Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed
Add to Google

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Understanding RSS
Digital ID Policies
Understanding VoIP
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Copyright

Copyright © 2002-2006 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« July 2005 | Main | September 2005 »

August 31, 2005

IT and Katrina

Yesterday I posted a piece at ZDNet's Government IT blog on turning hopeless victims into smart mobs. This was a reflection of some interesting ideas that David Stephenson has been posting about how IT can help in homeland security and disaster preparedness. He's not the only one obviously.

Doc Searls, at the IT Garage, is asking "how does IT help with Katrina recovery?" and offering a place where IT folks can post stories about their experiences with Katrina. He's also pointing to the Slidell Hurricane Damage Blog.

The Slidell blog is maintained by Brian Oberkirch who lists his contact information prominently on the front page. Slidell is near the Northeast corner of Lake Pontchatrain, about five miles West of the Mississippi border and 20 miles Northeast of New Orleans. The blog contains photos, announcements, updates from county officials. This blog is a perfect example of what smart mobs can do to help in a disaster.

There are also katrina tags at Flickr, del.icio.us, and Technorati.

9:14 AM | Comments (1) | Recommend This | Print This

August 29, 2005

First Day of School

Classes start today at BYU. I actually teach on Tuesday and Thursday, so I've got another day yet. I'm teaching a class on programming language design (using Scheme) and large scale distributed system design. I've changed the text for the distributed system design class to Web Services by Gustavo Alonso, et. al. It's the first real text I've found that covers the material I want in the class.

One of the first things I have my students do is set up a Linux server. We use UML to put multiple sets of students on a single box. This year, we tried to get the SpikeSource stack working for the class, but it wouldn't work on UML. That doesn't surprise me. UML is very finicky. We may have to try Xen next time. If anyone has experience with the SpikeSource stack on Xen, I'd be interested in hearing about it. In the meantime, Dan Olsen, my TA, put together a set of instructions for setting a a Linux server for the class.

8:19 AM | Comments (4) | Recommend This | Print This

August 26, 2005

GTalk and the Google Identity Strategy

I just put up a piece at Between the Lines on Google's identity strategy and how GTalk plays into that. If you're an OS X user, GTalk works with iChat. If you've already got a GMail ID, you just use that. No need to even sign up for anything. You're already a member.

2:41 PM | Comments (1) | Recommend This | Print This

Mark Dixon on Identity

Mark Dixon, who works for Sun and grew up in Idaho (like me), is blogging about identity. Some interesting stuff there.

1:07 PM | Comments () | Recommend This | Print This

Orrin's a Blogger Now

A week or so ago, Steve Urquhart asked "what things could Orrin do that would show my campaign has him worried?" The obvious answer was "start to blog." Well, Orrin's started his blog. There's one post so far, and it's pretty much just cut and pasted from a letter he sent convention delegates last week. There's no permalinks, no RSS feed, and no comments (only a box to send feedback to Orrin). I'll be interested to watch it over the coming weeks and months to see if there's anything like a real voice in the posts that shows Orrin's actually writing it.

11:21 AM | Comments () | Recommend This | Print This

CTO Breakfast Report

We had the CTO Breakfast this morning and there was lots of interesting discussion and more people than we've ever had before. Much bigger and we'll need a different room.

Here are some things we talked about:

  • China. This seems to be a topic that comes up a lot at these breakfasts. Interestingly, not much of the discussion is about "outsourcing" but rather about opportunity. Two books that came up: Friedman's "The World is Flat and Fishman's China, Inc.
  • This morphed into a discussion of online games when we discussed an edict by the Chinese government to limit game playing to 3 hours per day.
  • Tom Gregory from the State School Board was here this morning and so we got into a discussion of education and technology in education.
  • Joel Sobrowsky, EVP at Dynamic City, was here and gave us an update on Utopia, the big muni-broadband project in Utah. Utopia is now passing homes and businesses in all six of the Phase I cities--that's about 50,000 homes. Phase II will be another 50,000 homes in those cities. Phase III will complete all of the Utopia cities. Call Sue @ 1.888.FIBER4U to get information on when they'll be in your neighborhood. The most popular product on Utopia so far has been a 10Mb/s symmetric link. Pay attention, that's symmetric. We decided the Utopia ought to run a bandwidth test site inside their network for customers to verify that.
    On Sept 19th-21st, Salt Lake City will host the Broadband Cities Conference. Utopia will be running 100Mb/s links to the booths at the conference to show the power of real broadband.
    Next month we'll invite Utopia's CTO, Jeff Fishburn, and get some maps and get all the details.
  • Willi Donohue, an old friend was most recently with BMC in Houston, was here this morning. He's returned to Utah and is working with Cogito now. I've been worried about Cogito after the management shake-up, but knowing Willi's there gives me some confidence. Ian Stiles, their CTO, who I hadn't met before came today as well.
  • At 9:30 a bunch of people took off, but the group that was left was pretty hard-core hacker/dynamic language guys. We got a report on Damian Conway's talk in Provo a couple of weeks ago. Damian was here to do some consulting with United Online, probably the largest employer of Perl programmers in Utah. I also found out that "why the lucky stiff" is from Utah! Wow and cool. I loved his OSCON presentation and his Guide to Ruby with Cartoon Foxes is a classic.
  • Scott Lemon reported on Firepoll, a Utah company that pays people to answer questions for companies online. He says he makes a couple of bucks a year. (Unfortunately, there's no OS X client--why not just do it online so there's no client?) We concluded that this would be a good IM application, but of course, IM bots have been patented.
  • On that same line of thought we discussed a new business for Google, given their new GTalk launch. Let people sign up to answer questions for people and let them specify their expertise. When people ask questions (as a paid service), the question gets IM'd to anyone in that area online. Everyone who wants to can look at how much the question pays and answer if they want. Google processes the results, returns them to the user and people get paid for their answers based on click-thru.
  • This turned into huge discussion of digital identity. Too much, too fast to keep track of.

10:37 AM | Comments (1) | Recommend This | Print This

August 25, 2005

Splogs and Paid Content

Doc Searls has a long and thoughtful piece about the relationship between splogs, intermediaries like Google and Yahoo!, and paid content providers (most notably newspapers). Splogs are blogs that are just link farms and have no human author adding value. They are mostly autogenerated by programs for the exclusive purpose of getting a high ranking for a particular keyword and then reselling AdSense ads. For another look at the same problem, see this post by Tim O'Reilly.

As Doc points out, splogs are a cancer that is threatening the whole idea of an Internet with free content. Just as phishing has essentially destroyed email as a channel for financial institutions to communicate with their customers, splogs threaten search engines and blogging. Doc has a suggestion for dealing with the problem:

I suggest that everybody in the search engine business, including all the Static Web and Live Web companies I listed above, pool their knowledge and expertise, and beat a cancer that (in my humble but considered opinion) threatens the whole Live Web, including blogging in particular and frequently updated free content in general.

Across the search engine marketplace, there is an enormous amount of duplicated effort fighting splogs and other forms of blog spam. There is also an open source solution to this: share the know-how. Even the data (perhaps through a public list of offenders).
From The Doc Searls Weblog : Thursday, August 25, 2005
Referenced Thu Aug 25 2005 11:53:25 GMT-0600 (MDT)

12:00 PM | Comments (2) | Recommend This | Print This

August 24, 2005

Utah Legislature Wins Online Democracy Award

The Utah Legislature won the Online Democracy award for it's Web site. That's cool. It really is a very good site and they've done a lot to add RSS, audio files of committee meetings, and other features that make it more usable. Congratulations!

4:14 PM | Comments () | Recommend This | Print This

August 23, 2005

Aradyme Is Hiring!

Aradyme, who has a nifty dynamic database, is looking for software engineers, both contract and full time. Right now, they're looking for C# expertise. I've been working with them in a CTO coach capacity. There's some fun stuff happening there and I think they're well-positioned. Give them a look if you're looking.

6:00 PM | Comments (1) | Recommend This | Print This

Internet Identity Workshop Registration

If you've tried to access the announcement or registration page for the Internet Identity Workshop in the last several days, then you'll know that they've been down. I apologize. BYU is handing out new public IP addresses and for some reason that led them to drop some zones in the DNS file as well; it's been a mess. In any event, it's back now. So far there have been 16 registrations. If you work for an entity that won't let you use Paypal to pay, I've added instructions for paying by check.

3:27 PM | Comments () | Recommend This | Print This

Corporate Policies for Handling ID Data

Dave Kearns wrote a column at Network World about my book, Digital Identity. The focus of the column is the identity policy templates I wrote for the book. They've been getting a lot of attention, if downloads are any indication.

I actually wrote them because I found as I wrote the chapter on policy that it was almost impossible to do without some examples. I had a few that we'd done at Utah and some samples off the 'Net here and there, but nothing complete and coherent.

Digital identity policy stack (click to enlarge)

The idea behind the policies is that identity is foundational to many other things, including computer and network security. Thus, there ought to be identity policies that are separate from and serve to enable good security policy. The picture at the right shows how this works. The blue boxes in the middle are the identity policies. Security policies are just one of the top boxes. The bottom tier is the interoperability framework--a completely different discussion.

The policies I wrote include the following:

I wrote these are Word documents since the idea is that these are templates that you can download and tailor to your own organization. Over the coming weeks I'll write an article describing each one of these as well as some other identity policy considerations.

7:55 AM | Comments (4) | Recommend This | Print This

August 22, 2005

CTO Breakfast this Friday

We'll be having the CTO Breakfast this Friday at 8am. You don't have to be a CTO to come, just interested in information technology and product development.

The breakfast will be held in the executive conference room of Building L (the food court) at Canyon Park Technology Center in Orem). See

http://www.windley.com/cto_forum

for more information on the location. I hope you can make it.

Future breakfasts will be held on the following days:

  • September 30 (Friday)
  • October 28 (Friday)
  • December 2 (Friday)

Mark your calendars.

6:38 PM | Comments () | Recommend This | Print This

Open Source Identity Tools in Java

From Managability.org, here's a nice list, with brief commentary, of open source tools for identity management written in Java.

12:22 PM | Comments () | Recommend This | Print This

August 19, 2005

Building an Identity Management Architecture

I've got a new article up at the O'Reilly Network called Identity Management Architectures and Digital Identity.

There's also a sample chapter of Digital Identity up now. It's the chapter that introduces the concept of Identity Management Architectures.

9:59 PM | Comments () | Recommend This | Print This

The Four Five 'Net Freedoms

I've just written my first article over at the ZDNet Government blog on the Four Five 'Net Freedoms. Fun stuff...

2:57 PM | Comments () | Recommend This | Print This

Vacations and Hot Potatoes

Steve writes:

In order to take a vacation, you have to have a job from which to vacate. I've had a number of vacations over the past 5 years, but the name for them has been "fired" or "laid off" or other euphemisms for "It's time for you to start thinking about Steve Gillmor." Like I was worrying about Michael Gartenberg's career the whole time.
From » Vacation | Steve Gillmor's Inforouter | ZDNet.com
Referenced Fri Aug 19 2005 08:32:31 GMT-0600 (MDT)

Steve notes that August used to be the traditional time for vacations, but there doesn't seem to be much of a let up in things vying for attention anymore--even in the dog-days of summer.

If you sent me email while I was on vacation, you got back a note telling you that your email wasn't saved and that you'd have to resend it when I got back. Sorry if any were offended, but I simply turned email off. When I got home, I turned it back on and I didn't have thousands of messages to slog through. More importantly, however, there weren't forty tasks waiting for me that people had given me while I was gone.

Email has become like a game of hot potato. Everyone's anxious to clear their box, so they "delegate" whenever they can to you. I don't know why we've created a world where we feel like people we don't even know can task us, but we have. When I bounced email back, it forced people to think about whether they really wanted to send me that note (or task) and often, they decided they didn't. Steve Fulling remarked that he had a dozen things he thought about sending me, but because he knew he'd have to save it and keep track of it (instead of me), he only kept three.

I'm not sure that there's a larger answer here. I'm not advocating bouncing email back on a regular basis, but as a vacation tactic it worked well. I think it comes down to a few simple rules:

  • Think before you send an email when you're creating work for someone else and make sure its truly important.
  • Don't feel obligated to respond to tasks from people (even a simple task like replying to a question.
  • Don't be offended when you don't get an response to an email sent--the person you sent it to is just as busy as you are.

8:32 AM | Comments (2) | Recommend This | Print This

August 17, 2005

CheapGas: Another Google Maps Mash-up

Cheap Gas in Utah County (click to enlarge)

In a story about the recombinant Web, Dan Farber points out CheapGas, a mash-up between Google Maps and GasBuddy. The picture at the right shows the cheapest gas (that Gas Buddy knows about) in Utah County. Nothing too cheap, mind you.

10:35 AM | Comments () | Recommend This | Print This

Community Broadband or Roach Motels

Britt Blaser has an excellent essay up now on the real reasons for building community broadband networks. Qwest, Comcast, and other private providers of service want you to think it's about keeping government out of competition with private providers. But as Britt rightly points out, it's really about public discourse and building the infrastructure to support it:

If you believe in public discourse, you are. Let's not fall into the trap of defending technical and turf issues when the real issue is whether a people united deserves an Agora. We can join together to push harder on the politicians we elect than do the lobbyists and consultants the politicians think they must please.

I want to start with a conversation about whether New Yorkers have an inalienable right to equip themselves to participate in the global conversation at a rate typical of a leading first-world nation, rather than at the level of a trailing first-world nation. (Actually, I want more than a conversation, because there's too much conversation on the web and not enough action. I want a forum with real political power: one where, after our solution becomes obvious, we have the specific means to compel the politicians to get off their expensive asses and do something useful.)
From Escapable Logic
Referenced Wed Aug 17 2005 06:56:39 GMT-0600 (MDT)

I've written about this same issue before in regards to iProvo and Utopia (two community broadband projects in Utah), although not as eloquently as Brit. One of my main points has been that carriers are building walled gardens, not the agora, as Britt puts it, that we need to enable so many important public activities. What's more important, they never will.

I sat in an Orem City Council meeting over a year ago and listened to a representative from Comcast tell them about all the wonderful things Comcast was doing to for Orem residents. And it was wonderful--on the surface. If you listened carefully, however, the message, loud and clear, was this: we build the products, you pay us money to consume them. In other words, Comcast's vision was completely unidirectional. There was no sense of the broadband network as an infrastructure where anyone could produce interesting things (like blogs, video, podcasts, etc.) and distribute them. Comcast's vision was all about a one-way street where deliveries were made but packages were never picked up. Maybe instead of "walled gardens" a more apt metaphor would be "roach motels."

Britt's piece isn't just an essay, however, its a call to action. Specifically, a call to support Andrew Rasiej's campaign for NYC Public Advocate. If we are not willing to support (vote and donate) to people who understand technology and what powers innovation, then we'll get the nation we deserve. (See my post on Beating Hatch.) I went over to Rasiej's site, found him to be just that kind of guy and made a donation.

7:08 AM | Comments () | Recommend This | Print This

August 16, 2005

Chad Dickerson's New Home

Chad Dickerson, who was the CTO at InfoWorld, has a new home on the web, as well as a job. He's now working for Yahoo! Search. Chad's one of the good guys and someone I've come to admire and enjoy while working with him at InfoWorld. I hope he enjoys the new gig.

9:34 PM | Comments (1) | Recommend This | Print This

Identity and Spam

Scott Mace has an interesting interview with Scott Chasin, CTO fo MX Logic about Spam and the underlying problems with the SMTP protocol. Not surprisingly, much of the solutions that Scott discusses with Scott have to do with identity.

5:04 PM | Comments () | Recommend This | Print This

The Best Software Writing by Joel Spolsky

I had the opportunity to read a copy of Joel Spolsky's new book The Best Software Writing I and interview Joel about it for the Technometria podcast on IT Conversations. The interview was a pleasure to do and the book is great. I really enjoyed it.

Joel didn't write the book per se but rather selected 30 examples of good writing from nominations given him by the readers of his blog. He also introduces each one. If you're interested in writing, especially technical writing, then this book is must read.

10:15 AM | Comments () | Recommend This | Print This

Hey! That's My Domain Name!

The lawyers liquidating the assets of Excite@Home have finally gotten around to selling to its domain names. The article at MSN features stuff.com in the tagline and also mentions the sale of shoppingcart.com for $285,000. Those were both domain names that I purchased at iMall and went to Excite@Home when we sold iMall to them. I paid $5000 for stuff.com and, I think, $2000, for shoppingcart.com in 1998. The attorneys were not as careful as they should have been with these names. There's a lot more that expired and lost before they got around to selling them. For example, imall.com expired and was renewed by someone else in 2001. Having watched a few of these, I think bankruptcy attorneys are not very good at managing, valuing, and selling non-tangible assets like domain names and IP.

10:07 AM | Comments () | Recommend This | Print This

August 12, 2005

Decontructing the Enterprise Service Bus

Over at Between the Lines, Dan Farber has a pointer to a free report from Patricia Seybold Group on enterprise service busses. Its a great tutorial that clears up a lot of the terminology and technology behind ESBs.

10:55 AM | Comments () | Recommend This | Print This

August 11, 2005

You Want Revolution?

One more data point on the AJAX hype cycle:

The Netscape threat that led Microsoft to wage the browser war and cross swords with antitrust regulators around the world is -- at long last -- poised to become reality. Software experts say recent innovations in web design are ushering in a new era for internet-based software applications, some of the best of which already rival desktop applications in power and efficiency. That’s giving software developers a wide open platform for creating new programs that have no relation to the underlying operating system that runs a PC.
From Wired News: You Say You Want a Web Revolution
Referenced Fri Aug 05 2005 09:50:24 GMT-0700 (PDT)

10:48 AM | Comments (2) | Recommend This | Print This

August 10, 2005

Overloading: Syntactic Heroin

ACM Queue has an article entitled Syntactic Heroin which says that user-defined overloading (ad hoc polymorphism) is a drug.

User-defined overloading is a drug. At first, it gives you a quick, feel-good fix. No sense in cluttering up code with verbose and ugly function names such as IntAbs, FloatAbs, DoubleAbs, or ComplexAbs; just name them all Abs. Even better, use algebraic notation such as A+B, instead of ComplexSum(A,B). It certainly makes coding more compact. But a dangerous addiction soon sets in. Languages and programs that were already complex enough to stretch everyone’s ability suddenly get much more complicated.
From ACM Queue - Syntactic Heroin
Referenced Fri Aug 05 2005 09:30:29 GMT-0700 (PDT)

This echoes comments that Damian Conway made last week at OSCON regarding Best Perl Practices. Students seem to be especially taken with overloading when they learn about it. Its a novelty to be able to define syntax looks like its a built-in. This article points out the dangers.

10:28 AM | Comments (2) | Recommend This | Print This

August 9, 2005

Bob Woolley on Enterprise Computing Practices

Bob Woolley is extremely knowledgeable on enterprise computer architecture and planning issues and...he's now got a blog. Recommended reading for people who care about enterprise computing.

9:42 AM | Comments () | Recommend This | Print This

August 8, 2005

Howtoons

One of the fun things I discovered at OSCON was Howtoons, a collection of cartoons that teach kids how to do things. I'll definitely be showing it to my kids.

11:04 AM | Comments () | Recommend This | Print This

Identity Policy Templates

One of the chapters in my book on Digital Identity is on identity policies. I've created a set of identity policy templates to augment the material in the book.

Speaking of the book, I received a copy in the mail Friday, so it's definitely done. I have to admit it was a good feeling to thumb through it.

8:35 AM | Comments (1) | Recommend This | Print This

August 6, 2005

Identity Rights Agreements

In my Digital Identity book, I mention that even though most people hate digital rights management (DRM) schemes on digital goods like software and music, that's exactly what we'd all like for our identity information. For example, I'd love to be able to control how my bank uses, stores, shares, etc. my SSN when I'm forced to give it to them.

On the train from OSCON to the airport, I was talking with Doc, Dizzy, and St. Peter about identity and Dizzy brought up the idea of doing something like Creative Commons (CC) for identity--essentially a voluntary DRM not unlike a non-disclosure agreement. We started calling it an Identity Rights Agreement (IRA). Here's some thoughts:

IRA's should come in a limited set of configurations, like CC. This makes it easy for people to choose and become familiar with what they mean. So, they might be:

  • Post publicly (broadcast)
  • Share with anyone, but can't broadcast
  • Share with self and partners with which you have a legal agreement to honor this agreement
  • Keep to self
  • Stored encrypted
  • Use for this purpose and destroy

These are just suggestions. There might be more and they certainly need better names and descriptions.

Another issue surrounds granularity. Ideally, each assertion on the identity would be able to be separately licensed. I am glad to have my URL shouted from the rooftops, but I want my phone number kept, but not shared. My SSN, I want used and then destroyed, or at least stored in encrypted form. Just off the top of my head, I think some kind of microformat would be the right thing here since it could be layered onto other mark-up and be displayable as well.

The IRAs would be voluntary in the sense that not technology or system enforces them, but they could be made legally binding by the use of electronic (not digital) signatures. By federal law, an action (clicking on a Web page, for example) can be legally binding under certain circumstances. A request for identity information could return the agreement (in machine and human readable form) and then the request for the actual identity attributes would constitute the agreement.

Certainly, much of this would have to be worked out by those more expert in the law than I. You can't really have a functioning Identity 2.0 infrastructure, however, without some way of attaching hints and rules for acceptable usage to attributes.

9:11 AM | Comments (2) | Recommend This | Print This

August 5, 2005

MVC in Perl (OSCON 2005)

Perrin Harkins, a Senior Engineer with Plus Three, is speaking on MVC Web development with Perl. He's going to talk about three. The trade-off and primary difference is how much help they give you and the resultant loss of programmer freedom. In order of least restraining to most restraining, he's discussing: CGI::Application, Catalyst, OpenInteract2 (OI2).

These all do some code generation and can pretty much automatically generate standard, single-table CRUD (create, read, update, and delete) application with a Web front-end to a database.

Perrin demonstrated each by building the same application. He choose an application that uses multiple tables to make it a little more complicated.

After listening to the presentation, I think I lean towards using CGI::Application because it seems closer to how I program Perl on the Web.

12:20 PM | Comments () | Recommend This | Print This

PlaceSite: Making HotSpots Social

I stopped by a demo by Sean Savage this morning on PlaceSite, a system for letting people share information (like who they are, where they are, etc.) locally over Wi-Fi hotspots. Say you're in a coffee shop in downtown Salt Lake and it has a PlaceSite installed, when you open up your browser, you see not only who's there, but even who's close-by. It seems well designed and it's open source. Sean and two of his friends (Damon McCormick and Jon Snydal) built it as a part of a MS project at Berkeley this year.

PlaceSite is built on top of the OpenWRT project that I covered at the last ETech. Consequently, you don't need a server, just a Linksys WRT54G wireless router to run PlaceSite. That's a big plus.

Scott Lemon and I have discussed this kind of idea before for community service announcements, local advertising, etc. Here's a platform you build on Scott.

11:30 AM | Comments () | Recommend This | Print This

Linux on the Desktop (OSCON 2005)

Asa Dotzler wrote an essay a while back called Linux Not Ready for the Desktop. It was controversial enough (surprise) that Nat asked him to come present at OSCON. Here are his main points:

For regular people to see the value of Linux on the Desktop, it will have to install alongside Windows and bring over all their settings from bookmarks to wallpaper.

API stability is an important story. You shouldn't have to jump through hoops to install packages that you don't get from your distro. On Windows, one Firefox installer installs on every Windows version.

Complexity and choice scare regular people. There are too many distro choices, there are too many desktop choices, there are too many applications, there are too many application settings, etc. Then there's clipboard madness.

Linux must feel comfortable to users. Don't mess with the expectations of Windows users. This includes keyboard shortcuts, button positions, and even th panel position. Its foolish to deviate from what people expect when the value of that deviation isn't high or the cost is.

10:19 AM | Comments () | Recommend This | Print This

August 4, 2005

National Sex Offender Registry

I just put an article at Between the Lines that critical of the DoJ's new sex offender registry. A check of the site yields some interesting data. First, the site is hosted by Millenium Interactive Technology in Tallahassee FL. The site is served from IIS on Windows 2003. Ugh.

6:03 PM | Comments (1) | Recommend This | Print This

Don't Drop the SOAP (OSCON 2005)

Randy Ray of Tellme Networks, Inc. is giving a talk called "Don't Drop the SOAP." His basic thesis is that Web services require complexity. Ray says that there's nothing wrong with having simpler protocols, only in assuming that they replace more complex ones. In the intro to REST and SOAP, Ray discusses some of the big adopters. Interestingly, for REST he lists Amazon and Google, while for SOAP he lists .Net and Axis. Toolkits are not the same as users.

He begins by trying to counter some of the arguments RESTians make against SOAP. I'm not sure he made many points. I didn't find the arguments all that credible. He would have been better off, I think, in skipping this and making his main point: some things require SOAPs complexity.

A detour: Ray offers XML-RPC is a middle road that is simpler than SOAP and handles structured data better than REST. There are over 80 implementations in over 30 languages for XML-RPC. Pretty good coverage.

Don't confuse complexity and detail. Amazon returns a lot of data, but that doesn't make it complex. Amazon has a simple interface since the URI really comes down to the ASIN, the key for the data related a any given product.

On the other hand, complex services like MapPoint.Net has simple interface hooks that don't return a lot of data, bu rather need significant data as input.

Sending data in a URI is a limited solution. How do you represent structured data. Its easier to express simple data in SOAP than to represent complex data in REST.

Ray uses an example from TellMe to show a place where REST doesn't work as well as SOAP: TellMe moved from the MapPoint v1 (REST) API to the MapPoint v3 API. The fact that it was a .Net interface forced Ray into a .Net implementation. Nevertheless, even had that not been the case, the message you send to MapPoint is complicated with lots of data, including a result mask.

That's not the end however, the CalculateRoute API allows not just a start and end point, but also an arbitrary number of waypoints along the way (to calculate the route for an entire trip).

Since this is a constant resource--the route won't change (much)--this should be a GET request with a URL. Designing such a GET request is difficult. There's no real standard for creating a REST protocol. There's no WSDL.

That's just the first half of the equation. You still need to process the results. REST doesn't define a vocabulary for the response. The fact that REST content varies from service to service makes this part hard to standardize as the request side of the system.

In summary, I think Ray made a few good points, but his argument was weak. There's certainly services, particularly those designed to work with .Net, that will be difficult to build as a RESTful service. Still, the dichotomy between big users, on one hand, and toolsets, on the other, pointed out in the first paragraph show, I think where the momentum lies. Ray's slides are available.

3:36 PM | Comments (1) | Recommend This | Print This

Building Darwin Projects (OSCON 2005)

Kevin van Vechten's talk was billed as "Customizing Mac OS X Using Open Source." Instead it was more about making your software buildable on OS X. That's OK. One tool he talked about was darwinbuild, a tool for managing software builds on OS X. Typing "darwinbuild" bash, for example, downloads the bash sources from the OpenDarwin Web site and builds it. Darwinbuild grabs just what you need and sets it up for the OS X build you have on your machine--or any release you choose.

1:06 PM | Comments () | Recommend This | Print This

Dick Hardt on Identity 2.0 (OSCON 2005)

Dick Hardt is giving a keynote on Identity 2.0. Dick is the founder of SXIP and a proponent of user-centric identity. He gives a great, no fantastic, presentation, but it's almost impossible to transcribe. Key point: Identity 1.0 is analogous to having to have the clerk at the convinience store call the driver's license bureau everytime you present your credential to get your birthday. Identity 2.0 is analogous to how credentials work in the real world: distributed and user controlled--the driver's license bureau doesn't know where you're presenting its credentials and who's accepting them.

12:35 PM | Comments () | Recommend This | Print This

Flexibility is Overrated (OSCON 2005)

David Hannson, originator of Ruby on Rails, gave a talk on Rails as a keynote today. Much of it was things I've already covered on the tutorial, but he said something that I think developers too often overlook:

Flexibility is overrated.

When you insist on flexibility over everything else, you sacrifice velocity and agility. Constraints are liberating. When you don't have to worry about every small detail, you can follow a path and worry about infrastructure.

I often tell engineers who scoff at software as somehow less rigorous because we can't use math to analyze what we do the way engineers do their designs that they're lucky the world constrains them so that relatively simple math works. Think about how hard engineering would be if the world wasn't mostly a linear place where boundary conditions were meaningful. Differential equations, as used by engineers, would be worthless.

I agree with Hannson: we should be willing to trade flexibility when it gives us better understanding and agility.

12:28 PM | Comments (1) | Recommend This | Print This

No Password Fields

At last night's Identity BOF, Meng Weng Wong, the founder of pobox.com, said something that frams the whole Identity 2.0 discusion perfectly: "I don't want my next Web application to have a password field in the database."

9:25 AM | Comments (2) | Recommend This | Print This

August 3, 2005

Rock On OSCON!

Gibson brought in a band for the Wednesday night reception.

Somebody at O'Reilly talked Gibson Guitars into being one of the sponsors of the conference. They're giving away Gibson guitars at sessions and Gibson even has a booth (with guitars you can try out) in the exhibition hall. Tonight at the reception, Gibson brought in a band (70 Proof). They were playing my kind of music. It was great.

7:56 PM | Comments () | Recommend This | Print This

Peter Yared on Building Web 2.0 Applications (OSCON 2005)

I went to Peter Yared's talk this afternoon on rapidly building Web 2.0 applications. Peter's the CTO of ActiveGrid, a company and an open source project.

Sun, J2EE, and Oracle powered Web 1.0. Web 2.0 is powered by LAMP.

In the past, we were solving impedance mismatch problems. noting talked to each other. App servers were meant to solve this (and other problems). Recently, the back-ends became standardized to jSomething. The front-end was the Web. Next (today?) is XML simplicity. Anything you want to talk to on the back end is exposed as XML over HTTP--even databases. Things have -- gotten simpler. Its hard to use the software for solving yesterday's problems to solve today's problems.

The active grid project provides a high level visualization tool for rapid application development. Graphical operations are just editing XML (BEL, XForms, XPath, etc.) The tool supports PHP, Perl, and Python. Wrapping all code as a Web service prevents scripting mayhem.

In addition, there's a backend installer that includes a Web server and database. The architectures of most Web applications depend on the deployment architectures. With Active Grid, the deployment is architecture independent.

Application flow is difficult to maintain. Active Grid uses BPEL to manage application flow. The graphical editor allows BPEL to be easily created and maintained.

If you define all your Schema as XML scheme and do all queries with Xquery, there's a single API for any datasource.

Java is overkill for simple control flow programming. Java requires a lot of overhead to handle unstructured data like XML since it's strongly typed. Java's primary selling point "write-once, run-anywhere" doesn't mean much in the LAMP/Intel world. Notice that no one says that anymore.

In the old world, inexpensive Web servers arbitrate connections to expensive applications server. That doesn't make as much sense in a world of fast 1-2 processor servers. Create a redundant array of inexpensive servers that share data and services.

Apache on Linux on commodity Intel boxes is the most optimized stack in the world. Its very fast. Use HTTP for intermachine communication.

What's missing? Process management, session replication, interface rendering, interface caching web services stack, autonomous and inter-node deployment patterns, and data caching. ActiveGrid has added those on top of Apache.

Autonomous node deployment patterns: single-node for simple non-mission-critical applications, database session for HA applications, cookie sessions for HA apps with small sessions. Inter-node deployment patterns: distributed sessions for HA application with large sessions, distributed replicated sessions for HA, fault tolerant applications, and distributed session with in place processing for HA apps with larger sessions.

Inter-cluster communications architectures require a dynamic distributed hash tables. ActiveGrid uses HTTP for this. The hash table allows machines to retrieve the session from the machine that has it (distributed sessions) or redirect the request to the machine that has it (in place processing).

Peter also talks about data caching patterns: timed pulls where each node retrieves data to be cached in a rolling manner at timed intervals, timed pulls to dedicated node, distributed RAM data caches which uses HTTP GETs to grab data from the node with the data, and in-place caching where results are cached where they hit and then broadcast.

XForms provide a way of creating a declarative user interface. On a request, the XForm can be adjusted to the role, rendered for the client, and then the data can be added. Before the data is entered, cache the customized, rendered form. Of course, a data cache can cache the data as well for a particular request. This allows smart caching of dynamic forms.

4:16 PM | Comments (2) | Recommend This | Print This

PUGS: A Perl Implementation in Haskell

I was in a talk by Brian Ingerson today on Perl 6 and learned about PUGS an implementation of Perl 6 written in Haskell. I was floored. I've been playing with Haskell for years and showing it to students; I love it for its ideas and elegance. Why did the PUGS team choose Haskell? "Many Perl 6 features have similar counterparts in Haskell: Perl 6 Rules corresponds closely to Parsec; lazy list evaluation is common in both languages; continuation support can be modeled with the ContT monad transformer, and so on. This greatly simplified the prototyping effort: the first working interpreter was released within the first week, and by the third week we had a full-fledged Test.pm module for unit testing." Very cool.

1:13 PM | Comments () | Recommend This | Print This

Open Source Software at Yahoo!

Jeremy Zawodny works for Yahoo! and knows MySql inside-out. He's speaking about open source and Yahoo!

There are several reasons Yahoo! uses open source:

  • Flexibility - Yahoo! customizes lots of OSS for its needs
  • Documentation is better in open source software.
  • Availbility for the platforms that Yahoo! cares about
  • Support is good and getting better.
  • Cost is an issue, especially at Yahoo! scales.

Jeremy lists out many of the open source products in use at Yahoo!:

On the server side, Yahoo! uses FreeBSD/Linux, Apache, C++ (and GNU tool chain), PHP, APC (caching and acceleration), Perl, and mdbm/MySql.

On the development side: Bugzilla, CVS, Request Tracker, Valgrind, Emacs and VIM, gcc/gdb, PhpMyAdmin.

Others include Python, Ruby, rsync, BIND, Qmail, Squid, ImageMagick, SSH, zlib/gzip, NNagios, rrdtool, Boost (C++ libs), Many CPAN modules, PEAR, and many more.

Yahoo! is also working on opening up APIs including RSS feeds, Flickr, and Konfabulator (Yahoo! Widgets), and the Yahoo! development network.

12:09 PM | Comments () | Recommend This | Print This

Testing as the Open Source Killer App

Kim Polece, from SpikeSource, is talking about software testing in open source software. She starts by talking about the architecture of participation. This architecture is characterized by:

  1. Commoditization of software
  2. Network-enabled collaboration
  3. Software customizability

and the shift from an "egosystem" to and open, thriving ecosystem.

Kim shows a power curve and talks about pahses in open source adoption. In the first phase, we buit and buit with, the tall end, left end of the power curve (Linux, php, Python, Mozilla, etc). In the second, phase, further to the roght on the tail of the curve, countless new building materials are piling up on the curve. Kim shows a list of these from just onee company that they talked to. There were dozens of build tools, runtime and class libraries in the list.

There are some problems:

  • Velocity mismatch. This refers to the release schedules for the multiple open source projects. Coordinating release schedules between components and managing compatibility is difficult to do.
  • Dependencies. This is not unique to open source, but its compounded by the variation and number of components. When you patch one component of your stack, does the entire stack get hosed?

The largest independent IT shops formalize their DIY proceses for building with open source. Smaller shops don't have that luxery.

This leads to phase thre: IT becomes core and outsources the infrastructure tasks, including testing, certification, and so of open source packages. Testing is the biggest single refacoring shift in computig today. Its at the core of managing dependencies and velocity mismatch. We need testing on a massive scale.

Now a word from our sponsor: this is what SpikeSource does.

Testing has been the ugly stepchild of software for as long as people have been writing code. Microsoft has a 1:1 ratio of QA to developers. The run 500,000 test scenarios for any given product line. Thhere are 100,000 open source products already. How can as scale this?

To solve testing on a masive scale, you need participation by the community and automation. This is just one more architecture of participation, going back to Tim's talk. Testing is just one service among many in the open source market place. Developers and users benefit from a pervasive testing regime.

Testing will do for open source what it did for chip design a generation ago. It made possible chips that couldn't be built before.

Kim finishes with a plea: "come test with us."

12:04 PM | Comments () | Recommend This | Print This

O'Reilly Radar (OSCON 2005)

Tim O'Reilly's giving the traditional O'Reilly Radar, a talk from Tim about what he sees coming down the pike and the "faint signals of the future" along with Nat Torkington, the conference chair.

One of the things that was interesting to Nat was that there was a significant interest on Mozilla, AJAX, and Ruby on Rails at the conference.

Tim mentions his "open source paradigm shift" theory (he doesn't go into detail, see the paper). The theory proposes an analogy between the rise of the PC and the path open source is on: subsystem-level lock-in (Intel on one side, MySQL, jBoss, etc. on the other), integration of commodity components (Dell vs. Apache, Linux, Mozilla, and Perl), and Network effect lock-in (Microsoft vs Web 2.0--eBay, Amazon, etc.).

Will Web 2.0 be an open systems? What do open services look like? Data is the "Intel Inside" in this world. Do we need a "Free Data Foundation" in 2010? How does the paradigm shift change out business models and delveopment practices? Who should we be watching and learning from? There are some developments with implications for Web 2.0:

  • Ruby on Rails - will it be the Perl of Web 2.0?
  • GreaseMonkey - cracks open Web sites without having to get inside the server.
  • HousingMaps.com - a mash-up of Craig's List and Google maps. This is unique because it was the first example of a Web service that wasn't just about connecting to one single service provider. Instead it was outside both and connected them in an interesting way.
  • Del.icio.us - O'Reilly uses it as a source of data about what people care about.
  • Findory - a service for managing the information stream and making recommendations based on the contents of your information stream.
  • Internet Telephony - Asterix, Skype, BroadVoice, etc. Nat tells of a hacker who has his home phone going through a Linux server and puts a whitelist on it so you can't make the phone ring between 11pm and 7am.
  • Opening up hardware, not just software - Make magazine, the Hacks series demonstrate the interest people have in this.
  • The computer book market has hit bottom and started to rebound in 2004, an indication that the industry as a whole is doing better.
  • Java books (including books on open source Java components) have picked up from a long decline.
  • Sampling skills from job boards shows that SQL is the top skill (18% of job listing list it). Perl is at 6%, equal to VB, bigger than C#.

11:55 AM | Comments () | Recommend This | Print This

August 2, 2005

Paul Graham on open source and blogging

I posted some of what Paul Graham said on open source and blogging tonight over at Between the Lines.

10:14 PM | Comments (2) | Recommend This | Print This

Plone Sites

Kelly Flanagan went to the Plone tutorial and reports that the government's 5-a-day site is built on Plone with no code changes (just CSS). I love to see open source tools used on eGoverment sites.

6:08 PM | Comments (1) | Recommend This | Print This

Hearing Damian Conway in Provo

Damian Conway (who's tutorial was just described) is an excellent speaker. I've never heard him give a presentation I didn't really enjoy. While he's in the US, one of his stops is Provo Utah and he'll be speaking to the Provo Linux User's Group on Wed Aug 10 at 6:30 pm in UVSC, Room CS 404. Not only that, but O'Reilly will be sending some books out to be given away. I wish I could be there, but I'll be on vacation.

5:55 PM | Comments (1) | Recommend This | Print This

Best Practices fo OO Perl (OSCON2005 Tutorial)

Damian Conway is giving a tutorial on Best Practices in Object Oriented Perl based on his new book: Perl Best Practices. What is a "best practice?"

  • Same as the rest of Perl
  • Seek code that
    • minimizes chances of "enbugging"
    • makes it easy to detect failed edge cases
    • scales to larger datasets
  • Robust (create techniques that extend and incorporates new functionality)
  • Efficient (play to Perl's strengths and avoids its weakness while minimizing resource usage)
  • Maintainable (optimize for comprehension)

Make OO a choice, not a default - Choose OO when

  • When the system to be built will be large
  • Data can be aggregated into obvious structures and there's lots of data in each aggregate
  • The various types of data form a natural hierarchy that facilitates inheritance and polymorphism
  • The implementation of high-level operations on data varies according to data type (polymorphism is a big benefit here)
  • Its likely you'll have to add new data types later
  • Interaction between data are best represented by operators
  • You have a piece of data on which many different operations are applied
  • And, those operations have standard names, regardless of the type of data they're applied to
  • Implementation of individual components is likely to change, especially in the same program
  • The system design is already object-oriented
  • Large numbers of clients will use your code

Don't use pseudohashes or restricted hashes - Pseudohashes are prone to subtle errors, especially when used in inheritance hierarchies. Restricted hashes were developed to replace pseudohashes, but the can be unreliable. So..

Always use fully encapsulated objects - Put the contents of the class in a block (scope the variables). Bless a reference to a lexical scalar: 

{
my % root_of # ...properties that are locally scoped

sub new {
  my($class, $root) = @_;
  my $new_object = bless \do{my $anon_scalar}, $class;

  # initialize objects "root" attribute
  $root_of{ident $new_object} = $root;  # ident from Class:Std:Utils
 
  return $new_object;
  }

sub get_files {
  my ($self) = @_;
   ... $root_of{ident $self};   ...

  }

}

Damian calls this an "inside-out" object since normally an object is a hash with the information inside it. This has the hashes inside.

The differences in the above code are minor, but the combined effect is enormous. The client code gets nothing but an empty scalar which can't be messed with.

Give every constructor the same standard name - There is only one acceptable name: new. Its short, accurate, and predictable. This makes it comprehensible in six months time.

Always provide a destructor for every inside-out class - Since inside-out objects always have external resources, they must manage them explicitly to prevent memory leaks. The destructor should remove references for that object: 

sub DESTROY {
  my($self) = @_;

  delete $root_of{ident $self};
  ...  
  return;
  }

This need for a destructor is the only disadvantage of inside-out objects over blessed hashes and other methods.

Methods should, in general, have fewer arguments than subroutines since methods have access to the data in the object. If that's not true, you should re-evaluate your design. Ordinarily, its unacceptable to name subroutines after built-ins, but that's not true of methods since they're called with a different syntax and there's not ambiguity.

Provide separate read and write accessors - Use setters and getters rather than a single overloaded method. If you only have one, every time you run the method, you have to do a test on the argument list. Getting is much more frequent than setting. Why impose a cost on something you do 99% of the time for something you do 1% of the time. What's more, it can confuse intention, for example, when you don't need a setter.

Don't use lvalue accessors - lvalue subroutines return the actual thing instead of a copy. (This is how substring works, for example.) The obvious problem here, from an OO perspective, is that it breaks encapsulation.

Don't use indirect object syntax - Indirect object syntax is when you put the object name after the method. You can run into trouble with built-ins, etc. leading to ambiguity and difficult to find bugs.

Provide an optimal interface, rather than minimal one - this reduces maintainability since it forces each programmer invent a subroutines to do common tasks. External subroutines are also less efficient since they don't have access to internal data. Provide commonly used and needed, rather than just essential, functions.

Only overload the isomorphic operators of algebraic classes - missed this. :-( I think it means to ensure that overloaded names have expected behaviors or something like that.

Always consider overloading boolean, numeric, and string coercions. Objects used as booleans are always good. Objects used as numbers are always bad. Objects used as strings are always ugly. You can use the overload module to overload q(0+), q(bool), and q("") to make these behave nicely. One thing you can do is just make the croaks to kill programs that are using objects in funny ways.

Don't directly manipulate the list of base classes - Don't assign directly o @ISA, rather use use base .... This ensures the relationships are set up as early as possible.

Use distributed encapsulated objects - When you create inside-out objects, there's no reason that lexically-scoped hashes that store variables need to be in the same lexical scope as long as derived class have access to them.

Never use the one-argument form of bless - Derived classes will bless their objects into the base class if you do. Bless's default behavior is static and blesses its argument into the class the code is in, not where it was called.

Pass constructor arguments as labeled values in a hash - Positional arguments don't work well for constructors. With positional arguments you have to slice and dice as you pass some arguments to the base class constructor. With labeled values, you just pass the whole hash and the constructors up the hierarchy just pull out whatever they need.

Separate your construction, initialization, and destruction processes - In multiple inheritance, you'll end up allocating memory on each if new and initialized are combined. Similarly or destructor's in multiple inheritance.

Don't use AUTOLOAD() - it generally bespeaks bad design. Most common mistake is to forget to also provide an explicit DESTROY() method. Whenever you want to on AUTOLOAD() its almost always better o create a generic method that takes the names you would have autoloaded as an extra argument rather than having methods created on the fly.

5:47 PM | Comments () | Recommend This | Print This

Axis and Support for WS-* Standards (OSCON2005 Tutorial)

This morning I'm in a tutorial by Odysseas Pentakalos (Chief Technology Officer, SYSNET International) on Web Services development with the Apache Web services toolkit. Note that there isn't really anything on the Apache site called the Web services toolkit. Rather, there is a collection of projects for managing various parts of the Web services stack and some WS-* protocols. Ironically, given that this is OSCON, Odysseas is the author of the Windows 2000 Performance Guide.

Axis is the Apache SOAP server. The current version is 1.2 and version 2.0 is in the works. One of the primary goals for 2.0 is enhanced performance. Axis has a standalone server that's intended for testing--not production. The primary server runs as a servlet inside some other servlet container. Axis has support for WSDL 1.1.

One of the primary features of Axis is the extensible type mapping system that provides support for all basic data types and also does automatic serialization/deserialization of Java Beans. Developers can customize the serialization/deserialization with their own classes.

There are three ways to create SOAP clients using Axis tools (following the JAX-RPC standards):

  1. Generated stubs (just what you'd expect--code generated at runtime). This is done using the WSDL2Java tool.
  2. Dynamic invocations which builds the request dynamically using the Service and Call objects. The service specifies the endpoint and the call is used to invoke the service.
  3. Dynamic stubs which generates the code automatically at runtime.

Axis supports RPC, Document, Wrapped (root element corresponds to method name), and Message styles of interaction. The last one, message, is Axis-specific and passes XML to a method. Wrapped provides some minor benefit over Doc-literal in that it puts the method being called front and center in the SOAP. It's not clear to me from the tutorial why the message style is desirable. not surprisingly, Odysseas recommends using the Doc style and discourages use of the RPC style.

The architecture of Axis is based on a chain of "handlers". Message context provides a uniform contents within the chain. The context contain the request message, properties (like information from the HTTP or other transport headers), the response message, and some hard-wired properties (mainly a performance issue).

A handler is invoked with the message context as its sole argument. Handlers also have initialization and cleanup methods. Handlers don't have to be thread safe because there is a handler instance created per service request as long as the scope is set to "request" when the handler is added to the server. If you specify the scope as "application" or "session," then the handler should be thread safe.

The Axis architecture has a key concept called the "pivot point" which is the place where the actual Web service is invoked. Before that point, Axis is processing a request. After that point, Axis is processing a response.

A chain is a sequence of one or more handlers. A chain is really just a handler itself. When you invoke its "invoke" method, it invokes the methods for each of its members. As special chain, called the "targeted chain" is the chain that contains the pivot point.

Messages pass through three primary phases on their way in and out of Axis: transport, global, and service. The transport phase is, obviously, where transport related handlers are placed. The global phase is where handlers that apply globally to the all services are placed. The service phase is the targeted chain (where the service is invoked). All of this is configured in an XML-formatted configuration file. When a service is deployed, you can specify changes, handlers, scoping, and customer encoding/decoding.

At present Axis supports HTTP, JMS, Mail (SMTP/POP3), and Java (for testing) as transports. New transports can be added by users.

tcpmon is a tool for monitoring SOAP message flow. It functions as a proxy and listens to and logs requests and responses. There's also something called a SOAP monitor that runs as an applet on your browser.

jUDDI is the Apache UDDI registry. jUDDI is an J2EE application and so must be deployed on a J2EE container. The registry uses an external database and can use LDAP or other enterprise IdM system or authentication.

Apache has an addressing project to add support for WS-Addressing to Axis. WS-Addressing generalizes addressing from a URL for transports that don't understand URLs. As a SOAP message moves from invocation to service endpoint, it may traverse multiple intermediaries and you may not be able to control the transport that these intermediaries use. WS-Addressing ensures that critical information isn't carried only in the HTTP header where it could be lost in these transitions.

The original implementation for WS-Addressing in Axis was a pair of handlers, but its now a pair o JAX-RPC handlers, which reduced the dependency on Axis. The current implementation is a little behind the latest spec.

Apache is also providing support for WS-ReliableMessaging (WS-RM) in Axis through a project called Sandesha. WS-RM is based on establishing a message sequence between the client and service endpoint. The sequence is created in response to a request from the client to the server. Delivery policies are negotiated between the client and the service endpoint.

For WS-RM to work, it has to be supported on the server and client side. Sandesha, therefore provides handlers on the the Axis side, but also libraries that must be used on the clients side.

Overall, there was some good information in this tutorial, but it was pretty low-key. I would have preferred to see more demos, for example, showing how these worked, or adding new handlers, etc. In general these tutorials are a lot more interesting when you show people how to do something rather than just giving out information. I've been guilty of that myself.

12:38 PM | Comments () | Recommend This | Print This

Open Tagging

A month or so ago, I heard Drummond Reed talk about using XRI as an infrastructure for making open tags work. I was intrigued because it solved a real problem, and was a good way to understand the need for things like XRI. Now Drummond has written up exactly how he imagines open tagging working.

10:42 AM | Comments (4) | Recommend This | Print This

August 1, 2005

Ruby on Rails (OSCON 2005 Tutorial)

I went to David Heinemeier Hansson's tutorial on Ruby on Rails this afternoon. David's first application in Ruby was Basecamp. He'd had 5 years of PHP experience and didn't even consider himself a programmer. He claims that even people who aren't language nuts can love Ruby and he created Rails to make it easy. (BTW, I brushed up my Ruby last week by reading "Why's (poignant) Guide to Ruby (with cartoon foxes)". Recommended.

David's calls a "blogging package" the "hello world" program of the Internet age and he intends to create one today in the tutorial. The blog will have posts (natch), comments, ... What's needed?

  • Ruby 1.8.2
  • Database (pick one of six)
  • The RubyGems package manager (like CPAN, maybe?)
  • A few Gems, like rails

We're going to stat from a scaffold, build a domain model, and manage authentication. Rails comes with a program, called 'rails' that builds scaffolding, including directory structures and files, for a project. It's not so much about creating boilerplate classes as it is just creating the file structure for the application. Later tools will use these assumptions.

Rails is layered on top of a built-in Ruby Web server that is added to a Rails project by default. Rails uses a generate command to generate various code stubs. Some, like a controller, are there by default, but you can write your own generators as well. Things created by a generator are available immediately on the Web site. Essentially, when you're done with the generation, you can an application that "works" structurally and needs to have functionality added. That mimics closely the way I like to code on the Web: get the structure working and then incrementally ad functionality.

Building controllers is easy, so new actions can just be based on a new controller. One of the design decisions Rails developers face is when to create a new controller and when to embed and action in another controller.

Rails is architected around naming conventions. For example, creating a view called "foo" is associated with the "foo" action in the controller. If the action doesn't explicitly render something, the controller looks for a view with the same name and renders it.

Once you've created a database and table (in this case in MySQL), you use the Rails' generate command again, to create the file structure for Ruby model that links it. (As an aside, if you don't like what you've created with "generate" you can use "destroy" to remove them all.) Using the scaffold method within the stubbed-out classes, creates a basic application for managing the table in the database including creating, editing, and deleting records. Scaffolding isn't for building the applications so much as just getting started. A scaffold can be incrementally changed to create the real application. Pieces o the scaffolding can be made explicit using another generate command. Again, as you overwrite various pieces of the scaffold, you create the final application that you want.

The domain model reflects the database table structure and has declarative templates that allow linking tables together easily in one-to-one, one-to-many, and many-to-many relationships. Of course, if you'd rather if not reflect the structure, you can do that, but the default gives you a starting point that's fairly far down the path to your application. All default actions are wrapped in transactions.

Layouts are the wrapping for the view files that do things like headers and footers. Rather than having each file include the header and footer, Rails has the layout include the view file.

Validation rules can be added to the domain model declaratively ("validate presence of ..."). This automatically activates validation code in the view. Again, the validation can be incrementally changed to develop the final application behavior.

Filters are created in controllers and can require certain conditions to be true before specific methods are run. The filter condition is just a method, so it can be anything you like, and it's linked to methods in the controller, which are actions in the application. David demonstrated this by creating an authorization function for creating and editing posts. In this case, the authenticate filter redirected to a login action on an account controller.

Part of the Rails package is the automatic generation of unit test scaffolding. Adding new unit tests is, like incrementally building out the functionality, a step-by-step process. Running them is easy since the scaffolding is already created. They act just like you'd expect them to with success and failure of assertions with appropriate messages. One nice feature, when you create the database, Rails creates duplicate tables for testing automatically and the tests are done there.

In addition to the unit tests for the domain, there are also functional tests that are automatically created for controllers. The functional tests use a little language or simulating Web browser interactions. Assertions can include what template is returned, what action is to be taken next, and session data.

This leaves the testing of the interaction between controllers and models. The unit tests and the functional tests on the controllers can be mixed to accomplish that objective. Breakpoints can be added to test methods. When the test reaches the breakpoint it halts and throws up a console with the context of the execution at that point that can be inspected. Very nice.

Rails bills itself as an end-to-end framework--that is, a development framework that handles not only the server side, but also the client side as well. On to AJAX!

The Javascript features of Rails is aimed at keeping programmers from writing Javascript. That is, it's generated. Rails ships with four different Javascript libraries. They can be included in the layout.

The link_to and form_tag methods in Rails have analogs called link_to_remote and form_tag_remote. These take a URL to call (using XmlHTTPRequest) and an action (not a controller action, an AJAX action) to take when the call-back is complete. These AJAX actions are effects and so on that are included in the libraries. This makes it pretty easy to add AJAX features to Rail applications.

Rather than using Javascript on the client side to totally build the page when things change, Rails uses what it calls "partials," blocks of HTML pages use for reuse, to rerender parts of a page on the server and pass them back for reinclusion on the page. That's a simpler format for achieving page rewriting without refresh than building a model of the page on the client and rebuilding individual pieces and reuses the functionality that exists on the server to render the page (and its pieces) on the server to great effect.

One problem with this technique is that its difficult to add effects (like fading yellow to highlight what's new) to just the new part. The hack that Rails uses is to pass information that the effect needs in a special X- header.

AJAX introduces new concerns to Web programming, like clearing the contents of a form when the page refreshes. Rails has helper functions for doing these housekeeping functions. This is made easier by the fact that Rails automatically ads IDs to tags.

This was one of those tutorials that you had to be in to appreciate. David was slinging code fast and furious and it was very good, but difficult to recreate in a blog entry. I have great respect for anyone who can write significant code in front of 100 people over a three hour period--with or without a script.

6:02 PM | Comments (2) | Recommend This | Print This

In Portland, @ OSCON

I'm in Portland this entire week at OSCON. This year they've moved to the convention center to accommodate the growth. I'm going to a few tutorials and, of course, the convention itself. I'll be posting about the convention here and at Between the Lines. If you're at OSCON, look me up and say "hi."

5:07 PM | Comments () | Recommend This | Print This

Blogging at Government Agencies

This FCW article talks about Doug Roberts, a software engineer at the Energy Department's Los Alamos National Laboratory who started a blog about his employer. I have a quote or two in the article based on our experience with blogs in Utah State government.

2:31 PM | Comments () | Recommend This | Print This

GoingOn

Marc Cantor's "digital lifestyle aggregator," GoingOn is featured in this article at Wired:

GoingOn, announced last week and slated for release in the fall, is the brainchild of Macromedia founder Marc Canter and Tony Perkins, the founder of business media site AlwaysOn.

Calling it a "digital lifestyle aggregator," Canter promises that individuals will need just one login and password to check news feeds, publish blog posts, manage social networks and swap photos or music online -- all while being able to access the same services they currently use.

GoingOn will also have its own social-networking component built in, but Canter is adamant that he's not trying to get other products to run on his platform. Instead, his goal is interoperability; in his words, "We will become an identity hub."
From Wired News: One Login to Bind Them All
Referenced Mon Aug 01 2005 13:24:13 GMT-0700 (PDT)

2:21 PM | Comments () | Recommend This | Print This

Announcing the Internet Identity Workshop (IIW2005)

There's been considerable conversation around identity on the Internet, or what some would call grassroots identity. Providing identity services between people, websites, and organizations that may or may not have any kind of formalized relationship is a different problem than providing authentication and authorization services within a single organization. Many have argued that the lack of a credible identity infrastructure will eventually result in the Internet being so overrun with fraud as to make it useless for many interesting uses.

To solve this problem, or pieces of it, companies and individuals have made a variety of architectural and governance proposals. Some of these include:

Kaliya Hamlin, Drummond Reed, Doc Searls and I are hosting the Internet Identity Workshop in Berkeley on October 26 and 27th (Note: this changed from 25th and 26th) to provide a forum to disucss these and other architectural and governance proposals for Internet-wide identity services and their underlying philosophies. The workshop will comprise a day of presentations on Internet-scale identity architectures followed by a day of structured open space to accommodate the range of topics and issues that will emerge from day one and other issues and identity services that do not fit into the scope of the formal presentations. We're hoping that adding a little more formality to the conversation will aid in digesting some of the various proposals.

We're inviting presentations for the first day on the following topics:

  • Problems, issues, politics, and economics of Internet-scale identity systems.
  • Architectures for Internet-scale identity systems
  • Philosophies that drive architectural decisions in these systems (see Kim Cameron's Laws of Identity for an example of such a philosophy

If you'd like to present on some other topic, drop one of us a line first and we'll see how it fits in. Prospective presenters will be asked to submit a 250-300 word abstract. We hope to accomodate everyone, but we may end up picking from the abstracts.

I'm excited about this and looking forward to it. I hope we can have a good set of presentations the first day and a solid day of discussion the second. If you're interested in this sort of thing, I hope to see you there. Please read the full announcement for some other details and register if you're coming. There is a $75 charge to cover the cost of the venue, administrative expenses, and the cost of snacks and lunch both dates.

5:35 AM | Comments () | Recommend This | Print This