Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed
Add to Google

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Visit Count

Software

Packages

Topic Guides

Digital ID Policies
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

February 2012
January 2012
December 2011
November 2011
October 2011
September 2011
August 2011
July 2011
June 2011
May 2011
April 2011
March 2011
February 2011
January 2011
December 2010
November 2010
October 2010
September 2010
August 2010
July 2010
June 2010
May 2010
April 2010
March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Copyright

Copyright © 2002-2012 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« February 2006 | Main | April 2006 »

March 31, 2006

Tom Adelstein and Government IT

This brings back some very unpleasant memories:

I would characterize the people involved in these type of organizations as nasty bureaucrats. I have never met one of them who cared about the people they serve. The ones I have met only care about their careers. They would cut the heart out of the person in the next office in a minute.
From LXer: Why I Stopped Promoting Linux in Government
Referenced Fri Mar 31 2006 19:56:26 GMT-0700 (MST)

Read the whole thing, especially the comments. He talks about the only way to survive in government IT being to lower your expectations. Wow.

Update: As I've reflected on Tom's powerful article over the past day, I have had a few thoughts. First, I'm not as pessimistic as Tom seems to be about government infotech. I do agree with him that there are people who will do anything to keep or advance their career at the expense of anyone or anything--this attitude is very prevalent. They can be very nasty about it and management seems to be powerless to rein them in. There is also another, larger group that simply give up and try to survive. There are, however, a few people who seem to be able to accomplish great things. I have great admiration for them. I frankly don't know how they put up with the crap, but they do and they know the secrets of making progress in government infotech.

7:57 PM | Comments () | Recommend This | Print This

Apple at 30 Years

This weekend marks the 30 year anniversary of Apple. By way of celebration, Larry Magid, of the the series Larry's World on IT Conversations interviewed Lee Felsenstein, an early pioneer in the personal computer space who conducted the Homebrew Computer Club meeting where the Apple I debuted. He not only reviews the history of those early days, but also has strongly held opinions about what makes a personal computer "personal" and is critical of plans for the $100 laptop.

9:34 AM | Comments () | Recommend This | Print This

March 30, 2006

March CTO Breakfast Report

This morning's CTO breakfast had around 30 people in attendance. As always, the conversations was geeky and varied. Here are a few things I took notes on.

We had a discussion of Ruby and how it's always at the bottom of the lisp. The facts of the matter, however that in most Web applications (where Ruby seems to have found it's sweet spot) the CPU and language aren't the bottleneck. What is? Database communication. Someone mentioned that this podcast with Jamis Buck that discusses the scalability of Ruby Web apps.

We had lots of discussion on virtualization. I brought up rumors that OS Tiger will include native virtualization. Devlin Daley reported that the Intel Dual Cores that Apple is shipping now contain hardware virtualization primitives. We also talked about running Linux on IBM mainframes and Sun's Niagara.

Someone asked why disks seem slower. I brought up this interview with Jim Grey. The main trust of the article is that disk density is increasing ten times faster than access speeds. The end result is that we are very close to having what looks, for all intents and purposes, like infinite storage capacity but not being able to access it fast enough. In fact, the speed to density ratio is approaching that of tape.

Daniel Bray wondered if federated databases we one way to deal with this problem. We talked about the possibility of building arrays of microdrives to decrease access time. I brought up some research by Kelly Flanagan that explores putting multiple copies of the same sector on the disk and then seeking to the closest one. This is essentially creating a virtualized array of disks.

Robert Merrill brought up Fon, a share and share alike wireless system. You can use the access points of Fon members as long as you're willing to let them use yours. Maybe not so helpful in Lindon Utah, but it could be very interesting in an urban setting.

We briefly discussed OpenVPN, a open-source VPN implemented on top of SSL. I've been looking for something like this, so I was glad to hear about it. OpenVPN apparently can run as a IP Cop plugin in addition to standalone mode.

Ning came up for the second month in a row. Time to go look at it, I guess. You can move your code, but Scott Lemon has been hacking some apps on it. There's some danger of lock in because of the proprietary Ning API for data storage. Ning makes money by charging to protect your source (the standard Chicago protection racket business model), additional storage, private URLs, and so on.

For IIW, I put together a map of the hotels nearby. Actually, I stole it from MashUp Camp since they were in the same place and reentering all that data seemed like a waste of time. But they built it using MapBuilder.

Devlin Daley had the closing point and brought up Huddletogether's LightBox. You have to go see it to understand what it does. Not only is it easily the coolest thing I've seen for a few weeks, but it's also dirt simple to put on your site. Here's an example of Lightbox with some pictures from ETech06.

Click on an image to view the full sized image. Mouse over the side of the image to see a "next image" arrow that takes you to the next image in the set. Clicking on the X, of course, closes the window and brings back the browser.

There were enough things like this today that I was thinking that it would be a good idea to bring a projector and have a bit of time at the front end for "five-minute demo." Kind of like open mic night, five-minute demo would have anyone who wanted it five minutes at the projector to demonstrate something cool that they've done or that they've seen. Let me know your thoughts.

2:42 PM | Comments (4) | Recommend This | Print This

March 28, 2006

A MovableType PlugIn for MicroIDs

Yesterday's entry on MicroID got me thinking that to be truly useful, blogs and other sites are going to have to including MIDs (as I call them) in every entry and comment as a matter of course. For that, you need a plugin. I've been wanting to learn to write plugins for MovableType for sometime, so I set out to do so this morning.

The result is microid, a MovableType plugin that can be used inside MT's template system to add MicroIDs to entries and comments. If you look at the source for this entry, for example, you'll see a MID inside a <meta/> tag in the header and a <div/> for the entry body as well as any comments that are there.

The header MID is calculated from an email address and URL given to the tag as attributes. The entry MID is computed using the entry author's email address and the URL of the page. Comment MIDs are computed from the email address given by the commenter. This is all explained with examples in the documentation.

I found Timothy Appnel's tutorial on writing MT plugins very helpful as well as this documentation on template contexts.

Most of my time was spent learning how to write MT plugins. The computation is dirt simple. I suspect someone who knows how to write a plugin already could have done it in 20 minutes. Anyone know how to hack WordPress?

4:40 PM | Comments (1) | Recommend This | Print This

March 27, 2006

Federated Identity Feature

SAML Federated ID (InfoWorld)
SAML Federated ID (InfoWorld)
(click to enlarge)

My feature on Federated Identity Governance came out today in InfoWorld. There are three pieces:

If you read them and want to know more, buy the book!

2:45 PM | Comments () | Recommend This | Print This

MicroID - A Microformat for Claiming Ownership

This morning I learned about MicroIDs from Doc Searls. Jeremy Miller has proposed MicroIDs as a microformat that "allows anyone to simply claim verifiable ownership over their own pages and content hosted anywhere." A MicroID is a hash of two hashed values. The first is a verified communication ID (like an email address that you can prove belongs to you). The second is the URI of the site that the content will be published on. You end up with a unique, long string of gibberish that can be put in the header of a Web page or even wrapped around one part of a page (using a <div/> or <span/>).

It's important to realize that this is for claiming ownership, not authentication. Jeremy gives some use cases

Many services require you verify your site/blog, Technorati by embedding javascript, Google by uploading a file with a special name, and others by placing a link-back or code in the page. By placing one (or more) MicroIDs on your page, any service can now instantly verify ownership once they've validated your email address.

Any comment moderation system can easily start tagging the resulting scores, and the owners can validate to anyone their aggregate reputation across sites.

Membership sites can publish the MicroID on a member's profile page, enabling that individual to verify their status as a member outside of that system. In reverse, links to other memberships can be validated before being a new user can add them to their profile (just like their home page or blog).

Blog comment systems can check the given email address against a MicroID from the entered home page link to help reduce link spamming and blatant spoofing.
From MicroID - Small Decentralized Verifiable Identity
Referenced Mon Mar 27 2006 14:21:21 GMT-0700 (MST)

Let's take the first use case: claiming ownership of a blog and see how it works. Suppose Bob's Big Blogzooka, a Technorati competitor, wants to give members a way to claim ownership of a blog.

  1. Bob's site asks for an email address and validates it in the traditional way (emails you a unique URL that you click on).
  2. Bob asks for the URL of the site you want to claim ownership of and generates the MicroID token (MID) using the URL and your validated email address.
  3. You place your MID in a <meta/> tag on your page.
  4. Bob comes by, sees the token and knows that it is correct because it can be regenerated from your validated email and the site URL.

Of course, this isn't unique to Bob. If you know my email address and have validated it I can give you a URL to visit and you can verify that the MID on that page is associated with that email address.

Note that this doesn't keep someone else from asserting that you own something you don't. I can generate a MID for your email address and place it on any Web site I control. The MID is a way of validating a claim or ownership. If you're not claiming ownership, I can't use a MID to force you to acknowledge ownership.

This is a "just-in-time" solution for me. We're in the process of adding Web site ownership validation to the reputation framework we're building this semester in my graduate class. This is perfect for what we're doing. This keeps us from reinventing it in some non-standard way.

2:06 PM | Comments (1) | Recommend This | Print This

March's CTO Breakfast

Just a reminder that the CTO Breakfast for March will be held this Thursday at 8am in the food court of the Canyon Park Technology Center (Building L of the former Word Perfect campus). Come a little early, grab some food at Gandolfo's, and enjoy the conversation.

Please bring ideas, interesting Web discoveries, and other technology related issues to discuss. The past few months have had a large attendance and the discussion has been great. I'm looking forward to this Thursday.

Here are the dates for the next four meetings. Mark you calendars now.

  • March 30 (Thursday)
  • April 28 (Friday)
  • May 19 (Friday)
  • June 23 (Friday) - avoiding 4th of July weekend

10:04 AM | Comments () | Recommend This | Print This

March 24, 2006

Meanwhile, the Real Attention Economy Chugs Along

This morning, I was thinking about people who read this blog and what I offer them that keeps them coming back. That led me into what I like to think of as the "real" attention economy--the one that's already monetized.

Over the past few years, blogging has really taken off. A few days ago Doc Searls was pondering that he used to be in the Technorati Top 100 and now he's not. Why? There's all kinds of other stuff people are blogging about: "celebrities, politics, sex and other topics that float atop the polular mainstream media charts." I'm at 3000 and something on the Technorati list, but still I get multiple tens of thousands of page views per month. Clearly, people at the top are getting a lot more.

Where were these people before? They were spending their time doing something and likely as not, someone, somewhere was deriving ad revenue or direct revenue from their attention. Now that that attention has shifted, so has some of the money. I say "some of" because not all blogs are monetized. I doubt that there's a one-to-one correlation between the shift in attention and a shift in money.

On my bike ride this afternoon, I was thinking about Dave Winer retiring from blogging. I doubt he really wants to give up the attention and influence that blogging gives him. I'll bet he's got ideas on how to influence the tech world in some other way. It will be interesting to watch.

Overall, I think the shift in attention is good. When I was at Excite, we could "drive" 5000 sign-ups a day for services we put on the home page. In that world, the world that Yahoo!, CNN, and a few other highly monetized, high-traffic sites live in, a few people control how the attention is directed and they're clearly directing it with the purpose of filling their coffers. Sometimes, as Jon points out, they lose sight of why people visit their sites. The rise of the blog world has distributed part of that decision among thousands of blogs and that can only be good.

6:27 PM | Comments () | Recommend This | Print This

Turn Off Your Cell Phone

N9472C in the air
N9472C in the air
(click to enlarge)

Every time you fly, you hear it: "You may not use your cell phone and other portable electronic devices in flight because they may interfere with the navigational equipment on this aircraft." Like me, you've probably wondered "is that really true?" An article in IEEE Spectrum by researchers at the Naval Air Warfare Center and Carnegie Mellon University delivers some surprising results.

Bill Strauss, M. Granger Morgan, Jay Apt, and Daniel D. Stancil measured the RF spectrum inside commercial aircraft cabins during 37 real flights over the course of three months in late 2003. They found that a cell phone was illegally used on average at least once per flight. In addition, at least one passenger neglects to turn off their cell phone on any given flight. They also found that cell phones and even laptops with Wi-Fi cards can interrupt the normal operation of key cockpit instruments--especially Global Positioning System (GPS) receivers. This is more than just a "navigation" issue. GPS instruments are used in instrument takeoff and landings.

The radio frequency data was collected, with the permission of the airlines and the FAA using gear concealed in a standard carry-on bag stowed in the overhead luggage bin.

Do these emissions cause problems? NASA studies have shown they do. The authors conducted statistical studies of aircraft safety databases to find incidents where interference from portable electronic devices (PED) might have been a factor.

All in all, we found 125 entries in the ASRS database that reported PED interference. Of these, 77 were considered highly correlated, based on the description of observed PED use and interference occurrence. The reports included cases of critical aircraft systems such as navigation and throttle settings being affected. Based on the random sample entries from 1995 to 2001, we estimate that the average number of reported interference events might be as high as 23 per year. There is considerable uncertainty about how many incidents actually occur in a year; a number of factors could make the number higher--or even lower--than the estimate of 23. Some reported incidents have not been entered into the database, and some of the reported incidents may not be interference events (that is, they might be false positives). But the data certainly suggest that PED interference events occur a few times each month.

In one telling incident, a flight crew stated that a 30-degree navigation error was immediately corrected after a passenger turned off a DVD player and that the error reoccurred when the curious crew asked the passenger to switch the player on again. Game electronics and laptops were the culprits in other reports in which the crew verified in the same way that a particular PED caused erratic navigation indications.
From IEEE Spectrum: Unsafe At Any Airspeed?
Referenced Fri Mar 24 2006 15:24:12 GMT-0700 (MST)

If it's really a problem, what's to be done? Even the authors of the article admit that asking people to not use PEDs during flight isn't a reasonable alternative. They suggest steps like giving flight crews real-time monitoring capability so they know when there's problem, harmonizing emissions standards between the FAA and FCC, and continued study. In the meantime, turn off your cell phone.

3:06 PM | Comments (1) | Recommend This | Print This

March 22, 2006

Using the Law to Stop Electronic Voting

A group called Vote Action is suing California to stop the use of touch screen voting systems citing security and integrity concerns.

The suit, put together by the voting rights group Voter Action, asks a San Francisco Superior Court to nullify February's conditional certification of Diebold Election System's AccuVote-TSx electronic voting system and ban the purchase or use of the system for the November statewide election.

"We can't have trustworthy elections with Diebold's voting machines,'' said Lowell Finley, co-director of Voter Action who is an attorney in the case. "They are insecure and easily hacked."

The suit also names the 18 California counties, including Alameda and Marin, that used any Diebold system in the last election.
From SAN FRANCISCO / Voter group sues to ban touch-screen system
Referenced Wed Mar 22 2006 13:48:02 GMT-0700 (MST)

In Utah, it hasn't gone to the courts--yet. An interesting development, however, was Emery County Clerk Bruce Funk turning over some of his recently delivered machines for testing and analysis. Among other issues, some of the machines weren't even new. Of more concern were safety and security issues that the testing turned up.

While analyzing the memory storage problem, Hursti discovered a critical security hole in the foundation of the touch-screen. Then he found another in the "lobby," and another on the "first floor." Taken together, these present a potentially catastrophic security hole.

These are not programming errors, but architectural design decisions.
From Black Box Voting - Diebold TSx touch-screen study (Part I)
Referenced Wed Mar 22 2006 13:55:05 GMT-0700 (MST)

1:42 PM | Comments () | Recommend This | Print This

March 21, 2006

It's Not the Fight We Wanted, But It's the Fight We Got

If you've never been in the military, you may not appreciate the level of professionalism and training represented in both the officer and enlisted ranks. Julian Barnes has a great piece in US News and World Report on how the Army is shifting it's training in response to things they're encountering in Iraq. This is important because we're more likely to see things that look like Iraq in the future than we are "near-peer" kinds of encounters.

9:30 AM | Comments (1) | Recommend This | Print This

Trusting Google Authentication

In an earlier entry, I said

With no fanfare at all, Google has created a universal login for anyone who wants to use it.
From Phil Windley's Technometria | Using Google's Universal Authentication Engine
Referenced Tue Mar 21 2006 08:22:50 GMT-0700 (MST)

Well, not quite. I had a couple of my students, Devlin Daley and Harsh Nagaonkar spend a little time playing with it. As presently constituted, the token you get back is long lived and replayable. It's better than giving a third party site your password, but not much. Anyone with your token can use it to log in as you. We still have a lot of questions about what the token is for.

Joga Google Login
Joga Google Login
(click to enlarge)

Today, however, I ran across Joga, a site that is apparently a joint effort by Nike and Google. I say apparently because there's no way to verify that claim.1 Notice that the page contains a login box from Google that knows who I am. This is done in an iframe from Google (I've wrapped and truncated this in places for formatting purposes): 

<iframe style='WIDTH:276px; HEIGHT:164px' 
    marginwidth='0' align='center' marginheight='0' 
    scrolling='no' id='liframe' frameborder='0' 
    src='https://www.google.com/accounts/ServiceLoginBox?
          service=orkut&nui=0&skipvpage=true&
          continue=http%3A%2F%2Fwww.joga.com%2FRedirLogin.aspx...
          followup=http%3A%2F%2Fwww.joga.com%2FGLogin.aspx&
          hl=en-US'>
</iframe>

This uses the continue feature in the Google authentication engine. We've played with that it it appears to only work for pre-approved URLs.

This brings up an interesting trust issue. Having dissected this, I'd be willing to type in my password, because I know it will be sent to Google via HTTPS, but how does my Mom know that? There's no good trust mark that can be given that can't be reproduced. The fact that they have my login ID is an indication that Google read cookies from my browser (that other sites don't have access to), but my Google ID isn't exactly secret.

This is just one more data point in the trajectory of Google's march to being an Internet platform. Of course, Yahoo!, Excite, and others have had portal-wide authentication for years. I guess why this interests me is that Google seems to be approaching it in a more decentralized way. Applying their authentication to sites like Joga is just one more example.

1. Actually, you can go to https://www.joga.com and see that they are using a certificate for www.orkut.com issued to Google. This is, of course, even more confusing to the uninitiated since using HTTPS with Joga tells you the cert was issued to someone else and asks you if you want to continue.

8:17 AM | Comments (2) | Recommend This | Print This

March 20, 2006

DRM Costs

A c|net test shows that DRM is computationally expensive and results in a measurable drain on battery life. For Microsoft's WMA 10 DRM on a Creative Zen Vision:M, DRM resulted in 25% less battery life. The iPod and Fairplay only accounted for 8%. Whether it's 8% or 25%, the shortened play time is a feature cost that puts the burden square on the user. You pay for the music and then you get less functionality than you would with uncrippled tracks. Ugh!

9:17 PM | Comments () | Recommend This | Print This

LDS Church Has RSS

The LDS Church (BYU's sponsoring organization) has added RSS feeds to their Web site.

4:42 PM | Comments (4) | Recommend This | Print This

Effective Scheming

I received an email from a former student who's caught the Scheme bug. He says:

I took 330 from you last year and I really enjoy coding in Scheme. I do any class project I can in Scheme -- even my Python code is riddled with lambda statements.

I have two questions I was hoping you could help me with
  1. What are the prospects for kids who like coding in Scheme/Lisp, and how does one locate/maximize those prospects?
  2. What are some key things I could do to become a really great Scheme/Lisp coder? That is, what are some concepts and capabilities I could focus on to become a truly outstanding Schemer?

These are questions I don't necessarily have good answers for. Here's my best ideas at the moment. If you have others, feel free to leave a comment below.

On prospects, if you're interested in graduate school, there are some places like Utah and Northwestern that have people actively doing research in Scheme. As for jobs, I'm not aware of any. I teach Scheme for pedagogical rather than pragmatic reasons, so I don't spend a lot of time worrying about whether it's practical or not. 98% of the other courses we teach use Java, so I figure students have gotten a healthy dose of practical.

On what concepts and capabilities to focus on, I'd say that macros are at the top of the list. The best book I've seen on this is Practical Common Lisp by Peter Seibel. By chapter 3, Peter has shown what macros are, how they differ from what are termed "macros" in other languages, and why they're important. The book is sprinkled with "practical" chapters that take the concepts just learned and apply them. It's one of the most effective programming language texts I've read and certainly the best one for Lisp.

In addition to learning about macros, learning Lisp is a good thing because there are features and ideas in Lisp that aren't present in Scheme and will expand your horizons. Obviously, Seibel is a good vehicle for doing that. As far as implementations, I've had good luck with OpenMCL. SLIME in Emacs is a great IDE.

3:23 PM | Comments (10) | Recommend This | Print This

Document Engineering

At the InfoWorld SOA Executive Forum last week I met Bob Glushko who's on the faculty at Berkeley's School of Information, what they're calling the "i-school" (with no royalties to Apple, apparently). Bob's the director of the Center for Document Engineering. The mission of the CDE is to "invent, evaluate, and promote model-based technologies and methods that enable the automation of document-centric business processes and the implementation of business relationships as a network of document exchanges." As XML technologies have made documents machine-readable and automatically processed, the notion of engineering these documents has become more important.

Bob's also the author, along with Tim McGrath of Document Engineering : Analyzing and Designing Documents for Business Informatics and Web Services, a book I've had recommended to me by more than one person. I've ordered it and I'm anxious to read it.

When I spoke to Bob he mentioned that he'd just started blogging at Doc or Die. His latest entry references the SOA Forum and makes this statement about course-grained, doc-style vs. fine-grained, RPC-style Web services:

[T]he best argument for coarse document exchanges is that if you go that way you’ll be making a conscious design choice and almost certainly have invested some effort into designing the document models or evaluating standard document ones. The documents you exchange will more likely be ones that are easy to process because they’ll have unambiguous semantics and use robust code sets and identifiers. They’ll be easier to reuse across a range of related partners and services.
From Doc Or Die
Referenced Mon Mar 20 2006 15:15:45 GMT-0700 (MST)

RPC-style interfaces are almost invariably angle brackets around an interface designed for some other purpose.

3:06 PM | Comments (2) | Recommend This | Print This

March 18, 2006

Blogging 101 Panel

The Utah Chapter of the International Association of Business Communicators & Public Relations Society of America is having their spring conference May 9 at the Hotel Monaco in Salt Lake. I've been asked to lead a panel called "Blogging 101." I'm looking for three other people to fill out the panel. If you'd like to be on the panel contact me. If I don't know you, please give me some idea of your blogging experience and what you'd like to contribute to the panel (i.e. what needs to be said). Even if you don't want to be on the panel, I'd love to get your ideas about how to start blogging--feel free to leave a comment below.

3:00 PM | Comments (1) | Recommend This | Print This

IIW2006 Registration

The registration page for the Internet Identity Workshop is now live. Please register as soon as you can: we have early deposit requirements at the Computer History Museum that we're hoping registration fees will cover.

11:31 AM | Comments (1) | Recommend This | Print This

March 16, 2006

Using HTTP Authentication

HTTP authentication has been pigeonholed into protecting back-end systems and whole sites. In fact, it's much more versatile, as this tutorial shows. Ever wanted to use HTTP authentication from a Web form or allow HTTP authenticated users to logout? This shows you how using standard server-side techniques and very little code hacking.

5:43 PM | Comments () | Recommend This | Print This

Bret Dixon on SOA

SOA Executive Forum

in his keynote presentaiton, Bret Dixon of BEA made an interesting comparison. One viewpoint is that of the single technology stack that has these characteristics:

  • invest to reach homogeneity
  • get everything you need from one vendor
  • replace what you have
  • periodic releases will give you enhancements

The other view point is a single service nertwork that has these characteristics:

  • heterogenous products make up a network
  • commitment to open standards
  • uses different products to get needed functionality
  • incremental increase in capacity and functionality

SOA means that the software the links applications become more important and are among the most improtant strategic decisions that a CIO makes.

SOA Initiation Patterns
SOA Initiation Patterns
(click to enlarge)

How do you role SOA out in your organization. Bret gives four patterns in the form of a 2x2 matrix that plots SOA complexity vs. Business sponsorship.

When sponsoship is low and the appetite for complexity is low, you have process projects that are characterized by having no CIO driven action plan. Starting points: identify a service with an opportunity for reuse. Design it, build it, and prove it out. This might be a skunkworks project.

When the CIO is involved, you can have more complex projects. Bret calls these IT-led projects. These are focused on infrastrucuture-based services. Start by creating an enterprise reference architecture and roll it out using in a multi-period roadmap. This requires that you establish an enterprise architecture group.

Bret Dixon of BEA Speaks of SOA Executive Forum
Bret Dixon of BEA Speaks of SOA Executive Forum
(click to enlarge)

High business sponsorship and low complexity results in business-led projects. In these cases, the IT team doesn't typically have the confidence of the business and the budget is limited. Often the CIO and team enthused about SOA. Start by finding a key business project. Identify a project with SOA needs. Architect it in a SOA manner by specifying services and demonstrate SOA capabilities.

With good business sponsorship and complex environmets, you end up with mega projects that results sweeping business change with significant IT impact. This doesn't happen very often and requires big budgets.

Governance and organization lessons

  1. Don't make the answer more difficult than it has to be.
  2. Don't engage in drastic reorganization, but put pressure in place to encourage alignment of business, development, and operations.
  3. The CIO has to be a leader.
  4. Align around specific objectives: speed, reuse, agility, etc.

The conclusion: get started! Know your entry point. Plan and manage holistically (multiple dimensiont and periods).

11:13 AM | Comments () | Recommend This | Print This

Jeff Gleason on Achieving Reusability with SOA

SOA Executive Forum

I'm at InfoWorld's SOA Executive Forum this morning in San Francisco. I'll be conducting a panel on SOA governance later this afternoon. There's a sellout crowd. InfoWorld really knows how to put these things together. I also know from working with Eric Knorr, Steve Fox, and other editors at InfoWorld that they try really hard to make sense of this, create good ways to explain it, and develop sound advice.

The opening keynote is by Jeff Gleason, Director IT Strategies, Transamerica Life Insurance Company. He's speaking, from experience, on achieving reusability using SOA. Transamerica provides life insurance, pensions, and related investment products with the typical product offerings you'd expect. The complex piece, the part that drives SOA is the distribution network of independent agents, broker-dealers, banks, and other financial institutions

Jeff Gleason of Transamerica speaks at SOA Executive Forum
Jeff Gleason of Transamerica speaks at SOA Executive Forum
(click to enlarge)

The product Transamerica offers is not, of itself, a sustainable competitive advantage because competitors can copy products in a short time. Giving customers and distribution partners good service is the competitive advantage. In addition, the legislative and regulatory burden is heavy and there is considerable economic pressure (low interest rates, consumer confidence, competition, etc.)

The technical challenges include legacy mainframe systems running COBOL apps on VSAM, lots of complex, P2P integrations, redundant tools, and limited documentations and metadata. All this has created a brittle complex architecture that has created rather then being planned.

The environmental challenge includes a project-based culture, architecture, process, and tools. Last year there were 800 projects that resulted in something entering production. Jeff explains what he means by "project based architectures" as an architecture that has been built up over time where each project does what works best for that project. The result is an architecture that doesn't support change even though IT is the key vehicle that business executives use to support change.

In 2003 Transamerica started a project to define a strategic architecture. The strategic architecture has an integration focus for both applications and data. The architecture uses business services for functional encapsulation, BPM for process orchestration, BAM for process visibility, and a portal for user interface integration. The methodology is SOA.

Jeff shows an as-built diagram of their high-level integration diagram as it existed early in this process. The policy administration system is the core piece. The diagram looks like a plate of spaghetti. Splitting this diagram up shows lots of redundant functionality. The future-state diagram shows three layers: data, elemental business services, and composite apps. The data layer is not just a database, but includes infrastructure pieces like CRM, accounting, etc.

The first project enabled policy valuations. This was a batch-oriented process with multiple applications and data stores. There was significant ROI and great opportunities for re-use because this process gathers data that's core to the business. Business partners require valuation data (via SLA) in a timely manner, but as the number of policies grows, the ability to calculate the value goes down.

There were three key lessons learned:

  • Re-use doesn't happen in a vacuum. You need steward to implement and guide the process.
  • You need tools to understand what you have and what you need.
  • Process can be used to level the skill sets needed.

Two perspectives on reusability. What exists and how can it be reused (legacy apps, data stores, etc.) Whoops, missed the second.

The stewards for reusability are the architecture team. They look for patterns and standards and provide architecture level consulting and governance. There are business patterns, applications patterns, and product and technology mappings. An Integration COE shows how to implement the patterns and standards picked by the architecture team and provides implementation level consulting and governance.

Tools for reusability let you see what you have and model what you want. For example, they've created an business event viewer and records information about business events and can be browse or search these records. A second tool (built on Rationale's Requisite Pro tool) tracks business event tractability. This shows events, actors, and the object of the event.

A business architecture map shows how business event, functions, services, transactions, and data stores are related. This related the business architecture to the technical architecture. The map and other tools show where reuse is possible because redundant functionality can be seen.

The are four important parts of their process for reusability.

  1. New roles of technical and business architects have been created. They identify business and technical opportunities fore reuse, integration, and consolidations. They're also responsible for requirements management.
  2. Minimize Risk by identifying risks, developing prototypes, and using iterative development.
  3. Ensure Quality with quality gates and iterative development.
  4. Be seamless by tracking changes through requirements, designs, technical artifacts, test cases, and test scripts.

This process has had a real impact on design yielding configurable and dynamic services. For example, in creating a new design for agent validation services, Transamerica found components that have since been reused in three other systems.

SOA is not about technology like UDDI, WSDL, and SOAP and more about the organization that uses those things. Jeff didn't use the word specifically, but what he's really saying is that reusability requires good goverance and enterprise architecture.

10:31 AM | Comments () | Recommend This | Print This

March 14, 2006

Tag Cloud For My Blog

This morning's entry on categories got me thinking and I decided to try generating a tag cloud based on the keywords I put on entries. Here is the result. I like it because it gives an immediate feel for which topics I spend the most time on. The cloud doesn't show tags I used just once. To create the page, I followed Al-Muhajabah's instructions with a few modifications.

  • I'm careful to separate my tags by commas or whitespace, so I replaced 
    $wordlist = preg_split(
  '/\s*[\s+\.|\?|,|(|)|\-+|\'|\"|=|;|×|\$|\/|:|{|}]\s*/i', 
  $string);
    with 
    $wordlist = preg_split('/\s+|,/i',$string);
    The longer regexp was breaking things up more than I wanted and I was ending up with tags that weren't tags I'd created.
  • I modified some the font sizes to make them 25 points bigger all around. The smallest font wasn't readable, at least in Firefox.
  • I changed if ($count >= 1) to if ($count >= 2) on the grounds that if I've only used a tag once, it's probably not all that important.
  • Al-Muhajabah uses a SearchFields option in the search URL that doesn't appear to be supported by MovableType. As an alternate, I used the SearchElement option which is supported, but not for keywords. I modified the _search_hit function in $MTHOME/lib/MT/App/Search.pm to support the keyword field like so: 
    sub _search_hit {
  my($app, $entry) = @_;
  my @text_elements;
  if ($app->{searchparam}{SearchElement} ne 'comments') {
      @text_elements = 
          ($entry->title, $entry->text, $entry->text_more,
           $entry->keywords);
  }
  if ($app->{searchparam}{SearchElement} ne 'entries') {
      my $comments = $entry->comments;
      for my $comment (@$comments) {
          push @text_elements, 
                 $comment->text, $comment->author,
                 $comment->url;
      }
  }
  if ($app->{searchparam}{SearchElement} eq 'keywords') {
      @text_elements = ($entry->keywords);
  }
  return 1 
     if $app->is_a_match(
            join("\n", map $_ || '', @text_elements));
}

This seems to work pretty well, giving the right results in the search. I'm going to monitor it for a while and eventually remove categories from my blog.

11:59 AM | Comments (2) | Recommend This | Print This

Speeding Up MovableType

Movabletype can be slow. One reason for that is categories. Movabletype's default templates create one big huge index with all of the entries from the category. I've got one category with almost 1000 posts. I found this bit of wisdom from Tom Sherman on optimizing your templates.

The basic idea is to annotate the MTEntries tag with a lastn="10" attribute and then add another MTEntries block that just puts the title and permalink for the rest. I decided to test a few options.

  • The first option was to do nothing. Use the default templates.
  • The second option was Tom's method. The only change was I put 20 full entries instead of 10.
  • The third option was to add excerpts in addition to the titles in Tom's method. This makes for a more helpful page, but you have to calculate the excerpts (unless you add them for every entry).
  • The fourth option is to just put the last 20 entries and forget about the rest. That's what the search box is for, after all.

I timed how long it took to rebuild all of my category pages with each option. Here are the results:

  • default - 65 seconds
  • Tom's method - 40 seconds
  • excerpts - 58 seconds
  • last 20 entries - 27 seconds

So, you can shave 39% off the rebuild time with Tom's method. Using excerpts is not significantly better. In the end though, I went for speed because I'm not convinced how useful category pages are on my blog. They don't get many page views.

I've actually been thinking of doing away with them all together and just using keywords (which I add to each entry) to create tags for my blog. As an aside, to make adding keywords easier and ensure I don't forget, I modified $MTHOME/tmpl/cms/edit_entry.tmpl to move the keywords box right under the title box. That helps a lot. I use George Hotelling's Technorati tag plugin to generate tags at the bottom of my individual archive pages that have the right Technorati links.

9:59 AM | Comments (1) | Recommend This | Print This

Firefox Upgrades Still Painful

I've been putting off upgrading to version 1.5 of Firefox on OSX for a while now because it's always a bigger pain than it ought to be. Last week I was forced to for reasons that I won't go into. Like past upgrades, l had to play games to get SpellBound (the spell checker plugin) to work and enable Emacs keybindings to work. At version 0.9, I could understand and put up with this, but I'm growing tired of it at version 1.5.

8:41 AM | Comments (1) | Recommend This | Print This

March 13, 2006

Internet Identity Workshop 2006

Kaliya Hamlin, Doc Searls and I will be holding another installment of the Internet Identity Workshop at the Computer History Museum in Mountainview, CA on May 2 and 3. We're also holding a half day "intro for newbies" on the afternoon of May 1st for people who want to join the conversation on Tuesday and Wednesday. I've put up an announcement with details. Look for a registration page later this week, but I wanted people to be able to get it on their calendars now.

Please link to the announcement and help spread the word.

6:35 PM | Comments () | Recommend This | Print This

Kinetic Energy and the Web

Just finished a nice little article at A List Apart on Flywheels, Kinetic Energy, and Friction by Nick Usborne. The premise of the piece is pretty simple: when you make a call to action on the Web (ask someone to do something) you're transferring kinetic energy to them that carries them through the friction of doing whatever you want them to do: fill out a form, check out a shopping cart, etc. Here are some key points:

  • Maximize the transfer of energy with words and design
  • The bigger the task, the more energy you need
  • Reduce friction where ever you can by simplifying the process.

This reminds me of something Ron Kohavi said few weeks ago at the CS Colloquium about shopping cart abandonment. They discovered that adding a "enter coupon code" field to a checkout page significantly increased abandonment. Everyone stops and thinks "I must not be getting the best deal I could!" Friction.

I was wondering how this applies to blogging. Do I want anything from you? Your attention, I supposed in the form of comments and links.

4:48 PM | Comments () | Recommend This | Print This

March 11, 2006

ETech 2006 Photos

Dave Sifry
Dave Sifry
(click to enlarge)

I finally was able to unload my camera and post my pictures from ETech. Enjoy.

On a related note, I recently discovered that something I'm doing in my template for Gallery is making it so that photos don't show up in Safari. I'll have to look at that.

6:37 PM | Comments () | Recommend This | Print This

Answers About Identity

James McGovern asked me some questions about identity. Here are some answers:

James: If I work for a premier outsourcing firm and I have been asked to develop a software architecture document describing how identity should work and be consumed within an enterprise application I am thinking about, what should this document look like?

That's a question with a long answer. The short answer is "read chapters 13-20 of my book. There are multiple parts, including a data model, a process model, an interoperability framework, a policy set, and multiple reference architectures.

Taking the above question, one step further how should they describe the notion of entitlements?

I believe that entitlements should be managed by information owners or custodians and that the architecture should allow for that. Further the number of entitlements has to be limited to certain classes of data.

In a federation that actually consumes identity of an outside party, the possibility exists for conflicts. For example, let's say that I wanted to have E&Y employees audit our books for one part of the company and them also consult on changing the general ledger. Ignoring for a moment that this is against the law (in most cases for public firms) who has the responsibility in terms of an identity ecosystem for handling the notion of a Chinese Wall?

Federation should extend to authentication, not authorization. Thus while E&Y would be responsible in the above scenario for saying who was an E&Y employee and authenticating them, the host company would be responsible for ascertaining who had access to what.

InfoWorld does a great job of covering all the wonderful vendors in this space and all of the wonderful products that are available for sale but readers don't know which Fortune enterprise has the most mature thinking and/or implementation in this space. What would it take for this to be an upcoming InfoWorld article?

I just finished a feature story on federated identity governance that focuses on what real companies are doing to solve their federated governance problems. That might have some of what you're after.

5:08 PM | Comments (1) | Recommend This | Print This

March 9, 2006

Mark Hurst on Email Productivity (ETech 2006)

Mark Hurst, the creator of GoodExperience.com and ThisIsBroken is speaking on Bit Literacy: A Strategy for Productivity in Your Bit-Drenched Life. Here's what bit literacy means.

Mark goes specifically to email to bring the conversation down to nuts and bolts. Mark recommends a rule of getting your inbox count to zero at least once every business day. Here's the method:

  1. Find the very most important email in the inbox. Mark believes these are personal emails from family and friends. Spend time reading them and processing them (reply, print, file) and then delete them.
  2. Go to the least important messages in the inbox. These are FYIs, large mailing lists, alerts, etc. You get one shot to read them and then delete them. If you're not going to read it right now, delete it. The chances you'll come back to it are very low.
  3. The remaining things in the inbox should be action items. Anything that can be done in less than a few minutes, do it right now and then delete them. Don't do anything but deal with them.
  4. What's left are the hairy, meaty todos. You can't leave these in the inbox. What to do? move them to a proper todo list and then delete them from the inbox (or refile)

Your inbox in now empty. You get a message count of zero. That's the magic number--make sure it gets to zero. You have to experience it to understand the emotion of getting the inbox empty.

So, moving to the issue of a "proper todo list." Mark mentions TaDa lists and RememberTheMilk.com as good list makers, but not proper todo lists. Mark has developed GooToDo as an online todo list that meets his definition of a proper todo list. What defines a proper todo list? You have to be able to move todos from the email box to the todo list easily. GooToDo allows you to forward emails from your inbox to the todo list. The subject line becomes the summary view and the body becomes the detail. Another issue is that you have to be able to filter the future. Proper todo lists should only show you want you have to do today. Lastly, you should have one list and one list only.

1:19 PM | Comments (1) | Recommend This | Print This

March 8, 2006

reBlog (ETech 2006)

Michael Frumin and Michal Migurski, the development team behind reBlog are showing it off. At first glance, reBlog looks like an online feedreader (with a nice interface). The difference is that reBlog is aimed at using the information in feeds rather than just reading it. You can easily republish information, archive it, tag it, add comments, and so on.

In addition, a plugin architecture let's programmers and developers add new features to the RSS processing chain and customize it to specific uses. For example, you could subscribe to a feed that contains items from eBay and then use the plugin to connect to eBay and pull down additional information about the item (not included in the feed) using the eBay API.

reBlog is in PHP and can be loaded on your own server. There are Wordpress and Movabletype plugins that interface with reBlog. This allows easy reuse of content in feeds. GardenVoices from iVillage is an example of a reBlog.

There are questions of copyright and re-use that the tool doesn't answer. Still this is not splogging software that just republishes content without attribution. In the end, there's a human in the loop; making editorial choices, as it were.

11:19 PM | Comments () | Recommend This | Print This

Peter Norvig at BYU

With the reams of stuff I spewing out at ETech, there's a real danger this will get lost in the middle, but I persist. Peter Novig, Director of Search Quality at Google will be speaking at this week's CS Dept. Colloquium. If you're in the area and interested, you ought to try to go. I think it will be very good. I'm genuinely sorry I'm going to be in CA and miss it. Here's Peter's abstract:

The system of publishing the written word has made more knowledge available to more people than any other technology. No other system comes within a factor of a million. Now that a good portion of this written material is available online, it can be processed by computer. But the written word is notoriously imprecise and ambiguous, so currently the best way to make use of it is to leverage the intelligence and language understanding ability of author and reader, and relegate the computer to the more modest role of connecting the two. Even this modest role still leaves a number of challenges in computer science, computational lingusitics, and artificial intelligence, which will be discussed.

The colloquium will be held, as is our tradition, on Thursday at 11am in 1170 TMCB.

5:48 PM | Comments () | Recommend This | Print This

Alex Russell on Comet: Beyond AJAX (ETech 2006)

Alex Russell, who works at JotSpot and did the DOJO Toolkit for JavaScript is talking about Comet and low latency data to and from browsers (slides). The subtitle is "after AJAX." The goal is responsiveness. AJAX gives you half the answer. AJAX is about me. Social applications are driven by others--the multiuser web. How do we send the datagrams that users make to each other.

To any one user, the server represents the other users. Because the Web is a multiuser experience, single interaction updates aren't enough. Users in the same "space" need live updates of their own changes and the changes others make. Updates to content affect available actions. Stake context may mean the wrong decision.

If the Web is a conversation, then stale context kills. When you create a page, or tag a picture, or something else, you're chaining context. Conversation mediums are defined by latency, interrupt, and bandwidth. He gives some examples (in order of latency): snail-mail, email, IRC, SMS, IM, phone, and finally face-to-face.

Polite users use high-interruption mediums as infrequently as possible. Traditional wikis are fraught with usability issues.

Wikis are conversation enablers that are traditionally medium-to-high latency and not well suited to high volume changes. There are locking issues. AJAX allows more context to go stale. What is changing on the wiki as I edit? Who wants to break my lock? Have attachments been added? Is the text of the page itself changing?

Conversations are ordered events. Granular interfaces require granular events. Granular conversations are more immediate (IM vs. email). Social applications are even busses. Social web apps just batch changes today. The are no effective was to "subscribe" to server events today. To fix the context, we need to syndicate the events.

Event broadcast requires synchronization. Comet is a technique for pushing data from the server. New term, but old tech. This is enabled by long-lived HTTP connections instead of polling. There are similarities to AJAX: no new plugins, plain-old HTTP, asynchronous, broad browser support.

Here are some examples of systems that use Comet: GMail, GTalk, JotLive, Renkoo, Meebo, cgi.irc, KnowNow, and others. Note that Comet isn't a framework or toolset, its a concept like AJAX. Alex is coining the term Comet so that it has a name.

How is Comet different from AJAX? In an AJAX application, the client drives the interaction. The problem is that context and manipulated content go stale at different times.

Comet application fight lag by avoiding HTTP and TCP/IP set-up and tear-down and a single connection is re-used. But the big kicker for AJAX is polling latency which Comet avoids. The big takeaway: transfer only the necessary data, exactly when it's most relevant.

There are two implementation techniques: Long-polling where you reconnect after every datagram. This is simple to implement with XmlHTTPRequests. Another method is to use multi-part XmlHTTPRequests. This works differently on IE and Firefox and doesn't work on Safari. No known system does this portably today.

Another technique can use what Alex calls a forever-frame. A forever-frame is an iframe or browser frame that receives script blocks and uses progressive rendering. This is highly portable and allows connections to subdomains. The connection only closes when there's an error of the connection recycles.

Most commodity Web servers won't cut it today. This is why the alternate subdomain idiom is important. You can run the main app off the primary Web servers and then do the continuous updates to a special server. The problem is that each connection takes a process or thread and there might be thousands of them. Comet can reduce load but not on your current Web infrastructure. Polling is a latency trade-off. Comet is an architectural complexity trade-off.

WE need better event based tools. Servers don't know about events as such. OS's have edge-triggered event IO mechanism (epoll on Linux and kqueue on FreeBSD). At the network level, we need application environments. Perl's PEO Python's Twisted, Java's Jetty and event_mpm from Apache (in 2.2). The good news is that the OS's can handle it.

The news on the client isn't so good. Clients can't make more than two HTTP connections to any box/subdomain (per spec). Firefox may not adhere to this limit. IE is draconian. The JavaScript code needs to know about this and deal with it--right down to peering with other browser instances and managing connections

There are some workarounds: multiplex events for multiple components over the same connections. We need message oriented middleware for the client. You can also use DNS hackery with wildcard DNS to increase the available subdomains.

Is Comet good for users? If users are all trying to do the same things at the same place to some piece of data, then you need it. Can presence data improve the conversation. If the data can go stale and no one notices, then you don't need it.

Some early lessons: work with interaction designers. Learn from desktop apps--they have the same design problems. be consistent. Let users know why the data is changing and who changed it. Communicate connection failures clearly. Push data updates, not functionality changes.

Update: Randy Gordon pointed me to this work on an architecture called SEDA which stands for "staged event-driven architecture." i haven't read through it yet to get a handle on it, but I didn't want to lose it--attaching it here may be useful to you and will definitely be useful to me.

4:14 PM | Comments (1) | Recommend This | Print This

Mary Hodder on iTags (ETech 2006)

Mary Hodder is talking about itags. An itag is a tag + author identity + CC license + media object. Media objects can be text, photo, video, or audio. Trusing tags means trusting the maker of the tag. By uniquely identityfy the object, the tag, the author, and the licensing; the itag can live anywhere.

The goal of all this is to put tags and objects together so that they can be included in places like feeds. "I-tagging would remove the requirement for a tag to be coupled with the originating URL (blog post URL) because identity would be inside it."

The assumption of rel-tag is that the tag is the object. The assumption of itag is that the tag is the subject and the class attribute is the object. Still because backwards compatibility is important, itags use the same syntax as rel=tags, and just adds a class attribute. The class attribute is a URL. There are other variants for licensing itags.

One thought I have in looking at this is that the licensing style of markup would be an effective way of adding identity rights to marked up identity data.

As a meta comment on the presentation, Mary used NovaMind to gather the relvant issues surrounding here central premise and then presented by following the branches. I found it to be effective, but the fonts could have been bigger. I had trouble reading it in the second row. I pity the people in the back.

3:32 PM | Comments (2) | Recommend This | Print This

Christopher Payne on Windows Live (ETech 2006)

Christopher Payne from Microsoft is giving a demo of Microsoft's new live.com services. He's standing on stage in a suit. The visual discontinuity of that is jarring. His assistant, Frederick, is adding new widgets to a page, very AJAXy. The visuals are pretty slick.

Live search let's you search within the results. There's a smart scroll bar that dynamically grabs information as needed so that you don't have to click "next" and "prev" to get other results.

Image search has been completely rebuilt. Nice slider bars allow you to reduce or expand the size of thumbnails in image search. Again, the continuous scroll works for images as well.

Feed search allows you to search for feeds, preview the entire feed in the search results, and then add it to the built-in live.com aggregator.

Live.com has somethings called "search macros." You can build a recipe search engine, for example, and then share it with others. There are 43 examples (a coincidence?) on the Microsoft Gadgets site. You can mess with priority, results, and so on. He demos by searching for "crush" on the normal search engine and gets lots of results. He then goes to the custom "seattle" search engine and does the same search and finds lots of information about the Crush restaurant, more specific.

Intent based queries are a powerful way to build community. Doc Searls said yesterday: attention is much less important than intention.

Microsoft bought OnFolio today. This seems like an Internet Explorer sidebar and it included with the Windows Live toolbar. It allows you to build collections of things something like, although not as complete, it seems what we just saw with Plum a few minutes ago.

1:41 PM | Comments () | Recommend This | Print This

George Dyson on Turing's Cathederal (ETech 2005)

Ester Dyson introduces her brother George. She says that his job as a historian is to determine what is worthy of our attention. George talks about the "prophets" of the computer age. People who saw things long before their time.

George recounts some of the early 20th century thinking about artificial intelligence. In contrast to some of these earlier ideas are ideas about collective intelligence.

Alfred Smee defined ideas about bit-mapping and search engines in the mid 19th century. Thomas Hobbes, in 1651 posited automata and the question of whether they have a life of their own (in addition to inventing recursive functions).

Leibniz proposed a marble and track based binary computer in the mid 17th century. Von Neumann used his work in making the first binary shift registers.

Godel contributed the key idea that any mathematical function can be given a number and manipulated before computers even existed. Ross Ashby's

George shows some of the original papers that start to develop the language of computing. von Neumann taught his wife, Klara to code before ENIAC was even done and she became one of the first computer programmers.

George makes an interesting comment relative to some early comments by Barracelli that the numbers were just numbers. George says that the numbers were a genotype looking for a phenotype. Software developers by applying programming to problems have given them a phenotype by allowing them to affect the physical world.

The meaning is less and less in the code and more and more in the data: links, as an example.

Ross Ashby's design for a human brain (old book) is the architecture for Google. We don't have to understand an intelligent machine in order to build one. This reminds me of something Alan Kay said about engineers being successful at building things long before science had anything to say about it. We might eventually realize that we've been building search engines, but at some point they became intelligent. Turing said that intellectual activity consists mainly of various kinds of search.

1:25 PM | Comments () | Recommend This | Print This

Michael Goldhaber on the Real Nature of the Attention Economy (ETech 2006)

Michael Goldhaber is speaking on the real nature of the attention economy. Michael's been working on a book about attention on this subject since the 1990's. He thinks that this conference has its feet in two paradigms: the attention economy and the old economy. "You all don't know what world you're in. You're like butterflies that think your caterpillars." Attention is a different way of being.

Michael sees attention as a new level in the massively multiplayer game known as western culture. The economy is a single level game, but economic history is a multilevel game. The first level was the feudal economy (800-1200). The economy ran on winnings through fighting, by becoming a vassal of some other Lord, and marriage.

The second level emerged out of feudalism. This was the market-money-industrial (MMI) system that ran from 1650-1980. That gap was the transition period.

Michael views the next level as the attention economy. This is a completely new level; a new kind of system. You can't describe the stock market in terms of feudal society. Neither can you describe the attention economy in terms of MMI.

Each level has new rules, roles, goals, and moves. New levels emerge from basic human proclivities and a whole list of other things that I couldn't type in fast enough.

Going from feudal to MMI happened because Western Europe was secure. The openings for the change were ungoverned cityspaces, safe travel, and mostly no slavery. The feudal system lacked material goods.

Going from MI to Attention can happen because of material abundance. The openings were large high schools, broadcasting, publishing, and the Internet.

The goals have changed from loyalty to material goods to attention The roles have changed from knights to owners to stars and fans.

What is attention? Attention is scarce and always will be. It is very desirable. Paying attention is a complex thing and includes a broad range from hearing to obeying, to remembering. Paying attention means you allow someone else to shape how your mind works.

Attention isn't just about time. There's an intensity component. If you pay attention to someone, that person owns part of your attention and will continue with you until you go senile.

We can think of owning a little piece of property in the minds of people who have paid attention to you. Finding meaning in life comes from sharing meanings with others. This can only happen if you get some of their attention.

Being productive means being able to increase the amount of attention one gets.

1:20 PM | Comments () | Recommend This | Print This

Hans Peter Brondmo on Plum (ETech 2006)

Hans Peter Brondmo is speaking on "First You Google, But Then What?" When you have a question, you direct it to the great oracle: the search engines. The problem is that you can't make those results personal, collect them, rearrange them, and share them. Plum is a system for building collections of things that you find on the 'Net and share them. You can also collect from applications on your machine, including email, photos, music, etc. Has Peter demos how the tool (called a plummer) can automatically build a playlist of songs you're listening to.

Plum also creates a destination, if you like, that looks like a blog of things you do. The plummer has a plugin architecture so AppleScript of VBScript can be used to add support for other applications. The collections can be mashed up with blogs to display anything in a collection as part of the blog.

12:35 PM | Comments () | Recommend This | Print This

Joel Spolsky's Report Card (ETech 2006)

Joel Spolsky is speaking on creating blue-chip products. His formula:

  • Make people happy (control)
  • Think about emotions
  • Obsess over aesthetics

AJAX is an example of something that can make people happy by giving them instantaneous feedback. He points to the Ambercrombie Web site as an example. He gave the example of cars for emotion and the iPod for aesthetics.

How are people living up to the formula? He brings up reddit. It uses AJAX, has a cute alien as a mascot (large eyes and bald--looks like a human baby). The alien creates cartoon stories that create an emotional bond. There are points for posts and what people think about them, that make you go back and use it. The report card: happy: A, emotion: A, aesthetics: B, final grade: A.

He brings up a Motorola phone from last year and shows the Razr. Motorola has obviously thought about this. The Motorola Pebble is the same. Grade: happy: D (no control), emotion: A, aesthetics: A; final grade: B.

What about Internet Calendars? He decided that scheduling flights was the ultimate test. Yahoo Calendar gets a failing grade. He brings up AirSet. Aesthetics aren't good, but it's very functional. Grade: happy: A, emotion: B, aesthetics: C, final grade: B.

On aesthetics: All Web design is ugly. Enough with the pastel arial fonts! You're all copying Google. That's not what made Google Google. Google's minimalist design works as a revolt against the old-style portals. It's not good in and of itself. Google was making a statement. When you copy their fonts, you're not making a statement. So, Web site design in general gets a F.

11:37 AM | Comments () | Recommend This | Print This

Brian Dear on Eventful and EVDB (ETech 2006)

Brian Dear from EVDB and Eventful is speaking on calendar as platform. His talk is title "When Do We Get the Events We Want?" He gives a quick overview of the company. EVDB stands for the Events and Venues Database. The goal is to maximize event discovery. The Web has done a pretty bad job of getting people to the events they're interested in. Making data for events open and portable is important, so is having the right tools to manage that data.

The company has a platform called EVDB and a portal called Eventful. Anyone can use EVDB. The portal has three dimension. First, known events and the various capabilities like search, groups, submission, tags, feeds, etc. that go along with that. The primary goal is attention for the event.

The second dimension is expected events. These events don't exist yet, but they're expected to happen in the future. The primary tools here are prospective search and notifications. An example: notify me if Tim O'Reilly is ever speaking within 100 miles of my zip code.

The third dimension is about dream events. These are events that you wish would happen. The primary tools provide a way of aggregating demand. This isn't just a wishlist. The goal isn't to sell the demand data to labels or promoters. This is about fans and performers. Unconferences are an example of this in the tech world. This is basically a marketplace for experiences.

Brian shows off the tools for creating demand. This feature just launched today. The tools are pretty cool. Good creation tools, ways to create blog stickers, and a dashboard for following what's happening. Demanding something doesn't mean you'll get it, but this feature at least let's you try.

11:14 AM | Comments (1) | Recommend This | Print This

Clay Shirky on Moderation Strategies (ETech 2006)

Clay Shirky is speaking about pattern languages for moderation strategies. A pattern is a combination of a goal and strategy combination that's detailed enough that you can see how to build it, but not so detailed that you can't repurpose it to a different domain. This has come into vogue in the object oriented world.

Clay suggests a pattern strategy for moderating discussion. He shows a graph that has "freedom to create group communications" vs. "Annoyingness". The problem is there's a steep knee in the curve, meaning that there's a point where as soon as you get a certain level of freedom the annoyingness of the group skyrockets.

Clay uses Slashdot as an example of defending against this. Slashdot has managed to not be swamped by negative activity over the years. The basic trick is that Slashdot members defend readers from writers. He describes the karma system. The average reader never see posts rated 0 or -1. That accounts for 20% of the comments. Moderating is done by logged in users with high karma, randomly selected to moderate, who have chosen to moderate. That's a daunting chain of decisions.

Slashdot isn't easily replicated, even by using the using the actual code base. Neither the gestalt of understanding nor the actual code is sufficient, so we need a pattern.

The problem Slashdot faces is the tragedy of the commons. Each poster has a motive to hurt the commons to gain notoriety for themselves. Here's the pattern:

  1. Move comments to a separate page
  2. Treat readers and writers differently
  3. Let users rate posts
  4. Use defensive defaults

But who guards the guardians? A second pattern solves the problems that the first pattern creates:

  1. Treat users and members differently
  2. Measure good behavior
  3. Enlist committed members
  4. Judges can't post

Clay points to the Bronze Beta, a Buffy the Vampire fan site. He describes it as the simplest group blog you can imagine. It works, despite its simplicity, or maybe because of it. He makes the pattern explicit:

  1. Don't have features
  2. Make Comments central
  3. Make login optional

This is the experimental wing of politic philosophy. As group conversation and cooperation move the the digitally mediated environment, we are encoding the methods of interaction. We need to get it right. We have a duty to get it right. Society needs us to get it right. having a language to talk about this is a place to start.

10:35 AM | Comments () | Recommend This | Print This

Jon Udell on Seeking Attention (ETech 2006)

Jon Udell is the morning's opening keynote. We are all seekers of attention. We all have ideas we'd like to promote and agendas we'd like to publicize. So, we all make claims on other people's attention. The focus of his talk is how to reward those who give us attention. Jon sees for patterns.

First patterns is what Jon calls "Heads, Decks, and Leads." An idea from the world of "dead trees" these give users information about context switches because they're hard and time consuming.

Writing good titles, naming things, is hard because there's a cognitive dissonance in trying to see what we're doing from the reader or listener's perspective. He gives an example from a blog post that shows up nice in the browser and in an aggregator, but not in the search research because Google only sees the document title and many blogs don't put the article title in the title box.

You see similar problems with search results that don't show author and dates. Jon recommends structuring document titles on the Web so that they contain information a searcher would like to know to make a decision. He shows a screencast of search results from things on IDG that has expanders that show you more information about the result on demand.

Jon's pet peeve is message titles in discussion threads. Threading is based on titles in many cases, so the technology reinforces repeating the title over and over and not giving searchers good information about the message contents.

The second pattern is active contexts. One example of an active context is what Jon calls "active collections." Active collections is the idea of collecting together all the related information about a resource, including tags, related documents, etc. and giving it a name. Active collections are future proofed because what you hand back to represent the active collection is a URL representing a query.

He shows another example of an active context. He's linked his Amazon wishlist to his library lookup project. He went further and hacked GreaseMonkey to modify Amazon so that whenever he looks at a book, a link shows up if that book is available at his local library. Clicking on the link takes him to that library lookup.

Another example is a slider at wikipedia that allows you to show changes and move through time by moving the slider. That's a big help for people who read diffs for a living.

A third pattern is canonical names. Names like "podcast" and "AJAX" show the power of names. URLs are another great example. ISBNs are an example of names that lack an important property. Each version of a book (hardcover, paperback) has a different ISBN without knowing what class they belong to. There's a service that maps an ISBN to the class it belongs to. Another example is the IT Conversations audio clipping service.

A fourth pattern is multimedia storytelling. We're natural story tellers. He uses the example of retrieving information about a particular audio clip by remembering how far he was on his run. Jon mentions the ACLU pizza ordering video and how it was incredibly viral and actually peaked before the technology community became aware of it. Another example is the iPod packaging spoof. As technologists, we need to be more aware of the power of these kinds of powerful stories to get our message out.

10:05 AM | Comments () | Recommend This | Print This

March 7, 2006

Microformats (ETech 2006)

Tantek Celik or Technorati and crew are doing a microformats talk. He says that microformats are more than just good class names. There are principles that keep things "micro," process that emphasized getting real, and community that minimizes duplicates.

Here's the process:

  1. Pick a specific, simple problem and define it
  2. Research and document current web publishing behavior
  3. document existing formats in the problem area
  4. brainstorm with implied schema and reuse names
  5. iterate within the community

Rohit Khare takes the mic to talk about work he's doing on microsearch for microformats. One is called miffy. I didn't get the name of the other project. miffy pops up a window that shows microformats on a page. You can send data you find to a index that provides streaming, pubsub-like capture of the stream for display, searching, etc.

Mark Pilgrim takes the stage to talk about magicwand, a GreaseMonkey script that understands microformats. Magicwand searches on pages for microformats (and other things) and gives you a command line for finding them.

Yoz Grahame of Ning shows how microformats are built into Ning. Ning is a social software framework, so there's lots of room to use hCalendar, hCard, and other microformats.

7:06 PM | Comments (1) | Recommend This | Print This

Tim Bray on Atom (ETech 2006)

Tim Bray is speaking on Atom as a case study. RSS is the most successful use of XML in existence. If it's that successful, why replace it?

Tim outlines some problems with RSS as specified:

The RSS specification says "one only", but many podcasts use multiple enclosures. Clients vary unpredictably in how they support them.

There is silent data loss. In a title element doing AT&T or AT&amp;T or fails silently. The only predictable way to do it is AT&amp;amp;T and that just sucks.

Links sometimes don't work. In an RSS <description>, putting a link to an image doesn't work with relative paths. You have to have absolute paths.

IRIs (international resource identifiers) cause problems. The RSS spec says you can't have anything but ASCII.

The RSS related APIs (MetaWeblog and Blogger APIs) are under specified, under secured, poorly debugged, offer little interoperability, and omit many important authoring features.

HTML has been successively and successfully revised over the years. HTTP and XML are other examples. RSS is fixed and can't be changed. The RSS roadmap suggests that big projects be done in a separate project with a different name. So, if you want to fix them, that's what you do.

There's also a "syndication culture" Tim launches a slide show that features the Cry of the Valkaries as the background music and various pictures of people fighting, nuclear bombs, wars, and so on. "At the end of the day, is this just kittens fighting under the toilet?"

The Atom specification requires over 17,000 email messages to debug. Why so many? These are hard problems and take a lot of work to get right.

Atom is going through the IETF process. All decisions are made by email/wiki. Consensus is decreed by the chair and may be appealed. The IETF process is long and hard, but prevents any one person from taking control of the spec and using it to their own end.

Atom is like RSS2, except that feeds and entries must have unique IDs, timestamps, and human readable labels. This is important when feeds are aggregated to form other feeds. Text can be provided in plain, HTML, or XHTML, with clear signaling. Atom can provide both summary and full-content. Namespaces and extensibility are clean because of the "must ignore" rule.

Atom is the general purpose collection idiom that XML has never had before. XML has been about trees, not collections. There are lots of hacks on how to do collections, but no standards. Atom can be that standard.

The Atom publishing protocol uses a trick to avoid the problems WebDAV has had with clients having to know about and manage the URL space on the server. In Atom, the clients gives the feed something to POST and the server returns the URL where it put the post in the HTTP response header. Good idea.

The Atom publish protocol is the missing infrastructure link in making the Web writable by everyone.

If you're doing blogs and news feeds, RSS2 is good enough. "RSS2 won't be displaced. It's going to be with us for a long, long time." If you're doing more technical feeds where there's a premium on not losing data, then you need Atom. Implementors should probably support reading RSS2 and Atom 1.0.

The protocol is a different story--potentially a game changer.

6:23 PM | Comments () | Recommend This | Print This

Derek Powazek on Community

Derek Powazek is talking about new communities on the Web. He says that the Web is less about companies createing "company" towns and more about people creating their own spaces. He uses the Technorati Top 100 bloggers as examples of people who have enormous reach and create their own community.

Company town are communities, but they're extrememly authoritative. If you step out of line, you can find yourself out of the community. When you create your own community, that's no longer true.

Derek mentions MeasureMap as an example of a site that helps manage community--showing visitors and posts. I've wanted to see connections between posts I make and the traffic then generate. Maybe this tool will do that?

ORBlogs is an example of community creation. It's an aggregator of blogs in Oregon. Similar to what we're doing with the "other voices" section on the home page of UtahPolitics.org.

There are pros and cons to self-ownership of community.

On the pro side: self-ownership means no one can turn you off, it's more human in scale, there are fewer bozos, and no one graffitis their own house.

On the con side: no one's in chrage, there are no moderators, it's harder to converge and the tools are still difficult.

Living in a company town is like living in your parent's house. There's some comfort in having someone else in charge, but you have less freedom. Eventually we move out because the freedom is more important than the convenience.

Here are examples of modern company towns that play nice in a networked world:

  • Flickr: open APIs, RSS, tags, blog this photo
  • YouTube: Blog this video, contribution culture
  • MySpace, Friendster, etc. public/private to some degree
  • TypePad: Decentralized, but still SPOF (single point of failure)
  • Last.fm: Connected to apps

Some advice: Treat your community well because they'll leave if you don't. On the other hand, they may leave anyway just because they want more freedom. You can't create community in the Web of today. Go to the communities that form. He gives an example: he and his wife created a magazine called JPG. Rather than creating their own online community, they created a group at Flickr. Now they have over 10,000 members in their group and are one of the top ten groups at Flickr.

5:24 PM | Comments (1) | Recommend This | Print This

Heuristicrats (ETech 2006)

In a talk on the Hunch Engine at ETech, Eric Bonabeau used the term "heuristicrat" to describe professionals who use years of professional experience in a black box decision process to limit choice. His example was an architect who says "no" to almost every question the client asks in an effort to channel the client into a small set of designs the architect is comfortable with. Heuristocrats don't think outside the box, as it were.

3:05 PM | Comments (1) | Recommend This | Print This

Linda Stone on Attention

Linda Stone, speaking on Attention as the Real Aphrodisiac asks the audience these questions:

  1. I always pay attention
  2. I pay partial attention
  3. The way I use technology improves my quality of life
  4. Technology compromises the way I live my life
  5. Technology sets me free
  6. Technology enslves me

Continuous partial attention (CPA) is a phrase Linda coined to describe the way people live in the world of high-tech. It's an adaptive behavior. We're on our way toa dapting beyond it. CPA has been a way of life for many. It's a post multi-tasking approach. In multi-tasking, we give the same priority to much of what we do. We get as many things done as we can.

In the case of CPA, we're not motivated by getting things done. We're motivated by getting noticed, connecting with others, scanning for opportunities, at any given moment. There used to be a time when people wouldn't consider picking up a phone during lunch, but now it's commonplace. You go to lunch and you spend it witnessing each other's phone calls. We've stretched out attention bandwidth to it's upper limits.

We operate with a collective sense of ideals and values. In the era from 1965 to 1985 the collective ideal was all about "me" and "self expression." We began yearning for a connection to others. From 1985 to 2005, we lived in the era of connecting. The network was the center of gravity. We moved from valuing productivity to valuing connecting. We went from creating opportunity to scanning for opprotunities.

The 24/7 thing isn't feeling so good. One CEO demanded that people disarm when they come in. Other's have different types of meetings. Informational meetings are OK for CPA, but decisions meetings require no distractions. How many of the 500 emails you get a day are urgent (a tiger). The CPA lifestyle is becoming overwhelming.

Everything in nature has a cycle. There are periods of training, periods of rest. If there is no winter, there is no spring. At the moment, we use every technology at our disposal to communicate and to be communicated with. Email is not very effective for decision making and crisis management. But we're still trying. We have to opportunity to come up with new strategies.

Conflict resolution is best done synchronous and with high bandwidth. Crisis management demands synchornous communication at any bandwidth. Email is an attention "chipper shredder." It is a dangerous tool that should come with instructions on how to use it safely.

We're on the edge of the next shift. "Connect, connect, connect" brought us to the place where we're overwhelmed and unprotected. We want protection and security. We're moving into an era that's all about discerning opportunity. We want to sort through noise to find signal. iPods are as much about protection as they are about choice (that's why I use one on airplanes).

Discerning opportunity: what do we really need? what do we pay attention to? Ease of use has been the mantra of everyone and that's good, but it's no longer good enough. The new mantra, the new differentiator is "does this product or service improve quality of life?" That's the only way to differentiate going forward. Does it help protect, filter, create a meaningful relationship going forward?

Quoting Dee Hock, Linda talks about how information becomes knowledge when it's integrated with other information. Knowlege becomes understanding when it's useful for making decisions. The knew opportunity is to move from being knowledge workers to being uderstanding and wisdom workers.

1:13 PM | Comments () | Recommend This | Print This

Sifry on the Attention Economy

Dave Sifry of Technorati is speaking on The Economy of Attention. What are the rules that guide the attention economy and how are they different than the rules we're used to in the real economy. Attention is about time directed to a purpose by people.

Most economic models focus on what is scarce in the system. Economic systems aren't only defined by what is scarce, but it's a pretty good tool to find the seams in the fabric of the economy.

In the attention economy, computing power, storage, network bandwidth, and even money aren't scarce. Time is what even people like Bill Gates don't have enough of. We have a finite supply. What else is scare? Not information. Social connections to people are hard to scale.

We can't create time and we can't hoard it. Its a perishable item. Aggregating attention artifacts (where I spend my time, on what activities, and for what purpose) is valuable. Yahoo! and Google value their clickstreams because it gives them insight. Create attention data is easy. Just live your life and the data can be capture. Explicit metadata also adds value (tagging, as an example).

One of the most beautiful words in economics is productivity. This gives you leverage over the raw inputs. Productivity grows an economy without expending any new material. How can attention increase productivity? Technorati was Dave's effort to help him save a lot of his own time by giving him what he wanted when he wanted it.

How can this be applied?

  1. Incorporate an understanding of time and people deeply into the design of applications. He uses tech.memeorandum.org as an example.
  2. Attention is both a currency and a perishable. Make it easy to create and express attention.
  3. Hyperlinks are votes of attention (Steve Gillmor disagrees with this, I think).
  4. Look to create opportunities for economies of scale in participation.

12:58 PM | Comments (1) | Recommend This | Print This

Cory Ondrejka on Web 3.0

Cory Ondrejka from Second Life is speaking about what he things is one of the most interesting aspects of Second Life: the departure from the usual pain vs. participation graph. Even though making things in Second Life isn't easy, there's an unusually high participation rate. People who use spaces like Second Life tend to look at them as real space. These are garnering a lot of the attention that people spend.

The economic scale of Second Life is impressive: over the last 30 days, 240,000 distinct items were bought an sold. The conventional wisdom is that user created content wouldn't be high quality, but that's not the case.

Cory talks about users protesting taxes by lighting stuff they'd made on fire. That obviously affected user acquisition.

Second life has 90,000 hours of usage per day. If you do the back of the envelop calculation to figure the cost of developing all the things people in the space make, it's about $400 million/year.

UC Davis created a virtual hallucination simulator so Second Life residents could see what it's like to be schizophrenic.

Second Life demographic data shows it's gender balanced and older than people who play games. There are hundreds of classes on Second Life about how to use Second Life. Amateur to amateur teaching happens all the time. There's great opportunity to apprentice and learn from experts.

12:38 PM | Comments () | Recommend This | Print This

Multitouch Interaction (ETech 2006)

Jeff Han, from NYU's Computer Science department is giving a demo of something called Multitouch, a new computer interface. he has a rear projection graphing table with a multitouch sensor, something not normal on a touch screen. You can do chording, for example.

He shows a fluid simulation (lava lamp) that responds to multiple touch. You can easily see how you can do things to the interface that you can't do with a single point of touch (like a mouse).

He demos a photographers light box application. Picking up pictures, rotating them, etc. is exactly the same as doing it in real life and it's intuitive. Pulling on the display (spreading your hands apart) zooms and pushing does the opposite.

He mentions the 100 dollar laptop and that we might be introducing people to a mode of interaction that is unnatural.

He contrast this with Minority Report's gestural interface and one based on touch. Tactile feedback is more intuitive than gestural interfaces for casual users.

He can bring up a keyboard, of course. The question is, should you emulate a physical keyboard closely? There's a danger in freezing design too fast.

11:38 AM | Comments (1) | Recommend This | Print This

Seth Goldstien: Attention Broker (ETech 2006)

Seth Goldstein is talking about Root Markets: Applications for the New Attention Economy. Root is an attention exchange. Is attention about money or time? Seth jokes that he's from New York and so he focuses on the money aspect of attention, leaving the time aspect to folks from San Francisco.

Is attention a privacy challenge or publicity opportunity. Sharing your attention (ala last.fm, for example). The best guarantee for attention is living your life as open as possible, as public as possible. Receiving attention makes you influential. This can occur even when you're not there (even dead).

Web services have enabled to recording of attention data in real time. Root is an open exchange for attention. He defines "PPA" as the promise to pay attention. Putting something on a calendar is an example of a PPA. PPAs form attention bonds. When you promise to attend an event, like your son's soccer game, you are creating an attention bond. Failing to deliver impacts your reputation.

Why is this relative to Wall Street? You can secure and trade PPAs. He makes an analogy to the commercial mortgage market. This turns mortgage payment promises into a trillion dollar market.

Your attention is valuable. As an impression, it's worth $0.001. For a click it's $0.50. For a mortgage lead, it's $25. An completed US Army application is worth $2000. We pay attention to lots of things. We'd like to keep our attention from distraction, companies, advertisements, flashing banners, strangers, etc. These interruptions are stealing your attention.

Who owns your attention? You do. He then turns this into a discussion of how you own your attention data. I don't think the logic necessarily follows. He acknowledges that clearly your records on Amazon belong to Amazon and you together. The question is do you have the right to make Amazon give you that data in a form you can use?

Root gives you a dashboard of where you're spending your time and where you click online. This is the start. You can share your attention data with others. This gives you a comparison of your attention and other people's attention. This gives the ability to form communities around common attention patterns. Most important, the delete button let's you delete your attention data from Root.

11:27 AM | Comments () | Recommend This | Print This

Dick Hardt on Identity 2.0 (ETech 2006)

Dick Hardt's company has a big sponsorship presence at ETech, the badge lanyards and even the room keys bear the SXIP badge. This morning he's doing the sequel to his Identity 2.0 talk, made famous by his style and humor. This morning's talks is titled "Who's the Dick on My Site?"

How do I prove I am who I say I am? How do Web sites know the things I want them to know without them to know with minimal disclosure? The content was new, but the message was very much the same, but the presentation is more tutorial in nature. The primary point was the announcement of SXIP 2.0. There's no need to add anything to the browser for SXIP 2.0 to work, but there's an optional plugin for Firefox.

Another interesting feature is replying party notification. When data changes, the homesite (SXIP term) remembers what relying parties have been sent that data in the past and give the user the option of sending an update notification to those relying parties.

A new feature called authoritative sites gives the user the ability to put credentials from the authoritative site on their homesite and later transfer those credentials to the relying party. Interesting way to hide the use of PKI behind a layer of software.

10:59 AM | Comments () | Recommend This | Print This

Bruce Sterling on the Internet of Things (ETech 2006)

The evening keynote (last night) was by Bruce Sterling on the Internet of Things. This was one of those talks that is impossible to blog. Even a word-for-word transcript wouldn't do it justice because Bruce's delivery is as much a part of the content as what he says. I'm sure it will be on IT Conversations soon and I encourage you to listen to it there.

Bruce's message was about language and the power of naming. He said, that when it comes to remote technology, you don't want to freeze your language too early. It limits the ability of people to find the intrinsic value. Artificial intelligence is an example. Computers are not intelligence. They boxes of circuitry. They just sit there "ordinating" as the French say.

Bruce gave a great example about whether you'd want to have Google or Alan Turing in a Box (a reference to the famous Turing test). It brings into stark contrast the difference between AI and what we've built without AI. He makes the claim that a tech world that talked about computers as ordinators or sorters or card shufflers probably would have invented Google in the 1980's. The new stuff, people interacting with technology, is what's important. On demand social application are unimagined by Computer Science.

The idea behind the Internet of Things is laid out in Bruce's book Shaping Things. He envisions the Internet of Things doing its work in six interesting ways:

  1. interactive chips
  2. local and precise geolocative systems that sort out where you and things are
  3. powerful search engines
  4. sustainability through auto recycling
  5. 3D virtual models of physical objects
  6. rapid prototyping of object

Bruce calls these Internet things "spimes" because they're tractable in space and time. Manufactured objects that are material instantiations of an immaterial system. They are virtual object first and actual object second. The primary advantage is that you no longer inventory your possessions inside your own head. That work is done far below your notice by a host of machines. You just ask where things are and where you bought them and what you paid, and so on. You no longer wonder where your shoes are, you just google them.

Why create a new word? Because it creates a cloud of associated commentary and data online. This is an example of what Tara McPherson calls a theory object. Theory objects accrete attention and generate trackable trails of attention. Any real theory object has trackbacks and pictures and a FAQ and so on.

Bruce isn't talking about some smart object with a processor inside, he's talking about everyday objects that have unique digital identity. When they work well, new words like spime are like good brooms that get rid of old words. This is different than hype. Hype is a system call on your attention. Hype is aimed at your wallet.

Bruce continues with a riff about hype in technology and politics. In technology, the opposite of hype isn't the truth (like it is in politics), it's argo--technojargon. Techjargon is a superspecialized geek cult language. It's deliberately hermetic. But, a small clique doesn't have enough people to successfully name things. It takes a whole lot of people to manage a popular language.

Bruce doesn't think that ubiquitous computation will be either ubiquitous or computation. It will be patchy and limited like cell phones. It's not a smooth supported product. As we move in that direction, you don't want to avoid the contentions of the literary struggles. The words are signifiers of the places where things aren't yet hammered out.

Let's take "Web 2.0" He quote's Tim's definition. Bruce says that this definition is not a clean, sanitary things, rather it's about people Tim thinks are important and the causes and values they hold as a class. He then quotes Alan Liu on the idea of Web 2.0 who is highly "skeptical." There's too much of the "high priesthood" of administrators who work behind the scenes to make it work.

Bruce goes on about this because it matters. Naming can make completely new concepts and make them everyday. That's the goal.

The presentation was very entertaining (which is saying something given that it was starting at 9pm). Of course, with Bruce Sterling, you'd expect nothing less. Like I said earlier, you're going to have to listen to it to get the fine nuance. I've ordered a copy of his book because I'm interested in the identity aspects of what he calls the Internet of Things.

10:31 AM | Comments (1) | Recommend This | Print This

March 6, 2006

Ray Ozzie's Clipboard for the Web (ETech 2006)

Ray Ozzie is the first keynote of the first day. He's talking about building composite applications (what he's calling mashups) on the Web.

The real power is bringing composite apps to the user level. A reference to shell commands and pipes in UNIX bring a good image to mind for anyone who's done that. GUIs bring big apps that user weave together using the clipboard to accomplish work.

The Web has a lot of standalone apps. Where is the clipboard for the Web?

Ray launches into a demo of "live clipboard." This simulates a button control inside the browser that cuts and pastes a structured data item (snippet of XML, microformats, etc.) Point of interest: he's doing the demo in Firefox.

When something is cut, it's put into the clipboard as an XML structured piece of data. He shows a demo of cutting an event from Eventful and posting it on the Windows Live Calendar. The same paste works in Outlook as well because of a system tray program that watches the clipboard and makes sure the right things happen by reformatting data in the clipboard on the fly as needed. He shows another demo of pasting addresses from an address book onto a Web form.

This is a nice way of adding functionality in a way that users already understand. So far all the demos have been about bridging data between applications. What about feeds?

Three kinds of aggregators, standalone, online, and the browser. We're all disappointed that the RSS technology is a leading edge kind of thing restricted to technologists. Ray thinks there will continue to be a demand for aggregators outside the browser.

This creates a mess since there's no standard for adding feeds to aggregators. With the clipboard functionality, you can simply cut and paste the feed and the clipboard will reformat the data as necessary.

You can cut and paste, but that's static. Ray shows another icon that links one spot on a Web site to a tiny subscription to data on another. So, you can link two Web sites so that changes on one show up on the other. He demos this by linking his current location in his FaceBook profile to his current location as given on his blog. Going further, he pastes subscriptions to his friends locations onto the Windows Live map.

The bottom line: there is power in simplicity. The Web is a collection of really useful hacks. If we, as a community, decide to extend the power of the clipboard to the Web, then we can change how people work. Microsoft can put it on it's Web site, but we need everyone to help. Instructions will be on Ray's blog.

10:34 PM | Comments () | Recommend This | Print This

Opening Session (ETech 2006)

Tim O'Reilly is giving his traditional "O'Reilly Radar" talk. Alternately titles: Following the Alpha Geeks. What to pay attention to:

  • Technology on track with long term trend
  • Technology is disruptive
  • Technology uptake is accelerating
  • Technology is grassroots--bottom up
  • It inspires passion
  • It has deeper social implications
  • Better information makes a difference in it's adoption and use

There's also a pattern recognition component to this. The leading Linux applications turned out to be server-side Web applications like Google. Information business are using the Internet as a platform to deliver software as a service harnessing collective intelligence. The key competitive advantage of Internet applications is the extent to which users add their own data to that which you provide.

Craigslist is a great example. Tim shows a slide of the top ten Internet sites along with their number of employees. Craigslist is the only one with less than 5000--it has 18 employees.

Tim brings up castingWords.com, an application built on top of Amazon's Mechanical Turk to transcribe podcasts. Del.icio.us, digg and other sites are using the input of their users to create value. Software is increasingly becoming bionic. The users are inside the application. It's IA not AI. Intelligence augmentation, not artificial intelligent.

Tim turns the stage over to Zimbra. What's that sponsorship cost?? Zimbra is a collaboration app that tries to reduce user context switching. The software supports an ecology of zimlets. The demo was OK but didn't bowl me over. Basically integration of Asterix with a PIM? Supposedly it's more, but all the examples were Asterix based.

9:37 PM | Comments () | Recommend This | Print This

Rails and Ajax for Page Application Development (ETech 2006 Tutorial)

I'm in David Heinemeier Hansson's tutorial on Beneath-the-Page Application Development with Rails. His Rails tutorial from last summer remains one of my most viewed blog entries.

He starts out noting that AJAX is the most important innovation for the Web in years.

But JavaScripting the DOM still sucks...a lot. JavaScripting the DOM is incompatible with how regular programmers think about programming.

Part of the problem is the sorry state of browser. One line of change can lead to hours of regressions because of browser incompatibilities. Then there's the browser underworld (all the old, out of date browsers that are still out there). That's the bad.

Then there's the ugly. Nodes are not for people. The idea of "createNode" as an API call has a nice academic feel, but it doesn't add up to something that's pleasant for developers to use. But the main problem with nodes is that they cause you to repeat yourself. You have to create the first version of the page using HTML. Your entire UI is mapped out in template files. To make a dynamic change, you have to say it again another way. This creates two versions of the interface--you have to take great care to ensure that they don't drift apart.

Now, for the good: innerHTML is the hero. A triumph of pragmatism. No spec, but it's supported by all. innerHTML's companion, the saint, is eval. You can construct JavaScript outside the browser, that is you can generate it, and then evaluate the result. Compare this with what Simon Willison said this morning for a contrasting point of view.

So, how do we deal with the bad, not return calls to the ugly, and champion the good?

Rails uses the Prototype JavaScript library to try to put a layer on top of the browser incompatibilities. You write off the underworld as being too expensive and concentrate on IE, Firefox, and Safari. On top of Prototype, Rails uses script.aculo.us. All of these elements (rails, prototype, and script.aculo.us) are written with explicit knowledge of each other.

David is building a demo application from scratch using Rails (v1.1) to show his approach to page development and AJAX. The first time I saw this it was amazing. I did one for Kelly Flanagan (BYU CIO) a few months ago, so if I can do it...maybe it's not so amazing! :-) You can get the functionality he's demoing today using beta Gems.

The first part of the demo follows the basics "use rails to create a MVC system" script pretty closely. He's building a simple ecommerce site. Once he's got a way to add products, display them, and adding things to a shopping cart, he starts adding AJAX.

Transforming the rails link_to to link_to_remote creates an AJAX request to the same URL. The default action is to eval the links coming back. The other change is to remove the default rendering and replace it with a call to an rjs template. The rjs template returns JavaScript that's eval'd in the browser. In rjs, there's a proxy for the DOM in Ruby called page. Here's what's in the rjs file: 

page[:cart].replace_html :partial=> "cart"

From within the page, you can get a reference to specific parts of the page and replace them with something else. This makes use of "partials" an rhtml page with a name that starts with the underscore.

So, David's pulled out the shopping cart HTML and made it a partial. That's referenced in the template and in the Ruby code. With that, he can update the shopping cart in an AJAX way without refreshing the page.

The cart has been in the session as an array. David creates an object for the cart (not persistent) and adds totals. By just changing the partial, the total is added to the shopping cart without modifying nodes in one place and HTML in another.

Adding a "discard" function to the cart demonstrates the use of inline rjs code. This is useful when the function is pretty simple. Adding this doesn't work, so he shows how you can add an "alert(exception)" to the app and get debugging info in the browser.

Adding AJAX to Web apps, changes the nature of how you think about them. To demo this, he adds a style to the cart to hide it if there's nothing in it. But when you add something to it, this doesn't go away, because the page isn't rerendered. You can add code to the rjs manage this instead of scripting the JavaScript by hand.

Next David adds a "remove from cart" link next to the product (pedagogically placed there instead of in the cart itself). He adds logic to test whether or not the product is in the cart to determine whether or not the link is shown. The problem is that you don't reload, so you need to update products whenever something is added to the cart.

This calls for another abstraction. Clipping out the product display HTML as another partial does the trick. Actually, there's two partials, one for products and one for product inside the products partial. The next problem is that the "add" method doesn't have all the products, it has the new one. That can be fixed by adding somme code. David mentions that this points out the problem of state maintenance that AJAX code introduces. I wonder if continuation-based Web applications could solve this?

We've fixed one problem, but there's a combinatorial explosion of dependencies in the UI. For example, now, when you discard the cart, the product listing needs to be updated. These things are hard enough to do when you're programming in Ruby. When you're hacking our the raw JavaScript, you often just ignore them.

How do you fall back when the browser doesn't support JavaScript? Graceful degradation is important. The nice thing about having everything in partials, is that don't have to recreate yet another view for non-compliant browsers. Adding this code to the end of the method to explicitly control the rendering is a key idiom: 

if request.xhr?
   render
else
   redirect :action => "index"
end

The other key piece is to ensure that good hrefs are built in addition to the "onclick" actions. This creates some ugly code, so he defines a helper function to make it happen.

RJS isn't an attempt to replace JavaScript, but a way to generate the most common things you want to do. You can drop out and use any JavaScript you'd like when you need to.

There are two main points to what we've been talking about today. Rule 1: less JavaScript and more tolerable JavaScript. By capturing common patterns and replacing them with abstractions like replace_html we make programming in JavaScript easier. He shows how each RJS line is translated into the equivalent JavaScript.

Rule 2: Less data, more interface. This is the opposite of what AJAX has been described as. Rails isn't passing XML back and forth, rather it's passing XHTML (admittedly a form of XML). Returning a fully described partial is more bandwidth than just returning the hash, but it's worth the tradeoff. The amount of data usually isn't the problem. It's programmer time with JavaScript.

A new rule: make it snazzy. AJAX applications are distinctively different from regular Web apps. Effects not just fluff--they're there to give the user confirmation that something has happened. David shows the video from Fluxiom, an asset management application, that looks like a desktop application but is all in Rails. This is the future of Web applications.

Next David shows off a new feature of Rails that allows you to drive the application just like a browser would from the console. It's very similar to a command line browser that remembers sessions, etc. and gives them to the user as Ruby objects that can be manipulated. This is great for writing unit tests for a Web application.

David's been following microformats. Microformats, annotate XHTML in such a way that machines can easily digest it. It's a way to render data in a human readable way so that there's only one view. He returns to the shopping cart example to show how classes can be added to embed semantics. By adding "product", "name", and "price" class attributes to the template, he gets a microformat.

To make this useful for machines, he changes the controller so that the to check the content type of the request. If it is "application/xml" he assumes that the client wants just the products and not the HTML wrapper. This allows the same controller to function for both browsers and programs.

He starts writing code to process what gets returned and gets an error. Lesson: you have to generate valid XML if you're going to parse it as XML. Of course, you've got all the XHTML tags as nodes and so navigating it can be difficult (you want to navigate the class attributes). David's working on an API that would allow class attribute-based navigation.

An alternate solution is to use XSLT transforms from within Ruby to transform the XHTML to XML. This isn't actually working yet, apparently, but would be pretty easy to set up.

2:43 PM | Comments () | Recommend This | Print This

Introduction to JavaScript (ETech 2006 Tutorial)

This morning I'm in the A (Re-)Introduction to JavaScript tutorial taught be Simon Willison.

Simon recommends Javascript: The Definative Guide by David Flanagan as one of the few Javascript references that's worthwhile. He hasn't found a good reference on the Web.

Brendan Eich invented JavaScript in 1995. The ECMA standard went through only 3 revisions with the last one in 1998. Good news: the language is stable. Bad news: there's lots of codified warts.

Javascript avoids I/O, so it's not quite a general purpose language: it has to be embedded in a host environment that supplies this. In the case of the browser, this is the DOM.

Some advice:

  • Use the semicolon even though it's not requires.
  • Declare variables religiously
  • Avoid global variables.

There's no such thing as an integer in JS. Only floating point (double precisions 64-bit IEEE 754 values). There's a ton of Math functions. The parseInt function will guess the base. You can specify it in an optional second argument and you should to avoid guessing.

Strings are sequences of 16-bit unicode characters. Characters are just strings of length 1. Again, there are a ton of string functions that can be used to manipulate strings, including regexp functions. String concatenation overloads the + operators. Type coercion is automatic, so if you add a string to a number, you get a string. If you add a number to a string, you get a number.

null means no value and undefined means no value yet. Booleans are true and false, but there are truthy and falsy values as well. i, NaN, null, and undefined are falsy. Everything else is truthy.

Variables are declared. If you don't use var, the language will automatically define a global variable. This can cause all sorts of hard to debug situations. So, never do this!

== and != do type coercion, so 1 == true. To avoid this, use === and !==.

typeof will give you the type of the object. Arrays, say their objects, which they are, but don't give you the specific answer.

The logical operators (&&, and ||) short circuit and an undefined object is "false" so o && o.getName() will test for existence before applying the method.

Exceptions were borrowed directly from java. So, the have the try...catch...finally... syntax.

Objects in JavaScript are very different than objects in other languages. Objects are collections of name-value paris. The name part is a string, the value can be anything. Objects are created with the new operator, but you can also use a literal representation: 

var o = {
 name: "Carrot",
 "for:", "Max",
 details: {
  color: "orange",
  size: 23
  }
};
obj.name = "Simon";
obj["name"] = "Simon";

In the final line, we could have dynamically created the string "name" so this is more flexible. An alternative form of the for-loop let's you access the attributes in the object.

Arrays are the other primary data aggregator. The keys have to be numbers, but they use the [] syntax, just like objects. You can use literal notation to create and initialize an array in one line. Arrays will add items past the end. To append to the end, use a[a.length] = 3 (a.push(3) also works).

If you do a for-loop with arrays, it's sensible to cache the array length in the initialization so avoid calculating the length each time (looking up a property in an object). 

for (var i = 0; j = a.length; i < j; i++) {
...
}

Functions are pretty simple. If nothing is explicitly returned, then the return value is undefined. Parameters are more like guidelines. Missing parameters are treated as undefined. You can also pass in more arguments than the function is expecting. The extra arguments are ignored. There is a special array called arguments that contains all of the arguments. So, you can create variable arity functions. The arguments array is almost an array. You can't use all the array operators on it.

Functions are objects with methods. For example, apply is defined on functions.

You can create anonymous functions using the function operator. var avg = function() {...} is the same as function avg () {...}. This gives you the usual benefits: local scoping, closures, etc. Simon spends a bit of time showing how you can use anonymous functions to simulate the behavior of a let (see Lisp). Of course, it's pretty ugly since there are no macros.

The arguments array has a property called callee that points to the function that got called (similar to self, but for functions) so that you can create anonymous recursive functions. The callee property allows saving state between invocations, so you can, for example, define a function that remembers how many times it's been called and puts that in arguments.callee.count Cool.

You can use the property representation of objects to create literal objects that include methods. You can do this using the this keyword to refer to the current object. If you use the method without using the dot notation of method invocation, then this refers to the global object.

The problem with literals created in this way is that each object contains the function code. Using the new operator avoids this. new creates a new empty object and calls the specified function with this referencing the current object. Functions can be defined on the object using the prototype method. 

function Person(first, last) {...}
Person.prototype.fullname = function () { ... }

This is a potentially confusing point because JavaScript is a prototype-based object-oriented language, not a class based language. Inheritance in prototype based languages happens by creating copies of prototypes.

A nice side effect of prototypes is that you can add new methods to objects at runtime. Existing instances of the object will look at the prototype to find methods and find the new methods. This applies to the core objects of the language as well, so you can add a reversed method to the built-in string object. This method would be seen even by string literals. Be careful, you can redefine built-ins doing this. Simon tells the story of using this feature to add a specific functionality to JavaScript on Safari that wasn't properly implemented prior to version 2.0.

Prototypes can be nested, creating chains. Deep nesting combined with dynamic prototype creation can make chains hard to debug. All chains terminate at Object.protoype. Object includes a toString method, for example. So, overriding it gives good error messages, etc. because you inherit properties (like read-only or don't-enumerate) defined in Object

JavaScript is a prototype-based language that pretends to be class-based, so it doesn't do either very well. You can use this idiom to reuse an object: 

function Geek() {
 Person.apply)this, arguments);
 this.geeklevel = 5;
}
Geek.prototype = new Person();
Geek.prototype.setLevel = function(lvl) {
 this.geekLevel = lvl;
}
Geek.protoype.getLevel = function() {
 return this.geekLevel;
}

> s = new Geek("Simon", "Willison")

The prototype chain, in this instance is Geek --> Person --> Object. This is a little weird because we're creating an instance of Person to serve as the prototype (rather than a prototype). This makes constructors lame because you can't do anything useful in the constructor. If you google "javascript inheritance" on the Web, you'll see there are dozens of proposed solutions (workarounds) to this problem.

Functions in JavaScript are first class objects. A function is just another object. You can store it in a variable, pass it around, return it from a function, and so on. Simon starts with an example of defining arrayMap, a function that maps a function over an array, creating a new array. Next he shows how to define a function, salesTaxFactory that takes a tax rate and returns a function that calculates tax for that tax rate (i.e. he defines a closure).

Simon shows off the shell bookmark (that only works in Firefox). The book mark opens a JavaScript shell that you can use to test JavaScript.

A closure is a function that has captured the scope in which it was created. Functions in JavaScript have a scope chain that reference scopes that function is defined in. This is similar to other block structured languages that allow anonymous functions. This can cause problems when you refer to a loop variable, for example, since every closure created in the loop will refer to the same iteration variable, which has the final value, not he value it had when it was created.

Simon introduces the singleton pattern. This avoids namespace collisions. JavaScript has no sense of modules or packages. Any JavaScript running in the browser can access any other names. The less code that affects the global namespace, the better.

The singleton pattern uses closures to hide information. Here's an example: 

var simon = (function () {
  var myVar = 5;
  function init(x) {
  ... // can access myVar and doPrivate
  }
  function doPrivate(x) {
  ... // invisiable to the outside world
  }
  function doSomething (x, y) {
  ... // can access myVar and doPrivate
  }
  return {
    'init': init, 'doSomething': doSomething
  }
})();

This is exactly what you'd do in Scheme or Lisp to create a self-defined object. Ironic for JavaScript since you're essentially using closures to create objects in an object-oriented language. Again, with macros, the ugliness could be hidden, but alas...

One of thorniest problems in JavaScript is memory leaks. JavaScript is a garbage collected language. If you're using large amount of memory, you need to make sure you cancel references and let the garbage collector do it job. Internet Explorer handles garbage collection differently for JavaScript and the DOM and can't handle circular references, creating ugly memory leaks. Call this function enough times in IE and it will crash: 

function leak() {
  var div = document.getElementById('d');
  div.obj = {
    'leak': div
  }
}

This pattern can show up when you create a slider widget, for example. Apparently, this same bug showed up in the 1.5 alpha release of Firefox. It's been fixed now???

There are more sneaky examples. 

function sneakyLeak() {
  var div = document.getElementById)'d);
  div.onclick = function() {
   alert("hi!");
  }
}

This is a common idiom. This can be hard to detect. The problem is that closures maintain access to the environment they were created in, regardless of whether they access anything in that environment or not. One way to avoid the problem is to assign null to div at the end of the function. This throws the reference away and lets the garbage collector pick it up.

Simon mentions that these are tricky problems and he'd programmed JavaScript for three years before he really understood them. Interestingly, anyone who's had CS330 would be equipped to understand these problems quickly. Another reason 330 is important.

Simon mentions that using most popular JavaScript libraries have systems for attaching and detaching events. Many of these can automatically free event references when the page is unloaded. These can be used to solve circular reference problems. Using libraries can solve a big chunk of the problem, but be aware.

Everytime you do complex lookups (using dot notation), dereferencing them can increase performance. This is especially important inside loops. Here's an example of dereferencing (actually it seems more like referencing to me): 

var s = document.getElementById('d').style;
s.width = '100%';
// and so on

You see this in drag and drop operations, for example.

Simon recommends some JavaScript libraries:

  • dojotoolkit.org
  • developer.yahoo.net/yui - Yahoo! User Interface libraries. Similar to others. Good drag and drop, animation, etc. facilities. Designed to play well with each other and give good performance on high traffic Web sites.
  • mochikit.com - borrows a ton of ideas from Python and functional programming
  • prototype.conio.net - most famous library (included in Rails). Extends the language and has it's own style. Need to understand the style to use it. Comes with a set of tools for DOM manipulation and AJAX stuff.
  • script.aculo.us - Extension of prototype and adds lots of visual effects.

Things that every JavaScript programmer should know:

  • Everything in JavaScript is an object, even functions.
  • Every object is always mutable
  • The dot operator is equivalent to de-referencing by hash
  • The new keyword creates an object that class constructors run inside of, thereby imprinting them
  • Functions are always closures
  • The this keyword is relative to the execution context, not the declaration context (dynamically scoped)
  • The prototype property is mutable. This is the basis of inheritance in JavaScript.

Someone asks a question about macros and Simon starts talking about eval. His basic advice: don't use it. Slow, dangerous, etc. Much of what he saus is right for JavaScript, but not for languages with real macros like Lisp and Scheme. It's interesting that people who don't know about a particular langage feature just can't see how it could be used. This isn't a dig on Simon--he could be completely right with respect the JavaScript. Yet, I wonder...

Simon did a good job with this tutorial. He introduced JavaScript in a way that didn't lose people and at the same time brought out the gotchas that more experienced programmers would want to know. It's not easy keeping a language tutorial interesting, but Simon did alright.

9:51 AM | Comments (1) | Recommend This | Print This

ETech Tutorials

I'm at ETech, just waiting for the the first tutorial to begin. I'm signed up for two today. This morning I'm going to A (Re-)Introduction to JavaScript taught be Simon Willison. This afternoon, I'm going to Beneath-the-Page Application Development with Rails with David Heinemeier Hansson. His Rails tutorial from last summer remains one of my most viewed blog entries. I'll post notes, so follow along.

9:18 AM | Comments () | Recommend This | Print This

March 3, 2006

User-Centric Identity with Liberty

Flash demo of Liberty specifications being used in user-centric ID scenario
Flash demo of Liberty specifications being used in user-centric ID scenario
(click to enlarge)

Hubert A. Le Van Gong of Sun has a flash demo showing how a user-centric identity system can be built now using existing specifications from the Liberty Alliance. The demo shows some clear, user-centric behavior. You could nit pick about the applet and whether that's the best client, and so on, but that's not the point. The point is that user-centricity doesn't have to be "anti-Liberty" as some suppose. Liberty can be used in a number of ways. The real battle is educating companies in user-centric ideas so that they can employ them in their federation--regardless of the technology underpinnings.

4:16 PM | Comments () | Recommend This | Print This

SOA Governance Panel

I'll be moderating a panel on SOA governance at InfoWorld's SOA Executive Forum March 16 in San Francisco. This will be a follow-on to the feature I did on SOA governance that ran in January. The panelists will be:

  • Todd Biske of AG Edwards. Todd blogs actively about SOA. He had a recent piece about governance with an analogy to voting that I enjoyed.
  • Ed Vazquez of Sprint-Nextel. Ed's the Group Manager of the Web Service Integrations & SOA.
  • David Harrington of MedicAlert® Foundation. David's the CTO at MedicAlert.
  • Mystery Panelist. We're still waiting for confirmation on this guest. Trust me...whoever it is will be good.

As I started putting this panel together, I wanted to get people who were using SOA and had run up against governance problems. It's easy to get vendors to come and talk and they do a good job, but the stories are second hand. I think the discussion on this panel will be real, hands-on experiences. At least, I hoping...

The panel will be run with a strict moratorium on PowerPoint slides. I'll spend 3-5 minutes introducing the subject, give each panelist 2-3 minutes to introduce themselves, and then we'll launch into questions. I'll have some prepared and also take audience questions. Here are some of the questions I've been thinking about asking:

  • Why is governance important?
  • How does your company govern SOA?
  • What big mistake did you make early on that convinced you that you needed to govern your SOA efforts?
  • What role do policies play in governing SOA? What policies do you have?
  • How do you distinguish between design-time, deploy-time, and run-time policies? Do you treat them differently in the governance process?
  • Do you have a center of excellence (COE)? What role does it play? How does it work?
  • How are governance and architecture related?
  • Have you encountered resistance to SOA governance in your organization? How do you overcome it?
  • How do you enforce policies? Who enforces policy?
  • What process do you use for feeding back information from enforcement and taking corrective action?
  • Is any of your policy enforcement automated (WS-I checks for example)? How do you do it?
  • What role do registries play in your governance efforts?
  • What role do Web services management systems play in your governance efforts?
  • Do you use SLAs or other contract devices between providers and consumers? How are they managed?

If you've got other questions about SOA governance that you think ought to be addressed, please leave a comment.

3:15 PM | Comments (2) | Recommend This | Print This

ETech Next Week

I'm going to be at O'Reilly's Emerging Technology Conference in San Diego next week from Monday morning through Thursday afternoon. Look me up.

1:57 PM | Comments () | Recommend This | Print This

Getting Real

Last year at ETech (see you next week, BTW), I wrote about Jason Fried's talk on lessons learned building Basecamp, the online project management system from 37Signals. The talk was interesting and full of wisdom on how to build Web applications. now the folks at 37Signals have come out with suggestions in bookform, called Getting Real. The book is only available as a PDF. There are some sample chapters online, including one called Meetings Are Toxic (PDF). I've got a copy; there's some good stuff there.

10:33 AM | Comments () | Recommend This | Print This

March 1, 2006

If Microsoft Sold the iPod...

This parody of what the iPod packaging would look like if Microsoft sold it is simply too good not to share.

Update: The original link apparently isn't working anymore. Here's another, but if that doesn't work for some reason, just go to YouTube and search for ipod repackaging. There's several copies there.

9:58 AM | Comments (2) | Recommend This | Print This