Recently in Technology Category
Technorati Tags: browsers, javascript, performance
Trying to get back to work after a great week of vacation in Bend, Oregon, and then surviving the first week of school for my son - now it's time to get back to work! UW Technology Services, the unit I'm now part of, is in the midst of moving calendaring (and email) systems to a Microsoft Exchange environment. That's a huge change, and one that has both positive and negative aspects. This will be the first of at least two and probably more posts on the topic - in this one I'll talk about the background of moving to Exchange, and later I'll talk about strategies for living with Exchange as a (mostly) Macintosh user.
Here in UW Technology we've used Oracle Calendar for our calendaring needs for a bunch of years, starting when it was known as Corporate Time, before Oracle acquired it. While it's served our needs fairly well, there's a growing feeling that the product family isn't fitting into the technology environments we're moving into - we're not a big Oracle shop here, and the Collaboration Suite, as it's currently known, is being tied to other pieces of the Oracle technology architecture. And it doesn't help matters that Oracle Calendar's client software, both in the desktop and web versions, is, well, clumsy at best.
We've also reached a point where we're running a fairly sizable Exchange service for departments at the UW that live in a mostly Microsoft environment. That service is working well, and the units that use it seem very satisfied with it. For the large numbers of people who work with mostly Microsoft Office tools on their desktops (Word, Excel, Access), Outlook and Exchange fit right into their work habits. As units have moved to Exchange (or run other calendar systems) it's become even more difficult to coordinate scheduling at the UW. To paraphrase the old saying, "A person with one calendar knows what meeting to go to, a person with two is never sure."
We here in UW Technology have long been proponents of ongoing efforts to foster standards for allowing different online calendar products to interoperate for scheduling (we were the first charter member of the CalConnect consortium). It's encouraging to see the progressive adoption of the CalDAV standards, which have now been implemented by Apple, Google, Mozilla, Zimbra (now owned by Yahoo!), and will be supported in the eternally forthcoming next version of Oracle Calendar, called Beehive. At a base level the CalDAV access protocol allows different calendar clients to interoperate with a given calendar server. The CalDAV Scheduling protocol allows clients to interact with each other independent of what server their calendars are stored in. Sounds promising, right? But you'll notice one very large player missing from that list. Need a hint? Located in Redmond, initials MS. So despite all the forward progress, and Microsoft's membership and participation in CalConnect, there still isn't widespread calendar interoperability. Despite the lack of interoperability (or maybe partially because of it), Exchange now has by far the biggest market share among integrated groupware systems.
Exchange was designed in the early '90s as Microsoft's standalone groupware server, and they chose to implement the calendaring features by storing calendar data as specially formatted email messages that their Outlook client knows how to interpret. That means that in order to use Exchange for calendaring you also have to use it for email. I've been fairly vocal over the years in my opinion that this is a fundamentally flawed architecture - email and calendaring are different functions, and you ought to be able to separate them in the way they're implemented and administered. I haven't changed that opinion. But, for better or worse, architecture doesn't always carry the day, and there are lots of features that are being added to Exchange (like unified messaging) that are things we know our institution will want to take advantage of. And it's certainly not difficult to make decisions to implement Microsoft technology (though some of our peer institutions, like Indiana, report that running Exchange is considerably more expensive than running open source messaging systems).
So we've decided to bite the bullet and move to Exchange.
In some ways it's ironic that we're implementing Exchange at just the time when Macintoshes are becoming far more prevalent, iPhones are proliferating, and cloud-based email solutions are poised to be the next big thing. If I had to make a prediction, I'd guess that this current move to Exchange will last a few years after which we, along with most other institutions and businesses, will use email and calendar hosted by large vendors such as Google or Microsoft. But in the meantime, we're off into a brave new world. In my next post on the topic, I'll talk about the various current options (none of the really great) for Macintosh users in an Exchange environment, and some better options coming in the future.
Technorati Tags: calendaring, email, exchange, Microsoft
I think the Dell Inspiron Mini 9 looks pretty cool. A 9-inch screen, 2.28 lbs, built-in WiFi, and (unlike the MacBook Air), built-in ethernet and two USB ports. $349 gets you a version with Mini OS (Dell's version of Ubuntu Linux), 512 MB memory, and a 4 GB solid-state drive. Upgrade to 1 GB of memory, a 16 GB SSD and add a webcam and Bluetooth and you're still under $500. Sweet!
Of course I use the iLife apps that come with the Mac - iTunes, iChat, iPhoto, iMovie, et al. They're not professional tools, but they're really good for us commoners.
Adium - my multiprotocol instant messaging client of choice.
Ecto - my blog posting editor of choice. While each successive release seems to get more feature-full and less easy to use, I haven't found anything I like better.
Firefox - I mostly use Safari these days, but there are lots of things Firefox does better (like have cool add-ons that can be very useful - but that's a separate list). Good to have choice!
iWork - I like Keynote better than Powerpoint for presentations (and it allows easy save as PDF). I don't often need a dedicated word processor other than to read other people's attachments (and Quick Look usually lets me do that, but it sometimes gets confused by fancy formatting), but Pages seems to work fine. Numbers doesn't begin to have the power of Excel, though. But it's rare that I need that, and usually Google Spreadsheets work fine for my purposes.
Logic Express - Everything I need in a digital audio workstation. Really deep. When I start working with it I usually end up staying up wayyyy too late and wishing I didn't have to work for a living. If you constantly find yourself wishing for features GarageBand doesn't have, Logic probably has 'em.
NovaMind - Last year I was heavily into mind mapping for trying to organize my thoughts, and NovaMind was my app of choice for that. This year I haven't been working that way - I'm not quite sure why.
OmniGraffle - I loved Visio when it was first released - it was a great lightweight graphics tool for those of us who are graphically challenged. Then Microsoft bought it and it became progressively more loaded down with baggage that made it slow and cumbersome. OmniGraffle reminds me of what I loved about the original Visio and it's even better - a great drawing and graphics tool. I use the Pro version - I know there was a reason for that, but I can't remember what it was. Oh - and the latest versions can read Visio files too.
OmniOutliner - another great tool from our local software development house (on *this* side of the lake :). A really good outliner, and everyone's got times when they need that.
PodWorks - For some inexplicable reason, Apple doesn't provide a way to transfer songs off an iPod (or iPhone) to a computer. Probably a sop to the content industry. There are lots of tools that make up for that absence. I ended up with PodWorks after a recommendation from Ted Leung, and it's worked great for me ever since. I wrote once to the developer and got back a very quick response (though he hasn't implemented the feature I want, which is a true Finder-like file system interface to the iPhone).
Skype - You know about Skype, right? I don't use it a lot, but it's good for when you want to have a phone call or video chat with folks that don't have a Mac and can't do iChat.
Snap'n'Drag - While there are easy built-in keys for taking PDF screenshots in OS X, I use this handy little program a lot because I can save screenshots to r formats like PNG that I can insert into web pages.
TextMate - If you just want to do some plain-text editing, TextEdit, which comes with the Mac, is ok (and it will also do RTF). But if you need to do any code editing, whether it's HTML, JavaScript, Python, Ruby, what-have-you, TextMate is what you want.
Transmit - While it's easy enough to fire up the terminal and use command line sftp, I find myself usually wanting to do secure file transfers in a more Mac-like graphical way, and Transmit is my client of choice for that.
Twitterific - For those of us
What am I missing here that you would champion for a new Mac user?
Our panel on email went very well. I didn't take complete notes, as I was on the panel, but here's what I got:
The panel started with John Calkins, Assistant General Counsel from Northwestern, where they've implemented Google for students. A good quote: "Free is just one point on a spectrum between they pay us to we pay them."
For FERPA they're thinking that student email residing in a student account is not a record maintained by the University, and therefore would not be covered by FERPA. They also got Google to agree that any record that would be subject to FERPA at the university would be treated as such by Google. They hear that Google is not necessarily willing to agree to that now.
By and large their view is that the arrangement is between Google and the individual student (or alum), not between the university and the student.
90% of their recent graduating class elected to keep their google account with advertising as alumni.
Asbed Bedrossian from USC, which has also implemented Google for students, talked next. Another good quote: "We in the IT department are the transmission fluid in making things run smoothly."
They use Shibboleth for allowing people to sign in to Google applications on the web with their USC NetID and password. They give people a different password for use if they want to use a non-web IMAP client to access email. (I need to ask Asbed about what they use for Google Talk access with non-web clients).
66% of people who create accounts forward their USC email address to Google. His theory on the rest is that they just want to use the other collaboration apps.
They haven't had a lot of support issues, but people did start calling their help desk during the recent Google outage.
They use ga.usc.edu for their third level domain name.
They're not migrating mail from existing USC accounts to Google - that turned out to not be a big deal to students at all and they've only had a couple of requests for it.
Another good quote: "Doing things is easy - thinking is hard."
My slides from my part of the panel are here.
Gigi Sohn from Public Knowledge was our after-dinner speaker. Gigi talked about the file-sharing provisions in the recently passed Higher Education Reauthorization Act and how the work that the higher-ed community did last year to get those provisions struck from the original bill language didn't hold up when the language reappeared in a subsequent version. She contrasted that with the success of the copyright-reform community in getting the FCC to censure Comcast for interfering with the use of BitTorrent by their customers.
Gigi noted several differences in the two efforts and came up with some recommendations for future efforts in organizing activity around legislative policy efforts, including keeping constant pressure on telling the story to mainstream media, mobilizing the grass roots, enlisting allies from the commercial sector, and more (wish I had had a note pad with me at dinner).
Gigi also proposed forming a task force of university presidents to work on national IT policy issues for higher education. Sounds like a very timely idea to me. It was a great talk that left me energized about poliy issues for the first time in a long while.
H. Morrow Long is an Info security guy from Yale.
Have decided not to scan for sensitive data on the network, but do scan for computers looking for sensitive info.
Had two major data incidents.
Had a large federal contracts investigation, and one large data breach.
Now scan administrative desktops, and require all faculty and staff to scan data on their machines, including laptops. Using IdentityFinder on WIndows, and some open source stuff on MacOS and Linux. Have evaluated several enterprise products: Tablus, Vontu.
Spent first half of 2006 doing data breach planning, which led them to realize that they had to have a data classification program. They have an agreement with the Yale Police to report to them every stolen laptop - started to see more stolen laptops. In beginning of 2007 began a program to do PGP whole disk encryption. In July of 2007 two laptops stolen from Dean's Office - they had backups, which they scanned for sensitive data (Cornell Spider, Texas SENF program, Va Tech's
python program). They found 5,000 SSNs on each PC's backup.
"The plan is fine until the shooting starts" - Patton.
Once you know what's been lost, then you have to act on it. Criteria for scanning compromised computers - reasonable belief that data may have been exposed - evidence that somebody was on the computer for a length of time, or there's evidence of data transfer, or if there's belief that there may have been confidential data on the machine - don't do scans for every time there's a virus.
Yale complted an SSN elimination project in 2005 - so why were SSN's on those stolen machines? Course and student lists in email and spreadsheets which were old and not needed. Discovered that almost everybody had at least one SSN on their machine - their own.
Thief stayed behind in office - stole two laptops. Police caught him the next night, but didn't recover the laptops. Computers were likely stolen for quick sale, not data. Laptops had BIOS and OS passwords, and 1 had disk interlock password. But Connecticut law requires notification. Learned later that notification is really only required if there's a name associated with the SSN.
Set up a call center for help, staffed by people in the Dean's office. Crafted a communications plan, with several letters targeted at different people. Immediately encrypted all the laptops in the Dean's Office iwth PGP Whole Disk Encryption.
One alum claimed ID theft and contacted the AG and the media. THe AG wanted to know why Yale did not offer credit protection plan. Hired ID Analytics to check the SSN #s for probability of compromise.
They created tools for scanning (Windows only at first), and got the General Counsel to send out letters to specified staff lettint them know that their machines were going to be scanned. Getting users to remediate data is the hard part - confusion, false positives, etc.
Policy for files with SSNs: 1. Remove 2. Move 3. De-identify 4. Encrypt
They use their training management system to record whether people have completed and remediated from their scans.
David Escalanted - Director of Security, Boston College
March 2005 - major data breach that required 100k + letters to alumni.
Realized that users don't seem to mind people looking at their email for viruses and spam, so should be able to scan for PII. They also started collecting netflow data and Snort IDS. PII finder (Fidelis) "catches stupid people", not hackers. They didn't notify the community that they're running these tools - if it's legit to look for bad stuff coming in, they figure it's legit to look for it going out. What happens to offenders? For PII, a VP or Dean is frequently involved.
When the White House invited the hockey team to visit, they wanted a list of all the visitors with their SSN #s. Emailed. They caught that going over the wire.
Encryption kills scanning on the wire.
Shirley Payne is the Directory of IT Security and Policy at the University of Virginia
Considerations for general policy decisions: Consistency with existing policies and norms (especially the physical world ones); compliance with or in consideration of laws.
UVa is sort of the opposite of BU: Not generally monitoring content, blocking websites, or scanning devices without permission. There are, of course some exceptions, like traffic monitoring for virus/worms signatures, etc.
I'm here in beautiful Ithaca (not kidding) for the Institute for Computer Policy and Law, where I'm speaking later today. Steve Worona is introducing the Institute. There's going to be a role play tomorrow where participants are asked to play either an entertainment industry exec, a campus CIO, or a student.
The attendees are mostly either campus attorneys or IT policy people. During introductions people are being aked to name the biggest IT policy issue at their institution - many are talking about having consistently enforced policies and many are mentioning data management policies.
I'm off today for the Institute for Computer Policy and Law at Cornell University, where I'll be on a panel tomorrow that's addressing policy issues for externally hosted email at universities. I'll try and blog as I go.
Shawn Blanc points out this nifty new feature in the iPhone 2.0 software, which we asked Apple for last year:
The .com button, when held, now offers three other TLDs: .net, .org and .edu.He also points out this handy new feature:
iPhone can now take a screenshot by pressing (not holding) the home and lock buttons simultaneously. The screen fades to white, fades back in, and the screenshot is now in your camera roll.
