Historic

AOL, Google, and Yahoo have been in the news about their responses to a Justice Department request for search terms used by the worldwide Internet community. AOL and Yahoo have agreed, while Google has refused to hand over the information. A court battle is on the way.I really haven’t given this subject much thought until the other night when I was looking for references to my family name using Google. I searched on my name, family member’s names, addresses and even phone numbers. Then it occurred to me - search terms do contain private data. How many times have I put someone’s name into a search engine to find out about them? By now, hundreds of times. The government has said repeatedly they are not interested in who is performing the search, but I also believe there is enough private data in search terms to restrict that data as well. Considering the amount of time Google and Yahoo have probably been archiving usage data for profiling and optimizing their services, there has to be mountains of search terms that would make an NSA analyst wet themself.How many people have put their social security number into a search engine to see if it has been compromised? How many people have put a credit card number into a search engine for the same reason? How many times have you searched on something related only to you? Perhaps something private about you?The more I thought about it, the more I believe that every bit of data related to Internet search should be maintained as private and should only be obtained through proper court authority.

This seems to be a topic of increasing discussion both inside IBM and within the Eclipse Process Framework community. Questions such as “Which offering will get feature XYZ first?” “Are they functionally equivalent?” “Should the customer buy Rational Method Composer or will EPF Composer do the same thing?” are asked weekly. To refresh everyone, Rational Method Composer is a commercial tool by IBM Rational Software for the authoring of method content and for publishing configurations of method content as processes. EPF Composer is a subset of RMC code and was donated by IBM to the Eclipse Foundation as open source. The idea over time is that EPF Composer will be a core component of RMC, while RMC will add value through proprietary features and support that might not be possible in a purely open source offering.I would like to see the relationship between EPF Composer and Rational Method Composer develop in the same way the relationship of Red Hat Enterprise Linux and Fedora Core Linux has evolved. Red Hat Enterprise Linux and Fedora Core Linux are the result of Red Hat’s experience in developing, maintaining, and selling Linux distributions over more than a decade. Red Hat Enterprise Linux is a commercial distribution of Linux that is sold by Red Hat. You cannot download RHEL executable code for free. Each major release of Red Hat Enterprise Linux is stable, evolves conservatively, and this all works very well if you are an IT administrator who does not want to deal with constant architectural churn of your server operating system. Fedora Core Linux, on the other hand, is entirely open source and is available in source or binary form for download by anyone. Fedora Core Linux pushes the technology barrier to the bleeding edge. One could consider Fedora Core Linux unstable in terms of constant change, yet revolutionary in terms of the capabilities it incorporates with this regular cycle of change. An example would be the inclusion of Xen virtualization technology recently added to Fedora Core 5. Xen is developed out of University of Cambridge. Imagine having virtual machine technology, like what mainframes have had for decades, as a standard feature of your PC operating system. How would having the ability to partition the operating system into multiple, independent virtual systems change the landscape of data center design? It will. Once it is there, administrators will begin to count on it. Xen is not quite stable, yet adding it to Fedora Core 5 will push Xen toward stability by making it accessible in a highly popular Linux distribution. As cutting edge features are added to Fedora Core Linux and stabilized, they are eventually consumed by Red Hat Enterprise Linux and supported over the long term [years] by the RHEL teams. We will see Xen show up in a future release of Red Hat Enterprise Linux when it has stabilized enough for commercial adoption. Additionally, proprietary features such as hardware device drivers and other closed-source capabilities can be found in RHEL, but will never make it to Fedora Core Linux.Let’s project this idea onto Rational Method Composer and EPF Composer. Imagine EPF Composer is where new experimental ideas are realized into the tool for authoring and publishing software processes. Risks would be taken here, changes happen quickly, and the essence of the tool represents the cutting edge of ideas in the IT process authoring space from experts in business and academia. As new concepts are stabilized in EPF Composer and deemed fit for commercial inclusion, they are consumed by Rational Method Composer and supported by the world’s largest Information Technology company and the service professionals behind it. This would not mean that Rational Method Composer would be behind the times in terms of features. It means those features taken from EPF Composer and added into Rational Method Composer would be supported over the long term [years] and allow for a predictable maintenance path for CIOs, on-site technical support and formal training professionals. Additionally, Rational Method Composer might get capabilities that are not applicable to an entirely open source tool. A partnership with another vendor might allow Rational Method Composer to import and export data with another commercial closed source tool. Such an agreement would not be possible in open source.I think it is important to define the nature of the relationship between these two offerings and how they will benefit from each other’s existence. This is one possible approach for how that relationship might evolve.

After losing two dogs to completely different illnesses within one year, we recently adopted a new family member named Tater from New Hope Cattle Dogs of Colorado. He is about five months old now, and he appears to be mixed Cattle Dog and Pointer. We joke that he has a internal conflict of wanting to flush small animals out of bushes and then herd them back together. Tater

The following message was received today on the epf-dev mailing list for the Eclipse Process Framework. This is an exciting announcement from Donald Firesmith because it is another example of the process engineering community, both commercial and academic, bringing the content it has been developing for years to EPF to take advantage of the standardization of metamodel and tooling to author and publish the material.On behalf of the OPEN Process Framework Repository Organization (www.opfro.org) and the OPEN Consortium (http://www.open.org.au/), I would like to officially announce that we will be donating our complete OPFRO repository of over 1,100 reusable, open-source method components to the eclipse epf project as an additional third repository. Currently, our repository is based on the OPEN Metamodel, but we will shortly begin translating it to fit the epf SPEM metamodel andassociated xml xsd. We will also be working over the next few weeks to determine what level of effort support we can donate to epf.Donald FiresmithChair, OPFRO

I am a committer on the Eclipse Process Framework (EPF) open source project. The code and content that makes up EPF was donated from the Rational Method Composer product and the Rational Unified Process. The open source version of RUP is called BUP, which stands for Basic Unified Process. Today you can download EPF Composer from the web site and begin authoring your own method content and publishing process configurations, or you can use the BUP method content and customize it for your own development project. There is also a published version of BUP available for download as well. EPF Composer and the published BUP web site are available from the EPF download page.

This past year I joined the Rational Method Composer (RMC) team at IBM. Rational Method Composer is a tool to author method content and configure that method content into processes. RMC can be used for authoring software development processes, IT operations processes, or any complex business process that requires documentation and consistency. Processes can be published and distributed via HTML sites. What I like about RMC is that is brings the concept of knowledge reuse to process engineering. Method content can consist of the roles, tasks, and work products which are essentially smaller generic pieces of a process. Those pieces can then be assembled into a process configuration and published. Using the same library of method content, a process author could build a configuration for a new software project and also a configuration for product maintainance.

I was first introduced to DSHIELD last month. Particularly, my interest was in the textual feeds of recommended hosts to block at the firewall. The lists come in the form of a text file formatted with individual hosts and entire networks. The feeds are refreshed on a regular basis from community input. I wrote a small shell script to pull these recommended lists and create an iptables chain that is called from my existing server firewalling rules. The input, output and forwarding chains all call the DSHIELD chain. After about a month of use it seems to have paid off, because the DSHIELD chain in my firewall rules blocks many packets from these blacklisted hosts - and so far no one has complained. This script is run nightly to refresh the DSHIELD chain. If for any reason it cannot contact the DSHIELD site, it will keep the existing rules in place. Here is the BASH shell script I use on Fedora and CentOS servers.

For my perfect team I want to build a software development team and staff the lead roles. There are many roles involved with the creation and sale of a software product. I am going to focus on the team responsible for the creation of the solution. The roles I chose to staff are project management, requirements analyst, engineering, content and documentation, and customer support leads. Many people can share a single role, or each person can have multiple roles. For my case, each person gets a single role. The project manager is responsible for monitoring the progress, time lines, budgets, and in general doing what needs to be done to see the project reach its conclusion. The project manager is often a central figure of communication between the development team and other groups. My project manager is Meg Whitman from eBay. [1] Meg has turned eBay into an online mainstay with $4 billion a year in revenue and a $60 billion market capitalization. The requirements analyst uses a variety of techniques to understand the problem from first hand contact with stakeholders inside and outside the organization. Grace Hopper [2] lived from 1906 to 1992. She is responsible for such ideas as compiled source languages and was deeply involved in trying to make computers easier for developers and operators. She often placed herself in the problematic situation to understand it and help propose a solution. The engineering lead is a broad role incorporating all of the technical aspects and control systems in place for the project. For this role I will choose Alan Cox [3] from the team of Linux contributors. Alan was responsible for many of the improvements to Linux that helped it gain respect as a reliable platform. Although a deeply technical person, Alan has an MBA that I believe gives him an insight to the economics of engineering problems. The content and documentation specialist is responsible for all information included with the solution that is needed by the consumer. This role is also responsible for any included templates or other information that can jump-start the solution for the user. Carl Sagan [4] will be my content and documentation producer. Carl Sagan taught science and wrote about it his entire life. He contributed to the popularization of science in America. Customer support provides help, receives and records defect reports and enhancement requests, and provides assistance with unique problems or environments. Blake W. Nordstrom [5] of the Nordstrom department stores will be in charge of my customer service organization. Nordstrom has a reputation of excellent service and has been aggressively applying technology to improve their customer’s experience. [1] http://money.cnn.com/2005/10/31/news/newsmakers/top50_women_fortune_111405/?cnn=yes [2] http://www.sdsc.edu/ScienceWomen/hopper.html [3] http://en.wikipedia.org/wiki/Alan_Cox [4] http://en.wikipedia.org/wiki/Carl_sagan [5] http://www.referenceforbusiness.com/biography/M-R/Nordstrom-Blake-W-1961.html

Risks associated with B2B e-commerce include the technical problems of creating an Internet-facing business system that enables you and your partners to save money and react quickly by doing all transactions electronically. Additionally, I found there is some concern about the antitrust risks of business-to-business exchanges. I initially started searching for technical risks, and came across this document about the business risks of competitors working closely in collaboration to negotiate prices. http://mipr.umn.edu/archive/v2n2/gotfredson.pdf Certain models of B2B exchanges would have the competitors in an open auction against each other to win the bid for some product or service. “In spite of the promises inherent in this new business model, B2B exchanges necessarily involve collaboration between competitors in a market, and thus raise potential antitrust concerns.” There is actually nothing new here about types of antitrust activities a company might undertake with B2B. I think the point of the paper tells us that the Internet potentially makes this easier to take place. Connectivity between competitors and collaborators over the Internet and the growing sophistication of software provides an atmosphere where antitrust activities can occur without immediate notice. “A second antitrust risk associated with B2B exchanges stems from the fact that the Internet allows for the aggregation and analysis of copious information concerning the exchange’s participants.” I was not able to determine if any company has had legal action taken against them for B2B-related antitrust activities. The technical risks involved with B2B are typical for Internet-facing servers of e-commerce applications. For instance, Amazon uses a web front end to interface with their customers. The front-end of an application is one place vulnerabilities can be exploited to someone’s gain. Even though B2B exchanges may use a different kind of communication protocol, like a web-service or EDI communication, if there are weaknesses in the protocol, there is a possibility someone could use it to their advantage without immediate notice. An act that is as simple as transmitting illegal values for valid operations could allow unauthorized access because of a lack of sufficient defensive programming on the server-side. I found a PowerPoint presentation (link below) that listed some areas of potential loss from poorly designed e-commerce systems. Theft of Intellectual Property Theft of Proprietary Information Sabotage of Data Networks System Penetration Insider Abuse Financial Fraud Denial of Service Virus http://www.business.duq.edu/BusinessSecurity/docs/mootcourt.ppt

No limit to bandwidth means that it would be possible to send any amount of information across a network with no latency. Such an achievement would change more things than just the web. For instance, with the capability of limitless bandwidth, data storage and processing power would no doubt have made equivalent leaps as well. These are components of networking infrastructure as well as general purpose computers. So, networking equipment that provided limitless bandwidth would also include processing power to handle the load - processing power with no limits. Moving any amount of information with no latency also means you need some place to put it - data storage with no limits. With these limits removed, there might be no need for a web at all. The ability to move any amount of information instantly might mean we keep a copy for ourselves of everything we interact with, continually accumulating and indexing data at a constant rate from other information providers for the rest of our lives. From this I can imagine having my own reference database of accumulated information that becomes our private web, or life encyclopedia.