System Advancements at the Monastery

“It is the province of knowledge to speak and it is the privilege of wisdom to listen.” — Oliver Wendell Holmes

In the posting, “The Many Faces of Podcasting,” I talked about a few of the security podcasts I find consistently interesting. Podcasts can provide insight into a variety of areas. Budgets and time constraints might keep you from being able to attend training and conferences. Through listening to podcasts, you are given the opportunity to hear leaders from the industry discuss cutting edge technologies and approaches in managing information technology. People are no longer constrained by their location, department’s budgets, or even work sector. A world of opportunity has opened up for those willing to listen.

I started listening to podcasts after meeting with the CIO of Idaho National Laboratory (INL). I went to INL as part of a two man team to help INL’s security folks rework their cyber security program policy (CSPP). The reality is, the CIO wanted to shake things up a little. Show what could be accomplished and light a fire under his people. I learned an interesting lesson. In order to effectively talk to a CIO, you need to learn his language and develop the ability to see things from his point of view. Now you may think the CIO should understand your point of view and be able to talk your language. Let me ask you this, in a miscommunication between yourself and your CIO, who is going to come out on top? My money is on the CIO. Learn to talk his language. It will save you many headaches down the line. Podcasts offer an opportunity to hear about industry trends and find information on all aspects of business. You can even find interviews of CIOs discussing various aspects of their work.

Below are a few of the podcasts I found particularly pertinent this month. There are many interesting podcasts not listed. The below podcasts are listed because they were particularly relevant to issues that I have been dealing with. I am listing the podcasts not as a “best of” but more as an example of the quality podcasts that exist. I am continuously amazed and thankful that there are so many podcasters giving their time so we may learn from, or simply enjoy, their shows.

CERT’S Podcasts: Security for Business Leaders

Resiliency Engineering: Integrating Security, IT Operations, and Business Continuity

This might just be me, but I find security frameworks fascinating. The resiliency framework is no exception. The framework is relatively new allowing it to incorporates the best security practices. Whether you are interested in the framework or not, the areas the framework cover still need to be addressed. I particularly agree that some of the problems facing security management is that security is often viewed as a technical problem resulting in security getting bolted on as an afterthought. Plus, poorly defined and measured goals continues to create problems when talking to business managers. Resiliency engineering is one approach at taking on these issues.

Description: As threats proliferate, organizations have a choice: They can scramble to fix vulnerabilities one by one, or they can increase their overall resilience so that even unexpected threats have less impact on their ability to fulfill their business mission.

It can seem daunting to embark on an enterprise-wide business resiliency project, however.

In this podcast, Lisa Young, a senior member of CERT’s Resiliency Engineering Team, discusses what resiliency engineering means – and how organizations can put it to practical use to resist threats more effectively.

CERT’S PODCASTS: A More Compelling Argument for Information Security

Business Resilience

I am continuously amazed at the professional quality of CERT’s podcast. I have heard some folks say, “I don’t listen to podcasts. Too much chit chat.” CERT’s podcasts are always focused. The very important topic concerning discussing security to business leaders is addressed. At times I have been frustrated at how some business leaders seem incapable of understanding something I see as fundamental. While I understood that I needed to learn to speak in business terms, there is a point where I have questioned what approach and terms I should use. This podcasts addresses those questions.

Description: A language gap often separates information security officers and business leaders. Return on investment is one potential argument for bridging this gap in economic terms, but the numbers can be hard to pin down. Another argument involves business resilience, which is easily understood by both business leaders and information security officers as a vital part of the organization’s ability to fulfill its business mission.

In this podcast, Scott Dynes, a senior research fellow at the Center for Digital Strategies within Dartmouth’s Tuck School of Business, discusses how best to make the argument for business resiliency, why mutual education is key, and why the chances of bridging the communication gap in this way are good.

IT Conversations: Rasmus Lerdorf

PHP on Hormones

Rasmus Lerdorf does a great job of reminding us how difficult good development can be. Not that PHP is hard to program in. To develop in any language, Rasmus demonstrates how good developers can increase efficiency by analyzing what the code is doing and taking such actions as dropping the number of SQL queries called to access a page down. A good developer team also knows about various security attacks and can help make code considerably more secure. I purposely use the phrase “development team” verses developer. It is great if you can do it all. I have met many who think they know it all. Some of the folks have been quite good. I have yet to meet anyone who really knows it all. Rasmus might, though he describes himself as not being a good detailed focused programmer. There lies the strength of a team and some of the development frameworks discussed in other podcasts. If your people can do it all, that is amazing. Have people learn in depth knowledge and then have them interact and share their knowledge. Rasmus provides a great talk on quite a few topics.

Description: In 1993, when Rasmus first saw the Mosaic Web browser, he knew that the Internet would be the platform of choice. But his employer, a Brazilian company, did not pay heed so he quit to return to Canada to do consulting work. During this six-month period, he found himself repetitively writing the same CGI programs in C. To avoid repetition, he collected his library of C programs and added a template parser that parsed HTML and made calls to his C routines. Thus was born the first version of PHP.

Rasmus believes there are four kinds of programmers. First, the pragmatic ones who are just after solving their own problems. The second kind finds programming as a means of self-expression, like an artist finds self-expression in his art-work. The third are the real programmers who enjoy programming for its own sake because it creates a hormone called oxytocin in them, and the fourth are the open source zealots who wish to change the world. He claims to be of the first kind. He programs to solve his problem and then moves on. He confesses that he created PHP purely to serve his own interest, to solve his own set of problems. He made the source publicly available so others could benefit from it. That set the ball rolling. Today, PHP runs a considerable number of some of the largest websites on the planet.

Hear the story of the evolution of PHP from being a purely procedural language to its current state of a full-fledged object oriented language, from its creator Rasmus Lerdorf. In this presentation, Rasmus also talks about the performance of PHP, profiling, security issues and vulnerabilities that websites are prone to, how to tackle them to some extent, and about his love for API. The slides for this session contain code snippets of the old and new PHP versions and also of the Flickr and Yahoo! Maps API examples.

IT Conversations: Bruce Johnson, Google, Inc.

Google Web Toolkit

Vic Gundotra, the new head of Google’s developer programs, recently stated, “In the next year we will make a series of announcements and spend hundreds of millions on innovations and giving them away as open source.” Vic is an interesting fellow. He came to Google from Microsoft, where he spent 15 years. Dan Farber reports that “Google believes that innovation on the Web has been lacking. XML and HTTP Request were innovative technologies in 1998, but it took until April 2004 for an application, Gmail, to really take advantage of them, Gundotra said.”

Vic goes on to say, “Google was born on the Web. Larry and Sergey and the rest of Google built Google on the Web and with open source. They want to give back.” Google open sourced Google Gears. Google Gears Javascript and SQL Lite to provide offline access to their cloud-based application data. Vic characterizes Google Gear as “a milestone for us.”

I am going to make a statement that will not win me any Nostradamus awards. Google is a company to watch. Phil Windley and Scott Lemon do a great job talking with Bruce Johnson. Anyone in the information technology field needs to keep an eye on what is going on with Google. A toolkit that is an “open source Java software development framework that makes writing AJAX applications like Google Maps and Gmail easy for developers who don’t speak browser quirks as a second language” is something worth learning a bit about. Afterwards you are going to want to check it out.

Description: Recently, Google released from beta its Google Web Toolkit. Google Web Toolkit (GWT) is an open source Java software development framework that makes writing AJAX applications like Google Maps and Gmail easy for developers who don’t speak browser quirks as a second language. Phil and Scott talk to Bruce Johnson, one if its co-creators.

GWT lets you avoid many of these headaches while offering your users the same dynamic, standards-compliant experience. You write your front end in the Java programming language, and the GWT compiler converts your Java classes to browser-compliant JavaScript and HTML. Bruce talks about how he got involved with the project. He states that while he has always been in development, he believes that the user interface is tremendously important.

Bruce also gives a number of examples of projects that took advantage of GWT. While the discussion is often technical in nature, Bruce is able to clearly define what GWT can do for developers.

Jon Udell’s Interviews Ned Gulley

MATLAB Programming Contest

Some shows don’t initially grab my interest. I have to confess, I have not been using MATLAB, so I did not have great interest in this podcast. Still, I started listening and found this show surprisingly interesting. The evolution of cooperation between the programmers is fascinating. As Ned talked about the different methodologies tried, it reminded me of genetic algorithms. An enlightening interview.

Description: Ned Gulley is a software designer at The Mathworks and the architect of the company’s semi-annual MATLAB programming contest. Since 1999 he’s watched contestants exhibit a unique blend of competition and cooperation. Winning solutions are woven from the contributions of ten or more players, and go beyond what any individual could normally have accomplished working alone.

To design a game that harnesses collective intellect in this way, Ned Gulley says, you have to frame a problem that appeals to would-be players just as a flower appeals to bees. This notion of “flower design” can guide us, he thinks, as we begin to explore more general uses of online games in educational and work settings.

Jon Udell’s Interviews Dmitri Williams & Jake Vickers

Social Dynamics of Online Games

This was one of those podcasts that I did not think was very applicability to me. Jon Udell always does a good interview, but I avoid online games. They are just too addictive and I know myself well enough to stay clear. I was taking my dog on a long walk, and did not want to listen to anything requiring too much thought, so I let it play. I was very surprised to find the the podcast covering very interesting topics about how we interact with each other. A very interesting topic. Within an organization you have generation gaps. Frequently the leader of an organization might have taken decades to reach his or her position. They surround themselves with an inner circle of advisers that often are similar in age, and frequently point of view, as the leader. The idea of the gaming world bringing together people from different walks of life, economic situations, and age is very interesting. Add the concept of these people having to work together, organize, and accomplish tasks seem to have implications that someone studying team dynamic management will tap into someday.

Description: Dmitri Williams is a 35-year-old academic who studies the social dynamics of online games. He’s also a committed member of a World of Warcraft guild in which George Vickers, a 17-year-old college student, plays a key leadership role.

In this conversation, Dmitri and George reflect on the ways in which leadership and organizational skills can be developed in an online multiplayer game.

Technometria: Scott Lemon, Ben Galbraith

Millennials and Tweens

One has to love a podcast that discusses the new terminology “millennials” and “tweens.” I have been working with computers since I was twelve, and one aspect I have always enjoy about technology is the every changing use of technology. While I am not one to jump on the latest fad, I do find it interesting the reluctance I sometime encounter by folks to change. I expect it from “normal” people, but not the IT crowd. We’re the people that have to keep on top of all this stuff. When there is a better mousetrap that is easier to use, I find it hard to understand why IT people will cling to the old ways. It might be human nature, but so is sleeping and spending time with loved ones. We forgo those luxuries. This shows discusses some of the psychology difference between generations.

Description: This week, the group discusses a variety of topics, including some related to conferences attended by Scott and Ben. Scott reviews two conferences held in conjunction with the Digital Life Conference in September. One dealt with the topic of “Millennials”, people born between 1982 and 2000, while the other involved “Tweens”, children between seven and twelve. Scott talks about how these young people have a completely different attitude towards technology and online activities. They are also being examined closely for clues as to how they relate to advertising. The group assess a couple of websites that are good examples of how young people are being targeted by advertisers.

Ben also reviews his visit to Norway to attend Javazone 2007. He talks about the status of flash-based applications compared to Ajax. The group discusses how the browser has become an old concept and that online applications are now considered part of the total computer experience. Scott also reviews Adobe AIR and how it can be used to build internet desktop applications.

Technometria: Shane Pearson, Marketing and Product Management, BEA

Interacting with Internet Information

Technometria is Phil Windley’s podcast that “tries to make sense of the technology that surrounds us through exploration, analysis, and, hopefully, reason.” Phil is usually joined by Scott Lemon and Ben Galbraith. These guys are good friends and it shows. Back in the 1930’s, there was an informal group of writers that met, called the Inklings. J. R. R. Tolkien and C. S. Lewis were key members. I have often thought how interesting it would have been to listen to these great authors discuss issues. Technometria reminds me of that; good friends, all experts in the IT field, talking about technology. What is not to like? In this show, they talk with Shane Pearson, Marketing and Product Management, BEA about a variety of topics.

Description: In these podcasts you’ll find discussions of Web 2.0, programming and software development, open source, identity, new media, enterprise computing, and many other topics.

The Internet has always been known as a way for individuals to retrieve information. Shane Pearson, VP of Marketing and Product Management for BEA, believes that the Internet is now a place for individuals to interact with information. He also believes that many of these ways can be used by enterprises and businesses to better run their organizations. He joins Phil and Scott to talk about how “people centric” interaction.

Shane gives a number of examples of social interaction tools used by the general public and discusses how these methods can be used in business. He also reviews how government agencies can particularly take advantage of these tools. He assesses how the organizations can adapt the tools for use. He discusses how security is an important part of this process.

He also talks about the upcoming Defrag Conference. A number of the speakers at the conference have appeared on Technometria. The sponsors describe the conference as “a gathering place for the growing community of implementers, users, builders and thinkers that are working on the next wave of software innovation.” Shane’s information clearly shows how the information to be presented at Defrag can be important for the future.

TalkBMC Travels

BMC UserWorld 2007 Vancouver

Ynema Mangum is the executive producer of TalkBMC. I have been a long time listener and fan of the show. BMC’s utilization of podcasts and blogs to demonstrate the capabilities of their consultants has been most impressive. Today, Ynema has posted the following eight short discussions:

• The CMDB Architect’s Kit: Podcast interview with Paul Buffington, senior technical instructor.
• Advanced Asset Management: Podcast interview with Sydney Dent, instructor.
• Growing Your I.T. Intelligence: Podcast interview with Julie Hawkes, senior education consultant.
• ITIL Face-to-Face: Podcast interview with Anthony Orr, global best practices director.
• Business Service Management and the Mainframe: Podcast interview with Nick Pachnos, senior manager for worldwide marketing operations.
• Designing IT Education: Podcast interview with Terry Vyas, director - instructional design and development.
• Customizing IT Education: Podcast interview with Lenny Warren, education assessment consultant.

That gives you a taste of what TalkBMC is about. I don’t see how any business manager would not be interested in checking out these podcasts further. Everyone working in the corporate world should listen to Peter Armstrong discussing business service management. Brilliant job.

Description: It’s your I.T. world. What is happening in it now and what is going to happen next? That’s the theme for BMC UserWorld 2007. In case you missed it, TalkBMC travels to Canada to bring you interviews with IT educators, strategists, industry experts, and consultants about what’s important in your world. This list of audio interviews will be updated frequently, so check back often to see what you’ve missed.

TalkBMC: Mike Lunt

Agile Development

The IT skeptic had an interesting post. Today business is focused on various frameworks. I believe different frameworks can do a great deal of good in helping a business operate better. Still, the IT Skeptic makes a very valid point when he states, “What matters is that we actually pay attention to staff, ask them what they think, get their buy in, fire them up, and run a concerted program to get everyone to understand how things really work and to get everyone on the same page, i.e. we build a new consistent culture.” Agile development is a very intriguing development method. What I find most interesting is that it is a much more employee involved method. Mike Lunt does a great discussing this methodology.

Description: Why is Agile so important and who’s doing it well? Traditional development methodologies like “waterfall” aren’t flexible and don’t allow for changes in features or functions as the software is being developed. Using the Agile approach, developers at can produce enterprise software in half the time, with more flexibility to market needs. But, that’s not all that happens with Agile. Development teams become more productive, costs go down, and quality goes up. Everyone wins with the Agile approach.

FLOSS with Randal Schwartz and Leo Laporte: Jay Shirley, Catalyst evangelist

Catalyst for Perl

Randal Schwartz talks with Jay Shirley about Catalyst for Perl. What is not to love? Leo Laporte is part of the interview, but Leo steps back and allows Randal and Jay really get into discussing Catalyst and frameworks.

Description: Ruby on Rails isn’t the only application framework, or even the best. Catalyst for Perl is an MVC framework that’s being used for Vox, and other big sites.

How WOA Meets Guerilla SOA

BriefingsDirect: Roundtable SOA Insights

Most people have heard the term “must see tv.” Dana Gardner’s BriefingsDirect should be must hear podcasting to all IT business leaders. Back in the 70’s there was a show, Kung Fu, which had flashbacks to a young student training in a Shaolin temple. Master Po, would continuously show the young student, Grasshoper, how much Grasshoper had to learn. There were also other Shaolin monks to teach Grasshopper various lessons. When I listen to BriefingsDirect, I feel like Grasshopper with much to learn from such IT masters as Dana Gardner, principal analyst at Interarbor Solutions; Tony Baer, principal at onStrategies; Jim Kobielus, principal analyst at Current Analysis; and JP Morgenthal, CEO of Avorcor. Different shows will have different IT masters. On this show the IBM Information On Demand 2007 Conference, from this past week, is discussed. There is also a very interesting discussion on the relationship and tension between enterprise-wide SOA and more discrete Web-Oriented Architecture. Like I said, must hear podcasting.

Description: The latest BriefingsDirect SOA Insights Edition, Vol. 26, provides a roundtable discussion and dissection of Services Oriented Architecture (SOA)-related news and events with a panel of IT analysts and experts.

In this episode, our group examines the relationship and tension between enterprise-wide SOA and more discrete Web-Oriented Architecture — what we like to call Guerilla SOA. We also look at the probable acquisition of Business Objects by SAP, and the recent Information On Demand conference from IBM.

Stanford: Center for Internet and Society: Fred von Lohmann

RIAA v. The People: Four Years and Counting

The RIAA is a fascinating association to keep an eye on. The RIAA brings up the classic question of how does a business treat its customers? Following the RIAA, one cannot help but be reminded of Davey and Goliath. BTW, sometimes I will use normal links to such areas as Wikipedia. Generally, I try to find links that might prove a little more interesting. When I use a person’s name, if they have a blog, I will link to that. Jasper Fforde fans should recognize my Goliath link. If you don’t know who Jasper Fforde is, do check him out. From my point of view, wikis should be factual. With blogs, you get to express yourself. That is not only with the words you write but with the links and images you use. Don’t fall into the “Roses are Red” trap of thinking; be expressive.

Anyway, while I might be on a tangent, there is a rhyme and reason to it all, beyond me wanting to sneak a song title into this post (in honor of the RIAA). One can make many comparisons between the Goliath Corporation and the RIAA. The RIAA tale is a story of a well financed organization taking on people who don’t have much. Fred von Lohmann tells some really interesting stories which will get you very angry. Still, there are some time when people need to get angry. While the RIAA has the right to “protect its assets”, for now, to pursue the legal course they have taken is extremely bad business. The only reason the RIAA can pursue their current course of action is because they are forcing people, who do not have the power to fight, to pay the RIAA funds that they then use to force others to pay. Talk about a terrible snowball effect. I grew up in New Jersey. Back there we had a term for folks who operated this kind of business model.

Description: Four years ago, the recording industry inaugurated an unprecedented campaign of lawsuits against individuals who use peer-to-peer (P2P)file sharing networks to share music. Nearly 30,000 lawsuits later, has it worked? If not, what should be done instead? And what have we learned about the mechanics of federal civil litigation against thousands of unrepresented individuals?

Drawing on a recent EFF report summarizing the first four years of the recording industry litigation effort, Fred will discuss the recording industry’s tactics and describe alternatives that may be on the digital music horizon.

Stanford Center for Internet and Society: Auren Hoffman

Portable Identities and Social Web Bill of Rights

Identity management is one of the biggest challenges that face the future Internet as more and more of our data get put up on the web. Frequently I will hear from folks a desire to throw out technology in the name of privacy. That is unrealistic. The best way to protect one’s privacy is not by avoiding, but ensuring your privacy is legally protected and/or you have opt out options. That is what makes the Social Web Bill of Rights such an interesting topic. Please, I am not interested in starting any IT religious wars. What I am saying is whether or not you agree with the Social Web Bill of Rights methods, think about the problem it is trying to addressing. Exposure to ideas and arguments is what podcasts are all about. Auren Hoffman provides very interesting supporting stories.

Description: The future world of portable identities, reputations, and social graphs has many pluses and concerns. These portable systems could make the benefits of personalization, once only relegated to science fiction, a reality. The Social Web Bill of Rights makes the claim that users have the right to portability. But there are privacy implications to take into account as well. We will discuss an opt-out vs. and opt-in approach on data collection, privacy, and portability.

Podcast List

I am frequently asked, “What podcasts do you listen to?” The answer depends. The above listing gives you a good idea of what I find interesting. I do listen to many other podcasts. Below is a listing that includes most of the podcasts. I say “most” because the list changes. If you choose to give any a try, I have one major piece of advise. Like the Nike advertisements say, “Just do it.” Frequently I listen to podcasts while doing all sorts of things. I operate on the theory that it is better to be exposed to a topic even if you are not giving the podcast your full attention. If you wait until you have time to listen intently, you will never get around to it. While I may not be listening with notebook in hand (though I do carry around a small notebook in my pocket, just in case I ever need to jot something down), I learn a great deal by just being exposed to a topic. Below are the podcasts likely to be found on my MP3 player:

• Slashdot Review
• Risky Business
• A Series of Tubes
• Between the Lines
• Security Wire Weekly
• Linux News
• Perlcast
• Adventures in Security
• Sound Policy
• CERT
• Google Code - Updates
• Silver Bullet
• Might Seek
• Security Catalyst
• IT Skeptic
• The Rear Guard Security Podcast
• StillSecure, After all these years
• BriefingsDirect
• CERIAS Security Seminar Podcast
• Technorama
• Valid Syntax
• Network Security Podcast
• O’Reilly FOO
• Distributing the Future
• SploitCast
• Geek News Central
• BriefingsDirect
• InfoWorld SOA Report
• Crypto-Gram Security Podcast
• TalkBMC
• Rules for the Revolution
  
• This Week in LAW
• CyberSpeak
• FLOSS
• Mike Tech Show
• Gartner Voice
• EnterpriseLeadership
• In the Trenches
• Windows Weekly with Paul Thurrott
• This Week in TECH
• Controlling Chaos
• The Project Management Podcast
• IT Conversations
• WordPress
• Security Now!
• PaulDotCom Security Weekly
• Geek Muse
• Net at Nite
• Tripwire
• Nosilla
• Mac Roundtable
• The MacCast
• Ruby

Now that I have answered the question, “What are you listening to?” it does not look like I fit in with Spock, Darth Vadar, B-9, or Gollum. I think that is a good thing, except for the fact that their selection of listening entertainment seem more mainstream than mine.

On April 3, 1860, a lone rider set out on horseback carrying saddlebags filled with our nations hopes and dreams. He raced against nature’s cruel elements and rugged terrain. The riders journey would end ten days later, some 2000 miles west. So began the legendary pony express, which proved “a unified transcontinental system could be built and operated continuously the year around.” An 1860 California add for riders was reported to have read, “Wanted. Young, skinny, wiry fellows. Not over 18. Must be expert riders. Willing to risk death daily. Orphans preferred.” Even if the add is not true (a little too honest), you have to love the “orphans preferred” component. Now that is what makes a legend. The reality is, the pony express would close just eighteen months later, on October 26, 1861; just two days after the transcontinental telegraph system was completed.

Technology is always advancing. I hope by highlighting a few of these podcasts I have demonstrated what valuable information is available to anyone with an Internet connection, computer, and MP3 player. Even my parents have expressed interested in listening to podcasts. Times are a changing. A year ago when I talked about podcasts, I would frequently be told, “I don’t have an iPod.” Nowadays, I never hear that. It is not because iPod sales have been that great. People are better informed. It ’s a small world after all and the world is getting smaller every day. Oh heck, I am no good at coming up with song titles to make my point. I have spent too much time listening to podcasts and not enough time listening to music. What I am trying to say is that people across the glob are willing to give up their time in order to teach those willing to listen and learn. One just need to be open to the opportunity. So, I ask you, what are you listening to?