Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed
Add to Google

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Understanding RSS
Digital ID Policies
Understanding VoIP
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Friends

Mike Jones
Chuck Knutson
Kristen Knight

Copyright

Copyright © 2002-2006 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« July 08, 2003 | Main | July 10, 2003 »

July 09, 2003

Aleksey Sanin: XMl Security Standards in the Real World

Aleksey Sanin is talking about How to Use XML Security Standards in the Real World. He's going to speak on W3C XML Security specifications, the XML security library, and practical tips for XML security.

XML security specifications provide fine grained security for XML documents. XML Canonicalization (is that a word) provides a way to create a single XML document in the face of ambiguous XML formatting. For example, attribute order doesn't matter in XML, but it does if you're going to check signatures. Aleksey recommends the Exclusive C14N algorithm. The XML digital signature standard defines the schema for aggregating the signature algorithm name, the signed information, the signature value, and the key information in an XML structure that can be embedded in other XML documents (like SOAP headers). The XML Encryption standard aggregates the encryption algorithm name and reference, the key information, the cipher data (i.e. the encrypted data) and the encryption properties.

Aleksey has written a toolkit called XML Security Library that implements these standards in C and C++. There are other libraries from Microsoft, Apache, Baltimore Technologies, IBM, and Phaos Technology Corp. XML Security Library is open source. XML Security Library can support OpenSSL, GnuTLS, NSS, and practically any cryptographic library.

Aleksey offers some tips for using XMl security:

  • Check what was actually signed
  • Limit the allowed digest, signature, encryption and transform algorithms
  • Limit key sources
  • Check URLs and other references

06:05 PM | Recommend This | Print This

Simon St. Laurent: Office XML Formats

Simon St. Laurent is talking about the XML formats for XML. Simon is clearly excited by the advent of XML formats for Office even though he's not known as a Microsoft Fan. He cites Internet Explorer's lax support for XML as a sign that Microsoft, advertising notwithstanding, has not always been the biggest supporter of XML. The last six months have shown that Microsoft only plans to fully support XML (at least with InfoPath [nee XDocs]) in the Enterprise edition.

Word has a format called WordML. In the professional edition, you get a set of tools for editing XML documents using your own vocabulary. I was most excited about this from an enterprise standpoint, but I'm disappointed that its only available in the Enterprise edition. Simon further states that this isn't as easy as it might be, so maybe its just as well.

Excel supports SpreadsheetML. Powerpoint has not XML format. Simon says (to a big laugh) that the PowerPoint team works in California and wasn't at lunch when they all discussed the XML support. Access will support XML schema and XSLT. Frontpage will be used to generate XSLT. InfoPath is a new Office component for building and using XML based forms.

A basic knowledge of WordML is necessary to create Word XML solutions in other flavors. If users save as XML, then the resulting documents can be processed as XML outside of Word. Word's XSLT support creates a method for inserting your own vocabulary into WordML documents. When they're saved, its possible to just see data in your own XML vocabulary. This should give Adobe a run for their money on these same features.

Simon creates and then saves a Word document to show us the XML. Its pretty complex. The document is also verbose because all of the style information, meta information, and formatting information is contained inside the XML. Simon points out some odd formatting issues with WordML, but says that at least its consistent. It may not be pretty or as well designed as it could be, but its always the same and that makes it usable. Images as encoded inline as base64 strings. Unfortunately, embedded spreadsheets are treated the same way, rather than including the relevant SpreadsheetML tags.

Users can specify XSLT transforms as hooks on import and export functionality so that opening and saving documents runs them through the XSLT transform.

Excel lets you separate the spreadsheet data from the spreadsheet logic so that you can get the data as XML without all the spreadsheet information. Simon does the same thing with SpreadsheetML that he did with Word: create a document in Excel and then show us the XML. The XML in SpreadhseetML is cleaner than WordML. The formula cells have both the formula and the current value given the spreadsheet contents. That's nice for just grabbing the data. He demonstrates how you can transfer a schema to the spreadsheet by dragging and dropping and then read in an XML file that meets the schema and see the data populate the spreadsheet.

Simon calls InfoPath a "bold endeavor." InfoPath is a stronger tool for both intranet web and SOAP-based web services than HTML forms. InfoPath seems most compelling as a human-readable Web service interface. InfoPath is Javascript, CSS, and other open tools, but its been extended to the point that they're no longer open.

Simon finishes by talking a bit about OpenOffice. OpenOffice XML formats have gone through OASIS and so are more open. They also have a mark-up designed for a variety of uses. There's no support, yet, for custom XML formats. Both Microsoft and OpenOffice are using XMl to connect their applications to a wider world. Apple, with Keynote, is doing the same thing. This could be the beginning of the end of the desktop island. The harder barriers to break down will be the mindset of users and IT staff.

04:00 PM | Recommend This | Print This

Slashdot on Open Source

A few interesting posts from Slashdot today:

01:37 PM | Recommend This | Print This

Andy McKay: Introduction to Plone

AndyÊMcKay from Agmweb Consulting is giving an Introduction to Plone. Plone is an open source content managment system built on CMF and Zope, which I've always thought of as an open source content management tool. Actually, Zope likes to think of itself as application server for content.

Plone is a bundling of products: External Editor, Photo, Collector, and Wiki from Zope and PIL, ReportLab, Win32Extension from Python. Plone, like any good CMS separates the logic, presentation (CSS), and content. As an example, a "printable" view of a page is just a CSS change. There are built-in content types for documents, news items, events, etc. Content types are used for creating new documents. They appear to be template types. The underlying architecture provides user registration, a search engine (ZCatalog), workflow, and support for protocols like HTTP, WebDAV, FTP, XML-RPC, etc. The workflow is unusual as far as open source CMS systems go. This separates the configuration of security, events, approvals, and so on from the content. For example, press releases could go to a certain user for approval before they're put on the site.

Andy is discussing a feature called ArchTypes, a feature to be released in Plone 1.2. Archtypes allows users to easily create new content types using UML. A generator converts the UML into a new type. He gave a demo where he created a new content type for Products using UML and then inside Plone, the page for creating the product (field names, etc.) is available for use.

There will be a Plone conference in New Orleans on Oct 15-17. The slides for this talk are available online.

12:52 PM | Recommend This | Print This

Ward Cunningham and Brian Ingerson: The FIT Framework

I was going to attend AyeshaÊMalik's (Object Machines) talk on Best Practices for XML Schemas, but Ayesha didn't show. As an alternative, I decided on Ward Cunningham's talk on Framework for Integrated Tests of fit. I'm glad I did.

Fit, is a methodology for creating tests for software modules that uses an HTML front end and a simple table format for creating tests. An automated backend uses these HTML pages to drive the code and report success or failure. The benefit to this is that business people or customers can define and read the tests according to what they think the proper function should be. With some coaxing and some samples, the customer can define the test cases.

Fixture is then defined to read the rows and columns that the customer thinks is important. Column fixtures are for logic, action fixtures are for interaction (buttons on the rows) and row fixtures are for databases. Fixtures are responsible for type conversion. Ward actually develops code in the fixtures (where its easily changed) and then transfers it to the right place when its mostly right. Of course, the fixture then calls the code in the right place and tests that.

Implementations are available in Java, C++, Delphi, Perl, Python, Ruby, CLOS, Scheme, and Smalltalk. There's a Ant integration project called AntFit.

Brian Ingerson has taken over and it talking about how fit can be used in open source projects. Brian has implemented a Fit modules for Perl called Test::FIT. Brian puts Fit tests for YAML (a data serialization module Brian developed) on a Wiki so that anyone can add tests. That's a neat idea. Brian runs a kwiki (that's not a typo) in every module directory and uses Fit tests for documentation and notes. Brian's module integrates the Fit methodology with the standard Perl module testing framework.

Brian has started FreePAN, a CPAN-like module directory for open languages. The vision is that the same modules would be implemented in each lanaguage and Fit would serve as the specification language.

12:27 PM | Recommend This | Print This

Tim O'Reilly's Keynote: Open Source Paradigm Shifts

Tim's talking about paradigm shifts. He makes the point that software makers no longer tied to hardware. IBM gave that right to Microsoft and created a the biggest powerhouse in the computer world.

Open architecture inevitably leads to commodity software But open architectures can contain proprietary components: viz. Intel Inside, Cisco Tim sees some trends:

  1. Commoditization of software
  2. user-Customizable systems and architectures
  3. network-enabled Collaboration

Open source promotes competition and dives down margins

  • linux on intel gives 10x savings
  • Apache means web serving is not a revenue opportunity
  • MySQL threatens to do the same thing for databases (there's a Wall Street Journal article about this today)

cover Proprietary alternative must become free (as in beer) to compete. They will usually bundled with added value components. Plug compatible software has become the norm. eBay has switched from Linux to Microsoft and now (that IBM has the account) will probably go back to Linux.

Commodity components provide platforms and infrastructure on which addition software is built "for-use" in delivering services, not for sale (see Eric Raymond's book on the " The Cathedral and the Bazaar" for more on this).

cover Internet-era applications are updated daily, not yearly. This is why the P in LAMP matters so much. Dynamic languages form the glue for bringing software components and information together to build Internet interfaces. Open source has its roots in USENET and code sharing that was enabled by networks. Gives rise to the "Adhocracy" (See Cory Doctorow's " Down and Out in the Magic Kingdom" Users help build the application (more from Eric Raymond).

With a large enough development organization, OSS-berhavior emerges. He gives the example of Microsoft's ASP.net.

Tim recommends reading the essay: Listening to Napster by Clay Shirky. (Chapter 2 of Peer-to-Peer : Harnessing the Power of Disruptive Technologies) Clay outlines three ways to build something large:

cover
  • slaves
  • pay people
  • self interest (volunteers)

Napster was built so that individual self interest built a centralized directory. Google page rank depends on millions of independent linkers via the Page Rank algorithm. More people have "contributed" to Amazon than to Linux.

Tim talks about commodity software business models. Two of the most interesting are new platforms (e.g. web services, digital identity, location, search, etc.) and aggregating content for sale by the subscription, not the piece He gives the example of cable television subscriptions which are more successful than pay-per-view. People like large package of stuff.

Not just "professional services" but services delivered to end users. The ISP industry is a subscription-based access to open source software. UUNet is the greatest open source business success to date. BIND is a monopoly in disguise. Sendmail and Apache are not about software sales, they're about email and web hosting. Google, Paypal, Amazon, et. al. are the next step on the path to a services-based software economy.

Tim believe we're building an Internet operating system.

  • p2p and ad hoc networking
  • wireless
  • social software
  • cell phones
  • pervasive computing
  • grid and on-demand computing

Give customers increased opportunity for customization with plug replaceable standards compliant components, extensible architecture, and scripting support. Look for hidden services business models. Leverage collaborative development and processes and participatory interfaces. Watch the Alpha Geeks. New technologies are first exploited by hackers, then entrepreneurs, then platform players. For example, screen scraping predicted Web services.

10:45 AM | Recommend This | Print This