You are viewing harrysutton

Tired of ads? Upgrade to paid account and never see ads again!

It's all about the community

Sometimes, for me at any rate, it’s easier to immerse ourselves in technology than to participate in the communities that spring up around them. But if the evolution of the Internet over the last twenty-five odd years has taught us anything, it’s the power of both in combination that drives innovation and progress.

Let’s face it, some of us are simply more comfortable than others interacting socially with people, for all sorts of reasons. Technology is straightforward and, given sufficient time, always (or almost always) understandable. People much less often possess one, to say nothing of both of these characteristics. But look at the extraordinary progress of any of the recent technological innovations of the past quarter century, and you’ll find almost none of them have survived without a compelling social aspect.

What was the first “killer app” in the evolution of the Internet? It wasn’t the World Wide Web, as some might be tempted to suggest. It was electronic mail: a medium for social interaction, in the form of communication. It allowed people to communicate more quickly than traditional mail, and with greater accuracy and level of detail than voice or telephone conversations. Email didn’t initiate collaboration between people, but it expanded the possibilities for it exponentially.

I suggest that three of the top five innovations any of you reading this might pick as significant have more of a social impact or value than a technological one. Mobility devices are used overwhelmingly for staying in touch; a whole industry of ’social media’ has sprung up around them. E-commerce certainly dominates the web, but sites like Facebook and Twitter speak volumes about the impact of community.

Recently I’ve been reminded of the power of community in even one of the more technologically broad and dense innovations in play today, cloud computing. Having just returned from my second OpenStack Summit, where I experienced first-hand the powerful combination of technology and community, I find myself energized (if a bit jet-lagged) and excited about the myriad opportunities in this rapidly expanding field. Multiple local user groups (or so-called Meet-Ups) have sprung up, including a global / virtual on-line one, that drive innovation and creativity through social interaction. The key is nothing more complicated than showing up, participating, and contributing.

So for those of us happier digging into the technology, it’s worth noting that technology rarely succeeds for its own sake. Find the communities around your technologies, and use your social skills along with your technical ones. One without the other just isn’t enough any more.

Ultimately, it really is all about the community.

The speed of Open Source dvelopment

We've known for a while now how powerful the Open Source development model is. One need look no further than the influence of the Internet (TCP/IP, DNS, Apache) and the fertile environment that has built up within it, particularly the GNU/Linux operating system. But more recent development, notably in a series of projects collectively known as OpenStack, has surprised even the most ardent supporters of the paradigm with the speed at which it has evolved from a very small research project to a major enterprise ready cloud computing environment - a span of three short years.

When I attended this year's OSCON 2013 in Portland, Oregon last week, I was reminded of both of these factors: power and speed. And it drove home once again the inevitability of the Open Source development model over any proprietary alternative methodology. It simply isn't possible for any single commercial entity to compete with a global pool of resources, not matter how large or how well funded. Companies are beginning to recognize this fact, and are collaborating actively in open source projects, like OpenStack, that raise the level of the marketplace for everyone, at a pace that far exceeds the capabilities of any one member.

There's still lots of profit in this business; the Open Source model, as has often been said, isn't about free beer, it's about free access to source code. And the result is an astonishing acceleration in the development of technology that benefits everyone, not just one or two dominant competitors.

I'm delighted, refreshed, challenged, excited, and just plain happy to find myself continuing to ride this wave that has dominated most of my working lifetime, and I look forward to many more years of innovation and change to come.
I came across a book recently, one undoubtedly familiar to many computer security specialists, written in the 19th century by Charles Tomlinson entitled A Rudimentary Treatise on the Construction of Locks. A quote from this work popped up on the automated random quote of the day on one of my Linux servers; here's a partial version:

  "...the spread of knowledge is necessary to give fair play to those who might suffer by ignorance."

The context of the quote, as you might have guessed from the title of the larger work, is an exposition on the need for the workings of locks to be well and generally known so that good guys as well as bad guys would know how to design better ones and defeat ineffective ones, respectively. It's an excellent precursor to Kerckhoff's Principle, which appeared a quarter of a century or more after Tomlinson's work, and states that '...a method of secret encoding and transmitting information should be secure even if everyone knows how it works.'

As appropriate as this quote is on the specialized topic of security, though, it's also a great generalized axiom for the open source model itself. Although it might strike some as altruistic, it does capture the spirit and intent of what "open source" means, at least to me. Knowledge is the great leveller, and should be available to everyone. That's one of the most compelling aspects of the Internet, it's what catalysed the creation of the World Wide Web and more recently the One Laptop Per Child initiatives. Competitive commercial dynamics, epitomized by the term 'intellectual property', have no business (excuse the pun) in the realm of knowledge transfer. I'm not suggesting that there's no room for compensation for innovation; patents for significant inventions are an appropriate way to encourage new thinking. But patent the object, not the idea, not the thought process. And most emphatically, don't patent computer software.

But to bring us full circle, open source is especially essential in computer security. Just as there are an unlimited number of bad guys out there trying to inject viruses or worse into our networks, security demands an unlimited set of eyes - with unlimited access to the underlying software - to, as Tomlinson said, give fair play to those who might suffer by ignorance.

If It Ain't Broke....

This is a re-post of an entry I wrote a few years ago after doing some consulting work in Cambridge, England. It's still pertinent, and still one of my favorite works:

A few years ago while on a consulting project at The Sanger Centre near Cambridge, England, I took this photograph of a beautiful wooden bridge that reaches across a portion of the river Cam in Cambridge. I have since used this photograph in my consulting projects, accompanied by the following story:

The bridge was designed and built by Sir Isaac Newton, the first holder of the Lucasian Chair of Mathematics at Cambridge (a position currently occupied by Stephen Hawking.) It was unique in that it was designed and constructed without the use of any mechanical fasteners - it was held together by counterbalance, much the same way a stone arch is centered by a capstone.

In the early 20th century, a physics professor at the University set his students the task of determining how this engineering feat had been accomplished, and in the course of their studies, they disassembled the bridge only to find, to their dismay, that they were unable to reassemble it correctly. As a result, the current structure has nuts, bolts, and other mechanical fasteners in place to hold it together.

The lesson I convey to my Fortune 100 / Fortune 500 senior IT staff audiences is simply this: if you don't fully understand a complex system, how can you maintain it properly? And the obvious corollary is: if it ain't broke.....

And now the coda to this wonderfully symmetrical little tale: the story is apocryphal. Not only was it not designed by Newton, who died twenty-two years before the first bridge was built, there was no mechanical magic associated with its construction. It has been rebuilt, twice, most recently in 1905, lending credence to that aspect of the story above. (If you're really interested, have a look at this site.) But there are still a couple of lessons to be gleaned from this experience.

First, don't believe everything you hear, no matter how credible or attractive the story (or how closely it suits your personal ideology.) Verify your data, and don't be reluctant to drop a beautiful theory in the face of a potentially much less attractive fact. I've always loved that Newton story, and I was taken aback when I discovered it was false. But I learned a lesson.

Second, and more important, don't reject the valid message buried in the fantasy. You can't properly maintain a complex system unless you fully understand it. Access to source code is a prerequisite to fully understanding complex IT systems (although I grant that most IT shops, even the largest, don't extend their understanding to this level.) Systems that are built on published standards are easier to build and maintain - at least from the perspective of getting access to all pertinent information -  than those based on single-vendor solutions.

But at the end of the day, it's the function, not the form, that's important. This is a beautiful bridge, regardless of who built it, and it has served its purpose through the centuries. If you - or your customers - have a solution that works for them, whether it's open source or not, the first prerequisite to being able to properly maintain it is to understand it as completely as you can before you start changing things.

If it ain't broke......

Open or Libre?

It feels like a long time since my last entry, and in all honesty I've missed the satisfaction that invariably comes with making the time to separate from my "day job" and post an entry here. It surely isn't always profound, but I hope on balance that it's readable and, ideally, thought-provoking. One of my goals as an Open Source and Linux advocate is to get people to realize that there are real, viable alternatives that not only work as well as the desktop environment they've come to accept as the standard, in many cases they work better.

It's both a strength and a weakness of languages in general that words can have multiple meanings. I inherited a love of linguistics, and in the elegance of a well-turned phrase, from my father, but sometimes I struggle with the task that is the bread and butter of most lawyers and diplomats, namely, using exactly the right terms to get the correct point across. In our technology space, this struggle has persisted since the inception of the concept of available versus proprietary software, at a time when Universities routinely included the source code along with the computers until software became a differentiator - and a potential source of revenue.

One of the first distinctions was to call unlicensed (unencumbered by license, not pirated) software 'free', and a whole family of 'freeware' and it's cousin 'shareware' (where people were encouraged but not required to send something to the author as compensation) sprang up. Almost immediately the confusion surrounding the terms was apparent, and it became necessary to have endless discussions on the differences between "free as in speech" and "free as in beer." With time, and not a little obfuscating from  commercial software vendors, 'freeware' became largely a pejorative term, with undertones of lesser quality or even security vulnerability.

A watershed moment in the industry came with Netscape's decision to make the source code for its popular browser available without cost. At this point, Eric Raymond and others (see proposed substituting the term 'Open Source' in the place of 'Free Software'. At the time it was an improvement, and helped more clearly identify the underlying value to commercial businesses; having access to the source code made it easier to do business, and it didn't mean you had to give your products away. But the confusion didn't disappear entirely, it only lay dormant for a while, its' return fueled by the ambiguity inherent in the terms used, and in the persistent debate between the meaning of free as in readily available and free as in no payment required.

Some are now lobbying for yet another shift in the public lexicon, and although I haven't completely signed on to this one yet, I admit it has merits. Some years ago, the acronym addicts coined the terms FOSS (Free / Open Source Software) and its' variant, FLOSS (Free/Libre Open Source Software). The term libre became popular as a distinction from gratis; now you have two clearly different concepts, with tangible names, to help clarify the duality of meaning we've always had with free software.

So what do you think? Should we begin referring to Open Source software as Libre Software? Part of my concern with this nascent proposal is that continually changing what we call it only sets the movement back while people catch up and re-engage. Then there's the unfortunate but inevitable association of the term with radicals and revolutionaries, conjuring up images of government coups and power to the people. I can hear the sidebar conversations in Corporate purchasing meetings even now. We've only barely gotten past the negative connotations of 'freeware', do we really want to jump back into those shark-infested waters?

At the end of the day, by whatever label you identify it, access to source code is a key differentiator for businesses wanting to maximize their flexibility, minimize vendor lock-in, and optimize their IT operations. I also feel strongly that it's the inevitable future of our business. So let's continue this debate about what best to call it, but for now, my money remains on "Open Source Software".


Something I occasionally (sometimes frequently) struggle with is motivation; I seem to run in cycles that go from high energy to low. (And no, I don’t think I’m bipolar ;-) .) I understand that this is more or less a natural condition, and that people who are perpetually up or perpetually down are the exception. But I find myself casting around for ways to pull myself out of the low energy state more rapidly than my own natural cycle would have, and for me this ties in nicely with motivation.

As a society, it seems to me that we’ve fallen too easily into the habit of blaming external factors or people for our problems - in this case, lack of motivation. “My boss has given me too much work to do already” or “I couldn’t sleep last night, I’m too tired to do this now” or “The person in the next workstation is making too much noise, I’ll do this later.” But ultimately, we are autonomous beings, and with very few exceptions we can hold no one but ourselves responsible for what we choose to do or not do. When I remind myself of this, I can usually pull back from the excuses and decide what my true priorities are.

It’s said that recognizing the true problem is the hardest step toward solving it, so once I’ve cast away the excuses, I find it easier to motivate myself and break that low energy cycle earlier. So the message is simple: take responsibility for yourself and your own actions. If you want to work on something, work on it; if you don’t, don’t. But look honestly at why you’re making those choices, and at the very least you won’t be wondering why it’s so hard sometimes to get stuff done. We all need time to recharge our batteries, so to speak, and very few of us can be up all the time, but when, like me, you feel as if the low cycle is dragging on a bit, remember that you are autonomous, and you can break the cycle.

Attention Deficit Spending

I've come to the realization that over the years it has become harder for me to focus on tasks for long stretches, and while I've thought about it often I've never really attributed it to anything in particular. The dark side of my personality tries to convince me that it's some frightening pathology, but I know better, and I see that, like any other skill, if focus and concentration aren't exercised regularly they get out of shape.

The problem is simple: in the last twenty years we've been literally bombarded by an ever-accelerating array of informational inputs, each with its own sense of urgency that says "Stop what you're doing and pay attention!" The first was e-mail, that extraordinarily seductive ping with its implicit suggestion of self-importance. I mean, really: someone is communicating with you, why aren't you reading this now? And most of us did, in the same way that we used to stop whatever we were doing and pick up the phone when it rang. (Sidebar rant/ It really annoys me when a clerk checking me out in a store stops to answer the phone. Hey! I was here first! /Sidebar rant) But now thousands, possibly tens or hundreds of thousands of people (depending on your relative fame) have your email address, so the interrupt rate is much higher for email than it ever was for the telephone. Over time, we've learned to ignore a lot of it (there's an upside to everything, even spam,) or at least we did until the Blackberry and iPhone came along.

After email came the ubiquity of the cell phone. We're never out of reach now, unless we work really hard at it. I even called my wife from the northern terminus of the Appalachian Trail, the top of Mount Katahdin, a few years ago on a hiking trip with a buddy. An entire generation exists now that never knew a time when they didn't have this capability. But the limitations of voice-only conversations couldn't withstand the onslaught of technology for long, and soon there was SMS. Still not enough, but it introduced a pretty notable knee in the downward curve of attention deficit acceleration - people began to lose the ability to communicate in fully formed (and well thought out) sentences, because acronyms and emoticons were easier to use when all you had were your thumbs and a keypad designed for an infant's fingers. And more recently that's taken a particularly dark little side trip into traffic fatalities induced by morons who don't know better than to attempt to text and drive at the same time. Then there were blogs, originally intended to compress ideas previously expressed as essays into two, maybe three, paragraphs, because let's face it, nobody has time any more to read multiple screens. Still too much information, and Twitter was born. If you can't say it in 140 characters or less, don't waste any more of my time than you already have.

So with all these inputs, all clamoring for my attention, I've gotten out of the habit of concentrating for long periods of time. Ask yourself: when's the last time, other than reading a good book or watching a good movie, you focused on a task for at least two hours? (I'm being generous - four hours seems an eternity.) And I've found, to my dismay, that I'm falling behind on commitments I've made, simply because I jump from one thing to another without taking the time to focus on one task and see it through to completion. So here's a resolution: I'm going to devote time every day to focus on a single task for some period of time. I'm going to re-build the muscles I've let atrophy. And I suspect that, in so doing, I'll rediscover my ability to work hard for sustained periods and then relax.

Time to shut the phone off for the night.

Saving Money

One of the more familiar challenges we face as advocates of the Open Source model is building a compelling business case, whether for our external customers, or for our own internal decision makers. So it was with a combined sense of relief and excitement that I recently read Michael Tiemann's Open Source Whitepaper updated for 2010. Anyone engaged in scoping or selling solutions built around or including open source software should take ten minutes to read this concise comparison between open source and proprietary software. I found myself thinking of the quote often attributed to the late Senator Everett Dirkson along the lines of "...a billion here, a billion there, pretty soon you're talking about real money."

Adjusted for inflation, the magnitudes discussed in Michael's paper start with a "T" these days.

Work / Life Balance

I've just finished a two-week vacation, and it's proven to be a more relaxing experience than I've had in a long time. It's not just the change of scenery, (a couple of days exploring the old town in Zurich followed by a week in Bellagio, Italy, on the shores of Lake Como) although that certainly did relax me. I think what was different this time was that I made a conscious - and for the most part successful - effort to disconnect from work.

Oh, sure, I logged in just about every day, but this time all I did was scan my mail headers (a little more quickly with each passing day) and I can honestly say that the increasing backlog of mail I'll have to deal with when I return to the office tomorrow morning wasn't a pressing concern for me as I looked out our balcony window at the lake and the Alps beyond. And I kept my phone on 24x7, knowing that if something extraordinarily important came up at work, my manager would know he could contact me. But I really kept it on so that the trusted relative taking care of our pets at home could reach us in an emergency.

As a manager in a previous job role, I've often stressed the importance of maintaining a work / life balance with the people on my team; since I returned to a technical position, it's been harder for me to maintain that separation. But this recent experience has reminded me how really rejuvenating a real break from the routine can be, and while that may seem obvious or self-evident, it isn't always obvious or self-evident at all. (Common sense, someone said, isn't always common practice.) And ultimately, that relaxation, that re-energizing that happens, will make me more productive when I do return to work.

So the lesson I would pass along is simple: remember to stop occasionally and rest. Completely rest. It'll make the journey less hectic and ultimately more enjoyable.

Golden Rule(s)

In our profession (small 'p' now, I'm not referring to the Professions program) we're frequently faced with technology choices. There are usually a lot of variables involved in those choices, but all too often the financial impact is more heavily weighted than the others, and sometimes - not always, probably not even most of the time - that results in the wrong choice being made.

I propose a more fundamental question - two, really - be asked before any others when considering adopting a new technology, or changing an existing one. These questions should be asked by any rational decision maker, because they have a potentially significant impact on their business, their user base, their market. The questions are: Does this choice lock me in to a single vendor? and, Does this choice lock any of my users out?

I've come to think of this as a simple, two-sided coin type of mantra: no vendor lock-in, no user lock-out. I mean, think about it: no purchasing agent worth their paycheck would put their company at the risk of being held hostage by a sole-source vendor. It's a lesson most of us learn very early in our business careers. And why would you want to turn away business by preventing your customers from hearing your message? It's why the vast majority of web-based businesses support all the most popular web browsers, and use well-defined public standards when coding their public-facing web sites.

So think about these rules the next time you contemplate a change: No vendor lock-in, no user lock-out.