Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed
Add to Google

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Understanding RSS
Digital ID Policies
Understanding VoIP
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Copyright

Copyright © 2002-2006 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« March 2005 | Main | May 2005 »

April 29, 2005

Detailed Review of Tiger

Ars Technica has a detailed review of Tiger available. I haven't upgraded yet, but I plan to upgrade at least one system over the weekend.

6:31 PM | Comments () | Recommend This | Print This

April 28, 2005

Is WS-MetadataExchange Really Necessary?

I'll admit it: I don't really get WS-MetadataExchange (or WS-MEX, as it's affectionately known). I understand why someone might want to get the Schema, WSDL, and WS-Policy data for a service. I'm just not clear on why a simple URL isn't good enough. Why do we need to invent new RPC-style request/response pairs?

I guess I can see that this allows me to have one URL for the service that can be interrogated for all three in a standard way. Otherwise, I have to tell you three URLs to give you the metadata instead of one, but couldn't we just as easily agree to some kind of convention like this: 

http://www.example.com/service_path?meta=wsdl
http://www.example.com/service_path?meta=schema
http://www.example.com/service_path?meta=policy

This seems much simpler and easier to implement than a request response pair. Plus, I can still grab each of these important documents in a browser and inspect them when I want without having to have a special tool. Am I missing something?

10:35 AM | Comments (8) | Recommend This | Print This

Visa and MasterCard Cracking Down on Small Merchants

Visa and MasterCard are cracking down on the security of small merchants who take credit cards online. The card associations have required security assessments from larger merchants for some time, but this is the first time they've required smaller merchants to certify. An article in the Wall Street Journal notes that it's for the merchant's own good:

The credit-card companies have little choice but to crack down. While it's true small companies may be less attractive targets than large ones, size is not a good measure of risk, experts say. Hackers regularly use automated programs to scour the Internet for computers with known security holes, which they can then attack at their leisure.

E-commerce companies are still in a mode of trying to keep things working, says Mr. Freund, and not in a mode of keeping things secure. But as large merchants step up security, Mr. Freund believes hackers will focus on targets with weaker defenses, often smaller firms.

The consequences of a break-in could be devastating; many small companies live and die by their ability to build a base of repeat customers, and a data loss can unleash a wave of customer defections. Companies that suffer security breaches will also face penalties and extra scrutiny from Visa and MasterCard.
From WSJ.com - Enterprise
Referenced Thu Apr 28 2005 09:23:44 GMT-0600 (MDT)

Certification isn't easy. You have to answer yes to every question on a fourteen page questionnaire. For many small companies, without a full time IT staff, becoming compliant will be a fairly onerous process. The questionnaire is based on the following twelve requirements:

  1. Install and maintain a working firewall to protect data
  2. Keep security patches up-to-date
  3. Protect stored data
  4. Encrypt data sent across public networks
  5. Use and regularly update anti-virus software
  6. Restrict access by "need to know"
  7. Assign unique ID to each person with computer access
  8. Don't use vendor-supplied defaults for passwords and security parameters
  9. Track all access to data by unique ID
  10. Regularly test security systems and processes
  11. Implement and maintain an information security policy
  12. Restrict physical access to data

Nothing too shocking here for anyone who's thought about computer security before. The price of being connected and participating in the Internet economy is living by the card association rule-sets. The result is better security for all of us.

9:20 AM | Comments (4) | Recommend This | Print This

Ten Laws of the Modern World

Randy Gordon wrote to point me at a great little article at Forbes called Ten Laws of the Modern World. You've probably heard them before, but its a great write-up and interesting to see them all in one place. I'd add another: Reed's Law. But of course, who wants 11 laws?

9:10 AM | Comments () | Recommend This | Print This

Podcasting: Open Mike

Wednesday Infinity Broadcasting announced that one of its San Francisco radio stations will carry nothing but podcasts. What's interesting is that these podcasts will come from the users. Rather than creating podcasts for people to download, this station will broadcast podcasts that people upload to it.

Beginning on Wednesday, users can upload their podcasts for free at (http://www.kyouradio.com) where it will be eligible to be selected for broadcast on San Francisco's 1550 KYCY-AM, which has been one Infinity's underperforming stations.
From Top Technology News Sponsored by Audi | Reuters.com
Referenced Thu Apr 28 2005 08:07:53 GMT-0600 (MDT)

I'll be interested to see what kind of reaction this gets. User-supported radio is something we hear about all the time on pledge week, but this is user-created radio. I suspect that it will help raise the quality of podcasts as people compete for airtime.

8:05 AM | Comments () | Recommend This | Print This

April 27, 2005

Legislating Identity Contexts

Identity credentials have contexts. When I was talking to Kim Cameron this morning, he used the example of a Government issued passport and coffee club card. The context for the passport is a border crossing. The context for the coffee club card is buying coffee. But identity credentials are often used out of context. Sometimes, out of context use doesn't make sense--think of presenting the coffee club card during a border crossing.

Other times, however, it's a critical part of establishing a relationship or transferring trust. As an example, you might use a credit card to pay for your purchase at the coffee shop and be asked to present some kind of identity credential. In that case, using your passport at the coffee shop would be out of context, but you'd be doing so because the coffee shop cashier is willing to recognize the government issued passport as a means of establishing your identity.

One identity credential that's frequently used out of context is the driver's license. Interestingly, if you ask the head of your State's driver's license bureau if the driver's license is an identity document, you'll probably be told no--its official purpose is to authorize you to drive.

A recent move by the Utah Legislature to issue "driving privilege cards" (DPC) instead of driver's licenses to illegal aliens belies that. You might be scratching your head and asking why anyone would issue a driver's license to someone in the country illegally. The answer is very practical. Illegal aliens drive. When they drive, they sometimes get into accidents. Without a driver's license, they can't get auto insurance. By not giving illegal aliens a driving permit of some kind, you create a huge pool of uninsured motorists.

Issuing a DPC sends the message, loud and clear, that the driver's license is an identity document that is frequently used out of its original context. Of course, as a private citizen, you're free to recognize the driving privilege card as an identity document if you like. I suspect, for example, that it will be readily accepted as proof of age by convenience stores that want to sell beer and cigarettes. That kind of out of context use will continue.

But, the legislation specifically rules out certain contexts. For example, the DPC cannot be used to identify yourself when you fly. Nor can it be used to claim certain government benefits. Getting a driver's license opens the door to all kinds of opportunities in our country. The intent is that the DPC will not.

There's a dark side to the DPC as well. I can be pretty sure that anyone presenting a DPC is illegal. This opens the door to all kinds of discrimination and abuse. Whether the DPC catches on remains to be seen. The Federal Real ID legislation will probably force other States down this or similar paths.

8:53 PM | Comments (1) | Recommend This | Print This

April 26, 2005

FundingUtah.com

Paul Allen, with the help of some friends, has put together a Web site aimed at bringing investors and entrepreneurs together. The site is called FundingUtah.com and had its official coming out party today at a lunch featuring Governor Jon Huntsman.

“In my work with scores of great entrepreneurs, it became clear that virtually every new business struggles to find financial backers,” stated Allen. “At the same time, there are thousands of wealthy Utahns who might become angel investors if they knew about some of the exciting ideas and teams that are being created here. FundingUtah.com enables and accelerates these relationships.”
From Connect :: Resource/Article :: FundingUtah.com is First Matching Service for Utah Entrepreneurs and Investors
Referenced Tue Apr 26 2005 13:11:59 GMT-0600 (MDT)

The site is free to both investors and entrepreneurs. After registering as an investor, you can browse the business plans. I had breakfast with Paul yesterday and he indicated that the site has already helped bring several investors together with companies needing funding.

1:09 PM | Comments (3) | Recommend This | Print This

April 25, 2005

At Microsoft Wednesday

I'm going to be at Microsoft Wednesday morning talking to Kim Cameron. It's kind of a quick trip: in Tuesday evening and out Wednesday afternoon late.

2:23 PM | Comments () | Recommend This | Print This

Dan Solove on Privacy

My interview of Dan Solove is live at IT Conversations. Dan doesn't use the familiar metaphor of "Big Brother" when he discusses privacy, rather he uses Kafka's play "The Trial." Dan says we're not as much in danger of having our privacy violated by someone with evil intent as we are of having our lives turned upside down from the interactions of unapproachable and faceless corporations and bureaucracies. Dan speaks of privacy architectures and says that we currently have an architecture of vulnerability. Many of our privacy problems, like identity theft, are structural. Unlike some who view privacy as "dead," Dan is hopeful that privacy can be saved. Dan's recent book, The Digital Person: Technology And Privacy In The Information Age, is a detailed and approachable resource on privacy issues and the laws that affect them.

10:08 AM | Comments (1) | Recommend This | Print This

April 23, 2005

Provo River Bike Path Avalanche Pictures

Provo River bike trail closed due to an avalanche

I road my bike up the Provo River trail this afternoon. An avalanche at Bridal Veil Falls has closed the path since February. The snow's mostly gone now, but the dirt, rocks, and broken trees remain. I took pictures of the avalanche area. I could still smell the pine sap three months later from the broken trees now that its warming up. I road around and got some pictures from across the river as well. Amazing force.

10:30 PM | Comments () | Recommend This | Print This

April 22, 2005

Moving Netware Customers to Linux

The InfoWorld Test Center has reviews Novell OES, the product aimed at bring Netware customers to Linux and introducing Linux customers to Netware. This is a product Novell has needed for five years now. I hope they're not too late.

11:35 AM | Comments () | Recommend This | Print This

Ubuntu: A New Linux Ditro

I wrote about Unbuntu a new Linux distro from Mark Shutleworth over at Between the Lines a few days ago and pointed to some things Doc Searls is saying about it. This morning, Sam Ruby posted about getting Ubuntu booting on his T-40 laptop. I haven't tried it yet, but the reports are that it's very easy to get running. Ubuntu isn't aimed at the enterprise space, but rather the home and hobbyist market.

11:29 AM | Comments (2) | Recommend This | Print This

April 21, 2005

Ray Schulte's Talk

Fellow ZDNet blogger Bitton Manasco posted a teaser about Ray Schulte's talk on virtualization information assets at the Gartner Application and Integration and Web Services Summit, but doesn't give many details. If anyone has detailed notes from the talk, or better yet slides, I'd love to see them.

9:18 PM | Comments () | Recommend This | Print This

Ward Spangenberg's Fly Fishing

Ward Spangenberg wonders where his Google rank went. I care what Ward says, so I'll vote with my link. Post some more Ward!

6:06 PM | Comments (1) | Recommend This | Print This

Python Programmers Wanted

Aradyme, a local start-up I help with product and CTO functions is looking for Python programmers. Aradyme has a dynamic datastore. Right now they use it a lot in data cleansing work and Plone/Zope is the platform that they use to provide custom portals for each of their customers. Python is also used to drive the data engine for some of this work. Of course, if you're a strong C++/C# programmer and would like to learn Python, we're willing to teach you. Apply.

2:39 PM | Comments () | Recommend This | Print This

April 20, 2005

Geoffrey Moore on Orchestrating the Stack

Geoffrey Moore is most famous as the author of "Crossing the Chasm."

I really enjoyed listening to Geoffrey Moore's talk on Orchestrating the Stack from Software 2004. I would have enjoyed it even more, however, if I'd discovered his slides online beforehand since there's a lot that he references in them that doesn't come across well with just the audio alone.

The subtitle of Moore's talk is "Next generation developments in enterprise computing," but I was as much interested in what he considered the review before the real talk began. Apparently, he's been talking for some time about "systems of record" and I missed it. I thought it was an interesting analysis of the enterprise computing space and one that would give CIOs some insight into the enterprise computing software space.

Moore calls out ERP (enterprise resource planning) as the quintessential system of record. A system of record has four criteria:

  1. Scope - Manages a fundamental element of business data across the entire enterprise.
  2. Clout - Owned and sponsored by a CXO
  3. Value - Directly impacts core economics of the business.
  4. Inertia - Fed by high-volume, mission-critical transactions

By these criteria, ERP is a system of record since it manages financial data across the entire enterprise, is owned and sponsored by the CFO, provides value int he way of compliance, control, and operational integration, and has an anchor transaction in the form of updates to the general ledger.

Moore asks, "what other systems of record might there be?" He comes up with three:

  • CRM - the customer system of record
  • SCM - the supplier system of record
  • PLM - the product system of record

Considered, but voted out was the ERM or employee resource management system. Given the critical nature of hiring, training, and retaining employees in some industries (I'm thinking about call-centers, for example) and its very real impact on the bottom line, I might argue with him on the last one. In fact, I think that you could question SCM, PLM, or ERM depending on the industry. Again, to use call centers as an example, an SCM system is not all that critical.

But, as I said, that wasn't really the point of this talk, that was just the prelude. The real point was that the application layer is not the only location for the system of record and that the underlying architecture of enterprise computing is shifting. He talks about SOA's for example. He believes that what he calls "orchestrating the stack" is where the action will be in the coming decade.

Abstractly, this stack consists of three layers, each of which have many components: the business layer, the computer processes, and the compute engines.

Moore says that the current stack represents an Internet-enabled client-server architecture. The next generation stack will be anchored in services-oriented He believes that this opens the window for new systems of record.

The talk goes on to give different strategies for "gorillas," those who own various pieces of the stack now, and "disrupters," those interested in displacing them. This is the part of the talk where you'll want to have both the slides and the audio available since the audio doesn't make much sense without the slides and they don't make much sense without the it. Well worth the time and effort.

7:19 PM | Comments () | Recommend This | Print This

Quicksilver

Hitting the Quicksilver hot key combo brings up this window which shows the top match on the left and the available actions on the right (launch is the default)

As I've played more with Quicksilver, I've come to the conclusion that if you didn't know about command line terminals and you sat down to design a CLI for a GUI-based machine, Quicksilver's what you'd come up with. At first blush, Quicksilver is a launcher, but its much more than that. It has an adaptive search that targets almost any data source you can think of. What's more, it has a nice plug-in architecture that let's users extend it to apps that might not otherwise get integrated. Some small examples: hitting the hot key and typing "ksl w" let's me launch the KSL Weather page in Firefox. Typing the start of a contact's names brings up their contact information and let's me act on it. I can even select songs to play in iTunes from the keyboard.

One of my personal productivity goals is to reduce the number of times I take my hands off the keyboard and Quicksilver is a big part of making that goal happen. Here are a few resources I've found helpful:

3:54 PM | Comments () | Recommend This | Print This

April 19, 2005

Vint Cerf on Internet Challenges

Vint Cerf ponders a question while sporting his new Utah hat during the 2005 Organick lecture.

I drove up to the Univ. of Utah this afternoon to hear this year's Organick Lecture by Vint Cerf, one of the inventors of the Internet (I believe he and Al Gore were lab partners). Vint is currently Senior VP for Technology Strategy at MCI, Chairman of ICANN, and a recent winner of the ACM Turing Award.

Where is the science in CS? Here are places some with underlying theory:

  • Automata theory (strong)
  • Compiler and language theory (strong)
  • Operating system design (weak) - we are vulnerable to how to make OS's secure and they take too many resources trying to manage resources.
  • Data structures (strong)
  • Queuing theory (networks of queues) - strong theory, but too much of the network functionality has to be abstracted away before you can apply the theory.
  • Animation and rendering (strong) - Vint has recently come to have a respect for the theory, physics, and mathematics hiding behind the artistry.

Networking is one area that he picks on as not having significant underlying theory. There are important principals, like layering, but much of the theory is shallow. Protocol design, as an example, doesn't have much theory. There has been some work in formalizing protocols and their analysis, but it's way too complex. Other examples of places where we need deep analytical elements are distributed algorithms and cooperating processes.

We know almost nothing about making programming more efficient and systems more secure and scalable. He characterizes our progress in programming efficiency as a "joke" compared to hardware.

Security (and here he's really mostly talking about identity) works well in hierarchical organizations, but not elsewhere. The cost of authenticating individual users is one of the key factors. Hierarchical organizations can more efficiently issue IDs and perform authentications.

He mentions virtual machines as an intriguing notion because theoretically they can create safe execution environments for various applications. JVMs do this, as an example. One of the reasons that people went to single application servers (for example, a DNS server, a mail server, etc.) in the 90's was to get safe execution environments and process independence. The falling cost of hardware made this possible. VMs allow the cost of creating a machine to fall more dramatically still.

Here are some potential trouble spots:

  • Penetrable operating systems.
  • Insecure networks
  • Buggy servers
  • Broken models of perimeter security
  • Worms, virus, Trojan horses, keyboard and web page monitors
  • Bluetooth security in mobiles
  • SPAM, SPIM, and SPIT
  • Phishing and Pharming
  • IDN ambiguities and DNS hijacking
  • Intellectual property problems
  • Routing attacks with BGP routing
  • Distributed denial of service
    • Millions of zombies
    • Insecure servers, laptops, desktops, mobiles, etc.

Worms have the potential to create resilient processes that run across multiple machines for business continuity. Vint notes that the first instance of a worm was at Xerox Park for precisely this purpose. Business processes could be broken up and run as worm-like agents on multiple machines.

Speaking of identity, Vint wishes that the original design of the Internet had required that each end point on the network be able to authenticate themselves to every other end point. He notes that public key cryptography was still four years in the future at that point and symmetric key encryption was too expensive.

He lists a few more challenges that remain:

  • Identity theft
  • Personal privacy
  • Search algorithms
  • Semantic networks (related to last point)
  • Database sharing (genome and space data are examples)
  • IPv6 deployment
    • Layers of details such as the network management systems, DNS refactoring, provisioning
    • Allocation policy development
  • Networked scientific instruments (tele-operation)

Some policy challenges in the Internet environment:

  • WSIS/WGIG - Internet governance
  • ICANN vs. ITU
  • International eCommerce - imagine an Amazon customer in Hong Kong, ordering from Amazon in the US. The book is sourced in South Africa, and shipped to Paris. Certain questions arise:
    • dispute resolution
    • online contracts (authenticity, legal framework)
    • taxation policies

He calls out Creative Commons and iTunes and new, innovative models of solving content management challenges. He notes that the regulatory system we have today is broken because it's based on the modality of the communication and the Internet is subsuming them all.

Interplanetary Internet: InterPlaNet (IPN). The flow control mechanism of TCP doesn't work well when the latency goes to 40 minutes. What's more, planets are in motion, so distances apart vary with time and thus latency varies with time. So do error rates. Some of these problems are like mobile networks.

IPN assumes that you can use TCP/IP on the surface of the planet. Each planet has its own IP space demarked by a separate identifier. DNS doesn't work on an interplanetary scale since by the time you get a resolution for an earth DNS address from Mars, the IP number may have changed (think mobile or DHCP). The protocol looks more like a store-and-forward email system than an end-to-end protocol like TCP. The result is an interplanetary network protocol.

At the end, someone asked about the proposal to have the UN take over ICANN duties. It was the only point in the talk where I'd say that Vint got animated and even a little worked up. He clearly feels strongly that "ICANN ain't broke; don't fix it."

All in all, a very enjoyable talk. I'm glad that the U has the endowment and makes this happen each year. I took some additional photos, which you can see here.

7:58 PM | Comments (3) | Recommend This | Print This

April 18, 2005

Tiger Rebate

If you order Mac OS X 10.4 Tiger [DVD] from Amazon, you can get a $35 rebate. Not a bad deal. I ordered Panther online and it was shipped to arrive on the date of release, so I got it the first day. Apple's got a list of 200 new features in Tiger. I heard from Glenn Fleishman today that the Tiger edition of his Take Control of File Sharing ebook is available for pre-order, to ship on April 29th, when Tiger ships.

2:09 PM | Comments () | Recommend This | Print This

Four Identity Laws Broken at One Blow

Kim Cameron, who thinks as deeply about identity as anyone I know, points out that the most recent loss of identity data by the Univ. of California was the result of breaking four of his laws of identity at one blow.

I expect this information disaster came about by breaking four identity laws at once. What a run!
  • Were users in control of what their information was being employed for? Were they told where and how it was being used (law of user control)?
  • Was there really a need to store social security numbers rather than some local or derived identifier (law of minimal information, law of directional identity)?
  • Would the identified subjects see a "test machine" as a legitimate party to their identity relationship with the university (law of fewest parties)?
From Kim Cameron's Identity Weblog
Referenced Mon Apr 18 2005 10:52:48 GMT-0600 (MDT)

Sen Diane Feinstein, D-Calif. has said she'll introduce legislation requiring encryption of all identity data stored for commercial purposes. While this is probably a good idea, its not going to solve the real problem. The real problem is sloppy data handling practices--something that goes beyond just encrypting sensitive data.

The real answers will be found when organizations start being held accountable for keeping data safe. Note that I'm not suggesting personal liability for individuals. I think Sarbanes-Oxley, an example of that in the financial arena, went too far.

10:50 AM | Comments () | Recommend This | Print This

Huntsman Names New Utah CIO

Gov. Huntsman has named Stephen J.Fletcher, who's currently serving as the CIO for the US Dept. of Education, as the new CIO for the State of Utah. I think this is a great choice. Having served in the public sector, he won't have any fanasies about "private sector thinking" but he'll also be used to having the authority and autonomy needed to get things done. I expect him to kick butt and take names. Here's the press release:

Utah Governor Jon M. Huntsman, Jr. has named Stephen Fletcher as the state's new Chief Information Officer.

"We conducted a lengthy and exhaustive search for this highly technical position to find the person with the right skill set to lead the new IT Department," Governor Huntsman said. "Stephen Fletcher is highly qualified and we are pleased he is bringing his talents to state government."

Fletcher is leaving a post at the U.S. Department of Education as Chief Information Officer/Chief Technology Officer. He also worked in that department as Deputy Assistant Secretary for Management. While at the Department of Education he established performance-based contracts and improved business processes centered on service level agreements, saving the government millions of dollars annually.

Fletcher has a long career in both the public and private sectors. He founded and led several technical organizations focused on customer service, efficient delivery of technical services and business decision strategy.

"This is a great opportunity for the State of Utah to enact permanent change and improve the way of doing business throughout all government agencies. I hope to be able to bring best practices from both public and private sectors to elevate the office of CIO to a high performance organization," Fletcher said.

Fletcher plans to begin work May 1, 2005. His goal is to review all IT functions in state government for efficiency and productivity, and personnel support for state departments.

Fletcher is a graduate of the University of Utah and the son of James C. Fletcher, who was twice head of NASA and former president of University of Utah. He is married and has four children.

10:07 AM | Comments () | Recommend This | Print This

CoreSV Brings Management Simplicity to Web Services

It starts simply enough. First someone builds a SOAP interface for an internal system; then the next upgrade to your financial package sports a Web services API. At some point you wake up and realize that all these services need to be managed.

Web services management includes not just monitoring but also critical activities such as controlling access, logging transactions, and performing version control. CoreSV 4.0 from Oracle is a Web services management platform that provides all these capabilities in an easy to install and understand package.
From Exclusive: CoreSV brings management simplicity to Web services | InfoWorld | Review
Referenced Mon Apr 18 2005 09:34:39 GMT-0600 (MDT)

I enjoyed going back and looking at Core again. I was impressed with how straightforward the product was. Some of it is just the fact that I'm getting very comfortable with the idea of intermediaries and what they do, but I have to give credit to Oblix (now Oracle) for refining the product and removing unnecessary complexity.

I beat them up in the review about pricing. It's not just COREsv, everyone does the same thing. I'm just not buying enterprise software pricing anymore. Part of the reason is that I'm involved in several small companies in one capacity or another and see that they have just as much reason to need things like Web services management as anyone else, but they're not in a position to spend $100K on it.

9:33 AM | Comments () | Recommend This | Print This

April 15, 2005

Griffin's Problems with Truthful Labeling

I'm just a little angry at Griffin Technology today. A while back, I picked up one of their products called a USB-Audio Hub. From the title, and from a look at the product, I thought it was a 4-port USB hub integrated with their iMic product. In fact, the unit has LEDs on the front that can easily be mistaken for mini audio jacks. Such is not the case--it's just a 4-port hub. Nothing more. They claim that its "optimized for Audio" but I see nothing to support that its any better than any other hub for audio.

10:05 AM | Comments (1) | Recommend This | Print This

JavaScript in the Context of a Web Page

Jon Udell has extended his LibraryLookup bookmarklet so that it modifies an Amazon book page to show, right on the page, whether that particular book is available at your local library. He has a screencast showing how it works. And Jon explains this more in his most recent column at InfoWorld. I was thinking "this is cool" but I was totally blown away at the end when he shows how he used Amazon Wish Lists and the Amazon Web services API to create an RSS feed to remind him of books that had previously been checked out of his library and were now available.

This shows the incredible power of small applications joined together through Web services. Amazon's "hosting" a book service for thousands of distributed, disconnected libraries and neither Amazon nor the libraries know anything about it.

As an aside, this is all made possible by a Firefox extension called Greasemonkey. This is what I was talking about when I said I'd decided to start using Firefox over Safari. I haven't looked back and I'm very happy with Firefox.

8:30 AM | Comments (2) | Recommend This | Print This

Continuations for Curmudgeons

Sam Ruby does a great job of explaining continuations in his Continuations for Curmudgeons piece. I also discovered through Sam an article on using conitnuations in user interfaces.

7:59 AM | Comments () | Recommend This | Print This

April 14, 2005

Comcast Outages

This Comcast outage is what I was talking about a week ago. The problems I was having before the two big blowouts were DNS because I could ping the Comcast gateway, but was getting about 50% packet loss to the DNS machines. So, the question I have is this: did Comcast know of the problems early on and just didn't get them cleared up before they became massive or were my problems early warning signs of problems that hadn't reached "get the story in c|net" proportions?

Somehow I think it was the latter. Comcast was unable to use the information they were getting from customers like me because they were focused on treating symptoms rather than root causes. Being able to get that information and understand it could have saved lots of customers the outage and Comcast the embarrassment.

2:44 PM | Comments (6) | Recommend This | Print This

April 13, 2005

SOA Executive Forum Panel: Topics for Discussion

I'll be moderating a panel at this year's InfoWorld SOA Executive Forum. There are actually two events, one in San Jose on May 5th and one in New York on May 17th. I'm doing the same panel both places. The topic of my panel is "Services and Contracts" and I'll be joined by David Linthicum, CTO at Grand Central Communications; Rick Caccia, Senior Director of Product Management at Oracle (nee Oblix); and Jim Bole, Vice President of Products at Infravio.

In my reviews of Web services intermediaries in the last two years, the issue of contracts, SLAs and the like comes up anytime companies want to start rolling out Web services offerings to anymore than just a handful of partners. In a head-to-head review of Actional, AmberPoint, Flamenco Networks, Infravio, and Westbridge Technology I wrote:

As Web services move from internal pilot projects to large-scale deployments involving partners and suppliers, managing the myriad interactions places a significant burden on the enterprise. The service provider must provision accounts for new consumers, allow them to select services, manage versions, negotiate SLAs, provide monitoring and reporting data and alerts, and authenticate each consumer transaction. Automation and self-service could spell the difference between a successful rollout and one that requires so much staff time that it becomes untenable.
From InfoWorld: Web services intermediaries evolve: November 26, 2003: By Phillip J. Windley
Referenced Wed Apr 13 2005 20:52:04 GMT-0600 (MDT)

I think this will be a good panel. Each of the participants brings their own flavor and experience to the problem of how you can offer Web services at scale. The overall panel is 50 minutes. I plan to give each panelist a few minutes for introductions of themselves and their philosophy (no PowerPoint) and then open it up to questions. I always like to have some to prime the pump. Here's some I've thought of:

  • Is there anything special about an SLA on a Web service as opposed to say, and SLA on a Web site or other online service? What kinds of things are typically covered?
  • How are SLAs enforced on Web services now?
  • Most intermediary tools have tools for measuring latency, failure, and other points of an SLA. What isn't being done yet in the monitoring arena that's going to be important in enforcing SLAs?
  • The issue of provisioning in Web services is largely moot until you start performing authorization on services.
    • How does authentication and authorization fit in?
    • Besides authorizations, what else happens in a typical Web services provisioning action?
    • What are the ways to approach provisioning at scale?
  • There seem to be three levels of interaction between partners in Web services. The first, I'll term ad hoc, where all of the service agreements are negotiated from scratch each time. The second I'll call hub and spoke, where one strong partner essentially dictates the terms for all the players. The third I'll call networked, where various players have all agreed to some set of rules up front and the network organization enforces them.
    • Have I missed any?
    • What is the state of the industry right now? What are most people doing?
    • Do you see this changing any time soon?
    • What tools exists to support these various levels? Are new ones emerging?
  • Is the networked model a pipe-dream, or might we really see such networks emerge?
  • I think automated policy negotiation is one of the areas where there will be big changes in the next few years.
    • What is the state of automated policy negotiation?
    • XACML and other standards are being developed in the federated identity space (which for out purposes, we can probably treat as a specialized domain of Web services). Are there any more general standards for Web services SLAs on the horizon?
    • Are any of you participating in their development?

One caveat: I've purposely asked some of these knowing that one panelist or more has some expertise or even a product (gasp!) that fits the issue. That's OK, but I don't want the panel to be a session of dueling product features. I like us to focus on possibilities, open areas, and futures. I know this isn't everything that might be covered. If you've got others questions to suggest, please leave a comment or drop me a line.

Update: Here are some additional questions:

  • Policy negotiation sounds strikingly similar to how B2B markets commoditize. When you define a good, its quality (which can vary, there are over 100 variants of west texas crude), price and credit terms -- liquidity for the market as a whole takes off. What efforts are there to standardize service level agreements and other contract terms across web service intermediaries? Are buyers and sellers demanding business level standardization? (from Ross Mayfield)

8:55 PM | Comments (1) | Recommend This | Print This

April 12, 2005

A Program for Converting RSS to Email

The email that is sent to the mailing list on Technometria is generated automatically from the RSS feed for the "Newsletter" category on my blog. As I write my blog, I just properly categorize anything I want to be sent to the newsletter and it happens. The magic is a little python program called rss2email.py by Aaron Swartz. I modified the program to make it usable for my newsletter application.

The problem is that the program was designed for one feed and one email address. I've wanted to do regular mailings to the UtahPolitics.org mailing list in the same way, but that would require rewriting the Python script in some pretty serious ways. I decided that I'd rather rewrite it in Scheme, so I did. I've described the program here.

Right now, making it work requires more knowledge of Scheme than I'd like. For example, the configuration is stored in the program as an assoc list. I'd rather it be in an external file that people could edit and use. Also, the GDBM extension I use is not "just there" like the other libraries are.

Even so, if you're interested in making it work on your system, you would need system admin skills more than a knowledge of Scheme. installing MzScheme is fairly straightforward. So, if parentheses don't scare you too much, give it a go. I'm happy to answer questions about it.

4:42 PM | Comments () | Recommend This | Print This

Your Company's Leaking Knowledge

My April column for Connect Magazine is online now. Its entitled Your Company's Leaking Knowledge. You might think its about security, but actually its about the brain drain that happens when key employees leave and the role of the CTO in combating it. The basic idea is creating company nomenclatures.

If this sounds like marketing to you, then give yourself a prize for being one of the few that recognizes marketing for being more than PR and creating slick brochures. Who's job is it? At iMall, the product marketing team reported to me and I think that worked out beautifully. Product definition is the prime job of the CTO. CTOs who just manage the developers should be called what they are: the VP of Engineering. Real CTOs manage the product and ought to be as good at product marketing as they are at engineering.

8:27 AM | Comments (1) | Recommend This | Print This

GMail as a Spam Filter

Here's a nice recipe for using GMail as a Spam filter. You get an offline back-up of all your email as a bonus. Nice idea.

8:20 AM | Comments () | Recommend This | Print This

Legislative Podcasting

A story in today's Salt Lake Tribune highlights some of the Utah Legislatures eGovernment initiatives. The Legislature's site does a good job of letting you find bills, see amendments, find out who voted for what, and so on. The have a bill tracker system that will email you changes to the status of a bill. I'm not sure why they haven't yet added RSS feeds for that as well. They do have an RSS feed for legislative news items which is helpful. Apparently they're giving some thought to legislative podcasting as well:

The Legislature already has ventured into cyberspace to allow Internet users to listen to or watch its floor debates in real time and the Web site hosts a library of information, including rosters of past lawmakers, years of legislation and a citizen's guide to lawmaking. And there may be more soon. Allred, at the request of lawmakers, is researching whether the Legislature will put the live audio of committee hearings online and also include clips of those meetings with each bill.
From Salt Lake Tribune - Utah
Referenced Tue Apr 12 2005 08:12:39 GMT-0600 (MDT)

8:06 AM | Comments () | Recommend This | Print This

April 11, 2005

Distributed Back-up Systems

I've been interested in distributed back-up systems for some time. For example, I'd love to see a P2P client given to BYU students that allows them to commit a percentage of their disk to a distributed back-up system in exchange for that much storage on the overall system. Rather than the University having to commit capital to a back-up system for students files, excess direct-attached disk and software would solve the problem.

I've also be enamored with erasure codes for reliability. Using erasure codes would allow the distributed back-up network to provide reliable storage in the face of a certain percentage of nodes going down, leaving the network for some reason, and so forth.

A couple of students in my Middleware class this semester picked this theme up and did some further exploration. There were a couple of items that caught my eye.

  • PStore is a secure P2P storage solution from some researchers at MIT. Overall, the feature set seems quite nice, but the code is not available and it doesn't incorporate erasure codes as fas as I know.
  • DIBS is a similar idea written in python that does use erasure codes. The UI is something only a geek could love.

Apart from being genuinely useful in a campus environment where its difficult to provide effective back-up solutions for even critical files, this is an excellent example of a P2P network beyond mere "file sharing" which has grown to have negative connotations. I'd love to see the headline "BYU Embraces P2P Technology."

10:58 AM | Comments (3) | Recommend This | Print This

April 9, 2005

Chad's Under Attack!

InfoWorld's Chad Dickerson has the nerve to question the practicality of supporting OS X in a small shop and the Mac faithful took him to task. Give me a break guys! The fact is that getting all the pieces to work together in even a relatively small IT environment can be difficult. Legacy systems, PC-only applications, and even IE-based Web applications all take their toll. There's only so much money and so many hours in a day.

Making a Mac work in a PC-friendly world is doable, but there are pitfalls all along the way. A small example: just the other day, my research group nearly missed a meeting with our sponsor because they sent out the invitation from Outlook. Yes, iCal can read them, but a glitch, the details of which are unimportant, caused it to hiccup. I think the benefits of having my research group using Macs outweighs the problems, but there are problems and you have to be pretty hearty to make it work.

Attacking Chad as "not pure enough" isn't going to advance the world of Macs and pointing out to him the obvious solutions that he already knows about won't help either. What will help? Continue to make the Mac compelling and then adapters will be created for legacy apps, more applications will be built for both platforms and fewer IE-only Web applications will be deployed.

6:29 PM | Comments () | Recommend This | Print This

AJAX and CMS

Tony Byrne, CMSWatch has created a nice screencast showing how AJAX techniques can be used to enhance the user interfaces of CMS systems. He highlights four specific things done in four different systems. Its short and informative.

6:01 PM | Comments () | Recommend This | Print This

April 8, 2005

Keyhole Data at Google Maps

When I was CIO for Utah, I played with a tool call Earthviewer that was based on Keyhole satellite data and let you zoom in on satellite images anywhere in the world. I blogged it and still get some traffic from people googling "earthviewer." We were contemplating buying it for Homeland Security uses. Now it turns out that you can get a lot of the same functionality from Google for free.

When Google bought Keyhole, the satellite image company who owns the data that makes Earthviewer work last year, I wondered what they'd do with it. Now, we know. If you go to Google maps and click on "satellite" in the upper right hand corner, you get actual satellite images for the locations you type in instead of maps. For example, here's the image for the area around Utah's State Capitol. The resolution isn't so hot. Look at 1600 Pennsylvania Ave. You can count the cars. This is awesome.

6:30 PM | Comments (3) | Recommend This | Print This

April 7, 2005

VMWare Performance on Linux

Harsh, one of my students, has posted some initial results for Linux performance on VMWare ESX. The inital results show better IO throughput for Linux on VMWare at load than for Windows. There's still much to do, but this is a start.

8:16 AM | Comments () | Recommend This | Print This

KSL Radio Has a Podcast

Back in November, I suggested that KSL radio start a podcast and they've delivered. In fact, they've got five of them for their most popular local shows, including the BYU Coaches show--who couldn't love that!

8:09 AM | Comments (2) | Recommend This | Print This

April 6, 2005

Power Laws, Longtails, and Software

I'm speaking to a couple of classes at UVSC this evening on Power Laws, Longtails, and Software. The message is a combination of some things I've thought lately as I've listened to some of the Software Development Distinguished Speakers Forum at IT Conversations, read Paul Graham, listen to Jason Fried on Building Basecamp, read Peter Denning, listened to Chris Anderson, and talked with friends at Aradyme and Sento. The talk starts with a discussion of why computer are ruled by power-law distributions instead of gaussian distributions, moves into longtail concepts, and then applies those lessons to building software. If it goes well, I'll probably be giving it a few other places as well.

4:03 PM | Comments () | Recommend This | Print This

April 5, 2005

Interface Descriptions

I wrote a bit about Harold Carr's visit to my class yesterday and the thoughts it prompted about interface descriptions over at Between the Lines.

6:17 AM | Comments () | Recommend This | Print This

April 4, 2005

Dean Meyer in CIO Magazine

I first heard of Dean Meyer when I read his book Decentralization: Fantasies, Failings, and Fundamentals. From the title, you can guess what its about, but you'd be surprised by some of the conclusions. I had Dean out to Utah for a day with the IT Directors when I was Utah's CIO. He was a great facilitator and led us in some importance directions. If you're trying to do some reorganization of your IT department, then reading Dean's books is well worth your while and having him out for a visit is even better. I mention Dean because I just discovered that he's writing a column called Beneath the Buzz for CIO magazine. The first three deal with ITIL, governance, and portfolio management.

Here are a few other Dean Meyer books you might like:

5:41 PM | Comments () | Recommend This | Print This

I Love Calling Comcast

Today, for the third time in a week, I came home and my son told me the "Internet is down." I checked and just like all the other times, I actually could ping the Comcast gateway and so I knew the Internet wasn't "down." What's actually going on, however, is that the DNS isn't working for some reason. For the third time I called Comcast. Not so much because I have to, but because I like to. They're actually fairly helpful (if pedantic) and polite. Besides I still have 50,000 shares of ATHOME stock for which I need to get my money's worth somehow.

It turns out that they solve the problem, but I still haven't figured out why what we do solves the problem since we've done something different each time I called. The lesson for enterprise computing is that while Comcast's customer support is fulfilling the mission of getting me back online, they're not solving the real problem and so they keep getting called. They never get to the point where they discover I can ping their gateway. Another interesting fact, they don't seem to know I called just a few days ago. If they do, they're playing dumb. That's cool, because so am I. :-)

5:25 PM | Comments (1) | Recommend This | Print This

Support KCPW

KCPW has provided support for the Utah blogging community through their news coverage and their “Blogger Friday” segment on Midday Edition.

KCPW is now in the middle of their pledge drive and needs your support today. KCPW is a community licensed radio station – meaning nobody owns it – so it’s truly an independent news organization. 85% of their operating budget comes from the public – and that means you. Visit www.kcpw.org or tune in to make a pledge and support outstanding news coverage in Salt Lake City.

2:45 PM | Comments () | Recommend This | Print This

April 2, 2005

Using GDBM with Scheme

I've finished an update to the mzgdbm extension for PLT-Scheme that lets it work with PLT-Scheme v299.100. The update mostly involved how its built and making allowances for v299.100's use of UTF-8 strings. You can download the package here

3:01 PM | Comments () | Recommend This | Print This