Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Understanding RSS
Digital ID Policies
Understanding VoIP
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Friends

Mike Jones
Chuck Knutson
Kristen Knight

Copyright

Copyright © 2002-2006 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« September 2004 | Main | November 2004 »

October 29, 2004

Dvorak is Clueless

John Dvorak completely misses the point on podcasting. He thinks its about streaming from a Web site. Someone needs to fill him in.

6:45 PM | Comments () | Recommend This | Print This

Standards-Based Slide Shows

If you've been looking for a way to create slides in XHTML and CSS, Eric Meyer has just the thing for you. S5 is a slide show system constructed from CSS, XHTML, and Javascript which runs in most browsers. Run through the introductory slide show to get a feel for its features (including slide advance when the space bar is pressed and a disappearing navigation menu). All the slide content is in a single file, so once its loaded it's loaded. What's more, since its based on CSS, printable slides are constructed from the same source file automatically. I don't think I'm ready to give up Keynote and Powerpoint just yet, but for some things, this might come in real handy.

6:37 PM | Comments () | Recommend This | Print This

Graduate Level Middleware Course

I'll be teaching a graduate course on middleware (CS601R) at BYU this next semester. If you're in the area, and would like to participate, drop me a line (=windley). For more information about the class, see the about page on the class wiki.

10:56 AM | Comments () | Recommend This | Print This

October 28, 2004

DIDW 2004 Wrap-up

I'm back at home and feeling great about the trip. As usual, Phil, Andre, Eric, and Kathi did a bang-up job of putting together a conference that was well run and fun to be at. Overall the talks were good and I found plenty there to get me thinking.

I'd love to see the conference expanded along one crucial axis, however. There's not much of a developer presence there and I think that they miss a big part of the identity puzzle without it. They also risk becoming a collection of vendors, which will pay the bills, but not necessarily achieve the goals I think Phil has of this being about all aspect of identity. There's plenty of open source and other work going on that touches identity. DIDW needs to find a way to reach out to that community and mix it in with what they've got. The result could be truly electric.

7:27 PM | Comments () | Recommend This | Print This

DIDW 2004: Doc Searls on The Dawn of Independent Identity

Doc gives the closing keynote.
Doc Searls gave the traditional closing keynote to DIDW. As usual it was excellent. Listening to Doc's thoughts is worth the entire trip. Its impossible to capture the full gist of the talk, but here are some thoughts I had. I hope DIDW gets the MP3 of the talk on the net soon.

When we look at markets, we usually think of the transaction, but the exchange is only the bottom level of a market. Above that are conversations (ala Cluetrain) and above that are relationships. Federation is the relationship level of a market.

Gordon Eubanks pointed to the problem of silos, but the real silos are in our wallets. As an individual, I can't federate the relationships I have with various companies. I'm left to hope that the companies I care about get together.

Doc says "when we lost the industrial revolution (to industry) we lost the meaning of our names." Crafts we replaced by jobs, work was reduced to labor, and our occupations were reduced to positions somewhere in the org chart. The identity revolution has the power to give people back the meaning of their names.

Doc does a riff on podcasting and how it and the iPod are a response to the radio industry failing to meet the demands of the market. Lots of good stuff that I couldn't capture.

Doc wants rental car companies to compete for his business based on what kind of car he wants to drive. Right now, there's no way for that to happen, but technology could make it possible. Doc calls this "Company Relationship Management (CoRM)." CoRM is made possible by independent identity (ala i-names). CoRM can deliver on the idea that independent identities are where real marketing power comes from.

Drummond Reed shares the stage with Doc
Doc turned the mic over to Drummond Reed, the architect of i-names and Marc Canter challenged Drummond to explain how independent identity can work together with federation. Drummond asks "what are the requirements for an identity architecture where anyone can talk to anyone" in the context of creating a true CoRM system that can talk to the CRM systems that companies use.

Scott Mace talks about an important part of the CoRM problem: privacy. Scott says that its unreasonable to expect users to click thru privacy policies on devices like cell phones in a take it or leave it way. CoRM systems need a way to publish the complementary half of a companies privacy policy, that is my privacy policy. I added that privacy wasn't a thing, but a transaction. If users believe they are getting fair value for their identity information they will exchange it for what you're offering. CoRM system need to be built in a way that allows them to enter into negotiations about privacy.

Drummond says that an i-name is an independent identifier that is not attached to a specific mode of interaction or a specific company. Doc explains his fantasy about i-names: he's on the road a lot and drinks coffee a lot. He wants to talk into StarBucks with his card that is a pointer to his identity broker that can tell them that he wants a non-fat double latte. That card transcends everyone of the silos in his wallet.

Jamie Lewis says not to worry about the connection to Liberty and other protocols for individual identity. Develop the solar system (i.e. the mass of customers that will make big guys pay attention) and the relationships will form. The one thing big companies have figured out is that there will never be one way to do things.

12:23 PM | Comments () | Recommend This | Print This

DIDW 2004: Federated identity Provisioning Panel

Federated identity provisioning panel: Archie Reed, Howard Ting, Chris Ceppi, Ranjeet Vidwans, and Justin Taylor (l to r)
In this morning's panel on federated identity provisioning, the subject of privacy and federation came up. Archie Reed, of HP, talked about the current state of affairs wherein the attributes that make up your digital identity are stored in thousands of databases all over the net. Think about how many places your birthday, address, and even credit card number are stored. These databases are maintained by people who are competent, incompetent, or even malicious. Chris Ceppi of Ping ID made a good point: federation doesn't necessarily keep applications from storing your attributes in a local database, but it does open up the possibility that those attributes can be queried, using SAML, for example, and then thrown away after use. This scenario not only eliminates duplication, but increases accuracy and privacy. We've all come to see the benefits of linking to things and application on the net and calling them when we need them rather than storing everything locally. Federated identity opens this same possibility for your identity attributes and that's definitely a step in the right direction.

10:39 AM | Comments () | Recommend This | Print This

DIDW 2004: Justin Taylor on Identity Driven Computing

There were three sessions I wanted to attend this morning. I knew that Linda Elliot's session on compliance would be a good one and probably have some information I could use, but in the end I opted to go to Justin Taylor's session on identity driven computing.

Justin opens with the usual schtick that you hear opening talks at DIDW (including mine) about how today's ID systems are siloed with different protocols, standards, tools, and management styles. There's no common paradigm among the various vendor products and trying to get them to work together is an exercise in frustration.

Justin wants identity to go beyond "carbon-based life forms" and apply the things we've learned about managing human identity to documents, servers, and other resources. He defines digital identity as the "distinguishing characteristics of an entity in a digital system." He says "an identity is the sum of its attributes." This of course is not meant to be deeply philosophical, its just a practical realization of what we're really talking about when we speak of digital identity.

Viewing identity this way allows you to create a lifecycle for the identity and that allows you to manage it.

The identity driven computing model is a common set of services utilized by today's, as well as next generation systems and applications to manage the behavior between all the identities in your enterprise to address the challenges of business. These services are integrated through a service oriented architecture. This idea relies on loosely coupled directories.

Justin applies this to home-based identity. Is there a place for holistic identity management in the home? Every DVD player has different parental control locks but they're all different and unmanaged. This is likely to proliferate over time. Can identity management be made "consumer friendly?"

Justin speaks to the centralization-decentralization debate. He uses policy as an example of something that has to be centralized (for regulatory compliance, for example) but must be decentralized in its use. This is not an either/or kind of thing, but points out that there are different activities that take place everywhere along the centralization spectrum.

Decision that use identity must be made in context. Context is the sum of the human, the device, and the application or resource. Knowing the attributes of each of these identities allows intuitive policy management. SAML allows this, although its not typically used in this fashion.

Justin uses the example of an executive accessing corporate financial data from an iPAQ over the net. The CEO has declared that "access to financial data restricted to Sr. VP or higher" while the CSO has declared "access to financial data restricted to desktop or laptop." These two different policies need to be applied together even though they're created separately.

In the end, I'm not sure Justin lived up to the billing of "identity driven computing" to the extent I'd hoped. The talk was good and the information useful, but this was more of an analyst's talk that a technical talk. I think that's what I was hoping for.

9:47 AM | Comments () | Recommend This | Print This

DIDW 2004: A Few Technologies that Interested Me

You already know that I liked the Identity Commons and i-names. There were a few other technologies I ran across at the show that I liked as well. Briefly, here they are:

  • Core Street makes technology for controlling physical access, among other things. What I thought was cool is that they use smart cards (their vendor agnostic) as a form of sneaker net to carry revocation lists, access changes, new certificates and so on from lock to lock. This allows them to put smart card access-controlled locks on places that can't be networked (like the door of an airplane cockpit) and still keep it up to date. I think that's very clever. As an aside, the CEO of Core Street, Phil Libin writes a weblog called Vastly Important Notes.
  • sxip Networks (pronounced "skip") is a person-centric identity company, giving people the ability to manage an identity that can be federated across multiple sites. Once you create a sxip ID at your home site (which could be your own computer), you can use it to log into any sxip membersites. There's a demo on their site which you can use to actually create a sxip ID and then use it.
  • Midentity is a British company founded by Simon Grice. I met Simon and heard about Midentity last year at DIDW 2003. Midentity allows you to create identity profiles and then share them with others. Midentity did the attendee list for DIDW 2004 and I've used it already to contact some people at the conference who I didn't have email addresses for. I wish O'Reilly would do this at their conferences instead of the printed page of names and addresses.

There's plenty of other companies here at the show and I'm sure they've got some good tech, but these seemed particularly innovative and interesting.

8:51 AM | Comments () | Recommend This | Print This

Doc's Got an I-Name

Doc Searls has an i-name, =searls. Doc hopes this will "finally give us what I call The Fully Empowered Customer."

7:22 AM | Comments () | Recommend This | Print This

October 27, 2004

DIDW 2004: Trusted Computing

I'm in Dan Gillmor's session on "trusted computing." Dan is a great choice to moderate this discussion. His blog is Dan Gillmor's eJournal. The panel is Geoffrey Strongin (AMD), Lark Allen (Wave Systems), and Denise Howell (Reed Smith). I met Lark when I was CIO for Utah. I've known Denise for a few years too. She does the excellent Bag and Baggage blog.

Strongin speaks first saying that addressing the problems of privacy, security, and third party trust requires changing the PC platform. He's on the Trusted Computing Group's board of directors. The point in his slide that's sure to cause contention says "Protecting data against unauthorized disclosure." This sounds good in theory, but in practice means that the PC has to become something less than a general purpose computing device. In the extreme, it becomes a player for content produced by others. The AMD architecture is being changed to incorporate trusted computing features including:

  • Isolated execution space
  • Enhanced virus protections
  • Storage sealing
  • Secure initialization
  • Secure input and output
  • Remote attestation

The latter is about delivering evidence to remote parties about the state of the computer. For example, attesting that security credentials were authenticated in an environment free from spyware.

Lark is the CEO of Wave. Lark spent several decades working for IBM and then struck out on his own. Last time I heard from Lark his company had a trusted keyboard. I don't remember the details. They've moved beyond that, it seems. Lark contends that Web services requires known identity and high trust. The former is done in a variety of methods. The latter, according to Lark comes through trusted computing. Trust is a relationship. Wave has built secure random number generators RSA key generators into a standard package (I think that's what the keyboard is about). The part is the trusted platform module (TPM) and is part of almost every Thinkpad and many HP laptops as well. The TPM is based on an open standard. The goal is to put a TPM into every platform including PDAs and cell phones.

Denise talks about "issue spotting," lawyer-speak for "how can people sue each other?" She speaks specifically about where trusted computing and the notion of fair use (from copyright law) might run afoul of each other. She cites a Lexmark case decided yesterday by the Sixth Circuit Court of Appeals as an example. Using trusted computing, Lexmark could have kept the generic ink cartridge manufacturer from interfacing with their printer--even though such an interface would be legal. Another example is the Ninth Circuit decision about P2P software. The question is "Can a third party prevent a user from doing things on their own computer that are legal?" Clearly most people would say no. So, the second question becomes "Can trusted computing cut with a fine enough knife to ensure that only truely illegal activates are prevented by third parties?"

Dan asks "Assume for the first time in history, it becomes impossible to hack into documents and applications. Are courts ready to say "you have to make things hackable to allow fair use?" Denise responds that even though that seems like an extreme position to take, the courts have been quite active in upholding fair use. Strongin says that this is a fascinating public policy issue and that the problem shouldn't be about what technology to build but should be decided in public policy.

lark talks a little more about the TPM and I understood it for the first time (even though I owned a Thinkpad with one for years, I never used it). Its like the Keychain on OS X, except that its in hardware so that keystroke logging spyware, etc. can't eavesdrop on the user actions (keyboard direct to the TPM and cryptographic functions happening on the chip). I use the keychain all the time. The note feature is handy for storing information I want to keep secure on my machine in addition to its standard use of storing usernames and passwords.

Dan asks "What keep Microsoft from using trusted computing to keep OpenOffice from reading Word documents or even OpenOffice itself from running on Windows?" Strongin says that this isn't a technology problem, but a public policy platform. Don't condemn the technology because it might be used for bad purposes. Of course, the irony of that statement is that this is precisely what the DMCA does and what INDUCE builds upon.

Strongin speaks to the issue of backdoors and says that these systems are easily breakable. That sounds reassuring except for the fact that that means that in reality all they'll do is inconvinience legitimate users rather than stopping the things they're trying to stop. Sad.

6:19 PM | Comments () | Recommend This | Print This

My i-Name

While here, I've had a chance to learn about the Identity Commons, a move to create a third party identity service. Identity Commons is committed to individual ownership of identity information and relationships. They manage something called i-names, unique names that you can sign up for and keep for 50 years (one-time fee). I signed up for one this morning. I'm =windley. The equal sign is used before an i-name to identity it as an i-name. So far, about the only thing you can do with an i-name is to create a contact page. Here's mine. Eventually, the i-name will tie to all kinds of forms of contacting a person.

I-names are based on the XRI specification. XRI (Extensible Resource Identifier) is a "new URI-compatible scheme and resolution protocol for abstract identifiers÷identifiers that are location-, application-, and transport-independent, and thus can be shared across any number of domains and directories. The XRI 1.0 specifications were published in January 2004 by the OASIS XRI Technical Committee."

I've got no idea if this will ever go anywhere, but I think interesting and support it $25 worth.

11:46 AM | Comments () | Recommend This | Print This

DIDW 2004: Art Coviello on RSA

Art Coviello gave the second talk this morning. I didn't bother to blog much of what he said because you can get most of it by reading the marketing speak on RSAs Web site. It was like listening to an infomercial. He even went so far as bringing an AOL exec on stage with him at one point in a little interview setting during one part of the talk to discuss "why AOL thinks RSA is great."

One thing that they talked about was AOL's plans to offer RSA security tokens to their members. If you're not familiar with these, there's a picture of one on the right. At first blush this seems like an interesting idea, until you take it to its extreme. Imagine a world where everyone you have a username and password with wants you to carry a fob to gain access to their service. You'll need a fob bag. This is not the answer unless its coupled with widely available federation.

9:46 AM | Comments () | Recommend This | Print This

Digital ID World Photos

I have more photos from Digital ID World online if you're interested in seeing more of the conference.

9:33 AM | Comments () | Recommend This | Print This

DIDW: Gordon Eubanks on Identity Management Strategies

Gordon Eubanks discusses siloed organizations in his morning keynote.
Gordon Eubanks, CEO of Oblix is giving this morning's keynote. I've known Gordon for several years. I first met him when I was in the Governor's office and have had several occasions to talk to him over the years.

Gordon spoke to the issue of centralized management of identity in a decentralized infrastructure. What Gordon means by centralized management, it seems, is governance, oversight, and monitoring. In response to a question from the audience, he clarifies that he's not looking for go back to the days of the mainframe, but finding a way to be effective and efficient in a decentralized architecture.

There is tremendous savings in centralizing these services, but more important are issues like regulatory compliance. Policies and auditing have to be shown to be consistent with the processes you said you put in place.

9:23 AM | Comments () | Recommend This | Print This

October 26, 2004

DIDW 2004: Identity for Us

The Identity for Us Panel
I'm in the "Identity for Us" panel which is one of the few sessions that's not about identity in and between large organizations. The moderator is Doc Searls and the panel is Kim Cameron (Microsoft), Marc Canter (Broadband Mechanics), Simon Grice (Midentity), Dick Hardt (SXIP), and Owen Davis (Identity Commons). The discussion is about grassroots digitial identity, social software, identity from the standpoint of the person (what Doc calls "Mydentity"). Its a shame really that there's not more of these here. This is where the really innovative stuff is happening. I sympathize with Phil's need to build a conference and have sponsors and where that drives the agenda. Still, I wish we could have a whole track about the innovative uses of identity outside the corporation. There's plenty there.

5:42 PM | Comments () | Recommend This | Print This

DIDW 2004: Tony Scott on GM's Next Generation Outsourcing Model and its Affect on Identity

GM, through its first two generations of outsourcing, has achieved over $1 billion annual savings through consolidation and systems reduction. We are now crafting our third generation outsourcing model. $15 billion.

Tony Scott of GM discusses GM's outsourcing and digital identity strategies.

GM has a "legacy of many." We were the poster child for slow, inefficient, and costly. All that has changed. The evolution of IT in a company like GM is reminiscent of the Winchester Mystery House. The problem wasn't lack of architects and craftsmen, the problem was that Sarah Winchester lacked a plan. GM's identity infrastructure used to be the Winchester Mystery House of identity.

GM's first outsourcing effort happened when GM bought EDS. EDS essentially became GM's outsourced IT department. The was a very decentralized control of spending, no common identity system, no corporate governance. Cost was viewed by managers as "funny money." At the end of that period, GM had the highest IT costs as a percent of revenue of any car manufacturer.

In 1996, GM spun EDS out and a new IT management team was brought in. GM signed a 10 year master services agreement. GM spend about $4 billion/year with EDS in 1996, but now spends only $3 billion/year. Now GM is the lowest cost of it as a percentage of sales among car manufacturers. EDS doesn't have an exclusive contract enabling limited competitive sourcing. Governance was put in place.

In 2006, GM will open all their IT to the competitive market. GM's IT people currently manage 10,000 of contracts. The new model will reduce that number to a few dozens with hierarchical, prime contractor- subcontractor relationships. GM will have a global enterprise architecture and governance for identity allowing decentralized deployment and operation.

GM is so large that a system that is not federatable is unmanageable. It would be impossible to manage a centralized scheme for identity in this company. In the new model, GM will control access on an application by application basis and even a function by function basis rather than through a firewall.

An interesting addition in the new model: GM will require intellectual property indemnification from its contractors. This will flow through to subcontractors and suppliers. The industry is not set up to do this today.

Customs and traditions that people have in a particular country are an issue for a global company like GM. What identity means and how people feel about it affect relations with employees and customers alike.

GM does product development in dozens of countries. GM can now rollout an update to their iMan platform (digital product design suite) over a weekend due to common infrastructures. GM's product development used to take 5 years from concept to manufacturing. Now it takes 18 months. GM's new J-200 vehicle is engineered in 1 country, manufactured in 9 countries under 5 different nameplates and sold in 124.

Digital identity is the key. Required features: individual identity, permissions by application and by program, collaboration vs. protection tradeoffs, and common interoperable schemes for joint ventures, suppliers, and dealers. Identity is more than just people, its things as well. Parts of a car have identities.

Shifting focus to products. In 1970 a car had about 100,000 lines of code. In 1990, cars had 1,000,000 lines of code. In 2010, a typical vehicle will have 100,000,000 lines of code. Software and electronics now represent one-third of the cost of the vehicle. That's the largest single item.

OnStar is on its sixth generation in about seven years. That's unheard of in the automobile business. The software changes much faster than the vehicle its on. Cars hang around for tens of years. Software put into vehicles has to be supported for that period.

More than ever, people are clamoring for a seamless experience and that includes their vehicles. They want to integrate cell phones, MP3 players, and video devices with their cars.

2:01 PM | Comments () | Recommend This | Print This

DIDW 2004: Enterprise Identity Management 101

I was asked to speak by Phil Becker and Eric Nolin in the first session after the keynotes and to give a tutorial on digital identity management. I promised the attendees that I'd post my identity management slides and a link to a tutorial I wrote on digital identity standards.

1:31 PM | Comments () | Recommend This | Print This

DIDW 2004: Phil Becker on Management by Identity

Phil Becker opens Digital ID World 2004
In keeping with tradition, Phil Becker opened the conference and did a great job. He's honed these ideas over the last few years. Everytime I talk to him, I catch glimpses of new isights and this talk is a culmination of that. What follows are my notes of his talk.

You don't have to manage things until they're spread out. You don't have to worry about security until things are connected. Traditionally, we've been defensive about security, but defense can't win. Only offense can win. Digital identity is the common organizing paradigm for integrating, managing, and securing IT.

Why is the loss of lack of identity so disruptive? Because without identity, we have no ability to organize or control activity. Rumplestiltzskin taught us that identity is power. Identity allows relatively autonomous agents to identity each other, organizing interactions, apportions authority an d responsibility, and be held accountable. Identity is the framework for organizing.

Before the net, location was a proxy for identity. Access control was physical. There are no longer any proxies for the identity of the user. In a network, bastion perimeters are an illusion. You can't have a perimeter and be on the net. The perimeter must dynamically expand and contract to include mobile users. The perimeter must be porous and be opened up for more and more activities. Eventually, there are so many holes in the wall, that its no longer a wall.

Digital identity is more than

  • Authentication
  • Provisioning
  • Access control
  • Rights management

Digital identity is an organizing paradigm for distributed service oriented computing that allows it to dynamically adjust to the needs of each user. Identity management has been the first success story in digital identity. Identity management is about managing identity data and promulgating it properly. All about making sure identity data is reliable, current, properly synchronized, available, and easy to administer.

But identity management is just a step towards being able to manage by identity. This lets network computing become more dynamic while remaining accountable. Provision and web access control are early instances of management by identity.

The browser taught people the power of discovery and networking at the document level in real time. Web services and SOAs replicate this ability for applications and data. Grid computing, autonomous computing, and the like will have to be managed by identity.

Management by identity will allow computing to dynamically adjust to business and human processes, releasing new capabilities, productivity, and real-time application and data integration.

Identity management started out as a centralized identity store, then LDAP and x.500 moved identity management into a distributed architecture. This still wasn't good enough. We're moving to a decentralized architecture with delegated administration. That move is typified by the move to identity federation.

Identity federation is about loose coupling and scaled administration. Federation creates a framework for understanding the true nature of networked identity. Its not possible to pre-define all the ways users will want data and applications to be integrated. Business will require the ability to integrate on demand.

The portal is an early place where dynamic integration and management by identity is used. Portals perform virtual integration. The user's identity and needs, coupled with the policies of the application owners are the only organizing factors. management by identity is the only mechanism that honors the incentives of all the parties involved.

Regulatory compliance is a forcing function that drives the need to manage by identity. They all ask "who did what with which data when?" or "prove that someone did or did not do something." Doing this manually is nearly impossible. Identity centric techniques are the only ones that can keep up with the increases demand for auditability.

9:34 AM | Comments () | Recommend This | Print This

October 25, 2004

Podcasting in the Academy

Last week I attended a workshop on team-based learning that was sponsored by BYU. Someone brought up the idea of the instructor creating audio commentaries of books and papers assigned used in course. This naturally caught my attention because of my recent interest in podcasting.

The conversation turned to practical issues and somebody said they burned them on CDs and handed them out to the class. The very idea of burning 30-40 CDs by hand every couple of weeks was enough to give me the chills, so I asked "why not just load them on Blackboard?" (Blackboard is a content management system aimed at higher education. BYU has an instance that all faculty and students have access to.) The answer was surprising: Blackboard (at least as instantiated at BYU) has a 300Mb limit per faculty member and some were already bumping up against their limit.

Now, this isn't an issue for anyone with their own server, as would be the case for all CS faculty, but for an English professor, its a real limit. The irony of the situation, of course, is that Google will give you 3 times as much storage for free to keep your email! This is a great example of online offerings getting ahead of planned IT rollouts. Institutions frequently don't stand a chance.

Even so, I'm intrigued by the idea of using podcasting to augment classwork. The idea of audio commentary is especially appealing for my research course next semester since I won't want to take class time to go over each paper in detail and students do frequently need some kind of help interpreting research papers and putting them in context. It also wouldn't be that difficult to record lectures for students to listen to later, although I don't do a lot of traditional lecturing in my current class.

12:54 PM | Comments () | Recommend This | Print This

Off to Digital ID World

I'll be jumping on a plane and heading to Denver for Digital ID World in a few hours. Last year I flew over myself, but the weather isn't cooperating this year, so I'll go commercial. Phil Becker and crew did a great job on the first DIDW and lived up to their reputation on the second, so I'm sure it will be a fun and informative conference. If you're going to be there, be sure to say "hi." I'll be blogging the conference, as I'm sure others will as well, so follow along if you want.

8:10 AM | Comments () | Recommend This | Print This

October 23, 2004

CTO Breakfast Report

Ward Spangenberg, one of the regulars at the CTO breakfast each month summarizes some of the main things we talked about last week. We always have a great discussion and I look forward to them. If you're interested in coming, you're invited. Just show up. You don't have to be a CTO to attend, just interested in technology and business. Sign up for the CTO breakfast mailing list, if you'd like me to send you a reminder.

9:39 AM | Comments () | Recommend This | Print This

October 22, 2004

More LAMP Stacks

After see my post about SpikeSource yesterday, Andy Grolnick of OpenLogic wrote to tell me about their BlueGlue project, which is a similar idea.

7:33 PM | Comments () | Recommend This | Print This

iChat and PDF

I'm sure everyone's done this and I'm just slow, but I dropped a PDF doc into an iChat session today and it displays! Complete with scroll bar and everything. On the other end, you just grab it and drag it out of the window onto your desktop or wherever. Its really pretty slick. Pure Apple.

6:09 PM | Comments () | Recommend This | Print This

Academic Research and CS Innovation

Today the faculty received a note from the library which began:

There are 2 journals that are very expensive that I would like cancel if your department agrees. They are:

Theoretical Computer Science QA 267 .T46
Science of Computer Programming QA 76.6 .S427

They are a package from Elsevier and cost us $6,028 per year.

This note epitomizes, for me, the problem with the whole academic publishing business. It seems ludicrous to me that we continue to use this distribution model when it is (a) so expensive and (b) so restrictive in its distribution. We've created an entire ecosystem based not on what is useful and good, but on whether or not we can convince a handful of other people that what we've written is sufficiently sophisticated to publish in their journals. How did those people reach that position? By convincing earlier folks of the same thing. These journals are so expensive that no one has access to them. What's worse, the material in them is rarely online and thus are not really "available" as we understand the term in 2004.

At one time, academic journals played an important role. Research was (and maybe still is) about innovation and journals were the distribution medium as well as the ranking mechanism. They were, in some sense, the first Google because they helped solved the problem of deciding what to pay attention to. The peer review process is the academic journal's form of pagerank. Ideally, peer review filters ideas so that those worthy of being read are passed through to the readers. Often however, peer review takes on the feel of being caught up in the folk tale of The Emperor's New Cloths. The world has entered the 21st century and academic researchers are stuck in a world largely crafted in the 19th.

I love doing research and I love writing. Moreover, I love letting others hear about and hopefully get some benefit from what I do. Academic publishing does not serve that purpose, so I blog. In fact, the primary purpose academic publishing serves is to provide a metric for promotion and tenure. That's not an unworthy goal, but it is entirely artificial. When I think about the thousands and thousands of CS researchers in the 200 or so PhD granting institutions spending their time and energy to generate publications in this artificial, restrictive environment, I'm struck that society pays a high price indeed for this metric.

The price is twofold

  • First, the academic publishing system ensures that almost no one will see what you write. Further, because of copyright restrictions in almost all the large journals, you're usually not allowed to even distribute it yourself.
  • Second, the academic publishing system ensures that there is a strong barrier placed between academic researchers and other innovative efforts in CS and IT.

The last point is unique to CS, at least among the scientific disciplines, as far as I can tell. There is no large group of people that I know of doing innovative work in Chemistry or Physics, for example outside of those who publish regularly in the academic journals that support those disciplines. Sure there are some amateur astronomers and so on, but this pales in comparison to the large group of people building innovative software. This is probably because doing innovative things on a computer is relatively cheap, safe, and accessible. When I listen to people from the non-academic group talk about their work, I have a tough time distinguishing it in many cases from the work going on around me at the University except that they don't start their papers with an obligatory section filled with greek symbols.

My fear in all of this is that academic CS researchers will become more and more marginalized over time. Universities were once the home of almost all open source projects and much of the software we use in the Internet everyday (think BIND, Sendmail, DNS) has its roots in academic work. That's not the case anymore and that's probably a good thing. There are lots of people building cool things and I like that.

Still, what's the role of academic researchers in this game? I don't know. I'd like to see the innovative work happening everywhere to be cross pollenating. I think the current system is broken, but I don't see clear alternatives that also will serve as a metric that academic departments need. I'm confident, however, that things are evolving rapidly and if academic CS researchers want to play in the IT innovation game, we're going to have to adapt.

1:04 PM | Comments () | Recommend This | Print This

Relative Merits of Email and Blogs

From Scoble, a link to a blog by a Microsoft researcher chronicling a discussion on the relative merits of email and blogs. Some good thoughts there, like this one:

My conversion occurred when a grad student in the midwest who I didn't really know invited me to look at her blog a year ago and I came in early one morning and did so, spending about two hours going down her blog, reading comments, leaping from those to examine the blogs of the commenters, looking at the comments on their blogs, looking at the use of graphics on the blogs, following links to web pages they thought were cool, and so on. After two hours I thought I had incredible insight into this whole dense network of people that spread across the country. One link took me to a blog of someone on Capital Hill, and another hop and I was reading a blog in which a MS contractor was discussing how he was going to sabotage the jerk of a manager he worked for. Although most of his site was under a pseudonym I found his name and sure enough found him in the address book.

There is no conceivable way I could have learned so much about a group of people in two hours sitting in my office using any other technology. Clearly unique. And it was not difficult to see how powerful something like it might be in work settings.

The underestimated strength of blogs is the chronological ordering. The single voice, the public visibility that leads to more care in most blog construction, the feedback are all significant too, but they are remarked upon. Human beings have a tremendous ability to reason instantly and unconsciously about information organized chronologically. If something is 3 months old, we know what kind of information is probably still relevant, what is less likely to be - the shelf life of information is very variable. Also, if something was mentioned two weeks ago and we are wondering how to interpret it, if it has NOT been mentioned in posts since, we may put a different slant on it for that reason, we know certain paths not taken. It is subtle and we are incredibly skilled at it. Our lives are organized chronologically, most novels and films and biographies are, and so on. Many Shares do not make document creation dates visible, a big hindrance.
From Lili's Weblog : Blogs vs Email... discussions in MSR
Referenced Fri Oct 22 2004 07:23:44 GMT-0600

7:25 AM | Comments () | Recommend This | Print This

October 21, 2004

SpikeSource: Certified LAMP and LAMJ Stacks

From Doc Searls I learned about an interesting company called SpikeSource. SpikeSource offers something that lots of companies thinking about using open source could use some help with: certified stacks of components tested and certified for interoperability.

This SpikeSource web infrastructure stack is composed of over 50 open source components, including 6 language runtimes, to form a complete development and deployment environment for dynamic web sites programmed in Java, C, C++, PHP, Perl, or Python. The complete package is tested for interoperability and performance on 4 major Linux platforms in a fully automated and repeatable validation process. It installs in around 10 minutes and works out of the box
From SpikeSource: Productized Open Source Software
Referenced Thu Oct 21 2004 21:22:53 GMT-0600

I work with companies using open source projects and without something like SpikeSource you have to do two things to make this all work:

  1. Hire someone who knows there way around open source to put it all together
  2. Spend lots of hours building a stack, testing components, and then making sure it all works together. Sometimes the bugs are subtle and hard to find (which the reason for step 1).

I don't think I'd eliminate step 1 even if I was using SpikeSource, but I'd sure love to eliminate step 2. Getting a certified stack that includes Apache, JBoss, MySQL, Tomcat, Axis, and Hibernate on top of my favorite flavor of Linux means that I can more easily forego the comfort that I get from WebLogic or WebSphere. This is one of the missing pieces of open source.

9:33 PM | Comments () | Recommend This | Print This

Simon Phipps Tonight

Simon Phipps, Chief Technology Evangelist at Sun Microsystems will be speaking at the Java User's Group in Salt Lake tonight. Simon's a marvelous speaker and has some very interesting views on technology. Make the time to go see him. You won't be disappointed. Here's the RSVP.

11:00 AM | Comments () | Recommend This | Print This

TiVo Failed Me

My TiVo failed me last night. I got last season's final episode of The West Wing, but not the premiere! The problem is that my local NBC affiliate (KSL) start some programs a minute early. So I have TiVo set to start recording one minute early. Since last night's episodes were back-to-back, it recorded the first one, but didn't record the second because of the conflict caused by the one minute overlap. Why isn't TiVo smart enough to deal with scheduling conflicts on a "best effort" basis and at least record what it can? In this case, since they were one the same channel I wouldn't have lost anything. Sigh... In the meantime, if anyone has the last night's new episode on DVD or tape, I'm anxious to see it.

8:25 AM | Comments () | Recommend This | Print This

October 20, 2004

SQL-Server / FRX Report Developer

I know a company in Utah looking for a SQL-Server / FRX report developer. If you're interested let me know

8:27 PM | Comments () | Recommend This | Print This

Testimony to the Government Operations Committee

I testified this afternoon before the Joint Committee on Government Operations in the Utah Legislature on voting equipment selection. Here is a written copy of my testimony. I felt comfortable with my testimony and the committee seems favorably inclined toward voter verified, unalterable audit trails. What happens next, however, is anyone's guess. There's apparently going to be a public bake-off of voting equipment from vendors who responded to the RFP at the South Town Expo center on December 10th.

7:59 PM | Comments () | Recommend This | Print This

Neal Stephenson Interview

If you're a Neal Stephenson fan, which I am, then you'll enjoy his interview on Slashdot. If you read Slashdot, you'll enjoy it even more, or at least spend less time getting yourself oriented. I was especially interested in Stephenson's take on the bifurcation of writers because I think there's a similar parallel between people who write code for a patron (i.e. university professors) and those who write code for popular attention (which is a form of compensation and includes people who create open source code, etc.). These two worlds rarely meet and consequently have usually not heard of each other. What's interesting to me is that this bifurcation is relatively recent since people who write code for attention were almost all inside Universities just a decade ago. Now you go to OSCON and almost none of them are. A large part of the reason for that is the "critical review" system that academics are required to play.

11:43 AM | Comments () | Recommend This | Print This

Some New Mac Utilities

I've run across a few neat little utilities for OS X that I've used for a while and like and one that didn't work out as well.

GMailStatus is a little utility that puts a count of messages in your GMail inbox on the status bar. If you use GMail, its nice to be able to see new mail without popping out to the Web. One thing I've noticed is that it tends to use a lot of memory, which I don't understand. There may be a memory leak in the thing somewhere.

From time to time, I'll plug something into my Firewire or USB port and not be able to see whether the system recognized it or not. Or my network cable comes loose and I lose connectivity. Granted Software's Peripheral Vision is a little utility that flashes the name of devices as their plugged in or out of the computer. I haven't used it, but there is also a way to launch scripts on these actions as well. This is handy enough that it ought to just be built into the OS.

I also tried a plug-in for Apple's mail client, Mail.app, called Mail.appetizer that flashes a summary of newly arriving mail on the screen over the top of other windows. I tried it for a few days and then disabled it. I was reading mail twice and I don't even like reading most of it once! The problem is that I like to delete some mail and send some to junk and Mail.appetizer doesn't support the latter.

10:06 AM | Comments () | Recommend This | Print This

Extending Bluetooth's Range

My first introduction to computers was in the pages of Popular Electronics magazine. In 1975 there was an article about the MITS Altair computer with a whopping 256 bytes of memory (and no, I didn't forget the K or M) that I must have read 1000 times trying to decipher the details. A year later, I had the opportunity to build a MITS Altair computer for the College of Mines at the University of Idaho. I loved that computer--front panel switches and all. I don't think Popular Electronics is still published, but its sister publication, Popular Science is still kicking and even online. Its good to see that they're still in the business of publishing fun little hacks, like this article on extending the range of Bluetooth by adding an antenna.

9:26 AM | Comments () | Recommend This | Print This

October 18, 2004

An Idea for Spam

In the shower after my walk tonight, I was thinking about Google's page rank and that Spam is actually the opposite problem. The more people "paying attention" to a particular email message, the more likely it is Spam. So, here's the idea: strip off the headers and create an MD5 hash of the body. Put that in an associative array associated with a count. Everytime someone sees the email, increment the count. Any message with a count over 1000 is likely Spam (or a big mailing list). You could build this as a module in SpamAssassin and have a central clearing house that SpamAssassin uses. A test and increment function would result in a count being incremented and returned in a single call.

So someone has to have already tried this or determined why its a dumb idea. Which is it? One reason it might not work is that Spammer could individualize each message in a tiny way so that the hash broke.

Update: Pat Ekman writes to say that this is essentially what the Vipal's Razor module for SpamAssassin does. Very good. Does anyone care to comment on how well it works?

7:07 PM | Comments () | Recommend This | Print This

Calendaring Standards and Tools

Say you wanted to do calendaring on campus and between campuses of a multicampus university. Suppose that each of these organizations had their own technology stacks and standards. How would you do it?

At the simplest level, just saying "everyone publish all relevant campus calendars in the iCalendar format" would allow anyone with an iCalendar compatible browser to subscribe to the calendars. Of course, by publish, I mean "make available via an HTTP GET." As a Mac user, I can see immediate value in this. What about Outlook users? Does Outlook have the ability to subscribe to iCalendar formated calendars delivered via HTTP?

Going beyond just one way communication of calendaring, what else would you do? Are there open standards for creating calendars for meetings? How are they supported? I'm curious how hard it would be, for example, to allow individual instructors to create course calendars in an open system. I've been doing this for sometime using iCal (on the Mac) and a php iCalendar reader.

I'd like your help putting together a resources I could share with a group of CIOs and IT managers on this problem. I've created a page on my Wiki and if you've got an idea, a standard, a case study, or a question, please feel free to leave it there.

6:15 PM | Comments () | Recommend This | Print This

October 15, 2004

Chapters are Done and I'm Thinking About Lettuce

I sent off the chapters of my book that were due today just a few minutes ago and in the aftermath picked up last week's InfoWorld to decompress. I enjoyed Ephriam Schwartz's column on managing massive repositories of product data. He uses an example of a shipment of lettuce having 476 attributes and says:

If you recognize the importance of tracking all of this data, then you probably also realize that, on a good day, a company might only have 15 of those 476 attributes for a shipment of lettuce in its ERP system. The question is, where are the other 461 data points? Relevant data might also exist in supply chain and warehouse management systems, but certainly not all of it.

Faced with this challenge, the job of IT is to assess whether or not a company's current infrastructure can successfully aggregate all of this data into an environment that makes it usable. Also, does IT have the workflow tools that employees will need to develop this information? The answer is probably no.
From InfoWorld: What price lettuce?: October 01, 2004: By Ephraim Schwartz : APPLICATIONS : BUSINESS : DATA_MANAGEMENT : NETWORKING : PLATFORMS : STORAGE : WIRELESS
Referenced Fri Oct 15 2004 14:52:40 GMT-0600

2:53 PM | Comments () | Recommend This | Print This

October 12, 2004

Under Deadline

I may not be posting much this week, twelve chapters of my book are due Friday. I'm going to make it, but there are still some things I want to finish.

7:51 PM | Comments () | Recommend This | Print This

October 11, 2004

Ocassionally Connected Computing

Last week, I called podcasting the poster child for occasionally connected computing. Boy, was I blind! Steve Fulling and I were at lunch today and realized the email is the elephant in the occasionally connected computing room. Back in the good old days, email was a P2P thing with MTAs (usually sendmail) sending mail to each other. Then along came the Internet explosion and millions of people who had, of all things, dial-up connections. The POP protocol became the dominant way clients got email almost overnight. POP enables occasionally connected email and email clients are engineered with occasional connectedness in mind.

1:47 PM | Comments () | Recommend This | Print This

Active Whitelisting

Does anyone have any experience with Active Spam Killer or other active whitelist software or service? I'm getting to the point where I'm ready to try a more active approach to combatting Spam. Spamassassin seems to need a lot of babysitting, at least how I have it set up, and is usually only blocking 80% of Spam for me. I prefer software to a service simply because I'm prone to managing my own server. I'm open to suggestions.

1:43 PM | Comments () | Recommend This | Print This

October 9, 2004

Greg Benson: Flashmob Supercomputing

This is a little late, since it happened in April, but I just read about it in, of all places, the UC Davis College of Engineering Alumni Magazine. The idea begind Flashmob Supercomputing is simple: pick a time and place, have lots of people bring whatever computer they own, hook them all up, and make a supercomputer. The thing that caught my eye was that the guy behind this is Greg Benson who was in the first CS class I ever taught. The class was an honors introduction to programming class that I taught using Sussman and Abelson's Structure and Interpretatino of Computing Programs. Greg was one of the stars of the class. He's since gone on to get a PhD and is now an Assistant Professor at USF. And, he does Flashmob Supercomputing.

2:42 PM | Comments () | Recommend This | Print This

October 8, 2004

PODCasting on My Mind

I just turned in my November column for Connect Magazine. I wrote about PODCasting. I thought I'd share it with you early.

2:32 PM | Comments () | Recommend This | Print This

PODCasting is the Poster Child for Occasionally Connected Computing

I had an opportunity to meet with Chris Thomas, Intelâs Chief Strategist, when he was in Utah not long ago. Chris is very big on what he calls ãoccasionally connected computing.ä We don't pay enough attention to this problem. Thousands of jobs are performed with only an occasional connection to the network. When I was Utah's CIO, we struggled with this a lot because many jobs get done away from the network. A good example is a State Trooper in a rural area. They've come to rely on networked resources to do their job, but connectivity in many places is not very good. Applications had to be designed to work with occasional connectivity.

I had lunch today with Curt Allen, CEO of Agilix. Agilix makes software for tablet PCs, including the Franklin Covey organizer product. One of Agilix's products is called Go Binder and is aimed at students and professors. Go Binder is designed to work with occasional connectivity allowing course materials, exams, and other content to be taken to places without constant connectivity.

As Curt and I were talking, I realized that PODCasting is likely the largest application of the occasionally connected computing model. The whole infrastructure has been designed to support that model. That's one reason PODCasting wins over streaming. Streaming requires a constant connection. Sometimes that's OK, but often its not. Curt and I discussed how PODCasting could have a huge impact in developing countries because:

  • Many people don't read, so audio is better than text (even in the US, where people are literate, they don't read).
  • Connectivity is spotty. In some places, even power is occasionally connected.
  • MP3 players are significantly cheaper than computers.

This raises interesting possibilities for remote education and content delivery. Imagine, someone taking a course, delivered via audio in a developing country. They have a cheap MP3 player with USB connectivity. They subscribe to a course that delivers course lectures inside RSS feeds. Once a week they stop at the Internet cafe and download that week's courses. Very doable with what we have now.

2:08 PM | Comments () | Recommend This | Print This

October 7, 2004

Jot Demo

Jon Udell has posted a WebEx that he had with Joe Kraus and Graham Spencer demoing JotSpot. If you missedWeb 2.0, this is the next best thing. The demo really helps in understanding the structured data/forms idea.

3:02 PM | Comments () | Recommend This | Print This

Meeting Bill at a Urinal

Joe Kraus (mentioned yesterday as the principal of JotSpot) has a blog. Joe was one founders of Excite and that's how I know him. The last story is about meeting Bill Gates at a urinal. Very funny.

8:10 AM | Comments () | Recommend This |