2007: "Most Influential" Writing
APODizing the Cosmos
Chalup PM Book in Progress
Both books are now shipping!
Handbook of Network and System Administration
That TransCon Rails Ta(il|le)
They [the co-op members trying to use a wacky uber-customized spreadsheet macro that breaks when you look at it cross-eyed] have little to no means of affecting the software that they use, and no real choices to use something else. And there are literally millions of others like them out there—small business owners, hobbyists, clubs, families and civic groups. But that’s the other, more profound thing that I think is changing and will greatly change how our kids think about software—one day we’ll look around and see everybody commissioning software, not just people with lots of money or people who can do it themselves. Tickets to the interior are suddenly affordable, and everybody’s buying one.Everybody wins. Cool stuff happens. Ma and Pa Kettle can get custom software written affordably while GoogroSoft is still polishing paisleys on monolithic software applications. OK, that last one is a bit Strata-filtered, but you know what I mean. Go read it, and if you're not familiar with some of the background, such as the original Long Tail essay, NT is a nice guy and scattered links throughout his essay back to some of the prequel material. Why, you may ask, is this tagged for sustainability? Because, in my opinion, the cottage-industry model of programming offers a lot of options in that area: telecommuting, bespoke efficiencies, disintermediated access to change, etc.
"But will it scale?"
Strata Travel Schedule
New Network, New Value
My contribution to the seed ideas for possible sessions is included below. I hope to have an opportunity to elaborate on this prior to the unconference. I'll be teaching my IT problem-solving and project management classes at Usenix Annual Technical right before the event, so I'll be in conference mode anyway. :-)
The New Network, even in its present alpha form, can make certain kinds of valuable connections and transactions at rates almost too cheap to meter. These value marketplaces are the hidden unpriceable glue that ties social networks and e-commerce sites together synergistically, the way mycelium act as a resource transport network in a succession forest.
Most social networking sites succeed based on these hidden networks, in which the ability to import connections serves as the equivalent of beneficial nitrogen-fixing bacteria in soil. How can we enable emerging Value Marketplaces purposefully, rather than by accident? Even better, how can we enable value transactions in such a way that everyone wins?
Some starting points are:
- transactions are flexible,
- interfaces are extensible
- serendipitous discovery is facilitated (including cross-correlation of data sets)
- privacy granularity is controlled
- trust/reputation is inherent
A small slice of firsthand experience in this: growing up in a rural environment consisting of neither extensive farmland nor managed timber, but simply woods and fields and pastures, one simply accepts that this is the natural world and moves through it. The most grevious culture shock one finds, coming from such an environment, is a landscape in which everything is owned as personal space. One did not generally cut through the backyard areas of other homes without a good reason, nor their driveways and front yards. However there were, quite literally, acres and acres of intervening spaces through which one might freely travel. Fenced pastures had wide, wide borders; forested land had trails, and low, crumbling stone walls marking property lines, easy to step over or spend the afternoon rebuilding. Other than frightening chasms between cityscape buildings, or alleyways that are essentially public streets (and may not be loitered upon or otherwise trespassed), there is no public space. There are parks, certainly-- little chunks of space kept boringly manicured for the purpose of DOING things in them, such as playing sports, but no inviting and diverse ramblings to be had. Why do we seek order in our world? I'm reluctant to even approach this without defining 'order', as neither of the two proffered 'customary' viewpoints seem plausible to me, namely Locke's tabula rasa, and Aristotle/Kant/Arendt's innate humanness. The latter I expect will come even more severely under fire when I finish watching the TED Susan Savage-Rumbaugh lecture and video.
I don't claim to know the answer, but other possibilities seem more plausible. Boundaries tend to be areas of immense productivity and opportunity. The intertidal zone, the forest edge onto meadow or grazing, and so on. Perhaps as little monkeys, we created productivity zones with early agriculture, and merely kept doing it, recursing over mimicry and incorporating elements of the natural world's boundaries into our created ones.
Highlights for me:
- Getting a handle on the nuances between REST and SOAP, in the Web Services session
- Discovering another reason why having a Mac rocks: SubEthaEdit Collaborative note-taking, anyone? Pair programming over the net? Woot!
- Catching up on OpenID
- Being blown away by the realtime coding demo of SimplyRESTful. Oh, and SimplyHelpful is not exactly chopped liver either!
From Counterculture to Cyberculture: The Legacy of the Whole Earth Catalog
A symposium featuring Stewart Brand, Kevin Kelly, Howard Rheingold and Fred Turner
Thursday, November 9 from 7:00 to 8:30 PM
Cubberly Auditorium, Stanford University
During the 1960s, student marchers chanted "Do not fold, spindle or mutilate!" as they railed against computers and the Cold War-era military industrial complex computers seemed to represent. But within just three decades, computers had become emblems of countercultural revolution. This symposium will feature a conversation with three people who played key roles in that transformation: Stewart Brand, founder of the Whole Earth Catalog, Kevin Kelly, former executive editor of Wired magazine and author of Out of Control: The Rise of Neo-Biological Civilization and New Rules for the New Economy, and Howard Rheingold, author of The Virtual Community: Homesteading on the Electronic Frontier and Smart Mobs: The Next Social Revolution. The discussion will be moderated by Fred Turner, assistant professor of communication at Stanford and author of the new book From Counterculture to Cyberculture: Stewart Brand, the Whole Earth Network and the Rise of Digital Utopianism.
This event is sponsored by the Stanford University Libraries, the Department of Communication, and the American Studies Program.
It will be introduced by Henry Lowood, of the Stanford University Libraries, and followed by a public reception.
Distillations from Day One
- Ensure that the value proposition can withstand the pressure of easy data import/export.
- Enable backups of data without requiring all O20 companies to become backup experts; service & data are separate value propositions.
- This + web 2.0 = O20: Enable end-users to solve workflow problems by assembling applications.
- "Mashup" is just a euphemism for EI (Enterprise Integration). [panelist on Enabling Mashups panel]
- Technology should supplement business decisions, not substitute for them (good enough vs automatic '5 9s').
- Security goes out the window when folks want to get things done.
- Why do majority of KMS fail? They separate 'documents' from 'interactions with documents'; wiki & collaborative dashboard apps become de-facto KMS when they focus on workflow while allowing categorizing, searching, & tagging. KMS 2.0?
- Worried that a recruiter will find your blog? Maybe now they think you're weird for blogging, but in a few years they'll think it weird that you don't have a digital trail of blog/etc material. (SRC: shades of usenet!)
It was particularly interesting to hear that vendors are going after the large companies. One panelist said that you see most firms competing for the same 50K companies' business, and ignoring roughly 38 million others-- but then went on to say, getting agreement from fellow panelists, that O20 apps weren't going to be sufficiently mature to tackle the non-enterprise market for quite some time. One symptom of this that I encountered multiple times in the vendor demo area was the structuring of apps into 'free, personal use', 'small group', and 'enterprise' pricing & functionality tiers. This creates a problem for a typical small business, as the features needed most (generally, roles, fine-grained permissions, & delegated authority) are only available at the 'enterprise' pricing level. Talking to several vendors about this, the story I heard again and again was 'in our experience, this is how it works'.
The trouble is, my specialty is dealing with startups and small businesses, and this contradicted my experience. This morning, I realized a possible explanation for the disconnect. Another part of the story I heard had been that the 'small group' services were based on departments or workgroups within larger enterprises. These folks are all on the same team (literally) and really don't need the kind of role and auth structures needed by a business of the same size. Small businesses and startups are all about control and delegation-- even in 2-person startups, there are clear areas of responsibility. For a profitable small business trying to simplify with O20, the price structure will keep them away, because what they need is for the role & auth features of the app to *replace* the personnel costs of having strict department roles, and to echo the hierarchy in their workplace.
If one says, 'yes, but our monthly cost for this is a fraction of personnel cost', the small businessperson will reply, 'yes, but I currently do this by taking some time from each of N employees, I would not be staffing a person to do this fulltime'. The first O20 app to service small businesses in the ways they need will clean up bigtime. Intuit was brought up as an example, in one panel, of consumer apps driving business apps-- Quickbooks for home use drove the creation of Quickbooks for business, and the development of Quickbooks Pro and other higher-return tools for Intuit. Including Web 2.0 apps, which brings us full circle.
Right now the vendor model seems to be that personal/free users will drive adoption by workgroups which will drive adoption by the enterprise. We need an additional model, that will be fundable and sustainable, while addressing the issue of how we get this great functionality out to the folks who need it most, the small business owner. Ideas?
Office 2.0 Update
Office 2.0: A Paradigm or a Product?
Will you be at ISPCon?
Office as Community
- Publication of the Second Edition of The Practice of System and Network Administration.
- Release of a stealth Rails application currently in development; of course we are open-sourcing it! :-)
- Virtual.Net websites come out of the Stone Age with a modern look
Secret Sauce Explanation to Web 2.x
we who aren't posting salute you
Beta, beta, who's got the beta? Everybody!
Naturally the mere existence of a beta would be meaningless without a way to rank them (oh, let's!), so the MOMB folks have obligingly provided frequently-refreshed lists of the Top 100 and the "Hot 100". Metrics are based on bookmarks registered into del.icio.us, itself listed as a 'beta', along with Flickr, Google News, and some other rather long-lived 'beta' sites. If you wonder what all the hoopy froods are up to, there's also a list of invite-only and alpha sites.
Looking at the rankings of beta sites, I'm moved to suggest that perhaps after the first year of non-invite-only site participation, sites should consider themselves 'post-beta', eh? I am a huge fan of some of these sites, especially del.icio.us and Flickr, but calling them beta sites just seems very wrong somehow. There's an emerging generation of betaware, long-lived and extremely functional sites and software that stay perpetually in pre-release mode. Hearing myself saying that like it's a bad thing, I realize that it's time for a cultural reappraisement. Because I think it's a good thing, and a good process, but with a bad name.
We've seen an evolution in project management from 'milestone meetings' where changes are bad things to a feedback-loop process that's based on the idea of constant re-engineering. Nobody's prescient enough to predict everything that a release will need. By creating these sharp release-cycle plateaus, organizations create a culture where the drive for new features is a hugely competitive process within engineering, and the impetus to fix bugs is very, very small after 1.0. When a site like Flickr or Google News is perpetually in beta, it sends a message to engineering that fixing bugs is still important. It also sends a message that adding features is something that can still be done with a bit of spontaneity and playfulness, rather than being like an episode of Survivor: whose feature will make the cut?!
I think there's still a sweet spot waiting to be found out there between 1.0 and perpetual beta. It combines the agility of the beta culture with some of the rigor and dependabilty of the release-driven process. Not enough to strangle it, but enough so that you don't feel like things will change out from under you on a week by week process. I think that to discover it firsthand, I'll need to get more involved with development-- which would be why I'm out there learning Ruby and AJAX.
I've received several invitations to check out the 30 Boxes shared calendar, but haven't had time to play with it. Initial poking at it looks like there's no easy import/export with iCal, so I'm unlikely to use it. If you're looking for a shared alternative to Yahoo's calendar, though, and aren't dependent on push/pull of events to/from a mobile device, it's a good bet.
Most of my time during the past couple of months has been spent attempting to clear out my schedule so that I can work on a book revision (still pending contract, but looking good) and start learning Ruby. I expect things here to be mostly quiet for another few weeks, at which point I'll be setting up my development system for Ruby on Rails and blogging about the experience as it unfolds. I'm an old-time C programmer, now a bit rusty, but I like what I've seen so far of the syntax and conventions for Ruby. I'm really looking forward to getting my decks cleared enough to sit down and start learning it.
I'll be in Boston next week for LinuxWorld, stop in at the Usenix/SAGE booth and say hi. Other conference plans are:
Look Away From the Screen, Please
That was survivable, despite battling the 'blobs' with salt being weirdly reminiscent of my real-life battles against snails in my garden. Someone else followed up with a pointer to fastr, the FlickR-based tag-guessing game.
So. Completely. Addictive.
Must. Look. Away. (between rounds, of course)
What a completely great mashup app-- fastr is going to go far!
Zimbra: Beta Release is Out!
I'll keep an eye out, though!
There's an Exchange migration client, and lots of documentation too, so plenty is there to peruse even though my flavor of choice isn't there yet.
Forgetting the Lessons of the Net: Routing Scaleability
I agree with many of Andy's points, but I'm surprised at his description of the 'shortage' of IP addresses. The issue was not running out of numbers, the issue was 'how many independent routes can current routing tables service'. Back when folks were scurrying about consolidating IP networks into CIDR blocks, it was because of limitations on the amount of memory that then-current routers could usefully address (or providers could afford, or both) to hold the route tables.
Take a look at Geoff Huston's excellent article about historical BGP table scaling, take a trip to the distant past of 1996 to RFC 2008  or earlier to the 'growth plans' section of RFC 1519 . That last document states:
"As of Jan '92, a default-free routing table (for example, the routing tables maintained by the routers in the NSFNET backbone) contained approximately 4700 entries. This number reflects the current size of the NSFNET routing database. Historic data shows that this number, on average, has doubled every 10 months between 1988 and 1991. ...
It should be stressed that these projections do not consider that the current shortage of class B network numbers may increase the number of instances where many class C's are used rather than a class B. Using an assumption that new organizations which formerly obtained class B's will now obtain somewhere between 4 and 16 class C's, the rate of routing table growth can conservatively be expected to at least double and probably quadruple. This means the number of entries in a default-free routing table may well exceed 10,000 entries within six months and 20,000 entries in less than a year."
There's an excellent set of descriptions of the Routeviews project, and some shortcomings of BGP (which itself is still more scaleable than OSPF on today's network) at the APNIC meeting transcript of February 2005 .
Disclaimer: I are not a network eNgineer, I'm a systems person, but I've been around the block long enough to know a bit of history, and less than 5 minutes of Googling lets me share it with you folks in better detail than I'd be able to write up personally. I was also looking for specific NANOG traffic from 'the day the net broke', eg when they separated the NAP/MAE traffic and handed off to ARIN(? was it ARIN?) and everyone with a backbone router found that suddenly they needed *double the memory* in their routers. Felt very sorry for my net-eng buddies that day! Anyone got cites for that lying around at hand?
 http://www.cisco.com/en/US/about/ac123/ac147/ac174/ac176/about_cisco_ipj_archive_article09186a00800c83cc.html  http://www.faqs.org/rfcs/rfc2008.html  http://www.freesoft.org/CIE/RFC/1519/10.htm  http://www.apnic.net/meetings/19/docs/transcripts/routing-sig.txt  http://www.oreillynet.com/pub/wlg/8147
Remember Where We Came From
See the elegance of design in the posters, read the snippets of vivid story in his comments on the work, and think, "Oh, right, we were doing all this to CREATE something."
Trees, meet forest. Forest, meet trees. Everyone will benefit.
RSS? You're Soaking in It!
Well, yes and no. As always, reality is slightly more complicated.
The report, produced by Ipsos for Yahoo, goes on to detail that 27% of the "RSS users" are in fact using it transparently, without realizing it is involved, via their use of personalized portal pages such as MyMSN or MyYahoo. "Oh. That's a bit less exciting."
Well, again, yes and no.
Just like I don't have to understand how a cable feed head works to watch TV, or how a 5ESS switch operates to dial my phone, the name of the game is transparent infrastructure. If portal pages are providing tools for people to add custom RSS content, as long as the tools work, the content is there. The users don't have to have heard of RSS, or know how it works. What they do have to know is how to find the content, but we all know RSS search is one of the Next Big Niches (for a while).
So what we have here is a win-win situation. Folks developing sites that can publish in RSS will have a potentially much wider audience. That audience isn't dependent on adoption rates of special-purpose applications like RSS aggregators and readers. On the other hand, there's a cautionary note here: portal-oriented sites typically like to feature portal content, so tools to discover new, non-portal content will themselves need to publish RSS so that once users find them, they can find new things easily.
With all the sites springing up trying to recreate what HOMR won (and lost!) in the early 90's, and media-oriented recommendation engines all the rage, I have yet to see one that tracks your blog reading and lets you do easy thumbs-up/thumbs-down feedback to publish. You know, your *real* blog reading-- not the stuff you put on your blog page and check when you get around to it because you don't want to miss something, but the stuff you actually make time to read on a quasi-daily basis.
What about the blog that is 95% stuff that doesn't grab you, but now and then posts book reviews on topics of interest? The programming site dedicated to a tech that you don't use, but which occasionally blogs stuff on your preferred scripting language (comparing it to theirs) or general stuff about software design? Subscribing to a tag stream, even a detailed one that resembles a search query, doesn't have sufficient granularity. Ditto for 'recommended' blogs. A tool that says "if you like this *posting*, you will probably like this other posting has scads of potential. It can be tagmented (augmented with tags). It can provide aggregate info, eg if you've gotten 3 recommendations for the same blog, and they've made only 5 postings in that timeframe, the odds are you might darn well like the whole blog and want to be told about it.
Yeah, yeah, I know about PHOAKS (still somewhat available), GroupLens, etc, but the 'new internet', in throwing out all the lessons we learned in the Usenet days, seems to think nobody's ever done this before, so I'll cater to that. That said, there's nothing in the P2P brave new world that precludes the kind of agent registration in Lashkari, Maes & Metral 94, "Collaborative Interface Agents" or Turnbull 97, "Filtering and Collaborative Filtering". Then there's Terveen & Hill 01, "Beyond Recommender Systems: Helping People Help Each Other".
Hokay, smart people-- who's building this, and when can I join the pre-launch users? If nobody's building it, hey, ping me if you want to start and want more vision-grok. If ya wait for me to build it, well, that could take a while at my current rate of morphing my dinosaur-HTML and IS-related scripting skills into web 2.x skills. The little engine that could is still chugging up that hill, in its so-called "spare" time, but they keep changing the hill. But then again, I've seen a few hills come and go.
Z-riffic Response: Zvents Green Lights Non-commercial Mixmastering
They're only trying to prevent commercial sites from scraping them, which seems eminently fair. Remember the horror era of MSN CitySearch, scraping anything in sight for their 'index', which somehow involved regurgitating whole pages but kept you portal-trapped? Like About.com but more so? Glad I am for a web kinder gentler we have. Though I *still* miss Sidewalks; that was my big lesson in 'archive full pages of anything you like', ya never know when it'll go poof.
Anyway, hats off to Tyler and team for clearing that up! Let le bon temps roulez!
One of the cool potentials I see, possibly already in the works-- Zvents-based Zimbra hotlinks for calendaring. Define a Zvents tag aggregator that autofeeds to your Zimbra, and have it pre-feed events directly onto your calendar as 'tenatives'. Or Zvents hooks into MyTickler, where a feed autogenerates Ticklers. The only thing growing faster than the possibilities is my unfinished projects list. Doh!
Web 2.x NIMBYism? Zvents Says "No Re-Use!"
Take events from Zvents and reformat and display them, or mirror Zvents results on your web site. If you want to make commercial use of Zvents, you must enter into an agreement with Zvents to do so in advance."
Aha. Let me get this straight. You want to make a web 2.0 application having people post stuff, and possibly harvesting stuff from elsewhere, but if anyone tries to mixmaster *your* stuff, it must be 'commercial' and therefore you'd be in violation and need to have an agreement with them. Sure sounds like NIMBYism to me. "Great neighborhood you got here! Lots of innovation! We're glad to be a part of it! Just don't try to use *our* stuff to remixmaster, 'k?"
Update: And, in fact, it was an oops! Tyler tells all, fixes all, happiness returns all. Dilute, dilute, ok! :-)
The Z-Whiz Experience: Zimbra! Your Mailbox Will Never Be the Same!
Now, I'm going to bother. Zimbra looks worth going through the hassle of moving a few gigabytes of mail archive into. OK, several hundred gigabytes of mail archive. Or at least going forward with on a regular basis. I'm going to be really, really interested in the migration tools.
They've already done one amazing thing, namely to produce a narrated Flash demo that is actually exciting to watch-- for me, at least. The features of following conversations, getting to info by mouseover that one usually has to click into, extensibility that can set up context-sensitive handlers (eg, recognize a FedEx tracking number or a company purchase order embedded in an email), the list goes on. I have to hop on the train shortly and can't finish watching the demo right now, but what I've seen so far has blown me away.
Yes, there is group calendar with free/busy scheduling, the Holy Grail of Exchange displacement. 'Nuff said. I am *so* spending my weekend getting this working for Virtual.Net's mail.
Ning Success: the Workaround
Enter the email address you used for registering. Ning will reset your password to a six-digit string. Logging in with that string *works*. Huzzah!
Now to delete duplicate accounts. Onward!
Welcome to the Ning Thing
I have a small quibble with the Ning user agreement, though it's not enough to keep me from signing up. The UA specifies that "For free accounts during the beta period, all Developer-generated Code is Public Code." Hokay, no problem. But further down, it also assserts "You, as a Developer, own your Code. Full stop. We'll cover Content in a moment, but you own that too. We claim no ownership interest in the Code you use to build Applications on the Ning Playground. To encourage collaboration and sharing among Developers on free accounts, you grant Ning and Developers on the Ning Playground a worldwide, fully sub-licensable, fully paid-up and royalty-free, perpetual, irrevocable license to use, reproduce, modify, distribute, publicly display, publicly perform, and create derivative works of your Code."
Good philosophy, but I'm now wondering what their lawyers (whom they refer to in the UA itself) were thinking using "public domain" in the earlier section. Kudos to stressing that Developers now and always retain all rights to their Content, and making the distinction between the Content and the Code.
Overall this seems a highly admirable and intriguing play. One wonders about the revenue model, but I imagine subscriptions and hosted apps play a large part in it. Now all I need is *time to play with it* (oy!).
Hmm, actually all I need is for the registration to work. I registered, and got the confirmation email, and tried to sign in. It keeps bringing up the "sign in" pop-up box along the top right. I thought I'd munged the registration process, so I created a 2nd account, and got the same results. Grump. Maybe they're getting swamped-- they say that they'll be "throttling" the number of Beta Developer accounts they create, on a "first come, first served" basis. We'll see-- I'll try logging in again in an hour or so.
Update: I realized that I could check whether an account had actually been created based on whether a pivot existed for it. Sure enough, there's a pivot for strata. I'm guessing that their provisioning is set up such that my request for developer status puts me in some kind of queue where the account infr is created, but the login isn't enabled until someone makes the dev-stat decision. Aaaand....I'm wrong, because I just provisioned a 3rd account, which did NOT request developer status, and I still get the repeat login boxen. Hm. Don't worry, I will nuke the other accounts once I get one that works!
Decentralized Web of Identity: OpenID
Web Tools: Web Developers 'Handbook'
PocketMod: Origami Hipster!
Also non-expandable, and possibly tough to archive. However if you made a couple of them, one for long-term contacts and ideas/notes-to-self, and another for one's ongoing schedule and reference, that might do the trick.
Coolest template award: a 'learn morse code' template that presents the basic alphanumeric characters as a dit-dah digraph. Very fine! I might print a PocketMod logbook just for this feature.
Kiko Calendar: More AJAX Goodness
Ah, the Joys of Being on the Radar
My apologies for those who would like to comment, but deplore registering with a blog site. Sounds like a good Digital Identity project- create a meta-registry for folks for blog comments, and do a 'yes/no' type lookup on the registry to retrieve data, or even to allow anonymous posting with a digital-ID link that can be looked up later IFF the comment is abusive (eg ad spam).
ProtoPage: AJAX Rocks Your Web Desktop
After only 15 minutes of experimenting, I am already doing useful work in Protopage, with wiki-like sticky notes, link lists, and freeform text blocks. I want to make a Protopage for several major work areas in my life: the open source stuff, my consulting & staffing company, my gardening, etc. OMG.
Now I want authentication, shared group access for collaborative projects, a way to back it up, etc etc. To me, this is complete simplicity and transparent ease of use. Backpack and the like should take some cues from this-- the Backpack concept is wonderful, but the UI is so cumbersome. Make a Backpack widget for Protopage!
In the 'proof of concept' department: my thought upon leaving this site was, "Where do I go to PAY for this?! I want to make sure it does not go away!" That's a heck of a business use case. Protopagers, are you listening?
Tracking Katrina Through the Blogosphere
What's really funny and sad at the same time is that as I write this, I'm listening to a live Mississippi Public Broadcast radio and the folks on the air are asking their callers about the latest updates on the projected storm track, relaying from TV via the Weather Channel.
RexBlog has the best list I've seen yet of live audio and video feeds, as well as links to LJ livebloggers. Kaye's Hurricane Katrina blog points to useful resources like a Weather Channel blog and a scary article link suggesting that the SuperDome may not be safe shelter from Katrina (via JoshBritton blog).
Rather than watching several feeds independently, I went looking for a utility to mixmaster them, and found James Lee's excellent requirements wishlist for feed mixing, including pointers to FeedDigest, FeedShake, and RSSMix.
I put together a FeedDigest pico-feed: the del.icio.us tag 'katrina', FlickR photos tagged 'hurricane' or 'katrina' or combination thereof, and the NWS Katrina feed.
I could stay up all night mixmastering a truly informative feed, but I know (alas) that it's solely an attempt to feel like I'm Doing Something, when in fact all I can really do is pray for the best possible outcome. Mike and I visited New Orleans on our way home from our sabbatical year on the road in our RV, went to the Jazz & Heritage Festival, rode the St Charles streetcars and toured their carbarn (oldest continuous streetcar operating line in North America), and enjoyed the wonderful French Quarter and the walking Garden District tours. This time tomorrow, all those things could be effectively gone. Reading the live LJ and blog posts from people who decided to stay, and now regret it, or who are already fearing for their families, their friends, and their pets, I retreat to storm-tracking and overanalyzing a sea of data. It's my way of trying not to let the sadness hit me like... well, a hurricane.
'Security Through Obscurity' Shouldn't Be Part of Web 2.0
Yes, all this is true. What is also true is that in implementing Web 2.0, and making and deploying extensible, mixmaster-friendly services to leverage for Web 2.0 and beyond, we must not lose sight of basic design and deployment principles. Some of these principles are more native to IT and systems administration and ISP/ASP deployment than to traditional or even web nouveau engineering and rapid prototyping. Here's a good example from the real world, which just came to my attention in the last day or so.
This might not be such a problem, as presumably to see the page in the first place, one must be logged in, or the page must be public, or both. But suppose that the photo (and thus the page) were designated as private. Then it might be the responsibility of the site to make sure that all views of the photo were brokered via the site or its API. One should not be able to construct a photo URL and then access the photo regardless of one's in-site permissions, or one's logged-in status.
The photo above links to its page in my user area on a popular photo site. The photo is designated as 'friends only'. Please note that by linking this photo to its appropriate page on the site, that I am complying with the site's Terms of Service, which I reviewed carefully before making this post. Most people clicking on the photo will either receive a 'sign in to this site' page or a permission-denied page. I am new to the site and haven't located most of my friends there yet.
I think that this photo site is doing a wonderful job enabling use of web 1.5 / web 2.0 functionality. They are making photo sharing accessible to a wide range of folks who found it previously difficult. Their use of some new markup technology is causing it to rapidly mainstream, and be fun to use as well. In all of these things, they are to be greatly commended. However, by separating the workflow of 'display an image' from the workflow of 'authenticate a page', they have made a very common design blunder. I would urge them to review their workflow carefully to weed out any similar slips in dataflow to workflow mapping. Judging by the site that's been put together, they are very savvy folks and can figure it out on their own easily now that it's been pointed out to them.
Alternatively, a transaction-key protocol could be implemented which would provide a simple method for a logged-in user's session to register itself (possibly playing off existing code) and have the photo server do a verification lookup that there is a non-expired valid key associated with the session requesting the image.
I don't consider this a 'fatal flaw', otherwise I would have contacted the site directly and discreetly rather than blogging about it. I do consider it a very telling example of why these next-generation services could benefit from a bit of healthy old-fashioned IT paranoia in the design and deployment phases of service engineering. Security through obscurity isn't really security. Relying on it to solve other design problems can build a whole set of dangerous assumptions into a product as it matures and grows.
A Web Design Conference for IT Professionals? W00t!
- Information Architects / Knowledge Managers
- IT managers and Planners
- Software project Managers [not much 'me' in this one, except for operations-related software]
- Integration team Managers
So far, so good. Now the burning question, from the viewpoint of a small business owner with multiple employees: where do I find the discount registration offers for *this* conference? No luck on the Blogger or MT dashboards, alas, nor on Molly's pages where the 2004 version was discounted.
Moore's Law Illustrated
Head still exploding from Bar Camp. The combination of BBS'05 and Bar Camp has been wonderful, exciting, amazing, and incredibly deleterious to my normal round of responsibilities as owner and President of a small consulting and staffing company. Otherwise I'd try to be up in the city AGAIN tomorrow at the FLOSS Sprint.
It's Just Conduit, Gang: RSS Neither Overhyped nor Underadopted
Nope. Just like the web browser, which came along and blew gopher out of the water (raise your hand if you remember Archie, Veronica, and Jughead!), RSS/Atom/etc are still waiting for their killer app. Which, in my opinion, is critical-mass support in mainstream browsers. People don't have to download them. They don't have to see them as an application. The native capability will just Be There, in Safari, Firefox, the next IE, and so on. RSS itself doesn't matter so much as the TOOLS matter; tools to view it and tools to woo it. Editors and readers and taggers (oh YEAH, taggers) and recombinant mutazoid mixmasters and feedblasters.
Any second now the business world, which publishes more 'content' in a typical mid-sized enterprise in a week than most people do in their whole lives, is going to wake up and smell the coffee on this one. In fact, let's brew them some enterprise tagalicious espresso. Content Management System? I'll show ya a CMS for the next century! Coming soon to this blog near you.
The Best Part of Foo Camp Isn't Foo Camp
Extra credit: do this for ALL the invite-only conferences which you'd like to be attending. EC Lite: just the conference committees and the keynotes.
GTDTiddlyWiki: the Future Where You're Getting Things Done
On Beyond Social Tagging: Enterprise Tag Clouds are Coming!
Absolutely! I commented with a pointer to my June 2005 writeup on the intersection between tagging, IT, and enterprise workflow. The fun is just beginning. Do you have an Enterprise Tag Cloud yet?
Think about all the effort people put into fostering communication between groups in a mid to large enterprise. Then think about how many times you've discovered that someone in your own organization is working on a similar project, or that you could have used something invented in-house instead of rolling your own, or that someone two hops away from you at another corporate campus has been contacting other folks at the same potential client, and so on. Once you get up above 200 employees, individual views into the business and its shared goals start becoming extremely narrow. One's vision goes beyond 'my team and my department' only to the 'view from 25K feet company all-hands', and doesn't generally rest the eye anywhere in between.
With support for in-business tag discovery and 'social' tagging in the business sphere, you get a potential view into things of interest happening within a company, with a much finer granularity and lower overhead publishing effort than the old-fashioned 'company newsletter'. Ask any company with a significant engineering and development component how they make sure that the right hand knows what the left is doing, and 8 times out of 10 you will get some kind of handwaving that means 'umm, senior management knows what other senior management thinks'. It's a rare place where direct product-level folks get to collaborate across teams in ways less cumbersome than a high-traffic, generally ignoreable 'engineering' mailing list.
What about each product team publishing tagged entries on their milestones, release dates, toolsets? The IT folks updating groups with information tagged at the particular user community, without maintaining those horribly clunky lists of 'Word 2000 users' vs 'Word 2003 users' or 'Linux desktops' vs 'Windows desktops'. By allowing tagging within a social interest or shared research interests sphere, a savvy enterprise could re-establish that sense of 'the commons' that many people get from research-lab and university-spinoff environments.
And this is exactly why I'm here, at a place like this, at a time like this-- because 'Best Practices' in IT aren't just about how many sysadmins per hundred desktops, or which applications live inside the DMZ vs inside the backnet. The 'new enterprise' is going to look a LOT more like an internet social community than most folks currently realize. In some ways, it's going to HAVE to do that to stay productive and functional, as telecommuting, job-sharing, offshoring, and the like become the norm. As I wrote in Feb 2003, "Will the Real 'Sysadmin of the Future' Please Stand Up?" Chances are that he or she looks as much like a Drupal or MediaWiki sitemaster as a SAGE Level III or a CCIE.
Early Adopter (Whoop-Te-Doo; That and 3 Bucks Will Get me a Latte)
Lo, instead of what I was looking for, I found some magic early-adopter-fu to combat BBS05 fatigue and make me smile: a FoRK post from 2000, showing my signup to Pyra.com. As I said, that and a few bucks will get me a latte, but suddenly I feel good. Ya do what ya do, whether it makes sense to other folks or not. Kinda like when I do art, digital or the old-fashioned kind, or mutant miniature meeting sketches. If it makes me happy, and I don't care if I show it to anybody else or not, I know I did it right.
Raising the BAR: FooCamp for the Rest of Us
Scoble's mention of a car so outrageously cool he had to NDA to get a ride mentions said car will be appearing at BarCamp. So, away we go!
Look! Convergence! (What, Again?!)
I flashed back to 1994, when I set up the NTIA Virtual Conference. For pretty much the first time ever, we had email, web display/post gateways, gopher, and netnews all gatewaying to each other. No matter which medium a person was restricted to, he or she could fully participate in the online conference forum. And people commented, "Wow, it's finally starting to come together, things are really taking off!" Fast-forward 11 years, to DL's comment today.
Will *this* convergence happen? If so, why? A comment made by someone at BlogHer stands out-- the difference is findability. The search engines make all the difference. Remember when the Net Scout listserv engine put dozens, then hundreds, of new sites in your mailbox every day? I used to save the emails and grep through them on my home SparcStation. But that really didn't tell me what I needed to know, since the descriptions were scanty, and grep, even with some fancy regexp-fu, is not very smart. Now we're starting to see not just blog-specific search sites like Icerocket, but RSS-specific search sites like PubSub.
Sites like PubSub have evolved in double-jumps, in that they not only search RSS but publish the results as RSS. Remember the glory days of multicast on IPv4? Protocols like Internet Whiteboard? I started saying in the mid-90's, watching the ISP's eat other ISP's, spawn ASP's, etc, that 'everything becomes conduit'. Structures like the InterNAP are a given now, were novel in the days of the PAE and the MAE's. Will there be a multicast RSS set of dedicated links, eg the 'InterRSS'? I remember when sites set up separate UUCP dialups to unburden their main links, then set up dedicated UUCP links for NetNews, then bandwidth became noise and it all just moved back out into the main bandstream. Would there be value in a multicast ring dedicated to constant content? Perhaps this will be the economic motivator for some movement to IPv6-- there's enough address space that one could actually create a tag registry that maps to netspace, and do content filtering by IP address. w00t! Sounds perverse today, but o tempora, o mores!
The wireless here at the conference is now refusing to pass https connections, in addition to dropping out every few minutes. VERY VERY irksome. If I could reach the Starbuckies TMobil wireless from here, I'd pay for the day just to avoid this frustration. Grrrrr.
Especially frustrating since the wireless let me download the tool, but I can't go get my KEY. Gah. I suspect the problem might be similar to the one debugged by the BlogHer folks-- access points arranged to support N-hundred folks *scattered evenly throughout the conference space*, not all in one place.
Dave Doesn't Get It
He then went on to talk about the Dewey Decimal System being great because it's so constrained. To his credit, he mentioned that the BBS'05 site has some reference to tags, notably the Flickr tag site. He makes the excellent point that sites like Technorati or Flickr that use tags, the tag link takes you AWAY from the site using them.
He's talking about business blogging adding value and building community, yet ignoring the value of the net of building ad-hoc selective, responsive communities. No standard taxonomy for tags? Sure. That could be a feature, for folks to tag about a party or the word of the day. Technorati tracking 'millions' of tags? Sure. Blah blah Moore's Law blah blah Zingiber. Come on!
Joshua, you should mail Dave and tell him about del.icio.us because if all he sees is Technorati and FlickR, he's not going to understand WHY tagging works and is useful.
Live at Business Blog Summit
And for all you BlogHer alumni, *yes*, there is a line at the women's room. I'd say we have about 15 - 20% women attendees.
"If there's one message that I want everyone to get by the end of the day, it's that blogging is REAL BUSINESS... if you only get that message, and the rest is just a bunch of Greek or Latin or XML, that's okay." -Dave Taylor, about 30 seconds ago.
Hot Diggity Dog!
Out to Launch
I recently read Gail Evans "She Wins, You Win", and was impressed with her reasoning. The main idea of the book is that as women in business, we are all on "the women's team" as well as "the company team" or "the department team" etc. As such, we all need to make more connections with other women in our organization, and outside of it, and help each other along. The default for many women in business seems to be to see other successful women as rivals.
I found that the 'blinding light' idea in this book, and the one that made the most personal impact on me, was the following set of observations, pulled from various places in the book. Together they add up to a big whammy!
- Men are generally acculturated to the idea of teams, and don't expect or require to get along with or even LIKE everyone on their team. It's enough to be going toward the shared goal, and to share a victory.
- At least one study showed that women are highly resistant to the idea of forming 'teams' with people they don't also like, and feel a friendship connection toward.
- Women are generally acculturated to get a lot of self-worth from the concept that they are unique in some way. Meeting similar women can set off a defensive reflex to try to undermine or simply dislike the other woman, especially if she seems more skilled/senior in one's own specialty. Business culture often encourages this by picking one woman in an organization to be 'the woman who is different', eg who can succeed with the boys.
- Men in business culture generally take one or more of the 'up and coming young men' in their organization as a protege, and grow their network with successful people while also contributing to that success.
- Men also tend to have 'their people' follow them to new positions, whereas a woman in a new position tends to want to 'wait and see' to give the folks reporting to her a 'fair chance'.
I'd say that the last observation was the one that rocked me back the most. "What? Come into a place and already be planning to bring a team in with you, to supplant the one already there?! That's so *completely* unfair!" Then I thought about it and talked to one of my mangement mentors (a man) about it, and was equally shocked to find that, yes, it's de rigeur. He mentioned that in his experience, the amount of change you can bring to an organization (as a high-level manager or C-staff) is at its peak when you first join. It's crucial to deliver results immediately, and the best way to do that is with people you can already rely on. The 'give them all a month or two' approach, ipracticed by default, can be a powerful form of self-sabotage. Yikes. My friend also made the point that you certainly should look assiduously for the folks who are *very good* and who might soon be following 'their guy' to the new place. Those people can be courted, and possibly swayed to your team. But by and large the organization will judge you not only by your own efforts, but by the quality of team that you bring with you and attract to you-- that's *why* high-level management rates big compensation. They bring talented, busy hands *with them*.
I'm already trying to practice the 'she wins, you win' strategy. I took the time to chat with the woman who was visiting to set up a CRM installation, instead of just making sure she could log in. We had a great talk, and I hope to catch lunch with her next time she's on site. She knows a LOT about how company sales and finance workflows look, because she has to interface this system to different companies for a living. So she's got a handle on what works, what doesn't, and what 'normal' looks like, all things that I'm just starting to learn. She was very interested in the idea of enterprise IT, and wanting to understand that better because it relates to how folks access and use the CRM system. So I'm looking forward to another chance to dialog, and I think we'll both learn some good stuff!
And now it's really, really, REALLY time to catch the train up to the Business Blog conference in SF!
Linux World in SF, Tuesday 8/9/05
Alzheimer Gourmet's 8-step Plan to Avoidance
The first one is of particular interest, and a fascinating tie-in to traditional Ayurvedic theory: eating a LOT of turmeric, a featured spice in what we Westerners generically call 'curry'. There are as many types of curries as the day is long, in India and worldwide. The yellow, musky one with a sharp bite that we often stereotype as the One True Curry is characterized by oodles of turmeric. Several sources I encountered say it is also a British invention, in much the same way as 'chop suey' is an American one: an attempt to duplicate some aspect of authentic regional cooking without all the work. Thank goodness for the BBC's guidance on doing curries right. But I digress.
I can take with a certain wry humor item 7, taking 400 mg of ibuprofen daily. Despite our chiropractor's loathing for the stuff, claiming it does liver damage, my normal creaks and crunches have me reaching for those tablets at least a couple of times a week. Sure, I could tough it out, but inflammation begets more soft tissue injury which begets more pain which begets healing inflammation, etc etc. A few years ago I would get the huge bottle (or worse, bottleS, packaged together) of ibuprofen at Costco/PriceClub and think, "There's no way I would ever use this up before the expiration date!" I still hope that a sealed bottle, dropped into a Second Harvest or similar donation bin, meets a useful fate.
I'm also keen on their recommendation of high-omega oily fish, especially sardines. I grew up in a time and place where sardines on crackers were considered a fine lunch. Here in California, people put garlic on just about everything: in their mashed potatoes, scatter the 'stinking rose' in and on steamed veggies, any protein source imaginable, and even roast it to spread on their bread. But OH the looks you get if you open a can of sardines in public! "And your garlic smells better than this HOW exactly?"
I'd best conclude before I end up posting my recipe for curried tuna salad, using the "good bad stuff", eg the spice bin curry blend from the loose bins at Whole Foods, chopped vidalia onion, golden raisins, and a little finely chopped celery and/or cucumber. But that's for another blog, coming soon.