Chris's Rants

Tuesday, May 25, 2004

Sean McGrath, CTO, Propylon

Sean McGrath:
"Your problems lie in two fundamental concepts that need to be central to how you think about business processes in a distributed world - (a) event driven execution and (b) temporal decoupling."
Amen!

0 Comments:

Post a Comment

<< Home

Monday, May 24, 2004

Weapons of mass photography

Clarence Page: "Rummy's real problem isn't photos, it's democracy."

0 Comments:

Post a Comment

<< Home

Do ya think Dubya will stop and ask for directions?

The New York Times > Opinion >Bob Herbert:
There's a terrible sense of dread filtering across America at the moment and it's not simply because of the continuing fear of terrorism and the fact that the nation is at war. It's more frightening than that. It grows out of the suspicion that we all may be passengers in a vehicle that has made a radically wrong turn and is barreling along a dark road, with its headlights off and with someone behind the wheel who may not know how to drive.

0 Comments:

Post a Comment

<< Home

Zinni on Iraq

Via Geoff Arnold Gen. Zinni cites 10 mistakes we made in Iraq. Worthwhile reading.

0 Comments:

Post a Comment

<< Home

Sunday, May 23, 2004

What should we do with this stuff?

DoE: Hey, after we enrich uranium and extract all of the really nasty bits, we have all this extra stuff left over... what do you think we should we do with it?
DoD: Hmmm... we could make tanks and bullets out of it, that way we kill two birds with one stone.
DoE: How so?
DoD: We get impenetrable tanks and bullets that can kill their tanks, and we make it someone else's problem to clean up because we leave it "over there"!
DoE: Kewl! How much you want? We've got plenty.

clean up depleted uranium. The Pentagon denies that there's a problem, but says they're continuing to study the issue. Yet another arm of the Pentagon says that depleted uranium is chemically toxic and can present serious health risks. They've stepped up the training so that the troops know not to enter a burning tank to save their commrades since they will likely inhale toxic levels of DU in the process. Let's face it, this stuff isn't good for you!

Regardless, the more you chase this issue down, the uglier it becomes. Apparently, many suspect that DU is the cause of many of the cases of "Gulf War Syndrome". The Pentagon continues to deny that DU is the cause. However, most of the Pentagon's information is based on live-fire testing... remember the movie "Pentagon Wars"?

What really gets me is that, at least in Massachusetts, you can't buy a house until it has been tested for radium levels which at their worst are considered equivalent to smoking a pack a day if you don't open the windows and doors occasionally. We're talking miniscule traces of gas... miniscule.

And yet, I read in a number of places that the British had used an estimated 1.9 tons of DU... the British have something like 1/10 the contingent that the U.S. has in Iraq. You do the math (and that was last year's figure).

Bottom line, we're making a mess and doing nothing to clean it up. You don't think that the newly democratic Iraqi government won't demand reparations for this mess? Not only that but we're talking two wars... there's tons of the stuff left over from the first Gulf War that Saddam never bothered to clean up.

0 Comments:

Post a Comment

<< Home

Not useful at all...

Dave Winer points out that Yahoo! maps now highlight wifi hotspots. But apparently not for Firefox (grumble). You would think that Yahoo! developers would be a little more concerned with deploying content that isn't browser-specific.

0 Comments:

Post a Comment

<< Home

Friday, May 21, 2004

America's core values

Cynthia Tucker has a good op-ed piece from yesterday with a brilliant quote:
"'To announce that there must be no criticism of the president ... right or wrong, is not only unpatriotic and servile, but is morally treasonable to the American public.' -- Teddy Roosevelt, 1918"
Damn straight! I am sooo sick of the administration's lackeys (right-wing pundits), and certain of its principle members (e.g. Cheney), suggesting that it is either unpatriotic or counter-productive to question its (in)actions and/or policies. How can we hope to spread American democracy and ideals to the likes of Iraq when those who have taken it upon themselves to impose that freedom and democracy (by force) have such disregard and/or ignorance of those very ideals?

0 Comments:

Post a Comment

<< Home

Thursday, May 20, 2004

When will they learn?

Reuters has (via Yahoo!) this article which reports that execs from 150 companies are beseeching software vendors to make products that are more secure. The article ends with the following quote:
"There will probably come a day when security is seamless, invisible and automatic, but that day isn't here yet"
That day will never come. Security is not just about technology and writing more secure software, although the software industry can do much to improve in this regard. Cybersecurity cannot be completely automated. Effective security begins with management policies and a real commitment on the part of management to enforcing those policies. Effective security begins with a risk assessment to ascertain the value of each information asset (some of which may be intangible), identification of the risks should the asset become compromised, and identification of appropriate countermeasures to mitigate the identified risks. As there is a cost associated with the deployment of countermeasures, this must be weighed against the value of the asset in determining which countermeasures to apply in a given situation.

Sure, we all want more secure software, but we must all recognize that that alone is not enough. There was a patch available from Microsoft that would have protected against the recent Sasser worms, yet many companies were infected... because they lacked an asset management policy of ensuring that all critical security patches are applied in a timely manner, and they likely did not have a policy for requiring a personal firewall on all systems; either or both of which would have prevented infection by the Sasser worms.

The only totally secure system is one that is locked away in a sheilded room with no key, and isn't plugged in; but what use is that?

Note to the 150 execs calling on vendors to produce more secure software: get your own houses in order. There is no free lunch when it comes to security.

0 Comments:

Post a Comment

<< Home

Wednesday, May 19, 2004

Rich Salz's Broken Neck

Rich Salz has a blog and a Broken Neck. Get well soon, Rich!

1 Comments:

Post a Comment

<< Home

Tuesday, May 18, 2004

Specifying messaging properties in WSDL

Stefan writes about Strongly Typed Message Properties in Web Services. I agree. The place to articulate message properties is in policy which may be attached to WSDL.

The reason for this separation of concerns is important. You might have a standardized WSDL, blessed by some vertical industry standards org, (that you can't change) which simply specifies the application-level message exchange content, not any QoS, security, etc. How do you tell your partner that your service uses a standard WSDL description AND communicate your QoS requirements, etc.? The answer is WS-PolicyAttachment. By preserving the separation of concerns, the WSDL can be more readily reused.

0 Comments:

Post a Comment

<< Home

re: Gunfight at the WS Corral

Thus blogged Tim Bray on the matter of the Gunfight at the WS Corral:
"But I wonder why, if there are differing ideas on how to solve this problem, and there is a standards organization at work, the differing ideas aren’t being hashed out in the standards organization."
Maybe he should read his own blog to find the answer;-)
"When committees get together either in an informal cabal or an official standards process, and go about inventing new technologies, the results are usually pretty bad. ODA (Never heard of it? Exactly); OSI Networking; W3C XML Schemas. The list goes on and on."
I've cited his post before and I agreed then, and still believe, that a standards group is no place to do development. Successful standards are those where the technology is proven and is well along the way to broad adoption before a committee is formed to produce a standard.

Others at Sun who appreciate this include Jim Waldo. Maybe next time Tim is in Burlington, he should have a chat with Jim.

In the spirit of full disclosure, I'm the gunslinger to which his post refers:-) Most of the issues I raised in my critical comparison of the two competing specifications were logged as issues against the WS-R specification, so apparently, there must have been some technical merit to the points I raised. You'll also note that many of the WSRM TC's rebuttal statements are of the nature "we're fixing the spec".

Let us not forget that the definition of a camel is: a horse designed by committee.

0 Comments:

Post a Comment

<< Home

BSP1.0 draft available

Gudge reports that the first Working Group Draft of the WS-I Basic Security Profile 1.0 has been published.

Congratulations to Paul Cotton and his WG!

0 Comments:

Post a Comment

<< Home

Screwed at the pump

Short Term Energy Outlook-Home Page:
"Actual spot prices for gasoline between early April and the first week of May increased by 20 cents per gallon or more (depending on the region), indicating that factors in addition to higher crude oil prices are now playing an important role in setting gasoline prices. Demand increases and lower-than-expected imports have put strong pressure on domestic producers and gasoline stocks to help meet the incremental demand for gasoline, contributing to higher production and acquisition costs. "
It's actually an increase of $0.25/gal here, now averaging over $2.00/gal in Mass. for the first time ever. No reason is given for the "lower-than-expected imports". Was someone asleep at the switch and forgot to order crude for May? OPEC production was actually exceeded production quotas by 2.3 million barrels a day according to the same report.

0 Comments:

Post a Comment

<< Home

Monday, May 17, 2004

Eric Newcomer on doc-literal

Eric writes about using doc literal for all Web services
Today when integrating various bits and types of software, combining programs written using different languages and/or middleware systems, you have to know what it is you're invoking and figure out how to structure your data into the arguments associated with the particular method or program name. I don't think that's very productive, at least not for those integrating services into appliations and flows.
+1!

0 Comments:

Post a Comment

<< Home

Sunday, May 16, 2004

Whatever it takes?

The Observer reports on reported abuses at Gitmo that were also video-taped. I wonder if they'll find an 18 minute gap?

I think we all probably suspected that the prisoners at Guantanamo were being interrogated using questionable means. After all, that's why the administration established the policy, making a clear, if not tenuous, legal distinction that the prison camp was not on U.S. soil and that the detainees are not prisoners of war in accordance to the 3rd Geneva Conventions of War, etc. so that the interrogation methods would not be in violation of U.S. law.

I think that we all bear some responsibility. We have allowed the administration to bully us, and to a large extent the fifth estate, into thinking it unpatriotic to question its motives and actions in pursuing the "war on terror" and the war in Iraq. Congress has basically been out of the loop, and only recently have there been calls from both sides of the aisle for the administration to be more forthcoming.

There's a reason that the U.S. government has checks and balances, and why the 1st amendment is so critical to our democracy. As Lord Acton said: "Power tends to corrupt, absolute power corrupts absolutely".

0 Comments:

Post a Comment

<< Home

Black ops down

More disturbing news from Seymore Hersh:
Senator John McCain, of Arizona, said, “If this is true, it certainly increases the dimension of this issue and deserves significant scrutiny. I will do all possible to get to the bottom of this, and all other allegations.”
This reads like a Clancey novel and explains why it is that a couple of bumpkins fresh out of High School knew that sexual humiliation would be an effective interrogation "enabler".

Basically, Rummy's been caught in a lie.

0 Comments:

Post a Comment

<< Home

World Wide Webber

Jim Webber:
"go with the W3C endorsed stuff and we'll get convergence down the road."
Except that WS-MD isn't endorsed by the W3C. It is a Member Submission. From the W3C Member Submission page:
The acknowledgment of a Submission request does not imply that any action will be taken by W3C. It does not imply an endorsement by W3C, including the W3C Team, any of the Members, or any of the Host Institutes. It merely records publicly that the Submission request has been made by the submitting Member. The specification may not be referred to as "work in process" of the W3C.
Emphasis mine.

Update: Jim just sent me a note taking exception to the fact that this post seems to attribute the quote above with his position. That was not my intent behind the post, which was only to make the point that a W3C Member Submission does not imply an endorsement of the W3C or its membership. Appologies to Jim.

0 Comments:

Post a Comment

<< Home

JAGged edge

JAG Lawyers: Prisoner Warnings Ignored:
"Matters got so frustrating that in May and October 2003, eight senior JAG officers took the rare step of going outside the chain of command to meet secretly with the New York City Bar Association, warning of a "disaster waiting to happen".

"They felt that there had been a conscious effort to create an atmosphere of legal ambiguity surrounding these detention facilities, and that it had been done to give interrogators the broadest possible latitude in their conduct of operations," Scott Horton, former chair of the New York City Bar Association's Committee on International Human Rights, told ABCNEWS. Horton's meeting with the JAG officers was first reported by Salon.com. "
I suppose now the administration will respond that these JAG officers are just a bunch of disgruntled employees?

0 Comments:

Post a Comment

<< Home

Saturday, May 15, 2004

More troubling than the abuses themselves...

U.S. missed chances to stop abuses

Yet more evidence that the Bush administration is both incompetent and irresponsible. Sure, the abuses themselves are abhorrent, but to either ignore or dismiss the signals that there was a problem is unconscionable.

Whether the abuses were limited to the acts of a few bad apples is irrelevant. The fact of the matter is that these abuses represent a failure of leadership, both military and political. The guards were unprepared and untrained. The chain of command was ill-defined, confused, and changed over time between military and non-military. The administration and the top brass at the Pentagon would have us believe that the responsibility for these acts lays solely with the individuals who perpetrated the abuses. This is such utter bullshit.

While there may be no evidence of specific orders to the prison guards to sexually humiliate the prisoners as a part of the interrogation "enablement", the true responsibility lies much further up the chain of command for failure to exert clear leadership. If humane treatment of the prisoners, in accordance with the 3rd Geneva Conventions of War, was an important concern of the political and military leadership, you can bet the farm that these concerns would have been clearly and unambiguously communicated down through the chain of command, and that the first hint of these abuses would have been met with swift and just punishment to make it clear to all that such abuses would not be tolerated. Instead, it took the unauthorized release the photographic evidence through the press before the issue received the attention of the political and military chain of command that it rightly deserved.

This failure of leadership runs straight to the Oval Office.

0 Comments:

Post a Comment

<< Home

Friday, May 14, 2004

It would appear that www.2rss.com is now sprinkling in SPAM in the ATOM2RSS generated RSS feeds. (But I don't LIKE SPAM!). How unfortunate. I guess I'll have to find another service to convert my Blogger ATOM feed to RSS. The good news is that many if not most of the current versions of feed aggregators support ATOM. Appologies to those who subscribed to my RSS feed (although you're free to continue to use it if you don't mind the SPAM).

0 Comments:

Post a Comment

<< Home

Wednesday, May 12, 2004

Quick; how many lies^^^^reasons does it take to sell a foregone conclusion?

Apparently, the answer is 27.

0 Comments:

Post a Comment

<< Home

RSS - The Next Killer App For Education

This article prompts me to suggest another ideal use for RSS and blogs or wikis in education; homework assignments.

If each teacher would maintain a blog or wiki with an RSS or Atom feed in which they posted homework assignments and upcoming quiz and test dates and subjects, students and parents alike could subscribe to the feeds. This would actually be quite beneficial to both student and parent alike. Students would no longer be in a position where they forget to jot down the homework assignment, and parents could use the information as leverage against impetuous teens who claim not to have any assignments, etc.

I seem to recall a site that offered a service whereby teachers could post homework assignments (was it homework.com?) for their classes; but this would be far simpler and could be more easily personalized.

0 Comments:

Post a Comment

<< Home

Tuesday, May 11, 2004

Comments!

Kewl! Blogger now supports comments as part of its relaunch. There are a bunch of new templates as well. However, I really wish that the standard templates would accommodate links to the site feed(s) by default, rather than requiring the user to hack the template to place them somewhere useful.

0 Comments:

Post a Comment

<< Home

Sunday, May 09, 2004

It gets worse...

Seymore Hersh has more to report on the prisoner abuse.

0 Comments:

Post a Comment

<< Home

Saturday, May 08, 2004

Stefan sez that this article sucks.

He's absolutely correct. While he won't call out specifics, allow me to point out a couple.
Standards, however, bear watching, and Rhys Jenkins described why WSCI (Web Services Choreography Interface standard), originated by IBM and Microsoft, enjoys an upper hand over a rival backed by BEA Systems, Intalio, SAP and Sun Microsystems.
Bzzzt. I don't know whether the article's author is confused about the origins of WSCI or whether Rhys Jenkins is the one who is confused. Clearly, neither the author nor his editor bothered to do any fact checking. WSCI was authored by BEA, Intalio, SAP and Sun not by IBM and Microsoft. I believe that the "rival" mentioned here is BPEL which had its origins with IBM and Microsoft and which has the broad support of the industry as the emerging standard for orchestration.

The author has also apparently taken license with the term "standard". WSCI is not a standard by any stretch of one's imagination. It is a specification published as a W3C member submission. I am soooo tired of IT press hacks who simply refuse to appreciate the importance of the distinction.

Of course, there's also a complete lack of understanding that "orchestration" and "choreography" are two very different concepts. The distinction is subtle but real. In many regards, they can be complementary.

But it gets worse than that.
“Don’t wait for the standards battle to finish; pick one, because you can always generate new WSDL later that will pick up standards you do choose to go with,” he advised. That’s done via WSIF (Web Services Invocation Framework), which lets programmers interact with Web services through WSDL descriptions, allowing switches among SOAP, RMI, IIOP and EJBs.
Just "pick one"? Does it matter which one? Is anyone really that naive?

But, most importantly, the author seems to have missed a key point. That being that you would not want to construct complex choreographies (or orchestrations for that matter) using two-phase commit protocols such as XA. Instead, you need the likes of WS-Business Activity which provides for compensation in the face of failure which is only briefly mentioned in the article despite the fact that it was likely the premise of Rhys Jenkin's presentation.

0 Comments:

Post a Comment

<< Home

Thursday, May 06, 2004

Sorry, I still don't get it

Mark writes about the motivation for the Representation Header.

This is one of the rare occasions when I have to disagree with him. I still don't understand why he feels it necessary to duplicate MIME in SOAP.

Note: the usual caveats apply here as well... these are my opinions and not necessarily those of my employer, or for that matter my esteemed IBM colleagues on the XML Protocol WG.

I would agree that many of the implementations of SOAP Messages with Attachments are a mess. The reason for this is (I believe) due to the very reason that Mark cites:
People started to build a lot of software using SwA, and as a result had to model applications as an XML message + attachments.
Of course, I don't believe for a moment that they had to model their applications in this manner; but indeed many did which is why we are where we are today. I don't consider this a failing of SOAP Messages with Attachments; I consider it a failure of those who simply refuse to model their applications as being on the Web.

I hear the arguments echoing in my head to this day: "we don't want to have to force the developer to resolve a URI to get the image...". Why not? Is it really that hard? No, that's not the reason. No, I think it's because many refuse to treat "attachments" as separate resources in the first place.

Let's consider for a moment some classical motivations for using "attachments". A common use case is: "I have this really huge MPEG encoded MRI scan that I need to transfer... I don't want to base64 encode the MPEG encoded data and in-line it in the SOAP message because a) the base64 encoding bloats the size of the MPEG encoded data by an additional 1/3 and b) it will impede performance of processing the SOAP message since the XML Parser will need to parse over the bloated base64 encoded data."

Consider the case where you have a web page that displays an image. The HTML would look something like this:

<html>
<head>
<title>Foo</title>
</head>
<body>
<img src="http://example.org/images/img.jpeg"/>
</body>
</html>


As you can see, the image is a separate resource, with its own URI. The browser can choose to resolve that URI and inline the image (or not) as it sees fit, or as configured by the user. The browser has no problems dealing with this abstraction. Sure, there's an extra HTTP GET to resolve the image resource... a small price to pay really. In this case, the image is modeled as a separate resource.

Using RFC2557, the RFC upon which SwA is based, you could package up the HTML and the image in a multipart/related MIME package; with the packaging software simply resolving each of the img/@src URI and storing the retrieved representation away as separate body parts in the multipart message each identified with its corresponding img/@src URI. The rendering software that processes this message is/can be the same software used in a browser context; the only difference is that the URI resolver is made aware of the multipart/related MIME package so that before it looks on the Web for the URI, it checks the multipart/related MIME package to see if there's a body part that has a content-location with the same URI value and returns that body part instead of retrieving it over the Web. It doesn't get much simpler than that.


0 Comments:

Post a Comment

<< Home

Monday, May 03, 2004

What developers want...

Dare responds to a post by Ted Neward.
The big problem that Microsoft faces in this space is that developers tend to want all their tools to come from a single vendor.
Bzzzzt.

That may be what Microsoft wants, but it is most certainly not what developers want.

What developers want is to have the ability to choose the tools that enable them to be most productive. What developers really want is for the tools they choose to be interoperable with the other tools/platforms they use.

The last thing that developers (and their management) want is to be locked-into a single vendor solution for all their needs.

0 Comments:

Post a Comment

<< Home