IT World: Deborah Estrin wants to open source your life, literally

You may not have heard about Dr. Deborah Estrin, a computer science professor and open source advocate, but she is on a mission to bring open source quite literally to the cellular level. But before we explain why, we need to put her work in the current context.

She is one of six professors of the latest academic disruption experiment that goes by the name of Cornell Tech. And she is taking open source techniques to a startup called Open mHealth that she began two years ago.

You can read my piece here on IT World about this remarkable woman.

How to turn off your mainframe, c.1995

So you want to get rid of your mainframe?

In the spring of 1995, I had an opportunity to witness a historic occasion: the removal of a firm’s mainframe IBM computer. I wrote a couple of columns for Infoworld back then and was recently reminded about the moment. Here is what I wrote:

The notion of turning off your mainframe computers is somewhere between romantic and impossible, depending upon whom you talk to you. Our esteemed editor-in-chief gave an actual date (this month) when the last mainframe at Infoworld would be shut off — that is the romance part — while I am convinced that there will always be room for mainframes in corporate America, somewhere.

The company that I visited is Edison Electric Institute, the trade association for the nation’s several hundred investor-owned electric utilities. They are located in downtown Washington DC and had — until recently — a single IBM mainframe computer running their business.

At the core of any trade association are lists: “We are constantly putting on conferences, mailing things, and updating records of people in our member’s companies,” said Jon Arnold, the IS director at Edison. Edison publishes over 200 different handbooks, conducts training seminars, and even tests potential operators of nuclear plants.

Edison had originally purchased a 4331 about 12 years ago. “At the time, we were spending hundreds of thousands of dollars with an outsourcing company — only back then we called them remote job entry sites,” said Jeff Kirstein, one of Arnold’s managers. “We had written all sorts of applications in COBOL and everything was charged back to the end user.”

Edison decided to buy their own mainframe and began to write what would end up being a core of six different applications, most of them written in SAS: a list management routine that had over 70,000 names on over a thousand different lists, a meeting registration package to keep track of hotels, courses, and other details needed for the various conferences the trade association put on each year, a financial tracking package, a package to keep track of the several hundred publications and periodicals that Edison subscribed to, and a committee membership tracking system.

SAS was flexible, to be sure. “But it was also a hog, and as a statistical package it was poor at generating business reports, but once we got the hang of it, it worked fine for our purposes,” said Kirstein.

The mainframe-based applications “got the job done,” said Jim Coughlin, a programmer analyst at Edison. “We had setup our mainframe to make it easier for each user to maintain their own lists — every mainframe logon ID was tied to a particular virtual machine and memory space. However, the mainframe systems were fairly crude: each time a user opened a list it would take time to resort and their was minimal error trapping during data entry.” One plus for the mainframe was that “we didn’t have to spend a lot of time running the machine,” said Arnold. Using IBM’s VM operating system, Arnold had one system operator and an assistant to do routine maintenance and backups.

But the annual fixed costs were high, and when Edison moved four years ago into a new building in downtown DC they began to deploy LAN-based technologies. At the time of the move they began thinking about turning off their mainframe. However, they had to manage the transition slowly:

“First off, my predecessor signed a five-year lease with IBM shortly before I came on board,” said Arnold. That lease, along with the monthly software maintenance charges for the various applications and system software, ran to about a quarter of a million dollars a year. Breaking the lease early would have been costly, so Edison decided to start planning on turning the mainframe off when the lease expired in February, 1995.

Secondly, they needed to find another tool besides SAS that would run their applications on the PC. More on what they picked next week.

Third, they had to populate their desktops with PCs rather than terminals. They began to do this when they moved into their new building, first buying IBM PS/2 model 50s. Now Edison buys Dell Pentiums exclusively. All of the desktops are networked together with two NetWare 3.12 servers, and run a standard suite of office applications including Word Perfect GroupWise and word processing, Lotus 1-2-3 and Windows.

Fourth, they had to retrain their end-users. This was perhaps the most difficult part of the process, and is still on-going.

I’ve seen lots of training efforts, but my hat is off to Edison’s IS crew: they have the right mix of pluck, enthusiasm, and end-user motivations to make things work.
The IS staff raffles off a used model 50 for $50 at a series of informal seminars (“You have to be present to win,” said Arnold). And “we also kept a list of people who didn’t get trained, and they don’t get access to the new applications on the LAN,” said Jeanny Shu Lu, another IS manager at Edison. Finally, the applications developers in IS held a series of weekly brown-bag lunches with their end-users, and solicited suggestions for changes. These would be implemented if there was a group consensus.

I turned off my first mainframe at 1:11 pm on March 2nd, 1995 in the shadow of the building where the original Declaration of Independence is kept. Somewhat fitting, but somewhat sad. I was at the offices of the Edison Electric Institute, who happen to be located across the street from the National Archives in downtown DC.

When I first spoke to Jon Arnold (the IS manager at Edison) last year about doing this, I was somewhat psyched: after all, I had been using mainframes for about 15 years and had never been in the position of actually being able to flip the big red switch (a little bigger than the ones on the back of your PCs, but not by much) off before. However, when the time came to do the deed on March 2nd, my feelings had changed somewhat: more of a mixture of bathos and regret.

IBM mainframes were perhaps responsible for my first job in trade computer publishing in 1986: back then I was deeply involved in DISOSS (now called OfficeVision and almost forgotten), 3270 gateways, and products from IBM such as Enhanced Connectivity Facility and IND$FILE file transfer.

The mainframe I was ending was a small one: an IBM 4381 model 13. It had, at the end of its lifetime, a whopping 16 megabytes of memory and 7.5 gigabytes of disk storage — DASD to you old-line IBMers. Since this may be the last time you see this acronym, it stands for Direct Access Storage Device. It was running VM, which stands for Virtual Machine, as its operating system. And since it cost over a quarter of a million dollars annually to run, it had reached the end of its cost-effective life. It was replaced by two NetWare file servers, one of which had more RAM and disk than the 4381 had. The network was token ring, reflecting the IBM heritage of Edison and the utility industry it represents. Edison took existing SAS and COBOL applications running on VM and rewrote them in Magic and Btrieve on the LAN.
Magic is an Israeli-based software development company that provides tools to build screens and assemble database applications that can run on a variety of back-end database servers. One of the reasons Edison began using it was they had a contractor who began to build applications using it. “However, they never finished the work and we had to take it over,” said Coughlin. “It is a wonderful rapid application development language, and easy to make changes.”

The combination of the two products is very solid, according to Edison’s developers and end-users. “We’ve had no data corruption issues, no performance problems at all,” said Kirstein. “We had tried other products, such as writing X-Base applications in Clipper, but that was a mess.”

The Magic-based applications took less time than SAS. For example, rewriting the meeting registration package took two months, about half the time the equivalent SAS application required.

And the new LAN-based applications allowed Edison to improve service to their members, avoid duplicate mailings, and increase the quality of their databases. “We forced more cooperation among our end-users since now one person owns the name while another owns the address,” said Kirstein. “We’ve added lots of user-requested capabilities to our list management software, but we’ve also managed to keep it centralized,” said Arnold.

Getting rid of a mainframe, even a small one like this 4381, isn’t simple of course. It took Edison several years to migrate towards this LAN-centric computing environment and to rewrite their applications on PC platforms. And then they still had to pay several thousand dollars to have someone cart the 4381 off their premises. (Their original lease, written five years ago, stipulated that Edison would be responsible for shipping charges.)

So in the end, the machine had a negative salvage value to Edison. They managed to make a few hundred bucks, though, on a pair of 3174/3274 controllers that someone wanted to purchase. Ironic, though, that the communications hardware (which was even older technology than the 4381 itself) would prove to be worth more and outlive the actual beast itself.

Turning it off was relatively easy: I typed in “SHUTDOWN” at the systems console (forgetting for a moment where the “ENTER” key is on the 3270-style keyboard), waited a few minutes, and then hit the off switch on several components, including a tape drive and CPU unit. Ironically, the cabinet of this mainframe was red: perhaps Edison knew they were going to replace the mainframe with a NetWare network long ago? The hardest part was remembering the command to turn off forever their 3270 gateway, which was a piece of software so old from Novell that it no longer was supported or manufactured (why upgrade something that you eventually will retire?).

What made the moment of shutdown a sad one was that I was standing amidst people who had seen the 4381 first come in the door at Edison, and who had spent a large portion of their careers in the care and feeding of the machine.
“It is going to be pretty quiet in our computer room,” said Kirstein.

After we shutdown the mainframe, the Tricord running NetWare was still running. And it was alot quieter.

Where are they now? Arnold is now Managing Director WW Utilities Industry for Microsoft.

Dice: Programming Languages That Aren’t Worth Your Time

As we all know, it seems like new programming languages are created every week. But which ones aren’t worth wasting your time on?I looked at actual listings on Dice to try to spot some trends. In late April, I searched both their entire set of job listings as well as specific job titles to see what skills companies were actually looking for. Here is a link to what I found.

Network World: Secure Auth Tops in Two-Factor Tokens

We all know that relying on a simple user ID and password combination is fraught with peril. One alternative is to use one of the single sign-on solutions we reviewed last year, but there are less expensive options that could also be easier to install. That’s where two-factor authentication services come into play. I recently reviewed eight such tools, including Celestix’s HOTPin, Microsoft’s PhoneFactor, RSA’s Authentication Manager, SafeNet’s Authentication Service, SecureAuth’s IdP, Symantec’s Validation and ID Protection Ser- vice (VIP), TextPower’s TextKey and Vasco’s Identikey Authentication Server. SecureAuth (illustrated) came out on top.

You can read my review in Network World here.

You can download the various screenshots here.

And you can follow the Twitter handles of the various vendors here.

Helping lawyers predict the future

A company started over the course of a weekend today is one of the winners of the St. Louis Arch Grants competition. Juristat, which applies big data analytics to legal caseloads, won a $50,000 grant as part of the competition. This comes on top of a $50,000 equity investment by Capital Innovators, a St. Louis-based venture capital firm. Juristat’s tagline is “helping lawyers predict the future.”

A little over a year ago, Drew Winship was one of the participants in the St. Louis Startup Weekend. The goal was to find others of like mind and form a company within 50 hours over a weekend. I watched as he brought his team together and began to formulate their plan, and it was fascinating. Winship’s idea was to download information from the state court websites to determine the best days and trial judges for lawyers to try their cases in front of. Because there are differences among them, and if you know going into a trial that you can get a better outcome some place else, why not use that to your advantage?

For example, why not figure out the probably of a judge granting a summary judgment (meaning a shortened trial)? Or which litigators at particular firms have better won/lost case stats? Or if your stats are better than competing law firms’? Or the composition of particular juries? If you get enough data, the analyses can be pretty compelling, particularly for large dollar law suits.

There was just one tiny problem: the Missouri state court website didn’t have any easy way for the general public to download its data. So Winship and his team put together a series of automated scraping techniques to gather the data over that first weekend. That created something of an issue, because this automated scraping effort looked to the court website as a denial of service attack in progress.

So began Juristat. You could see how lawyers and their regulatory bodies might not have much of a sense of humor, especially when it comes to having their data taken without their permission. Indeed, if you examine the sad tale of Aaron Swartz and his suicide earlier this year, he was essentially doing something similar with downloading batches of academic journal articles.

Winship is a member of the Missouri bar and somewhat reluctant to become a cowboy data wrangler: mainly because he could be put in jail for these activities. The courts decide what is and isn’t appropriate fair use of their data, even though it should be available to the public. This reminds me of the early days of the Internet when folks like Carl Malamud fought with the US Patent Office and the Securities and Exchange Commission to to free their data archives. Now we don’t think much of having this kind of access: indeed, you would be hard pressed to find folks that prefer the paper documents to what you can find online.

I spent some time with Winship last week and he brought me up to date on his fledgling company. While Missouri’s courts have since balked about giving him any data, he has been able to legally access the entire New York state court system and process it in his system. He is expecting contracts from a couple of major Manhattan law firms “any day now” and has continued to develop and refine his algorithms to make them unique and useful to his legal clients. Part of their challenge was to develop application interfaces that would work and that others could use to build on top of Juristat’s efforts. And part was just manipulating the data in such a way that it would be useful for your average lawyer with no computer knowledge. (Insert your favorite lawyer joke here.)

Yes, there are some pretty big players in their space, including Lexis and Westlaw. They don’t have all the data that Juristat has, and they don’t have any accessible analytics either. That is the golden opportunity available, and why the company has won the attention of Arch Grants.

But what I like about Juristat’s story is that you don’t often find its founders that simulate a DDOS attack to start up their company. And certainly not by a bunch of lawyers! I wish them well.

Slashdot: Finding your next superstar programmer

Tech firms are relying on non-traditional hiring methods, from programming contests to finding the right people via algorithm. I interview several hiring managers and shared some of their methods.

You can read my post on Slashdot here.

ITworld: Some quirky tech conferences worth attending

If you don’t want to go to Vegas for one of the mega-shows by IBM, Symantec, CA and whatnot, then perhaps you should consider one or more of the shows that I chronicle in my latest piece for ITworld. I tried to find conferences that you can actually learn something, and are small enough not to be overwhelming where you can spend some time meeting new people too.

You can read my article here.

Why small businesses need firewalls

I have been spending time this week at a small media company called Mercury Labs. Despite their name, they don’t normally test anything, but ironically that is what I have been doing there. I was testing a bunch of integrated network security devices for Network World.  These devices cover what is called unified threat management, but you can think of them as network firewalls with additional features, such as the ability to scan incoming and outgoing traffic for viruses and spam, blocking phishing URLs, and being able to set up a secure virtual private network connection when you are on the road.  I’ll call them advanced firewalls here for convenience.

I have a long history of testing these tools. Almost seven years ago, one of the Techtarget publications had me looking at them for larger enterprises, and I went out to the central IT department at Stanford University to put them through their paces. This time around, I wanted to find a small business site for the tests that I was going to be doing for Network World. That’s why I was over at Mercury this past week.

They have about 10 Macs connected to an Apple Airport, which is the center of their network, providing IP addresses, wireless connections and a shared hard drive to the entire office. The Airport is attached to a cable modem and the Charter broadband network.

Wait a minute. Don’t you need a firewall if you are going to connect your network to the badass Internet? Yes, and Mercury knew they were taking chances. A firewall is just the basic separation that keeps the bad guys from getting inside your network and causing havoc. That is why they were the perfect testing site. They were vested in my review and what I would find out about these products and their specific needs.

Interestingly, it isn’t just small businesses that don’t have firewalls. When I arrived at Stanford, the central network didn’t have any either. Partly that was because of some odd notion of academic freedom, but back then they realized they had to get better protection. Ironically, while I was doing my tests there we saw someone try to reach out from Germany one morning. Luckily, they had other defenses that prevented them from doing any damage, but it emphasized the reason why I was there testing these products. And coincidentally, when we brought up the advanced firewalls at Mercury, we could see all the network traffic where folks were continually scanning and looking for ways to enter their network too. It was a sobering illustration of why these products are essential.

When I first arrived on scene, I went into their phone closet where I tried to suppress a gasp. Yep, this was your typical small business: part storage room, part cable jungle, and mostly a mess. It was clear that trying to figure out the network topology was going to be a challenge, and my first act was to leave everything alone.

Inside the closet were two small gigabit switches from DLink that looked like they had been around since the days of DOS. This worried me, but since things were working, I wasn’t too concerned. Yet.

One of the vendors that were part of the test insisted on sending a product engineer to help with my testing, and I am sure glad that he was there. When we cut over to his device instead of the Airport, things initially went south. Turns out we found a bug in their firmware. Once that was fixed, all of the wireless Macs were quickly brought up on the network behind the new firewall. But the wired Macs had trouble connecting. It took a few reboots later before we got everyone back on board. It was ironic that the wireless portion of their network was easier to bring up than their wired portion. That was thanks to the wonky cabling in the closet.

So what are some takeaways from this experience?

If you are running gigabit Ethernet to your desktops, make sure your cable plant is up to snuff. Part of my problems had to do with the older cables used to connect things in their wiring closet. There is a difference between Cat5 and Cat5e, especially if you want to run the faster networks these days. Make sure you are using the right cables.

Disconnect any unused wired ports in your office.  This is just basic security practice, but bears repeating. And if your wiring contractor hasn’t done so, you should label your ports in the walls and in your closet so you can track things down more easily.

Understand the limitations of your core network gear, including switches, routers, firewalls, and wireless access devices. Your network installer should explain these things in terms that you can understand.

Have a separate guest network with the appropriate security measures. The Mercury folks were using the Airport guest network features, which were bare bones. One of the reasons they wanted to go to the advanced firewall was to provide better protection from their frequent guests and contractors who were going to be connecting in their offices.

Oh, and what happened with my review for Network World? Well, you will have to wait and read about it in their pages. I can tell you that I learned some interesting things about all the products that I tested.

Dice: Ways the AP Could Have Avoided Its Twitter Hack

A single tweet with a phony bit of news sent the stock market into a brief dive Tuesday, pushing the Dow Jones Industrial Average down more than 140 points in the three minutes from 1:07 to 1:10 p.m. ET. When the “news” — that two bombs had exploded in the White House, injuring the president — was debunked, the market regained its footing.

You can read my post on Dice.com here on what happened, and how the Associated Press could have avoided this exploit of their Twitter account.

What should a startup do to prepare for crowdfunding?

If you are thinking about using the crowd to fund your startup, you might want to think carefully about why, how and when.  Until SEC does finally promulgate the JOBS act regulations, it is mostly illegal.  Even when the final rules will be publicized, it still may not be very desirable to do so, depending on the type of business you are in and what kind of funding you are looking for.

Current status of crowdfunding

There are actually three different potential equity offerings that intersect with the online and crowdfunding world. First is a series of offerings that are made to accredited investors, such as some Missouri Venture Forum members. This is presently legal and goes under Regulation D, Rule 506 of securities laws. There are several equity-based crowdfunding sites such as AngelList, Bolstr, EarlyShares.com, Navocate.com, ReturnOnChage.com, RoyaltyClouds.com, InitialCrowdOffering.com and CircleUp, among others. The ventures can’t publically advertise for investors and the offerings have to be carefully prepared, much as an offline private placement offering is done now.

The JOBS act added two other situations, one which has proposed regulations that haven’t yet been adopted, called Title 2, and one which is still at the starting gate with nothing yet proposed, called Title 3. The former is just for accredited investors but the ventures can advertise for prospects, while the latter is for anyone who wants to buy in, with the specific circumstances still under discussion. Regardless of which way you go, your venture will probably be limited to raising one million dollars annually within any crowdfunding rounds. Given that one popular game raised that much in a day last year on Kickstarter, this could be a big possibility and a limitation. There will also be minimum and maximum equity amounts limits. These issues are still being worked out by the SEC.

One local venture that isn’t waiting for the SEC is Passer.by, which began operations earlier this year. Todd Metheny is their CEO and he said they started Passer.by “with the specific goal of providing an equity-based crowdfunding platform for indie films and allow a new breed of investors to have some say in what movies are made. If hundreds of people are interested enough in a film concept to invest, theoretically that movie has a much higher chance of finding an audience.” He calls this “social proof” and it is a powerful concept for his business. Right now they aren’t doing any equity funding, of course. They have gotten donors to back three different films, so they are starting slowly. Metheny is waiting to see how the SEC regs play out. “One of the big issues is whether the regs require audited financials. That is one of the potential deal killer provisions. It doesn’t really make sense to force a company with no financial history to provide audited financials, and the cost would be a significant risk for a new company anyway.”

Passer.by isn’t the only St. Louis-based crowdfunding startup: Former Center for Emerging Technologies COO Bill Simon’s Propelfund.com has also begun operations and is accepting ventures. They also plan on offering equity funding when approved by the SEC.

Outside of the US, there are numerous other sites such as the Dutch site Symbid.com that are used as a mechanism for raising equity or debt funding of business ventures. These countries have more permissive securities laws, and well, you can take your chances with that.

Next steps to take

So before the SEC acts, make sure you thoroughly understand the JOBS act and how it is written, and what it means for your startup. “You might be making a statement that inadvertently is fraudulent under one of the federal securities laws,” says Sara Hanks, the CEO for Crowdcheck.com, a startup due diligence firm for crowdfunding investors and companies looking for them.  “You don’t want to be overstating or overpromising something.” You might want to hire a lawyer, or use one of CrowdCheck’s services, or find other professional advice.

Should startups mix and match the crowd with traditional VC funding? The experts urge plenty of caution here. “With a larger number of investors comes greater investor relations management responsibilities,” says Metheny, who has a lot of questions about how things will work, especially for Title 3 deals. “What will the regs require in terms of updating the investors? Managing half a dozen investors is difficult–what about managing 500? How do you balance creating a system that provides adequate protection for investors but isn’t too onerous to be worth the trouble for startups?”

One possible mix-and-match scenario is to use the crowd for this social proof and pre-sell or pre-market a given product or service, to test the market, promote a startup’s efforts, and get the buzz going. Clearly, even some established companies are doing this already, such as the funding of a Veronica Mars movie to expand its popular TV franchise. Certainly, a major Hollywood studio doesn’t need the monies it raised from the crowd, but it helped get the project moving forward.

Another perspective comes from Bill Frezza, a venture partner in Adams Capital Management. Adams has $800 million under management, and Frezza thinks that startups shouldn’t mix funds from the crowd with the professionals. “If a startup does the initial angel round from the crowd and then does a subsequent round from VCs or sell any stock afterwards, you start getting more complex capital structures. And then liquidity becomes tough if things come apart with the company, if they have a down round or have to restructure. It could end up that the crowd-based investors get screwed and class action lawsuits will certainly happen.”

Metheny thinks it all comes down to how the JOBS regulations are written. “There could be some poor outcomes, but bad regulations have been written before, or you could have unintended consequences.”

Frezza says, “When you buy a security from a public company, it is a well-defined thing. From a venture financed company, it can be a Turkish bazaar, with very complex provisions that will make your head spin. We have enough problems with companies founded with doctors and dentists, but this could be even worse. It could be real easy to see your crowd-based ownership disappear entirely, because every new financing action can reshuffle the equity deck.”

Tim McFadden, a partner with Armstrong Teasdale LLP, recommends that startups interested in crowdfunding should get acquainted with the JOBS Act statute and what disclosures you may be required to make.  Prepare those in advance with help from your legal and accounting counsel so when SEC finally clarifies the crowdfunding rules, you have all documents in place and can act quickly.

(This originally appeared in the newsletter of the Missouri Venture Forum.)