Municipal WiFi – A Public Utility

Municipal WiFi networks (“MuniNets”) are city-wide 802.11x (b,e,g,n) (wireless) mesh networks that can run an average city $10-15 million. Wireless transmitters are positioned throughout the city in public right-of-ways like atop street poles, traffic lights, and pedestrian traffic areas. The mesh network creates a “fabric” of connectivity that allows anybody with a wireless device to see the network, attach to it, and, subsequently, use the Internet for free.

The state of Muni-WiFi currently look like this: 159 existing and operational networks; 54 networks under construction; and 78 Mini-WiFi’s under RFP (request for proposal). Muni-WiFi is a big deal – some big names are getting into the picture like Google, Microsoft, Earthlink, Cisco, and Motorola; example – Portland, Oregon is getting their MuniNet up by the end of 2007 through a partnership with Microsoft and a company called MetroFi; Google’s in San Francisco in partnership with Earthlink.

Okay, so everybody wants a piece of the action but if the connectivity is free, you might wonder, “er-what action”? Well, in Portland, MetroFi will push banner ads at the top of the browser for free connectivity, and if you want connectivity with no ads, that’d be a cool $20/month paid to the local municipality, please.

Think of it: a free, public domain hot spot the size of downtown.

If you’re into finding unique ways to fund city government, this is looking pretty compelling: suddenly you’re an ISP and capable of directly competing with local teleco’s, LEC’s, and ISP’s. You’ve got economy of scale on your side – a literal city of interconnected users – and a bunch of advertisers salavating over a steady stream of narrow-targeted ads to WiFi owners.

On the other hand, if you’re not about open services and are into private enterprise, the explosion of “MuniNets” must look pretty scary. Think how LEC’s and ISP’s are going to find it even harder to compete against a public utility. Further, think of all of the hardware investments made by thousands of individuals and businesses to setup their own hotspots throughout town – key to their strategy to attract and retain customers, now people can wifi whereever they want and they don’t need to be sipping your coffee.

And if you’re a technology service provider, you’ve got to be in a downright panic. No more wifi routers to configure within the home or office; no more problems with privacy and security; no more threatening scare tactics about who may be sniffing your wireless packets. Why? Connectivity on a “MuniNet” is professionally managed and available from the street… just like water. Crap – there goes next year’s business plan.

There’s a lot of risk here, though. MuniNet’s are being implemented with current standards of wifi that don’t hold a candle to the next generation of technology – 802.16 WiFiMax: 75mbps throughput in a 30-mile radius operating at 2.5-2.7ghz. Providers of this technology might be able to leapfrog the MuniNet and tap right into suburban areas that are beyond the municipal reach, rendering the MuniNet obsolete.

Regardless, the writing’s on the wall: WiFi as a utility is here. If you’re not preparing for a mass consumer exodus from privatized services like cable, xDSL, or ISP’s to a nearly costless public utility, or, if your business depends on any of those services (like router hardware and software sales, service and support relationships, installation and deployments), or, if you’re not planning on how to leverage free brandwidth to lower your own operating expenses, ouch – it’s going to leave a mark after it whacks you upside the head next year.

R

Russell Mickler works a technology consultant in Battle Ground, WA, USA. With over thirteen years of experience, Mickler holds a CISSP, MCSE, a Masters Degree in Information Technology, and is pursuing his Doctorate at Walden University. His website can be found at www.micklerandassociates.com; he can be contacted at mickler@micklerandassociates.com.

MsOffice 2007 Compatability Pack for MsO2003

Strangely enough, I’m already finding that I had to download this:

http://www.microsoft.com/downloads/details.aspx?familyid=941B3470-3AE9-4AEE-8F43-C6BB74CD1466&displaylang=en

This is a whopper of a “pack” – it’s 29 megs – and allows Office 2007 documents to be opened in Office 2003.

Microsoft recommends that users run Microsoft Update against their machine to get the latest updates prior to introducing this pack.

R
www.micklerandassociates.com

Outlook 2007 will not Support Exchange 5.5

Something of interest to system administrators in legacy environments.

Outlook 2007 will not support MAPI configurations under Exchange 5.5. Outlook 2007 will only support Exchange 2000 or higher. From what I’ve read, Outlook 2007 doesn’t even recognize the Exchange 5.5 mailbox for establishing the MAPI profile, nor can you create the mailbox from Outlook.

This support limitation is outlined on Microsoft’s Office Products Site.

R
www.micklerandassociates.com

Organic SEO Techniques

Over the last month and a half, I’ve been compiling free – or, “organic” – SEO techniques that anyone can apply to their website to improve search engine relevance factors.

It’s been an interesting study because it has revealed a predictable, almost democratic nature of search engine technology that can be applied by anyone anywhere to influence search engine positioning. Patterns beget more patterns, all of which can be used by anyone to manipulate what Google or other search engines “see” in a website and how that manipulates relevance.

I’ve compiled my findings on “organic” SEO into a presentation on my site, primarily usable for my students and my lectures but can really be read and understood by anyone. That presentation can be found here. All of my presentations can be found on the Documents section of my website.

R
www.micklerandassociates.com

The Web Announces 3.0 Beta

This week it was announced that Web 3.0 is in beta!

Now this may come as a surprise to many of you who figured there was still a lot of life left in Web 2.0, and for those who figured Web 1.0 never really got off the ground in the first place and for those who think Web 2.0 is related to Internet II or IPv6, I’m afraid you’re entirely off base because they really have nothing to do with Web 2.0 and absolutely zilch to do with Web 3.0. Still, Web 3.0 holds a lot of promise but before we get to that, let’s bring the rest of the class up to speed.

Web 1.0 was the dot-com era up to the point of the bubble bursting like a bad zit. Web 1.0 was all about over-selling and over-hyping capabilities and products. Web 1.0 was strictly “pushed” content. You logged into a website and you just received what was there; it was simply TV on steroids.

I think a lot of people take credit for what came after Web 1.0 so it’s hard to definitively say when and who coined the term “Web 2.0″. I can say that it’s been around since 2004 and it generally refers to the idea that the web is pliable medium for the end user that can be participative and engaging; that the end user/consumer helps create content as much as they receive it. Wikipedia, great example – public-edited and published content. Blogging, and by extension, Technorati, viral marketing, Flickr, BitTorrent and Morpheus, self-publishing like esyndicates.com and Cafepress.com. If you can imagine participating in the web as a two-way “push/pull” medium, you can imagine watching the web through 2.0 glasses.

Since January 2006, many have argued that the Web 2.0 is in a general stage of transition. We’re now seeing the emergence of the Internet as a vast utility in the public domain, full of software applications with open API’s (Application Programming Interfaces) that allow software developers to tap into the vast services and applications constructed on the Internet. In business terms, it’s like the Internet is an immeasurably large factory. All you need do to take advanatage of slack capacity within the factory is to introduce your data to be processed. The factory bangs and whirls, eventually spitting out a finished good where all cost of production was provided for free in the electronic public commons. If you can leverage this then you’ve got a _costless_ factor of production. It’s like somebody manufactured your widget for free and handed it to you right off the production line!

Web 3.0, the semantic web, is boundaryless computing where your computer is just an extension of all other computers connected to the public commons. Programs running on other computers are available as a program from your computer through common programming interfaces. A great example of this today is AJAX and Google Maps. AJAX is a programming language and interface so that you can pass questions (queries) to Google’s Mapping service for free. Google’s service then responds with mapping information, handing it over for free to your application. Google is the big machine out there for the public good. Did I mention this was all for free? Your application is but a tiny stub of that machine. And it was costless to produce the map.
In Web 3.0, we’re not just creating content, we’re leveraging free automation throughout the web to produce outputs. Whether or not we’re using spreadsheet applications on the Internet, video presentation tools, or, we’re writing local apps to use service oriented architecture (SOA) to retrieve data programmatically from the Internet, our computer becomes just a simple node to a much larger computer system/program offered for free in the public commons. I guess it goes back to Sun’s old idea: the network IS the computer, stupid.

So, rejoice! Web 3.0 beta is upon us! Myself, I’m ready to start passing the web my student’s papers to grade. Login to a website, upload a Word document – BANG! – receive a score on mechanics, style, presentation, citation, and thesis back from the Net. Now that’s Web 3.0 self-service on steroids!

R

Russell Mickler works a technology consultant in Battle Ground, WA, USA. With over thirteen years of experience, Mickler holds a CISSP, MCSE, a Masters Degree in Information Technology, and is pursuing his Doctorate at Walden University. His website can be found at www.micklerandassociates.com; he can be contacted at mickler@micklerandassociates.com.

Conversations from the Field: The Fall of the Geek

Regarding commentary that I wrote on an upcoming assignment where students are to explain the benefit of describing technical information in graphical terms. More ideas on my utilitarian principles of IT; IT as a ubiquitous utility.

The visual representation of processes and components allow the technical professional to transcend geekness and talk to a business person. People who do this well stay away from acronyms and dizzying technical specifications because they can confuse an audience.

Meanwhile, insecure technolgists feel compelled to introduce technical terms because it reinforces their own ego in a room of decision-makers. Combined with a form of social anxiety rooted in their own lack of self-confidence, the traditional geek struggles to both understand big-picture concepts and relate them in a way that makes sense to functional managers.

I’ll give you some of my experience on this. Aside from consulting, I’ve worked as a technology manager, director, and VP of IT. When I make presentations to a functional management team, I talk processes. I use their own roles, terms, and business processes to illustrate how technology will improve these processes. I stay away from technical acronyms or specifications. I’m dressed as my functional peers, I’m standing, presenting, taking charge of the room to relate core ideas in under ten minutes. Anyone will tell you that if you don’t dress the part, nobody will take you seriously, and dragging a presentation beyond 10 minutes is an attention-risk. People will start whipping out their Blackberry’s doing whatever they can to ignore you and to remain productive.

How future technology professionals address this problem really represents the value we place in technology pros who’re smart yet also communicative; technically-adept yet understand the core business; can drill deep into a problem but can understand the broader business process implications. This breed of geek is difficult to come by and you pay dearly for them. They are often generalists when it comes to technology, choosing to understand a broad array of technological areas rather than niche themselves in a single area like databases, programming, hardware, or networks. Where they sacrifice street cred with their technical peers, they make up in seeing broader pictures where technology can be applied. These are the people who make great senior managers, directors, and executives because they can susinctly communicate complex ideas in a way that relates to the problem of business.

And that’s what our case is struggling with now. Functional IT managers who’re really good at managing IT problems are being asked to pitch the value of the call center and the software package you’re responsible for. As a tactical decision-maker in IT, this is a learned skill: the CEO is right to have you consider what happened and how communication could have been made more effective. In fact, I’ve done this before with tactical and operational employees in my organizations where, after a confusing meeting, I’ve pulled them aside and discussed how it could have been better handled and what was important to the audience. Without such mentoring, I feel my subordinates would suffer from an intolerable malaise of being unable to communicate with others, lowering their own self-confidence and creating a cycle of fear for dealing with end-user constituents. On the other hand and far worse, as a strategic-level director, I couldn’t delegate – internal constituents would always want to talk with me instead of my management team, and that’s a real problem. I needed to establish trust in the tactical levels of my staff so relationships between my managers and, say, the purchasing and AP managers could grow. And even as a tactical manager, I had the same concerns for my operations staff: there had to be a willingness on my part to mentor the technical employee to overcome their self-confidence issues and deal with the public. I think this is rightly what we see here in the case.

When we don’t see this, we see IT and its operations/tactical team become isolated and autocratic. They don’t deal with the public because it intimidates them, worse yet, they could arrogantly believe because the public doesn’t _understand_ the technology that dealing with end-user consituents is a waste of time. This causes the technology climate to belittle users. Perhaps you’ve seen some of this in your own professional experience?

In my opinion, adding a program manager only adds another layer where you hope to delegate the communication role to somebody else. In my opinion, why aren’t you – the tactical manager responsible for implementation – grappling this problem on your own and improving your own project management skills? Indeed, when you go about describing what skills and abilities this role should have, should these be _your_ abilities? In an era where the IT organization is considerably flatter, where there are fewer tactical decision-makers, we _need_ more facilitators – not managers – and it appears to me that you’re almost trying to hire your replacement!

So I’d like to get you to think about the skills and communication ability and perspective of a program/project manager because those skills are what you should be improving upon as well. Additionally, consider for a minute the rationality of hiring somebody to do _your_ job in an age where downsizing is so totally fashionable. Is that approach good for the company, good for end users, good for you?

A couple of areas in the reading to pay attention to on this. Look at the technical vs behavioral approach to IT on pages 26-27, and Laudon’s own approach called Sociotechnical Systems. Take a look at the challenges facing information system management issues on page 28 – what kind of skills will be needed to tackle these problems? Take a look at page 75, Organizational Politics, organizational dynamics on page 82; pages 85-87 on IT decision-making; pages 102-103 on opportunities and management challenges. Factor these ideas into your discussion.

R

——————————————————————————–
From: (Student)
Sent: Fri 11/17/2006 6:27 PM
To: Russell MicklerSubject:
RE: IT460-2 P1T3 Commentary

I find your article very interesting and encouraging. I have been at my first IT job since March. I am in Customer service, and I don’t talk geek. I often feel inferior when around my peers, but when I am on the job, I am complimented for all I do and how I do it.

Although I am Customer support, I work as a separate entity from my department where I am like my own boss. I serve around 200 users over 5 locations for Indiana Army National Guard Aviation. Because of this, I dabble in many areas beyond customer support. The guy who recommended me and I replaced, left this position to go as a consultant.

Reading your article helps put me at ease in not knowing specific details about a particular subject, but knowing general details about many. It kind of gives me a bigger picture of where I could be someday.

Thanks

***

Well, thank you, sir.

There are, of course, places in the IT organization where we need the die-hard geek. This will always be true. However, has much of the complexity of IT is stripped away and IT becomes of an appliance, or, a utility, the role of the die-hard geek is greatly diminished.

The real challenge comes, then, not in how technology is architected, built, setup, or maintained, but in how technology is used. How can we translate the needs and ideas of the business into tangible, meaningful results using a tool like technology? This changes the ball game. The more important players in this IT world of our future are people who understand how tech can be creatively applied to solve business problems, and, can communicate their ideas honestly, openly, and specifically.

We feel this today in our employment numbers. Huge drops in IT “grunt” work (programmers, engineers, systems management, operations) because a lot of this work can be either automated or outsourced; large rises in analyst and middle-management idea people who can talk geek with grunt contractors, and, communicate ideas effectively to peers and senior management. In my experience, the most prized employees I ever had weren’t superior technologists (I can buy those) but understood sustinctly how business processes could _benefit_ from technology. Idea people in IT = more importance than grunt labor.

Keep that in mind. Your buddy who left to become a private consultant saw value in sharing his ideas with others and felt he could capitalize on that. You, too, can do the same. Best wishes -

R
www.micklerandassociates.com

Why the Wii Won’t Work

The Guru Speaks….

I’m not sold on the Wii for two reasons.

One, its new interface, the Wiimote, the long rectangle works great for consumer appliances because it forces you to use an index finger to push a control. I shudder to imagine the pain of clutching your TV remote, rotating your wrist down 40 degrees, and furiously pressing on the directional control with your index finger for hours. Instead of the “swollen thumb” syndrome experienced by today’s gamers, now they’ve got the same repetitive motion problems we inflict on users of keyboards. The Wiimote seems like a carpel tunnel torture device.

Two, added to the Wii experience is the Wii Nunchuk. This is a corded attachment that inserts into the base of the Wiimote for a motion-based interface to the console. Combined with the Wii’s sensor bar, when you move your hands, the sword swings on screen. When you punch, Joe Boxer lands a right hook. When you shoot with the Nunchuk trigger, GI Joe starts cleaning up the battle field.

Now, the interface between the Wiimote and Nunchuk is about a 2’ long cord that stretches between the Nunchuk and the Wiimote. Maybe you’ve seen the TV commercials. Can you imagine a moment, in the heat of blowing up cyberzombies, you accidentally over-extend the cable, flailing your arms in two directions, yanking it right out of the Wiimote? How about when you and your sister get into a fight and tug on the wire? Or when you’re furiously intent on shooting some digital Nazi’s and you inadvertently wrap the cord around a lamp?

You know, we put handcuffs and ankle shackles on prisoners to limit mobility. The thought being that chains, ropes, or cords restricts movement. In the era of Bluetooth, Home RF, or WiFi, why the designers of the Wiimote didn’t take the opportunity to get rid of the cord – to promote endless mobility – boggles the mind.

Meanwhile, their competitor, Sony, gets it right. The SIXAXIS Playstation 3 Wireless Controller is the traditional thumb-driven interface that everybody’s used to except with six-axis motion-sensing capabilities allowing for some degree of physical movement, and, it uses Bluetooth for wireless connectivity. Instead of three separate and expensive devices, you get to spend your hard-earned game money on just one. No limitations, no new repetitive motion injury, nothing that will easily break when you play it, or allows you to garrote your sibling in a moment of blissful universal domination.

I struggle to understand just what these guys at Nintendo were thinking? Mobility = cords? Controller Innovation = a TV remote? Value = buying three separate devices? Not in my playbook. That deserves a fragging from my BFG.

R

Russell Mickler works a technology consultant in Battle Ground, WA, USA. With over thirteen years of experience, Mickler holds a CISSP, MCSE, a Masters Degree in Information Technology, and is pursuing his Doctorate at Walden University. His website can be found at www.micklerandassociates.com; he can be contacted at mickler@micklerandassociates.com.

State Data Breach Laws

Over 31 states have enacted a data breach law that obligates businesses to report theft of Personal Private Information (PPI). These laws generally define how a business is to legally notify the public when incidents involving the accidental disclosure, theft, or destruction of PPI occur. A complete listing of such states is maintained by the Consumer’s Union and can be accessed online

State laws and regulations exist because of the lack of Federal response to the problem of securing sensitive consumer data. As my practice encompasses both Oregon and Washington, it may interest my own client’s to know that Oregon has yet to pass a data breach law but Washington’s went into effect July 2005.

Generally speaking, the Washington law requires any business or person that owns or licenses PPI in the form of electronic data to disclose a breach of the system to all Washington residents. Sounds straight forward but it gets a little more nuanced. Washington’s law applies only when the PPI was unencrypted, when the loss was due to a “technical” problem, or when it is reasonably believed that the data was seized by an unauthorized party. The idea being that loss of encrypted data is acceptable, technical faux-pas conducted by a stupid administrator mistake can be ignored, and if there’s no risk of unauthorized access, who gives a rip? Bottom line: if there’s no suspicion of direct unencrypted exposure or criminal activity – it was just a technical error – then reporting is not required. Notification is in the context of a press release published to the media or posted on their website.

So you might be thinking: “Wait a minute – there’s no obligation to do _anything_ in 19 states to protect PPI?” Not so. Even without a specific data breach law, tackling the confidentiality, integrity, and availability of PPI is a “Due Care” obligation under the eyes of the law which evaluates the proactive steps by a company to secure PPI in the context of “reasonable” behavior.

Example: say there’s a data breach at your company resulting in the exposure of some 50,000 customer records. Crappy day, nobody wants this memo. So, in discovery, it was determined this breach happened because a virus exposed the data. It was further determined that your company ran no anti-virus software nor did you have a policy or an official stance on anti-virus defense. It could be argued in a tort proceeding against you that damages occurred are the result of your negligence – management did not take “Due Care” in installing an anti-virus package, therefore, you are libel for the PPI exposure. The judge would get to hear hours of expert testimony to decide whether or not negligence was a compelling factor in the case. Ho-hum, they’ll end up settling anyway.

However, demonstrating “due care” violation and negligence is a case-by-case distinction. Here, failure to report is breaking a state statute which has broader compliance ramifications. More complex still are the federal regulatory laws that try to identify categorical PPI (HIPAA, FERPA, GLB, COPPA, etc.) that would also be subject in a compliance review.

Due to the extensive liability and potential havok on one’s brand, today, more than ever, businesses should do a couple of things to contain liability in this area and review their “Due Care” practices.

1. Review and document their practices for data collection, storage, retrieval, and destruction. These procedures should be reviewed by the organization’s board of directors, recorded in meeting minutes, and executed by a responsible officer of the company.

2. Businesses should completely understand the federal and state data breach notification procedures for which they’re subject to; timing of the notification is often critical.

3. Businesses should understand when to contact law enforcement and have a procedure for involving local cybercrime units and/or the FBI. This kind of document is referred to Cyber Incident Response Plan (CIRP) within the NIST Business Continuity protocol (SP800-34).

4. Review the existing privacy policy and privacy statements for state and federal compliance. Update such policies as necessary.

The US Congress has yet to pass a federal data breach act but federal legislation is expected before 2010. Really there’s a bigger issue here than just legislation and liability that should motivate us and that is simply doing the right thing: accepting the risks posed by handling PPI and developing a framework of responsible management. Being aware of the legal expectation in your state may be a good place to begin.

R

Russell Mickler works a technology consultant in Battle Ground, WA, USA. With over thirteen years of experience, Mickler holds a CISSP, MCSE, a Masters Degree in Information Technology, and is pursuing his Doctorate at Walden University. His website can be found at www.micklerandassociates.com; he can be contacted at mickler@micklerandassociates.com.

NIST 800-100: Information Security Handbook

The National Institute of Standards and Technology (NIST) published an Information Security Handbook for Managers this week – special publication NIST 800-100:

http://csrc.nist.gov/publications/nistpubs/#sp800-100

There are numerous publications from the NIST and they’re useful from two fronts. One, they provide a framework response used by the federal government which can be adopted and modified to fit a business need. And two, they’re a great academic source – I use these publications for curriculum design and course delivery.

Frankly, the 800-100 is a dry read; the student may find this publication interesting or an IT professional looking to implement a set of security policies and administrative controls within their company. However, it is a recent addition to an arsenal of very useful information from the NIST.

R
www.micklerandassociates.com

What’s a Robot.txt File?

I was researching SEO (Search Engine Optimization) and encountered some information on a robots.txt file. This file is placed in the root directory of the website and can include or exclude certain webpages in your site from a spider’s crawl. A spider is a bot – a program – written to evaluate webpages and capture relevant text for inclusion in a search engine database. There are many variants on spiders – ants, worms, crawlers – but there are also general categories of robots that review webpages for other routine purposes on the net.

The textfile need only contain two lines:

user-agent:*
disallow:

The absence of a robots.txt file, I understand, generates a error in the search engine capture. To avoid the error, the robots.txt file can be used. More complex robots.txt files can be used to pass instructions to robots as they encounter a website. In my research, I found this is nothing new – there’s even a Wikipedia article – and was developed in June 1994. A more thorough FAQ was also found.

Including a robots.txt may have good results, may not; I just added one today so I’ll follow up with what happened once I analyze my relevance statistics in a few days.

R
www.micklerandassociates.com