Recently, the Newport News, Virginia Open eGov system was released. Using the Plone content management system, the system is designed for governments to install, out of the box, a website which also includes specialized departmental infrastructure. Newport News has also made the system available under the GPL; it can be found here.

I found this quotation from their Lessons Learned document interesting: “The adoption of new technology is an iterative process of innovation and learning…” While they did not use the actual term, it seems that the team which developed Open eGov utilized an agile approach to software development. Agile development does not mean a harem scarem approach to development; the team said that they spent a significant amount of time conducting research on best practices and content management systems before undergoing the customization necessary to launch Open eGov.

We are interested to see if this product gains traction. It is part of the PloneGov project, which, while claiming members in 20 countries, does not have an apparent member list, or much reach. I think that if the Newport News staff wants to extend their reach for the product, they’ll need to answer some questions:

• How can they increase citizen participation in these sites? I see surveys, but there is no way to comment
• How to spread the word about the availability of this product? The product is, from appearances, targeted at local governments.
• Is the Plone/Python/Zope package the best one to facilitate widespread adoption? The community of developers is much smaller than of other developers. Naturally, Scott Stults, our resident Plone and Python expert, believes it’s the right answer and could be seen dancing with joy when shown the Newport News announcement.
• Why not put the project into a system that allows user contribution to it? How a developer contributes to the Open eGov project is not particularly clear. Perhaps this is an intentional result of the lack of desire to be the gatekeepers of others’ contributed code.

Seeing Open eGov is certainly, to us, a positive development. Now, we’ll see what happens next. Building a great open source platform is just one part of the puzzle; developing a vibrant open source community is another kettle of fish.

Thanks to our friend James Walker at EzGov Europe for pointing this article out to me!

This week I spoke at the LSP Conference at UVa, and while I was there, I got to attend several other speeches that were very interesting.  One that I particularly enjoyed was on Building Facebook applications, and the potential privacy issues surrounding them.  Adrienne Felt is a graduating fourth-year student at the University of Virginia’s Computer Science department in the School of Engineering and Applied Science (also my alma mater).

She first talked about how to go about building a Facebook app, which was interesting because I have been curious about it, but I hadn’t had the chance to look into it yet.  But the second half of her talk was more thought-provoking, because she discussed her research into the privacy issues of Facebook.
Those privacy issues are particularly relevant because of this article today in the Silicon Valley Insider, titled “Facebook Borks Blockbuster: Beacon Turns Into A Lawsuit”

The short description of what happened apparently is Facebook and Blockbuster video had a deal where you could put an application on your Facebook profile, and this application in turn was broadcasting to your friends what movies you are renting.  When a lady by the name of Cathryn Elaine Harris rented a pornographic movie, she was apparently pretty embarrassed to see it broadcast on Facebook and now she is suing.

Now go back to the Alley Insider article and read the comments if you haven’t already.  Once you get past the crude jokes, you’ll see a reply by a poster named Roy stating that:

“You did not need to do any type of opting-in to get this behavior. Simply being logged *into* Facebook was enough for Beacon to push my Blockbuster rentals to my Facebook news feed. There was no “do you want to opt-in” email, there was no “do you agree to send information from one site to another” option … it just happened one day.”

That quote really rings true with what I learned from Adrienne at the LSP Conference.  Check out her site on Facebook Platform Privacy.

She is mainly talking about how when you build an application for Facebook, you can force people who install your app to let you get access to all their Facebook data or they won’t be able to install that app.  Most applications require you to let them have access to all your data, even though according to Adrienne’s research only about 6% of them use it.

Now this is a little different than the court case mentioned in Alley Insider, because that was a case of a company providing presumably private customer information to a public data feed without that customer’s consent (or at least that is what her pending suit will allege).

But nonetheless, the article reminded me of Adrienne’s presentation and her work at UVa on privacy issues because it highlighted how willing we are to give up control of our private information to anyone on Facebook who asks for it, just so we can install a Facebook app like Zombie Killer and play an online game with a friend.

While Zombie Killer is considered “safe” and is probably not doing anything bad with your Facebook info, the fact of the matter is that Facebook allows me as a developer to write an application, encourage you to install it, and then I am allowed to pull any information I want (except your email address) from the profiles of Facebook users of my application.  I can then store that data on my own server indefinitely and use it for anything I want.  Most uses of this will probably be for more direct marketing of products to you as a Facebook user, but frankly is still creepy to me.

During FOSE, I was surprised to find that FedBizOpps had completely changed its format, look, feel, and usability.  I found out about this because I had bookmarked several pages to look at responding to potential RFPs, and none of them worked.  So, instantly, I had a predisposition against the new FedBizOpps, even though I consistently complained to colleagues about its lack of functionality.

However, once I got over the initial dissatisfaction of losing ten or so bookmarks to a poor conversion, I started looking into the new website.  Now that I’ve been using it for a couple of days, here are some observations:

• The search agents solve a key missing element.  Instead of having to type in the same searches over and over every day, I can save a search with the criteria that I want and have it scheduled to run on a regular basis, sending me an e-mail with the newest postings.
• Searching by expiration date is a good capability.  I want to see what’s yet to expire, expiring soon, and the like.  However, one element missing in a saved search agent is a dynamic date.  In other words, I can’t say that I want postings which expire tomorrow through eternity and have that date move forward daily.
• This site was not fully tested.  My two biggest pet peeves should have easily been caught in testing: 1) if I open a link (for example, to a posting) in a new tab, it messes up the original tab, and 2) the back button doesn’t seem to work.  I like to return to previous activity by using the back button.  Even “Return to Results” does not work, and there is no obvious internally linked navigation.
• Site visitation does not have permanence.  If I keep a tab open on a posting, it’s probably because I want to come back to it.  If I put my computer to sleep and come back, I can’t navigate from that page anymore.  It’s quite irritating.
• There’s no obvious way for me to provide feedback.  If the government wants to improve and wants to serve its customers, then it should make interaction easier.
• I didn’t see it coming.  If I would have known that this was coming and the effects it would have on my searching efforts, I could have prepared adequately.
• There’s no obvious FAQ or user’s guide.  It’s truly a libertarian site–you figure things out on your own merits, apparently.  No paternalism here!

All in all, as the title implies, I think it’s a step in the right direction.  The transition was poorly not handled, and it’s clear that testing did not incorporate the full cycle of usability testing.  I would be surprised if there was a detailed test plan, and if there was, it wasn’t detailed enough.  However, the concepts of usability are improved; I just hope it’s not another several years before the government decides to take the next step.

FOSE 2008 is over, and we’re all back home. Here are my observations from the final day of FOSE 2008:

• It would have been nice to have our people attending more sessions. Arin Sime got to attend a couple of sessions, and Eric Pugh saw the opening keynote speech, but it would have been nice to attend more sessions to get the government point of view of information technology.
• The attendees have a general distrust of custom solutions. It’s not a wonder. They probably suffer from vendor lock, unresponsive clients, and have generally been burned by bad process.
• There are pockets of Agile development, but not many. This probably leads to the problem cited above, but it also reflects a greater problem…
• Contracting officers don’t know how to price Agile development. The most common pricing scheme for development projects is fixed price. Agile can only deliver a fixed price for labor. Maybe it will be easier under a blanket purchase agreement or with sprint-sized task orders.

It’s too early to say whether this was a worthwhile trade show for us. Each day, we definitely had conversations where people had specific problems that they were trying to solve which our team and process could help them solve. Whether or not we can get from problem identification and solution provider acknowledgment to actually providing the solution remains to be seen.

The people who came by our booth yesterday seemed to represent a slightly different mindset than what we saw in Day 1. I can still categorize the attendees:

• People on a mission: They know what they want, and they’re very specific about what they are looking for. Questions like “Can you do J2EE” and “Are you familiar with Drupal [Alfresco, Joomla, Expression Engine]?” were much more common in day 2 than they were in day 1.
• Browsers who either haven’t heard of open source or misunderstand its meaning: These are fine people to talk to, as there is an opportunity for us to tell them what it is and what it isn’t. Firstly, let me say that open source is not the answer to everything (saying something like that at OSCON would get me lynched. As an aside, I’d wager that the number of people who attend both FOSE and OSCON represents less than 1% of either conference’s attendee population. That number disappoints me greatly, as both populations need to learn about each other over the next few years if our government is to remain competitive without spending greater and greater amounts of a percentage of GDP.
• Schwag runners: The group of people almost sprinting through the exhibit hall sort of reminds me of the Filene’s basement sale. It reinforces why we don’t give out schwag. Perhaps the companies who give out schwag wind up having more conversations with people that they would not have otherwise had, but watching the surreptitious glances of candy grabbers hoping that nobody from the booth actually talks to them makes me think otherwise.

The one group of people whom I expected to see some of that I have yet to see is contracting officers. I know that many agencies are not meeting their set-aside goals, so I would have expected the KOs to be swarming the small business pavilion to find the vendors who can help them meet their goals. We have seen a few primes come by and talk to us and when they discovered that we are a service-disabled veteran-owned small business (SDVOSB), then the timbre of the discussion changed (though we’d rather have people be interested in working with us because of the quality of work that we do) . Maybe, as someone put it, the KOs have been burned too badly by low quality set-aside qualifying firms who can’t actually do the job in the past that they are now looking at the major primes to serve as the vetting mechanism. It’s not a bad idea.

I’m also surprised that nobody is blogging about FOSE. The number of blog posts found on Technorati covering FOSE takes up less than a page. Comparatively, OSCON is usually a top (if not the number one) search term on Technorati during OSCON. There are about 45 news articles on Google covering FOSE, but I would still expect people to be writing (and blogging) more about this convention. It’s huge. There must be at least 4 times as many people here than at OSCON. At OSCON, crowds come in waves as people come out of sessions. At FOSE, there is a constant stream.

Still, being at FOSE is worth it, because it’s important that government users of software become more acquainted and comfortable with open source products and don’t have the not invented here (or by a small group of proprietary software providers) syndrome. There are pockets of users of open source products, and some who are interested in learning more, but the road ahead is a long one. We intend to be there; as citizens, we have a vested interest in how our taxpayer dollars are spent.

We just completed Day 1 at FOSE. While I was not able to attend any of the presentations, I did walk around the exhibit floor and had a ton of conversations with attendees. Here are a few themes that I observed:

• There is still a lot of ignorance about open source. Despite the efforts of AFEI with conferences such as DoD Open, the message is not getting through at all. The comment I heard that most epitomized the ignorance was from a government contracting officer: “First it’s closed, then it’s open, then it’s closed again.”
• Not enough open source is SEM certified. The desire for DISA and other agencies responsible for SCIFs to want to know what’s going behind the cleared wall is understandable. However, open source products will have MORE auditability, not less. It seems like there are not enough advocates with enough experience in and understanding of open source products talking to information security officers about the benefits and overcoming objections. The other unfortunate side note is that it’s awfully hard to get SEM paperwork entered in as a bug into an open source project.
• The hardware vendor market has to be close to saturated. I was surprised at the preponderance of hardware vendors exhibiting at FOSE.
• The number of prepackaged software vendors is surprisingly high. Most software has a short shelf life at best. Why government purchasers are paying for long-term licenses and not insisting on code ownership is unknown to me. I think it relates back to the first point about the ignorance of open source in the government purchasing community. If it took a more open source friendly approach to procurement, I posit that costs would go down and quality would increase due to the benefits of meritocracy that the open source community experiences. It’s not a panacea, but it’s a right step.
• The number of companies at FOSE who do what we do is suprisingly low. Not everything that the government wants comes out of a box. I’m surprised that more companies aren’t there making the pitch that “when what you want software to do doesn’t come prepackaged, talk to us.” Software packages rarely do what you want straight out of the box.

Hopefully the talk that Scott McNealy from Sun gave this morning will resonate with program managers, procurement officers, and developers in the government. Eric Pugh will be blogging about that presentation shortly; the Sun CEO spoke about many of the topics we have been blogging about in recent months.

In the March, 2008 issue of Wired Magazine, Chris Anderson wrote an article positing that the marginal cost of technologies which drive the Internet (and, by inference, software) will approach zero over time. That timeline is shorter than many think. Because the incremental cost of the next bit of hard drive space is too small to dicker with and the number of people over whom that cost is amortized is so large, Yahoo! can offer unlimited e-mail storage and YouTube can offer unlimited file uploading.

(more…)

Let’s get crazy for a moment and declare the iPod touch the New Breed of PDA, a personal digital assistant, not to be confused with public display of affection, even though there are few zealous Apple proponents who might blend the two for their obsession with Apple devices. The iPod touch or iTouch is essentially the iPhone, minus the phone and things like Edge, but keeping the cool touch screen and allowing for connectivity not just through iTunes, but Wi-Fi as well. With the iTouch having the strength of the new iPhone SDK, the tech savvy jailbreak applications ranging from NES (Nintendo Entertainment System) emulators to Apollo Im, and even possible enterprise support similar to its cousin the iPhone, like syncing with a Microsoft Exchange Server; what is to prevent this extendable portable music player from becoming a full blown PDA device?

(more…)