Spotted an old article on dynamic vs static at ongoing this morning. There's a section at the end on exception handling, which provides more proof for an old theory - over time, everything grows to resemble Smalltalk or Lisp. Or both
Charles Miller says that there's no silver bullet for security issues. And he's right. On the other hand, we can choose to limit the potential classes of problems - as this Register article advocates. To my mind, there's simply no good reason to be doing application level development in C or C++ any longer - the risks are too high. That article advocates Java as the answer - obviously, my answer is different. But you knew that :)
I was trawling around the Lord of the Rings site this morning, and stumbled across an interesting bit of video they did on sound effects. In Two Towers, there are a few scenes of the Nazgul riding flying beasts. They have the beasts roaring a few times - and I just found out where that sound originated: from a donkey bellowing.
Now, of course, I'll have the image of a donkey in my head whenever I see it :)
eWeek says it's coming down the pike. I've been at this for a little over a year now, and I think it's helped the Smalltalk group here at Cincom gain visibility. Marketing departments are going to have to get used to this sort of thing being one more outlet.
If you are using the dev stream of BottomFeeder, and you just grabbed the latest - you likely saw a whole bunch of 'new' items that you had already seen. Addressing an issue with the code that merges new items in after each fetch is the culprit - the large number of bogus new items is a one time event.
I went to a small game convention last night and this morning - there was a Puerto Rico tournament. I did very well in the first three games - won them all. Then in the 4th round I got completely out-manuevered, and came in 3rd. I still made the final; my three wins saw to that. I got knocked off my early strategy of getting a Factory - they went when I was short a few doubloons. I think my mistake was buying the Office; should have gone for the Large Market. I came in 3rd in a very close game - the 4 of us separated by 5 points. All in all, a pleasant diversion - I'll have to do this again!
Keith Ray has some advice for a guy using C++ for a new project - just say no
So I was looking at all the RSS feeds Microsoft has for their in house bloggers - an impressive list, and a lesson to the rest of the tech community. Say what you will, but most other orgs - closed and open source - are well behind the curve on this kind of subversive marketiing. That's not the reason for this post though.
In the process of examining these feeds, I stumbled on this blog and the associated RSS feed. Well - the items seemingly had no content. So I take a look at them in the dev environment, and here's what one of the items looks like:
<body xmlns="http://www.w3.org/1999/xhtml"> <p> Get it now, for free! Some guy is hosting Moveable Type based blogs for free at <a href="http://weblogs.us/">weblogs.us</a> </p> <p> You get a blog, 100mb of hosting (for photoblog or whatever), and 1gb of traffic FOR FREE.. what a deal -- if you wanted to start blogging but weren't sure how to get started, now you can! </p> <p> Good luck </p> <p> </p> </body>
So what the heck is up with a leading body tag? I had to add more clean up stupid crap in the text code to BottomFeeder for that. Entropy continues to increase....
Charles Miller has started on a book covering application level security issues with software. As he says in the article, other than rejoinders to avoid buffer overflows, not a lot is being written on this topic. Hat tip to Charles for bringing up this important topic.
We tried out a new game last night - New England. It's a four player, territory/resource management game. The idea is that you are one of the settling families at Plymouth, and you have to set up the most productive land holdings. You do that by playing land tiles, and you play the land tiles according to a system determined by cards you buy. The game is ery easy to learn, and once you get it down, you never really have to check the rules - it's much cleaner that way than a lot of board games I've played. I don't have a complete feel for the game yet - we played about half a game, but all of us were too tired to continue - the game convention took it out of 2 of us, and we had to just stop when we were too bleary eyed to see the board anymore :)
Even so, I'd have to recommend this game. It played well, was easy to learn, and took no time at all to setup. We'll give it another go next weekend, I'm sure - and I'll let you know what I think of it after a full play
I got to thinking about this when I took a look at all the MS dotNet blogs - all of them with RSS feeds. MSDN now has RSS feeds as well - think about that for a minute. The dotNet blogs all allow comments, and it looks like the authors read (and more importantly, respond to) the comments. What does that mean? Well, a bunch of those bloggers are product managers or project leads. How hard was it in the past to get ahold of the product manager for something at an outfit as big as MS? Now look at it - straightforward access, including contact information. That's huge. It used to be that you had to go to a trade show (and swim through huge crowds) or be an important customer and get ad hoc access. Now anyone with a browser or news aggregator can get far more details.
There's another fallout of this as well. MS is a big company, and - to put it delicately - has something of a controversial public image. These blogs help soften that image by putting real - and unedited - human voices on the firm. Instead of a carefully crafted press release from Redmond, you can read the actual thinking of employees at MS - including those of blogger in chief Scoble - who's posting MS marketing stuff to a non-MS server. For all the crap I give Scoble about the rah rah postings, it's real - and it seems that MS hired him, in part, to do exactly what he's doing.
Over time, this is going to result in a more positive view of MS through the tech community - because they'll be exposed to real people who work for MS instead of just the reporting of the trade press. This is happening somewhat in the political realm as well (see the Dean campaign for an example). I think it's a little less real there - the various campaign blogs are all marketing efforts, not real stuff like the MS blogs, or this blog. Still, they are opening a window into those campaigns that is valuable - the campaigns aren't relying only on major media to get their message and tone out - which is relevant to the point I'm trying to make here
Now contrast this with bigger companies that don't have anyone blogging for them. The only image you get is the marketing department's image. Maybe that's ok - but I think most people take that image with a decent amount of cynicism. This isn't to say that there aren't dangers here - marketing departments exist to create and massage the image of a company, and letting just anyone create an unfiltered view could go badly. It's early days on this stuff, and I'm sure we'll see some major mistakes made as time goes by. In the meantime, I think it's a bandwagon that most firms in the tech world are going to have to get on
Joe Gregario has a nice set of points on the MS push. In particular, this:
Let's look at this diagram of Longhorn. Focus on the lower third of the diagram, the part in white labelled "Base Operating System Services", but excluding the part in "CLR". That part, which represents about 1/3 of the whole diagram, is what Windows NT is today. That means in the next three years the size of Windows is going to triple. This does not sound like a good idea. It's taken MS years just to beat the lower third into shape, and it's still less stable and more bug ridden than linux. Now they're going to triple it in size?
and then this on the WinFS file system:
Now assume (incorrectly) that you were real careful and went back and entered meta-data for the 20GB of your special files. You know the ones, the same files that you have not been annotating with meta-data over the past 5 years. What are you going to use WinFS for? Why to search for pictures of granny or for old documents. That's it. Just search. Why all the fuss over meta-data? What you really want is Google for the desktop. All the meta-data in the world isn't going to find the mis-filed final revision of your marriage proposal titled "Untitled7.doc" sitting in "c:\Documents and Settings\Owner\Application Data\Microsoft\Office", yet a simple text search for "poem love marriage" will likely turn up all 7 revisions.
While I hadn't put my finger on it, that's pretty much what I had rumbling around my head on WinFS...
Let's Welcome Bob Westergaard to the Smalltalk community blog. Bob is the guy who does all the behind the scenes work that make builds and VW in general happen. It's great to have him blogging!
I was on my way to dinner this evening when bam, I hit a deer. Stupid animal sailed across the front of my car, crushed the hood on the passenger side, and left part of an antler in the broken front window. I had my daughter in the car, and fortunately not in the front seat. Broken glass everywhere, but no injuries. Now I have to go calm down...
I'm not the only one who thinks that the various XML messaging services are reinventions of the wheel - Ted Neward has seen it all before as well. IMHO, this is one of those times in the software industry where everyone jumps on a new messaging bandwagon for no apparent reason. COM/DCOM - sure, that was MS specific. RMI? Sure, that's Java specific. CORBA, on the other hand, wasn't specific to anyone. To those who say that CORBA was/is too complicated - I say that you clearly haven't been working in XML long enough. Having done both now, I fail to see much difference....
Clay Shirkey wrote an article recently that everyone else has commented on - so I suppose I ought to drop my 2 cents. It's a good read, and makes some interesting points:
Despite their appealing simplicity, syllogisms don't work well in the real world, because most of the data we use is not amenable to such effortless recombination. As a result, the Semantic Web will not be very useful either.
The people working on the Semantic Web greatly overestimate the value of deductive reasoning (a persistent theme in Artificial Intelligence projects generally.) The great popularizer of this error was Arthur Conan Doyle, whose Sherlock Holmes stories have done more damage to people's understanding of human intelligence than anyone other than Rene Descartes. Doyle has convinced generations of readers that what seriously smart people do when they think is to arrive at inevitable conclusions by linking antecedent facts. As Holmes famously put it "when you have eliminated the impossible, whatever remains, however improbable, must be the truth."
This sentiment is attractive precisely because it describes a world simpler than our own. In the real world, we are usually operating with partial, inconclusive or context-sensitive information. When we have to make a decision based on this information, we guess, extrapolate, intuit, we do what we did last time, we do what we think our friends would do or what Jesus or Joan Jett would have done, we do all of those things and more, but we almost never use actual deductive logic.
Consider that for a minute - just how often are you confronted with a set of simple truths, from which you can derive useful results? In my experience, not that often. What we get instead are a set of partial facts, many of which are actually (or seemingly) contradictory. You aren't left with a set of statements from which an obvious truth drops out; rather, you are left with a mass of data that you have to make sense out of - and deductive reasoning isn't going to help you that much. Heck, marketing and sales departments would have much higher hit rates if it was as easy as the semantic web folks make it out to be. Here's a useful example he gives:
Consider the following statements:
- The creator of shirky.com lives in Brooklyn
- People who live in Brooklyn speak with a Brooklyn accent
You could conclude from this pair of assertions that the creator of shirky.com pronounces it "shoiky.com." This, unlike assertions about my physical location, is false. It would be easy to shrug this error off as Garbage In, Garbage Out, but it isn't so simple. The creator of shirky.com does live in Brooklyn, and some people who live in Brooklyn do speak with a Brooklyn accent, just not all of them (us).
Each of those statements is true, in other words, but each is true in a different way. It is tempting to note that the second statement is a generalization that can only be understood in context, but that way madness lies. Any requirement that a given statement be cross-checked against a library of context-giving statements, which would have still further context, would doom the system to death by scale.
Context is what kills this. Statements nearly always have a context - we simply don't live in a context free world. Thus, any statement requires knowledge of context before it can really be evaluated. Without that context, what you get is GIGO. The most entertaining part of the article is Clay's devastating takedown on proposed uses of the Sematic web - taken directly from the W3C site:
Consider the following, from the W3C's own site:
Q: How do you buy a book over the Semantic Web?
A: You browse/query until you find a suitable offer to sell the book you want. You add information to the Semantic Web saying that you accept the offer and giving details (your name, shipping address, credit card information, etc). Of course you add it (1) with access control so only you and seller can see it, and (2) you store it in a place where the seller can easily get it, perhaps the seller's own server, (3) you notify the seller about it. You wait or query for confirmation that the seller has received your acceptance, and perhaps (later) for shipping information, etc.
One doubts Jeff Bezos is losing sleep.
This example sets the pattern for descriptions of the Semantic Web. First, take some well-known problem. Next, misconstrue it so that the hard part is made to seem trivial and the trivial part hard. Finally, congratulate yourself for solving the trivial part.
All the actual complexities of matching readers with books are waved away in the first sentence: "You browse/query until you find a suitable offer to sell the book you want." Who knew it was so simple? Meanwhile, the trivial operation of paying for it gets a lavish description designed to obscure the fact that once you've found a book for sale, using a credit card is a pretty obvious next move.
This describes the free floating "huh" I've had whenever RDF gets discussed. The advocates throw it around as if it were a magic wand, ready to deliver perfect meaning to all of us - without ever stopping to consider the issue of context. Field names mean nothing without context, and throwing them around as if they had freestanding meaning simply confuses the issue. Just because I have a tuple with names attached doesn't mean a lot - if it did, there wouldn't be so much data migration work in the real world. Clay goes into this problem as well, and it's worth reading in full
You can look at RSS, and the various attempts to create meaning from it as an example. RSS works because all the tags have an agreed upon meaning. If I stumble across <title> as a part of the <item>, I know what it means. Why? Because enough people started using it that way. Does that mean that I know what <title> means in some other XML document of a different format? Nope. I don't care if the RDF folks shout all day long about how the tuples describe it; unless there's been an explicit or implicit agreement, the tag could mean anything. If I try to make assumptions, I'll likely present utter nonsense to people. This is why standards exist; you have to have agreement on terms before you can get anywhere. Loose rules based on supposed semantic equivalency simply aren't going to be trusted.
This summary puts it all very well:
After 50 years of work, the performance of machines designed to think about the world the way humans do has remained, to put it politely, sub-optimal. The Semantic Web sets out to address this by reversing the problem. Since it's hard to make machines think about the world, the new goal is to describe the world in ways that are easy for machines to think about.
Descriptions of the Semantic Web exhibit an inversion of trivial and hard issues because the core goal does as well. The Semantic Web takes for granted that many important aspects of the world can be specified in an unambiguous and universally agreed-on fashion, then spends a great deal of time talking about the ideal XML formats for those descriptions. This puts the stress on the wrong part of the problem -- if the world were easy to describe, you could do it in Sanskrit.
Context, or as Clay puts it, world view, are critical. His examples make this clear:
Many networked projects, including things like business-to-business markets and Web Services, have started with the unobjectionable hypothesis that communication would be easier if everyone described things the same way. From there, it is a short but fatal leap to conclude that a particular brand of unifying description will therefore be broadly and swiftly adopted (the "this will work because it would be good if it did" fallacy.)
Any attempt at a global ontology is doomed to fail, because meta-data describes a worldview. The designers of the Soviet library's cataloging system were making an assertion about the world when they made the first category of books "Works of the classical authors of Marxism-Leninism." Charles Dewey was making an assertion about the world when he lumped all books about non-Christian religions into a single category, listed last among books about religion. It is not possible to neatly map these two systems onto one another, or onto other classification schemes -- they describe different kinds of worlds.
This is exactly why you can come up with industry area standards on formats using meta-data to describe things - the context, or world view, is similar enough that you can get agreement on terms. Now try to come up with a cross industry, universal context - and you'll start to understand why so many large ERP projects run aground. The ERP vendor put together workflow (etc) within a given context - and that context works less well the further away from it you get. The same thing happens with attempts to come up with a universal descriptive language for the semantic web - there are too many competing contexts.
I'd suggest you go and read his entire piece - it's a truly devastating takedown of much of what the semantic web folks think they are trying to accomplish. By shining the bright light of reason on it, Clay has given all of us a lot to talk about
If you are Smalltalking in Italy, then here's the mailing list for you
The Fall 2003 release of Cincom Smalltalk is done - CD's are being printed, the new NC should be ready soon. It's a great release, and I want to congratulate all of our engineers for the great work they've done. The release contains:
- VisualWorks 7.2
- ObjectStudio 6.9
There's an interoperability bridge between the two products now - check out the Opentalk port to ObjectStudio!
Now here's Ed Foster of INfoWorld reporting it - you can buy a new printer for the cost of the replacement cartridges. Ed quotes a reader letter:
About a year ago, I purchased an HP Photosmart 7350 inkjet printer and a black cartridge (since it only came with the color & "photo" cartridges) for $260--an excellent price at the time. A buddy of mine found that same printer, with all 3 cartridges, on clearance at Costco today for $99. The price drop doesn't bother me (well, not overly). It's the fact that he's buying the printer BECAUSE HE'S OUT OF INK ON HIS OLDER, PERFECTLY WORKING PRINTER!
WOAD (Washington Object Architecture and Design) has a TDD presentation coming up on November 18th, from Dave Astels. Here are the details:
Washington Object-Oriented Architecture and Design
WHEN: Tuesday, November 18st, 2003 at 7:00 PM WHERE: Best Western of Rockville (in the Restaurant) DINNER: Buffet $12.50 (includes tax $ tip - to get the space, we have to eat) TOPIC: Test-Driven Development SPEAKER: Dave Astels (author of Test-Driven Development: A Practical Guide)
Test-Driven Development (TDD) is a corner stone of XP. Without TDD in place, most of the other practices are difficult or impossible (e.g. refactoring, continuous integration, ...). While writing a complete suite of programmer tests for your software is good, writing them first is better.
However, the benefits of practicing TDD are not limited to XP, and can be realized in any Agile (and even some non-Agile) contexts. TDD helps make our code better, regardless what amount of design or modeling has been done before programming begins. It's a generally useful technique to have in our bag of tricks.
About Our Speaker:
Dave Astels practices, teaches, evangelizes, and coaches XP and Agile Processes. Dave co-authored "A Practical Guide to eXtreme Programming" and "A Practical Guide to Test-driven Development", both with Prentice Hall. An active member of the DC area eXtreme Programming User Group, Dave also contributes to many OO and XP conferences including the XP conference in Europe, JAOO, SD West, SD Best Practices, XPAU, Smalltalk Solutions, and OOPSLA.
Dave Astels is also a founding partner at Adaption Software,Inc.. Adaption's offers a variety of OOAD, eXtreme Programming, and Test-driven Development related services, including training, mentoring, and outsourcing.
Put WOAD-RSVP in the subject line. RSVP by email to firstname.lastname@example.org Space WILL be limited to those who RSVP.
This NY Times article (free registration required) likely explains what happened.
This post gets today's over-simplification award:
First of all, one of the things that we need to do is to make applications that encourage the capture of this data and that make it simple to add and difficult to forget. For years, Office apps have had the facility to prompt for summary information when you save if you so choose. In addition, some data can be automatically derived from your documents - smart tags show one particular way that this can happen.
Make it easy to enter? How would that work? I enter a document. I want to save it. Unless you are planning to automatically grab information from the text, anything you prompt me with is going to irritate me. The liklihood of
- Me going out of my way to enter meta information
- The system capturing anything useful on an automated basis
is low - very, very low. The reality, getting meta information on data takes work - data entry work. No one likes data entry work, plain and simple.
Ted Neward enters territory advocated by Topmind, noted Usenet troll:
Basically, I want the object-relational impedance mismatch to go away, just like everybody else does. But instead of continuing to try to force objects on top of the relational model, how about we give up going in that direction, and instead try lacing relational semantics into our favorite languages of choice? In fact, since we're also staring object-hierarchical impedance mismatch in the face, let's not stop there, let's also fold hierarchical concepts into the language as well, much akin to Brian's proposal of a few months ago.
I'm not sure what Java or Smalltalk (or any OO language, for that matter) would look like if it went that way. His proposed cod snippet tells me that it wouldn't be pretty....
CNET news reports that the US patent office is going to take another look at the Eolas patent.
Oh, you mean that prior art.....
...how the rise of the digital video recorder, in perfectly dialectical fashion, has resulted in people feeling both more in control of their television and watching and simulataneously buried underneath a backlog of television shows that they feel a frantic, desperate need to catch up on.
Oh yeah. We have 2 ReplayTV units, and the backlog of things worth watching can get to be enormous - much like the email backlog after being disconnected for awhile.
I'm headed back home, with the new notebook - which I'll need to get et up, configured, and loaded with my software. In the meantime, there are a lot of things stacked up that I intend to post on; I'll likely do that on the plane. I may have loads of time in Pittsburgh; the wind on the east coast may screw up my travel plans...
Scoble implicitly makes a useful point to bear in mind when developing a product and/or solution - what is "good enough"
Here's a question for you. Go over to Tim Bray's site where he displays browser share. His readers are all geeks. My mom would never read his site. Now, ask yourself "if geeks won't upgrade to the latest standards-based browsers, why should mom?"
Why bother is the correct answer. If you use Windows, then IE qualifies as "good enough" for the vast majority of users. Why bother changing - there's no compelling reason to. Devlopers really, really need to keep that in mind, because technical merit doesn't tnd to count for much in the face of an 80% solution
Linux Today reports that SCO is serving subpoenas on everything that moves near a Linux box. What's next, a team-up with the RIAA so that 12 year olds standing near Linux boxes can get served?
Unless airline clubs come to grips with WiFi (or even wired broadband), they are going to start losing customers in droves. Why? Well, here I am in Pittsburgh, at the airport food court - enjoying a WiFi connection. I've updated my blog, I'm grabbing feed updates, checking mail. Convenient access to the net is most of the reason I joined an airline club, and now there's better access at a growing number of airports. So why exactly would I want to join a club now, with free WiFi available in the general area?
InfoWorld reports that Cape Clear is now pushing press releases via RSS. That's a great idea - it would make it so much easier to track news on firms you want to track.
Cincom finally bought me a new notebook. It's a pleasant update from the old one - not as fast as I'd like, but much, much better. Now, if only I'd gotten a DVD drive....
Simberon will be running two VisualWorks open courses in Ottawa in early 2004:
An Introduction to VisualWorks (Jan 26 - 30, 2004)
Introduces the Smalltalk programming language and the basics of GUI programming in VisualWorks
Internet Programming in VisualWorks (Feb 2-6, 2004)
Covers low-level and high-level aspects of Internet programming in VisualWorks including TCP/IP and sockets, Smalltalk Server Pages, SOAP
For full descriptions and registration information please visit http://www.simberon.com/Services/training.htm
- Longhorn won't ship until 2006
- Everything I've seen so far is very client-centric
Pay attention to that last part especially. While MS may be moving a lot of things to managed code, they aren't rewriting things like SQL Server and IIS. So anyone wanting to run a secure server is still likely to look at Apache and a non-Windows platform before they look at Windows. The game isn't on the client; that war is over, and MS won it a long time ago (quick, someone tell Sun). I'm utterly uncomvinced that the new stuff MS is doing will have a lot of server impact
Then sign up for myLastEmail.com - a service that will send out pre-set emails after you die. Morbid....
Scoble just doesn't get out enough:
By the way, average users don't think RSS is the Web. Just cause Instant Messaging uses TCP/IP protocols, does that make it Web technologies? No. Most users see the Web as everything that comes to their browser.
I have a news flash for you - I'd guess that 90% + of the people using RSS not only know it's the web, but have a fairly decent grasp (from a technical standpoint) as to what RSS is. Heck, RSS simply hasn't gotten that widely exposed yet. Most developers I talk to have no idea what RSS is, and think a news aggregator is a tool for following usenet. Expand outside the tech arena, and RSS knowledge is virtually non-existant. I ask a fairly wide spectrum of people about RSS - most have no idea, some have maybe seen the little XML tag, and most of the ones who have seen it have no idea what it's for. Right now, RSS is in early adopter mode.
CNET News reports that Exchange servers that were infected with Code Red - even if cleaned - might still be open for spammers:
"If the guest account is enabled (on Exchange 5.5 and 2000), even if your login fails, you can send mail, because the guest account is there as a catchall," he said. "Even if you think you've done everything (to secure the server), you are still open to spammers."
The guest account is a way for administrators to let visitors use a mail server anonymously, but because of security issues, the feature is generally not enabled. Exchange servers that had been infected by the Code Red worm and subsequently cleaned will still have the guest account enabled, Greenspan said.
So you might not be done with this one after all...
This piece is angry - but at the same time, it makes some excellent points about things to consider when outsourcing.
I was out all day chaperoning a 5th grade field trip to Baltimore. We went up to see the various historic ships docked there - the Constellation, the Torsk, the Taney - as well as some educational ships run by a local foudation. The kids had a great time - the foundation ships ran a great set of activities for them. It was way to blustery and cold to be without a hat - fortunately for me, one of the other parents was kind enough to loan me an extra he had - a real life saver! The trip itself was fine, after I got the hat. The ride home by bus (about 40 minutes) with a bus full of worked up 10 and 11 year olds though - whoa, that was tiring....