A View from the Crease

Over the weekend, ITS Emerging Technologies upgraded our version of the Confluence wiki, known as wikispaces.psu.edu.  In addition to the new version of Confluence, we made two significant changes, one which we have been planning for a long time and the second which is a relatively new development.

First the site has been "Shibbolized." What this means is that we have replaced the local logins with a gateway to Internet2's Shibboleth system.  Those of you who use ANGEL or some of our other "Shibbolized" sites will be familiar with this.  For those who are not, simply put, Shibboleth allows one to authenticate (Who am I?) with an institutional identification (e.g., your Penn State Access Account) and be authorized (What can I do? or What do I have access to?) on Web resources that may or may not be run/owned by their institution.  Since wikispaces is run by Penn State, local users will not see changes, except as I have indicated with the login screen.  For those of you who are or who have wanted to work with non-Penn State colleagues, the service has changed dramatically.  If your colleague's institution is part of the InCommon Federation, then he can log in (authenticate) with his institutional identifier (e.g., CoachTom@msu.edu), but will only be authorized to use your space if you allow him to.  Another consequence of this change is that you will NOT be redirected to the authentication page until you need to prove who you are (e.g. for an authorized space), which means that space administrators can create spaces which may be READ anonymously.  Note: We do not allow anonymous writes or comments.

The second change is that if your colleague is not an affiliate of an InCommon school, he can authenticate using an OpenID (e.g., a Yahoo! or Google) account.  This change is the result of some of the work we've been doing with Internet2 and in particular code developed by our own Chris Hubing.

Our colleague, Al Williams developed some documentation including screen shots for this new process which can be found in the wiki.  Note to "chicken or egg" fans: You do not have to login to see this documentation.

We believe that these two changes are significant and will lower the barriers to inter-institutional collaboration.  Please let me know what you think.

I recently returned from a stay in a hotel room.  The room was a physical analogy of something that I've cautioned against for a long time, but let's start at the beginning...

We got to the room after midnight and my "assistant" helped me bring in as much as we needed for that night.  The first time we went in the door, it slammed rather loudly and I cautioned him that it was after midnight and quite possibly our neighbors might not appreciate that noise punctuating their sleep.  On the way out for another load, I eased the door closed and pulled it hard so it would latch.  When we returned, I just pushed the door open because it hadn't latched completely.  What was going on is that the door had an additional "security latch" which rooms often have in a hotel.  The "security latch" was slightly misaligned and as a result, if it wasn't slammed closed, the lock wouldn't properly latch (or even dead bolt as I found out later).  It occurred to me that the key card lock was probably sufficient security to prevent someone from getting in, and the "security latch" while it might have provided additional security, in this case made things worse.  In fact, if you think about it, you really have to destroy the door and the door frame to open the regular key card lock without a key, but you really only have to ply the "security latch" away from the door or frame to accomplish the same.

So with the "security latch" in mind I thought about IT security.  I have this theory that a well chosen password which meets strong "entropy" requirements is generally pretty good.  While I know, in theory, public key encryption, X.509 certificates, and challenge/response systems are better, the truth is that they're only better if people properly use them.  If, for instance, a person leaves his secure ID on top of his computer, the security of that system is no stronger than the password alone, but there is that veneer of additional security.  Similarly with X.509 certificates, if someone has a script to automatically renew the session certificate, again access to that script (via userid/password) is really the only security.

This doesn't really describe the situation of the hotel "security latch."  The previous scenarios were where a system which appeared more secure, were really only as secure as the ID/password system which they were supposedly augmenting.  The misaligned "security latch" situation reminded me of many very restrictive password change policies.  There are many system experts who believe a policy which requires someone to change his password every 30 days (and often remembering the last 12 passwords to prevent reuse) provides much more security than a policy which requires someone to change his password every 6 months to one year.  What often happens here is the person has to change his password so often, he just gives up and writes it down.  Often "down" is on the last page or inside cover of a research notebook, or sometimes on a "sticky" right on the monitor.  I can't tell you how often I've seen this in practice.  Most of the time, I would argue, a password which passes some simple "dictionary" checks, has sufficient entropy, and needs to be changed every 6 months to 1 year,  is much more secure than requiring a user to change his every 30 or even every 90 days.

From now on when I try to reconcile my theory with the real world password change policies, I'll think of that misaligned hotel "security latch" and run that past the systems manager.  Who knows, it just might work.

On the advice of some of my tweeps colleagues, I took the "How Millennial Are You?" Survey from the Pew Research Center.  Now perhaps this whole post will reflect my bitterness that my answers to survey questions about my on-line behavior, consumption of media, and political views is truly indicative of my actual age.  Despite the fact that I read actual daily newspapers or perhaps because of it, I took issue with some of the questions in the survey.

The survey consisted of 14 questions, the last of which was your actual age.  Here are a few of the questions which struck me as strange:

• In the past 24 hours, did you watch more than an hour of television programming, or not?
• In the past 24 hours, did you read a daily newspaper, or not?
• In the past 24 hours, did you play video games, or not?
• In the past 12 months, have you contacted a government official, or not?
• Were your parents married during most of the time you were growing up, or not?
• Do you have a tattoo, or not?
• Do you have a piercing in a place other than your earlobe, or not?
  
  

Now that I've pulled those seven questions out, you may notice a trend. I'm no "Conan the Grammarian," but how can anyone answer anything but "yes" to these questions?  There are only two possible states (i.e., one either has a tattoo or does not have a tattoo) in each question and each question ends in "or not?"  "Yes" I either have a tattoo or not.  "Yes," I've either read a daily newspaper or I haven't.

My main point is that we often hear surveys cited in the press, or by policy makers to support or rebut a theory.  I, myself, often hold up the results of Pew studies to prove a point. 

I think I'll be much more cautious about doing so from now on, or not...

Earlier this morning it was announced that a non-profit corporation known as KINBER: the Keystone Initiative for Network-Based Education and Research, has received $99 million in federal funds along with $29 million in additional private investment to create a Pennsylvania-wide optical data network.  The network is tentatively called PennREN: The Pennsylvania Research and Education Network.  This has the possibility of changing everything.

Let me back up a few months to early summer.  At that time, Penn State people along with others from the University of Pennsylvania/MAGPI, and Carnegie Mellon/3ROX conceived of a high-speed optical data network which would span the Commonwealth.  This is not a unique idea; more than 30 states already have statewide optical networks (e.g. NYSERnet, LONI, MREN), but it speaks to a high level of cooperation and planning that some of my colleagues in Information Technology Services and Penn State Outreach were able to achieve.  To give you some idea of the scope of this, KINBER partners include many of the large private colleges in Pennsylvania (like Bucknell and Lehigh), the Pennsylvania Commission for Community Colleges, and the Pennsylvania State System of Higher Education (PASSHE).  It includes not just higher education, but regional library systems, hospital and health systems, commercial partners, and K12 education.

PennREN will look like a bow-tie with University Park in the middle, and Pittsburgh, Philadelphia, and Erie on the edges.  It connects almost all of the Penn State campuses, including the Hershey Medical School/Medical Center, along with all of the PASSHE campuses.  It took some real leadership to pull this off and I congratulate my colleagues from ITS, Jeff Kuhns and Jeff Reel, along with a team from Outreach who guided this from concept, to proposal, to award.  Now the hard work starts.

I am obliged to mention that these federal funds were granted to KINBER by the a federal agency known as NTIA as part of the American Recovery and Reinvestment Act of 2009 (the stimulus).  I would argue that this is an investment in the new economy, the knowledge economy.  Increased, almost limitless bandwidth networks, reaching around the Commonwealth will allow ideas and innovation to move faster.  This is the kind of economic stimulus we need.  I have a colleague who says that Information Technology is a multiplier.  It's now our job to demonstrate that this $99 million will reap so much more for the Commonwealth of Pennsylvania as well as our nation.  The PennREN map, as I said, has been referred to as a bow-tie. I like to think of it as an infinity symbol.  I hope I am right.

Recently I've been asked to join a team of ITS folks from Research Computing and Cyberinfrastructure (RCC) and ITS Marketing and Communication (MAC) planning a Penn State Cyberinfrastructure (CI) Day.  As part of the planning process, we have regular calls with others planning similar days at other institutions.

The original definition of CI comes from what's known as the Atkin's Report or more formally:  Revolutionizing Science and Engineering Through Cyberinfrastructure: Report of the National Science Foundation Blue Ribbon Advisory Panel on Cyberinfrastructure.  The working definition went like this:

Cyberinfrastructure integrates hardware for computing, data and networks, digitally-enabled sensors, observatories and experimental facilities, and an interoperable suite of software and middleware services and tools.

Recent iterations of this include people and "workforce training" of those people; as well as digital repositories to preserve and "curate" the resulting data and/or collections.

On our conference call today we had various CI Day coordinators talking about their definition of CI.  This was a very good discussion.  George Otto, Jeff Nucciarone, Karen Hackett and I were the Penn State representatives on the call.

I'd like to hear from those of you out there who are involved in or use CI to see what  what you think CI is.  Comment on this blog entry or make your own.  As part of our planning process, we'd like people to use the "psuci" tag or "#psuci" hash tag if you want to discuss or comment further on CI.  Our goal is to build a Penn State CI community which is every bit engaged as the TLT Symposium community.

I look forward to your thoughts.

I've referenced the American Rhetoric site before, but I'll point readers there again as we remember Dr. Martin Luther King, Jr. today.  The site includes transcripts, audio, and in many cases video of the most memorable speeches, debates, declarations, and sermons.  If you have time, check out the whole site, if not, please listen to Dr. King's I Have a Dream speech.

He knew America could be challenged to be better.  I hope we still know that.

Let's remember, listen, and hear that dream again.

Last week I gave a talk for the Penn State User Services Conference.  The talk was part of a larger "ITS Road Map" presentation.  Since I'm in Emerging Technologies, I decided to think about "The Future of 'Help!'"  Fortunately, as I was preparing the talk, Cole Camplese blogged some preliminary results of the annual FACAC Student Survey.  It further reinforced my thesis that the "Future of 'Help!'" is being able to support commercial and community "sourced" products as well as our own.  I took a hand poll of how many folks were using various social media and collaborative software and it certainly didn't mirror what our Student Survey was telling us.

In many ways the Student Survey tells us where the students are, and more importantly where we need to be in order to better support them.  Today's undergraduates and graduate students are tomorrow's faculty members.  It will no longer be good enough to say, "We didn't write it, so we don't support it."  We have a little time to catch up; let's not squander it.  Get out there and become the future of "Help!"

I had a whirlwind trip to Michigan State University and East Lansing, Michigan for the CIC CIO TechForum (The Big 10 is the athletic arm of the CIC). Because of local commitments I had to miss the first day of the conference, but I made it in time to for the second day.  This was particularly good because I was speaking on the second day.

The morning started with a talk about Shared IT Leadership by Ann Hill Duin and Steve Cawley, the Associate CIO and  CIO, respectively, of the University of Minnesota.  It had a good deal of research and case studies.  Anyone who has done the IT Leadership Program (ITLP) will recognize some of the statements and conclusions of the report.  To summarize, our institutions are large and IT is distributed.  In order to work across IT at an individual institution or the CIC, it is necessary to develop relationships, credibility, and eventually trust between IT groups.  A shared leadership approach is necessary for this.

The report was followed by a panel of four CIOs who responded to this.  One thing which resonated with me was what UIUC CIO Sally Jackson had to say.  She is in charge of the central academic computing arm of UIUC.  She spoke about a concept she calls "IT Illinois" which is the whole of IT at University of Illinois (and not just the U-C campus).  I think "IT Penn State" is moving in this direction with groups like our College IT Directors and Campus IT Directors. Again, it will take relationships, shared experiences, and eventually trust to create this reality.  If you're in any IT job at Penn State, it's worth looking at their presentation.

I was part of a set of three presentations in the "Nuts and Bolts" track.  Jim Green presented on how MSU uses Shibboleth.  Something which struck me was how their directory gets populated by multiple sources including the Registrar's Office, which does it via XML representations of course memberships using Internet2's eduCourse specification (I did say this was "Nuts and Bolts" didn't I?). Using this method, course information is not copied from the source, but the source which is responsible for the information (and the FERPA privacy of it) directly communicates with the (LDAP) directory.

I spoke next about work that Chris Hubing, some of our Internet2 colleagues, and very minimally I have done regarding a collaboration framework known as COmanage.  One of Chris's innovations is the ability to put a COmanage instance along with some collaborative applications which use COmanage into a Amazon Web Services Image (AMI).  Using this, AWS users can locate the image, and have COmanage working in a very short amount of time.  It's sort of like "COmanage in a box" and allows one to very easily try COmanage without using any of their own hardware of software. It's really very creative.  Our presentation is on-line at the CIC TechForum site. It was very helpful that we followed Jim Green because he covered Shibboleth and federated identity so we didn't have to.

The final presentation in our group was by Nick Roy from University of Iowa on their Metabot. Nick's presentation was the most technical.  Metabot is a provisioning and updating engine which uses a Web Services model to interact with existing administrative and student systems at Iowa. While their world is mostly Microsoft based, we should be looking carefully at the model for mediating communication between disparate systems (Do we have disparate systems at Penn State?).  This was a  very nice bit of work.

The final session was by MSU Head Basketball coach, Tom Izzo.  It was very good.  He started his presentation, by telling us how much he hates IT people. He told a great story about team chemistry when he was an assistant coach for Jud Heathcote at MSU.  One of the final things he said was, "Our jobs do have one thing in common: 80% of the people who talk to me think they can do my job better than I can -- and don't hesitate to tell me."  Most people wouldn't make that connection.  The choice of Tom Izzo for a speaker at an IT meeting was truly inspired.

It's sort of become an annual ritual within the Emerging Technologies Group, but I usually send a reminder this time of year. Sometimes it gets picked up and forwarded on by others.  I call it the Annual "Be Nice!" Message.  It goes something like this:

As we approach "arrival" weekend this year, please go out of your way to help folks who look like they're lost, frustrated, or getting a run-around.  Every little bit helps.

I know it goes without saying, but "Be Nice!"  A little effort on your part will make a lasting impression upon our visitors, new students, and parents of new students.

Be Nice!

If we have a clear sky, the annual Perseid meteor shower should be pretty good tonight.  The best times will be between midnight and 5am (EDT) Wednesday morning.  It may be hampered some by the glow of the third quarter moon, so stand behind a house or a tree which blocks the moon out.

NASA has a really good article relating bugs "splatting" on a car windshield to why we have meteor showers the same time every year.  The Perseids is usually one of the best shows of the year. Forecasters think this year could be very good.

Pull up a lawn chair and a blanket, stay warm, and enjoy the show!