Technometria

Home
Why Technometria?
RSS
Atom
Podcast Feed
Add to Google

Recommend This Site

About Phil

Brief Bio
Contact Info
Phil on Twitter
Speaking
InfoWorld
Photo Albums
Video Favorites
CTO Breakfast

Essays

2006
2005
2004
2003
CIO White Papers

Software

Packages

Topic Guides

Digital ID Policies
Internet Application Performance
Setting Up a Linux Server
Public Service Tips

Categories

Blog TagCloud

Archives

March 2010
February 2010
January 2010
December 2009
November 2009
October 2009
September 2009
August 2009
July 2009
June 2009
May 2009
April 2009
March 2009
February 2009
January 2009
December 2008
November 2008
October 2008
September 2008
August 2008
July 2008
June 2008
May 2008
April 2008
March 2008
February 2008
January 2008
December 2007
November 2007
October 2007
September 2007
August 2007
July 2007
June 2007
May 2007
April 2007
March 2007
February 2007
January 2007
December 2006
November 2006
October 2006
September 2006
August 2006
July 2006
June 2006
May 2006
April 2006
March 2006
February 2006
January 2006
December 2005
November 2005
October 2005
September 2005
August 2005
July 2005
June 2005
May 2005
April 2005
March 2005
February 2005
January 2005
December 2004
November 2004
October 2004
September 2004
August 2004
July 2004
June 2004
May 2004
April 2004
March 2004
February 2004
January 2004
December 2003
November 2003
October 2003
September 2003
August 2003
July 2003
June 2003
May 2003
April 2003
March 2003
February 2003
January 2003
December 2002
November 2002
October 2002
September 2002
August 2002
July 2002
June 2002
May 2002

Utah Tech Organizations

BYU Unix User's Group
Provo Linux User's Group
Utah Valley Linux User's Group
Ubuntu Utah
Salt Lake LUG
USU Free Software and Linux Club
Greater Utah BSD User Group
Utah PHP Users Group
Utah Python User Group
Utah Ruby Users Group
Ogden Area LUG
Southern Utah Unix Users Group
UtahSAINT

Copyright

Copyright © 2002-2009 PJW LC. Some rights reserved. Technometria is a trademark of PJW LC in the United States and other countries.

« April 2009 | Main | June 2009 »

May 28, 2009

You're Gonna Need It

Kynetx Logo

Normally, I subscribe to the "YNGNI" philosophy: You're Not Gonna Need It. The idea is don't over engineer things because you'll likely spend a lot of time on things that never get used. This post is about an exception to that rule that I wish I'd followed.

When I started designing KRL, there wasn't much in the way of variable scoping and it didn't really need it. Each rule was a local scope and there were no global variables. Only one ruleset ever operated at a time. Consequently, I took the easy route and instead of designing a proper environments module that managed symbol tables through extension and recursive lookup, I just used a hash.

Time passses...

I find myself with a language whose requirements have grown to include global declarations and multiple rulesets firing at the same time. Ad hoc namespacing in the hash that manages the rule environment was getting out of control. The final straw was the need to add global variable bindings to the language so that, for example, you could make a single query against a data source and then share the results in any of a number of rules that might fire. I wasn't about to pile that on top and hope it didn't fall down.

Consequently, I've spent the last two days refactoring the language to use a proper variable environment. A few observations:

  • The code is much cleaner now. Not only do I feel better about that, but I'm more likely to see how things work and not make mistakes in future revs.
  • I'm extremely glad to have a test suite that I'd already written that helps me feel more confident that I haven't changed the semantics of the language with this change.
  • Any change this big not only changes the code, but also the test suite (mostly calls that change and return results that change). So, that reduces my confidence in consistent semantics somewhat.

The main point of this post is simple: when it comes to building intepreters for a language, no matter how simple it looks when you start out, take the time to build and use a hierarchical environment system for managing variable scoping. I wish I had. I'd have saved myself time along the way and not needed to spend two days refactoring the code now. You're gonna need it...

4:46 PM | Comments () | Recommend This | Print This

Agile Roots, ErrorStack, Phones, and Games

At this morning's CTO Breakfast Kay Johansan announced her upcoming Agile Roots conference in Salt Lake City on June 15-16. This looks like a high quality confernce and it's nice to see it local.

ErrorStack

Tyler Whitaker also demonstrated the new graphing capabilities in ErrorStack. As someone building a distributed system, I love the idea of ErrorStack--a cloud-based error system that just does errors and does them well. I'll probably start using it to track errors for Kynetx.

We got a look at the phone that Google gave out at IO yesterday. Someone who was there and got one showed up and passed it around. Nice updated from the G1, although without the slide-out physical keyboard.

Scott brought up Atmosphir, a game foundry where users can create their own games. Interesting that the game in this game could be creating games to share with your friends.

9:46 AM | Comments () | Recommend This | Print This

May 27, 2009

The Eighth Internet Identity Workshop - IIW2009A

IIW open space

Image by Adriana Lukas via Flickr

I can't believe that a week has passed since IIW8 ended. I was planning on writing a wrap-up blog post then and time has just slipped away.

When we were planning for this IIW, we were pretty worried about whether people would come and whether we'd get sufficient sponsor support. As it happened, things turned out fine. We had more people than ever--about 180. And while some sponsorships went unsold, overall we had great support for which we're grateful.

The workshop itself was one of the best ever. There was a lot of energy in the various sessions and people came prepared to solve problems. For example, I remember one session that Joseph Smarr of Plaxo ran on API keys. People from Plaxo, Google, Facebook, Microsoft, Myspace, and others were in the room throwing out ideas and working together to come up with a generalized method.

We started earlier this time (Monday morning instead of the afternoon) and the extra time seemed to be all used up. I expect we'll do that again. We didn't give away Android phones, but there was a lot of good food, good conversation, and the "thank-you" circle at the end is not to be missed. Kaliya did a great job with the program, as usual. I can't say enough good about how she creates workshops that generate community.

Drummond and I ran a session on action cards--information cards that create action and I followed that up with a demoinstration of using Kynetx to create action cards. We have a private beta of our developer tools going on. If you're interested in participating, let me know and I'll send you the signup URL.

The next (ninth) IIW will be November 3-5. Get it on your calendar now. If you're interested in identity, IIW is not to be missed.

10:04 PM | Comments () | Recommend This | Print This

May 26, 2009

CTO Breakfast This Thursday

CTO Breakfast

We'll be holding the CTO Breakfast this Thursday (May 28th) at 8am in the usual place (Novell Cafeteria). Despite it's name, you don't have to be a CTO to attend--just interested in technology, where it's headed, and the problems of starting and building a high-tech business in Utah. All are welcome.

Here's a list of future breakfasts.

  • May 28, 2009 (Thursday)
  • June 26, 2009
  • No breakfast in July
  • August 28, 2009 (Friday)
  • September 24, 2009 (Thursday)

Be sure to put them on your calendar. I have also created a Google Calendar with dates for the CTO breakfast that you can subscribe to.

I hope to see you there even though @fulling won't come.

2:32 PM | Comments () | Recommend This | Print This

May 15, 2009

Context Automation: Slides from Gluecon

I've post my slides from my talk at Gluecon on Wednesday at SlideShare.

Context Automation
View more presentations from windley.

I haven't had time to do audio for this yet. I hope to at some point.

10:53 AM | Comments () | Recommend This | Print This

May 12, 2009

Securing a Cloud Infrastructure

George Reese (author of the new book Cloud Application Architectures: Building Applications and Infrastructure in the Cloud) is talking at Gluecon about securing cloud infrastructures. Two recent surveys found "security" was the number one concern of companies considering a move to the cloud. George says the key to making customers comfortable with cloud security is transparency.

Without security:

  • You cannot know if the infrastructure meets your requirements.
  • You can't comply with critical regulatory requirements

So...demand transparency. That ought to be a critical part of deciding what cloud infrastructure to use. Control isn't the real issue: people don't build their own microchips. People give up control when they are comfortable. Control can be an issue with out transparency.

There are different security concerns at different levels. Are we talking about the infrastructure level? The platform level? The service level?

Some key control issues:

  • What if the cloud provider goes out of business?
  • What about malfeasance or misfeasence?
  • What happens if a third party compels my cloud provider to turn over hardware as part of a subpoena?
  • What kinds of control are in place at my cloud provider to prevent unauthorized access to my systems?

As dependency on cloud services grows, identity management becomes a greater challenge. If you use Constant Contact for email, Salesforce for CRM, someone else for accounting, etc. do you have to have different IDs for each? What about password policies? What about divergent security policies? Access to the infrastructure itself is often difficult using traditional ID management solutions.

Host intrusion detection systems (HIDS) work fine on cloud infrastructure, but are hard to do at higher levels of the stack. Network intrusion detection systems (NIDS) are impossible to do at most providers. The traditional notion of "perimeter" is not necessarily available in the cloud.

Audit controls at the infrastructure layer are often weak. They don't exist at all at the platform or service levels. There aren't many options for write-once data stores. Getting PCI level 1 compliance requires combining the cloud service (like AWS) with a specific vendor who provides a PCI compliant service (like Aria).

On the other hand, the cloud makes it possible to have a proven disaster recovery plan. Cloud computing can alter the dynamics of application availability and the ability to develop solid disaster recovery procedures. For example, you can do daily automated testing of your procedures and have a fully redundant capability at nearly zero cost.

3:35 PM | Comments () | Recommend This | Print This

Why Didn't PubSub Become Twitter?

Really, REALLY BIG RSS feed button

Image by photopia / HiMY SYeD via Flickr

Ever since Steve Gillmor published his Rest in Peace, RSS article, I've been thinking about RSS and Twitter. Steve says:

I haven't been in Google Reader for months. Google Reader is the dominant RSS reader. I've done the math: Twitter 365 Google Reader 0. All my RSS feeds are in Google Reader. I don't go there any more. Since all my feeds are in Google Reader and I don't go there, I don't use RSS anymore.
From Rest in Peace, RSS
Referenced Tue May 12 2009 10:02:38 GMT-0600 (MDT)

I've been wondering why RSS and something like PubSub didn't create a Twitter like environment. Here's my thought process:

  1. It would be trivial to create a simple micro-blogging platform that just spits out RSS. Dan Bricklin's List Garden or something like it, for example.
  2. Using a tool like PubSub (back in the day), a slightly upgraded Feedburner, or something similar, it would be easy to subscribe to (follow) a person's micro-blog.
  3. Using readers like Google Reader, NetNewsWire, NewsGator, etc. you could follow the custom mixed feed of the people you've subscribed to.

As far as I can tell, we coul dhave cobbled together a distributed, open standards, Twitter out of the the things we had laying around in 2002 or so. And yet we didn't. Blogging remained a heavyweight activity and so did reading RSS feeds.

So why didn't we? Vision and concept--not technology. We thought of blogging and the tools that we used to do it as being stuck in the world they were originally deployed in. Now of course, the momentum is all against such a move.

1:56 PM | Comments () | Recommend This | Print This

May 6, 2009

Contrasting Kynetx and Greasemonkey

Kynetx Logo

Kynetx Network Service, or KNS, modifies a user's Web page using Javascript. The ability to customize pages in the browser is a powerful capability, but it goes well beyond that by allowing data from multiple sources, even other Web pages, to be used as part of that customization. Sure we can change change colors, fonts, and layout, but we can also mashup Web sites to produce completely new experiences.

Described as I have, KNS is not unlike Greasemonkey, a popular plug-in for Firefox that allows user scripts to modify Web pages. In fact, in a recent post Paul Madsen discussed the KNS/Greasemonkey connection. Consequently, I thought a comparison of KNS and Greasemonkey would be in order. Note that I'm not a Greasemonkey expert, but I happen to be the world's foremost authority on KNS. :-)

Like the Web, KNS is a hybrid cloud and client solution. Greasemonkey is a client only solution, although it can, of course, reference data in the cloud. This has a number of positive consequences:

  • Like any good cloud-based application, Kynetx apps are available and work consistently on any machine you use.
  • Referenced data sources can be easily cached and proxied. This offers opportunities to increase performance and ease of use.
  • Updates happen automatically as the servers are updated, like any cloud service. For example, recently Google started experimenting with AJAX search result pages which required updating scripts that augment Google. We changed some things on the server and users saw the updates immediately.
  • Increased security. As an example, a malicious KNS app can be disabled on the server saving all users from the effects.
  • Auditing and analytics are possible. Kynetx can audit apps for suspicious patterns and provide easy-to-understand reports about app privacy and security policies and activities. Server-side analytics give developers usage data on their cards without compromising individual privacy.
  • We can track when the actions (ruleset) associated with a particular card change and warn the user.

KNS is controlled by a domain-specific language: KRL (Kynetx Rule Language). Greasemonkey uses raw Javascript.

  • KRL provides developers with an easy way to create apps that work across browsers and operating systems. All of the details about working in Firefox or IE are abstracted away.
  • KRL provides developers with a powerful lever for quickly developing apps. Augmenting search result pages, for example, is a simple action that replaces dozens of lines of Javascript.
  • The abstractions of KRL allow Kynetx to respond to changes in browsers, Javascript, and Web sites with updated interpreters or runtime libraries to address the changes without developers having to change their apps.
  • People who would never develop Javascript programs have successfully developed Kynetx apps.
  • When the going gets tough, like any good domain specific language, KRL let's you jump out into raw Javascript to make up for holes in the language. As this happens, we'll incorporate commonly used patterns into KRL, making it more powerful.

KNS is based on Information Cards. Greasemonkey scripts are not associated with any particular identity system. We call Kynetx action cards "KIX".

  • Information cards are tied to a specific action. Because of the security model of information cards, the KRL ruleset associated with a particular card cannot be changed. Thus, when a user gets a KIX, they can be assured that the actions associated with it are the ones the developer intended and haven't been replaced by a malicious program.
  • The converse of the last point is that if someone creates a malicious app, it has a specific identity that cannot be hidden or changed. KIX can be rated, reviewed, and analyzed based on a non-mutable identifier.
  • The information card selector provide a nice user interface for installing, controlling, managing, and deleting KIX and their associated actions.
  • While KIX do not yet support in-card claims (personally identifying data), when they do, access to that data will be via the well-thought out and "socially tested" information card ceremony putting users squarely in control and mindful of what personal data they're releasing to make a Kynetx app work.

For the moment, KNS is simply placing tags on pages ('ala Greasemonkey 0.3) rather than executing scripts in a sandbox ('ala Greasemonkey 0.5). The later model is clearly superior from a security standpoint and would also give KNS performance advantages over it's current execution model. That's where we're headed. Still, because of mitigating design in our architecture, the current risk is small: we do not allow tags to be inserted on wildcard domains. This allows developers control on which domains tags are placed and thus protect user privacy and security.

Web augmentation is a fascinating place to be building technology because there are so many interesting problems to solve. Our goal for the KNS model for augmenting Web sites is to create a system that is general, safe, performant, easy to use, and easy to develop for. We're very close to opening up the doors for developers to start using KNS to create augmented Web experiences of their own. Stand by!

2:53 PM | Comments () | Recommend This | Print This

Starting a High Tech Business: Does Your Mom Use It?

Kynetx Logo

I'm starting a new business called Kynetx. As I go through some of the things I do, I'm planning to blog them. The whole series will be here. This is the eightteenth installment. You may find my efforts instructive. Or you may know a better way---if so, please let me know!

Yesterday, Steve had an interesting experience which proved one of our claims. We've always said that we were trying to build a Web augmentation service that even our Mom's would use. This is in contrast to, say, Greasemonkey, which is a great tool, but it's decidely aimed at hackers for their personal use. We're trying to do something similar, but allow developers to build augmentated Web experiences that they could share with anyone--technical or not.

Azigo announced their deal to provide their RemindMe service to AAA of Washington members. Kynetx powers the RemindMe service. Steve's brother Bob happens to live in Seattle and is a AAA member so Steve forwarded the press release to him. Without any help or prodding Bob downloaded the reminder and started using it. He was very excited and sent Steve a note thinking him for helping him remember about his AAA discounts.

What happened next is classic. Bob sent a note talking about RemindMe to the family mailing list. Not only did Steve's mom get it, but she also asked the key question: what else can this do for me? She immediately recognized that there was more to this than AAA reminders--as important as those might be.

We can now answer the key question, "but will your Mom use it?" with a solid "yes" because she does! That and the viral nature of the interaction are major milestones.

2:42 PM | Comments () | Recommend This | Print This

May 5, 2009

Programming Languages as a Notation

A selection of programming language textbooks ...

Image via Wikipedia

I was listening to Jon Udell's interview of Joan Peckham on computational thinking and the subject of whether a general education computational thinking course should include programming. I've thought a lot about this and have some strong opinions.

Computational thinking will be, at its heart, a study of algorithms. That's what computer science is, after you strip away the blinking lights: algorithms. Teaching computational thinking will involve the elucidation of a set of skills that computer scientists use to solve problems that have usefulness in other domains as well. Each of those will involve some kind of algorithm.

Describing, discussing, analyzing, and using algorithms requires some kind of notation. Natural language won't cut it. I've never seen a pseudocode language that was sufficiently formal or imposed sufficient formality to suit these activities. Ultimately we will need to teach students a notation, just like we do in math. When we teach math we don't shrink away from the notation, but rather embrace it. So should we in teaching computational thinking.

Of course, the problem is that this introduces the question (I won't say "begs the question" for fear of offending the "begs the question" police): which programming language? Personally, I don't think it matters much as long as it's consistent for a student's course of study. Yeah, I know there's all kinds of corner conditions there like transfer students and so on. Even so, there's no getting around the fact that we need a notation for expressing algorithms and the only notations that will work are programming languages.

Joan talks about NSF sponsoring research on how to teach computational thinking. I hope some of that research involves the right notations for introduction and analyzing algorithms.

10:04 AM | Comments () | Recommend This | Print This

May 4, 2009

Twitter Honeypots

Honey bee on russian sage

Image by windley via Flickr

When I was building the twitterbot for @utahpolitics, I set up a test account: @uptesting that I don't use for anything. It has 38 followers even though it's just test messages and hasn't had a tweet since early January. The followes are mostly a good list of Twitter spammers or people who follow a lot of people to get a lot of followers.

Setting up a bunch of honeypots on Twitter and then adding anyone who follows them to a blakclist wouldn't be such a bad idea. Someone's probably already built it.

1:33 PM | Comments () | Recommend This | Print This

May 2, 2009

Starting a High Tech Business: Paying Yourself

Kynetx Logo

I'm starting a new business called Kynetx. As I go through some of the things I do, I'm planning to blog them. The whole series will be here. This is the seventeenth installment. You may find my efforts instructive. Or you may know a better way--if so, please let me know!

When you start a business you put a lot of yourself into it: time, ideas, and, of course, money for things like servers, supplies, and people.

In addition to whatever money you put into the business, you also are spending money just living. Starting a business is not for the fearful. Quitting a job and convincing your family to sacrifice for months or even years while you pursue a venture takes real faith. You might think you can get by without much personal sacrifice, but you can't. That's just not realistic.

When Steve and I started Kynetx, we sold our plane to fund the business. We also realized that we'd be living off our second mortgages for a while. Frankly I've been surprised at how low I have been able to get our burn rate and how long the money has stretched. Good thing too since I've also been surprised how long it's taken to get funding!

Sooner or later, however, most founders will need to start getting some money out of the business in the form of a salary. That is a magical moment. For me at Kynetx it happened yesterday. I can't properly describe the emotions that ran through me as I held a small check representing the first bit of money that I hope is a permanent reversal of my personal cash flow as it relates to Kynetx.

Paying yourself is tricky business in a startup. Investors don't really want to put money into a company only to have the founders transfer it--even as a small salary--to their personal checking account. The best thing to do is to pay yourself out of sales and use investment dollars to grow the business. Besides, a "no sales, no pay for the founders" policy incents everyone toward the thing that has to happen to make the business work: make sales.

6:55 PM | Comments () | Recommend This | Print This