Orcmid's Lair

Welcome to Orcmid's Lair, the playground for family connections, pastimes, and scholarly vocation -- the collected professional and recreational work of Dennis E. Hamilton

This page is powered by Blogger. Isn't yours?

2004-05-29

 

Safe Safety Systems

ACM News Service: Software Safety by the Numbers.  IEC Standard 61508 describes how one establishes the safety and security of programmable electronics and the requirements on the development process for "traceability, criticality inspection, and validation." Safety integrity is also considered, including "failsafes to ensure the detection of failures and the system's switchover to a safe state should it be unable to carry out a safety function."

While this is directed toward embedded systems of a particular kind, it would seem that there is much lore here that translates into considerations for the vetting of autonomic systems for dependable computing.

Jeff Payne's 2004-04-26 Embedded.com article has the intriguing lead, "When it comes to safety, it's not what you do, but how you do it." The well-illustrated article begins with a great anecdotal example and then expands into the risk management procedures and development-process models appropriate for different levels of safety criticality.  These seem highly adaptable to an initiative for trustworthy software as well.
Comments: Post a Comment
 

Digirati Journalism's Human Face

ACM News Service: Publishing by Design - Time to Make Human Factors a Concern.  This blurb invites consideration that "insights into human-computer interaction (HCI) and design can solve many problems that currently limit the usability and appeal of digital mass communication, which is currently influenced by several false assumptions about convergence and traditional media." In particular, there are different interface challenges that come with different (mass) communication platforms, and Human-Computer Interaction (HCI) principles suggest that there's "need for interaction design that satisfies individual users."  The idea of context-applicable technologies is suggested as a way of dealing with situation as well as differing access-point constraints on presentation and interaction.

Nico Macdonald's 2004-05-20 article in the Online Journalism Review goes more deeply into strongly-held poor assumptions and provides an useful appraisal of the ease-of-use conundrum.  The article is the first in a series on HCI and design issues related to online journalism.
See also:
Semantic Web: The Needle or the Haystack? for tie-in to social software and integration
What's It All About? Objects, Languages, and Meaning for attention to abstraction and metaphor
Changing Lives Through Technology

Comments: Post a Comment
 

Out, Out, Cursed Bug

ACM News Service - Will Code Check Tools Yield Worm-Proof Software?.  According to this blurb, the Business Roundtable "blames buggy and vulnerable software code for most of the major cyberattacks and network breaches that have harried American consumers and businesses in recent years."  Focus is on defective software-development processes.

I don't want to diminish the importance of improved software-development practice, transparency, accountability, and liability for failure to apply recognized best practices.  I think those are all great moves.  I also think that it won't work if purchasers don't require it, whether it is something like a Good Housekeeping seal or anything else.  And there is something more about due diligence that IT organizations and CIOs must have to deal with.

Finally, it won't be enough.  We must deal with the prospect that the criminal element that is training itself to exploit system vulnerabilities is not going to let up, and that perfectly-working code does not assure a safe and secure business system.  We will learn that, whether we want to or not, like it or not.

The Robert Lemos 2004-05-26 CNET News article provides an extensive, balanced treatment.  The move to demonstrable diligence is important.  It is a time that we took seriously the lessons learned in the development of traditional engineering disciplines.
Comments: Post a Comment
 

Smarter IT Skills in Time Enough

ACM News Service - The Increasing Importance of Process Skills.  This blurb is a little scary, to the extent that it points to a dangerous dumbing-down of IT experience: "New technicians today may have the requisite knowledge of technology, but may lack an understanding of how their work affects business operations; they might, for example, patch a critical system during the middle of the business day without realizing the implications of that system crashing."  I find that unreal, mostly because I don't see where operations management would allow that -- unless that is part of the inexperience equation. There's a fetching analogy, that "putting such inexperienced and harried workers behind critical systems is like putting someone who has no driving experience or knowledge of driving laws behind the wheel of a Ferrari."

George Spafford's 2004-05-26 Datamation article offers more perspective, especially on the need for maturing experience and how we may have outrun our ability to achieve that (along with our divided attention problems).  Spafford does list a 5-point approach to moving forward:
  • Formal IT Governance
  • Risk Management of Rapid, Destabilizing Technology Adoptions
  • Hiring for Process Maturity Skills
  • Establish Well-Accepted Professional Accreditation (as opposed to vendor-driven)
  • Fundamental Process Disciplines in Academic Curricula
The IT Process Institute is featured as a resource for further guidance.

In short, "IT tools will come and go, but the processes learned along the way provide the real value."  There must be room for "along the way" learning.  I think this goes hat-in-hand with a bigger issue: institutional learning takes time and considerable experience over time, by individuals, teams, and the organizations in which they partake.
Comments: Post a Comment
 

E-Learn Me This


ACM News Service: New E-Learning Tools.  I'm half-way through an M.Sc in IT program that is delivered by distance learning.  Everything is done on-line via computer-mediated communication (CMC).  And I find it very difficult to relate this blurb to anything I recognize as E-Learning.  It seems to be about applying learning algorithms to Interactive Tutoring Systems (ITS), and the learning algorithms are about machine learning.  I can't tell whether the machine is learning, or the machine is supporting a human learning something, or if these are thought to be the same thing.

Chandra Devi's NSTRP e-media report has more words, but my parser hasn't learned to gain more from it than in the original blurb, but for the final statement: "Overall, the [Canadian research Learning Objects Repositories Network (Lornet)] mandate is to make progress on the fundamental research required to support distance education."

I might be happier if I understood what the linkage between "machine learning" and "distance education" is meant to be.  On the other hand, maybe not.
Comments: Post a Comment
 

Semantic Web: The Needle or the Haystack?

ACM News Service: WWW2004 Semantic Web Roundup.  This is an interesting summary of the Semantic Web at a cross-roads.  There is a lot riding on the recently-stabilized RDF and OWL specifications.  The key: "Both boosters and critics of the Semantic Web effort say applications need to get on the ground soon to determine the future of the technology."

I am one who maintains that the Semantic Web is ill-conceived in regard to presumptions about "well-defined meaning" and other naive ideas about ordinary language.  I also find the tools to be interesting and potentially useful, just as I take interest in the computational methods and heuristic procedures that are commonly classified as supporting Artificial Intelligence.  But I have no metaphysical commitment to AI nor to the Semantic Web as broadly presented (with muted caveats).

Paul Ford's 2004-05-26 Roundup for XML.com provides the detailed summary.  There is tantalizing mention of many tools, mostly developed in Java, and a suggestion that
"For the Semantic Web to succeed on the desktop, it may need to leave Java behind; one promising approach might be to focus energies on .NET/Mono implementations; alternately, developers could consider using Mozilla's XUL, particularly given the fact that Mozilla already stores application data in RDF -- 'triples all the way down.' "
I think that is promising, and something to look at for blending into social and collaborative software in support of interoperability and interchange, whether or not the wider sense of Semantic Web is achievable.
See also:
Metadata Coherence, Interchange, Aggregation
I'll Have the Blog Special with Extra Sauce
Steve Gillmor: Tablet as Information Appliance
Wikis for the Rest of Us?
When Did We Ever Keep It Simple?
Why Indeed, Awkward Software?


Comments: Post a Comment
 

And the little phish have bigger phish to bite them

ACM News Service: Gone Phishing - Web Scam Takes Dangerous Turn.  This blurb points out that phishing is becoming increasingly-aggressive, and the installation of keystroke loggers and similar programs is becoming increasingly stealthy.  You need to be a Wall Street Journal subscriber to see the full article.

I caught a fraudulent MSN Billing e-mail in my Outlook Express this past week.  The message from Billing@Мsn.com was recognized as spam by MSN Hotmail (!) and it was placed in my "Bulk Mail" quarantine.  (You will recognize another tip-off if you look at that e-mail address while telling your browser to try different language character sets.  That's harder to do in Outlook Express.)  I noticed the message when I reviewed the folder for false positives a few days later.  I'm not going to describe all of the tip-offs by which the scam was obvious and the e-mail was recognized as fraudulent, but I caution people to avoid anything that suggests they fax credit-card account information to an 800-number.  Beside the MSN Hotmail segregation into "Bulk Mail," I also had Norton Antivirus and Outlook Express watching out for dangerous attachments.  OE suppressed the HTML attachment that might have gone beyond inviting me to do something stupid manually as the plaintext version of the message did.



I managed to report this incident to MSN, although it was a chore to find a contact point -- I finally gave up searching on-line and used a known contact at Microsoft.  As in many aspects of life, it sometimes comes down to knowing someone (or at least knowing their name and, in this case, their blog page).

It is my experience that web sites and web-commerce organizations rarely provide a recognizable way for users and customers to notify the company that there is a security or fraud matter that they need to know about.  Microsoft, in providing comprehensive technical security support, has a page for notifying them of a security vulnerability that is discovered about a Microsoft product or service, but MSN doesn't nor do the MSN links provided on the Microsoft vulnerability-notification page.

This experience reminds me of Bruce Schneier's discussion of agendas in Chapter 3 of Beyond Fear.  It is clear to me that, while the MSNs, Yahoos, and Googles and eCommerce services of the world are after my eyeballs and clicks, they don't want me to be worrying my pretty little head over security incidents about them.  They are not operating from a "security and anti-fraud is a matter of visible vigilence for us and we welcome your shared concern for our mutual, safe participation in the Internet community" stance.  So there is not much a Boy Scout can provide as a cyber-civics contribution.  I now have more than enough reported incidents to qualify for the merit badge, though.

My benchmark for how to handle fraud and security issues is at amazon.com, which has reasonable transparent operation and is aggressive about learning of imposters and squashing them.  Who do you nominate for best-of-breed in welcoming feedback on security and fraud incidents that you notice?
I haven't used my MSN account as my e-mail address for several (at least 6) years since spam became a problem.  Someone (perhaps many someones) mined the MSN membership list and it drowned out my ordinary use of that address.  The spam and klez.h from address books that still have that address keep on coming.  I retain the address for Passport and MSN Messenger usage, and it is the name of my back-up dial-up account that, at one time, I could use to roam in Japan and Italy (via the UK).  Sometimes, some long-lost-sight-of acquaintance tracks me down by that address.  I have no intention of abandoning that account and e-mail, but it is becoming less and less useful as time goes on.  I can no longer use its secure SMTP provisions to send mail while I am on another service, using another identity that I want people to remember and reply to.  These privacy/security-oriented interventions have been more inconvenient than effective since spammers find a way and I have to play nice in a game that just makes me work too hard.
Comments:
It occured to me that most users of MSN Hotmail do not read their mail via Outlook Express.  I am one of those who prefers to work through mail offline, and who does not find browser-accessed mail either convenient or appealing.  And once-upon-a-time I could make POP3 access to MSN mail via Outlook (from the 97-level beta to 2000).  Nowadays, access via Outlook Express is my best, and most-secure way to retrieve from MSN Hotmail.

For those who see their Hotmail messages in a browser, the scam may have fewer visible tip-offs. Either way, the greatest resistance to this sort of attack is to avoid surrendering to social engineering -- anything that asks you to do something that you cannot verify independently. I repeat, independently. Trust nothing provided in the message itself.
Post a Comment

2004-05-28

 

Ward Cunningham - Revolution in Communication

Ward Cunningham - Is there a revolution coming in the way people communicate?.  I could have saved myself some work if I'd read through my newsfeeds in alphabetical order instead of the reverse-order that I usually follow.  Here Ward makes many points that I have been grappling with in other material I'm digesting.

The Channel 9 folks pulled at least 3 videos out of one Ward Cunningham interview, and here comes a different one.  Ward speaks to the blogosphere, wikis, finding eyeballs for your code, and more than that arranging enough time for developers to express what their code is for and the problem it is solving.

I am going to have to download this video and play it through one sentence at a time to capture every single gem. He talks about cultivating programmers to capture abstractions well and having a process that values abstraction: "You can have a program ... [that] doesn't say what it needs to do as best as it can and so what we do is make sure that a developer, after he gets the program working, can take the time to make the expression of what it does as clear as possible." Then at the end: "At one point we thought it was easy to explain things, but we deal with ideas that are so complicated in the world that we have to practice saying it to find a way to articulate what matters." He's saying that's something that blogs and wiki support, the communal articulation of what matters.

It is a great reminder that the best face-to-face conversations are where people listen intently and promote articulate expression just by listening. So maybe, just maybe, there is something that matters in all of this cyber-socialization.
Comments: Post a Comment
 

The Edge That Bites

Sam Ruby: Détente.  Spotted by Mark Pilgrim, and noted on Sam's Feed earlier, this entry carries an amazing amount of information about edge cases.  (I have one right here - my Blog This! tool doesn't capture the <title> use of "é" in détente, so I have to paste it in from the little character-map tool.)  This is a wonderful compilation of interoperability and coherence glitches.
Comments: Post a Comment
 

Adding Music to Serious Chat

Full Circle Associates Online Interaction & Community Blog: Adding Music to Serious Chat.  Here's a great idea.

I liked the idea so much I followed the link to the harp music.  I had to drop my firewall to permit mobile code (because of Flash), and then make it a trusted site so IE 6.0 would allow the ActiveX to run.  And I still didn't hear the music, though the applet or whatever said it was on, and my speakers were active. Ah well ...

This comes back to the earlier topics about software integration, and also making systems safe and secure.  I think it is still a great idea, and I would love it if MSN Radio Plus ran in the Media Player instead of the browser and thereby messing with my browsing attention.  This is something more to look at as I explore how to create the necessary affordances in simple social-software components.
Comments:
In the 20 years I lived in the Rochester, New York area, I moved from an affection for album rock to smooth jazz and new age FM stations. I still fancy album rock, but the stations have changed. Also, some of the best area stations can't be received in the saddle on a hill that is my neighborhood in West Seattle. The great broadcast from Tacoma's Bates Technical, with its funky student commercials, is inaccessible. My barber receives it fine, but that means I get a fix only every other week if we remember to turn it on. I get my next booster shot on Wednesday. I've made a note to find out if the new owners of the license have preserved the format.

The point: There is/was a station on the Niagara frontier that calls itself broadcaster of "the sound track of Western New York." Nancy's experience with people having the same ambient music while in a chat conference reminded me of that. 

What is the sound track of my life, and what is the sound track for what I am doing right now? I am listening to (while mostly not consciously hearing) the fan in my desktop computer one desk over from me. It is morning and Vicki, who has acutely sharp hearing, is sleeping in upstairs. Time to keep the headphones attached and tune up some internet radio or pop in a CD.
This post has been removed by the author.
I took another shot at the music, and it still doesn't play, in either ON or OFF position. I dropped enough protections to download an update to Macromedia Flash, but it made no difference. My firewall tells me that it is blocking mobile code, even when I specifically allow it for that site. That usually means there is some URL or script that accesses a different site for more mobile code, and I am not going to do anything about that. It is too much like running as administrator on an open internet.

I'll have to find my soothing ambient music elsewhere [;<).
My barber tells me that Bates Technical sold their frequency allocation and pored a pot of money back into the school.  The new owner and licensee (however that FCC business works) is broadcasting some sort of alternative, punk, skritchy stuff.  He said I wouldn't like it.  I'm certain too.  The alternative barbershop recommendation is to listen to "The Mountain" except it has gotten much more yak, yak, yak over time.  The radio was not turned on and we did nothing to change that, having an useful discussion about our political inactivity instead.  The weather was delightful. It is Spring in Seattle and the weeds will be knee-high by the fourth of July.
Post a Comment
 

I'll Have the Blog Special with Extra Sauce

How to Save the World: Work-Arounds for Blogging's Limitations.  Spotted-onward by Nancy White, this 2004-03-27 entry by Dave Pollard touches on blogging as distraction and then segues into what it would take to make blogging more effective:
  • accessibility to novices
  • easy audience/community connection
  • seamless transition and co-integration with reading, commenting, e-mail, messaging, telephony, audio, video, wikis, other tools along-side/together
I think I have the answer on what keeps me from switching to audio and face-to-face though. I'd have to dedicate my attention to listening, and that is not what happens when I am blogging or reacting, even typing here at a web page that has David Weinberger's great smile in front of me.  Now, I am of a generation where habitual use of the telephone and especially long-distance calling was not ordinary.  But I don't think that is it.  It is about how jealous I am of my attention.  I wonder what that is hiding?

Meanwhile, Nancy White has a great list of related questions about the utility of the blog as an instrument of social computing, building on Mike Gotta's analysis.

OK, this interests me.
Comments: Post a Comment
 

Steve Gillmor: Tablet as Information Appliance

Gates Paying Attention to RSS.  Another Scoble spotting, this 2004-05-25 eWeek article by Steve Gillmor has far more to offer than the usual "what took Bill so long?" and "watch out, here come the Borg!" analyses.  Gillmor talks about what it is that Gates gets and expresses from his position as visionary, and how the theme is unerring.

I am fascinated by the Tablet PC, and I won't have one until a year from now, securing my longstanding record as a late adopter (I still have two Windows 98 machines in the SOHO operation here, and my Windows XP Pro laptop was built in 1998).  And Steve Gillmor confirms my anticipation by pointing out that he won't give up his HP tablet, even though he still uses his Mac PowerBook, but more like a home-base system, in my view.

It is interesting how OneNote, full multi-media capture/manipulation/transformation/presentation (including ink), and simplified authoring, collaboration, and syndication figure into the evolving information-appliance nature of tablet configurations.  Yummy.
Comments: Post a Comment
 

Dana Epp: Adopting a Least Privilege Stance

Dana Epp's ramblings at the Sanctuary : Longhorn: Adopting a least privilege stance for users.  Encouraged and spotted by Scoble, this article provides some interesting links and a discussion of the stance one takes to foster secure installation of operating-system distributions.

I like the idea of running with least privilege, and I went from Windows 98 to Windows XP Pro to be able to enjoy that kind of safe operation.  If I could only make it work simply.

Although Dana is talking about technical approaches, I think his comments and the Channel 9 commentary on running/installing as administrator point to something deeper. I want to emphasize the notion of a "stance" and what it takes to institutionalize vigilant, pro-active attention to safety and security. We have a long way to go. I notice for myself that I want the benefits and I don't want to do the work. Based on the alibis I read, I'm not alone in that. A pervasive alteration of development culture and attitudes is required, and backsliding will always be the path of least resistance.
Comments: Post a Comment
 

Jakob Nielsen: From -30 Past to +30 Future


Thirty years with computers: Builder AU: Web Development: Site Design.  Slashdot spotted this compact reflection + prediction article.

It is interesting to see Jakob Nielsen's reflections on his first experience with computers in 1974 (a minicomputer followed by a mainframe system), to the personal computing experience of today, followed by an extrapolation to +30 and what he expects to see, if he keeps up his exercise!

I can testify that the computer keeps being re-personalized (though the first personal users were definitely of the code wizard ilk), based on my ability to reach back to -46 and my first programs (IBM 704 then IBM 650 -- I was heading in the other direction toward personal use, and I never got very far from that), even when batch submission was the norm. So, with serious attention to diet and fitness, I might check in with Jakob at +30 to review these predictions.

I will be happy to have a personal terabyte along with 100 GB of non-volatile RAM on a tablet configuration. Fortunately, I won't have to wait so long for that. Also, I want something that leaves me in custody of my digital materials while also being able to memorialize whatever might be valuable to hand onward to those who follow. We are getting to the time when preserving a domain name and cyber-identity beyond our lifetime becomes a consideration.

With regard to Nielsen's particular 2034 predictions, I see this:
  • Personal computer - more than enough soon enough
  • Display resolution and performance - ditto
  • Self-Healing systems against bugs and exploits - yes, but it is difficult to see how we get there from here: this is not a more-better-faster deal, it is about a whole different way to be smarter
  • Games and Simulations - I like that, especially putting more play back into computing, just so long as it has nothing to do with fast reflexes and pop-culture knowledge, and maybe there is a way to take social software into this for the community of oldsters
  • Computational Agency - well, all right, though my model is still Heinlein's smart vehicle in Number of the Beast
  • Jacking In - I think I'll pass on that one, and can see a terrible separation of generations as the kids continue to cyberize themselves.
See also:
1 Terabyte per Person for Life



Comments: Post a Comment
 

Wikis for the Rest of Us?

Socialtext: Something Wiki This Way Comes.  This is a great high-level view of the introduction of wikis that riffs off of a BusinessWeek feature.

There are suggestions about easy ways to begin using wikis via hosting services created for that purpose. Although my goal in life is to bring all of that onto my own systems and reduce the use of intermediaries, taking the geek prerequisite out of the care and feeding of a wiki is a challenge.

This assertion for Socialtext applies to social software generally, especially wikis and blog-wiki integrations: "Socialtext changes the way people work beyond making group communications more productive and effective. But beyond productivity, it changes the way people work by letting them adapt to a changing environment while developing a group memory."

Which leaves me with a great theme to explore: Wiki -- Whose Memory Is It?
Comments: Post a Comment
 

Metadata Coherence, Interchange, Aggregation

Caveat Lector: Aggregating Metadata.  Dorothea looks at metadata, RDF, tagging, and descriptive systems from the context of use and experience in librarianship.

This is a powerful perspective, especially with regard to the intense reliance on tacit knowledge and craft work in classification, cataloging, and indexing that arises in the application of information sciences.  I say this is a big deal, especially around the illusions that we harbor about the Semantic Web and the other use of artifacts to capture so-called knowledge. My pet claim in this context is to challenge anyone, using the MARC specification alone, to successfully create and interchange bibliographic information.  If that is too daunting, find the Dublin Core specification and notice how much you have to make up in order to create the content of an element with, say, tag <dc:creator> in XML.

In Aggregating Metadata, Dorothea looks at how noisy the process becomes once we actually want to interchange and share metadata material.  With aggregation and repurposing of the material, all manner of little slip-ups become breakdowns.  Dorothea raises an issue that I puzzle over too: Is it actually a good thing for processors of metadata coded in digital interchange to be forgiving?

I am undertaking some work (under the nfoWare category) where I intend to be rigorous about what is accepted or not.  Dorothea's perspective and experience is something that I want to refer to and keep in mind as I look at the digital forensics application of information-processing tools as well.
See also:
WinFS and Where the Metadata Comes From
When Semantic Coders Go Bad
The Insistent Messiness of Humans
Encoded Archival Descriptions
Valid != Right

Comments: Post a Comment

2004-05-27

 

Versioning Is Hard

Dare Obasanjo aka Carnage4Life - Versioning is Hard.  "One of the hardest problems in software development is how to version software and data formats. One of the biggest problems for Windows for years has been DLL Hell which is a versioning problem. One of the big issues I have to deal with at work is how to deal with versioning issues when adding or removing functionality from classes."

Amen.  Versioning is very nasty, and Dare proposes to provide a paper on the topic.  Meanwhile, as part of an exercise that I am doing with anderbill, the problem of versioning Java classes and interfaces just reared its ugly head.  This is something I wanted to demonstrate before, and now I must do at least enough to have a running development of versions of a (single) abstraction work properly.
Comments: Post a Comment

2004-05-26

 

Where Do Integration Agreements Live?

PRAXIS101: Interfaces, systems, engineering, and API's.  Anderbill and I have been pondering where meaning arises for interfaces.  He has found a relevant systems engineering account in terms of the building failure at Charles deGaulle airport. Keep in mind that this speculation precedes the thorough analysis that will be undertaken to reach a conclusive understanding of the failure and its root causes.

Just the same, the discussion of the airport failure is a great reminder that integration points introduce opportunities for misunderstanding. This inspired anderbill to recall an example of two teams understanding the use of a TIFF image-property code differently, leading to an incoherent result between image-capture software and image-presentation software.  This fits with many discussions of metadata coding and also of the general viability of the Semantic Web.

Meanwhile, anderbill and I have taken our exploration of the syntax, semantics, and "what is coded where" out of sight until we have the crude initial exploration out of the way.  We are already having fun discovering our misunderstanding of each other with regard to the chosen example and a provocative comment from anderbill.
Comments: Post a Comment
 

Autonomy and Service-Oriented Architecture

Adding policy to integration.  Phil Wainewright's 2004-05-26 Loosely Coupled blog comments on SOA management software as a means to deal with exceptions and also enforcement of business policies.  The article does not address autonomic behavior directly; it promotes discussion of how deviations can be treated from a system-management cockpit.  The lead is compelling: "SOA management software can put your business operations on cruise control, but don't fall asleep at the wheel."

The key section with relevance to management of autonomic operation is at the end, on Unexpected Errors.  The preceding section there, on concerns about breaching of layers of abstraction is also relevant.  The key overlapping concern is expressed this way, at the end of the article: "When [enterprises] automate process integration, it removes manual steps where people would previously have been on hand to spot policy breaches.  So unless policy enforcement is automated at the same time as the process itself, much of the benefit of automating the integration is lost.  Effective policy enforcement is essential to productive services integration, and customers are going to expect SOA management vendors to fulfil that need."

I don't know if SOA management will do the job, but it would seem that SOA and component models may be a good place to come to grips with failure modes and policy breaches.  I also remain concerned about interoperability and integration in the enterprise.
See also:
 Autonomy, Where Art Thou?
 MDA Lock-In?
 MDA Article: Couple of Misunderstandings

Comments: Post a Comment

2004-05-25

 

What's It All About? Objects, Languages, and Meaning

Ward Cunningham - Do you get religious about programming languages?.  This Channel 9 video interview with Ward Cunningham (the third so far) includes some fascinating observations about objects as little language machines.  I think this provides something useful about the nature of protocols too.

What I want people to notice is at the end where Ward talks about a stock trading application and how they learned about a discrepancy in the use of the same technical term by different communities when they set out to automate some of the procedures.  Listen for the observation about finding the appropriate abstraction (such that days are not about hours and minutes).
Comments: Post a Comment
 

Threat, Risks, and Trust

Jon's Radio: Threat Modeling.  Jon Udell has a nice sampling of the ideas of threat modeling and the new possibilities of computer-assisted support for creating, populating, and maintaining threat analyses using such models.

Michael Howard: Threat Modeling tool now available.  This is the lead that Jon Udell followed.  Michael Howard shows where to download the tool and Udell illustrates its application.

I notice that threat modeling is not independent of risk management, and has some of the same imperatives with regard to maintenance of a current analysis and risk identification.  When something changes, it is very important to rebuild the assessment and also update the model.

Anderbill and I toy with the notion of "trust points." This is about seeing all the places in a system where there is an occasion of trust.  This work on threat modeling has me wonder what the relationship to trust modeling might be, though I can also see trust models as being at a different level.  My own exercises, mostly in thought problems, have trust points be at very deep points in terms of detail.

I don't have a clear picture of the relationship, if any, between trust and threat vulnerability.  I am missing something.  This may be a place to dig deeper (and also in the existing terminology addressed to such matters).


Comments: Post a Comment
 

Listening to the Gang

IT Conversations: The Gillmor Gang - May 21, 2004.  This is an audio feed with Steve Gillmor, Doc Searls, Jon Udell, Dana Gardner, and guest Mary Jo Foley.  I wanted to hear some of these voices, and Scoble provided the link.  I like that Scoble links to a great variety of viewpoints and, even though he may have rebuttals to offer (e.g., about Mary Jo's previous prediction of the waning support for the Tablet PC), all perspectives are acknowledged. I'm using this lead to observe how those voices work together on the air.

Dana Gardner provides a nice review of the RSS mention by Gates and how that may fit into the concern for attention and finding a range from e-mail (very intrusive) to web sites (very passive). There is also an opportunity for profiled aggregation based on user's behavior, which is not picked-up on much.

Lots of discussion of how this is strategic or not.  It is agreed that Gates' speach is raising the level of attention.  Jon Udell sees a fundamental shift and an amazing experiment in transparency at Microsoft.  Jon sees the video of Ward Cunningham and what is happening in MS Development as remarkable.  There is speculated to be a tug-of-war in Microsoft and, while the panel can't assess it, it is noticed that this experiment is something that no Microsoft competitors are doing. (Tim Bray, at Sun, may be the champion there, but we have seen nothing like Channel9 at this point.)

Foley sees the MS blogs as great sources.

Death of the Tablet PC: Foley sees re-evaluation of how they are coming at the tablet market.  The slate model was the focus originally, now it is looking at a blended function.  It looks like Bill Gates still uses yellow legal pads, and not Tablet PCs.  Questions about Apple in the home/personal and Microsoft needing a business solution to feed itself.  I think that there is still confusion between the Tablet PC as a particular kind of configuration and how the support for Tablet functions are incorporated in Windows distributions.  The tablet as a differentiation from laptop may disappear either way.

BEA is opening up via open-source and wants to attract eyes to their Java run time and their application server. Doc Searles sees this as the progression of making peace with open-source, then getting strategic, then becoming aggressive with it.  The BEA move is seen as one of dueling frameworks, and this duel is being fought on open-source territory.  It is pointed out that only Microsoft has not found an open-source strategy yet (although it seems to me that the open-source is evil direction is being softened).

Discussion moved to the anti-spam and identification proposals with authentication of e-mail.  Jon Udell sees the cryptographic approach as a potential opportunity.  Gillmor sees PKI as just beyond the coherent level of understanding of 90% of users.  The Yahoo proposal allows for individual identities to be handled.  Google is noticed as a candidate for that (though I don't think so).

It is noticed that DNS is extensible, but the extension mechanism is not what these identity proposals are using.  There's an object lesson about extensibility in general and how successful practical extensions often work off of informal and ad hoc approaches, not the one that is designed-in.  There is a missing trusted, neutral third-party to operate the necessary registry..  Google is mentioned as a candidate for that (though I don't think so).

Jon sees two distinct questions around identity.  One has to do with authentication.  And to find out something about a party, there is a different avenue.

Comments:
This post has been removed by the author.
Funny. I saw that I had spelled Searls as Searles later in the entry, and assumed it was the first occurence that was incorrect. No, the name is "Doc Searls" and I have mispelled it later. My apologies, and I don't think I will correct the main entry simply because that will have it published to my feed for just that difference.

I had to stand on my head to get the delete symbol to appear so that I could delete the comment where I had it backwards. Hmph.
Post a Comment
 

Whose Company Is It?

Socialtext -- Enterprise Social Software.  Ross Mayfield comments on a report discussing Wiki's as disruptive technology, and pursues the "embrace change" theme.  It is not surprising that IT organizations might first lock down user-installed or used web services that are unexpected.  There are security and safety approaches that can provide more safety without preventing collaborative technologies within the enterprise.

How to deal with miscreants operating from within the organization and using outbound HTTP in a dangerous way is the part that concerns me.  I don't quite see how this can be handled if one also requires Web Access for research and coordination beyond the intranet.  Both considerations matter for many businesses, and it is not clear what the middle ground is, especially with regard to benign use of external web sites.

Meanwhile, Ross provides a suggested policy for the organization that wants to embrace change and encourage collaboration via Wiki usage.

Jim Louderback in his 2004-05-24 eWeek article that is Mayfield's source does not consider any down side at all, until deeper in the article. Louderback uses the introduction of PCs into Chase Manhattan bank as an example of how employees subverted the strictures by corporate auditors there: "But just as predictably, many IT groups will resist—wrapping themselves in up in Sarbanes-Oxley compliance, application and network security and preserving the integrity of critical systems."  Louderback then provides suggestions for employees operating under the radar!  The areas of technology he explores include Wi-Fi, Instant Messaging, Blogging, Wiki, Peer to Peer, and Social Networks.

It's the us-versus-them and the presumption that there is only an up side that I find disheartening.
Comments:
There is also an example of the tyranny of the technician here, with each one granting themselves the right to vote on what they get to add to the corporate systems and what is good for the business from their weenie perspective.  In a place that has serious privacy, fiduciary, and other responsibilities, I would expect this to result in harsh treatment for offenders.

With regard to productivity benefits and work improvement, maybe even enhancements to the quality of work life, there must be a better way to recommend potential improvements.  Bringing them in under the radar is not the way.  It is unprofessional and raises serious ethical concerns, especially for anyone with claims to professional qualifications.

I most definitely question the professionalism of advice that has people put themselves in harm's way along with a cover-your-ass recipe.
In the first paragraph of this entry, I say "There are security and safety approaches that can provide more safety without preventing collaborative technologies within the enterprise." What I meant by that is that one should work to find such win-win accomodations. That won't happen by bad behavior and adversarial approaches that then arouse predictable responses from the IT organization.
Post a Comment

2004-05-24

 

Wi-Fi Jamming Mischief

'Indefensible' Wi-Fi flaw discovered in 802.11b network protocol - Computerworld.  This Bob Brewin 2004-05-17 ComputerWorld article reports on the Denial of Service jamming attack that 802.11b is vulnerable to.  This vulnerability is accomplished at the medium (the modulation scheme of 802.11b) and cannot be mitigated with current hardware. (802.11a and uses of 802.11g in non-802.11b mode are apparently free of the defect.)

US-CERT Vulnerability Note VU #106678 provides specific details and contrasts this vulnerability with other known vulnerabilities for IEEE 802.11.

I am warming up for a security engineering course next month.  This information reveals how there are multiple levels of vulnerability and trust points in network protocols.  It is useful to wonder what form of risk management would lead to confinement and mitigation of these eventualities.  It is also useful to recognize that our development of technology is error-prone from a safety and security perspective, and appreciate what it takes to create dependable results in the face of that.
Comments: Post a Comment

2004-05-23

 

Better Humans?

ACM News Service: The Age of Purposeful Machines.  I am not that thrilled by the existence of a publication with the title Betterhumans that seems more interested in mechanical substitutes: "Truly conscious machines may be the stuff of fantasy, but researchers worldwide are making significant strides in the creation of machines that exhibit purposeful behavior thanks to breakthroughs such as teleo-reactive programs (TRPs) designed to set up behavioral rules in changing environments."

The blurb points out work by Nils Nilsson on highly-improved goal-oriented procedures involving hierarchies of ends-means-driven techniques.  Questions I have concern the degree of rigidity with which goal conditions must be specified and also how one can update with new information in a dynamic way.  These explorations may assist in establishing capabilities and limitations on autonomic computing initiatives, though, and I find it interesting enough for that alone.

Betterhumans > The Age of Purposeful Machines.  This is Patrick Bailey's 2004-05-18 Betterhumans article: "It's evident that we can create machines that behave in purposeful ways. At labs around the world, researchers are taking big steps in this direction."

What disturbs me about the article is the kind of thing that is taken as evidence for intelligence and purposive behavior, but which is to me simply misplaced anthropomorphism: "Similarly, it's not always true that computer programs react in ways that were entirely intended by the programmers. We see this in some of the seemingly random behavior of programs we use on a daily basis at home or at work. These errors happen when programs seem to want to do something rather than nothing with information they don't know how to interpret."

My wife notices my tendency to speak of computer behavior as volitional and conscious (e.g., what a program "knows"), and I can see from the excesses here why it is important to find a more-powerful and less misdirecting way of speaking about computational behavior and what it evokes for us.  I will have to see whether some circumspect way in which one can discuss agency and attention in the context of computational behavior without implying any commitment to computational consciousness.
Comments:
The article states nothing in support of conscious machines...in fact, quite the opposite. I think it's fair to say that we can have purposeful behavior without any guarantees about consciousness. We do this all the time with human beings. As A.J. Ayer states (rightly so, I think) when we ask whether or not something is conscious, we're simply asking whether or not it behaves in certain expected ways. The same is true about our measure of intelligence. The measure of intelligence is a correct action to any given request. There's nothing metaphysical or mysterious to explain above that. We have no access into the minds of other human beings, yet we attribute consciousness to them even in the absense of such access. I don't think purpose and consciousness are married quite so strongly as you would have them be.

Patrick Bailey
Thanks Patrick. In making refering to my wife's objection to something she sees me do I am putting in concerns about attribution of consciousness that are not in response to anything said directly in the article.

The article does talk about computer programs that "seem to want" and "knowing how." Attribution of volition and knowing concerns me, whether separable from consciousness or not.

I think the Ayer analysis and other inquiry is quite valuable. I don't think that is the level of the article, and I think there is more to be responsible for when using casual language that is not going to be read with the rigorous care that might occur in a different context.

Your comment has me think about the social context as well. When a computer program misbehaves, who is it that we hold to account? I think that is an important practical distinction that should not be lost in a blanket reduction of purpose/intent to observable behavior. I had a coach who would say to me, "If you want to know what your intentions are, look at your results." This is not a conversation one would have with a programmed computer. That seems rather important here.

I shall continue eliminating anthropomorphism from my speaking about computation and computers.
I'm being too circumspect. When I said just above, "I am putting in concerns about attribution of consciousness that are not in response to anything said directly in the article" I did not emphasize enough that my focus suggests something about Patrick's article that is not said there. I apologize. (Delete "making" from "making refering" too.)
Greetings, again! I've been meaning to respond to your comments, but haven't had the time. I completely agree with your assessment about the need for clarity and careful use of language when addressing computing issues and concepts. Unfortunately, I find that often ideas become "dumbed down" for numerous reasons (usually because of the preconceived notion of a "target audience") and we sometimes lose something in translation into "layman's terms."

I like the comment you included about your coach, but I wonder if he really ever took time to stop, think about, and appreciate all of the implications of his statement. Clearly, I think, we can have results that go beyond or are in opposition to our intentions. I think our results only meet our intentions when a specified set of conditions are met.

At least you took the time to consider the issues in the article and comment on them, which I greatly appreciate. Discussing the issues is the best way for us to work through the rough spots in our concepts. :3)

Patrick Bailey
Post a Comment
 

When Did We Ever Keep It Simple?

ACM News Service: A Design Epiphany: Keep It Simple.  This is fascinating. The startling statement for me is Media Lab's Walter Bender noting "that he has never seen commercial software that is simpler than its predecessor."  John Maeda leads a Simplicity Design Workshop that is digging into how to accomplish simplicity.

A Design Epiphany: Keep It Simple.  Jessie Scanlon's 2004-05-20 New York Times article includes some great examples and counterexamples of simplicity.  The emphasis is on user-centered design.  I am not clear how accomodating this turns out to be, based on how easy it is to arrive at something "simple" that is biased to a different agenda than the user's, especially in on-line applications and services.

The examples are great, and we can nod over the anecdotal evidence. What I want to see is how one measures the claimed qualities and what was done to confirm that the product achieved the required measures.
Comments:
Definitely! And this is where I see using tools and methods like those developed by Tom Gilb being of value.

[OT: how the heck do you trackback on Blogger?]
[OT: When the post a comment page comes up on this site, it says the site does not accept anonymous comments, which is hooey. The link is still there and I am using it successfully {I think}. I have to do this because the logon system is apparently overwelmed and I can't wait around. Hmm, and there is no spell-checking service on comment posting. My, my.]

OK, Orcmid here. There is no trackback support on Blogger. I make trackback pings the hard way. After I have posted the article and know what its permalink is, I manually use the SimpleTracks page at http://www.kalsey.com/tools/trackback/ to make the trackback. It was only fun about twice and now I am too lazy. I think I can make an improved page to do it more easily, but I haven't done the work.

One place where this doesn't work is on sites where the trackback ping address must be figured out by autodiscovery from the weblog entry. That I don't have anything for. The Channel9 folk apparently provide for trackbacks this way.
Post a Comment
 

Autonomy, Where Art Thou?

ACM News Service: Self-Managing Systems Not So Self-Evident.  I am somewhat baffled by this lead: "Autonomic computing experts agree their field is still relatively immature, and that vendors still need to build out their product portfolios and educate people about self-managing technology."

IBM architect Jeffrey Frey "said the reality was that enterprise systems and data are constantly in flux, and that management needs to be able to quickly address that fluctuation with rapid and autonomic decision-making."  I think this refers to the question about being able to interoperate systems management across autonomic systems in an enterprise, but I am wondering who trains this, or is trained for it.

I am puzzled about the prospect of autonomic computing in general. I am baffled how we are to manage emergent behavior by monkeying in the plumbing.  Prozac for computers?  At what level of abstraction is the notion of autonomic computation manifest and how does it figure in the way we engage systems in accomplishment of useful work on behalf of enterprise?

Self-Managing Systems Not So Self-Evident.  Clint Boulton's 2004-05-19 InternetNews.com article describes the panel discussion at the first International Conference on Autonomic Computing.

As introduced by IBM in 2001, autonomic computing "is a term used for a network's ability to self-manage, self-heal and self-configure systems -- be they Web services or data center infrastructure -- on the fly to make sure networks suffer as little downtime and require as little maintenance as possible. The idea is to free up software engineers to conduct other critical tasks."  One can see how this emphasis (from IBM's Jeffrey Frey) suggests a reduction in labor-intensive trouble-shooting and repair of mission-critical systems.

One interesting difference among the panelists is the level of granularity and monitoring at which antonomic operations function.  This accounts for differences between IBM's on-demand use of autonomic computing, HP's Adaptive Enterprise strategy, and Microsoft's Dynamic Systems Initiative.

There is lack of any agreement on approach and standardized information that might be used in coordinating and management across the enterprise. The account by Amazon's Jacob Gabrielson starts with reality -- the challenge of maintaining operation of amazon.com and its back-end and plant operations. "He lamented that single points of failure were problems, and said the company uses a combination of 'plug-an-play' infrastructure and proprietary software to help its computers communicate."

It seems that it comes down to basic questions: How does one apply hot fixes and/or roll-backs, how are they set up, and how are they established? How does one confirm the validity of an adaptation/re-configuration maneuver?
Comments: Post a Comment
 

1 Terabyte Per Person for Life?

ACM News Service: Conference Mulls Web as Personal Memory Store.  This blurb looks at several possibilities, including the impact of each of us have 1 terabyte (TB) of personal storage for ourselves.  That is the target for my Tablet PC: 100 GB non-volatile RAM plus 1 TB of personal memory on a hard drive.  I don't think we'll be there by July 2005, so I'll have to do at least one upgrade before reaching that point.  The question I am left with is how do I memorialize that material, and how do I ever do another upgrade?

It is now easy to see how Googol is able to promise 1TB per user for GMail, since they won't have to deliver for most of us - it is simply inexhaustible, based on other throttling mechanisms.  And, if the past is any guide, new developments and practices will overpower that assumption.

Top News Article | Reuters.com: WWW Conference Mulls Web as Personal Memory Store.  Eric Auchard's 2004-05-20 article covers the WWW2004 topic on holding access to ones "life history," especially as it is situated around Internet usage.  The key themes:
  • We are developing affordable capacity (including $1000 per Terabyte) where there is little reason to throw anything away, and this can help preserve personal memory (Rick Rashid, Microsoft Research).
  • Being able to revisit wherever one has been before with an intelligent "back button" (Stu Feldman, IBM internet strategist).
  • Instant textbook updating (which doesn't seem to understand how instruction works)
  • Continuous medical monitoring
  • use of work toward the Semantic Web to make electronic mail easier to search and use. (Hmm, what does the markup and how do users establish their own context.  Hmm...).
  • Your video-camera-equipped cellular phone and other always-on devices will be your eyes for digital capture of presence and important experiences
  • The cultural impact is unfathomable

Comments: Post a Comment
Hard Hat Area

an nfoCentrale.net site

created 2002-10-28-07:25 -0800 (pst) by orcmid
$$Author: Orcmid $
$$Date: 04-11-25 22:44 $
$$Revision: 4 $

Home