Monthly Archives: April 2007

FWNA Working Group Meeting

I attended the FWNA working group meeting this morning. We talked about a lot of things, but I wanted to provide links to two supplicants working towards our goals and using some information from us:

We were also talking about the charter of SALSA-NetAuth and SALSA-FWNA.

The Salsa-NetAuth Working Group Charter

The Salsa-NetAuth Working Group will consider the data requirements, implementation, integration, and automation technologies associated with understanding and extending network security management related to:

  1. Authorized network access (keyed by person and/or system)
  2. Style and behavior of transit traffic (declarative and passive)
  3. Forensic support for investigation of abuse

Initial activities will include:

  • Investigation of requirements and implementations of network database and registration services in support of network security management
  • Investigation of extensions to these services including: proactive detection of unauthorized or malicious network activity; containment and prevention of such activity; identification and remediation of the sources of such activity
  • Analysis and proposal toward a pilot and eventual implementation to support network access to visiting scientists among federated institutions
  • Analysis of security applications that may result from extending these implementations

The Salsa-NetAuth Working Group Charter

The Salsa-NetAuth Working Group is chartered to address what is referred to as the ‘visiting scholar’ problem. From the Salsa-NetAuth charter:

Initial activities will include:

  • Analysis and proposal toward a pilot and eventual implementation to support network access to visiting scholars among federated institutions

Salsa-FWNA was formed as a sub-group of Salsa-NetAuth to address the substantial technical details of deploying a pilot federated wireless network authentication system. Initial work is focused on the project plan for the activity, developing engineering plans, and initial work on the pilot deployment.

We talked about how we might leverage the results of our visitor access survey and how we might be able to use the results to form a taxonomy that would help us define the problem space that FWNA should be trying to solve. It sounds like we decided it would make sense to go forward with a paper analysis of the results after the presentation this afternoon. Once the taxonomy was developed it would serve as a baseline to identify the problem space. It should then be possible to identify the solution spaces that are not adequately addressed — which should clarify our goals — and should help us speak to the community so they understand where FWNA fits into a layered approach to network authentication.

We talked about combining the 802.1X presentation that Kevin and Rich gave at the the last Internet2 Member Meeting with the one that Philippe and I are giving today. Also, we talked about identifying a bullet list of our issues with 802.1X adoption, like revocation and IP tracking.

Labels:

——–

On the Impact of the Themes

Over on Liberty Road, Kevin has asked for some input while he prepares for the upcoming ITS All-staff meeting. He is looking for feedback on his four themes.

I’d like to ask that you tell me what you have done personally, seen personally; done in your group, unit, or organization or seen in your group, unit, or organization; that has been in support of one of the themes, some of the themes or all of the themes. How have you changed your approach to what you do in light of a theme or themes? How has your group changed its approach?

I gave one example from my experience in the comments. I had more to say, but wanted to give others an opportunity to talk. Instead, I thought I would continue the conversation here.

My comment was on the theme, “IT at Penn State is larger than ITS,” but I had another recent breakthrough on some of the other themes.

The other day, Phil Coolick and I were discussing a potential new service. We are in Telecommunications and Networking Services so naturally, it involved telecommunications and networks. This particular idea is very exciting, but also very complicated, and involves many components that are neither telecommunications nor networks.

I think we do telecommunications and networks well. Other areas, like middleware, content management, and so on… not so much. ;-) However, we felt we needed to deliver a fully formed service and this service involved those areas.

Traditionally we lived in a stovepipe, to use the local vernacular. In business, they call this vertical integration. Here is a snippet from what Wikipedia has to say about vertical integration:

In microeconomics and strategic management, the term vertical integration describes a style of ownership and control.

That is what it comes down to: ownership and control. Under the old guard, that was the motto. Now, however, Kevin asks us to “Put the core business of Penn State in the center of service design and delivery.” If we do that, we see that we are not individual corporations trying to create service monopolies selling to customers. We are part of a support group within an organization whose mission is teaching, research, and service. In that light the measure of our success is not, “How big is our kingdom?” but rather, “How well do we support the mission of the University?”

As we were going through the discussion of this potential new service, Phil was adamant that we not take on the responsibility for parts that were outside our area of expertise. (I’ll have to admit that I had simply assumed we would be doing them.) In that context, it was instantly clear that if we limited our fully formed service to be the telecommunications and networking aspect — the data link through application layers of the TCP/IP stack — that we could assure that we could do it well.

However, that would leave us with only part of a useable service. What to do? What to do? Wait a moment… What if we leverage the strength of being ITS? Perhaps, rather than inventing another wheel, we might find some group within ITS that already has wheels. We thought about the people we knew, made a few phone calls, and lo-and-behold, there were a variety of places that might provide the middleware part of our solution. In fact, with the answers to a few more questions, it was fairly simple to make sure that the right person was involved with the discussion.

That left us with the content management portion of the service. It did not seem to us that there was anyone within ITS that would be appropriate for this role. Wait again… What other tools have we been given? What if we remember that IT at Penn State is larger than ITS? Of course, if it had been a snake it would have bit us. Who better to manage the content then the IT folks in the customer’s shop? After all, they were the ones that instigated this in the first place.

  • We had our complete service

  • We were doing what we were good at and letting others do what they were good at

  • We put the core business of Penn State in the center of service design and delivery

  • We leveraged the strength of being ITS

  • We remembered that IT at Penn State is larger than ITS

While it is too early to tell whether this nascent service will succeed — we are still in the talking phase, after all — I do recognize that the themes have already had a profound effect on the way we think and act. Thank you for that.

Labels:

——–

The Good Traveler

Maybe you noticed the slogan in the header, above. It is the first line of verse 27 of the Tao Te Ching by Lao-tzu as translated by Stephen Mitchell. Here is the rest of that verse:

A good traveler has no fixed plans
    and is not intent upon arriving.
A good artist lets his intuition
    lead him wherever it wants.
A good scientist has freed himself of concepts
    and keeps his mind open to what is.

Thus the Master is available to all people
    and doesn’t reject anyone.
He is ready to use all situations
    and doesn’t waste anything.
This is called embodying the light.

What is a good man but a bad man’s teacher?
What is a bad man but a good man’s job?
If you don’t understand this, you will get lost,
    however intelligent you are.
It is the great secret.

The beauty and wisdom in this 2,500 year old text never ceases to amaze me.

Labels:

——–

Sick Kitty?

I read this in PR Newswire this morning:

CUPERTINO, Calif., April 12 /PRNewswire-FirstCall/ — Apple today released the following statement:

iPhone has already passed several of its required certification tests and is on schedule to ship in late June as planned. We can’t wait until customers get their hands (and fingers) on it and experience what a revolutionary and magical product it is. However, iPhone contains the most sophisticated software ever shipped on a mobile device, and finishing it on time has not come without a price — we had to borrow some key software engineering and QA resources from our Mac OS® X team, and as a result we will not be able to release Leopard at our Worldwide Developers Conference in early June as planned. While Leopard’s features will be complete by then, we cannot deliver the quality release that we and our customers expect from us. We now plan to show our developers a near final version of Leopard at the conference, give them a beta copy to take home so they can do their final testing, and ship Leopard in October. We think it will be well worth the wait. Life often presents tradeoffs, and in this case we’re sure we’ve made the right ones.

NOTE: Apple, the Apple logo, Mac, Mac OS, Macintosh and iPhone are trademarks of Apple. Other company and product names may be trademarks of their respective owners.

The New York Times has the story, as well.

Labels:

——–

Have I mentioned how much I love meetings?

I especially like regularly scheduled meetings. They let me know, with just a glance at my calendar, that I am not going to get anything done. Now, that is what I call helpful. If productivity is important, then knowing when you cannot possibly get anything done is important because it helps you define your productive time better.

I am sorry. Did I get sarcasm all over you? Here… have a towel. ;-)

In defense of the culture that spawns these meetings, I am sure that at some point in the Neolithic past people did not communicate with each other very well. Some were probably banging rocks together, others beating on hollow logs, still another group probably used smoke signals. Naturally, nobody could agree on which protocol to use, so even within each of these groups communication was a problem. To resolve the impasse, somebody probably said, “Enough! You’re not allowed to communicate with each other any more unless you’re all sitting around a huge slab of wood!1” …and the meeting was born.

In the ensuing 100,000 years, humankind has made many advances in communication. I am extremely excited by recent advancements in something called “natural language processing.” I understand that there are many incompatible variants of these “languages” — a veritable “Tower of Babel,” in fact — but let me focus on one that I have been dabbling in for a while called “English.” It turns out two communication end points can use “English” as a high level protocol to exchange “ideas.” The end points can transmit these ideas using a point-to-multipoint link layer protocol called “speech.” Unfortunately, speech only works over short distances and is subject to interference from other nearby “speakers.”

However, another exciting recent advance — SneakerNet™ — is a physical transport mechanism that allows speakers to move to within the required distances for effective use of speech as a communication mechanism. Many see this simply as an ad hoc form of a meeting. While I would agree that it is an evolutionary rather than a revolutionary advancement, I feel that it is useful in many cases where a traditional meeting is seen as a waste of time.

If you would like to try this new form of communication some time, you can stop by my office and “speak” to me… assuming, of course, that I am not in a meeting. :-/


  1. Nobody is certain of the origins of the slab of wood in connection with the meeting, but it is undoubtedly the forerunner of the conference table. 

Labels:

——–

Professional Development Events

Some discussions I have had lately have reminded me that it is well past time to consider what kind of professional development activities I am going to participate in this year. Without giving it any real consideration, I though I would just list those activities that I have previously participated in the past and those that I have wanted to participate in, but have not, for one reason or another. Some of these are “by invitation only” so do not make serious plans about everything here.

Labels:

——–

Flexible Scheduling

As a new manager, I have a lot to learn about how Penn State does business. One of the engineers that suddenly reports to me has been working with my director — his interim manager — on a work schedule proposal for the time after the delivery of their baby.

Human Resource Guideline HRG02 includes a section describing the policy on telecommuting. Within it is a description of the supervisor for telecommuters:

The supervisor of a telecommuter must be open to new ideas, be trusting of employees, and be a good communicator.

While I can guess that some people would feel threatened by that, I’ll give myself a pat on the back and say, “I think I can handle it.”

It also makes some points about the types of jobs that work:

Not all jobs are adapted easily to a telecommuting arrangement. Jobs that are adapted easily include those that consist of writing, reading, researching, independent thinking, editing, and working with data.

That pretty much describes the job in question.

It also says, “An employee interested in telecommuting first should present a proposal to her/his supervisor… ” Here is his proposal. The points to address are straight from the guideline.

Telecommuting Proposal:

  1. The reason for the request

    I am requesting this telecommuting plan to allow me to continue to work while being able to provide support to my wife following the birth of our first child.

  2. The length of time that the telecommuting arrangement is desired

    1 month

  3. The number of hours-per-day or days-per-week that the employee will be telecommuting — including when (what days/hours) the employee will be accessible

    Telecommuting 3 days per week.

    Accessible M-F, 8a-5p.

  4. A description of the impact on customers in terms of service and quality of work

    I see no impact to customers regarding service and quality of work.

  5. An explanation of how necessary communication with University offices and customers will be maintained

    Communication would be maintained as it is when I am in the office via telephone and electronic communication (e-mail). My office extension could be forwarded to my home or cell phone on days I am telecommuting by using https://voip.psu.edu

  6. The daily hours when the telecommuter is accessible to coworkers and customers

    M-F, 8a-5p

  7. A list of duties to be performed while telecommuting

    The same duties as performed while in the office. Daily work activities would not change.

  8. A list of the necessary equipment and where/how/by whom it will be obtained and maintained

    I already have a home PC and work laptop connected to a wired/wireless network utilizing a high-speed internet connection. I am able to access the same resources from home that I do when I am in the office. I also would use my personal cell phone or home phone. I would need no additional equipment.

  9. Potential problem areas (if any)

    I have not identified any potential problem areas. I live within 15 minutes driving distance of campus. Should something come up on a telecommuting day that would require my presence on campus it would be no problem to come in. In reference to HRG02 regarding Child Care, I would state that the reason for this proposal is not for me to provide primary child care while working from home. My wife will be home during the same time and my main goal will be work but I will have the ability to play a helping role in child care when needed. Also, a large number of job duties I perform could also be done outside of the traditional 8am-5pm hours (if necessary) while the child is sleeping, etc, etc (as stated in HRG02).

In regards to that last point, HRG02 has this to say:

Telecommuting may not be a good alternative for child care. If the job duties can be performed at hours outside of the traditional 8 a.m. to 5 p.m., when the child is sleeping or alternate care is available, then telecommuting may be a good alternative. Otherwise, it is difficult to work effectively while trying to care for small children. Trying to do both at once usually means that the individual is neither an effective worker nor an effective parent. This is a conflict that needs to be resolved before commencing telecommuting.

Hence the clarification.

Ultimately, we are handling this as an extension of the flexible scheduling policy defined in HRG02, since this is not a permanent change to the job and is only three days a week. We expect that the engineer will be physically present at all appropriate meetings.

Labels:

——–

Issues with Non-Text Based Content Management

I asked one of my coworkers to take a look at the test implementation of Drupal I had set up. I like it because it handles so many different forms of text-based content so well. It does:

  • Wikis
  • Blogs
  • Books
  • Stories
  • Static Pages
  • Custom Pages
  • Forums
  • Polls
  • Comments
  • Templates
  • Content Syndication
  • Content Aggregation
  • Version Control
  • Searching
  • Authentication
  • Role based permissions
  • Database independence
  • Analysis, Tracking, and Statistics
  • Logging and Reporting

He suggested that we deal with non-text-based content, as well. He suggested that additional tools might be needed. He provided a link to TortoiseCVS. TortoiseCVS provides integration between Windows and CVS — the implication being that binary files could be revision controlled in CVS and easily access with TortoiseCVS. That’s a possibility.

He also pointed to WikiMatrix. WikiMatrix provides listings and descriptions of various Wiki implementations and provides tools to select and compare them. While Drupal has a wiki component built int, apparently the folks at WikiMatrix do not consider it to be a wiki, as they do not list it. :-(

Labels:

——–