Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Understanding RSS
Digital ID Policies
Understanding VoIP
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Friends

Mike Jones
Chuck Knutson
Kristen Knight

Copyright

Copyright © 2002-2006 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« March 2006 | Main | May 2006 »

April 28, 2006

April CTO Breakfast Report

Today we did something different at the CTO breakfast and brought a projector for 5 minute lightening demos.

  • Nathan Conger from Novell went first and showed the new SUSE Enterprise Linux Desktop. We saw Beta 10. This is available from OpenSUSE.org. Nice integrated wireless network management. Virtual desktops are a rotating cube. Windows warp when you drag them. Windows can live "on the corner" of the cube. An official DVD player will ship with the final version. Window transparency built-in. Expose-like behavior. All-in-all, pretty flashy. Support for Visual Basic macros in OpenOffice. Windows users now have to envy SUSE as well as OS X.
  • Jeff Hunsaker from SCO showed a mobile technology called Shout. Shout is an application based on a platform called Me, Inc. Shout is a way to broadcast one to many voice messages to phones (via SMS) and email addresses from your mobile phone. Other Me Inc applications include one called Vote that allows you to broadcast "polls" to a group and collect results. Another application was a mobile order entry tool. The tool connects to legacy applications (COBOL, PowerBuilder, etc.) over the phone network and uses Web services. Building other applications takes a few weeks. The Me, Inc. platform allows these applications to run across mobile platforms regardless of the underlying OS.
  • Dallan Quass from WeRelate.org (not WereLate.org). Using Google to find genealogy using last names either gives back too many results or only shows 30-50% of the available sites (when you limit it with other keywords). Dallan demoed a search engine specific for genealogy. Having a domain specific search engine gets better results and also gives better ancillary services like "what's related." The really cool thing is that the search engine allows users to use a wiki-like feature (based on MediaWiki) for influencing future results. They've extended MediaWiki to use XML blocks for storing structured data. In case you're wondering what business Dallan has doing search engines, he has a long history in search, building (and selling) the Junglee search engine in the Web 1.0 days.

Phil Burns announced that the next GeekDinner will be a first-night screening of X-Men 3.

Bruce Grant spent some time this month playing with Grails, a Rails-like framework for Groovy. Groovy is a dynamic language that has access to all of the Java Libraries because the scripts compile to JVM byte-code. I wrote about it at OSCON 2004. Bruce thought it was still too immature to be useful.

Parallels seems to have made a few people think seriously about buying a MacBook. The latest release has shared folders between the virtual machines. Scott Lemon reported that performance was "mind blowing."

We got into a discussion Tivos. Rumors of Desktop Connection for Macs in May. Roxio's Popcorn seems to be a good tool for getting video on the iPod.

Company's leak IP. It's not about how much IP you have, it's about how fast you can generate it. Patents are a form of mutual assured destruction where companies amass them in an effort to ensure they can take on anyone who tries to take them on.

Update: Richard Miller has notes from the breakfast.

9:47 AM | Comments () | Recommend This | Print This

The Participation Spectrum

Ross Mayfield has an excellent essay on the spectrum of participation, the choices we have about how much of ourselves to put into any given activity on the Web. He points out that high engagement activities like leading, moderating and collaborating build a sort of collaborative intelligence that's greater than the collective intelligence we get from low-threshold activities like tagging or commenting. Writing--blogging--is somewhere in the middle because you can use a blog merely to comment or you can use it to refactor, moderate, and lead. Your choice...

1:53 AM | Comments () | Recommend This | Print This

Audio Interviews

I was listening to the latest installment of Paul Figgiani's The Point podcast this morning. Paul is IT Conversation's senior audio engineer and all-around go-to-guy for anything audio. In this podcast Paul mentions that he's bought some new gear for his studio and had phone lines installed so that he can record interviews. Doug Kaye's done this in the past, but as he moves into his new role as master and commander of the Conversations Network he's been load shedding.

Paul will be making this service available to IT Conversations hosts who want to record phone interviews, as well as the general public. If you're a podcaster who's tired of poor quality phone interviews, then you might be interested in Paul's services. I think you'll find that he's not only a pro who can make you sound great, but also a great guy to work with.

1:00 AM | Comments () | Recommend This | Print This

IIW2006: Monday Activities

It would be helpful for us to get a count of people who are planning on attending Monday's afternoon session, the dinner that evening, or both. If you're planning on being at either of those activities, please visit this page on the wiki and add you name to the appropriate list.

12:56 AM | Comments () | Recommend This | Print This

Story of Digital Identity

Kaliya was on Aldo Castaneda's Story of Digital Identity podcast this week talking about the Internet Identity Workshop. We're expecting a good crowd.

12:37 AM | Comments () | Recommend This | Print This

April 26, 2006

Kim Clark on Modularity

I attended a UTC (formerly UITA) breakfast this morning where Kim Clark, President of BYU Idaho and former Dean of the Harvard Business School, was the featured speaker. (photos)

Pres. Clark talked about harnessing the power of modularity. I reviewed his book, Design Rules, in January. Design Rules is about modularity in IT and the advantages that it gives. Design Rules was hands down the best book I read in 2005. I think anyone interested in infotech should study it.

He begins by pointing out (with a graphic) the staggering dominance of IBM in the IT industry in the 60's and how that dominance has dissipated over time. IBM and others were vertically integrated. DEC did it's own injection molding to create computer cases. Now, the industry has reorganized in modular clusters that are more horizontal. This change has also caused value to migrate from the vertically integrated companies and it more spread out.

These changes were made possible through changes in the underlying design architecture. What makes a design architecture industrially powerful, and unmanageable. This unmanageability means that it can't be contained inside a single company.

Modularity is on the key change in the design architecture. Modules are highly interdependent internally, but independent of each other. The power of modularity is that the system can be decomposed and designed independently. The design rules allow these independently designed modules to work together in an integrated way.

The Design Structure Matrix (DSM) is a tool for gauging the independence of modules. You can use DSM to determine at design time the modularity of the system you're building. Once a system has been modularized, complexity becomes manageable and groups can work in parallel. Modularity welcomes experimentation.

Pres. Clark goes into the IBM 360 example. IBM understood the first points: managing complexity and working in parallel. They misunderstood the last point. Once a system has been modularized, you can conduct many more profitable experiments on a module. IBM missed the fact that they could profitably invest more R&D in it's modules. Disk drives were the first. In 1967, Alan Shuggart and others left IBM to essentially found the entire disk drive industry.

Modularity creates options. You get the right, but not the obligation to use a new design. Before modularity, you have a single option: design a new system or not. With modularity, there are thousands of options. Each of those options can become a new company. These companies are formed around modules.

Option value can be high or low. Some systems have very high option value. This value can be seen in products where there are lots of versions and innovation happens very quickly. Where you have high option value and modularity, you get an explosion of industry.

Pres. Kim Clark, BYU Idaho
Pres. Kim Clark, BYU Idaho
(click to enlarge)

One key factor in option value is physics. Digital systems are a good example. Another factor is user innovation. Knowing about customers creates option value. This is the notion of the "killer app." The third factor is architecture. Being able to take existing modules and rearrange them creates option value. Japanese copier manufacturers engages in this kind of architectural redesign and moved in on Xerox.

The potential value of a given system is a factor of the number of modules and the number of experiments. This is the idea behind the notion of "best of breed."

Strategy in this kind of modularity is a lot like chess. There are lots of contingencies. There are many wining strategies. There are strategic patterns (gambits, to continue the chess analogy).

There are four strategies:

  1. Blind competition. Many times players have no sense of what will happen and how it will play out, but companies get in and compete hoping to get bought if they're good enough. Compaq, Kaypro, and others followed this strategy.
  2. High return on invested capital (ROIC) on a small footprint. Examples: Dell vs. HP/Compaq. Sun vs. Apollo.
  3. Lead firm competition. Microsoft is an example. Being a monopoly is a key strategy. Other smaller players also do this in niches. Mergers and acquisition (Cisco) is another example here
  4. Open source development. Apache, Linux, etc. IBM is using this strategy.

He elaborates on the High ROIC strategy, going into detail on Apollo, "the darling of Wall Street." Apollo kept control of many key aspects of the design. Then comes along Sun and the do even less. Their strategy was to use as many off the shelf parts as they could. Sun knew that you could focus on the core parts of the system and outsource everything else. Sun's secret sauce was a piece of hardware that did memory management. Sun's other key choice was to adopt industry standards wherever possible. Sun had half the working capital per dollar of sales compared to Sun. Their ROIC was 20% at Sun while Apollo's was 2%. Sun needed less capital to compete. Dell has done even better. They have negative working capital. Their suppliers are funding the company.

He moves to "lead firm." As the lead firm, you're always under attack. Everyone is after you. The strategy is to deter potential competitors, even be threatening. Creating FUD is a key tactic. This is an unstable situation, as Microsoft has found out. A more stable "lead firm" strategy is Cisco's approach. By buying small firms with big potential, they absorb the attackers.

So, how do you compete in a modular industry with modular clusters?

  • Expect turmoil.
  • Use M&A to become the lead firm in some slice of the stack.
  • Use design architecture to reduce your footprint and increase ROIC.
  • Use open source software to clone your complimentor's products. That maintains discipline and innovation.

Rich Nelson of UTC and his staff are to be commended for a stellar event. Judd Bagley captured the audio. I'm hoping we can get it up on IT Conversations soon.

2:01 PM | Comments () | Recommend This | Print This

April 25, 2006

How Does OpenID Work?

I've been trying to dissect OpenID and make sure I really understand what's happening. The spec is the ultimate source, but obviously covers all the bases. What I wanted was a picture, but I couldn't find one. So, I made one.

Part of the problem with understanding the spec is that the text tells what has to happen, but there are some implementation details which, while variable, as still helpful for decoding the ins and outs of the most common scenarios. For implementation details, I turned to a Web proxy to help capture the HTTP request/response pairs. The one I used was called Charles Web Debugging Proxy. It's quite good and runs on all the major platforms. As shareware goes, it's a little steep for what it does: $50. Half that would be more like it. Still it did the job admirably.

So, from the spec and my poking around, I came up with the following scenario for what I deem to be the most common use case. Note that in OpenID parlance, the relying party is called the "consumer" and the identity provider is called the "OpenID server." I've tried to stick to the OpenID terminology where I can.

  1. User is presented with OpenID login form by the Consumer
  2. User responds with the URL that represents their OpenID
  3. Consumer canonicalizes the OpenID URL and uses the canonical version to request (GET) a document from the Identity Server.
  4. Identity Server returns the HTML document named by the OpenID URL
  5. Consumer inspects the HTML document header for <link/> tags with the attribute rel set to openid.server and, optionally, openid.delegate. The Consumer uses the values in these tags to construct a URL with mode checkid_setup for the Identity Server and redirects the User Agent. This checkid_setup URL encodes, among other things, a URL to return to in case of success and one to return to in the case of failure or cancellation of the request
  6. The OpenID Server returns a login screen.
  7. User sends (POST) a login ID and password to OpenID Server.
  8. OpenID Server returns a trust form asking the User if they want to trust Consumer (identified by URL) with their Identity
  9. User POSTs response to OpenID Server.
  10. User is redirected to either the success URL or the failure URL returned in (5) depending on the User response
  11. Consumer returns appropriate page to User depending on the action encoded in the URL in (10)

This scenario assumes that you are not already logged into the OpenID server. Normally, you'd stay logged in there and so steps (6) and (7) would be unnecessary.

While this looks like a lot of back and forth, assuming you're already logged in, the user actually only sees one page in addition to the original login page. This page, which I call the trust form (I'm not sure it has an official name) asks the User if they want to trust the Consumer site (identifying it by URL).

This scenario also does nothing to address security in OpenID. For that, you'd better read the spec. There are some nuances to be understood.

If you're familiar with OpenID, I'd appreciate any feedback on the picture and scenario. I'd like to make it as correct and understandable as possible.

2:57 PM | Comments (3) | Recommend This | Print This

ITC Show Ratings

In yesterday's IT Conversations newsletter, I neglected to save the text before I uploaded it to the system that sends it out. The only thing that had changed since the last save was that I'd added ratings to the summaries from last week's shows. Since some people really like that part of the newsletter, I thought I'd remedy the problem here:

To help rate shows, you can either go to the show's detail page, or simply visit recently heard page where you'll see a list of the last 20 shows you downloaded or streamed. That's a convenient one-stop place to rate a bunch of shows.

Just out of curiosity, I decided to look at the top ten shows on ITC. There are currently around 850 shows on ITC that have a ranking of some kind. There are 60 that have a ranking of 4 or above) and another 5 or 6 within striking distance. I've arbitrarily removed shows that less than 20 people have ranked from this list:

  1. Peter Diamandis - X Prize Foundation (Rating: 4.47)
  2. Robert Trivers - What Do We Know (Rating: 4.44)
  3. Steve Wozniak Part 2 - Gnomedex 4.0 (Rating: 4.40)
  4. Paul Graham - Author of Hackers and Painters (Rating: 4.40)
  5. Cory Doctorow - Europe's Coming Broadcast Flag (Rating: 4.4)
  6. Nassim Nicholas Taleb - What Do We Know - The Scandal of Prediction (Rating: 4.35)
  7. Clayton Christensen - Capturing the Upside (Rating: 4.28)
  8. Brewster Kahle - Universal Access to All Knowledge (Rating: 4.27)
  9. Lawrence Lessig - Clearing the Air About Open Source (Rating: 4.25)
  10. Ze Frank - Performance Artist, Humorist, Web Designer (Rating: 4.24)

One thing I noticed is that I'd only heard 4 of these. That makes 6 great shows I can put on my queue. A few other interesting facts: four of the top ten shows are from PopTech! and only three are from before 2005. None of them are what I'd call "hard-core IT" but rather observations about IT or interesting talks about other sciences.

6:50 AM | Comments () | Recommend This | Print This

ITC Forums

One of the features on IT Conversations that gets little attention from listeners is the forums. On each show's detail page (example), there is a link called "Discuss") that links out to a forum. If you follow it, you see a forum page just for that show.

The ITC system creates the first post for each show, essentially getting the ball rolling by posting the show's summary. But, for most shows, that's all that ever gets published. There's almost never any discussion.

This is a little surprising to me given the amount of traffic that ITC gets and the level of enthusiasm many listeners express for particular shows. Maybe I shouldn't be surprised. For a medium that mostly aural, most people aren't sitting in front of their computer when they get excited about the content of a show and so the barrier is too high. I listen mostly in my car, for example, and so I've taken to carrying a small voice recorder with me so that I can record things I like about a show to comment on later.

Still the fact that lots of people do take the time to rate shows tells me that people do get back to the detail page for shows they like (or even hate). Consequently, there are probably some structural issues that are dissuading people from commenting. Here's a few I've thought of:

  • The "discuss" link isn't prominent enough or doesn't give enough feedback (such as how many posts have been made on the show)
  • The forum system, with the discussion happening off the show's detail page is too far removed from where people are putting their attention.
  • Most people would rather comment on their blog and what we really need are trackbacks. There are thousands of referrals each day, so people do link to posts.

In general, I think we could do a better job of calling people to action--not just for discussing, but also for emailing, digging, posting to del.icio.us, and blogging posts. The "rating" feature is prominent, easy to do, and gives immediate feedback of what other people think. Those are probably all good reasons that it gets used.

One idea would be to add links for all of these "calls to action" on the recently heard page. This page shows you the last 20 shows that you downloaded or streamed. It's a nice place to see lots of information all at once and rate several shows in a quick, easy way.

If you've got ideas about how to improve discussion, or any other feature of IT Conversations, don't hesitate to contact me. I can't promise we'll get to every idea--our resources are primarily aimed at getting great shows up and ready to listen to--but we'll try to get at the ones we can.

5:33 AM | Comments (1) | Recommend This | Print This

April 24, 2006

LDDI Replaces UDDI

Dave Linthicum says:

With lack of interest in UDDI there seems to be a need for another directory standard to come up and take its place.
From Will there Ever Be a Common Directory Standard? | By Dave Linthicum
Referenced Mon Apr 24 2006 16:48:55 GMT-0600 (MDT)

I propose LDDI, a system built using RESTful techniques and microformats that creates a human and machine readable directory for Web services.

4:48 PM | Comments () | Recommend This | Print This

Evangelizing a Blog

Guy Kawasaki has some tips for evangelizing a blog. I've added the link to my piece on How to Start a Blog. The number one piece of advice for getting your blog recognized from almost every where you look will be the same: write things people want to read. In the end, there's no substitute for that. That said, there are things you can do to promote your blog and build an audience.

11:53 AM | Comments () | Recommend This | Print This

April CTO Breakfast Reminder

Just a reminder that April's CTO breakfast will be held this Friday (Apr 28) at 8am in the usual location (Bldg L, Food Court of Canyon Park Technology Center).

This time we're going to try something new. I'll have a projector there and we'll invite (at the meeting) 2-3 people to give 5 minute demos. So, if you've got something you'd like to show, bring a laptop or a URL. This doesn't have to be something you made. It could simply be something you think is cool and that the entire group would enjoy seeing. On the other hand, if you just created the world's coolest Web 2.0 app, feel free to come show that to us too!

Future CTO Breakfasts will be held on

  • May 19 (Friday)
  • June 23 (Friday) - avoiding 4th of July weekend
  • July 14 (Friday)
  • August 25 (Friday)

Mark your calendar now.

11:33 AM | Comments () | Recommend This | Print This

Highlights for IT Conversations

There were several shows that caught my attention last week on IT Conversations. I'd intended to blog about these separately as I listened to them, but time marches on...

Thomas Malone's presentation from Accelerating Change was one I'd heard in 2004 at SuperNova. Malone's book, The Future of Work: How the New Order of Business Will Shape Your Organization, Your Management Style and Your Life, is the basis for his talk. Both the talk and the book are worth your time.

Malone's thesis is that whenever new cheap materials show up in the economy, they change the way we live and the way we work. The cheap new material of our day is communication. Cheap communications is creating new, innovative ways to organize teams. For example, the real innovation of Wikipedia isn't the wiki, but rather the new distributed work structure that it created.

eBay is another favorite example of Malone's. There are over 400,000 people who make the majority of their living by selling things on eBay. If eBay had to hire all these people, they'd be one of the world's largest companies. But in fact, these people aren't eBay employees or even contractors. In fact, they pay eBay. They do this because eBay's global infrastructure allows them to work with unparalleled freedom. eBay has reinvented retailing by outsourcing everything but the transactions.

Malone discusses a scenario that he developed for Intel that uses internal markets to allocate fabrication resources to products. Here's a clip of Malone discussing that scenario and how it works.

Another talk that caught my ear was Rebecca MacKinnon's talk from PopTech! If you're as interested in China as I am, then you'll want to listen to this. MacKinnon was the CCN Bureau Chief in Beijing in the 90's and is now at the Berkman Center. She discusses how the Internet is changing life in China in spite of government censorship.

One interesting story is about how China's version of American Idol is allowing people to vote, even if they can't vote for political leaders. She relates stories from Chinese blogs saying exactly that.

MacKinnon's no apologist for China's government. In fact, she goes into great detail about how the government uses technology to censor speech as well as punish dissidents. Censorship is being built into media and user-created content business models and thus it's not slowing down innovation in this space. Should we be concerned? Maybe. If China's successful in building successful media businesses with censorship "baked into the code" then other countries might be tempted to follow suit.

I always enjoy hearing Dave Sifry give his State of the Blogosphere address. Sifry gives some special attention to the rise of blog spam and it's affect on blogs.

9:19 AM | Comments () | Recommend This | Print This

April 21, 2006

IRAs Reduce Risk

I was speaking with Aldo Castaneda this morning about Identity Rights Agreements. Aldo was one of the co-authors, along with Kaliya Hamlin and myself of a position paper on IRAs.

We had a good time talking and there were some good thoughts, but one in particular that I wanted to record dealt with getting business to accept IRAs. The problem, of course, is that if IRAs are seen to come from "privacy nuts" then business will perceive a lot of risk for not much reward. IRAs will be seen as creating a liability where none existed before.

There's an alternate view of IRAs as a technology that reduces risk. If IRAs are seen as a codification of a site's privacy policy and tools exist to use IRAs to allow a business to automatically assess and monitor its own site's compliance with it's IRAs, then this reduces risk. Privacy compliance now becomes an operational issue that can be monitored.

Of course, such tools would have to be built, but the pre-cursor to building tools is developing the standard and that's what IRAs are. I think Identity Commons, if it wants to champion IRAs ought to consider putting together an industry advisory board for them and getting industry players to see IRAs as a way to help them manage what is now unmanageable.

4:00 PM | Comments (2) | Recommend This | Print This

DIM Workshop 2006

I've been asked to be on the program committee for the ACM CCS2006 Workshop on Digital Identity Management, which will be held November 3, 2006 at George Mason University in Fairfax, VA. The tagline for the workshop is "Exploring User-Centric Identity Management." Papers are being solicited on the following topics:

  • Basic principles -- what makes an identity system user-centric?
  • Client-hosted identity
  • Consistent UI for identity transactions
  • Identity lifecycle management
  • Identity Metasystem
  • Identity theft prevention
  • Privacy-enhancing identity management
  • Private Credentials
  • Social networks
  • Strong authentication
  • Unlinkability of Transactions
  • URI-based identity systems

Papers are due on July 7, 2006. This should be fun.

3:24 PM | Comments () | Recommend This | Print This

April 20, 2006

It's Not 500 Channels Stupid

I remember reading an article in 1996 about "what is the Internet and what does it mean to me?" in one of those airline magazines that are always sitting in the seat pocket when you get on a plane. The bottom line of the article was that the Internet would bring 500 TV channels into every home.

I remember thinking that this poor author just didn't get it. The Internet would bring millions of channels into our homes. I used to try to characterize this as a everyone as a media creator, but that didn't really capture it. Now Robert Young has written a great essay at BTL that captures the real vision very nicely. In Young's world, we're all media programmers of highly distributed micro-channels. I'm adding that to my resume.

10:43 AM | Comments () | Recommend This | Print This

April 19, 2006

IT Conversations RSS Feed is Not Feeding

There's something wrong with the RSS feed for IT Conversations and it hasn't published a new show since Sunday (Thomas Malone). We're working on it and hope to have it fixed soon.

If you use iTunes to listen to IT Conversations, note that the default settings will only download the most recent show. That means that when our RSS comes back, you'll miss all but the last show. I've actually changed mine to download all the shows so that I don't miss them if I happen to not have iTunes fired up one particular day. To do this, go to 

iTunes->Preferences->Podcasts

and set the pull down menu labeled "When new episodes are available:" to "Download all." That will ensure that you don't miss any IT Conversations shows now or in the future.

6:47 PM | Comments () | Recommend This | Print This

April 18, 2006

LDDI: Microformats for SOA Registries

My student, Tom Warne, has been working on a project we call LDDI for the last 9 months or so. LDDI is short for Lightweight Description, Discovery, and Integration. LDDI is briefly described in the short paper LDDI: Microformats for SOA Registries.

lddi ussage scenario
LDDI Usage Scenario
(click to enlarge)

LDDI uses microformats and HTTP to achieve a usable registry service for SOA. The idea is quite simple, but also fairly powerful since it makes a human readable Web site into a machine readable registry service. Because it's based on XHTML and HTTP, it is browser and search engine friendly.

Tom has developed the microformats for WSDL and WSIL and built tools that demonstrate how they can be indexed, searched, discovered, and used within existing Web services frameworks like .Net and Java. His thesis will be done in the next few weeks. I hope to have a paper somewhere in between the 3 page document I linked above and the 100 page thesis in size in the near future and links to tools so that interested parties can try it for themselves.

Interestingly, Tom met some resistance to this idea from people in the microformats and REST communities. I guess the feeling was that "pure" technologies were being used in the service of something that was "wrong" or maybe even "evil." My feelings are more pragmatic than that. There are lots of smaller organizations that can't afford a UDDI registry and yet will need a way to record SOAP-based services. Why not use RESTful techniques in service of that very real need?

What's more, there's nothing in what Tom's done that is limited to SOAP-based services. This work also demonstrates that a functional registry of RESTful services could be developed as well--if there were a description language for RESTful services.

At any rate, I think Tom did a great job of demonstrating what can be done. There is much to be done.

  • There are additional microformats that could be profitably included in the system.
  • The whole idea of searching microformatted data is open.
  • Registries are morphing into repositories, storing more and more metadata about services. What does this mean in the microformatted space?
  • The entire system needs to be made "releasable" and usable so that other's can use and add to it.

If you're interested in seeing any of this work move forward, there are students who could use your support. Supporting a student is a sure fire way to see your agenda move forward for a small investment.

I'll be presenting this work at WWW06 in Edinburgh next month. If you're going to be there contact me.

7:41 PM | Comments (1) | Recommend This | Print This

Navigating with Tags

Jon Udell has pointed to a new set of services that InfoWorld is using to help people navigate the information on their Web site. They're beta right now, but Jon expects they'll go live on the main InfoWorld site sometime in the future.

The place to start is with iws and search for something you're interested in. Once you've got results, clicking on any of the tags will limit the search results to just those with those particular tags. This uses the second tool, iwx.

This is a very fast way to narrow in on the relevant articles for a given set of tags. One thing that confused me at first was the fact that tags toggle off and on. Every time you click on a tag, you're conjoining it (logical "and") with the other tags that have already been clicked. Clicking it again removes it from the conjunction. Some way of indicating the toggle in the interface would be nice.

This also makes the iwx tool somewhat confusing if you go to it without doing a search first since what you get is every article and the list only gets narrowed when you start clicking on tags. Of course the tags you want may not be in the first page. Putting a tag cloud on this page at the top would be helpful. Maybe one that could be hidden no needed or as relevant.

One nit: when you've drilled down on some information, it would be nice to be able to back out without unclicking tags one at a time. A "reset" link and maybe even some bread crumbs would be nice for navigating around the tagspace.

If you haven't noticed before, InfoWorld quietly started adding tags to each article some time ago. They're on the right hand side and use del.icio.us. It would be interesting, of course, to really use the folksonomy in this tool so that readers were classifying articles and searchers were benefiting from their work.

Jon and InfoWorld should be commended for trying to move beyond mere search for processing the bulky information that underlies any large Web site. I'm looking forward to seeing what comes of this experiment.

7:30 PM | Comments (1) | Recommend This | Print This

IIW Gear Available at CafePress

Shirts and other stuff with the cool Internet Identity Workshop logo are available now at CafePress. All this is at cost--there's no markup.

If you're planning on coming to IIW May 1-3, I'd really appreciate you registering as soon as possible so that we can use reasonably good numbers for planning food for breaks, etc.

4:08 PM | Comments (1) | Recommend This | Print This

April 17, 2006

Fuzzy Boundaries

The January 2005 issue of ACM Queue contains and article by Roger Sessions called Fuzzy Boundaries that does a good job of discussing the differences between objects, components, and services and when to use each. This is a difference that's hard for students to grasp at first and I suspect many a veteran programmer would have a tough time explaining it, even though they understand it intuitively.

To start with, we have to acknowledge that each of these has the same abstract purpose: stick some code behind a well-defined API and are designed to respond to requests from a client.

Sessions differentiates them by referring to process and environment. For objects for the object and it's client live in the same process and the same environment. For components, the client and target exist in separate environments, but the same process. Sessions defines an environment as a component framework like EJBs or Corba. Services don't share either processes or environments.

Sessions used the following table to clarify the differences. Builder relationship and quantity are interesting. Builder relationship specifies the relationship between the builders of the target and the client. Quantity is a relative measure of how prevalent these various forms will be in any given system. Because services are meant for top-level APIs between organizations, they will be relatively few.

  Objects Components Services
Locality Same Process Different Process Different Organization
Environment Same Same Different
Communication Speed Fast Slow Very Slow
Builder Relationship Same Person Same Group Different Organization
Quantity Tons > 1 per process few

The important point is that objects, components, and services aren't mutually exclusive. Rather, each has it's place and a complex system will probably have some of each in the proper proportions.

Sessions finishes the article by describing the "software fortress" model of architecture that he put together for his book by the same name. This model is all about defining boundaries and creating a framework for proper analysis. The book's out of print, but available used from Amazon. I've ordered a copy.

2:49 PM | Comments (1) | Recommend This | Print This

IHC WiFi

My wife's having some minor outpatient surgery done today, so I've been at the hospital, waiting... To my pleasant surprise, I found that they have a public WiFi hotspot. They seem to be blocking quite a few ports, which is odd since I assume this is outside their firewall. But hey, I'll take what I can get.

2:40 PM | Comments () | Recommend This | Print This

April 15, 2006

Redirecting a Blog Domain

Jordy Gunderson moved Paul Allen's blog to a new domain and put together some information about how to do that with minimal loss of search engine traffic. There's some other tips in the sheet I put together when I moved my blog from one system to another.

One of the things Jordy mentions that is easy to forget is being sure to redirect example.com to www.example.com. People expect that and often just don't type the www.

Jordy also points to a free link checker. That's a good thing to run over your site periodically whether you're moving or not.

11:36 AM | Comments () | Recommend This | Print This

April 14, 2006

Navigating User Centric ID Systems

If you've been following along, you'll remember that I set up a OpenID enabled MediaWiki for the Internet Identity Workshop. Yesterday, Johannes Ernst told me that you can use MyLID to sign in as well. Cool.

This works because MyLID not only understands LID, but OpenID as well. I've been wondering how to make the wiki accessible to LID, OpenID, i-names, InfoCard and others, but may have had it backwards. Because MyLID (the identity provider) is multiprotocol, the IIW wiki (the relying party) doesn't have to be. That is, if MyLID, MyOpenID, 2idi (an i-name broker), and other identity providers spoke not only the Yadis protocols, but also understood SXIP, InfoCard, and what have you, I'd be set. As a relying party, I can pick my protocol and expect your identity provider to understand.

I asked Johannes in an email if this is how he thought it ought to work. He thinks it's still such a new concept that not many people have given it much thought. I don't have many conclusions myself, but I've got a few random thoughts:

  • There will be hundreds of identity providers and I'll have accounts at dozens of them. Still, I don't want to pick which identity provider I choose to use for a particular task according to what protocol they speak (that should be below the radar) but rather according to other "business" criteria. I may choose to use my Amazon account sometimes and my BYU account other times.
  • As a relying party, I don't want to have to worry about which scheme to use. In fact, I care more about what conclusions I can draw from the authentication protocol used and the data it provides than I care about the specific protocol. OpenID is great for wikis and blog comments, but maybe not for logging into my online backing.
  • The distinction between what the user cares about and what the relying party cares about is what Phil Becker was talking about in the piece he did on Higgins. InfoCard is all about the user's view whereas Higgins is all about the developer. Very different audiences.
  • Relying parties will want to support multiple authentication schemes and need software and systems to do it.
  • Identity providers will compete to support as many as possible in order to be as "full service" as possible.

I'd love to see some discussion around these issues at IIW.

4:43 PM | Comments (2) | Recommend This | Print This

Using Audio Clips

I hadn't started producing a weekly IT Conversations news podcast like Doug did. He's continuing his for the Conversations Network. I may do that in the future. Even so, I want to comment about shows I especially enjoyed. I did that yesterday with Larry Weber's talk from Syndicate. I tried something new: audio clips.

Audio clips are one of chronically underused features at IT Conversations. You may not have noticed, but underneath the "Play Now" controls on each shows detail page is a link that reads "Create a Clip or Excerpt." When you click on this, you get a box to type in a start and end time and then the tool returns the URL that goes with that portion of the show you're excepting. Couldn't be easier.

I used it to clip five parts of Larry's talk and highlight the text. I think it's a great way to blog about some portion of a show. You may not want to do five clips from a show, but even adding one to blog post can add real information, in the speaker's own words, to your entry. Give it a try.

Someone asked me how I did the little speaker after the link. If you look, it's not in the source. I added a class="audioclip" attribute to the hyperlink anchor and then put this in my CSS file: 

a.audioclip  {
    background: 
        url(/images/ico_speaker.jpg) center right no-repeat;
    padding-right: 18px;
}

I think it would be even neater if we could just use an embedded flash player like we have on the IT Conversations homepage , but right now, the stream application used by the flash player doesn't understand the start and stop parameters that the clip application uses.

2:55 PM | Comments () | Recommend This | Print This

April 13, 2006

Larry Weber and Customer Experience

I really enjoyed listening to Larry Weber speak about his view of how the Web will change in the face of "user-generated media," his catch all for blogs, wikis, podcasts, and everything else you can imagine. Larry is a well known high-tech PR person who's thought a lot about how new media influences the behavior of companies. It was especially interesting to me because of some other ideas and work I've been doing on enhancing customer experience in eCommerce and online service contexts.

One of the key ideas I walked away from in the talk was that commercially oriented Web sites are all about transactions at this point: "click and buy" but that will change and the customer experience will come to dominate. Offline retailers have long known that if you keep the customer in the store another 20 minutes, they'll buy more. Online merchants have had a tough time being that engaging.

Here are a few other interesting points (I've linked to related clips from the audio):

  • The primary job of the CEO is to be an aggregator of community. Larry talks about creating constituency maps. If you do, you'll probably be surprised at how many different groups you're trying to communicate with.
  • Why do companies still publish paper reports to shareholders? Why not have an interactive video with the CEO, the CFO, and some customers? Put it online in rich media.
  • In the same vein, enterprise generated media is critical to the relationship that you have with your customers. Who needs press releases when you can have a blog? "They're always dumb anyway," he says. Why do you need marketing collateral? Podcasts replace interviews and so on.
  • Proctor and Gamble is taking money from the TV budget in order to create blogs and wikis with the goal of getting feedback from customers on what products to develop, how they should function, and what they should look like. He says: "We don't need to know everything about you, we need to know what you want from us."
  • The new success measure is length of engagement If you don't have a social interface that's thoughtful and educative, you're losing money. We have to measure engagement rather than clicks. Get people on your site and have a party. Measure how long are at the party.
  • Larry is sick of CEOs saying "I need measurement." What they need is the ability to adjust. We're living in a kinetic world. You can's just throw something out and measure it without being able to change it (and I'd add "in real time"). This is a hard job.

9:04 PM | Comments () | Recommend This | Print This

April 12, 2006

InfoCard and MediaWiki

A few days ago, I mentioned that we'd put up a version of MediaWiki that supports OpenID for the Internet Identity Workshop. I know that Johannes Ernst and others trying to get it all working with Yadis generally. A month or so ago, Kim Cameron InfoCard-enabled his Wordpress blog. I'd love to see this all working together. Is there any MediaWiki code that does InfoCard yet? If so, can these things co-exist?

2:59 PM | Comments () | Recommend This | Print This

AJAX Progress and Challenges

I just put up the latest installment of the Technometria podcast at IT Conversations on AJAX Progress and Challenges. A few months ago, Bruce Grant, Ben Galbraith, and Scott Lemon were all at my CTO breakfast and we had a really good discussion of AJAX issues. I decided continuing that discussion in the form of a podcast would be fun. We're all local, so I got everyone together in a conference room and we each put on a headset. The result was a great discussion of the history, current state, and likely future of AJAX, Comet, and other interactive Web technologies.

1:47 PM | Comments () | Recommend This | Print This

Obsoleting Grades

I recieved an anonymous hate email this morning that read in total:

You made my grade obsolete. Ugh...You suck like no other

This intrigued me. I'm not sure what it means to "obsolete" a grade. Is this a student, angry at a policy I have made? A former employee angry that they lost their position? I don't know, but I'm curious.

1:09 PM | Comments (2) | Recommend This | Print This

Social Playground or Media Sandbox?

Thomas Barnett, who I interviewed on my Technometria podcast a while back, has an interesting perspective on how technology influences geopolitics. In a recent post, he claims that online trends will ensure that ten years from now, the Web "will be more the New Core social playland than the Old Core media sandbox (not that Disney-ABC aren't trying)."

1:01 PM | Comments () | Recommend This | Print This

April 11, 2006

SSNs and Security

A colleague of mine is taking his son to Washington D.C. with him on business and they decided they wanted to tour the White House. To get approval, he sent a note to his Senator's office. They asked him to send his and his son's Social Security Numbers via email so that they could do a security clearance. He objected and said he'd prefer to fax them the information. They responded that this was OK, but that they'd be sending the SSNs to the offices of other Senators and Representatives to coordinate their tour with other groups. Of course, they'll be sending these via unencrypted email.

Does it strike anyone else as odd that an organization that is supposedly concerned about security is passing around SSNs via email, storing them on who knows who's hard drives and is otherwise as clueless as this? Presumably they want the SSN because there's some feeling that they can gather information about the person that can be used in triage. But by making them less secure and by using them insecurely, they expose themselves to being fooled.

A better solution would be to have a secured Web site where potential visitors enter their SSN so that it can be managed in a secure way--SSL protection in transit, encrypted field in the database, one record, etc. You'd still need governance to ensure the information was handled securely, but at least you'd have a chance.

12:44 PM | Comments (6) | Recommend This | Print This

Identity Privacy Contracts

I had a nice chat with Jeremie Miller this morning and he pointed me at a post I'd missed from Peter St. Andre on what he calls Identity Privacy Contracts. This is a well though out discussion on the levels of protection one would want in identity rights agreements. I think there will be a lot of discussion on this at IIW in May. Identity Commons is being reborn and hopefully this can be a mainstay in it's mission. To work, IRAs or IDPCs need organizational muscle, legal work, etc. Identity Commons, reconstituted, is probably the right place to do that.

9:30 AM | Comments (1) | Recommend This | Print This

April 10, 2006

Reality Week at IT Conversations

As I listened to the shows we published on IT Conversations last week, I kept getting the feeling that the week's theme should have been Reality IT.

  • I enjoyed listening to Oden Shakar's "East Meets West" presentation from Pop!Tech. Dr. Shankar is the Ford Motor Company Chair in Global Business Management at Ohio State University and author of the book The Chinese Century : The Rising Chinese Economy and Its Impact on the Global Economy, the Balance of Power, and Your Job. His talk about China's likely rise to be the world's largest economy over the next several decades is a sharp dose of economic reality.
  • One of the things I think the world needs more of is real-world implementor experience in the area of SOA. Too much of it seems like black magic and there are vendors everywhere promising that their product "delivers" SOA like it were so much bologna. In SOA War Stories and Battleplans, Sprint's Ed Vasquez, Avaya's Jerry Flasz, and Evergreen Investment's Tom Myers dish out some real world experience. I enjoyed it a lot. Note that the original copy I got in my RSS feed was only 15 minutes long and ended in the middle. If that happened to you, download it again--it's about 48 minutes long.
  • The last bit of reality was Dr. Cory Goodman's discussion with Moria Gunn on TechNation. He's the CEO of Renovis and he pretty much dumps cold water on the idea of monumental breakthroughs in the area of brain medicine. Maybe I took him to be more pessimistic that he really is, but it I couldn't help thinking that while medicine may make it so my body can live over 100 years, my brain is on it's own.

The other highlight for me this week was the O'Reilly Pick of the Week, Richard Florida's talk on The Rise of the Creative Class. I loved it the first time through and subsequently read the book.

5:14 PM | Comments () | Recommend This | Print This

April 8, 2006

Mozy to Safety

John Jonas recommends that you Mozy to safety. Mozy is an online backup service and tool. You get 2Gb free is you are willing to read a newsletter once a week. Even the 5 and 10Gb service is pretty cheap. Unfortunately the only client is for Windows, but they're "working hard on developing a Mozy client for other platforms." Uh-huh.

My back up solution works like this. I always buy another of whatever sized harddrive is in my laptop (120Gb at the moment), put it in a firewire enclosure and backup using Synchronize Pro. I make a bootable image. If my laptop were damaged, stolen, etc. I can grab the bootable 2.5 inch drive and firewire boot from any other Mac. Works like a charm--I've used it. The only thing I don't get is offsite backup. If I were really paranoid, I'd buy two and keep one at the office and one at home.

1:54 PM | Comments () | Recommend This | Print This

April 7, 2006

Audio 101

One of my new duties as Executive Producer is recording what we call the show IDs and the intros and "outros" for the IT Conversations series. The show ID is the very first portion program that introduces what's coming up: "Up next on IT Conversations..." The intros and outros are the pieces that are specific to a given series: "And now, here's out presentation from Emerging Technology..."

I have a pretty good set up, MOTU Traveler firewire mixer, Audio Technica mics, and so on. My goal is to get good sound, but I noticed as I recorded some things that it was muddy. There was also some hiss that I cleared up by changing mics to the Audio Technica from a Beringer I'd been using. I also wasn't happy with the audio editing software I had. Garage Band is limited, Audacity is buggy, and Audio Desk (which came with the Traveler) seemed overly complex.

So, I went back to school this week to learn more about audio recording the production. My schoolmaster was IT Conversations' Senior Audio Engineer Paul Figgiani. The old saw fits perfectly here: Paul has forgotten more about audio than I'll ever know. Paul runs a great site called PodCastRigs where he blogs about audio gear and has some recommendations on set ups for entry-level, basic, ultra, and pro bloggers.

Paul set me straight on Audio Desk, showing me how to customize it so that it was just what I needed, and also how to use the parametric filter to get rid of some of the muddiness. He's been a big help and I'm thankful to have someone to turn to with my newbie questions. I spent quite a bit of time fooling around with all this over the past week and feel like I've made some progress. Hopefully you'll be able to understand me now.

6:57 PM | Comments () | Recommend This | Print This

Learning the Ropes

My first week at the helm of IT Conversations has been fun and challenging. Doug had me doing a lot of work behind the scenes for the last 3 or 4 weeks, so I was pretty familiar with the software systems that he's crafted that make everything work. Even so, being "in charge" was definitely a different feel from knowing that I could just punt the ball to Doug whenever there's a problem.

The IT Conversations plumbing is complex, but remarkably effective. There's not many sites like IT Conversations out there, so almost all of it is custom. Doug, with a little help from some volunteers, has hacked it out in PHP. And while it's effective, it also still has some places where Doug "just knew what to do." Notwithstanding, I'm happy to be the guinea pig--soon there will be Executive Producers of other channels using the same system and someone has to be first.

6:55 PM | Comments () | Recommend This | Print This

Separating Authentication and Authorization

Yesterday I was talking to Kelly Flanagan, BYU's CIO about the OpenID enabled wiki we have for the Internet Identity Workshop. I'd love to see BYU put an OpenID server on top of their directory. That way I could easily have my students authenticating on my wikis and blogs. Of course, BYU has all kinds of APIs for doing this, but I have use certain development environments, have permission, etc. Solutions like OpenID are much more loosely coupled.

Our discussion ultimately got down the distinction between authentication and authorization. OpenID is a pure authentication system. It doesn't even support attributes in the spec (although they could be contained at the OpenID URL). The problem is that most enterprise system conflate authentication and authorization--probably because authorization is what most people are ultimately after. As a result, most commercial access management systems are mostly about authorization and do authentication as an afterthought.

This morning I was talking to Andre Durrand, CEO of Ping Identity (disclaimer, I'm on their advisory board). We got into the same discussion. Authentication is underrated. What's more, you get some great benefits from the separation. One of the most important is being able to control access based on the type of authentication used. If you're integrating authentication and authorization, you can't easily offer simple services to folks who authenticated with OpenID or LID and higher risk services to folks who authenticate with a multi-factor authentication--unless the integrated system supports all of these.

The reality is that most people use access management systems like SiteMinder as authentication systems since many applications have authorization built-in. So, ironically, while access management systems focus 80% of their functionality on authorization, most of their uses are ignoring it. By disintegrating authentication from authorization functions, you can buy the right amount of what you need and even swap them out independently of each other as your needs change.

1:44 PM | Comments (1) | Recommend This | Print This

April 6, 2006

New Digital ID World Blog

Phil Becker and Eric Nolin has started blogging at ZDNet, moving their old Digital ID Blog onto the ZDNet blog machine (where I blog on Between the Lines). Welcome to both!

2:18 PM | Comments () | Recommend This | Print This

AJAX Color Tool

Here's a nifty little AJAXy color tool demonstration. Once you pull out the tool, drag colors from the bottom of the box to the black boxes on the right hand side of the Web page to see the effect of that color on the layout.

9:10 AM | Comments () | Recommend This | Print This

April 5, 2006

OpenID and MediaWiki

Ross Mayfield generously donated a wiki for the Internet Identity Workshop and we used it to good effect for the event last October. This time there was some interest in using OpenID (and even Yadis, if possible) to do authentication and it just so happens that Jonathan Daugherty has created an OpenID patch for MediaWiki. With some help from the group at #openid on Freenode, especially Jonathan, I was able to get a patched copy of MediaWiki up and configured to use OpenID. It's now the official Internet Identity Workshop Wiki.

Here's what I did to make it all work:

  1. Install MediaWiki 1.5.8
  2. Configure MeidWiki (success)
  3. Apply patch

I got the following results from applying the patch: 

[web@lynx mediawiki-1.5.8]$ patch -p1 <openid.patch
patching file docs/openid.txt
patching file includes/AuthPluginOpenID.php
patching file includes/AuthPlugin.php
patching file includes/DefaultSettings.php
patching file includes/Setup.php
patching file includes/SpecialUserlogin.php
patching file includes/templates/Userlogin.php
patching file includes/Title.php
patching file includes/User.php
patching file languages/Language.php

So far, so good. Next, I followed the instructions in the $WIKI_HOME/docs/openid.txt file to enable OpenID authentication. After enabling bcmath and then fixing the directory where PEAR put the OpenID libraries (it stuck them in Auth inside Auth) I got an OpenID login, give it my openid and get redirected and asked if I'd like to trust that site, I say yes and that's where things went south. I got this error: 

Fatal error: Call to a member function on a non-object in 
  /web/htdocs/iiw/mediawiki-1.5.8/i ncludes/User.php on line 700

After much wrangling and help from Jonathan, we decided I should try upgrading my version of PHP. I was running 4.3.3. I upgraded to 4.4.2 and it worked. Happy Happy Joy Joy.

If you'd like to try it, you need an OpenID. The easiest place to get one is MyOpenID. While you're at it register for the workshop.

8:30 PM | Comments () | Recommend This | Print This

Celebrating Extraodinary Acts of Kindness

Some Heros Aren't This Easy to Recognize

Kirton and McConkie and Connect Magazine (where I write a monthly column) are sponsoring the XO Awards for extraordinary acts of kindsness in Utah. Here's what the say:

We're all surrounded by amazing people who do selfless heroic things (neighbors, teachers, grocers, etc.) If you have someone in your life that deserves to be recognized for extraordinary acts of kindness, nominate them for the XO Awards.
Please help us celebrate these extraordinary people. Click here to nominate someone to receive an XO Award. Hurry! Nominations will be accepted from March 15-May 15, 2006.

If you k