Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Understanding RSS
Digital ID Policies
Understanding VoIP
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Friends

Mike Jones
Chuck Knutson
Kristen Knight

Copyright

Copyright © 2002-2006 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« July 2005 | Main | September 2005 »

August 31, 2005

IT and Katrina

Yesterday I posted a piece at ZDNet's Government IT blog on turning hopeless victims into smart mobs. This was a reflection of some interesting ideas that David Stephenson has been posting about how IT can help in homeland security and disaster preparedness. He's not the only one obviously.

Doc Searls, at the IT Garage, is asking "how does IT help with Katrina recovery?" and offering a place where IT folks can post stories about their experiences with Katrina. He's also pointing to the Slidell Hurricane Damage Blog.

The Slidell blog is maintained by Brian Oberkirch who lists his contact information prominently on the front page. Slidell is near the Northeast corner of Lake Pontchatrain, about five miles West of the Mississippi border and 20 miles Northeast of New Orleans. The blog contains photos, announcements, updates from county officials. This blog is a perfect example of what smart mobs can do to help in a disaster.

There are also katrina tags at Flickr, del.icio.us, and Technorati.

9:14 AM | Comments (1) | Recommend This | Print This

August 29, 2005

First Day of School

Classes start today at BYU. I actually teach on Tuesday and Thursday, so I've got another day yet. I'm teaching a class on programming language design (using Scheme) and large scale distributed system design. I've changed the text for the distributed system design class to Web Services by Gustavo Alonso, et. al. It's the first real text I've found that covers the material I want in the class.

One of the first things I have my students do is set up a Linux server. We use UML to put multiple sets of students on a single box. This year, we tried to get the SpikeSource stack working for the class, but it wouldn't work on UML. That doesn't surprise me. UML is very finicky. We may have to try Xen next time. If anyone has experience with the SpikeSource stack on Xen, I'd be interested in hearing about it. In the meantime, Dan Olsen, my TA, put together a set of instructions for setting a a Linux server for the class.

8:19 AM | Comments (4) | Recommend This | Print This

August 26, 2005

GTalk and the Google Identity Strategy

I just put up a piece at Between the Lines on Google's identity strategy and how GTalk plays into that. If you're an OS X user, GTalk works with iChat. If you've already got a GMail ID, you just use that. No need to even sign up for anything. You're already a member.

2:41 PM | Comments (1) | Recommend This | Print This

Mark Dixon on Identity

Mark Dixon, who works for Sun and grew up in Idaho (like me), is blogging about identity. Some interesting stuff there.

1:07 PM | Comments () | Recommend This | Print This

Orrin's a Blogger Now

A week or so ago, Steve Urquhart asked "what things could Orrin do that would show my campaign has him worried?" The obvious answer was "start to blog." Well, Orrin's started his blog. There's one post so far, and it's pretty much just cut and pasted from a letter he sent convention delegates last week. There's no permalinks, no RSS feed, and no comments (only a box to send feedback to Orrin). I'll be interested to watch it over the coming weeks and months to see if there's anything like a real voice in the posts that shows Orrin's actually writing it.

11:21 AM | Comments () | Recommend This | Print This

CTO Breakfast Report

We had the CTO Breakfast this morning and there was lots of interesting discussion and more people than we've ever had before. Much bigger and we'll need a different room.

Here are some things we talked about:

  • China. This seems to be a topic that comes up a lot at these breakfasts. Interestingly, not much of the discussion is about "outsourcing" but rather about opportunity. Two books that came up: Friedman's "The World is Flat and Fishman's China, Inc.
  • This morphed into a discussion of online games when we discussed an edict by the Chinese government to limit game playing to 3 hours per day.
  • Tom Gregory from the State School Board was here this morning and so we got into a discussion of education and technology in education.
  • Joel Sobrowsky, EVP at Dynamic City, was here and gave us an update on Utopia, the big muni-broadband project in Utah. Utopia is now passing homes and businesses in all six of the Phase I cities--that's about 50,000 homes. Phase II will be another 50,000 homes in those cities. Phase III will complete all of the Utopia cities. Call Sue @ 1.888.FIBER4U to get information on when they'll be in your neighborhood. The most popular product on Utopia so far has been a 10Mb/s symmetric link. Pay attention, that's symmetric. We decided the Utopia ought to run a bandwidth test site inside their network for customers to verify that.
    On Sept 19th-21st, Salt Lake City will host the Broadband Cities Conference. Utopia will be running 100Mb/s links to the booths at the conference to show the power of real broadband.
    Next month we'll invite Utopia's CTO, Jeff Fishburn, and get some maps and get all the details.
  • Willi Donohue, an old friend was most recently with BMC in Houston, was here this morning. He's returned to Utah and is working with Cogito now. I've been worried about Cogito after the management shake-up, but knowing Willi's there gives me some confidence. Ian Stiles, their CTO, who I hadn't met before came today as well.
  • At 9:30 a bunch of people took off, but the group that was left was pretty hard-core hacker/dynamic language guys. We got a report on Damian Conway's talk in Provo a couple of weeks ago. Damian was here to do some consulting with United Online, probably the largest employer of Perl programmers in Utah. I also found out that "why the lucky stiff" is from Utah! Wow and cool. I loved his OSCON presentation and his Guide to Ruby with Cartoon Foxes is a classic.
  • Scott Lemon reported on Firepoll, a Utah company that pays people to answer questions for companies online. He says he makes a couple of bucks a year. (Unfortunately, there's no OS X client--why not just do it online so there's no client?) We concluded that this would be a good IM application, but of course, IM bots have been patented.
  • On that same line of thought we discussed a new business for Google, given their new GTalk launch. Let people sign up to answer questions for people and let them specify their expertise. When people ask questions (as a paid service), the question gets IM'd to anyone in that area online. Everyone who wants to can look at how much the question pays and answer if they want. Google processes the results, returns them to the user and people get paid for their answers based on click-thru.
  • This turned into huge discussion of digital identity. Too much, too fast to keep track of.

10:37 AM | Comments (1) | Recommend This | Print This

August 25, 2005

Splogs and Paid Content

Doc Searls has a long and thoughtful piece about the relationship between splogs, intermediaries like Google and Yahoo!, and paid content providers (most notably newspapers). Splogs are blogs that are just link farms and have no human author adding value. They are mostly autogenerated by programs for the exclusive purpose of getting a high ranking for a particular keyword and then reselling AdSense ads. For another look at the same problem, see this post by Tim O'Reilly.

As Doc points out, splogs are a cancer that is threatening the whole idea of an Internet with free content. Just as phishing has essentially destroyed email as a channel for financial institutions to communicate with their customers, splogs threaten search engines and blogging. Doc has a suggestion for dealing with the problem:

I suggest that everybody in the search engine business, including all the Static Web and Live Web companies I listed above, pool their knowledge and expertise, and beat a cancer that (in my humble but considered opinion) threatens the whole Live Web, including blogging in particular and frequently updated free content in general.

Across the search engine marketplace, there is an enormous amount of duplicated effort fighting splogs and other forms of blog spam. There is also an open source solution to this: share the know-how. Even the data (perhaps through a public list of offenders).
From The Doc Searls Weblog : Thursday, August 25, 2005
Referenced Thu Aug 25 2005 11:53:25 GMT-0600 (MDT)

12:00 PM | Comments (2) | Recommend This | Print This

August 24, 2005

Utah Legislature Wins Online Democracy Award

The Utah Legislature won the Online Democracy award for it's Web site. That's cool. It really is a very good site and they've done a lot to add RSS, audio files of committee meetings, and other features that make it more usable. Congratulations!

4:14 PM | Comments () | Recommend This | Print This

August 23, 2005

Aradyme Is Hiring!

Aradyme, who has a nifty dynamic database, is looking for software engineers, both contract and full time. Right now, they're looking for C# expertise. I've been working with them in a CTO coach capacity. There's some fun stuff happening there and I think they're well-positioned. Give them a look if you're looking.

6:00 PM | Comments (1) | Recommend This | Print This

Internet Identity Workshop Registration

If you've tried to access the announcement or registration page for the Internet Identity Workshop in the last several days, then you'll know that they've been down. I apologize. BYU is handing out new public IP addresses and for some reason that led them to drop some zones in the DNS file as well; it's been a mess. In any event, it's back now. So far there have been 16 registrations. If you work for an entity that won't let you use Paypal to pay, I've added instructions for paying by check.

3:27 PM | Comments () | Recommend This | Print This

Corporate Policies for Handling ID Data

Dave Kearns wrote a column at Network World about my book, Digital Identity. The focus of the column is the identity policy templates I wrote for the book. They've been getting a lot of attention, if downloads are any indication.

I actually wrote them because I found as I wrote the chapter on policy that it was almost impossible to do without some examples. I had a few that we'd done at Utah and some samples off the 'Net here and there, but nothing complete and coherent.

Digital identity policy stack (click to enlarge)

The idea behind the policies is that identity is foundational to many other things, including computer and network security. Thus, there ought to be identity policies that are separate from and serve to enable good security policy. The picture at the right shows how this works. The blue boxes in the middle are the identity policies. Security policies are just one of the top boxes. The bottom tier is the interoperability framework--a completely different discussion.

The policies I wrote include the following:

I wrote these are Word documents since the idea is that these are templates that you can download and tailor to your own organization. Over the coming weeks I'll write an article describing each one of these as well as some other identity policy considerations.

7:55 AM | Comments (4) | Recommend This | Print This

August 22, 2005

CTO Breakfast this Friday

We'll be having the CTO Breakfast this Friday at 8am. You don't have to be a CTO to come, just interested in information technology and product development.

The breakfast will be held in the executive conference room of Building L (the food court) at Canyon Park Technology Center in Orem). See

http://www.windley.com/cto_forum

for more information on the location. I hope you can make it.

Future breakfasts will be held on the following days:

  • September 30 (Friday)
  • October 28 (Friday)
  • December 2 (Friday)

Mark your calendars.

6:38 PM | Comments () | Recommend This | Print This

Open Source Identity Tools in Java

From Managability.org, here's a nice list, with brief commentary, of open source tools for identity management written in Java.

12:22 PM | Comments () | Recommend This | Print This

August 19, 2005

Building an Identity Management Architecture

I've got a new article up at the O'Reilly Network called Identity Management Architectures and Digital Identity.

There's also a sample chapter of Digital Identity up now. It's the chapter that introduces the concept of Identity Management Architectures.

9:59 PM | Comments () | Recommend This | Print This

The Four Five 'Net Freedoms

I've just written my first article over at the ZDNet Government blog on the Four Five 'Net Freedoms. Fun stuff...

2:57 PM | Comments () | Recommend This | Print This

Vacations and Hot Potatoes

Steve writes:

In order to take a vacation, you have to have a job from which to vacate. I've had a number of vacations over the past 5 years, but the name for them has been "fired" or "laid off" or other euphemisms for "It's time for you to start thinking about Steve Gillmor." Like I was worrying about Michael Gartenberg's career the whole time.
From » Vacation | Steve Gillmor's Inforouter | ZDNet.com
Referenced Fri Aug 19 2005 08:32:31 GMT-0600 (MDT)

Steve notes that August used to be the traditional time for vacations, but there doesn't seem to be much of a let up in things vying for attention anymore--even in the dog-days of summer.

If you sent me email while I was on vacation, you got back a note telling you that your email wasn't saved and that you'd have to resend it when I got back. Sorry if any were offended, but I simply turned email off. When I got home, I turned it back on and I didn't have thousands of messages to slog through. More importantly, however, there weren't forty tasks waiting for me that people had given me while I was gone.

Email has become like a game of hot potato. Everyone's anxious to clear their box, so they "delegate" whenever they can to you. I don't know why we've created a world where we feel like people we don't even know can task us, but we have. When I bounced email back, it forced people to think about whether they really wanted to send me that note (or task) and often, they decided they didn't. Steve Fulling remarked that he had a dozen things he thought about sending me, but because he knew he'd have to save it and keep track of it (instead of me), he only kept three.

I'm not sure that there's a larger answer here. I'm not advocating bouncing email back on a regular basis, but as a vacation tactic it worked well. I think it comes down to a few simple rules:

  • Think before you send an email when you're creating work for someone else and make sure its truly important.
  • Don't feel obligated to respond to tasks from people (even a simple task like replying to a question.
  • Don't be offended when you don't get an response to an email sent--the person you sent it to is just as busy as you are.

8:32 AM | Comments (2) | Recommend This | Print This

August 17, 2005

CheapGas: Another Google Maps Mash-up

Cheap Gas in Utah County (click to enlarge)

In a story about the recombinant Web, Dan Farber points out CheapGas, a mash-up between Google Maps and GasBuddy. The picture at the right shows the cheapest gas (that Gas Buddy knows about) in Utah County. Nothing too cheap, mind you.

10:35 AM | Comments () | Recommend This | Print This

Community Broadband or Roach Motels

Britt Blaser has an excellent essay up now on the real reasons for building community broadband networks. Qwest, Comcast, and other private providers of service want you to think it's about keeping government out of competition with private providers. But as Britt rightly points out, it's really about public discourse and building the infrastructure to support it:

If you believe in public discourse, you are. Let's not fall into the trap of defending technical and turf issues when the real issue is whether a people united deserves an Agora. We can join together to push harder on the politicians we elect than do the lobbyists and consultants the politicians think they must please.

I want to start with a conversation about whether New Yorkers have an inalienable right to equip themselves to participate in the global conversation at a rate typical of a leading first-world nation, rather than at the level of a trailing first-world nation. (Actually, I want more than a conversation, because there's too much conversation on the web and not enough action. I want a forum with real political power: one where, after our solution becomes obvious, we have the specific means to compel the politicians to get off their expensive asses and do something useful.)
From Escapable Logic
Referenced Wed Aug 17 2005 06:56:39 GMT-0600 (MDT)

I've written about this same issue before in regards to iProvo and Utopia (two community broadband projects in Utah), although not as eloquently as Brit. One of my main points has been that carriers are building walled gardens, not the agora, as Britt puts it, that we need to enable so many important public activities. What's more important, they never will.

I sat in an Orem City Council meeting over a year ago and listened to a representative from Comcast tell them about all the wonderful things Comcast was doing to for Orem residents. And it was wonderful--on the surface. If you listened carefully, however, the message, loud and clear, was this: we build the products, you pay us money to consume them. In other words, Comcast's vision was completely unidirectional. There was no sense of the broadband network as an infrastructure where anyone could produce interesting things (like blogs, video, podcasts, etc.) and distribute them. Comcast's vision was all about a one-way street where deliveries were made but packages were never picked up. Maybe instead of "walled gardens" a more apt metaphor would be "roach motels."

Britt's piece isn't just an essay, however, its a call to action. Specifically, a call to support Andrew Rasiej's campaign for NYC Public Advocate. If we are not willing to support (vote and donate) to people who understand technology and what powers innovation, then we'll get the nation we deserve. (See my post on Beating Hatch.) I went over to Rasiej's site, found him to be just that kind of guy and made a donation.

7:08 AM | Comments () | Recommend This | Print This

August 16, 2005

Chad Dickerson's New Home

Chad Dickerson, who was the CTO at InfoWorld, has a new home on the web, as well as a job. He's now working for Yahoo! Search. Chad's one of the good guys and someone I've come to admire and enjoy while working with him at InfoWorld. I hope he enjoys the new gig.

9:34 PM | Comments (1) | Recommend This | Print This

Identity and Spam

Scott Mace has an interesting interview with Scott Chasin, CTO fo MX Logic about Spam and the underlying problems with the SMTP protocol. Not surprisingly, much of the solutions that Scott discusses with Scott have to do with identity.

5:04 PM | Comments () | Recommend This | Print This

The Best Software Writing by Joel Spolsky

I had the opportunity to read a copy of Joel Spolsky's new book The Best Software Writing I and interview Joel about it for the Technometria podcast on IT Conversations. The interview was a pleasure to do and the book is great. I really enjoyed it.

Joel didn't write the book per se but rather selected 30 examples of good writing from nominations given him by the readers of his blog. He also introduces each one. If you're interested in writing, especially technical writing, then this book is must read.

10:15 AM | Comments () | Recommend This | Print This

Hey! That's My Domain Name!

The lawyers liquidating the assets of Excite@Home have finally gotten around to selling to its domain names. The article at MSN features stuff.com in the tagline and also mentions the sale of shoppingcart.com for $285,000. Those were both domain names that I purchased at iMall and went to Excite@Home when we sold iMall to them. I paid $5000 for stuff.com and, I think, $2000, for shoppingcart.com in 1998. The attorneys were not as careful as they should have been with these names. There's a lot more that expired and lost before they got around to selling them. For example, imall.com expired and was renewed by someone else in 2001. Having watched a few of these, I think bankruptcy attorneys are not very good at managing, valuing, and selling non-tangible assets like domain names and IP.

10:07 AM | Comments () | Recommend This | Print This

August 12, 2005

Decontructing the Enterprise Service Bus

Over at Between the Lines, Dan Farber has a pointer to a free report from Patricia Seybold Group on enterprise service busses. Its a great tutorial that clears up a lot of the terminology and technology behind ESBs.

10:55 AM | Comments () | Recommend This | Print This

August 11, 2005

You Want Revolution?

One more data point on the AJAX hype cycle:

The Netscape threat that led Microsoft to wage the browser war and cross swords with antitrust regulators around the world is -- at long last -- poised to become reality. Software experts say recent innovations in web design are ushering in a new era for internet-based software applications, some of the best of which already rival desktop applications in power and efficiency. That’s giving software developers a wide open platform for creating new programs that have no relation to the underlying operating system that runs a PC.
From Wired News: You Say You Want a Web Revolution
Referenced Fri Aug 05 2005 09:50:24 GMT-0700 (PDT)

10:48 AM | Comments (2) | Recommend This | Print This

August 10, 2005

Overloading: Syntactic Heroin

ACM Queue has an article entitled Syntactic Heroin which says that user-defined overloading (ad hoc polymorphism) is a drug.

User-defined overloading is a drug. At first, it gives you a quick, feel-good fix. No sense in cluttering up code with verbose and ugly function names such as IntAbs, FloatAbs, DoubleAbs, or ComplexAbs; just name them all Abs. Even better, use algebraic notation such as A+B, instead of ComplexSum(A,B). It certainly makes coding more compact. But a dangerous addiction soon sets in. Languages and programs that were already complex enough to stretch everyone’s ability suddenly get much more complicated.
From ACM Queue - Syntactic Heroin
Referenced Fri Aug 05 2005 09:30:29 GMT-0700 (PDT)

This echoes comments that Damian Conway made last week at OSCON regarding Best Perl Practices. Students seem to be especially taken with overloading when they learn about it. Its a novelty to be able to define syntax looks like its a built-in. This article points out the dangers.

10:28 AM | Comments (2) | Recommend This | Print This

August 9, 2005

Bob Woolley on Enterprise Computing Practices

Bob Woolley is extremely knowledgeable on enterprise computer architecture and planning issues and...he's now got a blog. Recommended reading for people who care about enterprise computing.

9:42 AM | Comments () | Recommend This | Print This

August 8, 2005

Howtoons

One of the fun things I discovered at OSCON was Howtoons, a collection of cartoons that teach kids how to do things. I'll definitely be showing it to my kids.

11:04 AM | Comments () | Recommend This | Print This

Identity Policy Templates

One of the chapters in my book on Digital Identity is on identity policies. I've created a set of identity policy templates to augment the material in the book.

Speaking of the book, I received a copy in the mail Friday, so it's definitely done. I have to admit it was a good feeling to thumb through it.

8:35 AM | Comments (1) | Recommend This | Print This

August 6, 2005

Identity Rights Agreements

In my Digital Identity book, I mention that even though most people hate digital rights management (DRM) schemes on digital goods like software and music, that's exactly what we'd all like for our identity information. For example, I'd love to be able to control how my bank uses, stores, shares, etc. my SSN when I'm forced to give it to them.

On the train from OSCON to the airport, I was talking with Doc, Dizzy, and St. Peter about identity and Dizzy brought up the idea of doing something like Creative Commons (CC) for identity--essentially a voluntary DRM not unlike a non-disclosure agreement. We started calling it an Identity Rights Agreement (IRA). Here's some thoughts:

IRA's should come in a limited set of configurations, like CC. This makes it easy for people to choose and become familiar with what they mean. So, they might be:

  • Post publicly (broadcast)
  • Share with anyone, but can't broadcast
  • Share with self and partners with which you have a legal agreement to honor this agreement
  • Keep to self
  • Stored encrypted
  • Use for this purpose and destroy

These are just suggestions. There might be more and they certainly need better names and descriptions.

Another issue surrounds granularity. Ideally, each assertion on the identity would be able to be separately licensed. I am glad to have my URL shouted from the rooftops, but I want my phone number kept, but not shared. My SSN, I want used and then destroyed, or at least stored in encrypted form. Just off the top of my head, I think some kind of microformat would be the right thing here since it could be layered onto other mark-up and be displayable as well.

The IRAs would be voluntary in the sense that not technology or system enforces them, but they could be made legally binding by the use of electronic (not digital) signatures. By federal law, an action (clicking on a Web page, for example) can be legally binding under certain circumstances. A request for identity information could return the agreement (in machine and human readable form) and then the request for the actual identity attributes would constitute the agreement.

Certainly, much of this would have to be worked out by those more expert in the law than I. You can't really have a functioning Identity 2.0 infrastructure, however, without some way of attaching hints and rules for acceptable usage to attributes.

9:11 AM | Comments (2) | Recommend This | Print This

August 5, 2005

MVC in Perl (OSCON 2005)

Perrin Harkins, a Senior Engineer with Plus Three, is speaking on MVC Web development with Perl. He's going to talk about three. The trade-off and primary difference is how much help they give you and the resultant loss of programmer freedom. In order of least restraining to most restraining, he's discussing: CGI::Application, Catalyst, OpenInteract2 (OI2).

These all do some code generation and can pretty much automatically generate standard, single-table CRUD (create, read, update, and delete) application with a Web front-end to a database.

Perrin demonstrated each by building the same application. He choose an application that uses multiple tables to make it a little more complicated.

After listening to the presentation, I think I lean towards using CGI::Application because it seems closer to how I program Perl on the Web.

12:20 PM | Comments () | Recommend This | Print This

PlaceSite: Making HotSpots Social

I stopped by a demo by Sean Savage this morning on PlaceSite, a system for letting people share information (like who they are, where they are, etc.) locally over Wi-Fi hotspots. Say you're in a coffee shop in downtown Salt Lake and it has a PlaceSite installed, when you open up your browser, you see not only who's there, but even who's close-by. It seems well designed and it's open source. Sean and two of his friends (Damon McCormick and Jon Snydal) built it as a part of a MS project at Berkeley this year.

PlaceSite is built on top of the OpenWRT project that I covered at the last ETech. Consequently, you don't need a server, just a Linksys WRT54G wireless router to run PlaceSite. That's a big plus.

Scott Lemon and I have discussed this kind of idea before for community service announcements, local advertising, etc. Here's a platform you build on Scott.

11:30 AM | Comments () | Recommend This | Print This

Linux on the Desktop (OSCON 2005)

Asa Dotzler wrote an essay a while back called Linux Not Ready for the Desktop. It was controversial enough (surprise) that Nat asked him to come present at OSCON. Here are his main points:

For regular people to see the value of Linux on the Desktop, it will have to install alongside Windows and bring over all their settings from bookmarks to wallpaper.

API stability is an important story. You shouldn't have to jump through hoops to install packages that you don't get from your distro. On Windows, one Firefox installer installs on every Windows version.

Complexity and choice scare regular people. There are too many distro choices, there are too many desktop choices, there are too many applications, there are too many application settings, etc. Then there's clipboard madness.

Linux must feel comfortable to users. Don't mess with the expectations of Windows users. This includes keyboard shortcuts, button positions, and even th panel position. Its foolish to deviate from what people expect when the value of that deviation isn't high or the cost is.

10:19 AM | Comments () | Recommend This | Print This

August 4, 2005

National Sex Offender Registry

I just put an article at Between the Lines that critical of the DoJ's new sex offender registry. A check of the site yields some interesting data. First, the site is hosted by Millenium Interactive Technology in Tallahassee FL. The site is served from IIS on Windows 2003. Ugh.

6:03 PM | Comments (1) | Recommend This | Print This

Don't Drop the SOAP (OSCON 2005)

Randy Ray of Tellme Networks, Inc. is giving a talk called "Don't Drop the SOAP." His basic thesis is that Web services require complexity. Ray says that there's nothing wrong with having simpler protocols, only in assuming that they replace more complex ones. In the intro to REST and SOAP, Ray discusses some of the big adopters. Interestingly, for REST he lists Amazon and Google, while for SOAP he lists .Net and Axis. Toolkits are not the same as users.

He begins by trying to counter some of the arguments RESTians make against SOAP. I'm not sure he made many points. I didn't find the arguments all that credible. He would have been better off, I think, in skipping this and making his main point: some things require SOAPs complexity.

A detour: Ray offers XML-RPC is a middle road that is simpler than SOAP and handles structured data better than REST. There are over 80 implementations in over 30 languages for XML-RPC. Pretty good coverage.

Don't confuse complexity and detail. Amazon returns a lot of data, but that doesn't make it complex. Amazon has a simple interface since the URI really comes down to the ASIN, the key for the data related a any given product.

On the other hand, complex services like MapPoint.Net has simple interface hooks that don't return a lot of data, bu rather need significant data as input.

Sending data in a URI is a limited solution. How do you represent structured data. Its easier to express simple data in SOAP than to represent complex data in REST.

Ray uses an example from TellMe to show a place where REST doesn't work as well as SOAP: TellMe moved from the MapPoint v1 (REST) API to the MapPoint v3 API. The fact that it was a .Net interface forced Ray into a .Net implementation. Nevertheless, even had that not been the case, the message you send to MapPoint is complicated with lots of data, including a result mask.

That's not the end however, the CalculateRoute API allows not just a start and end point, but also an arbitrary number of waypoints along the way (to calculate the route for an entire trip).

Since this is a constant resource--the route won't change (much)--this should be a GET request with a URL. Designing such a GET request is difficult. There's no real standard for creating a REST protocol. There's no WSDL.

That's just the first half of the equation. You still need to process the results. REST doesn't define a vocabulary for the response. The fact that REST content varies from service to service makes this part hard to standardize as the request side of the system.

In summary, I think Ray made a few good points, but his argument was weak. There's certainly services, particularly those designed to work with .Net, that will be difficult to build as a RESTful service. Still, the dichotomy between big users, on one hand, and toolsets, on the other, pointed out in the first paragraph show, I think where the momentum lies. Ray's slides are available.

3:36 PM | Comments (1) | Recommend This | Print This

Building Darwin Projects (OSCON 2005)

Kevin van Vechten's talk was billed as "Customizing Mac OS X Using Open Source." Instead it was more about making your software buildable on OS X. That's OK. One tool he talked about was darwinbuild, a tool for managing software builds on OS X. Typing "darwinbuild" bash, for example, downloads the bash sources from the OpenDarwin Web site and builds it. Darwinbuild grabs just what you need and sets it up for the OS X build you have on your machine--or any release you choose.

1:06 PM | Comments () | Recommend This | Print This

Dick Hardt on Identity 2.0 (OSCON 2005)

Dick Hardt is giving a keynote on Identity 2.0. Dick is the founder of SXIP and a proponent of user-centric identity. He gives a great, no fantastic, presentation, but it's almost impossible to transcribe. Key point: Identity 1.0 is analogous to having to have the clerk at the convinience store call the driver's license bureau everytime you present your credential to get your birthday. Identity 2.0 is analogous to how credentials work in the real world: distributed and user controlled--the driver's license bureau doesn't know where you're presenting its credentials and who's accepting them.

12:35 PM | Comments () | Recommend This | Print This

Flexibility is Overrated (OSCON 2005)

David Hannson, originator of Ruby on Rails, gave a talk on Rails as a keynote today. Much of it was things I've already covered on the tutorial, but he said something that I think developers too often overlook:

Flexibility is overrated.

When you insist on flexibility over everything else, you sacrifice velocity and agility. Constraints are liberating. When you don't have to worry about every small detail, you can follow a path and worry about infrastructure.

I often tell engineers who scoff at software as somehow less rigorous because we can't use math to analyze what we do the way engineers do their designs that they're lucky the world constrains them so that relatively simple math works. Think about how hard engineering would be if the world wasn't mostly a linear place where boundary conditions were meaningful. Differential equations, as used by engineers, would be worthless.

I agree with Hannson: we should be willing to trade flexibility when it gives us better understanding and agility.

12:28 PM | Comments (1) | Recommend This | Print This

No Password Fields

At last night's Identity BOF, Meng Weng Wong, the founder of pobox.com, said something that frams the whole Identity 2.0 discusion perfectly: "I don't want my next Web application to have a password field in the database."

9:25 AM | Comments (2) | Recommend This | Print This

August 3, 2005

Rock On OSCON!

Gibson brought in a band for the Wednesday night reception.

Somebody at O'Reilly talked Gibson Guitars into being one of the sponsors of the conference. They're giving away Gibson guitars at sessions and Gibson even has a booth (with guitars you can try out) in the exhibition hall. Tonight at the reception, Gibson brought in a band (70 Proof). They were playing my kind of music. It was great.

7:56 PM | Comments () | Recommend This | Print This

Peter Yared on Building Web 2.0 Applications (OSCON 2005)

I went to Peter Yared's talk this afternoon on rapidly building Web 2.0 applications. Peter's the CTO of ActiveGrid, a company and an open source project.

Sun, J2EE, and Oracle powered Web 1.0. Web 2.0 is powered by LAMP.

In the past, we were solving impedance mismatch problems. noting talked to each other. App servers were meant to solve this (and other problems). Recently, the back-ends became standardized to jSomething. The front-end was the Web. Next (today?) is XML simplicity. Anything you want to talk to on the back end is exposed as XML over HTTP--even databases. Things have -- gotten simpler. Its hard to use the software for solving yesterday's problems to solve today's problems.

The active grid project provides a high level visualization tool for rapid application development. Graphical operations are just editing XML (BEL, XForms, XPath, etc.) The tool supports PHP, Perl, and Python. Wrapping all code as a Web service prevents scripting mayhem.

In addition, there's a backend installer that includes a Web server and database. The architectures of most Web applications depend on the deployment architectures. With Active Grid, the deployment is architecture independent.

Application flow is difficult to maintain. Active Grid uses BPEL to manage application flow. The graphical editor allows BPEL to be easily created and maintained.

If you define all your Schema as XML scheme and do all queries with Xquery, there's a single API for any datasource.

Java is overkill for simple control flow programming. Java requires a lot of overhead to handle unstructured data like XML since it's strongly typed. Java's primary selling point "write-once, run-anywhere" doesn't mean much in the LAMP/Intel world. Notice that no one says that anymore.

In the old world, inexpensive Web servers arbitrate connections to expensive applications server. That doesn't make as much sense in a world of fast 1-2 processor servers. Create a redundant array of inexpensive servers that share data and services.

Apache on Linux on commodity Intel boxes is the most optimized stack in the world. Its very fast. Use HTTP for intermachine communication.

What's missing? Process management, session replication, interface rendering, interface caching web services stack, autonomous and inter-node deployment patterns, and data caching. ActiveGrid has added those on top of Apache.

Autonomous node deployment patterns: single-node for simple non-mission-critical applications, database session for HA applications, cookie sessions for HA apps with small sessions. Inter-node deployment patterns: distributed sessions for HA application with large sessions, distributed replicated sessions for HA, fault tolerant applications, and distributed session with in place processing for HA apps with larger sessions.

Inter-cluster communications architectures require a dynamic distributed hash tables. ActiveGrid uses HTTP for this. The hash table allows machines to retrieve the session from the machine that has it (distributed sessions) or redirect the request to the machine that has it (in place processing).

Peter also talks about data caching patterns: timed pulls where each node retrieves data to be cached in a rolling manner at timed intervals, timed pulls to dedicated node, distributed RAM data caches which uses HTTP GETs to grab data from the node with the data, and in-place caching where results are cached where they hit and then broadcast.

XForms provide a way of creating a declarative user interface. On a request, the XForm can be adjusted to the role, rendered for the client, and then the data can be added. Before the data is entered, cache the customized, rendered form. Of course, a data cache can cache the data as well for a particular request. This allows smart caching of dynamic forms.

4:16 PM | Comments (2) | Recommend This | Print This

PUGS: A Perl Implementation in Haskell

I was in a talk by Brian Ingerson today on Perl 6 and learned about PUGS an implementation of Perl 6 written in Haskell. I was floored. I've been playing with Haskell for years and showing it to students; I love it for its ideas and elegance. Why did the PUGS team choose Haskell? "Many Perl 6 features have similar counterparts in Haskell: Perl 6 Rules corresponds closely to Parsec; lazy list evaluation is common in both languages; continuation support can be modeled with the ContT monad transformer, and so on. This greatly simplified the prototyping effort: the first working interpreter was released within the first week, and by the third week we had a full-fledged Test.pm module for unit testing." Very cool.

1:13 PM | Comments () | Recommend This | Print This

Open Source Software at Yahoo!

Jeremy Zawodny works for Yahoo! and knows MySql inside-out. He's speaking about open source and Yahoo!

There are several reasons Yahoo! uses open source:

  • Flexibility - Yahoo! customizes lots of OSS for its needs
  • Documentation is better in open source software.
  • Availbility for the platforms that Yahoo! cares about
  • Support is good and getting better.
  • Cost is an issue, especially at Yahoo! scales.

Jeremy lists out many of the open source products in use at Yahoo!:

On the server side, Yahoo! uses FreeBSD/Linux, Apache, C++ (and GNU tool chain), PHP, APC (caching and acceleration), Perl, and mdbm/MySql.

On the development side: Bugzilla, CVS, Request Tracker, Valgrind, Emacs and VIM, gcc/gdb, PhpMyAdmin.

Others include Python, Ruby, rsync, BIND, Qmail, Squid, ImageMagick, SSH, zlib/gzip, NNagios, rrdtool, Boost (C++ libs), Many CPAN modules, PEAR, and many more.

Yahoo! is also working on opening up APIs including RSS feeds, Flickr, and Konfabulator (Yahoo! Widgets), and the Yahoo! development network.

12:09 PM | Comments () | Recommend This | Print This

Testing as the Open Source Killer App

Kim Polece, from SpikeSource, is talking about software testing in open source software. She starts by talking about the architecture of participation. This architecture is characterized by:

  1. Commoditization of software
  2. Network-enabled collaboration
  3. Software customizability

and the shift from an "egosystem" to and open, thriving ecosystem.

Kim shows a power curve and talks about pahses in open source adoption. In the first phase, we buit and buit with, the tall end, left end of the power curve (Linux, php, Python, Mozilla, etc). In the second, phase, further to the roght on the tail of the curve, countless new building materials are piling up on the curve. Kim shows a list of these from just onee company that they talked to. There were dozens of build tools, runtime and class libraries in the list.

There are some problems:

  • Velocity mismatch. This refers to the release schedules for the multiple open source projects. Coordinating release schedules between components and managing compatibility is difficult to do.
  • Dependencies. This is not unique to open source, but its compounded by the variation and number of components. When you patch one component of your stack, does the entire stack get hosed?

The largest independent IT shops formalize their DIY proceses for building with open source. Smaller shops don't have that luxery.

This leads to phase thre: IT becomes core and outsources the infrastructure tasks, including testing, certification, and so of open source packages. Testing is the biggest single refacoring shift in computig today. Its at the core of managing dependencies and velocity mismatch. We need testing on a massive scale.

Now a word from our sponsor: this is what SpikeSource does.

Testing has been the ugly stepchild of software for as long as people have been writing code. Microsoft has a 1:1 ratio of QA to developers. The run 500,000 test scenarios for any given product line. Thhere are 100,000 open source products already. How can as scale this?

To solve testing on a masive scale, you need participation by the community and automation. This is just one more architecture of participation, going back to Tim's talk. Testing is just one service among many in the open source market place. Developers and users benefit from a pervasive testing regime.

Testing will do for open source what it did for chip design a generation ago. It made possible chips that couldn't be built before.

Kim finishes with a plea: "come test with us."

12:04 PM | Comments () | Recommend This | Print This

O'Reilly Radar (OSCON 2005)

Tim O'Reilly's giving the traditional O'Reilly Radar, a talk from Tim about what he sees coming down the pike and the "faint signals of the future" along with Nat Torkington, the conference chair.

One of the things that was interesting to Nat was that there was a significant interest on Mozilla, AJAX, and Ruby on Rails at the conference.

Tim mentions his "open source paradigm shift" theory (he doesn't go into detail, see the paper). The theory proposes an analogy between the rise of the PC and the path open source is on: subsystem-level lock-in (Intel on one side, MySQL, jBoss, etc. on the other), integration of commodity components (Dell vs. Apache, Linux, Mozilla, and Perl), and Network effect lock-in (Microsoft vs Web 2.0--eBay, Amazon, etc.).

Will Web 2.0 be an open systems? What do open services look like? Data is the "Intel Inside" in this world. Do we need a "Free Data Foundation" in 2010? How does the paradigm shift change out business models and delveopment practices? Who should we be watching and learning from? There are some developments with implications for Web 2.0:

  • Ruby on Rails - will it be the Perl of Web 2.0?
  • GreaseMonkey - cracks open Web sites without having to get inside the server.
  • HousingMaps.com - a mash-up of Craig's List and Google maps. This is unique because it was the first example of a Web service that wasn't just about connecting to one single service provider. Instead it was outside both and connected them in an interesting way.
  • Del.icio.us - O'Reilly uses it as a source of data about what people care about.
  • Findory - a service for managing the information stream and making recommendations based on the contents of your information stream.
  • Internet Telephony - Asterix, Skype, BroadVoice, etc. Nat tells of a hacker who has his home phone going through a Linux server and puts a whitelist on it so you can't make the phone ring between 11pm and 7am.
  • Opening up hardware, not just software - Make magazine, the Hacks series demonstrate the interest people have in this.
  • The computer book market has hit bottom and started to rebound in 2004, an indication that the industry as a whole is doing better.
  • Java books (including books on open source Java components) have picked up from a long decline.
  • Sampling skills from job boards shows that SQL is the top skill (18% of job listing list it). Perl is at 6%, equal to VB, bigger than C#.

11:55 AM | Comments () | Recommend This | Print This

August 2, 2005

Paul Graham on open source and blogging

I posted some of what Paul Graham said on open source and blogging tonight over at Between the Lines.

10:14 PM | Comments (2) | Recommend This | Print This

Plone Sites

Kelly Flanagan went to the Plone tutorial and reports that the government's 5-a-day site is built on Plone with no code changes (just CSS). I love to see open source tools used on eGoverment sites.

6:08 PM | Comments (1) | Recommend This | Print This

Hearing Damian Conway in Provo

Damian Conway (who's tutorial was just described) is an excellent speaker. I've never heard him give a presentation I didn't really enjoy. While he's in the US, one of his stops is Provo Utah and he'll be speaking to the Provo Linux User's Group on Wed Aug 10 at 6:30 pm in UVSC, Room CS 404. Not only that, but O'Reilly will be sending some books out to be given away. I wish I could be there, but I'll be on vacation.

5:55 PM | Comments (1) | Recommend This | Print This

Best Practices fo OO Perl (OSCON2005 Tutorial)

Damian Conway is giving a tutorial on Best Practices in Object Oriented Perl based on his new book: Perl Best Practices. What is a "best practice?"

  • Same as the rest of Perl
  • Seek code that
    • minimizes chances of "enbugging"
    • makes it easy to detect failed edge cases
    • scales to larger datasets
  • Robust (create techniques that extend and incorporates new functionality)
  • Efficient (play to Perl's strengths and avoids its weakness while minimizing resource usage)
  • Maintainable (optimize for comprehension)

Make OO a choice, not a default - Choose OO when

  • When the system to be built will be large
  • Data can be aggregated into obvious structures and there's lots of data in each aggregate
  • The various types of data form a natural hierarchy that facilitates inheritance and polymorphism
  • The implementation of high-level operations on data varies according to data type (polymorphism is a big benefit here)
  • Its likely you'll have to add new data types later
  • Interaction between data are best represented by operators
  • You have a piece of data on which many different operations are applied
  • And, those operations have standard names, regardless of the type of data they're applied to
  • Implementation of individual components is likely to change, especially in the same program
  • The system design is already object-oriented
  • Large numbers of clients will use your code

Don't use pseudohashes or restricted hashes - Pseudohashes are prone to subtle errors, especially when used in inheritance hierarchies. Restricted hashes were developed to replace pseudohashes, but the can be unreliable. So..

Always use fully encapsulated objects - Put the contents of the class in a block (scope the variables). Bless a reference to a lexical scalar: 

{
my % root_of # ...properties that are locally scoped

sub new {
  my($class, $root) = @_;
  my $new_object = bless \do{my $anon_scalar}, $class;

  # initialize objects "root" attribute
  $root_of{ident $new_object} = $root;  # ident from Class:Std:Utils
 
  return $new_object;
  }

sub get_files {
  my ($self) = @_;
   ... $root_of{ident $self};   ...

  }

}

Damian calls this an "inside-out" object since normally an object is a hash with the information inside it. This has the hashes inside.

The differences in the above code are minor, but the combined effect is enormous. The client code gets nothing but an empty scalar which can't be messed with.

Give every constructor the same standard name - There is only one acceptable name: new. Its short, accurate, and predictable. This makes it comprehensible in six months time.

Always provide a destructor for every inside-out class - Since inside-out objects always have external resources, they must manage them explicitly to prevent memory leaks. The destructor should remove references for that object: 

sub DESTROY {
  my($self) = @_;

  delete $root_of{ident $self};
  ...  
  return;
  }

This need for a destructor is the only disadvantage of inside-out objects over blessed hashes and other methods.

Methods should, in general, have fewer arguments than subroutines since methods have access to the data in the object. If that's not true, you should re-evaluate your design. Ordinarily, its unacceptable to name subroutines after built-ins, but that's not true of methods since they're called with a different syntax and there's not ambiguity.

Provide separate read and write accessors - Use setters and getters rather than a single overloaded method. If you only have one, every time you run the method, you have to do a test on the argument list. Getting is much more frequent than setting. Why impose a cost on something you do 99% of the time for something you do 1% of the time. What's more, it can confuse intention, for example, when you don't need a setter.

Don't use lvalue accessors - lvalue subroutines return the actual thing instead of a copy. (This is how substring works, for example.) The obvious problem here, from an OO perspective, is that it breaks encapsulation.

Don't use indirect object syntax - Indirect object syntax is when you put the object name after the method. You can run into trouble with built-ins, etc. leading to ambiguity and difficult to find bugs.

Provide an optimal interface, rather than minimal one - this reduces maintainability since it forces each programmer invent a subroutines to do common tasks. External subroutines are also less efficient since they don't have access to internal data. Provide commonly used and needed, rather than just essential, functions.

Only overload the isomorphic operators of algebraic classes - missed this. :-( I think it means to ensure that overloaded names have expected behaviors or something like that.

Always consider overloading boolean, numeric, and string coercions. Objects used as booleans are always good. Objects used as numbers are always bad. Objects used as strings are always ugly. You can use the overload module to overload q(0+), q(bool), and q("") to make these behave nicely. One thing you can do is just make the croaks to kill programs that are using objects in funny ways.

Don't directly manipulate the list of base classes - Don't assign directly o @ISA, rather use use base .... This ensures the relationships are set up as early as possible.

Use distributed encapsulated objects - When you create inside-out objects, there's no reason that lexically-scoped hashes that store variables need to be in the same lexical scope as long as derived class have access to them.

Never use the one-argument form of bless - Derived classes will bless their objects into the base class if you do. Bless's default behavior is static and blesses its argument into the