Archive for Sept 2003


Apache 2.X Ready for Prime Time?

As I set up my new server, I had thought to use Apache 2.X. I've been a long time Apache 1.3.X user, but figured as long as I was going to load up a bunch of software, I might as well get into the new millennium. I've set it up with the built-in SSL (here's an important mod_ssl hint for Linux) and WebDAV support and compiled in mod_perl. Everything works like a charm. I even set up cronolog to rotate the logs. I'v seen some warnings on the net about Apache 2.X not being ready for prime time, but
Continue reading...


eGovernment Interoperability Framework

Britain's GovTalk is analogous to the US Federal Enterprise Architecture PMO. They publish eGIF, the eGovernment Interoperability Framework. The document is a set of standards that agencies of the British government must comply with. The document comes in two parts. Part 1 is framework that contains high level policy statements, management, implementation and compliance requirements. Part 2 is the actual technical policies and specifications. There are five major categories: Interconnection - policies for connecting system together Data integration - XML standards Content management metadata - Metadata standards Access - What types of devices should be supported Business areas -
Continue reading...


Enterprise Architecture as Extreme Sport

Ray Lane has a post at Always-On called Are Web Services Really the Answer? He compares the current state of Web services with finding your way to Oakland: The enterprise is very lost. It's as if you came to the Bay Area for the first time and wanted to get to Oakland. You're there at the airport and you stop to ask directions of ten different people, and they are all experts only on their own little locale. So they can tell you how to get anywhere in Atherton or Woodside, but all they know about Oakland is that
Continue reading...


IM Worms

According to Eric Chien, chief researcher at Symantec Security Response in Dublin, Ireland there are 60 published IM vulnerabilities and over 30 identified IM worms. These run the gamut from holes that allow the IM client to be crashed to vulnerabilities that allow malicious code to be installed on the user's machine. Because IM Worms can hijack the buddylist, they can propagate quickly. This article from PCWorld.com has more detail on IM vulnerabilities.
Continue reading...


Understanding Kerberos and Secure Authentication

Kerberos is a network authentication protocol which has been around for some time. Its based on asymmetric key cryptography and it best used for intra-organizational authentication tasks. Kerberos was developed by MIT and is distributed under a copyright permission notice very similar to the one used for the BSD operating and X11 Windowing system. Kerberos, by the way, is the name of the three-headed dog who guards the entrance to Hades. Even if you're not interested in deploying Kerberos, understanding how it works is a good exercise if you're interested in secure authentication. You could read some dry technical
Continue reading...


Why Windows is Like Potatoes

Sean Gallagher has an excellent rant comparing Windows to potatoes (you'll have to read it to understand) that builds on the Windows as a dangerous monoculture idea.
Continue reading...


Massachusetts Moves to Linux

An associated press story is reporting that Massachusetts will adopt a broad-based strategy of moving its computer systems toward open standards, including Linux. Massachusetts is the lone hold-out in the multi-lateral State Attorney General lawsuit against Microsoft. State Administration and Finance Secretary Eric Kriss said Thursday that the decision, adopted at a meeting of state information officers, was made on "technical grounds" and had nothing to do with Attorney General Thomas Reilly's pursuit of Microsoft. Kriss said the state's decision was driven by a desire to reduce licensing fees but also "by a philosophy that what the state has
Continue reading...


The Cost of Principle

A few security luminaries, including Bruce Schneier and Dan Geer, issued a report to Computer and Communications Industry Association that called the ubiquity of Microsoft software a hazard to the economy and to national security. The report states: Because Microsoft's near-monopoly status itself magnifies security risk, it is essential that society become less dependent on a single operating system from a single vendor if our critical infrastructure is not to be disrupted in a single blow. The goal must be to break the monoculture. The report goes beyond merely decrying the monoculture, however and points out the danger of
Continue reading...


Amazon May Support Internet Sales Tax Legislation

Amazon, the world's biggest online retailer may be close to publicly supporting legislation that would create a national sales tax system according to the Washington Post: Supporters of a national Internet sales tax proposal are negotiating with Amazon.com in a bid to win an endorsement from the largest online retailer for legislation introduced today in Congress. The legislation would put the federal government's stamp of approval on a state-led effort to require online retailers to apply sales taxes to nearly all of their transactions. In return, states would simplify their complex tax laws to make collecting taxes easier for
Continue reading...


Utah.gov Wins Best of the Web

The Center for Digital Government announced today that Utah.gov, the State's online services portal, has won their Best of the Web award for 2003. Cathilea Robinett, executive director of the Center for Digital Government praised the portal: Utah has a beautiful Web site that is easy to navigate and offers a variety of online services," said Robinett. "It has a live 24/7 customer-service help function, the most advanced common look-and-feel features in the nation, dynamic content, and a large amount of online services. Utah has historically been a leader in digital government. Capturing first-place in the Best of the
Continue reading...


IM in the Enterprise

I'm a fan of instant messaging (IM) in my personal and my corporate life. I've used IM as a tool for getting my work done for years and love the face-to-face style conversation with people who aren't right next door. Sure, there's the phone, but phone calls have more overhead than IM. If I've got a lot to say, I use the phone. When I just have a quick question, or want a low intensity conversation, I fire up iChat (OS X's AOL compatible chat tool). I've seen IM used in some interesting ways: Business colleagues use IM it
Continue reading...


RAID 1 Setup on Linux

I'm working on setting up a new server to host windley.com (including this blog) and my other websites. I've been hosting with Verio. A good fiend of mine started the company that eventually became the Verio hosting division about the same time I was starting iMALL. We traded lots of services and had some partnerships. One of the most personally gratifying was a comped virtual server he gave me in 1996. I've used it happily for seven years. But all good things come to an end and last year they started charging me. The per megabyte charges are getting
Continue reading...


A Quote Blogmarklet

Jon Udell, in referencing Jesse Ruderman's well-formed bookmarklet reminded me that I've been meaning to create a small bookmarket of my own. I've been thinking for some time that some little bookmarklets would make blogging simpler and take care of some of the more mundane formatting chores. The one I started out with helps me with formatting quotes. When I quote another web page, the convention I've developed is to place it in <P/> elements like so: <P class="quote"> This is a quote from another blog. </P> My CSS contains the following style: .quote { font-family: Verdana, Arial, Helvetica,
Continue reading...


IT in the Small Business

Yesterday I had lunch with the owner of a small business. He has grown from one shop to eight shops in fours states. A central distribution center in Salt Lake serves them all. The business buys inventory from multiple suppliers. My friend is making good money and the business is a success by most outward signs, but he has a problem: the entire empire depends on him working 12 hour days to make the critical decisions. My friend holds tight control on all inventory and purchasing from suppliers because this is where mistakes lead to huge losses. He also
Continue reading...


Topic Guides

I've added a new feature in the left-hand margin called "Topic Guides." I frequently research subjects in some depth to gain an understanding of them as I write, consult, and speak. I used to just throw them in the Features page, but its becoming crowded and not as useful to me. So, I started creating guides for DIgital Identity and Voice over IP. I'll slowly migrate subjects out of the Features page and into individual topic guides. My goal is not to become a network directory, but to put information and net-based resources into context---at least my context.
Continue reading...


WS-Manageability

This week IBM, CA, and Talking Blocks submitted the WS-Manageability specification to the OASIS WSDM technical committee. Because most of the writing I've been doing for InfoWorld has focused on the WS intermediary space, manageability has been a topic I've though a lot about. Most intermediary products make as much noise about their ability to manage Web services as they do about their ability to provide proxy services like security and logging. The WS-Manageability specification defines the ideas of manageability topics and management aspects. A topic covers the functional capability that supports management of a particular problem or management
Continue reading...


I'd Wondered What Was Going On: Verisign's Wildcard

I noticed the other day that I mistyped a domain name and got a Verisign page. I thought it was odd, but hadn't suspected what had actually happened. From Slashdot: As of a little while ago (it is around 7:45 PM US Eastern on Mon 15 Sep 2003 as I write this), VeriSign added a wildcard A record to the .COM and .NET TLD DNS zones. The IP address returned is 64.94.110.11, which reverses to sitefinder.verisign.com. What that means in plain English is that most mis-typed domain names that would formerly have resulted in a helpful error message now
Continue reading...


Wal-Mart's Move to Use RFID

Wal-Mart is very IT savvy. I guess they never read Nicholas Carr. They are also quite bold in their IT moves for a company so large. For example, I wrote earlier about Wal-Mart's move to force trading partners to use Internet-based EDI. The most recent CIO Insight carries and article about Wal-Mart's big experiment with RFID. If you're not familiar with it, RFID is radio frequency identification. RFID tags can be produced cheaply and embedded in packages allowing them to be identified from a distance. Wal-Mart isn't deploying them on consumer packaging--yet--but they're requiring their top 100 suppliers to
Continue reading...


XML Database Based Blogging

One of the things I love about reading Jon Udell's blog is that Jon is a "cool stuff" magnet. Such is the case today where Jon reports on Kimbro Staken's new blog software, built on top of Sleepycat's Berkeley DB XML. In Kimbro's system, the XPATH query on the XML data just becomes part of the URL and thus is folded right into the GET. As Jon says: "I just love this idea of incorporating XPath into RESTian URLs." There's something elegant about it. Every once in a while I make a change to my CSS that allows my
Continue reading...


Wisconsin Moves to Regulate VoIP

The Wisconsin Public Service Commission has informed VoIP provider 8x8 that its VoIP service is subject to the same rules as traditional telephone companies. Last month Vonage was told a similar story by Michigan. In this story from c|net News, Huw Rees, a spokesman for 8x8 claims that this ruling has ramifications beyond voice: [The WPSC ruling] could potentially regulate e-mail because they don't distinguish between data communication and telephone communication. It seems to be a lot of confusion to how and whether or not to regulate these types of services. The problem is that as services converge, its
Continue reading...


Extreme Programming

There's been a lot of buzz about Extreme Programming, or XP as its sometimes called. Proponents claim that its the answer to late projects and buggy code. They might be right. A recent Wired Magazine article called The New X-Men talks a bit about XP and highlights four programmers at HP's Seattle office. One of those developers is Kevin Yu, described a s 25-year old, prematurely jaded programmer: Yu is among thousands of coders who've discovered extreme programming, a method of software development that emphasizes constant feedback. Traditional coding devotes a huge amount of time to up-front planning, then
Continue reading...


Event Driven Business

In an event driven business, products are built to order, not built to stock, reducing inventory carrying costs and allowing greater customer satisfaction as a result of customization. This article from ebizQ has a great analogy: If you want the train to move over one foot, you have to do an immense amount of work tearing up and re-laying tracks. On the other hand, all you need to do to turn the more agile truck is move the steering wheel. Historically, we've been better at laying tracks in IT that we've been at designing roads. The Internet is probably
Continue reading...


A Noble Experiment: Free PDF Downloads of EJB Books

In a noble experiment in the economy of the Net, three books on J2EE and EJBs are available for downloading on The Server Side. The three books are: J2EE and XML Development by Kurt Gabrick and Dave Weiss
Continue reading...


I'm Blushing---Really!

Adam Gaffin, of Network World Fusion, has placed me on his list of top ten bloggers. I was surprised to be among such august company.
Continue reading...


Online Zines and Blogs

CNET News.com has redesigned their site and incorporated blogs, of a sort, into the design. The site features six main areas of focus and a weblog, they call the "journals," for each one. For example, here's the Web Services Journal. I was disappointed when I found them. There's some issues like no permalink and no clear indication who's writing the weblog, but more importantly, they have a sterile, corporate voice. Seems like all they done is collected editorials into one spot and called it a blog. No RSS feed either. In related news, according to Bruce Sterling, Wired magazine
Continue reading...


PDF Resources

I found a site called Planet PDF, with a good collection of PDF information and tools. I learned a few things poking around.
Continue reading...


Java Card Based Identity Management

Chris Gulker posted a piece on his blog about a visit to Sun where they use Java Cards as employee badges. Simply insert one of these into any thin client and you're logged in with your environment. Chris concludes: . You could sell me on the idea of a Java card slot on every computer... anywhere you go, just pop in your card... These little smart cards with a Java VM on them are manufactured by Schlumberger and others. These cards have something like 64K of memory on the card. Its not clear to me, in the application Chris
Continue reading...


The Economist on OSS and Government

The economist published an article on open source software and government yesterday. The article opens by discussing Munich's recent decision to go with Linux on the desktop. According to the article, governments around the world spend $17 billion on software: Government purchases of software totaled almost $17 billion globally in 2002, and the figure is expected to grow by about 9% a year for the next five years, according to IDC, a market-research firm (see chart). Microsoft controls a relatively small part of this market, with sales to governments estimated at around $2.8 billion. This figure seems low to
Continue reading...


Identity Management in Government

This month's issue of Governing Magazine is a special issue on Online Privacy. There's three articles: one on privacy, one on surveillance, and one on managing identity. All three are topics I enjoy, but the one that caught my eye was the identity article. It starts out: There are ghosts in government, and they're lurking in databases and applications throughout the online universe. That should be pretty scary for the caretakers of the information that governments are supposed to safeguard. The specters are actually real people -- employees who were given access to computer applications so that they could
Continue reading...


Enterprise Architecture and City Planning

A useful analogy on enterprise architectures, software architectures, and patterns: An enterprise architecture is like city planning A software architecture is like a building design Design patterns are like codes and best practices in the building trade The Danish government's white paper on enterprise architecture makes the first analogy in Chapter 4. In it, the work of city planning is divided into three main categories: Standardization - dimensioning of pipes, voltage, roadways, etc. Certification - regulated and standardized qualifications for workers Management - rules, notifications, permits, approvals, etc. The work in enterprise architecture is largely the same. Most people
Continue reading...


Timezones and Phone Meetings

I have a lot of phone meetings and getting the timezone right requires constant vigilance. I had more than one meeting not come off because I or someone else messed up the timezone thing. Now that I'm working with John Gotze from Denmark on some things, its even harder. John clued me into a handy web site though that helps. Using the personal worldclock you can create a personalized collection of clocks showing the time in various cities. Here's one showing Salt Lake and Copenhagen. There's also a meeting planner and a fixed time calculator. Very handy.
Continue reading...


New Zealand Government Standard on Using RSS

The New Zealand government has published a standard on using RSS to publish "media releases and other event-related content authored by government agencies and intended for public consumption via outlets in various media." These news feeds are collected and made available on New Zealand's website. Here are some highlights: The standard calls for using RSS 1.0 and gives a NZ government specific module that adds to the Dublin Core so that government functions can be properly described. Utah's Government Information Locator Service, run by the State Library, provides a similar module for Utah State government and even provides a
Continue reading...


GM's Found Religion on Digital Identity

Tony Scott has interesting problems to work on. As CTO of General Motors, there are lots of things that could occupy his time, but increasingly, he's focusing on digital identity. He gave one of the keynotes at last year's Digital ID World conference and I was fascinated by how similar his problems were at GM to the ones faced by the State of Utah and probably every other large organization. From an identity standpoint, Tony has three huge areas of opportunity, or risk depending on how they're handled: Hundreds of thousands of employees, One of the largest, mot complex
Continue reading...


2003 NASCIO Conference

Dave Fletcher is blogging the NASCIO conference. NASCIO is the National Association of State CIOs. I blogged the conference last year. David Brin was one of the keynotes this year. I wish I'd been there to hear it. Coincidentally, I was reading his book and blogging about it during last year's conference.
Continue reading...


Presence in the ER

Imagine that you're the CIO for a hospital. Like any CIO, one of the problems that you face is making sure people have access to the information they need to do their job. Another one of your problems is that you need to ensure that only the people who need to access a particular bit of information can. Unlike other CIO's however, you have a big stick called HIPAA hanging over your head, forcing you to do it right (at least as defined by HIPAA). Here's a riddle for you: how do you manage the computer terminal in the
Continue reading...


Web Based Enterprise Management

The Distributed Management Task Force is working to create desktop, enterprise and Internet management standards. Not surprisingly, their website gives a long list of members. Their Web site lists the following standards: Common Information Model (CIM)This is a common data model of an implementation-neutral schema for describing overall management information in a network/enterprise environment. Desktop Management Interface (DMI)These standards generate a standard framework for managing and tracking components in a desktop PC, notebook or server. Directory Enabled Network Initiative (DEN)The Directory Enabled Network (DEN) initiative is designed to provide building blocks for intelligent management by mapping concepts from CIM
Continue reading...


Is This the End of Linux?

Connect Magazine, a regional business magazine where I have a monthly column has a feature story this month called Is This the End of Linux? The article is not an apology for SCO and not a SCO-bash either. Overall, I think it does a good job of presenting SCOs arguments while raising some some fair questions about how SCO operates. There's a good discussion of Canopy, the investment firm behind SCO. Ralph Yarrow, the head of Canopy, is quoted in the article: "Dig into Canopy and you'll see we make much more money than we have in lawsuits. I'm
Continue reading...


Do-it-Yourself Web Services Management

Most Web services deployments have been rolled out without the help of big consultancies. The following companies offer the tools you need to get a handle on Web services management. [Full story at InfoWorld...] I put this list of Web services intermediaries companies together as a companion to this article about IBM, EDS, and others offering Web services consulting: Consultancies Aim to Ease Web Services Woes. I wrote earlier about this issue in Who's Afraid of Web Services?: One way to mitigate issues surrounding changing standards, security, and complex deployments is to hire one of the large service companies,
Continue reading...


Viruses and Worms

Today I ran across three good articles related to viruses and worms. I can't imagine why the sudden interest! Here they are: In San Francisco Chronicle, Mark Graff, chief cyber-security officer at Lawrence Livermore National Laboratory and author of a number of security books, says: The attacks are going to come faster and faster, closer together. Eventually, as far as we're concerned, it will be one constant attack This is, of course, partly a response to the general difficulty of creating secure systems. There's much to worry about and companies would rather devote resources to core missions than they
Continue reading...


Technology for Public Safety

One of the fun things about being the CIO for a state was interacting with the cops at Public Safety. They were great people and had a completely different outlook from your typical geek. It was frustrating sometimes though to see where technology could add tremendous value to what they did and not see it being employed. One such area was GIS. From Wired magazine comes another example of how tools that business takes for granted could be applied to police work with significant effect. Cloudy, With a Chance of Theft by Wilpen Gorr is about using business intelligence
Continue reading...


Principals of Loose Coupling

bLOGical has posted some Principals of Loosely Coupled APIs which provides a table of distinctions for tightly coupled and loosely coupled architectures as well as referencing an excellent article by Bill de Hora on Foundations for Component and Service Models. bLOGical's table, reproduced here, is one of the best one page descriptions of loose coupling I've seen. I've made a few additions of my own, in red. Tight Coupling Loose Coupling Interface Class and Methods Fixed verbs (i.e. RESTian) Messaging Procedure Call Document Passing Typing Static Dynamic Synchronization Synchronous Asynchronous References Named Queried Ontology (Interpretation) By Prior Agreement Self
Continue reading...


From Real Time to Deal Time

The Iteration Real-time Reporting Suite exemplifies how pure BI [Business Intelligence] is expanding. It does a number of useful things by adding real-time turnaround to data-warehouse reporting. Iteration's impressive interface allows those who haven't mastered reporting technology to craft deliverables though a familiar PowerPoint-style interface, which they're likely to already know. The Iteration suite is a real-time business management tool. Unlike traditional data warehouse products that rely on a batch-oriented ETL (extract, transform, and load) cycle, Iteration processes and presents business data as a constantly updating stream of information. By making real-time feedback consoles available to data-rich enterprises, it
Continue reading...


Bungle in the Jungle: Wireless VoIP in Laos

Vonage for one of the phone lines in my home and run it over the service I get from my WISP (wireless internet service provider). Some have written me asking how well that works. The answer is "not very well." The problem is my wireless connection. Right now, I get between 20-30% packet loss when the connection works. That doesn't make for a good phone call. Since there's no QoS, downloading a large file can make a cell phone seem like a dream connection. I'm hoping to get my wireless connection fixed soon and I'll let you know how
Continue reading...


Asian Powerhouses Threaten to Boot Bill

Reuters reports that Japan, South Korea, and China are likely to develop a new operating system as an alternative to Windows. The proposal was made by Japanese Trade Minister Takeo Hiranuma at an economic summit in Cambodia. The article says its likely that the three governments will develop the new OS on top of Linux. I hope so. It would be silly for them to not take advantage of the work that's been done in the open source community already. Besides, without a development community like the one offered by Linux, they're likely to end up with the same
Continue reading...