A few years ago, I said that within 5 years there would be some new faddish language/system that would start to turn developers heads. Sure enough, here's a story out of Yahoo on that subject. As .NET gathers buzz, I expect to hear a lot of wailing and gnashing of teeth....
Don Park gets overly optimistic about a 'standard' api for wikis:
Also, I haven't mentioned anything about standard organizations. Just get few key players together and bang out a common syntax and API that works. The common syntax doesn't have to be used directly by 'puncs' who are already used to their own local brew. Just use it as an exchange format.
Clearly he hasn't been following the atom goings on carefully enough. Once you start trying to do something 'simple' like agreeing on a common syntax, you start having disagreements. You can't get a 'simple' api by asserting a wistful desire to have one; it takes some actual work. I might as well express a desire for a pizza, and expect it to be delivered - without actually ordering it...
Jeffrey Zeldman talks about how IE may change in response to the eolas suit. Lots of people discounted this back in the 90's when it was filed; now some judgee has decided it's valid. This is why I don't discount the possibility of real damage from the SCO suit - there's simple no telling what any given judge will do in these cases....
0xDECAFBAD comes out with a suggestion on white hat worms:
I'm thinking that "white hat" virii and worms are one of the only things that will work, since I'm very pessimistic about the user culture changing to be more responsible. Though, what about a compromise? Install a service or some indicator on every network-connected machine, somewhat like robots.txt , which tells friendly robots where they're welcome and where they're not. Set this to maximum permissiveness for white hat worms as a default. The good guys infect, fix, and self-destruct unless this indicator tells them to stay out. Then, all of us who want to take maintenance into our own hands can turn away the friendly assistance of white hat worms. It's an honor system, but the white hats should be the honorable ones anyway. The ones which ignore the no-worms-allowed indicator are hostile by definition.
There's only one problem with this theory - we've already got some of this going on, and it's causing as many problems as the black hat worms. I was hit with a 'white hat worm' - the one that tried to fix damage from Blaster - 2 weeks ago. The problem is most people, if they got a well intentioned (but faulty) worm hosing their system, wouldn't know how to fix it. Then there's the whole interesting issue of black hat worms masquerading as good guys and coming in with an invitation. I don't think this idea has a lot going for it...
The NYC Smalltalk will hold its next meeting on Wednesday September 17th, 2003.
| Date | Sept 17th, 2003 |
| Location | Suite LLC offices |
| Address | 440 9th Avenue, 8th Floor |
| Time | 6:30pm to 7:00pm -- Open house 7:00to 8:30 pm |
Part 1 Reuse through Totally Objects Frameworks David Pennington Totally Objects - The Smalltalk Resource
Part II Round Trip Objects - an Emergency Claims system experience report Dan Antion American Nuclear Insurers West Hartford CT .
Directions:
Take E or C train to 34th (Penn Station) walk to corner of 34th and 8th. Walk up one block to 9th.
RSVP is requested. Please send mail to: charles@ocit.com with subject line of: NYC Smalltalk May 28th, 2003
Scoble tells us that MS wants us to patch Office installs. The problem is, MS clearly has other priorities. I can't install the patches without my Office install CD - which is buried somewhere in my office. There is no frelling reason they need that CD to install patches - so here I sit, unpatched and vulnerable - because some halfwit at MS has stupid ideas....
Blaster is not the last thing that will come through and play smackdown with Windows systems on the net. There are too many extant vulnerabilities, and too many systems that haven't been patched, and likely won't get patched. Here's a leading example of the problem:
Microsoft needs to take its own patching medicine. I have it on pretty good authority that even though Microsoft made the security patch that could have headed off Blaster available weeks before the worm hit, it didn't patch all of its own servers inside the company. I've heard 47 servers running Microsoft's Passport Internet-authentication software had to be taken down on August 12 (day two of Blaster) for "emergency maintenance."
You may recall that Microsoft failed to patch a number of its own servers against the SQL Server Slammer worm back in January, exacerbating the effects of the attack. Wasn't once enough?
Virtually no one stays up to date on patches. It's manually intensive work, and it's always something that you can put off until later. And tasks that can be put off will be put off. Sure, XP can be set up to auto-patch. But that's not a solution either - some patch updates don't work right - there are simply too many hardware combinations in the PC world for auto-patching to be a fully reliable thing in all cases.
What would be the safest course of action? Well, if I were setting up an IT infrastructure right now, I'd look long and hard at FreeBSD and Mac OS X....
Up until 2 years ago, I traveled extensively - in the 150,000 air mile per year range. I'd been doing that for years, and when you travel like that, you get used to it - hotels and chain restaurants start to become very familiar, and - to some extent - it's home that seems odd. I got off that though, and now I'm usually working out of my office, here at home. I travel infrequently now - maybe once every few months I have to go somewhere. Once you stop traveling all the timee, you notice just how disruptive it is. The waiting at the airports, the interruption of the daily routine. I find that I'm very accustomed to getting up, getting my coffee, and checking my newsfeeds and email. Travel disrupts that. I guess once you get off the travel windmill, it's very hard to get back on it.
Ben Hammersley reports that cyberwar is real:
Via the Taipai Times: China has launched a systematic information warfare campaign against Taiwan, spreading Trojan-horse programs into private companies' computers as a means to break into government databases, the Cabinet said yesterday.
Pretty soon we'll need to keep a scorecard to tell the teenage misfit hackers from the cyberwarriors....
This trip to Corporate has already been a success. First, I got one our marketing people set up with a blog - he wanted to try it out locally (just on his machine) for awhile. That got done this morning. This afternoon, I got my laptop's keyboard replaced. The following keys were double typing - e, t, o, i, a, s, u. Imagine trying to get anything done with a keyboard that did that. The guys in IS tell me that the keyboards on these dells - the Latitude 500's - have been a real problem. I hope this keyboard holds up better than the last one did...
Wired News reports on software issues associated with the recent blackout:
"We have no clue. Our computer is giving us fits, too," replied a FirstEnergy technician identified as Jerry Snickey. "We don't even know the status of some of the stuff (power fluctuations) around us."
A short time later, a technician at the Midwest Independent Transmission System Operators, the group that monitors the Midwest power grid, expressed frustration with FirstEnergy's failure to diagnose the problems erupting in their power system.
"I called you guys like 10 minutes ago, and I thought you were figuring out what was gong on there," the MISO technician, identified as Don Hunter, complained, according to the transcripts.
"Well, we're trying to," replied Snickey. "Our computer is not happy. It's not cooperating either."
Leaves me wondering - was First Energy one of the outfits that jumped headfirst iinto J2EE land back in the late 90's, re-writing all their systems? Were they one of the places where lots of consultants with no domain knowledge at all did large parts of the system? It would be interesting to find out....
InfoWorld has a column flogging security products in order to protect your company from vpn carried worms and virii picked up at home. I'm all in favor of having people take more precautions; I just got an object lesson on that, for instance. What I expect a lot of clue free IT managers to push for - no remote connections....
CNET News.com warns that recent versions of Office (MS) have a few vulnerabilities - including a buffer overflow issue in VBA. This affects every version from Office 97 up. Want to take bets on those all gettiing the appropriate patches? I'm still gettting inundated with Sobig.F emails - proof that, even after a virus storm, plenty of systems stay unpatched.
Remind me again why IT groups don't look at OS X?
Taegan Goddard's Political Wire has an interesting quote from Dave Winer -
Dave Winer says it's "not surprising to me" that weblogs "have become such an important part of the early 2004 presidential campaign. I expect this campaign will take place more on the Web than it does on TV networks."
I don't think so. While blogs and RSS are reaching the mainstream, I bet you would still get a huh from most people if you asked them about a blog. One key to knowing when this has changed - when you see blogs finding their way into TV character conversations. I knew Google had reached a wider audience as soon as the phrase "I'll google him" started showing up on TV....
Since I was sick last night, I didn't even try to make my early morning flight to Cincinnati. When I finally did get up, I felt a lot better, and decided to make the trip - off to the airport. Things started well - they gave me a standby ticket for no charge, and it looked like I'd get they by late afternoon. But Whoa there - not so fast! The flight was delayed. And delayed. And delayed. They started announcing that connections would be blown. The follow on flight got cancelled - so my standby started looking dicier. Off they sentt me and 3 others, by cab, to DCA. So I get here, check in, and find out that the flight I'm standing by for is oversold. Whee. There's another one - 15 minutes later - that I can probably make if I run from the one gate to the next, if I don't get on. This just gets better and better.....
There's been quite a lot of posting on continuations recently - especially by Avi. This morning, I see that Chris Double is talking about how to preserve continuations via seriialization.
CNet News has a story on SCO's latest move - an attempt to get Linux users to cough up license fees by sending out invoices. Linux analysts are recommending a go slow approach:
Stacey Quandt, an independent Linux analyst, said companies should wait to see how the current SCO lawsuits end before acting.
"I can't see why a company would pay this, since it is all based on allegations and hasn't been proven in court," she said.
The companies to which SCO sends invoices are likely high on its list of candidates for lawsuits, according to Quandt.
"SCO continues to use tactics of brinkmanship, and it is certainly possible that the companies that get invoices could become future defendants," she said.
The circus begins....
I had just about the worst 24 hour bug yesterday that I can ever recall havinig. I went to bed at 7, and gott up at 9. I felt awful last night - fever, upset stomach - the whole 9 yards. But whatever it was, it passed. Weird.
Ted Leung found something interesting - the MS PDC is going to provide live blogs for the show. I agree with Ted; this is soon going to be an expected thing
Email dead? For publishers of newsletters, it's getting to be. People don't want to sign up for fear of more spam - and many of the ones who have signed up are filtering them out - with overly aggressive spam filters. Listen to Chris Pirillo:
"E-mail is dead, period," declares Chris Pirillo, the Internet entrepreneur who distributes about 400,000 e-mail newsletters weekly. "I don't care what kind of legislation goes through, people aren't signing up for newsletters anymore. People are assuming that every e-mail publisher is a spammer."
Pirillo's Lockergnome has begun actively directing subscribers away from e-mail subscriptions, touting RSS (Rich Site Summary or Really Simple Syndication) instead as a foolproof way to avoid the spam bottleneck.
I've seen this personally - my sister is doing side work as a website developer now, and one of her recent jobs involved generating an email to site subscribers. It took her awhile to figure out that mails going to AOL subscribers were being blocked - even though they had opted in - due to the hrefs in part of the message. It's now at the point where you simply cannot guarantee that any email will reach its destination. Marketing simply has to find an alternate route in
I posted earlier on exception handling in BottomFeeder. Later on, Rich chimed in with the uses and abuses of exception handling. Certainly you can go overboard, and many people starting with Smalltalk do - it's veryeasy to just grab all exceptions and swallow them - and then have no frelling idea why things aren't working right.
In fact, that was a problem I had early on in BottomFeeder - the code that grabbed the feeds was swallowing exceptions so far down in the network code layer, that all errors came back to the UI as basically "no response". That was no good - it made it impossible to separate recoverable errors (like, say, a redirect that could be followed to the new location) from the non-recoverable ones (a 404, document not found).
What I ended up doing over time was moving the right handlers to the right place - things like a redirect are now silently - and properly - handled, while an inability to read a site that we can normally read is simply ignored. One of the lessons I learned early on in Bf was that there are scads of network errors for which the appropriate client response is to mostly treat it as no update at this time - on the assumption that it would likely work fine next time. For instance, say you left the application running overnight, and storms knocked out your network service (but not your power). Every http query will result in an error until the network comes back up - but these are all transient
Avi's post on exceptions came right up in my face this morning with an error report on BottomFeeder. When the app is reading a feed, there's a wide variety of potential exceptions - many of them should just be ignored, and handled as nothing new now - for instance, getting a 500 or a 404 on a feed is typically a transient issue. On the other hand, there are also xml parsing errors - many of these I silently pass over and just handle - but I found one this morning that needed better handling
Say you try to add an RSS feed - and the site owners are getting hit with too many hits from your tool (either yours specifically, or someone else using Bf). The query for the feed answers back an html error document instead of an RSS doc - and the parsing fails. Well, the error handling for that case was all the way up in the UI, well after the query, and after the point where anything useful could be done. By moving the handling down a level, I was able to preserve the information so that a more useful error could be reported.
The way Smalltalk exceptions work is just too cool
The Register points out that last month was just about the worst month ever for Viruses and worms. I was one of the many that got hit. I went to a roundtable discussion lastt week, and the hotel it took place at has wireless. So I connected up and started taking notes. About 5 minutes in my machine crashed - no blue screen, just a shutdown. I thought it was odd, and one of the participants said I might have a worm - I went and loaded patches and stopped thinking about it. Well, that was shutting the barn door after the fact...
I had been noticing really bad network connectivity, and my ISP was assuring me that the signal strength was ok the last couple of days. So I took a close look - and there was the worm that 'fiixes' blaster. What it was doing was sucking down my bandwidth. Removing it fixed the problem immediately. The simple moral of the story - I now have firewall software for Windows, mostly for the times I go mobile. Should have known better, but there's complacency for you....
Georg Heeg gave a talk on VW and .NET at ESUG last week. Here's a link to the description, and here's a link to his slides. That latter link is a PowerPoint presentation, and is 10MB.
I last posted about the Yankees and Red Sox here. Well, thiis weekend the Yankees ttook 2 out of three - and, true to form, there were some crucial Red Sox errors in the 5tth inning. This is how it goes in August and September - first, the Sox get close, then they choke. The Globe sports section should be fun to read tomorrow :)
Avi Bryant gives a really cool example of what kinds of things are possible with the way Smalltalk handles exceptions. Read that, and ask yourself if you can do that in the toolset you use....
Avi Bryant has started a blog - the RSS feed is here. Avi is the driving force behind Seaside, so expect to see a lot about the benefits of continuation based web applications.
Charles Miller is not amused by CSS incompatibilities:
CSS is great so long as you stick to a small number of heavily tested recipes. Stick with those and you're fine. Try to do something stupid like, say, build your own layout from first principles, and even if you spend the requisite day testing in multiple browsers and tweaking around the minor bugs, you'll still probably end up completely screwed because you've ended up relying on some property that one of the major browsers just doesn't support. Bastards.
The thing that was supposed to save us from tables is succombing to the forces of entropy....
Richard Demers - who has contributed the BottomFeeder documentation and many user interface improvements, now has a blog. His RSS Feed is here.
Point your browser here for pictures from ESUG 2003, and over here for notes and slides. Looks like it was a good conference!
Brian Marick has some thoughts on reading code - his main point is that even with well written code using intention revealing names, there's still an assumed expected reader. So his point seems to be to bear in mind that the end reader may not be the expected reader - and that you consider that when writing code. That's probably a good idea, but I have a follow on thought - if you have to look at code and you don't get what it's doing, that likely means that you don't know the language it's written in very well (or if you do, you don't understand the business domain very well). Too many outfits have the idea that coders are interchangable parts, and that one is just as good as another. This leads to problems, because the team leading the charge to replace the (poorly documented) legacy system with a shiny new one in some fashionable language/system probably lacks
Which explains a lot of failures, IMHO. What management needs to understand is that developers are no more interchangable (and no less, for that matter) than marketing teams. Just as a marketing team that knows the business has far more value than one that doesn't, a development team with domain knowledge has far more value. Consider that next time you see a project outsourced to a bunch of remote people with no domain knowledge, or the next time you see one of the hordes of consultants from one of the big consulting shops. It will likely work every bit as well as the equivalent change done in marketing or sales would.
Slashdot notes that AOL is blocking Live Journal links - so a live journal blogger who tries to link to an AOL blog gets a 404. That's just fascinating. Is this image vampire blocking gone wrong, or something stupider?
I posted earlier on an interesting - and nansty bug I had introduced into BottomFeeder. As it turns out, the problem I created can manifest itself in other ways. Here's what I did, each time I checked modules (and I have 151 feeds here):
subclasses := self allSubclasses.
That looks inocuous enough. Trouble was, I did it in a class method. Recall that classes are instances of their Metaclass, and descend from Class (up to Behavior). Look at the instance variables for Behavior:
Smalltalk.Core defineClass: #Behavior
superclass: #{Core.Object}
indexedType: #none
private: false
instanceVariableNames: 'superclass methodDict format subclasses '
classInstanceVariableNames: ''
imports: ''
category: 'Kernel-Classes'
One of them is 'subclasses'. So look again at what I did - each time through that loop, I made subclasses into a bigger collection, all filled with duplicates! When I looked at it in my development image, I had over 10,000 subclasses of the class in question! No wonder I was chewing memory, and no wonder iterating over the subclasses (that's what the code in question did) was taking a long time, and getting slower each time through!
Fixing it was a simple matter of changing the code to use a temp variable - problem solved. There's a larger lesson here though - look at Behaviior abd the subclasses down to Class. You don't want to use a variable that matches the name of any of those instance variables on the class side - referencing them in tools is ok, but assigning new values to them is a very bad idea. The only real hint you'll get is that you won't be prompted to declare a temp variable - but that's very, very easy to miss.
I'm looking at adding a code critic rule to flag these issues - if I get that working, I'll post an update. In the meantime, watch out for this sort of thing if you start seeing oddball behavior in an image.
Martin Kobetic kelped me out with another interesting bug - and the fix does three things:
When I added module support, one of the methods that looks for an appropriate handler for a module had a nasty little bug - it did this:
subclasses := self subclasses
Well, that was in a class method, and it turns out that 'subclasses' is an inherited class instance variable. Dohh! On each run through, the subclasses of class Module got more and more massive - and searching through them got slower, and there were multiple matches of appropriate handlers - all manner of badness. That's fixed now, and the application is much more well behaved now.
Danny Ayers doesn't think much of the barefoot post (on developing w/o static types) which I linked to yesterday. He says:
Let's say I come across a method like this :
def do_upload(pagename, request): ...Here I can guess from the context that it's a http request, so let's say I want to get the date header and print it in W3CDTF format. If it was typed, then I'd simply look in the documentation for that type (class). But how do I find out what methods 'request' supports?
hmm. We don't have that problem in Smalltalk. We have tools that can find implementors and senders of methods for us instantly - so it's an utter non-issue. The type information adds nothing of value in that regard. I'd suggest downloading a Smalltalk implementation and taking a look - you'll see why it's not a problem.
Chris Double points to some continuation based web servers - and misses Seaside - there are implementations for Squueak and for VisualWorks
Update - spoke to soon - Chris updated the page....
CNET News.com surmises that Sobig may be a funded effort - on the part of spammers. Think about it - Sobig sets up an anonymous SMTP server on multiple clients, and has the ability to call back to some kind of central server (for content). What we could be seeing is either:
As CNet puts it:
Security researchers believe that the creator of the Sobig mass-mailing computer virus won't stop with Sobig.F--the money may be too good. The Sobig viruses, the first of which started spreading in January, are designed to load special software that can make spam anonymous on people's PCs. The tens of thousands of computers infected by the virus can then be used by bulk e-mailers to send unsolicited messages that can't be tracked.
"It is very well planned, very well designed and very well executed," said Mikko Hypponen, director of antivirus research for security company F-Secure. Hypponen believes that the virus' author likely sells the list of compromised PCs to spammers. "For once we have a virus with a very good motive: money."
If this is the case, get ready for more of the same. One more reason to transition your mailing lists to RSS feeds with comment capability....
The Washington Post reports that the FBI has found the loser who unleashed one of the MSBlaster variants - some 18 year old kid in the Seattle area, apparently. The worst part is, he's traded the transient high of pulling this prank for the long term pain of the big house - I seriously doubt that the authorities will cut him any slack. I wonder if he'll reappear years from now - like Mitnick did - older and wiser...
Wired News points to some research on trains and fuel cells. The idea would be to get subways onto fuel cells - and off the grid. There's a basic problem with this, to my mind - cost/benefits. How often do the subways lose power? Not terribly often. What would be the cost of putting in a fuel cell based infrastructure? Pretty high, I'd guess. The question is, how would you prioritize that over other needs and problems - when the problem fixed by fuel cells is rare?
This is one of the sorts of problems that - to my mind - IT shops understand very badly. Over the last 7 years or so, there have been tons and tons of projects launched to replace the entire infrstructure of a business - from whatever it was to J2EE (and possibly .NET now). It's as if no one ever looked at the opportunity cost of that - how many other things could have been done - and probably a lot more quickly and cheaply - by simply adapting what they had instead? How many expensive consultants would never have been hired (only to be fired later when things went badly)?
Web Services has the potential to make such mistakes obsolete - instead of rewriting (with a high risk of failure) - simply add web services api's to what you have. It's a virtual certainty that such API's can be added to your existting applications, and the liklihood of success is far, far higher than in a full rewrite scenario. To my mind, the shops that pay attention to opportunity costs are helping their businesses. The ones that don't are creating a business drag
Dave Buck explains the problems inherent in trying to express blocks in a statically typed language.
|
| Subscribe to WebVelocity |
| Visit this group |