All Quiet on the Western Front

There will be even more quiet on this blog: I started a fulltime position as a Project/Product Manager at a local firm in early January. I'm still learning what I can and can't discuss about what we do behind the scenes, but will pop in now and then with PM related stuff to share.

2007: "Most Influential" Writing

Looking for some good reading over the holiday break? Try starting with John Bracken's blog posting on The Most Influential Media Writing of 2007, and continue on to the source material he's so helpfully linked into the post. I'd not heard of John's blog before this post was mentioned on Farber's IP list, and many of the authors and blogs he cites are unfamiliar to me. This is, in my world, a good thing, as I'm always seeking to expand my repertoire of context. Every social circle is going to have its own "Most Influential" list-- what's yours?

APODizing the Cosmos

Saturn's Rings and the moon Tethys (via APOD) I've been getting tired of the Cosmos lately. No, not the actual Universe, but the lovely yet small set of astronomy pictures in the Mac OS X (Tiger) screen saver "Cosmos". I knew that there would be gorgeous images like I'd like to branch out, see more nifty stuff... like the image above, of Saturn's rings and the moon Tethys, Astronomy Picture of the Day page, and even more at APOD's archive site. Enceladus' Ice Volcanoes (via APOD) If I were into scripting on the Mac, I could have written a script to fetch new content from APOD, but instead I simply grabbed a few dozen of my favorites via the archive site. Now, how to get them into my screensaver? The net is mighty-- I soon found out how to diddle with /System/Library/Screen Savers/Cosmos.slideSaver to get what I wanted. Copy it into another directory (after authenticating to unlock it), and rename it APOD.slideSaver. Select it, right-click for a menu, and choose "Show Package Contents". The "Contents" folder contains a "Resources" folder full of slides. NGC 68888 (via APOD) Remove the ones in there, substitute your own, and then copy back into /System/Library/Screen Savers/ to deploy it. You'll get a dialog about not being able to copy it, with an "authenticate" choice to let you do so. Or just use the command line and sudo. Ta-dah, I get an APOD option in the Screen Savers section of the System utilities. And now I have more shiny galaxies to watch, and to light my livingroom with when I'm sitting quietly and petting the kitties in the evening.

Chalup PM Book in Progress

Over the past 6 years I've taught literally hundreds of sysadmins, network admins, and other IT professionals the fundamentals of a streamlined project management process that I call "Practical Project Management". For the past 3 years, I've also taught "Project Troubleshooting". All this time, the folks in the classes have said, "This is really great. You should put all this into a book!" I'm very pleased to announce that, in partnership with the excellent folks at NoStarch Press, that's exactly what is happening. We'll be substantially expanding the material I've been teaching, as well as adding material on enhancements such as web-based PM tools, so-called "agile" and "lean" methodologies-- which, oddly enough, bear a strong resemblance to what we already do! We'll also be incorporating some of the great feedback I've gotten from my tutorial students over the years. I'll be putting out a call to senior colleagues early in the coming year for peer review of some of the chapters and topics. If you're interested, please drop me a note. [Please include a brief CV or resume, if we're not already well-acquainted.] In the meantime, you can pick up a copy of TPOSANA for light reading over the holiday break! The Practice of System and Network Administration, 2nd Edition (Limoncelli, Hogan, Chalup)

Liveblogging LISA'07

So here I am in Dallas TX, at the annual LISA conference for systems administrators. It's been a great conference so far, even though I haven't gotten out of the hotel since I arrived on Sunday evening. Heck, I haven't gotten off the lobby/2nd/3rd floor zone! I love it when I can do all my teaching early in a conference and then just relax and enjoy myself. I did two half-day sessions on Monday, and both went really well-- interested and involved participants, and compliments afterwards. I started off with my tried and true favorite Practical Project Management, that I 've been teaching and refining for several years now. I estimate that I've trained over 200 IS professionals in project management at this point, with typical class sizes of 45 - 50, and in one case, 89 or 90 attendees. This year we didn't do the advanced class, Project Troubleshooting, although we had a great session of that in June at the Usenix Annual Technical Conference. The afternoon tutorial was a fairly new class that I developed in 2005, Problem-Solving for IT Professionals. We had a really spirited class discussion, and I was pointed to a great resource after class, a book (and Wikipedia entry about the book) called How to Solve It: A New Aspect of Mathematical Method, by Gregor Polya. It has a set of rules for generalizing problems, and looks useful in building more problem-solving processes. In the class I teach generalized processes, which I hesitate to call "patterns" as they're not sufficiently rigorously expressed yet, such as server-client interactions, and introduce modified process taskflow diagrams that aid in debugging. It's possible to debug applications that you have never seen before if you have a strong understanding of fundamental patterns of design and interaction in computer applications and systems.

Both books are now shipping!

It's been a long year, but the fruits of various labors are now available for harvest! I co-authored one book and contributed a chapter to another: The Practice of System and Network Administration, 2nd Edition (Limoncelli, Hogan, Chalup)

Handbook of Network and System Administration

That TransCon Rails Ta(il|le)

Nathaniel Talbott is really rocking my world with his recent essay comparing the transcontinental railroad with the ruby-on-rails phenomenon. As he points out, there are some surprising similarities in enabling markets and disintermediation-- the physical railroad opened up new territories and new markets, and the rapid development cycle of ROR is enabling software customization of previously unaffordable (in time or money) types.

They [the co-op members trying to use a wacky uber-customized spreadsheet macro that breaks when you look at it cross-eyed] have little to no means of affecting the software that they use, and no real choices to use something else. And there are literally millions of others like them out there—small business owners, hobbyists, clubs, families and civic groups. But that’s the other, more profound thing that I think is changing and will greatly change how our kids think about software—one day we’ll look around and see everybody commissioning software, not just people with lots of money or people who can do it themselves. Tickets to the interior are suddenly affordable, and everybody’s buying one.

Everybody wins. Cool stuff happens. Ma and Pa Kettle can get custom software written affordably while GoogroSoft is still polishing paisleys on monolithic software applications. OK, that last one is a bit Strata-filtered, but you know what I mean. Go read it, and if you're not familiar with some of the background, such as the original Long Tail essay, NT is a nice guy and scattered links throughout his essay back to some of the prequel material. Why, you may ask, is this tagged for sustainability? Because, in my opinion, the cottage-industry model of programming offers a lot of options in that area: telecommuting, bespoke efficiencies, disintermediated access to change, etc.

"But will it scale?"

Doing some remedial reading on this summer's Great Twitter Scaling Kerfuffle, found a great quote from Phil at Progressive Data Solutions, in his writeup on Railsconf: "To me, this question is a "shark-attack" question. Sure, you could get attacked by a shark if you go swimming in the ocean, but you should probably worry about other things first, like rip-tides, water temperature, etc. If you ask me this question, I will usually respond with numbers. It's hard to argue with concrete numbers, and that's what the Joyent presentation did a good job with. If Twitter is getting 11,000 requests per second at peak, they need roughly 32 cores to handle the traffic. Is your app going to be getting 11,000 requests per second? How about 1000?" Nice!

Strata Travel Schedule

Craigslist Foundation Nonprofit Bootcamp

Burning Man

Permaculture Intensive, OAEC (tenative)

LISA Conference

New Network, New Value

Energized buzzword particles are flying ahead of the ripples in Riemann space of Supernova 2007, Wharton's little slice of FooCamp Heaven. Fortunately for those of us whose thinking (deep) doesn't match our pockets (shallow, ah shallow), there's the Supernova Unconference being held concomitantly.

My contribution to the seed ideas for possible sessions is included below. I hope to have an opportunity to elaborate on this prior to the unconference. I'll be teaching my IT problem-solving and project management classes at Usenix Annual Technical right before the event, so I'll be in conference mode anyway. :-)

The New Network, even in its present alpha form, can make certain kinds of valuable connections and transactions at rates almost too cheap to meter. These value marketplaces are the hidden unpriceable glue that ties social networks and e-commerce sites together synergistically, the way mycelium act as a resource transport network in a succession forest.

Most social networking sites succeed based on these hidden networks, in which the ability to import connections serves as the equivalent of beneficial nitrogen-fixing bacteria in soil. How can we enable emerging Value Marketplaces purposefully, rather than by accident? Even better, how can we enable value transactions in such a way that everyone wins?

Some starting points are:

• transactions are flexible,
• interfaces are extensible
• serendipitous discovery is facilitated (including cross-correlation of data sets)
• privacy granularity is controlled
• trust/reputation is inherent

Discuss, please!

Isolated in Nature?

Lecture 1 of the Notre Dame open courseware materials for Architecture 50611: Architecture and the Built Environment. Part One. Do you see yourself as a part of nature, or as separate from it? I see myself as being artificially separated from it. Compare, for instance, our globalized sense of nature and the world today with what it must have been to early Neolithic peoples: Picture small villages huddled within their encircling walls, isolated in the utter vastness of nature. While people must have feared the consequenced of unfettered interaction with nature, I take exception to the idea that they felt a sense of isolation in a vastness. Only when one has experience of the antithesis, namely vast areas in which the entire environment has a sense of the created-by-man, can one feel a contrast. One might feel lonleliness or fear at being without other people, especially in an untamed nature where large carnivores roamed, but nature itself would be (in my opinion) simply "what is" and the Natural order of things.

A small slice of firsthand experience in this: growing up in a rural environment consisting of neither extensive farmland nor managed timber, but simply woods and fields and pastures, one simply accepts that this is the natural world and moves through it. The most grevious culture shock one finds, coming from such an environment, is a landscape in which everything is owned as personal space. One did not generally cut through the backyard areas of other homes without a good reason, nor their driveways and front yards. However there were, quite literally, acres and acres of intervening spaces through which one might freely travel. Fenced pastures had wide, wide borders; forested land had trails, and low, crumbling stone walls marking property lines, easy to step over or spend the afternoon rebuilding. Other than frightening chasms between cityscape buildings, or alleyways that are essentially public streets (and may not be loitered upon or otherwise trespassed), there is no public space. There are parks, certainly-- little chunks of space kept boringly manicured for the purpose of DOING things in them, such as playing sports, but no inviting and diverse ramblings to be had. Why do we seek order in our world? I'm reluctant to even approach this without defining 'order', as neither of the two proffered 'customary' viewpoints seem plausible to me, namely Locke's tabula rasa, and Aristotle/Kant/Arendt's innate humanness. The latter I expect will come even more severely under fire when I finish watching the TED Susan Savage-Rumbaugh lecture and video.

I don't claim to know the answer, but other possibilities seem more plausible. Boundaries tend to be areas of immense productivity and opportunity. The intertidal zone, the forest edge onto meadow or grazing, and so on. Perhaps as little monkeys, we created productivity zones with early agriculture, and merely kept doing it, recursing over mimicry and incorporating elements of the natural world's boundaries into our created ones.

Mind the Gap

Go watch Hans Kessler presenting his mind-blowing data visualization of world health, economy, and myth debunking at TED 2006. Using the nonprofit GapMinder Foundation site's tools and database access, it should be possible to create similar correlations between results of conservation efforts like acquisition of permanent easement land by conservation trusts, annual bird and wildlife counts, water and wetlands analysis, and localized life expectancy, cancer, and economic data. I want to see this. If it correlates the way I *hope* it will, it could be an extremely powerful tool for conservation, right-sizing, and healthy sustainability. If you get to it before I do (likely!), can you please comment here or email me? Many thanks!

RubyonRailsCamp Redux

Absolutely excellent, with the usual agonizing decisions of which sessions to attend because there were so many that were relevant. I'm looking forward to next year! And what the heck were the odds I'd end up at a table at dinner with two other people who have enjoyed the goodness that is a Lisp Machine?! Yow! It's still a tiny little world, too, as one of the folks I met at dinner turned out to be a good friend of a couple of old friends of mine.

Highlights for me:

• Getting a handle on the nuances between REST and SOAP, in the Web Services session
• Discovering another reason why having a Mac rocks: SubEthaEdit Collaborative note-taking, anyone? Pair programming over the net? Woot!
• Catching up on OpenID
• Being blown away by the realtime coding demo of SimplyRESTful. Oh, and SimplyHelpful is not exactly chopped liver either!

The best part of the conference, though, was getting to meet my Rails dev guy, Matt, face to face after several months of working together. He rocks! Our Virtual.Net app is still under wraps, but take a look at the great app that he's been developing for his own company, an online scrapbooking site called Scrap Ease, now in open beta. Nice stuff!

Event: "From Counterculture to Cyberculture", Nov 9, Stanford

This ought to be very interesting; I'm hoping my workweek schedule allows me to attend! Sorry, kids, blogger can't handle the PRE tag with pasted text for some reason. Sheesh.

From Counterculture to Cyberculture: The Legacy of the Whole Earth Catalog

A symposium featuring Stewart Brand, Kevin Kelly, Howard Rheingold and Fred Turner

Thursday, November 9 from 7:00 to 8:30 PM

Cubberly Auditorium, Stanford University

http://www.stanford.edu/~shyeo/wholeearth.htm

During the 1960s, student marchers chanted "Do not fold, spindle or mutilate!" as they railed against computers and the Cold War-era military industrial complex computers seemed to represent. But within just three decades, computers had become emblems of countercultural revolution. This symposium will feature a conversation with three people who played key roles in that transformation: Stewart Brand, founder of the Whole Earth Catalog, Kevin Kelly, former executive editor of Wired magazine and author of Out of Control: The Rise of Neo-Biological Civilization and New Rules for the New Economy, and Howard Rheingold, author of The Virtual Community: Homesteading on the Electronic Frontier and Smart Mobs: The Next Social Revolution. The discussion will be moderated by Fred Turner, assistant professor of communication at Stanford and author of the new book From Counterculture to Cyberculture: Stewart Brand, the Whole Earth Network and the Rise of Digital Utopianism.

This event is sponsored by the Stanford University Libraries, the Department of Communication, and the American Studies Program.

It will be introduced by Henry Lowood, of the Stanford University Libraries, and followed by a public reception.

Strata at RailsCamp San Jose

Strata will be joining the interesting folks at IBM Almaden's Ruby on Rails Camp in early November in San Jose. Also onsite will be Matt Petty, Virtual.Net's primary Rails developer, who has been implementing Virtual.Net's skunkworks Rails project from his Riverside CA location. We hope to be demonstrating the application at the (un)conference, and may have it ready for release in Gem form by then. Matt will also be giving a demo of his ScrapEase project, an extremely nifty online scrapbooking application, in his role as lead developer and founder of KizMeta LLC. Virtual.Net will host a 'Remote Rails Development: Tips, Tricks, & Caveats' session if there is interest onsite. We've developed some useful protocols and would like to share them with the community and get info from others on what's worked (or not!) for them. Will post any slides here, after the event. Rails developers-- interested in working with a firm with experience in scaling, designing for data *and* code re-use, and a good understanding of the real bones of Web 2.0, the skeleton under the hype? We are looking for 1 or 2 folks interested in collaboration & contracting. West Coast/PST preferred. If you are too 'expert', we probably can't afford you. If you are too junior, we can't afford the learning curve. Have some solid app-building experience in Rails or another language, a willingness to learn scaling and do collaborative design, and a belief in writing conduits, not portals. Drop us a note if you're intrigued. No reposting or forwarding, please.

Distillations from Day One

First day at Office 2.0 definitely did not disappoint. I was unable to attend the morning sessions, due to a client meeting in the South Bay, but the afternoon panels were excellent. In addition to my usual 3x5 card notes on individual sessions, I was keeping a set of cards for particularly useful bits of wisdom bubbling up from the panels. There is a lot. Here are a few.

• Ensure that the value proposition can withstand the pressure of easy data import/export.
• Enable backups of data without requiring all O20 companies to become backup experts; service & data are separate value propositions.
• This + web 2.0 = O20: Enable end-users to solve workflow problems by assembling applications.
• "Mashup" is just a euphemism for EI (Enterprise Integration). [panelist on Enabling Mashups panel]
• Technology should supplement business decisions, not substitute for them (good enough vs automatic '5 9s').
• Security goes out the window when folks want to get things done.
• Why do majority of KMS fail? They separate 'documents' from 'interactions with documents'; wiki & collaborative dashboard apps become de-facto KMS when they focus on workflow while allowing categorizing, searching, & tagging. KMS 2.0?
• Worried that a recruiter will find your blog? Maybe now they think you're weird for blogging, but in a few years they'll think it weird that you don't have a digital trail of blog/etc material. (SRC: shades of usenet!)

It was particularly interesting to hear that vendors are going after the large companies. One panelist said that you see most firms competing for the same 50K companies' business, and ignoring roughly 38 million others-- but then went on to say, getting agreement from fellow panelists, that O20 apps weren't going to be sufficiently mature to tackle the non-enterprise market for quite some time. One symptom of this that I encountered multiple times in the vendor demo area was the structuring of apps into 'free, personal use', 'small group', and 'enterprise' pricing & functionality tiers. This creates a problem for a typical small business, as the features needed most (generally, roles, fine-grained permissions, & delegated authority) are only available at the 'enterprise' pricing level. Talking to several vendors about this, the story I heard again and again was 'in our experience, this is how it works'.

The trouble is, my specialty is dealing with startups and small businesses, and this contradicted my experience. This morning, I realized a possible explanation for the disconnect. Another part of the story I heard had been that the 'small group' services were based on departments or workgroups within larger enterprises. These folks are all on the same team (literally) and really don't need the kind of role and auth structures needed by a business of the same size. Small businesses and startups are all about control and delegation-- even in 2-person startups, there are clear areas of responsibility. For a profitable small business trying to simplify with O20, the price structure will keep them away, because what they need is for the role & auth features of the app to *replace* the personnel costs of having strict department roles, and to echo the hierarchy in their workplace.

If one says, 'yes, but our monthly cost for this is a fraction of personnel cost', the small businessperson will reply, 'yes, but I currently do this by taking some time from each of N employees, I would not be staffing a person to do this fulltime'. The first O20 app to service small businesses in the ways they need will clean up bigtime. Intuit was brought up as an example, in one panel, of consumer apps driving business apps-- Quickbooks for home use drove the creation of Quickbooks for business, and the development of Quickbooks Pro and other higher-return tools for Intuit. Including Web 2.0 apps, which brings us full circle.

Right now the vendor model seems to be that personal/free users will drive adoption by workgroups which will drive adoption by the enterprise. We need an additional model, that will be fundable and sustainable, while addressing the issue of how we get this great functionality out to the folks who need it most, the small business owner. Ideas?

Office 2.0 Update

I'm looking forward to meeting folks at the conference. Unfortunately a prior committment prevents my attending tonight's cocktail reception, but I will be onsite for the afternoon sessions tomorrow (Weds) and most of the day Thursday. Trevor of Transmutable.com has created a handy iCal calendar for the conference sessions. See you in the Open Technical Sessions at 3pm on Thursday! Get a heads-up on some of the challenges and tradeoffs in making Office 2.0 deployable, scaleable, and rock-solid enough to attract a wide customer base. Fellow speakers can get a preview of the issues we'll tackle in the Open Technical Sessions. Anyone wanting to start the discussion early is welcome to drop me a comment and we'll do lunch on Thursday.

Office 2.0: A Paradigm or a Product?

With plenty of time to get the thinking caps rolling, I'd like to share some of my thoughts on Office 2.0. I'm approaching it from the standpoint of designing a next-generation redefinition of the office paradigm, essentially breaking enterprise collaboration out of the fixed document format into an XML-based, schema-driven world. Here is my first-pass list of key issues in creating an Office 2.0:

Define data formats so that Office 2.0 can do mashup-style integration with next-generation web tools.

Get away from 'document' formats like RTF and instead go to a markup-interpretive model with full support for XSLT, microformats, and schema templates.

Set up schema registrars and data interchange registrars, integrated into a PKI-like system that allows transitive trust in EDI.

Attempts to define functionality, formats, and features from 'on high' are an outdated legacy-- move to a purely data-driven, schema-centric model where 'Office 2.0' is an interoperability suite rather than a suite of programs with a captive user population.

Where Office 2.0 'wants' to go is to a place like where Apache, Mozilla, and Firefox are today; nobody's going to make a lot of money on that, so it's not a popular destination in the business world. Yet I believe that only an Office 2.0 effort that goes there has any real chance of succeeding. Small pieces, loosely joined-- in this case, via the data model.

Being able to mix templates within a document, and interpret them with Office 2.0 gives one essentially embedded application abilities.

Software as a Service and/or ASP model would be revenue drivers, but applications would certainly arise for independent access. One might pay licensing for use of licensed templates, ASP usage (software as service), custom development of schema, proxying/brokering service with escrow of trust, etc.

Establishing Service Level Agreements for levels of interoperability with current tools will assist in driving adoption of Office 2.0. Leveraging today's database-driven dynamic information models and using database as CRM provides the foothold necessary to get traditional enterprise to consider the new model.

For a schema-centric model such as I'm proposing, we might explore the SLA requirements for interoperability and translation between Office 2.0 document templates and traditional office formats such as RTF. A barrier to adoption of Open Office in many environments has been formatting and display problems when going between document formats.

The widespread success of Adobe's PDF as an information transmission model suggests that there is also a requirement for an SLA for document anti-tampering, whether the tampering is benign or malicious.

The beauty of a schema-centric approach is that one can essentially 'skin' an Office 2.0 editing and manipulation environment to suit a wide range of customer experience and preference. Some of the potential user groups have such differing UI expectations that a universal UI design is, in my opinion, a red herring which will only serve to distract attention from the underlying mechanics of building Office 2.0.

Will you be at ISPCon?

Coming up practically in my parking lot, ISPCon will be at the Santa Clara Convention Center from November 7 - 9. Exhibits-only passes are free with pre-registration-- the site says "until Sept 29th" but the registration process says "until Sept 15th". Hmm. Which is it? If you think you might drop by, today (the 15th) is a good day to register!

Office as Community

I'm somewhat buried in a deadline through this week, but want to get folks' creative juices flowing. My model for Office 2.0 is "the office as a community". What would it mean for productivity if the same kinds of social-networking software that allow individuals to find each other and trade goods, ideas, and services, were available within an organization? Many companies of under 500 people are organized such that it can be difficult to find expertise within your own organization, or access to resources considered spare or scrap, etc. These solutions could scale across an individual office location, a department, a campus, or even the whole company's virtual presence. What would a Craigslist for your company do/have? What if it were integrated into your document-building tools? What if those tools allowed you to categorize a document as you were writing it, showing similar documents in your knowledge base and assigning a proposed taxonomy location within your enterprise tag cloud, document repository, or other classification structure? The real future of Office 2.0, in my opinion, is to integrate document creation tools with document management tools within the context of a classification system. Ideally, a reputation-building system would be part of the mix, but doing that too soon could create some serious volatility wrt office politics. Interestingly, in 20+ years of working with cutting-edge Internet collaboration systems, from early mailing lists and Usenet through gopher, archie, the web, and now wiki's and social aggregation sites, I've seem some ideas repeated and repeated but never quite integrated so they 'stick'. Let's do it so it sticks this time! Please discuss. :-)

Strata Update

I will be speaking and/or teaching at the following additional conferences in 2006; thanks again to the great folks who attended my tutorials at the Usenix Annual Technical Conference, and were so complimentary on the evaluation forms.

• Office 2.0, Oct 11 - 12, San Francisco
• LISA 2006, Dec 2 - 8, Washington DC

It's been a busy summer, and it's not over yet. Look for the unveiling of a couple of major projects before the close of 2006:

• Publication of the Second Edition of The Practice of System and Network Administration.
• Release of a stealth Rails application currently in development; of course we are open-sourcing it! :-)
• Virtual.Net websites come out of the Stone Age with a modern look

Secret Sauce Explanation to Web 2.x

I was looking for a particular reference to help a Unix-centric friend deal with some new Windows requirements at his employer, and found Joel Spolsky's excellent article on Biculturalism in Software. In the article, Joel talks about the cultural differences between Windows programmers and Unix programmers, and concludes that their target audiences and metrics of excellence have a key difference: Windows programmers program for the end user, and Unix programmers program for other programmers. Don't return anything unless there's an error, make your output textual, eschew the GUI, use command-line switches, etc. The Unix pipe culture of sending one program's output to the next program's input. I think this explains why Web 2.x is taking off like gangbusters, particularly the mashups. It's XML and regularized schema. The "this output will be someone else's input" folks *and* the "I want it to be readable and pretty" folks can be happy at the same time. Just sayin'.

we who aren't posting salute you

I've decided not to post until I have something to say about something I'm actually USING or WRITING MYSELF, so things are going to be pretty quiet around here for a while, given that all my paying work is non-programming right now. Just so ya know.

Beta, beta, who's got the beta? Everybody!

The Web 2.x bubble machine is turning out betas faster than you can say "Lawrence Welk". Somebody decided it was time to keep track of them all, and lo, the Museum of Modern Betas was born.

Naturally the mere existence of a beta would be meaningless without a way to rank them (oh, let's!), so the MOMB folks have obligingly provided frequently-refreshed lists of the Top 100 and the "Hot 100". Metrics are based on bookmarks registered into del.icio.us, itself listed as a 'beta', along with Flickr, Google News, and some other rather long-lived 'beta' sites. If you wonder what all the hoopy froods are up to, there's also a list of invite-only and alpha sites.

Looking at the rankings of beta sites, I'm moved to suggest that perhaps after the first year of non-invite-only site participation, sites should consider themselves 'post-beta', eh? I am a huge fan of some of these sites, especially del.icio.us and Flickr, but calling them beta sites just seems very wrong somehow. There's an emerging generation of betaware, long-lived and extremely functional sites and software that stay perpetually in pre-release mode. Hearing myself saying that like it's a bad thing, I realize that it's time for a cultural reappraisement. Because I think it's a good thing, and a good process, but with a bad name.

We've seen an evolution in project management from 'milestone meetings' where changes are bad things to a feedback-loop process that's based on the idea of constant re-engineering. Nobody's prescient enough to predict everything that a release will need. By creating these sharp release-cycle plateaus, organizations create a culture where the drive for new features is a hugely competitive process within engineering, and the impetus to fix bugs is very, very small after 1.0. When a site like Flickr or Google News is perpetually in beta, it sends a message to engineering that fixing bugs is still important. It also sends a message that adding features is something that can still be done with a bit of spontaneity and playfulness, rather than being like an episode of Survivor: whose feature will make the cut?!

I think there's still a sweet spot waiting to be found out there between 1.0 and perpetual beta. It combines the agility of the beta culture with some of the rigor and dependabilty of the release-driven process. Not enough to strangle it, but enough so that you don't feel like things will change out from under you on a week by week process. I think that to discover it firsthand, I'll need to get more involved with development-- which would be why I'm out there learning Ruby and AJAX.

Useful Miscellany

SDForum and RubyCentral are putting on a joint conference on Ruby in the Bay Area during the weekend of April 22-23. Unfortunately I've already committed to being out of town that weekend, though it's possible that I could reshuffle some plans.

I've received several invitations to check out the 30 Boxes shared calendar, but haven't had time to play with it. Initial poking at it looks like there's no easy import/export with iCal, so I'm unlikely to use it. If you're looking for a shared alternative to Yahoo's calendar, though, and aren't dependent on push/pull of events to/from a mobile device, it's a good bet.

Most of my time during the past couple of months has been spent attempting to clear out my schedule so that I can work on a book revision (still pending contract, but looking good) and start learning Ruby. I expect things here to be mostly quiet for another few weeks, at which point I'll be setting up my development system for Ruby on Rails and blogging about the experience as it unfolds. I'm an old-time C programmer, now a bit rusty, but I like what I've seen so far of the syntax and conventions for Ruby. I'm really looking forward to getting my decks cleared enough to sit down and start learning it.

I'll be in Boston next week for LinuxWorld, stop in at the Usenix/SAGE booth and say hi. Other conference plans are:

• LISA Regional Training Event, May 8th, San Jose (come learn project management from me!)
• Usenix Annual Technical, Boston, last week of May
• BlogHer'06, San Jose, July 28 & 29
• LISA '06, Washington DC, first week of December

Welcome back, BlogHer

The retooled BlogHer site is up, and it's great-- kudos to the site team for all their great work! Oh, and registration for BlogHer'06 [July 28, 29] is up-- get 'em while they're hot!

Look Away From the Screen, Please

The 37Signals workshop in Chicago was excellent, and I'm buzzing with ideas for getting stuff done. Unfortunately for tonight, a so-called "friend" sent the sand game to a mutual mailing list.

That was survivable, despite battling the 'blobs' with salt being weirdly reminiscent of my real-life battles against snails in my garden. Someone else followed up with a pointer to fastr, the FlickR-based tag-guessing game.

So. Completely. Addictive.

Must. Look. Away. (between rounds, of course)

What a completely great mashup app-- fastr is going to go far!

Spreadsheet Risks

As a small business owner, I spend more time with spreadsheets than I might otherwise like. It's always seemed to me that spreadsheets were one of those ubiquitous things on which people literally bet the company, yet which are hacked up by folks who are amateur programmers. They may have vast financial experience, but they are still amateurs at programming. Apparently I'm not the only one who has this feeling. I was delighted to discover, via RISKS-Digest, EUSPRIG, the European Spreadsheet Risks Interest Group. "EuSpRIG is an interest group of academia and industry promoting research regarding the extent and nature of spreadsheet risks, methods of prevention and detection of errors and methods of limiting damage. We bring together researchers and professionals in the areas of business, software engineering and audit to actively seek useful solutions." The downloads section of their page contains some very good papers on best practices in spreadsheet creation and evaluation, as well as case studies on spreadsheet use in various organizations. They have been running a peer-reviewed conference for a number of years, and have done a great deal of research in this area. I'm especially enjoying their paper on best practices for avoiding spreadsheet errors and mis-modeling entitled "How do you know your spreadsheet is right?". For some scarier light reading, check out their archive of news stories about the costs of spreadsheet errors. The current 'winner' is a 2003 gaffe by TransAlta, a cut-and-paste error that led the company to bid for contracts that were higher than they really wanted to pay. The end result was a needless $24M USD charge against earnings. Ouch. For my compatriots in systems administration who are struggling with Sarbanes-Oxley compliance, EUSPRIG's 2005 conference was largely focused on managing spreadsheet risk in a SOX context.

Live from the SocialTech Workshop

This is a test posting, for del.icio.us tagging.

Zimbra: Beta Release is Out!

I've really been looking forward to the Zimbra release! Now all we need is a Mac version: currently only RedHat Enterprise Linux and Fedora Core versions are available as binaries.

I'll keep an eye out, though!

There's an Exchange migration client, and lots of documentation too, so plenty is there to peruse even though my flavor of choice isn't there yet.

Forgetting the Lessons of the Net: Routing Scaleability

An excellent article on ICANN, DNS, and Internet governance by Andy Oram[4] was forwarded to Farber's IP list recently. The bulk of the article was excellent, and we're going to see a lot more discussion of this type of topic in the near future-- even the US Congress is getting involved. However, I was slightly disturbed to see a big chunk of net.history overlooked in the debate, or worse, a very real problem being taken as crying 'wolf'. Here's the note I posted in response to Andy's article.

I agree with many of Andy's points, but I'm surprised at his description of the 'shortage' of IP addresses. The issue was not running out of numbers, the issue was 'how many independent routes can current routing tables service'. Back when folks were scurrying about consolidating IP networks into CIDR blocks, it was because of limitations on the amount of memory that then-current routers could usefully address (or providers could afford, or both) to hold the route tables.

Take a look at Geoff Huston's excellent article about historical BGP table scaling[0], take a trip to the distant past of 1996 to RFC 2008 [1] or earlier to the 'growth plans' section of RFC 1519 [2]. That last document states:

"As of Jan '92, a default-free routing table (for example, the routing tables maintained by the routers in the NSFNET backbone) contained approximately 4700 entries. This number reflects the current size of the NSFNET routing database. Historic data shows that this number, on average, has doubled every 10 months between 1988 and 1991. ...

It should be stressed that these projections do not consider that the current shortage of class B network numbers may increase the number of instances where many class C's are used rather than a class B. Using an assumption that new organizations which formerly obtained class B's will now obtain somewhere between 4 and 16 class C's, the rate of routing table growth can conservatively be expected to at least double and probably quadruple. This means the number of entries in a default-free routing table may well exceed 10,000 entries within six months and 20,000 entries in less than a year."

There's an excellent set of descriptions of the Routeviews project, and some shortcomings of BGP (which itself is still more scaleable than OSPF on today's network) at the APNIC meeting transcript of February 2005 [3].

cheers, Strata

Disclaimer: I are not a network eNgineer, I'm a systems person, but I've been around the block long enough to know a bit of history, and less than 5 minutes of Googling lets me share it with you folks in better detail than I'd be able to write up personally. I was also looking for specific NANOG traffic from 'the day the net broke', eg when they separated the NAP/MAE traffic and handed off to ARIN(? was it ARIN?) and everyone with a backbone router found that suddenly they needed *double the memory* in their routers. Felt very sorry for my net-eng buddies that day! Anyone got cites for that lying around at hand?

[0] http://www.cisco.com/en/US/about/ac123/ac147/ac174/ac176/about_cisco_ipj_archive_article09186a00800c83cc.html [1] http://www.faqs.org/rfcs/rfc2008.html [2] http://www.freesoft.org/CIE/RFC/1519/10.htm [3] http://www.apnic.net/meetings/19/docs/transcripts/routing-sig.txt [4] http://www.oreillynet.com/pub/wlg/8147

Remember Where We Came From

And now for something completely different. Think of all the social apps, the rich this-n-that, the flashy websites that are here one day and "so 1999" the next. Think of those, and then spend an hour, maybe more, browsing the posters, and annotations, of David Goines, graphic artist extraordinaire.

See the elegance of design in the posters, read the snippets of vivid story in his comments on the work, and think, "Oh, right, we were doing all this to CREATE something."

Trees, meet forest. Forest, meet trees. Everyone will benefit.

RSS? You're Soaking in It!

A new report on RSS usage (PDF) shows that 31% of Internet users are using RSS. "Wow! That's amazing!"

Well, yes and no. As always, reality is slightly more complicated.

The report, produced by Ipsos for Yahoo, goes on to detail that 27% of the "RSS users" are in fact using it transparently, without realizing it is involved, via their use of personalized portal pages such as MyMSN or MyYahoo. "Oh. That's a bit less exciting."

Well, again, yes and no.

Just like I don't have to understand how a cable feed head works to watch TV, or how a 5ESS switch operates to dial my phone, the name of the game is transparent infrastructure. If portal pages are providing tools for people to add custom RSS content, as long as the tools work, the content is there. The users don't have to have heard of RSS, or know how it works. What they do have to know is how to find the content, but we all know RSS search is one of the Next Big Niches (for a while).

So what we have here is a win-win situation. Folks developing sites that can publish in RSS will have a potentially much wider audience. That audience isn't dependent on adoption rates of special-purpose applications like RSS aggregators and readers. On the other hand, there's a cautionary note here: portal-oriented sites typically like to feature portal content, so tools to discover new, non-portal content will themselves need to publish RSS so that once users find them, they can find new things easily.

With all the sites springing up trying to recreate what HOMR won (and lost!) in the early 90's, and media-oriented recommendation engines all the rage, I have yet to see one that tracks your blog reading and lets you do easy thumbs-up/thumbs-down feedback to publish. You know, your *real* blog reading-- not the stuff you put on your blog page and check when you get around to it because you don't want to miss something, but the stuff you actually make time to read on a quasi-daily basis.

What about the blog that is 95% stuff that doesn't grab you, but now and then posts book reviews on topics of interest? The programming site dedicated to a tech that you don't use, but which occasionally blogs stuff on your preferred scripting language (comparing it to theirs) or general stuff about software design? Subscribing to a tag stream, even a detailed one that resembles a search query, doesn't have sufficient granularity. Ditto for 'recommended' blogs. A tool that says "if you like this *posting*, you will probably like this other posting has scads of potential. It can be tagmented (augmented with tags). It can provide aggregate info, eg if you've gotten 3 recommendations for the same blog, and they've made only 5 postings in that timeframe, the odds are you might darn well like the whole blog and want to be told about it.

Yeah, yeah, I know about PHOAKS (still somewhat available), GroupLens, etc, but the 'new internet', in throwing out all the lessons we learned in the Usenet days, seems to think nobody's ever done this before, so I'll cater to that. That said, there's nothing in the P2P brave new world that precludes the kind of agent registration in Lashkari, Maes & Metral 94, "Collaborative Interface Agents" or Turnbull 97, "Filtering and Collaborative Filtering". Then there's Terveen & Hill 01, "Beyond Recommender Systems: Helping People Help Each Other".

Hokay, smart people-- who's building this, and when can I join the pre-launch users? If nobody's building it, hey, ping me if you want to start and want more vision-grok. If ya wait for me to build it, well, that could take a while at my current rate of morphing my dinosaur-HTML and IS-related scripting skills into web 2.x skills. The little engine that could is still chugging up that hill, in its so-called "spare" time, but they keep changing the hill. But then again, I've seen a few hills come and go.

Z-riffic Response: Zvents Green Lights Non-commercial Mixmastering

Now this is the dynamic web we've all come to love. Within hours of my posting about the apparent contradictions in Zvents' Terms of Use, one of the Zvents founders drops a comment here that it was an oversight and that it's been fixed already. I love it!

They're only trying to prevent commercial sites from scraping them, which seems eminently fair. Remember the horror era of MSN CitySearch, scraping anything in sight for their 'index', which somehow involved regurgitating whole pages but kept you portal-trapped? Like About.com but more so? Glad I am for a web kinder gentler we have. Though I *still* miss Sidewalks; that was my big lesson in 'archive full pages of anything you like', ya never know when it'll go poof.

Anyway, hats off to Tyler and team for clearing that up! Let le bon temps roulez!

One of the cool potentials I see, possibly already in the works-- Zvents-based Zimbra hotlinks for calendaring. Define a Zvents tag aggregator that autofeeds to your Zimbra, and have it pre-feed events directly onto your calendar as 'tenatives'. Or Zvents hooks into MyTickler, where a feed autogenerates Ticklers. The only thing growing faster than the possibilities is my unfinished projects list. Doh!

Web 2.x NIMBYism? Zvents Says "No Re-Use!"

Another new goodie announced at Web 2.0 in SF this week is Zvents, a social calendaring system. I'm a bit more skeptical about these-- what does this have that, say, Upcoming.org or Laughing Squid doesn't have? How does it replace Craigslist Events, or supplement it?

Not only can I not answer that question, I found something that kind of irritated me on the Zvents Terms of Use page. One of the listed verboten item sets is Thou Shalt Not "Use automated means, including spiders, robots, crawlers, data mining tools, or the like to 'meta-search' the Site or download data from the Site

Take events from Zvents and reformat and display them, or mirror Zvents results on your web site. If you want to make commercial use of Zvents, you must enter into an agreement with Zvents to do so in advance."

Aha. Let me get this straight. You want to make a web 2.0 application having people post stuff, and possibly harvesting stuff from elsewhere, but if anyone tries to mixmaster *your* stuff, it must be 'commercial' and therefore you'd be in violation and need to have an agreement with them. Sure sounds like NIMBYism to me. "Great neighborhood you got here! Lots of innovation! We're glad to be a part of it! Just don't try to use *our* stuff to remixmaster, 'k?"

Nah, they can't possibly mean THAT. Must have been a slip of the legal advisor's keyboard in the Terms of Use. C'mon, gang, tweak that or 'fess up. You can't play both ends against the middle!

Update: And, in fact, it was an oops! Tyler tells all, fixes all, happiness returns all. Dilute, dilute, ok! :-)

The Z-Whiz Experience: Zimbra! Your Mailbox Will Never Be the Same!

What a great week for knock-yer-socks-off webware! Today I took a look at Zimbra, a hot hot hot collaboration tool and MS Exchange replacement and my toes are still tingling. As a jaded veteran of the MUA wars, I tend to think that I'd be happiest going back to MM, the TOPS-20 text-based mailer that was ported to *nix using the Columbia JSYS library. There's actually an MM port for Linux, but I've been in Netscape long enough that I don't bother. When I moved onto the Mac, various folks' rhapsodic waxings about the local mail app there made me try it. For about an hour. Ugh. No thanks!

Now, I'm going to bother. Zimbra looks worth going through the hassle of moving a few gigabytes of mail archive into. OK, several hundred gigabytes of mail archive. Or at least going forward with on a regular basis. I'm going to be really, really interested in the migration tools.

They've already done one amazing thing, namely to produce a narrated Flash demo that is actually exciting to watch-- for me, at least. The features of following conversations, getting to info by mouseover that one usually has to click into, extensibility that can set up context-sensitive handlers (eg, recognize a FedEx tracking number or a company purchase order embedded in an email), the list goes on. I have to hop on the train shortly and can't finish watching the demo right now, but what I've seen so far has blown me away.

Yes, there is group calendar with free/busy scheduling, the Holy Grail of Exchange displacement. 'Nuff said. I am *so* spending my weekend getting this working for Virtual.Net's mail.

Ning Success: the Workaround

Well, whatever's going on with Ning provisioning continues to bite me, but I have discovered a workaround. If you are having the same problem logging in, try this: click on the "forgot my password" link.

Enter the email address you used for registering. Ning will reset your password to a six-digit string. Logging in with that string *works*. Huzzah!

Now to delete duplicate accounts. Onward!

Welcome to the Ning Thing

Not a Cat in the Hat sequel (or is it?!), it's Ning, a toolkit site for building social networking apps. I predict lots of fun at TagCamp playing with Ning. In fact, Ning bills itself as a *Playground*, not a toolkit. I like that approach!!

I have a small quibble with the Ning user agreement, though it's not enough to keep me from signing up. The UA specifies that "For free accounts during the beta period, all Developer-generated Code is Public Code." Hokay, no problem. But further down, it also assserts "You, as a Developer, own your Code. Full stop. We'll cover Content in a moment, but you own that too. We claim no ownership interest in the Code you use to build Applications on the Ning Playground. To encourage collaboration and sharing among Developers on free accounts, you grant Ning and Developers on the Ning Playground a worldwide, fully sub-licensable, fully paid-up and royalty-free, perpetual, irrevocable license to use, reproduce, modify, distribute, publicly display, publicly perform, and create derivative works of your Code."

Good philosophy, but I'm now wondering what their lawyers (whom they refer to in the UA itself) were thinking using "public domain" in the earlier section. Kudos to stressing that Developers now and always retain all rights to their Content, and making the distinction between the Content and the Code.

Overall this seems a highly admirable and intriguing play. One wonders about the revenue model, but I imagine subscriptions and hosted apps play a large part in it. Now all I need is *time to play with it* (oy!).

Hmm, actually all I need is for the registration to work. I registered, and got the confirmation email, and tried to sign in. It keeps bringing up the "sign in" pop-up box along the top right. I thought I'd munged the registration process, so I created a 2nd account, and got the same results. Grump. Maybe they're getting swamped-- they say that they'll be "throttling" the number of Beta Developer accounts they create, on a "first come, first served" basis. We'll see-- I'll try logging in again in an hour or so.

Update: I realized that I could check whether an account had actually been created based on whether a pivot existed for it. Sure enough, there's a pivot for strata. I'm guessing that their provisioning is set up such that my request for developer status puts me in some kind of queue where the account infr is created, but the login isn't enabled until someone makes the dev-stat decision. Aaaand....I'm wrong, because I just provisioned a 3rd account, which did NOT request developer status, and I still get the repeat login boxen. Hm. Don't worry, I will nuke the other accounts once I get one that works!

Trackback for Silicon Beat

Decentralized Web of Identity: OpenID

Those clever folks at Livejournal have launched another project, a decentralized client/server based identity web called OpenID. As the specs say, it's not a web of TRUST, it's a web of IDENTITY. This is something that's missing from most of the social networking software (along with granularity, but that's a hot button we won't press at this precise moment). In social networks as largely implemented today, you build webs of trust but the identity verification is left to the user. There's no identity publishing, either, and each service makes you annoy the friends that you have with subscription emails and/or search stumblingly through whatever metrics the site supports to try to see if your friends are already on the site. I don't see anything yet about how OpenID might address the identity publishing aspect, but it's certainly possible.

Web Tools: Web Developers 'Handbook'

Not a handbook, despite the page's title, but a resource-crammed one-stop jump page for web development tools. Highly recommended!

PocketMod: Origami Hipster!

The PocketMod PDA builder is kind of an Origami Hipster-- a Flash application lets you drag page templates onto an array of pages, and then a folding diagram helps you turn those into a little booklet. Simple, quick, easy.

Also non-expandable, and possibly tough to archive. However if you made a couple of them, one for long-term contacts and ideas/notes-to-self, and another for one's ongoing schedule and reference, that might do the trick.

Coolest template award: a 'learn morse code' template that presents the basic alphanumeric characters as a dit-dah digraph. Very fine! I might print a PocketMod logbook just for this feature.

Kiko Calendar: More AJAX Goodness

Yet another online calendar app, ho-hum. Maybe not! The Kiko beta calendar, an AJAX implementation is slick and shiny and shares some of the same clean, interactive UI as TiddlyWiki. Now if only it had an export function! Maybe it does, and I simply haven't spent enough time with it.

Ah, the Joys of Being on the Radar

At least, on the spammers radar. Just turned comments off for anonymous users, due to a sudden wave of comment spam. Will dig out from under it later today.

My apologies for those who would like to comment, but deplore registering with a blog site. Sounds like a good Digital Identity project- create a meta-registry for folks for blog comments, and do a 'yes/no' type lookup on the registry to retrieve data, or even to allow anonymous posting with a digital-ID link that can be looked up later IFF the comment is abusive (eg ad spam).

ProtoPage: AJAX Rocks Your Web Desktop

I have tried to be a good little TiddlyWiki'er, but moving the TW around on my flash drive is cumbersome and annoying. Yet I hate relying on the network for applications, because one doesn't always *have* network, and most network web/productivity apps don't run via https or tunneling. I am frequently heard to rant on this topic, and have vowed to never be dependent on the net to work. I've just hit my "never say never" moment.

After only 15 minutes of experimenting, I am already doing useful work in Protopage, with wiki-like sticky notes, link lists, and freeform text blocks. I want to make a Protopage for several major work areas in my life: the open source stuff, my consulting & staffing company, my gardening, etc. OMG.

Now I want authentication, shared group access for collaborative projects, a way to back it up, etc etc. To me, this is complete simplicity and transparent ease of use. Backpack and the like should take some cues from this-- the Backpack concept is wonderful, but the UI is so cumbersome. Make a Backpack widget for Protopage!

In the 'proof of concept' department: my thought upon leaving this site was, "Where do I go to PAY for this?! I want to make sure it does not go away!" That's a heck of a business use case. Protopagers, are you listening?

Tracking Katrina Through the Blogosphere

I started out looking for something that uses GeoURLs, and found GeoBloggers but am mostly picking up FlickR output. Makes sense, as even folks blogging from I-10 are probably doing it via mobile phone and don't have GeoURLs set. Interesting FlickR and del.icio.us output, such as photos from a plane out of town this past afternoon showing the incoming storm, and empty supermarket shelves-- plus the usual insouciance of the human spirit in the face of nature: a local signboard whose letters ask, "How ya want yer burger, Katrina?" The NWS has put up a feed for Katrina news and alerts, including landfall predictions, and seems to be doing that for all tracked Tropical Storms and Depressions.

What's really funny and sad at the same time is that as I write this, I'm listening to a live Mississippi Public Broadcast radio and the folks on the air are asking their callers about the latest updates on the projected storm track, relaying from TV via the Weather Channel.

RexBlog has the best list I've seen yet of live audio and video feeds, as well as links to LJ livebloggers. Kaye's Hurricane Katrina blog points to useful resources like a Weather Channel blog and a scary article link suggesting that the SuperDome may not be safe shelter from Katrina (via JoshBritton blog).

Rather than watching several feeds independently, I went looking for a utility to mixmaster them, and found James Lee's excellent requirements wishlist for feed mixing, including pointers to FeedDigest, FeedShake, and RSSMix.

I put together a FeedDigest pico-feed: the del.icio.us tag 'katrina', FlickR photos tagged 'hurricane' or 'katrina' or combination thereof, and the NWS Katrina feed.

I could stay up all night mixmastering a truly informative feed, but I know (alas) that it's solely an attempt to feel like I'm Doing Something, when in fact all I can really do is pray for the best possible outcome. Mike and I visited New Orleans on our way home from our sabbatical year on the road in our RV, went to the Jazz & Heritage Festival, rode the St Charles streetcars and toured their carbarn (oldest continuous streetcar operating line in North America), and enjoyed the wonderful French Quarter and the walking Garden District tours. This time tomorrow, all those things could be effectively gone. Reading the live LJ and blog posts from people who decided to stay, and now regret it, or who are already fearing for their families, their friends, and their pets, I retreat to storm-tracking and overanalyzing a sea of data. It's my way of trying not to let the sadness hit me like... well, a hurricane.

RexBlog TrackBack

'Security Through Obscurity' Shouldn't Be Part of Web 2.0

Web2 .0 is coming. It's already here in some places. It's new, it's shiny, it's exciting.

Yes, all this is true. What is also true is that in implementing Web 2.0, and making and deploying extensible, mixmaster-friendly services to leverage for Web 2.0 and beyond, we must not lose sight of basic design and deployment principles. Some of these principles are more native to IT and systems administration and ISP/ASP deployment than to traditional or even web nouveau engineering and rapid prototyping. Here's a good example from the real world, which just came to my attention in the last day or so.

Suppose one is running a popular photo site, designed to host photos and control access to them via the site itself or via an API. If enough detail about how photos were constructed was present in the javascript available via 'View Source', one might learn how to assemble an URL that would be valid for direct access to a picture.

This might not be such a problem, as presumably to see the page in the first place, one must be logged in, or the page must be public, or both. But suppose that the photo (and thus the page) were designated as private. Then it might be the responsibility of the site to make sure that all views of the photo were brokered via the site or its API. One should not be able to construct a photo URL and then access the photo regardless of one's in-site permissions, or one's logged-in status.

The photo above links to its page in my user area on a popular photo site. The photo is designated as 'friends only'. Please note that by linking this photo to its appropriate page on the site, that I am complying with the site's Terms of Service, which I reviewed carefully before making this post. Most people clicking on the photo will either receive a 'sign in to this site' page or a permission-denied page. I am new to the site and haven't located most of my friends there yet.

I think that this photo site is doing a wonderful job enabling use of web 1.5 / web 2.0 functionality. They are making photo sharing accessible to a wide range of folks who found it previously difficult. Their use of some new markup technology is causing it to rapidly mainstream, and be fun to use as well. In all of these things, they are to be greatly commended. However, by separating the workflow of 'display an image' from the workflow of 'authenticate a page', they have made a very common design blunder. I would urge them to review their workflow carefully to weed out any similar slips in dataflow to workflow mapping. Judging by the site that's been put together, they are very savvy folks and can figure it out on their own easily now that it's been pointed out to them.

There are a number of ways that they can alter their workflow without requiring a great deal of information overhead, or significantly altering the site performance. What might be the easiest, depending upon their topology, is simply to create a second DMZ server zone for the servers hosting photos, and only allow the application servers to pull content from them. The page-level javascript would actually open a session to the photo-serving DMZ on behalf of the client, and do an encrypted authorization transaction. There may be some browsers in which this would fall afoul of 'sandbox' rules, and be considered downloading from an 'outside' source, even though the FQDN portion of the hostname would be the same. The site probably knows a great deal about their user community's browser preferences by now, though, and would be in a good position to make that call.

Alternatively, a transaction-key protocol could be implemented which would provide a simple method for a logged-in user's session to register itself (possibly playing off existing code) and have the photo server do a verification lookup that there is a non-expired valid key associated with the session requesting the image.

I don't consider this a 'fatal flaw', otherwise I would have contacted the site directly and discreetly rather than blogging about it. I do consider it a very telling example of why these next-generation services could benefit from a bit of healthy old-fashioned IT paranoia in the design and deployment phases of service engineering. Security through obscurity isn't really security. Relying on it to solve other design problems can build a whole set of dangerous assumptions into a product as it matures and grows.

A Web Design Conference for IT Professionals? W00t!

The upcoming WOW Web Design and Project Management Conference in mid-September has a refreshing difference from all of the other web conferences that I've attended or read about so far. It's the very first one that I've seen that includes *me* in the target audience! Even better, professionally I'm three out of four of the top four targets.

• Information Architects / Knowledge Managers
• IT managers and Planners
• Software project Managers [not much 'me' in this one, except for operations-related software]
• Integration team Managers

So far, so good. Now the burning question, from the viewpoint of a small business owner with multiple employees: where do I find the discount registration offers for *this* conference? No luck on the Blogger or MT dashboards, alas, nor on Molly's pages where the 2004 version was discounted.

Moore's Law Illustrated

My friend Phil recently took this picture and posted it in his LJ. It's not often that you see such things so tidily illustrated.

Head still exploding from Bar Camp. The combination of BBS'05 and Bar Camp has been wonderful, exciting, amazing, and incredibly deleterious to my normal round of responsibilities as owner and President of a small consulting and staffing company. Otherwise I'd try to be up in the city AGAIN tomorrow at the FLOSS Sprint.

It's Just Conduit, Gang: RSS Neither Overhyped nor Underadopted

Remember that the value of a technology is not necessarily driven by the early adopters, and that content and technology are two different things. It can be too easy to conflate content with a particular publishing technology, such as we see in the world-o-blogs and with RSS. For instance, Burnham says that the low percentage of bloggers supporting or caring about their feed tech indicates that 'RSS'still has a long way to go to mainstream adoption'.

Nope. Just like the web browser, which came along and blew gopher out of the water (raise your hand if you remember Archie, Veronica, and Jughead!), RSS/Atom/etc are still waiting for their killer app. Which, in my opinion, is critical-mass support in mainstream browsers. People don't have to download them. They don't have to see them as an application. The native capability will just Be There, in Safari, Firefox, the next IE, and so on. RSS itself doesn't matter so much as the TOOLS matter; tools to view it and tools to woo it. Editors and readers and taggers (oh YEAH, taggers) and recombinant mutazoid mixmasters and feedblasters.

Any second now the business world, which publishes more 'content' in a typical mid-sized enterprise in a week than most people do in their whole lives, is going to wake up and smell the coffee on this one. In fact, let's brew them some enterprise tagalicious espresso. Content Management System? I'll show ya a CMS for the next century! Coming soon to this blog near you.

Trackback to Burnham MT

The Best Part of Foo Camp Isn't Foo Camp

...it's the existence of the list of Foo Campers. This guy really has the right idea. Instead of making a mountain out of a molehill, just notice who's going to Foo Camp, subscribe to their blogs/lists, and get the benefit all year 'round.

As Agatha (Heterodyne!) Clay's buddies the Jaegermonsters would say, "Schmot guy!"

Extra credit: do this for ALL the invite-only conferences which you'd like to be attending. EC Lite: just the conference committees and the keynotes.

GTDTiddlyWiki: the Future Where You're Getting Things Done

Folks just discovering the wonderful world of TiddlyWiki will probably really adore GTDTiddlyWiki. Nathan Bowers move David Allen zig. All your tasks are belong to you.

Bonus: prints onto 3x5's for use with the Hipster PDA. I'm currently Warhol Moment'd at the top of the Hipster PDA Flickr stack. All hail Tris, Photographer-King of BBS05!

Trackback to BBS'05

On Beyond Social Tagging: Enterprise Tag Clouds are Coming!

In Get With the Future: It's Tiddly, Jeremy Wagstaff concludes with the idea that "...we should think of tagging not just in terms of social tagging...Tagging will become as useful when it?s applied to personal, or closed, data."

Absolutely! I commented with a pointer to my June 2005 writeup on the intersection between tagging, IT, and enterprise workflow. The fun is just beginning. Do you have an Enterprise Tag Cloud yet?

Think about all the effort people put into fostering communication between groups in a mid to large enterprise. Then think about how many times you've discovered that someone in your own organization is working on a similar project, or that you could have used something invented in-house instead of rolling your own, or that someone two hops away from you at another corporate campus has been contacting other folks at the same potential client, and so on. Once you get up above 200 employees, individual views into the business and its shared goals start becoming extremely narrow. One's vision goes beyond 'my team and my department' only to the 'view from 25K feet company all-hands', and doesn't generally rest the eye anywhere in between.

With support for in-business tag discovery and 'social' tagging in the business sphere, you get a potential view into things of interest happening within a company, with a much finer granularity and lower overhead publishing effort than the old-fashioned 'company newsletter'. Ask any company with a significant engineering and development component how they make sure that the right hand knows what the left is doing, and 8 times out of 10 you will get some kind of handwaving that means 'umm, senior management knows what other senior management thinks'. It's a rare place where direct product-level folks get to collaborate across teams in ways less cumbersome than a high-traffic, generally ignoreable 'engineering' mailing list.

What about each product team publishing tagged entries on their milestones, release dates, toolsets? The IT folks updating groups with information tagged at the particular user community, without maintaining those horribly clunky lists of 'Word 2000 users' vs 'Word 2003 users' or 'Linux desktops' vs 'Windows desktops'. By allowing tagging within a social interest or shared research interests sphere, a savvy enterprise could re-establish that sense of 'the commons' that many people get from research-lab and university-spinoff environments.

And this is exactly why I'm here, at a place like this, at a time like this-- because 'Best Practices' in IT aren't just about how many sysadmins per hundred desktops, or which applications live inside the DMZ vs inside the backnet. The 'new enterprise' is going to look a LOT more like an internet social community than most folks currently realize. In some ways, it's going to HAVE to do that to stay productive and functional, as telecommuting, job-sharing, offshoring, and the like become the norm. As I wrote in Feb 2003, "Will the Real 'Sysadmin of the Future' Please Stand Up?" Chances are that he or she looks as much like a Drupal or MediaWiki sitemaster as a SAGE Level III or a CCIE.

Trackback to BBS'05

Early Adopter (Whoop-Te-Doo; That and 3 Bucks Will Get me a Latte)

I got grouchy at some point during this latest session and went looking for some online documentation of the fact that I've been saying since AT LEAST 1994 that the most precious commodity on the net is *human attention*. I wasn't posting the TaskBroker stuff, just notebooking it. But I probably have a rant filed somewhere about that and went looking for that.

Lo, instead of what I was looking for, I found some magic early-adopter-fu to combat BBS05 fatigue and make me smile: a FoRK post from 2000, showing my signup to Pyra.com. As I said, that and a few bucks will get me a latte, but suddenly I feel good. Ya do what ya do, whether it makes sense to other folks or not. Kinda like when I do art, digital or the old-fashioned kind, or mutant miniature meeting sketches. If it makes me happy, and I don't care if I show it to anybody else or not, I know I did it right.

Trackback to BBS'05

Raising the BAR: FooCamp for the Rest of Us

I heard about BarCamp, the 'building cool stuff' camp for the rest of us today from a friend, and was wondering whether or not to blog about it. Scoble has been speaking here today, so I thought I'd check out his blog for the first time. Wait, wait, stop being incredulous-- I like to work my way up down and through the middle of other people's Top N lists, so hey.

Scoble's mention of a car so outrageously cool he had to NDA to get a ride mentions said car will be appearing at BarCamp. So, away we go!

Trackback to BBS'05
Trackback to Ross's MT

Look! Convergence! (What, Again?!)

Listening to DL Byron talking about "Good Blog Design", and really finding a lot of good talking points here. Something he just said kind of jumped out at me, though. Paraphrasing, he said, "We're finally starting to get a kind of convergence, with blogs, the web, rss, etc, and things are really taking off."

I flashed back to 1994, when I set up the NTIA Virtual Conference. For pretty much the first time ever, we had email, web display/post gateways, gopher, and netnews all gatewaying to each other. No matter which medium a person was restricted to, he or she could fully participate in the online conference forum. And people commented, "Wow, it's finally starting to come together, things are really taking off!" Fast-forward 11 years, to DL's comment today.

Will *this* convergence happen? If so, why? A comment made by someone at BlogHer stands out-- the difference is findability. The search engines make all the difference. Remember when the Net Scout listserv engine put dozens, then hundreds, of new sites in your mailbox every day? I used to save the emails and grep through them on my home SparcStation. But that really didn't tell me what I needed to know, since the descriptions were scanty, and grep, even with some fancy regexp-fu, is not very smart. Now we're starting to see not just blog-specific search sites like Icerocket, but RSS-specific search sites like PubSub.

Sites like PubSub have evolved in double-jumps, in that they not only search RSS but publish the results as RSS. Remember the glory days of multicast on IPv4? Protocols like Internet Whiteboard? I started saying in the mid-90's, watching the ISP's eat other ISP's, spawn ASP's, etc, that 'everything becomes conduit'. Structures like the InterNAP are a given now, were novel in the days of the PAE and the MAE's. Will there be a multicast RSS set of dedicated links, eg the 'InterRSS'? I remember when sites set up separate UUCP dialups to unburden their main links, then set up dedicated UUCP links for NetNews, then bandwidth became noise and it all just moved back out into the main bandstream. Would there be value in a multicast ring dedicated to constant content? Perhaps this will be the economic motivator for some movement to IPv6-- there's enough address space that one could actually create a tag registry that maps to netspace, and do content filtering by IP address. w00t! Sounds perverse today, but o tempora, o mores!

Trackback to BBS'05

Googlification Rocks!

Just discovered a lovely little OS X tool, Googlifications. Requires a Google API key.

The wireless here at the conference is now refusing to pass https connections, in addition to dropping out every few minutes. VERY VERY irksome. If I could reach the Starbuckies TMobil wireless from here, I'd pay for the day just to avoid this frustration. Grrrrr.

Especially frustrating since the wireless let me download the tool, but I can't go get my KEY. Gah. I suspect the problem might be similar to the one debugged by the BlogHer folks-- access points arranged to support N-hundred folks *scattered evenly throughout the conference space*, not all in one place.

Trackback to BBS'05

Dave Doesn't Get It

Dave is an awesome presenter, and has a wealth of experience, but he Just Doesn't Get It about tagging. "I think it's a fad..." Oy!!

He then went on to talk about the Dewey Decimal System being great because it's so constrained. To his credit, he mentioned that the BBS'05 site has some reference to tags, notably the Flickr tag site. He makes the excellent point that sites like Technorati or Flickr that use tags, the tag link takes you AWAY from the site using them.

He's talking about business blogging adding value and building community, yet ignoring the value of the net of building ad-hoc selective, responsive communities. No standard taxonomy for tags? Sure. That could be a feature, for folks to tag about a party or the word of the day. Technorati tracking 'millions' of tags? Sure. Blah blah Moore's Law blah blah Zingiber. Come on!

For all you Dewey Decimal fans out there, I have one word: Z39.50. There's a reason why the Library of Congress wanted 'on beyond Dewey'.

Joshua, you should mail Dave and tell him about del.icio.us because if all he sees is Technorati and FlickR, he's not going to understand WHY tagging works and is useful.

Trackback to BBS'05

Live at Business Blog Summit

I am SO glad to be here at the Business Blog Summit. I didn't connect that the first-day 'Business Blogging 101' was taught by Dave Taylor-- you know, that Dave Taylor, whose fantastic site inspired me to get back into blogging. Excellent!!!

And for all you BlogHer alumni, *yes*, there is a line at the women's room. I'd say we have about 15 - 20% women attendees.

"If there's one message that I want everyone to get by the end of the day, it's that blogging is REAL BUSINESS... if you only get that message, and the rest is just a bunch of Greek or Latin or XML, that's okay." -Dave Taylor, about 30 seconds ago.

Trackback to BBS'05

Hot Diggity Dog!

I'm rather enamored with del.icio.us (and who isn't?!), less so with Technorati. Along comes a new toy which combines the best of both, digg.

Think of it as Slashdot meets del.icio.us-- a tagged news streamer with a reputation-karma editorial system. Joe Bob Strata sez check it out.

Out to Launch

A big thanks to Mo's World, whose Technorati-tagged posting about BlogHer also included a pointer to Ladies Who Launch. This looks like a great site for women entrepreneurs, and I'm looking forward to meeting more women technology consultants through the site. I also hope that I can be a resource for some of the women business owners who need a boost in the technology area.

I recently read Gail Evans "She Wins, You Win", and was impressed with her reasoning. The main idea of the book is that as women in business, we are all on "the women's team" as well as "the company team" or "the department team" etc. As such, we all need to make more connections with other women in our organization, and outside of it, and help each other along. The default for many women in business seems to be to see other successful women as rivals.

I found that the 'blinding light' idea in this book, and the one that made the most personal impact on me, was the following set of observations, pulled from various places in the book. Together they add up to a big whammy!

• Men are generally acculturated to the idea of teams, and don't expect or require to get along with or even LIKE everyone on their team. It's enough to be going toward the shared goal, and to share a victory.
• At least one study showed that women are highly resistant to the idea of forming 'teams' with people they don't also like, and feel a friendship connection toward.
• Women are generally acculturated to get a lot of self-worth from the concept that they are unique in some way. Meeting similar women can set off a defensive reflex to try to undermine or simply dislike the other woman, especially if she seems more skilled/senior in one's own specialty. Business culture often encourages this by picking one woman in an organization to be 'the woman who is different', eg who can succeed with the boys.
• Men in business culture generally take one or more of the 'up and coming young men' in their organization as a protege, and grow their network with successful people while also contributing to that success.
• Men also tend to have 'their people' follow them to new positions, whereas a woman in a new position tends to want to 'wait and see' to give the folks reporting to her a 'fair chance'.

I'd say that the last observation was the one that rocked me back the most. "What? Come into a place and already be planning to bring a team in with you, to supplant the one already there?! That's so *completely* unfair!" Then I thought about it and talked to one of my mangement mentors (a man) about it, and was equally shocked to find that, yes, it's de rigeur. He mentioned that in his experience, the amount of change you can bring to an organization (as a high-level manager or C-staff) is at its peak when you first join. It's crucial to deliver results immediately, and the best way to do that is with people you can already rely on. The 'give them all a month or two' approach, ipracticed by default, can be a powerful form of self-sabotage. Yikes. My friend also made the point that you certainly should look assiduously for the folks who are *very good* and who might soon be following 'their guy' to the new place. Those people can be courted, and possibly swayed to your team. But by and large the organization will judge you not only by your own efforts, but by the quality of team that you bring with you and attract to you-- that's *why* high-level management rates big compensation. They bring talented, busy hands *with them*.

I'm already trying to practice the 'she wins, you win' strategy. I took the time to chat with the woman who was visiting to set up a CRM installation, instead of just making sure she could log in. We had a great talk, and I hope to catch lunch with her next time she's on site. She knows a LOT about how company sales and finance workflows look, because she has to interface this system to different companies for a living. So she's got a handle on what works, what doesn't, and what 'normal' looks like, all things that I'm just starting to learn. She was very interested in the idea of enterprise IT, and wanting to understand that better because it relates to how folks access and use the CRM system. So I'm looking forward to another chance to dialog, and I think we'll both learn some good stuff!

And now it's really, really, REALLY time to catch the train up to the Business Blog conference in SF!

Linux World in SF, Tuesday 8/9/05

I'll be visting Linux World Expo in SF on Tuesday, and expect to be there after 11am and through most of the day. Ping me if you'd like to meet up onsite. If there's wireless shownet access, I might try to live-blog a little of it, but mostly I'll just be doing research on servers and NAS/SAN boxes.

Alzheimer Gourmet's 8-step Plan to Avoidance

The folks over at Future Salon recently published this interesting piece on an 8-step program for reducing your risk of Alzheimer's. The article's summary of a presentation by Dr Greg Cole, a noted Alzheimer's researcher, includes many links for further reading and, of course, the 8 steps, or preventives, themselves.

The first one is of particular interest, and a fascinating tie-in to traditional Ayurvedic theory: eating a LOT of turmeric, a featured spice in what we Westerners generically call 'curry'. There are as many types of curries as the day is long, in India and worldwide. The yellow, musky one with a sharp bite that we often stereotype as the One True Curry is characterized by oodles of turmeric. Several sources I encountered say it is also a British invention, in much the same way as 'chop suey' is an American one: an attempt to duplicate some aspect of authentic regional cooking without all the work. Thank goodness for the BBC's guidance on doing curries right. But I digress.

I can take with a certain wry humor item 7, taking 400 mg of ibuprofen daily. Despite our chiropractor's loathing for the stuff, claiming it does liver damage, my normal creaks and crunches have me reaching for those tablets at least a couple of times a week. Sure, I could tough it out, but inflammation begets more soft tissue injury which begets more pain which begets healing inflammation, etc etc. A few years ago I would get the huge bottle (or worse, bottleS, packaged together) of ibuprofen at Costco/PriceClub and think, "There's no way I would ever use this up before the expiration date!" I still hope that a sealed bottle, dropped into a Second Harvest or similar donation bin, meets a useful fate.

I'm also keen on their recommendation of high-omega oily fish, especially sardines. I grew up in a time and place where sardines on crackers were considered a fine lunch. Here in California, people put garlic on just about everything: in their mashed potatoes, scatter the 'stinking rose' in and on steamed veggies, any protein source imaginable, and even roast it to spread on their bread. But OH the looks you get if you open a can of sardines in public! "And your garlic smells better than this HOW exactly?"

I'd best conclude before I end up posting my recipe for curried tuna salad, using the "good bad stuff", eg the spice bin curry blend from the loose bins at Whole Foods, chopped vidalia onion, golden raisins, and a little finely chopped celery and/or cucumber. But that's for another blog, coming soon.