Monday, August 12, 2013

IT Meandering

Aside from pizza slinging, post-teen line cookery, and video production forays; I have worked in information technology most of my career.

I bought my first computer in 1983. I saved up money that I made delivering the morning and evening paper in my home town of International Falls, Minnesota.

I've seen the evolution of personal computing from no relevance outside specific industries (very few early on) to foundational for most businesses.

I'm not old enough to have used punch cards and just missed hobbyist kit computers.

I started on an Atari 800 XL, purchased from the Sears catalog.  Actually, I first had a Timex Sinclair.  Too small and weird.  I sent it back.  Then came the Coleco Adam.  Also too weird.  I sent it back.  By the time I bought the Atari, I had saved up about $1500.  I got the floppy drive, which was the Indus brand since it was faster than the Atari one (apparently I needed the speed).

In the early nineties, I first experienced the internet on a first generation Mac a friend brought to his dorm from home. He had a 2400 baud modem and dialed into the University of Minnesota's network. From there, he used the shell to get to IRC, news, and email applications. I was interested, but not enough to pull me away from the obsessions of a 17 year old set loose in a city. I recall what a big deal he thought it was, but I knew him enough already to know he was prone to exaggeration.

I also saw him interacting on a list of Bulletin Board Systems (BBS). This idea wasn't new to me. International Falls, for those who are unfamiliar, is quite remote. It's something more than a small town, but not by much. It's a working class, one industry mill town. To this day, it lags in technology.  I wanted to get on to a BBS, but it was impractical. I wanted to do more with my computing hobby. I had a 1200 baud modem but not much I could do with it.

A few years after I left in 1988, the owner of the local Radio Shack started a local ISP. This was not available to me while I lived there. ISPs were available but I could not afford them since they weren't local.

Kids who could afford it would dial BBS sites in larger locales, such as Duluth or Minneapolis. Some had accounts with Prodigy, an early ISP, however the long-distance charges on top of the service fees kept most away. I knew two people who could connect their modems to anything remotely interesting. Everyone else would connect to each other, more or less creating ad-hoc, terminal-based, one-on-one chat sessions.

Some time after my early exposures to the internet, I finally bought a used computer and began to be pulled back into my old obsessions. At this point, I had spent a number of years giving myself what I still consider a proper University experience. I focused on literature, philosophy, art, history, and film. No course I ever took had anything to do with computer "science" (to paraphrase @nntaleb, if a discipline has the word science in it, as in social science, it usually means it's not a science). I had set my obsession with computers down so that I could live the life of a young man venturing far from the familiar.

Then computers came back into my life at a time when the internet was just taking off.

The computer was a Mac SE/30. I bought it off the same friend who introduced me earlier. I also bought a modem and was frequently connecting to the University's network and getting familiar with Unix shells and tools. Frequently meant every couple of weeks... if that. (I'm certainly at the other end of spectrum today, as are so many people who don't go a waking hour without being online.)

I started work in an office at the University called the American Indian Learning Resource Center (AILRC). The program's mission was to help reduce the Native American student drop-out rate, which was very bad at the time and still is. (No doubt owing to the culture shock of coming out of a reservation and into a city while surrounded by an alien middle-class culture.) I was quickly recognized for my technical aptitudes and set about solving problems from banal printer and network problems to program logistics, like contact databases and general communications.

Dabbling in Appletalk networks and then Apple's Hypercard brought me into an emerging technology called Gopher. How exciting that it was so revolutionary, but also a local phenomenon! I even beta tested the GopherVR browser, which collected online resources into 3D scenes. Boy was this going to be big!

This dabbling led me to the world wide web that was finally gaining traction. The NCSA Mosaic browser was installed and frequently run at a time when a good site meant a well organized outline with tasteful use of formatting to match what was already familiar in word processors. They really did feel like inferior word processing documents. They couldn't include pictures and the formatting was very primitive and grating to me as a liberal arts student, familiar with proper style and the power of good aesthetics. However, like Hypercards and Gopher, you could link to other documents!

The habit of browsing had a new experience, but it was mostly a yawner for me. Then came Netscape Navigator with its integrated and optimized graphics. Now I got it. I talked my manager into creating a site for the AILRC. I created custom graphics and scanned program photographs on informational pages. I had each staff person, myself included, do a bio page with photos.

I had joined the WWW and brought the program with it. I mostly failed to realize how early my dabbling was. As I said, I had friends who were into technology much more deeply than I was. They seemed ahead, and they were. However, to the general public, I was riding the bleeding edge.

To create and manage these pages, I began teaching myself HTML and other languages. Of course, the fact that you could peek at HTML source was very helpful in getting me jump started. (I recall pondering the ethics. Was I stealing?) I learned editing in Unix shells, used Usenet News to connect with people with similar interests and similar skill levels. Eventually, I was a pro helping others and getting occasional jobs to kick-start web site initiatives both inside the University and in the private sector. Looking back, this has all of the elements and even habits of what I do to this day.

In 1995 I was finished with college and drifting from job to job, interest to interest. I stumbled on a 1968 Volvo 142 in Dinkytown (R.I.P.). I bought it for $300. It was literally in tatters internally. It had served as a way for an artist to haul paintings and a big dog. The exterior, however, was perfect in my eyes. I quickly decided that it needed a new engine, so I found a second 140 with a B20 engine and swapped engines over the summer. I documented every last detail of this job and found myself online every night, interacting with folks on an email listserv who also loved old Volvos and working on them.

By the time I was finished with the job, I had become fed up with the listserv owner. I had started documenting my Volvo obsession on my personal website (hosted at a local ISP called Visi). I decided that I wanted to create my own group for Volvo enthusiasts. I was familiar with news groups. There was one or two for Volvo, but I found that news group culture wasn't for me.

News groups had become a mix of noobs, warez fiends, perverts, and grouchy old veterans longing for a day that would never return where news groups were always filled with intelligent people and content rather than the unwashed masses. In short, it felt exclusive and fragmented.

I didn't share the dream to restore newsgroups to their former glory and perhaps knew, from my obsession with HTML and what had become of the WWW, that it would forever be left in the state it was in. I needed to be in the same place where all of this new stuff was happening.

I was starting to hear people chattering about it in the general public more than ever before. About 1997, I recall being in a restaurant with my girlfriend (and future wife) and hearing older people talking about sites that they found that were useful. Up to this time, I think people were aware, but it still seemed remote and geeky to most. Now ordinary people appeared to be finding it useful and even habit forming.

Within a couple of years, my mother and future in-laws would ask me to connect their modems to an ISP. Old people were connecting! By this time, I was an early DSL adopter and tossing wires to neighbors in my apartment building. I had a home office and my interests were attached to something that was about to explode on the scene.

I decided to build a Volvo enthusiast's forum using the format of news groups but hosted as a CGI that generated HTML. I named the site,, because fans of the 140 and 240 Volvos referred to their cars as bricks due to their blocky physique and because I was geeky enough to know about bulletin boards (mostly of the past by then). I had finally achieved my dream of having a BBS... sorta.

The site grew fairly popular. I was online before Volvo Cars was. There was an audience for sure. To keep it going, I had to learn different skills, including troubleshooting and even customer support. Once the site got too busy and burdened, I would optimize as best I could, but eventually decided that I needed a dedicated server. Up until this time, I had used shared servers (like Rackspace built their company on). I built servers to host it and colocated them in the Visi Minneapolis datacenter. I was a full on geek now! I terminaled into servers, in a rack, at a datacenter.  Oh boy. Later, I hosted them out of my basement (with the advancement of DSL).

When it came time to consider another server, I decided to try Amazon EC2 in 2010 and never looked back. Essentially, this was similar to the shared server experience earlier, however I had more control and would not have to be at the mercy of the bad code from my neighbors. I actually left the shared services because of a spate of compromises and the recognition of the limits of my ability to defend my site from them. The model was clearly broken. Amazon added up nicely for me since I could get back to a model of hosting remotely while keeping a similar level of control that physical servers gave me.

What has become a career for me started out with obsessions and hobbies. I stumbled into something that was in its infancy, namely personal computing.  The wider availability of computing was available to those who would tinker and eventually to those who would benefit from utility never before imagined. I recall subscribing to Compute! magazine and other home computer rags and reading about the emerging companies, like Apple and then Microsoft.

I saw that what I was doing was considered low-brow to a whole different level of technologists. I saw the uncertainty of the market and how business adoption was virtually zero. What these kids were into was irrelevant to most.

I had an aunt who would tease me about it and rib me about using my time as a youngster better, like chasing girls. I didn't care. It was exciting and I had a sense that it was going to be a big deal. (Of course, this was preteen where everything that matters to you is a big deal.)

As I started working in offices, I found endless interest in using technology to solve problems, thankfully, from my management (I have had the good fortune to have many great bosses). I was still tinkering with technology, but I was, in hindsight, solving business problem after business problem.

I've found that my meandering path has served me well. Getting a University experience, rather than a Votec-like experience, has helped foster my inquisitive nature and built soft skills that are immeasurably valuable.

The accessibility of technology today has opened up so much more potential than has been realized and I hope that bored preteens know this. I can only imagine what I would have done had I been able to connect to the wider world the way I can now.

Monday, August 5, 2013

Big Egg in the Sky

The perimeter and, with it, boundaries and domains are coming under a lot of scrutiny because of cloud initiatives in the enterprise.  "The perimeter is dead," cry the loudmouthed analyst/guru types.  "The perimeter is changed," cry more reasonable and informed people.  Chris Hoff was the first I heard say that it's now many perimeters on many objects rather than one big one, which is the POV I most agree with.  Whatever the case, we need to think about what the perimeter is, what is has meant, and what it has implied about how we build processes and services before we can understand how it will change and how we can permit it to evolve safely.

Since the nineties, the perimeter, and the DMZ, have been the first line of defense and continue to play an enormous role in the defense of enterprise assets. I recall the days when, after installing your ethernet cards, throwing cables, locating the specialized software, and plugging in; your machine would be directly on the internet. In short, the attack surface that grew from this might be seen as the incubator for the industry of hacking that we now are aware of even in the popular (and worthless) press, like Newsweek and Time.

This informal perimeter was also a problem from the inside, as people stood up ftp, irc, and nntp (news) servers for warez trading and worse. The insider threat was born, although it wasn't clear to the intrepid warez trader that he was doing anything wrong.

Then came the hardened perimeter and an internal world, as defined by NAT, that was increasingly walled off from the external world. An elite, credentialed group of network geeks were on the defense. Some of us worried about how much they knew about internal activities, and so mostly through FUD the accidental or naive internal threat withered. However, most of us rejoiced that we could now worry less about what could be done internally.

We were and still are in the egg era of business computing. It has a hard exterior and a soft, vulnerable middle (core). We trust the core and imagine that it is most trusted even though it's increasingly clear that it's dangerous.

Inside the egg creativity and productivity flourished. Distributed computing was the revolution that would tear down the constraints of big iron. We wouldn't wait for some centralized, soviet style committee to solve problems. We'd solve them ourselves. Some official business case problem solving group didn't lease space on the big computer, we'd do it on our own. Heck, we'd even build a server out of hopped up gaming boards and do it on the cheap. FreeBSD and Linux made this viable. X86 Solaris made it enterprisey, if you had to. It was going to be a great world.

Then came the wet blankets: IT security. Is it patched? Are you using access controls? Are you using encryption between nodes? Are employing encryption at-rest? Are you rotating your passwords? Are you considering the life-cycle of your service credentials? Are you considering the life-cycle of data? And on and on. But, but, but it's behind the firewall... it's internal! Are you admitting that your network guys can't do their jobs? Can't you just buy some tool to solve the problem? Short-cuts that we didn't even know that we were taking are now coming back and are seen as part of a death by a thousand cuts story.

So why isn't distributed computing seen as a failure even though it largely seems to have been one? You could certainly argue that it wasn't a failure in that it led to innovations that we can't imagine not having today. There was certainly an upside and the distributed computing revolutionary took as much of it as he could. He also had a long runway to get away from the downside. Let operations create a super-fund to clean up those messes.

The VP of the next revolution has moved on to cloud computing. The same revolutionary spirit that fueled distributed computing is now driving this. We want to do it ourselves and we don't want to wait. We'll go to the best provider of a service, build some ourselves, and integrate what couldn't be integrated before.

But can we take the same short-cuts we took with distributed computing? Can we get away with any of these short-cuts? Cutting to the chase, can the revolutionary wipe his hands clean, claiming success fast enough before his errors come beating down his door? I doubt it.

What I find most dubious is that the perimeter mentality is infecting the designs of cloud initiatives. This is obvious in how people seem to imagine identity will be handled in this space. If the data is to be set free to integrate with cloud services, can you really leverage even cloud-friendly solutions like SAML the very same way we have done thus far? Does this mean that every service provider will eventually know everything about every constituent or even any potential constituent in order to line them up with their data and in order to have their data ready... just in case? Will formal partnerships and legal agreements (and legal threats) force us to act any more responsibly toward data stewardship than we are with distributed systems? Will every player have to be large enough to take this responsibility in order to defend themselves when asked to be accountable for mistakes? Will we push data to every corner of the cloud, eventually creating an amorphous cloud data store which could never be governed? Will we simply resign ourselves to the Newsweek moronism that people don't care about privacy, so they'll accept (because they have to) that their data cannot possibly be governed?

This is the back-drop to just about everything on my mind today. How can I get the right principles in the heads of these revolutionaries so that they can do what they want to do without wreaking havoc? Are there tools that can help? Maybe. Are there standards we should adopt or extend? Yes. Do the right people know what these are? Not really. Might we need to create new ones? Yes. Should we do it alone? Certainly not. Can we make it so that the downside is known and felt by those who take the upside? I hope so.