Oren’s Weblog

Last night after dinner at the Columbia faculty club, Tony, Bob, and I went out to Iridium to hear the debut performance of Cindy Blackman‘s New Lifetime – wow!!!

New Lifetime is Blackman’s tribute to Tony Williams, primarily of his Lifetime period in the early-to-mid-seventies. The original Lifetime included Williams on drums, Larry Young on Hammond organ, and a John McLaughlin on guitar (they later added Jack Bruce on bass).

New Lifetime is made up of Blackman on drums, Doug Carn on organ, Greg Osby on alto sax, and Kevin Hunter on guitar. They played mostly the difficult music from the original Lifetime – it was loud, intense, and incredibly energetic. Blackman is a phenomenal drummer, and there was no doubt who the leader of this group is.

I hope this group records – it’s worth hearing.

Two nights of great jazz in New York and we barely scratched the surface of what’s available – though the early mornings have certainly left me feeling drained at the end of the week.

Technorati Tags: CSG, CSG-Spring-2007, jazz, music

Educause live – June 5 – covering the increases in royalties for streaming radio. June 19 – campuses outsourcing student email to Google (Steve Worona looking for speakers).

Cliff – CyberInfrastructure office at NSF starting to generate solicitations for proposals for considerable numbers of things. Most recently an announcement for “community-based data interoperability networks” – looks like it’s designed to fund interoperability for scientific data on projects – relatively small grants (up to around $250,000). The solicitation we’ve been expecting on data prototypes doesn’t look like it will be out till July.

NEH has launched a digital humanities funding project. There was a meeting of digital humanities centers a couple of weeks ago. They may be moving towards funding these kinds of centers.

An astounding proposal made for a new set of copyright laws, originating from AG Gonzales – they want to criminalize things like attempted copyright infringement, bring copyright infringement under the RICO statute. Keep an eye on this.

Mark Luker – House science committee having a hearing June 5 on control of P2P file sharing (due to a member from Nashville). There will be four witnesses, including one from Arizona State, that has tried out Audible Magic technology; the president of Audible Magic; A rep from Illinois State who’ve been testing out different technologies; and Greg Jackson on why these technologies aren’t perfect.

Jerry brings up the management of CSG surveys. We do a lot of surveys – should we have a data coordinator? Bill says that the surveys are as of a point in time and he’s not sure of the value of keeping that around. Phil suggests that having a place to collect the survey data might be useful.

Spam -

Greg – moved to Mirapoint RazorK which does the same stuff as PureMessage but also notes if identical messages come in in batches, which knocked out a whole bunch of stuff that PureMessage didn’t capture. It has had some false positives. They also quarantine for two weeks.

Bruce – Stanford also uses PureMessage. Other departments use other things – business uses Iron Port which they like. Texas likes that too, as does Virginia. Berkeley uses that too, in series with everything else.

Greg – Tbird client filter is pretty good.

John – uses Barracuda device – been adequate though not spectacular. Once they taught admins to click vendor default button instead of customizing it’s been much better. They’re taking a strong look at Iron Port, which has just been purchased by Cisco.

Phil – we could be benchmarking spam catching data across the institutions, which might be more valuable than anecdotal testifying.

Michigan has put temporary rejection of mail into place at the end of the spam filters. Joel says graylisting has made a big difference in spam receipt, as has Berkeley. UC Berkeley couldn’t get to contract terms with Sophos and dropped them.

MIT has been using Barracuda spam firewall.

Paul – CalConnect update – most recent meeting was in Seattle at Boeing, next in fall is at MIT. New members include Google, Scalix, … next meeting will have demos using CalDAV and free/busy searches of CalDAV including Boeing’s gateway to Exchange. Next few months will see CalDAV products shipping. Mobile vendors have asked the consortium to take on looking at the vCard standard, so there will be a full-day workshop at the MIT meeting. Bob notes that it was impressive to see engineers from all those companies sitting around the table working together.

RL Bob – Shib and InCommon – Shib working on 2.0 release. Small scale beta anytime now, full-scale before Shib camp in Portland June 25-27. implements SAML 2.0, authn requests, logout, Java SP. InfoCard – new paradigm signon method for web apps. Only significant way we have of fighting phishing – the card paradigm instead of sites asking for login and password. Often talked about in terms of self-provided credentials, but also useful for enterprise-provided credentials. Expecting to this to be ubiquitous, but it will take a while to get there. Shib folks will be working on implementing this (not in Shib 2.0). Shel asks about the relationship between Liberty Alliance and InfoCard – no particular relationship. There is still active work going on in Liberty, but that’s separate from this.

InCommon – 5-+ participants, 35+ universities, 15+ partners – over half of CSG members are now InCommon members. Community Working Groups – Apple, re iTunes U; library services (re using shib with licnesed content, search, citation mgt, etc); student services (federation opportunities in admissions, transcripts, enrollment verification, etc); US Gov (e-auth, NIGH, Dept of Ed).

OpenID – openid.net
- “user-centric” internet identity (“a cool hack” – RL Bob)
- has nice features of being dynamically deployable. blog-centric in many ways, evidence of popularity, yet another thing to support

Gary – putting up blogs.nyu.edu – how seriously should they think about putting up blogs? Bob – the canonical case is blog comment authentication – but when it gets popular enough the spammers will set up their own OpenID provisioning sites.

Paul Hill – federation technologies are beginning to succeed. Let’s say we accept these IDs for anyone dealing with our university. What does this do to our sense of community for all of our online tools? How do people understand the community they belong to? Phil thinks that in the long run he can’t see higher ed remaining the provider of electronic identity – people will have online lives both before and after they’re at the university – we give identities because there is no good alternative.

Steve Worona – there isn’t a current way to overlay universities with congressional districts. He’s got a list of addresses of institutions – who’s interested in taking on this challenge to mash this up? Note that congressional districts don’t match to zip codes.

Ron notes that at Wisconsin they’re seeing lots of less-qualified contents for their jobs. One of the California schools says they’re having to pay 10-12% higher salaries than last year to pull in candidates.

Brad – Community source update – Had about 200 people in St. Louis for Kuali days. Release 2 of Kuali goes to code freeze in July. Release 2.1 is targeted for June 1 of 2008, which will include capital assets tracking. Sakai put out 2.4 release. Release was coordinated out of South Africa, and the chairman of the Sakai board is from the UK. Four new tools went from contrib to provisional, and three from provisional into the core. Rice, the Kuali workflow and service buss, is making progress, and is the first community source project with no foundation funding. See rice.kuali.org.

Technorati Tags: CSG, CSG-Spring-2007

Educause live – June 5 – covering the increases in royalties for streaming radio. June 19 – campuses outsourcing student email to Google (Steve Worona looking for speakers).

Cliff – CyberInfrastructure office at NSF starting to generate solicitations for proposals for considerable numbers of things. Most recently an announcement for “community-based data interoperability networks” – looks like it’s designed to fund interoperability for scientific data on projects – relatively small grants (up to around $250,000). The solicitation we’ve been expecting on data prototypes doesn’t look like it will be out till July.

NEH has launched a digital humanities funding project. There was a meeting of digital humanities centers a couple of weeks ago. They may be moving towards funding these kinds of centers.

An astounding proposal made for a new set of copyright laws, originating from AG Gonzales – they want to criminalize things like attempted copyright infringement, bring copyright infringement under the RICO statute. Keep an eye on this.

Mark Luker – House science committee having a hearing June 5 on control of P2P file sharing (due to a member from Nashville). There will be four witnesses, including one from Arizona State, that has tried out Audible Magic technology; the president of Audible Magic; A rep from Illinois State who’ve been testing out different technologies; and Greg Jackson on why these technologies aren’t perfect.

Jerry brings up the management of CSG surveys. We do a lot of surveys – should we have a data coordinator? Bill says that the surveys are as of a point in time and he’s not sure of the value of keeping that around. Phil suggests that having a place to collect the survey data might be useful.

Spam -

Greg – moved to Mirapoint RazorK which does the same stuff as PureMessage but also notes if identical messages come in in batches, which knocked out a whole bunch of stuff that PureMessage didn’t capture. It has had some false positives. They also quarantine for two weeks.

Bruce – Stanford also uses PureMessage. Other departments use other things – business uses Iron Port which they like. Texas likes that too, as does Virginia. Berkeley uses that too, in series with everything else.

Greg – Tbird client filter is pretty good.

John – uses Barracuda device – been adequate though not spectacular. Once they taught admins to click vendor default button instead of customizing it’s been much better. They’re taking a strong look at Iron Port, which has just been purchased by Cisco.

Phil – we could be benchmarking spam catching data across the institutions, which might be more valuable than anecdotal testifying.

Michigan has put temporary rejection of mail into place at the end of the spam filters. Joel says graylisting has made a big difference in spam receipt, as has Berkeley. UC Berkeley couldn’t get to contract terms with Sophos and dropped them.

MIT has been using Barracuda spam firewall.

Paul – CalConnect update – most recent meeting was in Seattle at Boeing, next in fall is at MIT. New members include Google, Scalix, … next meeting will have demos using CalDAV and free/busy searches of CalDAV including Boeing’s gateway to Exchange. Next few months will see CalDAV products shipping. Mobile vendors have asked the consortium to take on looking at the vCard standard, so there will be a full-day workshop at the MIT meeting. Bob notes that it was impressive to see engineers from all those companies sitting around the table working together.

RL Bob – Shib and InCommon – Shib working on 2.0 release. Small scale beta anytime now, full-scale before Shib camp in Portland June 25-27. implements SAML 2.0, authn requests, logout, Java SP. InfoCard – new paradigm signon method for web apps. Only significant way we have of fighting phishing – the card paradigm instead of sites asking for login and password. Often talked about in terms of self-provided credentials, but also useful for enterprise-provided credentials. Expecting to this to be ubiquitous, but it will take a while to get there. Shib folks will be working on implementing this (not in Shib 2.0). Shel asks about the relationship between Liberty Alliance and InfoCard – no particular relationship. There is still active work going on in Liberty, but that’s separate from this.

InCommon – 5-+ participants, 35+ universities, 15+ partners – over half of CSG members are now InCommon members. Community Working Groups – Apple, re iTunes U; library services (re using shib with licnesed content, search, citation mgt, etc); student services (federation opportunities in admissions, transcripts, enrollment verification, etc); US Gov (e-auth, NIGH, Dept of Ed).

OpenID – openid.net
- “user-centric” internet identity (“a cool hack” – RL Bob)
- has nice features of being dynamically deployable. blog-centric in many ways, evidence of popularity, yet another thing to support

Gary – putting up blogs.nyu.edu – how seriously should they think about putting up blogs? Bob – the canonical case is blog comment authentication – but when it gets popular enough the spammers will set up their own OpenID provisioning sites.

Paul Hill – federation technologies are beginning to succeed. Let’s say we accept these IDs for anyone dealing with our university. What does this do to our sense of community for all of our online tools? How do people understand the community they belong to? Phil thinks that in the long run he can’t see higher ed remaining the provider of electronic identity – people will have online lives both before and after they’re at the university – we give identities because there is no good alternative.

Steve Worona – there isn’t a current way to overlay universities with congressional districts. He’s got a list of addresses of institutions – who’s interested in taking on this challenge to mash this up? Note that congressional districts don’t match to zip codes.

Ron notes that at Wisconsin they’re seeing lots of less-qualified contents for their jobs. One of the California schools says they’re having to pay 10-12% higher salaries than last year to pull in candidates.

Brad – Community source update – Had about 200 people in St. Louis for Kuali days. Release 2 of Kuali goes to code freeze in July. Release 2.1 is targeted for June 1 of 2008, which will include capital assets tracking. Sakai put out 2.4 release. Release was coordinated out of South Africa, and the chairman of the Sakai board is from the UK. Four new tools went from contrib to provisional, and three from provisional into the core. Rice, the Kuali workflow and service buss, is making progress, and is the first community source project with no foundation funding. See rice.kuali.org.

Technorati Tags: CSG, CSG-Spring-2007

Way to go, MIT!

Following opposition by MIT, the Society of Automotive Engineers halted implementation of digital rights management controls aimed at restricting access to SAE documents. On April 19, SAE issued a press release stating that they would not enable DRM controls “on the Society’s Digital Library of technical papers for licenses at colleges, universities, and other academic institutions.”

Full story at:

http://www-tech.mit.edu/V127/N26/drm.html

Thanks to Paul Hill for pointing this out!

Technorati Tags: DRM, higher-ed, academia

Shel is talking about the work they’ve done at UC Berkeley. They’ve taken up a program of readiness, varying their drills so they’re not only preparing for an earthquake – their actual disasters have included floods, windstorms, fires.

They got a grant from FEMA to create a tool for higher ed which could be released in open source. They looked at commercial packages, but the prices were just outrageous.

You use the tool to develop a plan, then do an exercise which tests the specific plans. Each of the 12 departmental EOCs do two drills a year in addition to the campus-wide drills.

Content of a business resumption plan – 1. departmental identification (any size); 2 critical functions (critical= necessary for achieving 30-day resumption of teaching & research); 3. Information technology (included in every departmental plan); 4. Faculty engagement (you can receive service credit for tenure by participating in planning and drills).

Shel’s looking for a few institutions to help participate in creating and maintaining the tool.

The demo site is at:

http://bcptdemo.berkeley.edu/

They expect an end population of more than 300 plans. Right now they have about 70. You can’t exit academic program review unless you have a continuity plan.

Technorati Tags: busines-continuity, CSG, CSG-Spring-2007, disaster-recovery

Bill Clebsch from Stanford is coordinating a session on Business Continuity and Disaster Recovery

Full results of survey are up on the web at http://www.stonesoup.org/Meeting.next/mtg.pres/clebsch2.htm

Bill asks how many of us are ready for a disaster – at Stanford they say ready is being documented and drilled. Most of us are prepared for major events, maybe better than we are for smaller events (like one that would just take out the data center). Stanford estimates that they could function for around sixty days without financials – beyond that the big driver is being able to make payments to the federal government.

If you only have excel and word, you dont have a business continuity tool

Drilled means exercised quarterly – any less often means it likely won’t work.

Scope is focused around enterprise computing – Bill really worries about departmental systems. The future is in arranging partnerships with other institutions.

Lessons from Hurricane Katrina - ECAR research bulletin – Catherine Lewis from Xavier.

There’s a role-playing discussion of disaster recovery. Shel asks about whether people are worried about the NIH and NSF regulations around access to data any time during the grant. One opinion expressed is that researchers aren’t worried about that compliance, while another is that non-compliance is another risk that must be managed. One person says that any institution that pushes these compliance issues ahead of their peer institutions risks losing their faculty to other institutions that won’t push compliance as strongly.

Shel says that he’s achieving some success by brokering a connection between Risk Management and Sponsored Programs, so that it’s not IT pushing the issue with researchers.

Texas is in the process of cataloging every computer on campus – they’ve developed a tool that’s being used across campus to catalog data in three categories. Everyone is obliged to report what kinds of data are on each computer, from faculty desktops to the mainframe. This is a huge process, which has created some happiness among faculty.

It’s mentioned that there are faculty that insist that the data is theirs and that the institution does not have any role to play in poking its nose in, whether for backup or other purposes.

Bill suggests that IT is not the group in the position to suggest value of various risks of loss of data or operations. Phil Long says that there are people with that expertise in the financial sector who could be brought in. Cliff agrees that this is properly framed as a risk management issue, but that in the last few decades many campuses someone has wandered through and said they need to place a value on the campus library, in the context of risk management and self-insurance, not in terms of business continuity. They’ve had terrific trouble with that, because some of the material is very replaceable, and that’s the stuff they know what to do with in valuation, but other stuff is rare, and is more like museum treasures – irreplaceable and highly valued, but they end up coming to the conclusion that there’s no point in taking out higher insurance values, but better to invest in its protection with better environmental controls, security, etc.

Ken points out that NYU’s experience through 9/11 is that the ability to continue to communicate with the community is absolutely essential in any disaster.

Mike Pickett notes in the back channel that “Duke did a university-wide risk assessment last year and set the level for making it onto the “risk list” as multi-million $ impact.”

Technorati Tags: business-resumption, CSG, CSG-Winter-2007, disaster-recovery

Ken Auerbach from NYU is leading a conversation about help desk metrics.

What kinds of things are meaningful to know about the help desk?

Bill says that time to resolution of help desk tickets has a strong correlation to the perception of organizational quality.

Joel says that reporting what kind and how many issues get passed to 2nd and 3rd level support is of interest. Ken thinks that the second level needs to know what the first level solved.

I said that real-time information on what kinds of things are coming in to the desk is important. Kitty says that using help desk requests to understand impacts of changes in services is of interest.

Paul Hill points out in the back channel this service at MIT that gives some real-time information on service availability: http://3down.mit.edu/3down/index.php.
Greg shows this service at Chicago, which is also available as an rss feed: http://hp-announce.uchicago.edu/archive.php?areaID=30&listType=current.
Shel responds with Berkeley’s site, which is hosted offsite in the event of local failure: http://ucbsystems.org/.
Steven chimes in with Princeton’s version: http://helpdesk.princeton.edu/outages/list.plx.

What are the kinds of things we want to know about our services? (from NYU):

Categories such as Performance (availability of a particular service, mean time between failures, mean time to repair); Utilization (Who, When, for what); Satisfaction; Costing

Ken says that Metrics have to tell a story – correlating the numbers with specific events and contexts (e.g. XP released, blaster worm, machine registration improved, etc).

Karen from CMU says that they often do lightweight benchmarking with other institutions. She asks if we shouldn’t have some sort of designated contact at our institutions for IT benchmarking. Does it have to go through the CIOs?

Shel notes that there’s a lot of work in normalizing data, though ITIL helps with some of that. Bill and Jerry agree that the Stanford/MIT benchmarking work was not at all lightweight, but that it had significant impact, changing the way they did business in the help desk and their client surveys. It took them months to agree on data definitions, but that’s where the payoff lays.

Technorati Tags: CSG-Spring-2007, help-desks, it-support, metrics

Ken Auerbach from NYU is leading a conversation about help desk metrics.

What kinds of things are meaningful to know about the help desk?

Bill says that time to resolution of help desk tickets has a strong correlation to the perception of organizational quality.

Joel says that reporting what kind and how many issues get passed to 2nd and 3rd level support is of interest. Ken thinks that the second level needs to know what the first level solved.

I said that real-time information on what kinds of things are coming in to the desk is important. Kitty says that using help desk requests to understand impacts of changes in services is of interest.

Paul Hill points out in the back channel this service at MIT that gives some real-time information on service availability: http://3down.mit.edu/3down/index.php.
Greg shows this service at Chicago, which is also available as an rss feed: http://hp-announce.uchicago.edu/archive.php?areaID=30&listType=current.
Shel responds with Berkeley’s site, which is hosted offsite in the event of local failure: http://ucbsystems.org/.
Steven chimes in with Princeton’s version: http://helpdesk.princeton.edu/outages/list.plx.

What are the kinds of things we want to know about our services? (from NYU):

Categories such as Performance (availability of a particular service, mean time between failures, mean time to repair); Utilization (Who, When, for what); Satisfaction; Costing

Ken says that Metrics have to tell a story – correlating the numbers with specific events and contexts (e.g. XP released, blaster worm, machine registration improved, etc).

Karen from CMU says that they often do lightweight benchmarking with other institutions. She asks if we shouldn’t have some sort of designated contact at our institutions for IT benchmarking. Does it have to go through the CIOs?

Shel notes that there’s a lot of work in normalizing data, though ITIL helps with some of that. Bill and Jerry agree that the Stanford/MIT benchmarking work was not at all lightweight, but that it had significant impact, changing the way they did business in the help desk and their client surveys. It took them months to agree on data definitions, but that’s where the payoff lays.

Technorati Tags: CSG-Spring-2007, help-desks, it-support, metrics