Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Understanding RSS
Digital ID Policies
Understanding VoIP
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Friends

Mike Jones
Chuck Knutson
Kristen Knight

Copyright

Copyright © 2002-2006 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« December 2003 | Main | February 2004 »

January 27, 2004

P2P Swarming

This Thursday Dan Zappala from the University of Oregon will be speaking at the BYU CS Dept. Colloquium (11am, 1170 TMCB) on his research on Swarming: Scalable Content Delivery for the Masses (PDF). I wish I was going to be there since this is an area that interests me, but I'm going to be in the mountains, in the snow with 350, 14-18 year old kids.

8:18 PM | Comments () | Recommend This | Print This

IT Strategies for DRM

I need a little help. Suppose you'd been asked to address the CTO organization of a major (over 125,000 employees) company on digital rights management. What would you tell them? There's the usual, technical talk stuff:

  • What is DRM, why are we talking about it?
  • The current state of DRM from a technical standpoint
  • Issues and challenges for IT organizations
  • Challenges or consequences of public policy issues surrounding DRM
  • How and what should we do as best practice with respect to DRM
  • Challenges and opportunities for information management

But that hardly seems to capture the boiling controversy surrounding this subject. If you're working in a large IT organization, what is it you need to know about DRM? How does it affect your work and how you support the business? A passionate speech about the evils of the RIAA and MPAA isn't really what these people need to hear. They need to hear what strategy they should pursue as an IT organization and why. Give me your ideas. I'll post a summary later and let you know what I come up with.

11:24 AM | Comments () | Recommend This | Print This

Martian Storage Management

The problem affecting the Spirit rover on Mars is one that would be familiar to any earth-bound CIO: storage management.

The space required in the rover's Ram memory to manage the data files stored in its flash memory was more than anticipated due to the build-up of files, Ms Trosper told a news conference.

"We have lots and lots of files on the spacecraft," she said. "We've been all the way through cruise [the journey through space], we've been using flash for that whole time. We have some cruise files on the file system.

From BBC NEWS | Science/Nature | Files 'overloaded' Mars probe
Referenced Tue Jan 27 2004 09:29:50 GMT-0700

The good news, of course is that its a problem that can apparently be fixed. Anyone with a full hard drive knows the drill: sift through the files and find those that can be deleted. The bad news is that it had to happen in the first place.

It often seems to me that operating systems stopped evolving in significant ways back in the 80s. Operating systems exist to manage system resources. Yet, they often do a poor job of managing one of the most important system resources: the file system. A small example: every system administrator knows that one of the first things you do on a new system is to set up cronjobs to manage log files. Why don't operating systems come configured out of the box to manage this problem?

Another example is backup. Setting up a good back-up system is one of the fundamental tasks of the IT shop and the enterprise continues to pay too much for such solutions in terms of hardware and software, certainly, most more expensively, in terms of people and lost work.

At any rate, you can bet that storage management will be a bigger check-list on future interplanetary probe projects. Meanwhile back on Mars, mission controllers are purging unused files from Opportunity's FlashROM before it has similar problems and preparing to upload some test software to confirm that files are what's causing the problem.

9:48 AM | Comments () | Recommend This | Print This

egrips

A company called egrips sent me a sample of their product, a non-slide surface you stick on your cell phone or PDA. They come in various sizes and styles to fit various phone and PDA models. They also come in some outrageous colors and designs. Most of them are a little too outrageous for a middle-aged, conservative guy like me, so I was glad they sent black. I frequently set my phone on the center console in my truck, so these will come in handy. All in all, not a big thing, but I'm happy to not have my phone flying around while I drive. One thing I did think was funny was the words: patent pending. Can you really patent the idea of putting sticky stuff on a surface so an object doesn't slide around? Seems this must have been thought of sometime when rocks were new.

8:47 AM | Comments () | Recommend This | Print This

The Power of the Penguin

Netcraft is an online tool that lets you determine what Web server/OS combination a Web site is running. Doc Searls used it to compile a list of the Web server/OS combinations of the Presidential candidates. Not surprisingly, Republicans are taking a beating because the Bush/Cheney campaign runs IIS on Windows 2000. How embarrassing! :-) Well, just to show that not all Republicans run Windows, here's the Netcraft data for www.windley.com.

On a more serious note, Netcraft is a good little tool to have hanging on your toolbelt. There's all kinds of interesting data there. For example, you can see the history of www.windley.com and see that sometime between August and December, I moved www.windley.com from a FreeBSD server hosted at Verio to a Linux box hosted at FiberNet. You can also clearly see, for example, that Utah.gov used to be hosted on the State's network and now its not.

8:35 AM | Comments () | Recommend This | Print This

January 26, 2004

Identity Management Architecture

We've all seen cities that don't just quite seem to have a sense of place, where the zoning didn't yield a coherent set of uses or designs and things just seemed thrown together. This results from a lack of planning. Imagine the difficulty and danger of living in a place where there were few standards for building, multiple electrical voltages and phone systems, and roads were put in place willy-nilly.

This is a situation that most enterprises find themselves in with their digital identity infrastructure. The systems are thrown into place with little thought to standards or interoperability. Solving the problem of the day, week or month becomes standard operating procedure. The end result is a tangled mess of systems that are brittle and unreliable. Heroic efforts are required to make small changes or even keep the systems running day-to-day.

In the same way that city planning creates a set of standards and rules for buildings to ensure the overall area is consistent and workable, an enterprise architecture is a set of standards and rules that creates, if done right, an interoperable and flexible enterprise IT infrastructure.

The work of city planners can be divided into three primary categories:

  • Standardization - dimensioning of pipes, voltage, roadways, etc.
  • Certification - regulated and standardized qualifications for workers
  • Management - rules, notifications, permits, approvals, etc.

The work in enterprise architecture is largely the same.

If enterprise architectures are like city plans, then system architectures are more like the plans for a single building. The plans for the building are made within the context of the scope of a city plan that not only has defined roads and lots, but also set standards for sidewalks, set-backs and so forth. Furthermore, the city plan has adopted building codes that define how the building will be implemented and sets out best practices. As someone who's recently built a house, I can testify that none of this is cheap and the builder is required to pay for all of it right down to the compliance inspections.

Enterprise architectures, likewise define a context for system architecture. A well defined enterprise architecture will make demands on system architectures to certain ends. Like a good city plan, a large part of the effort is the governance procedures that create and maintain the plan and the inspection and quality assurance processes that endure its followed correctly. Also like a good city plan, conforming to the enterprise architecture will be neither convenient nor cheap and there will be considerable pushback if the organization is not committed to the process.

Enterprise architectures are important to building IT systems that are aligned with the business and provide lasting value. Identity management is a critical part of an enterprise architecture since it touches every aspect of the organization. The ideas and methodology involved in creating an enterprise architecture can easily be turned to the task of developing a subset of the enterprise architecture regarding the enterprise's identity infrastructure. I call this an Identity Management Architecture (IMA).

I'm using Identity Management Architecture in the same sense that I've described an enterprise architecture--a coherent set of standards, policies, certifications and management activities aimed at providing a context for implementing a digital identity infrastructure that meets the goals and objectives of the business right now and is capable of evolving with the business to ensure that the infrastructure continues to meet business needs.

Identity management architectures differ from typical information security planning in several important respects:

  1. Identity management requires a functional business model. Information security planning rarely makes mention of the business. The business model describes in some detail how the business functions. This includes identifying important entities, resources and processes and their relationships. The functional business model may be detailed or abstract depending on the depth of the identity management architecture planning process and the level inside the organization.
  2. Identity management requires that resources and entities be identified first. Since typical information security plans are largely about perimeter defenses, they are usually concerned with networks and servers rather than business documents and customers. Like the functional business model, the level of detail in the inventory of resources and entities varies depending on the nature of the identity management architecture planning process, but these are its central focus.
  3. An identity management architecture identifies dependencies between identity data and systems. These dependencies are used to determine implementation priorities. Security planning, and most IT planning for that matter, often emphasizes projects that are deemed critical without seriously considering dependencies between data and systems. An identity management architecture highlights those dependencies so that they can be used in the planning process.
  4. An identity management strategy is driven by long-term business goals surrounding employees, partners, suppliers, and customers, whereas security planning usually reacts to these relationships as perturbations or exceptions to the plan. I rarely talk to a business executive who doesn't complain about business goals being at the mercy of security planning.

Identity management architectures turn the tables by providing business justification for security and directory infrastructures that go beyond keeping the bad guys out and extend to enabling valuable business activities.

2:45 PM | Comments () | Recommend This | Print This

RSS on My Yahoo!

My Yahoo! RSS Display

My Yahoo! now supports the display of RSS from any valid source. This means that any site with RSS can participate with other content providers on the My Yahoo! homepage. The figure at the right shows my personal My Yahoo! page with this blog and UtahPolitics.org displayed. Here's how to do it:

  1. Go to add.my.yahoo.com/rss and click the "Add It" button.
  2. Select which page on your My Yahoo! site add it to. For now,I just suggest clicking "Add It". You can always change the page and position later.
  3. Under "Add New Sources" enter the following URL:
    http://www.windley.com/rss.xml
    and click the "Search" button. Of course, you can substitute any valid RSS feed here.
  4. That's it. You should now see headlines from my blog on your My Yahoo! homepage.
  5. You can change the preferences to show just headlines or summaries as well as change the number and age of headlines shown.

I like this. I know a number of people who use My Yahoo! and getting them to understand and use a news aggregator is a challenge. It reminds me of trying to tell people what a "browser" was back in 1993.

Jeremy Zawodny, who brought this to my attention also has an article on configuring Movable Type to ping Yahoo! when it posts to speed up the process of My Yahoo! noticing changes. Doing this in Radio is more involved--as far as I know you have to edit the "weblogPostForm" macro. If you know an easier way, please post a comment.

9:47 AM | Comments () | Recommend This | Print This

January 23, 2004

Connected Computing Research Topics

I gave a talk to the BYU CS Department yesterday on research topics in connected computing. The slides are available as a PDF. If you work at a government agency (Federal, State, or Local) and find any of these topics interesting, I'd love to talk to you about a possible partnership to make a proposal to the National Science Foundation's eGovernment program.

1:16 PM | Comments () | Recommend This | Print This

dg.o - NSF's Digital Government Research

The Digital Government Research Center at the University of Southern California maintains an informational Web site for the National Science Foundation Digital Government Research Program. The site includes:

I wish they had an RSS feed (or several), but I can't find one. Sad experience tells me that no matter how much I promise I'll go look at a Web site regularly, I don't without a note in my aggregator about new things.

The center funds dozens of projects. An example is a project by the National Institute of Statistical Science to build a toolkit to safeguard against data swapping in public records. (see the project homepage) The technique swaps key identifying information in public records to protect privacy. There are two primary questions:

  • How much data must you swap to protect someone's identity?
  • How much can you swap before you have made the bulk of the data unreliable or worthless?

Alan Karr, the principal investigator, talks about these tradeoffs:

The trick to effective data-swapping is choosing the cells in a table that can be interchanged without ruining the core utility of the data or in some other way revealing private information, says Alan Karr, who is leading the project for NISS.

"A good choice would be one that creates a high level of protection, but a low level of distortion in the data," Karr says. "You want to avoid things where you create 4-year-olds with 10 children [but] essentially, it's always going to be the case that the more protection you have, the more distortion you have. There's just no way around that.

"But it turns out that in some examples we've looked at, some choices seem to be better than others, and no one before has had a tool to let you see that in a systematic way," he says.

From dgOnline NEWS > DG-funded Toolkit Safeguards Privacy by Data-Swapping in Public Records
Referenced Fri Jan 23 2004 08:00:58 GMT-0700

One limitation of the technique is that the protection relies on secrecy of the swapping technique used on a particular set of data.

But how much of published data would be subject to swapping? Seastrom declined to say, since it could give outsiders the tools they need to penetrate the veil of privacy the agency maintains so carefully around its data.

"Census, for example, has maybe half a dozen people who know what the swapping rate is," she says. "We are rather closemouthed about what we do and how much we do, for obvious reasons."

From dgOnline NEWS > DG-funded Toolkit Safeguards Privacy by Data-Swapping in Public Records
Referenced Fri Jan 23 2004 08:03:40 GMT-0700

8:09 AM | Comments () | Recommend This | Print This

January 22, 2004

SERVE eVoting System Lambasted

The panel of expert reviewing SERVE, the US Dept. of Defense eVoting system for overseas military members has released their report. The conclusions are not encouraging. (see NY Times article). Some interesting conclusions, but the most telling to me is the following:

Like the proponents of SERVE, we believe that there should be better support for voting for our military overseas. Still, we regret that we are forced to conclude that the best course is not to field the SERVE system at all. Because the danger of successful, large-scale attacks is so great, we reluctantly recommend shutting down the development of SERVE immediately and not attempting anything like it in the future until both the Internet and the world's home computer infrastructure have been fundamentally redesigned, or some other unforeseen security breakthroughs appear. We want to make clear that in recommending that SERVE be shut down, we mean no criticism of the FVAP, or of Accenture, or any of its personnel or subcontractors. They have been completely aware all along of the security problems we describe here, and we have been impressed with the engineering sophistication and skill they have devoted to attempts to ameliorate or eliminate them. We do not believe that a differently constituted project could do any better job than the current team. The real barrier to success is not a lack of vision, skill, resources, or dedication; it is the fact that, given the current Internet and PC security technology, and the goal of a secure, all-electronic remote voting system, the FVAP has taken on an essentially impossible task. There really is no good way to build such a voting system without a radical change in overall architecture of the Internet and the PC, or some unforeseen security breakthrough. The SERVE project is thus too far ahead of its time, and should wait until there is a much improved security infrastructure to build upon.
From SERVE Analysis
Referenced Thu Jan 22 2004 17:47:50 GMT-0700

Overseas military members have a tough time voting because they've had to do it absentee with long mail delays. SERVE was supposed to increase military member participation in the voting process, so it is indeed unfortunate that it can't be made to work. Keep in mind that SERVE is radically different in its goals than eVoting systems that are used standard elections. Because the goal was to allow overseas military members to vote, the design uses uncontrolled (sometimes home-based) PCs connected to the Internet, not dedicated machines maintained just for elections.

Update: The New York Times has an Op-Ed piece on SERVE

Four computer scientists brought in by the Pentagon to analyze a plan for Internet voting by the military issued a blistering report this week, concluding that the program should be halted. These four are the only members of a 10-member advisory committee to issue a report on the program. Their findings make it clear that the potential for hackers to steal votes or otherwise subvert elections electronically is too high. Congress should suspend the program.

The intentions behind the Pentagon's plan, the Secure Electronic Registration and Voting Experiment, are laudable. Military personnel overseas, and other Americans abroad, face obstacles to registering and voting. The new program would ease the way by allowing them to use any computer hooked up to the Internet. This year, it would be limited to voters abroad who are from one of 50 counties in seven states, but it could eventually be used by all of the estimated six million American voters overseas.

But the advantages of the Pentagon's Internet voting system would be far outweighed by the dangers it would pose. The report makes it clear that the possibilities for compromising the secrecy of the ballot, voting multiple times and carrying out vote theft on a large scale would be limited only by the imagination and skill of would-be saboteurs. Viruses could be written that would lodge on voters' computers and change their votes. Internet service providers, or even foreign governments that control network access, could interfere with votes before they reached their destination.

From Making Votes Count: The Perils of Online Voting
Referenced Fri Jan 23 2004 09:38:07 GMT-0700

5:52 PM | Comments () | Recommend This | Print This

January 21, 2004

RSS For President

Steve Gillmor has an intriguing piece that talks about the DeanChannel and its use by the Dean campaign to create a montage of news stories about the candidate on election day in Iowa:

Take Dave Winer's Channel Dean as an example. For the Blogerati crowd, this is no big deal÷an RSS aggregation feed compiled by one campaign's editorial board. For those who've mastered the non-trivial task of choosing and downloading an RSS newsreader, the feed was a quick way of absorbing one campaign's take on the confusing, fast-moving messages of the caucus denouement. For the RSS-oblivious, it may be seen as a wake-up call down the road.
From RSS for President
Referenced Wed Jan 21 2004 22:15:10 GMT-0700

The article also mentions the impasse on DeanChannel over Dave Winer's posting of a public quote by Dean that some people in the campaign would have rather not had on their site. You live by the sword, you die by the sword. You can't take the advantages of the Internet without buying off on the honesty that has to go with it for it to work for you.

10:18 PM | Comments () | Recommend This | Print This

Open Source eVoting

Scott Ritchie, a California college student has proposed bringing open source eVoting software from Austrailia and modifying it to meet the demands of the California Secretary of State.

Ritchie, a 19-year-old political science and math student at the University of California at Davis, told the panel that he was launching the nonprofit Open Vote Foundation, which plans to modify the Australian code to meet California election standards and offer it free to any voting vendors that want to implement it in their systems.
From Wired News: Open-Source E-Voting Heads West
Referenced Wed Jan 21 2004 14:59:22 GMT-0700

California Secretary of State Kevin Shelley has mandated that a voter-verified paper audit trail, or VVPAT, must be included with all e-voting machines by July 2006. Ritchie proposes making modifications to the Australian software to meet these demands.

I'm not familiar with the feature set of the Australian software, but one of the things most people don't realize about voting software is that its not just about voting machines. Ballot preparation is a much bigger job for election offices than most people would expect and the system that prepares the ballot has to be able to provision the voting machines in a reliable, trustworthy, and efficient manner.

3:05 PM | Comments () | Recommend This | Print This

iProvo Approved

The Provo City Council approved the bonding package for iProvo, an ambitious fiber to the home project. There's an article by Arthur Brady on UtahPolitics.org about the council meeting.

To me, the choice is as important and momentous as the decision to create and interstate highway system in the 1950's. The railroads were monopolies and were only too happy to carry people's goods, but on the railroad's terms. The interstate highway system changed that. Before the 1950's, long haul transportation was solely the domain of the railroads. Now anyone with a little capital can start a transportation company (just buy a truck).

The current situation in last mile connectivity is very similar. Comcast and Qwest are all too happy to carry your data, but only on their terms. Qwest is almost paternalistic: we'll decide how much bandwidth you need and give it to you when you're ready. Networks like iProvo have the promise to change that. My fear is that they'll emulate their closed cousins and place unneeded and stifling restrictions that will limit their ability to provide a breeding ground for broadband innovation.

In any event, I'm happy to see iProvo going forward and hope for similar success for Utopia.

7:35 AM | Comments () | Recommend This | Print This

January 20, 2004

RSS Winterfest

A free RSS Winterfest is being held tomorrow and Thursday at Harvard. You can attend in person, or register for the Webcast.

Day 1 will focus on technology and applications for RSS. The Webcast will start with Dave and be followed by sessions that will look at RSS, Atom and the future of Internet content syndication. A case study from Traction Software will explore how the Justice Department is using enterprise content syndication for communicating with law enforcement agencies. DayÊ2 will look at the business applications and cover topics such as enterprise content syndication, RSS and advertising, and what exactly are the business opportunities withÊthese technologies.
From About RSS WinterFest 2004 | MySmartChannels
Referenced Tue Jan 20 2004 15:22:09 GMT-0700

Sounds like a lot of great information and the cost is right.

3:30 PM | Comments () | Recommend This | Print This

New Technorati Infrastrcture

Dave has announced the new Technorati beta infrastructure. Here's the Technorati page for www.windley.com on the new infrastructure. According to Dave:

We focused 100% of our time on completely refurbishing our underlying event engine - essentially taking a volkswagen engine out and putting a Ferrari engine in. This new engine sports:
  1. Much faster indexing - the median amount of time it takes from when someone posts something on their weblog to when it is captured and searchable via our live database is 7 minutes.
  2. Much faster querying - our goal is to have every search query take less than a second, even as the database is being continuously updated. We added a query timer at the top of every results page so you can judge for yourself.
  3. Much more scalable - We built this distributed database system to scale. As we track more events, we add more machines to scale. As our user traffic increases, we add more machines to scale. This should continue to work for quite some time, so we're eager to test under load.
  4. Much better internationalization support - The database is entirely in UTF-8, a character set that encompasses a significant number (well, all) of non-english languages, including Japanese, Farsi, Hebrew, and many others. You can see results in multiple languages all on the same page. Localization should be significantly easier.
  5. A new, smarter spider/crawler, which understands weblog posts and blogrolls much better than our old spider. You'll note that on our results pages, many results offer a "Read Full Post" capability, which take you directly to the entire microcontent post that created the link.
  6. A redone results page, which should load faster, and is designed for non-browser usage as well. Lots has been moved to CSS, and we've added a nifty pager widget at the top and bottom of each page of results.
From Sifry's Alerts: New Technorati Infrastructure beta test!
Referenced Tue Jan 20 2004 10:50:30 GMT-0700

This is very welcome--I've found Technorati very useful, but sometimes slow enough that I gave up and did something else. That's not surprising since From my little bit of playing around, Dave and team succeeded in replacing the Volkswagen with a Ferrari. The new site seems very fast, but of course its probably also lightly loaded right now.

10:57 AM | Comments () | Recommend This | Print This

January 19, 2004

Dan Gillmor on eVoting

Dan Gillmor is the latest installment in Doug Kayes IT Conversations. If you haven't been over there to listen to some of the interviews he's done, you really ought to. Now he's got transcripts as well, which makes referring to the conversations from a blog a little more meaningful. What caught my eye about Dan's interview, was his take on eVoting:

The electronic voting machines, the touch-screen voting machines, are a huge scandal and a really shocking scandal because the lack of interest in this until recently in the major media in the press is unbelievable to me. And the fact that people in government have been just sort of fecklessly running along with this is outrageous. I don't know if any elections using these machines have been stolen. I don't know. The problem is we can't know. It's impossible to know. They leave no record that can be verified in any way that anyone should trust. There is a fundamental problem. It's as if you went to an ATM and put your card in and got some money out and the bank says, "Sorry, no you're not getting a receipt. You just have to trust us that we marked correctly in your account the amount you withdrew." Not for a minute would the public put up with that. It would be ridiculous.
From Dan Gillmor: 2004 Outlook (IT Conversation)
Referenced Mon Jan 19 2004 21:51:22 GMT-0700

Dan continues (his comments on eVoting are at the end of the interview) by noting that as soon as California said a paper trail was required, most of the vendors who'd been saying "impossible" suddenly said "OK."

I'll be moderating the eVoting panel at the O'Reilly DIgital Democracy Teach-In on February 9th in San Diego. The panelists will be David Jefferson from Lawrence Livermore, Dave Hart from Hart InterCivic (not yet confirmed) and Gary Chapman from the University of Texas. One of the things I was after in inviting these panelists was a good discussion of the pros and cons, the dangers and the motivations. The more I've dug into the issue, the more I've come to understand that its not as cut a dried as one might think.

9:59 PM | Comments () | Recommend This | Print This

January 16, 2004

Wanted: IIS Expert

I'm looking for a Windows IIS expert whose willing to consult. The job is tuning a group of servers running IIS. If you're such an expert, or know one, I'd like to talk to you. Contact me by email.

3:46 PM | Comments () | Recommend This | Print This

US Senate Rolling Out RSS

Ray Matthews is reporting on the RSS in Government Site that the US Senate is rolling out RSS:

Senator Joseph Biden (D-Del.) is the first senator with a RSS news feed for press releases on his official site. Feeds for other senators will soon follow according to Jason Blum in Enterprise Systems Support of the office of the U.S. Senate Sergeant at Arms. Plans call for what Blum refers to as "RSS relay agents." These are local customized feeds for hometown constituents for NOAA weather alerts and state news.

At least one other, Sen. Tom Daschle (D-S.D.), had a weblog on his official Senate site this past summer, but he didn't provide readers of "Travels with Tom" with a subscription feed.

From RSS in Government: Senate Begins RSS Rollout
Referenced Fri Jan 16 2004 10:25:38 GMT-0700

Ray has a list of feeds you can subscribe to now. He notes that the most sophisticated use of RSS by Senators isn't in the Senate, but in the Presidential campaigns of Senators Edwards, Kerry and Lieberman. Not surprising.

Sadly, neither Bennett nor Hatch have RSS available yet. If they did, I'd put it on the UtahPolitics.org site.

10:31 AM | Comments () | Recommend This | Print This

January 15, 2004

Open Source in Government: Newport News, Va.

I spent three very hot weeks in Newport News, VA in August of 1983. I was doing some training at Newport News Naval Shipyard which forever changed my perception of the term "complex engineering project." Tim Adelstein has an interview at O'Reilly with Andy Stein, the CIO of Newport News (the town, not the shipyard) on his use of open source software in local government and the Open Government Interoperability Project. Leading up to the interview, Tom says:

A recent study by a city of 200,000 residents concluded that a computer upgrade would cost $30 million over a three-year period. Multiply that by as many as 20,000 cities and the hit to the economy starts looking significant. As we know, the only way to pay for such an upgrade involves increases in taxes, levies, and bonds. In our system, leaving those funds in the hands of the citizens has a better economic effect than trying to shove them through a bureaucracy.
From LinuxDevCenter.com: Open Source in Government: Newport News, Va. [Jan. 15, 2004]
Referenced Thu Jan 15 2004 17:10:23 GMT-0700

Yes, its a lot of money. Vendors will always complain when the government starts a project like this saying "government shouldn't be competing with private industry." But the fact of the matter is, that all that money comes from somewhere and that somewhere is your pocket. I think open source software could save government millions of dollars and as a tax payer, I like that idea.

5:13 PM | Comments () | Recommend This | Print This

Eric Knorr: Web Services Reach Critical Mass in 2004

Eric Knorr, InfoWorld's Executive Editor, has an article in CIO magazine where he predicts that Web services will reach critical mass in 2004.

A happy confluence of technology and politics has convinced me that this year will be the year when Web services begins to reach critical mass as a low-cost alternative to proprietary middleware.
From The Year of Web Services - Pundit Web Services - CIO Magazine Dec 15,2003
Referenced Thu Jan 15 2004 10:22:57 GMT-0700

Eric believes that security and performance have been holding Web services back and two recent developments make those issues tractable:

  • MIPs are always getting cheaper and IT budgets are loosening up.
  • XML firewall appliances and other intermediaries are making the job easier.

Security is tractable, but requires compute power. Network performance issues can be overcome through compression, but again this requires compute power. We can solve that through faster machines or special purpose appliances.

I think Eric misses an important hurdle and that's interoperability. In the face of what many IT shops see as a blizzard of half-baked standards, most just decide to wait. This issue comes up in the question and answer period every time I give a talk on Web services. People are uncomfortable with what they see as an only semi-stable standards future. I think Web services intermediaries play an important role here by "standards proofing" a project. With versioning and the ability to translate multiple standards into each other on the fly, Web services intermediaries provide a handy abstraction layer between different network services. Unfortunately, most IT shops don't yet sufficiently understand the role of Web services intermediaries.

10:32 AM | Comments () | Recommend This | Print This

January 14, 2004

A Terabyte for $1200

Wow! LaCie has introduced an external, Fireware/USB2.0 drive the size of a 5.25 inch disk that holds a terabyte and costs $1200.

6:03 PM | Comments () | Recommend This | Print This

Toysight

ToySight in Action (no, that's not me)
I've used my iSight for some coast-to-coast video conferences and even over my wireless Internet link, it performs well. The only drawback is not enough people have these things. Well, some haven't been deaf to the pleas of iSight owners. If you've got an iSight camera attached to your Mac and have been wondering what to do with it, Toysight might be what you're looking for.

Toysight is a collection of games that you play by standing in front of your iSight camera and using your hands to control virtual sliders, buttons, and menus on the screen. The free demo only has one game enabled, but it was fun just to see the technology in action. Kind of feels like Tom Cruise in Minority Report. Close the door before you start playing or you'll get some funny looks from people since it appears that you're doing a funny dance in front of your computer to what is undeniably computer game music.

In the demo game you use two hand controlled sliders to guide a sky diver toward a target on an island. Other games include one where you wave your arms to throw pies at monkeys before they can hit you with bananas. In another you move your hands to lob fireballs at pirates. This article on the Apple Web site, gives a good description of the games that are included and includes a Quicktime trailer. There's also some bonus features:

Select the Toy Box and apply a variety of filters to the video, such as a ghost mode that gives you a spooky appearance, glow effects that make your hands shimmer and give off stars as they move, and a wormhole that creates distortion.

When everyoneâs arms get tired, have the Party option display the filters randomly while playing the dance music that accompanies the games. Or if you and your pals would rather make your own music, select the Laser Harp and touch the beams to play a series of ethereal notes. Reach high to make them louder. Turn it into a game to see who can play the best concerto.

From Apple - Games - ToySight
Referenced Wed Jan 14 2004 14:37:21 GMT-0700

At first the interface takes some getting used to and you have to play a bit to get the feel of it. You also lose control of things like sliders because you get no feedback when you're no longer "in contact." I found that I had to check every so often because I'd keep dropping the slider and couldn't figure out why the game wasn't behaving. Even so, my nine year old son was able to get the hang of the controls in about 15 seconds and was soon operating it without any trouble. The game is easier to see if the camera is pointed at a clean surface, but background clutter didn't seem to affect game operation. The software does a scan of the background first and subtracts it out of the images for control purposes.

ToySight brings you into the game because you have to move around to make things work. This concept could be expanded to create games that result in real exercise. You can envision multiplayer games that have you competing with others around the Net in a virtual world. Imagine a ToySight enabled Halo where real world conditioning played a role in how well you could play. Instrument an old treadmill and for less that a few hundred bucks, you've got a pretty realistic VR game set-up.

2:42 PM | Comments () | Recommend This | Print This

Web Services Wish List

Bob Sutor over at c|net has a Web services wish list:

  • Widespread adherence to the Web Services Interoperability Organization's Basic Profile for Web services
  • More customers using Web services specifically to improve their operational efficiency
  • Expanded use of Web services for better information, better order taking and faster delivery
  • To hear about a merger or acquisition that took place largely because the parties concerned felt that Web services would help them rapidly integrate the businesses

I agree that adhering to the basic profile is an important step to more widespread interoperability, but that's also one of the benefits of using a Web services intermediary. The last three look more like sentinels to me; milestones that can be used to determine the success and penetration of Web services into the enterprise. I'm looking for a few things, not necessarily earth shattering, but important to me, at least:

  • I'd like to see more and better understanding of what it really means to talk about Web services as a network-based operating system. What basic service out to be provided as building blocks to larger service-oriented architectures? I don't think we've thought about this enough and I'd like to see more discussion of it.
  • I'd like more applications to use Web services, in even little ways. For example, I use NetNewsWire as an RSS aggregator. Wouldn't it be nice if it had a little Web server inside that supported POSTs for adding subscriptions and GETs for retrieving my OMPL-formatted subscription list? Why not a plug-in architecture that works with the Web server so that I can author my own Web-based extensions?

What are you wishing for in Web services?

10:01 AM | Comments () | Recommend This | Print This

Bluetooth as Magic

Chad Dickerson has a great story in InfoWorld about using his laptop and Bluetooth connected phone to rescue a damsel in distress.

Everything was in place for my finest CTO moment ever. In my most authoritative and reassuring voice, I said, "Don't worry, ma'am, we'll get to that e-mail."
From InfoWorld: Bluetooth to the rescue: January 09, 2004: By Chad Dickerson
Referenced Wed Jan 14 2004 08:22:09 GMT-0700

The article concludes with a passenger next to the woman being totally amazed that she was online onboard:

The military guy turned around to everyone around him and announced, "Hey everybody, this woman over here is on the Internet and I don't see NO WIRES!" He waved his hands around an imaginary computer, like a magician performing levitation. His gestures were met by nods of amazement all around. At that moment, it seemed as if everyone in the plane was leaning in to see the magic.
From InfoWorld: Bluetooth to the rescue: January 09, 2004: By Chad Dickerson
Referenced Wed Jan 14 2004 08:24:42 GMT-0700

This is the same reaction I get when people find out I'm connected to the Internet using the phone in my pocket. At some point, it will be no longer noteworthy, but I'll still find it amazingly cool.

8:26 AM | Comments () | Recommend This | Print This

January 13, 2004

Insyte Conference

Brigham Young University's Rollins eBusiness Center is hosting the insyte Conference on Feb 6th. The agenda includes a keynote address by John Parady, CTO Kelley Blue Book and panels on "IT Strategies: Managing Your IT Investment as Technology Evolves" and "IT Security: What You Donât Know Can Hurt You." The conference is relatively inexpensive and a great way to meet and talk to other IT executives from around the area.

3:39 PM | Comments () | Recommend This | Print This

State CIO Hurdles

Tom Davies column in Governing magazine discusses the things that new public sector CIOs struggle with when they've been used to working in the private sector. Reading the issues was a trip down memory lane. I think they all must be reading my blog. :-) Here's some of the issues that they mentioned:

Not surprisingly, no one mentioned the legislature, legislative staff, or the the press. There are some things you don't talk about until after you leave.

1:55 PM | Comments () | Recommend This | Print This

Amazon as Platform

According to a story in Roll Call, Amazon will provide a means, starting Thursday, for you to make a direct donation to your favorite presidential candidate using your Amazon account. Amazon apparently worked out a deal with each campaign over the last month. The cost of developing the program and the processing fees are being paid by the presidential campaigns. Many will see the benefit to the presidential campaigns, but there's an upside for Amazon as well.

This is an interesting example of Amazon exerting its transaction processing muscle in ways that go beyond books and other merchandise. Clearly, Amazon's position as one of the premiere merchants on the Web is undisputed, but this build upon that and plays to the "Amazon as platform" strategy which make Amazon a competitor in the payments and transactions space. I wonder how much longer it will be before they federate their ID system and allow other Web sites to let me log in using my Amazon credentials.

8:44 AM | Comments () | Recommend This | Print This

January 12, 2004

Wi-Fi and Wardriving Still Draw Interest

I was interviewed last week for a spot that aired today on KSL radio. I didn't hear it, but I've had a few people comment on it. The topic was Wi-Fi security and wardriving. Those are still topics that hold a lot of interest for a lot of people. Two of the most heavily trafficked pages on my web site talk about Wi-Fi antennae. Even more than a year after they were written they still show up in the top pages visited almost every single day. Most of that from Google.

The message I tried to get across was simple: for most purposes, Wi-Fi can be made secure with a little knowledge and work. Right now, most small businesses are either scared to death of Wi-Fi or blissfully ignorant of any security concerns whatsoever. All I'm preaching is a middle ground. If you're considering installing a Wi-Fi network and would like to make it secure, drop me a line and I'll hook you up with one of my friends who installs these things for a living and can make it work securely. Its certainly worth the small amount that it costs to do it right.

10:43 AM | Comments () | Recommend This | Print This

Build Your Own Web Services Value Added Network

My latest InfoWorld article is about Flamenco Network's Web Services Manager (WSM):

A cursory review of WSM's features and architecture wouldn't distinguish it greatly from a number of other WSI products. But WSM's heritage as a VAN means it's got flexibility in its blood. This will come in especially handy for enterprises that expect significant future growth and want their Web services to expand with demand. National Student Clearinghouse (NSC), for example, used WSM to create a Web services interface to its system for verifying student records. NSC currently services thousands of higher education institutions, but envisions selling verification services to HR departments across the country, a market that could eventually reach the hundreds of thousands.
From InfoWorld: Web services management benefits from Flamenco's VAN roots: January 09, 2004: By Phillip J. Windley
Referenced Mon Jan 12 2004 08:43:17 GMT-0700

My conclusion after looking at numerous Web services intermediaries (WSI) over the past year is that they are all different in some significant ways, but you'd never know that from just looking at the feature lists on the spec sheet. What really set Flamenco Networks WSM apart in my mind was a combination of two factors:

  1. Self-provisioning for Web services partners
  2. You own the network

The first is important if you envision conducting Web services transactions with more than a couple of dozen partners. You probably don't want to hire enough people to maintain a network of hundreds or thousands of partners in the absence of this feature. The second is vitally important to some companies, and doesn't rate a passing nod from others.

8:56 AM | Comments () | Recommend This | Print This

January 9, 2004

Tim's Digital Democracy Teach-In

Tim O'Reilly writes about the Digital Democracy Teach-In that we're putting together for the first day the Emerging Technology conference. There are sessions on the following topics:

  • MoveOn: Bringing Ordinary People Back into Politics
  • Internet Campaign Magic
  • Advocacy as Application
  • Effective Political Blogging
  • Electoral Democracy
  • Meetup and "On the Ground" Organizing
  • Electronic Voting and Transparency
  • Emergent Democracy Worldwide

2:44 PM | Comments () | Recommend This | Print This

Navy Testing Blogs for Team Communication

The Navy is testing the use of blogs in team communications.

The blog is one of 12 pilot programs, selected for funding from a field of 120, for demonstration through the DoD Rapid Acquisition Incentive-Net Centricity (RAI-NC) initiative. The RAI-NC, managed by the office of the Pentagon's chief information officer, aims to demonstrate processes to speed up the development of net-centric, "transformational" approaches to defense technology development and acquisition.
From ScienceDaily News Release: Blog, Blog, Blog: The Navy Tests Web Logging For Team Communications
Referenced Fri Jan 09 2004 13:44:19 GMT-0700

1:44 PM | Comments () | Recommend This | Print This

Xquery, Meet the Web

Mark Baker wonders if XQuery shouldn't be able to work using GET. Mark is responding, at least in part to a post by Dave Orchard about XQuery and the Web. Dave says at one point:

The ability to compare URIs is crucial for caching., hence why so much work went into specifying how they are absolutized and canonically compared. But clearly XQuery inputs are not going to be sent in URIs, so how do we have cachable XQueries gven that the query will be in a soap header?
From Dave Orchard's Blog: Xquery: Meet the Web
Referenced Fri Jan 09 2004 13:11:52 GMT-0700

If you look at some sample Xqueries you'll see why Dave says what he does. XQuery is not the kind of thing you can imagine being encoded in a URI in a way that humans can write it and know what it means. Its just too verbose. You'd have to serialize it and, to my mind, that defeats the purpose.

So that leaves us with two real choices:

  1. Clearly XPath queries can be put in URLs.
  2. We can continue to encapsulate verbose, general-purpose queries like we've been doing for almost a decade on the Web and then reference them in URIs.

I wonder if general purpose queries are the right things to be in URLs anyway. If all a GET does is give me access to the SQL engine through the Web, then the designer of the system hasn't really done much for me. Most Web facing data sources have some purpose in mind and encapsulated queries are one of the ways that the system designer adds value to the data source. If that were not true, we could all just get along with an SQL shell for everything.

1:27 PM | Comments () | Recommend This | Print This

January 7, 2004

SCO Shunned at OSBC

I heard an interesting story today. Seems that the organizers of the Open Source Business Conference had originally invited Darl McBride of SCO to speak in the interest of fairness, but then when the antics got going, uninvited Darl to avoid the circus that that would surely entail. That was a while back and all has been quite---until today.

This afternoon, SCO called up an OSBC organizer and offered a $40K sponsorship. That's $10K above the Platinum sponsorship which is going for $30K. SCO wants to speak in a bad way. Actually, I think more than a chance to speak, they want a press release that says they're going to speak at the Open Source Business Conference. In any event, OSBC turned them down and they won't get their wish.

8:10 PM | Comments () | Recommend This | Print This

Your Personal Tivo

If you like TiVo, but really want more freedom to tinker than TiVo gives you, head on over to MythTV, a homebrew personal video recorder (PVR) project. I have a friend who has MythTV server (running on Gentoo Linux) in his attic with 1Tb of storage and diskless front end systems based on VIA EPIA-M motherboards. He can store almost a year of TV or 1000 movies and watch them anywhere in the house. After all, its just data.

10:34 AM | Comments () | Recommend This | Print This

Letting DNS Loose

Paul Mockapetris, the inventor of DNS has written an article at CircleID called Letting DNS Loose about extending DNS to handle the same tasks ENUM -- mapping names to phone numbers. Of course, thats just the start, why not extend it to do RFID mapping and so on. Paul's point is that we don't really need to build a whole new infrastructure to do most of what needs doing and re-using the existing infrastructure isn't just cheaper, its proven. As Paul points out, the issue is political, not technical.

10:24 AM | Comments () | Recommend This | Print This

January 6, 2004

IT Governance

When I became CIO for the State of Utah, one of the things for which I had very little appreciation was how much time and effort went into governance issues in a large organization. Before my stint as CIO I'd been CTO of a company I helped create and had hired nearly everyone who worked for me. As we built the organization, we also built and shaped the vision. People naturally understood the business because they'd seen it develop and had crucial roles in making it work. Further, while we'd had our share of culture problems, we'd handled these on-the-fly and with decisiveness. When decisions needed to be made, we made them and things worked marvelously.

I soon found out that the State was a different animal altogether. There were, of course, differences between the public and private sectors, but over and above those, the organization was an order of magnitude larger than what I'd been doing and there was what I call a "legacy lethargy." Moreover, IT was organized in a decentralized fashion so that no one really had the authority to make many important decisions, even when there was clear and imminent risk.

For example, at one point, for a period of about two months, a wireless network was set up in the Capitol with no access control whatsoever. Anyone with a laptop and wireless card could come to the Capitol and surf the net at taxpayer expense. What was worse was that the network had been set up for legislators and so it was also possible to monitor almost everything they did. I knew about it almost from the beginning and yet, I was powerless to put an end to it. The network had been put in place by another organization and even though it presented a clear risk, not just to the people who used it, but the entire enterprise network, there was no process in place to review plans, audit compliance with policy, or take corrective action. In short, we were stuck by our lack of a governance process.

Governance issues seemed to take up almost all my time when I was CIO. The Governor had a clear vision for what he wanted IT to accomplish, but it was difficult to see how to move the organization toward those goals. Part of the problem was a lack of understanding on my part of how to use the organizational tools I had since they were different than the tools I'd used previously. Part of the problem was that we needed some new tools and, most importantly, an enterprise-wide vision and commitment to achieving the goals of the chief executive.

After months of frustration, we finally embarked on a process to create that vision in a large cohort of executive management, both business and IT, and determine the process by which we would govern the implementation of that vision. The process, which I'd now call the "architecture initiation phase" took over three months and involved over a hundred people in dozens of meetings. It was exhausting. Nearly everyone grumbled, including me. I wanted to build things, not spend all my time in meetings and so did they.

In the end, we created a governance process that, looking back, had many of the required features of a good governance model, but for many reasons failed to take hold. The process was a significant step forward, but it ultimately suffered from three things:

  • The resulting governance process was incomplete. There were crucial functions, such as auditing, that received very little attention, in part because they were unpopular.
  • The model lacked a clear financial structure. IT governance isn't free and resources need to be committed unambiguously for it to work.
  • There was insufficient buy-off by many of the people who had to support the process. We should have spent more time in meetings and in communicating the vision and plans.

We could have mitigated these problems had we had a better idea about what the initiation phase had to accomplish in order for it to succeed. At the time, I couldn't see the forest for the trees. I was too caught up in immediate goals and meetings to understand the true nature of what we had to accomplish.

You may share my initial lack of appreciation for governance. Over time, I've come to understand that a significant portion of a CIO's job involves standardization, training and certification, and management through policy, notifications, audits, and approvals. These may not be as sexy as building the next big system, but they ultimately are what will determine whether the large IT organization succeeds or fails.

12:12 PM | Comments () | Recommend This | Print This

January 5, 2004

Tom Adelstein on The Open Source Dilemma for Governments

In an essay on the failure of governments to use Open Source Software (OSS) and open standards, Tom Adelstein bemoans a situation that I understand only too well:

Recently, I received two requests to assist a local government and a university in the same area of deploying justice databases. The requests involved implementing a new, comprehensive application to provide services and a tracking system using a web-enabled database-driven application. The requirements of the applications seemed simple and with the use of the Global Justice Data Model, I estimated delivery within 90 days. In both instances, the people controlling those projects dismissed implementation of the standards-based model.

What should one do when government entities miss their opportunities and disregard new standards? The general public realizes the time pressure to meet new homeland security objectives and want fast progress. Those who make information technology decisions today can effect the public safety in the near future.

No enforcement agency exists as yet. Here's even more of a rub: The local government unit will spend $125,000 on an existing software system which will face deprecation within two years. The university may fail to deliver on the second phase of its implementation.

The cost could have come in at $45,000 using Open Source Software (OSS) such as Linux or FreeBSD, the Apache Web Server, the MySQL relational database and a combination of the Java program language, Perl, PHP and/or Python. Such systems exists in Rhode Island and at the US Census Bureau, if one needs a precedent. Additionally, the same $45,000 would have paid for both systems and if others wished to deploy it, no further costs would exist for them. Finally, the money to build the system would have come from existing public funding.

From The Open Source Dilemma for Governments
Referenced Mon Jan 05 2004 21:09:37 GMT-0700

Tim goes on to speak specifically about the Amber Alert standard and the relative costs of an OSS solution and a proprietary solution. I have a whole PowerPoint deck on a national alerting system that I put together a year ago. There's a desperate need and properly implemented, it fills more needs than just Amber Alerts. Imagine point specific alerts based on your personal information from multiple players delivered to you and way you like. The trick, is not building it---as Tom points out, its fairly cheap if the expense is shared---but operating it in a secure and reliable manner. That's where the money is.

9:17 PM | Comments () | Recommend This | Print This

Holiday Reading: Three Looks at Today's Technology

I spent a fair amount of time over the holidays reading. Some, like The Da Vinci Code and Teeth of the Tiger were just for entertainment. But others, while fun, were more for education. Three of the books I read in the latter category were Smart Mobs by Howard Rheingold, ME++ by William Mitchell, and Natural-Born Cyborgs by Andy Clark. In some ways these are all the same book, just with a slightly different perspective. They even contain some of the same stories. Even so, the perspective that each author gave the topic held my interest.

cover Howard Rheingold's been the editor of several culturally important media properties such as HotWired and The Whole Earth Review, and he has a hist