The bad news is that this cloud is being used by the criminals and spammers. The good news is that it could be owned by ... us.

Cloud service providers are starting to court the retail consumer, eyeing continuing revenue streams from licensing fees. Corporate giants like Google and Apple and relative newcomers like Dropbox and Carbonite are trying to get us to pay them monthly fees to store our data on their servers. Prices are free or relatively low for small amounts of storage. Google Drive charges about $50 per year for 100GB or $600 for 1TB. That’s about 5 times more than the cost of a 1TB hard drive.

The cloud doesn't have to belong to the criminals or corporate giants; it could belong to us all. Increases in bandwidth and greater power and storage in personal computers have left most of us with excess capacity. That is probably why many computer users who are hosting bot nets are not even aware their computers have been compromised. This extra capacity can also be use for more positive pursuits. For many years now there have been scientific efforts such as {Http://setiathome.berkeley.edu|SETI@home] that have used the power of thousands of personal computers to help process the massive amounts of data collected in their Search for Extra-Terrestrial Intelligence (SETI) or other scientific efforts. These projects distribute computationally intensive tasks to thousands of individual owners who have volunteered some of their spare CPU cycles and disk space. Other developers, such as Ian Clarke are developing software to let complex computations be distributed across the net.

This excess capacity can also be used to store and use distributed data. Perhaps less altruistically, but nerveless quite effectively, Bittorrent Peer-to-Peer (P2P) networks have also taken advantage of sharing data (files) in a loose distributed network of computers. The technologies for pooling excess capacity on large numbers of distributed PCs (and laptops) are either currently available, or well within the reach of current technology.

What would happen if, instead of having that capacity hijacked, or being stuck with continual leasing fees, we pooled our computers to form a giant peer-to-peer (P2P) personal cloud that we all could use for free? The two primary capabilities available in the cloud are data storage, and application services. One of the first applications that would be of common benefit would be to use the cloud to store (properly encrypted) backup data. It is too difficult for most users to regularly back up their data, and if they do, most of the time the data is still stored in the same building. They would be out of luck In the event of a catastrophe that destroyed their local data. To prevent such a disaster.

I currently use Carbonite to back up my critical computers. It works silently in the background backing up and updating my data on their servers. There is no reason that a similar application could not be developed for a P2P cloud. That would not only protect your data from physical damage, but it would also give you a way to access it, even when you could not get access to your home computer. Ideally, we should develop techniques to distribute the information so it is scattered and replicated across multiple computers. Like RAID (cache) hard drive architectures, this highly distributed virtual storage should be designed to protect data even if some of the host drives are destroyed or off-line.

If we all agreed to donate one third to one half of our available disk space to a common pool, we could have our own P2P personal cloud. The cost would be minimal, requiring a modest investment up front for a faster computer and a little extra storage. An extra ½ terabyte of hard drive space costs about what Carbonite charges every year.

Your encrypted data would be split up into multiple chunks with enough redundancy to let it be restored even with missing parts, and stored in the common space of other perople’s computers. They would have no idea who was using their shared space, or what was being stored.

This P2P cloud will not only help preserve data, but will make it more available to you wherever you are. Client software on all of your computers and mobile devices could let you mount this data a virtual hard drive like Carbonite, Dumpster and other commercial services. This would show up like any other hard drive, just taking a little longer to open the files initially. The files would then be cached locally to improve response times, and synchronized with your cloud storage as it is changes.

Just as you would be able to download lost files from the cloud, you could also retrieve them when using other computers. For example, it may be possible to insert a secure flash drive in a public computer, set up your own virtual computer environment on that system, and download your current configuration, preferences, and needed data from the cloud.

Not only would this help protect data and provide remote data access, but a P2P based cloud could also provide extra processing power for big tasks as well as deliver software and services. This could be particularly useful for mobile devices. They could take advantage of underutilized processors in the P2P cloud to run heavy duty desktop applications like Star Office applications, CAD, and media editors. Managing this across shared P2P CPUs in such a way as to be relatively transparent to the user would require more carefully orchestrated services. However, it should be feasible even at today’s bandwidth and response times across LAN and high speed WiFi.

There is no reason we could not build a free P2P cloud for private use. It is technically feasible and philosophically appealing. It would save us money, ease concerns about giving big corporations access to our personal data, and give us much greater flexibility to use our data and our devices wherever we want for what we want. All we need is the will and a little starting impetus to get it going.

IT Assessments don’t have to be big cumbersome ordeals that take weeks, steal valuable time from project personnel, and generate small mountains of excess paperwork. Over the last few years it has become clear to me that almost any organization could profit from an independent risk assessment of all its IT projects and programs, if it could be done quickly, inexpensively, and with minimal impact on project personnel.

Virtually every medium to large organization today relies heavily on Information Technology (IT) to mange and conduct its internal business processes, disseminate and collect information from the public and its customers. They are simultaneously involved in multiple infrastructure operations, maintenance and improvement, software development, website development and system integration efforts. Only a very few of the most sophisticated IT companies manage and coordinate these effectively. The managers of most companies are vulnerable to unknown risks, uncoordinated efforts and inefficient use of IT resources.

When I was sitting on the corporate board at one of the world's largest IT Agencies doing budget reviews, I realized the decision makers didn't have reliable information on most of their programs. Sure, we knew something about the top few programs, but we knew almost nothing about the 100+ smaller projects. All we knew was from a line item in the budget and a few sentences in a briefing from someone several levels up their management chain. We had no idea if the program was sound or not, what the risks were, and whether it duplicated efforts in other projects. It was frustrating because I knew that with my experience in system R&D and operations all I needed was a chance to sit down with the program or project manager and technical lead. In a few hours I could get a pretty good feel for whether they were worthwhile or not, and identify their major risk areas.

It was clear to me that all most all senior managers desperately needed an independent assessment and advice of all the IT projects and programs in their organization. Unfortunately, the assessments, audits and reviews I had lived through as an IT manager were generally anything but useful. They almost invariably required a major paperwork drill to document processes and report on performance. Usually the guidelines and standards for them were developed, administered and evaluated by personnel that were process and systems management oriented. They seldom are executed by IT experts that really understood the technology, best practice methods, and the risks involved in Information Technology projects, or can help fit the process to the project and not shoehorn the project into the official process.

Most formal IT maturity, auditing and assessment models involve extensive documentation, rigid standards and significant manpower devoted to monitoring, assessing, detailed planning, reporting and documenting. This use of resources may be appropriate for huge multimillion dollar projects but they are almost always overkill for smaller projects. I could clearly see there needed to be a more efficient way to help managers understand and reduce the risks in all their programs and projects, not just the largest ones.

Shortly thereafter a friend of mine asked me for a favor. He wanted me to take a look at the system they were developing to manage the assembly line machinery he manufactured. I went over the details of the project with him and his programmer for an hour or so. It soon became clear they were making many of the common mistakes of a smart programmer working independently. I pointed out their strengths and weaknesses, and we talked about how they could improve their software architecture and development processes. By the end of the meeting they decided to bring on another programmer to help document and maintain the current system, formalize their CM and testing, and free up their developer to start work on the next generation. It showed me that, indeed, a comprehensive assessment by a seasoned expert could get to the core issues of a program in a single afternoon.

The results never came close to being worth the time and effort it took from the project team and the cost of the assessments themselves. They generally focused on getting the proper check boxes checked by producing the required paperwork. There was little consideration for the specific needs of the project, or any attempt to scale the effort to match the size of the project. There was almost no likelihood of management actually reading what we produced. I virtually never got any review or feedback from my management based on the content of the paperwork I had to produce. There was with little or no focus on whether the review actually benefited the program. I could get in trouble for not cooperating, but there was never anything of direct benefit to my project. What was need was a quick across the board look by one person or a small team that could provide useful guidance for the program, help it raise its problems and concerns to the senior management, and give an informed and unbiased assessment to corporate management.

Over the next few years I took advantage in my academic training in survey techniques to develop a fast, economical and effective approach to conducting those assessments (cache). Based on a comprehensive half day structured interview of the PM and Chief Engineer, this technique has been tested in over 100 assessments. It has been proven effective in identifying risks and helping programs reduce them. In the process we have helped our customers save millions of dollars by: 1) helping managers identify and mitigate risks, 2) identifying high risk programs that should be terminated, 3) revealing redundant efforts, and 4) identifying testing and development capabilities that could be developed once at the corporate level, instead of reinvented by each program.

I based these assessments on structured interviews that involved all major areas of program/project management across the entire life-cycle; covered by some 70+ questions. After the interviews, the program was rated as having high, medium or low risk in each of the questions. Seven major areas had at least one component question with 1/3 or more of interviews scoring moderate to high risk. These areas were:

1. Resources. This question was unique because the PM was allowed to identify the risks and suggest a risk score for them. Not surprisingly, 74% of the PMs felt at risk. More surprisingly, the most common shortages reported involved in-house personnel, either through the loss of key personnel or shortages of personnel with the required skills. Most managers felt they had adequate funding to deliver their product. Some of the more common complaints about funding shortages for were for transition costs, unfunded mandates (including documentation), costs caused by delays waiting for deliverables from external programs, and budgets for technical refresh in sustainment.

2. System Engineering Documents/Processes. Non-technical processes and their documentation were found to be incomplete or outdated in two thirds of the assessments. Larger mature programs had well established processes, but saw little value in updating documentation to reflect current Agency standards and requirements. Smaller programs cited lack of resources to formalize and document their processes.

3. Transition Management. Nearly two thirds of the assessments found little or inadequate planning for transitioning to operations early in the program life-cycle Programs nearing the end of development frequently (39%) did not have transition processes, documentation, contracts and funding in place to smooth transition. The receiving organization often did not have the capability (both training and resources) to provide the required support. Funding for technology refresh during sustainment was also common risk area. System retirement was often poorly planned and underfunded. As soon as a program was identified as being at end-of-life it was frequently viewed as a source of resources and stripped of critical personnel and funding before the transition to the successor program was complete.

4. Net Centricity/Service Orientation. Thin client web based systems have become more of the norm, but many systems were not being developed to readily share information with other web based applications. There was generally a lack of clear standards, standard development tools, transition road maps, design guidelines and, most of all, a corporate culture encouraging sharing information. Better standards and tools have developed in recent years, but this is still a stretch for government programs.

5. Testing & Performance Measurement. Common causes of risks in testing and QA included pressure to field quickly and inadequate funding for developing performance metric capabilities and end-to-end traffic simulation. Smaller programs often did not have adequate corporate resources to help with developing test pans, testbeds and traffic simulation. Many programs had not adequately identified performance goals and metrics, and lacked quantitative data to estimate server and bandwidth requirements to ensure adequate performance under operational traffic loads.

6. Customer Communications. Nearly half of the Assessments were found to have significant risks in this area. Customer communication mechanisms ad hoc, without planned and documented processes. While most had good communications with their sponsors and immediate customers, they had difficulty collaborating with broader user groups and stakeholders. Many managers realized collaborative websites would be useful for communicating with large user communities and coordination within the team. However, Agency policies and lack of available collaborative services made it difficult to establish collaborative capabilities.

7. Development Process Maturity. Common sources of risk involved:

• Requirements. Problems included a lack of formalized requirements, traceability between requirements and system design and documented requirements that were not specific enough to guide development. Some of the most critical risk areas were difficulties managing customer expectations and "requirements creep." This was most likely to occur when there was no formal requirements review process to triage new requirements, where no senior individual or group had legitimate authority to approve and disapprove requirements.
• Risk Identification and Management. Newer and smaller programs, in particular, often did not routinely assess risks and develop mitigation strategies as an ongoing activity.
• Documented Development Processes and System Design. These documents were frequently not available from contractors performing the work, making the development effort a "black box" to the government. In particular, adequate system documentation and architectures were not often available for Quality Assurance (QA) and to help ensure continuity in the event of changes of contractors or key personnel.
• Configuration Management. Formal CM processes were often neglected in smaller projects. This risked developing a poorly documented patchwork of capabilities and modifications that were difficult to troubleshoot and maintain. In many cases these problems were found when there were not standard corporate CM processes or tools for tracking requirements and change requests.
• Processes of external organizations. Corporate processes external to the program or project frequently hindered rapid fielding and development. Some of these included: time to fill vacant billets, time to staff critical documents through the approval chain, processes for transitioning the developed system to operations, and the time required to transfer funds and get them on contract.

While these issues were unfortunately common, there is hope. We had the opportunity to conduct follow-up assessments on a number of these programs after a year or more. The improvements were dramatic. Over two thirds of the initial assessments indicated high risk (having more than 20% of the questions judged as moderate to high risk). Bringing potential problems to the attention of the teams, their leaders, and corporate management helped reduce that number to just one in ten. A little extra attention to filling in the gaps in project management can go a long way!

The test covers PMI's Project Management Book of Knowledge (PMBOK). It does a pretty good job at summarizing and providing a framework for, best practices for managing a major project. However, there wasn't a lot of depth and little original thinking on specific topic areas. It would be best used for training aspiring or new project managers. Mid-to-senior level project managers that have the years of experience required for certification will find it a fairly easy, but commodious, review.

I got the certification to make sure I was keeping current and wasn't missing anything in my program assessments. It accomplished those goals, and I got a few useful take-aways. I liked their focus on requirements, Scope management, Risk Assessment and the comprehensive coverage of the field. I'll be applying them in my program/project assessments and training classes. If you are a PM looking for a job, you should consider getting certified. While there is a lot of discussion about whether PMP Certification is a valid measure of proficiency, it can be useful. Many employers are specifically looking for PMPs these days and the consensus is that it does help get your foot in the door.

PMP Certification - Information for Potential Candidates

It isn't too hard for an experienced PM to get certified. You can apply online and need to document 3 years (4,500 hours)of project leadership (without a BA you need 5 years) and 35 hours of PM training. The training does not have to specifically be a PMP prep course. I used college classes, government training and my PhD dissertation research. It took me a few hours to gather the information and fill out the online application.

Be sure to become a member of PMI before you pay for anything else. You get savings on the PMBOK (which you could read online, but you should really buy the hard copy) and the cost of the test that more than pay for the membership. My total cost (with the book and membership) was around $600.

I got selected for a random audit, and had to submit supporting documentation (photocopies of certificates are OK)for my education. That took an extra 4-5 days to get the audit review approved so I could schedule my test. I spent about 20 hours reading the book and taking notes, and another 30 or so consolidating my notes, studying and taking practice tests. I've been in this business for a long time, at all different levels. Preparation could take a lot longer (but probably be of more applied value)for someone with less experience. There are a number of free practice tests online. They can be a good way to identify weak areas.

Scheduling the test online was easy. There are a number of testing sites in my area, with several test times available three or four days a week. I just waited until I was fairly comfortable with the material and scheduled for a test the week before. If I had wanted to push it I could have completed the whole project in about 3 weeks.

The test itself was like the book, comprehensive, but not at too high a level of technical difficulty. Some of the online tests (like the one at the link above) were much harder that the real test. The problem is more remembering all the definitions, PM groups (5), PM Processes (9) and PM Activities (32). You have 4 hours to answer 200 multiple choice questions. 25 of the questions are trial questions for the next version of the test and don't count as part of your score. If you run into one that you have no clue about, hopefully it will be one of them.

Take the option to see the intro presentation. It only takes about 5 minutes to do, and they give you 12 or so. I used the time to jot down the PM groups, processes, and activities, and any EVM (Earned Value Management) or other formulas I could think of, so I wouldn't waste time thinking about them during the test. I took one brief break. You can take them at any time, but the clock gets running. It's not published, but the rumor is that passing is around 60%.The good news is they tell you at the end of the test if you passed, and give you a printout. Your are considered certified as soon as you get a Pass on the test. If you do, congratulations, you are certified for 3 years. During that time you have to get credit for some continuing education activities to maintain your accreditation.

I just updated my Virtual Portfolio to include my PMP certification. If you haven't seen a VisualCV virtual portfolio before, it's worth a quick look. They are free(!) and have a lot more impact than a standard resume Again, you can see mine at VisualCV.com. (cache)

The test covers PMI's Project Management Book of Knowledge (PMBOK). It does a pretty good job at summarizing and providing a framework for, best practices for managing a major project. However, there wasn't a lot of depth and little original thinking on specific topic areas. It would be best used for training aspiring or new project managers. Mid-to-senior level project managers that have the years of experience required for certification will find it a fairly easy, but commodious, review.

I got the certification to make sure I was keeping current and wasn't missing anything in my program assessments. It accomplished those goals and I got a few useful take-aways. I liked their focus on Requirements, Scope management, Risk Assessment and the comprehensive coverage of the field. I'll be applying them in my program/project assessments and training classes.

If you are a PM looking for a job, you should consider getting certified. While there is a lot of discussion about whether PMP Certification is a valid measure of proficiency, it can be useful. Many employers are specifically looking for PMPs these days and the consensus is that it does help get your foot in the door.

It isn't too hard for an experienced PM to get certified. I applied online and needed to document 3 years (4,500 hours)of project leadership (without a BA you need 5 years) and 35 hours of PM training. The training does not have be a PMP prep course or anything related to PMI. I used college classes (organizational psychology and Dissertation Research for my thesis on Worker Motivation) and government contracting and leadership training.

Calculating all hours spent on all the different PM activities was a little complicated. I finally wrote a spreadsheet that used the Percent of time I spent on the Project, PM Processes, and Activities to calculate the hours spent on each. (Here is a similar PMP Project Hours Worksheet (cache) one of my readers sent me). It took me a few hours to gather the information and fill out the online application.

Next, Getting Ready for the Test

PMP Certification - Getting Ready for the Test

Be sure to become a member of PMI before you pay for anything else. You get savings on the PMBOK. (which you could read online, but you should really buy the hard copy) and the cost of the test that more than pay for the membership. PMI also has a surprisingly extensive online library available to members. My total cost (with the test, book and membership) was around $600.You have to pay for the Test before you can apply for the certificate.

I got selected for a random audit, and had to submit supporting documentation (photocopies of certificates are OK)for my education. That took an extra 4-5 days to get the audit review approved so I could schedule my test. I spent about 20 hours reading the book and taking notes, and another 30 or so consolidating my notes, studying and taking practice tests. I've been in this business for a long time; at all different levels. Preparation could take a lot longer (but probably be of more applied value)for someone with less experience.

There was a discussion on LinkedIn about whether Classroom or Online classes were better. Whether you need classes really depends upon your current level of expertise. Take a look at the PMBOK. If most of it is new to you, go to the classroom. If most of it is familiar, but some areas are new, an online class probably will suffice. If you are a relatively experienced PM then you can skip the classroom, and study on your own. The online library at PMI has a lot of good reference materials on specific technical areas (like EVA and Critical Path Analysis). Given my experience I decided not to take any PMP classes.

However, everyone should use online tests. They are a great way to identify weak areas and focus your studies. There are a number of free practice tests online.

To study for the test I:

1. Read through the PMBOK, highlighting key definitions and concepts and flagging pages I wanted to review more thoroughly.
2. Read through a PMP summary review article I had found on line, and took extensive notes on it and flagged areas for review.
3. Read back through the pages I had flagged in the PMBOK and made sure my notes covered that material.
4. Took a couple of sample tests and analyzed my mistakes to find areas for more review.
5. Made a series of flash cards for anything I still needed to memorize: definitions, formulas, The 5 PM Groups, 9 PM Processes and the Activities for each process(32 in all). I studied these until I had them memorized. You can find sets of review flash cards for sale on the Net, but they will mean more to you if you make them yourself.

Next, Taking the Test

PMP Certification - Taking the test

Scheduling the test online was easy. There are a number of testing sites in my area, with several test times available three or four days a week. I just waited until I was fairly comfortable with the material and scheduled for a test the next week. If I had wanted to push it I could have completed the whole process in about 3 weeks.

The test itself was like the book; comprehensive, but not at too high a level of technical difficulty. Some of the online tests (like the one at the link above) were much harder that the real test. The problem is more remembering all the definitions, PM groups (5), PM Processes (9) and PM Activities (32). You have 4 hours to answer 200 multiple choice questions. 25 of the questions are trial questions for the next version of the test and don't count as part of your score. If you run into one that you have no clue about, hopefully it will be one of them.

Take the option to see the Intro presentation. It only takes about 5 minutes to do, and they give you 12 or so. I used the time to jot down the PM groups, processes, and activities and any Earned Value Management EVM or other formulas I could think of, so I wouldn't waste time thinking about them during the test. I took one brief break. You can take them at any time, but the clock keeps running. It's not published, but the rumor is that passing is around 60%.The good news is they tell you at the end of the test if you passed, and give you a printout.

Your are considered certified as soon as you get a Pass on the test. If you do, congratulations, you are certified for 3 years. During that time you have to get credit for 60 professional development units (PDUs, which roughly equals a class hour)to maintain your certification. There are enough ways to get PDUs that it shouldn't be too hard for most PMPs. I can get mine by writing some articles and finishing my book on Program Management,which which I was planning on doing anyway.

I just updated my Virtual Portfolio to include my PMP certification. If you haven't seen a VisualCV virtual portfolio before, it's worth a quick look. They are free(!) and have a lot more impact than a standard resume. You can see mine at VisualCV.com/archerm (cache).

Good Luck!

Facial Capture Neytiri Avatar

Like the "Jazz Singer," the first major full length film with sound, Avatar is a total game changer. The first time I saw it, all I could think of was how it marked a turning point for the film industry. Before long any actor may be able to appear in any body they need and expensive location filming will move to the sound lot and processing cloud. But somehow it seemed to me that the change was even more fundamental.

It took me two more times seeing the movie before I realized that it wouldn't just change the films, but will revolutionize the way we interact each other and the world around us. In the mid 90s I worked on a project to use 3D and VR (Virtual Reality) technology to create a Virtual Command Center. It offered a great way to integrate the presentation of information, with a shared sand table in the center, and various real time data displays on the surrounding walls. Avatars of the command team members from different locations could stand around the table and work together interactively. For its time, it was visually quite impressive; but it soon became clear that it had a critical flaw.}

The users complained the virtual command center couldn't replace face to face meetings. They needed to see each other in real time. They felt they couldn't adequately communicate without being able to seethe nuances of facial expressions, gestures and posture. It was obviously far beyond the capabilities of the current technology, and the project was soon abandoned. For the next 15 years the only alternative to face-to-face meetings were video teleconferences and webcams that lack the intimacy and realism of a shared 3 dimensional environment.

When I made the connection between these new Avatars and our Virtual Command Center I realized that the major impact of the performance capture technology was not in films. It isnt even in the Avatars in the 3rd person online games, although these will become amazing. The future is the social media; in particular in its impact on first person online collaboration and communications. It can enable people to come together in an immersive, information rich, virtual environment. Users will be able to observe this environment as if though their own eyes, as they are sitting or standing among the other participants.

There is a confluence of technologies of technologies that may make this possible in the very near future. These include broadband internet, facial and gesture recognition software, multi-cored GPUs (Graphical Processing Units), 3D capable digital TVs and monitors and cloud computing. A simple high definition web camera can capture motions and gestures of participants seated at their desktops. Facial recognition software can identify the key points on the face, shoulders and arms and map them to 3D models. For each user these coordinates of the key points in the models can be passed to the 3D environment models and renderers in a service cloud. The gestures could be used to track the users point of view and as input devices for manipulating the virtual environment. They, in turn can send either stream custom user point-of-view (POV) video to each user or send model data points to graphics renderers in the users computers.

This isn't just a pipe dream. The technical pieces are falling into place and commercial applications may only be a two or three years away. It may be even sooner for some critical big budget applications. The pornographers probably won't be far behind. Social websites like YouTube and FaceBook may take a little longer if a new generation of graphics hardware is needed on the client computers.

It won't be long before "I see you" in our own virtual world.

I'll be the one looking like Errol Flynn.

Thanks

Haiti Earthquake

The social media are starting to play a major role, multiple web fora sprang up, the media and different relief agencies have unsearchable databases. Unfortunately, these are all working independently and not sharing information. There is no central clearinghouse for the information and searchers must stumble from site to site, much like the Tsunami survivors wandered from bulletin board to bulletin board. There needs to be a non-profit open source effort to really bring IT's potential to help communications into play.

At first thought it will need to be able to get information into and out of all possible communication modes including voice,video, text, email and social media. It needs to be able to consolidate victim It should help identify and locate survivors and the dead. Facial recognition software could help match photos from searchers and victims. I think a site that mashes up the date from all these sources, coupled with facial recognition software, would be a valuable resource for dealing with future disasters. I would be willing to start an open source based .org web site to work on developing such a capability if I get any positive feedback. I'd also like inputs on how social media, the Web2 and IT in general could help and thoughts on requirements for a disaster communications website.

Please let me know what you think