Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed
Add to Google

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Understanding RSS
Digital ID Policies
Understanding VoIP
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Friends

Mike Jones
Chuck Knutson
Kristen Knight

Copyright

Copyright © 2002-2006 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« April 2005 | Main | June 2005 »

May 31, 2005

Netcraft's Anti-Phishing Toolbar

Firefox anti-phishing toolbar

Netcraft has released a version of their anti-phishing toolbar for Firefox. The toolbar ranks web sites based on a number of factors including age and reports of abuse and displays a "risk bar." I installed it last week and was gleefully anticipating a phishing email to test it out. Naturally, my wait wasn't long. Clicking on the link in the mail took me to a warning dialog box warning me that the site might be a phishing site and asking if I wanted to continue. I declined and was taken to a Netcraft splash page.

I'll probably uninstall it since I'm not all that worried about falling for a phishing scam, but I might install it on my Mom's browser.

8:07 PM | Comments () | Recommend This | Print This

What AJAX Doesn't Do

Rohit Khare has an analysis at InfoWorld about the problem AJAX doesn't solve: pushing data from the server to the client. AJAX is strictly one-way, pulling data with XMLHttpRequest. Rohit ought to know--he founded KnowNow, a company that makes its living enabling server push to the thin-client. I reviewed LiveServer a few months ago. Says Rohit:

The rapid spread of the term AJAX (asynchronous JavaScript and XML) -- from Weblog to Wall Street Journal within weeks! -- might lead developers to assume it’s a breakthrough that heralds the death of desktop applications. There’s certainly a kernel of truth in that: The recent spate of new Web applications under the AJAX banner have redefined end-users’ expectation of what’s even possible within a Web browser by offering smooth scrolling, incremental updates, and more responsive input forms.
...
The clear benefits of migrating desktop applications to the Web in terms of maintenance, security, and scalability must be weighed against the costs of slower response times, limited interactivity, and less-than-beautiful graphical interfaces. With AJAX, push technology, and the ubiquitous plug-ins for PDF and Flash, the Web is closer than ever to becoming a viable default platform for application development.
From What's next after AJAX? | InfoWorld | Analysis | 2005-05-23 | By Rohit Khare
Referenced Tue May 31 2005 08:35:14 GMT-0600 (MDT)

8:29 AM | Comments (2) | Recommend This | Print This

May 27, 2005

Fun With Mach-Style Dynamic Libraries and Xerces

I've had a student working on creating a Scheme interface for Berkeley DbXml for the last few weeks. He left for an internship at Microsoft last week and so I thought I'd pick up where he left off, normalize the naming, and so on. One of the things I wanted to do was to port his work to OS X since it's my development platform of choice. Consequently, yesterday, I downloaded the latest copy of DbXml to my PowerBook and stated the build.

We've been using DbXml in my lab for a while and my students have been frustrated with build problems, particularly on the Perl wrappers. We could get it to build (sometimes) on Redhat, but not Fedora, for example. I ran into the same problems on OS X, but not to worry, I didn't need the Perl wrappers, so when they failed their test, I just moved on. Alert readers will discern that this will play into the story later.

I grabbed Mike's files and started playing. Mike's code creates a set of wrapper functions for the DbXml C++ interface and then links those, together with all the libraries for DbXml, into a single library that the Scheme foreign function interface can call. I played with the naming and redid the build so that it used the MzScheme mzc program since that helps normalize some of the build for specific platforms. I ran into some problems, but no more than I usually expect when porting something.

An couple hours into it, however, I was sure I'd done everything I could and still, when I'd fire it up, it complained that it couldn't find functions that should have been linked into the library. I relinked, read the documentation for gcc, and pulled my hair out for a good long while. I solved a couple small problems, but nothing I did put a dent in the primary problem of not being able to find some functions in the library I'd created.

Finally, primarily because I was googling anything I could think of, I ran across this page on creating working dynamic libraries on OS X. It suggested that sometimes dynamic libraries are created that don't contain the full path information of the included libraries and thus they can't be found. On OS X, there is a tool, called otool, that you can use to display the table of contents for a dynamic library (among other things). Sure enough, when I looked at my library, the Xerces library was the only one without full path information. There's another handy tool called install_name_tool that you can use to correct this problem. Once I did, the code ran just like it was meant to.

Here's where we get back to the Perl problems. Perl built fine, but wouldn't run. Tonight I got to thinking that it was likely the same problem. Sure enough, running otool on the Perl bundle (Perl's name for the dynamic library) revealed that Xerces didn't have full path information in the bundle. I fixed the bundle and the Perl wrapper for DbXml ran without a hitch. A simple 60 second job, once you know what to do.

The underlying problem is that the Xerces library doesn't use the GNU libtool script (with the --install_name flag) to install the library. Instead, it uses its own install-sh script and this apparently needs a little work. Consequently, the Xerces library doesn't know where it's at and thus can't give the linker that information when it's linked into another library. So anything that includes the Xerces library (at least on OS X) will exhibit this problem. Nice, huh?

9:13 PM | Comments () | Recommend This | Print This

Moving to OS X

Winn Schwartau, a columnist for Network World, writes about moving his entire company from Windows to OS X. Why? Security.

3:16 PM | Comments () | Recommend This | Print This

CTO Breakfast Report

Today's CTO Breakfast was well attended and, as usual, there were a few new faces and some great conversation. Some of the topics we discused include:

  • The state of the UTOPIA network build-out in Orem
  • Programming languages, natural languages, libraries, and complexity in software
  • Educating programmers, scientists, and engineers

Be sure to put next month's date (Jun 17th) on your calendar and plan on coming (I'm talking to you, Nate and Steve).

Update: Here is Richard Miller's take on the breakfast.

And here is Scott Lemon's.

2:28 PM | Comments () | Recommend This | Print This

May 25, 2005

Great Lunches

I've had a couple of interesting lunches the last few days. Monday, I had lunch with Jae-Myung Lee from the People's Solidarity for Participatory Democracy in South Korea. He was here on a State Department sponsored visit to discuss transparency and accountability with various people in the US. We talked a great deal about blogging. He didn't speak much English and had an interpreter with him, which hampered the conversation somewhat, but it was still worthwhile.

Today, I was at the vSpring v|100 luncheon. That's a great networking event because many of Utah's top entrepreneurs are there. I caught up with some old friends and met several new people as well. Governor Huntsman spoke and delivered the standard stump speech on economic development. I don't mean that disparagingly, there are some good ideas there. I liked that he said "government doesn't create jobs--business creates jobs." The most government can do is to try to reduce the friction that they generate where possible.

Update: Story on Gov. Huntsman's speech in the Deseret News.

9:42 PM | Comments () | Recommend This | Print This

Beyond Relational Databases

Think the last word has been written on databases? Think again. This ACM Queue article summarizes current trends and opportunities.

9:17 PM | Comments () | Recommend This | Print This

AJAX Spellchecker

Here's a slick little AJAX spell checker. Give it a try.

8:40 PM | Comments () | Recommend This | Print This

May 24, 2005

InfoWorld Reviews XML Databases

InfoWorld has a review of Apache's Xindice and Berkeley DB XML.

3:06 PM | Comments () | Recommend This | Print This

May 23, 2005

Does the IT Department Matter?

Does the IT Department matter anymore? What with outsourcing, offshoring, and ASPs like Salesforce.com will it be too long before the IT department consists of nothing but the CIO and some purchasing agents? In theory, you could get rid of everything but the value innovation piece along with support functions like financial management and standards. I'm not sure I'd be ready to try just yet, but there are braver souls than I.

8:44 PM | Comments (4) | Recommend This | Print This

Drinking the Kool-Aid

I just listened to an interview of Scott Cook by Larry Magid at IT Conversations. Scott is the founder, chairman, and former CEO of Intuit. The most apparent thing to me in the interview was how good Scott is at staying on message. He must have been a great CEO, at least from the standpoint of PR and investor relations. Don't get me wrong--I don't think it was at all insincere. To the contrary, I think he is effective because he has drunk the Intuit Kool-Aid. Listen to it and you'll see what I mean.

1:55 PM | Comments (2) | Recommend This | Print This

CTO Breakfast on Friday

It's time for another CTO Breakfast. We'll be meeting in the usual place (food court at Canyon Park Technology Center) this Friday at 8am.

In June, I've moved the CTO Breakfast from the 24th to the 17th to accommodate UITA's Utah County event that was scheduled for the same place at the same time. Also, mark July 29 and August 26 on your calendars.

If you've never attended, the breakfast is an informal discussion of technology, with a particular interest in product development and other CTO issues. CTOs, future CTOs, product managers and anyone else interested in technology are welcome. Also, feel free to invite your co-workers and friends.

I'm looking forward to seeing all of you on Friday.

10:41 AM | Comments () | Recommend This | Print This

David McCullough: 1776

On the way home from New York last week, I picked up 1776 by David McCullough. I love Colonial and Revolutionary War history and have always enjoyed McCullough's other books, so this was an exciting find.

1776 is a history of the first year or so, of the Revolutionary War and while it's not exclusively about George Washington by any means, he is the central character in the book. Congress, the Declaration of Independence, and other notable events are dealt with peripherally as they affected the young American Army and its commanders.

The biggest lesson to draw from the first year is "don't give up." There were a few ups for the American Army, but many more disappointments and it's easy to see how many would have thought that there was no hope, but Washington and his generals persevered and finished the year with a mostly symbolic, but vitally important victory at Trenton, NJ.

I hope that McCullough is going to write more about this story. He's an excellent writer of history, making the subject seem fresh and exciting. This is a book worth putting on your summer reading list.

7:39 AM | Comments () | Recommend This | Print This

May 20, 2005

About InfoCard

Missing Digital ID World last week also meant that I missed the coming out party for Microsoft's proposal on digital identity: InfoCard. InfoCard is an identity metasystem, designed to build identity systems on top of. InfoCard is Kim Cameron's baby and his blog has been the center of much discussion regarding what he calls the laws of digital identity. Here's some reference material on InfoCard:

10:46 AM | Comments () | Recommend This | Print This

May 19, 2005

The Continuing March of Dynamic Languages

Oracle announced Zend yesterday, an integration of PHP with their Oracle 10g database. If I were starting a small Web-based business today, I wouldn't even consider Java. I'd stick with a dynamic language like PHP, Perl, Python, or (gasp) Scheme.

On Scheme, I don't think it was possible to use it in production Web systems even four years ago without significant work. I think its possible now. Much of what I've been playing around with for the last few months has been aimed at determining whether I'd use Scheme for a production Web system and I'm almost there. Right now, I'm playing with integrating dbXml (from Sleepycat) into mzscheme and build a SOAP client library.

Why Scheme? Because I've never been a fan of Common LISP, but happen to believe that LISP offers significantly more abstractive power than other programming languages. You may not agree. In fact, if I'm right, I hope you don't since that gives me a competitive advantage. :-)

3:26 PM | Comments (6) | Recommend This | Print This

May 18, 2005

AdSense: Now Available in Feeds

Google has announced the public beta of Google AdSense for RSS feeds. The idea is simple. Just as some blogs had Google ads, now their feeds can too. Some will decry this as the end of all that's right and proper. I agree with Steve Gillmor, the market will decide.

7:00 PM | Comments () | Recommend This | Print This

SOA Case Studies

One of the things that InfoWorld discovered doing the two SOA Executive Forums that I participated in was that people have a huge appetite for case studies. It seems that people need to see how others are using Web services in order to get their creative juices flowing. A few weeks ago InfoWorld did a special issue with a handful of SOA case studies. Its worth reading.

6:47 PM | Comments (1) | Recommend This | Print This

Meeting Wizard

While I was in New York, Jon Udell mentioned Meeting Wizard to me. Meeting Wizard is a simple Web site that allows you to coordinate setting up meeting times. I've already used it to schedule a real meeting and it seems like its going to save a lot of email coordination. I'd like some things like RSS feeds and support for iCalendar format added, but still its pretty nice.

6:27 PM | Comments () | Recommend This | Print This

May 17, 2005

SOA Forum: CTO Reality Check

Chad Dickerson is moderating a panel called "CTO Reality Check." The panelists are:

  • Usman Rabbani, Pfizer
  • Rich Erickson, Technical Consultant, AT&T
  • Marc Saffer, CIO, The Columbia House Company

What's different about SOA from CORBA, DCOM, OOP, etc.? Global scale and infrastructure (HTTP) makes a difference. Web services are much simpler than CORBA. Loose coupling as well as platform and language independence make Web services more interoperable.

AT&T Strategy: create inventory of services within different domains (say, sales and marketing). Build a target services roadmap from the result and then start implementing the services on the roadmap. Many of the consultants they've brought in have said AT&T was ahead of them, so they've taken to doing much of it themselves.

Pfizer (in a decentralized IT environment) uses a pool of funds to incent groups to build out strategic services. One example was an approval workflow system that overlays each of the approval systems in the company. Now people have one interface for all of their approvals, including batch approvals. This app served as a catalyst for other applications as people saw the way it worked. Other applications that need to integrate approvals also use the system as a common interface.

Columbia House has created services for address normalization and recommendations. These services are used by the Web site, the IVR system, and the sales agents.

If you've got an SOA and you can't identify the services, you've got problems. Yet, some people try to claim what they're doing is SOA without being able to articulate the services. One of the key artifacts of the architecture is a services inventory including, taxonomy, descriptions, and names.

Columbia House started with an enterprise architecture team that developed a set of principles for their Web services strategy. The enterprise architecture team and its work have been built into the governance. They brought in BEA to give them some primers (since they were a Weblogic customer) and have hired consultants to help get them off the ground.

AT&T set up an integration competency center that provides data to AT&T developers on toolkit functionality and interoperability. Not many companies have the resources to do that.

Early implementation led to some problems. One example: exception handling is needed in the orchestration layer. Success can be a problem. Columbia House's pricing engine was so useful that the service became saturated.

2:06 PM | Comments () | Recommend This | Print This

SOA Executive Forum (East)

I'm at the East Coast version of InfoWorld's SOA Executive Forum in NY. My panel on services and contracts went well this morning--better than last time, I think. Part of that was the panel having some idea what was coming, but most of it, I think was the audience. We got some great questions that drove the discussion in interesting ways. That's probably my fault for not encouraging enough audience questions at the West Coast event.

I'm in the panel on opportunities and challenges for the agile enterprise at the moment. Jon Udell is moderating. The panelists are:

  • Bruce Graham, VP, WW Professional Services, BEA Systems, Inc.
  • Dr. John Halamka, CIO, Harvard Medical School
  • Rohit Khare, Research Director, CommerceNet Labs
  • Jim Culbert, CTO, Metratech
  • Patrick Gannon, President, OASIS

How does building greenfield services differ from wrapping a legacy application. One key difference is the ability to think about the data model. Since data outlives code, getting the design correct from the start is important. Think about data recycling and always return XML.

Prepare for implicit invocation, not just explicit invocation. Don't write applications with he assumption that you know who will be calling you and you don't know what state the application is in when its called.

Business intelligence flies around the enterprise in email. Process isn't expressed explicitly, let alone in an executable way. Moreover, enterprise-critical data lives in Excel on direct attached disks. Email represents a system for rapidly prototyping business processes. We need better gateways for automatically processing email. All of this represents a challenge to building Web services.

Health flexible savings accounts represent a place where multiple industries have to come together (banks, insurance, health care providers). We've seen vertical, industry specific XML definitions that are incompatible, even within the specifications that exist now.

For Harvard Medical School, "the web is the way" because of privacy concerns regarding data. They discourage the use of Excel and files on direct attached disk.

Policies still have to be deployed on each system at a time. Auditing can be centralized through well-defined auditing objects that all application must understand and use. This is equally applicable whether the goal is SOX or HIPAA compliance. Intermediation is a necessity not a luxury.

Standards are evolving, but many have reached plateau points. Standards get extended to meet specific user's needs. Interoperability can come through intermediaries that translate in between various standards.

Dashboards are more than just pouring data into pretty pixels on the screen. Dashboards need intelligence in the fabric that does analysis in real time: continuous query systems, stream processing systems, etc. This goes the other direction as well: translate customer preference information into specific action: for example, translate hotel chain customer preferences for room temperature into turning down the thermometer in the room two hours before expected arrival.

One of the key features of Web services is that they're hackable. You've given up control of the end point (either producer or consumer depending on which end you're on) and thus you can't control what they do with your message. They may use Perl and regular expressions, for example to rip apart the message and process it as raw XML even though you intended it to be processed as SOAP.

8:05 AM | Comments (1) | Recommend This | Print This

Give Feeds a Chance

Steve Gillmor poses a challenge to those who hide their content:

[T]hose who still fear ads in feeds, try this experiment–give us a full text feed with ads (or not, if the content is the ad) and maintain an abstract feed without. Then let the market choose. I know what I think will happen. And quickly too. All we are saying… is give feeds a chance.
From » Arbitriage | Steve Gillmor’s Inforouter
Referenced Tue May 17 2005 09:34:04 GMT-0400 (EDT)

7:32 AM | Comments () | Recommend This | Print This

May 16, 2005

Verifying Identity Assertions in LID

When Johannes Ernst first proposed LID, I said it was more like business cards rather than real identity credentials because it lacked the ability to verify identity assertions that people made about themselves. The latest LID spec contains a method for third part verification of assertions (see Section 4.7). I think that this closes a major hole. I haven't reviewed the new spec in detail yet, but I wanted to mention this since it was my major gripe before.

8:20 PM | Comments () | Recommend This | Print This

IEEE Computer RSS Feeds

The IEEE Computer Society now has RSS feeds of its journals online. Very good. On the opposite end, I found several articles in the May issue of the Communications of the ACM that I want to write about, but not only don't they have the articles online, they don't even have the table of contents up for May. They're still on April! Just one more example of ACM being out of touch with the 21st Century.

4:10 PM | Comments () | Recommend This | Print This

May 14, 2005

Apple Dashboard and Connectivity

I've been gone the last week. I was on staff at a Woodbadge Training course. For those of you not familiar with Woodbadge, it's an adult leadership training course run by the Boy Scouts. Probably the best leadership training I've ever received and being on staff was a lot of fun--even with the four inches of rain that fell last week.

While I was away, I had very limited Internet connectivity and even less free time. Consequently, I didn't post. I did have my Mac with me, however, and I'm running Tiger. One thing I noticed is that one of Tiger's most hyped features, Dashboard, is really pretty boring without connectivity. Most of the widgets I like depend on information that they get from the Internet.

More and more I find that I can't do much with my computer unless I've got a network as well. It's not just things like email. Even when I write, I depend on the Internet as an information source. I use it for research and even as my dictionary and thesaurus. This is just another example of how Web services, with or without SOAP, is becoming a reality.

3:34 PM | Comments (3) | Recommend This | Print This

May 6, 2005

Organization Get the IT They Deserve

The tagline for my blog is "Organizations Get the IT They Deserve." This is a quip I made to Bob Woolley one time when I was Utah's CIO. The idea seems to resonate with people. My tagline, and blog, were recently discussed in an article in Australia's CIO magazine by Sue Bushell called "Just Desserts."

7:43 AM | Comments () | Recommend This | Print This

May 5, 2005

Services and Contracts

My panel on services and contracts went pretty well, I think. We went through many of the issues I identified earlier. A few new things came up that I hadn't thought through. First, we discussed WS-Policy and some of the identity issues surrounding service contracts. Second, we got into a discussion of directories (UDDI). The reason for discussing directories is that much of contracts has to do with exchanging metadata and one of the ways metadata is delivered is from the directory. I'm not sure we made that clear enough for the audience.

3:04 PM | Comments (1) | Recommend This | Print This

Mark Carges: How are Companies Using SOA

The technology track keynote is from Mark Carges, CTO of BEA Systems. BEA and InfoWorld did a study of SOA. They found that only 28% of companies have adopted SOA. About half of those were pilot projects. Only 8% have some kind of enterprise-wide approach (which puts what Toby just described in the state-of-the-art). Early adopters are making SOA a priority. Of those doing something, 14% things is a critical priority in the next 12 months, but over 60% put it in the critical or high priority category over the next 3-5 years.

SOA is an attribute and architectural approach than a project in and of itself.

The pain points identified in the study are architecture flexibility, integrating legacy apps, business partner integration, customer service initiatives, and employee self-service. One interesting point: if you build a service to replace 13 siloed serviced around the enterprise, how do you pay for it? How do you service it? How do you set service levels? Moving to an SOA puts IT in the business of creating products.

Another interesting data point from the study: managers tend to think their company is "half way there" in SOA. Technical folks are more likely to say "haven't started" or "just starting." The positive spin on this is that managers are seeing benefits just from the first few projects, to they're bullish.

SOAs evolve from simple Web services that expose data and actions to composite apps that create business processes, all the way to full-service infrastructures that service the enterprise's IT needs.

The tendency in pilots is to build point-to-point Web services. The services are directly connected and tightly coupled. The security, service levels, exceptions handling, and so on are built into the code. This makes the service difficult to re-purpose and re-use. The service infrastructure provides these services to all of the Web services that you deploy.

The following table is modeled on something Mark put up. There's nothing here that you probably haven't thought about before, but it's interesting to see it all together:

EfficientAgile
Controlin the hands of ITin the hands of users
Platform standardizedbest of breed
Datacentralizeddistributed
Driverone source of truthspeed
Example: financialsclosing with the mainframeclosing with Excel

The conclusion to draw from this table isn't "left-bad, right-good." There's a spectrum on each line and a variety of reasons to make particular choices. For example, I doubt that GM would become a more agile company by foregoing its enterprise financial package and moving everything to spreadsheets, but I'd also bet that even in the largest companies, lost of spreadsheets feed into the closing.

11:36 AM | Comments (2) | Recommend This | Print This

Toby Redshaw on SOA

I'm at the InfoWorld SOA Executive Forum today. I'm running a panel on Services and Contracts later this morning. San Jose is rainy, but warm. It's actually kind of pleasant. The room is packed. Apparently they were turning people away. That's a result of two things, I think: (a) a general uptick in tech spending and (b) a feeling among IT folks that SOA (via Web services) is going to be an important part of their IT strategy.

There are two tracks at the conference today, a business track and a technology track. The keynotes are similarly bifurcated. First up is Toby Redshaw, VP of IT Strategy at Motorola. Toby was employee 50 at Fedex and road that rocketship (65% CAGR) for 15 years.

Toby asks the questions. "What happens if you are 25% less efficient in IT than your direct competitor?" Don't know? Then ask your self the question: "What happens if you are 25% less efficient in customer acquisition and retention or supply chain?" Those questions are related and will be more so in the future.

There are some good parts of SOA:

  • rapid delivery of projects because development shifts to composing applications.
  • projects are built top-down from existing processes (i.e. prototyped) rather than a complex technical specification.

There's some bad:

  • incomplete and evolving standards slow adoption
  • concerns from loosely coupled architectures
  • performance concerns from loose coupling
  • directories (UDDI) have been slow to appear and that makes re-use difficult

There's some ugly: Web services management and security is the most pressing need

Some lessons learned:

  • Start soon--its a long journey. Technology is not overly complex on the surface, but can be complicated to execute.
  • This is a big change, so you need serious change management.

Here are the layers:

  • Data layer: legacy apps
  • Integration layer: EII, EIA, etc.
  • Business logic layer: Web services based business objects
  • Orchestration layer: composite application and workflow
  • Presentation layer: portals, Web apps, thick clients

The orchestration layer has split into two parts: business process modeling and business activity monitoring (BAM). BAM allows companies to be proactive in a realtime sense rather than reactive.

Motorola has 180 services utilizing an SOA framework with new project opportunities identified each week. They are refining their SOA architecture with maturing orchestration, nomenclature, and governance guidelines. They are creating an ROI model. They have an adoption strategy with guidelines and best practices.

They have deployed 175 BAM monitors spanning Siebel to Oracle, Web channel to Siebel, and Siebel to Oracle EAI integration. Each BAM projects averages 50 rules.

Why is UDDI important? Its the directory. You need a Yellow Pages to find services. You need one of these. Don't let directory projects proliferate. Set one up and make everyone use it. Motorola uses Systinet's UDDI server.

Motorola does $5 billion per year in online sales. One of the services they built was a credit card service that everyone in the company could use. Motorola also built things like a warranty service. Toby gave 5 or 6 other examples of services they've built. Note that these aren't Web applications, but Web services that people who build Web applications can use as building blocks.

"Small agile kills big slow. Big agile is just scary..." Motorola wants to be big and agile. If you haven't started on SOA, you're in reverse. While this is conceptually simple, its a big set of changes. You need to build the infrastructure or you end up with meta-spaghetti. Change the way you buy and consume software. Find partners and phone a friend.

10:39 AM | Comments (2) | Recommend This | Print This

May 4, 2005

Why Doesn't My RSS Feed Show Up in Safari

If you're using Safari and wondering why the nice blue RSS icon doesn't show up for your blog, the answer is that you have to add a <link/> tag to your header. This is the same solution as for Firefox. As an aside, I like Safari's default action upon clicking the icon better than Firefox's. Firefox subscribes you to its own, pretty cheesy, RSS bookmark folder where as Safari nicely popped the subscription right into NetNewsWire.

9:33 PM | Comments (1) | Recommend This | Print This

Tiger Update

I upgraded to Tiger yesterday. I knew I was going to be traveling and its always more thrilling to update right before a big trip. I did the smae thing with Panther. Go figure. I used Synchronize Pro to make a bootable copy on my firewire drive (Carbon Copy Cloner would work as well) and then did a straight upgrade. I heard about an alternative after I was done: do a wipe and install and then use the OS X feature that transfers your data and applications from an old machine to get them from the bootable copy. That's a good alternative if you're someone who likes to start fresh.

The update went flawless and I haven't noticed any big show stoppers. As usual a few applications needed updating (like Quicksilver). If you're having problems, this list of incompatibilities and workarounds might help. Also, you can take some comfort in the knowledge that Apple has said their freezing much of the API aftger Tiger. Until now, every major update changed the API in significant ways and that's not a recipe for application reliability.

One thing that annoyed me: Tiger came with a trial version of Office 2004 and whenever I opened a Word doc, it used the trial version instead of the copy I own. I blew away the trial version and reassociated the Word documents with the application and now everything is cool.

So far, I'm most excited about Spotlight. I've been trying to use it as a replacement for Finder and it does a pretty good job. I also found this article on using smart folders to be helpful as well. Smart folders are enabled by the same index that runs Spotlight.

At this point, Dashboard is largely underwhelming. Maybe I'll get into it, but its not nearly as useful as, say, Expose has turned out to be.

Some people have complained about the new look for Mail, but I like it. I think its an improvement. I did take the time to customize the buttons. I like the delete and junk buttons to be separate and separated by some space so that I don't hit the wrong one by accident.

Also, finally, you can swap the control and caps-lock keys without installing some patch that breaks everytime Apple updates the OS. Just go to the keyboard preferences and voila!

6:53 PM | Comments (2) | Recommend This | Print This

My New Audio Toy: MOTU Traveler

MOTU Traveler

I got a new toy this week, a MOTU Traveler. The traveler is a small, but very capable, digital mixer that links to your computer via firewire. I have been using a cheap Beringer mixer that I plugged into my computer using a Griffin iMic. I've not been getting the quality of recordings I've wanted, however, so I was looking for something digital. I started out looking for a USB mixer, but this one caught my eye.

The Traveler has four XLR inputs and 8 other RCA jacks that are all available individually inside the computer. The mixer can be controlled from the front panel, but I like the software controls better. The Traveler also comes with a copy of Audio Desk, a sound editing program that seems pretty capable.

Combined with my JK Audio THAT-2 phone tap, I have an excellent set-up for recording phone interviews. Using the THAT-2, I listen to the phone in the headphones I'm using to monitor the recording and my guest hears whatever I say into the mic. The only problem is a small amount of crosstalk on the channel recording the incoming phone call that happens inside the phone itself. I get a clean channel with my voice, but the channel recording my guest has me on it as well, albeit faintly.

6:22 PM | Comments () | Recommend This | Print This

May 3, 2005

Virutal Machines and Software Development

Joel Spolsky talks about how his company uses virtual machines as part of their software development process. He gives several examples of how they use it at Fog Creek:

Here's an example. The first thing that FogBugz Setup does when you run it is to test that all kinds of prerequisites are installed, like IIS and MDAC and VBScript. In order to develop and test that code, I need virtual machines that are missing the prerequisites, so I can test all the code paths.

With VMware 5, I can build a stripped down virtual machine containing, say, a minimum Windows 2000 installation without any of the prerequisites. Then I can take a snapshot of that, and install prerequisite 1. Then I can take another snapshot of that, and install the prerequisite 2. Eventually I end up with a bunch of snapshots with different configurations and I can go back or forwards to a particular configuration in one step.

Here's another example of why VMware is critical. Let's say I'm testing the upgrade code in FogBugz for upgrading, say, from FogBugz 2.0 to FogBugz 4.0. In about one minute I can be running a pristine copy of Windows 2000 that looks just like the day it was installed. Two minutes later, it's running FogBugz 2.0, and I take another snapshot. Now I run my upgrade code on that, and, of course, it fails, thanks to Murphy's law, but it leaves FogBugz in a "half-upgraded" state. The brilliant part of VMware is that I can click to go back to the 2.0 snapshot and in about 30 seconds I'm back to a pristine FogBugz 2.0 installation.

Our other major use for VMware at Fog Creek is for supporting Linux. FogBugz runs on all kinds of different distros and we use VMs to develop and test with them all.
From Joel on Software - Monday, May 02, 2005
Referenced Tue May 03 2005 14:28:26 GMT-0600 (MDT)

2:26 PM | Comments (1) | Recommend This | Print This

More Lost Personal Data

Time Warner has told employees that they've misplaced personal data of 600,000 current and former employees.

The tapes, part of a routine shipment being taken to the site by off-site data storage company Iron Mountain didn't include data about Time Warner customers, the company said in a statement.
From Time Warner says data on 600,000 workers lost | By Lucas Mearian, Computerworld
Referenced Tue May 03 2005 14:15:33 GMT-0600 (MDT)

You have to protect backups of personal data as carefully as you protect the real data, maybe more so as this story shows. Your backup data is subject to being taken off site in very dense aggregations. What's more, you have to understand and track the chain of custody, especially when the custody will extend to vendors.

2:13 PM | Comments () | Recommend This | Print This

Doing Away with Trust

Jamie Lewis has responded to posts about identity context and trust from myself, Kim Cameron, and Luke Razzell with a post on trust and what it means with respect to digital identity. As Jamie says, "the term 'trust' ... carries an enormous amount of baggage."

Jamie goes on to say that when we speak of trust in the context of digital identity, what we're really talking about is surety and risk management. Thus to gain trust in another entity is the process of gathering evidence that can be used to establish the level of risk for any particular transaction.

My previous example about using your passport in coffee shop to prove to the clerk that you are the same person named on the credit card that you present for payment can be further explored in this light. Let's see if I can explain the process without using the word "trust."

The clerk asks to see a form of ID (a credential) along with the credit card to reduce the risk of fraud. The clerk expects that you will produce a credential that is easily authenticated. Moreover, the clerk will evaluate the level of risk based upon his perception of the level of care the issuing organization has taken to vet the person in the credential, the organization's familiarity, and how difficult the credential is to fake.

The clerk is gathering evidence, even though he might not think of it that way, and evaluating the evidence in an effort to reduce the risk and gain surety that the transaction will be honored. In business, transactions frequently happen in the context of overarching agreements and understandings. Jamie characterizes these as a set of building blocks that include things like business relationship, legal contracts, key management, asserions, shared policies, technical assurance, and audits and accredidation.

Much of the most interesting work in digital identity is focused allowing more of these building blocks to come into play in short-term relationships. You can think of that as eliminating the need for trust, if you like. Credit cards did this same sort of thing in the 70's. Before credit cards, credit was part of a long-term relationship that had many of Jamie's building blocks, or close analogies. What credit cards did, was move those building blocks from a point-to-point relationship between the creditor and borrower and into a networked relationship where the business relationship, legal contracts, policlies, tokens, and technology were maintained at the infrastructure level.

Many have doubts that this sort of thing can happen in the identity world because risk and financial reward are not as easily offset as they are in the case of credit cards. I'm optimistic that we'll find a solution, because the rewards for doing so are significant. So far, the solutions I've seen do a nice job of solving the technical problems, but it remains to be seen whether or not identity providers will spring up who enjoy the same reputation as do the Federal and state governments. I believe that for reasons of risk management alone, government may need to become identity providers in the online world in the same way they've become de facto identity providers in the physical world.

10:24 AM | Comments () | Recommend This | Print This

May 2, 2005

Don Box on WS-Mex

Kim Cameron pointed to my questions about WS-Mex and Don Box gave his reasons for why WS-Mex is needed over and above simple HTTP. I think it basically comes down to the fact that SOAP and its related protocols are, ideally, transport neutral. WS-Mex is one component of that transport neutrality. In fact, in doc/literal mode SOAP is really nothing more than transport anyway. Like many things in Computer Science, SOAP is simply another layer of indirection and the costs and benefits of indirection layers are well understood. WS-Mex is one way of preserving the SOAP-as-transport indirection.

9:23 PM | Comments (1) | Recommend This | Print This

The Strange Pleasure of Upgrading Software

Apple's release of OS 10.4 (aka Tiger) inspired an editorial in the NY Times on the pleasure of upgrading.

Like many Apple computer users, I'm in a pleasant state of expectation. I've ordered Apple's updated operating system, but it hasn't yet arrived. I have housecleaning to do before I can install it: deleting dead programs in my applications folder, for instance, and backing up my hard drive. Then will come the almost visceral pleasure of installing new software. This is one of the most pleasant tasks I know, vastly easier than straightening up the barn or taking the truck in for service.

Somewhere at home I have the floppy disks of many previous upgrades, including versions of MS-DOS - the first Microsoft operating system - that date from the early 1980's. They are reminders of how strange the idea of software seemed to me at the time. It did not occur to me then that such strangeness was part of living in a hardware world.

The only way to upgrade the refrigerator or the vacuum cleaner is to buy a new one. I can think of nothing I owned at the time that was capable of taking in new instructions and using them to improve its operation substantially. The only thing that could do so was not a machine at all. It was a human being.
From The New York Times > Opinion > Editorial Observer: The Strange Pleasure of Upgrading Software
Referenced Mon May 02 2005 11:14:12 GMT-0600 (MDT)

The cynic would say that their vacuum cleaner usually worked right when they unpacked it. That isn't usually the case with software, even software much less complex than an OS. Still, my old 1GHz TiBook got noticeably faster with each new version of OS X. I'm in the process of installing 10.4 on it now. I'll be surprised if that's not the case this time as well.

11:11 AM | Comments (2) | Recommend This | Print This

Lincoln's Constitution

Over the weekend, I finished Lincoln's Constitution by Daniel Farber. The book deals with Lincoln's actions during the civil war and studies their constitutionality. The book's conclusion:

[M]ost of that Lincoln did...was in fact constitutional. He was correct that secession was unconstitutional, a revolutionary act rather than a legitimate exercise of state sovereignty. He was also correct that, in actual areas of war or insurrection, he had emergency power to suspend habeas and impose martial law. This is not to say that everything he did was constitutional. Military jurisdiction was extended beyond constitutional bounds in the North; money was spent and the military expanded without the necessary authority from Congress; and freedom of speech was sometimes infringed. Not a perfect record, but a creditable one, in incredibly trying circumstances.

While I wouldn't call it a page turner, neither was it a book I had to slog through; I looked forward to my time with it. The book is easy for a layman to read and anyone who enjoys Lincoln or constitutional questions (I enjoy both) will find it a good read.

8:09 AM | Comments (1) | Recommend This | Print This