM | Comments () | Recommend This | Print This

November 10, 2003

Demand Informing Supply: I Want a Book

I want this book: Me++. Right now. Not tomorrow. Why can't I find out if my local Border's has it via the Web so I can go down and buy it. Better yet, why can't I let my need be know in some standard way and have the local Barnes & Nobles, Borders, etc. inform me of availbility, delivery options, and so on? Doc Searls calls this "demand informing supply." I think its the future.

11:58 AM | Comments () | Recommend This | Print This

Speaking at the Global MSP Network Conference

I gave the keynote address to the Global MSP Network conference this morning. The GMN was started with backing from Intel in 2001 as an industry group for companies in the managed service provider space. Its not a large group, but I had a very good time speaking to them and getting some of their feedback. I spoke on IT trends (slides in PDF). I've given variations on this talk several times and its always well received.

One of the questions I wasn't very well positioned to talk about had to do with grid computing and its future. I just haven't spent that much time looking at it from an enterprise standpoint. A report in today's New York Times claims that Europe is far ahead in grid computing. I'll have to spend some time getting up to speed.

11:45 AM | Comments () | Recommend This | Print This

eGovernment and Open Source Software Usage

Dave Fletcher reports that the four of the five top eGovernment Web sites in the Best of the Web contest run on Linux, Apache, and Resin. I'm not sure Resin's open source, but the point is well taken.

Dave also points to the UK's eGovernment office's open source policy (PDF). How many other government's have explicit open source policies? I don't know, but would be interested in compiling a list. If you've got any pointers, send me a note or add a comment below.

11:27 AM | Comments () | Recommend This | Print This

November 7, 2003

Digital ID World Presentation Slides and Audio

Digital ID World has put the presentation slides and audio for the conference online. This is a great service and an incredible resource. My hats off to Phil, Kathy, and the folks at Digital ID World for going to the trouble to make it happen.

2:24 PM | Comments () | Recommend This | Print This

Mesh Networks: Monitoring Buildings

Mesh networks are interesting to me. I like to think about what you can do with lots of similar, wirelessly connected, sensors. For example, I've envisioned OnStar as an open platform for mobile mesh computing and monitoring. An article at AlwaysOn talks about Buildings That Know Their Limits, a feat made possible with meshes of smart sensors. The company doing it is called Sensametrics.

In a nutshell, the Sensametrics architecture is this: off-the shelf heat sensors, vibration sensors, and strain gauges plug into Sensametrics "wireless sensing units." These units have their own accelerometers, to measure shaking, vibration, or swaying, and also collate the data stream from the devices plugged into them. Via radio, they transmit only data thatâs outside programmed parameters -- such as 'too hot,' or 'bent too far' -- either to the next closest sensing unit or directly to the Sensametrics console. If one of the Sensametrics units is trying to send data to a unit that has malfunctioned, it can send it via another path -- this is ad-hoc mesh networking.

The article explains this use of sensors and mesh networks in some detail. In the computer world, we're used to being able to instrument just about anything, pull in the data (using OpenView, Tivoli, or something like that) and make decisions based on the data. The rest of the world is just getting in on this game and I think its going to open up lots of opportunities and lots of challenging questions about privacy and transparency.

2:19 PM | Comments () | Recommend This | Print This

Catching Up on Some OS X Apps

A few Mac OS X related items: uControl for Panther, tabbed terminal emulation, using your iSight camera, and the new Finder.

• I got the latest update to uControl, the utility that let's OS X users turn their CAPSLOCK key into a Control key. Without it, my hand starts to ache from reaching down with my pinky to hit the Control key. Even, when I'm not using Emacs, I'm using Emacs controls in Safari and Mail. This is one of the things that Panther broke when I installed it but the new version seems to work fine now. There are still a few pseky bugs, but its a huge improvement.
• The latest version of iTerm, the tabbed terminal emulator for OS X seems to have fixed a few bugs that bothered me and introduced a few more, that I can live with for now. Most importantly, the performance is improved.
• SecuritySpy is a nifty program that let's you use your iSight camera for something other than iChat. The program let's you monitor multiple cameras at once and even contains a web server that serves up images from the camera. You can create time lapse movies, or just snap shots when the program detects motion. I liked it, but its not worth $50 to me. I think its the software Apple should have included with iSight. If you're interested in using the iSight for other things, there's a couple of stories by Derrick Story on the O'Reilly Network that you might want to check out.
• I've heard mixed reviews of the new Finder. Personally I think its a nice improvement. I like the left hand navigation and especially how that carries through to applications. Much more convenient than a favorites menu for me. I used PathFinder in Jaguar, but the new Finder is good enough that I don't use PathFinder anymore.

The other utility that I use all the time that broke when I installed Panther was CopyPaste. CopyPaste kills the "c" key in Panther. There doesn't seem to be a new version of that yet.

Got any other "can't live without" OS X applications? Write a comment and share them with me.

1:46 PM | Comments () | Recommend This | Print This

November 6, 2003

Ask the Expert: Patch Management

CIO Magazine's Ask the Expert column features Joe Wang, CEO of Utah-based LANDesk. The topic is patch management. Follow the link, post your question, and watch for the answers.

10:42 AM | Comments () | Recommend This | Print This

November 4, 2003

Cell Phone Crisis

Just in time for number portability, my cell phone is not working. I don't know if its sun spots, equipment failure, or network problems. All I know is that my ATT GSM phone doesn't get a usable signal anymore. I tried looking on the ATT WS web site to get some indication if they were having network problems (I can hear you laughing already). Of course they don't post that kind of information there---they want to tell me about service plans and how I can download ringtones. Big help. New York Mayor Bloomberg is taking a lesson from the Internet and routing around cell service providers who won't release network coverage information.

The mayor of New York City has set up a line that people can call and report dead zones. The information will be collected and made available to the public on Nov 24th (the same day that number portability goes into effect). I'd like to see a Web site that let's people report and check cell coverage. You could go beyond cell coverage, of course, and show Wi-Fi hot spots, DSL and cable modem service availability---you name it. Could be a fun little system to build. Anyone want to help?

5:41 PM | Comments () | Recommend This | Print This

Novell Buys SUSE

You've probably heard that Novell's buying SUSE Linux and taking a $50 million investment from IBM. Clearly this shows Novell is looking for be a player in a way that they could never accomplish by just selling applications and system add-ons for Windows. The acquisition of Ximian gave Novell a cache of great Linux products, but that doesn't really help them get out of their funk. Novell still has a large installed base of Netware customers that they need to migrate to a platform with a future---otherwise they'll lose those customers to Microsoft. Now they've got a server they can use to backfill Netware. They can't do that with a Linux server that they don't have pretty tight control over, so buying a Linux company is a natural choice: it gives them a product, lots of Linux expertise to tap, and some credibility.

This is probably a good thing for Linux users in general because Novell will likely some good work done on making Linux work well inside the corporate IT shop. Most large IT shops don't have the luxury of being a pure Linux or Microsoft shop. They have to be both. Linux has made some great strides toward being a good corporate citizen. This provides additional pressure in that direction.

In all, if I were a Novell shareholder, I'd be pleased with the decision. Its hard to see a huge downside from Novell's standpoint. I don't see it as a "let's beat Microsoft" move which has been the undoing of novell in the past. I see it as a legitimate strategy based on their installed base. The group of Linux users who distrust corporations in any guise will see evil lurking behind every shadow of this deal. I see it as just one more indication that Linux is getting stronger and more important.

4:32 PM | Comments () | Recommend This | Print This

November 3, 2003

Transparency, eVoting, and Copyright

eVoting highlights the trade-offs we make with copyright laws and transparency. To see how, let's think about how regular voting works: you sign your name on the register to prevent more than one person from voting at a time, you get a paper ballot and mark it (either by hand or with a punch), you turn in the ballot, and later its counted. (Sure, I'm simplifying it.) Every geek in the world says "Wow! I can build a system that's snazzier than that!" And that's the $64 question, can we build a computer based system that's got the same functionality and offers the same cross checks for integrity? David Dill (a Computer Science professor at Stanford and an old colleague from my formal verification days) doesn't think its all that easy. A story in the Christian Science Monitor quotes David:

"If you look at the consequences for democracy, it's terrifying. If we had a way to make [computerized voting] safe, believe me, we would. There's no way to run a reliable election without a verifiable paper trail - that's what these machines don't have."

Of course, balloting has always been a messy business and there's been ways to game the system. But I think that misses the point. If we're going to set out to make a better system, let's make a better system. That's when we run into copyright and transparency issues. Voting systems are made by vendors who respond to bids put out by election officials (your county clerk or state Secretary of State in most cases). The design of these systems is not typically open to the public. The result is a black box and someone who stands to make a lot of money from selling the device while saying "trust me."

Anyone who's done even a little computer security work knows that that's not how it works. The most secure systems are open because its only by social review, a kind of social proof, that you expose errors and hard to find bugs. That thinking runs counter to most people's intuition---most people believe that secrecy leads to security. So, following this reasoning, the most secure and trustworthy voting systems would be those that are open to public scrutiny. You can imagine the howls of protest that eVoting vendors are raising on that issue.

In fact, one manufacturer, Diebold, is using the DMCA (digital millennium copyright act) to stifle public review of its source code and internal documents that outline security problems. A group of students recently posted these documents and the source code on the Internet for all to see. Diebold responded with a cease and desist order. From a New York Times story (free registration required):

Diebold, however, says it is a case of copyright infringement, and has sent cease-and-desist orders to the students and, in many cases, their colleges, demanding that the 15,000 e-mail messages and memorandums be removed from each Web site. "We reserve the right to protect that which we feel is proprietary," a spokesman for Diebold, David Bear, said. The files circulating online include thousands of e-mail messages and memorandums dating to March 2003 from January 1999 that include discussions of bugs in Diebold's software and warnings that its computer network are poorly protected against hackers. Diebold has sold more than 33,000 machines, many of which have been used in elections.

Some universities bowed to the pressure and removed the files, but the students just moved them to the Freenet file sharing service. This is a perfect example of why file sharing and DMCA are about more than making sure Orrin Hatch gets his royalties. Copyrighted code is fundamentally different than copyrighted music. Music and books are perfectly transparent. Code is not transparent in the same way and nothing in the DMCA requires that it be made so. Secrecy might be OK for some things, but not for the code we run our country on.

A team of security experts from John Hopkins and Rice University reviewed the software and found security holes that would allow people to vote twice or even undo the votes of others. (Full Report). This might lead some to think we just need an independent review, but even that's not enough. New attacks and vulnerabilities are discovered regularly for well-known and thought-to-be-secure systems when they're subject to public scrutiny. A single review, no matter how smart the reviewers, isn't enough.

I do not believe that we should be willing to buy or use voting systems where the source code and design is not open for public review. I think there are companies that would be willing to work in this model, particularly if the contract provided some long term commitments. This is not Britney Spears we're talking about here---the integrity of our voting system is a fundamental component of our government. There's simply no reason that our voting system shouldn't be open to public scrutiny.

Making this happen is more difficult. There is not one election authority in the US, there are thousands and very few standards. The Help America Vote Act of 2002 contains some language that gets at standards, but nothing as blatant as making eVoting systems open source. This problem won't get solved just because its been pointed out. Like all public policy issues, making changes requires commitment and long sales cycles. You've got to be willing to educate local county commissioners and legislators over the course of years. Get started now. If this issue interests you, write to your legislators (you can write your congressional delegation too, but that won't do as much good in this case). Try not to sounds like a pompous ass, but someone who's genuinely concerned and willing to help. Show up at committee meetings. Group together with like-minded souls. Find a sympathetic ear in the State Election Office. Talk to your State's CIO. Talk to the Secretary of State (yes, they'll probably make an appointment with you). The point is: get involved.

4:12 PM | Comments () | Recommend This | Print This

November 1, 2003

Time for a Facelift: Renewal Express

Renewal Express, Utah's trusty old eGovernment application, is a good system with lots of great features. For example, the way it helps users locate information on paper forms with pictures tied to actual form entry boxes is Web-GUI magic. I also think the way it lets you print out temporary certificates is very nice. With tens of thousands of user's per year, its Utah's premiere eGovernment application. Even so, Renewal Express is in need of a facelift. I had to renew my wife's car today and I could tell it was showing its age. Because its so heavily used and so popular, Renewal Express deserves some attention every year or so to keep it fresh. Here's a few points that bear review:

• First of all, it was slow---real slow. Admittedly, I'm renewing at the busiest time of the month, but so's everyone else! Good user experience demands enough capacity to service the peaks. I don't think it was just my connection since other sites, like Utah.gov, loaded fine.
• There's far too many clicks. Confirmation screens that could be combined with the information gathering screen that follows. Admittedly, there's some design discretion here, but I think one, or even two, steps could be removed from the five step process making it slicker and easier to use.
• This is a nit, but why isn't UT pre-selected on the form that asks for my address information? Five characters in the form code would do it. I do believe that most people registering cars in Utah live here too.
• Even more to the point, since the application already has my registration information, why not pre-fill the form with it and let me change anything that's not right? For most people, the billing and registration address will be the same.
• Two words: "content management." The look and feel should follow the look and feel of the Utah.gov site. Right now it incorporates the old style headers and has some funky dark blue background. I know this is heresy, but a little attention to content management would make this task infinitely easier.
• Get rid of the "Do not press COMPLETE more than once" verbiage and program the application right so that that isn't an issue.

A thorough design review would undoubtedly catch more than this. These are just the things I noticed as I was going through the application as a user. First step ought to be to randomly poll users on the completion screen and ask for their feedback and comments. I'm sure there would be some great ideas.

1:10 PM | Comments () | Recommend This | Print This