Smalltalk Tidbits, Industry Rants

The 3.1 release of BottomFeeder is approaching - the things we wanted to get done are done, and a number of bugs and limitations have been addressed. The latest change was to the xml recovery file. Clearly, I took the wrong approach the first time - I have 158 feeds, and the recovery file was 35mb - and took a very long time to save. So in the latest dev build, that recovery file saves only the structure - the feed information, the folder structure - but not the items. That makes the file dramatically smaller, and makes save time reasonable.

The Baltimore Sun has a story on the rising tide of passwords and access codes that we all have to deal with - the primary subject of the story has 279 of them - and thus has to cheat by storing them in an encrypted file on a handheld.

That's one solution. The more common one, I'd guess, is to have only a handful of passwords that you use for everything. Both solutions have their drawbacks - if either is compromised, you pretty much get hosed off fully. There's not really a solution for this using passwords; we need biometric solutions so that we eliminate the memory problem altogether.

Charles Miller points out that the human side of security is often the weakest link - your firewalls and intrusion detection systems are worthless if you let someone cart your systems off. The story talks about terror links, and Charles speculates about drug dealers - but that doesn't seem right to me. Industrial espionage, on the other hand, sounds to me like a possibility. Why try to hack a system to get a look if you can just walk off with it?

We have another new blogger on the site - Sam Shuster, who will be focusing on Pollock development. Pollock is the next generation UI framework for VW - it's been under development for awhile, and a pre-release of it will be shipping in November with VW 7.2 (for other news on the November release, look here). In the meantime, look to Sam's Blog for all things Pollock - as lead developer, he'll have the answers.

I made a few updates to BottomFeeder over the last few days that should make things nicer:

• Fixed the error notifier you get at startup if the feed file couldn't be read.
• On save, your feeds and feedlists will be backed up in an xml formatted file. If the faster loading binary file cannot be read at startup, the backup xml file will be used, if it's present
• Fixed a bug in the OPML import/export code. The link and url were reversed in the writer

These modifications should make it more pleasant to work with the development upgrades, for those of you tracking them.

If you want the full LoTR experience, looks like New Line will take your money. December 16th, at some theaters, they'll be doing a marathon - extended edition of the first 2 movies, followed by the premier screening of "Return of the King". Start training your bladder now; check here for details.

Mark Watson goes off on a rant about proprietary file formats. I was right there with him, until he got to this:

I would like to see legislation passed in the U.S. that would prohibit the government from using any business related software that did not support an export to archive XML option. I would like to see mandated practices in government to call for saving to this easily readable format.

What schema in XML? What tags? XML can be every bit as proprietary as any other format. Even if the document is all human readable, there's no guarantee that the tags will have any semantic meaning to anyone in particular. Is he advocating a specific xml format? If so, which one? Is there a widely used xml schema for word processing type documents? This kind of suggestion sounds great on the surface, but it's just not that simple....

Scoble on OpenOffice:

Hmm. It's not how good your word processor is. It's how well it integrates into everything else. But, can we move beyond documents yet? I use my weblog tool about 200x more often than I use Word (and I use Outlook 10x more than I use my weblog tool).

There are so many things wrong in those few words. First, most people don't care how well their word processor integrates with everything else - as long as it gets some of the core functionality right. Word sucks, and has sucked since at least 2.0. Just try to put a bullet point where you want it, for instance. Fix the damn product, then (maybe) I'll give a damn about the supposedly cool integration features. Secondly, those same integration features are at the heart of the security issues with Office - you know, the ones I can't actually fix. Go page your hero Ballmer and tell him to pay less attention to the morons at the BSA and more attention to those of us that pay actual money for your products. Third, blogging? Are you serious? Go around to end users - corporate and consumers - and ask about blogging. When 98% + say huh??? to your questions about blogging, maybe you'll realize that it's still mostly a niche activity. Fourth, don't even get me started on Outlook. That virus attracting plague of the modern world is a bane on the industry. The sooner IT shops ban the damn thing, the better.

Or as Dennis Miller likes to say - but that's just me - I could be wrong.....

Michael Lucas-Smith found Niall Ross' ESUG report. Niall takes very comprhensive notes; recommended.

Joe Bacanskas has a great announcement for Gemstone users - you can use Store to manage your GS sources now!

After a fairly long hiatus, I would like to announce the release of a relatively stable, relatively functional version of Gemkit for StORE. Included in the archive are an introductory PDF, a gs-filein and a parcel/pst pair. This release implements moving code back and forth from GemStone to VW. Also included is a basic, but correctly functioning comparison mechanism. This mechanism will compare GS code between GemStone and VW/StORE. Please find the download at:

http://wiki.cs.uiuc.edu/DOWNLOAD/GemStone/gemkit.tar.gz

All feedback, fixes, enhancements, etc. greatly appreciated. Please note, this was built and tested on Linux/x86 (and Mac OSX). I haven't tested on mixed Windows/*NIX environments because I don't own a Windows machine. If there are any problems with the mixed scenario, they will be with the GemStone class definitions being seen as changed due to line-end conventions. I don't think that will be a problem, but I haven't tested it, so be careful. ;-)

Great news!

A few years ago, I said that within 5 years there would be some new faddish language/system that would start to turn developers heads. Sure enough, here's a story out of Yahoo on that subject. As .NET gathers buzz, I expect to hear a lot of wailing and gnashing of teeth....

Don Park gets overly optimistic about a 'standard' api for wikis:

Also, I haven't mentioned anything about standard organizations.  Just get few key players together and bang out a common syntax and API that works.  The common syntax doesn't have to be used directly by 'puncs' who are already used to their own local brew.  Just use it as an exchange format.

Clearly he hasn't been following the atom goings on carefully enough. Once you start trying to do something 'simple' like agreeing on a common syntax, you start having disagreements. You can't get a 'simple' api by asserting a wistful desire to have one; it takes some actual work. I might as well express a desire for a pizza, and expect it to be delivered - without actually ordering it...

Jeffrey Zeldman talks about how IE may change in response to the eolas suit. Lots of people discounted this back in the 90's when it was filed; now some judgee has decided it's valid. This is why I don't discount the possibility of real damage from the SCO suit - there's simple no telling what any given judge will do in these cases....

0xDECAFBAD comes out with a suggestion on white hat worms:

I'm thinking that "white hat" virii and worms are one of the only things that will work, since I'm very pessimistic about the user culture changing to be more responsible. Though, what about a compromise? Install a service or some indicator on every network-connected machine, somewhat like robots.txt , which tells friendly robots where they're welcome and where they're not. Set this to maximum permissiveness for white hat worms as a default. The good guys infect, fix, and self-destruct unless this indicator tells them to stay out. Then, all of us who want to take maintenance into our own hands can turn away the friendly assistance of white hat worms. It's an honor system, but the white hats should be the honorable ones anyway. The ones which ignore the no-worms-allowed indicator are hostile by definition.

There's only one problem with this theory - we've already got some of this going on, and it's causing as many problems as the black hat worms. I was hit with a 'white hat worm' - the one that tried to fix damage from Blaster - 2 weeks ago. The problem is most people, if they got a well intentioned (but faulty) worm hosing their system, wouldn't know how to fix it. Then there's the whole interesting issue of black hat worms masquerading as good guys and coming in with an invitation. I don't think this idea has a lot going for it...

The NYC Smalltalk will hold its next meeting on Wednesday September 17th, 2003.

Date	Sept 17th, 2003
Location	Suite LLC offices
Address	440 9th Avenue, 8th Floor
Time	6:30pm to 7:00pm -- Open house 7:00to 8:30 pm

Part 1 Reuse through Totally Objects Frameworks David Pennington Totally Objects - The Smalltalk Resource

Part II Round Trip Objects - an Emergency Claims system experience report Dan Antion American Nuclear Insurers West Hartford CT .

Directions:

Take E or C train to 34th (Penn Station) walk to corner of 34th and 8th. Walk up one block to 9th.

RSVP is requested. Please send mail to: charles@ocit.com with subject line of: NYC Smalltalk May 28th, 2003

Scoble tells us that MS wants us to patch Office installs. The problem is, MS clearly has other priorities. I can't install the patches without my Office install CD - which is buried somewhere in my office. There is no frelling reason they need that CD to install patches - so here I sit, unpatched and vulnerable - because some halfwit at MS has stupid ideas....

Blaster is not the last thing that will come through and play smackdown with Windows systems on the net. There are too many extant vulnerabilities, and too many systems that haven't been patched, and likely won't get patched. Here's a leading example of the problem:

Microsoft needs to take its own patching medicine. I have it on pretty good authority that even though Microsoft made the security patch that could have headed off Blaster available weeks before the worm hit, it didn't patch all of its own servers inside the company. I've heard 47 servers running Microsoft's Passport Internet-authentication software had to be taken down on August 12 (day two of Blaster) for "emergency maintenance."

You may recall that Microsoft failed to patch a number of its own servers against the SQL Server Slammer worm back in January, exacerbating the effects of the attack. Wasn't once enough?

Virtually no one stays up to date on patches. It's manually intensive work, and it's always something that you can put off until later. And tasks that can be put off will be put off. Sure, XP can be set up to auto-patch. But that's not a solution either - some patch updates don't work right - there are simply too many hardware combinations in the PC world for auto-patching to be a fully reliable thing in all cases.

What would be the safest course of action? Well, if I were setting up an IT infrastructure right now, I'd look long and hard at FreeBSD and Mac OS X....

Up until 2 years ago, I traveled extensively - in the 150,000 air mile per year range. I'd been doing that for years, and when you travel like that, you get used to it - hotels and chain restaurants start to become very familiar, and - to some extent - it's home that seems odd. I got off that though, and now I'm usually working out of my office, here at home. I travel infrequently now - maybe once every few months I have to go somewhere. Once you stop traveling all the timee, you notice just how disruptive it is. The waiting at the airports, the interruption of the daily routine. I find that I'm very accustomed to getting up, getting my coffee, and checking my newsfeeds and email. Travel disrupts that. I guess once you get off the travel windmill, it's very hard to get back on it.

Ben Hammersley reports that cyberwar is real:

Via the Taipai Times: China has launched a systematic information warfare campaign against Taiwan, spreading Trojan-horse programs into private companies' computers as a means to break into government databases, the Cabinet said yesterday.

Pretty soon we'll need to keep a scorecard to tell the teenage misfit hackers from the cyberwarriors....

This trip to Corporate has already been a success. First, I got one our marketing people set up with a blog - he wanted to try it out locally (just on his machine) for awhile. That got done this morning. This afternoon, I got my laptop's keyboard replaced. The following keys were double typing - e, t, o, i, a, s, u. Imagine trying to get anything done with a keyboard that did that. The guys in IS tell me that the keyboards on these dells - the Latitude 500's - have been a real problem. I hope this keyboard holds up better than the last one did...

Wired News reports on software issues associated with the recent blackout:

"We have no clue. Our computer is giving us fits, too," replied a FirstEnergy technician identified as Jerry Snickey. "We don't even know the status of some of the stuff (power fluctuations) around us."

A short time later, a technician at the Midwest Independent Transmission System Operators, the group that monitors the Midwest power grid, expressed frustration with FirstEnergy's failure to diagnose the problems erupting in their power system.

"I called you guys like 10 minutes ago, and I thought you were figuring out what was gong on there," the MISO technician, identified as Don Hunter, complained, according to the transcripts.

"Well, we're trying to," replied Snickey. "Our computer is not happy. It's not cooperating either."

Leaves me wondering - was First Energy one of the outfits that jumped headfirst iinto J2EE land back in the late 90's, re-writing all their systems? Were they one of the places where lots of consultants with no domain knowledge at all did large parts of the system? It would be interesting to find out....

Off to the gate again, to see if I finally get to Cincinnati....

InfoWorld has a column flogging security products in order to protect your company from vpn carried worms and virii picked up at home. I'm all in favor of having people take more precautions; I just got an object lesson on that, for instance. What I expect a lot of clue free IT managers to push for - no remote connections....

CNET News.com warns that recent versions of Office (MS) have a few vulnerabilities - including a buffer overflow issue in VBA. This affects every version from Office 97 up. Want to take bets on those all gettiing the appropriate patches? I'm still gettting inundated with Sobig.F emails - proof that, even after a virus storm, plenty of systems stay unpatched.

Remind me again why IT groups don't look at OS X?

Taegan Goddard's Political Wire has an interesting quote from Dave Winer -

Dave Winer says it's "not surprising to me" that weblogs "have become such an important part of the early 2004 presidential campaign. I expect this campaign will take place more on the Web than it does on TV networks."

I don't think so. While blogs and RSS are reaching the mainstream, I bet you would still get a huh from most people if you asked them about a blog. One key to knowing when this has changed - when you see blogs finding their way into TV character conversations. I knew Google had reached a wider audience as soon as the phrase "I'll google him" started showing up on TV....

Since I was sick last night, I didn't even try to make my early morning flight to Cincinnati. When I finally did get up, I felt a lot better, and decided to make the trip - off to the airport. Things started well - they gave me a standby ticket for no charge, and it looked like I'd get they by late afternoon. But Whoa there - not so fast! The flight was delayed. And delayed. And delayed. They started announcing that connections would be blown. The follow on flight got cancelled - so my standby started looking dicier. Off they sentt me and 3 others, by cab, to DCA. So I get here, check in, and find out that the flight I'm standing by for is oversold. Whee. There's another one - 15 minutes later - that I can probably make if I run from the one gate to the next, if I don't get on. This just gets better and better.....

There's been quite a lot of posting on continuations recently - especially by Avi. This morning, I see that Chris Double is talking about how to preserve continuations via seriialization.

CNet News has a story on SCO's latest move - an attempt to get Linux users to cough up license fees by sending out invoices. Linux analysts are recommending a go slow approach:

Stacey Quandt, an independent Linux analyst, said companies should wait to see how the current SCO lawsuits end before acting.

"I can't see why a company would pay this, since it is all based on allegations and hasn't been proven in court," she said.

The companies to which SCO sends invoices are likely high on its list of candidates for lawsuits, according to Quandt.

"SCO continues to use tactics of brinkmanship, and it is certainly possible that the companies that get invoices could become future defendants," she said.

The circus begins....

I had just about the worst 24 hour bug yesterday that I can ever recall havinig. I went to bed at 7, and gott up at 9. I felt awful last night - fever, upset stomach - the whole 9 yards. But whatever it was, it passed. Weird.

Ted Leung found something interesting - the MS PDC is going to provide live blogs for the show. I agree with Ted; this is soon going to be an expected thing

Email dead? For publishers of newsletters, it's getting to be. People don't want to sign up for fear of more spam - and many of the ones who have signed up are filtering them out - with overly aggressive spam filters. Listen to Chris Pirillo:

"E-mail is dead, period," declares Chris Pirillo, the Internet entrepreneur who distributes about 400,000 e-mail newsletters weekly. "I don't care what kind of legislation goes through, people aren't signing up for newsletters anymore. People are assuming that every e-mail publisher is a spammer."

Pirillo's Lockergnome has begun actively directing subscribers away from e-mail subscriptions, touting RSS (Rich Site Summary or Really Simple Syndication) instead as a foolproof way to avoid the spam bottleneck.

I've seen this personally - my sister is doing side work as a website developer now, and one of her recent jobs involved generating an email to site subscribers. It took her awhile to figure out that mails going to AOL subscribers were being blocked - even though they had opted in - due to the hrefs in part of the message. It's now at the point where you simply cannot guarantee that any email will reach its destination. Marketing simply has to find an alternate route in

I posted earlier on exception handling in BottomFeeder. Later on, Rich chimed in with the uses and abuses of exception handling. Certainly you can go overboard, and many people starting with Smalltalk do - it's veryeasy to just grab all exceptions and swallow them - and then have no frelling idea why things aren't working right.

In fact, that was a problem I had early on in BottomFeeder - the code that grabbed the feeds was swallowing exceptions so far down in the network code layer, that all errors came back to the UI as basically "no response". That was no good - it made it impossible to separate recoverable errors (like, say, a redirect that could be followed to the new location) from the non-recoverable ones (a 404, document not found).

What I ended up doing over time was moving the right handlers to the right place - things like a redirect are now silently - and properly - handled, while an inability to read a site that we can normally read is simply ignored. One of the lessons I learned early on in Bf was that there are scads of network errors for which the appropriate client response is to mostly treat it as no update at this time - on the assumption that it would likely work fine next time. For instance, say you left the application running overnight, and storms knocked out your network service (but not your power). Every http query will result in an error until the network comes back up - but these are all transient

Avi's post on exceptions came right up in my face this morning with an error report on BottomFeeder. When the app is reading a feed, there's a wide variety of potential exceptions - many of them should just be ignored, and handled as nothing new now - for instance, getting a 500 or a 404 on a feed is typically a transient issue. On the other hand, there are also xml parsing errors - many of these I silently pass over and just handle - but I found one this morning that needed better handling

Say you try to add an RSS feed - and the site owners are getting hit with too many hits from your tool (either yours specifically, or someone else using Bf). The query for the feed answers back an html error document instead of an RSS doc - and the parsing fails. Well, the error handling for that case was all the way up in the UI, well after the query, and after the point where anything useful could be done. By moving the handling down a level, I was able to preserve the information so that a more useful error could be reported.

The way Smalltalk exceptions work is just too cool

The Register points out that last month was just about the worst month ever for Viruses and worms. I was one of the many that got hit. I went to a roundtable discussion lastt week, and the hotel it took place at has wireless. So I connected up and started taking notes. About 5 minutes in my machine crashed - no blue screen, just a shutdown. I thought it was odd, and one of the participants said I might have a worm - I went and loaded patches and stopped thinking about it. Well, that was shutting the barn door after the fact...

I had been noticing really bad network connectivity, and my ISP was assuring me that the signal strength was ok the last couple of days. So I took a close look - and there was the worm that 'fiixes' blaster. What it was doing was sucking down my bandwidth. Removing it fixed the problem immediately. The simple moral of the story - I now have firewall software for Windows, mostly for the times I go mobile. Should have known better, but there's complacency for you....

Georg Heeg gave a talk on VW and .NET at ESUG last week. Here's a link to the description, and here's a link to his slides. That latter link is a PowerPoint presentation, and is 10MB.

I last posted about the Yankees and Red Sox here. Well, thiis weekend the Yankees ttook 2 out of three - and, true to form, there were some crucial Red Sox errors in the 5tth inning. This is how it goes in August and September - first, the Sox get close, then they choke. The Globe sports section should be fun to read tomorrow :)

Avi Bryant gives a really cool example of what kinds of things are possible with the way Smalltalk handles exceptions. Read that, and ask yourself if you can do that in the toolset you use....

Avi Bryant has started a blog - the RSS feed is here. Avi is the driving force behind Seaside, so expect to see a lot about the benefits of continuation based web applications.

Charles Miller is not amused by CSS incompatibilities:

CSS is great so long as you stick to a small number of heavily tested recipes. Stick with those and you're fine. Try to do something stupid like, say, build your own layout from first principles, and even if you spend the requisite day testing in multiple browsers and tweaking around the minor bugs, you'll still probably end up completely screwed because you've ended up relying on some property that one of the major browsers just doesn't support. Bastards.

The thing that was supposed to save us from tables is succombing to the forces of entropy....

Richard Demers - who has contributed the BottomFeeder documentation and many user interface improvements, now has a blog. His RSS Feed is here.