« February 2007 | Main | April 2007 »
March 29, 2007
Google's Solar Power Installation
Anthony Ravitz is talking about how Google installed 1.6MW of solar panels at their headquarters. He starts by talking about all of Google's green initiatives.
The solar project, with financial incentives from PG&E, has a payback of 7.5 years. Solar works best at the same times that peak power is needed.
Google's is the largest commercial installation of solar in the US. It uses 9212 Sharp 208 photovoltaic modules. The modules we put on standing metal seam roofs. On sloped roofs, they're mounted flat on the southface, but on the north face, they're kicked up. On flat roofs, they're kicked up to face south. Shading part of the panel dramatically drops power production, not just proportional to the portion shaded. Google built carports to increase the roof capacity so they could put more panels in.
The modules are strung together in a series of fourteen modules and then fed to an inverter. They have outdoor rated cable, so conduit is not required. The inverters look like they're mounted on the roofs outdoors. The installation is relatively straightforward.
11:23 AM | Comments (4) | Recommend This | Print This
Bruce Perens on Software Patents
Last week Scott and I talked to Bruce Perens for the Technometria podcast. Bruce happened to be in Utah (although we did the interview over the phone) because of Brainshare. He wasn't in town to attend, but to protest the recent agreement between Novell and Microsoft.
We had a good discussion of software patents, why he thinks the Novell-Microsoft agreement is bad for open source, and the change to the GPL to combat the deal. You can read a summary and listen to our discussion on IT Conversations.
10:45 AM | Comments () | Recommend This | Print This
Generation C: Matt Webb
I didn't capture this whole talk, but here's what appealed to me most. Matt describes what he calls "Gen C" using a collection of C words: Communities, connected socially and electronically, creative, controlling, complex. He says that as a "paid up member of Gen C, I want to help design my products."
I think that's a key point that product manufacturers are missing. Many people have a desire to tinker with things and will if you give them the opportunity. Just as important: the product shouldn't require that you tinker with it to make it work.
Things like Flickr are a good example of this idea on the Web. For most people, it just works, but if you really want, there's an API that you can use to enhance and customize it. Some people do and the product is better because of their work.
Companies that find a way to bring those hacker-users into the product development process will ultimately be more successful because they enlist a vast army of people who they don't have to pay in solving their customers needs and improving their products.
10:30 AM | Comments (1) | Recommend This | Print This
March 28, 2007
Why to Not Not Start a Startup
With all the ETech stuff I've been immersed in, it's easy to forget there's other stuff happening. This Paul Graham essay dispelling myths about startups is one you don't want to miss. It goes well with Marc Hedlund's tutorial from Monday.
10:30 PM | Comments () | Recommend This | Print This
Hacking Organizations: Chad Dickerson
Chad Dickerson, who I've known since he was the CTO at InfoWorld, and runs the Yahoo! Developer Network, is giving a talk about how to hack an organization. When Chad put together the Yahoo! Hack day, he had to hack everything from the way brand managers thought about brand to talking the groundskeepers into letting people camp on the lawn and turning off the sprinkler system.
1:00 PM | Comments () | Recommend This | Print This
The Core of Fun: Raph Koster
Raph Koster introduces himself as an alien from another planet: a game designer. He's the author of The Theory of Fun. He starts by introducing structure in music and art with some cool audience participation.
There are different dimensions to fun:
- Hard
- Easy
- Visceral
- Social
Hard fun is about solving problems. The problems tend to be mathematical Therefore the grammar of hard games ignore presentation.
He applies the theory of fun to Amazon.com and concludes that it's not structural, not fun. There a lots of sequential steps and don't provide any "fun" or feedback.
The magic ingredients:
- Territory - where you meet the challenge matters. Doing the same thing in different places should make a difference. The topology should affect the available options.
- Preparation - when you buy it, what pages and interactions you saw should matter. Everything you did before should matter. The last interaction you had should matter (think of your opponents last move). Never start an interaction with no context. You must prepare for the encounter.
- How - should involve skill on your part (eBay is more fun than Amazon). The core verb should be repeatable. Tricks and tips should matter. You should feel like you're growing more competent. Competition is an important element and people need to be able to see it.
- What - buying different things should feel different. The same verb must be applicable in many different challenges. A given verb is a hammer. You should present them with lots of nails.
- With - what tools you use should matter. Give users an array of tools to solve the problem. The system should give the user different rewards of different feedback based on how the challenge was met.
- For? - you need feedback. A game that has only one possible outcome is boring. A lot of services drive you toward a given outcome and then they stop. Usually, the best feedback is a grater challenge. Sometimes it's a pleasant surprise. Either way it has to be highly visible.
- Few? - don't always get what you want. Low risk activity for high reward is bad for fun. You need to drive users to challenges at the edge of their ability.
- Phooey - fun comes from learning. Failure is important to learning. Making a wrong choice has to be a set back. Fun won't exist if there's no consequence.
All of this can be quantified. You can give people ratings for how hard it is to accomplish a particular task. What is the challenge rating for buying a particular book at Amazon?
12:38 PM | Comments () | Recommend This | Print This
Is This an Apple Conference?
This is a big hotel. There are several other conferences going on at the same time as ETech. I was in the gift shop during the break. A guy with a badge from one of the other conferences saw me standing in line, MacBook in hand, and asked me "Is that an Apple conference or something? Everyone there is using an Apple!"
12:14 PM | Comments () | Recommend This | Print This
Learning from Muggles
Danah Boyd is talking about learning from muggles. If we consider the technologists to be the wizards, that makes the normal user a muggle. There's a real danger in designing for ourselves.
Danah describes four stages people go through in their lives:
- Identity formation and role-seeking - young people are trying to make sense of the societal roles around them. We are defined, in large part, by the people around us. Friendship and interaction become important.
- Integration and coupling - This period is trying to find meaningful labor and determine how they can contribute. A lot of twenty-somethings are engaged in jobs, not careers.
- Societal contribution - This stage is about family and pursuing the ideals and dreams we have about how life should be.
- Reflection and storytelling - As we get older, we try to make sense of what our life was about.
Danah shows how these needs play out in social sites that cater to these different groups (with the exception of the last stage). MySpace is tailored to the needs of identity formation and role-seeking, whereas LinkedIn doesn't appeal to them at all.
Danah talks about the positive and negative aspects of what happens online--both for society and individuals.
- Persistence - what we do online is around for forever
- Searchability - where we are online is finable
- Replicability - what we do can be put up all over
- Invisible audience - We don't know who we're talking to
She brings up the story of the Star Wars kid who made an innocent video and found his life turned upside down.
There are extensive implications for our privacy. There are new rules and we don't know the consequences. Andy Warhol talked about being famous for 15 minutes, but we're really famous for 15 people.
Technology is shifting the rules. Do we just keep making technology and playing the ostrich or do we pay attention to what's happening? Do we have a responsibility for what happens with our spells, enchantments, and incantations? Rather than thinking about just the business side of what we do, we need to consider the societal aspects as well.
11:11 AM | Comments () | Recommend This | Print This
The Coming Age of Magic: Ubiquitous Computing User Experiences
 Mike Kuniavsky (click to enlarge) |
Mike Kuniavsky, the founder of Adaptive Path, has a company called Thing M, a device design studio that "Lives at the intersections of ubiquitous computing, ambient intelligence, industrial design and materials science." He's giving a talk on The Coming Age of Magic.
The idea is that Moore's Law has pushed the price of computing so low that it is nearly disposable. Computing can be everywhere. People have talked about ubiquitous computing for a long time, but the era of cheap, low-power computing, and wireless communication has arrived.
We no longer need to serve as the knowledge intermediaries for computers, they can be embedded in objects to make the dynamic. What does this do to people's experiences?
People's reaction to ubiquitous computing devices is to consider them more like animals than they do to rocks and other inanimate objects. People know their Roomba isn't an animal, but they treat them that way.
He brings up the MagicCap OS developed by General Magic in the mid 90's and points out that a metaphor can be extended too far. While it's easy to mock something in retrospect, the point remains that taking the desktop metaphor beyond the desktop doesn't work.
To that point, sticking a largely unmodified PC into another device doesn't work. It creates an information management problem on top of the other problems that the device is designed to solve. You can't optimize your house. You can't produce leisure.
The answer is magic. Not in the traditional sense that people understand magic, but specifically in the sense of enchanted objects. This isn't pretending that technology is magic or lying about how technology works. It's an abstraction for describing how enchanted objects work.
What sets enchanted objects apart from their static counterparts is their ability to interact. They should be
- Everyday objects
- Familiar - look and act like you'd expect them to
- Physical - there is a physical use mode
- Screenless - no assumption that there's a text output
- Not human - no expectation that they behave like us
- Not superhuman - ultimately we're in control of the object
There are some devices now that have these properties. He references the Ambient Orb, the Nokia Medallion, the wand-like Nintendo Wii, and so on.
Ubiquitous computing is a by-product of market forces. Metaphor is emergent. Magic as a metaphor for ubiquitous computing is an emerging metaphor. Metaphor is powerful and we need to be conscious of its power or we end up over using it. Good magic should explain, not conceal deceive, or cripple.
10:27 AM | Comments (2) | Recommend This | Print This
March 27, 2007
IT Conversations Meetup
I just got back from the IT Conversations meetup here at ETech. I really enjoyed meeting people, talking about what they like and don't like, and hearing how they use IT Conversations. There were about a dozen people there. Doug Kaye was able to come and I think people enjoyed quizzing him about the beginnings of IT Conversations and giving him feedback on some of the technical aspects of how things work. Thanks to everyone who came!
If you weren't able to be in San Diego for this meetup, we plan on having more in other parts of the country as time and opportunities allow. Watch for more news here or sign up for the IT Conversations group at Eventful and get notified when new events are posted.
11:16 PM | Comments () | Recommend This | Print This
What's IT Conversations?
Yesterday Steve Gillmor gave me the perfect answer for when people ask me what IT Conversations is. It goes like this:
You: What's IT Conversations?
Me: Are you familiar with NPR?
You: Yes...
Me: It's nothing like NPR.
Does that help?
Bonus link: Doc Searls offers up Irrational Public Radio. From their homepage:
Where other news sources leave off, Irrational Public Radio starts, and proceeds almost mercilessly. For the discerning listener, IPR is a stalwart of integrity, a bastion of integrity, and just a huge heaping platter of integrity. We commend you for your taste and your fetching personal scent.
7:31 PM | Comments (1) | Recommend This | Print This
Medieval Tech Support
Kelly Flanagan sent me a link to this video about medieval tech support teaching someone how to use a book. Just read the captions unless you speak Norwegian.
7:27 PM | Comments () | Recommend This | Print This
Advanced Analytics in the Anonymized Data Space: Jeff Jonas
Jeff Jonas gave a great keynote this morning. (Here's a paper from IEEE Security and Privacy that explains some of this.) This afternoon he's adding context. Literally. Contexts allow seemingly unrelated records to become related. The idea is that two records get created in two different data stores, because of some common event, but the common event is unobservable to the organization and the perceptions around that event are not connected.
When the organization queries these data sources to make a decision, the fact that these records are related might not be known. He calls this enterprise amnesia. The answer is a database that creates persistent context that relates these records. The query is done against the persistent context. The context is like the card catalog in a library, serving as an index to records.
Query might be any number of things. If you do not process every new piece of data (perceptions) first like a query, then you will not know if it matters...until someone asks. Jeff treats query as data. When a query is made against the context, and gets no response, it's stored as a database. Later if data shows up that matches the query, you get a match. Treating queries like data makes it so you don't have to ask every question every day.
- Queries find data
- Data finds queries
- Data finds data
- Queries find queries
The latter one gets users with like interests together with one another.
In the grand scheme of things, the context allows you to reconstruct the non-observable. More perceptions lead to reduced ambiguity. The time when you're ingesting data is the best time to make discoveries. Jeff calls this perpetual analytics.
Jeff's analytics engine takes queries and data in through the same pipe. No joins, to triggers, no stored procedures. When you discover something new, you fix all the related records. He tells the story of a con man who had six different identities with no overlap. One day the con man introduced a PO Box to the system that allowed all six identities to be tie together.
Context is "persistent" in the sense that it's not created on the fly with the query on federated data sources. Sequence neutrality is crucial since perceptions may come in different order.
The technology Jeff developed (called NORA) is for sharing context within an organization. What if you want to share data with others. For example, the government doesn't want to share it's data with the cruise line, and the cruise line doesn't want to share customer information with the government. Can you encrypt to the data and analyze it in the encrypted form? Jeff calls this ANNA.
The anonymizer doesn't just hash the data, it first processes it to create rooted forms. For example, Bob, Bobbie, and Rob are all rooted to Robert. This allows the encrypted form to be analyzed and queried for matches. Then the context points back to specific records and you can then have a narrow conversation about specific records rather than grabbing entire data sets.
4:45 PM | Comments () | Recommend This | Print This
ETech 2007 Photos
I've posted some pictures from the Emerging Technology (ETech) conference on my gallery site.
3:41 PM | Comments () | Recommend This | Print This
Hierarchical Temporal Memories
Jeff Hawkins of Numenta (and also founder of Palm and Handspring) talked about brains and computers. He discussed hierarchical temporal memory in detail. There's a platform you can download and play with. I was busy listening and didn't get good notes.
1:21 PM | Comments () | Recommend This | Print This
Creating Alternate Realities: Jane McGonigal
 Jane McGonigal (click to enlarge) |
Jane McGonigal is a "happiness hacker." Or at least that's how I'd summarize what she said. She does this by designing alternate reality games. Alternate realities do away with limitation in an effort to explore possible alternatives to current situations. (Slide to be here by Friday.)
Jane gives a "forecast from the future" of things she thinks will be important for technology and tech companies. Here are the things she mentions
- Quality of life is the primary metric for evaluating everyday technology
- Positive psychology is a principle influence for design
- The public expects tech companies to have a clear vision of a life worth living.
- To succeed, a brand or product must increase real happiness, the new capital.
She recommend some books:
- Stumbling on Happiness
- Science of happiness
- Authentic Happiness
She discusses realms of happiness:
- Pleasure - satisfying experiences
- Engagement - immersive responsive systems
- Meaning - a power role or actor
Various traditional games (which she discusses) play in different ways in these realms. But games are a weak signal of desire. It's all accidental at present. Can a game make improved quality of life a real priority.
She describes some games she's created: reshelving 1984 from fiction to non-fiction in all fifty states, assassinating people with acts of kindness, and tombstone poker.
These games are all supergames. They are large scale in geography and number of people. They're superimposed on reality. They are superheroic--players always play themselves. They are supercomputing, engaging the collective thought of thousands of people. These are all important for putting the game in all three realms of happiness that Jane mentioned before.
12:34 PM | Comments (2) | Recommend This | Print This
AWS and Your Data Center: ETech 2007
Werner Vogels, Amazon's CTO, is talking about their Web services--specifically the outsourced data center products (S3, EC2, and SQS) that I've written about before and that were the subject of an IT Conversations interview I did with Doug Kaye and Jeff Barr.
Werner begins by making a case that (a) scaling is critical to Web businesses and (b) scaling, economically, is really hard. I was just twittering with Phil Burns last night about servers. He just took delivery of four for TagJungle. He's got a lot of work ahead of him setting them up. When TagJungle grows again, Phil has to do it all over again. Werner's making a case that small businesses shouldn't have that headache.
EC2 relies an Amazon Machine Images, virtualized machine images that you can create yourself (based on Xen) or simply download as a virtual appliance (see my earlier discussion of virtual appliances).
Someone (missed the name) from RightScale demoed using AWS for transcoding music on TuneCore. He shows how servers can be deployed and scaled based on demand.
Doug Kaye was invited up next to talk about the GigaVox system (GigaVox Audio Lite) that is the subject of my discussion with him and Jeff Barr. Doug is in the top 1% of AWS users in terms of the complexity and sophistication of his application. Doug says that the best part is that "no one's wearing pagers."
There's a very small upfront investment and the bill grows as you grow. There are no sudden capital spikes.
Werner recommends From Push to Pull- Emerging Models for Mobilizing Resources, a paper by John Hagel and John Seely Brown. I'll have to read it. Here's the abstract:
Not really an abstract: In the past decade, we have seen early signs of a new model for mobilizing resources. Rather than "push", this new approach focuses on "pull" -- creating platforms that help people to mobilize appropriate resources when the need arises. In lean manufacturing, early elements of a pull model began to emerge from Toyota in the early 1950's. As we will discuss below, however, lean manufacturing represents a hybrid between push and pull models -- it still contains significant elements of push models.
11:20 AM | Comments (4) | Recommend This | Print This
Kathy Sierra
Update: Read about Kathy Sierra, Chris Locke, and Due Process.
Kathy Sierra, who's blog I've come to enjoy very much, canceled her tutorial yesterday and session this morning because of death threats (warning--this link goes to graphic material) she's received on her blog and on other blogs. This saddens me deeply and makes me angry. I'm sad and angry that someone--anyone--has to endure this kind of fear in their life. What's more, I'm sad that these actions have silenced someone who has so much to offer to the world. It's unacceptable. It's hateful. It's simply wrong.
10:26 AM | Comments (12) | Recommend This | Print This
March 26, 2007
Secrets of Mental Math: Arthur Benjamin
The closing keynote for Monday night, usually something fun and light, did not disappoint. The speaker was Arthur Benjamin, author of the book Secrets of Mental Math. He's a "mathemagician" doing mental math at lightening speed. He did magic squares, 4 digit number multiplication, day of the week calculations, and other things. It was very fun and entertaining.
10:17 PM | Comments (1) | Recommend This | Print This
IT Conversations Meetup Tuesday
Don't forget that we're having an IT Conversations Meetup tomorrow night at 7:30pm. The session in the Gregory A room of the Manchester Grand Hyatt. Doug Kaye's in town and will be joining us. Come and give us feedback, ask questions, and talk about anything at all. I hope you can make it.
9:44 PM | Comments () | Recommend This | Print This
O'Reilly Radar: ETech 2007
Technology, hackers, Gibson, alpha-something-or-other, future, etc., etc., etc. You've heard the O'Reilly schtick before. Tim knows you've heard it before, so he skipped it and give as a new quote from Dale Doherty:
"You guys aren't pulling your weight around here. You're not having enough fun!"
Make Magazine is fun. People are doing what they do for the sheer joy of it. Snowboarding wasn't started as a business, rather for fun. Linus Torvald didn't start Linux for a business--he started it for fun.
Finally, the Gibson quote. Tim talks about his future son-in-law putting a design for a new kite surfing kite online on Monday and testing it on Friday--and it was built in China.
The power supply for the one-laptop-per-child project is a pull-string charger. Colin Bullhaup of Potenco says "We used to get mockups. Now we get new working prototypes on a weekly basis." Hardware design is starting to iterate like we do with software.
Chumby is open source hardware: a Web 2.0 clock radio "you can hack with a seam ripper." The business model is widget subscription. Get the hardware cost as low as possible.
Threadless.com is a custom order t-shirt shop with a twist. Users submit and vote on designs. Only when a design gets enough votes do they get manufactured. They've had 75,000 t0shirt designs submitted and made 800 of them that have all sold out. T-shirts today, motorcycles tomorrow.
In the future, we'll specify products in small lots, buy them just as they're made and recycle them immediately. (Refer to Bruce Sterling's talk from last year).
Since last year's focus on attention, a number of sites have become more promiscuous with data. Twitter is the latest. There's an etech Twitter. Facebook has a mini-feed.
I missed a whole big thing about prediction marketing and it's relation to the stock market. We may learn things from the stock market.
Tim brings up Peter Rips' Web 2.0 - Over and Out post. Tim says that Web 2.0 is really about systems that harness network effects to get better the more people use them. Web 2.0 is about the build-out of the Web. Where is the Web 2.0 address book? Not hear yet.
Amazon and Google don't so much get better result because of their superior algorithms as they do because they have better and more data.
9:20 PM | Comments () | Recommend This | Print This
Applied Web Heresies: ETech 2007
I really wanted to go to Putting the Fun in Functional: Applying Game Mechanics to Social Software by Amy Jo Kim, but my inner geek won out and I went to Applied Web Heresies with Avi Bryant (slides). I hope someone else took good notes.
The basis for the talk is Seaside, a web framework for Smalltalk that Avi wrote several years ago. The problem with Seaside is you're not going to use it! There are a lot of interesting ideas in Seaside that people should know, so this tutorial is way of spreading the ideas outside of Smalltalk.
Avi suggests using Seaside as a recipe. He tells the story of Primo Levy and onions in the varnish. There are a lot of "best practices" of Web development that were good decisions at the time but which are no longer needed.
Here's the basic requirement list:
- OOP
- Servlet-style app server
- Blocks and closures
"First thing we do, let's kill all the templates." Templates were a good idea that have become useless and harmful. They're constraining or they're a bad programming language. The is a belief that templates are useful for model/view separation. But HTML is now a semantic layer and CSS is the real view layer (see Zen Garden). This is an interesting point of view and one I have a hard time arguing with.
So, you need a rich library for generating HTML (see AWT for inspiration). Each widget has a render method that gets a canvas passed to it.
The first thing we did was write a small framework to get things going. Different groups were working in different languages. I used Ruby (even though I don't really know Ruby). Here's mine:
require 'webrick'
require 'stringio'
server = WEBrick::HTTPServer.new(:Port => 2000)
server.mount_proc("/heresy"){|req, res| Application.new.handle(req, res)}
server.mount_proc("/favicon.ico"){|req,res| res.status = 404}
class Application
def handle(req, res)
canvas = Canvas.new(res)
render_on(canvas)
end
def render_on(html)
html.heading("Hello World")
end
end
class Canvas
def initialize(res)
@res = res
res['Content-Type'] = 'text/html'
end
def heading(str, level=1)
@res.body = "<h1>"+ str + "</h1>"
end
end
trap("INT"){ server.shutdown }
server.start
We're omitting tag objects here and just spitting out HTML, but a real API should do that.
The next heresy that Avi proposes is that sessions are two valuable to persist. In general, you can never marshall and unmarshall the stuff in memory reliably. All the good stuff's in memcached anyway. Keep the session in the memory of the application server
What about load balancing? Use sticky sessions. YAGNI Application servers going down is unusual. Users losing session data is a minor annoyance. Live with it.
NeXT's WebObjects is the inspiration for much of what Avi's done.
Next we move from our HelloWorld application to something that has stateful sessions. We're going to build a registry of sessions and push the canvas down a level so that the sessions hold the canvas. My Ruby coding skills were not up to keeping up, so I cheated and grabbed Avi's code (which includes a much more usable Canvas object):
require 'webrick'
require 'stringio'
server = WEBrick::HTTPServer.new(:Port => 2000)
server.mount_proc("/heresy"){|req, res| Application.new.handle(req, res)}
server.mount_proc("/favicon.ico"){|req,res| res.status = 404}
class Registry
def initialize
@items = []
end
def register(item)
@items << item
(@items.size - 1).to_s
end
def find(key)
@items[key.to_i]
end
end
class Application
@@sessions = Registry.new
def handle(req, res)
session_cookie = req.cookies.detect{|c| c.name == "heresy"}
if(session_cookie)
session = @@sessions.find(session_cookie.value)
end
unless session
session = Session.new
res.cookies << WEBrick::Cookie.new("heresy", @@sessions.register(session))
end
session.handle(req, res)
end
end
class Canvas
def initialize
@io = StringIO.new
end
def tag(name, attrs={}, &proc)
@io << "<"
@io << name
attrs.each{|k,v| @io << " #{k}='#{v}'"}
@io << ">"
proc.call
@io << "</#{name}>"
end
def text(str)
@io << str
end
def heading(txt, level=1)
tag("h#{level}"){text(txt)}
end
def string
@io.string
end
end
class Session
def initialize
@count = 0
end
def handle(req, res)
@count += 1
html = Canvas.new
render_on(html)
res.body = html.string
res["Content-Type"] = "text/html"
end
def render_on(html)
html.heading("Hello World: #{@count}")
end
end
trap("INT"){ server.shutdown }
server.start
What's left to do on session? Lots, including:
- Unguessable session keys
- Session keys as query params
- Session locks
- Expiration from registry
The next piece of heresy: meaningful URLs don't carry enough meaning. People put a lot of energy trying to create names that describe the particular point in an application. Not every page in an application is a meaningful part of an API. URLs, particularly query parameters are classic place where people repeat themselves. Don't repeat yourself. Lots of meaningless names create namespace collisions.
Avi proposes using a registry to store IDs against page names. The inspiration for this is TCL/TK: Register closures/blocks as callback objects. Here's the code that implements this refinement (I did it almost all by myself--I had to peak to see how WeBrick handled requests):
require 'webrick'
require 'stringio'
server = WEBrick::HTTPServer.new(:Port => 2000)
server.mount_proc("/heresy"){|req, res| Application.new.handle(req, res)}
server.mount_proc("/favicon.ico"){|req,res| res.status = 404}
class Registry
def initialize
@items = []
end
def register(item)
@items << item
(@items.size - 1).to_s
end
def find(key)
@items[key.to_i]
end
end
class Application
@@sessions = Registry.new
def handle(req, res)
session_cookie = req.cookies.detect{|c| c.name == "heresy"}
if(session_cookie)
session = @@sessions.find(session_cookie.value)
end
unless session
session = Session.new
res.cookies << WEBrick::Cookie.new("heresy", @@sessions.register(session))
end
session.handle(req, res)
end
end
class Canvas
def initialize(cbs)
@io = StringIO.new
@callbacks = cbs
end
def tag(name, attrs={}, &proc)
@io << "<"
@io << name
attrs.each{|k,v| @io << " #{k}='#{v}'"}
@io << ">"
proc.call
@io << "</#{name}>"
end
def text(str)
@io << str
end
def link(name, &proc)
id = @callbacks.register(proc)
tag("a",{ :href=>"?#{id}"}){text(name)}
end
def space
@io << " "
end
def heading(txt, level=1)
tag("h#{level}"){text(txt)}
end
def string
@io.string
end
end
class Counter
def initialize
@count = 0
end
def render_on(html)
html.heading("Hello World: #{@count}")
html.tag("p"){html.text("this is fun!!!")}
html.link("--"){@count -= 1}
html.space
html.link("++"){@count += 1}
end
end
class Session
def initialize
@callbacks = Registry.new
@root = Counter.new
end
def handle(req, res)
req.query.each do |k,v|
if callback = @callbacks.find(k)
callback.call(v)
end
end
html = Canvas.new(@callbacks)
@root.render_on(html)
res.body = html.string
res["Content-Type"] = "text/html"
end
end
trap("INT"){ server.shutdown }
server.start
As we finished this segment, I said "I get what we're doing, but why are we doing it?" In other words, why go to all this trouble to create a registry of callback methods and URLs that point to it uniquely? The answer is in the next little exercise. Here's the code I produced:
require 'webrick'
require 'stringio'
server = WEBrick::HTTPServer.new(:Port => 2000)
server.mount_proc("/heresy"){|req, res| Application.new.handle(req, res)}
server.mount_proc("/favicon.ico"){|req,res| res.status = 404}
class Registry
def initialize
@items = []
end
def register(item)
@items << item
(@items.size - 1).to_s
end
def find(key)
@items[key.to_i]
end
end
class Application
@@sessions = Registry.new
def handle(req, res)
session_cookie = req.cookies.detect{|c| c.name == "heresy"}
if(session_cookie)
session = @@sessions.find(session_cookie.value)
end
unless session
session = Session.new
res.cookies << WEBrick::Cookie.new("heresy", @@sessions.register(session))
end
session.handle(req, res)
end
end
class Canvas
def initialize(cbs)
@io = StringIO.new
@callbacks = cbs
end
def tag(name, attrs={}, &proc)
@io << "<"
@io << name
attrs.each{|k,v| @io << " #{k}='#{v}'"}
@io << ">"
proc.call
@io << "</#{name}>"
end
def text(str)
@io << str
end
def link(name, &proc)
id = @callbacks.register(proc)
tag("a",{ :href=>"?#{id}"}){text(name)}
end
def space
@io << " "
end
def heading(txt, level=1)
tag("h#{level}"){text(txt)}
end
def string
@io.string
end
end
class MultiCounter
def initialize
@counters = [Counter.new, Counter.new, Counter.new]
end
def render_on(html)
@counters.each{|ea| ea.render_on(html)}
end
end
class Counter
def initialize
@count = 0
end
def render_on(html)
html.heading("Hello World: #{@count}")
html.tag("p"){html.text("this is fun!!!")}
html.link("--"){@count -= 1}
html.space
html.link("++"){@count += 1}
end
end
class Session
def initialize
@callbacks = Registry.new
@root = MultiCounter.new
end
def handle(req, res)
req.query.each do |k,v|
if callback = @callbacks.find(k)
callback.call(v)
end
end
html = Canvas.new(@callbacks)
@root.render_on(html)
res.body = html.string
res["Content-Type"] = "text/html"
end
end
trap("INT"){ server.shutdown }
server.start
The only changes here are the addition of a MultiCounter class that creates a three item array of counter objects and a render_on object that calls render_on on each member of the array. Then, instead of putting a Counter object at the root, I put a MultiCount object. And you get three of the Counter widgets on the same page. This shows how easy it is to use the objects as Web widgets. Avi says you can't do this with named URLs.
Avi remarks that pages are a lousy unit of reuse and partials ain't much better. "But every piece of my application is a beautiful and unique snowflake." Again, with the CSS.
What aren't we doing?
- Splitting callback registries up by page view
- Tracking the back-button
- Redirecting after side-effects
- Forms!
Overall this is a very interesting set of thoughts about Web development. Clearly he's espousing a lot of new ideas, which generated a lot of "How do you ...?" questions. Very good stuff. This tutorial made me think, which is the best kind.
2:56 PM | Comments (9) | Recommend This | Print This
Coder to Co-Founder: Etech Tutorial
I'm sitting in Marc Hedlund's tutorial, Coder to Co-Founder: Entrepreneuring for Geeks. Looking him up on the Web, I found, what else, a post he'd done about twitter about how Twitter is wall for the Web (and some other things).
Something from Nothing: Marc makes the point that being employee number one for a company is easier than being the founder because being employee number one implies something's already there--a name, an idea, money, and so on. You should work on the idea that won't leave you alone.
It's Good to Be King: It's fantastic to have an idea, get people to work on it, and see if it works. It's enormously satisfying to do that. Everyday there is a new problem, something you haven't done before, something new to learn. As founder, you get to do everything and that's fun.
One of the most important skills is to be able to listen to others tell you what's wrong with your idea, solicit feedback, and learn. If you're more excited than you're afraid then it's time to start. It's rational to be afraid, but you get over that with your excitement for an idea.
Better ideas: Your ideas will get better as you understand business better. Engineers like to think all ideas are about engineering, but there are more things you need to know. He suggests following a sales guy around. Sit in on a sales call and listen to customers. I think that's excellent advice--but don't limit it to sales. I remember being tutored in business finance by a very patient and smart guy, Chris Heim, when I was a new CTO. That was very helpful to me.
Losing sucks: Having start-ups on your resume is tough because people see it and think you'll leave the next time you have an idea. Closing down a business is hard, but you learn a lot. Have some cash in the bank--you won't want to go right out and get a job once you close your company down. Having money in the bank is flexibility.
Good reasons: One good reason to start a company is you get to create a company you'd like to work at. Boy is that true! There is nothing better than being about to make decisions that make a company a good place to be.
Bad reasons: Don't start a business to be rich or famous. There are better, easier ways. Don't start your business because you want total control. This doesn't work. The very ideas of a "company" is that you get other people to help you and you have to delegate authority to them.
The idea: The idea will change over time. What matter is identifying the demand. Talking to people will help identify the demand and help you refine the idea. Early on, find out what matters to people, rather than designing the Web site.
Build what you know: Mark recently started wesabe, an online money management tool. He knew about the idea because he knew plenty of people, including himself, who needed help managing money--and knew what didn't work.
Give people what they need: Note that this is different than what they say they need. Don't listen as much to needs as to problems. Mark interviewed about 1500 people about managing money as he got going on Wesabe.
Keeping secrets from the market: If you keep your secrets from the market, it will keep it's secrets from you. Be inclined to be open about your idea. This doesn't inoculate you from people stealing your ideas, but the benefits outweigh the downside. You certainly need to have secrets, but don't keep secrets in areas you need feedback from people.
Prudence becomes procrastination: You can be too careful.
Momentum builds on itself: Building UI prototypes, demos, and so on will help people connect to your idea and become enthusiastic about it. Put your idea on paper, build a pitch deck, write a one-page summary, code a prototype, etc.
Partners: it's enormously helpful to have a partner. Co-founders and others can give you a big push. When you're all on your own either you do something or nothing happens. When there's more than one, you can feed off each other. You have a commitment to someone else.
Timing: In down times, money is scarce. In good times, employees are scarce. Any time is a good time to start a great company. It's more important to have a great idea than to have great timing. Take advantage of whatever the landscape is when you start.
Competition: Entrepreneurs are unduly scared off by competition. All that matters is if you are better than the others.
What to worry about: Is there a need? Are you building for yourself?
Don't worry: about not having help, advice, etc. Don't worry about raising money.
Explain yourself: tell your idea to the taxi driver and other people you run into. Perfect your elevator pitch and you'll perfect your idea. He tells the story of the founder of del.icio.us who found out from talking to people that most people don't call bookmarks "bookmarks" but "favorites" because of IE's influence.
Critique a friend: Get someone who knows your idea try to pitch someone else. You'll learn a lot about your idea.
People: talk to people--not just your friends. You don't have to be comprehensive. Get out of your normal group of people. Don't get so much advice that you talk yourself out of your idea.
Co-founders: Being the co-founder in a business is a way to ruin a friendship. You'd think just the opposite. I have seen this several times--it's easy to get into disagreements you can't work out and become bitter.
Three is fine, two divine: This is the same rule as for airplane partnerships. :-) One co-founder is ideal, two is OK, more than that is unworkable.
Employees: The first few hires set the tone for the whole company. Boy is that true. Don't give people full time job offers until you're sure. Hire them as contractors and then give them a full time offer if it works out. This is some very good advice.
Joiners: Lots of people will know about you and not be willing to make the leap early on. Find a way to keep them interested. It's not a bad thing that as you get more successful, people want to get involved.
Veterans: Startup veterans are a great source of help since they love the culture.
People you like: Hire people you like. Work with people you like. Find smart, talented people and hang out with them.
Share a passion: Find people who believe. If you've got to convince them, they don't have the vision of what you're doing. Find people who are as passionate as you are.
Funding: Two paths: bootstrapping or investments. Bootstrapping is when you don't give up equity and build the company on your own. This is usually a pre-requisite for getting investments, especially for first timers without a track record. How do you do it?
- Moonlighting - recommended if you're single
- Consulting - How many slots do you need to support yourself? Fill them all and then as you get customers for your product, fill slots with your own product work. Tough because clients have to take priority.
- Loans and grants - Banks are risk averse, but some companies do start this way. Find a grant that you can do and work on it and your idea.
- Customers
- Yourself and family
Bootstrapping has the advantage of letting the company grow at it's own rate. Bootstrapping is the way to go if you aren't after the model that investing requires: liquidity event in 4-5 years. Bootstrapping is hard. You're worried about money all the time. Funded competitors may be able to move more quickly. Still, do it unless you absolutely can't.
Investments: Types: angel ($25-500K), venture capital ($100k-5m), funding round (selling private shares).
Angels are the least onerous. They can often be big supporters. On the other hand, they're getting more sophisticated and requiring more terms up front.
VC's want control and that can be tough. You could be fired from your own company.
For a funding round, you have to agree on an evaluation, pre-money and post-money, and a share price. Marc points to this article from feld.com for more information on how the math works.
There is a very simple trick to getting VC money: don't need the money. If you don't need them, it drives them crazy and they will call you and ask for meetings. If you're needy, it implies that you're desperate.
Metrics: 10 face-to-face pitches yields 1 term sheet. One term sheet yields on round of financing. From pitch to term sheet on average is two months. Signing the term sheet to "going to contract" (and getting money) is one month. The total time is 4- 12 months.
What you need: 10-15 slide Powerpoint presentation (pitch deck), executive summary (2-3 pages), and an introduction to a VC.
The best pitches are plainspoken and entertaining. Never let on that you're keeping a secret.
Marc shifts into strategy:
Identifying demand: Marc's company competes with Quicken (and lots of other online apps), so what problem exists that Quicken doesn't meet? Marc noticed that Quicken wasn't a high priority product from their public filings. This led him to believe that there might be unmet demand.
Room to grow: What has changed that allows your start up to take a position that didn't exist before? For Marc, what changed was OFX, a standard for getting data from banks, started to get a real uptake in adoption by banks.
Market shift: Another place for start ups is a place where the market has changed. Virtual workers and the Internet are two examples that Marc relates.
Solve a problem: Some successful companies can simple mitigate a problem, but most need to solve it.
Fly along the bottom: be the cheapest solution in your segment. Being the middle solution puts you in a position where you're getting feature pressure from the top and price pressure from below. Not a comfortable position. Be on the top or the bottom, but not in between. For Web start-ups, the bottom's a great place to be.
Paying equity: The good thing about paying with equity is that you don't have to raise money. The bad part is that people who work for equity have to get money from somewhere, so they get distracted. Equity is the most expensive thing you will ever pay with, but it might be all you have.
Launch an idea: The moment something's working, get it out and let people bang on it. This is a great way to get feedback. Marc didn't do this with Wesabe, because he wanted to get certain features (community oriented) working to differentiate Wesabe from other "Quicken on the Web" products. You can only make a first impression once.
Publicity: Don't buy Google Ad words, fly people around, etc. Get a good PR person--they can get people writing about you and that's a huge payoff.
Support pipeline: Marc answers 80% of the customer support emails that come into Wesabe. For a startup, customers who write to support are the ones who care about you and will give you good feedback. Customers who write for support are the ones who are already committed. Pay attention to them.
Viral: How do your current customers lead to new customers? How can your product sell itself?
Kibo: get a name that isn't already a popular word on Google. You'll be able to easily find what people are saying about you and respond, reinforce ideas, etc. He mentions that if you mention Wesabe on your blog, Marc or his partner will see it (Hi Marc!)
Transparency: Wesabe's CEO's cell phone number is on the homepage. Talk about what works, what doesn't, what you're doing and so on. People like authentic stories. When you're honest about things that go wrong as well as when they go right, people will respond.
Case studies: Marc is finishing up with some case studies of two businesses he's worked on. The first was an idea for helping people get better customer service with tools, collective bargaining, etc. He works through the good and bad points of the idea. He ultimately decided not to pursue this idea because of the negatives.
The second case study is his current gig: Wesabe. Money is the #1 stress in most people lives and the idea fits well with the Web. The biggest resistance to the idea is that people are private about their financial information. Banks are complicated and it's easy to turn into a company doesn't really solve the problems. Ultimately, Marc decided to pursue this idea.
Learning more Here are some resources that Marc recommends:
- The Art of the Start Marc says that he doesn't agree with everything Guy says in the book and it's very VC centric. Still good information.
- Founders at Work - Good balanced view of founding stories.
- Getting Real - There's dogma here, so be careful. The discussions this starts are more useful, perhaps, than the actual content.
- The Ten-Day MBA - You don't need an MBA to start a business, but you need some information. This is very true. I went to a three week executive course at Univ. of Michigan in 2001 and it was very useful.
- The Product Marketing Handbook for Software - more for desktop software than the Web, but useful anyway.
- What the Numbers Say - understand the math you need for business (and other things)
9:43 AM | Comments (5) | Recommend This | Print This
InfoWorld Ends Print Publication
As was rumored last week, InfoWorld announced today that it would end the print side of its business. Its sad for those involved and apparently, many didn't know until it came out in rumors.
On one hand I'm surprised, as you always are, an on another I'm not. Let me note that I'm a contributing editor at InfoWorld, which means that I write for them, but I have no inside knowledge Heaven knows I wasn't consulted on this. Even so, it doesn't take a rocket scientist to see a business where more and more of the revenue comes from the online side shut down the expensive business of manipulating and shipping atoms around.
Nevertheless, this will change the InfoWorld audience and limit some opportunities to reach out to different groups. When I was Utah's CIO, InfoWorld just showed up and was on my desk. Occasionally I'd pick it up and read it. It quickly became one I sought out to read because of the focus of the articles on issues I cared about and the quality of the writing. That kind of interaction is different in the online world. You have to convert search-engine drive-bys into readers.
Steve Fox, InfoWorld's Editor-in-Chief has said that very few layoffs will occur since most people will simply work on the online version or the events side of the business (a big focus lately). I suspect those let go will be people who's expertise is in Quark and other "print-only" skills.
While I'm sad about the demise of a print publication I'd come to love. I am interested to see how this experiment works out. C|net, has shown that online only can be a good model. I've worked closely with many of these folks over the last 4 years and come to respect them very much. They're smart and committed. I'm sure they'll do well in the new venture. I wish all my InfoWorld friends good luck!
Bonus links: See Tim O'Reilly's post about the problems at the San Francisco Chronicle and Dave Winer's followup. Newspapers are going to have a much tougher time with this kind of transition than companies like InfoWorld who have been moving more and more of their revenue stream online for years.
9:02 AM | Comments (1) | Recommend This | Print This
March 23, 2007
Novell Demos InfoCard Selector for OS X and Linux
I just put a story up at Between the Lines about the InfoCard selector that Novell demo'd today at Brainshare. Very cool stuff.
3:36 PM | Comments () | Recommend This | Print This
Utah Stories
Richard Markosian is the creator of a Web site called UtahStories.com. I love the idea and I love the execution. The site hosts a collection of short video documentaries about current events, people, and history in Utah.
There's a menu item called "Tell Your Story" that is "temporarily unavailable" so I'm not sure what the model is for user submitted stories. I'd love to see a way for podcasts and video to co-exist on the site.
3:13 PM | Comments (1) | Recommend This | Print This
Authorization Models and Delegation
I promised yesterday that I'd talk a little more about our discussion on delegation. I've since had a profitable discussion with Devlin and Bryant as well.
The problem with delegation is that it requires something that has eluded organizations since computer security first became an issue: how do you build good authorization models? Most applications are built without much prior thought to the authorization model and then it gets slapped on afterwards. For organizations, it's even worse. The business has fuzzy ideas about authorizations and they change them all the time. "Oh, we're spending too much money on catering; from now on VP's have to sign off on all catering requests, in triplicate."
To see why an authorization model is needed for delegation, consider this scenario. I work at BYU and BYU has, in the name of efficiency, stopped giving out paper paystubs. It's all online. Also supposed my wife handles the family budget and needs access to the paystub. I always forget to print them out (and besides having everyone print them on expensive laser printers instead of distributing the paper in the first place is lame). I want to authorize my wife to have access to the paystub. I can't. There's no way to delegate my authority to see my paystub.
Consequently, I break BYU policy and give my wife my NetID and password so she can impersonate me and see the paystub (at least in this scenario). Of course, because she's impersonating me, she has all my rights and can also change student grades, update the 401K, and send a nasty note from me to the University president. Now, she wouldn't do any of those things, but BYU doesn't care that she wouldn't, they care that she might. And so, there's strict policy against sharing NetIDs and passwords, like there is in most organizations.
BYU has set up a situation where their practice (electronic paystubs without a delegation system) sets up situations where people routinely ignore their policy (don't share NetIDs). Of course, BYU isn't alone in this folly. Every organization on the planet has these problems and the increased mechanization of formerly people-based processes is only going to exacerbate them.
Solving this problem for this one instance of delegation isn't all that hard: add a way for me to select any other NetID to also see my paystub. Since almost anyone can get a NetID of their own at BYU (universities are at an advantage here), my wife could get her own NetID and I could select her to see my paystub and the problem is solved.
Solving the problem more globally is much more difficult, nigh unto impossible. After all, I want to delegate all kinds of things: my son to use my bookstore discount, my TA to keep grades, my colleague to update my course calendar when he substitutes for me, my assistant to update my appointment calendar, etc. The list is endless.
You could imagine a bunch of smart people sitting down and coming up with lists of roles, lists of resources, lists of actions on resources, lists of permitted delegations, and then building a big edge-colored, acyclic graph that represents all of this that the various systems on campus could query to get "the answer." Of maybe you couldn't imagine that. I can't. I especially can't imagine them meeting day after day to update the graph as things change as they inevitably do in a community of 50,000 individuals.
This is the same problem that the Semantic Web faces: endless debates about ontologies. Dave Weinberger, working on his Everything is Miscellaneous book, would probably agree that such a task is hopeless. We're likely to end up right back where we are now: building one off delegation solutions
Devlin, Bryant, and I were wondering if there are ways to use folksonomies to solve this problem. Is there an analog for authorization that would work in many cases and allow common usage to define the cowpaths? You'd still need to identify resources and actions that need explicit authorization to meet legal and risk requirements, but is that most things or a small subset? I'm not sure.
10:53 AM | Comments (4) | Recommend This | Print This
March 22, 2007
IEEE's Glenn Zorpette Hits Trifecta at ABM Awards
One of the regular hosts on IEEE Spectrum Radio on IT Conversations is Glenn Zorpette. He just won three awards from the American Broadcast Media for this article on Re-engineering Iraq. He also produced some audio from the piece which we featured on IT Conversations.
I enjoyed both the article and the show on IT Conversations. It's been one of the most popular shows in that series. If you missed it, go back and listen. I think you'll enjoy it enough to want to go read the article.
7:32 PM | Comments () | Recommend This | Print This
CTO Breakfast Links for March 2007
Mentioned at this morning's CTO Breakfast:
- I brought up Twitter. Until last week I'd never heard of it, now it seems I hear about it several times a day. I signed up to play with it. My first reaction is that the Web site is sloooooooooooow. Kathy Sierra wonders if Twitter is too good. The basic question is whether the level of interruption justifies the potential good. I think I'm siding with Kathy on this one.
- Barry Bryson brought is TomTom, a Bluetooth enabled GPS device that ties to the Treo (and other things) and gives you portable navigation support. Looks pretty cool. We all gawked at it and did the geek toy thing.
- Phil Burns mentioned Jott, a simple service that transcribes message you leave on it with your phone to text and emails them to you. I signed up and left a few messages--they came though perfectly. If I could just convince my Mac that they're not Spam now...
- Phil also brought up the Utah Blogger's Conference that will happen June 28 and 29th. Robert Scoble will be there. I'll be talking about podcasting. It should be fun.
- Joey Dempster told me about Open Source Web Design a source for good, free templates and css. I plan to spend some time checking it out.
We had a pretty long discussion about delegation. I'll write about that in another post.
7:08 PM | Comments () | Recommend This | Print This
March 21, 2007
Blistering Blister Packs
Dave Weinberger has a humorous look at the dangers or blister packs, which he refers to as "physical DRM." He includes a list of things that are easier to open, including "an unripe, fused pistachio shell." Wired had a piece on Tales from Packaging Hell a while back which is not nearly as entertaining.
10:31 AM | Comments (1) | Recommend This | Print This
John Backus Dies
John Backus, the inventor of FORTRAN, BNF, and winner of the 1977 Turing Award (read his lecture) has passed away at 82. I tell my CS330 students about Backus and the development of FORTRAN every semester when we discuss BNF (he's the "B" in BNF). As I said when Ralph Griswold died a few months ago, Computer Science has always been a discipline where the founders were still around. That's changing.
10:13 AM | Comments (1) | Recommend This | Print This
March 20, 2007
On Impersonation and Delegation
 An Elvis Impersonator (click to enlarge) |
A couple of my students, Devlin Daley and Bryant Cutler, are doing some work on delegation in OpenID. Kim Cameron has been posting about delegation and that led to some interesting discussions in the lab.
First we distinguished between impersonation and delegation. The former is an authentication issue, the second is an authorization issue. Kim's point, and I think fairly made, is that you don't ever want some one other than the entity to whom the identity belongs to authenticate as that identity.
Rather, you want the entity (be it a service or human) to authenticate as itself and then use authorizations that have been delegated to it. As Kim says, this is the best way to reduce exposure and liability.
Now, back to OpenID. OpenID is nothing but authentication, so any OpenID "delegation" will necessarily be an impersonation. There's no way around it. You can't delegate authority because there's no universal authority model in OpenID. If Flickr accepts OpenID, they'll build their own authority model on top of it.
This, of course, assumes that you're doing delegation at the IdP. The relying party could build it's own delegation service inside of the Web app and it would work just fine. This will be spotty and as different as there are ways of authentication at systems now. Maybe that's the way it has to be.
So, what of OpenID impersonation? Is it "bad" in the general sense that Kim talks about? Yes. But in a relativistic sense, I think it has some advantages that might be worth the dangers. Assume a few things with me: OpenID becomes wildly popular and it's used at lots of Web sites.
You want to give your administrative assistant the ability to make changes to your calendar. The calendar site you use has no delegation mechanism. In the absence of an OpenID delegation (impersonation) scheme, you've got one choice: give your assistant the password to your OpenID (and every site you've used it at) or do your own scheduling.
An OpenID delegation (impersonation) scheme can at least provide you with a method that allows (a) the rights to be restricted to a given URL, (b) the rights to be revoked at will, and (c) an audit trail to be kept at the IdP of when those rights were used.
The biggest hurdle, in my mind, is that there is an ethical problem in allowing anyone, even with good motives, to pose as you. The relying party has the right to know who's acting for who. In many cases they might not care, but in some cases, the replying party is being put at risk through impersonation.
Say for example that you're purchased an account with T-Mobile for Wi-Fi hotspots or a single user account on a Web site. With impersonation, you can spread the use of that license to multiple parties without the replying party ever being the wiser. Sure, people do that with accounts right now, but building it into a system and making it easier to do, with less risk to the user, is problematic.
Should the research be done? Should a paper be published with the ideas? Yes. That's just information and is likely to be useful to others in solving similar problems--perhaps in a way that allows true delegation. But actually building them into an IdP is something that should be carefully thought through. If nothing else, being an IdP that allows delegation might hurt your IdP reputation.
8:48 PM | Comments () | Recommend This | Print This
Howard Moskowitz on Technometria Podcast
This week's Technometria Podcast is with Howard Moskowitz, an expert in the field of psychophysics, and author of the upcoming book Selling Blue Elephants. My introduction to Howard from watching this talk by Malcolm Gladwell at TED. That's Gladwell, you'll enjoy listening to Howard even more. He's just a very smart, nice man with a great vision and a great ability to tell stories. Give it a listen. I think you'll enjoy it very much. I know I did.
3:49 PM | Comments () | Recommend This | Print This
Chuck Knutson's Blog
One of my colleagues at BYU, Chuck Knutson, has started a blog and is posting some good stuff there. Chuck's a thoughtful guy, so I look forward to following what he writes. A mixture of management insight (Chuck has industry experience), computer science, academics, and general ramblings make up the topics, as far as I can see.
2:42 PM | Comments () | Recommend This | Print This
Bugatti Veyron At Speed
Niels Makel sent me a link to this video of a Bugatti Veyron at top speed--407 km/h. This is the same car discussed in this IEEE Spectrum show on IT Conversations. Without taking away anything from Spectrum Radio, this video shows that some things are better experienced with video, not just audio. I was sitting on the edge of my seat. It's truly amazing.
11:38 AM | Comments (2) | Recommend This | Print This
March 19, 2007
CTO Breakfast for March 2007
We'll hold the March CTO Breakfast this Thursday at 8am in the Novell Cafeteria (see directions here) in Building G of the Provo Novell Campus.
At least one person has contacted me and asked if we could discuss what I can best describe as "open source gravitus" in Utah. Does Utah have enough open source happening to create some interesting synergies? This group apparently thinks so.
Some of us were at the Mountain West Ruby conference last week and I'm sure that will come up. As always, I'm intrigued by identity. What's eating you? Come talk about it.
Here are the dates for future breakfasts. Put them on your calendar now:
- April 20 (Friday) (changed!)
- May 24 (Thursday)
- Jun 29 (Friday)
I'll see you Thursday. Note that due to Brainshare, we'll be meeting in the cafeteria itself, not the conference room on the east end. Just look for us--you'll find us.
9:36 PM | Comments () | Recommend This | Print This
Digital Identity Management Workshop 2007
The announcement for the Digital Identity Management workshop for 2007 has been posted. The Call-for-Papers closes June 15, 2007. The workshop itself is being held on Nov 2, 2007 in conjunction with the 14th Annual Conference on Computer and Communications Security. I'm serving again on the program committee.
4:04 PM | Comments (2) | Recommend This | Print This
Managing Experience: A New Series
Today we launched a new series on IT Conversations, Managing Experience, a set of presentations from the Adaptive Path Managing Experience conference, held in San Francisco, CA on Feb 12 and 13, 2007:
Design has emerged as a strategic force in business. Managers building the next generation of digital products are confronted with an increasingly demanding set of challenges. MX San Francisco brings together thought-leaders in design & business to address these challenges.From adaptive path » mx san francisco, ca »
Referenced Mon Mar 19 2007 13:15:22 GMT-0600 (MDT)
The primary target is product managers, strategists, and designers. But I think even hard core techies can benefit from thinking about product design and user experience.
Today I published Experience Strategies, a presentation from Jesse James Garrett, President, Adaptive Path. Let me know what you think. Better yet, go rate the show after you listen to it.
1:20 PM | Comments () | Recommend This | Print This
March 17, 2007
An Annoying Look at the Top 100 most Influential in IT
eWeek has a story, or rather four stories on the 100 most influential people in IT. The first installment counts down from 100 to 76. I find it incredibly annoying that they don't just list them out, but rather make you look at a slide show--the better to drive ad views, I presume.
This is biggest the complaint I have with ad supported models. Frequently the presentation is made a less effective communication because it's held hostage to the desire to drive ad views. I don't want to make poor decisions on what I say or how I say it because I'm trying to "capture more eyeballs."
The other annoying thing about this presentation is that there's no supporting data. One sentence is all you get about the person. Some of those are pretty generic. For example, for Cathy Tompkins, number 76, the site says:
CIO for one of the Baseline 500 companies for high IT productivity; advocate of a "keep it simple" philosophy.
I'm not picking on Cathy here, just the site. There are 499 other CIOs from the Baseline 500 and I'm sure that many of them have said "keep it simple" more than once. So, why Cathy and not one of the others?
What was the methodology? Who picked? What were the criteria? If that information's there, I couldn't find it easily.
12:17 PM | Comments (2) | Recommend This | Print This
Are You Over 21? Attributes and Identity
 Utah Driving Privilege
Card (click to enlarge) |
This story from the Salt Lake Tribune about driving privilege cards and getting into bars is a good example of the issues surrounding identity, attributes, and authorization.
For some background, a few years ago, Utah passed a driving privilege card (DCP) law that gave undocumented workers a legal way to drive without issuing them a drivers license. A drivers license has legally mandated identity functions for the federal, state, and local governments that extend beyond authority to drive--voter registration, as one example. The reasoning for issuing any card at all to undocumented individuals is pretty sound. You want undocumented individuals to be able to get insurance so that you don't have a huge pool of uninsured motorists.
The Tribune story tells of a University of Utah student, aged 22, who was refused entry into a bar because the bar owners believed that the DCP wasn't an acceptable form of identification. The response from the Utah Department of Alcoholic Beverage Control (UDABC) is an interesting look at identification policy:
The law doesn't extend to private clubs, restaurants, taverns or any place with a state liquor license, [Sharon Mackay] says. State law doesn't say that such places even need to check identification cards before entering their establishments, she says. The law requires that they do not sell to people under 21.
"We don't tell them what they can or not accept," she says. "They need to make sure that whatever they're accepting is valid and reliable, so they're not putting themselves in jeopardy of selling to a minor."From Salt Lake Tribune - Driver cards brew mix-up at pubs
Referenced Sat Mar 17 2007 07:35:46 GMT-0600 (MDT)
State law just wants an outcome, the use of identity in this situation is merely a means to an end. The drivers license and DCP are just ways of getting an attribute (birth date) from a trusted third party (the State in this case).
8:19 AM | Comments () | Recommend This | Print This
March 16, 2007
Jeff Barczewski on MasterView
Jeff Barczewski is talking about MasterView, a template engine for Rails. MasterView is a Ruby gem that enables the creation of Ruby/Rails views in standards-compliant XHTML. The problem with Rails views, at least in Jeff's view, is that you can't use standard HTML WYSIWYG editing tools to create and modify them. MasterView is a Ruby template language, meaning that you can use it without Rails.
Jeff showed a demo of how the tool works and how it compares to standard Rails. One advantage is the HTML and directives for a page are kept in one place instead of multiple files. In Rails the generator creates these as HTML files, a simple CSS file, and some Javascript. The Javascript is used to make the HTML files in the prototype seem live before Rails is event attached to the files using dummy data. The dummy data is replaced with real data at run time.
The views produced by MasterView are considerably more sophisticated that those produced by standard Rails. The XHTML compliance is achieved by embedding the template directives in XHTML-compliant attributes in <div/> tags. Jeff demonstrates using Mozilla Composer to edit the HTML forms and other pages. Very nice for building the view. Editing the repeated layout on one page, changes it on all of them.
An admin screen for MasterView allows you to control how pages are rendered, see the status of files rebuild the files, and so on. Tidy is built-in to clean up bad HTML.
Trying to remember which files are where can be frustrating. Moreover, if you have a team where designers were separated from developers, this architecture would probably yield a more natural workflow.
3:22 PM | Comments () | Recommend This | Print This
Bayesian Networks in Ruby
Carl Youngblood is speaking on Bayesian networks in Ruby. He starts by pointing out that building complete logical systems by building rules is necessarily a futile task. The answer? A system that accounts for ignorance and degree of belief probabilistically. He quote Norvig: "Probability provides a way of summarizing the uncertainty that comes from our laziness and ignorance."
After a brief tutorial on how probability can be used to overcome the weaknesses of predicate logic, Carl launches a discussion of Bayesian inference and networks. That took quite a while, but was a good tutorial on the problems.
Carl is the author of SBN, a Ruby module for Bayesian networks. He shows how you can create Bayesian networks, input the probabilities for the state tables, and build the network. Once that's done, you can query the network to understand the probabilities of events represented by the nodes.
Currently, you have to specify the network structure, rather than allowing it to learn the structure, something that makes the entire process easier, not to mention useful for many of the tasks people like to use Bayesian networks for.
1:13 PM | Comments (1) | Recommend This | Print This
Ara Howard: Ruby Queue
 Ara T
Howard (click to enlarge) |
Ara T Howard, a research associate at The Cooperative Institute for Research in Environmental Sciences, is speaking about Ruby Queue, a tool for distributing the workload to nodes in a Linux cluster. He wanted something lean and fast and considered the existing packages like openMosix too heavyweight.
The queue doesn't do scheduling--the type of work his group does processes long jobs that use lots of nodes. He determined to build something extremely simple, an NFS mounted priority queue that nodes could pull jobs from as needed. NFS has lots of cruftiness, but the truth was that they were already using it for other tasks, so one more probably wasn't a big increase in risk.
The first issue was whether Ruby could handle the NFS-safe locking for the shared storage. He wrote a "little C extension, posixlock, which extends Ruby's built-in File class with a method to apply fcntl, or POSIX-style, advisory locks to a File object." This is the standard way of making languages that aren't C do C-like things. I've done the same thing in Scheme.
Ara noticed that NFS locking wasn't fair. That means that you have to be smart about how you attempt to get the lock or processes can block. He implemented a leasing policy (that helps avoid starvation) and a method for polling to increasing back-off of requests. His studies show that over a long period (days) processes get good interleaving and the system achieves good throughput.
Ara used SQLite, along with the SQLite Ruby bindings as the back end storage system. He discovered that this combination is very robust and recovers from errors very well.
When a node accesses the queue and figures out what to do, the job needs to be run, but some technical difficulties with SQLite made forking a non-starter. Ara used Distributed Ruby to run the job, essentially forking, without forking. A simple JobRunnerDaemon object encapsulates the functionality.
One little piece of NFS-fu that Ara mentioned that I thought was pretty cool (nothing to do with Ruby) is his use of hard links to robustly pause the whole cluster when the NFS serve goes down. Anyone with NFS experience will know that you use soft links on your workstation so that it doesn't hang when the NFS server goes down. But that's the precise behavior that Ara wanted.
Ara's Linux Journal article has a good example showing how this is all used. It's easy to see how you could grab this could and in short order take a collection of Linux boxes, linked by NFS, to create a cluster that processes large, compute intensive jobs. Very cool.
The whole project is a good example of the elegance of Ruby. From the ability to extend the language with C to the way mixins make it easy to augment functionality of classes.
9:58 AM | Comments () | Recommend This | Print This
Mountain West Ruby Conference
 Registration desk (click to enlarge) |
I'm at the Mountain West Ruby conference today. The venue is the Salt Lake Public Library, which haps a very nice auditorium. There's a good slate of speakers. I'm looking forward to getting some information about Ruby besides Rails.
I'm hoping to get some of the audio from the conference for IT Conversations. There's some good talks here and I'm anxious to see what kind of response we'll get to Ruby content from IT Conversations listeners.
9:19 AM | Comments () | Recommend This | Print This
March 15, 2007
Where is OpenAttributes?
Gunnar Peterson, has a thought provoking post on OpenID and attributes. He quote heavily from another interesting post on names from Mike Neuenschwander. The idea is that names, without attributes are not very useful.
I agree wholeheartedly with the assertion that we have to get OpenID and other wide-area identities past simple authentication for them to really be useful.
Mike says:
I understand why from a programmer's perspective, it would be so much more convenient if everybody could simply have one globally unique, unambiguous, resolvable name. But such a quaint design constitutes a wanton disregard for reality.
The tech industry is adolescently ID-fixated. But I've had it to here with IDs! Would somebody please start seeing my avatars as something more than identification objects? So here's to being an OpenAttribute power user!From Burton Group Identity Blog: Identity's Inconvenient Truth
Referenced Thu Mar 15 2007 20:27:32 GMT-0600 (MDT)
This is too true. We're not going to get to a point where people have a single unique identifier--ever. In fact people are going to have many identifiers and will link them--or not--as it serves their purposes.
This is the basis of the project I have my students working on this semester. One way to look at it is that we're building a reputation server for OpenIDs. Another way to look at it is that we're creating a facility for linking identifiers, associating some attributes with them, verifying some of those attributes, and then building rules around those attributes (and other transactional data) to return reputation scores. We're exploring the idea that reputation can serve as a proxy for explicit authorizations in many cases.
8:37 PM | Comments () | Recommend This | Print This
Server Migration
I was reading Sam Curran's blog and he was talking about intelligent server migration. This, of course, is interesting to me since I just got done doing the same thing. Sam had a more difficult situation in that he has users to make changes to the database. While that's true on a blog with comments, it wasn't a huge concern to me over a weekend.
Dealing with DNS really is the biggest problem. It took almost 48 hours for DNS changes to propagate to the point where the old server was done taking traffic. I think next time, if possible, I'll just switch the IP address on the server.
The biggest challenge I faced was moving to a 64-bit processor. I started out loading up Fedora Core 6 for 64-bit processors and trying to follow my instructions for setting up a Linux server. In particular, building the LAMP stack turned out to be a nightmare. Nothing impossible, but with the mental bandwidth I had to give it, I staled for 2 months.
Finally, I just loaded the 32-but version of the OS on the machine and everything fell into place. I was up and running in a few hours. I gave up some performance (how much?) for the fact of getting it done. The new server is performing well and has given a big performance boost to the compute intensive tasks like rebuilding pages and searching).
12:03 PM | Comments (3) | Recommend This | Print This
March 14, 2007
Are MBAs Too Dumb to Use RSS?
I was over at between the lines and saw an ad for BNET. I don't usually click on online ads, but I was intrigued. BNET is a business Web site. I found an article on The 7 Interview Questions You Must Ask, which I thought was pretty good. Make no mistake: this is not Harvard Business Review. The articles are short and entertaining, perfectly matched to our ADD culture. Still, I enjoyed reading some of them and I'll probably be back. One thing that's a little shocking: no RSS feed. What are these guys thinking? Aren't MBAs smart enough to run a feedreader or something?
10:03 PM | Comments (6) | Recommend This | Print This
The Cost of DST Changes
One of the conversational topics I ran into over and over the first of this week was "what does all this DST patching cost?" Larry Dignan has an estimate and the numbers aren't pretty. By Larry's estimate we spent $1 billion in IT costs and saved $360 million. Sounds like the kind of investment that the Feds make all day long.
9:38 PM | Comments (1) | Recommend This | Print This
Putt's Law
If you like Dilbert, you'll love Putt's Law and the Successful Technocrat. At least that's my conclusion after listening to Susan Hassler interview Archibald Putt on IT Conversations as part of the IEEE Spectrum Radio series.
Putt isn't the author's real name. In fact it's a psuedonym that Putt has used since 1976. The first version of this book came out in 1981 and is most famous for Putt's law:
Technology is dominated by two types of people: those who understand what they do not manage, and those who manage what they do not understand.
Reading some of the reviews on Amazon and listening to Putt himself makes me anxious to get my hands on a copy.
2:39 PM | Comments (1) | Recommend This | Print This
March 13, 2007
Should Dell Pre-Load Linux?
On a page with the words "Dell recommends Windows Vista Business" emblazened at the top, Dell is running a survey on factory installed Linux for desktops and laptops. Let them know what you think.
3:27 PM | Comments (1) | Recommend This | Print This
Doc Searls and the Giant Zero
Last week, Scott Lemon and I had a very enjoyable conversations with Doc Searls about a concept he's calling The Giant Zero. The concept is simple. In Doc's words:
The metaphor is a play on the meaning of both World of Ends (which I co-wrote with fellow Berkman fellow David Weinberger) and The Stupid Network, by Berkman alumnus David Isenberg. (David is also my given name, by the way. Coincidence?) The origin of the metaphor, however, is Craig Burton, who was the first to observe that an end-to-end architecture in which every point is essentially zero distance from every other point (and as stupid as possible in the middle as well), would geometrically resemble a 3-D zero.From The Doc Searls Weblog : Monday, September 18, 2006
Referenced Tue Mar 13 2007 09:26:54 GMT-0600
It was great and I wish you could have all listened. Oh wait! You can. We recorded it and it's live at IT Conversations today: Doc Searls and the Giant Zero on the Technometria Podcast.
9:35 AM | Comments () | Recommend This | Print This
March 12, 2007
iProvo Prepares to Cross 10,000 Subscriber Mark
iProvo is Utah's second largest municipal broadband project. The largest, Utopia, is a consortium of cities from around the state. iProvo, on the other hand, is a project of the Provo City. A story in today's Deseret News says that iProvo now has 9,480 subscribers. The graphic accompanying the story shows the growth since August, 2005. The trend is nearly linear, up and to the right.
iProvo used to believe that they needed 10,000 customers to break even, but that number has gone up to between 12,000 and 14,000. The big question is whether they can hit break even before the money they raised from bonds runs out.
iProvo has about 400 commercial accounts and the rest break down almost evenly between apartment complexes and residential customers. Kevin Garlick, iProvo's general manager, and Provo's mayor, Lewis Billings, believe that the number of commercial accounts could be greatly expanded.
iProvo has had a lot of naysayers over the years. Its good to see them succeed. While they're not out of the woods yet, they're on the right track and should be commended for vision and guts.
In the meantime, Utopia pulled fiber in front of my house last week. I expect my neighborhood to light up soon. I'm looking forward to it.
2:22 PM | Comments (4) | Recommend This | Print This
March 10, 2007
New Server
I'm upgrading the server that serves this blog and quite a few other sites. There may be some service disruption. If you notice anything weird let me know, please.
5:04 PM | Comments () | Recommend This | Print This
Virtual Appliances
I spent a little time today playing around with a virtual appliance (VA) from VirtualAppliances.net. They have LAMP, Tomcat, Cacti, MySQL, PostgreSQL, and HTTTP server virtual appliances that you can download and run inside a variety of virtualization environments, including VMWare and XEN.
I downloaded the LAMP stack VA and it booted in VMWare Fusion on my MacBook Pro. The VA uses DHCP to get its network address (there's no option or static IP numbers at boot time) and the boot screen gives the relevant URLs for the admin console. There's no way to log in--you use the management console exclusively. The stack includes of these components:
- Apache
- PHP
- Perl
- Python
- ZendOptimizer (www.zend.com)
- MySQL
- phpMyAdmin
These come packaged in a single 65Mb download, pre-configured and ready to run.
There's no shell access on the free versions, so you have to use the management console and phpMyAdmin for everything. The document root for the HTTP server is available as a SMB file system (Samba) and can be mounted to manage the documents on the HTTP server. I was able to mount it from Finder without any trouble.
 Virtual Appliance LAMP Stack Configuration Screen showing errors (click to enlarge) |
Unfortunately, I can't write much about the management console because of some apparent errors in the configuration (see screen shot). You can manage passwords, logging, time, and network options and, apparently, some other things, but I'm not sure what.
This brings up the largest problem with these virtual appliances, from what I can see. Because I can't get a shell, I can't go in an debug this problem. I'm at the mercy of the builders. An look through the forums shows that the problem's come up there before, but no answers are available. I believe that with a paid option, you can get to the shell.
Configuring a server, just right, can be a large chore, so being able to download one--pre-configured by experts--is a big win. You're giving up flexibility, but gaining simplicity, a classic trade-off. I think this is just the tip of the iceberg in what we're going to see as virtualization becomes more wide-spread.
Update: In looking around, I also found this collection of virtual appliances for XEN, including virtual appliances for SugarCRM, Asterisk (Trixbox), and others.
12:05 PM | Comments (3) | Recommend This | Print This
March 9, 2007
MeetOMatic.com
I've mentioned meeting wizard before as a way of getting a common meeting time for a group. I've used it off and on with varying success. I just ran across another one, MeetOMatic.com. MeetOMatic is considerably simpler than Meeting Wazard. The problem with both is that they require people to (1) click on a link and (2) check all the dates in the page against their calendar manually, and (3) check boxes on the page with the results. Seems simple, but my experience is that many don't respond. What we need is CalDAV and true, cross platform free-busy.
7:15 AM | Comments () | Recommend This | Print This
March 8, 2007
Random Reputation Ramblings
I spent the day with Dan Lulich of iovation and gave a talk about reputation to some of the group. I had a good time and really enjoyed a day of talking about reputation with people who live it everyday. Here's a collection of random insights I had about reputation while preparing my talk and in discussions with Dan and others today.
- David Brin's book, Transparent Society, has a great discussion of the ways that transparency leads to accountability. The message seems to be that accountability costs privacy. There are ways of using reputation that protects privacy, but still offers accountability.
- Paul Resnick's paper on the Social Cost of Cheap Pseudonyms concludes that a strategy of not trusting strangers is the best we can do (the paper presents a game theoretic study that supports that finding). A general purpose (i.e. not site specific) reputation system provides a user a way of avoiding being a stranger--when you can take reputation data with you, you're no longer an unknown quantity. Reputation systems let individuals avoid the cost of cheap pseudonyms.
- One of the costs of cheap pseudonyms is that negative reputations don't stick. A system that can effectively link pseudonyms can avoid this cost by ensuring that negative reputations follow entities even when they use a new pseudonym.
- I've noted before that presenting credentials out of context is a method for transfering trust. Reputation systems are specifically designed to link credentials and provide ways of using them out of context.
- User-centric identity systems are often sold on the idea that the user gets the benefit of single sign-on, but as I pointed out above, there are other user benefits besides that. In addition, because user-centric ID systems separate claim acquisition and presentation, relying parties can benefit from the decreased liability of managing user authentication data.
9:30 PM | Comments (3) | Recommend This | Print This
March 7, 2007
Making SOA Governance Collaborative
The irony of loosely coupled SOA systems is that they require more, not less rules. Governance manages the rule making process. My InfoWorld feature on SOA governance Teaming up for SOA came out this week. I was writing this article at about the same time we did this Technometria podcast with Todd Biske and Ed Vasquez.
10:51 PM | Comments () | Recommend This | Print This
FreeYourID.com
I played around a bit with FreeYourID.com this morning. The service gives you a personalized URL, email address, and an OpenID. The domains are in the .name TLD. This is an interesting concept: combine three identity services into one and offer real personalization. They're giving free 90 day trials.
in some ways this reminds me of a poor-man's i-name. i-names are resolvable to various services. Right now, you've got to use an URL transform to make i-names work, so using them is not as straightforward as it be if browsers did native XRI resolution.
10:44 PM | Comments () | Recommend This | Print This
March 6, 2007
Reputation for OpenID
I'm teaching a graduate class on reputation this semester. I did the same thing last year and the class project was building a reputation framework. The ideas surrounding reputation intrigue me, if you haven't figured that out from reading this blog.
I've had various ideas for this semester's project, but finally settled on the idea of reputation for OpenID. With OpenID gaining steam, there are concerns on user side about how to know whether to trust an OpenID provider. Even if you pick someone with obvious standing, like AOL, how do you know if the site you've been redirected to for authentication is really AOL or some clever phishing attack?
At the same time, relying parties have concerns about whether or not to trust a particular OpenID. Say someone shows up at your site with an OpenID from myopenit.net, should you trust that they've been properly authenticated?
People have proposed white lists and black lists to solve these problems, but I think a better solution is a reputation system that can tell you about OpenIDs. I believe the reputation framework we built last year can be put to this task.
Reputation systems work best when there are multiple users sharing their experience, but the system would be useful even for a single site. I'm concerned about how the system could be gamed (see Wired's article on how this is happening now on Digg, del.icio.us, and other sites, for example). I believe that reputation can serve as a proxy for authorization, in some cases.
There are many unanswered questions, but that's why we do this, after all. I'll post periodic updates on how it's going.
9:22 PM | Comments (2) | Recommend This | Print This
Mounting OSX Directories in Parallels
I found this nifty trick for mounting OS X directories from Linux. This is handy when you're using Parallels on your machine and want to easily pass information back and forth. Parallels comes with a utility for doing this from Windows, but not Linux.
The idea is to use sshfs, the SSH filesystem. I installed it easily on Ubuntu using apt-get (on Fedora, you'd use Yum) and then mounting a disk on my OS X file system is as simple as
sshfs pjw@10.37.129.2:Documents "OSX Documents"
"OSX Documents" is an empty directory on the Linux machine that serves as the mount point. "pjw" is my user name on my Mac. You can do the usual SSH stuff to avoid typing your password all the time.
It works great. There's nothing specific to Parallels here, of course. This would work whether the Linux machine is virtualized or not. You could, of course, use "Personal File Sharing" on OS X and mount the OS X drive as using Samba, but I like the simplicity of SSH.
Now, if I could just get cutting and pasting to work...
8:56 PM | Comments () | Recommend This | Print This
Lonn Johnston on High Tech PR
I just posted the latest Technometria podcast on IT Conversations. Scott, Matt, and I spoke with Lonn Johnston about PR for high-tech firms--especially those involved with open source. I enjoyed the conversation very much and hope you do too.
7:47 PM | Comments () | Recommend This | Print This
Monkey Pornography, Social Status, and Reputation
Britt is further developing his thoughts on relative celebrity. He points to a study that looks at social status in monkeys and their willingness to sacrifice food to look at the faces of high-status individuals and what amounts to monkey pornography. On the flip side, they demand more food to look at the faces of low-status individuals.
Male rhesus macaques sacrificed fluid for the opportunity to view female perinea and the faces of high-status monkeys but required fluid overpayment to view the faces of low-status monkeys. Social value was highly consistent across subjects, independent of particular images displayed, and only partially predictive of how long subjects chose to view each image. These data demonstrate that visual orienting decisions reflect the specific social content of visual information and provide the first experimental evidence that monkeys spontaneously discriminate images of others based on social status.
Primates appropriate a significant portion of their brain to constantly monitoring, calculating, and analyzing relative social standing and, naturally enough, mating potential. Britt makes a jump from social status to celebrity (i.e. the state of being well known) and I'm trying to decide whether I agree with that connection. Is social status merely celebrity, or is it something more nuanced than that? I believe that celebrity, status, and reputation, while related, are quite different from each other.
If you read the study, it allows that we're hardwired to associate certain facial traits with status. That is, we do judge books by their covers. Harrison Ford just looks like a good president, doesn't he? That would indicate that social status is quite primitive. As a society we afford the opinions of celebrities more credence than is probably warranted. Actors are forever lending their fame to this cause or that and influencing people on issues on which they have no particular expertise.
We tend to conflate status and celebrity, but I think they are quite different. An entity might be very well known and still have low status. In fact, that might be the basis of their celebrity. For example, criminals have a certain celebrity, but low status. Allowing for some exceptions, the people we call "celebrities" are well known because of the high social status we grant them. This is just the opposite of thinking that they have high social status because they're well known.
To be fair Britt is talking about "relative celebrity" and that's an important distinction since "relative" allows the celebrity to be context sensitive. But status, and I think reputation, are more than mere celebrity. Certainly reputation is the measure of how well known an entity is in a particular context. But reputation is also being known for something. We use reputation to estimate an entities probable future action. That's more sophisticated, it seems to me than celebrity.
In my personal lexicon of reputation and identity, I'd probably break it down like this:
- Reputation is an individual calculation about an entities past performance in a particular context. The expressed opinions of other entities are part of this calculation. Every other entity performs this calculation and gets their own result. They use this result to create expectations of future behavior (i.e. trust).
- Trust is the expectation of an entities future actions based on their reputation.
- Status is the relative ranking of multiple entities based on reputations in a given context. Thus we tend to "trust" people with higher status.
- Celebrity is a measure of how well known a given identity is by other entities in a given context. It can be a factor in reputation, and hence status, but is not the same as either reputation or status.
For now, that's how I'm understanding these concepts. Feel free to take a whack at them and see if you can make more sense of them than I have.
9:20 AM | Comments (4) | Recommend This | Print This
March 5, 2007
Relative Celebrity and Reputation
Britt's working on a concept he calls Relative Celebrity. The idea is that in the world of the long tail, there is some ranking and "every member of a network must be related to someone who is closer to the action - relatively speaking, a celebrity - and also act as a valued conduit of news, gossip and conjecture for others, acting as that person's relative celebrity."
It's an intriguing idea and one that makes me think about reputation
and it's value in a global Internet sense. To date, online
reputation systems have been localized to a particular Web site
because of a very real limitation: our identities are localized to
those same stovepipes Web sites.
The emergence of user-centric, wide-area identity systems like OpenID and CardSpace provide the infrastructure necessary to enable wide-area reputation as well.
Britt uses the word "status" in his post, but while it can be construed as that, I think it's much deeper. The word "status" implies something that's good for the person who has it, but conveys little social good. On the other hand, reputation is widely seen by economists, sociologists, and psychologists as something with real social value.
To have social value, reputation has to be the basis of trust in the society and there has to be reciprocity. Reputation is a measure of an entity's past actions and factual attributes. Trust is an expectation of future behavior. Reciprocity is the idea that "good" actions will be met by society with positive results and "bad" actions with negative results.
I think Britt's on the right track with what he's proposing. To really function, social systems have to have reputation, trust, and reciprocity baked in. Without it, there's no real social contract and no real society.
5:59 PM | Comments (5) | Recommend This | Print This
Identity Open Space in Europe
We're going to conduct an Identity Open Space event in Brussels in April. This will be like the one's we've done in Vancouver with Liberty and in Santa Clara with DIDW. Like the Vancouver IOS, this one will also be at the tail end of the Liberty Project meeting--this time in Europe. Here's the Liberty announcement and the IOS wiki.
On April 26th, we'll create the agenda (in open space style) at 11am, have lunch, and then begin sessions which will continue until 4pm on April 27th.
The early registration fee will be US $195.00 until Friday, March 23, 2007. The standard registration fee will be US $250.00 until Wednesday, April 25, 2007. At the event, registration will be US $300.00 on Thursday, April 26, 2007. You can register online at the Liberty site.
3:18 PM | Comments () | Recommend This | Print This
Using VMWare Fusion: A First Look
Last Friday I wrote that VMWare had released the second beta of Fusion, their virtual desktop for OS X. Over the weekend I took a little time to play around with it and had a few observations. Note that this is not a formal review--don't take it as one.
First, Fusion works well, as promised. No major hiccups to report. I was able to set up a Fedora Core 6 image with only a few issues. Here are some of my discoveries and impressions:
- Fedora isn't one of the "supported" operating systems. I mistakenly chose "Redhat Linux" thinking that Fedora was close, but it didn't work. When I went back and created virtual machine with "Other Linux 2.6.x kernel" things worked fine.
- The defaults for disk size, memory, and so on seemed to work fine.
- After you start your machine, you can go to "Virtual Machine -> Install VMWare Tools" to set up some things in the image so that it interacts better with the virtualization engine. The RPM wouldn't install for me, but just unpacking it and running the "vmware-install.pl" script worked fine.
- One of the things that running the VMWare tools does is allow you to set the screen resolution to what ever you want. My method worked fine too.
- The virtual machine was able to see USB devices and the network without a hitch. The sound was awesome.
- Disk images take as much space as they need, not the whole amount you allocate. So even though I allocated a 8Gb disk to the virtual machine, the image size is around 4.5Gb at present. df reports that I've got a 7.2Gb disk with 3.3Gb used, so there's some overhead.
- When you start up, a dialog box says "You are running VMWare Fusion with the DEBUG option" and warns that this will result in substantially slower execution, but I searched around and couldn't see anyway to turn the debug option off. Hints, anyone?
- You can drag and drop files on the virtual machine and cut and paste work too. Very handy.
- The update tool on Fedora keeps telling me I've got 240 updates, even though I've told it to download them and seen it go through the install process. I'm not convinced this has anything to do with VMWare.
- The command console could have a richer set of tools for copying, deleting, and otherwise managing images.
- The snapshot feature is cool--and fast. This is a very handy feature if you're about to do something you think might cause the machine to be unstable or if you're doing testing and want to start in a known state each time.
- When I wasn't doing anything with the virtual machine, but had it running in the background it was eating about 10% of one of my two CPUs. How much that would change if I turned off the DEBUG option, I don't know.
Overall, this is a pretty nice offering and I think that Parallels has some real competition. I could easily see myself using Fusion as my virtualization appliance.
3:02 PM | Comments (3) | Recommend This | Print This
March 2, 2007
VMWare Releases Beta Desktop Virtualization for OS X
VMWare announced the release of Beta 2 for the OS X version of VMWare Desktop, codename Fusion, today. Fusion has a Cocoa-native interface that runs Windows apps side-by-side with OS X windows. Parallels has recently released a similar feature that they call "Coherence."
I make increasing use of virtualization in my everyday work. For example, I needed to give my students a consistent development environment for a large chunk of code we're working on. We just created an image and let them download the whole machine.
I suspect that VMWare wouldn't be paying the Mac a lick of attention if it weren't for Parallels. I'm happy to have more than one player in the market--a little competition is always a good thing for end users. Parallels emerged from beta this week with new features that include Vista support and the aforementioned Coherence. If nothing else, I suspect it will cause some price reduction in Parallels.
I'm on a EVDO card right now, so I didn't download it. But I will--I'm anxious to see what it's like. It would be nice when I'm working with people using Linux or Windows boxes to have a single image that we all use. The new Parallels can convert a VMWare image and use it, but why go to the extra work if you don't have to?
4:18 PM | Comments () | Recommend This | Print This
Scoblizing Utah
 Robert Scoble and Phil
Windley. The sun and snow were very bright. (click to enlarge) |
Robert Scoble was in Utah today for Slopecast, a Rocky Mountain Voices event. I had a meeting at noon, so I wasn't able to make it up for Robert's presentation, but I drove up and we spent some time talking after the event. The event was sold out, as you'd expect, and by all measures was successful. I heard several people commenting how much they enjoyed it. I'm sure the event was recorded, so I'll try to point to it when it's online.
3:40 PM | Comments (1) | Recommend This | Print This
Why You Should Love CALEA
I published a show from Emerging Telephony on IT Conversations that consisted of three lightening talks by Bill Weinberg, Brad Templeton, and Johannes Ernst. Bill gave a good talk about open phones and why we don't have one yet. Open phones are a subject I care about, so I enjoyed that. Johannes gave one of the best short presentations I've heard on the multiple identifier problem. But Brad really entertained with his talk on why you should love CALEA. Brad's talk starts about 15 minutes in.
Actually, I should clarify. Brad didn't really give the presentation, rather it was his evil twin. CALEA is the Communications Assistance for Law Enforcement Act, a lot passed in 1994 that requires telephone carriers to put hooks in their system to allow wiretaps.
Now you see why Brad's evil twin gave the talk--no self-respecting EFF chairman could tell you to love something like CALEA, but if you're an ILEC (incumbement telephone company) you'd love it because it stifles innovation and makes it hard for small companies to compete with you.
I wish every legislator in every state could listen to Brad's talk and understand it. Legislators talk about making it easy for small companies and wanting innovation, and I think they're sincere. But they don't understand how their actions create environments that favor incumbents.
11:51 AM | Comments () | Recommend This | Print This
March 1, 2007
Top Ten IT Conversations Shows for Feb 2007
Here are the top ten shows on IT Conversations, by downloads, for February 2007. If you're looking for something good on IT Conversations, these shows would be a nice place to start.
- Anibal Acevedo Vila - Tech Nation (No rating yet)
- Who Owns "You"? - Supernova2006 (Rating: 3.12)
- Michelle Kaufmann - Tech Nation (Rating: 3.89)
- Barry Flicker - Slashing Project Time and Cost (Rating: 3.50)
- Dave Thompson - Tech Nation (Rating: 3.00)
- Bill Moggridge - Tech Nation (Rating: 3.33)
- Craig Burton - Technometria: The Enterprise of One (Rating: 2.29)
- Scott Rosenberg - Dreaming in Code (Rating: 3.45)
- Jeff Barr, Doug Kaye - Technometria: Amazon Web Services (Rating: 4.50)
- Dr. Karen Stephenson - Social Network Analysis (Rating: 3.00)
You'll notice that the Perl script I use to generate the list now includes ratings data as well. To do that, it has to download the ratings data from Loomia. The tool now downloads three separate kinds of data sources--Apache log files, an RSS feed of all the shows, and ratings data--and then massages them to produce the list. This is saving me quite a bit of time.
The ratings provide more color to the list since you can see that the top downloads don't necessarily reflect what people thought of the show. Downloads are an indication of the appeal of the subject or guest/speaker. Ratings are a measure of how well that expectation was met.
I've not yet added an option to generate a list of the top rated shows, but that's coming. Eventually I plan to automatically include this data for the last 30 days on the IT Conversations site.
9:22 PM | Comments (1) | Recommend This | Print This
EO Wilson in Utah
I'm listening to Doug Fabrizio interview EO Wilson on Radio West. Doug is one of the best interviewers I know and I always enjoy him--I listen to him whenever I can.
EO Wilson is in Salt Lake this week as a guest of the Utah Museum of Natural History and the Nature Conservancy. He spoke last night as part of the Nature of Things series. He was just delightful to hear and listen to.
EO Wilson is the author of many influential books, including On Human Nature and, his latest, The Creation: An Appeal to Save Life on Earth.
Wilson's message is that the two greatest cultural forces that can be used to save our planet are science and religion. This is an unusual position as these two camps often see each other as cross purposes. I find his message refreshing and his delivery humorous, passionate, and intelligent.
If you're in Utah, you can listen to the interview's rebroadcast tonight at 7pm on KUER. The audio will be online tomorrow at the link above.