Slidin' on the Ice blogs

New blog

Thu, 31 May 2007 08:12:11 -0400

FYI, I made a clean start with a new blog over at cannell.org/blog.

SafeHomeComputing.org

Tue, 26 Sep 2006 10:38:22 -0400

Last night Lori and I gave the featured presentation at a Farmington Public Schools Parent Forum. The title of our presentation was "It's a Whole New World." Here is the "elevator pitch" we worked from when developing this presentation:

Many parents only think about (or talk about) the Internet when a news report comes out covering a crime involving a child and the Internet. This results in many parents simply trying to "contain" the "Internet risk." While managing risk is critical we also want parents to think about the types of skills their children need and what they can do today to help them succeed in a future where the Internet will play a pervasive role in their personal and professional lives.

In support of this presentation we created a new website, www.SafeHomeComputing.org, as a place to publish the presentation material along with copious notes and links to the websites we referenced. We have also added a number of news feeds from several blogs and media outlets that deal with home computing and Internet safety issues.

Performancing for Firefox

Mon, 21 Aug 2006 20:10:51 -0400

I just loaded Performancing for Firefox and it is everything I expected. This is an awesome blog publishing tool and it works perfectly with my Drupal-based blog.

I am still just starting to use these types of tools but, based on my initial impressions, Performancing clearly sets the benchmark for blog publishing tools.

Technorati Tags: performancing

Windows Live Writer

Fri, 18 Aug 2006 13:40:54 -0400

This is getting too easy. It's been about a year since I seriously investigated client-side blogging tools. At the time they were quite lame. I have been meaning to set some time aside to test Performancing for FireFox but haven't gotten around to it. With all of the publicity around Windows Live Writer I decided to go take another look at these types of tools.

This is my first post using Windows Live Writer. I guess I won't have an excuse for not posting anymore. My first ten minutes in this tool has been pretty good. I probably spent more time installing the beta software (I took the bait and also loaded the Windows Live Toolbar, the Onfolio RSS reader looks interesting, btw) than it took to configure the software.

My server software is Drupal 4.6 and Live Writer seems to work well with it. I understand there are some problems with Live Writer creating temporary posts to support "Web Preview".

Nevertheless, this is impressive.

Ben Harper and the Innocent Criminals

Fri, 10 Mar 2006 21:45:28 -0500

Discovering great new music is getting really hard to do. With busy schedules at work and home I have virtually no time to go exploring at music stores. However, I am having some success by renting concert videos from online DVD services like Blockbuster Online. By surfing through the listings I occasionally find highly (member) rated concert videos. So I take a chance and place it in my queue. I previously found Beth Hart and now Ben Harper and the Innocent Criminals, Live at the Hollywood Bowl.

It's rare to find someone with the natural enthusiasm and talent like Ben Harper. This concert is an engaging mix of R&B and Rock with a touch of Hip-Hop and a dose of Reggae. Harper's versatility, talent, and love for the music shines through it all. I especially loved the groovin' rhythms of "Brown Eye Blues", the edgy guitar in "Temporary Remedy", the rolling melodies in "Gold to Me", and the thoroughly enjoyable blending of street sounds in "Steal My Kisses". Harper also shows his vocal talents in a cover of "Sexual Healing". It's a rendition that gives Marvin Gaye a run for his money.

This is awesome music. True talent.

Webcal

Thu, 16 Feb 2006 18:24:14 -0500

GEEK WARNING: This post contains technical jargon and discusses a topic that will bore the daylights out of most people. Only those who think they know what this post is about based on its title should read on.

A topic I cover in a recent Collaboration Loop post is calendar subscriptions. This is something made popular by Apple's iCal program which allows Mac users to publish schedules for others to subscribe to and display on their own iCal calendar.

How iCal works is simple but it is the combination of how it leverages existing standards and the creation of a new URL schema that makes it innovative. In short, whenever you see a URL that starts with webcal:// you can be sure that it points to an Internet location that contains a calendar in iCalendar format. You should also treat this calendar as something that should be periodically checked for changes and not a calendar that is imported one time. Simple, but effective.

The challenge I had was deciding how to refer to this method in the Collaboration Loop post. I chose "webcal". My choices were to refer to this method as:

iCal
"Techniques made popular by Apple's iCal"
webcal

In the end I called it "webcal" because there did not seem to be any better options. iCal is too ambiguous and "Techniques made popular by Apple's iCal" is too long to use more than once. Webcal was just right. I have not found any reference to this method as officially being called, or even proposed to be called, "webcal" so let me be the first to propose this name.

To understand my reasoning behind this let's first review how an iCal calendar goes from being authored on a Mac to being subscribed to by another iCal user:

An iCal user, let's call him Nate, creates a calendar. For this example, let's say this calendar is a schedule for my favorite professional sports team; the Detroit Pistons basketball team.
Nate instructs his iCal that he would like to publish this calendar. Since I do not have a Mac I don't have specific dialog boxes but I will assume that the configuration for this calls for the entry of a URL or, perhaps, a .mac account (which maps to a URL).
iCal then exports the Pistons' schedule to a iCalendar-formatted file and uploads it to a webserver using the webdav protocol at the specified URL.
Nate's friend, Kate, wants to use this calendar. Nate sends Kate an email message with the URL for the published calendar. For this example, the URL is webcal://www.example.com/DetroitPistons.ics
While Kate is reading this email she clicks on the URL which fires up her browser. The browser recognizes the URL scheme (webcal) as something handled by an external program (iCal). It fires up iCal and passes the URL to it. (ok, again, I don't have a Mac so the email program may invoke iCal directly, not important to the flow of this story, stay with me).
Kate's iCal first adds the URL to its list of subscribed calendars. It may also download the calendar for the first time using http. In fact, the URL used for the actual download is the same as the URL above except http is used instead of webcal; http://www.example.com/DetroitPistons.ics

This is a critical point to note. The webcal:// URL schema simply tells Kate's browser to pass the URL to an external program, iCal. It does NOT tell Kate's browser to download the file.

If Nate sent Kate the url with an http:// instead (http://www.example.com/DetroitPistons.ics) Kate's browser would simply try to download the whole .ics file and do something with it. Assuming the webserver's mime types are configured correctly this would cause the events in the .ics file to be imported into a calendar. Which is not what what Kate wants to do. She wants to subscribe to the calendar so any changes are updated on her copy.

Now that Kate has subscribed to Nate's Pistons calendar Kate's iCal will periodically download the Pistons' calendar using http. If it is coded correctly and behaved like a good citizen of the Internet (like I expect iCal is, but I can't verify) it would save the date of the last calendar change and only download the whole calendar after noticing that the date is newer. This important piece of information is provided by the http protocol and avoids unnecessarily downloading the whole calendar file.
iCal then reads each event in the calendar, matches it up with the version of the event it downloaded previously, and updates the calendar if it has changed (or was added or deleted).

So, if I have not lost you by now, you should recognize that an iCalendar file specified with an http URL scheme is handled differently than one specified with a webcal URL scheme.

The http URL scheme causes the browser to download the entire file and then hands it off to an external program, which would import the calendar events.
The webcal URL scheme causes the browser to handoff the URL to an external program. It is up to the external program, in this case iCal, to add it to the list of subscribed calendars.

Many of you probably feel that I should just call it "iCal". But that is too ambiguous for the following reasons:

This is the name of an Apple product, not a method.
iCal is often used as a short-hand name for iCalendar, the standard file format. To see what I mean read Wikipedia's definition of iCal . Although iCalendar provides a piece of this innovation it does not sufficiently describe it and is still too ambiguous.

To make matters worse even vendors aren't consistent in describing this method:

For some reason Trumba's Public Calendars have an ICAL link that uses an http URL scheme which simply imports events and does not subscribe.
Airset seems to get it right. It offers two links. One to download the calendar (using http scheme) and the other to subscribe (using the webcal scheme).
Microsoft's Windows Vista page goes out of its way to completely describe what it does in three paragraphs.
IBM's recent announcement is quite vague on what support for iCal really means. It took this blog entry from someone who attended Lotusphere to clear up the ambiguity for me.

In the end "webcal" seemed to describe it best.

Does this make sense or did I miss something?

It is interesting to note that rss and atom might have benefited from the URL scheme approach; perhaps call it rss:// or atom:// but instead the standard that emerged uses embedded "link rel"s to indicate an associated feed. Using a URL scheme would have been much simpler but browser support is the big issue. Another topic for another day.

Collaboration Loop

Thu, 26 Jan 2006 21:02:25 -0500

I recently started blogging over at Collaboration Loop. My first two posts are:

And while you are there check out some of the other bloggers contributing to the site. I am honored to be in the company of such GEECs (Global Experts In Electronic Collaboration).

Collaboration Loop is produced by Media Live (now part of CMP Media) which also produces the Collaborative Technologies Conference. The next conference is coming up this June in Boston.

Change

Fri, 06 Jan 2006 09:35:22 -0500

Today was the first time I read something from Bucky Fuller (I think). I came across a quote of his in this post from Dave Pollard. It hit so close to home for me that I just had to capture it here:

You never change things by fighting the existing reality. To change something, build a new model that makes the existing model obsolete.

Google Analytics and Privacy Policies

Sat, 19 Nov 2005 20:26:10 -0500

I have been looking into Google Analytics to help with our local sports association website. We use League Lineup to manage all of South Farmington's Baseball and Softball leagues. Parents use the site to find practice and game schedules, directions to fields, enter games results, and standings.

We first used it last year and it was very successful. Antecdotal feedback from parents has been all positive and the web traffic we saw convinced us to upgrade our site to include banner ads from our sponsors. Now, I hate online ads, particularly those nasty pop-under kind that happen when using Internet Explorer. But, these League Lineup ads are tastefully insert into the same spot on every page AND they come from local businesses that are supporting youth sports in the community. These are not your standard internet ads. They come from local businesses and are intended for local families.

Unfortunately, League Lineup's banner ad service does not provide any click-through data that we could use to determine the success of the program and to provide our sponsors. So I was excited about the launch of Google Analytics. The price is right for a non-profit (free) and it appears to be just what the doctor ordered. Even with the trouble Google experienced this week launching the service I am still excited about the possibility of this service solving a real problem for us.

However, Fredrik Wacka, over at CorporateBlogging.Info points out an issue that I never thought about but will definitely cause a stir on the 'net. Here is what Fredik says:

According to Swedish and European Union law, it's illegal to set cookies without telling people on the site that you do, what they're used for and how they can be avoided.

Google Analytics, GA, does set cookies. What information they collect from your visitors is impossible to know (one of the cookies is valid until 2038, though...). When a lot of people, among them probably many bloggers, start using GA they will in fact break the law unless they warn their visitors. And how many will do that?

There's been a lot of discussion about this in Sweden today. It is very relevant. I assume that the same discussion is relevant for all other remote stats services -- but, as always with Google, their services become huge.

Considering that European police forces probably won't be doing raids to catch bloggers that don't warn about cookies, I think that an equally important discussion is what these cookies do. What information are we providing Google with?

This is another case of law playing catch-up with technology. I checked Google's privacy policies and I see nothing that addresses this issue. They only address how they use information about users of Google services. Google must have known about this before launching GA. Why didn't they address this beforehand?

Between the launch problems and these potentially huge privacy issues, Google is starting to look more like a company of mere mortals rather than the visionaries we have been hearing about.

Save your PC from being a Zombie

Mon, 31 Oct 2005 15:59:38 -0500

If you are like me, you are the one friends and neighbors call when they are having problems with their home computer. I love providing this type of help to those I ...well, love, but it gets a little frustrating when you see the same problems over and over again.

Microsoft and the FTC had a press release last week called "Don’t Get Tricked on Halloween: Federal Trade Commission, Consumer Action and Microsoft Warn Internet Users of Zombie Computers". It was accompanied by a really good Powerpoint presentation that illustrates what can happen to an unprotected computer. Be sure to read the speaker notes to get the full story.

The slides recommended these steps to protecting your home computer (links to products added by me):

Use a firewall - I've had good luck with Zone Alarm (free download) but it is better to use a hardware firewall like the D-link 604 Router ($23 to $55 via Yahoo! Shopping)
Get computer updates
Use anti-virus software - Try using AVG Anti-Virus from Grisoft (free for personal use)
Use anti-spyware software - I like Ad-Aware from Lavasoft
Be cautious of attachments (don't open just any file sent via email)

However, they missed one REALLY IMPORTANT tip to save your PC from becoming a zombie. I am serious when I say DO NOT USE INTERNET EXPLORER, use Firefox instead. Not only does it provide better protection it stops nearly all of those annoying pop-up ads.

Enteprise RSS Requirements

Fri, 28 Oct 2005 14:18:57 -0400

Charlie Wood and Greg Reinacker have previously discussed enterprise RSS requirements. Charlie highlighted security, administration, and integration. Greg focused on security in the form of authentication, authorization, and encryption.

They are both wrong. Well, not completely but they are missing the bigger picture.

Enterprises will use RSS on an intranet differently than consumers on the Internet. The biggest differences are driven by:

How enterprise collaborate within an Intranet. For example, feed ratings for public Internet sites are useful but do they have a role for Intranet sites? Maybe, but how do they apply to enterprise applications providing personalized feeds?
Teams within companies work closer together and need to work from a common set of information.
Access control is a much bigger concern.

Companies have tiers of staff and management that have access to different things.
Often times Sarbox controls use the words "need to know" so access to information not directly attributable to your job also needs to be addressed.

Companies have different computing infrastructure components such as identity management systems and system management suites.
Companies need to manage internal IT services. They need to understand system capacity and performance trends. They may want usage reports to properly assign costs of resources.

In my opinion enterprise RSS requirements fall into these categories:

Identity

This has to do with determining the identity of the user monitoring a feed and handing that identity to the application serving the feed. This often gets lumped in with "Security" but identity is an important requirement all on its own. It not only determines access control but also provides the basis for personalization of information delivered.

The technical challenge here is integrating with a Company's single sign-on system.

For desktop-based aggregators operating within the context of a browser this may not be a problem since many enteprise SSO systems are web-based and the aggregator application may share the same credentials as the browsers.
For desktop client systems this can be a challenge since RSS is delivered via a web server, which are protected behind a web-based SSO system.
For server-based aggregators this becomes more challenging since it involves using delegated credentials. The server is requesting access to a URL (which can map to a database transaction or just about any application function) and must be able to provide identity to the system serving the URL (the web server or enterprise application). For that matter, the user may not even be online when the feed URL is fetched.

Security

Where are the risks in the RSS system that can be compromised and how do we mitigate that risk?

Some that come to mind are feed credentials (for external feeds that do not take part in the enterprise SSO system) and maintaining the privacy of a user's feeds. Any part of the feed information may have sensitive information whether it is the URL, feed title, or contents of feed items.

This could mean simply limiting access to an individual's feed to the individual only, but not always. Perhaps we want to provide limited access, possibly based on groups defined in a corporate directory, to feed data. Although searching across multiple feeds is a good thing it too must honor the privacy of individual feed owners; showing results the searcher only has access to and not showing those feeds that are not allowed.

Integration

How does the RSS system integrate with the company's identity management components? How can the service be managed? Can we monitor it's health and availability? How can we backup and restore the system? Finally, can other applications integrate with it using an api, xml/soap, or even (are you ready for this?) RSS.

Administration and Service Management

Administering systems is probably the biggest headache for IT departments. The best gift a vendor can provide is the ability to delegate administration to the end-user as much as possible.

Adding users should be a non-event if it integrates with SSO.

Also, can it provide for sharing of feeds? Perhaps a department wants everyone to see the same set of feeds. Can these be bundled, shared, and access controlled by an end-user?

Finally, what type of reporting does the system provide? Are we running out of capacity? Are there feeds that take up room but no one is using?

Setting Priorities

Fri, 21 Oct 2005 15:12:15 -0400

I love this "Not Insane" To-Do List. Nothing beats setting priorities.

Incompetence, apathy, or political choice?

Sat, 10 Sep 2005 16:00:34 -0400

Imagine you are the most powerful person in the world; the President of The United States. You have enormous and powerful resources at your disposal. A superpower military can be mobilized at your command.

Then you are briefed on the worst hurricane in recent history heading towards New Orleans, which is known to be a disaster waiting to happen. You don't just read this in the newspaper, you are personally briefed by the federal agency that tracks these things.

It is predicted that many Americans will die, the area will be devastated for years, and there is a strong liklihood of catastrophic flooding, the nightmare scenario everyone has feared.

What does W do? He delegates it, to Chertoff and Brown.

Do you think W's response would have been different if the hurricane was heading towards Texas, Maine, Washington DC or Florida?

How could this happen? I see three possible scenarios:

Incompetence (or maybe, dereliction of duty).
Apathy towards impoverished people and people of color. How can anyone argue with Kayne West's statements?
An educated choice to do nothing, perhaps for political gain.

Granted, the local and state goverments weren't any better. How could the Mayor of New Orleans not take decisive (and planned) actions to evacuate the city, with or without federal help (and when did he ask for federal help)? I am sure the state government of Louisiana could have done a better job too.

But, we need to find out how the federal government could have bungled such an important job. This isn't just another political scandal that will end when someone is fired. This screw-up cost thousands of lives and is one reason why we have the impeachment process.

Update: Best mainstream media observation made regarding W's response:

How this could be—how the president of the United States could have even less "situational awareness," as they say in the military, than the average American about the worst natural disaster in a century—is one of the more perplexing and troubling chapters in a story that, despite moments of heroism and acts of great generosity, ranks as a national disgrace.
Evan Thomas on MSNBC.Com

Identity-driven RSS feeds

Fri, 09 Sep 2005 08:54:09 -0400

NewsGator's CTO Greg Reinacker's comments about RSS security make good reading. We need to ground ourselves in the understanding that RSS uses HTTP for a transport and we have many existing methods to secure this channel already. However, I think Greg is missing a key business value here. Often times we say "security" when we really mean "identity."

In my view identity is a key application integrator, not only for RSS-based applications but for any application. As soon as we know someone's identity then a whole bunch of barriers fall and new opportunities arise. This includes things such as convenient single sign-on, access control (ok, "security") and also personalization; being able to send needed information tailored to the right person.

Personalization of RSS feeds is what is really going to rock the world. After all, doesn't personalization go to the heart of what users of aggregators are trying to do; make more efficient use of their time? RSS changed the blogging world but identity-driven RSS could change the world of corporate applications.

Sure, using RSS for better blog reading is great and so is using RSS in more dynamic scenarios such as monitoring search results, retrieving the latest weather, or watching someone's wish list. But, when a solution can retrieve information intended for me, from applications I have to deal with all of the time, then it starts solving my most critical information aggregation problems.

Great content, great conference, boring delivery

Wed, 13 Jul 2005 13:08:56 -0400

I am attending the Burton Group Catalyst Conference and listening to the morning sessions in the Identity and Privacy Strategies track. Jamie Lewis and Mike Neuenschwander are fantastic speakers but I am finding myself less than satisfied with their presentations. The content of the presentations is first rate. I highly recommend the Burton Group and the Catalyst Conference. However, at times, I am finding their talks hard to follow and they seem more than a little mechanical (ok, I'll use the word, they're a little boring).

The problem I am sensing doesn't have anything to do with Jamie or Mike. Both of these guys know their stuff and have perspectives on these topics that are hard to match. But, their Powerpoint slides seem to be getting in the way. The best part of both of their presentations happened when they went "off-slide." Jamie was fantastic when he started riffing about Brown and Hagel's recent book and how it supports (even overlaps) the Burton Group's approach or when he talked during slides that have no bullets (like the Identity Management Architecture, In Context slide). Mike is a funny and engaging guy but seems to get slipped up at times when he (almost reluctantly it would seem) returns to looking at the slides showing on the monitor in front of the stage.

In short, it felt like these two presenters' personalities were tied behind their backs because of their slides. It's because these two guys have loads of personality that I noticed the problem.

I probably felt this disillusionment before but never had an informed opinion until I read Cliff Atkinson's "Beyond Bullet Points." I tried, with admittedly limited success, applying this to a presentation at the CTC conference last month. But, the first two presentations from Jamie and Mike are great examples of how slides full of bullet points clearly get in the way of the message.

It seems that the use of Powerpoint is trying to serve two uses. The first is the person who takes slides home, prints them out, and then distributes them to others in their company. The second use is for the person in the room watching the presentation. I think the problem with these presentations is that the slides are trying too hard to meet the needs of those people taking them home. However, from my perspective, they are clearly failing with the people in the room.

Atkinson provides an approach for addressing both needs. He says to use simple, bullet-less, slides for those in the room (this is a gross oversimplification of the methods Atkinson prescribes, read his blog for more information). For those taking the slides home, you should provide Acrobat versions of the slides printed in the 'Notes Page" view augmented with additional narrative in the Notes section of the slide.

It's interesting to note that Burton provides a page to download both Powerpoint and Adobe Acrobat (PDF) versions of the files. This web page would be a great place to provide both versions of the presentations.