« April 2004 | Main | June 2004 »
May 28, 2004
.NET at DABC
Dave Fletcher has a report on his blog about some of the technical choices by Utah State IT departments. He reports Brad Brown at ABC is pushing .NET while other departments are moving toward more Linux (which, with the Mono project could still be using .NET, of course). I think this is instructive.
Brad runs one of the most heavily retail environments in State government. He's got stores and a warehouse. Most of his infrastructure is built on Windows because the business driver, supporting retail operations, pushed them in that direction. In that environment, it makes perfect sense to invest in .NET on the back-end. There's tremendous leverage there.
I've long held that large organizations are going to have a difficult time saying "we're a .NET shop" or "we're a J2EE shop." Most IT organizations are going to be both. The beautiful part is that it just doesn't matter. With SOAP and WSDL, I can integrate a .NET app just as easy as I can integrate a J2EE app. So, I think Dave's right about standards, but I think the State can move beyond thinking about a standard on development platforms and get to a true reference profile that says "no matter what development platform you use, here's the standards you'd better be prepared to support."
An example of why this works is TCP. Back in the day, there were big arguments about what hardware to buy based on what network you used. Now we buy any hardware and know it will talk to the network. TCP solved these problems at one level in the network stack. Web services does the same thing further up the stack. We have the freedom to stop talking about .NET vs. J2EE vs. Whatever. That's a good thing.
2:09 PM | Comments () | Recommend This | Print This
Do It Yourself IT
Doc is talking, over at his new IT Garage, about Clayton Christensen's Innovator's Dilemma and asking how open source fits into the equation. Doc's rif is that open source is an example of demand supplying itself. That's a different model than the traditional "vendor builds and sells products--IT shops buy them" model that we're accustomed to. Doc calls it DIY-IT for "do it yourself IT." Hence the "IT Garage."
To get the DIY-IT model, however, you have to understand how its different from rolling your own accounting package, which is something we've mostly, thankfully, moved away from. In the DIY-IT model, "yourself" doesn't mean "your IT shop" so much as it means "users." Open source is about the users taking responsibility for meeting their own demands and being empowered (through distributed development tools and processes) to do so effectively.
At the CTO breakfast this morning, we were discussing the pace of change in IT shops these days and how that's necessitated a move from the old-style notion of developing ERP apps in-house to buying packaged apps. Perhaps its the other way around--the trend has enabled and increased the pace of change. We're not talking about vendor induced churn here, but needs brought to the IT shop by the business.
I see DIY-IT as another step along that path. An agile business can't afford to wait for some vendor somewhere to meet its demand. It must supply its own demand quickly, without the expense in time and money of doing custom development. Open source gives business the power to get needed systems without having to custom build them. I believe that feature, more than price, gives open source its power.
1:44 PM | Comments () | Recommend This | Print This
May 27, 2004
METAmorphosis 2004 Report
Steve Fulling was at the META Group's 2004 METAmorphosis conference this week and sent me the following report:
If there was a single conference theme it would have been "adaptive IT organizations." As Darwin put it years ago, it will not be the most intelligent nor the strongest, it will be the most adaptive. If your IT org is not adaptive, your business will not survive, period. Your IT org must be able to turn on a dime. In terms of pace of change, in the 90's each year was equal to 3-years of the 80's, and by 2006 it is expected that every year will experience the level of change seen over 15-years through the 80's and 90's. The general idea was to find ways to flourish and operate "at the edge of chaos."
The CIO and IT is rapidly becoming deeply integrated to the business, and becoming the business itself. CIO's are being given ownership of "business process" in a growing number of Fortune-500 companies. Many people are now referring to their CIO's as "Chief Innovation Officers." The lines between business and IT are blurring. It is anticipated soon public companies will begin to report TCOGS (IT expenses associated with the costs of goods sold). Every barrel of oil has $2-$3 in associated IT costs.
Web services and service oriented architectures were talked about extensively, as were standards, open systems, Linux, and extended enterprise IT computing. This is the only way IT shops will manage the level of change coming. Portfolio management and analytics were also hot topics. Business process management was discussed in detail as it relates to Sarbanes Oxley (SOX), in order to keep your CEO and CFO out of jail.
The concept of knowledge workers, and the associated IT needs were discussed as it relates to the many collaborative tools they need. Believe it or not they even discussed e-service suites as it relates to CRM and a CRM strategy. Rather than discussing the strategy like Gardner does with the customer interaction hub (CIH), they discussed it in terms of "customer data integration" (CDI), but the concept was the same. They saw CRM more as a state of mind than technology Siebel, Oracle, or Peoplesoft would install. Understanding all customer touch points will yield huge ROI's for the companies who get it, and more importantly companies that do it. All monolithic CRM packages are rapidly evolving into SOA's and components. Think of CRM as a "customer lifecycle." Business intelligence, OLAP, ETL, and data marts will be at the heart of these.
Huge needs will be placed on IT organizations in the coming years; the technology will change even faster, and all this is happening while business are coming out of a long period cost savings, into a period of aggressive revenue growth.
12:36 PM | Comments () | Recommend This | Print This
BMC Seminar in Salt Lake
BMC and ExeVision are sponsoring a seminar on Oracle high availability and back-up on June 10 from 8:30 to 11:45 in Salt Lake. I suspect that there will be plenty of opportunities for both companies to make sales, but I've found these types of seminars quite useful in the past for getting detailed introductions to how products work and what they do and BMC is a leader in this space. If you're interested, contact Rodman Likes. If nothing else, you'll get a free 10GB license to SQL BackTrack forÊMicrosoft SQL Server.
11:14 AM | Comments () | Recommend This | Print This
May 25, 2004
Going Tactical
When human beings are faced with unfamiliar situations, their natural reaction is to revert to things they understand. In business, the unfamiliar causes us to stop thinking strategically and go into a tactical mode. Going tactical is a danger for CIOs who need to think strategically to achieve their objectives. Don't let the unfamiliar force you into tactical thinking. Rather force yourself to stay strategic, no matter how uncomfortable it makes you.
Of course, sometimes self-control alone isn't enough. In a crisis, our "flight or fight" tendencies take over and we sink into the fray. That's when peers need to step in give the situation context and provide clear thinking. When everyone reacts tactically, the results are often disastrous.
4:44 PM | Comments () | Recommend This | Print This
Tracking Legislation with RSS
The Utah State Legislature has a bill tracker with an RSS feed. You create a customer list of bills to track and then subscribe to the RSS to get updates in your feed reader. The only thing I'd wish for is some way to browse bills, but this is functional. There's a second application for tracking committee actions. Very cool!
4:02 PM | Comments () | Recommend This | Print This
DG.O 2004: Studying eVoting
Paul Herrnson discusses eVoting
|
Paul Herrnson, from the University of Maryland is speaking on his research into eVoting machines. Paul's work is interesting to me because he is evaluating actual voting machines. In order to get access, he's been pretty careful about his participation in eVoting debates.
Electronic voting prevents invalid ballots and provides instant election results. There are also disadvantages: digital divide issues, power failures, and trustworthiness. The most knowledgeable people are the least suspicious.
Do we want a paper record? It improves voter confidence, but adds cost and complexity. There are also accessibility issues with paper ballots.
There are ballot design variations. One theme is to organize the ballot by office. Another theme is to organize it by party row. There are also straight party mechanisms in some ballots.
The research objective was to develop general principals from laboratory test, field test, and natural experiments. They used three types of test: expert review, usability tests, and natural experiments.
Experts looked at the quality of ballots, instructions, help commands, ease of navigation, feedback on under and over voting, ease of inserting voting cards, and the adequacy of review mechanisms.
In usability tests, users try the machines while being video taped and talking aloud about their intentions. These are reviewed and compared with the actual results and users are also interviewed about their reaction.
In field test, users are timed reading the instructions, and their responses to voting machine actions are noted. A post-voting questionnaire is also given to some voters.
Natural experiments are used to access impact of the new voter interfaces and procedures on spoiled ballots, residual votes, roll-off, split-tickets, and turnout. They also analyze the impact of variations in technology, ballot formats, and procedures among states.
The anticipated accomplishments are comparative evaluations of voting machines, ballot designs, and combinations of machines and ballots. The study hopes to develop principals to guide the design of voting machines and ballot design.
2:44 PM | Comments () | Recommend This | Print This
DG.O 2004: NSF Programs Related to Digital Government
NSF Program Manager Panel
|
This morning's keynote panel was on "New Directions in Digital Government Research." The panelists were Dr. Michael Pazzani, Division Director, IIS, NSF, Dr. Suzanne Iacono, Dr. Sylvia Spengler, and Dr. Miriam Heller.
Dr. Pazzani spoke on the NSF structure and how PIs should work with NSF. There is a web site that gives statistics and other information about grants that have been given. Over the last five years the number of proposals to the IIS Division has increased from 2000 per year to over 5000. Not good news for anyone hoping for NSF money. They competition is fierce.
NSF looks at two criteria: "What is the intellectual merit and quality of the proposed activity" and "What are the broader impacts of the proposed research?" This latter criterion has been subject to some questions from PIs. He adds some clarifying questions: "To what extent does this advance societal goals?" "How will the research impact society?"
Well-written proposals that address broader impacts that are both innovative and achievable are most likely to get funded.
Suzi Iacnon is the program manager for ITR. ITR is charged with research into issues in information technology. The idea is to fund large, long projects. ITR is in the last year of a five year program as an NSF priority area. This year's focus is "IT Research fo National Priorities." The focus is on tools, techniques, systems, methods, theories, and models for large-scale integrated, distributed systems. Interdisciplinary proposals are encouraged. ITR is aiming for a 10% success rate this year (past years have been over 20%) with an average of $1.25 Million over four years. There is a direct correlation between the amount of time you spend understanding and learning about NSF and success in getting grants. Visit NSF and talk to the program director.
Sylvia Spengler is program manager for Information Integration and Informatics. III is a new program. There are two parts. The first is the Science and Engineering Informatics (SEI). Proposals in this area require both a significant problem in science as well as a significant problem in computer science that can both be addressed by the research. Collaboration encouraged. The second part is Information Integration. This includes reconciling heterogeneous data formats, web semantics, decentralized data sharing, on-the-fly integration, and so on.
Miriam Heller is program manager for Human and Social Dynamics. HSD is a cross-disciplinary program in its first year. The goal is to "stimulate breakthroughs in social science that expand the frontiers of our understanding of complex human systems at multiple scales of temporal, spatial, and organizational dimension focusing on the dynamics of cause, behavior, and decision-making by exploiting and enriching multiple disciplines." Past the buzz-words, she mentions agents and emergent behavior as examples of the kinds of things they're interested in. This year's topical emphasis areas are agents of change, dynamics of human behavior, and decision making and risk. Proposals much include at least one of the areas.
SEGR (small grants for exploratory research) are encouraged for innovative, "wild and wooly" ideas. These projects are generally higher risk than standard projects.
10:22 AM | Comments () | Recommend This | Print This
Volunteer Programmers
If you're a Karras supporter and are willing to do a little volunteer programming over the next week, let me know.
7:00 AM | Comments () | Recommend This | Print This
May 24, 2004
DG.O 2004: BPC in eGovernment
Jochen Scholl discusses business process change in eGovernment and the DG.O 2004 conference.
|
Jochen Scholl from the Univ. of Washington is speaking about his research in Current Practices in eGovernment-induced Business Process Change. The primary question of the research is:
How does eGovernment affect government business processes and how do business processes change in government differently from those in business.
Layne and Lee framework of eGovernment (PDF). The focus of this study is on vertical and horizontal integration phases of eGovernment, not information cataloges or transactions.
The study did a survey of senior public managers in New York State in 2003. The practices from private-sector Business Process Change theory that were ranked the highest (in order):
- Stakeholders - eGovernment project success depended on stakeholder inclusion
- Senior leadership support. Necessary to obtain funding and compete for scare resources. Necessary for multi-agency projects. Senior executives lose interest after a while.
- Workflow analysis. This ranked fairly high even though its more detailed than typical BPC work. "Detailed knowledge leads to better conflict resolution." Workflow analysis is more important in phase III and IV of the Layne and Lee model than in phase I and II.
- Cultural change readiness - education needed to overcome resistance. Some people felt that certain people may need to be removed from their positions in order to make the necessary changes.
- Process and resource inventory - provoked the most comments. This is instrumental in creating a shared vision. Very time consuming and so many projects are launched without doing this.
- Internal competency and Learning. This ranked fairly low. People thought domain knowledge was much more important than technical knowledge. This reflects a government culture that "government is fundamentally different than the private-sector." External experts have long learning curves.
- Consensus among citizens and officials. Broad consensus is obtainable, but not necessary. "That's what elections are for." Agencies should retain the discretion for directing the eGovernment projects.
Some summary ideas:
- Government agencies do not feel that seeking citizen consensus is important.
- Attention to stakeholder involvement appears as more pronounced and consensus seeking more frequent than in private-sector BPC.
- Longer project durations are OK
- Failure is not tolerated as frequently.
4:04 PM | Comments () | Recommend This | Print This
Software Quality and Document Management Quickies
I'm getting ready to catch a flight to Seattle for the NSF's Digital Government conference (which I'll be blogging with any kind of luck), but before I leave I wanted to reference a couple of articles that are related to the discussions going on in the Ask Phil Forum. The first related to document management and the second to software quality.
The March issue of Baseline has a series of articles on software quality and even recounts instances where people have been killed by software flaws.
On the issue of document management, the May issue of CIO Insight discusses IT systems for Sarbanes-Oxley compliance. One article in particular ddiscusses the technology of document management and gives some good advice on choosing a document management system.
7:33 AM | Comments () | Recommend This | Print This
Bill Gates on Blogs and RSS
Did Bill Gates telling the CEOs in attendence at Microsoft's eighth annual CEO summit about blogging and RSS really chance things? I suspect most of these people had heard about blogs and RSS before. What they hadn't heard was a seeming endorsement by one of the world's leaders of technical change. After all, love him or hate him, you have to acknowledge that Bill has a nose for capitalizing on technical trends.
They all heard Gates describe blogs and RSS feeds as tools that "make it very easy to communicate" with customers, suppliers and employees.
The result, according to New York public-relations executive Steve Rubel, is likely to be a number of meetings of executives and their PR people and IT managers to explore this "blogging thing Bill Gates talked about." Rubel, of CooperKatz &Co., also wrote Friday morning, "The blogosphere changed. It feels very much like 1995 all over again."
Gates' endorsement of blogging, Rubel said, is likely to lead to more businesses using it: "Bottom-up business communication will only gain steam here." But there's more to the story. Gates' comments were also "a veiled declaration of war on Six Apart, Userland, Google and anyone else who makes blogging tools." Rubel's blog is called MicroPersuasion.From Did Bill Gates shake the blogosphere? :: AO
Referenced Mon May 24 2004 07:19:08 GMT-0600
7:19 AM | Comments () | Recommend This | Print This
May 22, 2004
Skype's Business Model
There's a good write-up over at Jeff Pulver's blog of Nikolas Zennstršm's talk on Skype's business model at VON Canada 2004. Jeff has a picture of a slide that shows Skypes cost of adding a news customer as $0.001 while Vonage's cost of adding a new customer is $400. Huge implications in that, of course.
8:45 AM | Comments () | Recommend This | Print This
May 21, 2004
Marist University Becomes First OSDL Higher-Education Affiliate
OSDL is the Open Source Development Lab, a non-profit organization founded by Computer Associates, HP, Hitachi, IBM, Intel and NEC in 2000 to sponsor Linux initiatives targeting telecommunications and corporate desktop markets. They have three affiliate labs. The newest is Marist University which will make a top-of-the-line IBM mainframe available to Linux developers for testing and developing qualified purposes.
4:35 PM | Comments () | Recommend This | Print This
Utah Java User's Group Talk
I spoke last night at the Utah Java User's Group meeting on service oriented architectures. There was a good crowd there--over 60--and they asked lots of questions. All in all a very nice experience. It sounds like they've got a very interesting upcoming schedule. If you're a Java user in Salt Lake City or surrounding towns, this is meeting worth attending. Here's a copy of my slides.
5:57 AM | Comments () | Recommend This | Print This
May 20, 2004
Do You Want to Be Responsible for the Code You Write?
Kelly Marshall pointed out this article in eWeek to me and asked what my take was. In the article Richard Clarke (former White House Security czar) is quoted saying that developers should be held responsible for the poor state of security in their applications:
To solve the problem, Clarke called on the government to put pressure on the software industry to develop and maintain secure coding practices.
"The reason you have people breaking into your software all over the place is because your software sucks," he told conference attendees. "I don't like the idea of 'buyer beware.' It was great in the 14th century, but I think we've moved beyond [that]."
Clarke also encouraged enterprises to get together and inform their vendors that they're not happy with the security of their software.
"Industries should establish what they want from the software industry," he said. "Let's allow these industries to get together and say what they expect. If they need an antitrust exemption for that, let's give it to them."From Clarke: Hold Developers Accountable for Software Insecurity
Referenced Thu May 20 2004 16:09:34 GMT-0600
I used to be a formal methods guy. Specifically, I built mathematical models of a computer's intended behavior and then a model of its structure and showed through mathematical analysis (i.e. proof) that the behavior followed from the structure. I did it because it was fun. I told other people I did it because it was important. That is, being able to use mathematics to analyze artifacts is one of the fundamental processes of any engineering discipline. I still believe that at some point we've got to be able to apply analysis to the problems of computer correctness, but we're not there yet. For real world problems, the analytical techniques we have now fall far short.
The problem with programmers is that we want to be "engineers" but we don't want any of the limitations or responsibility of other engineering disciplines. Being held responsible for your designs is part and parcel of any engineering discipline where the design has significant public impact. Believe me, if a bridge falls down, the engineer who signed off on it will find themselves testifying in court.
This is a topic that has been discussed for decades and yet, we're still not there. Part of the problem is that we don't really know what standards we'd hold people to. For example, if I sign off on a design for a piece of software, and a buffer overrun causes a security problem, that's not a design (i.e. engineering) problem, its an implementation problem. If the design of a bridge is good, but it falls down due to poor welds, that's not the engineer's fault.
So, how do we ensure the welds on a bridge are good? Through standards, best practices, review processes that are well understood, and so on. There is a whole body of standards and regulation that exist in other industries that just don't exist yet in software. For example, is it poor practice to use C++ even though its a pitifully hard language to avoid buffer overrun problems in? Would you testify in court that another engineer had no business using an untyped language? Probably not.
Even so, I think regulation, either self imposed or imposed by the government, is inevitable. The way those other industries got their large bodies of best-practices and processes is through the social process that results when people are held responsible for their errors. The only way to get better software is to hold someone responsible. To date, we haven't been willing to do that, but the pressure is growing.
4:24 PM | Comments () | Recommend This | Print This
May 19, 2004
Overstock.com to Test Utah's Anti-Spyware Bill
Utah-based Overstock.com announced today that it will sue Massachusetts-based online retailer SmartBargains, Inc. in the Third District Court in Salt Lake City. OVerstock.com will sue under provisions of the recently enacted Utah Spyware Control Act (HB 323), which went into effect May 3. HB 323 was sponsored by Rep. Steve Urquhart of St. George. Overstock.com President Patrick Byrne said,
"Pop-up ads have been to Web browsing what spam is to email. Within the world of affiliate marketing, such software is often called 'parasiteware' on the grounds that the companies which distribute such code and those who advertise through it are parasitic on legitimate commerce: spyware hijacks not only consumer spending, but the commissions that would otherwise be paid to legitimate affiliate community. Several years ago we decided on principle to cease any advertising with such firms, and have encouraged members of the vast affiliate marketing community to respect the position we have taken by refusing to act as affiliates for sites that avail themselves of parasiteware."From Overstock.com First to Use Utah Spyware Control Law to Fight Predatory Marketers
Referenced Wed May 19 2004 21:25:24 GMT-0600
When this bill was first passed, I wondered how effective it would be. Rep. Urquhart and I discussed it briefly on the forum. I think I missed an important factor in dismissing this legislation too quickly. Unlike anti-spam legislation where it's pretty much left to individuals to fight the battle, corporations like Overstock.com care about spyware because it eats into their revenue. What's more they've can afford the attorneys to fight the battle. I'm anxious to see how this one holds up in court.
9:38 PM | Comments () | Recommend This | Print This
Comcast Internet
Comcast Internet is finally available in my neighborhood. Until now, Wi-Fi has been the only option. The installation guy came today. According to DSL reports, I've got 3425kbs down and 243kbs up. Not bad considering that its 10 times faster than my old Wi-Fi connection and costs the same. I'm loving life.
5:21 PM | Comments () | Recommend This | Print This
ACM WWW2004 Conference
The Thirteenth Internation World Wide Web conference is taking place this week in NYC. The focus this year seems to be on the semantic web.
12:06 PM | Comments () | Recommend This | Print This
Supercomputers from Linux Clusters
Building supercomputers from clusters of Intel-based computers running Linux is quickly becoming the way to build a supercomputer. Linux Networx, from right here in Utah, is one of those firms. These machines cost millions of dollars but are still one-third the cost of supercomputers built using other methods.
"The tier-one vendors don't have as much of a handle on this market as other areas," said Douglas Bone, president of Fremont, Calif.-based California Digital, which has also installed large Linux clusters for several Fortune 500 companies. Other small companies are involved in the nascent field as well.
Utah's Linux Networx, for instance, is building two supercomputing clusters based on Advanced Micro Devices' Opteron processor for the Los Alamos National Laboratory: A 2,816-processor cluster will be used to study nuclear stockpiling, while a smaller 512-processor cluster will be dedicated to smaller problems with lower security clearances. The company is also creating a cluster with 2,132 Intel Xeon processors for the U.S. Army Research Laboratory.From Makers of white-box supercomputers hit their stride | CNET News.com
Referenced Wed May 19 2004 12:00:01 GMT-0600
The c|net article lists several other vendors in this space. The trick for these companies is moving down market. There's a lot of PR value in building the second fastest computer in the world, but that's a small market. The question is "is there a market for clusters of 8, 16, 32, and 64 nodes that cost several hundred thousand?" Many of these vendors have had trouble penetrating that market and consequently may not survive.
12:03 PM | Comments () | Recommend This | Print This
RSS Feeds from Time
Time Magazine has RSS feeds including Top Stories, Most Viewed Stories, Most Emailed Stories, and Top-rated Covers.
5:40 AM | Comments () | Recommend This | Print This
May 18, 2004
RSS Aggregator for UtahPolitics.org
I run a blog on Utah politics at UtahPolitics.org that has become quite popular here in Utah this political season. I'd love to add an RSS aggregator for other political blogs that cover Utah to the site. I found several tools for displaying a single RSS feed like the feedsplitter tool producing the yellow box on the right from my RSS feed for my discussion forum. What I want however is something more like Dave Winer's http://feeds.scripting.com/. Ideally it would read an OPML file given as an argument and present latest entries from the feeds in the OPML file according to some user supplied template. Anyone have any suggestions? Leave them on the discussion board
9:32 PM | Comments () | Recommend This | Print This
Island at the Center of the World
I've been reading Russell Shorto's book "Island at the Center of the World." The book is a history of Dutch Manhattan and its affect on American history and values. I love American history of all sort and this was one of those rare books that is as exciting as a work of fiction, but is entirely factual. The books is based on recent translations of Dutch colonial records.
For anyone reading Neal Stephenson's "The Baroque Cycle," Shorto's book provides rich backdrop into part of the history of the times and many of the events will be recognizable.
Some of "The Baroque Cycle" takes place in The Netherlands during parts of this same period.
I was struck by a quote from "Letters from an American Farmer" (written in 1782) contained in the last chapter of the book that, describing the descendants of the colonists in New Amsterdam, says:
What then is the American, this new man? He is either an European, or the descendant of an European, hence that strange mixture of blood, which you will find in no other country. I could point out to you a family whose grandfather was an Englishman, whose wife was Dutch, whose son married a French woman, and whose present four sons have now four wives of different nations. He is an American, who, leaving behind him all his ancient prejudices and manners, receives new ones from the new mode in his life he embraced, the new government he obeys, and the new rank he holds. He becomes an American by being received in the broad lap of our great Alma Mater. Here individuals of all nations are melted into a new race of men, whose labours and posterity will one day cause great changes in the world.
The reason this struck me is that as I've been watching various news information regarding the Iraq war over the last year, I was proud to see US Amry generals who were Lebanese, Hispanic, African-American, Philippino, and so on. Regardless of your view on the war, that level of integration is a great thing.
9:10 PM | Comments () | Recommend This | Print This
May 17, 2004
Apple and the Enterprise
Aaron Vegh has written a piece at OSnews.com on Apple and the Enterprise. After talking about the problems that the Sassar worm caused for his employer, he says:
This isn't the first time that those widely-publicized Windows security issues have bitten this company. When you think of both man-hours trying to fix the problem, and the combined loss of productivity in a company this size, the cost must be amazing. So the question must be asked: how can this company -- indeed, any large corporation -- rationally choose to support a Windows infrastructure?
The answer is complicated, and has as much to do with inertia, ignorance and comfort level as it does with dollars and cents.From The Apple of the Enterprise's Eye - OSNews.com
Referenced Mon May 17 2004 22:14:33 GMT-0600
Aaron then gives four reasons why Apple cannot compete in the enterprise in spite of the problems Windows faces:
- Enterprise IT hates surprises
- Apple does not have a dedicated enterprise sales force
- Apple does not support dozens of enterprise applications
- No ISV channel for enterprise applications
I don't think these reasons are far off. What's more, these same problems would largely apply to Linux as well. Selling to large corporations is a complicated business. Microsoft has it covered.
10:21 PM | Comments () | Recommend This | Print This
Utah Java User's Group Talk
I'll be speaking at the Utah Java User's Group meeting this Thursday at 6pm. I'm going to be speaking on service oriented architectures and Web services middleware. I think anyone can go, they just ask that you RSVP to let them know to plan on you. I hope to see you there.
4:11 PM | Comments () | Recommend This | Print This
Connecting Stateful Session Beans and JSPs
One of the most popular desitinations on my weblog from Google is a page I put together last year on Connecting Stateful Session Beans and JSPs. Recently, I've updated the example in some significant ways and wanted to repost it. This time, I'll write an essay so that I can re-edit it without reposting.
10:55 AM | Comments () | Recommend This | Print This
SOAPScope Scrubs Up Web Services
In the world of Web services, SOAP's human-readable interactions are easy to create and debug. But to take advantage of that, you must first find a tool capable of capturing network traffic and another capable of analyzing it.
Mindreef's SOAPscope 3.0 does an excellent job at both tasks. In its most basic use, SOAPscope provides a convenient way to view SOAP messages both sent and received. With that information, developers can test and debug Web services to quickly find any potential problems.From InfoWorld: SOAPscope scrubs up Web services: May 14, 2004: By Phillip J. Windley
Referenced Mon May 17 2004 06:09:57 GMT-0600
I was originally going to do this as a preview and then come back to it later for a full review, but SOAPScope was such an easy product to use, that I just went ahead and did the full review.
At the most fundamental level, SOAPScope let's you monitor and manipulate SOAP traffic. There are plenty of products that do that, some of them are even free. What I loved about SOAPScope was the pseudocode presentation of SOAP and WSDL. Much easier to read than the XML-based syntax and, as a consequence, I think easier to get right, easier to debug, and easier to change. If they only had a Mac version, I'd be using it all the time.
6:19 AM | Comments () | Recommend This | Print This
May 14, 2004
Backing up OS X
I recently bought a LaCie 500 Gb Fireware drive for use with my TiBook. Then I bought a copy of Synchronize Pro. Synchronize Pro can be set to start up automatically whenever the drive becomes available. That way, every morning when I plug my laptop into the Firewire hub, the back-up kicks off automatically. One of the things I did was partition it so that I had a partition about the same size as the hard drive on my laptop (60Gb in this case). I have Synchronize Pro to mirror my laptop harddrive to the partition as a bootable system back-up. Of course, I checked it to made sure I could really boot from it.
4:20 PM | Comments () | Recommend This | Print This
Business Continuity Planning
Yesterday I attended the SIM lunch in Salt Lake. Michael Croy, from Forsythe was the speaker and the topic was disaster recovery and business continuity planning. This is one of the topics that every CIO knows they need to do something about, but no one really wants to discuss. When I was CIO for Utah, I tried to bring up the topic many times with business and IT folks alike and mostly got a cold shoulder. I even wrote a white paper tying it to Homeland Defense after 9/11. Still no interest. The common response was "oh, we did something like then for Y2K." As if dealing with the topic once were enough. You cannot begin to imagine the impact it would have on your life if a major disaster crippled the State's IT infrastructure. In any event, Michael made several points yesterday that caught my attention:
The primary question a CIO should ask is "How is the business mission sustained in the event of a disaster or security breach?" There are some specific issues to worry about:
- What regulatory requirements do you have to protect data and to disclose gaps in your business continuity planning that you should disclose?
- Can you recover all of your information? How long will it take to get from back-up?
- After a crisis, can you validate the integrity of your data? Will you know if its been corrupted?
- Can you confirm, through audits, logs (physical as well as online), etc. who has had access to the data during the crisis? What are your plans for security and control in the midst of the crisis?
In the end, of course, its all about risk and what you're willing to do. There are only three things you can do with risk:
- You can accept it. That is, just say "we'll live with it." This is the de facto position that not making any decision at all leads to.
- You can assign it. That is, you can make it someone else's problem. Insurance is one way to do this. Outsourcing is another way of assigning risk.
- You can mitigate it. This is what you're doing by creating a plan and developing a business continuation strategy.
Which of these is the right strategy for you depends on the risk you face. The only way to know that is to identify and document vulnerabilities and let the business side drive the analysis to prioritize the tasks and make the decisions.
As you perform this analysis, its important to appropriately assign priorities and importance. Most data and the systems that supports it become slightly less valuable overtime moving from "business critical" to "essential" to "consequential" to "non-critical." Once data has reached the "non-critical" state, it quietly becomes "inconsequential" and is disposable. The amount of money you have to spend to protect this data should be proportional to its value according to the following SLA discontinuity classification:
- Continuously availability - always available, no recovery ever necessary
- High availability - recovery takes minutes
- Transaction protection - recovery takes hours
- Traditional recovery - recovery could take days
- best efforts - no guarantees
Obviously, the further up this classification you are, the more expensive your IT investment will be.
The other day, I heard a story on NPR about the GAP taking the unprecedented step of releasing their internal audits of their off-shore factories. More and more, companies are required to transparent. How many publicly traded companies do you think there are that have material deficiencies in their business continuity and disaster recovery plans? If you know anything about IT, your answer is probably most of them. Yet, disclosure still revolves primarily around the financials. I'd bet that we see that change over the coming years and IT takes a more and more prominent role in the enterprise.
3:56 PM | Comments () | Recommend This | Print This
Fund of Funds
Two sessions ago, the Utah Legislature passed HB240 which created a $100 million fund of funds for Utah. Yesterday, after a year of legal wrangling and planning the board of directors was formed for the Utah Capital Investment Corporation, the legal entity formed to manage the fund. They'll soon be raising money. This is good news for Utah's high-tech community. Congratulations to Will West and the others on their appointments.
6:19 AM | Comments () | Recommend This | Print This
May 13, 2004
Robotics Research
The Globe and Mail has a piece on the fact that more money is flowing into robotics research. I know that's true at BYU, where there are several labs with robotics research of one kind or another going on. Somedays its hard to negotiate the hallways without tripping over a robot of one kind or another. When I was a graduate student, I managed the Robot Lab at UC Davis for two years and really want to do a dissertation in robotics, but there were no CS faculty in the area (just EE control theory types) and I decided it was too hard to create a research topic all by myself. Nevertheless, I had quite a bit of fun working on some rudimentary vision systems, force sensors and programming the PUMA arm to shake hands. That's where I learned Linux and got my first system administrator experience. A good memory.
8:34 PM | Comments () | Recommend This | Print This
May 12, 2004
Going Beyond the Firewall
Eric Knorr has an article called Guard the Application Layer at CIO Magazine. If you read it, beware--its pretty elementary. I wish it weren't necessary to talk down to CIOs about technology, but unfortunately, that's reality. CIO Magazine knows it audience. Nevertheless, there's some good advice there, like using application scanners and application-level firewalls. There's another thing you can do as well: get an XML firewall. Probably the most important thing you can do, however, is to learn how hackers work. For that, I recommend the book How to Own the Box.
6:19 AM | Comments () | Recommend This | Print This
May 11, 2004
Self-Organizing Motes
I've been fascinated by stories of self-organizing network of miniature sensors. IEEE Spectrum has a story about researchers who use a host of small devices called motes to do research on a bird colony in Maine. The motes are shaped like film canisters:
Each cylinder holds a bit of circuitry capable of simple computation and communication, plus a few environmental sensors, a battery, and an antenna. Taken alone, it's nothing special. But scatter around a dozen or a hundred or a thousand of these film-canister-sized cylinders--called motes--and switch them on, and something amazing happens: within seconds, they will organize themselves into a powerful yet stealthy data-gathering machine. Their quarry? A small and secretive seabird known as the Leach's storm petrel, whose comings and goings bird-watchers have long puzzled over but have never fully understood.From Feature Article
Referenced Tue May 11 2004 09:46:15 GMT-0600
(pictures)
Of course, the societal implications of these kinds of things are enormous. Right now, I expect that each on of these motes is both primitive and expensive. What is invariably true, however, is that within a decade Moore's law says you'll be able to buy a bag of 100 motes at Radio Shack for $25.
This is precisely the kind of things that David Brin was talking about in his book, The Transparent Society. Paraphrasing, what Brin suggests is that we probably won't get to choose whether or not these kinds of capabilities exist. Our only choice is whether everyone will have access to them or only the Government will have access to them. Its its the latter, things get pretty scary.
10:09 AM | Comments () | Recommend This | Print This
SPF at IETF
The Internet Engineering Task Force has formed a group to create a formal standard around SPF, the Sender Policy Framework, designed to reduce Spam. The group, called MTA Authorization Records in DNS (MARID), will focus only on MTA authorization and only on DNS-based mechanisms. MTA methods are concerned with authenticating the domain that the mail comes from, rather than the sender individually. As a consequence, MTA methods aren't foolproof (Spam frequently does come from domains that can be authenticated), but it cuts off a large source of Spam with no need to even transfer or read the message the first. The good news is that its likely to move fast:
The group really began talking about things just about a month ago. According to the charter, there are major decision-making milestones in May and June and a working-group document submission in August. If the process only amounted to rubber-stamping the SPF specification, the schedule would be a breeze to meet, but as I have said, there are three major proposals with big differences among them. There's no question that someone's interests aren't going to be met.From SMTP Authentication Hits Standards Track
Referenced Tue May 11 2004 09:39:53 GMT-0600
9:40 AM | Comments () | Recommend This | Print This
May 10, 2004
The Census Tiger Mapping Service
I'm not sure why I didn't know about this sooner, but the US Census Bureau has an online mapping service called Tiger that let's you input coordinates for places of interest as well as other mapping functions (like grids, regions, etc.) The service can map metro areas (here's a map of the Capitol mall the with White House and Capitol marked) or larger areas (here's a region with major cities marked). As they say on the site, this isn't intended to be a production quality Web service, so don't use it like one. But for quick maps of data, its very handy.
11:39 AM | Comments () | Recommend This | Print This
RMI and EJBs, An Introduction
Alexander Prohorenko has an article at DevX introducing EJBs and RMI. Don't be confused, its not an introduction to EJBs, but rather an introduction to RMI and how its used in EJBs. I just went over this today with my 462 class (Engineering Large Distributed Applications), so it caught my eye.
11:28 AM | Comments () | Recommend This | Print This
May 7, 2004
Deleting Spam With My Eyes Wide Shut
I've been a long time user of SpamAssassin, but hadn't updated it for some time. About 6 weeks ago, I updated it to the latest version, which includes a Baysian filter. I spent some time making sure I correctly classified Junk and other mail and trained it regularly. For the last three weeks I've been checking my junk folder to ensure it didn't throw things away I wanted and I didn't find anything. Nothing. It lets a few things through, especially when its of a type it hasn't seen before, but after training again, that goes away. So today, I took the plunge and deleted over 1000 items in my Junk folder without even looking at them. Wow!
I read mail on my Ti-Book but filter on my mail server. So, I actually train on the Mac and then transfer the results to my server using this script:
#!/bin/sh SA_LEARN=$HOME/pkgs/Mail-SpamAssassin-2.63/sa-learn JUNK="$HOME/Library/Mail/POP-pj@pop.windley.org/Junk.mbox/mbox" DELETED="$HOME/Library/Mail/POP-pj@pop.windley.org/deleted.mbox/mbox" MAILBOXES=/Users/pjw/Library/Mail/Mailboxes BAYES_DIR="$HOME/.spamassassin" SEEN=$BAYES_DIR/bayes_seen TOKS=$BAYES_DIR/bayes_toks $SA_LEARN --spam --mbox $JUNK $SA_LEARN --ham --mbox $DELETED
After that I just scp the files up to my server and it works like a charm. It may seem odd that I only look at my Trash folder as ham. The Trash folder represents the largest collection of fresh email that isn't Spam. I When I first did this I did look at all my other folders with this line:
find $MAILBOXES -name mbox -exec $SA_LEARN --ham --mbox {} \;
But after running it once, my other folders don't change often enough to do this regularly, so I'll run that line occasionally. I don't want to waste time each day looking at all the other folders and not getting any information from them. There are, of course, a lot of other configurations you might use to get SpamAssassin in the loop, but this one's pretty slick. Between SpamAssassin and the built in features of Os X, I am virtually Spam free.
10:52 AM | Comments () | Recommend This | Print This
Elegant Interface Designs in Open Source Software
Steven Garrity at Acts of Volition cites some examples of elegant interface design in open source software:
- Firefox
- Gnome and the Spatial Nautilus
- Hunting for Preferences in Gaim
He concludes with a paragraph or two discussing why the myth of the "power-user" and "average-user" is bad for interface design:
Rather than adding more and more features for the mythical ãpower userä, or swing to the other end of the spectrum and dumb-down the interface for the mythical ãaverage userä, smart developers are learning that good defaults and elegant interface design makes software better for everyone to use, regardless of their level of experience.From The Rise of Interface Elegance in Open Source Software | Acts of Volition
Referenced Fri May 07 2004 10:32:59 GMT-0600
10:34 AM | Comments () | Recommend This | Print This
May 6, 2004
The New Hackers of Democracy
For anyone who is interested in eGovernment or eDeomcracy, Doc Searls has a nice piece on the new hackers of democracy over at LinuxJournal. In the article, Tom Adelstien makes a good case for Republican's being the torchbearers of open source in government. Interesting.
9:43 PM | Comments () | Recommend This | Print This
Small Software Firms and OSS
Dan Bricklin, inventor of VisaCalc, has an excellent essay on the small software firms and the use of open source software as a "defensive marketing move."
12:02 PM | Comments () | Recommend This | Print This
Customer Interaction Hubs
Yesterday on Talk of the Nation the lead story was on Medicare's new prescription drug benefit card program. What caught my attention was the way that a government agency in a matter of months was able to put together a very sophisticated customer interaction system from a highly interactive and informative Web site to trained call center agents ready to answer questions.
If you haven't heard much about this program, there are over 70 different cards that a senior can choose from and which one is best depends on a number of circumstances including what drugs they take, where they live, if they're willing to use mail order, and so on. Seniors can call or go online and be walked through a series of questions which, if all goes well, will result in a set of recommendations in a personalized pamphlet.
Its interesting to me that a government agency could be this agile. I suspect that some of that is an "exception mentality." The program is also being pushed hard so that its available well before November elections. Of course, Medicare didn't do this themselves. They outsourced it.
More and more companies outsource their customer service. Over the years, companies that take that business have gone by various names: call center, contact center, and so on. Sento, where I serve on the board, is in the business of providing customer service for other companies, with the aim of creating as many opportunities for customers to self-service as possible. What we're seeing however, is a move toward integrating more and more of the customer touch-points into coordinated systems. Such systems not only integrate a customer service Web site with the contact agent system (including email, chat, and phone) but also customer sales tools. Gartner calls this the "customer interaction hub" or CIH.
As an example of kind of customer sales tool I'm thinking of, the other day, I was on the Comcast site trying to see if they now have service in my neighborhood (they've been digging up streets and lawns for months). I was answering various questions and getting information back from the site. I realized that there was precious little difference, either technically or conceptually, from a pure-play customer service portal and Comcast's pre-sales tool. Pre-sales or post-sales, the customer interaction ought to be coordinated and integrated to give the best experience.
That would indicate that in choosing an outsourcing partner for your customer service, you ought to also ask "can this same company help be build my pre and post sales customer portals, integrate with my CRM tools, and manage a full range of contact options with an eye toward helping my customers have a satisfying experience?" Gartner doesn't think this will happen until 2007. I think we're not very far from it right now.
11:29 AM | Comments () | Recommend This | Print This
Bad News for PDA Makers?
Rich Luhr has an article full of bad news for PDA manufacturers at AlwaysOn. When I no longer had a company to buy my PDA for me, I stopped using one and other than not having something to play with in meetings, I haven't really missed it. My phone has all my contacts and making appointments by email is more convenient anyway. I don't think that the trend to smartphones mentioned in the article means that everyone will soon be carrying around a Treo or some other Palm-powered device. People still want small, convenient phones first and will quickly shed features if they interfere with that base functionality.
10:33 AM | Comments () | Recommend This | Print This
May 5, 2004
SuSE vs. Redhat in the Enterprise
A review of SuSE 8.0 and Redhat ES 3.0 at DevX finds SuSE the clear winner.
9:35 PM | Comments () | Recommend This | Print This
Philip Greenspun on Open Source Economics
In a recent IT Conversations, Philip Greenspun talks about the economics of open source. Ars Digita, a company he founded, was built around an open source platform. He makes two interesting points about open source:
- Control of the code base and the ability to add things to the source release is one lever that a company can use to extract money from open source. Companies will pay to have changes incorporated into the code so that it doesn't have to be re-customized each time a new release is made.
- When your based on open source, you have to keep costs down because open source does not allow the margins that closed source does for a simple reason: if you get too expensive, the client will hire someone else to make the modifications to your source code.
11:04 AM | Comments () | Recommend This | Print This
Riding Radio Waves
Baseline has an article on the use of RFID in theme parks.
Baseline has learned that Walt Disney Co. is planning to use radio waves to track assets such as laundry, beverages and bus shuttles that ferry visitors around its parks. The Disney pilots are in the early stages--the company in some cases hasn't even selected a tag vendor yet--but the company does plan to use radio frequency identification (RFID) tagging throughout its parks.
Disney would not comment, and details about pilots by the company and other theme park operators are sketchy. Oklahoma City-based Six Flags Inc., however, did confirm that Memorial Day will kick off pilots at four of its water parks in Atlanta, Los Angeles, Dallas and Jackson, N.J. Six Flags plans to give patrons wristbands with chips that emit radio waves. The wristbands can be loaded up with the digital equivalent of cash. Instead of digging through wet dollar bills, park visitors swipe their wristband past a reader and have an amount deducted from their stash.From Riding Radio Waves
Referenced Wed May 05 2004 10:51:32 GMT-0600
I'm always amazed at how technology never rolls out how you'd think. This is convenient for users and gives the park great feedback on how rides are used, when and by who. I think the article makes an important point when it says that the difference between supply-chain uses of RFID and theme park uses is that supply-chain RFID is a way to drive costs down whereas theme-park RFID is a way to drive revenues up. That distinction is often useful for analyzing technology deployment. People with a way to drive up revenue will overcome obstacles and put up with early stage inconveniences that people merely trying to save money will not.
10:57 AM | Comments () | Recommend This | Print This
May 4, 2004
ENUM: Electronic Number Mapping
One of the pieces of infrastructure that makes all kinds of networks work and yet gets very little attention is the directory. Directories are big business. For example, there's directory of telephone numbers run by NeuStar, Inc. NeuStar has annual revenues of $92 million. Now, accoring to Light Reading, AT&T Corp. and MCI Inc., together with unidentified cable companies, telephone companies, and ISPs are preparing to form an LLC that will run a process to define a new company that will run ENUM.
The ENUM directory is the infrastructure that will link phone numbers to URLs, and thus IP addresses. ENUM is crucial to the development of widespread VoIP services. The ENUM directory promises to be more lucrative than NeuStar's business, so I'm sure there will be some hard fought competition to win the ENUM contract. In general, I think there's missed opportunity in directories and not enough businesses fully develop the potential of the directories under their control.
9:21 AM | Comments () | Recommend This | Print This
Wavetronics
The Deseret News did a piece today on Wavetronics, a BYU spin-off. Wavetronics makes radar based traffic monitoring systems. I know one of the guys over there pretty well and I've followed them for a while. This is a pretty good business to be in because building roads is expensive and so IT applied to making traffic flow better can have some big pay-offs.
8:28 AM | Comments () | Recommend This | Print This
May 3, 2004
Online Sex Offender Registries Causing a Stir in California
Online sex offender registries are an interesting eGovernment application because they seem to be the focus of most of the major eGovernment issues. I've written before about transparency and sex offender registries when I was Utah's CIO.
The primary reason for eGovernment in my opinion is giving people access to the information they need to be informed participants in government, but there are other uses as well including distributing government services and simply giving the public information that they've paid for with taxes and can use in some way. Its into this latter area the sex offender registries fall. The fact that someone has been convicted of a felony is public information. People want to know about convicted sex offenders who live nearby. eGovernment fills the gap.
A Wired Magazine article says that even though California has the highest number of sex offenders in the nation (who'd have thought?) they have no online registry. The California Legislature has failed to approve one year after year. One of the reasons cited by the article for the legislative reluctance is bad data.
Like any large organization, governments suffer from data neglect. Utah has an advantage over California in having good sex offender data because we're smaller and have a single IT entity that manages data for the Dept. of Corrections. Consequently, Utah doesn't suffer from having multiple databases with incompatible schemas. Cleansing the data and keeping it accurate is a manageable problem and there's one group responsible.
On the public policy side, the ACLU is opposed to online registries for two reasons:
"We're opposed to online registries for two reasons," said Francisco Lobaco, the legislative director of the ACLU in California. "First, it heightens the risk of harassment and discrimination of those who have already served their time. Second, it fails to consider whether the individual continues to pose a risk to the public."From Wired News: Sex Offenders Hounded by the Law
Referenced Mon May 03 2004 13:21:30 GMT-0600
This raises some interesting questions. Suppose you concur with the ACLU, does that mean that you're opposed to the information being public in general? That is, should we not make felony conviction records public? Or should we make the public, but ensure its difficult to get the information? That doesn't seem to make much sense.
The question is broader than online sex offender registries. There's lots of public data in government. Much of it hasn't been easy to get. As the Web changes that, we're going to be forced to re-evaluate what's public and what's not. I saw this come up over and over when I was CIO. I'm afraid our gut reaction will be to make things private that have traditionally been public and with that we'll lose some of what makes democracy function.
1:25 PM | Comments () | Recommend This | Print This
FrogPad One-Handed Keypad
FrogPad's one-handed, Bluetooth keyboard
|
11:38 AM | Comments () | Recommend This | Print This
Sun's Blogging Policy
Tim Bray has published a blogging policy for Sun. There are some common sense policy positions like "don't tell secrets," but mostly its about why Sun employees should blog and how to be effective when they do.