In the Trenches

Google today announced plans to work with a community to build a for 1 gigabit fiber to the home network.  Video announcement by Google's James Kelly can be viewed on youtube or at the main Google project page.  Information on the project and instructions for responding to the RFI can be found at the following link:

https://www.google.com/appserve/fiberrfi/

Stacey Higginbotham has an interview with Google product manager Minnie Ingersoll about this initiative on the Gigaom site.

Responses to the RFI are due no later than March 26th. 

The first Broadband Technology Opportunities Program awards have been announced.  The list of the first 10 can be found here.  More first round awards will be announced through February 2010.  I am hopeful that the next round of applications will focus primarily on municipalities and public safety. 

As the FCC continues to work on its National Broadband Plan it appears that existing networks will play a large role in this effort.  A presentation from the FCC's open meeting on December 16th can be seen here.

The City of Philadelphia will purchase the assets of what is left of the Wireless Philadelphia initiative.  Appears that the City will be investing approximately 17 million dollars over the next five years to build out the network with the major focus on providing connectivity for public safety and municipal use.  More information can be found here.

About a month ago I upgraded my laptop OS to Windows 7 from Windows XP.  I originally had Vista on my laptop, but after frustrations with some of the 'new' features I scrapped it in favor of the predictable XP.  Since the upgrade to 7 my user experience with my laptop has never been better.

A bit of information regarding the type of user I am.  I use my laptop mostly for pure business purposes.  As such I have Office 2003, use Firefox as my browser, AVG for anti virus protection, and most of the 'standard' plug ins and tools you would expect to find on anyone's computer.  I do not use my computer to run games or any application that would require - or run best in 64 bit mode.  In summary I do not consider myself a power user, but I would say I am an average user.  My expectation is that any software loaded on my system should work without a lot of hassle or  intervention on my part.

I will echo what most others have said about Windows 7; it is what Vista should have been.  At first glance there is nothing really extraordinary about it - it just works.  My laptop takes about 20 seconds to boot up as compared to over a minute when XP was installed.  All of the applications that I was using under XP installed and work without a problem.  I have decided to run the Defender anti-spyware application that is included in lieu of SpyBot.  So far it has worked well and I will continue to use it.  There is a free anti-virus application that can be downloaded called the Microsoft Security Essentials (works with XP, Vista and 7) that I have decided not to use, but instead stay with my trusted AVG.  Our security staff have been testing it for the past few months and they have been impressed with it.  We are seriously contemplating using it as our enterprise anti-virus solution.

Generally I am conservative when it comes to major upgrades with software applications and operating systems - I usually wait until the first upgrade is released and allow others to identify any issues etc.  With Windows 7 I would recommend to most anyone running Vista or XP to consider upgrading now and not wait.

Every day we read about organizations that have succumbed to the malicious intent of scrupulous coders and hackers.  As IT professionals we view the constant onslaught of scans, probes, penetration attempts,etc. as the unfortunate reality of connecting our organizations to the internet.  We build perimeter defenses and take great pains to ensure that these defenses will protected us against the latest exploit or vulnerability.  Most of us understand that a perimeter defense only offers one layer of protection and that we are just as vulnerable to an attack that is initiated from within our network.  Unfortunately some still treat the firewall as the first and only place that security must be implemented.

I always shake my head in disbelief whenever I read about an organization that is battling a virus attack that has infected many machines.  More times than not the virus has been introduced from an internal computer and spreads rapidly to many or most computers because of lack of anti-virus protection or outdated virus signatures on servers and workstations.  This appears to be the case at a school district here in Tucson where approximately 7000 computers were infected with the conflicker virus last month.  The district spent weeks rebuilding the affected computers in order to eradicate the virus.  Events such as this are avoidable by simply ensuring that all computers have current anti-virus protection installed and that the proper mechanism is in place to check for updates to the virus definition libraries at least daily.  More importantly a security strategy should be created and continually updated to protect all systems, applications, networks and data.  As an example we have an application "firewall" in place that can check application code against best practices and know vulnerabilities before we add it to our network.  We let our vendors know upfront that we will be scanning their application before we will implement, and will not sign off on a completed project until any programming issues are fixed. 

My mentor was always fond of saying that (and I paraphrase) "If we (IT) are not competent enough to do the basics well (system administration, data center management, and security)  we will never be trusted to do anything"  How trusted is your IT organization? 

 

 

I am sure by now that if your IT organization had not researched the use of Open Source tools and software in the past, the current budget environment has forced some form of analysis.  I continue to be surprised at the level of angst some have towards the use of open source solutions.  There are a lot of good applications and tools that have been written and are widely used.  At the City of Tucson we use: SNORT, OSSEC, Open DNS, NMAP, Apache, MySQL, Drupal, and Open Office to name just a few.  We are in the process of evaluating OrangeHRM as a HR solution and OneCMDB as our ITIL CMDB.  The open source applications allow us to quickly install and evaluate the product, and if the solution is a good fit for our need we can forgo the RFP process and move right on to implementation. 

If you are just getting started looking at the open source market I offer some things to keep in mind:

• Open Source is a service not a commodity.  Support is paramount to reduce risk and you should work with you procurement department to put together concise specifications for support. 
  
• Open Source is not free.  TCO will be dominated by support, learning, training and hardware costs.  Savings can be realized mostly in the implementation and licensing costs
  
•  Use of open source tools and applications can be used as a recruitment tool.  Most college students make use of and are familiar with these tools and will want to work in environments that make use of these technologies.
• As with any project - process analysis and improvement is vital to the success of any open source implementation.

There are a number of conferences available every year.  Some examples are OSCON  (Open Source Convention) and GOSCON (Government Open Systems Conference). 

A good starting point to locate and download open source tools and applications is SourceForge

A good example of an open source solution created in a short amount of time is the Federal IT Dashboard.   This application was created using Drupal and flash in a matter of a few months and brings together data from numerous federal agencies.  


 

Recently I had the opportunity to use a netbook for a few days.  I never really took them seriously before, just thought that they were a cool toy with minimal use.  My mind has been changed.  I can understand why netbook sales are taking off.

If you travel or just cart your laptop around all day the smaller size and lighter weight will be much appreciated.  Most weigh between 2-3 lbs and battery life can reach up to 12 hours without a charge.  I did not find the 10 inch screen or smaller keyboard (92% of the size of a laptop keyboard) to be a detriment at all.  One of the interesting things that I found in doing some product research is that some of the vendors (Asus for one) are offering on line storage free for a period of time with the purchase of a system.  When I consider the online storage services available, SaaS future, and the basic online application services (google apps and soon Microsoft as examples) I can see a future where devices such as these do not have storage in them and are merely a screen, keyboard (or just a touchscreen keyboard), a fast wireless capability and the OS on a chip.  This scenario could eliminate a number of the security issues and support issues faced by IT organizations in business and government.

These units are not a case of form over function.  They are extremely functional, and powerful with a price point between $200 - $400.  With budgets for most of us declining and fewer technology dollars to go around I expect that I will see an increase in the number of these units that will be purchased.  I know that I will be be purchasing one - very soon

As I have mentioned in previous entries I am responsible in my organization for following the Broadband Stimulus funding part of the ARRA. The latest expectation is that the requirements for grant funds will be published in July. As part of the process I have been reading the many articles and blogs on this topic along with the endless white papers and studies that are being published. The more I listen and the more I read, the more I am reminded of the movie Field of Dreams and the tag line "If you build it he will come". But in the broadband field of dreams will he come?

The Broadband Stimulus funding is approximately 7.2 billion dollars. While some have described this as a down payment on broadband investment, I am becoming fearful that much of this funding will go towards projects that will build many broadband "bridges to nowhere". Some questions that I continue to ask that no one has any real answers for:

• Is the issue being addressed availability of broadband or affordability? Has the analysis been done to document the need or are we in our haste trusting perception?
• Once built, how will the systems be sustained? Maintained? Upgraded? Where will the funding come from for the basic O & M costs and what will the plan be for insuring that 5 years from now the infrastructure built can grow to meet the demands of its users?
• Will projects that get funded build out to areas that lack any sort of infrastructure or will they continue to add to urban areas that already have capacity? A recent audit report by the Office of the Inspector General on the Department of Agriculture Rural Utilities Service Broadband Loan Guarantee Program does not paint an encouraging picture of how broadband stimulus projects might get funded to address availability issues.

The analogy has been made that the nation's broadband infrastructure is comparable in importance to the interstate highway system. I could not agree more with this analogy and am very supportive of building this infrastructure in support of our security, economic, and educational needs going forward. However I fear that in the case of the ARRA funding we might be putting the cart before the horse. What is our national broadband strategy? How will the projects that are funded as part of the ARRA fit in with and support a national strategy? I believe that we will all be better served in the long run if we take a little time to first define our strategy. There was a plan in place for the interstate system so why can't we have a broadband strategy in place before we fund broadband projects to ensure the goals of the strategy are being met by these projects?

To quote Yogi Berra, "If you don't know where you are going, you might wind up someplace else."

Note:  Over the next couple of posts I will try to focus on how my organization and others are looking at or planning to utilize some of the emerging technologies.  

In a post earlier this year, I made the statement that there is opportunity in crisis.  That the current economic conditions could be the catalyst that will enable sharing of resources amongst agencies that would result in improved service delivery and reduced costs.  My belief is that this will provide public entities with the capabilities to provide a higher level of service and overall will provide the best return on tax payer dollars.  I still believe that this is an important strategy looking forward, but such a quantum leap, as logical as it might sound, will require a tremendous amount of political will.  While this should be part of a longer range strategy for many, there are some short term gains along these lines that organizations can start to adopt that could provide some relief.  Cloud computing is one such strategy.

Cloud computing encompasses any one or combination of services delivered from the "cloud" software, hardware, or infrastructure.  This technology trend is one that I believe can not only free up resources, but might also change the way small and medium organizations approach IT.  As an example in my organization, almost 100% of the available time of our analysts are dedicated to maintenance tasks and system support.  This resource is fully utilized for these tasks because:

1. we are understaffed and can not hire new resources due to budget constraints,
2. we have some older technology that requires a high level of attention for its care and feeding.  While the desire to move away from this technology is present, and the risks of not doing so are understood, there is no capital to initiate a project to replace
3. we do not have any budget to hire help such as consultant, etc.

As a result of our current budget dilemma we have looked at any and all trends and technologies that could save time and money.  Cloud computing is one of those technologies that is promising.  There are reliability and security issues that must be addressed as part of any contract negotiations (and of course legal must be involved to work through transparency issues and ownership of data), but the list of available applications and services continue to grow as does the customer base.  Without increasing our budget or staffing levels it appears that - if we went the cloud route - we could start to free up personnel and fiscal resources that could then be applied to projects that could potentially save us more money and provide a higher level of service to our users.  

This is not for everyone and a careful understanding of the risks are necessary before embarking on such a journey, but I believe that cloud computing will be an important technology strategy (in some form) for most IT organizations.  I am interested to hear if anyone has taken or is planning on the cloud plunge.  Please share you thoughts.

So we sit on the brink of yet another malicious attack - the Conficker Worm - and wait patiently to see what evil it will unleash.  Most of the online and print media have been sounding the alarm for at least the past week.  Most have been reporting the facts as they are known, while others are sensationalizing the event in much the same way the Michelangelo virus was (for those that can remember back that far).  While I do not mean to trivialize the potential impact of this malicious code, I never cease to be amazed at how attacks such as this still manage to negatively impact business and government systems in this day and age.

The Conflicker Worm is avoidable by insuring that Microsoft patch MS08-067 is installed (MS08-067 was part of Security Update KB958644, which was published by Microsoft in October 2008), and that anti virus signatures are current.  While I certainly hope that I am wrong, I expect that we will read of organizations that will incur significant loses due to the effects of this virus.  Implementation of some basic best practices such as automatic virus scans on a regular basis, keeping current on OS security patches and virus definitions, and not allowing any external device (such as USB memory) to be used in a machine without first scanning the files will prevent a good majority of the problems that these viruses can cause.  In organizations such as mine it allows our security administrators to focus their attention fighting the never ending battle against those from around the world who try desperately to infiltrate our network in the hopes that we have some sort of window into some of the prized federal systems.  

There is nothing more important in any computing environment than having good security plans and practices that are followed diligently.  Any IT organization that is adversely impacted by a minor event such as this (and again I hope that this is nothing more than minor in its impact and effect) should seriously consider the value that it provides and whether its users would be better served by another provider.

The master of suspense Alfred Hitchcock knew that suspense is generated when the audience can see danger that the characters on screen are not aware of. He said, "There's no terror in the bang of the gun, only the anticipation of it."

There has been much anticipation over the last few months on when the "gun" that is the American Recovery and Reinvestment Act of 2009 would be "fired" or passed by congress and signed by the President, and what funding would be included.  Included in the Act is $7.2 Billion dollars for Broadband investment referred to as the "Broadband Technology Opportunities Program" or "BTOPs".  These funds will be distributed through the National Telecommunications and Information Administration (NTIA) within the Department of Commerce and the Rural Utilities Service (RUS) within the United States Department of Agriculture.  

There are still many unknowns regarding who is eligible for these funds.  For example the key terms "unserved" and "underserved" must be defined in order to establish eligibility, and although it appears that local governments, schools, etc. are the main focus of these funds, states and big incumbents could end up having a large role and say in how these funds are used.  Some of what of the knowns are that these grants will require a match of some sort (in most cases), and O & M costs for out years will need to be budgeted and funded.  

So where to from here?  Based upon some presentations I have participated in and reading on this matter, the following are all recommended:

Ensure that all proposed projects meet the criteria outlined in the BTOPS.  The broadband bill can be read here
Be proactive in partnering with state and private entities if necessary.  
Enlist the support of all levels of elected officials.  
Be proactive in helping NTIA and RUS define the terms of the program.  On March 2nd the NTIA started meeting with interested parties and on March 10th there will be a public joint meeting with the NTIA, RUS, and FCC on the broadband initiative of the stimulus.  This meeting will be web cast live - go here for more details.

Although the gun has been fired there is still the suspense of another yet to be fired.