Michael Schrage wrote recently in an Article in CIO magazine about the variance in the usefulness and definition of agility.

I think Schrage makes some valid points, buzzwords, initiatives need to be defined. And agility is much different than hacking around a previously unforseen problem. Also it does make sense to ask the question "agility for whom?". However, I feel like he fails to make a valid actionable point. Especially refering to the fact that architecture for buildings does not have as its purpose changeability. This is true, but no one is saying that IT architecture approaches the problem of design in the same way as building architecture. In other words, using the term from one industry in another (Architecture) doesn't mean it inherits all the problems of the source industry. ie. static buildings.

The true point of agility is to remove the inhibitors to change, and if done correctly this benefits all parties, except perhaps vendors selling monolithic product suites. What helps programmers take less steps to modify software, is the same thing that benefits administration who says tomorrow we are going here instead of there. Benefiting the "enterprise" is a worthy goal, albeit a bit abstract.

Can persons build architectures in a vaccuum that are far from practical? Absolutely. Do architects need to keep this in mind as they approach solutions? You bet. Just enough architecture just in time, should be the model, not the white tower of IT consolidation and governance.

Sometimes IT thought leaders have to say no to something that benefits the organization in the short run, because it pigeon holes them in the future. But in desiring to build an environment that removes the inhibitors to change, they themselves need to make sure their not in the way.

Well I have finally tried the ipw2100 Open Source driver and it works quite well. Here are the instructions for getting started on Gentoo, Linux:

1. First, in order to always get the latest version (including masked packages), I set an accept keyword in my /etc/portage/package.keywords You can simply create the file if it doesn't already exist. (This is the best way I have found to unmask an ebuild).

   # contents of /etc/portage/package.keywords
   
   net-wireless/ipw2100 ~x86

2. If you haven't in a while make sure your synced up with the latest portage tree.

   emerge sync

3. Install the software. If all goes well this will compile the kernel the module, and install the firmware from Intel.

   emerge ipw2100

4. Load the new module.

   modprobe ipw2100

   You should see something similar to the following in your /var/log/messages

   ipw2100: Intel(R) PRO/Wireless 2100 Network Driver, 0.51
   ipw2100: Copyright(c) 2003-2004 Intel Corporation
   ipw2100: 0000:02:02.0: Detected at mem: 0xC0204000-0xC0204FFF -> e0914000, irq: 11
   eth1: Bound to 0000:02:02.0

5. If you are connecting to a non WEP access point, then you should automatically associate on module load. You'll see the following in your /var/log/messages:

   eth1: Associated with 'apuwifi' at 11Mbps, channel 8

6. If you didn't have it already, you'll want to also emerge "wireless-tools" which you'll need to manage your connection.

   emerge wireless-tools

7. Use wireless-tools to set managed mode your wep key and essid

   iwconfig eth1 mode managed key YourSecretKey essid YourESSID

8. If you don't already have one, create a eth1 init script, then start it up to load the interface and get a dhcp address

   cp /etc/init.d/net.eth0 /etc/init.d/eth1
   
   /etc/init.d/net.eth1 restart

At this point you should be all set. I haven't looked into the slickest way to start and stop the wireless if your using WEP. I generally start the wireless with a simple shell script.

#!/bin/bash
modprobe ipw2100
iwconfig eth1 mode managed key YourSecretKey essid YourESSID
/etc/init.d/net.eth1 restart

I tested with the gentoo-dev-sources-2.6.7-r11 kernel on an IBM R40 Thinkpad. So far I have found less problems than with the Windows driver with the ndisloader. The driver also supposedly supports WPA which I haven't tested.

Resources

• http://ipw2100.sourceforge.net/ - Main Project Page
• Wireless configuration and startup - The Gentoo way, Gentoo Forums post with custom ebuild for handling wireless connections.
• Intel PRO/Wireless 2100 (IPW2100) mini DRIVER!!! - Gentoo Forums
• Intel Product Site

Update 2005-06-15: I am now using the WPA functionality, but have not written up instructions.

I have been using liferea (LInux FEed REAder), as my primary RSS/Atom news reader for quite a while. I am not certain that it is the best reader in Linux, especially since its an early project in rapid development with frequent breakages, but generally it has provided more features than others I have tried. I tried to use Straw, its more stable cousin, but was already too addicted to Liferea's group management, and favicon eye candy. rssowl, a java app that was quite featureful, has a clever interface that would open a new tab for each feed read. However, it became more difficult for me to quickly arrow down through news. Perhaps with some settings changes it could behave like liferea, but my patience for it wasn't there. Another "problem" with rssowl, was that it was quite strict in interpreting the xml from rss feeds. Which alerted me to a problem.

Many sites are using malformed XML for their RSS/Atom feeds! If you have ever tried to maintain a multiuser blogging site, perhaps you have also found out how difficult it is to declare your site as XHTML 1.0 compliant, if you allow your users to use HTML tags in their posts, as on this site. I would suggest in those cases, to add a check xhtml 1.0 link and encourage advanced users to click on it to verify their post. Its starting to matter more, in a world with many alternate browsers and feed readers, standards compliance is essential.

That being said, a major offender is Xanga. Xanga is a blogging site, that seems to appeal to an audience who perhaps doesn't even know what blogging is when they started. Anyway, I had a couple friends who were using it, and was hard pressed without the help of google to find that it offered RSS feeds. I found that it works with the following convention..

http://www.xanga.com/rss.aspx?user=username

However, I could never get my news reader Liferea, to update the feed. No error messages were shown, just said "no new items". I ignored it for quite some time, and also was frustrated that friends who were using Straw, didn't have any problem reading the posts. I finally decided to look into it this morning and found the problem. See if you can find the problem with the following xml:

<rss version="0.91">
<channel>
    <title>User X Xanga Site</title>
    <link>http://www.xanga.com/UserX</link>
</channel>
<item>
    <title>7/24/2004 6:57:55 PM</title>
    <link>http://www.xanga.com/item.aspx?tab=weblogs&user=UserX&uid=0000000
    </link>
    <description>
    First post.
    </description>
</item>
</rss>

The <channel> tag is closed before the item list. According to the RSS 0.91 spec everything pertaining to an individual channel should be contained within the channel tag.

A workaround for Liferea.

I found a Xanga Conversion Filter which can be used to correct the problem with Liferea. Liferea can use an external filter to access feeds in unsupported formats. Edit your feed and check "Use Conversion Filter" and point to the the perl script saved from the above source. Perl to the rescue once again. I can now finally read Xanga feeds from Liferea. Should an RSS reader follow the rules strictly? Or should it attempt to correct bad rss or xml? Not sure but, but with auto-correction we may never find the problems and report them. I guess I should inform Xanga of this problem. I am wondering if they will care, considering in 10 minutes of perusing their site, including their FAQ I can't find any mention of RSS.

Bad news for us, good news for security standards. So it seems that the OpenLDAP project is starting to work towards elimination of most simple bind functionality. There are a few posts here and there about it. As part of this, versions 2.1.23 and greater of OpenLDAP do not support the simple bind {KERBEROS} functionality that we are currently using. We are currently running version 2.1.21 in production.

Some options for working around this problem include:

1. Switching to the simple bind {SASL} option which uses a ldap->saslauthd->kerberos or ldap->saslauthd->pam->kerberos method of credentials authentication. (Haven't been able to make this work right yet)
2. Not upgrading OpenLDAP.. ever.
3. Eliminating ldap simple binds in the environment.
4. Moving authentication directly to Active Directory.

"If IT is regarded as order takers to fulfill your vision, 
you're not going to take full advantage of what technology has to 
offer."   -- Safeco Insurance CEO Mike McGavick

A new Internet2 Middleware group, MACE - Signet has been formed to come up with solutions surrounding a privilege management service.

A privilege management service is a key component of campus middleware that provides for central management of user privileges across a range of applications. Benefits include a standard user interface for privilege administrators, consistent simplified policy definition, interfaces to other infrastructure services and to application systems to support integration. Deploying and taking full advantage of a privilege management service has a number of technical and organizational prerequisites, based on some campus experiences with such deployment.

They are working on a Privilege Management Recipe. Nice to see some more movement in this part of [Identity Management].